Citrix Metaframe Access Suite for Windows Server 2003 [2 ed.] 9780071604598

Citation preview

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Ba ck Co ver Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Design and deploy an ent pr iseel serGuid ver- e based computing (SBC) envir onment on Window s Ser ver 2003 2 00 3 :erTh e Olev ff icial using Citr ix MetaFrame Access Suit e. Author ized by Citr ix Sy stem s, I nc., this invaluable guide show s y ou h ow ISBN:0072195665 by Steve Kaplan et al. to maxim ize t he suite com ponents to enable and m anage secur e access to applications and data across the McGr aw -Hill © 2003 (724 LANs, pages) and w ir eless netw ork s. Get details on int egr ation w it h legacy I nter net, int ranets, ex tr anet s, and WANs, system s, m igration, This r esour ce centr alization, secur it y,a and mor reliable, e. Str eamand line pr ocesses, r educe costs, and guide ex plains how to build r obust, increase pr oductivit yscalable by apply ing client th e strategies in envir this one-ofkinddeploy r esource. thincom puting onmenta-and Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also Lear n to: learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l Calculate version= "ROI 1.0" and encoding= TCO, and " I SOunder 8859stand 1" ?>the savings associated w ith SBC Ta ble o f Con t en t s Plan and design an on- dem and enter pr ise Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide Configur e a scalable dat a center architect ure For ewor d I ntr oduction Constr uct a r obust, secur e networ k infr astr uctur e Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I nstall and configur e Met aFr ame XP Pr esent ation Ser v er I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 ise Size and Enterpr build a stable Ter minal Ser vices Farm Chapter 2 - Window s Ter minal Ser vices I nstall and optim ize applicat ions in the SBC envir onment Chapter 3 - Citr ix MetaFr am e Access Suite client using am e ion Secur e Gat ew ay and MetaFr am e Secur e Access Manager Pa r t I Secure I - De signi ng access a n Ent e rpr i seMetaFr SBC Solut Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Maxim Chapter 4 ize - t he built -in tools- - Resou rce Manager, I nstallat ion Manager , Netw or k Manager , Passw or d ent ation Manager ,I mplem and Confer encing Manager Chapter 5 - Ser ver - Based Computing Data Center Architect ure Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Citrix MetaFrame Access Suite for Windows Server 2 00 3 : Th e O ff icial Guid e ISBN:0072195665 by Steve Kaplan et al. 2003—The Official Guide McGr aw -Hill © 2003 (724 pages)

TIM REESER

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy

STEVE KAPLANWindows 2000/ Windows 2003 Ser v er and MetaFr am e. Also ALAN WOOD learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

McGraw-Hill/Osborne < ?xm l version= " 1.0" encoding= " I SO- 8859?> New York Chicago San Francisco Lisbon1"London Madrid Mexico City MilanNew Delhi San Juan Seoul Ta ble o f Con t en t s Singapore SydneyToronto Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For McGraw-Hill/Osborne ewor d

2100 Powell Street, 10th Floor I ntr oduction Emeryville, Pa r t I - Ov er viCalifornia e w of Ente94608 r pr ise Se r ve r - Ba se d Com put in g U.S.A.

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

To arrange purchase discounts for sales promotions, premiums, or fund-raisers, please contact Chapter 2 - bulk Window s Ter minal Ser vices McGraw-Hill/Osborne at am thee above For information on translations or book distributors Chapter 3 - Citr ix MetaFr Access address. Suite

outside the U.S.A., please see the International Contact Information page immediately following the index of this book. Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 4

-

I mplem ent ation

Copyright ©- 2003 by The McGraw-Hill Companies. Ser ver - Based Computing Data Center Architect ure

Chapter 5 Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7 reserved. - The Client Envirinonment All rights Printed the United States of America. Except as permitted under the Copyright Chapter 8 - no Security Act of 1976, part of this publication may be reproduced or distributed in any form or by any means,

or stored database or retrieval Chapter 9 in- aNet w or k Managemen t system, without the prior written permission of publisher, with the Pa r t I I I - I mthat ple m entprogram ing a n O n-D e m a nd Se be r ve entered, r - Ba se d Com pu ti ng r onm e nt exception the listings may stored, andEnvi executed in

a computer system, but

they may beoj ect reproduced publication. Chapter 10 not - Pr Managingfor and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

1234567890 FGR FGR 019876543 ISBN 0-07-219566-5

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Publisher Chapter 15A.- Nordin Pr ofiles, Policies, and Pr ocedu res Brandon Chapter 16 - Securing Client Access

Vice President & Associate Publisher Chapter 17 - Net wor k Configur at ion Scott Rogers Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Acquisitions Editor

Chapter - Migr ation to Window s 2003 and Citr ix MetaFrame XP Francis20 Kelly Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir onment Project Editors Pa r t I V Appendi x esLisa Wolters-Broder Emily K. Wolman, Appendix A - I nter netw or k ing Basics

Acquisitions Coordinator Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Jessica Wilson Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

Technical Editor Bobby Doss

List of Figur es List of Tables

List Copy of Case Editor Studies

Mike McGee List of Sidebars Proofreader Linda Medoff Indexer Valerie Robbins Composition

Carie Abrew, Tabi Cagan, Tara A. Davis Illustrators Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Melinda Moore Lytle, Kathleen Fay Edwards, Michael Mueller, Lyssa Wald 2 00 3 : Th e O ff icial Guid e Series Design by Steve Kaplan et al. Peter F. Hancik McGr aw -Hill © 2003 (724 pages) Cover Design Pattie Lee

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

This book was composed with Corel VENTURA™ Publisher.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaInformation ble o f Con t has en t sbeen obtained by McGraw-Hill/Osborne from sources believed to be reliable.

However, of the possibility of human mechanical errorGuide by our sources, McGrawCitr ix MetaFrbecause am e Access Suite for Window s Ser v eror2003—The Official

Hill/Osborne, or others, McGraw-Hill/Osborne does not guarantee the accuracy, adequacy, or For ewor d

completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g I ntr oduction

Alan Wood Chapter 1 -

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 2 - Window s Ter minal Ser vices Compassion, honesty, respect, inspiration, support, tolerance—without these I would accomplish Chapter - my Citr wife, ix MetaFr am e Access she Suitedidn't make the world, she does makes my world go 'round. nothing.3 For Carol—though Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Tim Reeser Pr epar ing Your Or ganization for an On- Dem and Enterpr ise -

Chapter 4

I mplem ent ation To my wife, and my daughterData Rebekah, wereure beyond flexible over the last eight months Chapter 5 - Lindsay, Ser ver - Based Computing Center who Architect

and allowed me to focus on this work. To the incredible engineering team at ECC, who pulled together - Designing Your Netw or k for Ser ver- Based Com put ing under tight deadlines to make this book a true technical marvel.

Chapter 6 Chapter 7

- The Client Envir onment

Chapter 8 - Security Steve Kaplan Chapter 9

- Net w or k Managemen t

To Ryan, my support and inspiration. Pa r t my I I I son, - I m ple m entand ing a n Odaughter, n-D e m a ndAlexis, Se r ve rfor - Batheir se d Com pu ti ng Envi r onm e nt

To my brother, Alan, for

his pioneering in making server-based on an enterprise scale. And to my client Chapter 10 - Pr efforts oj ect Managing and Deploying ancomputing Enter pr ise work SBC Envir onment and friend, Lackey,ation: for showing usTer allmhow vision, and exceptional execution can Chapter 11 -Anthony Ser ver Configur Windows inal leadership, Serv ices successfully transform the ITation: infrastructure of one the world'sSer largest Chapter 12 - Ser ver Configur Citr ix MetaFr am eof Presentation ver corporations. Chapter 13 - Application I nstallation and Configur at ion

Bobby Doss

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 to- my Pr ofiles, ocedu res With love wife, Policies, Tammie,and andPrmy daughter, Emily (and the baby on the way), for always Chapter supporting 16 -and Securing loving Client me. Also, Access to my mom and dad, who taught me to work hard and always strive for

the best! never ableattoion tell them all how much I appreciate them, so I thought I would start Chapter 17 I've - Net wor kbeen Configur here. 18 - Pr int in g Chapter Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Tim Reeser is Chairman, CFO, and cofounder of Engineering Computer Consultants, Inc. (ECC). ECC is a Microsoft Gold Partner in Enterprise Systems and a Citrix Platinum partner, and has been Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 enterprise providing server-based solutions for eight years. Tim has written for Windows.NET Envir onment Magazine and Selling NT Solutions Magazine , and has been a speaker at industry events such as Pa r t I V - Appendi x es Citrix Solutions Summit, Ingram Micro's Venture Tech Network, and various user groups and Appendix A - I nter netw or k ing Basics consortiums. He manages the day-to-day sales activities of the sales team at ECC, and has weekly Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model meetings with server-based computing customers, providing constant and timely insight into the Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model current state of business. Tim holds a B.S. in Mechanical Engineering from Colorado State University, I ndex and is MCSE and CSA certified. Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

List of Figur es List Steve of Tables Kaplan is the National Director of Enterprise Accounts for Vector ESP, Inc. His former

company, RYNO Technology, was named the Citrix Platinum Partner of the Year for the United States List of Case Studies before being acquired by Vector ESP in 2001. He is widely recognized as one of the most prominent List of Sidebars proponents of server-based computing, and helped pioneer and develop the Citrix ACE Cost Analyzer Tool. Kaplan has spent years as a regular columnist for three different channel magazines and has worked with multiple hardware manufacturers and ISVs to help them develop channel and marketpositioning strategies. He was a general session speaker at the 2002 Citrix Solutions Summit and has sat on the advisory boards of several industry leaders including a position on the Microsoft Partner Advisory Council. He holds a B.S. in business administration from U.C. Berkeley and an M.B.A. with an emphasis in both marketing and finance from Northwestern's J. L. Kellogg Graduate School of

Management. Alan Wood is a Project Leader and Senior Engineer with Engineering Computer Consultants. In Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver addition to his Microsoft certification, he is a Cisco Certified Network Professional (CCNP) and a Cisco 2 00 3 : Th e O ff icial Guid e Certified Design Professional (CCDP). Alan has over 25 yearsISBN:0072195665 experience in designing, operating, by Steve Kaplan et al. maintaining, and troubleshooting networks and telecommunications systems ranging from military McGr aw -Hill © 2003 (724 pages) infrastructure to campus networks and teletypes to SONET. In the academic realm, he developed and This guide ex plains how to build a r obust, reliable, and taught college curriculum for Microsoft Windows NT Network Administration and Telecommunications scalable thin- client com puting envir onment and deploy Systems. Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

Bobby Doss is aon Director of Enterprise for Vector ESP, Inc. Located in the Houston office, he the desktop, and morServices e. has been with Vector ESP for four years and has worked in the IT business for the last seven. He's < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> certified on every platform Citrix has released since WinFrame 1.8, and is both a Citrix Certified Ta ble o f Con t en t s Enterprise Administrator (CCEA) and Citrix Certified Instructor (CCI). In addition to his Citrix credentials, Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide he holds a number of Microsoft certifications, including being a Microsoft Certified Systems For ewor d Administrator and a Microsoft Certified Systems Engineer (MCSE) on both Windows NT 4.0 and I ntr oduction Windows 2000. Bobby has also been recognized for reviewing several Citrix training manuals in use at Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g authorized learning centers around the world. He was educated at Abilene Christian University and the I ntr oducing Ser ver -Based Com puting and th e On- Dem and University Chapter 1 of - Phoenix. He and his wife, Tammie, have a daughter, Emily, and currently await the arrival Enterpr ise of their second child in late April 2004. Chapter 2

- Window s Ter minal Ser vices

Chapter 3 - Citr ix MetaFr am e Access Suite ACKNOWLEDGEMENTS Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Although thePr three authors majority theand writing andise editing, many ECC engineers epar ing Your performed Or ganizationa for an On-ofDem Enterpr contributed significantly I mplem ent ation to the writing, figure and illustration creation, testing, and editing. Despite very hectic schedules on- Based customer premises performing designure and implementation work, these engineers Chapter 5 - Ser ver Computing Data Center Architect carved out weekend and evening time to make this book happen. Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing The engineers who contributed significantly both the Envir writing, editing, and testing include: Brian Casselman, Larry Henshaw, Travis Chapter 7 - to The Client onment Hevelone, and Ben Reeser. In addition, several engineers made contributions in the form of editing Chapter 8 - Security and technical testing, including Ken Lang, Kris Climie, Erik Ambrose, and John McMaster. Beyond the Chapter 9 - Net w or k Managemen t engineers, ECC's internal technical editor, Tracy O'Hare, spent many hours making sure our writing Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt was readable and that we followed the appropriate Osborne guidelines. Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 4

Chapter - Ser ver Configur Windows Ter m inal Serv ices for Vector ESP, who handled the Thanks11also to Bobby Doss,ation: a Director of Enterprise Services Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver accuracy and detail that will technical review of the book. Bobby's input truly added to the technical Chapter 13 Application I nstallation and Configur at ion make this book popular with the folks charged with implementing server-based computing at the Chapter - Client Configur ation and Deploym ent ground14 level. Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

A significant the technical Chapter 16 - amount Securingof Client Access material in this book was gathered from Citrix personnel, who

were all17very helpful. Special thanks Chapter - Net wor k Configur at ion though to Doug Brown for his work of art, Methodology in a Box

(which we encourage anyone involved with an SBC project to read at http://www.dabcc.com) and for his permission to borrow content and ideas from his work. We also are indebted to Kevin West, Senior Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Director of Messaging for Citrix, who helped us both understand and better articulate Citrix' latest Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP positioning. Chapter 18 - Pr int in g

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir onment A special thanks to Tony English, co-founder and President of ECC, who provided the inspiration to Pa r t I V - Appendi x es take this work on, even though the Army called him away to Iraq for the duration of the project. We Appendix A - Ito nter or return. k ing Basics look forward hisnetw safe Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

And finally, want toanthank all of customers whoiption had the vision and courage to implement Appendix C - we Creating On- Dem andour Enterpr ise Subscr Billing Model server-based computing on an enterprise scale, and who thereby helped create the access I ndex infrastructure List of Figur es industry and the foundation for the on-demand enterprise. List of Tables

KUDOS FOR THE FIRST EDITION

List of Case Studies

List of genesis Sidebarsof the first edition was an enterprise deployment of Windows NT and Citrix MetaFrame The

1.8 for a Fortune 1000 company that began in 1998. While several books gave good information on how to set up and administer Terminal Services and MetaFrame, no one had yet written about the challenges, pitfalls, and methodologies required to make implementation successful on an enterprise scale. Citrix agreed to endorse the book as their Official Guide, and both the authors and McGrawHill/Osborne have been very pleased with the sales. The feedback for the book was quite good, particularly for a first edition. Our primary criticism came

from covering too much networking basics in the book. This second edition addresses that issue and has undergone far more review by experts from both Vector ESP and ECC, as well as from Citrix and Microsoft. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver ForewordCit 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al.

ISBN:0072195665

The previous edition of this book, Citrix® MetaFrame™ for Windows® Terminal Services: The Official McGr aw -Hill © 2003 (724 pages) Guide, sold over 13,000 copies—a big success for a technology guide. That was three years ago, This guide ex plains how to build a r obust, reliable, and when the server-based computing market was still young. Much has changed since then. We've been scalable thin- client com puting envir onment and deploy through a long economic political upheavals, terrorist attacks, and wars. And through it all—in Windows drought, 2000/ Windows 2003 Ser v er and MetaFr am e. Also spite of it all, in fact—the server-based computing market matured, growing explosively and learn t o centr alize application managem ent,has r educe soft w ar e on the desktop, and mor e. globally. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Today, nearly 50 million people use our technology every day to access the on-demand enterprise, Ta ble o f Con t en t s

and more than 120,000 organizations around the world are Citrix customers. These include all of the Fortune 100 companies, 99 percent of the Fortune 500 firms, and 95 percent of the Financial Times' For ewor d European 100. When the first edition of this book came out, the idea of centralizing computing on the I ntr oduction server was visionary and futuristic. Lately it's become the norm since its benefits are so clear and Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g compelling: ubiquitous, secure access for workers combined with more cost-effective and efficient I ntr oducing Ser ver -Based Com puting and th e On- Dem and management Chapter 1 - of enterprise applications for the IT staff. As a result, we've gone mainstream in a big Enterpr ise way. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Chapter 2

- Window s Ter minal Ser vices

Chapter 3 - of Citrthis ix MetaFr am e Access SuiteTim Reeser, and Alan Wood—have had something to do with The authors book—Steve Kaplan, Pa r t Isuccess. I - De signi ng aguide n Ent eitself rpr i se Solut ioninformative, this The is SBC useful and

as its success has shown, and the first edition helped many Pr readers epar ing successfully Your Or ganization implement for an server-based On- Dem and Enterpr computing ise environments. Moreover, the I mplem entcompanies ation authors represent two that are part of a select group of top-notch Citrix Platinum-level Chapter 5 So - Ser verhave - Based ComputingtoData Center Architect resellers. they contributed our success and theure increasing adoption of server-based Chapter 6 -with Designing Your Netw or k for Ser Based Com put ing computing both how-to information andverhands-on implementation. I am grateful to them and Chapter proud to 7 contribute - The Client this Envir forward onment to the second edition. Chapter 4

Chapter 8

- Security

This edition- comes at an exciting time for Citrix. Earlier this year, we announced the Citrix MetaFrame Net w or k Managemen t Access Suite, extending our flagship product, Citrix MetaFrame Presentation Server, into a complete Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt system of integrated software products that we call access infrastructure for the on-demand Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment enterprise. You will see these terms used throughout the book, along with the familiar server-based Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices computing terms and concepts that remain at the heart of what we do. Combining cutting-edge and Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver tried-and-true notions, the authors present the very latest on access infrastructure technology along Chapter 13 - Application I nstallation and Configur at ion with best practices derived from configuring hundreds of Citrix MetaFrame and Microsoft Terminal Chapter - Client Configur ationinfrastructure and Deploym for ent the on-demand enterprise simplifies the complexity of Server 14 systems. While access Chapter 15 Pr ofiles, Policies, and Pr ocedu res information systems, successful implementation requires an organization's IT department to address a Chapter 16technical, - Securing Client Access range of educational, cultural, political, and internal marketing challenges. That's what this Chapter 17 Net wor k Configur ion book is all about, and anyoneatplanning to transform their company into an on-demand enterprise will Chapter - reading Pr int in g it. benefit 18 from Chapter 9

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Mark B.20Templeton Chapter - Migr ation to Window s 2003 and Citr ix MetaFrame XP President and Chief Executive Officer

Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 Citrix Systems, Inc. Envir onment Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Introduction 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

Over the next five years, Russell will likely realize more than $5 million in savings from ThisCitrix guidesoftware ex plainsand howan to additional build a r obust, reliable, and implementing $4 million in future cost avoidance from scalable thin- client com puting envir onment and deploy outsourcingWindows IT operations. 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

—Tom Hanly, Chief Financial on the desktop, and Officer, mor e. Frank Russell Company

< ?xm " 1.0" encoding= " I SO8859-is 1"driving ?> Thel version= complexity of information systems the cost of enterprise computing out of control, Tafrequently ble o f Conoffsetting t en t s the business benefits derived from information technology. Consequently, in spite Citr MetaFr amand e Access for Window v er 2003—The Official of ixcontinuing rapidSuite advances in IT, sit Ser is more difficult than everGuide before for IT organizations to For ewor d consistency of service to all the places and people they must serve. provide I ntr oduction

This confirmed a recent study Pa r t I is - Ov er vi e w ofby Ente r pr ise Se r ve r of - Bathe se dU.S. ComDepartment put in g

of Commerce's Bureau of Economic Analysis, which that 1965 lessCom than 5 percent the Dem capital I ntrfound oducing Serinver -Based puting and thof e Onandexpenditures of U.S. companies Chapter 1 went to IT. -Early in the Enterpr ise 1980s, when the PC was beginning to proliferate, the percentage grew to 15 percent. later, percentage Chapter 2 A decade - Window s Terthe minal Ser vices had doubled, and by the late 1990s, IT costs were nearly half of all expenses of American corporations. Chapter 3 - Citr ix MetaFr am e Access Suite But the amazing thing about these huge budgets is that they haven't ledsigni to angrevolution ini se innovation orion productivity; typically, 80 percent of a company's IT spending Pa r t I I - De a n Ent e rpr SBC Solut today goes toward justYour maintaining existing Pr epar ing Or ganization for systems. an On- Dem and Enterpr ise Chapter 4

-

I mplem ent ation

What's driving all this? Heterogeneity. Each successive wave of computing—mainframe, - Ser ver - Based Computing Data Center Architect ure minicomputer, PC, client-server, the Web, web services—has not superseded previous waves but Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing rather has been piled on top of what came before. Moreover, the diversity and proliferation of access Chapter 7 - The Client Envir onment devices, computing platforms, software languages, networks, standards, and application Chapter 8 - Security infrastructures have further complicated the picture, making the cost of computing more variable and Chapter 9 - Net w or k Managemen t more expensive than ever. Chapter 5

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect andthese Deploying an Enter pr ise SBC Envir onmentchallenges through IT organizations are Managing coping with technical, economic, and business consolidation. They are reducing number Chapter 11 - Ser ver Configur ation: the Windows Terof m moving inal Servparts ices by centralizing and consolidating as

much of complexity as possible to fewer data centers, servers, and networks. Chapter 12the - heterogeneity Ser ver Configurand ation: Citr ix MetaFr am e Presentation Ser ver Their goal to migrate to a model and that Configur allows them Chapter 13 is - Application I nstallation at ion to improve the level of service they provide to the business. accomplish this, many moving Chapter 14 To - Client Configur ation and are Deploym ent the complexity of computing to a central place where it can best controlled, evolved over time. This makes everything outside the data Chapter 15be- managed, Pr ofiles, Policies, and Prand ocedu res

center simpler to manage more cost-effective to operate. It also dramatically improves information Chapter 16 - Securing Clientand Access security and resilience to technological and business interruptions.

Chapter 17 - Net wor k Configur at ion

Chapter - Pr int in g for the on-demand enterprise provides a consistent user experience across a Access18 infrastructure Chapter 19 Disaster Continuity in the SBC Envirtoonment wide variety- of accessRecovery devices and and Business easy, secure, and instant access IT services—from anywhere. It Chapter 20 Migr ation to Window s 2003 and Citr ix MetaFrame XP allows heterogeneity to be managed centrally, and shields the user from the complexity of accessing Ongoing Administr ation ofItthe Ser vthe er - Based puting heterogeneous information systems. knows user'sCom identity and presents an interface that Chapter 21 Envir onment dynamically adjusts to the specific user's device, location, and preferences. Pa r t I V - Appendi x es

The MetaFrame provides access infrastructure for the on-demand enterprise, which is Appendix A - I nterAccess netw or kSuite ing Basics built upon are executed onModel central server farms running Appendix B server-based - Creating an computing; On- Dem and applications Enterpr ise Financial Analysis MicrosoftC Windows Server 2003 Terminal Services and Citrix MetaFrame Appendix - Creating an OnDem and Enterpr ise Subscr iption Billing Model Presentation Server. Users see only screen prints of their applications displayed on a wide variety of devices, including handheld I ndex PDAs, PCes tablet devices, Windows-based terminals, Macs, smart phones, Linux workstations, and List of Figur

traditional List of TablesPCs. This computing paradigm also goes by several other names (with some variations in

meaning), including server-centric computing, application serving, thin-client computing, ASP services, and simply Terminal Services. By providing organizations with the ability to quickly deploy a wide range List of Sidebars of applications to users, regardless of their location, bandwidth constraints, or device, server-based computing has changed the way many organizations work today. Just as importantly though, serverbased computing has reduced or eliminated the requirements for both PC upgrades and remote-office servers, thus allowing many organizations to minimize their ongoing capital expenditures and dramatically slash their administration costs. List of Case Studies

Server-based computing is great. It's happening. It's part of our strategy.

—Steve Ballmer, Microsoft President, from the Wall Street Journal, July 21, 1999 Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Evolution of an Industry by Steve Kaplan et al.

ISBN:0072195665

McGr aw -Hill © 2003 (724 pages)

According to Giga Information Group, in a report dated February 2002, nearly two-thirds of enterprise This guide ex plains howserver-based to build a r obust, reliable, 32 andpercent believe it is a strategic users surveyed by Giga have deployed computing; scalable thin- client com puting envir onment and deploy technology. Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

Citrix launched the in theand latemor 1980s with the introduction of a multiuser OS/2 product called onindustry the desktop, e. WinView. Over the last few years, a majority of large company IT departments have adopted server< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> based computing in some form to solve a variety of problems such as wide area deployment of Ta ble o f Con t en t s applications, remote access, and access to Windows applications on non-Windows devices (such as Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide UNIX and Mac desktops), but many of these deployments are tactical rather than strategic. This, For ewor d is changing. As companies begin to experience the cost, efficiency, flexibility, and productivity however, I ntr oduction benefits of the Citrix MetaFrame Access Suite on a tactical level, they are increasingly and strategically Pa r t I - Ov er vi e w Ente access r pr ise Seinfrastructure r ve r - Ba se d Com puttime. in g standardizing onofCitrix over I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

-

Chapter 9

- Net w or k Managemen t

Enterpr ise computing industry is enormous and includes scores of Windows terminal Today, the server-based Chapter 2 bandwidth - Windowmanagement s Ter minal Serdevices, vices choices, wireless connectivity options, and thousands of software partners, and consultants. incorporation of Terminal Services into Windows Chapter 3 resellers, - Citr ix MetaFr am e Access Microsoft's Suite Server and commitment toSolut continue Pa r t I I - 2003, De signi ng aits n Ent e rpr i se SBC ion the rapid feature enhancement, usability, and partner community ofPrTerminal Services is further server-based computing as a mainstream epar ing Your Or ganization forvalidating an On- Dem and Enterpr ise Chapter 4 I mplem ent ation technology. We believe that with Citrix' ability to extend the Terminal Services application deployment Chapter 5 -toSer ver - Based Computing Data Center and Architect ure additional pressures of shrinking IT foundation enable the on-demand enterprise, with the budgets, with theYour needNetw to ensure recovery comply with new, stringent government Chapter 6 along - Designing or k for disaster Ser ver- Based Com and put ing regulations, of computing change will continue to gain momentum and, in fact, will Chapter 7 - this The rising Client tidal Envirwave onment become Chapter 8 a prominent - Security paradigm in business computing throughout the next decade.

Note Some readers took exception with our declaration of server-based computing becoming the new networking standard when we published the first edition of this book in July of 2000. Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Nearly 50 million people in over 120,000 organizations around the globe now utilize Citrix Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices software, and 50 percent of surveyed customers consider Citrix their corporate standard for Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver application deployment. We firmly believe that the overwhelming economic advantages Chapter 13 make - Application I nstallation and Configur at ionOrganizations that do not embrace the much this continuing transition inevitable. Chapter 14 greater - Clientefficiencies Configur ation and Deploym ent and strategic benefits that centralized computing enable will be at a Chapter 15 competitive - Pr ofiles, Policies, and Pr ocedu res disadvantage. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 16 - Securing Client Access

In an enterprise implementation of Windows 2003 Terminal Services and Citrix MetaFrame Chapter 17 - Net wor k Configur at ion Presentation Server, Chapter 18 - Pr int in g most applications execute at one or more central data centers rather than on individual This entails a paradigm shift Continuity back to mainframe procedures, and Chapter 19 PCs. - Disaster Recovery and Business in the SBCmethodologies, Envir onment

discipline, while still utilizing technology and environmental aspects unique to the PC world. It requires a much more resilient, reliable, and redundant network infrastructure than in a conventional clientOngoing Administr ation of the Ser v er - Based Com puting Chapter 21 - Myriad decisions must be made regarding building this infrastructure as well as several server WAN. Envir onment ancillary items such Pa r t I V - Appendi x es as choosing the right terminals, prioritizing WAN traffic, consolidating storage, enablingAredundancy, and migrating Appendix - I nter netw or k ing Basics from legacy systems. Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix the Me t aFra m e Access Su it e fo r W in do w s Ser ver What's NewCitin Second Edition 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve Kaplan al. edition written three years This book is a continuation of theetfirst ago by Steve Kaplan and Marc McGr awcomputing -Hill © 2003 technology (724 pages) Mangus. Server-based has evolved significantly over the last three years, with the release of Windows Server 2003, Citrix MetaFrame Presentation Server, MetaFrame Secure This guide ex plains how to build a r obust,XP reliable, and thin- client com putingManager, envir onment deploy Password Manager (which Access Manager,scalable MetaFrame Conferencing andand MetaFrame Windows 2000/ Windows Access 2003 Ser v er and MetaFr ammyriad e. Also third-party applications and together comprise the Citrix MetaFrame Suite), along with learn t o centr alize application managem ent, r educe soft w ar e solution providersonthat brought technology into the mainstream and have resolved and thehave desktop, and this mor e. automated a host of issues and complications. Server-based computing on an enterprise level has < ?xm l version= " 1.0" encoding= " I SO-Citrix 8859-calls 1" ?>the on-demand enterprise. Citrix is the market leader in expanded and evolved into what Taaccess ble o f Con t en t s infrastructure that enables people to access enterprise applications and information on Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide demand.

For ewor d

This second edition incorporates these changes. We take an in-depth look at Microsoft Server 2003 I ntr oduction and product brings to se server-based Pa r t I the - Ovchanges er vi e w ofthis Ente r pr ise Se r ve r - Ba d Com put in gcomputing,

the changes Citrix has brought with the Citrix MetaFrame Access Suite, and the shift that is eunderway towards webification and web I ntr oducing Ser ver -Based Com puting and th On- Dem and Chapter 1 aggregation (such Enterpras isewith Citrix MetaFrame Secure Access Manager). We have also updated all of the information clientsdeployment, third-party add-on applications, and overall management of Chapter 2 - on Window Ter minal Ser security, vices a server-based computing environment to include all of the latest advancements and industry bestChapter 3 - Citr ix MetaFr am e Access Suite practice trends. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 -to the technical changes of the last three years, the business climate has also been In addition I mplem ent ation

transformed dramatically. Waves of power outageArchitect problems Chapter 5 - Ser ver - Based Computing Data Center ure on the west coast in early 2001 and the

east coast in August 2003, and the events of September 11, 2001, have forced businesses to more - Designing Your Netw or k for Ser ver- Based Com put ing seriously analyze their disaster recovery and business continuity plans. Hundreds of businesses lost Chapter 7 - The Client Envir onment data, and just as importantly, lost access to data for extended periods of time. No longer is it Chapter 8 - Security acceptable to simply have a plan for data recovery; organizations must also now have a tested plan for Chapter 9 - Net w or k Managemen t business continuity. Fortunately, some of the businesses affected in these crises utilized server-based Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt computing, and were able to demonstrate the effectiveness of replicated server-based sites and user Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment access from anywhere, anyplace, at any time. Chapter 6

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

The authors have been evangelizing virtues of server-based computing since its roots Chapter 12 - of Serthis ver book Configur ation: Citr ix MetaFr am ethe Presentation Ser ver as thin-client technology.I nstallation Our firmsand represent well over 2000 successful server-based computing Chapter 13 - Application Configur at ion installations every type ofation enterprise from Fortune 50 to small businesses with only ten employees. Chapter 14 - at Client Configur and Deploym ent Even with however, Chapter 15 this - Prbroad ofiles, success, Policies, and Pr oceduwe resdaily engage with organizations that have little or no knowledge the powerful Chapter 16 -ofSecuring Client benefits Access of server-based computing. A significant number of enterprises still have not fromatlooking at their IT infrastructure as a cost department, to looking at it as Chapter 17made - Netthe worjump k Configur ion an automation and enabling department. Many enterprises are still hesitant to throw out what they believe to be the safe approach of continuing down the familiar (and unending) road of constant PC Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment upgrading and maintenance. Chapter 18 - Pr int in g

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Ongoing Administr ation of the Ser v er - Based Com puting Although Chapter 21 this - book will speak to those businesses that have not seriously considered server-based Envir onment

computing, its text is more specifically aimed at helping those who have made the decision and are looking for industry best practices and practical tips to find the greatest success with this technology.

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Server-based us Subscr to buildiption a more efficient Appendix C - Creatingcomputing an On- Demhas andallowed Enterpr ise Billing Modelyet technically cutting-edge environment. We use it to reduce Telco expenses, augment our VoIP solution, and increase company productivity via the virtual desktop. With Citrix, we can manage all these applications List of Figur es for 300 users with an IT team of four people. List of Tables I ndex

List of Case Studies —John Graham, IT Manager, Mountain West Farm Bureau List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver The Composition of this Book 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by the Steve Kaplan et to al.design and implement a successful This book provides framework access infrastructure for an McGr awOur -Hillfocus © 2003is (724 on-demand enterprise. onpages) using Windows Server 2003 Terminal Services and the Citrix MetaFrame Access accommodate hundreds or thousands of users running their desktop ThisSuite guidetoex plains how to build a r obust, reliable, and thin- client comdata puting envir onment and deploy applications fromscalable one or more central centers. We address the myriad technical, design, and Windows 2000/ in Windows 2003 Ser and MetaFr am e. assume Also implementation issues involved constructing thisv er environment, and readers already have a learn t o centr alize application managem ent, r educe soft w ar e good working knowledge of networking and system administration for Windows Server 2003. on the desktop, and mor e.

< ?xm " 1.0" encoding= SO- 88591" ?> Part I is an overview of enterprise server-based computing. Thel version= book is divided into three" I main parts. TaThis ble osection f Con t en ts reviews Windows Server 2003 Terminal Services and MetaFrame XP Presentation Server and forforenterprise Citr ix includes MetaFr amjustifications e Access Suite Window s deployments. Ser v er 2003—The PartOfficial II covers Guide the design of an on-demand

computing solution and ranges from planning and internally selling the project to providing guidelines For ewor d foroduction data center and WAN architecture, file services, remote access, security, network management, I ntr and Pa r t I thin-client - Ov er vi e wdevices. of Ente rPart pr iseIII Secovers r ve r - Bathe se ddeployment Com put in g

of on-demand computing and includes project management, installation, server farms, profiles, policies I ntr oducing Serautomation, ver -Based Com puting and th e On- Dem and and procedures, printing, and Chapter 1 migration methodologies. Enterpr ise Chapter 2

- Window s Ter minal Ser vices

In Appendix- A, we present internetworking basics for those who would like a quick brush-up on Citr ix MetaFr am e Access Suite networking concepts. Appendix B provides a methodology for building a spreadsheet-based financial Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion model to analyze the comparative benefits of on-demand versus client-side computing. Appendix C Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 a suggestion includes creating a utility-like billing model for charging users for application hosting. I mplem entfor ation Chapter 3

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

We include Notes,Tips, and Cautions to supply additional detail to the text. A Note is meant to provide Designing Your Netw or k for Ser ver- Based Com put ing information- when the general flow of the discussion is concentrating in a different area or is not as Chapter TheNote Client Envir detailed7 as-the itself. Aonment Tip is a specific way to do or implement something being discussed. A Chapter - Security Caution8 is meant to alert the reader to watch out for a potential problem. Chapter 6

Chapter 9

- Net w or k Managemen t

Writing book rapidly evolving poses a challenge. Pa r t I I I - aI m ple mabout ent ingsuch a n Oa n-D e m a nd Se r ve r - technology Ba se d Com pu ti ng Envi r onm e nt

By the time this book is

published, tools andand practices will an beEnter coming onSBC theEnvir scene. Fortunately, the methodologies Chapter 10 additional - Pr oj ect Managing Deploying pr ise onment and approaches weConfigur describe should be relatively timeless, Chapter 11 - Ser ver ation: Windows Ter m inal Serv icesand should prove very useful as you begin your own server-based computing Chapter 12 enterprise - Ser ver Configur ation: Citr ix MetaFrproject. am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion ChapterCitrix 14 - MetaFrame Client Configur ation and software hasDeploym greatly ent improved our ability to provide educational services to Chapterour 15 students - Pr ofiles, Policies, and Pr ocedu res and faculty and has increased our students' willingness to use them. Chapter 16 - Securing Client Access

Oyler, Chapter—Pete 17 - Net wor kInstructional Configur at ionTechnology Specialist, West Shore School District Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit Read rix Me t aFra m e Book Access Su it e fo r W in do w s Ser ver Who Should this 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve et al. We have written this book Kaplan to speak to two audiences: The business decision makers (that is, CFOs, McGrand aw -Hill © 2003 (724 who pages)are evaluating enterprise IT options, and the IT CEOs, CTOs, CIOs, IT Directors) administrators who are considering will implementing and maintaining a server-based computing This guide ex plains or how to be build a r obust, reliable, and thin- client combusiness puting envir onment and deploy environment. Wescalable recommend that the decision-makers focus on Chapters 1,4,5,7,8,10, Windows 2000/ Windows 2003 business Ser v er andissues. MetaFrAll amother e. Alsochapters tend to be more and19, as these chapters specifically address learn t o centr alize application managem ent, r educe soft w ar e implementation- and technically on the desktop, focused, and mor e.although we worked to keep them relevant and readable by providing a multitude of graphics, pictures, charts, and tables.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaIn ble o f Con to t en t s audience just mentioned, this material will provide a compilation of best practices for addition the Citr ix MetaFrdeployment am e Access Suite for Windowcomputing, s Ser v er 2003—The enterprise of on-demand and thusOfficial shouldGuide also appeal to the engineers and

consultants of the 7000 Citrix partners and 21,000 Microsoft Solution Providers worldwide. IT and For ewor d project managers can benefit from the sections on change control, customer care, and migration I ntr oduction strategies. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFraAuthors m e Access Su it e fo r W in do w s Ser ver Interacting Cit with the 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 byfeedback Steve Kaplan We welcome your and et willal.incorporate appropriate suggestions into further releases of the McGr aw -Hill ©Kaplan 2003 (724 book. You can contact Steve atpages) , Tim Reeser at , , and Bobby Doss at This guide ex Alan plainsWood how toatbuild a r obust, reliable, and scalable thin- client com puting envir onment and deploy .

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Part I: Overview of Enterprise Server-Based 2 00 3 : Th e O ff icial Guid e ISBN:0072195665 by Steve Kaplan et al. Computing McGr aw -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Chapter List Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Introducing Computing and the On-Demand Enterprise < ?xm l Chapter version= "1: 1.0" encoding=Server-Based " I SO- 8859- 1" ?> Ta ble o f Con t en t s Chapter 2: Windows Terminal Services

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d Chapter 3: Citrix MetaFrame Access Suite I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Me t aFra m e Access Su it e fo r W in do w s Ser ver Chapter Cit 1:rixIntroducing Server-Based Computing 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. and the On-Demand Enterprise ISBN:0072195665 McGr aw -Hill © 2003 (724 pages) guideinex plainsthan how120,000 to build acustomer r obust, reliable, and Nearly 50 million This workers more organizations around the world use Citrix scalable thin- client com puting envir onment and deploy enterprise accessWindows infrastructure solutions every day. Access infrastructure is a category of enterprise 2000/ Windows 2003 Ser v er and MetaFr am e. Also software that consolidates previously separate types of access technologies learn t o centr alize application managem ent, r educe soft w ar e in the areas of device and network services,on aggregation and security and identity management, and the desktop, andpersonalization, mor e. presentation and conferencing. At the heart of access infrastructure is the server-based computing < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> (SBC) model, which is the term we will use throughout this book. SBC utilizing Microsoft Terminal Ta ble o f Con t en t s Services and the Citrix MetaFrame Access Suite is reshaping corporate computing by driving costs out Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide of IT while increasing the utility and value of applications through universal (and controlled) access. In For ewor d a 2002 in-depth research project, Giga Information Group determined that the average risk-adjusted I ntr oduction payback for the firms participating in the study occurred within 11 months of deploying SBC on an Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g enterprise scale. And while the economic justification for SBC alone is compelling, many organizations I ntr oducing Ser ver -Based Com puting and th e On- Dem and are transitioning to this architecture primarily to take advantage of other strategic benefits such as Chapter 1 Enterpr ise improved security, enhanced disaster recovery/business continuance, faster time to market, increased Chapter 2 - Window s Ter minal Ser vices productivity, universal information access, regulatory compliance facilitation, and faster organizational Chapter 3 - Citr ix MetaFr am e Access Suite growth. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise In the 1990s, Chapter 4 - Citrix created the server-based computing category with the product now called Citrix I mplem ent ation Server, and then dramatically expanded its scope in March, 2003 with the MetaFrame XP Presentation Chapter 5 - of Ser verCitrix - Based Computing Access Data Center ure enables organizations to utilize serverintroduction the MetaFrame Suite.Architect This suite Chapter 6 - Designing Netw or kscale for Ser Baseda Com put ing based computing on anYour enterprise to verprovide geographically unrestrained and consistent user Chapter 7 -along The Client Envir onment experience with instant access to enterprise applications, information, people, and processes. Chapter 8 is - Security The result a single, integrated and consistent access infrastructure for the On-Demand Enterprise. This chapter introduces the concept of enterprise SBC. We consider the many economic benefits of Chapter 9 - Net w or k Managemen t

SBC the industry trends that itstiacceptance. Pa r t I I and I - Im plemajor m ent ing a n O n-D e m a nd Seare r ve raccelerating - Ba se d Com pu ng Envi r onm eWe'll nt

look at the four main

functions solutions: application deployment, office business continuity, and Chapter 10 of- SBC Pr oj ect Managing and Deploying an Enter remote pr ise SBC Envirconnectivity, onment workforce also ation: consider other Ter SBC advantages Chapter 11 mobility. - Ser ver We Configur Windows m inal Serv ices such as the ability to help facilitate compliance government regulations and become more environmentally friendly. We analyze the Chapter 12 - with Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver main components of anI enterprise SBCConfigur deployment, Chapter 13 - Application nstallation and at ion and discuss the process of designing an enterprise environment, which will build Chapter 14 SBC - Client Configur ation and we Deploym ent upon in the chapters that follow. Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Enterprise SBC

Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

Creating an on-demand enterprise built on access infrastructure and the SBC model enables IT departments to deliver software as a utility-like service. Benefits include ubiquitous access to the latest Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment applications from any device across any connection. As with a regular utility, though, users are Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP dependent upon a central source for delivering their service. If something happens to the network, Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 longer users no can fall back to running applications locally. In this environment, building a robust, Envir onment reliable, and scalable architecture is obviously essential. The data center(s) must operate similarly to Pa r t I V - Appendi x es mainframe shops, with stringent change control, controlled access, and well-defined policies and Appendix A - I nter netw or k ing Basics procedures such as rigorous offline testing of all new applications before their introduction into the Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model production environment. Chapter 18 - Pr int in g

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

I ndex An SBC infrastructure has other similarities with the mainframe model of computing. For example, IT List of Figur es desktop and application standards, reduced infrastructure costs, and much lower staffing control of the List of Tables are attributes shared with the mainframe environment. Unlike the mainframe model, requirements

though, SBC users do not have to wait six months in an MIS queue in order to have IT produce a report List of Case Studies for ofthem. Instead, they can create it themselves in minutes by using Excel or any application to which List Sidebars IT gives them access. SBC thus combines the best of both the mainframe and PC worlds. It incorporates the inexpensive desktop-computing cost structure of the mainframe model while allowing users the flexibility and versatility they are used to having with their PCs. The matrix in Figure 1-1 compares the cost and flexibility of SBC with both mainframe and PC-based computing.

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction

SBC combines with low Pa r t I Figure - Ov er vi1-1: e w of Ente r pr ise Se rflexibility ve r - Ba se d Com putcosts. in g I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix t aFra m e AccessSBC Su it e fo r W in do w s Ser ver Justification forMeEnterprise 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al.

ISBN:0072195665

"MetaFrame grew from©a2003 remote access solution for a few employees to a key component of McGr aw -Hill (724 pages) Lehman's enterprise infrastructure. proving its scalability, performance, and flexibility under This guide ex plains how toBy build a r obust, reliable, and extraordinary scalable circumstances, thin- client com MetaFrame puting envir became onment anand integral deploy part of our IT strategy going forward." Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

on the desktop, mor e. E-Commerce Technology, Lehman Brothers —Hari Gopalkrishnan, Viceand President < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> transform itself into an "on-demand enterprise" because it's a cool phrase or a hot TaNo blecompany o f Con t enwould ts

technology. There mustSuite be pain; that pain must be acute, and there must be a viable solution that can Citr ix MetaFr am e Access for Window s Ser v er 2003—The Official Guide stop the For ewor d pain. The pain many companies are feeling is the cost of IT complexity—80 percent of the

typical IT budget today goes to just maintaining existing systems—combined with the inability of an increasingly remote and mobile workforce to access enterprise information where and when they need Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g it. Migrating to server-based computing from a client-centric model simplifies complexity, consolidates I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 and hardware software Enterpr ise systems, cuts costs and increases access. This is the first step in becoming an on-demand enterprise where staff is in control, information is available on demand, and the Chapter 2 - Window s Ter minalthe SerIT vices business can do much more with much less. Chapter 3 - Citr ix MetaFr am e Access Suite I ntr oduction

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Economic Pr epar Savings ing Your Or of ganization SBCfor an On- Dem and Enterpr ise -

Chapter 4

I mplem ent ation Implementing anver enterprise SBC environment is not inexpensive. In addition to the licenses, hardware, Chapter 5 - Ser - Based Computing Data Center Architect ure

design,6planning and implementation costs, SBC alsoCom requires Chapter - Designing Your Netw or k for Ser verBased put inga more robust data-center architecture than that distributed PC-based Chapter 7 of- aThe Client Envir onment computing model. Nonetheless, an SBC environment is a much more economical alternative. Chapter 8 - Security Chapter 9

- Net w or k Managemen t

In an enterprise SBC architecture, the majority of resources are no longer expended on peripheral devices such as PCs and remote office servers and networks. Information processing, servers, and Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment data are consolidated to central data center(s) where resources are much more effectively deployed. Chapter - Ser verchairman Configur ation: Windows m inaltoServ Wayne11 Patterson, of Vector ESP,Ter refers thisices as achieving "economies of skills" because Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation ver to manage their entire IT organizations can utilize a much smaller number of competent Ser IT staff Chapter 13 Application I nstallation and Configur at ion infrastructures. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 14 - Client Configur ation and Deploym ent

Consolidating and storage a central Chapter 15 - Prservers ofiles, Policies, and Prto ocedu res data center can significantly reduce expenditures on hardware associated maintenance. Moreover, the process of centralization provides the Chapter 16 and - Securing Client Access

architecture economies more efficient types of storage such as network attached storage Chapter 17 - and Net wor k Configurto at utilize ion (NAS) or storage area network (SAN) devices. It also enables more efficient and economical implementation of software products such as AppSense and PowerFuse, which control what Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment applications users are able to launch. Chapter 18 - Pr int in g

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Ongoing Administr ation of the Ser v er -to Based puting Personal Personal computers tend haveCom a maximum life span of only a few years for Chapter 21 Computers Envir onment

most organizations. Upgrading a PC is an expensive task that includes not only the cost of the machine and its operating system software, but also the expense of ordering, delivering, and Appendix A - the I nter netw or k files ing Basics configuring PC. Data often need transferring from the old unit to the new one, and the user Appendix B Creating an OnDem EnterprIn isean Financial Analysis Model personal computers typically suffers from downtime during theand process. on-demand enterprise, Appendix C Creating an OnDem and Enterpr ise Subscr iption Billing no longer require upgrading since the applications are processed Model on central server farms. New users I ndex can often utilize inexpensive Windows terminals that are set up in minutes. Suppose, for example, that List Figur es an of organization normally replaces 2000 PCs every three years at a cost of $1100 each (including List of Tables sales tax, procurement costs, installation, travel, and data transfer costs). By eliminating the refresh cycle requirement, List of Case Studies SBC enables savings of $2.2M in capital expenditures every three years for such an organization. List of SidebarsChapter 7 and Appendix B both describe other costs associated with PC refresh cycles. Pa r t I V - Appendi x es

Our estimates had indicated expenses of over two million dollars to replace old hardware in Canada. By leveraging existing hardware with Citrix, we completed the whole project in Canada for only $400,000, saving the company more than $1.5 million. —Louis Gilbert, Director of Data Center Operations, Air Liquide America

Homogenizing Clients Citrix MetaFrame XP Presentation Server lets users run the latest Microsoft applications utilizing a wide variety of clients including Macs, most types of UNIX, Linux, many handheld devices, all flavors ofr Windows, even OS/2. Citsmart rix Mephones, t aFra m DOS, e Access Su it e fo W in do w s and Ser ver 2 00 3 : Th e O ff icial Guid e

Fewer Laptops Many organizations give employees laptops primarily to work between the office and ISBN:0072195665 by Steve Kaplan et al. their homes, or between remote offices. Because of higher up-front costs, higher failure rates, much McGr aw -Hill © 2003 (724 pages) higher maintenance costs, and lack of upgradeability, laptops cause a disproportionate amount of This guide ex plains how to build a r obust, reliable, and trouble and expense (relative to a desktop PC) to IT departments. scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

In an on-demandlearn enterprise, see their personalized andwits t o centrusers alize application managem ent,desktop r educe soft ar eapplications no matter where they connect or which they use. Thus, companies frequently avoid some of the expense of on thedevice desktop, and mor e. laptops by simply purchasing a Windows terminal for their employees to use at home. Employees can < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> also access their applications through a browser from their own PC or from most Internet kiosks, Ta ble o f Con t en t s further driving down the need for laptops. Only the truly disconnected worker needs a laptop, and with Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide the new wireless WAN solutions offered by Sprint, Verizon, AT&T, and others, the disconnected For ewor d worker will quickly become ancient history. I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g Administration

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

in. ASer study ChapterThin 2 -continues Window s to Terbe minal vicesby Gartner Group's Datapro unit has found that enterprises that networks basedSuite on thin clients...tend to extend those installations to other parts Chapterhave 3 -deployed Citr ix MetaFr am e Access the enterprise. staffing required Pa r t I I -ofDe signi ng a n Ent"The e rpr i se SBC Solut ion

to support fat client PCs is at least five times greater than forPrWindows terminals of PCsfor that as Windows terminals," said Peter epar ing Your Or ganization anare On-configured Dem and Enterpr ise ChapterLowber, 4 the Datapro analyst who authored the report. I mplem ent ation Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

—InternetWeek, June 1, 1999

Chapter 7 - The Client Envirlargest onmentcomponent of a PC's total cost of ownership, SBC saves Since administration is the Chapter 8 - Security organizations huge amounts of money by reducing IT staffing requirements. This comes primarily from Chapter 9 - Netof w or k Managemen the elimination the requirementt to push new applications to desktops. For example, Wayne Dodrill, Pa rt I I I - I m m ent ingIntegration a n O n-D e mfor a nd Se r ve r - BaHealth, se d Comapu ti ngleader Envi r onm e nt Manager ofple Systems Concentra U.S. in occupational

health care, noted

Chapter 10 access - Pr oj ectinfrastructure Managing andsolutions Deploying an Enter pr ise Envir onment that "Citrix have helped us SBC double our sites served, quadruple our Chapter 11 - deployed, Ser ver Configur Windows m inalour Serv ices desk from 17 to seven—all while raking in applications tripleation: our users, andTer reduce help Chapter 12 savings - Ser verof Configur ation: Citr ix MetaFrinam e Presentation Ser ver an annual over one million dollars reduced hardware and bandwidth costs." Chapter 13 - Application I nstallation and Configur at ion

Note ABM Industries is a Fortune 1000 company discussed later in this chapter that migrated entirely to a Citrix access infrastructure model. Prior to implementing SBC, the IT staff Chapter 15 - Pr ofiles, Policies, and Pr ocedu res presented three alternative scenarios for migrating the company's 2500 Lotus Notes users Chapter 16 - Securing Client Access around the country from R4 to R5: Chapter 17 - Net wor k Configur at ion Scenario a) 24 months and $3.0M Chapter 14 - Client Configur ation and Deploym ent

Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery Business Scenario b) 18and months andContinuity $3.5M in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Scenario c)9 months andSer $4.5M Ongoing Administr ation of the v er - Based Com puting Envir onment

After migrating company-wide to SBC, the actual time to upgrade to Notes R5 was only 18 hours with no added cost .

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

Appendix B - Creating an OnDem and Enterpr ise Financial Analysis Model Maintenance The ability to eliminate user-caused problems such as loading misbehaving software Appendix C Creating an OnDem and Enterpr ise Subscr iption Billing Model expenses. When a PC applications or deleting icons results in greatly reduced PC maintenance I ndex breaks, it can often simply be replaced with an inexpensive Windows terminal. List of Figur es

Help Desk Support The shadowing feature of MetaFrame XP Presentation Server typically enables List of Tables fewer helpStudies desk staff to accomplish more through their ability to instantly and interactively "see" the List of Case

user's screen. They can then provide remote support by taking control of the user's screen, mouse, and keyboard.

List of Sidebars

Help Desk Staffing Password-related help desk calls account for nearly 25% of call volume on average, and businesses spend on average $200 per year per person on password management, including maintaining help desks that reset lost passwords. Citrix Password Manager eliminates the requirement for users to remember multiple passwords and therefore dramatically reduces the necessity for help desk intervention.

Help Desk Delays Organizations often document the cost of providing help desk support. However, they seldom quantify the cost of lost productivity as users struggle to fix a problem themselves or wait for the help desk Cit to rix handle it. Users too impatient contact the help desk may waste Me t aFra m e Access Su it e or fo rembarrassed W in do w s Serto ver other employees'2time theireassistance. SBC results in less user downtime by combining 00 3 :by Threquesting e O ff icial Guid reduced hardware witheteasier and more effective access to help desk support. ISBN:0072195665 byproblems Steve Kaplan al. McGr aw -Hill © 2003 (724 pages)

Conferencing Popular Web-based conferencing services commonly charge fees ranging between 25 This guide ex plains how to build a r obust, reliable, and to 50 cents per user per minute, which can easily run up expenses totaling thousands of dollars per scalable thin- client com puting envir onment and deploy month. Citrix Conferencing Manager enables application Windows 2000/ Windows 2003real-time Ser v er and MetaFr amsharing e. Also for both internal and external users, but at at oone-time fee. Therefore, be extraordinary, with a learn centr alizefixed application managemthe ent,annual r educesavings soft w ar can e on the and mor payback period often of desktop, only a month or e. two. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

With session shadowing, we've been able to dramatically improve technical support for our users, and have improved response times to their requests by 90 percent.

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

I ntr oduction —Patricia E. Plonchak, Senior VP and Director of Technology, Hudson Valley Bank Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Employee Productivity Work often stops when personal computers I ntr oducing Ser ver -Based Com puting and th e OnDem and or applications are upgraded, repaired, or rebuilt. software can require time-intensive repairs caused from DLL file and EnterprIncompatible ise registry2conflicts. Moreover, incompatible Chapter - Window s Ter minal Ser vices software versions sometimes require time-consuming data conversions to enable information-sharing Chapter 3 - Citr ix MetaFr am e Access Suite among employees. On-demand enterprise users always have tong thea nlatest application versions—standardized across the enterprise—from any device. Pa r t I I access - De signi Ent e rpr i se SBC Solut ion Chapter 1

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 Costs Training Theent resource-intensive logistics of a distributed PC architecture often limits an I mplem ation

organization's ability to provide training on Center new applications Chapter 5 - Ser ver - Based Computing Data Architect ureor application upgrades, particularly to

remote offices. MetaFrame XP Presentation Server's one-to-many shadowing feature enables remote - Designing Your Netw or k for Ser ver- Based Com put ing training sessions for users throughout the enterprise. Users can shadow the instructor's machine while Chapter 7 - The Client Envir onment simultaneously participating in a conference call. This lowers the cost for training, meaning users can Chapter 8 - Security become more proficient and, thus, productive, reducing their requirement for application-based helpChapter 9 - Net w or k Managemen t desk assistance. Chapter 6

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 -Windows Pr oj ect Managing Deploying an Enter pr 1/7th ise SBC onment of PCs. In states such as Electricity terminalsand tend to use only about of Envir the electricity Chapter 11 with - Ser ver electricity Configur ation: Windows Ter m can inal Serv ices tens or even hundreds of thousands of California high costs, the savings run into Chapter - Ser ver ation: with Citr ixlarge MetaFr am e Presentation Ser ver dollars 12 annually for Configur organizations quantities of PCs. Eliminating remote office servers can

further 13 reduce power requirements. Chapter - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Eliminating the Need for Local Data Backup Many organizations rely on users and on remote office administrators to do their own data backups, or they contract this function out to third-party services. Chapter 16 - Securing Client Access SBC eliminates the time, risk, and expense associated with distributed data backups. Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 17 - Net wor k Configur at ion

Chapter 18 Office - Pr int in gInfrastructures Remote Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter In a PC-based 20 - Migr computing ation to Window environment, s 2003 and even Citr small ix MetaFrame remote offices XP often require not only domain

controllers and file servers, butation also of e-mail servers, database servers, and possibly other application Ongoing Administr the Ser v er - Based Com puting onment servers suchEnvir as fax servers. An example of a PC-based computing environment in a remote office is Pa r t I V - in Appendi es The remote offices also require associated peripheral software and hardware Figurex1-2. shown Appendix - I nter netw or k ing systems Basics software, tape backups, tape backup software, antivirus software, includingA network operating Appendix network Bmanagement - Creating ansoftware, On- Dem and and Enterpr uninterruptible ise Financial power Analysis supplies. Model Someone needs to administer and maintainCthese remoteannetworks as well as ensure that dataBilling is consistently synchronized or replicated Appendix - Creating On- Dem and Enterpr ise Subscr iption Model with data at headquarters. I ndex Chapter 21 -

List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Figure 1-2: A typical remote office in a PC-based computing environment

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 5 - Ser ver - Based Computing Data Center Architect ureperipherals can usually be eliminated In an on-demand enterprise, remote office servers and their Chapter - Designing Your Netw or k fortoSer ver- Based Comfarm. put ingBoth powerful and low-end PCs, entirely6by running all users as clients a central server Chapter 7 terminals, - The Client Envir onmentand UNIX workstations can be cabled to a low-bandwidth hub and Windows Macintoshes, Chapter 8 - Security then connected with a router to the corporate data center through a leased line, frame relay cloud, or

through9 the- Internet the secure gateway component of MetaFrame XP Presentation Server or Chapter Net w or kutilizing Managemen t ofr taI IVPN product. Pa I - Im ple m entFigure ing a n O 1-3 n-Dshows e m a ndaSe typical r ve r - Ba small se d Com remote pu tioffice ng Envi utilizing r onm e nt an

on-demand enterprise

with server-based Chapter 10 - Pr oj ectcomputing. Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Figure 1-3: A typical office utilizing enterprise server-based computing Naturally, when the remote office servers and associated network infrastructures are eliminated, the corresponding support and maintenance costs are eliminated as well. Suppose, for example, an organization spends $17,000 every three years on upgrading each server in a remote office (including associated software, UPS, tape backup, travel time, network reconfiguration, and troubleshooting).

These are fairly typical numbers. Suppose this company also spends $3000 per server per year in administration costs and $2000 per server per year in on-going maintenance. If there are 100 remote offices with an average of three per Su office, the would Cit rix Me t aFra servers m e Access it e fo r Wcompany in do w s Ser ver then save $3,200,000 every three years just in2 00 remote network by migrating to SBC. 3 : Thoffice e O ff icial Guidexpenses e by Steve Kaplan et al.

ISBN:0072195665

Remote Office Bandwidth It is not uncommon for an ERP package such as JD Edwards' One World McGr aw -Hill © 2003 (724 pages) to require 128KB of bandwidth or more per user, making it very expensive to connect remote office This guide ex plains how to build a r obust, reliable, and users in a PC-based computing environment. An on-demand enterprise utilizing Microsoft Terminal scalable thin- client com puting envir onment and deploy Services and MetaFrame Presentation Server only 10KB to 20KB of bandwidth per Windows XP 2000/ Windows 2003 Ser vrequires er and MetaFr am e. Also t o than centrbuilding alize application managem ent, (LAN) r educeinfrastructure soft w ar e concurrent user. learn Rather a local area network at each remote office onreplication the desktop, mor e. necessitating data withand headquarters, the low bandwidth requirements enable remote office users to simply runencoding= all of their" I applications from the corporate data center. The secure gateway < ?xm l version= " 1.0" SO- 8859- 1" ?> component of MetaFrame XP Presentation Server (similar to VPN solutions, though significantly lower Ta ble o f Con t en t s in cost) enables employees to use the Internet an even Official less-expensive bandwidth medium for Citr ix MetaFr am e Access Suite for Window s Ser v er as 2003—The Guide enabling SBC. For ewor d I ntr oduction

Topologies

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Serrequire ver -Based ComLAN puting and th e OnDem andor even gigabit switching to every Fat-client increasingly faster bandwidth of 100MB Chapter 1 PCs Enterpr ise

desktop. Users of PCs and Windows terminals operating in an SBC environment see only low- Window s Ter minal Ser vices bandwidth screen prints. Although a fast server backbone is a must, legacy topologies of older 10MB Chapter 3 - Citr ix MetaFr am e Access Suite Ethernet can typically continue to be used to connect client workstations with no degradation in Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion performance. Chapter 2

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Windows Server 2003 Migration

Chapter 6 - Designing Yoursimplifies Netw or k Active for Ser Directory ver- Based design Com putand ing implementation by eliminating some, An on-demand enterprise Chapter 7 the - requirement The Client Envir or all, of foronment remote office domain controllers. The MetaFrame Access Suite enables

organizations to present the same Windows or browser interface to users as they would see when Chapter 8 - Security running9 Windows XP locally. Organizations can essentially upgrade all of their users to Windows XP Chapter - Net w or k Managemen t without some cases without touching) single desktop. Pa r t I I I - upgrading I m ple m ent(and ing a in n O n-D e m a nd Se r ve r - Baeven se d Com pu ti ng aEnvi r onm e nt

Migrating to Windows

Server 10 2003 within SBC architecture is covered in Chapter 20. Chapter - Pr oj ectan Managing and Deploying an Entermore pr ise thoroughly SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Exchange 2003 Migration Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Why would anyone ever deploy Exchange 2003 in any other manner than through SBC? Eliminating the requirement for remote office Exchange servers and the associated replication with headquarters Chapter - Pr ofiles, Policies, and Pr ocedu res slashes15design, hardware, and implementation costs while enabling all workers across the enterprise Chapter 16 Securing Client Access to utilize a centralized Exchange server (or clustered servers) in the data center. This centralized Chapter 17 - strategy Net wor k lends Configur at ion deployment itself to offering richer services to users such as Instant Messenger or Chapter 18 Pr int in g Conferencing Server that are more challenging to deploy in a distributed fashion. Chapter 14 - Client Configur ation and Deploym ent

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Network Chapter 20 - Management Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 Organizations often seek to simplify the complexity of distributing applications to desktops by utilizing Envir onment

management software Pa r t I V - Appendi x es

programs. These packages, though, besides their tendency to be expensive,

come with own significant administrative headaches. They also typically lack the capability to Appendix A their - I nter netw or k ing Basics distributeB certain applications such new operating systems. InModel the end, they remain dependent upon Appendix - Creating an On- Dem andasEnterpr ise Financial Analysis the memory processing capabilities of the PCs as being Appendix C - and Creating an On- Dem and Enterpr ise individual Subscr iption Billing Modelsufficient to adequately run the new applications.

I ndex

List Figur es Anofon-demand enterprise requires no desktop distribution of hosted applications. The shift in emphasis List of Tables from the desktop to the data center in turn simplifies asset management. It is also much easier to track List Case Studiesbecause they are no longer hidden in various cost centers such as individual expense trueof IT expenses List of Sidebars accounts and remote office contractor costs.

The administration tools of MetaFrame XP Presentation Server enable administrators to produce reports showing application usage by user, including the time online as well as server resources consumed. This information helps facilitate compliance with federal regulations such as HIPAA and Sarbanes-Oxley by providing an audit trail. It can also potentially reduce licensing fees for some software manufacturers. Network management is covered in Chapter 9.

Major Business Benefits of SBC Beyond the economic provided by SBC, towan on-demand enterprise enables a Cit rixsavings Me t aFra m e Access Su it emigrating fo r W in do s Ser ver 2 00 3 : Th e O ff icial organizations Guid e myriad of other benefits that enable to conduct their business operations both more ISBN:0072195665 effectively and efficiently. by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

Application Deployment This guide ex plains how

to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy The ability to rapidly Windows deploy 2000/ applications Windows to 2003 all users Ser v eron and a wide MetaFr variety am e. of Also devices throughout the learn t o centr alizetoapplication managem ent, customers r educe soft or w arbring e enterprise enables organizations respond faster to their new products to market on the desktop, and mor e.

more quickly.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Citrix MetaFrame XP Presentation Server and Microsoft Windows Terminal Services enabled us to reduce our transaction time for our primary advertising order entry application from minutes to For ewor d seconds for our remote users. Furthermore, Citrix allowed us to quickly extend our I ntr oduction headquarters' IT capabilities to our remote offices for a fraction of the cost required if we had Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g chosen an alternative deployment method. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Enterpr ise CIO, San Francisco Chronicle —Jonathan Hiller,

Chapter Citr ix MetaFr am e Access Suite similarly driving the march into enterprise SBC. An Today, 3we -are seeing popular applications Pa r t I I - De signiexisting ng a n Ent e rpr ifor se SBC Solut ion organization's PCs, example, may

be inadequate to run a ubiquitous application such as Office 2003. Pr Rather epar ing than Your spending Or ganization the huge for an money On- Dem and and labor Enterpr required ise to upgrade or replace existing I mplem ent ation PCs, an organization can implement MetaFrame XP Presentation Server and simply publish the Office Chapter 5 to - Ser ver - Based Centertwo Architect ure Office version icons can be published to 2003 icon all users. If a Computing transition isData required, different Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing users simultaneously. Chapter 4

Chapter 7

- The Client Envir onment Enterprise Resource Chapter 8 - Security Planning (ERP) and Customer Resource Management (CRM) applications, such

as those offered by SAP, PeopleSoft, JD Edwards, and Siebel, are deployed much less expensively - Net w or k Managemen t and more effectively in an on-demand enterprise. This was the case for California's Contra Costa County. When the Department of Information Technology received a mandate to implement Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment PeopleSoft for the county's 360 human resources (HR) users, the county was faced with replacing Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices many dumb terminals and upgrading most of the remaining PCs. They also would have had to Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver undergo expensive bandwidth upgrades to 60 different buildings. The county instead set up a Chapter 13 - Application I nstallation and Configur at ion MetaFrame XP Presentation Server farm to deploy PeopleSoft, Kronos Time & Billing, Microsoft Chapter - Client ationapplications and Deploym Office, 14 Lotus Notes,Configur and other toent all HR users without requiring any PC or bandwidth Chapter 15 Pr ofiles, Policies, and Pr ocedu res upgrades. "My concern is lowering our cost of administration while providing a high level of Chapter 16 - Securing Client performance and service to Access our customers," explained John Forberg, Deputy CIO of Contra Costa Chapter 17 Net wor k Configur at ion County. "Thanks to Citrix MetaFrame Presentation Server and Microsoft Terminal Server, we save Chapter 18 hours - Pr int of in gIT staff time each time we update our PeopleSoft application." about 180 Chapter 9

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Universal Thetoweb interface of MetaFrame Chapter 20 Access - Migr ation Window s 2003component and Citr ix MetaFrame XP XP Presentation Server enables information, via both web and Windows applications, to be delivered through a browser-based

Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 It- gives users access to all of the information and applications that they need to execute their interface. Envir onment

job Pa r t Iresponsibilities. V - Appendi x es

This single point of access, and the bringing together of information in new ways,

enables Ausers to work smarter and faster, and make better, more informed decisions. MetaFrame XP Appendix - I nter netw or k ing Basics Presentation Server enables users enjoy ise theFinancial rich-client interfaces native to their applications Appendix B - Creating an On- Dem andtoEnterpr Analysis Model

delivered over the Web, and integrated with the other resources that they need. The web interface implementation is covered in Chapter 16.

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

List of Figur es Access to Multiple Server Farms The web interface extension component of Single Point List of Tables MetaFrame XP Presentation Server enables highly scalable application provisioning by aggregating List of Case Studies application sets from multiple farms and multiple domains. Users need to authenticate with ID and List of Sidebars password only once to access both MetaFrame XP Presentation Server for Windows and MetaFrame

Presentation Server for UNIX applications from multiple server farms. This topic is covered more thoroughly in Chapter 16. Collaboration The delegated administration features of MetaFrame XP Presentation Server enable users, no matter where they are located, to work together on documents with different access rights depending upon their authorization. A sales manager, for example, might collaborate with a networking consultant and a salesperson to finish up a Word document late at night when all three are

working from home. Citrix MetaFrame Conferencing Manager is an enhanced collaboration tool that adds intuitive Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver application conferencing to the MetaFrame XP Presentation Server. It enables teams to share 2 00 3 : Th e O ff icial Guid e application sessions, work together on document editing, and conduct online training regardless of the ISBN:0072195665 by Steve Kaplan et al. location of individual team members or the access devices or network connections they're using. McGr aw -Hill © 2003 (724 pages)

This guide ex plains With how to buildcontrol a r obust, reliable, and shifts from the user to the IT staff, Embracing Corporate Standards SBC, of the desktop scalable thin- client com puting envir onment and deploy making it relatively effortless to implement corporate software standards. This reduces inefficiencies Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also resulting from data-sharing problems and helps preventent, duplication of wwork. learn t o centr alize application managem r educe soft ar e It also enables IT to present a common interface, whether on user the desktop, and mor e. Windows- or browser-based. < ?xm l version= Software " 1.0" encoding= " I SO- 88591" ?> Unlicensed The difficulty of preventing unlicensed software use in a PC-based computing Taenvironment ble o f Con t en t s expose an organization to large fines because of the difficulty of preventing can Citr ix MetaFr am e Access Suite for MetaFrame Window s SerXP v er Presentation 2003—The Official Guide unlicensed software use. Citrix Server enables organizations to monitor For ewor d application usage by employee. I ntr oduction

If desired, IT can completely eliminate the ability to load games oroducing other productivity-sapping personal programs. I ntr Ser ver -Based Com puting and th e On- Dem and

Eliminating and Pa r t I - Ov er vi eGames w of Ente r prOther ise Se r Personal ve r - Ba se d Programs Com put in g Chapter 1

-

Enterpr ise Reducing Virus Risk Eliminating or restricting users' ability to add software via their local floppy or Chapter 2 - Window s Ter minal Ser vices

onto their local hard drive means that the network antivirus software should eliminate most computer - Citr ix MetaFr am e Access Suite virus problems. Centralizing all access into the network enables IT to implement products such as AppSense that can virtually eliminate the threat of macro viruses. This topic is discussed more Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 -as part of Chapter 8 on security. thoroughly I mplem ent ation Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Helping to Prevent Theft of Intellectual Property Since users see only screen prints of data, IT can Designing Your Netw or k for Ser ver- Based Com put ing more easily- prevent employees from copying corporate information files. This can be important in Chapter - The Client Envir onment staffing7industries, for example, where applicant databases constitute the company assets and are Chapter 8 targets - Security frequent of theft by dishonest employees. Chapter 6

Chapter 9

- Net w or k Managemen t

Eliminating the PCing asa an O Status Identical forr onm everyone Pa r t I I I - I m ple m ent n-D e mSymbol a nd Se r ve r - Ba se d performance Com pu ti ng Envi e nt

means that the PC loses

its value organizational symbol.an The personal computer becomes the corporate Chapter 10as- an Pr oj ect Managing status and Deploying Enter pr ise SBC Envir onment computer. the common, and very inefficient, Chapter 11 This - Sereliminates ver Configur ation: Windows Ter m inal Serv ices tendency to shuffle PCs between users as new units introduced. Asation: a sense of MetaFr entitlement to PCs is replaced Chapter 12 are - Ser ver Configur Citr ix am e Presentation Ser ver by ubiquitous access to a personalized desktop, productivity time-wasting bickering and PC redeployment. Chapter 13 - Application I nstallation replaces and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Remote Office Connectivity

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access ChapterAs 17 a -community Net wor k Configur bank, itatision imperative for us to offer superb customer service at all locations. ChapterCitrix 18 - MetaFrame Pr int in g XP Presentation Server enables our employees at the branches to utilize our

headquarters without the requirement implementing an expensive Chaptersophisticated 19 - Disastersystems Recoveryatand Business Continuity in the SBC Envir for onment infrastructure. Chapterwide 20 -area Migrnetwork ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Chapter—Lee 21 - Wines, Executive Vice President, Bank of Walnut Creek Envir onment Pa r t I V - Appendi x es

Appendix A - inI nter netwoffices or k ing Basics Employees remote often feel like the company's "step children." They frequently do not get Appendix B Creating an Dem and and Enterpr ise Financial Analysis Model access to the same levelOnof support services as headquarters users, let alone access to essential Appendix C -orCreating On- Dem and such Enterpr Subscr iptionsuites. Billing Model databases businessanapplications as ise ERP or CRM I ndex

Anofon-demand enterprise gives remote office users the same capabilities that they have when sitting at List Figur es headquarters. SBC makes remote office employees more effective because they can see "their" List of Tables

applications no matter which PC or Windows terminal they use and no matter where they use it. They List of Case Studies

have access to their applications and corporate information whether at home or at an Internet café on the other side of the world.

List of Sidebars

Users at remote offices are more productive because SBC enables them to access not only the corporate databases, but also the same network services—such as e-mail, color printing, and network faxing—as headquarters users. Security In a PC-based computing environment, corporate information is susceptible to loss or theft because it is stored on hard drives of individual PCs and servers distributed throughout the enterprise.

In an SBC environment, all corporate information is housed in corporate data centers where it is secure, managed, backed up, and redundant. An enterprise SBC environment limits network entry points to the central data eliminates that many organizations incur Cit rix Mecenter(s). t aFra m e This Access Su it e fothe r Wvulnerability in do w s Ser ver when they allow access toethe through servers located in remote offices. Terminal 2 00 3 : Th O ffcorporate icial Guidnetwork e Services 2003 includes built-in support organizations to implement even ISBN:0072195665 by Steve Kaplan et al. for smart cards, enabling greater security measures. Security is addressed more thoroughly in Chapter 8. McGr aw -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and

Tip Here is an important question to ask when comparing SBC with PC-based computing: do you scalable thin- client com puting envir onment and deploy want yourWindows corporate data sitting on hard of MetaFr individual PCs 2000/ Windows 2003 Serdrives v er and am e. Alsoand servers distributed throughout your or do you managem want it allent, to reside your data center where it learn t o enterprise, centr alize application r educeatsoft w arcorporate e on the desktop, mor e. and managed in a secure environment? is protected, backed up, and redundant, < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Messaging SBC enables consolidation of e-mail servers in the data center, thereby eliminating the Ta ble o f Con t en t s

requirement for remote servers and replication. Data consolidation also makes it much easier to manage and access the data store.

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

I ntr oductionFaxing SBC vastly reduces the cost of implementing a network fax solution by enabling fax Network Pa r t I - Ovto erbe vi e consolidated w of Ente r pr ise r - Bacenter se d Com put inthan g servers in Se ther ve data rather

be distributed at remote offices. Most fax

I ntrsuch oducing ver -Based Com puting and th e OnDem and server products as Ser industry leader Captaris RightFax are designed to run with Terminal Services Chapter 1 Enterpr ise and with Citrix MetaFrame XP Presentation Server. Employees can send faxes from their PCs and Chapter - Window Ter minal Ser vices receive2faxes directlys into their e-mail program whether at headquarters, a remote office, or at home Chapter - Citr ixthe MetaFr am e Access Suite working3 through Internet. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Facilitating Growth fasterfor and organizational Pr epar ingSBC Yourenables Or ganization an smoother On- Dem and Enterpr ise growth by making it easy and efficient to open remote offices and assimilate offices of acquired companies into an organization's IT I mplem ent ation environment. Servers do not need to be configured and set Chapter 5 - Ser ver - Based Computing Data Center Architect ureup in the remote offices. Users only need low-bandwidth connectivity to the data center, and IT can then Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ingpublish application icons to their desktops. ABM for example, acquired another company in early 2003. The IT staff had all Chapter 7 - TheIndustries, Client Envir onment users in five different offices online with ABM's systems in under a week. Chapter 8 - Security Chapter 4

Chapter 9

- Net w or k Managemen t

Eliminating Theft of Fat-Client PCs As organizations increasingly utilize Windows terminals instead of desktops and laptops, they remove the attraction for thieves to steal the devices since they are both Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment inexpensive and useless without being attached to an SBC network. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Workforce Mobility Chapter 13 - Application I nstallation and Configur at ion

Citrix access infrastructure solutions extend access to a company's networked resources beyond the Chapter 14 - Client Configur ation and Deploym ent traditional environment, allowing them Chapter 15 office - Pr ofiles, Policies, and Pr ocedu res to be accessed anywhere, over any connection, and on any device devices such as PDAs, smart phones, and tablet PCs. The low Chapter 16 -including Securingwireless Client Access

bandwidth of Citrix MetaFrame XP Presentation Server often make wireless connectivity Chapter 17 requirements - Net wor k Configur at ion

a practical part of an SBC environment without rewriting applications or implementing expensive infrastructure upgrades. In addition, Windows Server 2003 Terminal Services and MetaFrame XP Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Presentation Server fully support handwriting recognition. This should open up myriad opportunities for Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP using wireless tablets while connected to the data center in several industries, including legal and Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 medical. Envir onment Chapter 18 - Pr int in g

Pa r t I V - Appendi x es

Telecommuting SBC users see only screen prints of applications, and the screen prints use very little

Appendix A -Employees I nter netw orcan k ingeffectively Basics bandwidth. telecommute by dialing into the network or by coming in Appendix B Creating an OnDem and Enterpr ise Financial Model Server secure gateway securely through the Internet utilizing the MetaFrame XPAnalysis Presentation Appendix C - A Creating an On- Dem and Enterpr ise Subscr iptionenable Billing speeds Model equivalent to those obtained component. cable modem or DSL connection will often I ndex when using a fat-client PC at headquarters. Wireless WAN providers like Sprint, Verizon, Nextel, List of Figur AT&T, andesothers provide, through the secure gateway, a secure, anytime, anywhere solution for List traveling of Tables and remote users. List of Case Studies

IT ofFlexibility List Sidebars

SBC gives IT departments flexibility in terms of adopting an application strategy without concern for developing a corresponding desktop deployment strategy. For instance, IT departments can purchase PCs or laptops without worrying about whether or not they will have the power and capacity to adequately operate a new set of unknown future applications. Even a seemingly simple task such as upgrading a company-wide browser version changes from a very time-consuming and expensive endeavor to a non-issue.

Business Continuity/Disaster Recovery Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

Only 6 percent companies 2 00 3of : Th e O ff icialsuffering Guid e from a catastrophic data loss survive...43 percent never reopen, and the remaining 51 percent reopen only to close within two years. ISBN:0072195665 by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

—Disaster Recovery Journal, Fall, 2001 This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy A PC-based computing environment has limited redundancy. A catastrophe at headquarters can leave Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also hundreds or thousands of employees unable managem to do theirent, work. Failure ofaraeserver in a remote office can learn t o centr alize application r educe soft w mean a day or more of downtime until a e. replacement unit can be secured and installed. SBC makes it on the desktop, and mor affordable to build redundancy into the corporate data center. Furthermore, Citrix MetaFrame XP < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Presentation Server includes server farm fail-over utilization of redundant data centers. If the primary Ta ble o f Con t en t s data center fails, users can automatically be redirected to a secondary data center and continue Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide working. If a disaster at headquarters or a remote office leads to displaced workers, they can securely For ewor d access their applications and data remotely over the Internet from alternative locations—including their I ntr oduction homes. This enables better continuity protection for all headquarters and remote office users than is Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g practical in a PC-based computing environment. Disaster recovery and business continuance are I ntr oducing covered1 in -Chapter 19. Ser ver -Based Com puting and th e On- Dem and Chapter Enterpr ise

Chapter 2

- Window s Ter minal Ser vices

Environmental and Regulatory Compliance Benefits of SBC - Citr ix MetaFr am e Access Suite

Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

In addition to the compelling economic and business justifications for SBC, there are also positive

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 environmental and regulatory I mplem ent ation compliance benefits. Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Supporting the Environment - Designing Your Netw or k for Ser ver- Based

Chapter 6

Com put ing

Chapter - The Client onment Rapidly7 declining pricesEnvir of new, more powerful PC models accelerate the rate of PC obsolescence. Chapter 8 hundred - Security Over one thousand tons of old PCs are junked each year, but dumping them in a landfill can Chapter 9 - mercury, Net w or k Managemen t cause lead, and cadmium to leach into the soil. Incinerating them can release heavy metals Pa r t I Idioxin I - I minto ple mthe entatmosphere. ing a n O n-D e m a nd extends Se r ve r - Ba se life d Com ti ng r onm e nt and SBC the of pu PCs byEnvi often enabling

continued usage until

Chapter 10 - Pr oj ect Managing Deploying an Enter pr ise SBC Envir onmentterminals. they physically break, and thenand replacing them with long-lasting Windows Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Complying Government Chapter 12 - Serwith ver Configur ation: Citr ixRegulation MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

New regulations such as HIPAA, Sarbanes-Oxley, and California Senate Bill 1386 have important implications on how organizations conduct business. The information security aspects of these acts Chapter 15 - Pr ofiles, Policies, and Pr ocedu res demand that organizations rethink their IT infrastructures, particularly whether they can afford the Chapter 16 - Securing Client Access liability that is an inherent part of a distributed PC architecture. With an on-demand enterprise, all Chapter 17 - Net wor k Configur at ion communication, documents, and workflows can both originate, and be stored on, central servers. Chapter 18 - Pr int in g Doing so ensures that corporate management always has copies of every stored document and is Chapter - Disaster Recovery and Business Continuity in protect the SBCand Envir onmentthe central information. able to 19 utilize software and hardware products to better address Chapter 14 - Client Configur ation and Deploym ent

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting

IndustryEnvir Trends onment Accelerating Adoption of the On-Demand Pa r t I V Appendi x es Enterprise Chapter 21 -

Appendix A - I nter netw or k ing Basics

Three major industry trends are accelerating adoption of SBC—and Appendix B - Creating an On- Dem and Enterpr isethe Financial Analysis Model access infrastructure—as the foundation the on-demand enterprise: Moore's Law,iption IT complexity, and IT consolidation. Appendix C -ofCreating an On- Dem and Enterpr ise Subscr Billing Model I ndex

Moore's List of Figur esLaw List of Tables

Moore's Law leads to a doubling of server performance roughly every 18 months without corresponding increases in cost. As more powerful Terminal Services/MetaFrame XP Presentation List of Sidebars Servers support ever more users, the economics become even more favorable to-ward centralizing most organizational computing. List of Case Studies

IT Complexity The complexity of information systems is driving the cost of enterprise computing out of control, often offsetting the business benefits derived from information technology. Consequently, in spite of continuing and rapid advances in IT, it's more difficult than ever for IT organizations to provide

consistent services to all the places and people necessary. Each successive wave of computing—mainframe, minicomputer, PC, client-server, the Web, web Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver services—has not2 00 superseded previous waves, but been piled on top of what came before. Moreover, 3 : Th e O ff icial Guid e the diversity and proliferation of access devices, computing platforms, software languages, networks, ISBN:0072195665 by Steve Kaplan et al. standards, and application infrastructures have further complicated the picture, making the cost of McGr aw -Hill © 2003 (724 pages) computing more variable and expensive than ever. This guide ex plains how to build a r obust, reliable, and

scalable thin- client com puting envir onment and deploy One of the most compelling attributes of the Citrix MetaFrame Access Suite is its ability to manage Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also heterogeneity, enabling IT teams centrally deploy, manage, andsoft support learn t o centr alizetoapplication managem ent, r educe w ar e secure access to Windows, web, and UNIX applications across intranets, wide area networks, local area networks, on the desktop, andthe morInternet, e. and wireless networks. By centralizing access to applications and information, IT staffs can deliver, < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> manage, monitor, and measure enterprise resources on demand. Citrix customers are able to run IT Ta ble o f Con t en t s as a corporate computing utility, provisioning software as a service. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

IT Consolidation

I ntr oduction

Pa r t I - Ov er vi e ware of coping Ente r pr with ise Se r vetechnical, r - Ba se d Com put in g Organizations the economic,

and business challenges of increasingly

I ntr oducing Ser verthrough -Based Com puting and They th e OnDem and complex systems consolidation. are reducing the number of moving parts by Chapter 1 information Enterpr ise centralizing and consolidating as much of the heterogeneity and complexity as possible to fewer data Chapter 2 servers, - Window Ter minal Ser centers, ands networks. Atvices the same time, they are trying to align IT with the business Chapter 3 -ofCitr ix MetaFr am to e Access Suiteby streamlining supply chains, simplifying business imperative getting closer customers Pa r t I I - De signi a n Ent e rpr i se SBC Solut ion models. processes, andngenabling expanded business

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Their goal is Isimplicity. They are trying to migrate to a model that allows them to improve the level of mplem ent ation service5they- provide to theComputing business. To accomplish this, many Chapter Ser ver - Based Data Center Architect ure are moving the complexity of computing to a central place where it can best be managed, controlled, and changed over time. This Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing makes everything outside the data center simpler to manage and more cost-effective to operate. It Chapter 7 - The Client Envir onment also dramatically improves information security and resilience to technological and business Chapter 8 - Security interruptions. Chapter 9 - Net w or k Managemen t Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

ChapterMcKinsey 10 - Pr oj believes ect Managing and Deploying Enter pr ise SBCofEnvir that companies cananuntangle most theironment unwanted IT complexity by Chapterfocusing 11 - Seron verfive Configur ation: Windows Ter m inal Serv ices specific activities, which together will help them transform the way they use and Chaptermanage 12 - Ser verthus Configur ation: Citr ix MetaFr am e Presentation Ser ver better prepared for the end of IT, making IT organizations leaner and companies Chapterthe 13 downturn. - Application I nstallation at ion These activitiesand areConfigur to: Chapter 14 Target - Clientthe Configur ation and Deploym ent root causes of complexity. Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

a management culture in IT. Chapter 16 Instill - Securing Client Access Chapter 17 - Net wor k Configur at ion

Invest in consolidation.

Chapter 18 - Pr int in g

Chapter 19 Reform - Disaster andITBusiness Continuity in the SBC Envir onment theRecovery company's architecture. Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Plan for outsourcing. Ongoing Administr ation of the Ser v er - Based Com puting

Chapter 21 -

Envir onment

"Fighting Pa r t I V — - Appendi x esComplexity

in IT," The McKinsey Quarterly, March 4, 2003

Appendix A - I nter netw or k ing Basics

The on-demand enterprise is the embodiment of this vision. An access infrastructure based on the SBC model provides simpler ways to give users a consistent experience and access to IT Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model services—from anywhere, while lowering and stabilizing the cost of computing. Consolidating servers, I ndex storage, networks and IT staff is made possible by the capability of managing heterogeneity centrally. List of Figur es Users are shielded from the complexity of accessing heterogeneous systems, while still having a List of Tables trusted connection that knows their identity and a user interface that dynamically adjusts to their List of Case Studieslocations, and preferences. The quality of IT service levels is improved through endspecific devices, List of Sidebars to-end visibility of who, where, how, and when systems are used. It also enables enterprise organizations to deliver software as a utility-like service. We discuss how an IT department can create a utility-like internal subscription billing model in Appendix C. Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Concerns and Myths About SBC When considering implementing enterprise SBC, it is important to address concerns about network

infrastructure reliability and single points of failure. We have also discussed SBC as if the only option were to utilize both Microsoft Terminal Services and Citrix MetaFrame XP Presentation Server software. We need about Citto rixaddress Me t aFraconcerns m e Access Su itusing e fo r Microsoft W in do w sWindows Ser ver Terminal Services alone. 2 00 3 : Th e O ff icial Guid e

Network Unreliability by Steve Kaplan et

al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

Enterprise SBC may be a new concept for your organization, but it is dependent upon your existing This guide ex plains how to build a r obust, reliable, and network infrastructure. It is senseless to take on an enterprise SBC project unless your organization is scalable thin- client com puting envir onment and deploy willing to make the necessary investment to bring network up to an extremely Windows 2000/ Windows 2003 Ser vyour er and MetaFrinfrastructure am e. Also reliable and stable condition. learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

A history of network unreliability may have created user perceptions that they require their own < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> departmental servers or must keep applications on their local hard drives to enable continued Ta ble o f Con t en t s productivity in the event of network failure. In reality, users are becoming so dependent upon network Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide applications, such as e-mail and browsing, that network failure means a loss of productivity in any For ewor d case. Beyond this misperception, it is more prudent to spend a smaller amount of corporate resources I ntr oduction building a redundant and reliable network than it is to devote a large amount of resources to Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g maintaining an extremely inefficient PC-based contingency plan. SBC saves so much money on the I ntr oducing Ser ver -Basedhave Comthe puting and thresources e On- Dem and client side organizations should financial required to build world-class data Chapter 1 that Enterpr ise centers and network infrastructures. Alternatively, they can utilize infrastructures already in place at Chapter 2 - Window s Ter minal Ser vices established telecommunications or hosting companies. This option also generally makes it easier to Chapter 3 - Citr ix MetaFr am e Access Suite utilize an existing data backbone to provide a secondary backup data center. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Single4 Chapter

Pr epar Your Or ganization Point ofing Failure -

for an On- Dem and Enterpr ise

I mplem ent ation

Chapter 5 - Ser - Based Computing Data Center Architect ure environment into a central data center Consolidating anver organization's former PC-based computing Chapter - Designing Your Netw or k exposed for Ser verComdowntime put ing leaves 6remote offices, in particular, to Based potential risks they did not formerly face. A Chapter 7 - The Client Envirutilizing onment the disaster recovery/business continuance capabilities of Citrix well-designed architecture Chapter - Security as described earlier in this chapter, however, should significantly reduce access8infrastructure,

cumulative downtime. Chapter 9 -organizational Net w or k Managemen t Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Everything IsectBecoming Web Based Chapter 10 - Pr oj Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Software manufacturers are increasingly writing Web-based interfaces to their applications. The reality, though, is that it is difficult to create a rich user interface in a web application. Even Microsoft's Chapter 13 - Application I nstallation and Configur at ion Outlook Web Access, for example, lacks the much richer interface of Microsoft Outlook. Most users Chapter 14 - Client Configur ation and Deploym ent prefer the dynamic and robust Windows interface to the static web-server HTML interface. Additionally, Chapter 15 requires - Pr ofiles,a Policies, and fat Pr ocedu a browser deceptively clientres in order to accommodate complex Java scripts and browser Chapter 16 Securing Client Access plug-ins. The browser, in fact, becomes an application that must itself be managed along with various Chapter 17This - Net k Configurfurther at ion by the use of embedded objects and client-side scripting as well plug-ins. is wor complicated Chapter 18 Pr int in g as by applications that call other "helper applications" such as Microsoft Word, Excel, and Outlook. Chapter 19 require - Disaster Recovery and Business in the SBCinEnvir onment They may specific versions of these Continuity helper applications order to operate properly. Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

If the client-side browser is used to access business-critical and applications, then security Ongoing Administr ation of the Ser v er - Based Com information puting Chapter 21 of the browser also becomes a concern. IT needs to develop methodologies for installing the Envir onment numerous IE security Pa r t I V - Appendi x es

updates and for locking down the browser and ActiveX controls.

Appendix A - I nter netw or k ing Basics

When pressed as to why certain organizations would prefer Web-based applications, the reasoning is typically to lower total cost of ownership, to centralize application deployment, to simplify and enable Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model cross-platform application access, to enable faster application deployment, and to lower maintenance I ndex at the desktop. But Terminal Services and Citrix MetaFrame XP Presentation Server provide all of List of Figur es today with legacy Windows applications, thereby avoiding the often underestimated those benefits List of Tables expense and time involved in rewriting them for the Web. Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

List of Case Studies

Even when web applications are utilized, it still typically makes sense to deploy them from an List of Sidebars administrative perspective, via MetaFrame XP Presentation Server where the browser is hosted on the server farms. Since a web application generally utilizes some combination of HTML/XML, client-side scripting, server-side scripting, and embedded controls to send data to the client device, deploying it via MetaFrame XP Presentation Server can help alleviate bandwidth concerns. A study by Citrix of a PeopleSoft 8 implementation showed that the average bandwidth consumption to the client desktop was reduced 57 percent by running the browser within a MetaFrame session rather than directly on the client workstation.

By deploying our Web-based physical therapy documentation application via Citrix MetaFrame, we were able to improve byver reducing page refresh times from Cit rix Me t aFrathe m eperformance Access Su it eoffothe r Wapplication in do w s Ser four seconds 2 00 to3 less : Th ethan O ff icial one second. Guid e Prior to the use of MetaFrame, we were only able to roll out application updates twoettoal.three times per year. WithISBN:0072195665 MetaFrame, we are able to update by Steve Kaplan applicationsMcGr nightly, if necessary. aw -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and

—Wayne Dodrill, of com Systems scalableManager thin- client putingIntegration, envir onmentConcentra and deployHealth Services Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

Citrix is committed to deploying all application applicationsmanagem effectively It emakes more sense to learn t o centr alize ent,through r educe SBC. soft w ar on the desktop, and work mor e.for both Windows and web-based applications than it does to implement SBC technology that will continue investing in a bloated PC-based architecture that is inefficient today and will be even more so < ?xm l version= " 1.0" encoding= " I SO8859- 1" ?> in the future. Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Microsoft Will Make Citrix Obsolete

For ewor d

I ntr oduction Pa r t I - As Ov er e w Microsoft of Ente r prpartner ise Se r ve r - Ba d Com name put in gin a vi key and a se trusted

enterprise access, Citrix continues to deliver

I ntr oducing ver -Based Com and thto e the On- Dem and Windows Server Terminal productSer functionality that puting adds value Microsoft Chapterimpressive 1 Enterpr ise

Services environment, leverages the Microsoft .NET framework and allows customers to easily

Chaptertake 2 - Window s Ter minalenterprise Ser vices resources. advantage of their Chapter 3 - Citr ix MetaFr am e Access Suite Pa r t I I -—Graham De signi ng Clark, a n Ent GM, e rpr i se .NET SBCPlatform Solut ion Strategy

& Partner Group, Microsoft

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 Microsoft is very I mplem supportive ent ationof Citrix and is a Premier Plus member of the Citrix Business Alliance.

Indeed,5 Microsoft recognizes that Citrix drives a substantial amount of Microsoft software sales by Chapter - Ser ver - Based Computing Data Center Architect ure freeing6up organizational economic staffing resources. Chapter - Designing Your Netw or k and for Ser ver- Based Com putThis ing enables IT staffs to focus on the evaluation, and quality of implementation of applications rather than worrying about the Chapter 7 -selection The Client Envir onment delivery8 mechanics. Chapter - Security Chapter 9

- Net w or k Managemen t

As with other Microsoft independent software vendors (ISVs), however, the challenge for Citrix is to continue adding value to Terminal Services. Thus far, the company has unquestionably succeeded. Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Microsoft views Terminal Services as an application delivery tool while the Citrix MetaFrame Access Chapter - Serinfrastructure ver Configur ation: Windows Ter m inal Serv ices enabling both managed heterogeneity and Suite is11 access for the on-demand enterprise, Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation universal access. It is difficult, consequently, to imagine tacklingSer anver enterprise SBC initiative without the Chapter 13 Application I nstallation and Configur at ion advantages the MetaFrame Access Suite provides in areas such as management, administration, Chapter 14 - Client Configur ation security, and Deploym ent presentation, disaster recovery, performance, user acceptance, conferencing, single sign-on, Chapter - Pr ofiles, simplification. Policies, and PrThe ocedu res that the MetaFrame Access Suite adds to Terminal and IT 15 consolidation value Services more thoroughly in Chapter 3. Chapter 16is -discussed Securing Client Access Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 17 - Net wor k Configur at ion

If, in the future, Microsoft or some other vendor makes MetaFrame Access Suite unnecessary, then only the software investment is lost. Although the cost of the MetaFrame software is not insignificant, it Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment pales in comparison to the savings that companies are realizing by implementing SBC to create an onChapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP demand enterprise. Such a solution is a serious and complex undertaking utilizing relatively new Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 -on constantly changing platforms. It is imperative that sacrifices not be made in the quality technology Envir onment of the data center and networking infrastructure. This is also true for the MetaFrame Access Suite Pa r t I V - Appendi x es component. Delaying the decision to implement SBC in order to see what the future may bring means Appendix A - I nter netw or k ing Basics the continuation of large and unnecessary expenditures in the present. Chapter 18 - Pr int in g

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix t aFra m e Access Su it e fo r WArchitecture in do w s Ser ver Components ofMean Enterprise SBC 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by architecture Steve Kaplanhas et al. An enterprise SBC three major components: one or more data centers, clients (at McGr aw -Hillremote © 2003 (724 pages)and possibly at home offices), and wide area network both the headquarters and offices, connectivity. This guide ex plains how to build a r obust, reliable, and

scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Data Center

The data center is the heart of enterprise SBC architecture. Not only are all SBC applications and

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> corresponding data hosted in the data center, but 100 percent of the hosted application processing Ta ble o f Con t en t s

occurs within the data center as well. The major data center components include the MetaFrame XP Presentation Server server farm, file servers and/or network attached storage (NAS) or storage area For ewor d network (SAN) systems, other application servers, host systems, a fast server backbone, and a backup I ntr oduction system.Figure 1-4 shows a sample on-demand enterprise data center. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - 1-4: Application I nstallation andenterprise Configur atdata ion center Figure A typical on-demand Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

MetaFrame XP Presentation Chapter 16 - Securing Client Access

Server Farm

Chapter 17 - Net wor k Configur at ion

Application execution occurs on the servers running Microsoft 2003 Terminal Services and Citrix MetaFrame XP Presentation Server. Because of the high resource demands made on these servers Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment as well as the challenges involved in configuring them to run multiple applications without DLL conflicts Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP or other problems, it is prudent to utilize at least two load-balanced servers at all times. The Ongoing Administr ation of the Ser v er - Based Com puting Chapter MetaFrame 21 - XP Presentation Server load manager component is recommended over other solutions Envir onment because of its ability to share server resources while providing good redundancy. If a user should be Pa r t I V - Appendi x es disconnected from the server, when she logs back in, the load manager will find the server in the farm Appendix A - I nter netw or k ing Basics where the user's session is running and reconnect her to it. Chapter 18 - Pr int in g

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Appendix - Creating an stored On- Dem ise Subscr Billing Model NoteC Data is never onand theEnterpr MetaFrame XP iption Presentation Servers. Data is always stored on I ndex back-end file servers, application servers, NAS, or SAN systems. List of Figur es

File Servers List of Tables List of Case Studies

Typical file servers in an SBC environment run a network operating system such as Windows Server 2003 or Novell. The servers feed files to the MetaFrame XP Presentation Server farm, maintain directory services, store user profiles, and sometimes handle printing functions. For larger SBC implementations, a separate high-end print server should be dedicated to handle the printing function, as described in Chapter 18.

List of Sidebars

Storage Area Networks and Network Attached Storage Systems In some SBC architectures, a storage area network (SAN) or network attached storage (NAS) will

supplement the file servers, allowing organizations to store and access large amounts of data more efficiently. In others, the SAN or NAS may take the place of clustered back-end file servers and still provide mainframe-like reliability redundancy along with superior performance and scalability. The Cit rix Me t aFra mand e Access Su it e fo r W in do w s Ser ver best solution for your depends 2 00 3organization : Th e O ff icial Guid e on both your application environment and user file-sharing needs. This topicby is discussed more thoroughly in Chapter 5. ISBN:0072195665 Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

Application Servers This guide ex plains how

to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy The rule of thumbWindows is to have your MetaFrame server farm located wherever 2000/ Windows 2003 XP Ser Presentation v er and MetaFrServer am e. Also learn t o centr alize application managem ent, and r educe w arapplication e your data is stored. E-mail servers, SQL database servers, all soft other servers ideally the desktop, mor e.At a minimum, they must be connected to the file servers and should be locatedonwithin the dataand center.

MetaFrame Presentation server < ?xm l version=XP " 1.0" encoding= " Server I SO- 88591" ?>farm through a fast backbone. The MetaFrame XP Presentation Server server farm hosts virtual Windows Server 2003 desktops (looking just like Ta ble o f Con t en t s Windows for users throughout organization (assuming Citr ix MetaFrXP amdesktops) e Access Suite for Window s Ser vthe er 2003—The Official Guide they are not publishing the

applications to a browser). While users see only screen prints of the applications at their workstations For ewor d or Windows terminals, real data is traveling back and forth between the MetaFrame XP Presentation Server server farm and the file servers and application servers. An inadequate server backbone will Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g cause an immediate data traffic jam that will result in performance degradation for all users. I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 - servers, including print servers, are covered more thoroughly in Chapters 5, 12, 19, and in Application Enterpr ise Appendix Chapter 2 A. - Window s Ter minal Ser vices I ntr oduction

Chapter 3

- Citr ix MetaFr am e Access Suite

Host Systems

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Mainframe Chapter 4 -and minicomputer systems should be housed in the data center where they can be I mplem ent ation

managed along with the Terminal Services hosting infrastructure. This enables organizations to - Ser ver - Based Computing Data Center Architect ure leverage both their data center environmental resources and their support staffs. MetaFrame Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing Presentation Server for UNIX is covered in Chapter 12. Chapter 5 Chapter 7

- The Client Envir onment

Chapter 8 - Security The Server Backbone Chapter 9

- Net w or k Managemen t

Ar tfast should Presentation server Pa I I I backbone - I m ple m ent ing a nconnect O n-D e mthe a ndMetaFrame Se r ve r - Ba seXP d Com pu ti ng EnviServer r onm e nt

farm, the back-end file

servers, allojother servers in theDeploying data center. Thisprbackbone should be either switched 100MB Chapter 10and - Pr ect Managing and an Enter ise SBC Envir onment Ethernet, ATM, or switched gigabit Ethernet. with Chapter 11 FDDI, - Ser ver Configur ation: Windows Ter m inalAs Serv icesall data-center components, a redundant server backbone is desirable. ThisCitr topic is discussed more thoroughly Chapter 12 - Ser ver Configur ation: ix MetaFr am e Presentation Ser ver in Chapter 6. Chapter 13 - Application I nstallation and Configur at ion

The Backup System

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 system - Pr ofiles, Policies, andautomatic Pr ocedu resbackups of all servers. Tapes should be rotated offsite. A backup should enable Chapter 16 Securing Client Access Remote electronic data backups by companies such as Evault and Iron Mountain can add still another Chapter - Net wordata k Configur at ion This topic is discussed more thoroughly in Chapter 19. layer of17redundant protection. Chapter 18 - Pr int in g Chapter Security 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

SBC enablesOngoing enhanced security by centralizing and network Administr ation of the Ser v erdata - Based Com puting access. It is still essential to design Chapter 21 and implement anonment enterprise security strategy. Citrix MetaFrame Secure Access Manager (another Envir product in the MetaFrame Pa r t I V - Appendi x es

Access Suite), third-party applications, firewalls, identity management, and

authentication arenetw some measures to consider. This topic is discussed more thoroughly in Appendix A - I nter or kof ingthe Basics ChapterB8. - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

The Number of Data Centers

I ndex

List of number Figur es of data centers utilized depends upon many variables, including bandwidth availability The List of Tables and business and geographic segregation. For instance, if a corporation's European operations utilize List of Case Studiessoftware than U.S. divisions, and bandwidth is expensive between the continents, entirely different List of Sidebars separate data centers make more sense than a single, central data center. In general, though, savings

will be greater when data centers are consolidated. This is a result of the economies of scale realized by centralizing as much SBC hardware, software, and administration labor as possible. This topic is covered in Chapter 5.

Disaster Recovery/Business Continuity A single data center, despite internal redundancy, leaves a corporation's headquarters and remote

operations vulnerable to a single point of failure. One strategy for mitigating this risk is to utilize multiple data centers with fail-over capabilities. Another strategy is to use one corporate data center, and then contract with a disaster recovery to Su maintain Cit rix Me t aFra mprovider e Access it e fo r a Wgeographically in do w s Ser ver distant facility that mirrors the MetaFrame XP Presentation 2 00 3 : Th e OServer ff icial server Guid e farm and other crucial components of the corporate data center. This topicby is Steve discussed more thoroughly in Chapter 19.ISBN:0072195665 Kaplan et al. McGr aw -Hill © 2003 (724 pages)

Clients

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy 2000/ Windowsat2003 Ser voffices, er and MetaFr e. Also SBC users often Windows work at headquarters, remote and atam home. At times, they are in hotels or learn t o centr alize application managem ent, r educe soft w ar e at customer sites.onThey utilize PCs, laptops, Windows terminals, tablets, and handheld devices. the desktop, and mor e.

Increasingly, they use specialty display devices that incorporate the Citrix ICA protocol to take

< ?xm l version= 1.0"inexpensive encoding= " Icomputing SO- 8859- 1"capabilities ?> advantage of" the provided by SBC. Clients are covered in Chapter Ta7. ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d Personal

Computers

I ntr oduction

PC access theput data Pa r t Iusers - Ov ercan vi e w of Enteapplications r pr ise Se r vehosted r - Ba se dat Com in g center

in multiple ways. When PCs have a fulltime connection to the data center (through Ethernet frame or the Internet), MetaFrame XP I ntr oducing Ser ver -Based Com puting and th e On-relay Dem and Chapter 1 Presentation Enterpr Serverise enables application publishing to either a Windows desktop or a browser. Employees iconss Ter of both applications (if any) and applications hosted on the MetaFrame XP Chapter 2 - see Window minallocal Ser vices Presentation Server server farm to Chapter 3 - Citr ix MetaFr am e Accesswhich Suite they have access. These icons can be part of their startup file, it signi is notngobvious they represent local applications or applications hosted by the server Pa r t I and I - De a n Ent ewhether rpr i se SBC Solut ion farm. Users who run applications fromforthe farm receive Pr epar ingall Your Or ganization an server On- Dem andmay Enterpr ise their entire desktop as a Chapter 4 published application. I mplem entThe ationlower the number of local applications accessed by a PC user, the lower the administration topic is Data discussed thoroughly in Chapters 4 and 15. Chapter 5 - Ser vercosts. - BasedThis Computing Centermore Architect ure Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 8

- Security

Laptops Chapter 7 - The Client Envir onment

Laptops typically run local applications when disconnected from the network. When connected to the - Net w or k Managemen t network by a dial-up or wireless WAN connection, laptop users commonly launch a MetaFrame XP Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt session. Extra training helps ensure laptop users do not confuse local applications with hosted Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment applications. We have found that many employees of companies with SBC environments end up Chapter 11 - laptops Ser ver Configur ation: on Windows Serv ices abandoning except when planesTer ormininal motels since they find it less cumbersome to use a Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver PC or Windows terminal at both the office and home. Chapter 9

Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Windows Terminals Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Nearly 16 every major PCClient manufacturer, including IBM, Hewlett-Packard, and Dell, now makes Windows Chapter - Securing Access terminals. specialty companies, including Maxspeed, Neoware, and market leader, Wyse Chapter 17 Many - Net wor k Configur at ion

Technology, focus on building Windows terminals. Figure 1-5 shows one of the many models of Wyse Windows terminals. Windows terminals are typically display devices with no moving parts of any kind. Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment They utilize a thinned-down version of Linux, Windows CE, or an embedded version of Windows XP. Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Windows terminals typically have built-in local-host emulation and, sometimes, browsing in order to Ongoing Administr ation of the Ser v er - Based Com puting Chapter - character display functions from the MetaFrame XP Presentation Server server farm. offload21 these Envir onment Some manufacturers, such as Wyse, also have wireless and tablet devices that enable users to Pa r t I V - Appendi x es access their complete desktop remotely. Chapter 18 - Pr int in g

Appendix A - I nter netw or k ing Basics

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d Figure 1-5: A Wyse WinTerm Windows terminal I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve rhave - Ba semean d Comtimes put in gbetween failure Because Windows terminals often

measured in decades, their I expense ntr oducingis Ser ver -Based Com and th e On- Dem andfail, IT simply delivers a maintenance extremely low. If aputing Windows terminal does replacement Enterpr unit to ise the user. The user plugs in the Windows terminal, turns it on, and sees his or her Chapter 2 Unlike - Window Ter minal Ser vices do not allow users to destroy their unit configuration by desktop. PCs,s Windows terminals Chapter - Citrscreensavers, ix MetaFr am e Access Suite loading3games, or other potentially damaging software. This makes the Windows Pa r t I I - De signi ng device a n Ent efor rpr telecommuters i se SBC Solut ion with families that like to share personal computers at terminal an ideal Pr epar ing Your Or ganization On- Dem and Enterpr ise home. It also significantly lowers the costfor of an supporting telecommuters. Windows terminals are Chapter 4 I mplem ent ation in Chapter 7. discussed more thoroughly Chapter 1

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter Using6 a Browser - Designing Interface Your Netw or k for Ser ver- Based Com put ing Chapter 7

- The Client Envir onment As the 8Internet's pervasiveness continues to grow, more organizations prefer to utilize browser Chapter - Security

interfaces. -With the web interface component of MetaFrame XP Presentation Server, organizations Net w or k Managemen t can use their browser to launch published applications from the server farm. The web interface component also enables an organization's customers and suppliers to launch authorized applications Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment through a browser. Different users with different logins will see different applications. This topic is Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices discussed more thoroughly in Chapter 16. Chapter 9

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Wide Area Network Connectivity

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

MetaFrame XP Presentation Server requires between 10KB and 20KB of bandwidth per user session. This does not include additional bandwidth for large print jobs or for downloading or uploading files to Chapter 17 - Net wor k Configur at ion and from a fat-client PC. When remote office applications are hosted at a corporate data center, they Chapter 18 - Pr int in g are completely dependent upon access to the MetaFrame XP Presentation Servers for all of their Chapter 19 Disaster Recovery andmust Business Continuity in the SBC onment processing. An SBC architecture include both adequate andEnvir reliable bandwidth connections Chapter 20 Migr ation to Window s 2003 and Citr ix MetaFrame XP along with redundant contingencies. Chapter 16 - Securing Client Access

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

onment A frame relayEnvir circuit is the most popular connectivity method to multiple remote offices, though Pa r t I V - Appendi x es organizations increasingly utilize virtual private networks or straight Internet connectivity. Appendix Telecommuters, A - I nterin netw particular, or k ing Basics are using inexpensive fixed-fee Internet accounts to connect to corporate data centers. Bandwidth management is often in orderModel to prioritize ICA traffic. Bandwidth Appendix B - Creating an OnDem and Enterpr ise desirable Financial Analysis management devicesan from as Packeteer will Model prevent a user's large print job or file Appendix C - Creating On-manufacturers Dem and Enterprsuch ise Subscr iption Billing download, for example, from killing performance for the remaining users at a remote office. This topic I ndex is discussed List of Figur es more thoroughly in Chapters 6 and 17. List of Tables

It sometimes makes more economic sense for regional headquarters and large remote offices to utilize their own MetaFrame XP Presentation Server server farms. This may also be true if the office List of Sidebars uses software applications largely independent of, and different from, those employed at headquarters. Even in these scenarios, though, a common corporate database application, such as an ERP package, can still run off the MetaFrame XP Presentation Servers at the corporate data center. The regional offices can access this application by running the corporate ICA session within their own ICA session. This topic is discussed more thoroughly in Chapter 12. List of Case Studies

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Designing an On-Demand Enterprise Architecture 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve enterprise Kaplan et al. A successful on-demand architecture depends upon a comprehensive project design. A McGr plan aw -Hill © 2003to(724 pages) all aspects of the migration to the SBC model, including detailed and in-depth needs address data centers, disaster recovery, bandwidth, system management, policies and procedures, security, This guide ex plains how to build a r obust, reliable, and scalable thin- clientclients, com puting onment and deploy problems will occur even with the applications, migration strategies, and envir support. Unanticipated Windows 2000/ Windows 2003 Ser er and MetaFr am e. Alsofor problems and help ensure best-laid plans. Diligent work up-front, though, willvminimize the potential learn t o centr alize application managem ent, r educe soft w ar e a successful implementation. on the desktop, and mor e.

< ?xm Windows l version= 2003 " 1.0" Terminal encoding= Services " I SO- 8859is far 1" more ?> desirable and stable than a distributed PC-based Tacomputing ble o f Con tenvironment, en t s but PC users are often particularly unforgiving of SBC problems because they areix initially reluctant to Suite give up "personal" part of their personal computers. Citr MetaFr am e Access for the Window s Ser v er 2003—The Official Guide For ewor d

The considerable technical and cultural challenges make in-depth project and associated organizational change planning absolutely essential to a successful SBC implementation and onPa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g demand enterprise architecture. The first step is to set up a proof-of-concept pilot to ensure that the I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter crucial 1applications Enterpr will ise run acceptably within an SBC environment. Next, assemble a project planning team to prepare a project definition document. The definition document should include the project Chapter 2 - Window s Ter minal Ser vices goals, scope, roles, risks, success criteria, and milestones. The third step involves a comprehensive Chapter 3 - Citr ix MetaFr am e Access Suite infrastructure assessment that both ensures support for an enterprise SBC implementation and Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion enables a meaningful planning process. Finally, a comprehensive design plan for migrating from a Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 environment PC-based to an SBC environment serves as a roadmap for the project managers and I mplem ent ation implementation teams. These steps are covered thoroughly in Chapter 4. Chapter 5 - Ser ver - Based Computing Data Center more Architect ure I ntr oduction

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix MeOn-Demand t aFra m e Access Su it e fo r W in do w Implementation s Ser ver ABM Industries' Enterprise 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al.

ISBN:0072195665

Deploying JD Edwards our(724 fat-client McGr aw -Hill ©in2003 pages) PC environment would have been prohibitively expensive.This The guide tremendous cost of Citrix enabled ex plains howadvantages to build a r obust, reliable, andus to deploy all applications and networkingscalable servicesthinto our client users com around puting envir the onment country,and even deploy to those working in small offices or at WindowsWe 2000/ Windows Ser v erand and often MetaFr am e. Also regional IT processing with customer facilities. replaced our2003 disparate overlapping learn t o centr alize application managem ent, r educe soft w ar e a unified corporate IT department and approach. on the desktop, and mor e.

—Anthony Vice President < ?xm l version= " 1.0"Lackey, encoding= " I SO8859- 1"of ?>MIS, Chief Technology Officer, ABM Industries Ta ble o f Con t en t s According ABM Industries wassthe Fortune 1000 company Citr ix MetaFrto amCitrix, e Access Suite for Window Serfirst v er 2003—The Official Guide to deploy SBC for virtually all

applications to every user throughout the enterprise. With annual revenues of over $2 billion and more For ewor d

than 62,000 employees, ABM provides outsourced facility services to thousands of customers in hundreds of cities across North America. In late 1998, management decided to implement the clientPa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g server version of JD Edwards' One World accounting system for all divisions. This would have required I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 hundreds upgrading of PCs and many remote-office bandwidth connections. In addition, the company Enterpr ise had nearly 1000 PCs wereSer non-Y2K Chapter 2 - Window s that Ter minal vices compliant. Rather than continue the endless spiral of PC upgrades, Anthony Lackey, Director of Information Technology (he was promoted to Vice President of Chapter 3 - Citr ix MetaFr am e Access Suite MIS as a result of the project success), built a strong case for embracing SBC throughout the Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion enterprise. I ntr oduction

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

ABM's rollout began only after months of in-depth design, planning, and pilot testing. They moved their - Ser ver - Based Computing Data Center Architect ure data center from a San Francisco high-rise to a hosting facility that offered the advantages of high Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing security and access to a much broader communications infrastructure. A redundant data-center hot Chapter 7 set- up TheinClient Envir onment site was Scottsdale, Arizona, as part of a disaster recovery contract with SunGard, a business Chapter 8 firm. - Security continuity Chapter 5

Chapter 9

- Net w or k Managemen t

Today, duala nDell servers Presentation Pa r t I I I - 50 I mtop-end ple m ent ing O n-D e m a ndrunning Se r ve r - MetaFrame Ba se d Com puXP ti ng Envi r onm e ntServer

software in the data

center support 2500 concurrent at both headquarters andonment at regional offices across the Chapter 10 - Pr oj ect Managing andusers Deploying anthe Enter pr ise SBC Envir country. gigabit backbone connectsTer the MetaFrame Chapter 11A Cisco - Ser ver Configur ation: Windows m inal Serv ices Presentation Server server farm and other servers. theiration: personal shared on a network attached storage device, which Chapter 12All- users Ser verstore Configur Citr ixand MetaFr am efiles Presentation Ser ver

includes than a terabyte of information stored Chapter 13more - Application I nstallation and Configur at ion on its virtual Windows file server. Eighty percent of ABM's users work on Wyse WinTerms, while the rest use a mix of laptops and desktop computers running the Citrix MetaFrame XP Presentation ICA Client software. Figure 1-6 shows a schematic of Chapter 15 - Pr ofiles, Policies, and Pr ocedu res the ABM access infrastructure architecture. At the time of this writing, ABM was preparing to pilot the Chapter 16 - Securing Client Access new products of the MetaFrame Access Suite. Chapter 14 - Client Configur ation and Deploym ent

Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Figure 1-6: ABM Industries' on-demand enterprise infrastructure ABM Industries performed a detailed and conservative cost analysis that projected a minimum fiveyear savings of $19 million from switching their first 2500 users to SBC. The ABM Industries project will

be referenced throughout the first half of this book as a case study showing the technical and cultural implications of transforming the distributed PC computing environment of a large organization into an on-demand enterprise. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Me t aFra m e Access Su it e fo r W in do w s Ser ver Chapter Cit 2:rixWindows Terminal Services 2 00 3 : Th e O ff icial Guid e

Overview

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and

Chapter 1 elaborated scalable on thinhow client server-based com puting computing envir onment (SBC) andcan deploy solve a host of corporate IT Windowssave 2000/corporations Windows 2003 Ser v er and MetaFr am e. Also problems and potentially significant money. Although Microsoft inherited the learn t o centr alize application managem ent, r educe soft w ar e Terminal Services Code from Citrix, as described in Chapter 3, Microsoft has made a tremendous on the desktop, and mor e. development commitment to the code since that time. Today, the Terminal Services component of < ?xm l version= " 1.0"2003 encoding= " I SO- 8859?> Windows Server represents a very1"strong foundation for SBC. Giga Information Group, in their Ta2003 ble o fmarket Con t en ts overview, estimated that the SBC market would exceed $1.4 billion in 2003. Clearly, SBC Citr ix MetaFr amwhat e Access Suite for Window s Ser v er 2003—The Guide would not be it is today, nor hold the promising future Official parlayed in this book, without Microsoft's For ewor d commitment to this platform. I ntr oduction

When installing Terminal Services solution Pa r t I - Ov er vi e w a of Microsoft Ente r pr iseWindows Se r ve r - Ba se d Com put in g

into an enterprise, the methodology for administering and maintaining the system hasand more common I ntr oducing Ser ver -Based Com puting th einOnDem andwith a host-based or mainframe Chapter 1 -model than with a distributed PC model. In the traditional, centralized host architecture, computing Enterpr ise dumb terminals provide simple, interface between the user and the host. Users can Chapter 2 - Window s Teraminal Ser character-based vices log on, run programs, read and write shared files, direct output to shared printers, and access shared Chapter 3 - Citr ix MetaFr am e Access Suite databases. Furthermore, each terminal session functions independently from other terminal Pa r t I I - De signi ng a n Ent e rpr i se dumb SBC Solut ion sessions because system theand communication between the host applications Pr eparthe ing host Your operating Or ganization for andirects On- Dem Enterpr ise Chapter and the4 remote dumb terminal users. I mplem ent ation Chapter 5

- Ser ver - Based Computing Data Center Architect ure

The primary difference between Windows Terminal Services and a centralized mainframe or host - Designing Your Netw or k for Ser ver- Based Com put ing architecture is the graphical nature of the Windows operating system. Host environments have Chapter 7 - The Client Envir onment traditionally been character oriented, requiring only a small amount of network traffic to travel over the Chapter 8 - Security communication lines between the host and the terminal. With Terminal Services, all of the graphical Chapter - Net w orrelated k Managemen t screen 9output and input/output comprising mouse movements, keyboard commands, and Pa r t I I I -updates I m ple m ent ingflow a n Obetween n-D e m a nd r ve r - Ba se d Com pu ti ng server. Envi r onm e nt screen must theSedesktop client and the Chapter 6

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

In this chapter, Windows 2000 and Windows 2003 Chapter 11 - Serwe vercover Configur ation: Windows Ter m inal Serv ices Terminal Services. We discuss the many facets of Remote Desktop Client software and the Remote Chapter 12the - Ser ver Configur ation: Citr(RDC) ix MetaFr am e Presentation Ser ver Desktop Protocol (RDP), including differencesI nstallation between versions 5.0 and Chapter 13 the - Application and Configur at ionthe new Remote Desktop Client for Windows 2003. We cover Services in the including migration, domain considerations, and Chapter 14 Terminal - Client Configur ation andenterprise, Deploym ent application Finally, discuss Chapter 15 -considerations. Pr ofiles, Policies, and Prwe ocedu res licensing for Windows 2000 and Windows 2003

Terminal Services. Note that Terminal Services is the necessary basis for Windows-based SBC, whether or not Citrix MetaFrame XP is added to the solution. As we will discuss in Chapter 3, Citrix Chapter 17 - Net wor k Configur at ion adds additional features and benefits to the Terminal Services included with Windows 2000 Server and Chapter 18 - Pr int in g Windows Server 2003 discussed in this chapter. Chapter 16 - Securing Client Access

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Family Access Su it e fo r W in do w s Ser ver The Terminal Services 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by 2000 Steve and Kaplan et Terminal al. Microsoft Windows 2003 Services allow multiple users to log on to a Windows awserver, -Hill © 2003 (724 pages) 2000 or WindowsMcGr 2003 have their own desktop environment, and execute programs that stay resident. User logons effectively gethow theirtoown protected for applications and data. This guide ex plains build a r obust,memory reliable, space and thinclient com envir onment and applications deploy Users can have ascalable Windows desktop andputing run Windowsbased without the need to load the Windows 2000/ 2003 Ser v er and Services MetaFr amcan e. Also applications on their local PC. AWindows server running Terminal host hundreds of concurrent learn t o centr alize application managem ent, r educe soft w ar e users (the specifics sizing on of theserver desktop, andwill morbe e. covered in later chapters). In this chapter, we will use the generic term Terminal Server to refer to a server running Windows 2000 Server or Windows Server < ?xm l version= " 1.0" encoding= I SO- 8859- 1" ?> 2003 with Terminal Services"enabled.

Ta ble o f Con t en t s Citr The ix MetaFr client computing am e Accessdevice Suite for used Window to communicate s Ser v er 2003—The with theOfficial Terminal Guide Server can be a PC or a specially

designed For ewor d terminal made to work with the Terminal Server display protocol. The PC or terminal runs a relatively I ntr oductionsmall program that enables a logon and accepts redirected screen output from the Terminal Server. The Pa r t I - Ov er viMicrosoft e w of EnteTerminal r pr ise Se rServices ve r - Ba se client d Com program put in g

relies on a protocol originally developed for Microsoft's NetMeeting, Desktop (RDP). RDP is based on the International I ntr oducing called Ser ver Remote -Based Com puting Protocol and th e OnDem and Chapter 1 Telecommunications Enterpr iseUnion's (ITU) T.120 protocol. The T.120 protocol is a standard multichannel conferencing protocol that is tuned for enterprise environments and supports session encryption. Chapter 2 - Window s Ter minal Ser vices Chapter 3

- Citr ix MetaFr am e Access Suite

Terminal Services History—It Started with Windows NT 4.0 Server, Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 - Server Edition Terminal I mplem ent ation Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Microsoft's Windows NT 4.0 Server, TSE, was the implementation of Citrix MultiWin (which will be - Designing Your Netw or k for Ser ver- Based Com put ing discussed in Chapter 3) on the Windows NT 4.0 Server platform. Although Windows NT 4.0 is no Chapter 7 - The Client Envir onment longer officially supported by Microsoft or Citrix, it is worth discussing the beginnings of Terminal Chapter 8 - Security Services technology to further understand where it is today. For those still running Windows NT 4.0 Chapter 9 - Net w or k Managemen t TSE, we strongly recommend upgrading to Windows 2003 (see the upcoming "Windows 2003 Server" Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt section for justification). If support for 16-bit applications is required, NT 4.0 Terminal Services Edition Chapter 10still - necessary, Pr oj ect Managing and Deploying an 2003 Enter pr SBC Envir onment (TSE) is as Windows 2000 and doisenot effectively support 16-bit applications. Chapter 6

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Because of TSE, could logSer onver to virtual Windows NT 4.0 sessions Chapter 12 of- the SerMultiWin-inspired ver Configur ation: kernel Citr ix MetaFr amusers e Presentation with the13same desktop and application andatfeel Chapter - Application I nstallation and look Configur ion of Windows NT 4.0 Workstation. With TSE, Microsoft separate code for the Chapter 14 created - ClientaConfigur ation andbase Deploym entoperating system in order to overcome some of the memory limitations ofocedu Windows Chapter 15management - Pr ofiles, Policies, and Pr res NT 4.0 Server and to generally tune it for multiuser access.16 - Securing Client Access Chapter Chapter 17 - Net wor k Configur at ion

Microsoft included their Terminal Server client, which is the client portion of the Remote Desktop

Chapter 18 with - PrTSE. int in gThis RDP client supported a variety of Windows desktops over TCP/IP networking, Protocol, Chapter 19 Disaster Business the SBC Envir onment including Windows 95Recovery and 98, and Windows CE,Continuity WindowsinNT Workstation, Windows 2000, and Windows Chapter XP. 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir onment TSE Internals

Pa r t I V - Appendi x es

Appendix In order Ato achieve - I nter netw theormultiuser k ing Basics capabilities required in TSE, the Citrix MultiWin technology needed to

be integrated into the an Windows Server This integration Appendix B - Creating On- DemNT and4.0 Enterpr ise kernel. Financial Analysis Model meant that several components, services,Cand drivers were added or modified the original Windows NT 4.0 Server core operating Appendix - Creating an OnDem and Enterpr iseinSubscr iption Billing Model system. Windows NT 4.0 components such as the Virtual Memory Manager (VMM) and Object I ndex Manager were modified to perform in a multiuser environment. List of Figur(OM) es List of Tables

Virtual Memory Manager The VMM in TSE mapped virtual addresses in the process's address space to physical pages in the computer's memory. In Windows NT, a process's address space was divided List Sidebars intooftwo 2GB address ranges: user (process-specific addresses) and kernel (system-specific addresses). For the user address space, the VMM provided an individualized view of the physical memory to each process, ensuring that a call for system resources (a thread) within a process can access its own memory, but not the memory of other processes. List of Case Studies

SessionSpace The kernel address space in TSE was common for all processes within the system, thus providing a consistent means for accessing all kernel services. The fact that all processes in Windows NT 4.0 shared the kernel address space resulted in kernel resource limitations when

supporting multiple interactive sessions on a single server. In TSE, these limitations were addressed by creating a special address range in the kernel, called SessionSpace, which could be mapped on a per-session basis. Each process associated a SessionSpace Cit rix Me t aFra mwas e Access Su it e with fo r W in do w s Ser vervia a SessionID. When a remote user connected to2 00 Terminal Server, newe SessionID was generated, and all of the processes created 3 : Th e O ff icial aGuid for that connection that SessionID and unique sessionISBN:0072195665 space, as shown next. Other process by inherited Steve Kaplan et al. groups, with a different SessionID, point to a separate set of memory-mapped objects and physical McGr aw -Hill © 2003 (724 pages) pages at the same virtual address. This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

The Windows NT 4.0 Terminal Server made all objects required for multiuser capability virtual so that - Designing Your Netw or k for Ser ver- Based Com put ing the applications and system programs from different user sessions do not collide. Every object name Chapter 7 - The Client Envir onment created within a session is appended with a unique identifier number associated with the individual user Chapter - Security that created it. For example, if a user started an application in the first session on session8 (SessionID) Chapter 9 - Net w or k the Managemen the Terminal Server, session twould be seen as session1 and the application seen as application1, Pa r t shown I I I - I minple m ent ing as Figure 2-1.a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Chapter 6

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - 2-1: Creating an Onand Enterpr ise Subscr iption Billing Model Figure Execution ofDem a multiuser Windows application I ndex List of Figur es

The Remote Desktop Protocol was designed to support TCP/IP over LAN or WAN communication links. Due to the multisession nature of the protocol, a special user mode extension (RDPWSX), as List of Case Studies depicted in Figure 2-2, is needed to receive all incoming client packets. RDPWSX manages sessions List of Sidebars and calls WINLOGON to authenticate them. In addition, RDPWSX will validate the client license with the license server and negotiate client-server encryption keys. List of Tables

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3 - 2-2: Citr ix e Access Suite Figure AnMetaFr RDP am session Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Upon successfully a session, subsystem gained control over session Pr epar establishing ing Your Or ganization forthe an MultiWin On- Dem and Enterpr ise I mplem ent ation management. A virtual session was created by localizing a copy of WIN32K.SYS with all the necessary Chapter - SerThe ver -TERMDD Based Computing Data CenterDevice Architect ure then provided the run-time environment device 5drivers. (Terminal Server Driver) Chapter 6 - Designing Your Netw or k in fororder Ser verBased Com put ingclient session requests. To support the of a session-specific protocol driver to service multiple mouse7and- keyboard sent to each session's copy of the WIN32K.SYS subsystem, the Chapter The Clientcommands Envir onment RDPWD Desktop Winstation Driver) was loaded. Chapter 8 (Remote - Security Chapter 4

Chapter 9

- Net w or k Managemen t

The console session was always the first to load, and was assigned a special client connection ID of 0. The console session launched at system startup with the system-configured Windows NT display, Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment mouse, and keyboard drivers loaded. The Terminal Server service contacted the Windows NT session Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices manager (SMSS.EXE) and loaded the RDP user mode protocol extension RDPWSX to create two idle Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver client sessions right after the creation of the console session. These two idle sessions listened on TCP Chapter 13 - Application I nstallation and Configur at ion service port 3389 for RDP protocol packets from the client. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 14 - Client Configur ation and Deploym ent

Code Sharing Chapter 15 - Pr ofiles, Terminal Policies, Server andalso Pr ocedu implemented res memory code sharing (also known as Copy onWrite Page ThisAccess feature allowed one copy of executable code, such as Microsoft Word, to Chapter 16 - Protection). Securing Client be loaded memory, Chapter 17 into - Netphysical wor k Configur at ionand to have multiple users run the same copy of the program code. If a user loaded copy of a Word document, a separate memory space would be set aside and Chapter 18 - Praintprivate in g marked19as -read/write under theand protection Virtual Memory Manager. No other process could access Chapter Disaster Recovery BusinessofContinuity in the SBC Envir onment

this private space. This swas extremely useful and efficient when a large number of users were Chapter 20 -memory Migr ation to Window 2003 and Citr ix MetaFrame XP using the same programs. Ongoing Administr ation of the Ser v er - Based Com puting

Chapter 21 -

Envir onment

Note Code sharing cannot be utilized in 16-bit applications, since they need to run inside a separate DOS VDM (Virtual Dos Machine). For this reason, approximately 20 percent more Appendix A - I nter netw or k ing Basics memory is used by 16-bit and DOS applications than by comparable 32-bit applications. In Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model order to properly size the RAM requirement in TSE, a live functional test should be Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model conducted to observe the total working set of memory consumed by a specific application, I ndex because many 32-bit applications contain 16-bit code. Pa r t I V - Appendi x es

List of Figur es List of Tables

Windows 2000 Terminal Services

List of Case Studies

List of Sidebars In Windows 2000 Terminal Services, SessionSpace remains. The layout on the memory map has

been modified to further tune the system and enable a common layout for all Windows 2000 systems, whether or not Terminal Services has been installed. The main modification is that SessionSpace has been reduced to 60MB and starts at the memory address location A0000000. Moving SessionSpace up to A0000000 allows all system drivers (win32k.sys), video drivers, and printer drivers to be loaded in a common virtual address location, whether they are accessed through a Terminal Services session or on a session without Terminal Services. Microsoft redesigned the memory mapping to eliminate the need for a separate version of the operating system to support Terminal Services, as was necessary

with Windows NT 4.0 Server and TSE. Among other obvious advantages, service packs for Terminal Services no longer lag behind those for the base operating system as they did with TSE. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

A new Windows 2000 service, appropriately called Terminal Services (termsrv.exe), is the controlling 2 00 3 : Th e O ff icial Guid e process in the Terminal Server architecture. It is primarily responsible for session management, ISBN:0072195665 by Steve Kaplan et al. initiation, and termination of user sessions and session event notification. The Terminal Server service McGr aw -Hill © 2003 (724 pages) is entirely protocol independent, so it can function using RDP or a third-party add-on protocol such as This guide ex plains how to build a r obust, reliable, and ICA from Citrix. scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

A user mode protocol provides assistance to ent, the Terminal Server learn extension t o centr alize application managem r educe soft w ar e service. It is the responsibility of this component provide on the desktop, to and mor e. protocol-specific functions and services, such as licensing, session shadowing, client font enumeration, and so forth. Each Terminal Server session protocol (for < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> example, RDP and ICA) has its own protocol extension, providing a variety of services. Ta ble o f Con t en t s

Citr ix Note MetaFrFor am RDP, e Access Window s Ser v er Official Guide thisSuite userfor mode extension is 2003—The called wsxtshar.dll. For ewor d I ntr oduction

Windows 2003 Server

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing verthe -Based Comproduct puting and e On- Dem and Windows 2003 is Ser now flagship for th Terminal Services. Packaged with the release of Chapter 1 Server Enterpr ise

Windows Server 2003 is a new client connection program. The new Terminal Services client, first - Window s Ter minal Ser vices released with Windows XP, is called Remote Desktop Connection (RDC) and provides substantial Chapter 3 - Citr ix MetaFr am e Access Suite improvements over previous releases, including greater functionality through a simplified user Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion interface. RDC can also be used to connect to a Windows XP Professional-based computer running Pr eparand ing Your Or ganization for an OnDem and versions Enterpr ise Remote4 Desktop, can be used to connect to previous of Terminal Services (Windows NT Chapter I mplem ent ation 4—Terminal Server Edition and Windows 2000 Server). RDC utilizes a new version of RDP and a new Chapter 5 - Ser ver - Based Computing Data Center Architect ure licensing model that provides for user and device licensing of Terminal Services and NT CAL's rather Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing than just device licensing that had been required (see the "Licensing" section later in this chapter). This Chapter 7 change - The Client Envir onment licensing represents a tremendous win for all Windows SBC environments, as it dramatically Chapter 8 the- costs Security reduces for environments where users have more than one device they connect from. For Chapter 9 under - Net w or kWindows Managemen t licensing model, if a user connected to a Terminal Services server example, the 2000 Pa I I I - from I m pleamlaptop, ent ing desktop, a n O n-D e m a ndhome Se r vecomputer, r - Ba se d Com pu ti ng Envi r onm ethe nt user's organization to orr tfarm and Microsoft required Chapter 10 Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment purchase three Windows Terminal Services client access licenses and three Windows 2000 Server Chapter 11 - Ser ver Configur ation: Ter m inalnew Serv ices client access licenses for this one Windows user. Under the per-user licensing, the organization will only Chapter - Ser verone Configur ation: Citr ixuser. MetaFr am e Presentation Ser ver need to12purchase license for that Chapter 2

Chapter 13 - Application I nstallation and Configur at ion

Windows 2003Configur Editions Chapter 14 - Client ation Comparison and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Windows Server 2003 comes in six releases and four named editions; Standard, Enterprise, Datacenter, and Web. The Web edition will run on small-footprint servers. As the name implies, this Chapter 17 - Net wor k Configur at ion edition is for web servers only—systems running IIS 6.0 and web applications. This edition will make an Chapter 18 - Pr int in g excellent and cost-effective platform for web services such as MetaFrame Web Interface and Chapter 19 - Secure DisasterAccess Recovery and Business Continuity the SBC Envir onment MetaFrame Manager, as discussed in in Chapter 16. Chapter 16 - Securing Client Access

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

The StandardOngoing edition Administr is the general-purpose intended for traditional Windows Server tasks ation of the Serversion v er - Based Com puting Envir onment such as file and print serving, security, and Terminal Services. This is the server upon which a Citrix Pa r t I V - Appendi es MetaFrame XP xinstallation is most likely to be based. Chapter 21 -

Appendix A - I nter netw or k ing Basics

The Enterprise editionanis Ona "hardened" version the operating Appendix B - Creating Dem and Enterpr ise of Financial Analysissystem. Model Microsoft has added a number of features this edition to increase its value an application server platform. We envision that this Appendix C -toCreating an OnDem and Enterpr iseas Subscr iption Billing Model

server will be used for three potential purposes: large Terminal Services Farms, clustering, transaction processing, or server consolidation.

I ndex

List of Figur es

List of Tables Finally, the Datacenter edition is the "big iron" version of the operating system. It is designed for the List of Case Studiesapplication and availability requirements where hardware cost is not a concern. This most demanding List of Sidebars version requires a minimum of eight CPUs in a system and can run on systems containing up to 32

CPUs. System administrators who covet the chance to work on a Windows "mainframe" will be running this. As mentioned, there are actually six releases. The additional two are the 64-bit versions of the Enterprise and Datacenter editions designed for the Intel Itanium processor. Because of the emphasis by the Microsoft SQL Server team on 64-bit computing, these releases will be targeted at high-volume database or transaction processing applications, but not much else.

Table 2-1 compares the features of the four named editions. Table 2-1: Windows Cit rix2003 Me t aFra Editions m e Access Comparison Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan etStandard al. McGr aw -Hill © 2003 Edition (724 pages)

Feature

Enterprise ISBN:0072195665 Datacenter Edition Edition

Web Edition

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 64-bit support for Intel 2000/ Windows 2003 Ser v+er and MetaFr am e.+Also learn t o centr alize application managem ent, r educe soft w ar e Itanium-based computers on the desktop, and mor e.

Scalability

[1] [2]

Hot add memory , < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en tMemory s Non-Uniform

+

+

+

+

CitrAccess ix MetaFr am e Access [2] Suite for Window s Ser v er 2003—The Official Guide (NUMA) For ewor d

I ntrDatacenter oduction program

+

Pa rMaximum t I - Ov er viRAM e w of Support Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and + + + Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

2GB 4GB

+

Pa r32GB t I I - De signi ng a n Ent e rpr i se SBC Solut ion

+

+

+

+

+

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 64GB4[3] - I mplem ent ation 1/2 + Chapter 5 [4]- Ser ver - Based Computing Data Center Architect ure 512GB Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 2-way8

- Security

Chapter 9

- Net w or k Managemen t

1/2

Maximum Symmetric Multiprocessing Support (SMP)

4-way

+

+

+

+

+

+

+

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 8-way10 - Pr oj ect Managing and Deploying an Enter + pr ise SBC Envir onment + Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

32-way

+

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 64-way 13 - Application I nstallation and Configur at ion

+

Chapter 14 - Client Configur ation and Deploym ent

Directory Services

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Active16 Directory Chapter - Securing Client Access +

+

+

Chapter 17 - Net wor k Configur at ion

+

+

Metadirectory Services (MMS)

Chapter 18 - Pr int in g

1/2

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

support Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Security Chapter 21 Services Envir onment Pa rInternet t I V - Appendi x es connection

firewall

+

+

+

Appendix A - I nter netw or k ing Basics

Public Key Infrastructure, 1/2 + + certificate services, and Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model smart cards Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

1/2

I ndex

ListTerminal of Figur esServices List of Tables

Remote Desktop for

+

+

+

+

+

+

+

+

+

+

+

ListAdministration of Case Studies List of Sidebars

Terminal Server Terminal Server Session Directory Clustering Technologies Network load balancing

+

+

Cluster service

+

+

Communications andMeNetworking Services Cit rix t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Virtual private network (VPN) + by Steve Kaplan et al. support

+

+

ISBN:0072195665

1/2

McGr aw -Hill © 2003 (724 pages)

Internet Authentication This guide ex plains+ how to build a r + obust, reliable, and+ Service (IAS) scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

Network bridge learn t o centr alize +application managem + ent, r educe soft + w ar e on the desktop, and mor e.

Internet Connection Sharing + < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> (ICS)

+

Ta ble o f Con t en t s

+ s Ser v er 2003—The + + CitrIPv6 ix MetaFr am e Access Suite for Window Official Guide

+

ForFile eworand d Print Services I ntr oduction

System +g Pa rDistributed t I - Ov er vi eFile w of Ente r pr(Dfs) ise Se r ve+ r - Ba se d Com put in

+

+

I ntr oducing Ser ver -Based Encrypting + Com puting and + th e On- Dem and + Chapter 1 - File System Enterpr ise

+

(EFS)

Chapter 2

- Window s Ter minal Ser vices Shadow + Suite Chapter 3 Copy - Citr Restore ix MetaFr am e Access Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Removable and remote

Chapter 4 storage

-

+

+

+

+

+

+

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 5 - Ser ver - Based Computing ure Fax service + Data Center Architect + Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Services for Macintosh

+

+

+

+

+

+

+

Chapter 8 - Security Management Services Chapter 9

- Net w or k Managemen t

IntelliMirror

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter - Pr results oj ect Managing and Deploying an Enter Group10policy + + pr ise SBC Envir onment + Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

1/2 1/2

Windows Management + + Instrumentation (WMI) Chapter 13 - Application I nstallation and Configur at ion command line

+

+

Remote +ocedu res Chapter 15 OS - Prinstallation ofiles, Policies, and Pr

+

+

+

Chapter 16 - Securing Client Access

+

+

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 14 - Client Configur ation and Deploym ent

Remote Installation Services

+

Chapter (RIS) 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Windows Resource + in the SBC Envir + onment Chapter 19 -System Disaster Recovery and Business Continuity Manager Chapter 20 -(WSRM) Migr ation to Window s 2003 and Citr ix MetaFrame XP

OngoingServices Administr ation of the Ser v er - Based Com puting .NET 21 Application Chapter Envir onment Pa r.NET t I V - Framework Appendi x es[1]

+

Appendix A - I nter netw or k ing Basics

Internet Information Services (IIS) 6.0

+

+

+

+

+

+

+

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

ASP.NET I ndex

[1]

ListEnterprise of Figur es UDDI services List of Tables

+

+

+

+

+

+

+

+

+

Services ListMultimedia of Case Studies ListWindows of Sidebars Media Services

Key: + = Feature included 1/2 = Feature partially supported

+

[1]Not

supported in 64-bit versions of Windows Server 2003.

[2]May

be limitedCit byrix lack support by OEMSu hardware. Meoft aFra m e Access it e fo r W in do w s Ser ver

[3]Datacenter

GB RAM. [4]The

2 00 3 : Th e O ff icial Guid e

Edition's 32-bit version version both support up to 64 ISBN:0072195665 by Steve Kaplan et al.and Enterprise Editions 64-bit McGr aw -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and

64-bit version of Datacenter Edition supports up to 512GB RAM. scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me tProtocol aFra m e Access Su it e fo r W in do w s Ser ver Remote Desktop (RDP) 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 Steve Kaplan et al. in more detail how the Remote In this part of the by chapter, we describe Desktop Client performs McGr aw -Hill © 2003 (724 pages) session management and other functions.

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e When a client initiates session,and the mor TCP/IP on theadesktop, e. transport driver passes the request to the TERMDD

Session Connection

program on the Terminal Server. TERMDD then passes the request to RDPWSX, which in turn signals

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> the Terminal Server service to create a thread to handle the incoming session request. In addition, Ta ble o f Con t en t s

RDPWSX is responsible for initiating session negotiation with the client and capturing all necessary client information, such as compression, encryption level, client version number, and license details. For ewor d As each client connection is accepted and assigned an idle SessionSpace, a new idle session is I ntr oduction created. The session manager also executes the client-server run-time subsystem process Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g (csrss.exe), and a new SessionID is assigned to that process. The CSRSS process then invokes the I ntr oducing Ser ver -Based Com puting device and th einterface On- Dem (GDI) and module (win32k.sys) to render Windows (winlogon.exe) and the graphic Chapter 1 Logon Enterpr ise the initial logon screen information and present it to the particular user SessionID, as shown in Figure Chapter 2 - Window s Ter minal Ser vices 2-3. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - 2-3: I nterThe netwconnection or k ing Basics Figure process in an RDP session Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Note For use under heavy session logon activity, a registry setting can increase the two idle session numbers. The values are contained in the following key: List of Figur es HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal List of Tables Server\IdleWinstationCount\. I ndex

List of Case Studies

List of Sidebars Network Load

Balancing on Session Connections

RDC can utilize Network Load Balancing (NLB), available in Windows Server 2003 Standard, Enterprise, and Datacenter Server Editions, as well as Windows 2000 Advanced Server and Datacenter Server. NLB utilizes a round-robin approach for session connectivity to multiple Terminal Servers. NLB can detect downed servers, thus sending a client to one of the remaining live servers, and effectively eliminating a single point of failure if one server is down. Note though that this service is not the same as Citrix's load balance service, which utilizes server parameters rather than the network

round robin that NLB utilizes. It is the opinion of the authors that NLB is not a sufficient tool for load balancing or effective redundancy in an enterprise server farm environment, but it may be sufficient for smaller environments thanmfour serversSuinitthe Cit rix(less Me t aFra e Access e fofarm). r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. Session Disconnection

ISBN:0072195665

McGr aw -Hill © 2003 (724 pages)

When a user disconnects an active session This guidefrom ex plains how to build awithout r obust, logging reliable, off, andthe GDI stops taking commands client com puting envir onment and deploy from the user by scalable stoppingthinall drawing operations from reaching the display driver. A disconnected 2000/ Windows 2003 SerTerminal v er and MetaFr am e.Manager Also desktop object is Windows created and represented in the Services application (Start Menu | learn t o centr alize application managem ent, r educe soft w ar e Figure 2-4. Administrative Tools | Terminal Services Manager), as shown in on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Figure 2-4: The Terminal Services Manager application showing a disconnected session

Pa r t I I I -the I m ple m ent ing a n O n-D e m a nd Se r ve se dstack Com pu ng Envi r onm nt During disconnection timeout period, ther - Ba RDP is tiunloaded, bute TERMDD

is still active

Chapter 10win32k.sys - Pr oj ect Managing an Enter SBC Envir onment because maintainsand an Deploying active handle to it pr forisekeyboard and mouse control. Before the Chapter - Serexpires, ver Configur ation:can Windows Ter m inal Serv icessame session. The session disconnect timeout11period the user be reconnected to the Chapter process12is shown - Ser ver in Configur Figure 2-5. ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Figure 2-5: The disconnection process in an RDP session

Session Reconnection When a user initiates a connection to the same server, a brand-new connection is created. The RDP

stack is loaded, and SessionSpace is assigned. The user is presented with a logon screen. Thus far, the process is identical to a new session connection. However, when WINLOGON scans the user ID and determines that theMe user hasmae disconnected TERMDD is instructed to perform a session Cit rix t aFra Access Su it e session, fo r W in do w s Ser ver reconnection. The user session is then switched back to the disconnected session. 2 00 3 : Th e O ff icial Guid e ISBN:0072195665

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages) Data Transmission

This guide ex plains how to build a r obust, reliable, and client com putinglayer envirof onment and deploy RDP packets arescalable formedthinin the presentation the Open System Interconnect (OSI) model. The Windows Windows 2003according Ser v er andtoMetaFr am e. Also packets are encrypted and2000/ frames packaged the requirements of the network protocol. learn t o centr alize application managem ent, r educe soft w ar e Currently, only TCP/IP is supported by RDP. The RDP data content may include keyboard input and on the desktop, and mor e. mouse movement coordinates, as well as graphical bitmaps and printer redirection output. The return < ?xm l version= " 1.0" in encoding= I SO- 8859?> RDP packet goes reverse "through the1"same protocol stack, is decrypted, and unwrapped, and the TaTCP/IP ble o f Con t en t sinformation is stripped for the specific client session. Some of the data transmission header Citr ix MetaFr amfeatures e AccessofSuite Window s Ser v er 2003—The Official Guide optimization RDPforinclude the following: For ewor d I ntr oduction

Intelligent encoding The redrawing of graphical images can be encoded to tell the client to redraw changes only since the last refresh took place. In other words, only the changes are sent.

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 2 -and Window s Tercaching minal SerAvices Glyph bitmap glyph is a graphical representation of a character. The RDP client Chapter 3 - Citr ix reserves MetaFr amae minimum Access Suite automatically of 1.5MB of memory space to cache the required set of glyphs Pa r t I needed I - De signi n Ent e rpr SBC Solut ionBitmaps in ng thea display ofi se common text.

of different sizes are also cached in memory.

Pr epar ing Your Or forthe an Terminal On- Dem and Enterpr iseclient can redraw the required text Whenever a command is ganization issued from Server, the Chapter 4 I mplem entquickly ation by extracting the elements from cache. and bitmaps very Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Bulk compression A client-side option optimizinga low-speed connection will turn on bulk - The Client Envir onment compression, which can reduce the packet count by 50 percent.

Chapter 7 Chapter 8

- Security

Chapter 9

- Net w or k Managemen t Image Display

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 a - highly Pr oj ectefficient Managing and Deploying an Enter pr ise SBC Envir onment RDP uses encoding algorithm to encapsulate screen data, similar to the X-Window Chapter 11 Most - Ser ver Configur ation: Windows Ter m inal Serv protocol. common or repetitive drawings are sent asices a command rather than an actual bitmap. Chapter 12 - Ser ver Configur Citr ix MetaFr am required e Presentation Seraver This method greatly reducesation: the amount of data to paint new screen or refresh an old one.

Microsoft publishedI the exact bandwidth requirements to paint a common Windows screen, but Chapter 13 has - Application nstallation and Configur at ion lab tests Mainstream show that Chapter 14from - Client ConfigurNetworks ation and Deploym entRDP 4.0 used up to 40 Kbps on a dial-up connection (with compression). is aand significant improvement in bandwidth utilization on the Windows 2000 Chapter 15 - Pr ofiles,There Policies, Pr ocedu res version16 of RDP—version 5.0.Access These improvements continue with the Remote Desktop Client released Chapter - Securing Client with Windows 2003. Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

RDP updates the screen as follows. A user starts an application, which informs the GDI where and

Chapter - the Disaster Recovery and Business Continuity in command the SBC Envir how to 19 draw application window. The GDI relays the to onment the RDP display driver (RDPDD) Chapter 20 Migr ation to Window s 2003 and Citr ix MetaFrame XP by way of standard Win32 API calls. This is the same process used in a Windows NT system without Ongoing Administr ation of the Ser er - Based puting The main API calls sent to RDP Terminal and is similar to the way avprint job isCom rendered. Chapter 21 Services, Envir onment

include the following:

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

TextOut() This call theEnterpr displayiseofFinancial text information client screen. GDI informs RDP of Appendix B - Creating an results On- Deminand Analysis ona Model the location and the glyphs graphical representation of a character). RDP tells the client which Appendix C - Creating an OnDem(a and Enterpr ise Subscr iption Billing Model I ndex

glyph to cache and which cache entry to use next time the same text is called for.

List of Figur es List ofPatBlt() Tables Pattern Block Transfer is used by RDP to tell the client how to draw a block of color. This

into a small command and is the alternative to sending a block of bitmaps and List oftranslates Case Studies List ofconsuming Sidebars a large amount of bandwidth.

LineTo() This command allows RDP to tell the client the beginning and ending coordinates of a 3D beveling line. The line can be used to form boxes. This command can be as small as 6 bytes to complete a line drawing.

Windows 2000 Graphical Enhancements

RDP version 5.0 not only improved the protocol communication efficiency, it also expanded its feature set and offers some of the benefits contained in the ICA protocol. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e Remote control This feature allows an administrator or authorized person to take over the ISBN:0072195665 by Steve et movement al. screen, keyboard, andKaplan mouse of any user session running to the same physical McGr aw -Hill © 2003 (724 pages) machine. This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ 20035.0 Serprotocol v er and MetaFr am e. Also Clipboard redirection The Windows RDP version synchronizes the server-side application learn t o centr alize application managem ent, r educe soft w arrunning e clipboard to the client-side clipboard buffer. This allows applications on the Terminal on the desktop, and mor e.

Server to cut and paste data to applications running on the client workstation. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Client printer autocreation Local client COM and LPT ports can be remapped automatically from the server. The local default printer will be created in the Terminal Server session, and print For ewor d jobs produced by applications running in a server session will be printed on the client's local I ntr oduction default printer. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Chapter 1

-

Chapter 4

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Bitmap cache EnterprWindows ise 2000 RDP provides additional persistent bitmap cache over version 4.0, which usedsRAM cache. Chapter 2 only - Window Ter minal SerUpon vices successful bitmap transmission, the server instructs the client where to store persistent cache When the same data is needed again, only the Chapter 3 - Citr ix MetaFr am e Access information. Suite coordinate bit isSolut sention to the client. This improvement is especially important in lowPa r t I location I - De signi ng a n Ent efor rprthis i se SBC speed dial-up WAN connections. Pr eparor ingwireless Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Windows 2000 Terminal Services Client Architecture

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7 - The Client Envir onment Windows 2000 with RDP 5.0 Chapter 8

- Security With the Windowst 2000, Microsoft significantly improved the capabilities of the core Chapter 9 introduction - Net w or k of Managemen

operation toing have Terminal Services all Envi server platforms. Pa r t I I I - I msystem ple m ent an O n-D e m a nd Se r ve r -integrated Ba se d Comwith pu ti ng r onm e nt

Enhancements were

also made the RDP client allowing for better performance additional Chapter 10 -toPr oj ect Managing and Deploying an Enter pr ise SBCand Envir onment features. The major advantages this wereWindows the availability ofServ standard Chapter 11 - to Ser verintegration Configur ation: Ter m inal ices services packs for Windows and Terminal the requirement for software vendors to Ser address Chapter 12 Services - Ser verand Configur ation: Citr ix MetaFr am e Presentation ver compatibility with the multiuser environment. Between the releasesand of Windows Chapter 13 - Application I nstallation Configur at2000 ion Server and Windows Server 2003, Microsoft

released Terminal Services Advanced Client (TSAC) which superceded the RDP client that shipped with Windows 2000. The TSAC, is based on the RDP 5.0 feature set, but comes in the form of an Chapter 15 - Pr ofiles, Policies, and Pr ocedu res ActiveX control. The performance of the TSAC is comparable to the previous client, but offers far Chapter 16 - Securing Client Access more flexibility in its deployment. It can be downloaded and executed within Microsoft Internet Explorer, Chapter 17 - Net wor k Configur at ion or any application that can make use of ActiveX controls, such as those written in the Visual Basic or Chapter 18 - Pr int in g Visual C++ development systems. In addition to the downloadable ActiveX control, it is also available Chapter 19 -ofDisaster Business Continuity in the SBCand Envir onment in the form an MSI Recovery (Windowsand Installer) package, which looks feels to the end user like the Chapter 20 Migr ation to Window s 2003 and Citr ix MetaFrame XP traditional RDP 5.0 client. Finally, the client is also available as an MMC snap-in, for administrators to Ongoing Administr ation of the Ser v er - Based Com puting use to assist Chapter 21 - with server administration. Chapter 14 - Client Configur ation and Deploym ent

Envir onment

Pa r t I V - Appendi x es

Windows 2003 and RDC

Appendix A - I nter netw or k ing Basics Appendix MicrosoftB continues - Creatingtoan improve On- Demfunctionality and Enterpr ise withFinancial the release Analysis of Windows Model Server 2003. The additional

featuresCof -Windows 2003 allow integrated detailed controlModel of security in a Terminal Services Appendix Creating Server an On- Dem and Enterpr ise Subscr iption Billing environment that previously were left to the creativity of the administrator and third-party applications. I ndex Remote Desktop Client (RDC) provides for better performance with streaming video, security, and List of Figur es client resource availability, and is now ported to the Mac OS X platform. List of Tables List of Case Studies

RDC using RDP now supports the following four operating system platforms:

List of Sidebars

The Win32 platform, which includes Windows XP, Windows 2000, Windows NT, Windows 95, 98, and Windows Millennium (available for download at http://www.microsoft.com/windowsxp/remotedesktop/) The Win16 platform, which includes Windows and Windows for Workgroups 3.11 The WinCE platform, which includes many new thin-client devices with WinCE running as the

embedded operating system A Macintosh Remote Desktop Client (RDC) for MAC OS X (available for download at Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver http://www.microsoft.com/mac/download/misc/rdc.asp) 2 00 3 : Th e O ff icial Guid e ISBN:0072195665 Stevefor Kaplan al.to minimize bandwidth utilization, Microsoft's designbygoals RDCetare minimize memory usage, and McGr aw -Hill © 2003 (724 pages) speed up screen transmission. RDC represents a striking improvement over both RDP version 4.0 and This guide ex plains how to build a r obust, reliable, and RDP version 5.0 in both speed and features.

scalable thin- client com puting envir onment and deploy

2000/ of Windows 2003 v er features and MetaFr e. Also Table 2-2 shows Windows a comparison some of the Ser major of am RDP and RDC. learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Table 2-2: RDP Version 5.0 vs. RDC < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

RDP 5.0

RDC for Windows 2003 and Windows XP

Yes

Yes

Yes

Yes

Yes

Yes

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntrFeature oduction

Description

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Clients

32-bit clients for Windows 95, 98,

I ntr oducing Ser ver -Based Com puting and th e On- Dem and NT, 2000 and 2003 Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices 16-bit client for Windows 3.11 - Citr ix MetaFr am e Access Suite

Chapter 3

Windows CE-based clients

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Browser client With I mplem ent ation TSAC

Chapter 5

With TSAC

- Ser ver - Based Computing Data Center Architect ure Transport TCP/IP Chapter 6 - protocol Designing Your Netw or k for Ser ver- Based Com put ing

Yes

Yes

Chapter Audio7

Yes

Yes

No

Yes

Chapter 8

- The Client Envir onment System beeps - Security

Print stream Compression of print jobs executed - Net w or k Managemen t compression in a Terminal Services session

Chapter 9

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 -Services: Pr oj ect ManagingImproved and Deploying an Enterof pr ise SBC Envir onment Terminal performance high No Chapter 11 performance - Ser ver Configur ation: Windows Terthroughput m inal Serv ices slow link latency and slow

Yes

Chapter optimizations 12 - Ser ver Configur ation: connections Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Local printer redirection

Print to client-attached printer

Chapter 14 - Client Configur ation and Deploym ent

Yes

Yes

Yes

Yes

Yes

Yes

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Local16 drive mapping Client Access Local client drive access from Chapter - Securing session Chapter 17 - Net wor k Configur at ion Chapter 18 paste - Pr int in g Cut and

Cut and paste between server

Chapter 19 - Disaster Recovery and Business Continuity session and client sessionin the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Remote control Remote controlCom of aputing Yes Ongoing Administr ation ofviewing the Serand v er - Based session Envir onment

Yes

Chapter 21 -

Pa r t I V - Appendi x es

Bitmap caching

Bitmap caching in memory

Yes

Yes

Bitmap to disk Yes Appendix B - Creating an On- Dem and caching Enterpr ise Financial Analysis Model

Yes

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Appendix A - I nter netw or k ing Basics

Time zone redirection

Remote client clock shows correct time, regardless of whether client is in different time zone from Terminal Server

No

Yes

Macintosh client

Client for Mac OS X

No

Yes

Preconfigured client

Predefined client with IP address, server name, and connection information

Yes

Yes

I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

RDP Client Software Architecture

The RDP client software is installed on the server under the directory %systemroot%\system32\clients\tsclient. The client disk creator program under Start | program | Administrative tools | Terminal ClientSu Creator disk set for distribution to Cit rix Me t aFraServer m e Access it e fo r will W inmake do w sthe Sernecessary ver client PCs. 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

When the Terminal Server client starts, the user interface calls the core API to set up a session with a server name or IP address. The default TCP/IP port is set to 3389. The security layer in turn calls the I ntr oduction network layer to set up a socket with the goal of establishing a connection to the server. Once the Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g TCP/IP connection is set up, the security layer starts to negotiate an encryption level with the server. I ntr oducingwill Sernegotiate ver -Based bitmap Com puting andprinter, th e On-and DemCOM and port redirection. Upon Then the protocol cache, Chapter 1 core Enterpr ise successful negotiation, an active session is launched, and the user is presented with the Windows Chapter 2 - Window s Ter minal Ser vices logon screen. It is important to note that if the traffic is passing through a firewall, port 3389 must be Chapter 3 - Citrfrom ix MetaFr am e Access Suite to the server. open outbound the client and inbound For ewor d

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Client Caching Pr epar Client ing Your cache Oris ganization negotiated for during an On-session Dem and setup. EnterprBy isedefault, 1.5MB of RAM is set aside I mplem In entaddition, ation for bitmap caching. the RDC sets up persistent caching to improve communication speed Chapter 5 links. - Ser When ver - Based Computing Data Center ure RDP device driver (RDPDD) compresses over slow a bitmap is to be sent to theArchitect client, the Chapter 6 -image, Designing Netw k for Ser ver- Based Com put ing the bitmap thenYour sends theorbitmap across the network. RDPDD also instructs the client Chapter regarding 7 which - The cache Client Envir cell to onment store the bitmap in. When the client requests the same bitmap again, the server simply sends the cache cell reference number to the client. Chapter 8 - Security Chapter 4

Chapter 9

- Net w or k Managemen t

The RDP client employs yet another technique to make use of screen cache in a remote control session. Windows drop-down menus make up much of the display. Most frequently used menus are Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment cached in RAM when activated for the first time. Additional clicking on the same menu display will Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices retrieve the screen cache from RAM rather then retrieving it over the network. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Chapter 13Desktop - Application I nstallation andRDC Configur at ion three levels of encryption: low, medium, and high. Remote Client Encryption supports Chapter 14 encryption - Client Configur andalgorithm Deploym on ent client data being sent to the server. Medium-level Low-level uses aation 40-bit

encryption a 56-bit algorithm encrypt Chapter 15 -uses Pr ofiles, Policies, and Prto ocedu res data flow in both directions. Finally, high-level encryption uses a 16 128-bit RC4 two-way algorithm on both client and server. Terminal Services configuration on Chapter - Securing Client Access the server the lowest Chapter 17 determines - Net wor k Configur at ionlevel of encryption allowed. For example, if the server enforces highlevel 128-bit then only a 128-bit encryption client can connect to the server. However, if the Chapter 18 - encryption, Pr int in g server only encryption, then 128-bit, 56-bit and 40-bit are all able to connect. Chapter 19 -requires Disaster40-bit Recovery and Business Continuity in the SBC Envirclients onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Remote Desktop Client Remote Control Microsoft introduced remote control first in RDP version 5.0

Ongoing Administr ation of the Ser v er - Based Com puting with Windows Chapter 21 - 2000, and has continued to enhance it with RDC and Windows Server 2003. Remote Envir onment

control allows administrators to view and take control of another user's session running on the same server. By setting special permissions in the Terminal Services Configuration/Connections (TSCC), Appendix A - I nter netw or k ing Basics help desk personnel can use the remote control feature to assist users by taking over their screen. To Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model use the Terminal Services Manager (Start Menu | Administrative Tools | Terminal Services Manager), Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model highlight the desired user, and click the Remote Control option. The screen resolution and color depth I ndex of the shadowing session needs to be equal to, or higher than, the shadowed session. Pa r t I V - Appendi x es

List of Figur es

Remote control in Windows Server 2003, unlike in Windows 2000, can now take over the List ofTip Tables server console session. List of Case Studies List of Sidebars

In a shadowed session connection, TERMDD establishes a shadow pipe in which RDP packets are sent to both the shadowing and the shadowed sessions, as shown in Figure 2-6. In this way, input is accepted from both sessions, and results are returned to both sessions.

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

I mplem ent ation Figure 2-6: Remote Desktop Client remote control process

Chapter 5

- Ser ver - Based Computing Data Center Architect ure Note administrator wants remotely controlCom a session Chapter 6 If- an Designing Your Netw or ktofor Ser ver- Based put ing from the server console, an RDP

must be launched first, using the Terminal Services server as the "client." Chapter 7 virtual - The session Client Envir onment inside the virtual client session, the administrator can then take remote control of a Chapter 8 From - Security Chapter 9 session. - Net w or k Managemen t Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Remote Desktop Client Session Administration The Terminal Services Configuration/Connections (TSCC) program can be used to control inactivity timeouts (when no activity is seen from the keyboard Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices or mouse for a set amount of time). The same interface can also automatically reset a disconnected Chapter - Ser verdisconnect Configur ation: Citr ix MetaFr am e Presentation Ser vertwo values are not set. This session12when the timeout value expires. By default, these Chapter 13 Application I nstallation and Configur at ion means no timeout will be triggered when a user leaves the client session unattended or the session is Chapter 14 disconnected. - Client Configur ation and Deploym ent otherwise For security reasons, and to conserve server resources, we strongly Chapter 15 Pr ofiles, Policies, and Pr ocedu res recommend that a reasonable value be set for both of these parameters, as shown in Figure 2-7. A Chapter 16 - with Securing Client Access new feature the Remote Desktop Client is session directory, which, when used in conjunction with Chapter 17 - Load Net worBalancing k Configuron at ion the Network a Terminal Server farm, allows users to reconnect to the specific disconnected Chapter 18 - Prsession int in g they've left within a farm, rather than just being directed to the next available server when they reconnect. Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3 - 2-7: Citr ix MetaFrtimeout am e Access Suite Figure Setting values for RDP sessions Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Note ThePrsystemwide control 2-7and hasEnterpr the Active epar ing Your session Or ganization forinanFigure On- Dem ise session timeout set for Never, ent ation timeout set for 30 minutes, and the idle timeout set for two hours. These theI mplem disconnection Chapter 5 settings - Ser vershould - Based be Computing Center Architect ure sufficientData for most disconnect situations. Any adjustments of these values be made to Ser company policy and Chapter 6 should - Designing Youraccording Netw or k for ver- Based Com put user ing behavior. Generally, we do not an active session timeout, as this will disconnect users who may be Chapter 7 recommend - The Client setting Envir onment Chapter 8 working. - Security Chapter 4

Chapter 9

- Net w or k Managemen t

For the settings in Figure 2-7, if a session detects no keyboard or mouse input for two hours, the session is disconnected. In this case, a user needs to log on to the system again to connect to the Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment suspended session, and no data loss is likely. If a user fails to log on within 30 minutes after the twoChapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices hour inactivity timeout however, the system will reset the disconnected session, and any data not saved Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver will be lost. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

New Features for Terminal Services in Windows Server 2003

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access

The Terminal Services component of Microsoft Windows Server 2003 builds on the solid foundation

Chapter 17by- the Net application wor k Configur at ion mode in Windows 2000 Terminal Services, and includes the new provided server Chapter 18 Pr int in g client and protocol capabilities of Windows XP. Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Table 2-3 theation newtofeatures benefits provided by Windows Server 2003. Chapter 20 lists - Migr Windowand s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir onment Table 2-3: Windows Server 2003 New Features and Benefits

Pa r t I V - Appendi x es

Terminal Services Appendix B - Creating licensing model Appendix C - Creating and I ndex management Listimprovements of Figur es

Support has been added for the new user-based license model (devicebased licensing and a hybrid approach utilizing both user- and devicean On- Dem and Enterpr ise Financial Analysis Model based licensing are also supported).

Appendix A - I nter netw or k ing Basics

List of Tables List of Case Studies List of Sidebars

an On- Dem and Enterpr ise Subscr iption Billing Model

Additionally, improvements have been made to the Terminal Services License Manager Wizard, including a new Internet connection method for activating licenses, new error messages, and a new method for handling reactivation of upgraded Windows 2000 license Terminal Services.

Printers

All printers installed on the client are visible to the server—including network printers. With Windows 2000 Terminal Services, only locally Cit rixconnected Me t aFra mprinters e Access Su itredirected. e fo r W in do w s Ser verprinters are given names were Redirected 2 00 3 :that Th eare O ffeasier icial Guid e to read. For example, users might see "printername on by Steve Kaplan et(from al. clientname) in sessionISBN:0072195665 printserver 9"; whereas in Windows 2000, McGr aw -Hillwould © 2003have (724 pages) they seen "_printserver_printername/clientname/Session 9." This guide ex plains how to build a r obust, and to Windows 2000-based Printer redirection also works whenreliable, connecting scalable thin- client com puting envir onment and deploy servers. Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn tPrinter o centr driver alize application mapping has managem been ent, enhanced r educe to soft provide w ar e better matching in on thenear-miss desktop, and mor e. cases.

< ?xm l version= " 1.0" encoding= 88591" ?> cannot be made, the Trusted Driver Path lets you When"aI SOdriver match Ta ble o f Con t en t s specify other standard printer drivers that you sanction on your Terminal Citr ix MetaFr am e Access Servers. Suite for Window s Ser v er 2003—The Official Guide For ewor d

The print stream is compressed for better slow-link performance between a server and client.

I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Client error I ntr oducing More than 40 new error Ser ver -Based Comclient puting and messages th e On- Demmake and it easier to diagnose messages- Enterpr iseclient connection problems.

Chapter 1 Chapter 2

- Window s Ter minal Ser vices

Security The Terminal Server access model now conforms better to Windows - Citr ix MetaFr am e Access Suite enhancements server management paradigms.

Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Software Pr epar ing Software restriction in Windows Server Your Or ganization forpolicies an On- Dem and Enterpr ise 2003 enable ation restriction I mplem entadministrators to use group policies to simplify locking down Terminal Chapter policies 5 - Ser ver - Based Servers Computing (and any Data other Center Windows Architect Server ure 2003-based computer) by only certain to beCom runput bying specified users. Chapter 6 - Designing allowing Your Netw or k forprograms Ser ver- Based Chapter 4

Chapter 7 Chapter 8

- The Client This Envirbuilt-in onmentWindows feature replaces the AppSec (Application Security) - Security tool used in previous versions of Terminal Services.

Chapter 9

- Net w or k Managemen t

Session directory

Terminal servers can be organized into "farms." This configuration allows clusters of load-balanced computers to appear to their users as a Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment fault-tolerant service. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

The new Session Directory in Terminal Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am efeature Presentation Ser ver Services allows users to

the Configur specific at disconnected session they've left within a farm, Chapter 13 - Applicationreconnect I nstallationtoand ion rather than just being directed to the next available server when they reconnect.

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Session Directory can use the Windows Network Load Balancing Chapter 16 - Securing Client Access Service, Chapter 17 - Net wor k Configur at or iona third-party load balancer, and the service can run on any

Windows Server 2003-based computer. However, members of the Terminal Server farm must be running Windows Server 2003, Enterprise Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Edition. Chapter 18 - Pr int in g

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Ongoing Administr ation of the Ser v erlevel, - Based Com puting FIPS compliance An additional encryption labeled "FIPS Compliant," has been Chapter 21 Envir onment added to Terminal Server in Windows Server 2003. This level of security Pa r t I V - Appendi x es

encrypts data sent from the client to the server, and from the server to

Appendix A - I nter netw or k ing Basics the client, with the Federal Information Processing Standard (FIPS) Appendix B - Creating an OnDem Enterpr ise Financial Analysis Model encryptionand algorithms using Microsoft cryptographic modules. This new Appendix C - Creating an On- of Dem and Enterpr ise Subscr to iption Billingcompliance Model level encryption is designed provide for organizations I ndex that require systems to be compliant with FIPS 140–1 (1994) and FIPS List of Figur es List of Tables List of Case Studies

128-bit

Listencryption of Sidebars

Single session policy

140–2 (2001) standards for Security Requirements for Cryptographic Modules. By default, connections to Terminal Servers are secured by 128-bit, bidirectional RC4 encryption—when used with a client that supports 128bit. (RDC is 128-bit by default.) It is possible to connect with older clients using encryption lower than 128-bit, unless it is specified that only highencryption clients are allowed. Configuring the single session policy lets an administrator limit users to a single session, regardless of whether it is active or not—even across a farm of servers.

Terminal Services Manager

An improved Terminal Services Manager allows for easier management of larger arrays of servers, by reducing automatic server enumeration. Cit rixThis Me t aFra e Access Su ittoe arbitrary fo r W in do w s Serby ver givesmdirect access servers name, and provides for a 2 00 3 :list Thof e O ff icial servers. Guid e favorite

Slow link performance optimizations

ISBN:0072195665 by Steve Kaplan et al. Terminal Services optimized slow-link performance allows terminal client McGr aw -Hill © 2003 (724 pages)

usersextoplains specify, interface, theand type of connection that exists This guide howvia to their build user a r obust, reliable, between the com client computer and theand server. Based on this selection, scalable thin- client puting envir onment deploy Windows 2000/ Windows 2003 Ser v eradjusts and MetaFr am e.features Also Terminal Server dynamically desktop to deliver the best learn tpossible o centr alize application managem ent, r educenetwork soft w ar connection e user experience over the chosen speed. on the desktop, and mor e. This improves the remote desktop user experience over a variety of

< ?xm l version= " 1.0" encoding= " I SO8859- 1" ?>speeds. network connection Ta ble o f Con t en t s

The four options for network connection speeds are modem (56 Kbps,

Citr ix MetaFr am e Access 28.8 Suite Kbps), for Window s Ser v er(128 2003—The GuideLAN (10 Mbps or broadband Kbps toOfficial 1.5 Mbps), For ewor d higher), and custom. The custom setting allows users maximum flexibility I ntr oduction

over what desktop features are disabled. These optimizations apply only sub-LAN connection speeds. At I ntr oducing ver -Based Comcomputer puting andhas th e the On-full-featured Dem and allSer other times, the desktop functionality. Enterpr ise Clients running the following operating systems may utilize this feature: - Window s Ter minal Ser vices Windows XP, Windows 2000, Windows 95, Windows 98, Windows Me, - Citr ix MetaFr am e Access Suite and Windows CE.

Pa r t I - Ov er vi e w of Entewhen r pr ise the Se r user ve r - Ba d Com put in g isse connected remotely at

Chapter 1 Chapter 2 Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Time zone Pr epar ing This Your feature Or ganization allowsfora an remote On- Dem desktop and Enterpr session's ise time zone to be specified ation the client computer's time zone. For example, an IT administrator who redirection I mplem entby Chapter 5 - Ser ver - Based Data Center Architect hasComputing deployed Terminal Services forure a particular group of users located in Chapter 6 - Designing several Your Netw or k for Ser ver- Based Com put locations around the world caning use Group Policy and Windows Chapter 7 - The Client Management Envir onment Instrumentation (WMI) on the server to turn on time zone Chapter 8 - Security redirection. This allows end users of Terminal Services to utilize their computer'st local time zone rather than the time zone of the Terminal Chapter 9 - Net w or k Managemen capable ofrtime redirection Pa r t I I I - I m ple m ent ing Services a n O n-D e server. m a nd SeClients r ve r - Bacurrently se d Com pu ti ng Envi onm ezone nt include and Windows XP and Windows CE (Version 5.1). Chapter 10 - Pr oj ect Managing Deploying an Enter pr ise SBC Envir onment Chapter 4

Chapter - Ser ver Configur ation: Windows Ter m inal Serv iceslogon credentials can provide those Smart11card signA smart card that contains Windows Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser versession for logon. This credentials to a Windows Server 2003 remote on Chapter 13 - Applicationfeature I nstallation and a Configur at ion requires client OS that can recognize the smart card first: Chapter 14 - Client Configur ation and Deploym ent Windows 2000, Windows XP, and Windows CE .NET. Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Ports

Client serial ports can be mounted to the server. This enables a variety of hardware on the client computer to be accessed by software on the Chapter 17 - Net wor k Configur at ion server. Chapter 16 - Securing Client Access Chapter 18 - Pr int in g

File system Client drives, including network in drives, are Envir mounted inside the server Chapter 19 - Disaster Recovery and Business Continuity the SBC onment session. letsand users or save files Chapter 20 - Migr ation to WindowThis s 2003 Citropen ix MetaFrame XP on their own computers' disk Chapter 21 -

drives, ination addition opening andCom saving files on the server. Ongoing Administr of thetoSer v er - Based puting Envir onment

Integration with This feature provides the ability to script Terminal Services user Active Directory configuration settings using the Active Directory Services Interface Appendix A - I nter netw or k ing Basics Services (ADSI). For instance, an IT administrator who upgrades a domain from Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Interface Windows NT 4.0 to Windows Server 2003 can use ADSI to script the Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model creation of user accounts within Active Directory and copy all user I ndex properties, including Terminal Services user configuration information. Pa r t I V - Appendi x es

List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra e Access Su it e fo r W in do w s Ser ver Terminal Services in mthe Enterprise 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 Steve Kaplan et al. some issues that will likely In this part of the by chapter, we discuss be encountered when adding McGr awenterprise -Hill © 2003 (724 pages) Terminal Services to an organization.

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e The standard principles for installing a Terminal Server apply equally to Windows 2000 and Windows on the desktop, and mor e.

Domain Considerations

2003 Terminal Services. If Active Directory is installed on the network, simply join the Active Directory

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> domain. There is no longer a primary domain controller (PDC) or backup domain controller (BDC) in Ta ble o f Con t en t s

Active Directory setup. For legacy support, a PDC Emulator will be created in the Windows 2000 domain controller when a Windows NT Domain client attempts to log on. Therefore, it is possible to For ewor d mix TSE servers with Windows 2000 and Windows 2003 servers running Terminal Services. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security Migrating to Windows Server 2000 or Windows 2003 Server from an Existing - Net w or k Managemen t Windows NT 4.0 PDC Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Chapter 9

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

If a Windows 2003 server is installed in an existing network that employs backup domain controllers,

Chapter - Ser ver2003 Configur ation: Windows m inal Serv icesdomain controller. In this case, the the new11Windows server operates as Ter a "mixed mode" Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Windows 2003 DC will be migrated first to Active Directory and will emulate a Windows NT 4.0 PDC. Chapter 13 Application I nstallation and Configur at ion The old PDC-to-BDC security database synchronization will continue until all BDCs are migrated to Chapter 14 - Client Configur andhas Deploym Active Directory and "mixedation mode" been ent switched to "native mode." Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access

Application Considerations

Chapter 17 - Net wor k Configur at ion

Chapter 18 - Pr int inare g written to run on a single-session platform such as Windows 95, 98, or Windows Most applications Chapter 19 - Disaster and Business in the SBC Envir onment NT Workstation with aRecovery single user. TerminalContinuity Services requires significant changes to be made to the Chapter kernel and 20 -operating Migr ationsystem to Window to accommodate s 2003 and Citrmultiuser ix MetaFrame access. XP Because of these changes, both

programmersOngoing and administrators must fully understand the issues Administr ation of the Ser v er - Based Com puting and possible solutions in order to onment configure theEnvir system so that single-session applications can be executed in a multisession Pa r t I V - Appendi x es environment. We discuss some of the problems and possible solutions in this section. Chapter 21 -

Appendix A - I nter netw or k ing Basics

TerminalB Services makes special demands on Financial how an application is written and how the application Appendix - Creating an OnDem and Enterpr ise Analysis Model

uses theCWindows NTanoperating system. The NT Registry is used by many programs to store Appendix - Creating On- Dem and Enterpr iseWindows Subscr iption Billing Model

variables during an installation, changes while the program executes, and changes that normally occur when users with differing logons access the application. On a typical Windows 2000 Professional List of Figur es workstation, an application may put data into the HKEY_LOCAL_MACHINE registry hive, assuming List of Tables only one user will access the application at a time. On Terminal Server, this could prove disastrous, as List of Case Studies changes to this registry hive would affect all users of this Terminal Server, not just the user executing List of Sidebars the application making the change. I ndex

Many problems occur with applications that store local data constructs in global locations. In addition to separating global and local information in the registry, global and local file-based data constructs should also be maintained separately. For example, user preference files should not be stored in a main system directory (/%systemroot%) or program directory (\Program Files). Instead, preference files or other user-specific local data should be stored in the user's home directory or a user-specified directory. This consideration also applies to temporary files used to store interim information (such as

cached data) or to pass data on to another application. User-specific temporary files must also be stored on a per-user basis. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

Some specific issues that may cause an application to fail in a multiuser environment include 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al.

ISBN:0072195665

McGr awentries -Hill © 2003 (724applications pages) Incorrect registry Many write a global INI file to the system root for userspecific information. Thus, whenhow onetouser opens and the INI file, other users may not be This guide ex plains buildchanges a r obust,orreliable, scalable thin- file. clientSome com puting envir onment and deploy able to access the same applications add shortcuts to only the installer's menu during Windows of 2000/ 2003 Sernot v er see and the MetaFr am e. Also installation; because this,Windows other users may shortcut. Still, many applications point the learn t o centr alize application managem ent, r educe soft w ar e data files, temporary files, or cache files to the same location for all users. In this situation, only on the desktop, and mor e. one user can run the application at a time. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

An Window object created a sessionOfficial is named differently. The application may Citr ix Changed MetaFr am eobject Accessname Suite for s Ser v er in2003—The Guide notd be able to find the object using the expected name or location. For ewor I ntr oduction Pa r t I Incorrect - Ov er vi e wfile of and Ente robject pr ise Serights r ve r - Ba se d Com put in g access An application

normally locates libraries and executables

I ntr oducing Ser ver -Based Com puting and th e On-users Dem and in the NT %SystemRoot% directory. Multiple accessing the same file may create Chapter 1 Windows Enterpr ise file-locking problems. Chapter 2

- Window s Ter minal Ser vices The following areix some application Chapter 3 - Citr MetaFrother am e Access Suite problems and issues to be aware of within a multiuser

Terminal Pa r t I I - DeServices signi ng a environment: n Ent e rpr i se SBC Solut ion Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter Do4not-assume theation computer name, MAC address, or IP address equates to a single user. In the I mplem ent

traditional distributed Chapter 5 - Ser ver - Based Windows Computingclient-server Data Centerarchitecture, Architect ure one user is logged on to one computer at a time.- Thus, the computer name or Internet Protocol (IP) address assigned to either a desktop or Designing Your Netw or k for Ser ver- Based Com put ing server computer equates to one user. In the Terminal Services environment, the application can Chapter 7 - The Client Envir onment only see the IP or NetBIOS address of the server. Applications that use the computer name or IP Chapter 8 - Security address for licensing, or as a means of identifying an iteration of the application on the network will Chapter 9 - Net w or k Managemen t not work properly in the Terminal Services environment because the server's computer name or Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt IP address can equate to many different desktops or users. Chapter 6

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Chapter 11 - Ser ver16-bit Configur ation: Windows Ter mrequire inal Serv ices RAM than native 32-bit Windows MS-DOS and Windows applications more Chapter applications 12 - Ser ver andConfigur may not ation: execute Citr ixatMetaFr all in am Windows e Presentation 2000 Server Ser veror Windows Server 2003.

Windows runs an emulation layer theat Virtual DOS Machine (VDM) as a process on the 32Chapter 13 - Application I nstallation andcalled Configur ion bit 14 operating Although memory Chapter - Clientsystem. Configur ation andthis Deploym ent requirement may not show up as performance degradation on aPolicies, high-powered desktop Chapter 15 - Pr ofiles, and Pr ocedu res computer running the latest Windows operating system with of RAM, it may easily show up on a system running Terminal Services due to the Chapter 1664MB - Securing Client Access multiplier effect many user Chapter 17 - Net wor kofConfigur at ion sessions. Chapter 18 - Pr int in g

Multiuser Application Issues

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 encounter - Migr ation to Window s 2003 and Citr ix MetaFrame XP You may several possible issues when running applications under Terminal Services that Ongoing Administr ation of the Ser v er Based Com puting were not to run in a multiuser environment. Some of the most important issues are Chapter 21 designed Envir onment

summarized here. We will discuss these and other application-related issues in more detail in Chapter 13.

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Application Compatibility Scripts Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Many of the issues discussed so far have been addressed by the creation of application compatibility I ndex scripts. After List of Figur es installing an application, an administrator is required to run the corresponding script to resolve the issues mentioned. Windows 2000 shipped with 27 native Application Compatibility Scripts, List of Tables andof since scores of software manufacturers have created additional scripts to provide users with List Case then Studies fixes for their software in a multiuser environment. At the time of this writing, Windows 2003 only has four scripts in the Application Compatibility Scripts folder. Since Microsoft requires an application be multiuser compatible before it can be certified for Windows 2003, our assumption at this time is that a large majority of application vendors have simply included the scripts in their install process, thus alleviating the need for scripts. Obviously there will be some stragglers, so the need for Application Compatibility Scripts will continue for the foreseeable future. Application compatibility scripts are located in the %SystemRoot%\Application Compatibility Scripts\Install folder.

List of Sidebars

DOS and 16-Bit Windows Programs After over eight years Microsoft system Cit rixofMe t aFra m eoperating Access Su it e fo rsupport W in do for w s 32-bit Ser verapplications, it seems logical that all application vendors their software porting to take advantage of the speed, 2 00 3 :would Th e Ohave ff icialcompleted Guid e stability and interface changes. thus runs more efficiently in a by Steve KaplanWin32 et al. allows code sharing andISBN:0072195665 multiuser environment. If additional users need to access the same Win32 application code, a pointer McGr aw -Hill © 2003 (724 pages) is created that shares the same code from the original copy loaded in This guide ex plains how to build a r obust, reliable, and the kernel and user modes. Code sharing cuts down the of memory usageand when multiplying a large number of scalable thin-total clientamount com puting envir onment deploy 2000/ Windows 2003and Ser vDOS er and MetaFr am e.need Also to run in their own VDM, and sessions. On the Windows other hand, 16-bit Windows applications learn t o centr alize application managem ent, r educe soft w ar eto 32-bit conversion so no code sharing is possible. Also, Win16 applications often require 16on the desktop, and mor e. programs ("thunking" and "context switching") that increase resource utilization even further. Even with < ?xm l version= " 1.0" encoding= " I SO-and 88591" ?> ten years to get it done, there are still a few poorly run all of these obvious advantages, nearly Tasoftware ble o f Con t en t s who have not ported their software to a 32-bit code. We highly recommend running vendors Citr ix MetaFr e Access Suite for Window s Ser possible, v er 2003—The Guidea large investment in moving to only 32-bit am Windows applications whenever even Official if it requires another For ewor d vendor. Because Windows 2000 and 2003 are not well suited for DOS or 16-bit application support (although there are some instances where it works), if 16-bit or DOS applications are required, I ntr oduction consider dedicating a Windows TSE server Pa r t I - Ov er vi e w of Ente r pr ise Se rNT ve r 4.0 - Ba se d Com put into g those applications, while building the rest of the farm around IWindows ntr oducingServer Ser ver2003. -Based Com puting and th e On- Dem and Chapter 1

-

Enterpr ise

Effective ofs the Registry Chapter 2 - Use Window Ter minal Ser vices Chapter 3

- Citr ix MetaFr am e Access Suite

In a multiuser environment, applications should store common information pertaining to systemwide operation in the HKEY_LOCAL_MACHINE section of the registry. Such information includes the path Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter - application components, and what components are needed during execution. Userused to4load I mplem ent ation specific5 information, such as the locations of custom dictionaries (custom.dic) and user templates Chapter - Ser ver - Based Computing Data Center Architect ure (normal.dot), should be stored in HKEY_CURRENT_USER. Some applications incorrectly store Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing information meant to be user specific in HKEY_LOCAL_MACHINE. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 7

- The Client Envir onment

Chapter 8 - compatibility Security Application scripts, Group Policies, and user profiles can all address an unused drive Chapter Net w or k Managemen t user. REG.INI then changes pointers to this drive to each user's letter to9 the- home directory of each Pa r t I I I directory - I m ple m environment ent ing a n O n-D e m a nd Se ve r -way, Ba se each d Comuser pu ti ng Envi r onm e nt home variable. In rthis gets her own copy of

an initialization file.

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Tip11A utility Exchange Resource Kit, named Chapter - Serin verthe Configur ation:Server Windows Ter m inal Serv ices profgen.exe, resolves common pointer issues from users to openamthe same e-mailSer post Chapter 12 - Serarising ver Configur ation: trying Citr ix MetaFr e Presentation ver office box when a mandatory

profile is used. This utility can usefulatwhen Chapter 13 - Application I nstallation andbe Configur ion enabling many users running Terminal Services to access the same Exchange server.

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Application Install and Execute Modes

Chapter 16 - Securing Client Access

Chapter - Net woran k Configur at ionwrites user-specific keys to the Administrator's During 17 installation, application Chapter 18 Pr int in g HKEY_CURRENT_USER registry hive. Information such as Document Path and Autosave Path are Chapter - Disaster Recovery and Business Continuitykeys in the SBC Envir onment missing19from other users' HKEY_CURRENT_USER because they did not install the application.

These keys successfully theixapplication. Services provides a global Install Chapter 20 - are Migrcrucial ation toinWindow s 2003using and Citr MetaFrame Terminal XP mode to address this Administr situation.ation During installation, the system is placed under Install mode by entering Ongoing of the Ser v er - Based Com puting Envir onment the command Change User /Install at the command prompt or by using Add/Remove Programs from Pa r t IControl V - Appendi x esAll user-specific keys generated by the application under the software hive are the Panel. Appendix A by - I nter netw or kining Basics shadowed a key hive Appendix HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNt\CurrentVersion\TerminalServer\Install. B - Creating an On- Dem and Enterpr ise Financial Analysis Model Chapter 21 -

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

This key hive is appropriately called the shadow key. Once installation is completed, the system can be switched back to normal execution mode by entering the command Change User /Execute at the List of Figur es command prompt. In the Execute mode of operation, the shadow key information is written back into List of Tables each user's software key hive when the system finds that the keys are missing. I ndex

List of Case Studies

List of same Sidebars The command addresses missing INI and DLL files in the case of 16-bit applications. These files

are copied into each user's Windows directory (normally, %homedrive%\%homepath%\windows). This also applies to 32-bit applications if they use INI files. The %homedrive% and %homepath% variables are both solved when running chkroot.cmd and are replaced simply by %rootdrive%. The files that are copied to C:\WTSRV and C:\WINNT are copied to %rootdrive%\windows when a new user logs in.

User-Specific Application Data

Some settings, such as DocumentPath in the HKEY_CURRENT_USER Microsoft Word subkey, may only be created the first time the application is run. Therefore, the installer must execute the application in global Installation right after By doing this, the Cit rix Me t aFra mode m e Access Su it efinishing fo r W inthe do winitial s Serinstallation. ver system will generate and record them in the shadow key so that they can later be copied 2 00 3these : Th evalues O ff icial Guid e into each user's HKEY_CURRENT_USER registry hive. ISBN:0072195665 by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

Note Logging in as a user and changing settings in an application can cause problems for any This guide ex plains how to build a r obust, reliable, and user running that application. Making a change while logged in as a normal user on a scalable thin- client com puting envir onment and deploy production machine toWindows store a user's name initialsam would cause all future users to see Windows 2000/ 2003 Ser v er and and MetaFr e. Also that user's and initials when they edit documents. it is learnname t o centr alize application managem ent, r educe Thus soft w ar e important to find where on theare desktop, e. these paths stored and andmor to script or add them to the shadow INSTALL key mentioned earlier that all users get the changes the administrator wants them to have. < ?xm l version= " 1.0"soencoding= " I SO-only 88591" ?> Ta ble o f Con t en t s

Sometimes an application creates a path pointer to a common location for all users. For example, the Microsoft Office 97 installation program sets a document template pointer to C:\Program For ewor d Files\Microsoft Office\Template. When multiple users try to update or open the same file, errors will I ntr oduction occur. To address this situation, the administrator needs to search the registry and change the pointer Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g to each user's home folder, such as H:\Office 97\Template, then create the correct directory structure I ntr oducing Ser ver -Based Com puting and th e On- Dem and for each Chapter 1 user - in the logon script %SystemRoot%\System32\usrlogn2.cmd. This file is called by the Enterpr ise usrlogon.cmd (if this file does not exist, create it using a text editor) and add the following simple Chapter 2 - Window s Ter minal Ser vices statement to accomplish this task: Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

IF NOT EXIST H:\OFFICE 97\TEMPLATE MD H:\OFFICE 97\TEMPLATE Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Note Most of the Microsoft Office installation issues discussed here have been resolved with Office - The Client Envir onment 2000 and XP, or are easily resolved with the Office Resource Kit. These discussions still Chapter 8 serve - Security as an example of how to resolve similar problems with other applications. Chapter 7 Chapter 9

- Net w or k Managemen t

Pa Ar tsimilar II I - Im problem ple m entoccurs ing a n when O n-D e all m a users nd Se rare ve r - directed Ba se d Com to pu use ti ng theEnvi same r onm cache e nt

files. The cache file

pointer10 is set toojaect common location, such asan C:\Temp\Cache. When multiple users attempt to write to Chapter - Pr Managing and Deploying Enter pr ise SBC Envir onment the same application will oftenTer halt, corrupt Chapter 11 location, - Ser ver the Configur ation: Windows m inal Serv the ices cache, or simply crash the server. Again, the solution tover change theation: pointer Chapter 12 - isSer Configur CitrinixHKEY_LOCAL_MACHINE MetaFr am e Presentation Serand ver HKEY_CURRENT_USER, then create the directory and structure in each Chapter 13 corresponding - Application I nstallation Configur at ion user's home directory to support an individual application Chapter 14 -cache. Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

File Security

Chapter 16 - Securing Client Access Chapter 17 - often Net worstore k Configur ion system root directory. Security is normally set to Read-Only for Applications files inat the Chapter 18 Pr int in g regular users. When a user attempts to write to a file stored in this directory, execution of the Chapter 19 -may Disaster Recovery and Business the SBC Envir onment application fail. You can track down theContinuity particularinfile and reassign security to it by using the Chapter 20 utility - Migr(this ationfreeware to Window s 2003 and Citr ixfrom MetaFrame XP FILEMON utility is available Sysinternals at http://www.sysinternals.com). A better method Ongoing is to relocate Administr theation file to of each the Ser user's v er - Based Windows Com puting directory. Chapter 21 Envir onment Pa r t I V - Appendi x es Registry Security

Appendix A - I nter netw or k ing Basics

Many issues arise dueantoOnregistry security and of theModel registry by legacy applications. Appendix B - Creating Dem and Enterpr iseincorrect Financial use Analysis REGMON another tool available the Sysinternals web site that administrators can use to track Appendix C is - Creating an OnDem andatEnterpr ise Subscr iption Billing Model down registry keys that have the wrong security. I ndex List of Figur es

Application COM/DCOM Objects

List of Tables

List of same Case Studies The application may create identical objects for multiple sessions. To separate the same object List of Sidebars created by different sessions, a logon ID is appended to each object name. Session objects created in

this way are called user global objects and are only visible inside the session in which they were created. If an object is created from the console, there will be no logon ID appended to the object name. This type of object is called a system global object. Because of this distinction, application objects to be used for multiple sessions should be generated as system global objects and installed from the console instead of a user session.

Note Always install software from the console because of the issues mentioned earlier that arise from running applications in a session. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Memory Utilization

ISBN:0072195665 by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages) Some applications do not return memory to the system upon exit. This situation is exacer-bated in a This guide how build a r obust, multiuser environment, andex isplains difficult to to track down whenreliable, a large and number of applications and users scalable thin- client com puting envir onment and deploy are involved. Although a nightly reboot with Windows 2000 or Windows 2003 should not be required if Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also the applications are well real-world environments ateleast one rogue application learn t o written, centr alize application managem ent,typically r educe have soft w ar that is poorly authored. SBC implement a cyclical reboot program in order to clear on the Many desktop, andenvironments mor e.

memory and prevent memory leaks from causing erratic performance and server crashing. The

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> frequency of the reboot depends on how active the memory utilization is. Citrix MetaFrame XPe has a Ta ble o f Con t en t s

reboot tool, and many of the resource web sites we list in the appendixes have example scripts as well.

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

DCOM Compliance

I ntr oduction

Pa r t I -programs Ov er vi e w use of Ente r pr ise SeOpen r ve r - Ba se d Com put in g Most traditional Database Connections

(ODBC) to access network objects, such

I ntr oducing Serdatabase. ver -Based To Com puting and th e OnDem andfor communication between all as a data in a SQL allow a common interface Chapter 1 source Enterpr ise system programs (objects) across a network, Microsoft developed the Distributed Component Object Chapter 2 - Window s Ter minal Ser vices Model (DCOM). Chapter 3

- Citr ix MetaFr am e Access Suite

Inr torder tosigni be certified by Microsoft Windows Pa I I - De ng a n Ent e rpr i se SBC as Solut ion

2000 or Windows 2003 compatible, an application must supportPrDCOM. that software canise communicate and share functions epar ing This Yourensures Or ganization for an On-components Dem and Enterpr Chapter 4 over a network in anent efficient I mplem ation and reusable manner. TSE inherited a subset of DCOM functionality from Windows 4.0. Therefore, some applications forure Windows NT 4.0 may not function properly Chapter 5 NT - Ser ver - Based Computing Data Centerwritten Architect under TSE's multiuser environment. Microsoft has addressed this issue in Windows 2000. All DCOM Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing activation modes are fully supported, as shown in the following: Chapter 7 - The Client Envir onment Chapter 8

- Security

Chapter 9 as- Activator Net w or k Managemen t Run Local activation is the same whether Terminal Services is enabled or not. The Pa r t I server I I - I m ple m ent ing aon n Othe n-Dsame e m a ndsession Se r ve r -as Ba the se d activator. Com pu ti ng Envi r onm e nt is activated

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Remote Activation When DCOM is activated remotely, the process is launched in a WindowStation with a special SessionID =0, not a session corresponding to the user. This Chapter 13 - Application I nstallation and Configur at ion modification preserves the implementation activity of a remote call. Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Run application is configured in the registry to run as a specified user. Local Chapter 16 as- Named SecuringUser ClientThe Access and activation of DCOM Chapter 17remote - Net wor k Configur at ion behaves in the same way. Chapter 18 - Pr int in g Chapter 19 as- Windows Disaster Recovery and Service Business The Continuity in theisSBC Envir onment Run NT-Based application configured to run as a service. This type Chapter of service 20 - Migr is not ation tied to to Window any session. s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Run as Interactive User The application is configured to run in the security context of the user.

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Licensing

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 bythe Steve et al. Be sure to read all wayKaplan through this section, because the "Windows Server 2003 Licensing" section McGrnews aw -Hill © 2003 (724 pages) contains some great that alleviates much of the licensing pain that SBC users have encountered.

This guide ex plains how to build a r obust, reliable, and

In addition to the scalable basic server operating system license required for every installed server, both thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v require er and MetaFr am e. Also Terminal Server RDP clients and Citrix ICA clients two licenses to connect to a Terminal learnfirst t o license centr alize managem ent,Client r educe soft w ar e Server session. The is application the standard Microsoft Access License (CAL) for accessing on the desktop, and mor e. Windows NT files and print services. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> license required to enable a client connection is a Windows Terminal Services License TaThe ble osecond f Con t en ts

(TS session client running on vaercomputer with Windows Citr ix CAL). MetaFrIf amthe e Access Suite forisWindow s Ser 2003—The Official Guide2000 Professional or Windows XP Professional when connecting to a Windows 2000 Server farm, it is not necessary to purchase a For ewor d

TS CAL for that client device or user. The server has a "built-in" pool of licenses it can provide to those client machines running Windows 2000 Pro or Windows XP Pro. In the case of Windows Server 2003, Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g there is no "built-in" TS CAL pool. Owners of Windows XP Professional desktop licenses are eligible I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter for free1TS -CALs, however. (Talk with your licensing provider to receive the free licenses as soon as Enterpr ise possible since this offer from Chapter 2 - Window s Ter minalMicrosoft Ser vices is limited.) Although Windows NT 4.0 TSE does not enforce licensing, both Windows 2000 Server and Windows Server 2003 arduously enforce licensing of the TS Chapter 3 - Citr ix MetaFr am e Access Suite CAL. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion I ntr oduction

Pr epar Your Or ganization On- Dem and Enterpr Note is aing special provision forfor anan Internet Connector in ise Windows 2000. This license mode Chapter 4 There I mplem ent ation Chapter 5 Chapter 6 Chapter 7 Chapter 8 Chapter 9

allows 200 anonymous, concurrent users to access Terminal Services on a single server. - Ser ver - Based Computing Data Center Architect ure However, the End User License Agreement specifically states that anyone affiliated with the - Designing Your Netw or k for Ser ver- Based Com put ing owner of the license cannot use it (in other words, vendors, customers, employees, - The Client and Envirso onment contractors, on cannot use the license). This rule makes the license restrictive to the - Security point of being useless. Fortunately, the Internet Connector is being replaced as described in - Net w or k Managemen t Server 2003 Licensing" section. the upcoming "Windows

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Windows 2000 Licensing

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 2000 - Serenforces ver Configur ix Terminal MetaFr am Services e Presentation ver any attempt to connect to a Windows theation: use ofCitr the CAL. Ser During Chapter 13 Application I nstallation and Configur at ion session, both the standard CAL and the TS CAL will be checked. If either license is missing or invalid, Chapter 14 - Client ConfigurIfation and Deploymisent the connection is refused. the connection granted, a temporary or permanent TS CAL is assigned. Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Note Windows NT Domain Chapter 16 In- aSecuring Client Access with Windows 2000 or Windows Server 2003 member Terminal licensing must be installed on a Windows 2000 or Windows Chapter 17 Servers, - Net worTerminal k ConfigurServices at ion

Server 2003 member. When upgrading the Domain to Windows 2000 Server or Windows Server 2003 Active Directory, licensing must be reinstalled on a Domain Controller (DC). Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Failing to install Terminal Services licensing and the license codes on the new DC will cause Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP a loss of terminal service capabilities (no license server available). Chapter 18 - Pr int in g

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir onment Windows 2000 Server comes with a license services server that tracks and allocates TS CAL licenses Pa r t I V - Appendi x es to clients at connection time. The license server needs to be installed on a Windows 2000 server and Appendix - I nter netw or k ingLicense Basics Clearing House via a web browser, the telephone, or a process activatedA through Microsoft Appendix B Creating an OnDem anda Enterpr ise Financial Analysis Model called Automatic Activation. When client requests a connection to a Windows 2000 server, the Appendix C Creating an OnDem and Enterpr ise Subscr iption Billing Model request is forwarded to the central license server for validation. The license server uses the username I ndex and computer name to check for an existing license. If none is available, a new license will be issued List of Figur es and the connection is completed. If the license pool is exhausted, the connection is to the client, refused. A temporary license can be enabled that will expire after 90 days. List of Tables List of Case Studies

The significant issue with this licensing is that if a user connects one time from any device (a trade show kiosk, for example), a TS CAL is allocated (although it is not legitimate from the standpoint of the Microsoft Server 2000 licensing agreement to provide a license to a machine not owned by the person using it). Due to this execution of the licensing, the unclear license language, and technical problems (Microsoft provides no licensing option to deal with devices that aren't owned by the company whose user is using it), many customers found themselves continuously running out of TS licenses. In July of 2002, Microsoft responded to strong user feedback regarding the TS license execution by changing the licensing model slightly (via a hotfix patch) to allow the license server to expire leases after 90

List of Sidebars

days. To install this patch, install the Service Pack 2 Security Rollup package, or Service Pack 3 to your license server and all Terminal Servers in your environment. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

Tip After installing Service Pack 2 Security Rollup or Service Pack 3, uninstall and reinstall all TS 2 00 3 : Th e O ff icial Guid e licenses and reactivate them in order to complete this ISBN:0072195665 fix. by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

Licensing and Terminal Services Execution Modes

This guide ex plains how to build a r obust, reliable, and

scalable thin- client com puting envir onment and deploy Windows 2000 Terminal Services can be installed in two different modes. The remote administration Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also mode does not require a TS CAL. purpose of this mode is to allow to do server learn t o centr alize The application managem ent, r educe soft w administrators ar e maintenance remotely. on the Therefore, desktop, andcertain mor e. restrictions apply to running in this mode. Only two concurrent client sessions are permitted. Server application compatibility services are also disabled, < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> such as the global install mode. The Application Server mode is the mode utilized for Terminal Ta ble o f Con t en t s Services in a server-based computing environment. This mode is not restricted like the remote Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide administration mode and requires the TS CALs as discussed earlier. For ewor d

I ntr oduction

Windows Server 2003 Licensing

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 the - single most significant reason to move from Windows 2000 Server to Windows Server Probably Enterpr ise

2003 across the corporate environment Chapter 2 - Window s Ter minal Ser vices is the new licensing options. Although the execution of the

license server is identical to Windows 2000, the licensing choices are dramatically improved. Following - Citr ix MetaFr am e Access Suite are the changes made to licensing with Windows Server 2003:

Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Server 2003 120-day period for ise renewals as opposed to 90 days 1. Windows Pr epar ing Your Orprovides ganizationa for an On-grace Dem and Enterpr I mplem ent ationServer. with Windows 2000

Chapter 4 Chapter 5

- Ser ver - Based Computing Data Center Architect ure 2. Windows ServerYour 2003 supports new option—Per Chapter 6 - Designing Netw or k for aSer ver-license Based Com put ing User licensing, as well as the Per

Seat- licensing supported in Windows 2000 Server (Microsoft has renamed it in Windows 2003 The Client Envir onment to Per Device). Additionally, a hybrid may be used (some licenses may be allocated per device 8 - Security and some per user). The Per User licensing will work best for environments where users have 9 - Net w or k Managemen t multiple devices that connect to the Terminal Servers (that is, a single user connects from a - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt desktop, laptop, CE device, home PC, trade show kiosk, and so on). The Per Device licensing 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment works best for environments where multiple users share the same device (manufacturing 11 - Ser ver Configur ation: Windows Ter m inal Serv ices floors, hospitals, 24/7 offices, and so on). Note that with this change the temporary fix we 12 - Ser ver Configur ation: Citr ix allowing MetaFr amWindows e Presentation ver discussed earlier in this section, 2000 Ser to expire the leases every 90 days, has 13 Application I nstallation and Configur at ion been eliminated.

Chapter 7 Chapter Chapter Pa r t I I I

Chapter Chapter Chapter Chapter

Chapter 14 - Client Configur ation and Deploym ent

3. The License noted Chapter 15 -Internet Pr ofiles,Connector Policies, and Pr ocedu res earlier is replaced in Windows 2003 with an External (EC)Client license called the Terminal Server External Connector (TS-EC) to address the Chapter Connector 16 - Securing Access mentioned: Chapter need 17 - previously Net wor k Configur at ion to enable external users to access a company's Terminal Servers, to purchase individual TS CALs for them or their devices. An example of an Chapter without 18 - Prthe int inneed g

external user is a person who is not an employee of the company or its affiliates. The EC allows organizations to effectively provide Windows and TS CALs for entities not owned by them—for Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP example, e-business customers or supplier partners—in order to give those entities access to Ongoing Administr ation of the Ser v er - Based Com puting Chapter their 21 - networks and terminal servers. The EC may be the best solution when business partners Envir onment customers Pa r t I V -or Appendi x es need access to a server or group of servers. This may be the best solution when a small number of business partners or customers need access to a server or group of servers. Appendix A - I nter netw or k ing Basics This license mode allows 200 anonymous, concurrent users to access Terminal Services. Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Licensing and Terminal Services Execution Modes

I ndex

List of Figur es Unlike Windows 2000 Server, which had a dual mode Terminal Services component, Windows Server List of Tables 2003 separates the remote administration and Terminal Services functionality into separate List configurable of Case Studies components. Remote Desktop for Administration is enabled through a check box on the

system Control Panel's Remote tab. Terminal Services is enabled by adding the "Terminal Server" List of Sidebars component using the Windows Components portion of the Add/Remove Programs Wizard. In addition to the two virtual sessions available in Windows Server 2003 Terminal Services remote administration functionality, an administrator can also remotely connect to the console of a server. A significant outcome to this change is that applications that would not work in a virtual session before, because they kept interacting with "session 0," will now work remotely. To connect to the console, administrators can choose one of the following methods:

Use the Remote Desktop Microsoft Management Console (MMC) snap-in. Run the Remote Desktop Connection (mstsc.exe) program with the /console switch. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Create Remote Desktop Web Connection pages that set the ConnectToServerConsole property. by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Me t aFra m e Access Su it e fo r W in do w s Ser ver Chapter Cit 3:rixCitrix MetaFrame Access Suite 2 00 3 : Th e O ff icial Guid e

Overview

ISBN:0072195665

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

This guide ex plains how to build a r obust, reliable, and

Citrix MetaFramescalable XP Access thin-Suite client is com a complementary puting envir onment product and deploy suite to Microsoft's Terminal Services Windows 2000/ Windows 2003 Ser vEdition, er and MetaFr am e.2000 Also Server, and Windows Server (included with Windows NT 4.0 Terminal Services Windows learn t o centr alize application managem ent, r educe soft w ar e 2003) discussed in Chapter 2. Today, Citrix serves nearly fifty million users, facilitating a seamless user on the desktop, and mor e. experience in heterogeneous computing environments, as well as application delivery across < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> bandwidth-restricted connections. Ta ble o f Con t en t s

Citrix MetaFrame Access Suite comprised software products: Citr ix MetaFr am e Access Suite for is Window s Ser v of er five 2003—The Official Guide For ewor 1. dMetaFrame XP Presentation Server (MetaFrame XP) I ntr oduction

MetaFrame Presentation Server for UNIX Pa r t 2. I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put(MetaFrame in g

for UNIX)

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 3. MetaFrame Manager EnterprPassword ise Chapter 2

- Window s Ter minal Ser vices 4. MetaFrame Conferencing Manager

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t 5. I I - MetaFrame De signi ng a nSecure Ent e rprAccess i se SBCManager Solut ion

(MSAM)

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise 6. Citrix Password and Conferencing Manager I mplem ent Manager ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Password Manager and Conferencing Manager are the newest members of the Citrix MetaFrame - Designing Your Netw or k for Ser ver- Based Com put ing Access Suite. Password Manager provides a simple and elegant single sign-on solution for Chapter 7 - The Client Envir onment MetaFrame XP environments (although it also works in non-Metaframe environments), and Chapter 8 - Security Conferencing Manager provides an all-inclusive collaborative conference interface that leverages the Chapter 9 - Net w or k Managemen t shadow features of MetaFrame XP. These two products further enhance the user experience of the Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt server-based computing environment. Chapter 6

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Serwe verdiscuss Configurthe ation: Windows Ter m inal Serv ices In this chapter, evolution of the MetaFrame Access Suite and dissect its Independent

Computing (ICA) protocol. also the enhancements that MetaFrame Access Chapter 12 - Architecture Ser ver Configur ation: Citr ix We MetaFr amcover e Presentation Ser ver Suite brings TerminalI Services, Chapter 13 - to Application nstallation including: and Configur at ion Chapter 14 - Client Configuraccess ation and ent encrypted for Deploym all enterprise users from any location, without having to open 1. Secure, Chapter firewall 15 - Pr holes. ofiles, Policies, and Pr ocedu res MetaFrame Secure Gateway provides a secure infrastructure by which users can Chapter access 16 - Securing the SBC Client environment Access literally from anywhere, any time, any place, regardless of the

configurations the environment allows SSL [port 443] traffic). Although Chapter firewall 17 - Net wor k Configur (assuming at ion RDP traffic is encrypted, it requires that port 3389 be open both on the Data Chapter Terminal 18 - Pr intServices in g firewallRecovery and at the user's location(s). Chapter Center 19 - Disaster and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

2. True Application Load Management. Microsoft's built-in Network Load Balancing can be

Ongoing Administr ation of the Ser v er - Based Com puting Chapter effective 21 for environments with 100 users or less, but enterprise environments absolutely Envir onment

require a more robust and flexible approach to determining which users are placed on which servers under what circumstances.

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

Appendix B - Creating an OnDem and Enterpr ise Financial Analysis 3. MetaFrame Web Interface wizard-based deployment toolModel (formerly called NFuse). Not only Appendixdoes C - this Creating an OnDem and Enterpr ise Subscr iption Billing tool provide an automated approach to deployingModel access to the SBC environment, I ndex

but, just as handy, it provides an automated approach to deploying the ICA client itself.

List of Figur es Conversely, the deployment and installation of the Remote Desktop Client with Terminal List of Tables Services can be a daunting task when thousands of users need an update to the client. List of Case Studies

4. Universal Access to applications from any client device, to applications on Windows or UNIX platforms. Although Microsoft now supports client access from Macintosh OS X and Windows clients, Citrix not only provides support for Mac and Windows, but also support for over 200 client operating systems, including most flavors of UNIX and Linux, DOS, and embedded devices.

List of Sidebars

5. Enterprise management tools. Citrix provides Resource Manager, Installation Manager, and Network Manager, as well as a host of embedded management tools that present administrators with critical information as well as the automation of enterprise SBC server

environments. Table 3-1 shows the value-add features that Citrix MetaFrame XP add to a Windows Server 2003 Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver environment. 2 00 3 : Th e O ff icial Guid e ISBN:0072195665

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

Table 3-1: Citrix ICA Value-Add Features

This guide ex plains how to build a r obust, reliable, and scalable One-to-many thin- client com puting envir Customized onment andbilling deploy User collaboration Windowsshadowing 2000/ Windows 2003 Serreports v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. Cross-server Track user access to Panning and scaling

Application publishing

Program Neighborhood shadowing < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?>

applications

(handhelds)

Ta ble o f Con t enuser ts Anonymous

Centrally install

Pass-through authentication

Shadowing

Citrsupport ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide indicator applications For ewor d

I ntrContent oductionpublishing

Auto client update

Distribute service

Seamless windows

packs Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g I ntr oducing Ser ver -Based Com puting Package and th e OnDem and Content Universal print customized Chapter 1 redirection Enterpr ise

driver

Chapter 2

Multimonitor support

install

- Window s Ter minal Ser vices

Novell3 NDS support Web-based client Chapter - Citr ix MetaFr am e Access Suite install Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion Delegated Chapter 4 -

Web Interface for MetaFrame

Pr epar ing Your Or ganization for an OnDem and Enterpr ise Support for multiple Non-Windows client I mplem ent ation

administration

Chapter 5

farms

End-to-end security

access

- Ser ver - Based Computing Data Center Architect ure Centralized Auto client Integration Chapter 6 - Designing Your Netw or k printer for Ser ver- Based Com putwith ing

management detection Chapter 7 - The Client Envir onment console Chapter 8 - Security

Network Management consoles

Chapter 9 - Net w or k Managemen t Connection control Resource-based

Support for direct asynch

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Load Management

Application save position

MetaFrame Secure Gateway SSL/TLS 128-bit encryption

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

CPU prioritization Schedule Client drive Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices remapping application Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Support for digital certificates

availability

Chapter 13 - Application I nstallation and Configur at ion Chapter 14 for - Client ation and Deploym ent Text-entry prediction Support 1000+Configur Specify client IP Chapter 15 in- farm Pr ofiles, Policies, and Pr ocedu res servers range Chapter 16 - Securing Client Access

Many-to-one shadowing

Application monitoring

Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Instant mouse-click feedback

Socks 4 and 5 proxy support SpeedScreen 4 browser acceleration

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rixof Me MetaFrame t aFra m e Access Su it e fo r W in do w s Ser ver The Evolution 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by SteveNT Kaplan et al. system developed from a The Microsoft Windows operating single-user operating system McGr aw -Hillfor © 2003 (724apages) architecture and continued, nearly decade, only to be limited in certain applications by that fact. Windows NT provided real-time multiprocessing comparable to those of rival UNIX This guide ex plains how to build acapabilities r obust, reliable, and scalable thincomfunctions puting envir onment andkernel deployto support concurrent multiuser operating systems, but did notclient provide within its OS Windows 2000/ 2003 Ser v er and MetaFr am e. Also access to applications hosted onWindows NT platforms.

learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Given the dominant business computing architecture of the late 1980s and early 1990s, which featured < ?xm l version= capable " 1.0" encoding= SO- 8859- 1"(so-called ?> fat-client PCs) that provided much of the same increasingly desktop" Icomputers Taprocessing ble o f Con tas en tclient-server s applications, it may well be that the need for multiuser computing platforms (similar in concept to mainframe computing was not of primary concern to Microsoft Citr ix MetaFr am e Access Suite for Window s Ser venvironments) er 2003—The Official Guide designers. In Microsoft's preferred computing model, information processing was conceived as For ewor d inherently I ntr oductiondistributed and individualized: desktop computers were viewed as "peers" of server platforms. server were little Pa r t I - Ov erIn vi efact, w of most Ente r early pr ise Se r ve r - systems Ba se d Com put in g more than highly configured PCs, typically featuring many the same hardware components. I ntrof oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1

-

Enterpr ise At that 2time, was anminal interest in some niche areas for a server platform that would "host" Chapter - there Window s Ter Ser vices

applications- and share them among several connected client devices, configured as dumb terminals. Citr ix MetaFr am e Access Suite One such application was remote access: a technique by which one or more offsite users could access an application located on a corporate local area network (LAN). Ideally, the remote user would Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter be able4 to perform work as though seated at a terminal directly attached to the LAN. I mplemuseful ent ation Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

However, the mainstream architecture for business computing did not yet involve shared application - Designing Your Netw or k for Ser ver- Based Com put ing use. Instead, the norm was a combination of Windows-based desktop computers, emphasizing locally Chapter 7 -executed The Client Envir onment stored and individual applications, and Novell, UNIX, or NT-based servers (or a combination Chapter - Security of all of8 these) interconnected via a LAN, supporting client-server computing. Chapter 6

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Multiuser Windows—MultiWin

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 behind - Ser ver Configur ation: Windowson Ter m inal Serv ices The idea server-based computing Windows NT can be traced to the X-Window System Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver X-Window clients can send developed by MIT in 1984. By utilizing powerful UNIX servers, remote Chapter 13 and - Application I nstallation and Configur at ion keyboard mouse input to server-based applications running on central servers. The X-Window Chapter 14 Client Configur ation and Deploym ent System on the server then tracks output from the applications and updates the appropriate remote Chapter 15 - Prscreen. ofiles, Policies, and Pr ocedu res client session Chapter 16 - Securing Client Access

The founder of Citrix Chapter 17 - Net wor k Systems, Configur atEd ion Iacobucci, originally conceived the idea of allowing different types of computers to run the same applications, even though they might not have the same operating system or adequate local resources. While working as head of the joint Microsoft/IBM design team on the Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment OS/2 project, he approached both companies with the idea, but neither firm was interested. Iacobucci Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP then formed Citrix Systems in 1989 and the technology behind the current Terminal Services was Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 developed—MultiWin. MultiWin rode on top of the OS/2 kernel and allowed multiple simultaneous Envir onment OS/2 sessions and desktops in a protected memory area for each individual user. Pa r t I V - Appendi x es Chapter 18 - Pr int in g

Appendix A - I nter netw or k ing Basics

WinView

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix - Creating Dem and Enterprmultiuser ise Subscroperating iption Billing Modelcalled WinView. WinView used In 1993,CCitrix shippedanitsOnfirst OS/2-based system, I ndex the MultiWin technology and one of the first incarnations of a remote display client called Independent List of Figur esArchitecture (ICA). Citrix first worked to deliver multiuser extensions to the OS/2 operating Computing List of Tables system and subsequently worked on the delivery of applications across Novell and TCP/IP networks.

Despite prevailing List of Case Studies personal and client-server computing models, developers at Citrix believed that multiuser computing had a future, especially as applications moved off the desktop and "into the List of Sidebars network." They convinced Microsoft that a market for multiuser NT could be cultivated and secured a license to add multiuser extensions to the NT operating system.

WinFrame Whether or not Microsoft shared the Citrix vision of the future, the license agreement was certainly a "win-win" for Microsoft and Citrix. With the multiuser extensions provided by Citrix in the form of

WinFrame, Microsoft would be able to answer criticisms from UNIX advocates regarding a purported "deficiency" of its server operating systems: they provided little or no support for multiuser computing requirements. If Citrix correct, and for multiuser computing platforms could Cit rixvisionaries Me t aFra mwere e Access Su it e foar market W in do w s Ser ver be cultivated, Microsoft have solution to offer that market. 2 00 3 : would Th e O ff icialaGuid e by Steve Kaplan et al.

ISBN:0072195665

Citrix WinFrame is a combination of Microsoft Windows NT 3.51 Server and Citrix MultiWin technology. McGr aw -Hill © 2003 (724 pages) WinFrame was a major upgrade to the OS/2-based WinView. At the time of its release, Windows 3.1 This guide ex plains how to build a r obust, reliable, and (and later, Windows 95) had become the desktop standard, and WinFrame surpassed WinView as a scalable thin- client com puting envir onment and deploy tool for installing Windows and executing standard end-user applications. 2000/ the Windows 2003corporate Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e and mor e.

on the desktop, Thin-Client Computing

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> In the mid-1990s, the argument for multiuser NT was reinforced by the findings of analysts such as the Ta ble o f Con t en t s

Gartner Group regarding the total cost of ownership of Windows PCs. Analysts claimed that fat-client PCs cost organizations between $7000 and $13,000 per PC per year in maintenance and support. For ewor d This position touched off a firestorm of industry activity, mainly from longtime Microsoft rivals. The soI ntr oduction called SONIA set—an acronym for Sun Microsystems, Oracle Corporation, Netscape Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g Communications, IBM, and Apple Corporation—led the charge to displace Microsoft PCs from I ntr oducing Ser ver -Based Com "network puting andcomputer" th e On- Dem corporate substituting their own in and their place. Despite the obvious selfChapter 1 desktops, Enterpr ise interest inherent in the SONIA value proposition, and the subsequent failure of the network computer Chapter 2 - Window s Ter minal Ser vices to take hold in the market, the underlying tenant of the SONIA argument took root. The Citrix concept Chapter 3 Citr ix MetaFr am e Access Suite ofthin-client- computing was introduced to the lexicon of modern business computing. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Thin-client Chapter 4 -computing advocates held that, as server capabilities grew, it was only natural for server I mplem ent ation hosts to become "fatter" and for desktop platforms to become "thinner." Application software, Chapter 5 - Ser ver -should Based Computing Data Centerservers Architect ure than on individual PCs. Placing advocates argued, reside on application rather Chapter 6 - on Designing Netw or k for Ser verBased Com put ing of a variety of inexpensive client applications a serverYour would make them accessible by means Chapter 7 The - The Client onment and World Wide Web at about the same time reinforced this devices. advent of Envir the Internet Chapter perspective. 8 - Many Security people adopted a view of computing in which all applications would be accessed via

a universal, client such as a web browser. Chapter 9 - hardware-agnostic Net w or k Managemen t Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Citrix10 Systems Synonymous with an Thin Chapter - Pr oj ect Managing and Deploying Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Citrix Systems, with its Independent Computing Architecture (ICA), emerged from the discussion of thin computing as the undisputed leader in a market it had long helped to facilitate. In an ICA-based Chapter 13 - Application I nstallation and Configur at ion solution, WinFrame-based application servers could host Windows-compliant applications, while end Chapter 14 - Client Configur ation and Deploym ent users, equipped with any of a broad range of client devices (whether network computers or Windows Chapter 15 - access Pr ofiles,and Policies, andapplications Pr ocedu res over a network connection. Integral to the WinFrame PCs), could use the Chapter 16 Securing Client Access approach was a remote presentation services protocol capable of separating the application's logic Chapter - Net wor k Configur ion keystrokes, mouse-clicks, and screen updates would travel the from its17user interface, so thatatonly Chapter 18 Pr int in g network. With the ICA protocol, Citrix claimed, the user's experience of the server-hosted application Chapter 19 comparable - Disaster Recovery and Business Continuity in the SBC Envir onment would be in all respects to that of an application executing on the end user's own desktop Chapter PC. 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Terminal Services and MetaFrame

Pa r t I V - Appendi x es

Appendix A interest - I nter netw or kWinFrame ing Basics solution encouraged Microsoft to license MultiWin, the core Increased in the Appendix B Creating an OnDemCitrix and Enterpr iseinFinancial Analysis Model the technology into its own technology of WinFrame, from Systems 1997 and to integrate Appendix C systems - Creating an after. On- Dem Enterpr ise Subscr iption Billing Model operating soon Asand explained in Chapter 2, Microsoft first implemented MultiWin in a I ndex special Terminal Services Edition (TSE) of its NT 4.0 OS. With Microsoft's integration of Terminal List of FigurCitrix es Services, needed to raise the bar for scalability and management. This was accomplished with List MetaFrame. of Tables List of Case Studies

Introduction List of Sidebars

of MetaFrame 1.0/1.8

Unlike WinFrame, which had been a stand-alone product and a "replacement" operating system for NT, MetaFrame was an add-on to the Microsoft NT 4.0 TSE and Windows 2000 platform. One reason for the MetaFrame product was to continue to meet the needs of WinFrame customers who were interested in migrating their NT 3.51-based WinFrame environments to newer NT 4.0 TSE-based environments but who were afraid of losing application server connections with clients that were not supported by Remote Desktop Protocol (RDP). MetaFrame added ICA client and protocol support

back into the Microsoft multiuser operating system offering, since ICA allowed for connectivity from many additional clients than RDP allowed. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver O ff icial Guid e

MetaFrame XP 2 00 3 : Th e

ISBN:0072195665

by Steve Kaplan et al.

MetaFrame XP is the latest version from Citrix. With the release of Feature Release 3 (FR-3), XP is McGr aw -Hill © 2003 (724 pages) compatible with Microsoft's latest operating system: Windows Server 2003. In addition to the feature This guide ex plains how to build a r obust, reliable, and updates and changes, another very significant change that Citrix made with MetaFrame XP is the scalable thin- client com puting envir onment and deploy change in licensing; MetaFrame 1.0/1.8 Citrix a server for every server with Citrix Windows 2000/ Windows 2003 required Ser v er and MetaFrlicense am e. Also installed as well as learn bump t o centr packs alize forapplication additional managem users, while ent, MetaFrame r educe soft wXP ar e only requires one base on the farm desktop, mor packs e. license for each server (withand bump for additional concurrent users). This change makes licensing far more flexible and convenient, < ?xm l version= " 1.0" encoding= " I SO8859- 1" ?>and in most cases cheaper, as additional servers can be brought online as needed without additional Citrix software license expense (as long as no additional Ta ble o f Con t en t s concurrent users are added). Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

With MetaFrame XP, customers have new version choices, including XPs, XPa, and XPe. All versions of XP are supported on Windows NT 4.0 TSE, Windows 2000 Server, and Windows Server 2003. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g MetaFrame XP supports full integration with Active Directory in Windows 2000 or Windows Server 2003. 1 - I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter I ntr oduction

Enterpr ise

Chapter 2 Following - Windowthe s Ter minal Ser Note release of vices Feature Release 1, Citrix stopped adding any additional features or Chapter 3 enhancements - Citr ix MetaFr am Access Suite to eMetaFrame XP for Windows NT 4.0 TSE. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

XPs is the standard version forganization Citrix servers stand-alone point ise solution implementations with one to Pr epar ing Your Or for anforOnDem and Enterpr five servers. XPs feature highlights include MetaFrame Web Interface for MetaFrame, user shadowing, I mplem ent ation Secure5Gateway, Print Driver II, client zoneure support, Novell NDS support, client device Chapter - Ser verUniversal - Based Computing Data Centertime Architect support, and full ICA client support. Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing Chapter 4

Chapter 7

- The Client Envir onment

Although more than one server can be used with XPs, it is rare, as applications cannot be load - Security balanced across servers and any application publishing will have to be done separately on each server Chapter 9 - Net w or k Managemen t with different names. Chapter 8

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter - Pr oj ect Managing and includes DeployingallanofEnter pr isefeatures, SBC Envirwith onment XPa is 10 the advanced version that the XPs the addition of Load Chapter 11 - Ser ver upgrade Configur ation: Windows m in inal Serv ices Management. This is designed forTer use farms with 2 to 100 servers. Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

As shown 3-2, XPe contains allConfigur the features Chapter 13 in - Table Application I nstallation and at ion included with XPa, as well as some additional

features required for enterprise management. These extended features include Resource Manager, Installation Manager, Web Interface Extension for MetaFrame XP (formerly Enterprise Services for Chapter 15 - Pr ofiles, Policies, and Pr ocedu res NFuse), a plug-in for Microsoft Operations Manager (MOM), and Network Manager. XPe is designed Chapter 16 - Securing Client Access for 20 or more servers and accommodates multiple Citrix Server farms. Chapter 14 - Client Configur ation and Deploym ent

Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Table 3-2: MetaFrame XP FR-3 Feature Grid

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ixMetaFrame MetaFrame XP

MetaFrame

Ongoing Administr ation of the Ser v erXPs - Based Com putingXPa Chapter 21 Envir onment Pa rUNPARALLELED t I V - Appendi x es

MetaFrame XPe

MANAGEABILITY AND SCALE

Appendix A - Shadowing I nter netw or k ing Basics Advanced Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Cross-server shadowing

X

X

X

I ndex Many-to-one shadowing List of Figur es

X

X

X

X

X

X

X

X

X

X

X

X

Anonymous user support

X

X

X

Application publishing

X

X

X

Content publishing

X

X

X

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

One-to-many shadowing

List of Tables

ListShadowing of Case Studies indicator List of Sidebars

Shadowing taskbar Application Management

Program Neighborhood

X

X

TCP-based browsing X ver Cit rix Me t aFra m e Access Su itX e fo r W in do w s Ser

X X

2 00 3 : Th e O ff icial Guid e

Application Packaging and Delivery

ISBN:0072195665

by Steve Kaplan et al.

Centrally install McGr and uninstall applications aw -Hill © 2003 (724 pages)

X

This guide ex plains how to build a r obust, reliable, and Create logical server groups

X

scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also Customizable project details learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. Delivery verification < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Distribute service packs, updates, and Ta ble o f Con t en t s

X X X

files

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide ForMSI eworsupport d

X

I ntr oduction

X

Package applications, files, and service packs

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Enterpr ise Package inventory

X

Packager rollback

X

Pa rSchedule t I I - De signi ng a n Ent e rpr i se SBC Solut ion package delivery

X

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter Server4 reboot support I mplem ent ation

X

Chapter 5 for - Ser ver - Basedinstalls Computing Data Center Architect ure Support unattended Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing

X

Centralized Administration Chapter 7 - The Client Envir onment Chapter - Security Active8Directory support Chapter 9

- Net w or k Managemen t

Novell NDS support

X

X

X

X

X

X

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter User policies X pr ise SBC Envir X onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Administrator toolbar

X

X

X

X

X

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application Centralized Data StoreI nstallation and Configur at Xion Chapter 14 - Client Configur ation and Deploym ent

X

Citrix administrative accounts

X

X

X

Chapter - SecuringConsole Client Access Citrix 16 Management

X

X

X

X

X

X

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 17 - Net wor k Configur at ion

Plug-in for Microsoft Operations Manager (MOM)

Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Citrix 20 Web- Console Chapter Migr ation to Window s 2003 and Citr ixX MetaFrame XP X

X

Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 - control Connection X X Envir onment

X

Pa rCPU t I V -prioritization Appendi x es

Appendix A - I nter netw or k ing Basics

Windows Installer Support

X

X

X

X

X

X

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating On- Dem and Enterpr ise Subscr iption Billing Model Centralized LicenseanManagement I ndex

Centralized license activation

X

X

X

X

X

X

X

X

X

Auto client update

X

X

X

Business Recovery

X

X

X

ReadyConnect

X

X

X

Web-based client installation

X

X

X

List of Figur es

ListEnterprisewide of Tables license pooling List of Case Studies

Plug-and-play licensing

List of Sidebars

Client Management

Network Management Access CMC from third-party Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver management consoles 2 00 3 : Th e O ff icial Guid e ISBN:0072195665

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

SNMP monitoring agent

X X

Printer Management This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy

MetaFrame Universal Print Driver version X v er and MetaFr am X e. Also Windows 2000/ Windows 2003 Ser II learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Support for color and high-resolution < ?xm l version= encoding= SO- 8859- 1" ?> printers with" 1.0" Universal Print" IDriver

X

X

X X

Ta ble o f Con t en t s

auto X CitrPrinter ix MetaFr am creation e Access log Suite for Window s Ser v er 2003—The Official XGuide

X

For ewor d

X

X

X

X

Printer driver access control

X

I ntr oduction

X in g Pa rPrinter t I - Ovdriver er vi e wreplication of Ente r pr ise Se r ve r - Ba se d Com put

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter Printing 1 bandwidth control X X Enterpr ise

X

Chapter 2 - WindowLoad s Ter minal Ser vices Resource-Based Balancing Chapter 3

- Citr ix MetaFr am e Access Suite

Instant load-balancing feedback

X

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

X

Pr epar ing Your Or ganization for an On- Dem and EnterprXise Load 4balancing reconnect support Chapter I mplem ent ation

X

Schedule availability Chapter 5 -application Ser ver - Based Computing Data Center Architect ure

X

X

Chapter 6 client - Designing Specify IP rangeYour Netw or k for Ser ver- Based Com put ing X Chapter 7 - The Client Envir onment

X

Scalability Chapter 8 - Security Chapter 9 - Net w or k Managemen t Enterprise-class scalability

X

X

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Cross-subnet X pr ise SBC Envir X onment Chapter 10 - Pr ojadministration ect Managing and Deploying an Enter

X X

Chapter 11 Monitoring - Ser ver Configur ation: Windows Ter m inal Serv ices System and Analysis Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Application monitoring

X

Chapter 14 - Client Configur ation and Deploym ent Customized reporting

X

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Summary database and reporting

X

Chapter 17 system - Net wor k Configur at ion Perform capacity planning Chapter 18 - Pr int in g

X

Chapter 16 - Securing Client Access

Real-time graphing and alerting

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

X

Chapter Server20farm - Migr monitoring ation to Window s 2003 and Citr ix MetaFrame XP

X

Ongoing Administr ation of the Ser v er - Based Com puting Chapter - access to applications Track21 user Envir onment

X

Pa rUser-definable t I V - Appendi x es metrics

X

Appendix A - I nter netw or k ing Basics

Watcher Appendix B window - Creating an On- Dem and Enterpr ise Financial Analysis Model

X

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model ICA session monitoring

X

I ndex

TOTAL" NET" LEVERAGE

List of Figur es

ListWeb of Tables Application Access List of Case Studies

Web Interface for MetaFrame

X

X

X

Federal Information Processing Standards (FIPS) 140 security compliance

X

X

X

Support for RSA Secure ID and Secure Computing Premier Access second factor authentication solutions

X

X

X

Multiple server farm support

X

X

X

List of Sidebars

Application filtering and caching

X

X

Support for MetaFrame X ver Cit rix MeSecure t aFra mAccess e Access Su itX e fo r W in do w s Ser Manager 2 00 3 : Th e O ff icial Guid e ISBN:0072195665

by Steve Kaplan et al. Web Interface Extension for MetaFrame McGr aw -Hill © 2003 (724 pages) XP

X X X

This guide ex plains how to build a r obust, reliable, and

ULTIMATE FLEXIBILITY scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

Access to Local System Resources learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Auto printer creation

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Automatic drive Ta ble o f Con t en t s redirection

X

X

X

X

X

X

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Client drive mapping

X

X

X

X

X

X

X

X

For ewor d I ntrClipboard oduction redirection

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

COM port redirection

X

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise Performance

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Instant mouse-click feedback

Pa rPersistent t I I - De signi ng a ncaching Ent e rpr i se SBC Solut ion bitmap

X

X

X

X

X

X

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 packet Priority tagging X X I mplem ent ation

X

Chapter 5 - Serbrowser ver - Basedacceleration Computing Data CenterX Architect ure SpeedScreen

X

X

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

SpeedScreen Chapter 7 - The3Client Envir onment

X

X

X

Chapter 8 - prediction Security Text-entry

X

X

X

Chapter 9

- Net w or k Managemen t

Seamless User Experience

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter High-/true-color depth and resolution X pr ise SBC Envir X onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

16-bit audio support

X

X

X

X

X

X

X

X

X

X

X

X

X

X

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at Application save position Xion Chapter 14 - Client Configur ation and Deploym ent

Auto client reconnect

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter - Securing Client Access Client16 printer management utility Chapter 17 - Net wor k Configur at ion

Client time zone support

Chapter 18 - Pr int in g

Chapter Content 19 redirection - Disaster Recovery and Business Continuity X in the SBC Envir X onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Multimonitor support

X

X

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment Panning and scaling X X

Chapter 21 -

Pa r t I V - Appendi x es

Pass-through authentication Appendix A - I nter netw or k ing Basics

X

X

Appendix B -user Creating an On- Dem and Enterpr ise Financial Analysis Model Roaming reconnect X X Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Seamless windows

X

X X X X X

I ndex

X

X

X

ListWin of Figur es 16 multi-session support

X

X

X

X

X

X

Support for direct asynch dial-up

X

X

X

Support for TCP/IP, IPX, SPX, and NetBIOS

X

X

X

X

X

X

List of Tables

Universal Connectivity

List of Case Studies

ListUniversal of Sidebars client access

User Collaboration User collaboration

END-TO-END SECURITY Security

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

MetaFrame Secure Gateway

by Steve Kaplan et al. Delegated administration McGr aw -Hill © 2003 (724 pages)

X

X

X

X

X

ISBN:0072195665

X

This guide ex plains how to build a r obust, reliable, and SSL 128-bit encryption X X scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also TLS encryption X X learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. Smart card support X X < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> SecureICA 128-bit encryption Ta ble o f Con t en t s

X

X

CitrSOCKS ix MetaFr4am and e Access 5 Support Suite for Window s Ser v er 2003—The X Official XGuide For ewor d

Ticketing

X

I ntr oduction

X

X X X X X X

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based puting and th provides e On- Demus andwith the ability to completely computing usingCom MetaFrame XP ChapterThe 1 centralized Enterpr ise

customize which applications are provided to which users. This ensures that all users have - Window s Ter minal Ser vices access to the necessary resources required for their daily tasks. Software changes and Chapterupgrades 3 - Citr are ix MetaFr am e Access performed at the Suite server effective instantaneously for all users. Overall, we have Pa r t I I -been De signi ngtoa nexpand Ent e rprand i se SBC able growSolut our ion IT projects ahead of estimated schedules with the seamless Pr eparof ing Your Or ganization for an OnDem and Enterpr ise applications and minimum maintenance time required for our Citrix Farm. Chapterdeployment 4 Chapter 2

I mplem ent ation

Chapter—Michael 5 - Ser ver Based Computing Data Center Architect ure P. -Miller ChapterNetwork 6 - Designing YourAdministrator Netw or k for Ser ver- Based Com put ing & Systems

Care Partners, P.C. ChapterPrimary 7 - The Client Envir onment Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

MetaFrame XP is Active Directory compliant. Thus, Active Directory groups may be used to configure permissions and users. Citrix does not change or add to the schema of Active Directory, and Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment MetaFrame allows single sign-on for Active Directory, Novell NDS, and Novell e-Directory Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices environments. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Web interface for MetaFrame is provided by Citrix, Chapter 13 - Application I nstallation and Configur at ionwith all three MetaFrame XP versions to publish Windows to web pages on intranets Chapter 14 applications - Client Configur ation and Deploym ent and the public Internet. This tool also allows customization thatPolicies, a number can be combined into an "application portal." Chapter 15 - Prso ofiles, andofPrapplications ocedu res Additionally, Secure Gateway provides a secure method of application access delivered Chapter 16 - MetaFrame Securing Client Access directly17 to the end via a browser, over SSL, providing increased security while reducing problems Chapter - Net woruser k Configur at ion with Firewall and VPN Chapter 18 - Pr int in g configurations.

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

With MetaFrame XP, access to applications can be provided across a variety of networks, including

Chapter 20 networks, - Migr ationremote to Window s 2003 and connections, Citr ix MetaFrame wide area access dial-up localXParea networks, the Internet, and Ongoing Administr ation of the Ser v er Based Com puting wireless Over 200 types of clients, including Windows PCs, Windows terminals, UNIX Chapter 21networks. Envir onment

workstations, handheld devices, network computers, and numerous others, are supported as ICA clients. These client choices improve dramatically on the RDP client support inherent in Windows NT Appendix A - I nter netw or k ing Basics 4.0 TSE, Windows 2000 Server, and Windows Server 2003. Pa r t I V - Appendi x es

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Independent Computing Architecture (ICA) 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve Kaplan et al. computing that competes ICA is an architecture for server-based with and/or complements other McGr -Hill © 2003Remote (724 pages) architectures such as aw Microsoft's Desktop Protocol (RDP) and Sun Microsystems/X-Open's XWindow protocol.This All of these architectures share the goal to provide guide ex plains how to build a rinobust, reliable, and a means to extend resources, scalable thin- client puting envir onment and deploy simplify application deployment andcom administration, and decrease the total cost of application Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also ownership.

learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

With all of these server-based computing architectures, applications are deployed, managed, < ?xm l version=and " 1.0" encoding= " I SO- 8859supported, executed completely on1"a?> server. Client devices, whether fat or thin, have access to Tabusiness-critical ble o f Con t en t s applications on the server without application rewrites or downloads. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

For everything that ICA, RDP, and the X-Window System have in common, they vary significantly from For ewor d each other at the component level. Since very little new development is currently being done with the X-Windows System, we will focus our comparisons on ICA and RDP, although the "MetaFrame for Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g UNIX" section provides a brief discussion on ICA versus X-Windows. I ntr oduction

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

- Window s Ter minal Ser vices Protocol ICA Presentation Services

Chapter 2 Chapter 3

- Citr ix MetaFr am e Access Suite

As in ng Figure 3-1, the Pa r t depicted I I - De signi a n Ent e rpr i seICA SBCpresentation Solut ion

services protocol transports only key-strokes, mouseclicks, and screen client. The demonstrated to operate consistently Pr eparupdates ing Your to Or the ganization for anprotocol On- Demhas andbeen Enterpr ise Chapter 4 with 20 kilobits per second I mplem ent ationof network bandwidth and provide real-time performance with 30 kilobits per second automation applications. This enables Chapter 5 - for Seroffice ver - Based Computing Data Center Architect ureeven the latest 32-bit applications to be operated remotely across low-bandwidth links while delivering Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ingperformance comparable to local execution on existing terminals, network computers, and a host of evolving Chapter 7 - The ClientPCs, EnvirWindows-based onment business and personal information appliances. Chapter 8 - Security Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Figure 3-1: ICA presentation services

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20protocol - Migr ation to Windowwith s 2003 and Citr ix MetaFrame XP in mind, making it a robust performer The ICA was designed low-bandwidth connections Ongoing Administr ation of the Ser v er Based Com puting on both21largeand small-capacity links. Moreover, the ICA protocol responds dynamically to changing Chapter Envir onment

network, server, and client operating conditions. It takes advantage of available network and server resources and adapts automatically when conditions are more restrictive, often without generating any Appendix A - I nter netw or k ing Basics noticeable changes in the end user's experience. Much of the performance of the ICA protocol can be Appendix B to- the Creating On- Dem and Enterpr isedata Financial Analysis Model attributed use ofanintelligent caching and compression techniques, and to technologies such Appendix C Creating an OnDem and Enterpr ise Subscr iption as SpeedScreen. ICA is a non-streaming protocol, meaningBilling that ifModel a user's screen has not changed I ndex and they have not moved the mouse or keyboard, no traffic will be passed. This feature can List of Figur es help larger environments operating over a WAN link as many users will not be using any substantially List of Tablesat certain instances, allowing much better utilization of the bandwidth as a whole. bandwidth Pa r t I V - Appendi x es

List of Case Studies List of Sidebars

Citrix MetaFrame enables us to deploy Windows applications to our students in both a very cost-effective and expeditious manner. This is true whether they are working on a PC or Windows terminal on campus, or working offsite using an Internet connection. —Tony Holland, Director of Computing Services, Stanford Business School

SpeedScreen rix Me t aFra e Access the Su itperformance e fo r W in do wof s Ser ver SpeedScreen is aCit technology formimproving application delivery across ICA links. It 2 00 3 : Th e O ff icial Guid e improves performance by reducing the amount of data that must traverse an ICA connection as an ISBN:0072195665 by Steve Kaplan et al. end-user interacts with a MetaFrame server-based application. SpeedScreen targets the repainting McGr aw -Hill © 2003 (724 pages) function of a hosted application. With many applications, entire screens are repainted with each This guide ex plains howby tothe build a ruser. obust,SpeedScreen reliable, and uses an intelligent agent keyboard entry (or mouse-click) made end scalable thin- client com puting envir onment and deploy technology to compare information previously transmitted to the ICA client with information that is Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also about to be transmitted, then transmits only the changed information. learn t o centr alize application managem ent, r educe soft This w ar e is visually represented in Figure 3-2. By limiting on therepaint desktop, operations and mor e.to specific sections of a screen affected by user interaction, the amount of traffic that must traverse the connection is dramatically reduced. Citrix's latest release of < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> SpeedScreen, SpeedScreen 4, also called SpeedScreen Browser Acceleration, specifically focuses Ta ble o f Con t en t s on major performance and usability improvements for end users connecting to published applications Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide that embed JPEG and GIF images within Microsoft HTML pages. Supported applications include For ewor d Internet Explorer v5.5 or later, Microsoft Outlook and Outlook Express. I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9 - 3-2: Net w or k Managemen t improves link performance Figure How SpeedScreen Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

With some bandwidth consumption may as much as 30 percent through Chapter 10 -applications, Pr oj ect Managing and Deploying an Enter prbe ise reduced SBC Envirby onment the implementation of SpeedScreen, while Ter total packets transmitted may be reduced by 60 percent. Chapter 11 - Ser ver Configur ation: Windows m inal Serv ices The result lower the network and better application Ser performance for the end Chapter 12 is - Ser ver latency Configurination: Citr ix MetaFr am e Presentation ver user—especially acrossI low-bandwidth connections. Chapter 13 - Application nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

With the SpeedScreen Latency Reduction (SLR) manager, the end-user experience can be enhanced

Chapter 15 - First, Pr ofiles, Policies, and can Pr ocedu res in two ways. local text echo be enabled to give immediate feedback by having the local client Chapter 16 Securing Client Access render the text. The normal way text is transferred when using MetaFrame is by sending the keystroke Chapter 17 - Net wor kisConfigur at ionand then rendered back to the client. This is convenient for users that to the server, which processed Chapter 18 Pr int in g type quickly, as even the slightest delay can be annoying. Second, SLR can provide for instant Chapter 19 for - Disaster Recovery and Business Continuity in the SBC Envir onment feedback mouse-button clicks. Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Connectivity Options Envir onment

Chapter 21 -

Pa r t I V - Appendi x es

A broader range of connectivity options are supported by MetaFrame and ICA than by RDP, so a more

Appendix A set - I nter netw or k ingaccess Basics and utilize hosted applications. Figure 3-3 depicts the connectivity diversified of users can Appendix B Creating an OnDem and Enterpr ise ISDN, Financial Analysis Model options enabled by ICA, which include dial-up, multiple LANs, wireless LANs, numerous WANs, Appendix C - Creating Dem andisEnterpr iptiontoBilling Model LAN/WAN environments. and the Internet. RDP,anbyOncontrast, limitedise in Subscr its support only TCP/IP I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 8

- Security

Figure Chapter 7 - 3-3: The ICA's Client connectivity Envir onmentoptions

Additionally, using MetaFrame and the ICA protocol breaks the barriers imposed by RDP by extending Net w or k Managemen t application -access beyond Windows PCs. The ICA protocol supports more than 200 clients, providing Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt flexibility in access options far surpassing that of RDP. Chapter 9

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

The ICA Client Environment

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

In addition to the contributions of MetaFrame and the ICA protocol to application delivery performance,

Chapter 14 - also Clientenhances Configur ation and Deploym entclient-server environment. MetaFrame XP embodies MetaFrame the basic multiuser Chapter 15 Pr ofiles, Policies, and Pr ocedu res numerous innovations designed to facilitate a broad range of hosted application environments. Chapter 16 - Securing Client Access Considerable effort has been invested by MetaFrame XP designers to enable all applications, whether Chapter 17 Net wor k Configur at ion remote or local, to operate and interoperate as though they were local to the end user. This approach Chapter 18 the - Pruser's int in g comfort level and decreases the required training time. increases Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

The MetaFrame Desktop Chapter 20 - Migr ationICA to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 The MetaFrame desktop is designed to provide a user experience that is on par with a Windows EnvirICA onment

PC locally Pa r t Irunning V - Appendi x es installed

and executed applications. MetaFrame enables complete access to local

system resources, such 16-bit stereo audio, local drives, COM ports, and local printers, if Appendix A - I nter netw or kas ingfull Basics available. Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

The mapping of local resources can be performed automatically or by means of administrative utilities.

I ndex Specialized client capabilities such as modem dial-up are also supported. List of Figur es

Additionally, List of Tables mapped resources can be shared with the MetaFrame server, if desired. Configuration of these mappings List of Case Studiesis built into the standard Windows device redirection facilities. The client mappings appear as another network that presents the client devices as share points to which a drive letter or List of Sidebars printer port can be attached.

Seamless Windows Of course, not all MetaFrame XP implementations utilize a full-fledged "remote desktop" model (one in which there are no applications locally installed on the client). Indeed, in many environments where MetaFrame XP is deployed, clients are themselves Windows PCs configured to provide a mixture of

some locally installed applications and some remotely hosted applications. Seamless Windows is a feature of MetaFrame designed to accommodate this scenario. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

Seamless Windows is a shorthand expression referring to the capability of the Citrix ICA Win32 client 2 00 3 : Th e O ff icial Guid e to support the integration of local and remote applications on the local Windows 95, Windows 98, ISBN:0072195665 by Steve Kaplan et al. Windows NT 4.0, Windows 2000, or Windows XP desktop. When configuring a connection to the McGr aw -Hill © 2003 (724 pages) MetaFrame XP server, an administrator or user can simply select the Seamless Windows option to This guide ex plains how to build a r obust, reliable, and enable this function. scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

With Seamless Windows, the alize user application can gain access to hosted applications learn t o centr managem ent, r educe soft w ar ewithout having to load a remote desktop environment. While in a MetaFrame XP server session, the user can gain on the desktop, and connected mor e. access to local applications using the Windows taskbar. Icons for both local and remote applications < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> can be installed on the local Windows desktop, and both local and remote application windows can be Ta ble o f Con t en t s cascaded on the local desktop. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

For ewor d Keyboards The Seamless Windows environment supports the definition of multiple Multiple I ntr oduction to facilitate command entry in local and remote application environments. This prevents keyboards Pa r t I - Ov er vi e w of key Entecombinations r pr ise Se r ve r - used Ba se dby Com put in g specially mapped MetaFrame

(such as ALT-TAB) from interfering with

I ntr oducing Ser ver -Based Com puting and th e On- Dem and similar 1key -combinations used by locally executing applications. Chapter Enterpr ise

Windows Seamless Windows supports the use of the Windows Clipboard in conjunction Chapter 2 Clipboard - Window s Ter minal Ser vices with both and MetaFrame-hosted applications. Users can cut, copy, and paste information Chapter 3 local - Citr ix MetaFr am e Access Suite between running on the Pa r t I I - Deapplications signi ng a n Ent e rpr i seremotely SBC Solut ion

server or locally from the desktop. Rich text format cutand-paste is Pr fully supported. epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 I mplem ent ation Note local/remote clipboard Data is part of MetaFrame XP's overall solution set. It can be used Chapter 5 The - Ser ver - Based Computing Center Architect ure Chapter 6

independently of Seamless Windows or Program Neighborhood. - Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

The Client Envir onment Program- Neighborhood

Chapter 8

- Security

Chapter Netconcept w or k Managemen t Building9 on- the of a Seamless Windows environment, MetaFrame also delivers an easy-toPa r t I method I I - I m ple m ent ing a n Oremotely n-D e m a nd Se r ve rapplications. - Ba se d Com pu ti ng Envi r onm e nt to use for accessing hosted Similar in concept

the Microsoft Windows

Chapter 10Neighborhood, - Pr oj ect Managing and Deploying Enter ise SBC Envir onment into a client-based Network MetaFrame pushesan links to pr published applications Chapter 11 Neighborhood - Ser ver Configur ation: Windows Ter m inal Serv ices Program facility. Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

In operation, Program Neighborhood sets to MetaFrame client users. An Chapter 13 - Application I nstallation andpresents Configurapplication at ion

application set is a user's view of the applications published on a given MetaFrame server or server farm, which that user is authorized to access. A single user- authentication operation (usually initiated Chapter 15 - Pr ofiles, Policies, and Pr ocedu res when the user launches Program Neighborhood or a MetaFrame-hosted application displayed in the Chapter 16 - Securing Client Access Start menu or as an icon on the local desktop) identifies the user to all MetaFrame servers. Based on Chapter 17 - Net wor k Configur at ion the user's individual or group account parameters, the Program Neighborhood is populated with an Chapter 18 - Pr int in g application set containing each application configured for the specific user account or user group. Chapter 19 applications - Disaster Recovery Business in the SBC Envir onment Published appear and as icons and Continuity are preconfigured with such properties as session window Chapter 20 Migr ation to Window s 2003 and Citr ix MetaFrame XP size, color depth, and supported level of encryption, as well as audio and video appropriate to the user Ongoing Administr ation of the Ser v er - Based Com puting and his21 or her client device. Chapter Chapter 14 - Client Configur ation and Deploym ent

Envir onment

Pa r t I V - Appendi x es Program Neighborhood

technology is especially useful as a means to quickly publish hosted

Appendix A - that I nterare netw or k ing Basics applications intended for use by groups of users. Users can click the Program Neighborhood icon on their Windowsandesktop the corresponding entry in their Windows Start menu) to review Appendix B - Creating On- Dem(or andclick Enterpr ise Financial Analysis Model

a list of hosted applications for use. special client configuration is required to launch and Appendix C - Creating an On-available Dem and Enterpr iseNo Subscr iption Billing Model use these published applications. I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Management Features 2 00 3 : Th e O ff icial Guid e

by Steve Kaplan al. The primary management tool foretMetaFrame XP farms is theISBN:0072195665 Citrix Management Console (CMC). McGr awthat -Hill provides © 2003 (724the pages) The CMC is a Java tool user interface to control permissions, licensing, published applications, the load management feature of XPa, and the advanced This guide ex plains how to build a r obust, reliable, and features of XPe for both scalableand thinclient com puting envir onment andisdeploy resource management network management. The CMC also the interface to monitor and 2000/ Windows 2003 v er and MetaFr am e. Alsothe Microsoft standard of the manage printers,Windows users, and servers. Java wasSer chosen rather than using learn t o centr alize application managem ent, r educe soft w ar e Microsoft Manager (MMC) cross-platform compatibility. With the introduction of FR-1, on Console the desktop, and for mor e. Citrix made available the Citrix Web Console (CWC), which is not as feature-rich as the CMC, but is < ?xm l version= " 1.0"toencoding= SO- 8859- 1" ?> more convenient use at all" Itimes. Ta ble o f Con t en t s Citr The ix MetaFr CMC can am eprovide Access a Suite significant for Window loads on Serthe v er server 2003—The farmOfficial if not used Guideproperly. It is recommended that

the auto For ewor d refresh feature not be used, especially in larger farms. It is also important to publish or use theoduction CMC from the Zone Data Control (ZDC)server. Zone Data Control is further explained later in this I ntr chapter. the CMC needs located Pa r t I - Ov The er vi einformation w of Ente r prthat ise Se r ve r - Ba se d Comisput in g

in the database on the ZDC, therefore if the CMC is run from a serverSer other than the ZDC server, the server I ntr oducing ver -Based Com puting and th e OnDemneeds and to download the information Chapter 1 from the ZDCEnterpr and this ise adds one more link to the puzzle. Another way to increase efficiency in using the CMC createsfolders within the CMC to categorize published applications and servers. This Chapter 2 is- toWindow Ter minal Ser vices allows the CMC to refresh without gathering more information than is needed. Another method to Chapter 3 - Citr ix MetaFr am e Access Suite reduce load onng the is to command-line tools that only query very specific data, and thus Pa r t I I - De signi a nCMC Ent e rpr i seuse SBCthe Solut ion use the CPUPr and network efficiently. epar ing Yourbandwidth Or ganization for an On- Dem and Enterpr ise Chapter 4

-

I mplem ent ation With MetaFrame XP Feature ReleaseData 3, Citrix released the Chapter 5 - Ser ver - Based Computing Center Architect ureMetaFrame XP Management Pack for

MOM. This-isDesigning a plug-in Your for Microsoft Operations Manager (MOM) that allows administrators to Netw or k for Ser ver- Based Com put ing effectively manage the health and performance of MetaFrame XP servers from the MOM console. Chapter 7 - The Client Envir onment Since this interface is not Java based, it tends to be faster and less resource intensive. For users who Chapter 8 - Security are already using MOM for server management, this will make a great management tool. Chapter 6

Chapter 9

- Net w or k Managemen t

Pa r t I I I a- client I m ple management m ent ing a n O n-D e m a nd Se rMetaFrame ve r - Ba se d Com ti ng Envi r onm e nt From perspective, XPpu brings to the administrative

tool kit the

Chapter 10 ICA - Pr oj ect Managing and Deploying Enter pr ise SBC Envir onment Automatic Client Update utility and a toolancalled ReadyConnect to facilitate rapid application Chapter 11 - Ser ver Configur Windows Ter m administrators inal Serv ices deployment. Together, theseation: features can save many hours of tedious client

configuration tasks. Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

The Automatic ICA Client Update utility provides the means to update Citrix ICA client software centrally, from the MetaFrame server itself. The latest versions of ICA client software are identified by Chapter 15 - Pr ofiles, Policies, and Pr ocedu res the administrator, who then uses the update tool to schedule download and installation on appropriate Chapter 16 - Securing Client Access client devices. This utility reduces the need to travel from client to client throughout the enterprise in Chapter 17 - Net wor k Configur at ion order to install and configure the latest version of ICA client software. Chapter 14 - Client Configur ation and Deploym ent

Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Businessto Continuity in the at SBC onment ReadyConnect enables client connections be predefined theEnvir server. By capturing ICA client connection including phones numbers, IP addresses, server Chapter 20 -data, Migr ation to Window 2003 and Citr ix MetaFrame XP names, and other connection

options, applications be mass-deployed the puting enterprise with speed and agility. Users Ongoing can Administr ation of the Serthroughout v er - Based Com Envir onmentacross predefined connection points through a simple point-and-click can access applications Pa r t I V - Appendi x es operation. Chapter 21 -

Appendix A - I nter netw or k ing Basics

NoteB While thesean tools we Financial recommend that Model Web Interface for MetaFrame be Appendix - Creating On-are Demconvenient, and Enterpr ise Analysis

instead deploy andEnterpr manage and Model configurations. This technique will be Appendix C used - Creating antoOnDem and ise client Subscrversions iption Billing I ndex

thoroughly discussed in the "Web Interface for MetaFrame" section of this chapter and later inChapter 16.

List of Figur es List of Tables

Zone Data Collectors

List of Case Studies

List of Sidebars zone data collectors is critical to optimizing larger farm performance. Zone data Understanding

collectors (ZDC) are used to keep information within a server farm up-to-date between member servers and other ZDCs. Every server farm has at least one zone that is set up by default. The trick is to design the right number of zones in a farm so that each ZDC does not get overloaded with traffic from its member servers. In larger farms with 50 or more servers, the ZDC is best served by a MetaFrame XP server that does not accept ICA connections. Generally, zones start degrading performance between 100 and 300 servers, depending on the

number of logins, applications served, and changes in server load. Performance can be maintained in larger farms by creating additional zones. The trade-off of adding more zones is the open link (and thus the bandwidth to maintain updates each ZDC Citrequired) rix Me t aFra m e Access Su it e between fo r W in do w s Ser verso that all updated data can be propagated throughout ForGuid optimal performance, it is best to keep the number of zones to a 2 00 3 : the Th e farm. O ff icial e minimum, but stillbykeep each zone enough to be efficient. ISBN:0072195665 Steve Kaplan et small al. McGr aw -Hill © 2003 (724 pages)

The ZDC tracks data that is dynamically collected from the farm to include server load, license This guide ex plains how to build a r obust, reliable, and utilization, and session information. The more static data for a farm is maintained by the IMA data store scalable thin- client com puting envir onment and deploy including total licensing, applications, administrators, server names in the farm, Windowspublished 2000/ Windows 2003 Ser v er and MetaFrpermissions, am e. Also learn t o centr alize application managem ent, r educe soft w ar e and trust relationships. on the desktop, and mor e.

The ZDC is chosen with an election process. The variables used for the election process are first the < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> software version, second the administrator-defined preference, and third the host ID. The important Ta ble o f Con t en t s thing to keep in mind is that the software version overrides even the administrator-defined preference. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide Because of the amount of communication that takes place between ZDCs, we do not recommend For ewor d setting up zones that cross WAN links. The zone traffic data that is sent across WAN links is not I ntr oduction manageable within Citrix, but appliances like the Packeteer PacketShaper can manage this bandwidth Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g utilization. I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Independent Management Architecture

Chapter 3 - XP Citrintroduced ix MetaFr amthe e Access Suite Management Architecture (IMA) to replace the ICA MetaFrame Independent Pa r t I I - De signi ngIMA a n Ent i se SBC Solut ion browser service. is ae rpr tremendous improvement

over the ICA browser with respect to speed,

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise scalability, Chapter 4 -and reliability of enterprise server farms. I mplem ent ation

IMA contains twover components. The IMA data store is responsible for keeping information about Chapter 5 - Ser - Based Computing Data Center Architect ure licenses, applications, load-balancing parameters, printer options, and security. The IMA Chapter 6 published - Designing Your Netw or k for Ser ver- Based Com put ing protocol for communications between MetaFrame XP servers that maintain accurate Chapter 7 is responsible - The Client Envir onment information server load, license usage, and user connections. Chapter 8 - about Security Chapter 9

- Net w or k Managemen t

The IMA service runs on all MetaFrame XP servers to communicate with the Citrix Management Console, other MetaFrame XP servers, and the IMA data store. Each Citrix farm has one IMA data Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment store connected to an ODBC database. The databases that are presently supported are MS Jet (FR-3 Chapter 11 Jet - Ser ver Configur ation:support), Windows Microsoft Ter m inal Serv replaced support with MSDE SQLices Server 7 or later, IBM DB2, and Oracle 7.3.4 Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser or later. Additional licensing is required from Microsoft, IBM DB2, orver Oracle if MSDE is not used. Each Chapter 13 Application I nstallation and Configur at ion server downloads its configuration updates each time it is started (when the IMA services start); it also Chapter Client Configur ation and Deploym checks14 for -changes every ten minutes. Whenent an administrator is doing testing and maintenance, it is Chapter 15 - necessary Pr ofiles, Policies, Pr ocedu res sometimes to haveand more immediate response for changes. This can be done by executing the dsmaint command Chapter 16 - recreatelhc Securing Client Access from a command prompt on the MetaFrame XP server. When each server queries data store, Chapter 17 - Netthe worIMA k Configur at ion it only downloads relevant changes, which reduces the amount of traffic on network. Chapter 18 the - Pr int in g The local server stores this data in its Local Host Cache. This is helpful for increasing of local queries, andContinuity the data in is the retained for 96 hours in case of Chapter 19 performance - Disaster Recovery and Business SBC Envir onment communications problems with the centralized IMA data store. Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XPthe zone data collector is also involved in this communication and will ation be addressed next Com section. Ongoing Administr of the Serin v erthe - Based puting Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 21 -

Envir onment

Access to the data store can be done via "direct" or "indirect" mode. Direct mode means that each server directly accesses the database using ODBC, whereas in the indirect mode the servers Appendix A - I nter netw or k ing Basics aggregate queries through one MetaFrame server and it communicates to the data store. When using Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model MS Jet (or MSDE in Feature Release 3) for the data store indirect mode must be used because of Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model performance and locking issues. Direct or indirect mode can be used with SQL, IBM DB2 or Oracle. I ndex For small farms (50 servers or less), MSDE can work but has the disadvantage of requiring indirect List of Figur es point of failure), is much more likely to get corrupted data, and can be a performance mode (single List of Tables bottleneck. For farms that are mission-critical and larger than ten servers, using direct mode with SQL, List of DB2, Case or Studies IBM Oracle is recommended. The SQL, IBM DB2 or Oracle server does not need to be List of Sidebars dedicated to the data store, since these databases support more than one database per server, assuming, of course, that sufficient server resources are available. Pa r t I V - Appendi x es

Data store replication is a concern in larger farms. When a server queries the data store (especially over slow link speeds) other servers could timeout and cause problems. SQL, IBM DB2, and Oracle contain integrated replication capabilities that are effective in solving this problem (the dual-commit model is recommended). When planning the resources for the data store, a good rule of thumb is to allocate about 200KB of disk space for each MetaFrame XP server.

Resource Manager Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

MetaFrame XPe 2is00 required when using Resource Manager (RM). This product equips administrators 3 : Th e O ff icial Guid e with a full-featured management tool suite for analyzing and tuning Citrix MetaFrame XPe servers. RM ISBN:0072195665 by Steve Kaplan et al. adds real-time monitoring, historic reports, and a central repository of usage information and statistics McGr aw -Hill © 2003 (724 pages) to the MetaFrame product suite. This guide ex plains how to build a r obust, reliable, and

scalable thin- client com puting envir onment and deploy Resource Manager keeps data for 96 hours with an internal database (15-second server snapshots) Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also and integrates with Microsoft Oraclemanagem databases torstore learn t o centrSQL alize and application ent, educelong-term soft w ar e statistics. The local database will utilize about 7MB ofand data for on the desktop, mor e. each metric to maintain data for 96 hours. The local database is only compressed when the IMA service is started; this provides one more reason to script < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> reboot the MetaFrame XP servers every 24 to 48 hours. The link http://www.citrix.com/download Ta ble o f Con t en t s contains a group of predefined free crystal reports available for use with a Microsoft SQL/Oracle Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide database. For ewor d

I ntr oduction While monitoring the server statistics, RM can send out e-mail, pages, or SNMP traps when predefined Pa r t I - are Ov ermet vi e w(for of Ente r pr isewhen Se r veCPU r - Ba seutilization d Com putreaches in g loads example,

60 percent, RM can send the Citrix

I ntr oducing Ser ver -Based Com puting and th e On- Dem and administrator Chapter 1 - group an e-mail). RM uses metrics to define monitored parameters, alert thresholds, and Enterpr ise once defined, can be applied to servers or published applications. Hundreds of configurations. Metrics, Chapter 2 metrics - Window Ter minal with Ser vices example aresincluded the RM installation. Citrix recommends, for performance reasons, Chapter 3 - more Citr ix than MetaFr e Access not to have 50am metrics perSuite server. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

The farm metric server is the server thatOnmanages of the Pr epar ing Your Orcentral ganization for an Dem and all Enterpr isemetrics on each of the servers and published applications. By default, the first server in the farm to have RM installed on it becomes the I mplem ent ation farm metric this can Data be moved the administrator at any time. Better performance Chapter 5 - server, Ser ver -although Based Computing Centerby Architect ure can be achieved by having the farm metric server on the same machine as the zone data collector. Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing RM can be installed on a second server in the farmer, which will automatically become the backup Chapter 7 - The Client Envir onment farm metric server for use if the primary goes offline. The metric data can be stored on the same SQL Chapter 8 - Security or Oracle server as the IMA data store if the server has sufficient resources. The database connection Chapter 9 - Net w or k Managemen t server is responsible for communicating with each MetaFrame server and the summary database Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt (SQL or Oracle) if data needs to be retained past 96 hours. Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 4

Chapter 11 - Ser ver Configur Windows Each defined metric has six ation: possible states:Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Green theI metric is operating within acceptable limits. Chapter 13 -indicates Application nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Yellow indicates the metric has exceeded the time and value limit.

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Chapter 16indicates - Securing Red the Client yellowAccess limit has been exceeded and administrator action has been executed (eChapter 17 Net wor k Configur ionso on). mail, page, SNMP traps, at and Chapter 18 - Pr int in g

Blue a new metric that is not completely defined. Chapter 19 indicates - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Grey indicates a metric that is paused (snooze) for a predetermined amount of time; in this state,

Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 is-still collected, but alerts are not processed. data Envir onment Pa r t I V - Appendi x es

Black is a sleep state; data is still collected, but alerts are not processed.

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Network Manager

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

Network Manager (NM) is used for limited management through SNMP and to view MetaFrame XP

List of Figurfrom es HP OpenView, Tivoli NetView, and CA Unicenter. This tool can be useful for companies statistics List of Tables that have existing SNMP management software. NM is a component of XPe only. Since security can List Case Studies through SNMP, security is a primary configuration concern. If possible, SNMP should be of compromised List Sidebars be of left read-only (the default setting for Window 2000/Windows Server 2003) and all MetaFrame XP

management should be done through the CMC or MOM plug-in. If it is critical to restart, terminate processes, disconnect sessions, log off sessions, send messages, and shut down, SNMP requires read-create or read-write permissions. In this case, SNMP should be locked down by limiting these SNMP privileges to only the IP address of the SNMP management server. SNMP is discussed in further depth in Chapter 9.

Installation Manager Citrix Installation Cit Manager the rix Me t(IM) aFraismdesigned e Access to Suautomate it e fo r W in doapplication w s Ser ver installation process and 2 00replication 3 : Th e O ffacross icial Guid e facilitate application MetaFrame XP servers throughout the enterprise. Through the ISBN:0072195665 use of IM, applications canKaplan be distributed across multiple servers in minutes rather than days or weeks. by Steve et al. IM is available asMcGr a part MetaFrame XPe only. IM is fully integrated into the CMC. awof -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and

IM is especially useful in organizations more than 10 XP servers, or having scalable thin- client comutilizing puting envir onment andMetaFrame deploy numerous and frequently applications. Invthese the automation offered by IM Windows updated 2000/ Windows 2003 Ser er andenvironments, MetaFr am e. Also learn t o and centradministrative alize applicationtime-savings. managem ent, r educe soft w ar e can yield significant cost on the desktop, and mor e.

IM contains components: < ?xm l version=two " 1.0" encoding= " Ithe SO-Packager 8859- 1" ?> and the Installer. With the Installer deployed to all Citrix servers in the enterprise, the Packager makes replicating applications a simple two-step "package and Ta ble o f Con t en t s publish" process. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

The Packager runs on its own PC or server, while the Installer runs as a background service on each

I ntr oduction XP server and is transparent to the user. MetaFrame Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

The Packager I ntr provides oducing the Ser administrator ver -Based Comwith puting a wizard and th that e On-supports Dem and the step-by-step process of ise installing andEnterpr configuring an application. The result is a "package" that contains all application files and Chapter 2 that - Window s Terthe minal Ser vices setup process. a "script" describes application Chapter 1

Chapter 3

- Citr ix MetaFr am e Access Suite

To an application to MetaFrame Pa r t "push" I I - De signi ng a n Ent e rpr i se SBC SolutXP ion servers

equipped with the Installer, publish the script to those servers. application will then be installed onto MetaFrame XP Pr The epar ing Your Or ganization fordistributed an On- Demand and automatically Enterpr ise Chapter 4 servers across the enterprise. I mplem ent ation Chapter 5

- Ser ver - Based Computing Data Center Architect ure

IM also helps to sort out uninstall issues associated with many applications. For example, with many - Designing Your Netw or k for Ser ver- Based Com put ing uninstall programs, application components can be left behind on the server. With IM, the Installer Chapter 7 - The Client Envir onment component tracks every application component installed and completely uninstalls the components Chapter 8 - Security when the administrator elects to "unpublish" the application on a specific server. This simplifies the Chapter 9 - Net w or k Managemen t relocation of applications from one server to another. Chapter 6

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Load Management

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Load management is available inMetaFrame XPa and XPe versions to assist administrators in maximizing the utilization of server resources and maintaining optimum user experience. Load Chapter 14 - Client Configurfamiliar ation andtoDeploym ent management is a concept many administrators of Microsoft Terminal Server Edition, but it Chapter 15 Pr ofiles, Policies, and Pr ocedu res has a special meaning in the context of MetaFrame XP server operation. Chapter 13 - Application I nstallation and Configur at ion

Chapter 16 - Securing Client Access

With Microsoft's NTkServer 4.0at TSE, Windows 2000, and Windows Server 2003 operating systems, Chapter 17 - Net wor Configur ion multiuser Chapter 18 computing - Pr int in g capabilities are viewed as a service, much like SQL or Exchange services. Due to this orientation, Microsoft's approach to balancing system load across multiple servers focuses less on Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment the nature requirements of the loadand itself (application sessions in the case of multiuser Chapter 20 and - Migr ation to Window s 2003 Citr ix MetaFrame XP

computing), and more on the distribution of the session load across multiple systems. In effect, clients

Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 are presented withonment a virtual IP address representing multiple servers with replicated resources and Envir

services. As each Pa r t I V - Appendi x esserver

reaches a load threshold, incoming client session requests are forwarded to a

server with resources. Appendix A -available I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

MetaFrame XP takes load managing from the server level to the application level, adding features such as automatic session reconnection and enhanced manageability to terminal services, fine-tuning I ndex the concept of load management considerably. Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model List of Figur es

With XP Load Management, an application can be published for execution on any or all List of MetaFrame Tables MetaFrame servers in a server farm. When an application or desktop session that has been configured List of Case Studies for ofmultiple servers is launched by an ICA client, MetaFrame XP Load Management selects which List Sidebars server will run the application based on a set of tunable parameters. Administrators have access to load management variables via the Citrix Management Console (CMC).

How the Load Manager Works Administrators use the CMC to set load-management parameters. Load management makes decisions based on administrator-defined rules that define lower and upper limits on a number of

variables that are defined by load evaluators tracked on each server. Load evaluators are numbers between 0 (free) and 10,000 (fully utilized). The zone data collectors are responsible for keeping track of each server's load evaluators and directing least-busy servers. When more than one Cit rix Me t aFra m e Access Suusers it e fo rtoWthe in do w s Ser ver rule is applied to 2a00 load evaluator, the evaluator with the highest load value defines the load of the 3 : Th e O ff icial Guid e server. ISBN:0072195665 by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

Load evaluators can have up to 12 rules. These rules can be broken into four categories: moving This guide ex plains how to build a r obust, reliable, and average, moving scalable averagethincompared to high threshold, incremental, and Boolean. These categories client com puting envir onment and deploy are explained in more detail next. Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

Moving average uses rules based onmor percentage values to calculate load values. The administrator on the desktop, and e. defines a low threshold where the load manager reports no load and a high threshold that the load < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> manager reports a full load. When the moving average is between the low and high thresholds, the Ta ble o f Con t en t s load is determined as the percentage multiplied by 10,000. Two-rule types operate with the moving Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide average: CPU utilization, constituting the average usage of CPUs; and memory usage, which is the For ewor d average of the physical and virtual memory in the server. I ntr oduction

Pa r t I moving - Ov er viaverage e w of Ente r pr ise Se rto ve rthe - Bahigh se d Com put in g reports The compared threshold

no load when the moving average is

I ntr oducing Ser ver -Based Com puting and th e On- Dem and below the Chapter 1 low - threshold. When the moving average is at or above the high threshold, the load Enterpr ise load. When the moving average is between the low and high thresholds, the manager reports a full Chapter 2 - Window s Ter minal Ser vices load manager reports a load value based on the upper threshold value and 0. The lower threshold Chapter Citr ixinMetaFr am e Access SuiteThere are five rules that use moving average compared to the value is3 not- used calculating the load. Pa r t I Ithreshold. - De signi ng a n Ent e rpr i se SBC Solut ionload high Context Switches calculate

based on CPU context switches, meaning the OS

Pr eparprocesses. ing Your Or ganization for an On- Dem and switches Disk Data I/O calculates loadEnterpr basedise on all I/O throughput in kilobytes of Chapter 4 between I mplem ent calculates ation disks. Disk Operations load based on disk operations per second for all disks. Page Faults Chapter 5 - Serbased ver - Based Computing Center Architect ure calculates load on the numberData of page faults per second, which is the number of pages that the Chapter 6 System - Designing Your Netw k forbeen Ser verBased to Com putPage ing Swap calculates load based on the Operating accesses thator have flushed disk. Chapter The swaps Client Envir onment which happens when the OS swaps physical memory to virtual number7 of -page per second, Chapter memory 8 on- disk. Security Chapter 9

- Net w or k Managemen t

The incremental rules are user friendly and do not require performance monitor or calculations between upper and lower thresholds. All calculations are based on a full load maximum value Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment specified by the MetaFrame XP administrator. When the maximum number specified is reached, the Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices load manager reports full load. Otherwise, the load manager reports a percentage based on the Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver maximum. The load value is calculated by dividing 10,000 by the rule value, then multiplying that value Chapter 13 - Application I nstallation and Configur at ion by the current counter. Three rules are in this classification; Application User Load calculates the load Chapter 14 - Client Configur ation and Deploym ent based on the number of users connected to an application. Server User Load calculates the load Chapter 15 the - Pr ofiles, Policies, Pr ocedu res based on number of usersand connected to a server. License Threshold calculates load based on the Chapter 16 Securing Client Access number of assigned connection license counts in use on the server. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 17 - Net wor k Configur at ion

Boolean on conditions being either true or false. If the conditions are met, or found to Chapter 18rules - Prare int inbased g be "true," is allowed. it is Continuity denied. These used in conjunction with other Chapter 19 access - Disaster RecoveryOtherwise, and Business in therules SBC can Envirbe onment load evaluator rules, they haveand no Citr associated load values. If no other rules are applied in Chapter 20 - Migr ationbecause to Window s 2003 ix MetaFrame XP

conjunction with a Boolean rule, all connections directed to the same server. When one of these Ongoing Administr ation of the Ser v er -are Based Com puting Chapter 21 -effect, it does not enforce the rule on users already connected. For instance, if the rules takes Envir onment Scheduling rulexdisables Pa r t I V - Appendi es

an application at a certain hour, users employing the application can stay

connected. log off, they cannot reconnect to the application during the hours it is Appendix A - However, I nter netwiforthe k ingusers Basics disabled.B Boolean rules twoand evaluators. Range enables disables access to a server or Appendix - Creating an have On- Dem Enterpr iseIPFinancial Analysis or Model

published based on source IP address. IP iption Range rulesModel do not function in mixed mode. Appendix C application - Creating an On- Dem and Enterpr ise Subscr Billing Scheduling enables or disables access to a server or published application during specific time periods. Scheduling, like all load evaluators, is checked only during login/application launch.

I ndex

List of Figur es List of Tables

Load Management in a Mixed Citrix Environment

List of Case Studies

List of MetaFrame Sidebars The XP farm needs to be kept in mixed mode to allow the use of load management when

MetaFrame 1.8 or MetaFrame for UNIX servers are to coexist with MetaFrame XP servers. When operating in mixed mode, MetaFrame XP servers communicate with MetaFrame 1.8 servers through the ICA Browser and Program Neighborhood services. MetaFrame XP servers communicate with each other using IMA, but the ICA Browser service is responsible for application resolution and communication with MetaFrame 1.8 and MetaFrame for UNIX servers. For load balancing to work correctly in mixed mode, a MetaFrame XP server must be the master ICA Browser. The following differences exist between operating in native mode:

In mixed mode, application load evaluators and IP Range rules are ignored. qfarm reportsCitload information MetaFrame only. rix Me t aFra m e from Access Su it e fo r XP W inservers do w s Ser verUse qserver/load to view load 3 : Th e O ff icial Guid e information in2 00 a mixed-mode environment. by Steve Kaplan et al.

ISBN:0072195665

The load monitor tool reports XP information only. McGr aw -Hill © 2003MetaFrame (724 pages) This guide ex plains how to build a r obust, reliable, and

Published applications must have the same name (case-sensitive) in both farms for load scalable thin- client com puting envir onment and deploy balancing to Windows work. 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver ApplicationCitPublishing 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve Kaplan et installation al. Application publishing refers to the and configuration of applications on a multiuser server McGr aw -Hill 2003 (724 pages) (or server farm), so they can ©be accessed readily by users. MetaFrame enhances the basic application publishing capabilities of TSE by providing Published Application Manager to facilitate the process of This guide ex plains how to a build a r obust, reliable, and scalable thin- client com puting envir onment and deploy fielding an application.

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent,only r educe soft wthe ar e burden of administrators, The objective of the Published Application Manager is not to ease on the desktop, and mor e. but also to shield users from the complexities of setting up applications for use on their clients. When < ?xm l version= " 1.0" encoding=using " I SO-the 88591" ?> an application is published Published Application Manager utility, user access is simplified in Tathree ble o fways: Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

Application addressing Instead of connecting to a MetaFrame server by its IP address or server name, users can connect to a specific application by whatever name has been assigned to the Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g application itself. Connecting to applications by name eliminates the need for users to remember I ntr oducing Serwhich ver -Based Com puting and th e On- Dem and which contain applications. Chapter 1 servers I ntr oduction

Enterpr ise

Chapter 2

- Window s Ter minal Ser vices

Application applications published under MetaFrame, the user does not need to Chapter 3 - Citr ixnavigation MetaFr am e With Access Suite knowledge NT Pa r t I possess I - De signi ng a n Ent eof rprthe i se Windows SBC Solut ion

4.0, Windows 2000, or Windows Server 2003 desktop (Windows NT Explorer or ganization Program Manager) find and start ise applications after connecting to Pr epar ing Your Or for an On- to Dem and Enterpr Chapter 4 MetaFrame servers. Instead, published applications present the user with the desired application I mplem ent ation in an session. Chapter 5 ICA - Ser ver - Based Computing Data Center Architect ure Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7 authentication - The Client Envir onmentof logging on and logging off multiple MetaFrame servers to access User Instead Chapter 8 - Security applications, Program Neighborhood allows users to authenticate themselves a single time to all Chapter 9 - and Net wobtain or k Managemen servers immediatet access to all applications configured for their user group or specific Pa r t I username. I I - I m ple m Also, ent ingpublishing a n O n-D e m a nd Se r ve r - for Ba se d Com pu ti ng Envi r onm euser nt applications the special Anonymous

group allows user

Chapter 10 - Pr oj ectprocesses Managing and an completely. Enter pr ise SBC authentication to beDeploying eliminated ThisEnvir canonment be a useful time-saver when Chapter 11 - Serapplications ver Configurfor ation: Windows Servon ices publishing general use Ter by m allinal users the network. Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

User Accounts

Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - application Pr ofiles, Policies, and Prprovides ocedu resICA session access to two types of user accounts: MetaFrame publishing anonymous explicit. Before publishing an application, it is important to first consider who the users Chapter 16 - and Securing Client Access

will be, 17 what theywor will be doingatwhen they run the application, and where they will be connecting from. Chapter - Net k Configur ion This will18define whether the users should be anonymous or explicitly defined (named users with full Chapter - Pr int in g authentication). Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

The total number of users, whether anonymous or explicit, who can be logged on to the MetaFrame

Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 the - same time is contingent upon an organization's licensed user count and on server and server at Envir onment

bandwidth limitations. These limitations need to be clearly understood before proceeding with application publishing (Chapter 11 discusses server and farm sizing in detail).

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Anonymous User Accounts

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex During MetaFrame installation, the Setup program creates a special user group called "Anonymous." List Figur esthis local Windows 2003 account contains 15 user accounts with account usernames in the By of default, List of Tables format Anon000 through Anon015. Anonymous users are afforded guest permissions by default. List of Case Studies

Note Anonymous user accounts are local user accounts (non-domain), and although there are 15 of them created by default, additional ones will be created on the fly by the server to ensure that each Anon connection remains unique. If Anon connections are not going to be used, it is recommended that the accounts be disabled (but not necessarily deleted, due to possible future use) for security reasons.

List of Sidebars

If an application that is to be published on the MetaFrame server is intended to be accessed by guestlevel users, the application can be configured using the Published Application Manager to allow access by anonymous users. When a user starts an anonymous application, the MetaFrame server

does not require an explicit username and password to log the user on to the server, but selects a user from a pool of anonymous users who are not currently logged on. Anonymous user accounts are granted minimal ICA session permissions, Cit rix Me t aFra m e Accessincluding Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Ten-minute idle (no user activity) time-out.

ISBN:0072195665 by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages) Automatic End Session on broken connection or time-out. This guide ex plains how to build a r obust, reliable, and thin- client com puting envir onment and deploy No passwordscalable requirement. Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn be t o centr alize application Password cannot changed by user. managem ent, r educe soft w ar e on the desktop, and mor e.

Anonymous not 8859have 1" a ?> persistent identity. That is to say, no user information is < ?xm l version= user " 1.0" accounts encoding=do " I SOretained when an anonymous user session ends. Any desktop settings, user-specific files, or other Ta ble o f Con t en t s resources or configured by thesuser discarded Official at the end of the ICA session. Because of Citr ix MetaFrcreated am e Access Suite for Window Ser vare er 2003—The Guide the inherent permission limitations of anonymous user accounts, the 15 anonymous user accounts For ewor d created during MetaFrame installation usually do not require any further maintenance.

I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Explicit User Accounts I ntr oducing Ser ver -Based

Chapter 1

-

Com puting and th e On- Dem and

Enterpr ise

Explicit users, which are created and maintained via the Active Directory User Manager, have a - Window s Ter minal Ser vices "permanent" existence. Their desktop settings, security settings, and so on, are retained between Chapter 3 Citr ix MetaFr am e Access Suite sessions for- each user in a user profile. Chapter 2

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Explicit4users Chapter - can be of any user class and are generally created for a specific purpose. Their access I mplem ation by using the Active Directory User Manager. permissions may beent changed Chapter 5

- Ser ver - Based Computing Data Center Architect ure Identifying groupsYour of users access to an application that is about to be published will aid Chapter 6 what - Designing Netwwill or k have for Ser ver- Based Com put ing

in server linkClient resource Chapter 7 and - The Envirplanning onment and may even expedite the publishing process. Administrators can capitalize group settings and extend application access to multiple users concurrently. Conversely, Chapter 8 on - Security using the group is a handy way to make general-purpose applications available to the Chapter 9 Anonymous - Net w or k Managemen t broadest possible user community in the least amount of time.

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

MetaFrame Password Manager

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix(CMPM) MetaFr am Presentation Sersolution ver Citrix MetaFrame Password Manager is ea single sign-on designed specifically for Chapter 13 Application I nstallation and Configur at ion MetaFrame XP and MetaFrame Secure Access Manager. CMPM provides password security and Chapter 14 - Client Configur ation andweb, Deploym ent single sign-on access to Windows, proprietary, and host-based applications running in the Chapter 15 - Access Pr ofiles,Suite Policies, and Pr ocedu res authenticate once with a single password, and MetaFrame environment. Users Chapter 16 - Password Securing Client Access MetaFrame Manager does the rest, automatically logging in to any password-protected

information policies, monitoring all password-related events, and Chapter 17 - system, Net wor kenforcing Configur atpassword ion automating Chapter 18 - end-user Pr int in g tasks, including password changes. Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

CMPM is comprised of three components:

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation store of the the Ser password v er - Based Com A Directory Service to centrally and puting user information. Three choices are Chapter 21 Envir onment

available: File Sync (comes native with CMPM), Microsoft Active Directory, and LDAP, which consists of Sun ONE Identity Server and Novell eDirectory.

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix TheBMetaFrame - Creating Presentation an On- Dem and Server Enterpr Agent—a ise Financial 32-bit Analysis agent Model that runs on MetaFrame servers or on

a local workstation Appendix C -client Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

MetaFrame Password Manager Console

List of Figur es

List of Tables Once a user has logged in and authenticated to a directory service, the agent intercepts any future List of Case requests Studies with a query, asking if the user would like the password manager to manage this password List of Sidebars password. If the user answers yes, then the password information is stored in the central directory

service store and handed back to the client workstation when the workstation queries for that password again. MetaFrame Password Manager enhances security by centralizing security policies, providing an encrypted file for each user's credentials, and allowing IT administrators to automatically generate passwords that are more difficult to crack and to change them more frequently, if needed.

CMPM can either be purchased with the Access Suite Bundle or individually. rix Me t aFra m e Access Su it e fo r W in do w s Ser ver ApplicationCitPublishing Security 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve the Kaplan al. In addition to considering useretpopulation for an application, administrators also need to consider McGr aw -Hill © 2003 (724 pages) they are planning to publish. MetaFrame XP provides the security requirements of the applications additional methods, those Microsoft for securing access to applications Thisbeyond guide ex plainsofhow to buildoperating a r obust, systems, reliable, and thin- server. client com puting envir onment and deploy published on the scalable MetaFrame

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e Users to Published Applications on the desktop, and mor e.

Limiting

< ?xm Users l version= of a specific " 1.0" encoding= connection " I SOtype 8859(dial-up, 1" ?> for example) can be restricted to running published Taapplications ble o f Con t en t s By allowing users to solely access predefined applications, unauthorized users are only. prevented obtaining access to thesWindows desktop or a command Citr ix MetaFrfrom am e Access Suite for Window Ser v er 2003—The Official Guide prompt as their initial

application unless published by an administrator. This type of security may be obtained by using the For ewor d Advanced I ntr oduction Connection Settings dialog box in the Connection Configuration utility. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

It is important to note however that many applications and utilities have major security holes (for

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 some example, applications permit a user to launch other applications [explorer.exe or cmd.exe] from Enterpr ise

within them). Thus assignificant amount Chapter 2 - Window Ter minal Ser vices of time must be spent putting in place policies, profiles, and

registry changes to more securely lock down the operating system and applications. Enterprise - Citr ix MetaFr am e Access Suite environments should consider a lockdown application (two popular lockdown application companies that are certified to work in an SBC environment are triCerat RES and AppSense, covered in more Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter depth in4 Chapters 11, 13ation and 15) to specifically automate the lockdown tasks. I mplem ent Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Limiting -Applications Designing Your Netw or k for Ser ver- Based

Chapter 6

Com put ing

Chapter 7 Management - The Client Envir onment The Citrix Console allows an administrator to restrict an application to specified users or Chapter - Security groups8of users, assuming they have been given explicit user access. Chapter 9 - Net w or k Managemen t Pa r t I I I - I m ple m ent ing aand n O n-D e m a nd SeAccess r ve r - Ba se d Com pu ti ng Envi r onm e nt Firewall Security Limited from Non-Authorized

External Users

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

With security at the of most enterprise the Internet firewall has become non-optional Chapter 11 - Ser ver forefront Configur ation: Windows Ter mactivities, inal Serv ices for every to protect theirCitr resources non-authorized Internet intrusion. But, since the Chapter 12 enterprise - Ser ver Configur ation: ix MetaFrfrom am e Presentation Ser ver

Internet13is such a necessary accessand method foratmany Chapter - Application I nstallation Configur ion users, the firewall often poses a very difficult

trade-off—full security versus easy access. MetaFrame Secure Gateway solves this trade-off by providing both easy access and industry recognized security. MetaFrame Secure Gateway is covered Chapter 15 - Pr ofiles, Policies, and Pr ocedu res in much more depth later in this chapter, as well as in Chapter 16. Chapter 14 - Client Configur ation and Deploym ent Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

Usernames and Passwords

Chapter 18 - Pr int in g

Chapter Disaster Recovery andare Business Continuity in the XP SBCsupports Envir onment As long19as -explicit user accounts specified, MetaFrame a large number of authentication approaches. For starters, strong password authentication is essential for security (see Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Chapter 8 forOngoing a more Administr detailed password Even ation of thediscussion). Ser v er - Based Combetter, puting consider a second factor Envir onment (using not only something a user knows, but a second authentication method authentication approach Pa r t I Vas - Appendi x es unique that only a specific user has), such as a smart card, token, or biometric). such something Appendix A - XP I nter netwisorfully k ing integrated Basics MetaFrame FR-3 with RSA and Secure Computing's second factor authentication, as wellanasOna large variety of authentication tools (biometric, smart card, and so on) that Appendix B - Creating Dem and Enterpr ise Financial Analysis Model integrateCwith RSA and authentication software. Additionally, companies like Appendix - Creating an Secure On- DemComputing's and Enterpr ise Subscr iption Billing Model Secure Computing provide a method to integrate the second factor authentication with MetaFrame I ndex Web Integration access, Program Neighborhood access, and Windows 2000 Active Directory access, List of Figur es to make authentication seamless to the user community. See Chapter 8 for more detail and discussion List of Tables on of security. List Case Studies Chapter 21 -

List of Sidebars

ACLcheck Utility An ACLcheck utility supplied with MetaFrame examines the security ACLs associated with MetaFrame XP files and directories. This utility can be used to report on any potential security breaches.

Application Execution Shell The Application Execution Shell (App) in MetaFrame allows administrators to write application

execution scripts that perform actions before and after application execution. These scripts can be used in connection with other security utilities to check the security of MetaFrame servers and clients. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix a MeWeb t aFra mApplication e Access Su it e fo rAccess W in do w s Ser ver MetaFrameCitas Center 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve Kaplan et al. In these days of electronic business and the Internet, companies are also porting applications to McGr aw -Hill © 2003 (724 pages) intranets, extranets, and to the Internet, where they can be used by business partners and even consumers. MetaFrame XPexfacilitates this with MetaFrame This guide plains how to objective build a r obust, reliable, andWeb Interface, Web Interface scalable thin-Secure client com putingManager. envir onment deploy Extensions, and MetaFrame Access Oneand thing common to all versions of Web Windows 2000/ Windows 2003 Ser v ersign-on and MetaFr am e. Also Interface is the ability to use passthrough or single for multiple applications.

learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

MetaFrame Secure Gateway

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

In our view, one of the most significant new features developed by Citrix in the past three years is MetaFrame Secure Gateway, which is included in all editions of MetaFrame XP. Although Citrix has For ewor d long provided access via the Internet, enterprise organizations often struggled with providing Internet I ntr oduction access to SBC environments due to security concerns. Although both Citrix's ICA and Microsoft's RDP Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g support 128-bit encryption, both protocols also require that firewall ports be opened, at both the client I ntr oducing -Based This Com puting th e OnDem and and data-center sides of Ser thever Internet. firewalland change creates both logistical and security Chapter 1 Enterpr ise challenges for companies, especially in instances where the far-side firewall may not be influenced. Chapter 2 - Window s Ter minal Ser vices One example of this is when a company's employees are housed on other company's campuses Chapter 3 - Citr ix MetaFr am e Access Suite (either temporarily or for the duration of a longer project), and, as such, often cannot affect the firewall Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion rules at their location. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Chapter 4

-

Chapter 9

- Net w or k Managemen t

I mplem ent ation Secure Gateway solves this problem by converting ICA traffic from port 1494 to port 443 (SSL) in the Chapter 5 - DMZ. Ser verSince - BasedSSL Computing Data Center Architect ureand utilized for many other web purposes, data-center is a widely supported standard Chapter 6 a - very Designing Yourand Netw or k for Ser ver- Based Com put ingfor traffic traversing firewalls and the it provides standard accepted transmission method Chapter 7 Secure - The Gateway Client Envir onmentseveral additional server hardware components. See Figure 3-4 for Internet. requires Chapter a diagram 8 of - Security a Secure Gateway implementation. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Figure 3-4: MetaFrame Secure Gateway example deployment

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Web Interface for MetaFrame

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

MetaFrame XP includes MetaFrame Web Interface for (formerly NFuse Classic) with the XPs and XPa editions. This product enables users to integrate applications and data that are published into Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model customized web portals for the end user, who then can access applications via a web browser. Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model I ndex

List of Figur es In addition to publishing applications to the familiar web browser interface, another popular use of List MetaFrame of Tables Web Interface for is to deploy the ICA client itself. MetaFrame Web Interface provides for

automatic download and updates of the ICA client, largely transparent to the user, upon user login. List of Case Studies This List of provides Sidebars a very fast and clean deployment and update mechanism for first-time Citrix users and remote users. Using MetaFrame Web Interface, the presentation layer elements of multiple applications can be combined on a single page for exposure to the end user as a single, unified application. A simple wizard is provided to aid the administrator in defining the portal contents, which may include applications hosted on MetaFrame XP and MetaFrame for UNIX servers. Support for MetaFrame for UNIX enables the Web Interface for MetaFrame portal to be used to integrate both Windows and

UNIX-based applications and data. Web Interface for MetaFrame access centers can be customized to meet the needs of individual Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver users, who access their applications in accordance with a user or group account login, or general, 2 00 3 : Th e O ff icial Guid e purpose access centers that can be fielded for access by anonymous users. Either way, the access ISBN:0072195665 by Steve Kaplan et al. centers, like other MetaFrame applications, are managed via the same set of MetaFrame utilities used McGr aw -Hill © 2003 (724 pages) to manage and control other applications published through MetaFrame. This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

MetaFrame Web Interface Extensions

MetaFrame Web Interface Extension (formerly Citrix Enterprise Services for NFuse (ESN)) is included withl version= XPe and" 1.0" performs the same Web Interface for MetaFrame XP with the additional feature < ?xm encoding= " I SO-tasks 8859- as 1" ?> Taof blemultiple o f Con farm t en t saggregation. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Web Interface Extension for MetaFrame XP enables highly scaled application provisioning from For ewor d

MetaFrame by aggregating application sets from multiple farms. When combined with MetaFrame Secure Gateway, it provides a simple, secure, single point to access business-critical applications. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g I ntr oduction

I ntr oducing Ser ver -Based Com puting and th e On- Dem and MetaFrame Chapter 1 - Web Interface Extension provides the following solutions: Enterpr ise Chapter 2 - farms Windowoperating s Ter minalinSer Multiple thevices enterprise can be used more efficiently and managed more easily. Chapter 3 - Citr ix MetaFr am e Access Suite

relySolut on web Pa r t I Administrators I - De signi ng a ndon't Ent e have rpr i seto SBC ion

programming skills to control the operation of Web InterfacePrfor MetaFrame epar ing Your OrXP. ganization for an On- Dem and Enterpr ise Chapter 4 -

I mplem ent ation Users only to provide credentials once, Architect not for each Chapter 5 - Serhave ver - Based Computing Data Center ure application accessed via MetaFrame

XP.

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7 - The Client onment Administrators andEnvir users can set values for each MetaFrame XP application instead of being Chapter 8 - Security restricted to single global values for all users and all applications. Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

MetaFrame Secure Access Manager

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Secure Ser ver Configur Windows Ter m Serv ices MetaFrame Access ation: Manager (MSAM) isinal a stand-alone application that, while able to enhance Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation Serthe verMetaFrame Access Suite, and MetaFrame, does not require MetaFrame. MSAM is a member of Chapter - Application I nstallation and Configur at ion can be 13 purchased individually or bundled with the suite. It is not included with MetaFrame XP. MSAM is Chapter 14 Client Configur ation and Deploym ent a full-blown Access Solution, comparable to portal products like Microsoft SharePoint Portal Server or Chapter 15 Corporate - Pr ofiles, Portal. Policies,MSAM and Prdiffers ocedu res Plumtree from MetaFrame Web Interface in that it is designed to be a Chapter common 16 interface - Securing for Client the aggregation Access of many different types of corporate data and applications

rather than of Windows and UNIX applications. MSAM differentiates itself from Chapter 17 -just Netthin wor kdeployment Configur at ion Portal products byin providing a wizard-based tool with content delivery agents (CDAs) that automate Chapter 18 - Pr int g such tasks placingRecovery MetaFrame iconsContinuity within theinweb page, or grabbing Microsoft Chapter 19 -asDisaster and ICA Business theaccess SBC Envir onment Exchange andtoplacing it swithin page. Chapter 20 content - Migr ation Window 2003 the andweb Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Chapter MSAM 21 can-quickly, and through a wizard-based tool, create a single, secured web interface that has a Envir onment

portion of the window showing a message from the president of the company, another portion of the window showing the number of customers in a call queue for support, another portion of the window Appendix A - I nter netw or k ing Basics that is a customer information lookup for pertinent data, a portion of the window showing applications Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model available (both ICA and web based), and a final tag across the top that shows the corporate stock Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model price. All of these sections are dynamically controlled based on the role of the user. Figure 3-5 shows I ndex a screenshot of a simple MSAM portal page. Pa r t I V - Appendi x es

List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction

MSAM page Pa r t I Figure - Ov er vi3-5: e w of Ente r portal pr ise Se r ve r -screenshot Ba se d Com put in g I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

ShadowingCit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve Kaplan et al. In addition to providing tools for managing application publishing, MetaFrame delivers a utility targeted McGr aw -Hill © 2003 pages) the remote support of users of published applications. at reducing administrative costs by (724 enabling Session Shadowing administrator personnel) to remotely join, or take Thisenables guide exthe plains how to build(or a rhelp-desk obust, reliable, and scalable comWhen puting activated, envir onment and deploy control, of another user's thinICA client session. Session Shadowing displays the user's screen Windows 2000/Optionally, Windows 2003 Ser v er and MetaFr e. Alsocontrol of the remote user's on the administrator's console. the administrator can am assume learn t o centr alize application managem ent, r educe soft w ar e mouse and keyboard, enables demonstrations. on thewhich desktop, and mor e.

< ?xm l version= 1.0" encoding= I SO- 88591" ?> In addition to"facilitating help"desk and troubleshooting processes, Session Shadowing can also be Taused ble o in f Con t en tinteractive s online teaching and call-center applications. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Additional security has been added to MetaFrame XP to limit or disable shadowing during installation For ewor d

that cannot be reversed. Administrators can disable shadowing of ICA sessions on all servers in a server farm if legal privacy requirements prohibit the shadowing of users' sessions. Alternatively, it may Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g be necessary to disable shadowing on servers that host sensitive applications, such as personnel or I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter payroll 1applications, in order to protect confidential data. MetaFrame XP Setup provides options on the Enterpr ise Shadowing Setup page forminal an administrator to limit or disable shadowing at installation time. When Chapter 2 - Window s Ter Ser vices shadowing is enabled, an administrator has the option to select the following restrictions: Chapter 3 - Citr ix MetaFr am e Access Suite I ntr oduction

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Prohibit Chapter 4 - remote control of ICA sessions. By default, MetaFrame XP gives administrators the mplem ent ation and mouse control during session shadowing. Select this option if you ability to Iinput keystroke Chapter 5 administrators - Ser ver - BasedtoComputing Center Architect ureIn some cases, shadowing without input want be able to Data shadow without input. Chapter 6 administrator - Designing Your Netw or k for Ser ver- Based Com put ing hides presence. Chapter 7

- The Client Envir onment

Chapter 8

- Security

Prohibit shadow connections without notification. By default, MetaFrame XP notifies users - Net w or k Managemen t with a prompt when an administrator is attempting to shadow their sessions. Select this option to I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt deny administrators the ability to shadow sessions without sending this notification.

Chapter 9 Pa r t

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Prohibit shadow connections Events such as shadowing attempts, Chapter 12 - Ser ver Configur ation: Citrwithout ix MetaFrlogging. am e Presentation Ser ver

successes, and failures can beand logged in the Windows event log and examined using Event Chapter 13 - Application I nstallation Configur at ion Viewer. Select this option to enable logging.

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Chapter Do16 not- allow Securing shadowing Client Access of ICA sessions on this server. This option permanently disables

shadowing of all ICA sessions on the server. Chapter 17 - Netby woranyone k Configur at ion Chapter 18 - Pr int in g

Configuring Session Shadowing

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Session Shadowing configured at of the time The shadowing settings in OngoingisAdministr ation the Serof v erconnection - Based Comconfiguration. puting onment Settings dialog box control the behavior of shadowing for all sessions on the the AdvancedEnvir Connection Pa r t I V - Appendi x es options include connection. Setting Chapter 21 -

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Enabled Specifies that sessions on the connection can be shadowed.

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

List ofDisabled Figur es Specifies that sessions on the connection cannot be shadowed. List of Tables List ofInput Case On Studies Allows the shadower to input keyboard and mouse actions to the shadowed session. List of Sidebars

Notify On Specifies that the shadowed user gets a message asking if it is OK for the shadowing to occur.

Session Shadowing Initiation The initiation of Session Shadowing can be accomplished via the Shadow taskbar, the Citrix

Management Console, or from a command line. Each interface is well documented and reasonably self-explanatory. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th eConferencing O ff icial Guid e Citrix MetaFrame Manager by Steve Kaplan et al.

ISBN:0072195665

aw -Hill © 2003 (724 pages) Citrix MetaFrameMcGr Conferencing Manager adds intuitive application conferencing to MetaFrame XP. This application isThis a new member the to MetaFrame Access Suiteand and can be purchased as an guide ex plainsofhow build a r obust, reliable, scalable thin- client comSuite. puting Conferencing envir onment and deploy integrates three components: a individual package or bundled with the Manager Windows 2000/ Windows 2003 Ser v Conferencing er and MetaFr am e. Also interface that initiates, Microsoft Exchange/Outlook calendar form; a new Manager learn t o centr alize application managem ent, r educe soft w ar e cancels, and manages usersand andmor applications of the conferences; and MetaFrame XP's session on the the desktop, e. shadowing features. These three components create an intuitive interface by which users create and < ?xm " 1.0" encoding= " I SO8859- 1" ?> joinl aversion= collaborative conference session among multiple people. Because shadowing cannot occur Taacross ble o f Con t en t sMetaFrame XP servers, each conference is limited to the number of sessions that one multiple Citr ix MetaFr e Access Suite for Window Ser v er on 2003—The Official Guide server can am support (typically about 100 speople a four-processor MetaFrame XP server running For ewor d PowerPoint). Microsoft I ntr oduction

Conferencing Manager eliminates Pa r t I - Ov er vi e w of Ente r pr ise Se r ve the r - Bageographical se d Com put in distance g

between team members, increases the productivity ofI ntr meetings, andver allows can oducing Ser -Basedeasy Comcollaboration. puting and th eTeams On- Dem andutilize Conferencing Manager to Chapter 1 share application sessions, work together on document editing, and conduct online training, regardless Enterpr ise of the location of individual team or the access devices or network connections they're using. Chapter 2 - Window s Ter minal Sermembers vices Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver MetaFrameCitLicensing 2 00 3 : Th e O ff icial Guid e

by SteveisKaplan et al. an agreement describingISBN:0072195665 The MetaFrame license more than the cost to the user and revenue to the McGr awlicensing -Hill © 2003 (724 pages) vendor. It is a technical implementation in which licenses are pooled by the MetaFrame servers themselves used to calculate use reliable, of the product (see Tables 3-3 and 3-4). In Thisand guide ex plains how to authorized build a r obust, and scalable thin-for client com puting envir onment and deploy server, user number 21 will be short, if the license provides 20 users to connect to a MetaFrame locked out by theWindows server. 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Table 3-3: List Pricing (New Customer) < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Connection Licenses Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntrMetaFrame oduction XPs

With Subscription Advantage

Without Subscription Advantage

$290

$250

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

MetaFrameI XPa $345 $300 ntr oducing Ser ver -Based Com puting and th e On- Dem and MetaFrameEnterpr Xpe ise$400 $350

Chapter 1 Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Table 3-4: List Pricing (Upgrades)

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation Connection Licenses

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Upgrading Upgrading Subscription Chapter 6 - Designing Your Netw or k for With Ser verBased Com put ing Advantage

Without Subscription Advantage

Chapter 8 - Security MetaFrame MetaFrame

$100

$55

From Chapter 7 Chapter XPs 9

To - The Client Envir onment - Net w or k XPa Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

MetaFrame XPa

MetaFrame XPe

$105

$55

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix $160 MetaFr am e Presentation Ser ver MetaFrame MetaFrame $110 Chapter XPs 13 - Application XPeI nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Citrix delivers MetaFrame licenses in three ways: the shrink wrap method, corporate licensing, and ASP licensing.

Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

The Shrink-Wrap Method

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Administrators can purchase the base product and licenses for 20 concurrent users.

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

As configurations expand, bulk user packs can be purchased to meet changing needs. Additional MetaFrame XP user licenses can be added in increments of 5, 10, 20, or 50 concurrent users.

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Easy Licensing

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

Easy Licensing is designed for customers with up to 500 concurrent licenses that wish to take advantage of electronic licensing. On-demand licensing allows administrators to purchase what is List of Tables needed when it is needed. This licensing also allows for auto activation for rapid deployment. Another List of Case Studies advantage to Easy Licensing is that it does not have a complex paper contract, but rather uses a "click List of Sidebars to accept" online agreement (similar to opening packaged products). List of Figur es

Corporate Licensing Corporate licensing programs are available for large license quantities. This program uses a pointbased system with four discount levels for corporations and a special education discount level. In addition, special pricing is available for corporate customers who adopt a "long-term strategic use"

posture. In this case, cumulative purchases drive discounts. This program is designed for customers with 500 to 5000 concurrent seats. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e Flex Licensing by Steve Kaplan et al.

ISBN:0072195665

McGr aw -Hill 2003 (724 pages) Flex licensing is designed for©companies with more than 5000 concurrent seats. Flex Licensing requires a customThis contract, called Global 2000a agreement, reserved guide ex plainsahow to build r obust, reliable, and for enterprise customers. The thin-inclient com puting envir onment and deployis that Citrix provides additional advantage of Flexscalable licensing, addition to a very significant discount, Windows 2000/ Windows 2003and Ser vactivate er and MetaFr am e. Also license automation to make it easier to install MetaFrame licensing across a large quantity learn t o centr alize application managem ent, r educe soft w ar e of servers. on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Subscription Advantage

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Subscription Advantage provides customers with a convenient way to keep their Citrix software current and maximize their server-based computing investments. Customers receive software upgrades, I ntr oduction enhancements, and maintenance releases that become available during the term of your subscription. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g Subscription Advantage is for a one-year term and can be renewed each year. For ewor d

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W Unix in do w s Ser ver MetaFrameCitPresentation Center for 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by isSteve Kaplan et al. on MetaFrame XP for Windows Although this book primarily focused 2003, UNIX-based applications McGr aw -Hill 2003 (724 pages) continue to be a mainstay of ©many large enterprise environments, and Windows and UNIX users alike can benefit from This seamless, single webified these and applications. Because of the overall guide ex plainspoint, how to build a access r obust, to reliable, scalable thin- clientincom puting web-based envir onmentseamless and deploy value of server-based computing providing access to all applications from any Windows 2000/ Windows 2003that SerMetaFrame v er and MetaFr e. Also device, for all users, the authors felt strongly foram UNIX should be covered in this book. learn t o centr alize application managem ent, r educe soft w ar e A large majority of the features and infrastructure discussed in these pages will apply equally to on the desktop, and mor e. MetaFrame Presentation Server for UNIX and MetaFrame XP for Windows 2003. Features and tools < ?xm l version= " 1.0" encoding= " I SO- 88591" ?> such as MetaFrame Web Interface, MetaFrame Secure Gateway, load management, and any-device Taaccess ble o f Con en t s promoted by bringing the UNIX applications to the Citrix SBC infrastructure fold. are tfurther

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Although For ewor d some long-time UNIX administrators argue that UNIX has supported multiuser functionality foroduction years through X-Window, and thus MetaFrame for UNIX is not needed, they are missing out. Due I ntr tor tthe ofsemost UNIX Pa I - feature-rich Ov er vi e w of GUI Ente renvironments pr ise Se r ve r - Ba d Com put indesktops g

and applications, X-Windows (even compressed IX) very network-intensive. ofththis nature, costly WAN topologies need to be ntris oducing Ser ver -Based ComBecause puting and e OnDem and Chapter 1 implemented,Enterpr and low ise bandwidth connections are almost non-supportable due to performance issues. Additionally, such MetaFrame features as shadowing, copy and paste of Chapter 2 - X-Windows Window s Terdoes minal not Ser support vices both text and graphics between the local client and remote server environments, autocreation of local Chapter 3 - Citr ix MetaFr am e Access Suite printers and client mapping, and most Pa r t I I - De signi ng adrive n Ent e rpr i se SBC Solut ion importantly, Web Interface integration with Windows and web applications. Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4

-

I mplem ent ation Based 5in part onver the- Based success and popularity of MetaFrame XP in the Windows application hosting Chapter - Ser Computing Data Center Architect ure

environment, Citrix recently announced the latest version of the MetaFrame product suite aimed at the - Designing Your Netw or k for Ser ver- Based Com put ing hosting of UNIX, X-Window, and Java applications: MetaFrame for UNIX Version 1.2. The product, Chapter 7 - The Client Envir onment which at present supports IBM AIX, Sun Solaris, and HP-UX platforms, as well as virtually any custom Chapter 8 - Security or commercially packaged UNIX applications, offers the same value as MetaFrame XP, but with a Chapter 9 - Net w or k Managemen t UNIX/ Java twist: low-bandwidth, universal client access over any network connection to any UNIX or Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Java application. Chapter 6

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Chapter 11 -ofSer Configur ation: Windows Ter mis inal Serv ices X11R6.3 server. This does not replace At the core theverMetaFrame for UNIX product a modified Chapter - Sersupplied ver Configur ix MetaFr am e systems Presentation Ser ver the X1112server withation: most Citr UNIX operating but is specifically used to enable ICA-

connected running on MetaFrame for at UNIX. Chapter 13 -sessions Application I nstallation and Configur ion MetaFrame for UNIX runs all standard X11 applications modified server rather Chapter 14 - using Client the Configur ationXand Deploym entthan the native X11 server. Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

In operation, the modified X11 server talks to a UNIX-ported ICA stack (Winstation Driver, Protocol Driver, and Transport Driver), which performs an X-to-ICA conversion. This is key to delivering Chapter 17 - Net wor k Configur at ion applications seamlessly to clients from all MetaFrame platforms. Chapter 16 - Securing Client Access Chapter 18 - Pr int in g

Chapter 19 -toDisaster Recovery Business Continuity in the MetaFrame SBC Envir onment In addition the modified X11 and server and ported ICA stack, for UNIX also provides an ICA browser20for- use loadtobalancing browsing, a "listener" to intercept incoming ICA Chapter Migrin ation Window s and 2003client and Citr ix MetaFrame XP

connections, Ongoing and a "Frame Manager," which the sessions currently running on the server. Administr ation of the Ser manages v er - Based all Com puting

Chapter 21 -

Envir onment

The core xfunctionality used by MetaFrame for Pa r t I Vsame - Appendi es

UNIX to deploy X11 and other applications hosted

on UNIXAservers beBasics applied to Java applications. At first, this capability may seem redundant: Appendix - I ntercan netwalso or k ing in theory, applications portable to any device. reality, however, Java client-side Appendix B Java - Creating an On-are Demalready and Enterpr ise Financial AnalysisInModel application stillDem confront numerous challenges. Appendix C -deployments Creating an Onand Enterpr ise Subscr iption Billing Model I ndex

Downloading Java applications entails the use of the available client-server network protocol, which is

List of Figur es often not optimized for low-bandwidth connections. This results in the major complaint about Java List of Tables applications—that they are sometimes incredibly slow to download for operation. Operating the Java List of Case Studies application, which is executed locally on a server, over a bandwidth-optimized ICA connection provides List of Sidebars a higher performance solution to this issue.

Java applications also fall prey to peculiarities in the Java Virtual Machine that runs on the client system. Not all JVMs are the same, and it is often the case that a Java application that runs perfectly in one JVM behaves very differently in another. MetaFrame for UNIX solves this problem by executing Java applications within the server's JVM environment. Utilizing a single, server-based JVM also saves time and money when developing and testing Java

applications developed in-house. Once the application is working in the server JVM, it can be deployed instantly to any ICA client device. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

It should also be 2noted that the Java Virtual Machine is typically a large piece of software. While the 00 3 : Th e O ff icial Guid e development of an embedded JVM is under way, ultra-thin client devices lack the capacity to run a ISBN:0072195665 by Steve Kaplan et al. JVM that offers sufficient features or performance. This issue is removed through the use of the McGr aw -Hill © 2003 (724 pages) MetaFrame for UNIX solution. This guide ex plains how to build a r obust, reliable, and

scalable thin- client com puting envir onment and deploy In summary, MetaFrame for UNIX Operating Systems can be an important adjunct to Windows-based Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also MetaFrame servers in heterogeneous server environments. MetaFrame learn t o centr alize application managem ent, r educe soft w arfor e UNIX can be included in server farm and load-balancing on the desktop, schemes, and mor e. and applications hosted on MetaFrame for UNIX systems may be published individually or as part of integrated Web Interface Access Centers for integrated < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> access by end users. Ta ble o f Con t en t s

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Part II: Designing an Enterprise SBC Solution 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

Chapter List

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr applicationfor managem ent, r educe soft w ar e Implementation Chapter 4: Preparing Youralize Organization an On-Demand Enterprise on the desktop, and mor e.

Chapter 5: Server-Based Computing Data Center Architecture

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Chapter 6: Designing Your Network for Server-Based Computing

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor Chapter d 7: The Client Environment I ntr oduction

Pa r t I Chapter - Ov er vi e8: w Security of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter Chapter 1 - 9: Network Management Enterpr ise Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Me t aFra m e Access Su it e fo r W in do w s Ser ver Chapter Cit 4:rixPreparing Your Organization for an On2 00 3 : Th e O ff icial Guid e ISBN:0072195665 Steve Kaplan et al. Demand by Enterprise Implementation McGr aw -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centrenterprise alize application managem ent,planning r educe soft w ar e Constructing an on-demand requires extensive and resources. In addition to the on the desktop, and mor e.

Overview

technical challenges, political and cultural factors inevitably play a part in a server-based computing

< ?xm l version= " 1.0"This encoding= SO- 8859?> implementation. chapter" I covers the1"steps involved in building an on-demand enterprise Tainfrastructure. ble o f Con t en We t s start the process with a small proof-of-concept pilot program to ensure application Citr ix MetaFr amwith e Access SuiteServices. for Window s Ser v erlook 2003—The Official Guide compatibility Terminal We then at putting together a feasibility committee to define

the project's scope and objectives as well as to seek executive sponsorship and determine financial For ewor d justification. I ntr oduction A guide to performing an infrastructure assessment is followed by a project-planning outline. in Se planning andenterprise Pa r t I - OvThe er visteps e w of involved Ente r pr ise r ve r - Ba se Com put in gSBC

environment are as follows:

I ntr oducing Ser ver -Based Com puting andpilot th e program. On- Dem and 1. Establish a non-production proof-of-concept Chapter 1 Enterpr ise Chapter 2. Establish 2 - Window a production s Ter minalproof-of-concept Ser vices pilot program. Chapter 3

- Citr ix MetaFr am e Access Suite

3. Assemble a feasibility committee.

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4. Recruit 4 an executive sponsor. I mplem ent ation Chapter 5 - Ser - Basedfinancially. Computing Data Center Architect ure 5. Justify thever project Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing

6. Assemble a project Chapter 7 - The Client Envirplanning onment team. Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

7. Create a project definition document.

Pa r t 8. I I I -Perform I m ple m an ent infrastructure ing a n O n-D e massessment. a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

9. Generate a project design Chapter 11 - Ser ver Configur ation: plan. Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

10. Expand the pilot to beta stage.

Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m ePilot AccessProgram Su it e fo r W in do w s Ser ver The Proof-of-Concept 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve al. Applications are the drivingKaplan force et behind server-based computing, and it makes little sense to go McGrand aw -Hill © 2003 pages) for an enterprise implementation until you know that your through the expense trouble of(724 planning organization's applications run adequately this environment. This guide will ex plains how to buildwithin a r obust, reliable, and An inexpensive proof-of-concept scalable clientapplication com putingcompatibility envir onment both and deploy pilot program enables youthinto test individually and when running on Windows 2000/ Windows Ser v performance er and MetaFr am e. to Also Terminal Services. It also enables you to 2003 measure and more accurately gauge the learn t o centr alize application managem ent, r educe soft w ar e server resources on required to implement an enterprise server-based computing environment. the desktop, and mor e.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Starting with a Non-Production Pilot Program

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Although you may ultimately wish to run all of your organization's applications under SBC, the decision to implement server-based computing generally depends upon successfully running a small number I ntr oduction of critical applications. These are the applications that should first be loaded on a server running Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g Terminal Services and MetaFrame XP Presentation Server offline. If the results are not acceptable, I ntr oducing Ser ver -Based Com puting and th e On- Dem and adjustments Chapter 1 - to the applications or operating system may be required. Once the crucial applications are Enterpr ise running well on MetaFrame XP Presentation Server, other less-crucial applications can be added, if Chapter 2 - Window s Ter minal Ser vices desired. If SBC users will be using foreign-language versions of Terminal Services and MetaFrame XP Chapter 3 - Citr ix MetaFr am e Access Suite Presentation Server, a separate proof-of-concept pilot program should be set up for each language Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion since different hotfixes and patches are often required. For ewor d

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Expanding to a Production PilotArchitect Program - Ser ver - Based Computing Data Center ure

Chapter 5 Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Once the offline pilot program is stable, you can expand it to include a small number of pilot users. - The Client Envir onment Great care, though, should go into the selection of these participants. A natural inclination of IT people Chapter 8 - Security is to choose from two types of users. The first type is a user who has an immediate computing need Chapter 9 - Net w or k Managemen t that the pilot program will solve, such as a requirement for an upgraded PC. The second type of user Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt is someone who is known to be difficult because he is particularly demanding or requires constant Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment help. The thinking here is that if server-based computing can make a difficult user happy, it can make Chapter - SerUsing ver Configur Windows Terthough, m inal Serv ices with disaster. A pilot program is likely to anyone11 happy. these ation: selection criteria, is toying Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver have some bugs that need to be worked out. The wrong participant may loudly complain about the Chapter 13 Application I nstallation and Configur at ion problems of working with Terminal Services. If the complaint reaches the ears of an executive, the Chapter 14 - Client enterprise Configur ation and Deploym whole on-demand (ODE) initiative ent could be killed. The organization might then lose the Chapter 15 - toPrreap ofiles,the Policies, and Pr ocedu res of server-based computing simply because of poor opportunity benefits and savings Chapter 16 of- participants. Securing Client Access selection Chapter 7

Chapter 17 - Net wor k Configur at ion

Pilot users should be a representative sample of those who will ultimately use Terminal Services, but they should be friendly to the concept and understanding about the likelihood of encountering initial Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment problems until IT works them out. Avoid choosing people for any reason other than testing the serverChapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP based computing concept. Chapter 18 - Pr int in g

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

onment Goals of the Envir production pilot include measuring the time it takes for loading the various applications, Pa r t I V - Appendi x es reviewing methods for performance tuning, and focusing on user issues such as usability and Appendix A - I nter netw or k ing Basics functionality. Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Planning Creating an On- Dem and Enterpr ise Subscr iption Billing Model Capacity I ndex

Most organizations do not convert their entire infrastructure to an on-demand enterprise at once. List of Figur es Almost inevitably, though, SBC becomes increasingly utilized once implemented and as the benefits of List of Tables theofon-demand enterprise begin to manifest themselves. It is important, therefore, to adequately plan List Case Studies

for growth and to implement a system that is scalable. A pilot deployment is a great opportunity to gather capacity metrics in a controlled environment with actual users. It also allows administrators to monitor all components of the implementation such as server capacity, bandwidth utilizations, Directory Services integrations, peripherals, and file storage. A good practice is to build a pilot environment that contains 30 to 40 percent more capacity than the expected user load for the pilot. The extra capacity gives the administrator an adequate buffer for unexpected bottlenecks that may arise during testing. When the pilot is converted to a beta, the additional resources will undoubtedly be used. Therefore, resources are not wasted.

List of Sidebars

Hybrids or Pure Thin Clients Operating in a hybrid mode occurs a user towrun one or more applications on his or Cit rix Me t aFra m e when Access Su it econtinues fo r W in do s Ser ver her local PC. If pilot will be operating in hybrid mode, make sure their desktops are 2 00participants 3 : Th e O ff icial Guid e configured so thatbythey know whether or in a MetaFrame session. This can ISBN:0072195665 Steve Kaplan et al. they are in a local session be accomplishedMcGr using application publishing (as explained in Chapter 13). aw -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and

Even if Windows scalable terminals are not in your organization's on-demand enterprise plans, we recommend thin- client com puting envir onment and deploy securing one for the pilot program. Since 2003 a Windows is am completely Windows 2000/ Windows Ser v er terminal and MetaFr e. Also dependent upon serverbased computinglearn to operate, one contributes to a rdeeper understanding of the new ODE. t o centrinstalling alize application managem ent, educe soft w ar e the desktop,terminal and mor "brick" e. You may find thatonthe Windows has uses that you hadn't previously considered, such as serving as" 1.0" an employee's "PC." < ?xm l version= encoding= "home I SO- 88591" ?> Ta ble o f Con t en t s

Caution If you are going to have pilot users run legacy PCs, make sure the PCs are high-quality, reliable models (though they do not need to be powerful machines). In one of the authors' For ewor d projects, a teacher became frustrated because her extremely cheap PC's keyboard I ntr oduction broke when she was made a pilot MetaFrame user. Unfortunately, she had grown Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g attached to her low-end keyboard, and despite our best efforts, we could not convince I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 - her that her keyboard's failure had nothing to do with Terminal Services. She ended up Enterpr ise poisoning the entire project by warning the other teachers not to let Citrix into their Chapter 2 - Window s Ter minal Ser vices classrooms "because it breaks keyboards." Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a and/or n Ent e rpr Remote i se SBC Solut ion Headquarters Office

Users

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent users ation in a remote office who are connected by limited bandwidth, it is essential If you have hybrid pilot Chapter - Ser ver - Based Computing Data ure for instance, to back up files from their that you5 instruct them in proper usage. YouCenter do notArchitect want them, Chapter 4

-

Chapter 6 drives - Designing Netw or k server for Serat verBased Com putThis ing will chew up bandwidth and may local hard to the Your MetaFrame headquarters. Chapter 7 - The Client Envir onment cause performance degradation for other users in the remote office. As discussed in Chapters 6 and Chapter 17, you8might - Security also consider setting up bandwidth management as part of your pilot program in order to

ensure9adequate WAN performance. Chapter - Net w or k Managemen t Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Tip Even if you have no intention of putting headquarters users onto Terminal Services, you should consider setting up at least one corporate IT person as part of the pilot program. Again, this Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices will help to foster understanding of the server-based computing concept and enable your IT Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver staff to experience it firsthand. Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Chapter 13 - Application I nstallation and Configur at ion Chapter 14 Control - Client Configur ation and Deploym ent Change Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Chapter Many organizations 16 - Securingreally Clientstruggle Access with how to keep up with change control. It is important for the

success a focus is made on maintaining a stable environment, on consolidating and Chapter 17of -the Netpilot wor kthat Configur at ion scheduling Chapter 18 -updates, Pr int in g on obtaining sign-off authority for changes, on proper regression testing, and on maintaining detailedRecovery rollbackand planBusiness in the event that new applications disrupt the pilot. Implementation Chapter 19 - aDisaster Continuity in the SBC Envir onment support20is extremely when too many people or teamsXP have their hands in the pot. It is also very Chapter - Migr ationdifficult to Window s 2003 and Citr ix MetaFrame difficult to monitor theAdministr systemsation whenofservers Ongoing the Serare v er -frequently Based Com down puting for maintenance.

Chapter 21 -

Envir onment

If you don't have change control procedures in place for IT infrastructure changes, we recommend creating a simple Excel spreadsheet with a tab for each server. On that tab you can have columns for Appendix A - I nter netw or k ing Basics date, change, changed by, and approved by. Another option is to create a mail-enabled public folder in Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Exchange. Allowing administrators to e-mail any change to an address, such as Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model , would then make the changes easily available for review. Pa r t I V - Appendi x es

I ndex

List of Figur es Documenting

Performance

List of Tables

Document your expectations of the pilot program before you begin. Decide up-front what success will List of Case Studies look and how it will be measured, and after the pilot program, create a report on whether the List of like Sidebars success metrics were met. Document any problems encountered along with their solutions. Document any open issues along with the actions being taken to resolve them.

Pilot Server(s) Ideally, two load-balanced servers will be utilized for the production pilot program in order to provide redundancy. In most cases, though, organizations will probably use only one server in order to keep

expenses lower during the proof-of-concept phase. Organizations can generally use a single server for testing load balancing by utilizing a product such as VMWare or Microsoft Virtual Server. The server should still be close enough to your expected model Cit rix Me t aFra m e Access Suproduction it e fo r W inrollout do w s Ser ver to make the results meaningful. For instance, using server with only two CPUs and half the RAM of your ultimate 2 00a3Hewlett-Packard : Th e O ff icial Guid e intended Hewlett-Packard MetaFrame a different brand with different ISBN:0072195665 by Steve Kaplan et al. server is probably OK. Using CPU and memory configurations is not a good idea. McGr aw -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also If you are runninglearn anything t o centr other alizethan application 32-bit applications, managem ent,ber educe prepared soft wfor ar eless than optimal on the desktop, mor e.they can expect from various applications. Use products such performance. Make users awareand of what

Applications scalable thin- client

as the resource manager (RM) component < ?xm l version= " 1.0" encoding= " I SO8859- 1" ?>of MetaFrame Presentation Server to test application performance results under simulated greater usage and for providing an audit trail in case of Ta ble o f Con t en t s application failure. If performance is less than tryOfficial removing questionable applications to see Citr ix MetaFr am e Access Suite for Window s Ser v erexpected, 2003—The Guide if aewor particular product is causing problems. For d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Committee Me t aFra m e Access Su it e fo r W in do w s Ser ver The Feasibility 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve Kaplan et al. Once the proof-of-concept pilot program has proven that the necessary applications run together aw -HillServices, © 2003 (724 acceptably withinMcGr Terminal it pages) is time to determine whether an enterprise server-based computing deployment makes sense fortothe organization. The decision process of whether to This guide ex plains how build a r obust, reliable, and scalable thinclient com putinginclude envir onment and deploy implement an on-demand enterprise should an evaluation of the proposed project's impact on Windows 2000/ Windows 2003 Ser v er and and political MetaFr am e. Also the organization from operational, financial, cultural, perspectives.

learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

A feasibility committee made up of IT personnel and employees from other appropriate departments < ?xm l version= " 1.0" " I SO- 8859?> should assess the encoding= merits of migrating to1"server-based computing. The first task of the feasibility Tacommittee ble o f Con twill en tbe s to broadly define the project's scope along with its benefits. The committee must Citr ix MetaFr am ethe Access Suitefitfor s Ser v er enterprise 2003—The model Official within Guide the organization. The next then evaluate strategic of Window an on-demand steps finding an executive sponsor and preparing a financial justification for the project. The For eworinclude d committee's I ntr oduction resulting report can then be utilized to help guide the planning team's work should the SBC forward. Pa r t I -project Ov er vi emove w of Ente r pr ise Se r ve r - Ba se d Com put in g I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Project Scope

Chapter 3 - Citr ix MetaFr am e Access Suite to deployment of a single application, or it may encompass Server-based computing might be limited Pa r t Ientire I - De signi ng a nIt Ent e rprbe i seutilized SBC Solut ionin certain the desktop. might only

departments or regions, or it may be implemented

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise as the new Chapter 4 -corporate standard. In general, the more extensively an organization implements an SBC, I mplem entsave ation compared with using PC-based computing. (In Chapter 1, we covered the the more money it will Chapter 5 - of Serthese ver - Based Computing Data Center Architect ure of an on-demand enterprise.) The composition savings as well as many other benefits Chapter 6 committee - Designing Yourdetermine Netw or k for Ser ver-aBased Com put ing feasibility must whether complete enterprise rollout is practical, or a scaledChapter 7 - The ClientisEnvir onment back implementation more appropriate. Chapter 8

- Security

- Net w or k Managemen t Corporate Culture Considerations

Chapter 9

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr ojachieved ect Managing Deploying anserver-based Enter pr ise SBC Envir onment The economies fromand implementing computing inevitably make it much less Chapter 11 than - Serdecentralized ver Configur ation: Windows Ter m inal Serv ices potential cost, though, is the turmoil that expensive PC-based computing. A hidden Chapter 12 -from Ser ver Configur ation: Citr ix changes MetaFr aminto e Presentation Ser ver may result introducing such huge the computing environment without identifying the

problem and properly preparing organization for the changes. Chapter 13areas - Application I nstallation and the Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Centralized Standards Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access

The nature of PC-based computing makes it difficult for organizations to enforce IT standards. Typically, corporate IT is unaware of many applications that users run locally or departmentally. Chapter 18 - Pr int in g Although SBC offers IT the flexibility to allow users to run local applications, it also makes it easy to Chapter 19 desktops. - Disaster Since Recovery and Business Envir onmentIT will tend to exploit this lock down greater lockdownContinuity equates in to the lessSBC administration, Chapter 20 Migr ation to Window s 2003 and Citr ix MetaFrame XP advantage. Even if IT decides to host only a few critical corporate applications, these particular Ongoing ation of the Ser v erof- Based programs will be Administr outside the direct control users.Com puting Chapter 21 now Chapter 17 - Net wor k Configur at ion

Envir onment

Pa I V - Appendi x es Inr tmany organizations,

greater IT control is taken for granted as an advantage. Banks, for instance,

Appendix - I nter netw or kof ing Basics typically Ahave a tradition mainframe hosting and readily embrace computing standards for PC users. Appendix A software B -development Creating an Onfirm, Dem onand the Enterpr other hand, ise Financial may decide Analysis thatModel the creative benefits of unbridled

individual the lower costs fromBilling enforcing Appendix C computing - Creating outweigh an On- Dem and Enterpr ise obtained Subscr iption Modelcentralized standards. I ndex

The feasibility committee needs to evaluate whether standardization is an acceptable condition within their organizational environment.

List of Figur es List of Tables

List of Case Studies

Understanding User Perceptions of the Network Infrastructure and IT

List of Sidebars

The distribution of economic and IT resources mandated by distributed processing often results in a network infrastructure that is plagued with performance and reliability problems. In these environments, users will be reluctant to give up control of their desktops to IT.

Note The feasibility committee must call attention to a networking infrastructure that suffers from performance or reliability problems, but this does not mean that the SBC project should be Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver abandoned. On the contrary. As long as IT can fix the existing problems, an uncompromising 2 00 3 : Th e O ff icial Guid e first review presents an opportunity to drive rapid project acceptance. IT should initially ISBN:0072195665 by Steve Kaplan et al. implement smaller Terminal Services beta projects that deliver better reliability and McGr aw -Hill © 2003 (724 pages) performance to thin-client users than to their fat-client peers. This strategy can quickly build This guide ex plains how to build a r obust, reliable, and enthusiasm for the new technology and, in turn, help enable IT to plan an enterprise-wide scalable thin- client com puting envir onment and deploy implementation server-based computing. Windows of 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Political Considerations

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaIn ble o f Con t en t s many organizations, the disparate nature of distributed processing has led to control of IT budgets byixdifferent departments or divisions. Creating on-demand enterprise Citr MetaFr am e Access Suite for Window s Ser v eran 2003—The Official Guide is a costly endeavor that

affects For ewor dusers throughout the organization. The feasibility committee needs to determine whether the organization I ntr oduction will be able to marshal the resources to implement such an encompassing project. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Reduced IT I ntrStaff oducing

Chapter 1

-

Ser ver -Based Com puting and th e On- Dem and

Enterpr ise

Gartner2 Group reported the staffing Chapter - Window s Terthat minal Ser vices required to support a fat-client environment is five times

greater than the staffing required to support a thin-client environment. An on-demand enterprise - Citr ix MetaFr am e Access Suite utilizing server-based computing can eliminate the need for remote office IT personnel or even for entire regional IT departments. It is the job of the feasibility committee to evaluate whether the Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 culture corporate willent permit I mplem ation elimination of unnecessary network administration, help desk personnel, and PC technician positions. Chapter 5 - Ser ver - Based Computing Data Center Architect ure Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

IT Staff Salaries - The Client

Chapter 7

Envir onment

Chapter 8 majority - Security Since the of organizational processing under SBC takes place at central data centers, the Chapter - Net w or k Managemen t network9 administrators must be quite skilled. They may require higher salaries than their peers in Pa r t I I I distributed - I m ple m ent ing a n O n-D e m a nd Se r ve rperhaps - Ba se d Com pu higher ti ng Envi r onm e nt managers. many processing environments, even than their

The feasibility

Chapter 10 -must Pr oj ect Managing andthese Deploying pr ise SBC Envir onment on staff and, if not, whether committee assess whether typesanof Enter administrators are already Chapter 11 - Ser versalary Configur ation: Windows inal Serv ices the organization's structure will allowTer formhiring them. Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Tip13Access infrastructure is tooand encompassing, Chapter - Application I nstallation Configur at ionand too vital to efficiency (and eventual savings), to allow for skimping on anything in the data center—including the people who run it. If higher wages for a select network administrator would wreak havoc on the IT department's existing Chapter 15 - Pr ofiles, Policies, and Pr ocedu res salary structure, consider alternative solutions, such as outsourcing the position. Chapter 14 - Client Configur ation and Deploym ent Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

Finding an Executive Sponsor

Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Gaining an executive sponsor and executive support is, without question, the single most

Ongoing ation of the The Ser v challenges er - Based Com puting thing Administr I did for this project. that followed during the next nine months Chapterimportant 21 Envir onment

would have been difficult, if not impossible, to overcome without the complete backing of the most senior folks in our company.

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

Appendix B - Creating an OnDem and Enterpr ise Financial Analysis Model —Anthony Lackey, Vice President of MIS, Chief Technology Officer, ABM Industries Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Many people simply resist change, particularly if they feel they are giving something up. A serverI ndex based computing paradigm is very different from traditional PC-based computing and is bound to List of Figur es cause some disharmony. Executive sponsorship is essential for successfully transforming into an onList of Tables demand List of Caseenterprise. Studies Upper management must make it absolutely clear that the server-based

computing initiative is something that will happen and that everyone is expected to make work. Ideally, the CIO and other selected executives should switch from PCs to Windows terminals in order to show their complete support for the project.

List of Sidebars

Justifying SBC Financially As the feasibility committee members discuss the scope and organizational ramifications of building an on-demand enterprise, they are likely to become more aware of the enormous savings and compelling

benefits it will provide. In order for the project to move forward, they need to convey this information to management. Most corporate decision makers will require an in-depth financial analysis of the specific impacts of migrating to Me server-based computing. primarily be interested in the estimated cost Cit rix t aFra m e Access Su it e They fo r Wwill in do w s Ser ver of the project and2 the on the required 00 3return : Th e O ff icial Guid e investment. A reasonable time frame over which to calculate these figures usually ranges by Steve Kaplan et al. from three to five years.ISBN:0072195665 McGr aw -Hill © 2003 (724 pages)

Although it may seem both very difficult and impractical to estimate project costs without first doing a This guide ex plains how to build a r obust, reliable, and detailed infrastructure assessment and in-depth planning, this is not the case. The components of an scalable thin- client com puting envir onment and deploy enterprise SBC environment areWindows not difficult to Ser estimate a "bigam picture" Windows 2000/ 2003 v er andon MetaFr e. Also basis. And since the t o centr alizecomputing applicationare managem educe soft broad w ar e estimates are all that is resulting savings learn over PC-based likely toent, be rvery high, on the desktop, mor e. required for a revealing financial and analysis. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> We recommend taking a three-pronged approach to building a financial analysis, and we give Ta ble o f Con t en t s

examples in Appendix B. First, present the hard cost savings. This can be done by comparing the estimated costs of staying with PC-based computing over a period of three to five years versus the For ewor d estimated costs of implementing SBC. Hard costs include easily identified expenditures such as I ntr oduction hardware purchases and help desk personnel salaries. In most cases, the hard savings alone will Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g more than justify the entire project. This will isolate the feasibility committee from detractors who might I ntr oducing Ser ver -Based Com puting and th e On- Dem and try to take at the financial analysis. Chapter 1 shots Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Enterpr ise

Chapter 2 - Window s Ter minal vices Next, present the estimated softSer cost savings. These are real savings, but their quantification may be Chapter - Citr upon. ix MetaFr e Access how Suitemuch does it really cost the organization when users suffer harder 3to agree Foraminstance, Pa r t I I - De signi ng aPCs n Entare e rprupgraded? i se SBC Solut ionmodel downtime as their The

presented in Appendix B shows how these types of

Pr epar ing YourPresenting Or ganization for an andfinancial Enterpr ise savings4 can- be estimated. them as OnpartDem of the analysis gives management a better Chapter I mplem economic ent ation impact of migrating to an on-demand enterprise. idea of the ultimate Chapter 5

- Ser ver - Based Computing Data Center Architect ure The third a listNetw of the benefits fromput SBC. Chapter 6 component - DesigningisYour or kexpected for Ser verBased Com ing These benefits can sometimes be

quantified, often have just as big an impact if they are listed without specific numbers. As described Chapter 7 -but The Client Envir onment inChapter the business benefits of building an on-demand enterprise often have more strategic Chapter 8 1, - Security importance the organization than Chapter 9 - to Net w or k Managemen t the hard and soft savings combined.

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

The last element is a qualitative high-level description of the specific benefits an on-demand enterprise can provide in terms of enhanced security and the much greater disaster/recovery and business Chapter 11 potential. - Ser ver Configur Windowsthe Terability m inal to Serv ices easily comply with regulations such as continuity This canation: also include more Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation verthe risk of litigation. Sarbanes-Oxley and HIPAA while lowering the cost of discoverySer and Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra mTeam e Access Su it e fo r W in do w s Ser ver The ProjectCitPlanning 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by sponsor Steve Kaplan et al. identified and management Once an executive has been has accepted the feasibility McGr analysis aw -Hill © of 2003 (724 pages) committee's financial implementing ODE, a planning team can be assembled.

This guide ex plains how to build a r obust, reliable, and

The project planning team willclient be primarily comprised of ITand staff, including hands-on technical people. scalable thincom puting envir onment deploy Windows 2000/ Windows 2003 v er and committee MetaFr am e.and Alsopossibly representatives from It should also include some members from theSer feasibility learn or t o divisions. centr alize This application managem educe soft w ar e multiple departments will help ensure ent, thatrthe organization's enterprise goals are met on the desktop, and mor e. with this enterprise deployment. Each member's role and expected contributions should be defined. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Accountability should be established. Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Consultants

For ewor d

I ntr oduction Since the ODE rides on top of Windows Server technology, many organizations are inclined to plan the Pa r t I - process Ov er vi e winternally of Ente r pr ise use Se r ve r - Baexisting se d Comstaff. put inThis g entire and only

is probably not an optimal utilization of

I ntr oducing Ser ver -Based Com puting and th e On- Dem and resources. Chapter 1 -We recommend seeking out Citrix specialists who have designed and implemented Enterpr ise multiple large-scale server-based computing migrations. The experience they bring to the table should Chapter Window s Ter minalover. Ser vices pay for2their- fees many times Chapter 3

- Citr ix MetaFr am e Access Suite

Depending upon size of ithe project and Pa r t I I - De signi ng the a n Ent e rpr se SBC Solut ion organization,

it may also be worthwhile to consider using a change management who is very helping Pr epar ing consultant Your Or ganization for anexperienced On- Dem andinEnterpr iseimplement organization-wide Chapter 4 change. As with all consultants, we recommend requesting and checking references. I mplem ent ation Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Note Citrix has stratified its reseller channel into three categories: silver, gold, and platinum. - Designing Your Netw or k for Ser ver- Based Com put ing Platinum resellers represent approximately the top one percent of all Citrix resellers. They Chapter 7 - The Client Envir onment must have a minimum of six Citrix certified engineers on staff, and they are the most likely to Chapter 8 - Security have the resources and experience to successfully implement an enterprise server-based Chapter 9 - Net w or k Managemen t computing project. Of course, you should carefully check the references and ascertain the Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt capabilities of any consultants you engage. Chapter 6

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

The Project Definition Document

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

The first task of the planning committee is to prepare a document defining project goals, scope, roles, and risks along with success criteria and milestones. This will be a living document that will guide the Chapter 15team - Pr ofiles, Policies, and Pr ocedu assessment, res planning through the infrastructure design, and implementation stages. As Chapter 16 Securing Client Access expectations, requirements, and conditions change, the planning definition document will serve as a Chapter 17 - for Netkeeping wor k Configur at ion on track. touchstone the project Chapter 14 - Client Configur ation and Deploym ent

Chapter 18 - Pr int in g Chapter Project 19 Goals - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

While savingOngoing money isAdministr likely toation be anofimportant the strategic advantages and other benefits the Ser v erobjective, - Based Com puting Chapter 21 in - Chapter 1 may be even more important considerations. Clearly defined project goals described Envir onment serve a benchmark Pa r t I V as - Appendi x es

as the server-based computing project rolls out.

Appendix A - I nter netw or k ing Basics

ProjectB Scope Appendix - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

The preliminary work done by the feasibility committee combined with management's reaction to the financial analysis enable the planning committee to identify the parameters of the SBC project. In List of Figur es particular, the committee must select the applications to be run via SBC along with expectations for List of Tables stability and for upgrades during the implementation process. Adding a new application, for example, List of Caseextensive Studies testing as well as the creation of a new server image. What's known as scope creep requires List of Sidebarsand guidelines need to be established for an approval process when requests for is inevitable, additional applications or features are made. Allowances must also be made for delays caused by these changes. I ndex

Project Roles Keeping the project's executive sponsor closely informed of progress will help garner upper management support when needed. The project also requires both an IT owner and a high-level

business owner who can intercede to work through any problems that may arise. A project manager needs to be assigned along with a backup project manager who can make decisions in the event the project manager Cit is unavailable. Outlining escalation forver contacting the appropriate rix Me t aFra m e Access Su it e fo rprocedures W in do w s Ser decision maker in2 the the project 00 3event : Th e that O ff icial Guid e manager is unable or unwilling to solve a problem helps to keep things on track. If theKaplan rolloutetisal. large enough, both a quality assurance person and a training ISBN:0072195665 by Steve coordinator should be assigned to the project as well. McGr aw -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also Identifying risks such learnas t o scope centr alize creep, application unavailability managem of resources, ent, r educeand soft lack w ar eof user acceptance helps on thestrategies desktop, and mor e. the committee include for reducing the risk of problems with the project. Contingency plans

Project Risksscalable thin- client

should also be included. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

The Criteria for Success Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

Identifying the criteria by which the project will be judged a success enables the planning and implementation teams to better focus their energies. If user satisfaction is a requirement for success, Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g for example, user surveys should be designed along with a mechanism for their distribution, collection, I ntrWe oducing Ser ver -Based Com puting and th e allowing On- Dem and and tabulation. recommend simple electronic forms users to grade the SBC project on Chapter 1 Enterpr ise items such as performance, functionality, and reliability. Figure 4-1 shows a sample of the Lotus Chapter 2 - Window s Ter minal Ser vices Notes-based survey forms that ABM e-mailed to their users. I ntr oduction

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

Figure 4-1: ABM's user survey form

Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 Milestones - Migr ation to Window s 2003 and Citr ix MetaFrame XP Project Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir onment The infrastructure assessment and upgrade, design document, beta implementation, enterprise Pa r t I V Appendi x es rollout, and administrator and user training are examples of project milestones. Appendix A - I nter netw or k ing Basics Appendix Change B Management - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

Organizations are first and foremost social systems. Without people, there can be no organization . . . Organizations are hotly and intensely political.

List of Figur es List of Tables

List of Case Studies —Fred Nickols, Change Management Expert List of Sidebars

The analysis prepared by the feasibility committee regarding corporate culture and politics should be incorporated into a plan for successful organizational change. Potential implementation of new application standards, user perceptions of IT, reductions in IT staff and IT salaries, and other political considerations need to be addressed and solutions for them found. For instance, one of our customers created an organizational change plan that began with a meeting of the presidents of all the business units. By explaining the benefits of an on-demand enterprise, he turned the presidents into allies that helped smooth the process of organizational change. Preparing for organizational change is covered

more thoroughly in Chapter 10. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rixAssessment Me t aFra m e Access Su it e fo r W in do w s Ser ver Infrastructure 2 00 3 : Th e O ff icial Guid e

by Steve SBC Kaplanplanning et al. To produce a meaningful document, a detailed ISBN:0072195665 infrastructure assessment must first be McGr aw -Hill ©includes 2003 (724 identifying pages) completed. This assessment the appropriate contacts for each category and conducting meetings This with guidethem. ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy 2000/ Windows 2003 Ser v er and MetaFr am e. and Also remedy any infrastructure Another purpose Windows behind the infrastructure assessment is to discover t o centr alizecomputing applicationrollout. managem r educe soft w ar e problems prior tolearn a server-based In aent, PC-based computing environment, on the desktop, and mor e. employees are often used to things being sloppy. Although the network might have some performance < ?xm l version= "problems, 1.0" encoding= SO- 8859?> or downtime users" I tend to be1"somewhat understanding because they commonly save files Tato ble o f Con t en t s drives anyway. When users destroy their PC configurations by adding a software their local hard Citr ix MetaFr am e Access for Window s Ser er 2003—The Officialthan Guide utility or deleting an INISuite file, they often ask a vpeer for help rather making an embarrassing support call to IT. For ewor d Since users work on their personal computers and departments run their own servers, they areoduction less likely to complain to IT staff or management even when problems arise that are not of their I ntr own Pa r t I making. - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 In a server-based computing environment, employees' personal computers become corporate Enterpr ise

computers. vastly Chapter 2 - While Window s Termore minal efficient Ser vices from an organizational standpoint, users lose the status

conferred by having ever more powerful PCs. They are more likely to complain about problems that - Citr ix MetaFr am e Access Suite they would never have mentioned in a PC-based computing environment. Since users are completely dependent upon a central server farm for most or all of their applications, any instability or Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 - problems in the network infrastructure will instantly be amplified. The new technology will performance I mplem ent ation often be for- Based the existing infrastructure problems. file servers, the data center server Chapter 5 blamed - Ser ver Computing Data Center ArchitectBack-end ure backbone, and wide area connectivity all need to be running flawlessly or the enterprise deployment of Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing server-based computing will be in jeopardy of failing. Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 7

- The Client Envir onment

Chapter 8

- Security

The Application Environment - Net w or k Managemen t

Chapter 9

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Server-based computing is about the delivery of applications. It is therefore crucial that all relevant information about the hosted applications be identified.

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Application Database Sources

Chapter 13 - Application I nstallation and Configur at ion Chapter - Client Configur ation information and Deploymutilized ent List the14 source of any database by applications, including the database application, Chapter 15system, - Pr ofiles, and Pr ocedu res the host and Policies, its geographical location. Chapter 16 - Securing Client Access

Operating Under Terminal Chapter 17 - Net wor k Configur at ion

Services

Chapter 18 - Pr int in g

Describe whether manufacturer support exists for running each application under Windows Server 2003 Terminal Services. List any manufacturer requirements for this environment as well as any Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP caveats. Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Application Composition

Pa r t I V - Appendi x es

Appendix - Ilanguage nter netw orof k ing Basics DescribeA the each application as well as whether it is client, server, or Telnet. Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model Application Architecture I ndex

Determine List of Figur eswhether or not the application is built for a multiuser environment. List of Tables

Tip Custom applications can be particularly tricky. You will want to make sure that the applications use Microsoft multiple-user architecture that utilizes roaming profiles. This means that the List of Sidebars applications are user-specific, that users have their own separate settings and will not be sharing them (HKEY_CURRENT_USER versus HKEY_LOCAL_MACHINE). The applications should also have subordinate files, such as log files or temp files, that can be redirected to the user's Windows directory and/or Temp directory. A program that is not user-specific but has global settings means that a user making setting switches will affect all users on that server. If the application is not written as user-specific, you will need to lock those keys in the registry to prevent users from changing them. List of Case Studies

Manufacturer Support Contracts If manufacturer support contracts for any ofe the include the relevant information Cit rix Me t aFra m eexist Access Su it fo r applications, W in do w s Ser ver along with phone2numbers the appropriate identification authorization. 00 3 : Th eand O ff icial Guid e by Steve Kaplan et al.

Application Requirements McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and

List specific operating conditions for each application, including scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

Memory requirements learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Disk space requirements

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con trequirements en t s Sound Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Drive For ewor d mapping requirements I ntr oduction

Any patches or service packs

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Location Chapter 1 - of the install files Enterpr ise Chapter 2 - Window s Ter minal Ser vices Application Issues Chapter 3

- Citr ix MetaFr am e Access Suite

List application that affect Pa r t Iany I - De signi ng a nissues Ent e rpr i se could SBC Solut ionperformance

within an ODE environment. For instance, if an application toYour cause screens a PC-based computing environment, the Prtends epar ing Or blue ganization for when an On-running Dem andinEnterpr ise Chapter 4 planning committee must be aware that similar problems are likely to occur under server-based I mplem ent ation computing. Chapter 5 - Ser ver - Based Computing Data Center Architect ure Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 8

- Security

Application Chapter 7 - ThePackaging Client Envir onment

Describe how the application is distributed to users within the existing PC-based computing - Net w or k Managemen t environment. How often is the application revised? How is it packaged? For instance, can users install Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt updates with a single mouse-click? Chapter 9

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 Application - Ser ver ConfigurSupport ation: Windows Ter m inal Serv ices Internal Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Identify13 any- internal support contacts forConfigur all internal Chapter Application I nstallation and at ionand line-of-business applications. Identify any internal14application owners ation who are Chapter - Client Configur and responsible Deploym ent for deploying new versions of applications. Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

The Hardware Environment

Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

The planning Chapter 18 - Prprocess int in g will be based upon knowledge about the existing hardware environment for servers19 and- host systems. Because SBC users will likely require more central storage for their Chapter Disaster Recovery and Business Continuity in the SBC far Envir onment data, existing storage are aand particularly importantXP element to consider. Chapter 20 - Migr ation subsystems to Window s 2003 Citr ix MetaFrame Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

onment Environment The DataEnvir Center

Pa r t I V - Appendi x es

Appendix A -existing I nter netw or kcenter ing Basics Evaluating data sites for power, cooling, and physical security will let the project Appendix - Creating On- Demthey and are Enterpr ise Financial Analysis planningBteam assessanwhether adequate for hosting theModel SBC data center(s). Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

The System Management Environment (SME)

I ndex

List of Figur es

List Evaluating of Tablesthe existing SME enables the planning committee to incorporate it into the server-based

computing design. This includes identifying any existing tools for measuring metrics, such as HP List of Case Studies OpenView. List of Sidebars

The Support Structure and Processes Determining the different levels of support resources available will help the planning team arrive at a strategy for providing support during the implementation. Also define the way support calls are placed and relayed. What help desk package is in use, if any? How is a PC call handled versus an operating system issue? Are any service level agreements (SLAs) currently defined? How is support localized in

remote offices? rix Me t aFra m e Access Su it e fo r W in do w s Ser ver The TestingCitEnvironment 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 Steve Kaplaniset al. Creating a testingbyenvironment crucial to implementing and successfully maintaining an on-demand McGr aw -Hill © 2003 (724to pages) enterprise. The planning team needs know if a current formalized testing environment exists and if testing labs are available. This guide ex plains how to build a r obust, reliable, and

scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Change Control Procedures

What change control policies and procedures are in place today? What kind of approval process is

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> required for making changes? Does a database application exist for recording all changes to critical Ta ble o f Con t en t s

systems? Is there a quality assurance group?

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor Tipd In many organizations, the IT administrators learned their trade on a PC rather than in a host I ntr oduction systems environment. They may be used to making changes on-the-fly and not recording the Pa r t I - Ovchanges er vi e w ofthey Entemake. r pr ise This Se r veapproach r - Ba se d Com in g willput cause

SBC to fail. A mainframe shop mentality with

I ntr oducing ver -Based Com puting and th e On- Dem and change Ser control is essential for success. Chapter 1 rigorous Enterpr ise Chapter 2

- Window s Ter minal Ser vices

The Training Environment - Citr ix MetaFr am e Access Suite

Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Is there a formalized training group? Are classrooms available? What kind of training is commonly

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise used for Chapter 4 IT -people? For end users? I mplem ent ation Chapter 5

- Ser ver - Based Computing Data Center Architect ure

The Windows Environment - DesigningServer Your Netw or k for Ser ver- Based Com put ing

Chapter 6 Chapter 7

- The Client Envir onment

Identifying components such as protocols used, the existing domain structure, naming conventions, - Security and partitioning is essential information for planning a Terminal Services infrastructure.

Chapter 8 Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Network Architecture

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Defining the existing network architecture is crucial to designing a solid SBC infrastructure, including routers, switches, protocols, policy servers, bandwidth allocation policies, remote office servers, Chapter 13 - Application I nstallation and Configur at ion existing redundancy options, and remote access capabilities. Any existing network reliability or Chapter 14 - Client Configur ation and Deploym ent performance problems such as client latency issues need to be identified and ultimately resolved prior Chapter 15 - Pr ofiles,computing Policies, and Pr ocedu res to the server-based rollout. Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

The Security Environment

Chapter 18 - Pr int in g

Chapter Disaster Recovery and Business Continuity in the SBC Terminal Envir onment In order19for- the planning committee to design the proper secure Services environment, they Chapter 20 Migr ation to Window s 2003 and Citr ix MetaFrame XP need to know the following: What firewalls are in place? How is dial-up security currently handled? Ongoing Administr ation of the Ser v er - Based Com puting What internal Chapter 21 - policies are in place on NT servers? How is lockdown of NTFS partitions handled? Is Envir onment

there a security group?

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

The Backup Environment

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Increased data consolidation within SBC will likely require increased storage systems and, therefore, new backup systems. The planning committee needs to know what kind of data backup mechanisms List Figur es policies exist today. andof backup I ndex

List of Tables List of Case Studies

The Printing Environment

List of Sidebars

Printing is a big issue under Terminal Services, and the existing environment needs to be defined. Does printing take place through locally attached printers or only on the network? What network protocols are used? What are the types and number of printers? What print drivers are required? Are print servers used in remote offices today?

The Client Environment

Define the client environment of the SBC participants. This includes categories of users, their location, and whether they have access to a local server. Also describe the details of the specific clients, such as device (PC, laptop, workstation, handheld), local O/S, Cit rix UNIX Me t aFra m e Access Su it e fo r model, W in do w s Ser ver and any existing performance 2 00 3 : Th e O ff icial Guid e or reliability issues. by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver The ProjectCitDesign Plan 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 Steve Kaplan al. The project plan by incorporates all et aspects of the SBC design. This plan includes both the project McGr aw -Hill © 2003 (724 infrastructure pages) definition document and results of the assessment. The financial analysis performed by the feasibility committee should be fine-tuned throughout the planning This guide ex plains how to build a r obust, reliable, and process until the final planning scalable client com onment and deploy document includes a solidthinestimate for puting projectenvir costs.

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o should centr alize application ent, r educeserver-based soft w ar e The planning document clearly conveymanagem the organization's computing migration on the desktop, and mor e. strategy and be suitable for presentation to both executives and auditors. It discusses the various < ?xm options l version= that the " 1.0" planning encoding= team " I SOconsidered 8859- 1" ?> for each major component of the project, along with the Tarationale ble o f Con t en t s the team's ultimate decision. behind Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Incorporated as part of the plan should be the considerations given to capacity planning, redundancy, For ewor d

and security. The tremendous advantages accruing from the centralization that SBC enables can become huge liabilities if scalability is not easily incorporated, a crucial data center component without Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g a redundant part should fail, or the system's security is compromised. I ntr oduction

Chapter 1

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

-

The project plan also serves as a roadmap for the project managers and implementation team as they - Window s Ter minal Ser vices work to institute an enterprise SBC environment. Detailed explanations of the design plan are Chapter 3 - Citr ix MetaFr am e Access Suite discussed in the remaining chapters in this part of the book. An overview of the design plan follows. Chapter 2

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Terminal Services I mplem ent ation Design

Chapter 4 Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Designing the Terminal Services environment will be difficult for organizations unfamiliar with the - Designing Your Netw or k for Ser ver- Based Com put ing basics of server-based computing. We recommend that the appropriate IT personnel take courses in Chapter 7 - The Client Envir onment Terminal Services, MetaFrame XP Presentation Server, and Advanced MetaFrame XP Presentation Chapter 8 - Security Server before beginning the design process. Since SBC consolidates processing into a central data Chapter 9 - Net w or k Managemen t center(s), it is important to plan for redundancy of all key components. The MetaFrame XP Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Presentation Server server farm with load-balancing has built-in redundancy, but special awareness Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment should be given to implementing it for other servers such as Windows Server 2003, SQL, e-mail, and Chapter 11 - Ser ver Configurshould ation: Windows Ter m inal for Servother ices critical components such as network web services. Redundancy also be included Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation ver switches, load-balancers, routers, storage units, and bandwidth Ser management devices. Chapter 6

Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Application Architecture Design Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Define 16 the strategy both for deploying the on-demand enterprise environment and for handling legacy Chapter - Securing Client Access applications willk not be supported. Users may be allowed, for instance, to run legacy applications Chapter 17 - that Net wor Configur at ion

locally as long as they want. Alternatively, they may be given a deadline for transitioning to corporateapproved and -supported applications. (Application strategies are covered in more detail in Chapter Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment 13.) Chapter 18 - Pr int in g

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Ongoing Administr ation of the Ser v er - Based Com puting Chapter Data Center 21 Architecture Design Envir onment Pa r t I V - Appendi x es

The planning team needs to determine the number of data centers, based upon demographic,

Appendix A - disaster I nter netw or k ing Basics geographic, recovery, and business requirements. They must evaluate site considerations, Appendix B Creating an and Enterprand ise Financial including power, cooling,OnfireDem suppression, physical Analysis security. Model They also must evaluate options for Appendix C - Creating an OnDem andor Enterpr Subscr iption Billingsuch Model either hosting the centers internally usingise co-location centers, as AT&T or Verio. (Data center I ndex architecture is discussed more thoroughly in Chapter 5.) List of Figur es

Disaster List of Tables

Recovery/Business Continuity Design

List of Case Studies

Since users are completely dependent upon SBC for all of their hosted application processing, disaster recovery is an extremely important component. Fortunately, server-based computing makes a real-time disaster recovery solution far more practical and affordable than in a PC-based computing environment. (A variety of disaster recovery options are discussed in Chapter 19.)

List of Sidebars

Network Backbone Design Each data center requires a high-speed backbone connecting the MetaFrame server farm with other servers in the data center. Small organizations may be able to get by with 100-Mbps switched

Ethernet. Large firms will likely require ATM or switched gigabit. Redundant network interface cards (NICs) and switches should be incorporated as part of the design. (The network backbone is discussed more thoroughly Cit in Chapter 6.) m e Access Su it e fo r W in do w s Ser ver rix Me t aFra 2 00 3 : Th e O ff icial Guid e

Server Farm Architecture by Steve Kaplan etDesign al.

ISBN:0072195665

McGr aw -Hill © 2003 (724 pages)

The findings from the proof-of-concept pilot program will enable the planning committee to select This guide ex plains how to build a r obust, reliable, and server quantity, type, sizing, and configuration for the Terminal Services implementation. The Citrix scalable thin- client com puting envir onment and deploy resource manager component Windows Monitor can help determine server Windows 2000/and Windows 2003Performance Ser v er and MetaFr am e. Also scalability. Other learn tools tcan simulate server loads. If DOS or r16-bit will be run, extra servers o centr alize application managem ent, educe applications soft w ar e desktop, and morfarm. e. may be required on for the a multitiered server Likewise, support for multiple languages will necessitate additional servers each language. (Server < ?xm l version= " 1.0" for encoding= " I SO- 88591" ?> farm architecture is discussed more thoroughly in Chapter 12.) Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

File Services Design

For ewor d

I ntr oduction

When users store all of their data at corporate data centers, unique problems arise in handling file services efficiently. The project team should evaluate the different options, including server clustering I ntr oducing Ser ver -Based Com puting and th (SANs), e On- Demand andnetwork attached storage (NAS). of general-purpose file servers, storage area networks Chapter 1 Enterpr ise Archive systems and backup software and services must also be selected. (File services are covered Chapter 2 - Window s Ter minal Ser vices in detail in Chapter 6 and in Appendix A.) Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - Server De signi ngArchitecture a n Ent e rpr i se SBC Solut ion Print Design

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

ent ation Printing tendsI mplem to be one of the most difficult and time-consuming parts of an enterprise server-based Chapter 5 -implementation. Ser ver - Based Computing Architect urethe configuration of one or more central computing DecisionsData mustCenter be made about Chapter 6 - Designing Yourcenter Netw or for Ser Comquantity put ing of print servers in remote offices. Just print servers at each data ask well asvertheBased type and Chapter The Client Envir onment a few of7 the- other printer-related decisions the team will have to make include integration of host system8printing, local PC printing, printer auto-creation to create temporary printer assignments for Chapter - Security mobile 9users, trusted print sources, Chapter - Net w or k Managemen t lockdown of registries, and control over printer access. (Printing is discussed in Chapter Pa r t I I I - I min pledetail m ent ing a n O n-D18.) e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

User Profiles Design Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Most Terminal Services implementations utilize either mandatory or roaming profiles, but we recommend that organizations use scripting to enable desktop lockdown while allowing users the Chapter 14 - Client Configur ation and Deploym ent flexibility to select default drives and printers. (We present our scripting techniques in Chapter 15.) Chapter 13 - Application I nstallation and Configur at ion Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter - Securing Client Access Login16Script Design Chapter 17 - Net wor k Configur at ion

To minimize administration, there should be one script that works for both fat and thin clients. Chapter 18 - Pr int in g Additionally, scripts should beBusiness designedContinuity to run very quickly Chapter 19 - login Disaster Recovery and in the SBC and Envirefficiently. onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Automation Design Ongoing Administr ation

Chapter 21 -

of the Ser v er - Based Com puting

Envir onment

You will want to automate application installation and updates, server imaging processes, and client installations using products such as Citrix Installation Manager (IM) and Norton Ghost. (Automation Appendix A - I nter netw or k ing Basics design is covered exhaustively in Part III of this book.) Pa r t I V - Appendi x es

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Windows Server Design

I ndex

List of Figur es

Designing a Windows server infrastructure to support Terminal Services is a key part of the planning process. The following components are included.

List of Tables

List of Case Studies

List of Sidebars Domain Model

Design

When designing large enterprise infrastructures, it is easy to design a domain that entails frequent and inefficient replication. For a server-based computing environment, we generally recommend a single master domain model to separate authentication of users and groups from authentication of resources. (Domains are explained in more detail in Chapter 8.)

Active Directory Design

Active Directory planning and configuration tends to be much simpler in an enterprise ODE environment. This is because there is generally no need to worry about intersite replication since all Citare rix in Methe t aFra m ecenter. AccessAnother Su it e fo r W in dothat w s Ser ver domain controllers data concern is eliminated is the need to 2 00 3 : Th e O ff icial Guid e accommodate authentication over the WAN by users in small offices without local domain controllers. ISBN:0072195665 SteveisKaplan et al. (Active Directory by Design covered in Chapter 6.) McGr aw -Hill © 2003 (724 pages) This guide ex plains how WINS Architecture Design

to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows Ser v er MetaFr am (In e. Also Under server-based computing, WINS is 2003 less likely to and be required. Chapter 6, we discuss when and learn t o centr alize application managem ent, r educe soft w ar e how to use WINS.) on the desktop, and mor e. < ?xm l version= " 1.0" encoding=Design " I SO- 8859- 1" ?> Backup Architecture Ta ble o f Con t en t s Citr If the ix MetaFr infrastructure am e Access assessment Suite for Window revealss inadequate Ser v er 2003—The backupOfficial systems Guide to handle the demands of

centralized data storage, the archive systems and backup software and services require selection. For ewor d (Backup systems are covered in Appendix A.) I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Back-EndI Database ntr oducing SerDesign ver -Based

Chapter 1

-

Com puting and th e On- Dem and

Enterpr ise

The size configuration of aSer back-end database in a server-based computing environment, where Chapter 2 and - Window s Ter minal vices

all users will be hitting one database at one time, will often be different from a distributed database - Citr ix MetaFr am e Access Suite model, where several database servers are located across the enterprise. The distributed servers would handle a relatively small number of users and have replicated data backed up and stored at a Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter - The server-based computing model might require far more powerful database server(s) central4point. I mplem ent ation or clustered at theComputing data center, depending on usage, Chapter 5 - servers Ser ver - Based Data Center Architect ure as well as middleware application changes. Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 7

- The Client Envir onment

Network Design - Security

Chapter 8 Chapter 9

- Net w or k Managemen t

A sound network infrastructure is vital to supporting an ODE environment. In addition to remedying any shortfalls discovered during the infrastructure assessment, the following issues should be addressed. Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Topologies

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 the - Application I nstallation Configur at ionbandwidth, the composition of the topology to the Because MetaFrame ICA Clientand uses such little Chapter 14 Client Configur ation and Deploym ent desktop is generally not of great importance as long as it is reliable. In most cases, 4-Mbps Token Chapter 15deliver - Pr ofiles, Policies, and Pr ocedu Ring will the same performance asres switched 100 Mbps. Chapter 16 - Securing Client Access

WAN 17 Architecture Chapter - Net wor k Configur at ion Chapter 18 - Pr int in g

An ODE environment requires a robust, scalable, and highly reliable WAN design because remote office users are completely dependent upon the MetaFrame servers at the corporate data centers. Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP The planning team must evaluate the different connectivity options, including the Internet and Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 - options. During the transition from PC-based to server-based computing, residual traffic redundancy Envir onment will chew up an inordinate amount of bandwidth. The project plan must allow for this temporary Pa r t I V - Appendi x es increased bandwidth requirement during the migration process. (Bandwidth management, including Appendix A - I nter netw or k ing Basics packet prioritization, is often essential in order to ensure adequate performance in a Terminal Services Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model wide area network.) Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

I ndex Alternative bandwidth capabilities should also be designed into the system. For instance, if the primary List of Figur es to remote offices is frame relay, alternative DSL connections to the Internet should be connectivity List available of Tables for backup. Even a dial-up line can keep people in business in the event of a major

catastrophe. The ultimate redundancy is to utilize the unique capabilities of the ODE to build a disaster List of Case Studies recovery solution with multiple fail-over data centers. (Wide area connectivity is discussed more List of Sidebars thoroughly in Chapter 5.)

Remote Access Design The project planning team needs to choose the appropriate remote access strategy, whether using leased lines, frame relay, dial-up lines, or the Internet. (Remote access design considerations, including connection and redundancy strategies, profiles, and gateway routing, are detailed in Chapter

6.)

The SystemsCit Management Environment rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

If the infrastructure assessment indicates that a network management package is already utilized as ISBN:0072195665 by Steve Kaplan et al. part of the existing PC-based computing environment, the planning team should extend it to McGr aw -Hill © 2003 (724 pages) encompass the SBC architecture. The team should also decide on how the existing network This guide ex plains how to build a r obust, reliable, and management package, or a new one, can best be configured to work with server-based computing scalable thin- client com puting envir onment and deploy packages such as Citrix resource manager. (Network management are covered in detail Windows 2000/ Windows 2003 Ser v er and MetaFr am e.environments Also inChapter 9.) learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Metrics Design As part of the systems management environment, the planning team should < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> determine which metrics are to be collected and analyzed in order to develop strategies for expansion Ta ble o f Con t en t s and for limiting bottlenecks. Citrix resource manager is a good tool to use in this capacity, though it Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide may overlap with existing utilities such as HP OpenView. For ewor d

I ntr oduction

Policies and Procedures Design

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 case As is the with the Enterpr ise mainframe model of computing, clearly defined policies and procedures are

essential SBC success. Chapter 2 for - enterprise Window s Ter minal Ser vicesAdding an application or making a small change to a central

router can have severe consequences for hundreds or thousands of SBC users. Although we continue - Citr ix MetaFr am e Access Suite to emphasize the numerous advantages of an enterprise server-based computing environment, it does require that the days of the network cowboy come to an end.

Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

ChapterHaving 5 - Ser ver -raised, Based Computing Data Center Architect been from an MIS perspective, in theure midrange and micro eras of computing, my Chapterstaff 6 - Designing Your rethinking Netw or k for ver-they Based put ing had a hard time theSer way doCom things. For example, while "maintenance Chapterwindows" 7 - Thewere Clientcommonplace Envir onment in the days of the mainframe, they've seemingly disappeared in Chapterthe 8 PC - Security era. My network technicians were used to shutting a system down minutes after Chapterannouncing 9 - Net w orit.k We Managemen all had tot relearn what the MIS personnel we replaced 10 to 15 years ago Pa r t I I I knew - I m ple ent ing anature. n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt asmsecond

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Lackey, Vice President of Ter MIS, Chief Technology Officer, ABM Industries Chapter—Anthony 11 - Ser ver Configur ation: Windows m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Data Center Policies and Procedures Design

Chapter 14 - Client Configur ation and Deploym ent

Chapter 15 - Prdocument ofiles, Policies, andinclude Pr ocedu resorganization's strategy for managing environmental The planning should the Chapter changes. 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

Tip Depending upon the current policies and procedures as revealed in the infrastructure assessment, new requirements may be necessary. For example, a workflow-enabled Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment database should track all changes by administrators and implementers to the Terminal Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Services infrastructure. Chapter 18 - Pr int in g

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

User Policies and Procedures Design

Pa r t I V - Appendi x es

Appendix A must - I nter or k ing Basics Decisions benetw made about data access, device access, and adding new devices. For example, Appendix B Creating an OnDem and Enterpr Financial Analysis Model If so, this policy can have will users be allowed to access local devicesisefrom a Citrix ICA session? Appendix C - Creating an On- such Dem and Enterpr ise Subscr iption Billingand Model unanticipated ramifications, as security concerns. (Policies procedures are discussed more I ndex thoroughly in Chapter 15.) List of Figur es List of Tables

Client Design

List of Case Studies

List of planning Sidebars committee should identify the different client categories and the levels to which they are The

expected to utilize SBC services. They must further decide how to specifically set up the clients, and how to configure user desktops. Choices must be made regarding policies for local browsing, emulation, drive mappings, PC local operating systems, local hardware peripherals, and integration with handheld devices such as Palm Pilots. If Windows terminals will be used, the planning team must evaluate the different options and choose the brand and models most appropriate for their organization. (Client implementation is discussed more thoroughly in Chapter 7.)

Client Operating Systems A primary benefitCit of rix centralized of ver applications. While standard client Me t aFra computing m e Access isSuthe it e standardization fo r W in do w s Ser equipment and operating make easier, one of the most compelling strengths of 2 00 3 : Thsystems e O ff icial Guidadministration e server-based computing its ability to effectively manage a heterogeneous ISBN:0072195665environment. Still, different by SteveisKaplan et al. operating systems do have different ramifications for functionality under Terminal Services. McGr aw -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also Users can launchlearn entire t o MetaFrame centr alize application XP Presentation managem Server ent, r educe desktops, soft wor ar esimply click icons generated on the Neighborhood. desktop, and mor e. Citrix web interface component enables application through Citrix Program The

User Interface Design scalable thin- client

publishing to "a1.0" browser. Citrix" I MetaFrame Secure Access Manager allows access to all features of the < ?xm l version= encoding= SO- 8859- 1" ?> web interface component of MetaFrame Presentation Server as well as the ability to aggregate Ta ble o f Con t en t s information from across the for enterprise, and other data sources and to present it to users Citr ix MetaFr am e Access Suite Window sthe SerInternet, v er 2003—The Official Guide in ewor a secure, personalized manner. For d I ntr oduction

Integration with Local Devices

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Serincluded ver -Based puting and th e with On- Dem Design1strategies must be forCom client integration localand printers, handheld units, scanners, Chapter Enterpr ise

bar code readers, and cash drawers.

Chapter 2

- Window s Ter minal Ser vices

Chapter 3 - Citr ix MetaFr am Design e Access Suite Non-Windows Client Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise MetaFrame Chapter 4 - XP Presentation Server enables UNIX workstations, as well as Linux and Macintosh users, I mplem ent ation without requiring a separate PC. MetaFrame XP Presentation Server for to run Windows applications Chapter 5 - Ser ver - Based Computing Data Center Architect ure protocol. Users can subsequently UNIX (UX/AIX/Solaris) adds the functionality of the X-Window Chapter - Designing Netwapplications or k for Ser verBased putscreen. ing launch 6either WindowsYour or UNIX from theCom same Chapter 7

- The Client Envir onment

Data Organization Chapter 8 - Security Chapter 9

Design

- Net w or k Managemen t

When users migrate to Terminal Services, policies will need to be set about where their data will be stored for different applications (central server storage versus local storage). Creating broad policies Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment that extend across all access infrastructure users will greatly facilitate the ability of help desk personnel Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices to provide prompt support. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Client Application Design

Chapter 14 - Client Configur ation and Deploym ent Chapter 15application - Pr ofiles, strategies Policies, and Pr ocedu res Different may be appropriate for different categories of users. For instance, mobile 16 users will likelyClient haveAccess some local applications, while office users may have none. Chapter - Securing Chapter 17 - Net wor k Configur at ion

Other18Client Chapter - Pr intDesign in g

Considerations

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Groups, drive mappings, and login script strategies must be designed for the different categories of users.

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Security Design

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

AlthoughB security should permeate aspects of the project design plan, a specific security strategy Appendix - Creating an OnDem andall Enterpr ise Financial Analysis Model should be integration, account management, Appendix C identified. - Creating Firewall an On- Dem and Enterpr ise Subscr iption Billingauditing, Model and the Terminal Services registry should all be included. (Security is discussed more thoroughly in Chapter 9.)

I ndex

List of Figur es

General Implementation Design

List of Tables

List of Case Studies

The implementation plan should cover training, user communications, data migration, project management, change management, and customer care.

List of Sidebars

Training Plan A training plan needs to be designed for support personnel, system administrators, and end users.

Tip Once end users are set up to access their desktop through Citrix, you can coordinate a more formal introductory training class by using the MetaFrame XP Presentation Server shadowing Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver capabilities. The trainer can have several users simultaneously shadow her PC. Setting up a 2 00 3 : Th e O ff icial Guid e concurrent conference call provides the audio to describe the visual orientation. ISBN:0072195665

by Steve Kaplan et al. McGrThe aw -Hill 2003 (724 pages) Support Personnel low©administrative requirements of server-based computing combined with guide exwill plains how help to build a rpersonnel obust, reliable, and features such as This shadowing enable desk to support many more users once the onscalable thin- client com puting envir onment and deploy demand enterprise migration is complete. During the transition, however, increased staff and training Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also will likely be necessary handle demands of the new learn t otocentr alizethe application managem ent,architecture r educe soft wwhile ar e supporting users on the old PC-based computing platform. on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 88591" ?>for general information and at-a-glance documents for End Users Distribution of rainbow packets Tafrequently ble o f Conasked t en t s questions are an expedient way to provide quick user orientation to server-based Citr ix MetaFr am e Access document Suite for Window s Ser vafter er 2003—The Official Guide computing. A rainbow is modeled the colorful organizational wall charts found in many For ewor d for quick reference to services and locations. The rainbow document literally contains a hospitals I ntr oduction rainbow of colored sheets, each a bit narrower than the other, providing easy reference to the topics Pa r t the I - Ov er vi e w edge. of EnteSome r pr ise relevant Se r ve r - Batopics se d Com put in on exposed might beg "Getting

Help," "Finding Your Files," "Glossary of

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Terms,"1 and Chapter - "Your Thin-Client Desktop." Enterpr ise Chapter 2 Management - Window s Ter minal Ser vices Project Chapter 3

- Citr ix MetaFr am e Access Suite

The the Pa r t I Iplanning - De signiteam ng a nshould Ent e rprincorporate i se SBC Solut ionessentials of

project management as part of the plan. Implementation teams mustOrhave well-defined tasks, resources must be identified. An Pr epar ing Your ganization for an OnDemand andrequired Enterpr ise Chapter 4 estimated timeline project beta testing and rollout should be included as part of the planning I mplemfor entthe ation document. Chapter 5 - Ser ver - Based Computing Data Center Architect ure Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

An enterprise server-based computing migration requires project manager authority, stakeholder buy- The Client Envir onment in, project reporting and tracking, task assignment, project change control, scope creep control, Chapter 8 - Security organizational change management, and timeline management. (Project management is discussed in Chapter 9 - Net w or k Managemen t detail in Chapter 10.) Chapter 7

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 Management - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Change Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter The planning 12 - Ser document ver Configur should ation: include Citr ix MetaFr the organization's am e Presentation strategy Ser for ver managing environmental

changes to enhance management andatend-user benefits. Administrator and end-user training, Chapter 13in-order Application I nstallation and Configur ion user reference guides, asset tracking, and a frequently asked questions (FAQs) database should all Chapter 14 - Client Configur ation and Deploym ent be incorporated as part of theand project. The planning team should include survey forms for gathering Chapter 15 - Pr ofiles, Policies, Pr ocedu res information to implementation Chapter 16 - prior Securing Client Access and for measuring user satisfaction as the rollout takes place. Chapter 17 - Net wor k Configur at ion

A method for communicating migration plans to users is a very important component of change management. While an on-demand enterprise will provide users with enhanced capabilities and Chapter 19it still - Disaster Recovery Businessorientation Continuity and in the SBC Envirwill onment support, involves change.and Advanced education make the process go much Chapter 20 Migr ation to Window s 2003 and Citr ix MetaFrame XP more smoothly. (Strategies for internal marketing are discussed in Chapter 10.) Chapter 18 - Pr int in g

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

onment CustomerEnvir Care

Pa r t I V - Appendi x es

Appendix - I nter netw or k ingwill Basics The helpA desk department be able to handle many more users once the migration to server-based Appendix B -is Creating an During On- Demthe andtransition, Enterpr isehowever, Financialincreased Analysis Model computing complete. staff may be necessary to handle the

glitches C of the new architecture supporting usersiption on the old PC-based computing platform. Appendix - Creating an On- Demwhile and Enterpr ise Subscr Billing Model (Customer care is given further consideration in Chapter 10.) I ndex List of Figur es

Migrating List of Tables

to Server-Based Computing

List of Case Studies

The planning document should include a roadmap for migrating from fat client to thin client. Also clearly documented should be strategies for consolidating data from both PCs and remote office servers, thus minimizing downtime, and creating a "virtual call center" based upon skill sets.

List of Sidebars

Expanding the Pilot Test to a Beta The planning team must decide at what point the proof-of-concept pilot test will be expanded to a beta implementation, and they must decide the parameters of the beta. Objectives should be defined and results measured in order to allow adjustments to the team's migration strategy if required. A scope

variance process needs to define who has authority to sign off on out-of-scope items, for example, including a new application as part of the beta. (The beta implementation is discussed in more detail in Chapter 10.) Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Me t aFra m e Access Su it e fo r W in do w s Ser ver Chapter Cit 5:rixServer-Based Computing Data Center 2 00 3 : Th e O ff icial Guid e ISBN:0072195665 by Steve Kaplan et al. Architecture McGr aw -Hill © 2003 (724 pages) This guide the ex plains how to of build a r obust, In this chapter, we discuss importance building andreliable, runningand a server-based computing scalable thin- client com puting envir onment and deploy environment in a Windows secure, reliable data center facility. The need for this approach may be obvious to IT 2000/ Windows 2003 Ser v er and MetaFr am e. Also personnel with a learn background host systems,managem but we will define thesoft data in the context of t o centr in alize application ent, r educe w arcenter e building a server-based computing This centralized computing model often entails a new on the desktop, andenvironment. mor e. paradigm for network administrators whose IT experience is limited to running distributed networks < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> based on traditional PC technology. The data center plays a far more important role with server-based Ta ble o f Con t en t s computing than it does in a distributed network environment, especially in a post-9/11 business world Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide of zero acceptable downtime, and the expectation of anytime, anywhere business continuity. The Citrix For ewor d concepts of on-demand and in-control computing start at the data center—if the data center is not built I ntr oduction right, the entire project will be compromised. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and This chapter Chapter 1 - will discuss several key considerations—including the environment, network, and Enterpr deployment—for theise data center architecture. Chapters 17 and 19 will carry the concepts of this Chapter - Window s Ter minal Ser vices data center solution that solves the business continuity and chapter2 forward, detailing a redundant Chapter - Citr ix concerns MetaFr am of e Access Suite disaster3 recovery all businesses today. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise What is- a Data Center? I mplem ent ation

Chapter 4 Chapter 5

- Ser ver - Based Computing Data Center Architect ure

An SBC data center in this context is a central site or location that houses the server-based computing - Designing Your Netw or k for Ser ver- Based Com put ing resources for a company. This site is characterized by limited physical access, superior network Chapter 7 power - Thecapacity, Client Envir onment capacity, power quality, and a degree of internal redundancy for these computing Chapter 8 -Using Security resources. Windows Terminal Services and Citrix MetaFrame Access Suite in a data center can Chapter 9 - a Net w or k Managemen t environment for users, no matter where they are located. Users now provide familiar PC desktop Pa r t I Itheir I - I mdesktop, ple m ent ing n O n-D ema nd Se r ve r -resources Ba se d Comwith pu ti ng Envi r onm e nt they go. take andaany other necessary them wherever Chapter 6

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

The data wasConfigur traditionally realm Ter of the mainframe, Chapter 11 center - Ser ver ation: the Windows m inal Serv ices but Terminal Services and MetaFrame are changing this paradigm. Although centralized mainframe environment is comparatively easy to Chapter 12 - Ser ver Configur ation: Citr ixthe MetaFr am e Presentation Ser ver support, will Icontinue to easy-to-use PC applications. Organizations are Chapter 13companies - Application nstallationmigrating and Configur at ion

desperate for a technology that combines the desirable elements of the centralized computing model with the ability to deliver the desired application services to the end user. This is the basis for the Chapter 15 - Pr ofiles, Policies, and Pr ocedu res server-based computing model utilizing Windows Terminal Services and Citrix MetaFrame Access Chapter 16 - Securing Client Access Suite presented in this book. In the following sections, we present some important considerations in Chapter 17 - Net wor k Configur at ion designing, building, and running a centralized data center environment with server-based computing Chapter 18 - Pr int in g technology. Chapter 14 - Client Configur ation and Deploym ent

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e Overall fo r W in do wConsiderations s Ser ver Designing an SBC Data Center: 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by disparate Steve Kaplan et al. Several seemingly factors come into play when designing a server-based computing data aw -Hill ©together, 2003 (724 pages) center that, whenMcGr considered provide the overall solution of a secure, reliable, and costeffective environment. Some these factors, such as disaster recovery, are traditional concerns of the This guide ex of plains how to build a r obust, reliable, and thinclient com putingfacets envir onment and deploy as part of a computing mainframe world,scalable but they take on additional when considered Windows 2000/and Windows 2003Services. Ser v er and am e. Also environment using MetaFrame Terminal WeMetaFr will examine disaster recovery and learn t o centr alize application managem ent, r educe soft w ar e business continuity at length in Chapter 19, but touch on it briefly here due to the high level of on the desktop, and mor e. importance placed on this topic in today's world.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Disaster Recovery and Business Continuity

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

When initially considering the consolidation of distributed corporate servers, an organization may be concerned about "putting all its eggs in one basket." In most distributed computing environments, a Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g single failed server probably affects only a small group of people. When everyone is connected to the I ntr oducing Ser ver -Based Com puting and th e On- Dem and same server Chapter 1 - (even a "virtual" one), however, its failure could be disastrous. Fortunately, an SBC Enterpr ise environment running Terminal Services with Citrix MetaFrame Access Suite provides a very flexible Chapter 2 - Window s Ter minal Ser vices and cost-effective approach to building redundancy across multiple geographies, power grids, data Chapter 3 - Citr ix MetaFr am e Access Suite access grids, and user access points. Chapter 19 will provide greater detail on why we strongly Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion recommend organizations utilize two data centers (one main data center and one geographically Pr epar ing center) Your Or ganization an On- Dem and Enterpr separate data and how tofortechnically configure thisisesolution. For the purposes of this Chapter 4 backup I mplem ent ation chapter though, we will focus on the requirements of the first data center, with the assumption that Chapter 5 - Ser ver - Based Computing Data Center Architect ure additional data centers will be similar, if not identical. I ntr oduction

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7 The - The Client Envir onment Note SBC computing model is a high-availability solution, not a fail-over solution, as data that Chapter 8 is- residing Security in memory within a session that has not been written to disk will be lost when a

to another Chapter 9 user - Netiswmoved or k Managemen t server due to hardware failure, a server reboot, or a server bluePa r t I I I - I mscreen. ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Outsourcing Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Once a company performs an assessment of its ability to host a data center using some of the criteria presented in this chapter, they may find that they do not have adequate facilities or infrastructure in Chapter 14 - Client Configur ation and Deploym ent place. It may be too costly to create the proper infrastructure, or it may be undesirable to take on the Chapter - Pr ofiles, Policies, In and Pr case, ocedu res task for15a variety of reasons. this the organization may consider taking on a partner to build Chapter 16 Securing Client Access and run its data center. Many companies find that even if they can build and run a data center Chapter 17 outsourcing - Net wor k Configur at ion internally, is still attractive due to cost, staffing, location, or built-in resiliency. Let's look Chapter 18 Pr int in g more closely at the advantages and limitations of outsourcing a data center. Chapter 13 - Application I nstallation and Configur at ion

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

The potential advantages of outsourcing include Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 - built specifically for data center hosting already exist, and in fact, most data hosting Facilities Envir onment

facilities currently have significant excess capacity. Thus, new construction is rarely necessary.

Pa r t I V - Appendi x es

Appendix A - I nter netw orcooling k ing Basics Redundant power, systems, raised floor, and fire suppression are often already in place. Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Physical security an is usually than the companies' internal security. Guards on duty, Appendix C - Creating On- Dembetter and Enterpr ise individual Subscr iption Billing Model I ndex biometric authentication, escorted access, and other measures are typical. List of Figur es

Hosting facilities are often built very close to the points of presence (POPs) of a local exchange carrier (LEC). In some cases, they are built into the same location as a LEC, which can List of Case Studies dramatically decrease WAN communication costs. List of Tables

List of Sidebars

Managed services that can supplement a company's existing staff are usually available. These services are invariably less expensive than hiring someone to perform routine operations such as exchanging tapes or rebooting frozen servers. Hosting facilities carry their own liability insurance, which could have a significant impact on the cost of business continuity insurance.

Many facilities can customize the service level agreement they offer or bundle hosting services with network telecommunication services. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

The limitations of2outsourcing include 00 3 : Th e O ff icial Guid e

ISBN:0072195665 Steve to Kaplan et al. A company'sby access its equipment is usually restricted or monitored. Outsourcing puts further McGr aw -Hill © 2003 (724 pages) demands on the design to create an operation that can run unattended.

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and available. deploy WAN connectivity is limited to what the hosting center has It can be more difficult to get Windows because 2000/ Windows 2003 center Ser v er has and to MetaFr e. Also upgraded bandwidth the hosting filteram such requests through the plans in learn t o centr alize application managem ent, r educe soft w ar e place for theon entire facility. and mor e. the desktop, < ?xm l version= It may be" 1.0" moreencoding= difficult to " I SOget 8859internal 1" ?> approval to outsource the expense because the hosting Ta ble o f Con t en ts services appear as a bottom-line cost, whereas many information technology costs are buried in such as facilities and telecommunications. Citr ix other MetaFrareas am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

If unmanaged space is obtained, it may be difficult or impractical for a company to have one of its own staff onsite at the hosting facility for extended periods of time. I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oduction Pa r t

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter CASE STUDY: 1 Home State Bank Builds Their Own SBC Data Center Enterpr ise Chapter 2

Window s Ter minal Ser vices Home State- Bank (HSB), a regional bank headquartered in Colorado with 180 employees, seven

Chapter - Citr centers, ix MetaFr and am e assets Access of Suite branch3banking $370 million, decided to build a data center to host their serverPa r t I I - computing De signi ng aenvironment n Ent e rpr i se following SBC Solut a ion based consolidation

with American Bank, another mid-sized

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise regional Chapter 4 bank. I mplem ent ation Chapter 5 - Ser ver -Information Based Computing Center Architect ure Jim Hansen, Chief OfficerData of HSB, commented on the decision to build a new data center: Chapter 6 - Designing Your Netw owned or k for Ser Based Com community put ing "Consolidation of the two locally andverindependent banks forced us to bring two Chapter distinct7network - Theenvironments Client Envir onment into one. The consolidation also brought about a change in the means

of providing Chapter 8 - end-user Security connectivity and access to their applications and services. The bank decided to move to9 publishing applicable through Citrix MetaFrame Presentation Server via Chapter - Net w or applications k Managemenwhere t Web help end-user support and keep upgrades toeantminimum. Pa r t I I IInterface - I m ple mtoent ing minimize a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm

We knew we

needed10to centralize everything from both banks, and were no large data centers in our region to Chapter - Pr oj ect Managing and Deploying an Enter pr there ise SBC Envir onment outsource sover we Configur decidedation: we needed to build our Serv own." Chapter 11 to, - Ser Windows Ter m inal ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

HSB built their first data center in March of 2003 for $130,000, with plans to replicate their data center to an off-site data center within one year. HSB's data center currently houses ten Terminal servers, 15 Chapter 14 -servers, Client Configur ationand and telecommunication Deploym ent application the routers equipment for the branch bank WAN, firewalls, Chapter 15 Pr ofiles, Policies, and Pr ocedu res jukebox backup system. Internet banking equipment, and a large tape Chapter 13 - Application I nstallation and Configur at ion

Chapter 16 - Securing Client Access

Some additional details of theatdata Chapter 17 - Net wor k Configur ion center include Chapter 18 - Pr int in g

The data center was built in a bank clearing house basement next to a bank vault—thus, it was protected on three sides by a bank vault and on the fourth side by ground.

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Ongoing Administr ation space, of the Ser v er1500 - Based Com puting 500 feet of data center with square feet of accompanying office space. Chapter 21square Envir onment Pa r t I A V -Liebert Appendi x es 16KVA

uninterruptible power supply, expandable to 20KVA, capable of maintaining

Appendix A -inI the nterdata netw or k ing Basics power center for 15 minutes. Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Water, moisture, fire, and physical security alarm systems.

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex Ceiling-mounted data cable and power racks. List of Figur es List ofHVAC Tables environmental control (ten tons of air-conditioning). List of Case Studies List of Sidebars

CASE STUDY: ABM Chooses AT&T to House Their Main Data Center ABM Industries is a Fortune 1000 Company that provides outsourced facilities services. ABM has 63,000 employees worldwide. Their SBC infrastructure required a data center that would support over 50 servers and 2500 concurrent users. Anthony Lackey, Vice President of MIS, and Chief Technology Officer, for ABM Industries, commented on the decision to outsource the data center in 1999: "The decision to co-locate the data center was a

simple one. First, the single biggest vulnerability point for a thin-client solution is the network portal into the data center. Second, the physical connection from one's office to the network provider's central office is typically the most point.Su Byit co-locating center facilities with our network Cit rix Melikely t aFra failure m e Access e fo r W in doour w s data Ser ver provider, we significantly reduced ourGuid vulnerability. Besides eliminating the risk of the last mile, we also 2 00 3 : Th e O ff icial e eliminate a great by deal of expense." ISBN:0072195665 Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ABM saved approximately $25,000 per month on their ATM circuit by locating their data center inside a This guide ex plains how to build a r obust, reliable, and POP where AT&Tscalable maintained a hosting facility. In this case, there was no local exchange carrier (LEC) thin- client com puting envir onment and deploy involved, and theWindows customer2000/ could connect2003 directly carrier's Windows Ser vto er the andnational MetaFr am e. Also backbone on a different floor learn Key t o centr alize application managem ent, were r educe soft w ar e to ABM in the evaluation of the same building. features of the AT&T facility that important the desktop, and mor e. process were theon following: < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Uninterruptible power: four (expandable to six) 375kVA UPS systems (N+1), dual (N+1) solar Ta ble o f Con t en t s

turbine generators 750kW (with an 8000-gallon fuel capacity).

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d power feeds to each cabinet from two different power systems. Dual I ntr oduction

environmental control central Pa r t I HVAC - Ov er vi e w of Ente r pr ise Se r vefrom r - Ba se d Complant put in (150 g

tons of air-conditioning equipment cooling 60 watts perI ntr square foot). oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 -

Enterpr ise Switched and diverse pathsSer forvices WAN links; redundant OC-3/OC-12/OC-48 connections to multiple Chapter 2 - Window s Ter minal

network access points. - Citr ix MetaFr am e Access Suite

Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Fully staffed network operations center with trained systems administrators, data center

Pr epar ingnetwork Your Or engineers ganization for an OnandaEnterpr ise days a week. technicians, and on duty 24Dem hours day, seven Chapter 4 I mplem ent ation Chapter 5 - Ser ver - Based Computing Data Center ure space allocation. Secured cabinets or caged environment with Architect customized Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing

State-of-the-art VESDA fire detection system (100 times more sensitive than conventional fire Chapter 7 - The Client Envir onment detection systems) backed up by a cross-zoned conventional system to prevent emergency Chapter 8 - Security power-off due early detection. Chapter 9 - Net w orto k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

State-of-the-art Inergen fire suppression system.

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Outage Mitigation Strategies

Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Having a good Disaster Recovery plan in place is small comfort to users if they are experiencing regular interruptions in service. Centralizing computing resources makes it all the more important to Chapter 16 - Securing Client Access incorporate a high degree of resiliency into a design. This goes far beyond just making sure the hard Chapter 17the - file Net wor k Configur ion drives in server are in aat RAID configuration. Companies must take a global view of the entire Chapter 18 Pr int in g infrastructure and assess the following: Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Identify points of failure. Evenand if the server is clustered, what happens if the WAN Chapter 20 - single Migr ation to Window s 2003 Citrfile ix MetaFrame XP connection fails? Administr ation of the Ser v er - Based Com puting Ongoing

Chapter 21 -

Envir onment

Pa r t I Implement V - Appendiredundancy x es

in critical system components. If one server is good, two are better. If

possible, theynetw should carry balanced loads or, at the very least, have an identical backup server to Appendix A - I nter or k ing Basics put online in case one fails.

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an testing On- Dem and Enterpr Subscr iptionsystems. Billing Model Establish a regular schedule for ise all redundant Many organizations have backup I ndex plans that fail when called upon. Thus it is important to document and test the backup systems List ofuntil Figuryou es are comfortable that they can be relied upon in a time of crises. List of Tables

support escalation procedures for all systems before there is an outage. Document the List ofEstablish Case Studies List ofsupport Sidebarsphone numbers, customer account information, and what needs to be said to get past the

first tier of support.

Review the vendor service levels for critical components, and assess where they may need to supplement them or have spare parts on hand. Is the vendor capable of meeting their established service level? What is the recourse if they fail to perform as promised? Is support available somewhere else? Is the cost of having an extra, preconfigured unit on hand in case of failure justified?

Establish a process for management approval of any significant change to the systems. Two heads are always better than one when it comes to managing change. Companies should ensure that both peers andMe management knowSu about, approve of, ver what is happening at the data Cit rix t aFra m e Access it e foand r W in do w s Ser center. 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al.

ISBN:0072195665

Document any change made to any system. For routine changes, approval may not be necessary, McGr aw -Hill © 2003 (724 pages) but companies should make sure there is a process to capture what happened anyway. The audit This guide ex plains how to build a r obust, reliable, and trail can be invaluable for troubleshooting. scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

Develop a healthy for error. An organization should never learn t intolerance o centr alize application managem ent, r educe soft w ar elet itself say, "Well, it just works that way." They shouldand obtain regular feedback from the user community by establishing a on the desktop, mor e. Customer Survey around items like perceived downtime, system speed, and so on, and should < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> give feedback to their vendors and manufacturers. They must keep pushing until things work the Ta ble o f Con t en t s way they want them to work. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

For ewor d some extra capacity into the solution. Being able to try a new version of an application or Build I ntr oduction service pack or hot fix without risking downtime of the production system is extremely important. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Chapter 10 has information on establishing service levels I ntrmore oducing Ser ver -Based Com puting and th e OnDemand and operational procedures as well as samples for documenting various processes at the data center and throughout your organization. Enterpr ise

Chapter 1 Chapter 2

- Window s Ter minal Ser vices

- Citr ix MetaFr am e Access Suite Organizational Issues

Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Whether Chapter 4 an- organization decides to outsource the data center or run it themselves, it is crucial they not I mplem ent ation underestimate the organizational impact of moving toward this sort of unattended operation. Unless Chapter - Ser - Basedrunning, Computing Data Center Architect such a 5center is ver already the following needs to beure done: Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing Come with a three-shift staffing plan (or at least three-shift coverage). Chapter 7 -upThe Client Envir onment Chapter 8

- Security

Decide whether current staff has sufficient training and experience to manage the new - Net w or k Managemen t environment.

Chapter 9

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr ojwhether ect Managing and Deploying an Enter pr ise SBC Envir Determine current staff is culturally ready to deal with onment the "mainframe mind-set" required Chapter 11 - Ser Configur ation: Windowsenvironment Ter m inal Serv ices to make thever server-based computing reliable and stable. In other words, can they Chapter 12 - Ser Configur ation: Citr ix MetaFr amcontrol e Presentation Ser ver manage thever systems using rigorous change and testing procedures? Chapter 13 - Application I nstallation and Configur at ion

Decide which of the existing staff needs to be on-site and when.

Chapter 14 - Client Configur ation and Deploym ent

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res the vendor will be providing and which will be handled If outsourcing, determine which services Chapter 16 Securing Client Access internally. Chapter 17 - Net wor k Configur at ion

If outsourcing, make sure there is a clean division and escalation procedure between internal and Chapter 18 - Pr int in g external support resources. Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Considerations Me t aFra m e Access Su it e fo r W in do w s Ser ver Environmental 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 factors such as power, Kaplan When a network by andSteve server farmetis al. set up in the data center, environmental McGr aw -Hill © 2003 (724 pages) cooling, and potential disasters must be considered. If outsourcing, the vendor should be able to provide details onThis the guide physical setuphow of the facility. ex plains to build a r obust, reliable, and

scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Power

The utilization of an emergency or standby generator is essential when considering power outages that

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> may affect a data center. Outages caused by the local utility that last no longer than 15 minutes will Ta ble o f Con t en t s

typically be supported by an uninterruptible power supply (UPS). However, a standby emergency generator is necessary to support longer outages.

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

I ntr oduction Each component has a power rating, usually in watts, that it requires for continuous use. At best, Pa r t I - Ov er vipower e w of Ente r pr ise the Se r power ve r - Ba se d Comof put in gcomponent. inadequate will strain supply the

At worst, it will cause production

I ntr oducing Ser ver -Based Com puting and th e On- Dem and failure. 1If the Chapter - facility has a UPS, it must have adequate capacity now as well as the ability to handle future growthEnterpr plans.ise Another consideration is how long can the UPS keep the systems running in the Chapter 2 a sustained - Window spower Ter minal Ser vices event of failure? Is there a generator backup? If so, how many gallons of fuel does Chapter Citr ixmany MetaFr am e of Access Suite will that yield? During a power failure, it may be difficult to it have,3and- how hours operation Pa r t I I - De signi a n Ent rprthe i se servers SBC Solut ionequipment. gracefully shutng down all eof and

Liebert, Tripp Lite, American Power Conversion

Pr epar ing Yourprovide Or ganization for ancenter On- Dem and Enterpr ise (APC), 4and- other vendors good data solutions, including software and hardware Chapter mplem ent backup, ation components Ifor power generator switchover, and server shutdown. Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing Assessing Your Power Requirements Chapter 7

- The Client Envir onment The first in assessing the actual power requirements and the resulting UPS need is to estimate Chapter 8 step - Security

the load. is wdone in slightly different ways for different equipment, but it comes down to estimating Chapter 9 This - Net or k Managemen t

the operating voltage, the load (in watts), and a factor for how often the unit is in operation at this voltage and load—sometimes called a power factor. An example for a high-end server might be: Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment operating voltage = 120 volts, load = 400 watts, and power factor = .75 (since it is in continuous Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices operation at nearly peak utilization). This information should be readily available from the Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver manufacturer either in printed documentation or from their web site. A company should collect and Chapter 13 - Application I nstallation and Configur at ion total this information for all of their equipment. Using this example, 15 servers would require 4500 Chapter 14 - Client Configur ation and Deploym ent watts (400 × .75 × 15) plus a "fudge factor" in case multiple servers suddenly run at peak loads—5000 Chapter - Prwould ofiles, be Policies, to 520015watts wise. and Pr ocedu res Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 16 - Securing Client Access

Next, the voltage should be determined. Data center facilities can often handle multiple voltages, Chapter 17 site - Net wor k Configur at ion but 230V/400V is incommon. An organization needs to consider how much room for growth they will Chapter 18 - Pr int g need, and sureRecovery there areand adequate connections tothe support future equipment. Chapter 19 make - Disaster Business Continuity in SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Note Facilities at an LEC might also supply 48VDC.

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Uninterruptible Power Supply

Pa r t I V - Appendi x es

Appendix A - I nter netw or kan inguninterruptible Basics Organizations selecting power supply (UPS) need to determine how long they need Appendix B Creating an OnDem and Enterpr ise Financial Modelwill be able to provide you an their equipment to remain functional after power fails. A Analysis UPS vendor Appendix Creating an OnDem and Enterpr ise on Subscr iptionnumber Billing Model estimateCof- run time after power failure based the total of watts for your equipment. UPS I ndex systems are usually rated in volt-amps. The conversion from watts to volt-amps is V × A = W / 0.8. List of Figur Using the es earlier example, 5200 watts would require (5200 / .8) = 6500 volt-amps. List of Tables

HVAC Units for Cooling and Humidity Control

List of Case Studies List of Sidebars

We have been called in to many organizations to resolve unstable software and server problems, only to discover that the temperature where the servers were running was well over 90 degrees Fahrenheit. Servers and Telco equipment generate a great deal of heat, and will function inconsistently and often sustain permanent damage if their environment has significant temperature variations or remains consistently warm (typically, 66–70 degrees Fahrenheit is considered optimal, with temperature variations of no more than +/-5 degrees per day). The less the variation and the cooler the temperature (but not below 65 degrees), the longer the equipment will operate optimally. Cooling

should not only be sufficient for normal operation, but should have adequate backup. The ideal situation is to have a redundant cooling system with sufficient power backup to support it. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

The cooling system utilized must not add excess moisture to the environment. Industrial evaporators 2 00 3 : Th e O ff icial Guid e are available to avoid this potential problem. Many higher-end ISBN:0072195665 cooling systems have built-in moisture by Steve Kaplan et al. suppression. Detectors should be installed to provide an alert when moisture exceeds recommended McGr aw -Hill © 2003 (724 pages) levels. Keep in mind that a dry environment means that people working in the data center should drink This guide ex plains how to build a r obust, reliable, and adequate amounts of water, thus water fountains should be placed at convenient locations. scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also managem ent, r educe soft w ar e on the desktop, and mor e.

HVAC Evaluation learn t o centr alize application

When evaluating HVAC units, the following factors should be considered:

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s The temperature and humidity tolerances of equipment Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

The For ewor d amount of space to be cooled (in cubic feet) I ntr oduction

The period of operation (evenings? weekends?)

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing ver -Based Com puting and th e OnDem and Seasonal needs (areSer some months much hotter than others?) Chapter 1 Enterpr ise Chapter 2 - Window Terbe minal Ser vices Whether peopleswill working for prolonged periods in close proximity to the equipment Chapter 3 - Citr ix MetaFr am e Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Fire Suppression Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Chapter 4

-

I mplem ent ation

Data center certified fire suppression systems are extremely important in any operational facility. The Chapter 5 - Ser ver - Based Computing Data Center Architect ure systems use some type of mechanism to help extinguish fires without damaging hardware or facilities. Chapter 6 Designing Your Netw or k for Ser ver- Based Com put ing Today's fire- suppression systems must comply with environmental concerns regarding ozone Chapter 7 and - The Clientsafety. Envir onment depletion human This is an important consideration if the data center will be staffed and Chapter - Security there is8a potential for the fire suppression system to be activated while people are present. Chapter 9

- Net w or k Managemen t

Pa r t I I I Suppression - I m ple m ent ing aSystem n O n-D e m aTypes nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Fire

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Many types systems are available that comply withServ environmental requirements and use different Chapter 11 - of Ser ver Configur ation: Windows Ter m inal ices agents 12 to suppress Weation: recommend comparing the qualitySer of ver the different types of fire Chapter - Ser ver fires. Configur Citr ix MetaFr am e Presentation

suppression to Idetermine one best fits the data center setup. Table 5-1 lists the Chapter 13 - systems Application nstallation which and Configur at ion advantages and disadvantages of some of the different systems currently available.

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Table 5-1: Comparison of Commercial Fire Suppression Systems

Chapter 16 - Securing Client Access Chapter k Configur at ion Type17 of - Net wor Chemical Agent Chapter 18 - Pr int in g System

Advantages

Disadvantages

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Precharge sprinkler

Water

Provides the best suppression of all Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 fires and protection Envir onment for structures. No Pa r t I V - Appendi x es water sits above Appendix A - I nter netw or k ing Basics sensitive equipment.

Extra plumbing is required, including lines and routing of pipes to avoid the data center and sensitive equipment. Major water damage is likely when Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model discharged. Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex Wet

Water

Listsprinkler of Figur es List of Tables List of Case Studies

Provides the best suppression of all fires and protection for structures.

Accidental discharge from human or environmental factors can set it off. Major water damage is likely when discharged.

Doesn't displace oxygen, so it is safe when people are present.

High cost.

List of Sidebars

FM-200

Heptaflouropropane

Inergen

Argon, nitrogen, and Allows storage or High cost, large storage CO, (stands for 2 Inert flow over data space. Cit rix t aFra m e Access center Su it e fo r W in do w s Ser ver gas andMe nitrogen) room. 2 00 3 : Th e O ff icial Guid e Inergen leaves by Steve Kaplan et al. enough oxygen forISBN:0072195665 McGr aw -Hill © 2003 (724 pages)people to breathe. This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Seismic and Other Environmental Activity

Forl data centers California" Ior other seismically active areas, adequate facility bracing is a must. < ?xm version= " 1.0"inencoding= SO88591" ?> Facilities should meet or exceed the earthquake regulations for the area. In addition, computer Ta ble o f Con t en t s hardware and cabinets, others equipment shouldOfficial have their own bracing and be able to pass Citr ix MetaFrracks am e Access Suite forand Window Ser v er 2003—The Guide inspection. Other geographical areas have different environmental concerns that should be planned For ewor d for; for example, possible hurricanes in Florida, or major snow storm-based power outages in some northern states. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g I ntr oduction

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

ise PhysicalEnterpr Security

Chapter 2

- Window s Ter minal Ser vices If most,3or all, ofixanMetaFr organization's computing infrastructure will be housed at a data center, it is Chapter - Citr am e Access Suite

imperative thatng physical be restricted Pa r t I I - De signi a n Ent eaccess rpr i se SBC Solut ion

and monitored. Many outsourced hosting facilities have security guards, card-key access, motionforsensors, andand silent alarms. Pr epar ing Your Or ganization an On- Dem Enterpr ise Despite tremendous amounts of Chapter 4 time and money spent a network with hardware and software security, data can still be at I mplem ent protecting ation considerable riskver if -physical security isData not Center considered. Weure discuss security in more detail in Chapter 8. Chapter 5 - Ser Based Computing Architect Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Network Considerations 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve Kaplansome et al. important factors to consider In the next sections, we discuss when planning the data network McGr awcenter. -Hill © 2003 (724 pages) Chapter 6 is dedicated to network design and provides much more connections into a data detail on these and other topics. This guide ex plains how to build a r obust, reliable, and

scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

User Geography and Location of the Data Center The geographic dispersion of the user community plays a major role in the site selection for a data

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> center. Whether a company has only domestic or domestic and international offices has a profound Ta ble o f Con t en t s

influence on data center aspects such as availability for WAN bandwidth and hot sites. Ideally, the chosen site should yield the lowest overall network cost from the national exchange carriers while For ewor d meeting all the other requirements mentioned in this chapter. One of the single largest cost items in I ntr oduction building your data center will be the data network. Anyone who has ever ordered a data line from a Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g local or national carrier knows that the distance from their office (demarcation point or demark) to the I ntr oducing Ser ver -Based Com puting and th e On- Dem and carrier's1 point Chapter - of presence (POP) can translate into hundreds or thousands of dollars per month. A Enterpr ise data center is no exception. If installing high-bandwidth connections such as ATM, an organization Chapter 2 - Window s Ter minal Ser vices could be looking at thousands of dollars in cost for a very short distance to the local POP. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - Zones De signi ng a n Ent e rpr i se SBC Solut ion Time

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Chapter 4

-

Chapter 8

- Security

I mplem ation Both Windows 2003ent and Citrix MetaFrame XP support time-zone translation—meaning that the client Chapter 5 will - Ser ver - Based Computing Data Centertime Architect machine display the time based on its local zone ure rather than the time zone of the server. This Chapter 6 -feature Designing Your Netw or k whose for Ser verBased ing is a critical for organizations users mayCom be put in physically disparate time zones relative to Chapter 7 servers - The Client Envir onment where the are physically located. - Net w or k Managemen t Bandwidth Availability

Chapter 9

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter - Pr oj ect Managing and Deploying an Enter pr ise Envir onment Another10consideration in planning network connections is SBC bandwidth availability in the area where the Chapter 11 - isSer ver Configur ation: Windows m inal Serv ices data center located. The required circuitsTer may be easily ordered now, but what about in six months Chapter 12 It - is Ser ver that Configur ation: Citr ix MetaFr amthe e Presentation Ser ver usually from the LEC, and its or a year? vital a company understands capacity available,

growth 13 plans. We have seen many and customers delays in their entire data center build-outs Chapter - Application I nstallation Configurexperience at ion because wereConfigur no additional circuits available from the LEC, and no one thought to check in Chapter 14there - Client ation and Deploym ent advance were over-promised by the Chapter 15(or - they Pr ofiles, Policies, and Pr ocedu res LEC when they did enquire). Chapter 16 - Securing Client Access

Tip It has been our experience over many years that telecommunication carriers are often overly optimistic when estimating the time required to install a circuit. They are similarly overly Chapter 18 - Pr int in g optimistic about the time required to make an installed circuit work smoothly. It is important to Chapter 19 - Disaster Recovery Business in circuit the SBC onment build extra time into theand schedule forContinuity getting the in Envir and working. Chapter 17 - Net wor k Configur at ion

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Bandwidth Management Chapter 21 Envir onment Pa r t I Vto- the Appendi x esof Due nature

IP, any amount of network bandwidth can be swallowed up by a variety of both

Appendix A and - I nter netw or k ingapplications, Basics important unimportant with no respect to priority. Thus, having the tools in place to Appendix manage,B understand, - Creating an report, On- Dem andand prioritize Enterprbandwidth ise Financial is Analysis critical. AModel discussion of tools for managing and

prioritizing is included in Chapter 6. Subscr iption Billing Model Appendix C bandwidth - Creating an On- Dem and Enterpr ise I ndex

Reliability

List of Figur es List of Tables

Anofunreliable network can kill a project. It is crucial that an organization ensure that its bandwidth List Case Studies carrier can provide detailed reliability statistics of the circuits to be used. Especially in the case of List of Sidebars newer topologies like ATM, incorrect assumptions of flawless performance may lead to project failure. It is wise to get customer references, and ask those companies how the carrier's product is working for them. Organizations should also allow adequate time for their own testing to make sure the circuits are sufficiently reliable to meet their needs.

Network Redundancy

It makes little sense to design all of the components of a data center with fail-over capability if the network represents a single point of failure. This is especially important with a server-based computing design. Users willCit rely network to reach one a in few centers; it must be resistant to rixon Methe t aFra m e Access Su it e foor r W dodata w s Ser ver production outages. can be expensive, but carriers are often able to sell 2 00Buying 3 : Th e a Oredundant ff icial Guidcircuit e access to a circuitbytoSteve moreKaplan than one company for far less than ISBN:0072195665 the circuit itself would cost. In case the et al. primary circuit fails, they can switch customers to this backup so they can continue operation. If a McGr aw -Hill © 2003 (724 pages) secondary live circuit is not practical or affordable, another option is putting a second type of lowerThis guide ex plains how to build a r obust, reliable, and bandwidth circuit scalable in place.thinThese backups will envir not provide bandwidth of course, but some client com puting onment as andmuch deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also access would at least be available. learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. Using the Internet as a Redundant Network < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> and many households today have Internet access, the Internet makes an TaSince ble o fmost Con t businesses en t s

obvious choice canWindow be secured) for2003—The access into the data center or as a backup network Citr ix MetaFr am e (assuming Access Suiteit for s Ser v er Official Guide access For ewor dpath into the data center if private line access is lost. With the release of MetaFrame Secure

Gateway, Citrix made it very easy for organizations to utilize the Internet as an access point into the data center. With Secure Gateway, all ICA data traversing from the Internet to the data center (and Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g back to the Internet) is encrypted using SSL encryption (port 443), and no additional firewall portholes I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 - software is required. or client-side Enterpr ise I ntr oduction

Chapter 2

- Window s Ter minal Ser vices

Virtual private network (VPN) technology may also be utilized for this same purpose (encryption of ICA Citr ix MetaFr am e Access Suite traffic going- over the Internet). In the case of VPN technology, we strongly recommend the use of Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion hardware encryption devices at the data center rather than software termination. Additionally, we have Pr epar ing to Your Or ganization for anamount On- Dem Enterpr ise overhead due to the complexity found that tend require a significant ofand administrative Chapter 4 VPNs I mplem ent ation and update requirements of the client-side VPN software. Both Secure Gateway and VPN technology Chapter 5 - Ser ver - Based Computing Data Center Architect ure are discussed in detail in Chapter 6. Chapter 3

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Cable Management - Security

Chapter 8 Chapter 9

- Net w or k Managemen t

Just as managing the data center requires more meticulous methods than in a distributed environment, setting up the cabling requires careful organization. Cable management systems with Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment easy-to-understand labeling and adequate capacity for growth should be used. Color-coding can Chapter 11 significantly - Ser ver Configur ation:the Windows Ter mquickly. inal ServRed ices could be used for critical LAN and WAN contribute to finding right cable Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver ports, for example. Green could be used for mission-critical servers, and so on. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 13 - Application I nstallation and Configur at ion

Just as14 important, cables should not be Chapter - Client power Configur ation and Deploym enta pile of spaghetti. Cable trays and ties will keep cables out of the help to organize them.res Equipment power cables should plug neatly into racks and Chapter 15 way - Prand ofiles, Policies, and Pr ocedu cabinets, the largeClient power cables from the racks should plug into the under-floor power grid with Chapter 16 and - Securing Access only enough slack allow foratmoving the floor panels. Chapter 17 - Net worto k Configur ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m ein Access it e fo r W inDesign do w s Ser ver Other Considerations DataSuCenter 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve Kaplan et may al. apply to a company when There are a number of issues that considering the centralization of its McGrItaw © 2003 (724topages) MetaFrame servers. is -Hill not possible anticipate every conceivable issue of designing a data center, but the following This topics cover some how issues we have run into in theand past that may help in planning. guide ex plains to build a r obust, reliable,

scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Legacy Hosting

Determine if applications will run on MetaFrame servers that need to access data or programs on

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> legacy systems (enterprise resource planning (ERP), database query and reporting tools, and terminal Ta ble o f Con t en t s

emulation are all examples of such applications). If this is the case, the legacy systems and MetaFrame servers should be co-located to optimize the network bandwidth required between these For ewor d systems, as shown in Figure 5-1. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - 5-1: Pr ofiles, Policies, and located Pr ocedu res Figure Legacy systems near MetaFrame servers Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

Offsite Data Storage

Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Even with andtoreliable center, data backups should be taken off-site to a hardened Chapter 20 a- secure Migr ation Windowdata s 2003 and Citr ix MetaFrame XP location or copied to an off-siteation location daily. location Ongoing Administr of the Ser vAerhardened - Based Com puting is one in which proper fire and Envir onment moisture protection has been ensured, as well as physical security for data storage media. During a Pa production r t I V - Appendi failure x esor disaster involving a loss of site, such backups can mean the difference between a quick recovery and noorrecovery at all. Many national and regional firms specialize in data storage. Appendix A - I nter netw k ing Basics Other firms use a an frame relayand connection the Internet to back up data to a secure offsite Appendix B - will Creating On- Dem Enterpr iseorFinancial Analysis Model location.CIf a outsourcing its dataise center, must make sure they have tape exchange or Appendix - company Creating anis OnDem and Enterpr Subscrthey iption Billing Model electronic vaulting as part of the service level agreement (SLA) with their vendor. Otherwise, one of I ndex their will have to travel to the data center daily to change tapes. List of own Figurpeople es Chapter 21 -

List of Tables

Unusual Connectivity

List of Case Studies List of Sidebars

An organization needs to consider if they have systems with network topologies or connection requirements different from those of their MetaFrame servers. Any different topologies, such as SNA, token ring, serial lines, and telephony, will need to be incorporated into the network and facilities design. Bridging or conversion technologies may be required, and they may not work the same way in a MetaFrame and Terminal Services environment as they do in a standard Windows environment. For example, if there is a Computer Telephony Integration (CTI) application that allows users to retrieve their voice mail through a PC Windows interface utilizing individual IP addresses, it will probably not

work on a MetaFrame XP server without modification since a MetaFrame XP server will use the same IP address for all users. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3Systems : Th e O ff icial Guid e Nonstandard by Steve Kaplan et al.

ISBN:0072195665

McGr aw -Hill © 2003 (724 pages) systems, or other automated systems with dependent Card readers, document scanners, time-card applications mustThis be taken into account a MetaFrame guide ex plains how when to buildbuilding a r obust, reliable, and server farm. Depending on the scalable thin- client com puting exact nature of these automated systems, oneenvir mayonment not be and abledeploy to incorporate them as part of the Windowsarchitecture. 2000/ Windows 2003 v er and MetaFr am Also sure these systems will server-based computing Here areSer some guidelines fore.making learn t o centr alize application managem ent, r educe soft w ar e work in a new environment: on the desktop, and mor e.

If the system associated that runs in DOS, see whether there is a Windows 32-bit < ?xm l version= " 1.0" has encoding= " I SO-software 8859- 1" ?> Ta ble o f Con t en t s better, look for a version that has been tested and certified with Terminal Services. version. Even andSuite Windows 2003sno support DOS applications running on Terminal Citr ix Windows MetaFr am e2000 Access for Window Serlonger v er 2003—The Official Guide Services (although some DOS applications still work). For ewor d I ntr oduction

If the system has code that already runs on a server (such as NetWare or Windows 2000), see whether you can keep the server in place and run the client software on the MetaFrame server.

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

If the system runs at the user's desktop, make sure any services it needs, such as printing or use - Window s Ter minal Ser vices of serial ports, will work with Windows Server 2003 or MetaFrame XP's port redirection Chapter 3 - Citr ix MetaFr am e Access Suite capabilities. Chapter 2

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for later an OnEnterpr ise Test systems sooner rather than inDem the and deployment cycle so that there is time to Chapter 4 these ent ationor complete revision of the design is needed to find a new solution. respond Iifmplem an upgrade Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

Designing Your Netw or k for Ser ver- Based Com put ing Rogue --Servers and Applications The Client Envir onment

Chapter 7

Chapter 8 - Security An organization should ask itself if its group or project team is in control of all the servers in the Chapter 9 that - Netmay w or kbe Managemen t a project. Especially in a large enterprise, it is likely that some enterprise affected by Pa r t I I I - and I m ple m ent ing a nhave O n-D been e m a ndset Seup r veregionally r - Ba se d Com pu ti ngtheir Enviknowledge. r onm e nt servers applications without

Unless it actively

Chapter 10 - beforehand, Pr oj ect Managing andtime Deploying an Enter pr iseofSBC Envir onmentmay be when they disable a investigates the first a company hears such systems Chapter - Serorver Configur ation: Ter musers inal Serv ices network11circuit otherwise cut offWindows the regional from the rest of the network. It is wise to develop Chapter a plan to 12 have - Ser aver sunset Configur period ation: in which Citr ix MetaFr these locations am e Presentation are given Ser aver certain amount of time to phase out

these systems and begin to accessand theirConfigur applications Chapter 13 - Application I nstallation at ion from the new data center. Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Me t aFra m e Access Su it e fo r W in do w s Ser ver Chapter Cit 6:rixDesigning Your Network for Server2 00 3 : Th e O ff icial Guid e ISBN:0072195665 by Steve Kaplan et al. Based Computing McGr aw -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn considerations t o centr alize application managemcomputing ent, r educe share soft w ar e While network design for server-based many common design criteria on the desktop, and mor e.

Overview

with traditional distributed fat-client networks, the server-based computing paradigm adds several

< ?xm l version= " 1.0" encoding= I SO- 88591" ?> With minimal changes, the same networks that support unique considerations to the "design process. Taclassic ble o f Con t en t s Windows-based computing environments can be optimized to support a server-based Citr ix MetaFr am e Access Suite forofWindow s Ser v er 2003—The Official Guide computing scenario. The goal this chapter is to recap common design fundamentals, introduce

characteristics unique to server-based computing, and give insights on how to apply them to For ewor d networking I ntr oduction projects. A successful design project requires extensive knowledge of network services, technologies, media, protocols, concepts. Pa r t I - Ov er vi e w of Ente r pr ise Se rsecurity, ve r - Ba seand d Com put in g

These areas, in varying levels of detail, are addressed inI this chapter; however, experienced administrators should review Appendix A ntr oducing Ser ver -Basedless Com puting and thnetwork e On- Dem and Chapter 1 to brush up on Enterpr the ISO/OSI ise model and specific local area network (LAN) and wide area network (WAN)2hardware technologies. Designers are assumed to have a detailed knowledge of the software Chapter - Window s Ter minal Ser vices (applications) environment and the user community (types, numbers, locations, and applications Chapter 3 - Citr ix MetaFr am e Access Suite requirements) they support. Pa r t I I - De signi ng a nmust Ent e rpr i se SBC Solut ion Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 design Network is both a structured process in that it requires a logical (top-down) approach, and an I mplem ent ation

iterative5 process that requires decisions resolved at each stage to be reevaluated in subsequent stages Chapter - Ser ver - Based Computing Data Center Architect ure as a sanity -check. The top-down view starts with defining high-level goals and objectives that the target Designing Your Netw or k for Ser ver- Based Com put ing architecture must support. Once these goals are understood, proven design principles can be applied Chapter 7 - The Client Envir onment to define the problem as a set of smaller, segmented design efforts. These modular component Chapter 8 - Security design efforts produce functional baseline configurations for common sets of network needs, Chapter 9 - Net w or k Managemen t analogous to programmers creating "reusable code." Next, the process quantifies and defines the Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt services needed to interconnect these network building blocks into a cohesive infrastructure. Given Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment that these modular building blocks are primarily hardware based and have few recurring costs, Chapter 11 - Ser ver Configur ation: and Windows Ter recurring m inal Servcost, ices can be the most contentious element of interconnectivity in the enterprise, its high Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver the design. To counter the cost and impact of enterprise bandwidth requirements, bandwidth Chapter 13 Application I nstallation and Configur at ion management capabilities are discussed to allow inclusion where appropriate. Chapter 6

Chapter 14 - Client Configur ation and Deploym ent

The last of this chapter provides logical diagrams of typical modular building blocks Chapter 15section - Pr ofiles, Policies, and Pr ocedunotional res designers need, as wellAccess as a selection of composite network designs for common server-based Chapter 16 may - Securing Client computing Chapter 17 -architectures. Net wor k Configur at ion Chapter 18 - Pr int in g

How is a network that is designed for server-based computing different from one designed for

Chapter 19 distributed - Disaster Recovery andSun Business Continuitymarketing in the SBCslogan Envir onment traditional computing? Microsystems' sums it up: "The Network is the Chapter 20 Migr ation to Window s 2003 and Citr ix MetaFrame XP Computer." In a network composed of thin clients connected to a data center, every single user has Ongoing Administr ation of the the Ser vdesktop er - Baseddevice Com puting almost 21 constant communication between and the MetaFrame servers. Clients Chapter Envir onment

establish a connection that uses from 20 Kbps to 30 Kbps of bandwidth. This connection links the client to the server that does the application serving. In a traditional distributed computing network, the Appendix A -itsI nter or k ing Basics client does ownnetw processing for the most part and makes file requests over the network that are Appendix B Creating an OnEnterpr ise Financial Analysis Model highly variable with regard toDem theand bandwidth used. If a distributed application server is used, the Appendix C Creating an OnDem and Enterpr ise Subscr iption Billing Model application code resides on the server and is loaded over the network into the client's memory when I ndex the program is executed. This is in addition to the file I/O already mentioned. Figure 6-1 shows how List of Figur esscenarios compare. these three Pa r t I V - Appendi x es

List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e ISBN:0072195665

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I Figure I - De signi a n Ent e rpr vs. i se server-based SBC Solut ion 6-1:ngDistributed

network usage

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver High-Level Cit Design Goals 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 Steve Kaplan et al. In a perfect world,bynetwork administrators would be allowed the luxury of designing a server-based McGr aw -Hill 2003ground (724 pages) computing infrastructure from© the up. As this is seldom the case, some fundamental design goals are necessary. goals to successfully baseline This The guidedesign ex plains howused to build a r obust, reliable, and an infrastructure to support scalable are thin-speed, client com puting envir onment manageability, and deploy server-based computing scalability, resiliency, auditability, and costeffectiveness. Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Speed

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Initially, the concept of "speed" as a critical design criterion may seem contrary to one of the thin-client mantras: reduced bandwidth. Speed in this case refers to speed within the network core, not to clients For ewor d on the network edge. Server-to-server communications within the network core must be as fast (in I ntr oduction terms of raw speed) and as clean (in terms of controlling broadcast and superfluous traffic) as Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g economically possible. In a load-balanced multiserver environment, users must still log on to the I ntr oducing Ser ver -Based Com puting and th e On- Dem and network, Chapter 1 and - roaming profiles are essential in providing users with a consistent, seamless experience, Enterpr ise independent of which server actually services their application needs. These profiles must be retrieved Chapter 2 - Window s Ter minal Ser vices from a central location at logon, before the user's application is available. Any delay in the initial logon Chapter 3 Citr ix MetaFr am e Access Suite and profile -download process will be perceived as poor application performance. Application server to Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion backend server (database server, file server, mail server) calls need the same rapid response for file Pr epar ing Yourmail Or ganization forand an OnEnterpr opens, 4database queries, messages, the Dem like.and Again, anyise delay in moving data from server to Chapter I mplem ent ation server is perceived by the user as an application performance problem, when in reality it may be a Chapter 5 - Ser ver - Based Computing Data Center Architect ure network core bandwidth bottleneck. Finally, insulating the servers from superfluous network traffic Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing (broadcasts, routing protocols, and so on) improves server performance by eliminating network-driven Chapter 7 - TheEvery Client Layer Envir onment CPU interrupts. 2 broadcast frame (ff-ff-ff-ff-ff-ff) forces a network-driven interrupt for Chapter 8 - Security every server that "hears" the frame. Common sources of this event are older AppleTalk protocols, Chapter 9 networking - Net w or k with Managemen t NetBIOS name resolution, and Novell Server Advertisement Microsoft improper Pa r t I I I - I (SAP) m ple m broadcasts. ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Protocol Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Scalability

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ionrequirements. Capacity planning of network It is important not to underestimate network growth Chapter 14 Client Configur ation and Deploym ent infrastructure is often overlooked or sacrificed to budgetary constraints. Adding an additional server to Chapter 15 -server Pr ofiles, Policies, Pr ocedusimple res an existing farm can beand relatively (from a technical standpoint) and easy to justify (in

terms of andClient software budgets). Adding additional servers clearly ties to increases in Chapter 16hardware - Securing Access company or users' Chapter 17 requirements - Net wor k Configur at iondemands (new applications, more offices, and more users). Justifying infrastructure (LAN switches, routers, and so on) upgrades or purchases often proves more Chapter 18 - Prhardware int in g difficult.19From a budgetary view, infrastructure tends toinbethe less visible perceived as a "one-time" Chapter - Disaster Recovery and Business Continuity SBC Envir and onment cost. A20 decentralized migrating to ix a server-based Chapter - Migr ation environment to Window s 2003 and Citr MetaFrame XPenvironment will necessarily require

increased resources terms of servers, potentially WAN bandwidth. This chapter Ongoing in Administr ation of theLAN Ser vcapacity, er - Based and Com puting Chapter 21guidelines provides for estimating the various parts of the network, but every organization must gauge Envir onment for how much Pa r t itself I V - Appendi x es

its IT requirements will increase, and how much corresponding capacity should be

designedA into the netw network. There are two financially equivalent methods for incorporating expandability Appendix - I nter or k ing Basics into the network. A company either purchase components are scalable, or it can choose Appendix B - Creating an On- Dem andcan Enterpr ise Financial Analysisthat Model vendors Cthat provide generous policies on oldiption equipment. Appendix - Creating an On- Demtrade-in and Enterpr ise Subscr Billing Model I ndex

Resiliency

List of Figur es List of Tables

Resiliency is the ability to easily recover from and adjust to misfortune or change. This is certainly a List of Case Studies

desirable end state for an enterprise network. Each component should have its own ability to recover from failure or should be part of a larger system of failure recovery. Network resiliency incorporates concepts of both outage mitigation and disaster recovery. Determining just what level of resiliency must be incorporated into the network design requires a careful process of balancing three factors: level of cost (how much will it cost to build in resiliency versus how much could be lost without it?); level of effort (how much effort is required to implement and manage the resilient network versus how much effort to recover from a failure in a non-resilient network?); and level of risk (what is the probability that a specific type of failure will occur versus level of cost and level of effort to include

List of Sidebars

failure mitigation in the network design?). As a general rule, unacceptably high risks are usually mollified by outage mitigation (designed-in redundancy, survivability, or fault tolerance). When risk does not warrant Cit building redundancy (that a hardware rix Mein t aFra m e Access Suis, it eplanning fo r W in do w s Ser versolution to mitigate damage from a 500-year flood), disaster recovery 2 00 3 : Th e O ff icial Guid eplanning is usually required. Chapter 19 discusses disaster recovery and business continuity planning in detail. ISBN:0072195665 by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

Outage Mitigation This guide ex plains how

to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Outage mitigationWindows is really 2000/ just aWindows fancy term forSer fault When looking at server hardware, 2003 v ertolerance. and MetaFr am e. Also learn tusually o centr alize application managem ent, r to educe soft w ar e fault tolerant. Similar system administrators assume RAID for hard drives make them on the desktop, and mor e. features can be designed into network hardware, connectivity, and services. The end goal is to

eliminate the"potential for failures that impact < ?xm l version= 1.0" encoding= " I SO- 88591" ?> the production environment. For hardware, consider redundant power sources and supplies, redundant Layer 2 connectivity (dual network cards and switch Ta ble o f Con t en t s ports), and am redundant (Layer 2 and Layer 3 processors). In terms of connectivity, Citr ix MetaFr e Access network Suite for hardware Window s Ser v er 2003—The Official Guide

consider For ewor d redundant or self-healing WAN connectivity as well as redundant Layer 2 paths. For services, critical services such as directory services, name resolution, and authentication must be fault tolerant so that a single server failure does not cripple the production environment. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g I ntr oduction

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 - Recovery Disaster Enterpr ise Chapter 2

- Window s Ter minal Ser vices

A catastrophe or even a serious mishap that could include losing access to the data center calls for - Citr ix MetaFr am e Access Suite disaster recovery. In such cases, data moved offsite is prepared and put into production at another site. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion Engineering this capability into the network design at an early stage can save time and prevent you Pr epar ing Your Or ganization for an On- Dem and Enterpr ise from having Chapter 4 - to ask for a budget increase later. An example of this type of technology is offsite data I mplem ent ation replication. If the storage system is replicating some or all of your corporate data to a recovery facility, Chapter 5 - Ser ver - Based Computing Data Center Architect ure the loss of your main data center is not likely to be catastrophic for the company. You can use this data Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing along with spare hardware and software to get users back online in a timely manner. Chapter 3

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Manageability - Net w or k Managemen t

Chapter 9

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

The extensive work that network equipment vendors have done during the last few years to simplify their equipment's administration requirements makes this design goal almost a given, but it still bears Chapter 11 - Can Ser ver Ter component's m inal Serv icessettings? How does this work—through a mentioning. theConfigur IT staffation: easilyWindows access the Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Web-enabled GUI or perhaps as a Microsoft Management Console plug-in? Is management of the Chapter 13 Application I nstallation and Configur at ion component self-contained or does it fit into an overall management architecture, such as HP Chapter 14 -orClient Configur ation and Deploym ent OpenView CA UniCenter? The component should make it easy to do the following tasks: Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Check back up the Access current settings or configurations to disk. Chapter 16 -and Securing Client Chapter 17 - Net wor k Configur at ion

Copy and make changes to the current settings without altering them, then later activate the changes either manually or on a schedule.

Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter Provide 20 - real-time Migr ation reporting to Windowon s 2003 important and Citr system ix MetaFrame metrics—for XP example, bandwidth utilization and

port statistics such as erroration rates, Ongoing Administr of retransmissions, the Ser v er - Based and Com packet puting loss. Ideally, this information is onment providedEnvir through SNMP, RMON, or some other well-known management protocol.

Chapter 21 -

Pa r t I V - Appendi x es

If using units of the same type, provide a method to create a standard configuration for Appendix A - multiple I nter netw or k ing Basics eachB and a method to address manage all of them centrally. Appendix - Creating an OnDem andand Enterpr ise Financial Analysis Model For example, if using Windows terminals, they should the Enterpr downloading of firmware images and settings from a central Appendix C - Creating an On-allow Dem and ise Subscr iption Billing Model I ndex

location.

List of Figur es

Auditability

List of Tables

List of Case Studies

Even components that are well designed for both resiliency and manageability are not impervious to occasional unexpected crashes. The components should provide enough detailed system and transaction information to make troubleshooting relatively simple. On many systems, such as routers and switches, troubleshooting is facilitated by detailed logging information. The log should include

List of Sidebars

Security validations and violations (access denials) Detailed error information

Detailed transaction information Crash dump of the operating system kernel (or the equivalent) to aid in troubleshooting Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Cost-Effectiveness by Steve Kaplan et al.

ISBN:0072195665

McGr aw -Hill © 2003 (724 pages)

An organization may needshow the to latest, network This decide guide exitplains build cutting-edge a r obust, reliable, and technology to make its system "really fly." However, unless have or very business-specific needs for this technology, scalable thin-they client comunusual puting envir onment and deploy 2000/ Windows 2003 Ser viterisand am Just e. Also they may find thatWindows the added expense of acquiring notMetaFr justified. a short while ago, Gigabit centr alize application managem ent, r educe soft w arbenefit e Ethernet switcheslearn weret oprohibitively expensive. Could every organization from the extra speed? on the desktop, and mor e. Possibly, but is the benefit worth the price? The average company that runs word processors and spreadsheets, andencoding= accesses" Idata from 1" legacy databases would not realize the same benefit as a < ?xm l version= " 1.0" SO- 8859?> Taspecial-effects ble o f Con t en tcompany s that needs to move digital film files through the network. When comparing components are similar in nearly every it may come down to answering the question, "Which Citr ix MetaFr amthat e Access Suite for Window s Ser way, v er 2003—The Official Guide gives For eworthe d most bang for the buck?" I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Design Principles 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve Kaplan al. Translating high-level goals into aetspecific design can be a daunting task. Even if design services are McGr aw -Hillthe © 2003 (724 pages) outsourced to a consultant, network administrator must have a clear understanding of the process to ensure any proposed design will meet design process must meet goals in four This guide ex plains how torequirements. build a r obust,The reliable, and scalable thin- client com puting envir onment and deploy major areas:

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on The the desktop, andconnectivity. mor e. Infrastructure LAN/WAN < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en Both ts Services network services (directory services, DNS, and so on) and applications services Citr ix provided MetaFr amby e Access Suite for Window s Ser v er 2003—The Official Guide the server-based computing paradigm. For ewor d I ntr oduction

Access The ways and means employed to actually connect users to applications consistently, reliably, and securely.

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 2 - Window s Ter minal Ser vices Security Designs must protect servers and resources from attack and exploitation, enforce Chapter 3 - Citr MetaFr am e Access Suite methods to ix positively identify authorized users and restrict access to only appropriate services and Pa r t I applications, I - De signi ng and a n Ent e rpr i se SBCfrom Solutdisclosure ion protect data

Chapter 4

-

or tampering during transport.

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Infrastructure Design - Ser ver - Based Computing Data Center Architect ure

Chapter 5 Chapter 6

Designing Your Netw or k for Ser ver- Based Com put ing Numerous -models exist to aide in planning a network infrastructure, but Cisco Systems' hierarchical

Chapter 7 design - The Client Envir onment enterprise methodology is the most logical and produces the most consistent results. This Chapter 8 breaks - Security approach the design process into manageable blocks so that networks are designed to Chapter - Netthe w orperformance k Managemenand t function9 within scale limits of applications, protocols, and network services. The Pa r t I I Ikey - I melements ple m ent ing O n-D e m a(designing nd Se r ve r -to Ba control se d Comfailure pu ti ngdomains); Envi r onm eHierarchy nt three area nStructure

(designing based on

Chapter 10 - approach); Pr oj ect Managing and Deploying an Enter ise SBC Envirexpansion onment a functional and Modularity (designing forprincremental and growth). Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Hierarchy Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Designing around Cisco's three-tier hierarchical structure defines three "layers" of the hierarchy: the core layer, the distribution layer, and the access layer. Access layers typically provide the OSI Layer 2 Chapter 15 - Pr ofiles, Policies, and Pr ocedu res and Layer 3 connectivity for local LAN segment (clients), remote LAN/WAN segments, and the data Chapter 16 - Securing Client Access center server farm. The access layer enforces locally significant policies such as security, Quality of Chapter 17 - Net wor k Configur at ion Service (QoS), and addressing. Access layer "modules" usually share common addressing (subnets Chapter 18 - Pr int in g and gateways) and local LAN segments, common local architectures (all Ethernet or all Token Ring), Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment and common communities of interest (site based or business-unit based). The distribution layer Chapter 20 Migr ation to Window s 2003 and Citr ix MetaFrame XP provides concentration points for multiple access layer connections either as routed connections or Ongoing Administr ation of the Ser v er - Based Com puting Layer 321switched connections. The distribution layer enforces security boundaries (firewalls, access Chapter Envir onment lists) and network policies (rate control, QoS, and so on). In a typical enterprise network, the Pa r t I V - Appendi x es distribution layer insulates access layer blocks and the core from the overall complexity of the network. Appendix A - I nter netw or k ing Basics In the server-based computing world, the distribution layer aggregates multiple access modes and Appendix B Creating an On- Dem andtoEnterpr ise Financial Analysis Modelperformance. For WAN methods and delivers connections the network core for consistent Appendix C Creating an OnDem and Enterpr ise Subscr iption Billing connectivity, the distribution layer is the key to resiliency. AlthoughModel the core layer can be a WAN or I ndex MAN (metropolitan area network) core, this text is primarily concerned with the campus or corporate List of that Figurprovides es core connectivity to the server farm. In theory, the server farm would connect to the core List viaofitsTables own access layer and the common distribution layer. In practice for a data center-centric approach, the access and distribution layers are often collapsed directly onto an OSI Layer 3 core List of Case Studies switch. The sample network design topologies later in this chapter assign network components to one List of Sidebars of these three layers. Chapter 14 - Client Configur ation and Deploym ent

Modularity Modularity in design depends on a functional building block approach. Modular network designs provide several key benefits throughout their life cycle: scalability to ease growth, cost effectiveness by buying blocks of capability as demand grows, streamlined training, simplified troubleshooting, and the

capability to distribute network management if required. Treating components as functional building blocks helps define interconnection and interoperability standards. For example, at the top level, a modular design defines a "standard" medium-sized asver an access router running OSPF Cit rix Me t aFra m e Access Su it e fo rremote W in dooffice w s Ser and a 10/100/1000 Ethernet switch. requirements may be specified, but avoid defining end 2 00 3 : Th e O ff icial Additional Guid e equipment or specific vendors. ISBN:0072195665 by Steve Kaplan et al.

Structure

McGr aw -Hill © 2003 (724 pages)

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Factoring structure into your network design involves dividing the network to control failure Windows 2000/ Windows 2003 Ser v er logically and MetaFr am e. Also to 2 centr application managem failureent, domain r educemeans soft w ar engineering e the network domains and bothlearn Layer andalize Layer 3. The term the desktop, and conditions mor e. design such that on failures or adverse in a network segment are not propagated to other

segments. For example, uncontrolled broadcast storms from a single node in a Layer 2 Ethernet LAN < ?xm l version= " 1.0" encoding= " I SO- 88591" ?> can bring the entire LAN to its knees. Structurally, Virtual LANs bounded by Layer 3 switches or routers Ta ble o f Con t en t s can employed to control size of the domain. Similarly, Citr ix be MetaFr am e Access Suite the for Window s Serbroadcast v er 2003—The Official Guide Spanning Tree Protocol (STP) convergence in a large Layer 2 segment can disrupt traffic flow for an unacceptable duration. Since For ewor d STP is essential in a loop-free redundant Layer 2 design, the size (and hence convergence time) of the STP domain needs to be controlled, and Virtual LANs (VLANs) control this behavior. Other Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g structural elements include multicast domains, the distribution of redundant connections among I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 platforms, separate and IP subnet size. IP subnetting can be critical when trying to control Layer 3 Enterpr ise convergence: efficient designs usevices a hierarchical IP addressing scheme that supports route Chapter 2 - Window s Ter minal Ser summarization, reducing individual routing updates and even eliminating the need to update some Chapter 3 - Citr ix MetaFr am e Access Suite routes when a failure occurs. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion I ntr oduction

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

ent ation ServicesI mplem Design

Chapter 5

- Ser ver - Based Computing Data Center Architect ure From the an application a server Chapter 6 perspective - Designingof Your Netw or k for server Ser ver-inBased Comfarm, put ingcritical services provided by the network

must be to "serve" applications to users. These include Directory Services (in a directoryChapter 7 available - The Client Envir onment service-enabled environment), name resolution to include Domain Name System (DNS) and Windows Chapter 8 - Security Internet9 Name (WINS), and authentication services (logon services, certificate validation, Chapter - NetService w or k Managemen t RADIUS, and token or asmart cards). Pa rt I I I - I m ple m ent ing n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Directory Services

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 Services - Ser verare Configur ation: into Citr ix MetaFr am e Presentation Ser ver systems. The two major Directory integrated most modern network operating Chapter 13 Application I nstallation and Configur at ion offerings relevant to server-based computing are Novell's eDirectory (an updated, portable version of Chapter 14 - Client Configur ation and ent Active Directory (also updated in Windows Server Novell Directory Services (NDS)) andDeploym Microsoft's Chapter Pr ofiles, Policies, and based Pr oceduon resthe original x.500 directory services standard, both offer 2003). 15 Both- offerings are loosely Chapter 16 - Directory Securing Access Client Access Lightweight Protocol (LDAP) support at varying levels, and both are capable of some

"directory Chapter 17 integrated - Net wor k application" Configur at ionsupport. All directory services implementations organize data based on a hierarchical data Chapter 18 - Pr int in g structure to define types of network resources (users, services, applications, and computers) their Recovery respectiveand properties attributes. directory contains both the structure and Chapter 19 - and Disaster Businessor Continuity in The the SBC Envir onment the unique assigned to each entity. management Chapter 20 -values Migr ation to Window s 2003 andFrom Citr ix aMetaFrame XP stand-point, directory services allow

data about network to be stored asSer a single instance that is globally accessible. In a directoryOngoingentities Administr ation of the v er - Based Com puting Chapter 21network, enabled the directory services must be constantly available to allow normal network activities Envir onment (file logon, Pa r t I access, V - Appendi x es

application use, and so forth). They must also be extensible, robust, and

redundant. Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Active Directory is Microsoft's directory services component rolled out in conjunction with Windows 2000. The original implementation was traceable to the directory services functions in Microsoft I ndex Exchange. The Windows Server 2003 iteration includes improved LDAP compliance, additional List of Figur es security functionality (cross-Forest authentication and authorization through Forest-level trust List of Tables relationships), administrative capabilities (most notably, new Group Policy management specific to List of CaseServers Studies and Group Policy modeling), as well as the ability to edit multiple directory objects at Terminal List of Sidebars once. Active Directory provides very limited integration with other directory services and can only manage Windows 2000 and later platforms. Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

eDirectory is Novell's directory services module. Built on the basic functions of NDS, eDirectory is more standards compliant than Active Directory, is ported to other operating systems, and allows management of data in other directories from a common interface. eDirectory authentication uses Public Key Infrastructure (PKI) standards while Microsoft employs a modified version of Kerberos.

Metadirectory Services, a "directory of directories," are partially built into eDirectory. Active Directory has no built-in equivalent, so Microsoft offers Microsoft Metadirectory Services (MMS) as an add-on. MMS provides multidirectory integration via "agents" connectivity to network operating Cit rix Me t aFra m e Access Su it e fo rthat W inprovide do w s Ser ver systems and directory 2 00 3 :systems Th e O ff(Microsoft icial Guid eWindows NT, Active Directory, Novell NDS and Bindery, iPlanet Directory,by X.500 (Novell GroupWise, Lotus ISBN:0072195665 Stevesystems, Kaplan etand al. Banyan VINES), e-mail systems Notes, Domino, cc:Mail, and Microsoft Exchange), applications (PeopleSoft, SAP, ERP, and McGr aw -Hill © 2003 (724 pages) XML/DSML-based systems), and common database and file-based systems (Microsoft SQL Server, This guide ex plains how to build a r obust, reliable, and Oracle, LDIF, andscalable so forth). thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

In a pure Windows environment (Windows 2000/XP/2003), learn t o centr alize application managem ent, rActive educe Directory soft w ar e meets the needs of servertheat desktop, and mor e. If a true "enterprise" directory service is required, consider based computing,onand no additional cost. eDirectory or"Microsoft's add-on products. < ?xm l version= 1.0" encoding= " I SO8859- 1" ?> Ta ble o f Con t en t s

Name Resolution Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

Both Domain DNS and WINS are essential in most SBC networks. Microsoft's Active Directory relies on viable DNS to locate directory servers and other network service providers (Domain Controllers, Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g LDAP servers, and Global Catalog servers). In a Terminal Services server farm, inability to locate and I ntr oducing Ser ver -Based Com puting and th e On- Dem and access1DNS Chapter - results in logon failures and inability to access resources (such as resolving ODBC Enterpr ise connections by Fully Qualified Domain Name (FQDN)), and forces administrators to manipulate IP Chapter 2 - Window s Ter minal Ser vices address registrations on multiple machines rather than changing DNS pointers. WINS also remains Chapter 3 - Citr ix MetaFr am e Access Suite critical. Even in a "native mode," a Windows network as NetBIOS is still used for down-level clients, Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion and many legacy applications require NT-type NetBIOS-based syntax Pr epar ing Your Or ganization for and an OnDem and ise Improperly configured or (\\SERVERNAME\SHARENAME) to locate connect to Enterpr resources. Chapter 4 I mplem ent ation unavailable WINS can lead to inaccessible resources and excessive broadcast traffic from broadcast Chapter 5 - Ser ver - Based Computing Data Center Architect ure name resolution. I ntr oduction

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7 - The Client Envir onment Authentication Services Chapter 8

- Security Secondary even authentication (above and beyond basic Windows authentication) has Chapter 9 -orNet w or tertiary k Managemen t

become designers still to doverlook need for eredundancy Pa r t I I I - Icommonplace, m ple m ent ing a nbut O n-D e m a nd Se r vetend r - Ba se Com pu tithe ng Envi r onm nt

in authentication

services. environments (the Department of SBC Defense, health care providers, and R&D Chapter 10 Many - Pr ojnetwork ect Managing and Deploying an Enter pr ise Envir onment activities) multilevel authentication). This may involve SSL Chapter 11 require - Ser ver Configur authentication ation: Windows(twoTer m or inalthree-factor Serv ices certificates, smart cards, scanners, and RADIUS or other extensible authentication Chapter 12 - biometrics, Ser ver Configur ation: Citrretina ix MetaFr am e Presentation Ser ver

methods. cases, the Terminal Chapter 13 In- these Application I nstallation and Server Configuroften at ion provides the supplicant, but a valid authentication server must be available to authorize access to the network or application. For example, failure of a single RADIUS server should not deny all users access to production services.

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access

Access Design

Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

The need for users to access the SBC resources from a variety of locations using different access methods, media, and possibly protocols, must be factored in to any design. Logically, designing to Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP meet access requirements consists of two processes: Protocol Selection and Access Method Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 Subsequent definition. sections of this chapter map specific Access Methods to modular, hierarchical Envir onment Access Layer building blocks. Pa r t I V - Appendi x es Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Appendix A - I nter netw or k ing Basics

Protocol Selection

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C -aCreating anofOnDemtechnical and Enterpr ise Subscr iption BillinginModel Aside from multitude other advantages discussed Chapter 2, the ICA client supports I ndex NetBEUI, IPX/SPX, and TCP/IP for MetaFrame, while the RDP client still only supports TCP/IP for List of FigurServices. es Terminal Appendix A contains a more detailed discussion of each protocol, along with List of Tables and limitations. advantages List of Case Studies

From an architectural standpoint, TCP/IP is the preferred protocol. Aside from its technical advantage (the entire Internet is based on TCP/IP), IPX/SPX and NetBEUI should only be considered as integrating technologies to bring legacy systems into your new network, and then only until they can be migrated to TCP/IP. As a general rule, multiprotocol bindings to support a legacy LAN (IPX/SP and NetBEUI) should be eliminated as rapidly as possible.

List of Sidebars

Access Method Defining required access methods is really an exercise in identifying the user community and the

locations or environments from which they need to connect. In all cases, bandwidth requirements per method must be evaluated to "close the loop" and ensure that every required means of access (local, remote, dedicated private andver so on) is afforded adequate Citmedia, rix Me dial-up, t aFra m evirtual Access Su it enetwork fo r W in(VPN), do w s Ser bandwidth to support of concurrent connections expected. In most cases, enumerating the 2 00 3the : Thnumber e O ff icial Guid e applications available to a Kaplan user may be via direct client connection (Program Neighborhood) or WebISBN:0072195665 by Steve et al. based front end (Citrix NFuse Classic). The following are common access methods based on user McGr aw -Hill © 2003 (724 pages) environments andThis locations: guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also Traditional LAN Localapplication user community with high-speed learn access t o centr alize managem ent,direct r educe soft w ar e deterministic bandwidth and little need onfor theencryption. desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t enLAN ts Wireless (WLAN) access Similar to a traditional LAN, but with a greater need for security to am thee lack of defined UsuallyOfficial requires secondary authentication (like a Citr ix due MetaFr Access Suite forphysical Window sboundaries. Ser v er 2003—The Guide

dial-up user) as well as some level of encryption. For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Branch office, dedicated media The classic distributed branch office environment. Connection to

I ntr oducing Ser ver -Based Com puting and th e On- Dem and the1 SBC Chapter - core is via dedicated, deterministic WAN media (T1, Frame Relay, ATM, and so on) and Enterpr ise

supports both SBC connectivity and other network services. Dedicated access for remote branch - Window s Ter minal Ser vices offices is essential when Quality of Service (QoS) for packetized voice or video is required.

Chapter 2 Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Branch office, VPN access Similarfor to an theOndedicated but site-to-site bandwidth is Pr epar ing Your Or ganization Dem and media Enterprparadigm, ise non-deterministic. I mplem entThe ationbranch office is connected to the SBC core network via a branch-to-branch VPN allver site-to-site traffic traverses the VPN. Typically Chapter 5 and - Ser - Based Computing Data Center Architect ure used for smaller branch offices or to international sites or offices where dedicated access is Chapter 6 - Designing Your Netw or k for Ser ver- Based Com putcost ing prohibitive. Traffic inside the VPN tunnel can be controlled and managed, but the tunnel itself traverses the Internet and no QoS Chapter 7 - The Client Envir onment guarantees are possible. Chapter 8 - Security Chapter 4

Chapter 9

- Net w or k Managemen t

Pa r t I Remote I I - I m pleuser m entInternet ing a n O n-D e m a nd Se r ve r - Ba se donly) Com pu ti ng Envi r onm e ntnon-deterministic access (applications Connection is via

bandwidth

Chapter 10 the - Pr oj ect Internet. ManagingUsually and Deploying Enterlevel pr ise of SBC Envir onment over public requiresansome encryption and may require multifactor Chapter 11 - Ser ver Users Configur ation: only Windows m inal Serv ices authentication. access SBCTer resources, no direct LAN access. This method may Chapter 12 - wireless Ser ver Configur ation: Citr ixphones MetaFr am e Presentation Ser ver include data over mobile (second (2G) or third (3G)) technologies. Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Remote user Internet access (applications and LAN) Connection uses a VPN over non-

Chapter 15 - Pr ofiles, Policies,via andthe Pr ocedu deterministic bandwidth publicres Internet. Usually requires increased levels of encryption and Chapter 16 Securing Client Access multifactor authentication to protect the LAN environment. Users access SBC resources and Chapter 17 - access Net wor kthe Configur at ion for drive mapping, printing, or "fat client" applications. The most directly local LAN Chapter 18 Pr int in g common example is roaming executives or sales staff that need SBC applications and the ability to Chapter 19 - Disaster Recovery and Business Continuity the SBC Envir onment Palm Pilot users). This synchronize handheld devices with corporate mailinservers (for example, Chapter may 20also - Migr include ation IT to Staff Window that s 2003 need and to access Citr ix MetaFrame and manage XP LAN resources and servers. Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Direct dial access Used for direct connection to the SBC core via any of several remote access methods. May be either via direct dial to an SBC member server as an asynchronous serial Appendix A - I nter netw or k ing Basics connection or through a remote access concentrator (RAS services on a server or hardware Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model concentrator). Dial-up media may be either analog (typical modem) or digital (ISDN, BRI, or PRI). Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model Analog access is limited to 33.6 Kbps while digital access can provide up to 56 Kbps for analog I ndex modem users and multiples of 64 Kbps (64, 128, 192, 256, and so on) for ISDN users. Direct dial List ofaccess Figur esusually does not require strong encryption but does require multilevel or multifactor List ofauthentication. Tables Pa r t I V - Appendi x es

List of Case Studies List of Sidebars

Security Design

An SBC network differs little from a traditional network when it comes to security considerations; basic network security mechanisms must be in place. Network security Designs should include firewalls, access lists on routers and Layer 3 switches, and intrusion detection systems (IDSs).

User security Authentication, authorization, and access (AAA) mechanisms must be tailored to the environment and "wired" users arever generally considered trusted and Cit rix Meaccess t aFra mmethod. e AccessInternal Su it e fo r W in do w s Ser are subject to2 00 normal policies 3 : Th security e O ff icial Guid e and principles. Remote or non-wired users must be positively identified before being other network resources. Beyond by Steve Kaplan et al.granted access to SBC orISBN:0072195665 normal logonMcGr (username and password) authentication, common methods include Remote aw -Hill © 2003 (724 pages) Access Dial-in User Service (RADIUS), tokens or smart cards (RSA's SecurID, Secure This guide ex plains how to build a r obust, reliable, and Computing'sscalable Safeword), authenticators thin-and clientbiometric com puting envir onment (fingerprint and deploy or retina scanners). Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e Data security the and actual on Although the desktop, mordata e. for a thin-client connection is a stream of video data and

input device data (pointing device and keyboard), the data must still be protected from intercept

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> and exploitation. This is particularly true of credentials used to access the session. There are two Ta ble o f Con t en t s

common methods of protecting this data. The first method is Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption based on certificates and Public Key Infrastructure For ewor d (PKI). The second method is IP Security (IPSec) using the Digital Encryption Standard (DES) or I ntr oduction Advanced Encryption Standard (AES). Other mechanisms may be used in specialized cases, for Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g example, NSA's FORTEZZA (SKIPJACK) encryption cards or Wireless Equivalent Privacy (WEP) I ntr oducing Ser ver -Based Com puting and th e On- Dem and for1WLANs. Chapter Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Enterpr ise

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rixDesign—Modular Me t aFra m e Access Su it e fo r W in do w s Ser ver Infrastructure Building Blocks 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve Kaplan et al.for server-based computing Designing the network infrastructure involves selecting the right modular McGrrequirements aw -Hill © 2003 (724 components to meet andpages) then connecting them together in a cost-effective and efficient manner. This three-tiered and access) This guideinfrastructure ex plains how (core, to builddistribution, a r obust, reliable, and can be developed one layer at thin- client com puting envir onment and deploy a time, as long asscalable standards-based components are used and the access methods are known. Figure Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also 6-2 shows common symbols used for network design diagrams.

learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Figure Network design logical symbols Chapter 16 - 6-2: Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Core Layer

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

The network core for an SBC network is typically a collapsed backbone that aggregates true "core"

Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 - (high-speed switching) and the access and distribution layer elements supporting the components Envir onment

SBC into axsingle Pa r t I Vfarm - Appendi es

platform or several similar platforms. The core should be a Layer 3-switched

backbone toorbe redundant, expandable, and fast. The core can be either Layer 2 or Layer 3, Appendix A designed - I nter netw k ing Basics with Layer 3 preferred due to faster convergence in response to failures (Layer 3 cores rely on routing table convergence, which takes only seconds, while Layer 2 cores rely on STP, which can take 30–40 Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model seconds or longer). Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model I ndex

List of FigurLayer es High-end 3 core devices are chassis-based Layer 3 switches with redundant Layer 2 (switching) List Tables3 (routing) components. For smaller networks, similar non-redundant fixed-configuration andof Layer List of Case devices areStudies widely available. Specifically, the network core should provide List of Sidebars

Layer 3 TCP/IP switching. The ability to transport IP packets across the core at "wire" (gigabit) speeds by rewriting packet headers, as opposed to routing packets individually. Some switches support a limited (slower) ability to handle IPX/SPX packets at Layer 3. NetBEUI is not supported at Layer 3 and must be bridged at Layer 2.

Layer 2 "cut-through" switching. The ability to transport Layer 2 frames across the core without excessive buffering or processing. Low-end and older switches use slower switching methods

such as store-and-forward and are unsuitable as core devices. Support for virtual LANs (VLANs) to segment traffic and separate groups of servers, Layer 2 Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver server and user segments, and connections to other access or distribution layer devices. 2 00 3 : Th e O ff icial Guid e ISBN:0072195665

by Steve Kaplan et Gigabit al. Support for Fast Ethernet and Ethernet. McGr aw -Hill © 2003 (724 pages)

Built-in support network performance monitoring management. Thisfor guide ex plains how to build a r obust, and reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Serchannel v er and (FEC) MetaFr am e. Also ether channel (GEC) Support for link aggregation using fast ether or gigabit learn centr alize application r educeLink soft w ar e technology via Portt oAggregation Protocol managem (PAgP) orent, 802.3ad Aggregation Control Protocol on the desktop, and mor e. (LACP). < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Support fort sadvanced routing protocols (EIGRP, OSPF, IS-IS, BGP). Ta ble o f Con t en Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Support for router redundancy protocols (HSRP, VRRP) at Layer 3 and path redundancy at Layer 2 paths (Spanning Tree Protocol (STP)) with fast convergence.

For ewor d

I ntr oduction

Pa r t I Incremental - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com modules put in g growth capacity via additional

or additional devices.

I ntr oducing Ser ver -Based Com puting and th e On- Dem and High-capacity Enterpr non-blocking ise backplane. Typical high-end chassis-based solutions offer 64-Gbps or

Chapter 1

-

higher fixedSer configuration low-end solutions provide 10–20 Gbps. Chapter 2 -capacity, Window swhile Ter minal vices Chapter 3

- Citr ix MetaFr am e Access Suite

Because of the complexity and variability, network diagrams of "core" layer topologies are included only in the complete network diagrams in the final section of this chapter.

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

- Ser ver -Layer Based Computing Data Center Architect ure Distribution

Chapter 5 Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing The distribution aggregation of connections to groups of users and is generally Chapter 7 - Thelayer Clientprovides Envir onment

categorized either a LAN distribution point (connected to client access layer switches or media) or a Chapter 8 - as Security WAN distribution (connecting Chapter 9 - Net wlayer or k Managemen t to remote sites and services, to include the Internet). Distribution

layer hardware is usually Layer 3 switches for large corporate or campus LANs and routers for WAN aggregation. In smaller networks, the core and distribution layers can be collapsed onto a single Layer Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment 3 device. Distribution layer topologies are included only in the complete network diagrams in the final Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices section of this chapter. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Chapter 13 - Application I nstallation and Configur at ionmanagement, and limited security enforcement The distribution layer may include QoS, bandwidth Chapter 14 Client Configur ation and Deploym ent (firewall, packet inspection, or access list filtering). Specific distribution layer hardware and media Chapter - Pr ofiles, Policies, and Pr ocedu res should 15 be determined by the type and number of access layer connections required. Chapter 16 - Securing Client Access

Connections between the distribution layer and the core should be Layer 3 to allow for policy and Chapter 17 - Net wor k Configur at ion

security enforcement and to isolate broadcast traffic. Connectivity between distribution aggregation points and the core typically employs multiple VLANs using Fast Ethernet or Gigabit Ethernet.

Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Access Layer Ongoing Administr ation of the Ser v er - Based Com puting

Chapter 21 -

Envir onment

Access layer building blocks Pa r t I V - Appendi x es

are the most variable modular building blocks. The typical campus or

corporate requires Appendix A network - I nter netw or k ingmultiple Basics types to meet specific media connectivity and access method needs. The of access modules will determine the size and nature of most Appendix B - complement Creating an OnDem andlayer Enterpr ise Financial Analysis Model

distribution devices. ForDem remote sites and Internet connectivity, the access layer also provides the Appendix C -layer Creating an Onand Enterpr ise Subscr iption Billing Model real security perimeter (firewall, proxy servers, and so on).

I ndex

List of Figur es

LAN Access Module

List of Tables

List of access Case Studies LAN components are usually Layer 2 Fast Ethernet switches in campus wiring closets. These List of Sidebars switches may have redundant Layer 2 uplinks to a Layer 3 distribution switch (large networks) or uplink

directly to the Layer 3 core (smaller networks). Modern designs use single or multigigabit aggregated uplinks configured as 802.1q VLAN trunks (see Figure 6-3). Each trunk consists of one or more Gigabit Ethernet connections, each carrying multiple virtual LANs (one for marketing, one for sales, one for engineering, and so on). Access layer switches share many of the common characteristics of distribution and core switches including management, cut-through switching, Layer 2 aggregation, 802.1p Class of Service (CoS) tagging, and so forth.

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Figure 6-3: Typical LAN access module

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

WLAN Access Module

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaDespite ble o f Con t en t s concerns, wireless local area networks (WLANs) have become ubiquitous throughout security Citr ix MetaFr am etoday, Access Suite for Window Ser v erpart 2003—The Guide organizations and as such are a scritical of mostOfficial networks. For ewor d

Note Adding to the wireless discussion, Sprint, Verizon, and other mobile wireless providers have I ntr oduction G3 rwireless (wWLAN) Pa r t I - Ov erreleased vi e w of Ente pr ise Se rInternet ve r - Ba seaccess d Com put in g

with up to 144K of bandwidth that is quickly gaining popularity as a server-based computing access choice. For the purposes of this I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 book, wireless Internet access options will be handled as simply another external Internet Enterpr ise connection option, not to be confused with WLAN. Chapter 2 - Window s Ter minal Ser vices Chapter 3

- Citr ix MetaFr am e Access Suite

We will explore WLAN security in detail in Chapter 8, but for the purposes of a network discussion, WLAN access components are Layer 2, even though they are shared rather than switched Ethernet. Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter This increases 4 the impact of broadcast traffic on each client and also means the aggregate bandwidth I mplem ent ation is shared by all users of a given WLAN segment. Current WLAN 802.11-series standards provide Chapter 5 - Ser ver - Based Computing Data Center Architect ure aggregate bandwidth ranging from 11 Mbps (802.11b) to 54 Mbps (802.11a). WLAN access modules Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing should include necessary AAA support (AAA is also discussed in depth in Chapter 8) in the network Chapter 7 The Client Envir onment core in the -form of RADIUS servers (see Figure 6-4). In smaller networks, low-end WLAN hardware Chapter 8 - basic Security can provide services with limited security (128-bit WEP, not secondary authentication), while Chapter - Net w or k Managemen large or9 more sensitive networks tneed high-end hardware that provides dynamic encryption keys, builtPa I I I - I m plefrom m ent"man-in-the-middle" ing a n O n-D e m a nd Seor r ve r - Ba se d Com pu ti ngand Envi r onm e nt inr tprotection bit-flipping attacks, support for secondary authentication Chapter 10 Pr oj ect Managing and Deploying an Enter pr ise SBC Envir as well as 802.1Q virtual LANs and QoS support. It is essential thatonment WLAN segments be isolated from Chapter 11by- Layer Ser ver3 Configur the core devices.ation: Windows Ter m inal Serv ices Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Figure 6-4: Typical WLAN access module

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es WAN Access

Module, Branch Office—Dedicated Media

List of Tables

A typical List of Caseremote Studiesbranch office WAN access module consists of standard Layer 2 Ethernet switches andof an access router (see Figure 6-5). These offices are usually connected to the data center by List Sidebars

dedicated media (frame relay, ISDN, ATM, T1, or similar media) and do not require extensive security such as firewalls. Security is usually in the form of access list filters to control either traffic flow or route distribution (or both). WAN access routers may support Layer 3 QoS if warranted by corporate applications. Where connecting bandwidth is limited, bandwidth managers such as Packeteer PacketShapers may also be included as an optional component.

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

Figure 6-5: Typical branch office WAN access module (dedicated media)

I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e Access On- Dem and WAN 1Access Module, Branch Office—VPN Chapter Enterpr ise Chapter - Window s Ter minal Ser vices Remote2 offices, which use an office-to-office VPN to tunnel from the branch network to the core Chapter 3 require - Citr ixcompatible MetaFr am eVPN Access Suite at the branch and at the data center. The branch office network, hardware Pa r t I I - De signiisng a n Entto e rpr SBC Solutmedia ion configuration similar thei se dedicated

branch office with a firewall/VPN device added between the LAN switch anding theYour WAN (seeforFigures 6-8).iseThis may be in the form of a Pr epar Ormedia ganization an On-6-6 Demthrough and Enterpr mplem ent ation VPN/firewall Ifeature incorporated into the WAN access router, or a separate device in line between the Chapter 5 -the Serrouter. ver - Based Computing Data Center Architect ure site to the data center is encrypted and switch and In either case, all traffic from the remote Chapter 6 - through Designing or k for Ser verBased Com may put ingbe via any media subject to bandwidth transported theYour VPNNetw tunnel. Internet connectivity requirements. One keyEnvir consideration Chapter 7 - The Client onment is the added overhead that VPN connectivity requires. IPSec encapsulation adds 10–25 percent additional overhead to the data stream, as well as an additional Chapter 8 - Security processing on the VPNt device. When designing VPN connectivity, ensure Internet bandwidth Chapter 9 -workload Net w or k Managemen allows sessions plus IPSec overhead. Pa r t I I I -for I mconcurrent ple m ent ingthin-client a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Chapter 4

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

WAN 11 Access Module, DataWindows Center Chapter - Ser ver Configur ation: TerVPN m inal Termination Serv ices

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

When either remote user VPN access or remote office VPN access is required, a VPN termination suite is required at the data center end. If only office-to-office connections and a limited number of Chapter 14 - Clientare Configur and Deploym ent firewalls or VPN routers can terminate all required user connections to be ation supported, corporate Chapter 15 Pr ofiles, Policies, and Pr ocedu res connections. If the capability to terminate connections from multiple branch offices with substantially Chapter 16VPN - Securing Client Access different needs and/or a large number of users with differing VPN access constraints is needed, Chapter 17 Net wor k Configur ion consider a purpose-built VPNatconcentrator. Depending on security requirements, the VPN connections Chapter - Pr int in g to the corporate LAN or they may be forced through the corporate firewall to may be18routed directly apply additional security restrictions. Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 13 - Application I nstallation and Configur at ion

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Figure 6-6: Typical branch office WAN access module (VPN router)

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

Figure 6-7: Typical branch office WAN access module (VPN hardware)

I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - 6-8: Ser ver Configur ation: Windows m inal module Serv ices(VPN firewall) Figure Typical branch office WANTer access Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Data center Internet bandwidth must meet the same capacity requirements as remote branches, and may require a separate Internet connection to support VPN terminations (and insulate the VPN Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Internet connection from the variable bandwidth demands of users surfing the Internet. Optionally, a Chapter 16 - Securing Client Access bandwidth manager (PacketShaper) at the data center access layer can give preferential treatment to Chapter 17 - Net wor k Configur at ion IPSec traffic. Chapter 14 - Client Configur ation and Deploym ent

Chapter 18 - Pr int in g Chapter Disaster Recovery and VPN Business Continuity SBC Envir onment Offices19 that- use an office-to-office to tunnel from in thethe branch network to the core network require

compatible at thesbranch and atixthe data center. Chapter 20 - VPN Migr hardware ation to Window 2003 and Citr MetaFrame XP The branch office configuration is similar to theOngoing dedicated media ation branch office firewall/VPN device added between the LAN switch Administr of the Serwith v er - a Based Com puting onment and the WANEnvir media (see Figure 6-9). This may be in the form of a VPN/firewall feature incorporated Pa r t I the V - Appendi x es into WAN access router, or a separate device in line between the switch and the router. In either Appendix case, allAtraffic - I nter from netw the or kremote ing Basics site to the data center is encrypted and transported through the VPN tunnel. Internet connectivity be via any media subject to bandwidth Appendix B - Creating an On- may Dem and Enterpr ise Financial Analysis Model requirements. Chapter 21 -

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e ISBN:0072195665

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction

Figure 6-9: Typical data center VPN termination module

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

WAN Access Module, Remote User Internet Access

Chapter 3 - Citr ix suite MetaFrneeded am e Access Suite individual remote users with thin-client applications over the The infrastructure to provide Pa r t I I - De signionly ng a natEnt i secenter SBC Solut ion Internet exists thee rpr data (see Figure

6-10). Actual components of this module are

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise dependent Chapter 4 -upon the criticality of the remote user access, data security requirements, and the number I mplem ent ationhigh-level requirements for all three elements, the module would consist of of remote users. Assuming Chapter 5 - Internet Ser ver - Based Computing Data Center ure a redundant upstream connection backedArchitect by a redundant firewall. Although Program Chapter 6 - Designing Netw or k for Ser verBased ComMetaFrame put ing Neighborhood could beYour used to enumerate applications, Web Interface is the preferred Chapter - would The Client Envirredundancy onment method7 and require in DNS servers and front-end web servers. If secure access is required, Chapter 8 redundant - SecurityMetaFrame Secure Gateway platforms would also be required. Finally, extremely

heavy Internet-based user loads,t typical of an application service provider, can be augmented with Chapter 9 - Net w or k Managemen specialized server asd Cisco's Director Pa r t I I I - I m ple m entaggregation ing a n O n-D eappliances m a nd Se r vesuch r - Ba se Com pu tiLocal ng Envi r onm e ntto

offload DNS and HTTP

load balancing. Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Figure 6-10: Typical data center Internet services access module

Direct Dial Remote Access Module Dial-up access to the SBC resources may be either direct asynchronous or PPP based. Direct access can be to either a specific server via multiport modems or modem sharing, but this approach severely

limits the ability to effectively balance the client load across the server farm and constrains bandwidth to the client to a maximum of 33.6 Kbps. The preferred solution requires a Remote Access Service (RAS) server or concentrator either through Su a server (Windows Cit rix Me t aFra m e Access it e fo r platform W in do w s Ser ver Routing and Remote Access) or a concentrator2such Universal 00 3 : as Th a e Cisco O ff icial Guid e Gateway or a Lucent Portmaster (see Figure 6-11). In either case, ISDNbyaccess, either BRI the RAS device to provide the digital ISBN:0072195665 Steve Kaplan et al.or PRI, is essential; it allows termination of analog or digital calls and achieve speeds greater than 33.6 Kbps. RAS devices require McGr aw -Hill © 2003 (724 pages) the same type of This coreguide services (AAA services) as WLAN modules. In general, a single suite of AAA ex plains how to build a r obust, reliable, and servers should bescalable able tothinsupport RAS, andonment VPN user As an added benefit, the clientWLAN, com puting envir and authentication. deploy 2000/ Windows 2003 Ser v er can and also MetaFr am e. Also same RAS deviceWindows that terminates client connections terminate routed ISDN branch-to-branch learn t osmall centr alize application ent, r educe w ar e Accessibility of the data connections to connect or home officesmanagem to the corporate datasoft center. on the desktop, and mor e. center network from the public switched telephone network (PSTN) mandates strong authentication. < ?xm l version= " 1.0" encoding= " I SO-dial-up 8859- 1"connections ?> Further, firewall filtering of these is highly recommended. Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter Figure 10 - 6-11: Pr oj ect Typical Managing data and center Deploying RAS module an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rixDesign—Connecting Me t aFra m e Access Su it e fo r Wthe in do wModules s Ser ver Infrastructure 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve Kaplan et al. Once the component module requirements are defined, specific connecting media can be specified and acc aw -Hill © 2003 (724 pages) managers can also be assessed. media. The needMcGr for specialized bandwidth

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Media Selection LAN Media

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> In the context of server-based computing, the LAN resides in two places—inside the data center and inside t Ta ble o f Con t en t s

while the remote office LAN will be relatively simple, containing little more than a workgroup media concentr (printers, storage devices, and so on).

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

I ntr oduction

Asoforiginally defined Pa r t I Ethernet - Ov er vi e w Ente r pr ise Se r ve r(10BaseT, - Ba se d Com10Base2), put in g

Ethernet was a shared media technology using Ca and bothI ntr Layer 2 repeaters and multiport repeaters oducing Ser ver -Based Com puting and th e (hubs). On- DemThese and residual shared Ethernet environmen Chapter 1 performance Enterpr limitations ise imposed by CSMA/CD. More specifically, collisions are a normal and expected performance to s35Ter percent of vices rated capacity. This means a 10-Mbps Ethernet segment is saturated at 3 Chapter 2 - Window minal Ser latency due to interframe delays built into the Ethernet standard to minimize collisions. In a switched infr Chapter 3 - Citr ix MetaFr am e Access Suite 90 percent Pa r t I sustained I - De signioperation ng a n Ent eat rprnear i se SBC Solut ion of capacity, both for send and receive (approaching 20-Mbps thr Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Fast Ethernet Fast Ethernet is also referred to as 100BaseT to indicate that it provides for a transmissio - Ser ver - Based Computing Data Center Architect ure backward compatible with 10-Mbps Ethernet. Many vendors tout "dual speed hubs" capable of simultan Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing however, in a mixed speed environment, the Ethernet bus must arbitrate to the rate of the station transm Chapter 7 environment - The Client Envir Mbps due onment to excessive bus arbitration. Use of dual-speed hubs is strongly discouraged. On Chapter 8 - As Security penalty. of this writing, switched Fast Ethernet is the de facto standard for LAN technology with regar Chapter 9 - Nettowguarantee or k Managemen t standards reliable Fast Ethernet connectivity. Chapter 5

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Gigabit Ethernet This transmission standard provides for sending one billion bits per second across the specification (802.3z) and uses the same Carrier Sense Multiple Access with Collision Detection (CSMA Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver predecessors. Gigabit Ethernet is always switched versus shared and is normally full-duplex. Genericall Chapter 13 - Application I nstallation and Configur at ion (1000BaseSX (multimode) or 1000BaseLX (single mode)), unshielded twisted pair (1000BaseT over 4-p Chapter 14 - Client Configur ation and Deploym ent pair 150 ohm shielded cable). Gigabit Ethernet is rapidly emerging as the de facto standard for data cen Chapter 15 - layer Pr ofiles, Policies, and Pr ocedu rescore or distribution layer. access aggregation points to the Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

Token Bus/Token Ring Token Bus is similar to Ethernet but uses a different method to avoid contentio control the sequence of which nodes use the network at what time. The node holds a "token" and passe Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment receive a message but cannot transmit unless it holds a token. Token Bus networks are laid out in a ser Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP on the other hand, is implemented in a ring topology. The main difference between the two is how the to Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 Token With Bus, the packet is a separate message that is passed after a node has finished transmitting Envir onment even started out with higher possible bandwidth (about 16 Mbps). However, Ethernet is now the unques Pa r t I V - Appendi x es connecting mainframes, minicomputers, or other IBM equipment. Chapter 18 - Pr int in g

Appendix A - I nter netw or k ing Basics

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

ATMC for LAN Asynchronous Transfer was iption once viewed as an alternative to Ethernet-based techn Appendix - Creating an On- Dem and EnterprMode ise Subscr Billing Model I ndex the desktop" as the future of high-bandwidth access. This never materialized in large-scale desktop dep List ofnetwork Figur es cards and associated network devices are still far more expensive than their Ethernet-based co

to the loss of interest in ATM in LANs: the rising speed and falling cost of Ethernet-based tec List ofcontributed Tables of internetworking LAN segments using ATM LAN Emulation (LANE). List ofcomplexity Case Studies List of Sidebars

F/CDDI Fiber/Copper Distributed Data Interface is a 100-Mbps LAN topology designed to operate over o media access protocol similar to Token Ring (token passing) and employ a dual counter-rotating ring to very attractive and performs exceptionally under high-load conditions. Maximum ring distances for FDDI topology. CDDI rings are limited to 100 m.

WAN Media

The wide area network (WAN) is the vehicle for transporting data across the enterprise. In a server-based co to the IT enterprise. It is essential to create a WAN design that is robust, scalable, and highly reliable in orde Interconnecting media for m WAN services Cit rix types Me t aFra e Access Su itinclude e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Frame relay Frame relay service is available virtually worldwide. It employs virtual circuits (usually perm ISBN:0072195665 by Steve Kaplan et al. 56K connections. Multiple PVCs can be carried over a single physical (for example, T1) access facility a McGr aw -Hill © 2003 (724 pages) bandwidth (oversubscription). For example, four 512-Kbps PVCs can be provisioned over a single T1 ac This guide ex plains how to build a r obust, reliable, and transmissionscalable rate called the Committed Information Rate (CIR) and the ability to burst above this rate, o thin- client com puting envir onment and deploy not guaranteed and can be Windows ruthlessly2003 discarded. the combination of all thin-client Windows 2000/ Ser v er For and WAN MetaFrconnectivity, am e. Also than the CIRlearn to ensure reliable performance. Further, restriction t o centr alize application managem ent,QoS r educe soft w ar ecannot be applied to traffic rates a on the desktop, and mormay e. than 1.5:1), thin-client performance be degraded. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Point-to-point serial Point-to-point serial service is available in many formats including 56 Kbps, fractio Ta ble o f Con t en t s

full T1 (1.544 Mbps, 1.536 Mbps usable). Dedicated point-to-point circuits have been around for a long t are involved. These circuits can either be leased from a service provider or local telephone company (T For ewor d facilities. (See Figure 6-12.) Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security Frame relay Chapter 9 Figure - Net 6-12: w or k Managemen t vs. T1/E1 point-to-point connections Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 Asynchronous - Pr oj ect Managing andmode Deploying an Enter ise SBC Envir onment ATM transfer combines theprbest features of the older packet-switched networks an Chapter 11 Ser ver Configur ation: Windows Ter m inal Serv ices based protocol data unit and advanced inherent management features make ATM the most flexible and Chapter 12 - Ser Configur Citror ix Synchronous MetaFr am e Presentation Ser ver (SONET) physical media with ATM vir services arever based on aation: T1, T3, Optical Network Chapter 13 Application I nstallation and Configur at ion optical carrier levels range from OC1 (51.840 Mbps) through OC48 (2.48832 Gbps). ATM delivers varia Chapter 14 as - frame Client Configur ation and ATM Deploym ent the defined multiplex layer standard for SONET and the bas such relay and xDSL. is also Chapter Figure 15 -6-13.) Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Figure 6-13: ATM data center network connected to frame relay Integrated Services Digital Network (ISDN) ISDN was announced in the late 1970s as a way to provid same basic copper wiring as Plain Old Telephone Service (POTS), but its Basic Rate Interface (BRI) off channel (2B+D). B-channels carry the data payload (digital data or digitized voice) while the D-channel e

environments, the ISDN Primary Rate Interface (PRI), offers 23 standard B-channels and one 64-Kbps individually or bonded together. ISDN is a point-to-point technology and provides deterministic, but expe 6-14.) backup for dedicated relay circuits. (See Cit rix Meframe t aFra m e Access Su it e fo rFigure W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 2

- Window s Ter minal Ser vices ISDN and Suite PRI structure Chapter 3 Figure - Citr 6-14: ix MetaFr am eBRI Access Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Digital Chapter 4 - Subscriber Line (DSL) Various flavors of DSL are available in most areas, but without ATM to t I mplem ent ation

DSL circuits must terminate at a service provider for Internet access only. TelCos provide Asymmetric D - Ser ver - Based Computing Data Center Architect ure their Central Office (CO) to the customer premises. ADSL is low cost and, as the name implies, has asy Chapter 6 - Designing YourSymmetric Netw or k forDSL Ser verBasedis Com put ingprovided by specialized service providers with downstream capacity. (SDSL) normally Chapter 7 - The Client onment distances and oftenEnvir higher speeds than ADSL, but at three to six times the monthly cost. IDSL, a form o Chapter - Security the8 customer premises and the CO, provides speeds equivalent to ISDN BRI, but without the high usage Chapter 9 can't - Net w or k Managemen that call anywhere. Liket frame relay, DSL providers charge based on bandwidth, but seldom provid Pa r t I offerings I I - I m ple(at m ent ing a n O n-D e m a nd Se ADSL r ve r - Bawith se d business-class Com pu ti ng Enviservice r onm e ntlevel agreements for throughput a a higher price) include Chapter 10 Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment generally only usable as Internet access—unless you have ATM to the data center or work with a value(ADSL, so on) fromWindows remote offices and provide Chapter 11 - ISDL, Ser verand Configur ation: Ter m inal Serv ices consistent bandwidth via any circuit type to the distribution Chapter 12 - Serlayer. ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 5

Chapter 13 - Application I nstallation and Configur at ion

Cable modem Cable modems connect to the existing cable TV (CATV) coaxial network to provide new theoretical 36 Mbps, but end-node technology (such as a network interface card) does not yet exist to ta Chapter 15 - Pr ofiles, Policies, and Pr ocedu res common. The service is asymmetrical in its current implementation with download speeds that are far fa Chapter 16 - Securing Client Access large number of users. No service level agreement is available, nor are repair times guaranteed for faile Chapter 17 - Net wor k Configur at ion home offices, or where no cost-effective competing technology is available and VPN or Internet-based a Chapter 14 - Client Configur ation and Deploym ent

Chapter 18 - Pr int in g Chapter Internet/VPN 19 - Disaster Though Recovery not a and "media" Business in the Continuity same sense in the as SBC the Envir other onment technologies discussed here, it doe

(VPN) Internet as as valid infrastructure option for connecting small or remote offices a Chapter 20 -uses Migrthe ation to Window 2003network and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Planning Network Bandwidth

Pa r t I V - Appendi x es

Appendix - I nter netw or k ing Basics PlanningA network bandwidth may seem like an obvious need, but it is often skipped because it is difficult to p Appendix B Creating an On- Dem and Enterpr Model network. However, by using modeling basedise onFinancial nominalAnalysis predicted values, bandwidth requirements can be a Appendix - Creatinginanmind: On- Dem and Enterpr ise Subscr iption Billing Model followingCguidelines I ndex

WAN links are saturated when they reach 70–80 percent of rated capacity; in other words List ofPoint-to-point Figur es List ofT1. Tables

List of Case Studies

Frame relay and ATM connections are saturated when they reach 90 percent of rated capacity per virtu

List ofguaranteed. Sidebars

Allow 25 percent additional bandwidth for any VPN link. Always calculate required voice or video bandwidth first, add thin-client session bandwidth, and then add protocols, time service, Internet browsing, mail services, Windows domain traffic, printing, and so on). O mail, streaming media, and so on), 30 percent additional bandwidth above and beyond voice/video and

WAN bandwidth per thin-client user is nominally 30 Kbps, depending on application usages and graphic Printing inside the thin-client session will add up to an additional 20-Kbps concurrent printing connection Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver concurrent sessions. 2 00 3 : Th e O ff icial Guid e ISBN:0072195665 Steve primary Kaplan etaccess al. On links that by provide to Internet services, all available bandwidth can be consumed by In McGr aw -Hill © 2003 (724 pages) previously in this list, adding at least 50 percent for Internet service access, and plan for bandwidth man a reference.)This guide ex plains how to build a r obust, reliable, and

scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also Table 6-1: Sample Bandwidth Calculation Worksheet learn t oWAN centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Base

< ?xm l version= " 1.0" encoding= " I SO- 88591" ?> Concurrent Bandwidth Citrix Ta ble o fUsers Con t en t s per User Bandwidth

ICA Printing?

ICA Printing Bandwidth

Total Citrix Bandwidth

Primary Internet?

180 Kbps

1080 Kbps

No

0 Kbps

900 Kbps

No

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor30 d

30 Kbps

900 Kbps

Yes

I ntr oduction Pa r t I - 25 Ov er vi e w of Ente30 r prKbps ise Se r ve r - Ba750 se d Kbps Com put in g No

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter30 2

30 minal Kbps Ser vices900 Kbps - Window s Ter

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

30

30 Kbps

900 Kbps

Yes

180 Kbps

1080 Kbps

No

Yes

180 Kbps

1080 Kbps

No

0 Kbps

900 Kbps

No

0 Kbps

900 Kbps

Yes

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter30 5

- Ser ver - Based 30 Kbps Computing Data 900 Kbps Center Architect No ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

30

30 Kbps

900 Kbps

No

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Bandwidth Management Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

In most12 thin-client environments, bandwidth should Chapter - Ser verWAN Configur ation: Citr ix "calculated" MetaFr am e Presentation Ser ver provide optimal performance, but seld bandwidth protect thin-clientand bandwidth Chapter 13 cannot - Application I nstallation Configur when at ion the network administrator downloads a large file or a u unpredictable behaviors can degrade SBC services to remote users due to bandwidth starvation or excessiv Chapter 14 - Client Configur ation and Deploym ent control15 bandwidth utilization service environments: Layer 2 CoS and queuing, Layer 3 Chapter - Pr ofiles, Policies,and and assure Pr oceduresponsive res NBAR),16and bandwidth managers (Packeteer). Each of these has its respective strengths a Chapter - appliance-based Securing Client Access

addition, all of these technologies must have a mechanism for differentiating more important traffic from less not be "marked" and tagged with its particular priority, but subsequent network devices must be able to reco Chapter 18 - Pr int in g constrain specific traffic types. All must have a means for identifying traffic as more important or less importa Chapter 17 - Net wor k Configur at ion

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XPtraffic flows, the following general rules apply When applying bandwidth management technologies to WAN Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 Envir onment Do not prioritize any traffic above network management traffic. This usually is a factor only on Layer 2 C Pa r t I frames) V - Appendi es arexincorrectly

tagged as priority 7. Management and control information (STP, VLAN status me

Appendix A - I nter netw or k ing Basics

Digitized voice and have very high mustModel have instantaneous bandwidth and the low Appendix B - Creating an video On- Dem anda Enterpr ise priority. FinancialThey Analysis Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Thin-client user access has a high priority. ICA/RDP traffic has the same priority as character-interactive

I ndex screen" applications, performance is perceived the same by users. If a user presses ENTER and doesn List ofclient Figur es performance is deemed unacceptable. List of Tables List ofMission-critical Case Studies applications such as ERP packages should receive a higher priority than personal produ List of Sidebars

Average utilization of network resources should be high, thus saving money by avoiding unnecessary up Rules for bandwidth utilization or bandwidth blocking should be by application, user, and group.

Tip More bandwidth, not less, is needed when migrating users to a new network. It is likely that the old a segments while users are moved from the old network to the new data center network. Tasks such a Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver "backhauling" user data to legacy systems not yet on the new network can all add up to an increase 2 00 3 : Th e O ff icial Guid e can be mitigated with careful planning and staging of which systems will be migrated in which order. ISBN:0072195665 by Steve Kaplan et al. enjoys a lower risk of having unhappy users before projects get started. McGr aw -Hill © 2003 (724 pages)

guide ex plains how to build a r prioritization obust, reliable, Layer 2 CoS andThis Queuing Applying Layer 2 CoS to and LAN traffic has several weaknesses: It is o scalable thin- client com puting envir onment and deploy across Layer 3 boundaries); granular control, by application or service, is not widely supported; and most ap Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also with CoS values. learn Several vendors network interface cards soft capable t o centr alize provide application managem ent, r educe w ar e of applying CoS and QoS tags to application layer traffic. Microsoft's on the desktop, andGeneric mor e. Quality of Service (GQoS) API allows software developers to acc operating system. However, the API is not widely supported and only a limited number of Microsoft multimed < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> devices have one or two input queues per port and up to four output queues. Out of the box, all traffic is rout Ta ble o f Con t en t s CoS can be applied to frames at the source or upon entry to the switch to redirect the output to use a higher Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide first, reducing latency. In a server-based computing paradigm, there is little to be gained from accelerating fr For ewor d

I ntr oduction Layer 3 QoS and Queuing Quality of Service at Layer 3 encompasses classifying traffic (via a standard or e Pa rt I - 4 Ovprotocol), er vi e w of input Ente r pr ise IP Se rPrecedence ve r - Ba se d Com in g Layer port, or put DSCP,

or Ethernet 802.1p class of service (CoS). Traffic clas

I ntr oducing Ser ver -Based Com andwith th e the On- Dem and avoided. traffic is classified it must beputing marked appropriate value to ensure end-to-end QoS tre Chapter 1 Once Enterpr ise (ToS) byte; six Differentiated Services Code Point (DSCP) bits in the IP ToS byte; thre the IP Type of Service Chapter 2 cell - Window s Ter minal(CLP) Ser vices one ATM loss probability bit. In most IP networks, marking is accomplished by IP Precedence or D Chapter 3 - Citr ix MetaFr am e Access Suite share of network bandwidth to each application. An application is class. Fair queuing (FQ) assigns an equal Pa r t I I - De signi ng afair n Ent e rpr i se (WFQ) SBC Solut ion an HTTP). Weighted queuing allows

administrator to prioritize specific traffic by setting the IP Pre

Pr eparqueue. ing YourWFQ Or ganization for an for On-Cisco Dem and Enterpr the corresponding is the default routers on ise links below 2 Mbps. Priority Queuing (PQ) Chapter 4 I mplem ent ation normal, and low priority queues. The high priority traffic is serviced first, then medium priority traffic, followed Chapter 5 - traffic Ser verflows - Based Computing Data Center Architect weighted ure high priority are always present. Class-based fair queuing (CBWFQ) is similar to WFQ Chapter 6 - priority Designing YourisNetw or k for Ser verBased Com queuing put ing (LLQ) is the preferred method for prioritizin guaranteed queue allowed. Finally, low latency Chapter 7 guaranteed - The Client bandwidth Envir onment with static to digitized voice or video, assign multiple resource queues with assured ba Chapter 8 - Security other" traffic. Queuing works well in a network with only occasional and transitory congestion. If each and ev

the design will tprovide all of the bandwidth management thin clients require. Absent a per Chapter 9 -baseline, Net w or k queuing Managemen Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Queuing requires no special software on client devices.

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur Windows Ter m Serv ices Packets delayed beyondation: a timeout period ininal queues get dropped and require retransmission, causing m Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Queuing manages only outbound assuming the inbound traffic has already come in over the con Chapter 13 - Application I nstallation andtraffic, Configur at ion both of the link. When dealing with ent Internet connections, queuing is generally ineffective. Chapter 14 ends - Client Configur ation and Deploym Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Queuing has no flow-by-flow QoS mechanism.

Chapter 16 - Securing Client Access

Chapter 17 - NetBandwidth wor k Configur at ion Router-Based Management Cisco's Network Based Application Recognition (NBAR) provides Chapter 18 Pr int in g processes. NBAR is a Cisco IOS classification engine that can recognize a wide variety of applications, inclu Chapter 19 features - Disaster Recovery and Business Continuity in the SBC Additional allow user-specified application definitions (byEnvir portonment and protocol). Once the application is marking, queuing features, well and as selectively drop packets from the network. Although it is "applicati Chapter 20 and - Migr ation to Windowas s 2003 Citr ix MetaFrame XP

implement QoS policies, and remains an "outbound" technology. Ongoing Administr ation of the Ser v er - Based Com puting

Chapter 21 -

Envir onment

Appliance-Based Pa r t I V - Appendi x esBandwidth

Managers (TCP Rate Control) TCP rate control provides a method to mana

parameters thenetw TCPorsliding window. TCP rate control evenly distributes packet transmissions by controllin Appendix A - in I nter k ing Basics throttle back, avoidinganpacket tossing when there is insufficient As packet bursts are eliminated in Appendix B - Creating On- Dem and Enterpr ise Financial Analysisbandwidth. Model

as high as percent.anInOna network control, typical average Appendix C 80 - Creating Dem and without Enterprrate ise Subscr iption Billing Model utilization is around 40 percent. TCP analysis, and above Layer 4, analyzing application-specific data. TCP rate control has the following advanta

I ndex

List ofWorks Figur eswhether applications are aware of it or not. List of Tables

packet loss and retransmissions. List ofReduces Case Studies List of Sidebars

Drives network utilization up as high as 80 percent. Provides bandwidth management to a specific rate (rate-based QoS). Provides flow-by-flow QoS. Provides both inbound and outbound control.

Prevents congestion before it occurs. On the other hand, TCP rate control has the following limitations:

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

00 3 : Th e O ff icial Guid e Not built into 2any routers yet.

ISBN:0072195665

by Steve Kaplan et al. McGr aw -Hillall © 2003 pages) Only works on TCP/IP; other(724 protocols get queued.

This guide ex plains how to build a r obust, reliable, and

Currently available fewputing vendors. scalablefrom thin-only clienta com envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

Packet prioritization learn using t o centr TCP alize rateapplication control is managem a methodent, of ensuring r educe soft that w ar general e WAN traffic does not interfe on guaranteed the desktop, bandwidth, and mor e. which results in low perceived latency and speedy application pe traffic can be given server-based computing environment. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Packeteer created the category of hardware-based TCP rate control appliances with its PacketShaper produ competing technologies, but Packeteer products were selected for an in-depth discussion.

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

I ntr In oduction a simple deployment, a PacketShaper (shown in Figure 6-15) is an access layer device that sits between Pa r t I - Ov erWAN vi e w traffic of Enteto r pr ise Se r that ve r - Ba se d Com put in g manages ensure critical applications receive

the bandwidth they require. For SBC environ

I ntr oducing Ser ver -Based Comthe puting and th eAOnDem and enough1 bandwidth requirements to justify expense. PacketShaper is always placed inside the site rout Chapter Enterprinise there is also value placing a PacketShaper at the data center to control Internet services bandwidth and p Chapter 2 - Window s Ter Ser vices users surfing the Web. Inminal this configuration, individual traffic flows cannot be managed, however, good traffic Chapter 3 - Citr ix MetaFr am ecan Access Suite and less-critical traffic flows be throttled to ensure bandwidth remains available for thin-client flows. Tho Pa r t I I - Detosigni ng apartitions n Ent e rpr ifor se SBC Solut ion possible create particular types

of traffic. The flow-by-flow management happens in the Pack

Pr epar ing Your Or ganization forare an priced On- Dem iseof bandwidth they are capable of manag PacketShaper models available, and they byand theEnterpr amount Chapter 4 I mplem ent ationdevices from a central policy center. to manage enterprisewide Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Figure 6-15: Network with a Packeteer PacketShaper

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing AdministrWith ationthe of the Ser v er - Based Com puting to set a policy that will guarantee 20 Kbps Bandwidth per session PacketShaper it is possible Chapter 21 Envir onment First, each session is protected from every other session. A user browsing animated web pages over ICA Pa r t I Another V - Appendi x es user accessing office

applications or e-mail would notice no difference, and their sessions woul

Appendix - I nter netw orIn k ing lessAthan 20 Kbps. theBasics cases where the network was near saturation and insufficient WAN bandwidth Appendix B Creating an OnDem andallow Enterpr ise Financial Analysis Model from being created rather than creation in a degraded environment (see Figure 6-16). Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e ISBN:0072195665

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 Figure 6-16: Enterpr iseDenied session request Chapter 2

- Window s Ter minal Ser vices

Chapter 3 - Citr ix Partitions MetaFr amallow e Access Partitioning the Suite administrator to logically "carve up" the available bandwidth and assign Pa r t I For I - De signi ng ain na Ent e rpr i se SBCcircuit Solut ion example, frame relay with a

port speed of 1.544 Mbps, you might assign 80 percent of ba

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise LPR/LPD Chapter 4 - for printing. If any portion is not being fully utilized, the PacketShaper can allow the other parti I mplem ent ation Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Figure 6-17: Bandwidth partitioning

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir onment Prioritization Prioritization is the simplest of the three options. Prioritization allows you to assign a numb Pa r t I as V - utilization Appendi x es of the available bandwidth increases, the PacketShaper uses its own algorithms to make s Appendix A -inI nter netw or k ing Basics shown Figure 6-18. Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 Figure 6-18: Bandwidth prioritization Enterpr ise Chapter 2

- Window s Ter minal Ser vices

Chapter 3 - methods Citr ix MetaFr am e Access Suite Of the three discussed in this section, session-based policies and partitions are recommended for I Pa r t I I - of Deup signi n Ent e i se SBC SolutHowever, ion bursts to ng 50 aKbps isrpr ideal for ICA.

such a policy can only be implemented when the PacketS cannot be done Pr epar over ingthe Your Internet. Or ganization In suchfora case, an On-aDem partition and Enterpr policyise can be used. Depending on the size of th I mplem ent ation the bandwidth is available to ICA. The remaining bandwidth could be left "unmanaged" or partitions could be Chapter - Ser ver - Based Computing Architect ure Telnet.5Priority-based packet shapingData with Center ICA should be avoided simply because it makes it harder to predi Chapter 6 and - Designing Your Netw orcomplex k for Ser verBased Com put ing the traffic. Partitions and session policies are absolute relies on some fairly algorithms to shape Chapter 4

Chapter 7

- The Client Envir onment A limitation packet prioritization is that print traffic (and resulting print output speed) may be reduced beca Chapter 8 -ofSecurity

unsatisfactory. If so, one may choose to increase WAN bandwidth to allow more room for print traffic. Printin - Net w or k Managemen t detail in Chapter 18. Another potential problem with packet prioritization is that Internet browsing speed may traffic. Our experience has shown that Internet browsing that includes rapid screen refresh rates appears to Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment requirements—sometimes to as much as 50 Kbps—although Citrix has made great strides in fixing this with Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices technology can mitigate this problem that causes the screen to refresh more than a static page. Few compa Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver seems), so this might not be a problem. Chapter 9

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 13 - Application I nstallation and Configur at ion

Chapter 14 -inClient Configur Deploym ent report output from a Packeteer unit configured to monitor Packeteer Action Figureation 6-19and shows a sample applications remotePolicies, branchand offices via the Chapter 15 - to Pr ofiles, Pr ocedu res Internet. The main site (data center) has a 1.5-Mbps SDSL circ

response for the Client customer's Chapter 16 time - Securing AccessERP/financial application (NAVISION) deployed over Citrix. Although serve total response aboveat the Chapter 17 - Nettime wor kwell Configur ion recommended threshold of 500ms. The second graph shows that "bursty bandwidth, that Chapter 18 -and Pr int in g the bursts coincide with delays in Citrix response times. Graph three shows total (link) ba 48 percent all available bandwidth, with HTTP and WinMedia Chapter 19 -ofDisaster Recovery and Business Continuity in the SBC accounting Envir onmentfor nearly two-thirds of all bandw to ensure Citrix access needed bandwidth. Chapter 20 HTTP - Migrcannot ation to deny Window s 2003 andto Citr ix MetaFrame XP As an added benefit, the Packeteer analys

bandwidth, not the 1.5-Mbps circuit the customer paid for. The ISP agreed to rebate $2500.00 in fees for sub Ongoing Administr ation of the Ser v er - Based Com puting

Chapter 21 -

Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - 6-19: Pr oj ect Managinganalysis and Deploying Figure Packeteer report an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e Networks fo r W in do w s Ser ver Putting it allCitTogether—Sample 2 00 3 : Th e O ff icial Guid e

by Steveillustrate Kaplan et al. The following diagrams notional networks supporting ISBN:0072195665 various levels of SBC activity. Due to McGr aw © 2003 (724 pages) size constraints, none of -Hill the diagrams are intended to be complete in every detail or completely accurate in depicting connectivity. Chapter 17 willreliable, delve into This physical guide ex plains how to build a r obust, andgreater detail regarding each scalable thin-When client com puting envir onment and deploy aspect of a sample network. documenting your network design (a necessity), three major WindowsFirst, 2000/ 2003 Ser similar v er and to MetaFr e. Also documents are needed. a Windows physical diagram thoseam that follow. Second, a logical learn t o centr alize application managem ent, r educe soft w ar e diagram to document the relationship between Layer 2 boundaries (VLANs) and Layer 3 boundaries on the desktop, and mor e. (routed networks) for each protocol (TCP/IP, IPX/SPX, and so on) you must support. Finally, a < ?xm l version= "naming 1.0" encoding= " I SO- 88591" ?> documented and addressing scheme, to address both protocol address and naming Taconvention ble o f Con t(NetBIOS en t s Name, DNS Host Name), is essential. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Asewor examples, three business scopes (small businesses, medium-sized businesses, and large For d businesses) I ntr oduction are addressed. Additionally, the medium-sized business shows two possible scenarios, branches viar prprivate and Internet-centric Pa r t I - Ov erconnected vi e w of Ente ise Se rWAN ve r - Bamedia se d Com putan in g

and VPN approach.

Chapter 1

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 2

- Window s Ter minal Ser vices

The Small Business Network

Chapter 3 business - Citr ix MetaFr am(see e Access Suite The small model Figure 6-20) uses the same basic equipment as larger scale Pa r t I I - De signibut ng aseparation n Ent e rpr i se SBC Solut ion deployments, between hierarchical

layers is limited. The local distribution, core, and

Prlayers epar ingare Your Or ganization for anonOnand Layer Enterpr server access collapsed and exist theDem same 3 ise switch. Multiple protocols are Chapter 4 I mplem ent ation2 VLANs connected to the Layer 3 core; this concept is implied, but not isolated by separate Layer Chapter 5 - Ser ver - Based diagrams. Computing Data Center Architect ure illustrated, in subsequent Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Figure 6-20: A small business network example

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es

The Medium-Sized Business Network

List of Tables

List of Case Studies

The medium-sized business network shares component parts with its small business counterpart, but employs more specialized distribution and core layer hardware to isolate local users, DMZ networks, and branch offices from the production server environment in the core.

List of Sidebars

Figure 6-21 depicts a typical mid-sized business with large branch offices connected via dedicated media. The distribution layer switch serves to aggregate traffic from LAN, WAN, and Internet sources, and to insulate the core switch and server farm from this traffic.

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Figure 6-21: A medium-sized business network example (dedicated media)

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter Designing Your Netw or ksuited for Ser Based Com put business ing Figure 66-22- depicts a model more tovera medium-sized with many small branches (such Chapter The(POS) Client sites) Envir onment as point7 of -sale where dedicated WAN media is cost-prohibitive. A combination of Internet Chapter - Security access8to the Web Interface site, VPN access, and secure access via MetaFrame Secure Gateway provides WAN without dedicated links. In both cases, branch-to-Internet or LAN userChapter 9 a -flexible, Net w orsecure k Managemen t Pa to-Internet r t I I I - I m traffic ple m ent flows ing anever n O n-D traverse e m a nd Se ther ve core, r - Ba se and d Com are pu kept ti ng in Envi check r onm byethe nt

Packeteer (to protect

Internet-based users and VPNand traffic). Chapter 10 - Pr oj ect Managing Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List ofFigure Figur es6-22: A medium-sized business network example (Internet/VPN media) List of Tables List of Case Studies

Again, like the small business model, the "server-specific" access and distribution layers are collapsed onto the core switch (see Figure 6-23). Redundant connectivity is added between the core and the distribution layer switch for reliability and survivability. All aspects of the local server farm, particularly the Citrix MetaFrame farm, are more robust and more redundant.

List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Figure 6-23: A medium-sized business network example (Core)

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

The Large Business Network I mplem ent ation

Chapter 4 Chapter 5

- Ser ver - Based Computing Data Center Architect ure

The large business model (the beginnings of a true enterprise model) moves away from a collapsed - Designing Your Netw or k for Ser ver- Based Com put ing structure to a hierarchical network design where each layer is purpose-built. Layer 2 connectivity Chapter 7 - The Client Envir onment becomes far less prevalent, with redundant Layer 3 links being the norm. Chapter 6 Chapter 8

- Security

Chapter Net w or k Managemen t Figure 96-24- illustrates the more robust access layer structure expected in a large business model. Pa r t I I Ithe - I redundant m ple m ent ing a n O n-D e m a nd VPN Se r vemethods, r - Ba se d Com ti ng Envi r onm e nt Note Internet, multiple andpuaccess aggregation

for specific groups of

Chapter 10(WAN - Pr ojaggregation ect Managingrouter). and Deploying an Enter pr ise SBC Envir onment services Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies

Figure 6-24: A large business network example (distribution/core layer)

List of Sidebars

Typical large business distribution and core components are shown in Figure 6-25. Virtually every aspect of the distribution and core layers are redundant and "self-healing" by either Layer 3 route convergence or Layer 2 (STP) convergence. For additional resiliency, the Citrix Metaframe server farm itself has been split into two physical farms. Both physical farms still function as a single logical loadbalanced farm, even on different subnets. The implication is that if an organization requires oncampus survivability and has adequate (gigabit) connectivity, it can distribute the farm across multiple

buildings with no loss of functionality. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Enterpr ise business distribution and core components Figure 6-25: Large

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Me t aFra m e Access Su it e fo r W in do w s Ser ver Chapter Cit 7:rixThe Client Environment 2 00 3 : Th e O ff icial Guid e

Overview

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and

In this chapter, we scalable will introduce thin- client andcom discuss putingfour envircategories onment and of deploy desktop devices used to access the Windows(SBC) 2000/ applications: Windows 2003thin Serclient v er and am e. Also server-based computing (a MetaFr Windows Terminal or fully locked down PC learn t o centr alize application managem ent, r educe soft w ar e dedicated to running only a web browser and/or ICA client), mobile (laptop), simple hybrid (a device on the desktop, and mor e. running both server-based applications and local applications, with no local peripheral support), and < ?xm l version= " 1.0" 88591" ?> complex hybrid (a encoding= device with" I SOa local hard drive running both local and server-based applications and Tasupporting ble o f Con tlocal en t s peripherals). We will also discuss deployment strategies and installation tips not Citr ix MetaFr Access Suite for Window s from Ser v erthe 2003—The Official Finally, Guide we will introduce the concept covered byam thee standard documentation manufacturers. For d ofewor the client decision matrix to help you establish standards for determining the appropriate client for a I ntr oduction given user or group. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

In general, use simplest (or-Based "thinnest") client device to take full advantage of the cost I ntrthe oducing Ser ver Com puting and th eavailable On- Dem and Chapter savings1 derived from lower up-front costs, lower setup costs, significantly reduced software Enterpr ise maintenance, reduced hardware and fewer repairs. Although the concept and approach Chapter 2 - Window s Ter minal Sermaintenance, vices of thin clients has changed since Suite the inception of server-based computing, price and performance Chapter 3 - Citr ix not MetaFr am e Access have improved It is now possible Pa r t I I both - De signi ng a n dramatically. Ent e rpr i se SBC Solut ion

to procure a high-performance Windows Terminal thin-client device foring$290 is extra) from including Wyse, Neoware, Pr epar Your(monitor Or ganization for an On-several Dem andmanufacturers, Enterpr ise Chapter 4 -and others. Although we have had many people argue that they procure PCs for about this Maxspeed, I mplem ent ation same cost, neverComputing discoveredData that Center to be true. Although Chapter 5 -we Serhave ver - Based Architect ure most consumer-based retail outlets advertise a $500 PC, corporations today are often spending Chapter 6 - Designing Your Netw or k for Ser ver- Based Com putover ing $1000 per PC in order to get a fully configured PC with Windows XP Professional operating system, networking, and a three-year Chapter 7 - The Client Envir onment warranty. Table 7-1 provides a comparison between the costs of a PC and a Windows terminal thin Chapter 8 - Security client. Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 -Three-Year Pr oj ect Managing and Deploying an Enter ise SBC Envir onment Table 7-1: Price Comparison—PC vs.prWindows Terminals Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

PC—Dell Chapter 12 - Ser ver Configur ation: Citr ix Hybrid MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Optiplex Configur atwith ion Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Three-Year Warranty

Windows Terminal—Wyse Winterm 1200LE (Thin Client)

Chapter - Securingcost Client Access Initial 16 procurement

$799

$289

Windows Chapter 14 - Client Configur ation and Deploym ent XP Pro, Task

Chapter 17 - Net wor k Configur at ion

Initial configuration and 3 hours @ $50/hour 15 minutes @ $50/hour installation time (assume Ghost internal billable rate = internal billable rate = Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment imaging for the PC, but include $150 $12.50 Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP ghost image setup and Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 maintenance time) Envir onment Chapter 18 - Pr int in g

Pa rOperating t I V - Appendi x es system

upgrade price

$200 + 2 hours @ $0—Wyse 1200LE is Linux$50/hour internal based and firmware updates Appendix B -operating Creating system an On- Dem ise rate Financial Model Windows overand Enterpr billable for aAnalysis total are pushed from three-year Appendix C - period) Creating an On- Dem and Enterpr priceise of $300 Subscr iption Billing Model management software Appendix A one - I nter netw or k ing of Basics (assume new revision

I ndex

Software upgrade time (assume one new revision of MS Office List of Tables and one new revision of other Listdesktop of Case applications Studies per year Listmust of Sidebars be installed and configured) List of Figur es

6 hours @ $50/hour internal billable rate = $300

$5—software updates will be done once at the server for all clients; assuming hundreds of clients, the cost per client is very small

Assume one local workstation 8 hours per year, 24 2 hours per year, 6 hours hours over three-year over three-year period @ touch per quarter required for Citsecurity rix Me t aFra m e Access Su@ it e$50/hour fo r W in do w s Ser $50/hour ver maintenance and period internal billable 2 00 3 : systems Th e O ff icial Guid e internal billable rate for rate for a total cost of $300 patching of operating by Steve Kaplan et al. a total cost of $1200 to ISBN:0072195665 to configure and manage and web browsers; assume McGr aw -Hill © 2003 (724 pages) the management software management software will be configure and manage This guide (SMS ex plains howthe to management build a r obust, reliable, and used to push out patches scalable thinputing envir onment and deploy for PCs, Wyse Rapport for client comsoftware Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also Winterms) learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Hardware repair—assume one 3 hours @ $50/hour 15 minutes @ $50/hour < ?xm warranty l version= repair " 1.0"isencoding= required over " I SO- 8859-internal 1" ?> billable rate = internal billable rate = Ta ble f Con t en t speriod, $150 $12.50 theothree-year Citrnecessitating ix MetaFr am e reload Access and Suite for Window s Ser v er 2003—The Official Guide Forreconfiguration ewor d I ntr oduction

Total three-year cost

$2599

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

$619

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 - from Table 7-1 are very conservative by most industry standards. Gartner Group The numbers Enterpr ise

estimates that most enterprise organizations spend closer to $7000 per PC per year, because the - Window s Ter minal Ser vices number of non-automated reconfigurations and software installations are much greater than the Chapter 3 - Citr ix MetaFr am e Access Suite numbers used here. Additionally, the $50 per hour for internal billable rate is lower than most Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion enterprise organizations experience for a fully loaded cost. Regardless though, we wanted to use Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 - numbers to make it inarguable. Notice that for an organization considering technologyconservative I mplem ent ation refreshing 100 PCs per year, even if all "soft costs" are ignored, the up-front savings for just the initial Chapter 5 - Ser ver - Based Computing Data Center Architect ure procurement and setup costs will be $64,750 per year. If soft costs are included, and a three-year cost Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing outlay is looked at for an enterprise organization, these savings are very significant. Chapter 2

Chapter 7

- The Client Envir onment

Chapter 8 the - Security Although advantages and up-front costs of a Windows Terminal are compelling, some Chapter 9 - Net w ornot k Managemen organizations may be able to tfully convert to Windows Terminals, or may need to run a mix of Pa r t I I I - I mTerminals ple m ent ing a nPCs. O n-D Organizations e m a nd Se r ve r - Ba semay d Com pu ti Envito r onm e nt all Windows and that not bengable replace

PCs with Windows

Chapter Terminals 10 include - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Organizations that have large numbers of newer PCs (less than two years old) that cannot be easily discarded (some organizations are leasing their desktop PCs, which will dictate whether it is Chapter 13 - Application I nstallation and Configur at ion advantageous or impossible to get rid of the PCs). Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 14 - Client Configur ation and Deploym ent

Chapter 15 - Pr ofiles, and Pr oceduor res Organizations stillPolicies, supporting 16-bit DOS applications that won't run effectively in an SBC Chapter 16 Securing Client Access environment, and thus must be run using the processing power and operating system of a "local" Chapter 17 - Net wor k Configur at ion PC. Chapter 18 - Pr int in g

Organizations that will onlyand be Business supporting a portioninofthe their applications on the SBC Chapter 19 - Disaster Recovery Continuity SBCusers Enviror onment environment.

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation therunning Ser v er -aBased puting A large21 number of organizations endofup mix ofCom clients and client devices, at least for a period Chapter Envir onment

of time, for these reasons. As such, it is necessary to explore complementary technologies to make hybrid and mobile users take on as many of the desirable characteristics of the thin client as possible. Appendix A - I nter netw or k ing Basics The most significant gain of the thin client—that of not having to install, manage, update, or repair local Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model applications—can be realized from any client device, with the correct configuration and management Appendix - Creating an OnDem and ise Subscr Billingtechnology Model tools. In Cdiscussing these hybrids, weEnterpr will describe theiption available and techniques needed to I ndex accomplish this. Pa r t I V - Appendi x es

List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Client Classifications 2 00 3 : Th e O ff icial Guid e

Stevedevices Kaplan are et al. The categories ofbyclient shown in Table 7-2.

ISBN:0072195665

McGr aw -Hill © 2003 (724 pages) [*] Table 7-2: ClientThis Categories guide ex plains how to build a r obust, reliable, and

scalable thin- client com puting envir onment and deploy Windows 2000/ Windows Supports 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e Secure on the desktop, and mor e.

Access

< ?xm l version= " 1.0" encoding= " I SO-from 8859- 1" ?> Ta ble Client o f Con t en t s Remote Outside

Local Web Local the LAN Applications CitrCategory ix MetaFr am e Applications Access Suite for Window s Ser v er Browser 2003—The Official Guide For ewor d

Thin client only

×

I ntr oduction

-

Support of Local Peripherals

Local File Sharing

-

-

×

×

-

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Mobile user

× Ser ver -Based ×Com puting and × th e On- Dem and × I ntr oducing Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Simple hybrid

×

×

×

×

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Complex Chapter 4 hybrid

Pr epar ing×Your Or ganization × for an On- Dem × and Enterpr ise × I mplem ent ation

Chapter 5 [*]

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

× indicates that the client has the requirement.

Chapter 7 -that Thethe Client Envir onment - indicates client could have the requirement. Chapter 8 - Security Chapter 9 client - Netdevices w or k Managemen Although tend to bet compared more commonly than client types, it is important to note that Pa r t I I Iis- a I mgreat ple m deal ent ing n O n-D etoday m a nd with Se r ve r - Ba se d Com pu ti ngis, Envi r onm e nt there ofaoverlap client devices. That both software

and hardware exist today

Chapter - Pr ectsuch Managing Deploying an Enter ise SBC Envir onment to lock 10 down a oj PC that it and fits the description of aprthin client. Conversely, many new Windows terminals web browsers and support peripherals (via USB, parallel ports, and/or Chapter 11 have - Serlocal ver Configur ation: Windows Ter m for inalclient Serv ices

serial ports). Thus, thin clients be categorized as simple or even complex hybrid clients. Chapter 12 - Ser ver these Configur ation: Citrcan ix MetaFr am e Presentation Ser ver Additionally, the large number and of new device types on the scene, like Tablet PCs, handheld devices, Chapter 13 - with Application I nstallation Configur at ion Linux devices, and Configur Windows CE and tablets, it saves Chapter 14 - Client ation Deploym ent time to discuss client types (and include client devices which can that role) rather to discuss only devices. Chapter 15 fulfill - Pr ofiles, Policies, andthan Pr ocedu res Chapter 16 - Securing Client Access

The matrix of client types in Table 7-2 is meant to provide an idea of total cost of ownership (TCO) of the client type. For example, a Windows terminal that supports a local web browser, peripheral devices, and Chapter 18 -local Pr intOS in g (like Windows XP Embedded), and thus fits into the complex hybrid type, will be a complex Chapter 19 Disaster Recovery and Business Continuity in the SBC Envir onment terminal that simply more expensive to procure, configure, manage, and maintain than a Windows Chapter 20 Migr ation to Window s 2003 and Citr ix MetaFrame XP supports an ICA client (even though both devices may be sold as a "thin client"). For the purposes of our Ongoing Administr ation of the Ser v er - Based Com puting discussion, Chapter 21 - both devices would not be classified as a thin client. We only classify Windows terminals that Envir onment support an ICA client as a thin client. It is also important to note that this client matrix does not define Pa r t I V - Appendi x es operating systems. If Citrix MetaFrame XP will be used, its support of hundreds of operating system Appendix A ensures - I nter netw k ing variations the or use ofBasics Linux-based devices and Windows CE-based devices, as well as the more Appendix B Creating an OnDem and FinancialXP-based Analysis Model common assortment of Windows 95 Enterpr throughiseWindows devices. If only Windows Terminal Appendix C Creating an OnDem and Enterpr ise Subscr iption Billing Model Services will be used, the device choice becomes more limited. Chapter 17 - Net wor k Configur at ion

I ndex

Since totalescost of ownership is not the only consideration when choosing which client type and client List of Figur

devices to support, a significant task in designing the SBC environment is to figure out which client types List of Tables and devices will be procured and supported.

List of Case Studies List of Sidebars

Cit rix Me t aFraMatrix m e Access Su it e fo r W in do w s Ser ver The Client Decision 2 00 3 : Th e O ff icial Guid e

by Steve aKaplan al. The process of changing user'setdesktop environment can beISBN:0072195665 a traumatic experience for both the IT -Hill ©PCs 2003have (724 pages) staff and the endMcGr user.aw Since long been organizational fixtures, often being used as part of a corporate rewards system best how employees get the best and PCs), unless it is handled correctly, This guide (the ex plains to build often a r obust, reliable, scalable thinclient com puting onmentclient and deploy users will fight hard against any change towardenvir a simpler environment. Usually, end users will Windows 2003 Ser v er andorMetaFr am e. Also In order to help sell the idea not be able to seeWindows how the2000/ change benefits themselves their company. learn t o centr alize application managem ent, r educe soft w ar e Chapter 10) and ensure non-biased decisions are made, a (cultural change is in detail in e. ondiscussed the desktop, and mor client decision matrix should be used. Defining such a matrix will provide the following benefits: < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t sthe same set of criteria to the classification of each user, you will avoid making By applying political or nontechnical reasons. Official Guide Citr ix decisions MetaFr am ebased AccessonSuite for Window s Ser v er 2003—The For ewor d

When the decision-making process is communicated to users, they will not feel they are being singled out, but rather are subject to the same rules as everyone else. I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oduction Pa r t

I ntr oducing Ser ver puting quickly, and th e Onand Users can be classified en -Based masse,Com relatively andDem decisions about the number of clients of Chapter 1 Enterpr ise

each type, necessary upgrades, or disposition plans can then be made.

Chapter 2

- Window s Ter minal Ser vices

Chapter 3 with - Citr MetaFr am e Access Suite Start out twoix basic evaluation questions, as described here. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Does the User Require Access to OnlyforSBC-Based Applications? Pr epar ing Your Or ganization an On- Dem and Enterpr ise In other words, does the user only need access I mplem to ent theation applications already slated for hosting in the SBC environment? If so, the categorization ofver that user Computing can be easily made. Chapter 5 - Ser - Based Data Center Architect ure Chapter 4

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Is the User's Existing Computer an SBC-Compatible Device? Since the ICA and RDP clients are - The Client Envir onment so thin, a large majority of devices in use in organizations today will work well in nearly any client role. Chapter 8 - Security For the purposes of this text, PC includes any common device, regardless of operating system, that is Chapter 9 - Net w or k Managemen t capable of running ICA and/or RDP. Chapter 7

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 According - Pr oj ect Managing and Deploying ise SBC Envir onment Note to Citrix, version 7.00 ofan theEnter ICApr client for Windows (32-bit) requires Chapter 11 - Ser ver Configur95 ation: Windows Ter m inal Serv 98, ices Windows Me, Windows 2000, Windows Windows (OSR2 or later), Windows Chapter 12 - Ser ver Configur ation:XP, Citror ix MetaFr am eNT Presentation Ser ver 2003, Windows Windows 4.0 Chapter 13 - Application I nstallation and Configur at ion

8MB RAM or greater for Windows 9x, 16MB RAM or greater for Windows NT 4.0, 32MB or greater for Windows Me and Windows 2000, and 128MB RAM for Windows Chapter 15 - Pr ofiles, Policies, and Pr ocedu res XP Chapter 14 - Client Configur ation and Deploym ent Chapter 16 - Securing Client Access

Chapter 17 - Net wor k Configur at ion Version 5.0 or later, or Netscape Navigator or Communicator Internet Explorer Chapter 18 - Pr intVersion in g 5.0 or later Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Table 7-3 the resulting decision deployment Chapter 20 shows - Migr ation to Window s 2003 matrix, and Citrwith ix MetaFrame XP plans for each category of user. Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Table 7-3: Client Decision Matrix Envir onment

Pa r t I V - Appendi x es

Category

Appendix A - I nter netw or k ing Basics

Deployment

Appendix B - Creating an OnDem and Enterpr Analysis Model Windows terminal. User requires only SBC applications, and ise Financial User gets standard currently a non-SBC-capable Appendix C has - Creating an On- Dem anddevice. Enterpr ise Subscr Existing iption PC Billing goes Model through disposition I ndex

(disposal, donation).

List of Figur es

User gets standard Windows terminal.

User requires only SBC applications, and currently has an SBC-capable device.

List of Tables

List of Case Studies ListUser of Sidebars requires both SBC and non-SBC

applications, and currently has a non-SBCcapable device. User requires both SBC and non-SBC applications, and currently has an SBCcapable device.

Device goes into pool to be reassigned. User gets SBC-capable device from reassignment pool or new purchase. IT staff disables or uninstalls applications from PC that exists in the SBC environment.

Note All users will run an application from the SBC environment—not locally—if it is available. The exception to this rule is the mobile user who may be allowed to run applications locally if she Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver does not have consistent 2 00 3 : Th e O ff icialaccess Guid e to the Internet or wireless WAN (Sprint, Verizon, AT&T, or others).by Steve Kaplan et al. ISBN:0072195665 McGr aw -Hill © 2003 (724 pages) This over guide$50,000 ex plains in how buildjust a r obust, Hach will save onetoyear on thereliable, up-frontand cost savings of buying $289 Wyse scalablerather thin- client onment and deploy 1200LE terminals than com the puting $1600envir we previously spent on new Dell PCs. Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e —Sonya Freeman, Hach Company on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

PC Disposition

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d The problem that arises when updating so many desktops is what to do with all the replaced devices. I ntr oduction This can be a significant problem for an organization that is committed to being as thin as possible. Pa r t I that - Ov er vi eno w of Ente rappropriate pr ise Se r ve r for - Ba a segiven d Comuser put inmay g PCs are longer

still have book value, and the company will

I ntr oducing ver -Based Com The puting and th e are On- some Dem and need to1 see- some kind ofSer return on them. following ideas for dealing with this, based on Chapter what we haveEnterpr seen ise at other organizations. Chapter 2

- Window s Ter minal Ser vices

Chapter 3 - Citr ix MetaFr Reassignment Poolam e Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

As the preceding client decision matrix indicates, if a PC is considered SBC capable, it may be Pr epar ing Your Or ganization for an On-even Dem and Enterpr ise I mplem ent ation removed from a user's desktop strictly based on the user's need. Why do this? When the total cost of Chapter ownership 5 is - Ser examined ver - Based forComputing any desktop Data PCCenter versusArchitect any Windows ure terminal, the reason becomes clear. Even a6new- PC with plenty book costs far more support than a Windows terminal. We Chapter Designing Your of Netw or kvalue for Ser ver- Based Comto put ing examined the reasons for this in detail in Chapters 1 and 4, but the gist is that a PC is far more prone to Chapter 7 - The Client Envir onment spawn a call to the help desk due to an application or operating system problem than is a Windows Chapter 8 - Security terminal, on which very little can go wrong. Chapter 9 - Net w or k Managemen t Chapter 4

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

The idea behind a reassignment pool is to create a standard for PCs to be used in your organization and assign the PCs to those users with a legitimate need. As PCs come in, they can be evaluated for Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices reuse, rebuilt to the proper specifications, and cloned with a standard image of the operating system, Chapter 12 - Ser verthe Configur ation:The Citr ix MetaFr am e Presentation Ser ver web browser, and ICA client. standard image contains the base operating system in as locked Chapter 13 Application I nstallation and Configur at ion down a state as possible, the ICA client, a recent web browser, and whatever other minimal Chapter 14 - are Client Configur ation and specific Deploym application ent applications needed. The user's can then be loaded. This sounds like a lot of Chapter 15 Pr ofiles, Policies, and Pr ocedu res work, and it is. But it is far less work in the long run to deliver a PC in a known state than to deal with Chapter 16 unknown - Securing Client Access one in an state later in the field. The reassignment pool process is illustrated next: Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model PC Disposal Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex Now that there is a plan to reuse PCs that have some value—either financial or technical—what do we

do of with PCs List Figur es that have no book value, are outdated, or are broken in some way? The two obvious choices are donation and disposal. List of Tables List of Case Studies

Many non-profit organizations accept donated PCs, but quite often their minimum requirements are high since many of them aren't using SBC, and thus need reasonable computing power to run a newer operating system and applications. Nevertheless, it is worth discovering if your old gear is worth something to someone else. One nonprofit organization that helps with this process is the National Association for the Exchange of Industrial Resources (NAEIR). See their web site at http://www.naeir.com/.

List of Sidebars

The disposal option has also become more complicated, as most computer parts are considered lowlevel hazardous materials. Contact your local landfill for information on computer disposal.

So far in this chapter, we have talked a lot about getting rid of the PCs in an organization. This may or may not be an acceptable approach for your particular situation, but it is an optimal one in terms of rix Metoward t aFra mkeeping e Access Su it e fojust r Wrunning in do w s applications Ser ver TCO. For peopleCit leaning PCs and in an SBC environment, it 2 00 3 : Th e O ff icial Guid e is important to understand that this decision will have a big impact on the overall value returned by the ISBN:0072195665 by Steve Kaplan et al. project. The following are some advantages and limitations to consider if you plan to keep most of the McGr aw -Hill © 2003 (724 pages) PCs in your organization. This guide ex plains how to build a r obust, reliable, and scalable thinclient com puting envir onment and deploy The advantages of keeping PCs include

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e PCs are ubiquitous. It is likely that your organization already has a large number of PCs with on the desktop, and mor e.

residual book value and would like to use them if possible.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> The skills to support PCs are already available. Supporting other types of devices may Ta ble o f Con t en necessary ts

additional training. Citr ix take MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

PCs are multipurpose platforms that can perform many functions outside those required for an SBC environment.

I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr Ser ver -Based Com puting and th e On- Dem and The limitations ofoducing using PCs include Chapter 1 Enterpr ise Chapter 2 -studies Window s Terthat minal Serare vicessignificantly more expensive to administer than Windows Public show PCs Chapter Terminals. 3 - Citr ix MetaFr am e Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

PCs have parts that are prone failure Pr many epar ingmoving Your Or ganization forfar an more On- Dem and to Enterpr isethan a solid state device.

Chapter 4

-

I mplem ent ation

PCs are prone to obsolescence, which also contributes to the high TCO. This problem is Chapter 5 - Ser ver - Based Computing Data Center Architect ure somewhat mitigated by using the PC as a thin client, but if you plan to run any applications locally, Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing you still must deal with the constant hardware upgrades required when upgrading software. Chapter 7

- The Client Envir onment

Chapter 8 require - Security PCs additional configuration and possibly additional software to approach the level of Chapter 9 - and Net wstability or k Managemen t security of a Windows terminal. PCs should only be delivered in your organization if Pa r t I first I I - Ilocked m ple m ent ingin a na Omanner n-D e m a that nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt down prevents users from making detrimental

Chapter 10 - Pr oj ect Managingsoftware. and Deploying an Enter pr ise SBC Envir onment or loading unauthorized Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

changes to the registry

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Hybrid Clients 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve Kaplan et al. in a limited or widespread Regardless of whether PCs are used manner, many organizations have a aw -Hill © 2003 certain number ofMcGr hybrid clients on (724 theirpages) networks. Hybrid clients can be divided into three categories:

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Simple A simple hybrid is aWindows client device just MetaFr enough Windows 2000/ 2003running Ser v er and amsoftware e. Also to interact with the SBC o centr alize application ent,browser, r educe soft ar e environment.learn Thist usually means the ICAmanagem client, web andwpossibly a client for the the desktop, and mor e.in use at your company. No data is stored locally. managementonsoftware or framework < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en tThe s complex hybrid is a client device that not only runs the ICA and management Complex Citr ix clients, MetaFr am e Access Suite for Window sIt Ser v eralso 2003—The Guideand have local peripherals. but also local applications. may do localOfficial file sharing For ewor d I ntr oduction

Mobile A mobile hybrid is similar to the complex hybrid, but usually has an even greater number of local applications. Although the need for local applications used to be unavoidable, with the new I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 ubiquitous access Enterpr ise to Internet bandwidth (Verizon, Sprint, AT&T, Nextel, City and Airport WiFi, and Boeing's Internet being deployed on board airlines) many users can now utilize SBCChapter 2 - Window s access Ter minalnow Ser vices based applications literally any time, anywhere from their laptop devices. Chapter 3 - Citr ix MetaFr am e Access Suite Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Full Desktop Pr epar ing vs. Your Published Or ganization forApplications an On- Dem and Enterpr ise -

Chapter 4

I mplem ent ation Citrix provides SBC administrators theData option of publishing to end users a full desktop interface to the Chapter 5 - Ser ver - Based Computing Center Architect ure

MetaFrame users a window that looks identical to a Chapter 6 - servers—effectively Designing Your Netw providing or k for Serdesktop ver- Based Comwith put ing desktop7 PC- running Windows XP Professional—or providing the user with individual applications, Chapter The Client Envir onment launching within their local desktop or web browser environment. Which to choose depends on Chapter 8 from - Security

the overall the number of applications to be deployed, and whether thin clients or hybrid Chapter 9 -environment, Net w or k Managemen t clients will be used. The decision to publish individual applications or the entire desktop has many ramifications, from end-user experience and performance to security. Both of these options are Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment available in any client type or device scenario. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Publishing Individual Applications

Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

In the case where a MetaFrame server farm is used to deploy only one application, or a small selection of applications to end users (hybrid clients), the published application option has many Chapter 16 - Securing Client Access benefits. A published application can be published directly to a user's Windows desktop using Citrix Chapter 17 - Net wor k Configur at ion Program Neighborhood or directly to a web browser interface using MetaFrame Web Interface. Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Chapter 18 - Pr int in g

Chapter 19 applications - Disaster Recovery Business Continuity the SBC Envirthan onment Published have theand added benefit of beinginmore secure granting access to a full desktop20because of the of access common system tools, Chapter - Migr ation to lack Window s 2003 to and Citr ix MetaFrame XP such as the Start menu and the

Control Panel. Additionally, publishing onlySer anv er application asputing opposed to the full desktop ensures that Ongoing Administr ation of the - Based Com users do not Envir haveonment access to applications not required for their job function (as an example, nonPa r t I V - Appendi x es accounting users won't see the accounting applications). In a full desktop environment, these items Appendix A - aI nter or k ing Basics could allow usernetw to potentially harm—unintentionally or otherwise—the SBC server environment. Appendix That said, B additional - Creating steps an Onstill Dem need and to Enterpr be taken ise Financial to secure Analysis such integrative Model applications as Internet ExplorerCand MS Office, which can leaveiseback doors to Billing systemModel utilities if not locked down with Appendix - Creating an OnDem andstill Enterpr Subscr iption proper security policies. I ndex Chapter 21 -

List of Figur es

Aside from security reasons, published applications also have the side benefit of consuming system resources (memory, processor, etc.) more efficiently. The reason for this lies in the fact that because List of Case Studies the entire Windows shell is not loaded, only those resource processes required to execute the List of Sidebars application are started (per user). Under high user loads this could mean up to 20 percent additional resources are available for either additional user connections or a better user experience for those connected. List of Tables

One significant downside to published applications is that they can be confusing to end users. Users may find it difficult to distinguish between applications that are running locally and those published from the MetaFrame farm. Additionally, the fact that users cannot access some system configurations, such as printer settings, can cause challenges.

To address this issue, Citrix released Program Neighborhood Agent (PN Agent) with Feature Release 1 to provide tighter integration between locally available resources and those in the SBC environment. Citadministrator rix Me t aFra mconfigures e Access Su e fo r W in do w s Ser ver With PN Agent, an theitclient side agent to utilize a Web Interface server. As 2 00 3 : Th e O ff icial Guid e the user authenticates, desktop objects, start menu icons, system tray utilities, and/or client side MIME ISBN:0072195665 by pushed Steve Kaplan al. the Web Interface server. type mappings are down et from Just as with standard published McGr aw -Hill © 2003 (724 pages) applications, the administrator has the ability to leverage existing user control mechanisms (Active guide access ex plainsobjects how to to build a r obust, reliable, and those features they require to Directory, etc.) byThis creating allow user rights to only scalable thin- client com puting envir onment and deploy fulfill their job role. There are even settings to allow users to customize their own environment Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also variables, at the discretion of the administrator. The user has soft the wbenefit of the same look and learn t o centr alizeSBC application managem ent, r educe ar e feel they have always but with added benefit of server centric application management and on thehad, desktop, andthe mor e. control. This is an example of a complex but elegant hybrid application deployment scenario.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Publishing the Desktop

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

For environments in which all or most applications will be provided to users by the SBC environment, and environments with a majority of Windows terminals, we strongly recommend publishing the full Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g desktop as opposed to just the applications. Although publishing the full desktop requires the desktop I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 discussed lockdown in the next section, the published desktop is simpler and more intuitive for end Enterpr ise users. With a published users see the full interface they are accustomed to seeing, while Chapter 2 - Window s Terdesktop, minal Serend vices from a hybrid client a user will see two Start menus (if the published desktop is set up to run as a Chapter 3 - Citr ix MetaFr am e Access Suite percent of screen size), making it more obvious whether they are using an application locally or from Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion the SBC farm. Additionally, Windows terminals based on Linux do not intuitively switch between Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 applications, published whereas if the desktop is published, the normal hotkeys and windowing I mplem ent ation controls hold true to what are accustomed Chapter 5 - Ser ver - Based users Computing Data Center to. Architect ure I ntr oduction

Chapter 6

Your Netw or k for Ser ver- Based Com put ing When using- aDesigning published desktop, the ICA client can be published to the Desktop to provide access to

Chapter 7 - The Client Envir onment other applications or servers not supported on the server in which a user is logged in (this is called the Chapter 8 - Security ICA Passthrough feature). It is important to note though that there is a significant performance penalty Chapter 9 -with Net using w or k Managemen t associated the ICA Passthrough, both for the end users and in terms of server resources. If Pa r t I I I are - I mcomplaining ple m ent ing aof n slow O n-D e m a nd Se r ve r - make Ba se d sure Com pu ti ng Envi r onm e nt users screen scroll, they are not running

the application through

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment ICA Passthrough. Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Desktop Lockdown

Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - organizations Client Configurwill ation and PCs Deploym entin full thin-client mode, or in hybrid mode, locking down Since most utilize either Chapter - Pr ofiles, Policies, and Pr ocedu res the PCs15is critical to keep them from continuing to be an ongoing help-desk call. Additionally, these Chapter same methods 16 - Securing are useful Clientfor Access locking down the published desktop environment of the MetaFrame

farm. Although we recommend for locking down PCs are quite good, and will dramatically Chapter 17 - Netthe wortools k Configur at ion reduce18 the -administration and maintenance required, desktop hardware failure will still generate a help Chapter Pr int in g desk call. Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

According to several studies, including one by the Gartner Group cited in Chapter 4, the PC operating

Ongoing Administr ation of the Ser v er - Based Com puting Chapter - source of most of the support requests from users. Even though the ICA client runs on a system21 is the Envir onment

variety of operating systems, including MacOS and Linux, this discussion will be focused on Windows client devices since they are the most common (and, therefore, most in need of being locked down).

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Registry Settings

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex The various Zero Administration Kits (ZAK) published by Microsoft for Windows 95, 98, NT List of Figur es NT 4.0 TSE, and Windows 2000 Professional, contain a wealth of information on Workstation, List of Tables beneficial changes to the system registry. The strategy is to make changes to prevent the following: List of Case Studies List of Sidebars

Installing applications Since the PC should come to users with the necessary local applications installed, along with the ICA client for running applications from the SBC, end-user application installation should be prohibited. Upgrades or requests for new applications should go through the help desk. Changing system settings Even more so than with applications, desktops should prohibit users from making changes to system settings. Setting appearance or screen savers seem innocuous at

first, but simple changes like this can generate calls to the help desk when they conflict with the use of a given application. We recommend preventing any change to the system settings. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 3 : Th e O ff icial Guid e Recognizing2 00 installed hardware If the client operating system has the ability to recognize new ISBN:0072195665 by Steve Kaplan et al. to install drivers. The drivers hardware, it can prompt the user may conflict with other drivers or McGr aw -Hill © 2003 (724 pages) system libraries and, again, generate calls to the help desk. Even if users know how to install This guide ex plains how to build a r obust, reliable, andthem from doing it. Even plughardware, the standard operating system image should prevent scalable thin- client com puting envir onment and deploy and-play devices have no place in the corporate desktop. It may seem simple to plug in a USB Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also device, for example, sincealize it will be automatically recognized, learn t o centr application managem ent, r educe but soft quite w ar e often even harmless peripherals can wreak havocand on mor a system and prompt an all-day service repair call while the on the desktop, e. technician performs investigative work to try to determine what changed and how to fix it.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaThe ble omethods f Con t enfor t s locking down Microsoft desktops have evolved over the years, although as we Citr ix MetaFr amthere e Access Suite for Window s Ser v er 2003—The Official Guide discuss next, is still ample room for third-party providers to intervene and offer good solutions. For ewor d For Windows 2000 Professional and Windows XP Professional, user and group policies are I ntr oduction powerful and easy to change through the Policy Editor. For older desktop operating reasonably Pa r t I - Ov (Windows er vi e w of Ente pr iseWindows Se r ve r - Ba se Windows d Com put in g systems NT r4.0, 98, 95,

and so on) policy tools were lacking, and thus

I ntr oducing Ser ver -Based Com puting and th e OnDem and Microsoft scripts provided in Zero Administration Kits. For example, the ZAK for NT Chapter 1 released Enterpr isecommand files to install NT in an unattended fashion (cmdlines.txt), make Workstation contains Chapter - Window s Ter minal Ser vices (appcmds.cmd), and set restricted access to the file system custom2registry changes for applications Chapter 3 - Be Citrwarned, ix MetaFrthe am settings e Accesschosen Suite tend to be very restricted and may cause problems with (acls.cmd). Pa r t I I - De ng a applications. n Ent e rpr i se SBC ion specific orsigni custom TheSolut various

client ZAKs are supplied free of charge from Microsoft's

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise web site Chapter 4 and - should be evaluated as a way to restrict user activities on the desktop. At the very least I mplem ent ation from which to build custom scripts. they can provide a platform Chapter 5

- Ser ver - Based Computing Data Center Architect ure Note should extract all of the Chapter 6 Administrators - Designing Your Netwalways or k for Ser ver- Based Comcontents put ing of a ZAK and only use those parts

look applicable instead of allowing them to auto install. The auto install components Chapter 7 that - The Client Envir onment make major modification to file system permissions and other security structures that Chapter 8 may - Security not the intentiont during the evaluation stage. Chapter 9 may - Net w orbe k Managemen

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Third-Party Software for Desktop Lockdown

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 three - Ser ver Configur ation: Windows Ter m inal Servbuilt ices tools to automate the lockdown of PCs In the last years, several software providers have Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation Seruser ver activities present a friendlier and the PC user environment. Providers of software for restricting Chapter 13 than - Application I nstallation and Configur at iontrack and roll back changes, as well as provide interface Policy editor and Regedit32 and can Chapter 14 Client Configur ation and Deploym ent myriad management and performance optimization features. We have utilized tools from four software Chapter - Pr ofiles, lockdown Policies, and ocedu resserver user environment and the desktop environment. vendors15that provide forPrboth the Although are many other vendors, the four that we have used and can recommend for desktop Chapter 16 there - Securing Client Access

lockdown RES, ThinPath Chapter 17 are - Net wor kNCD Configur at ion PC, triCerat, and AppSense. Applications from these providers make user or direct registry changes to a workstation based on either a standard image Chapter 18 -profile, Pr int in policy, g or a centralized rulesRecovery database.and The rules can be assigned user, group, application, or even time Chapter 19 - Disaster Business Continuity in the by SBC Envir onment schedule. the to result of these applications' activities are Chapter 20 Though - Migr ation Window s 2003 and Citr ix MetaFrame XP to change the registry on the client

device operating system—something done manually—these vendors do it in a way that is Ongoing Administr ation of that the can Ser v be er - Based Com puting Chapter easy to21 manage scales across a large organization. Perhaps most important, these applications Envirand onment are Pa r t Icompatible V - Appendi with x es

both distributed and centralized application hosting. They can impose the same

restrictions an netw application hosted from a MetaFrame XP server farm as they can on one running on Appendix A -on I nter or k ing Basics a local desktop. Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Profiles

I ndex

List of Figur es

Although profiles will be the main topic of Chapter 15, they are worth a quick mention in this section, as List of Tables they the overall client design. Windows Server 2000 and 2003 utilize user profiles to specify a List of impact Case Studies

variety of user environmental and applications settings. Important items like MAPI and ODBC settings are maintained in the user profile. Because of their importance to user functionality as well as their tendency to grow fast and large like pre-pubescent elephants, user profiles represent a difficult challenge in the design of the system. For instance, they can be configured as mandatory, roaming, or a hybrid of a mandatory and roaming profile. A great deal of industry work has gone into creating some best practices for hybrid user profiles, as well as development of best practices for roaming profiles. Even the lockdown applications discussed earlier address user profiles, and some of them claim to alleviate the need for roaming profiles all together.

List of Sidebars

We recommend using roaming user profiles, but have ourselves used the tips and tricks provided in Chapter 15 to keep a tight reign on the size and storage of the roaming profiles. For the purposes of design, be sure toCit follow the steps out inSu Chapter 6 in fordonetwork design to ensure that sufficient rix Me t aFra m elaid Access it e fo r W w s Ser ver network bandwidth and disk space allocated to support roaming profiles. From a purely client 2 00 3 : Th e O ff icialare Guid e device standpoint, is niceKaplan to note not affected by user profiles, although byit Steve et that al. Windows terminals areISBN:0072195665 any published applications they log into will be. On the Hybrid PC side, administrators should be McGr aw -Hill © 2003 (724 pages) careful to keep the PC profiles separated from the Terminal Services This guide ex plains how to build a r obust, reliable, and Profiles, as discussed in Chapter 15. scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Software Distribution and Server-Based Computing < ?xm l version= " 1.0" encoding= " I SO88591" ?> distribution applications like Microsoft SMS, the question Since many enterprises today utilize software Taarises ble o f about Con t en t s these will integrate and how this function will be performed in an SBC environment. how Citr ix MetaFr Access Suite for Window s Ser v er 2003—The Official Guide The answeramisethreefold: For ewor d

1. One of the clear advantages of server-based computing is that we no longer need to install, configure, and maintain applications on the desktop. Thus, unless the desktops will be used in Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g Hybrid mode, the software distribution headache and accompanying software tools will I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter disappear 1 at the desktop level. I ntr oduction

Enterpr ise

Chapter 2 -only Window s Ter minal Ser vices 2. The exception to point 1 is the ICA client, which must be distributed, configured, and Chapter maintained 3 - Citr ix MetaFr am e Access SuiteAlthough a software distribution tool can be used for this on all client desktops. Pa r t I I - purpose, De signi ngwe a nrecommend Ent e rpr i se SBC Solut ion Web using Citrix

Interface for MetaFrame to deploy the ICA client.

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter When 4 - a desktop uses a web browser to navigate to the MetaFrame Web Interface site and mplem ent ationicon, the ICA client will download and self-configure. clicks Ian application Chapter 5

- Ser ver - Based Computing Data Center Architect ure 3. Software distribution automation canverbe Based a significant Chapter 6 - Designing Your Netw or k for Ser Com puttime ing saver at the server level for large

with Envir a significant Chapter enterprises 7 - The Client onment number of servers. In an SBC environment, the applications must on all of the servers serving them, which can be a significant undertaking for Chapter be 8 installed - Security 10–1000 Chapter organizations 9 - Net w or k with Managemen t MetaFrame servers. Citrix provides a tool for this purpose, Installation Manager, in MetaFrame Pa r t I I I -MetaFrame I m ple m ent ing a n O n-D e m a nd Se rembedded ve r - Ba se d Com pu ti ng Envi rXPe, onm ethat nt

we will cover in depth in

Chapter Chapter 10 - Pr oj13. ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

The ICA Client for Hybrids

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

In Chapter we presented the connectivity options of the ICA client, including Program Neighborhood, Chapter 14 3, - Client Configur ation and Deploym ent MetaFrame Web Interface, and MetaFrame Secure Gateway. In this section, we will focus on the differences between the various hybrid clients you might consider.

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

Significant Platform Differences

Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Continuity in Windows the SBC Envir onment For purposes of this discussion, theBusiness 32-bit ICA client for will be considered the functional Chapter 20all- other Migr ation Window sAlthough 2003 andinCitr MetaFrame XP base for clienttoversions. theix past other clients typically contained fewer features or worked slightly Ongoing differently, Administr Citrixation has of dedicated the Ser v er significant - Based Com resources puting to ensure that other devices have Chapter 21 Envir onment similar feature sets and performance. Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

Macintosh The ICA client for the MacOS prior to OS X was missing many features such as support for audio, peripherals, and remapping of local ports. But with OS X, Citrix released a new, Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model full-featured client that has nearly identical features to the Windows 32-bit client. Like all nonI ndex Windows ICA clients, the Mac client provides access to Windows key sequences through local key List of Figur es combinations. Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

List of Tables List of Case Studies

The Linux/UNIX clients offer complete functionality for any non-Windows ICA client, List ofLinux/UNIX Sidebars

but not all features are supported on all flavors of UNIX. Check your platform against the feature list in Chapter 14 for specific support. The Program Neighborhood is not supported, but virtually all other functions are present. Windows key sequences are provided through local key combinations designed not to conflict with the ALT key sequences normally reserved for the X-Window System, though these can be reprogrammed if desired. Web Interface clients MetaFrame Web Interface allows administrators to configure the web site

to provide a specific ICA client or an ICA client based on client operating system, or to allow the user to choose which ICA client they want to use. The 32-bit ICA client provides the most features, but with MetaFrame XP Feature Release updated Cit rix Me t aFra m e Access Su3, it eCitrix fo r W in do w sthe SerJava ver client to provide nearly the same functionality 32-bit client. This client can be very useful when being run from 2 00 3 :as Ththe e O full ff icial Guid e kiosks or other down et environments. ISBN:0072195665 by locked Steve Kaplan al. McGr aw -Hill © 2003 (724 pages)

Local Peripherals This guide ex plains how

to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Local peripheralsWindows can be automatically from the desktop server, but not without a price. 2000/ Windowsmapped 2003 Ser v er and MetaFr amtoe.the Also o centr alize application managem ent, r educe from soft wthe ar e server farm to the client The data stream learn used tby the device must travel over the network on the excessive desktop, and mor e. utilization unless measures are taken to control it. device. This can cause bandwidth

Bandwidth management and" Icontrol methods < ?xm l version= " 1.0" encoding= SO- 88591" ?> are discussed in Chapters 6 and 17. Ta ble o f Con t en t s

Note The ICA COM and LPT port redirection provides support for a variety of local peripherals to be used, but many peripheral configurations require tuning and tweaking in a SBC For ewor d environment because the ports do not work exactly as they would if they were local ports. I ntr oduction For example, we have found that excessive latency over a WAN connection can cause Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g redirected devices to behave erratically, and, in fact, the devices can exasperate the I ntr oducing Ser verand -Based Comother puting and th eservices On- Demto and problem cause network fail. Additionally, COM port and LPT Chapter 1 bandwidth Enterpr ise port redirection aren't supported through ICA Passthrough connections. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra(Thin m e Access Su it e fo r W in do w s Ser ver Windows Terminals Client Only) 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by are Steve Kaplan et al. a variety of manufacturers, Windows terminals available from with many variations on the same McGr aw -Hill © 2003 (724 no pages) theme. Most Windows terminals have moving parts, except perhaps for a fan, and all the operating system and clientThis software in hardware. typically Windows CE, Linux, or Embedded guide is ex stored plains how to build a They r obust, reliable,run and scalable thin- client comand puting envir onment and deploysoftware, such as the network Windows XP as the operating system, implementations of other Windows 2000/toWindows 2003 Serand v er and MetaFr amthey e. Also protocol stack, are proprietary the device. This the fact that have different CPUs and learn t o centr alize application managem ent, r educe soft w ar e graphics capabilities contribute to the performance differences between the devices. In no particular on the desktop, and mor e. order, some of the devices we've tested and used in production are the Wyse Winterm, Maxspeed < ?xm l version= " 1.0" encoding= " I SO8859?> NetStation. We've tested other brands from HP, IBM, and Maxterm, Neoware Capio and Eon, and1"IBM Taother ble o fcompanies, Con t en t s but most are simply OEM versions of one of these other terminals. All of the Citr ix MetaFrterminals am e Access Suite for Window s Serfactor, v er 2003—The Official Guide Windows have a very small form and some are built into a CRT or flat screen For ewor d Additionally, all of the devices are low-power consumption devices, a feature that can add to monitor. I ntr theoduction savings versus PCs for large enterprises with thousands of devices. Here is what a basic Windows Pa r t I - Ov setup er vi e wlooks of Ente r pr ise Se r ve r - Ba se d Com put in g terminal like:

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 -toApplication ion In addition offering theI nstallation necessaryand ICAConfigur or RDPatsoftware to connect to the SBC server farm, most Chapter 14 Client Configur ation and Deploym ent thin-client models offer emulation and connectivity software such as legacy terminal emulation clients Chapter 15 -and Pr ofiles, Policies, and Pr ocedu res (IBM 3270 Telnet, for example). Local browsing is also available with either proprietary browsers or OEM16versions of Netscape Navigator or Microsoft Internet Explorer. There can be a significant Chapter - Securing Client Access

advantage cost and ease ofatuse Chapter 17 -inNet wor k Configur ion in having multiple connectivity software in the device when integrating terminal into an environment where legacy functions as well as the new features of the Chapter 18 -the Pr int in g SBC must supported. This isand a key differentiator among Chapter 19 be - Disaster Recovery Business Continuity in theproducts. SBC EnvirFigure onment7-1 shows how a Windows terminal different of local embedded software might Chapter 20with - Migr ation types to Window s 2003 and Citr ix MetaFrame XPconnect to a variety of server resources. Ongoing Administr ation of the Ser v er - Based Com puting

Chapter 21 -

Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 5 - 7-1: Ser ver - Based Computing Data various Center Architect ure programs Figure A Windows terminal with embedded Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing Chapter 7

- The Client Envir onment

- Security Windows Terminal Management

Chapter 8 Chapter 9

- Net w or k Managemen t

Pa Another r t I I I - Ikey m ple differentiator m ent ing a n O that n-Dis e mnot a ndalways Se r ve rclear - Ba sewhen d Comevaluating pu ti ng Envidifferent r onm e nt Windows

terminals is how

they are manufacturers have purchased their own proprietary Chapter 10managed. - Pr oj ect Most Managing and Deploying andeveloped Enter pr ise or SBC Envir onment management software that can monitor theTer terminals and report errors as well as provide software Chapter 11 - Ser ver Configur ation: Windows m inal Serv ices updates12via- automatic download boot. Additionally, some manufacturers provide hooks to integrate Chapter Ser ver Configur ation:on Citr ix MetaFr am e Presentation Ser ver the terminals into a management such Chapter 13 - Application I nstallationframework, and Configur at ionas HP OpenView. Manufacturer-supplied software

can work it is sufficiently Chapter 14 as - long Clientas Configur ation andscalable Deploym to enthandle the network infrastructure in your company. If it

can't, consider a solution that integrates into a management framework. At the very least, the terminal should send SNMP messages and supply a MIB for your management software (please see Chapter 9 Chapter 16 - Securing Client Access for more detail on SNMP management). Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 17 - Net wor k Configur at ion

Chapter 18 the - Pr int in g Although key point of a Windows terminal is to keep the desktop simple and reduce desktop Chapter 19 Disaster Recovery and is Business Continuity the SBC Enviroverhead onment associated with a administration costs to zero, there still an amount of inadministration Chapter 20 Terminal - Migr ation to Window 2003 and every Citr ix MetaFrame Windows (updating thesICA client six months,XP for example), and thus a Windows terminal with good management software can further administration costs. Wyse, Maxspeed, Ongoing Administr ation of the Ser v er - Basedreduce Com puting Chapter 21 onment remote management software that monitor the terminals, integrate with and NeowareEnvir all include Pa r t I V - management Appendi x es SNMP

software, and remotely update the terminals with software updates.

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Functional Differences

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex The ICA client for Windows CE and Embedded Windows XP supports all of the functions of the List of Figur32-bit es standard ICA client for Windows, as does the client for Linux on Windows terminals. The List of Tables between running the client on a PC versus a Windows terminal are differences List of Case Studies List of Sidebars

Client software updates Although most terminals now provide management software that will automate upgrades to the embedded software, these upgrades remain challenging given the newness of firmware management software applications. Upgrades are typically done via an automatic or scheduled download. Some terminals support the MetaFrame Auto Update feature, which can be a big time saver when a new version of the ICA client needs to be deployed. At the very least, look for a terminal with management software that supports a centralized method for downloading software (either operating system images or applications) and rebooting the terminal

without user intervention. Cit rixEmbedded Me t aFra mbrowsers e Access are Su itlimited e fo r W in do w s Ser Local browsing with regard tover storing local data and using plug2 00 3 : Th e O ff icial Guid e ins. They offer a limited bookmark list and, of course, do not allow plug-ins or other downloads. by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

Java Stand-alone Javaex applications (those do not requireand a browser to run) require a Java This guide plains how to build that a r obust, reliable, Virtual Machine (JVM) to be installed on the Windows firmware. The JVM must be the scalable thinclient com puting envir onment terminal and deploy Windows 2000/ Windows 2003must Ser v er andbeMetaFr aminto e. Also correct version, and the Java application also loaded firmware in order to execute. learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Autologin Similar to the Task Station function in the ZAK for Windows 95 and 98, Autologin can

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> be used when you want to present a limited number of choices to the user when logging in. When Ta ble o f Con t en t s

Autologin is enabled, the user is limited to one terminal session, either a desktop or a specific, published application. If you want the user to have access to multiple published applications at For ewor d login, Autologin should be disabled. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Connection security terminals support ICA encryption as well as the SSL/TLS I ntr oducing SerMost ver -Based Com now puting and th 128-bit e On- Dem and security required Enterpr iseto connect to a MetaFrame Secure Gateway.

Chapter 1 Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite Configuration security lockout Whatever configuration settings the terminal offers, it is important they also prevent users from changing them once established. If the configuration cannot be Pr epar Or ganization for an On- Dem and Enterpr ise driving up the TCO. protected, you ing runYour the risk of configuration-related support calls Chapter 4 Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

I mplem ent ation

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rixfor Me t aFra m e Access Su it e fo r W in do w s Ser ver Web Interface MetaFrame 2 00 3 : Th e O ff icial Guid e

Steve Kaplan et al. called NFuse Classic)ISBN:0072195665 Web Interface forbyMetaFrame (formerly evolved from the Citrix ALE technology McGr aw -Hillto © web 2003 (724 pages) clients. Web Interface combines the web-publishing used to deploy applications browser features of the ALE manyhow of the management of Program Neighborhood, including Thisclient guidewith ex plains to build a r obust, features reliable, and scalable publish thin- client com puting envir onment and deploy the ability to dynamically a new application to a logged-on user. Users just click the Refresh Windows 2000/ 2003 Sericon v er appears and MetaFr e. desktop Also button on their browser, and theWindows new application onam the within the browser. Web learn t o centr alize application managem ent, r educe soft w ar e Interface comes standard with a default web page setup that provides an administrator with a very on the desktop, and mor e. simple and quick setup of the Web Interface. The web page can be customized with any standard < ?xm l version= " 1.0" encoding= I SO- 88591" ?> HTML tool. An example of a "default Web Interface session is shown next: Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Web Interface is a three-tier solution that includes a MetaFrame server component, a web server - The Client Envir onment component, and an ICA client component with the web browser. Web Interface doesn't replace the Chapter 8 - Security ICA client; rather, it interoperates with it to provide the capabilities native to the operating system Chapter 9 - Net w or k Managemen t platform. Web Interface extends the publishing capabilities of the ALE client by providing a means to Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt integrate applications from other sources, such as MetaFrame for UNIX, and by allowing applications Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment and access to be customized by users. Figure 7-2 shows the Web Interface application publishing Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices architecture. Chapter 7

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex Figure 7-2: The Web Interface application publishing architecture List of Figur es List of Tables Web Interface supports the features of Program Neighborhood within the context of the browser. List of Case Instead of Studies pushing an application icon to a PC's desktop using the Seamless Windows feature, the List of will Sidebars icon appear on the desktop within the browser.

A subtle but important advance offered by Web Interface is that the web components can be configured to resolve application names to IP addresses, eliminating the need for the ICA client to use the UDP-based ICA browser. UDP access can then be eliminated from the firewall, thus enhancing overall security. Further, by utilizing MetaFrame Secure Gateway Server with Web Interface (discussed inChapters 2,8, and 16), no outside firewall ports have to be open at all, and the MetaFrame servers can be placed securely inside the firewall.

Finally, Web Interface offers both client and server scripting capabilities to run external programs, customize the user session, or integrate with other web technologies such as COM, Java Server Pages, or Active Server Pages. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Three components required a MetaFrame server running the ISBN:0072195665 by are Steve Kaplan to et run al. Web Interface for MetaFrame: Web Interface Service, a supported web server (Microsoft IIS or Apache), and an ICA client with a McGr aw -Hill © 2003 (724 pages) supported web browser. This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy

Web Interface forWindows MetaFrame, with2003 its bigSer brother Access Manager, which 2000/along Windows v er andMetaFrame MetaFr am e.Secure Also further automateslearn the creation andapplication integrationmanagem of a full-blown access t o centr alize ent, r educe softcenter, w ar e will be covered in depth in on the desktop, and mor e. Chapter 16. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

CitDevices rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Other Client 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 Steve Kaplan al. Windows terminals as the Thus far, we havebydiscussed PCsetand most common devices used to McGr awserver -Hill © 2003 pages) access the MetaFrame farm.(724 Since the ICA protocol has been ported to Windows CE, Linux, and even some cell server cana be accessed from Thisphones, guide exthe plains how farm to build r obust, reliable, anda variety of client devices, as scalable client com puting envir deploy We thinare seeing integration withonment devicesand from tablet PCs in the medical field to shown in Figure 7-3. Windows Windows 2003 for Sertransportation v er and MetaFrcompanies. am e. Also Though it is clearly not proprietary devices running2000/ global positioning learn t o centr alize application managem ent, r educe soft w ar e practical to run a on Windows desktop the the desktop, andon mor e. tiny 320×260 screens of some of these devices, it can be very useful to run a small, published application. Imagine a warehouse in which each stockperson had < ?xm l version= 1.0"wireless encoding= " I SO- 88591" ?> an HP iPAQ "with networking and a physical inventory application that fed directly into the Tacorporate ble o f Coninventory t en t s database. Perhaps your company has a large number of hourly employees who Citr ix MetaFr e Access terminal Suite for touch Window s Ser vto er punch 2003—The Official could use aam Windows screen in and out ofGuide a virtual time-clock application. For eworan d example of sales force automation, perhaps a field sales-person could use his handheld Using I ntr oductionto wirelessly connect to the home office and check stock before filling an order, or check computer Pa r t I approve - Ov er vi especial w of Ente r pr pricing ise Se r ve Ba se d Com putcustomer. in g and bulk forr - an important

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Figure A wireless accessing a Citrix MetaFrame Chapter 12 - 7-3: Ser ver Configurtablet ation: device Citr ix MetaFr am e Presentation Ser ver server farm Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies

Once an organization has committed to deploying server-based computing, there are innumerable List of Sidebars

ways to extend the information infrastructure to remote employees, customers, and even the public.

Me t aFra m e Access Su it e fo r W in do w s Ser ver Chapter Cit 8:rixSecurity 2 00 3 : Th e O ff icial Guid e

Overview

ISBN:0072195665

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

This guide ex plains how to build a r obust, reliable, and

The meaning of "security" scalable thinas itclient relates comto puting information envir onment systems andisdeploy often diluted to include only security 2000/ Windows v erbe and MetaFr amin e. corporate Also related to clients Windows and servers. This narrow2003 viewSer can a fatal flaw information security. learn t o centr alize application managem ent, r educe soft w ar e One of the early definitions of security for computer networks came from the IBM Dictionary of on the desktop, and mor e. Computing published in 1994 by McGraw-Hill, Inc.: < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Information Security: techniques, technical measures, and administrative Citr ix MetaFr am e Access Suitethe for concepts, Window s Ser v er 2003—The Official Guide

used to protect information assets from deliberate or inadvertent unauthorized For ewormeasures d acquisition, damage, disclosure, manipulation, modification, loss, or use.

I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and This chapter Chapter 1 - deals primarily with security concepts, components, and design elements. In that light, Enterpr ise

many of the concepts and discussions are beyond the scope of what a server-based computing (SBC)

Chapter 2 administrator - Window s Ter Ser control; vices systems willminal directly however, that System Administrator must be able to Chapter 3 -represent Citr ix MetaFr am e requirements Access Suite to other staff members who are responsible for design and accurately security Pa r t I I - De signi ngToday's a n Ent e rpr i se SBC Solut ion implementation. enterprises require

that all staff are cognizant and vigilant with security, and

Pr epar Your Or ganization an On- Dem and Enterpr the on-demand anding in-control enterprisefor requirements dictate thatise security be a forethought and not Chapter 4 I mplem ent ation

an afterthought to any IT solution. Detailed implementation of security in an enterprise infrastructure is

Chapter 5 -inSer ver - Based addressed Chapter 17. Computing Data Center Architect ure Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Me t aFra m e Access Su it e fo r W in do w s Ser ver The NatureCit ofrixSecurity 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 Steve Kaplan et al. computer system is only As in a chain, theby security of the whole as strong as the weakest link. A global McGr aw -Hill to © 2003 (724 pages) or systemic model is critical the formulation of an effective approach to security in the enterprise. It is not uncommon for large companies to decide, arbitrarily, This guide ex plains how to buildalmost a r obust, reliable, that and a particular area of their network thinclient com puting envir onment deploy is open to attack scalable and invest tens of thousands of dollars to and "patch the fence" without realizing that Windows Windows 2003 SerIn v erone andcase MetaFr e. Alsowith, a company invested someone could walk right 2000/ through the front gate. weam worked learn t o centr alize application managem ent, r educe soft w ar e $50,000 in an Internet without setting up a system to enforce strong passwords. With the on thefirewall desktop, and mor e. firewall in place, no one could enter the system from the Internet—that is, unless the intruder could < ?xm l version= " 1.0" encoding= " I SO- 88591" ?> guess that the system administrator's password was his daughter's first name and birthday.

Ta ble o f Con t en t s Citr ix MetaFr am e Access for Window Ser v er 2003—The Official Guide Taking a global view ofSuite security for the senterprise can be intimidating, which may account for the

woefully For ewor d inadequate attention paid to the subject by many companies. It is important to realize however, I ntr oductionthat the effects of securing your infrastructure are cumulative. Even a few simple changes to secure certain to rthe canput make Pa r t I - Ov er vi e waccess of Entepoints r pr ise Se ve r network - Ba se d Com in g

a huge difference. For example, installing an effective Internet firewall Ser canver be-Based a strong toth the casual Before deciding to install such I ntr oducing Comdeterrent puting and e OnDem hacker. and Chapter 1 a system, however, you need to assess the overall security posture of the infrastructure. Without such Enterpr ise an assessment, you scould be securing Chapter 2 - Window Ter minal Ser vices part of your network while leaving another part open to attack. When getting started, it is useful to ask yourself: what are you trying to protect? Chapter 3 - Citr ix MetaFr am e Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Trying Your Or ganization for an On- Dem and Enterpr ise What Are You to Protect? I mplem ent ation

Chapter 4

Chapter 5 - answer, Ser ver - Based Center Architect ure Corporate data must be protected from The generic moreComputing often thanData not, is "corporate data." Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing

Data Access must be limited only to appropriate users without impacting authorized Chapter 7 access - The Client Envir onment access data or application performance when manipulating data. Figure 8-1 shows the Chapter 8 - to Security

correlation the levelt of security and its impact on a user's ability to work. The three Chapter 9 - Netbetween w or k Managemen

security paradigms, Open, Restricted, and Closed, are discussed later in this chapter. The common criteria linked to data access are Authentication, Authorization, and Accounting (AAA), Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment and are described as follows: Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 12 Authentication - Ser ver Configur MetaFr am e Presentation Ser ver user, often via two or more Theation: abilityCitr to ixpositively identify the authorized Chapter 13 factors - Application I nstallation and Configur at ion (username and password, plus biometric, one-time security code tokens). Chapter 14 - Client Configur ation and Deploym ent

The determination of which resources an authenticated user may access, and Chapter 15 Authorization - Pr ofiles, Policies, and Pr ocedu res rights or permissions Chapter 16 what - Securing Client Access they have for each resource. This can be very broad as in file and or very granular as in record-level access controls within a structured Chapter 17 directory - Net worpermissions, k Configur at ion database.

Chapter 18 - Pr int in g Chapter 19 Accounting - Disaster Recovery Business Continuity in or theattempted SBC Envir onment The abilityand to track what a user did to do. This is particularly critical Chapter 20 with - Migr ation to Window s 2003 and Citr ix MetaFrame regard to audit trails required in most regulatedXP industries. Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Figure 8-1: Security model vs. user impact Data integrity Data must not be modified or altered except by authorized individuals or processes. AAA rules determine which individuals have the right to perform these operations on the data, and can record what modifications were actually made. Data integrity during transport becomes a serious problem when classic client-server applications are deployed over non-secure

(unencrypted) media. A "man-in-the-middle" attack may compromise data integrity yet remain undetected. In an SBC environment, transaction information remains within the local network, and screen updates andMe data input and keystrokes) Cit rix t aFra m e (mouse Access clicks Su it e fo r W in do w s Serare vercontained within the RDP or ICA data stream.2The an ICA session makes "man-in-the-middle" or session hijacking 00 3 nature : Th e Oof ff icial Guid e attacks extremely difficult to complete since attackers cannot easily synchronize with the video ISBN:0072195665 by Steve Kaplan et al. stream. McGr aw -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and

Network resources Both processing capability and network capacity must be protected to ensure scalable thin- client com puting envir onment and deploy business continuity. or 2003 unauthorized useMetaFr of processing WindowsInappropriate 2000/ Windows Ser v er and am e. Alsopower may deny service to legitimate applications or alize processes. Improper control data soft storage learn t o centr application managem ent, of r educe w ar e may allow unauthorized on the desktop, and morNetwork e. data to consume storage capacity. bandwidth and access must be protected from intentional andencoding= inadvertent disruption. Denial of service (DoS) events may be intentional (directed < ?xm l version= " 1.0" " I SO8859- 1" ?> at corporate servers, firewalls, and so on), or unintentional (a side effect of unauthorized use of Ta ble o f Con t en t s resources). As an example, a customer Citrix to deploy Information Systems Citr ix MetaFr am e Access Suite for Window s Ser vuses er 2003—The Official Geographic Guide (GIS) data to a large remote customer. Overall performance of Internet access and Citrix access For ewor d slowed to a crawl. The cause was isolated to saturation of the customer's Internet T1 by FTP I ntr oduction downloads from an internal web server. The server had been hacked, hidden directories created Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g for bootleg copies of a non-English version of Windows 2000, and the download instructions I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 circulated through Enterpr ise a European chat room. A single incident deprived the company of processing power (the hacked server), application services (Citrix access was unstable), storage capacity Chapter 2 - Window s Ter minal Ser vices (drive space), and network access bandwidth. Further, it created a potential for liability as their Chapter 3 - Citr ix MetaFr am e Access Suite FTP site hosted bootleg software. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Liability, Chapter 4 - reputation, business continuity These categories are included because companies I mplem ent ation

may actually have to close their doors if certain data becomes public. Engineering designs, - Ser ver - Based Computing Data Center Architect ure business merger and acquisition plans, or other data that constitutes a competitive advantage, if Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing exposed, could have a crippling effect on operations. If it can be proven that a company's officers Chapter 7 about - The the Client Envir onment and were negligent in correcting it, they could be liable for knew lack of security Chapter 8 - Security damages to the stockholders. A company that allowed its security weaknesses to be used to Chapter 9 -another Net w or kcompany Managemen t exploit or network could be liable for damages. Corporate image and reputation Pa r t I are I I - Iextremely m ple m entsensitive ing a n O n-D m a nd businesses. Se r ve r - Ba se dFor Com pu ti ng Envi e nt keep their money in a bank for esome instance, whor onm would Chapter 10 Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment with a history of security problems? Worse yet, what if security weaknesses allowed a business's Chapter 11site - Ser ver Configur ation: Windows m business's inal Serv ices web to host child pornography, andTer the servers and data were seized as part of a criminal Chapter 12 - investigation? Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 5

Chapter 13 - Application I nstallation and Configur at ion

The key to securing the corporate infrastructure is a comprehensive security policy. Although addressing all aspects of information security is well beyond the scope of this book, a basic Chapter 15 - Pr ofiles, Policies, and Pr ocedu res understanding of the breadth of security issues and the security measures necessary in a corporate Chapter 16 - Securing Client Access SBC environment is essential knowledge. Most governmental entities, "regulated" industries (banking, Chapter 17 - Net wor k Configur at ion stock trading, healthcare services), and many large businesses mandate certification and accreditation Chapter 18 - Pr int in g processes, with a concise written security policy as a prerequisite for certification or accreditation. Chapter 19 of - Disaster Recovery include and Business Continuity in the SBC Envir onment Examples these mandates Chapter 14 - Client Configur ation and Deploym ent

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Department of Defense Information Security Certification and Accreditation Process Ongoing Administr ation of theTechnology Ser v er - Based Com puting Envir onment (DITSCAP)

Chapter 21 -

Pa r t I V - Appendi x es

Health and Accountability Act (HIPAA) Appendix A -Insurance I nter netw Portability or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Gramm-Leach-Bliley (GLB) Act of 1999 (Financial Services Modernization Bill)

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

I ndex Toward that end, a number of leading vendors and industry groups have produced methodologies and List of Figurfor es developing and implementing a corporate security policy. Among the leaders are guidance List of Tables

7799-1/ISO-I7799 Standard for Information Security Management Systems (ISMS) (complex List ofBS Case Studies and detailed, analogous to ISO 9000 for security)

List of Sidebars

Internet Security Systems' ADDME (Assess, Design, Deploy, Manage, Educate) Security Lifecycle Methodology (based on ISO 17799) (www.iss.net) Cisco System's SAFE: A Security Blueprint for Enterprise Networks (www.cisco.com/safe) The SANS Institute (www.sans.org)

All of these methodologies vary in complexity and depth, but maintain the same two-part theme: policy and process. The policy component must provide a comprehensive security policy that includes a combination of physical security measures, Cit rix Me t aFra m e Access technical Su it e fo r security W in do wmeasures, s Ser ver and administrative security measures to protect information 2 00 the 3 : Th e O ff icial system. Guid e The process component must provide an iterative process to monitor maintain Cisco Systems' Security Wheel ISBN:0072195665 by and Steve Kaplan the et al.policy and associated measures. (Figure 8-2) provides a superb illustration of the iterative security management process. McGr aw -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Figure 8-2: Cisco Systems' Securityfor Wheel Pr epar ing Your Or ganization an On- Dem and Enterpr ise -

Chapter 4

I mplem ent ation

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Me t aFra m ePolicy Access Su it e fo r W in do w s Ser ver DevelopingCitarixSecurity 2 00 3 : Th e O ff icial Guid e

by Steve Kaplan et security al. For a business with no pre-existing policy, establishingISBN:0072195665 and implementing a viable security McGr aw -Hill © 2003 (724 pages) computing is a key part of the business model, some policy is a daunting task. When server-based aspects of overallThis security greatly simplified individual guideare ex plains how to build (security a r obust, of reliable, and desktop PCs), while others thin- clienttocom puting envir onment Further, and deploy become far morescalable critical (access applications servers). the manner in which server-based Windows 2000/ Windows 2003 SerVPN, v er and MetaFr am Secure e. Also Gateway, and Wireless services are delivered to remote users (Internet, MetaFrame learn t o centr alize application managem ent, r educe soft w ar e LAN/WAN) becomes a significant factor in selecting which measures are used to enforce the security on the desktop, and mor e. policy. In any case, the tasks required to develop a corporate security policy are similar. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en Assess thet ssecurity posture (baselining). Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Define written policy requirements and goals. For ewor d I ntr oduction

Design technical, administrative, and physical security measures.

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntrand oducing Implement test. Ser ver -Based Com puting and th e On- Dem and Chapter 1 Enterpr ise Chapter 2

- Window s Ter minal Ser vices

Security Posture Assessment - Citr ix MetaFr am e Access Suite

Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

A security posture assessment establishes the baseline for "what is." Posture assessments are

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise typically4 very Chapter - granular evaluations of all aspects of the network, and include I mplem ent ation Chapter 5 - documented Ser ver - Based policies Computing Center Architect ure Current andData procedures (administrative measures). Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing

Physical security resources Chapter 7 - The ClientofEnvir onment(servers, network hardware, tape and software libraries). Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Network access and exposure points.

Pa r t I Mapping I I - I m pleof m ent ing (devices), a n O n-D e moperating a nd Se r vesystems r - Ba se d Com ti ng Envi r onm nt Hosts andpu versioning, and eservices

(HTTP, ICA, and so

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment on). Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Definition ofver protection For example: Is data on Chapter 12 - Ser Configurrequirements. ation: Citr ix MetaFr am e Presentation Serdisk ver to be stored clear-text or encrypted? Will Terminal Services applications Chapter 13 - Application I nstallation and Configur at ion allow anonymous access? Chapter 14 - Client Configur ation and Deploym ent

Efficacy of antivirus software.

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter A multiperspective 16 - Securing Client simulated Accessattack on network resources. This typically includes internal and

external penetration and exploit Chapter 17 - Net wor k Configur at ion attempts as well as denial of service attacks on ingress points. Chapter 18 - Pr int in g

Risk assessment.

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Risk Assessment

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir onment Risk assessment is the process of evaluating each security weakness or threat and determining both Pa r t I V - Appendi x es the potential impact and the probability or likelihood that the weakness can be exploited. Clearly Appendix A risks - I nter netw or k ing Basicsbusiness impact helps determine whether a specific security identifying and their potential Appendix B Creating an OnDem and Figure Enterpr8-3 ise Financial Analysis Modelbetween security risk or exposure measure is ultimately cost effective. shows the correlation Appendix C Creating an OnDem and Enterpr ise Subscr iption Billing Model and the cost to mitigate the risk. I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Figure 8-3: Implementation cost vs. risk

Weaknesses stem from one of three common sources: Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

Technology2weaknesses Inherent in network and computing technology; for example, 00 3 : Th e O ff icial Guidlimitations e the predictable numbers generated by theISBN:0072195665 Microsoft IP protocol stack. Technology by TCP Stevesequence Kaplan et al. weaknesses McGr are usually by a technical security measure. aw -Hill ©mitigated 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy

Configuration weaknesses Improper configuration of any network service can create an easy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also avenue of attack. weaknesses are usually mitigated learn Configuration t o centr alize application managem ent, r educe soft wby ar ea combination of administrative measures, including configuration control and configuration audits. onsecurity the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con tweaknesses en t s Policy Inappropriate, poorly defined, or improperly implemented and managed Citr ix policies. MetaFr amFor e Access Suiteafor Window Ser v erweak 2003—The OfficialPolicy Guide weaknesses also include example, policy thatsallows passwords. For ewor internal d politics that circumvent or subvert necessary security measures. I ntr oduction

Threats categorized byr -source: internal Pa r t I - Ovare er vibroadly e w of Ente r pr ise Se r ve Ba se d Com put in(from g

within the organization) or external (from outside the organization); and by type: reconnaissance, unauthorized access or use, denial of service, I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter or data1manipulation. Enterpr ise Chapter 2

- Window s Ter minal Ser vices

- Citr ix MetaFr am e Access Suite Policy Definition

Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

There are three broad concepts for security paradigms: Pr epar ing Your Or ganization for an On- Dem and Enterpr ise -

Chapter 4

I mplem ent ation

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Open Common in academia and other bastions of anarchy

Chapter 7

- The Client Envir onment Restricted The most common balance of security needs versus business requirements and cost Chapter 8 - Security Chapter 9

- Net w or k Managemen t

Pa r t I Closed I I - I m ple m entseen ing a ninODoD n-D e m a ndsome Se r vefinancial r - Ba se d Com pu ti ng Envi r onm e nt Often and environments

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

In most11 corporate networks, the Restricted paradigm is preferred. Chapter - Ser verenterprise Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

At the top level, the Security Policy should address the security needs and manner by which security is managed and controlled. Specific security measures (physical, administrative, and technical) should Chapter 14 - Client Configur ation and Deploym ent be identified in the overall security policy. Chapter 13 - Application I nstallation and Configur at ion Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Security Securing Client Access Physical Measures Chapter 17 - Net wor k Configur at ion

Physical may Chapter 18security - Pr int in g not seem complex, but critical resources (server rooms, network equipment closets,19and andRecovery softwareand storage) are Continuity often left open unrestricted access. Security consultants Chapter - data Disaster Business in theto SBC Envir onment and auditors are often able to walk directly server rooms,XP and even remove equipment without Chapter 20 - Migr ation to Window s 2003 and into Citr ix MetaFrame being challenged. AnyAdministr resource thatofcan Ongoing ation thebe Serphysically v er - Basedaccessed Com puting(server, firewall, router, and so forth) can be compromised. Depending on the sensitivity of the data, measures may range from simple lockEnvir onment and-key securityx es measures to electronically monitored and controlled access (badges, retina Pa r t I V - Appendi scanners, other devices). Appendix A and - I nter netw or k ing Basics Chapter 21 -

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Administrative Appendix C - CreatingSecurity an On- DemMeasures and Enterpr ise Subscr iption Billing Model I ndex

Written, enforceable administrative policies and practices are essential elements of the overall security policy. Administrative security measures can become an end unto themselves if not approached with List of Tables common sense. Businesses often focus too much on documenting and delineating every aspect of List of Case Studies security and end up with a one-time written policy that is both unenforceable and not enforced. To be List of Sidebars viable, security policy documents must be clear, concise, and specific in scope, applicability, and responsibility. Standards and procedures must be supported and enforced from the top down. If violating a security policy has no consequences, the policy itself is inconsequential. Common policy requirements include List of Figur es

Acceptable encryption Acceptable use of information systems

Modem connections Antivirus

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Security audits

by Steve Kaplan et al.

ISBN:0072195665

McGr aw -Hill © 2003 (724 pages) Database credentials This guide ex plains how to build a r obust, reliable, and

Firewall configuration control scalable thinclientand commanagement puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also t o centr alize application managem ent, r educe soft w ar e DMZ system learn security on the desktop, and mor e.

Password management and control

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Remote access

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor Risk d assessment I ntr oduction

Pa r t I Router - Ov er visecurity e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter Server 1 -security Enterpr ise Chapter 2 - Window s Terconnections minal Ser vices Third-party network Chapter 3

- Citr ix MetaFr am e Access Suite

private Pa r t I Virtual I - De signi ng a network n Ent e rpr i se SBC Solut ion Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 - network connectivity Wireless I mplem ent ation Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Facility access controls

Chapter 7 - The Client Envir onment Technical Security Measures Chapter 8

- Security

Chapter Technical 9 security - Net w ormeasures k Managemen constitute t the most significant and costly portion of the overall security Pa r t I I ITechnical - I m ple m ent ing a n Oare n-D implemented e m a nd Se r ve r -end-to-end Ba se d Com pu ng Envi rsecurity onm e nt without plan. measures to tienforce

relying on human

intervention. These include capabilities such asSBC firewalls, proxies, encryption, multifactor Chapter 10 - Pr oj ect measures Managing and Deploying an Enter pr ise Envir onment authentication, system and user environment control. Chapter 11 - Seroperating ver Configur ation:hardening, Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Security Design Technical Considerations

Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

In a typical network, computing resources are dispersed throughout the enterprise, as Chapter 15 -distributed Pr ofiles, Policies, and Pr ocedu res shown 16 in Figure 8-4. This means Chapter - Securing Client Accessthat sensitive information resides on the hard drives of employees' personal on work Chapter 17 computers - Net wor k and Configur at iongroup servers at several locations. If physical access to data is one

area of18 concern Chapter - Pr intfor in gsecuring that data, it can be said that such a distributed model is less secure than a centralized model.

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - 8-4: Pr oj A ectdistributed Managing network and Deploying an each Enter pr ise SBCwork Envirsite onment Figure in which regional has its own resident file server Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

In the centralized model, shown Figure 8-5, am thee bulk of computing Chapter 12 - Ser ver Configur ation:inCitr ix MetaFr Presentation Ser verresources are concentrated in one or 13 just -a Application few data centers. As aand result, physical Chapter I nstallation Configur at ionaccess to that data is much more restricted. Does this mean server-based computing is inherently more secure than distributed computing? It may Chapter 14 that - Client Configur ation and Deploym ent seem so, there numerous areas concern in server-based computing that make such a Chapter 15 but - Pr ofiles,are Policies, and Pr oceduof res blanket assertion shortsighted.

Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7 - 8-5: The A Client Envir onment Figure centralized network in which the load-balanced file servers reside all in one place Chapter 8 - Security Chapter 9

- Net w or k Managemen t

Areas of Exposure

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter - Ser ver Configur ation: Windows Ter m inal ices 6, security in an SBC network shares Like the11network design considerations discussed in Serv Chapter many commonalities with a ation: traditional ase well as a number of unique exposures. The Chapter 12 - Ser ver Configur Citr ixnetwork, MetaFr am Presentation Ser ver

common areas parallel the design modules (building blocks) from Chapter 6. Chapter 13 exposure - Application I nstallation andhierarchical Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Access Exposures Chapter 15 Layer - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access

The point where clients first access the SBC infrastructure is the most critical line of defense. Proper security enforcement at the edge reduces the complexity of security measures that must be Chapter 18 - Pr int in g implemented in the core on the servers. Chapter 17 - Net wor k Configur at ion

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

LAN Internal LAN users areand generally the most trusted group of users because their Chapter 20 access - Migr ation to Window s 2003 Citr ix MetaFrame XP environment and Administr behavioration can be seen Ongoing of the Serand v er -easily Based monitored. Com puting Minimal security measures must still Envir be in place toonment protect the network hardware, network bandwidth, and other LAN access segments. Pa r t I Port-based V - Appendi xsecurity es on Layer 2 switches can effectively lock out unauthorized client devices and Appendix A an - Iadministrator nter netw or k ingofBasics notify any unauthorized event. Access lists at Layer 2-to-Layer 3 boundaries Appendix can Benforce - Creating and restrict an On- Dem traffic andflows Enterpr to only ise Financial authorized Analysis address Model ranges. Virus protection and control, often when the critical Appendix C - although Creating an On-overlooked Dem and Enterpr iseallSubscr iption applications Billing Model and data are server-based, is I ndex an absolute must. Even if client devices cannot propagate malicious logic to the applications List ofservers Figur es or network data stores, client-to-client propagation of the infection (Code Red, Nimda, and on) can saturate network bandwidth or server resources and result in denial of service. List ofso Tables Chapter 21 -

List of Case Studies

wLAN access Wireless LAN segments (not to be confused with wireless access via public networks) present additional risks to any network. Above and beyond the security exposure of wired LAN segments, wLANs can allow surreptitious connection without need of physical access to the network. wLAN identification features such as the Service Set Identifier (SSID) are often misconstrued as security features. The SSID is simply a network name and allows visibility of the network much the same as a browse list in Windows networking. The SSID is clear-text and can be sniffed by any client. Effective wLAN security in a corporate environment requires three components. First, extensible authentication methods (EAP) should be used so that users must authenticate before being granted any access to the network. Second, the wireless LAN segment

List of Sidebars

should be isolated from the rest of the enterprise by strict firewall rules. In a traditional distributed computing network, this is extremely complex and often ends with rules that allow any wireless source to pass the firewall. In aSu server-based computing network, security is far Cit through rix Me t aFra m e Access it e fo r W in do w s Ser ver easier—only2the protocol must be allowed through (ICA, RDP, and SSL). Finally, 00 3client : Th etransport O ff icial Guid e the wLAN segment useeta al. combination of advanced security techniques to overcome ISBN:0072195665 by Stevemust Kaplan weaknesses McGr in Wireless Equivalency Privacy (WEP). Cisco Systems' wireless technology supports aw -Hill © 2003 (724 pages) a long list of This security enhancements that all wLAN segments should use: guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy

128-bit Windows WEP 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

Extensible authentication RADIUS or other means on the desktop, andvia mor e.

< ?xm l version= " 1.0" encoding= SO- 8859?> is valid only for authentication, then dynamic per-session Dynamic WEP keys" I (the initial1" key Ta ble o f Con t en tare s generated) keys Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d Key hashing and key aging (time-based or traffic-based) with automatic rekeying. If the I ntr oductionencryption key changes often enough, eavesdropping attacks cannot compile enough raw

data ther same key to put allow Pa r t I - Ov er vi e wfrom of Ente pr ise Se r vesequence r - Ba se d Com in ga key-cracking

program to decrypt the data.

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 Message Check (MIC) to prevent man-in-the-middle attacks. EnterprIntegrity ise Chapter 2

- Window s Ter minal Ser vices

WAN access (private networks) Remote branch offices connected over dedicated media are - Citr ix MetaFr am e Access Suite secured much the same as local LAN access segments, but primary filtering should be done at Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion the remote site to avoid data transmission over expensive WAN links. Virus protection remains Pr epar ing Your Or ganization for an On- Dem and Enterpr ise essential Chapter 4 - at remote branches. Chapter 3

I mplem ent ation

Chapter 5 access - Ser ver(virtual - Based Computing Data Center Architect ure remote branch offices are like WAN private networks) VPN-connected Chapter 6 - Designing Your Netw or k for Ser verBased Com put dedicated media connected offices, with the exception ofing the site-to-site transport. All data Chapter 7 - The between Client Envir transported theonment sites is by definition "trusted," but traverses the untrusted Internet and Chapter 8 be - Security must encrypted for transmission. VPN connections should always use IPSec and ESP mode. Chapter 9

- Net w or k Managemen t

Internet access/Internet remote access Internet access exposures are the most threatening and most exploited. All Internet access should be protected by a reliable firewall, monitored by Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment intrusion detection capabilities, and authenticated to positively identify inbound access requests as Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices legitimate. At minimum, the logon process should be encrypted to protect usernames and Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver passwords from compromise. Highly secure access to the server-based computing resources Chapter 13 - Application I nstallation and Configur at ion requires full encryption via IPSec VPN or SSL/TLS. If SSL/TLS is selected, connections should Chapter 14 - Client Configur ation and Deploym ent traverse an application proxy to prevent direct access to the internal servers. In terms of security Chapter 15 - Pr ofiles, Policies, and Pr ocedu res associated with wireless cellular (wWAN) access are boundaries, the emerging technologies Chapter 16 Securing Client Access really just another Internet user with limited bandwidth. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 17 - Net wor k Configur at ion

Direct-dial Security measures associated with direct dial-up access are similar to those Chapter 18 - Pr intaccess in g employed for wLAN segments. RemoteContinuity Access Service (RAS) users can be given essentially Chapter 19 - Disaster Recovery and Business in the SBC Envir onment open to thetoInternet external resources, but should be limited to RDP/ICA/SSL access. Chapter 20 access - Migr ation Windowand s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 Distribution Layer Envir onmentExposure Pa r t I V - Appendi x es

The network distribution layer is an ideal enforcement point to control data flow from segment to segment as well as to implement intrusion detection systems (IDS). Although we normally think of the Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model firewall as an Internet firewall, the DMZ portions of the firewall that support remote RAS and wLAN Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model segments are really part of the network distribution layer. For additional protection, remote WAN and I ndex Layer 3 LAN aggregation points can provide firewall functionality through router-based firewall List of Figur es features. Appendix A - I nter netw or k ing Basics

List of Tables List of Case Studies Core Layer Exposure List of Sidebars

The core layer requires special attention in the server-based computing model. The core hardware (switch) requires only the normal protection afforded network hardware, but the connected servers that provide application services (Citrix), data storage (file servers and database servers), and network services (authentication, name resolution, and so on) must be secured to a greater degree than in the traditional distributed environment. Remember, the user's applications and environment exists on the application server—the user is already inside all of the filters, firewalls, and access lists provided by the network infrastructure. Security within these core servers falls into two general categories: server

hardening—the measures taken to implement server-side security through access controls, software configuration, and policies; and user environment control—measures to contain and restrict the users to their approvedCit applications and rix Me t aFra m eaccess Accesscapabilities. Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. Technical Measures

ISBN:0072195665

McGr aw -Hill © 2003 (724 pages)

This section will provide more detailhow on suggested measures This guide ex plains to build a rtechnical obust, reliable, and to ensure enterprise security. scalable client commonly com puting envir onment deploy technologies, but the list is not Measures addressed arethinthe most needed and and employed Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also all-inclusive. learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Firewalls

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaNetwork ble o f Con t en t s are the primary line of defense against external security threats; however, a firewall firewalls is not a panacea of network security. A sfirewall a system Official or group of systems that enforce a Citr ix MetaFr am e Access Suite for Window Ser v er is 2003—The Guide

boundary For ewor d between two or more networks. In the classic implementation (shown in Figure 8-6), the firewall system is comprised of a packet-filtering perimeter router, an isolation LAN (screened subnet) I ntr oduction with dual-homed bastion host, and anseinterior packet-filtering Pa r t I a- Ov er vi e w of Ente r pr ise Se r ve r - Ba d Com put in g

router.

Chapter 1

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Figure Chapter 20 - 8-6: MigrClassic ation to firewall Windowsystem s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 Commercially developed Envir onment firewalls are available in two primary form factors: appliances and

computers. Appliances Pa r t I V - Appendi x es

are preconfigured with an operating system and necessary network connections, while computer-based products provide software only and allow the user to determine Appendix A - I nter netw or k ing Basics what hardware is employed. Firewall software can be either a purpose-built hardened OS or Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model application software that executes firewall functions on a general purpose (GP) operating system Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model (Windows, UNIX variations, and so on). Application software that rides on a GP OS should be avoided. I ndex In addition to the processing overhead (GUI interface, "user" features), the firewall is subject to the List of Figur es inherent weaknesses in the GP OS design, which are publicly available as application interface List of Tables specifications. A quick look at reports of hacking and intrusions will show every GP OS has a long list List of Case Studies of vulnerabilities. List of Sidebars

Most firewalls perform a number of different functions, but the following are common capabilities: Protection of internal resources Hides internal addressing schemes and hosts from external detection. Authentication Uses strong authentication techniques to verify a user's identity before granting access to corporate information.

Privacy Protects, via encryption, sessions, and data streams destined for a remote network segment over untrusted networks (VPNs). Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

Auditing Provides detailed logging and accounting of communication attempts and other relevant 2 00 3 : Th e O ff icial Guid e metrics. ISBN:0072195665

by Steve Kaplan et al. McGr aw -Hill ©features, 2003 (724 pages) In addition to these common firewall solutions should offer This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows Ser and MetaFr am e. Also and intrusion attempts such Attack and intrusion detection The2003 ability tov er detect common attacks learn t oand centrspoofing. alize application managem ent, r educe soft w ar e as denial of service on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Content security A firewall should be "application aware" for a minimal set of common Internet Ta ble o f Con t en t s

applications (FTP, SMTP, and so on). It should be possible to define access rules based on the application that is attempting to pass through the firewall.

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

I ntr oduction

firewall should be Pa r t I High - Ov eravailability vi e w of EnteThe r pr ise Se r ve systems r - Ba se d Com put in g

hardened enough to protect themselves from being brought down Ser by ver an -Based attack or simple critical, I ntr oducing Com putingmishap. and th e More On- Dem and firewall implementations should Chapter 1 be redundant, Enterprwith ise automatic fail-over. Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite Electronic countermeasures The ability to mitigate common attacks and intrusion attempts such as denial of service and spoofing, as well as the ability to protect the firewall from direct attack.

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

I mplem ent ationare four general types of Internet firewalls, or, to be more accurate, three Types of Firewalls There Chapter 5 a - hybrid. Ser ver - Based Computing Data Center Architect ure types plus Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing Packet Filtering firewalls screen packets based on addresses and packet Chapter 7 - filtering The Clientfirewalls Envir onment

options. operate at the IP packet level (Layer 3) and make simple security decisions (drop or Chapter 8 - They Security forward) based data in thet packet header. Packet filtering firewalls may be one of three Chapter 9 - Net w or kon Managemen subtypes:

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 Static - Ser ver Configur ation: Windows Ter m inal Serv ices rules must be manually changed and are filtering This is used on most routers. Filter of source andCitr destination pairs as well as protocol Chapter 12 comprised - Ser ver Configur ation: ix MetaFr am e Presentation Ser ver and port values. No logic is

to determine sessionand state or packet Chapter 13 used - Application I nstallation Configur at ion sequence. Chapter 14 - Client Configur ation and Deploym ent Chapter 15 Dynamic - Pr ofiles,filtering Policies,In and ocedu resan outside process changes the filtering rules dynamically, thisPrsubtype, Chapter 16 based - Securing Client Access on router-observed events (for example, one might allow FTP packets in from the Chapter 17 outside, - Net wor Configur at if ksomeone onionthe inside requested an FTP session). Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Stateful inspection A technology that is similar to dynamic filtering, with the addition of more granular examination of data contained in the IP packet.

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 Pa r t

Ongoing Administr ation of the Ser v er - Based Com puting

onment DynamicEnvir filtering and stateful inspection firewalls keep a dynamic state table to make changes to I V - Appendi x es the filtering rules based on events.

Appendix A - I nter netw or k ing Basics Appendix Circuit B - gateways Creating anCircuit On- Dem gateways and Enterpr operate ise Financial at the network Analysistransport Model layer. Again, connections are

authorized basedan onOnaddress pairs. Circuit gateways usually Appendix C - Creating Dem and Enterpr ise Subscr iption Billing cannot Model look at data traffic flowing I ndex between one network and another, but they do prevent direct connections between one network

another. Sessions from outside are terminated on the gateway and a new session from the List ofand Figur es List ofgateway Tables to the internal protected host is generated. Circuit gateways may introduce latency and

RDP or ICA sessions under heavy loads. List ofjitter Caseinto Studies List of Sidebars

Application gateways Application gateways (or proxy-based firewalls) operate at the application level (Layer 7) and can examine information at that level. Decisions are made based on address pairs, application content (for instance, URLs), and application data, such as commands passed within FTP or SMTP command channels. Few vendors provide application-aware firewalls capable of managing RDP or ICA traffic, and enhancements to RDP or ICA require a revision of the firewall source code. One notable exception is Secure Computing's Sidewinder G 2 firewall (actually a hybrid firewall), which includes a Citrix-certified application proxy for ICA traffic.

Hybrid firewalls As the name implies, hybrid firewalls use elements of more than one type of firewall. Most modern firewalls combine stateful inspection and application gateway services to manage the Cit security rix Meboundary. t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Firewalls for Server-Based Computing Hybrid firewall systems are strongly recommended for ISBN:0072195665 by Steve Kaplan et al. server-based computing. Industry leaders in firewall technology include Cisco Systems (PIX), Nokia McGr aw -Hill © 2003 (724 pages) (Checkpoint), and Secure Computing (Sidewinder). The firewall system, as shown in Figure 8-7, This guide ex plains how to build a r obust, reliable, and should include a scalable perimeter router capable of static or dynamic packet filtering (to offload simple thin- client com puting envir onment and deploy filtering and protect the firewall direct attack), a hybrid firewall element Windows 2000/from Windows 2003 Ser v er and MetaFr am e. Also using stateful inspection and either a cut-through or an ICA application proxy, an soft interior learn t o proxy centr alize application managem ent, and r educe w ar erouter capable of static or on the desktop, and mor e. dynamic packet filtering. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Figure The basic enterprise system Chapter 13 - 8-7: Application I nstallation andfirewall Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Enhancements to ICA since the early MetaFrame versions eliminate the need for firewalls to support UDP Passthrough for ICA browser services (UDP port 1604). Stateful inspection firewalls must Chapter 16 - Securing Client Access "approximate" a session state for UDP by using timers, since UDP is a stateless protocol. MetaFrame Chapter 17 Net wor k Configur at ion now supports TCP-based XML services in lieu of ICA browser services. Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Encryption Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Using the Internet as Administr part of theation corporate WAN has obvious security implications. The Ongoing of the Ser v er -infrastructure Based Com puting Internet is a public network, and as such, exposes an enterprise's private information to unauthorized Envir onment individuals by itsx very Pa r t I V - Appendi es nature. The Internet is often an integral part of delivering applications to remote users in Aa server-based Appendix - I nter netw or kcomputing ing Basics network, however. Internet delivery provides virtually universal access to built-in resiliency, dramatic cost reductions as compared to dedicated media. Appendix B clients, - Creating an OnDem andand Enterpr ise Financial Analysis Model There are basic encrypted methodologies used for SBC Appendix C two - Creating an On- Demtransport and Enterpr ise Subscr iption Billing Modelnetwork connectivity: virtual private networks (VPNs) and Public Key Infrastructure (PKI) encryption via Secure Sockets Layer I ndex (SSL) or Transport Layer Security (TLS). List of Figur es Chapter 21 -

List of Tables Standards Encryption standards define both the mechanics of the encryption process and Encryption List Case Studies theofcomplexity of the key. For all at-risk data transmissions (anything traversing the Internet), strong List of Sidebars encryption should always be used. For SSL/TLS, use a minimum 128-bit key (RC4 with 128-bit

encryption and MD5 message authentication, yielding 3.4 ×1038 possible key values). If security is paramount, consider Triple-DES (3DES with 168-bit key and SHA-1 message authentication yields 3.7×1050 possible key values). When SSL is used, avoid SSL 2.0 implementations, and instead use SSL 3.0 or TLS. There are two basic types of encryption algorithms: symmetric (or private key) and public key. Private key encryption requires that the same key used to encrypt the data be used to decrypt the data and is

most commonly seen in VPN configurations. The advantage is speed, since less computation is involved than in other methods. The main disadvantage is that the key must be distributed to the intended recipientCit through mechanism; algorithm itself provides no way to rix Me tsome aFra msecure e Access Su it e fo r the W insymmetric do w s Ser ver distribute the key.2 The algorithm, the public key, calculates a list of keys, some of which 00 3 :second Th e O fftype icialof Guid e can only encrypt by theSteve data and some the data. The encryption key is the Kaplan et al.of which can only decrypt ISBN:0072195665 public key, and the decryption key is the private key. A message encrypted with the former can only be McGr aw -Hill © 2003 (724 pages) decrypted by the This latter. A major advantage of this scheme is that guide ex plains how to build a r obust, reliable, the and encryption key can travel in the open without compromising security. Having public keyand will deploy not allow someone to decrypt the data. scalable thinclient com putingthe envir onment Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

Note In somelearn applications, t o centr alize such application as Secure managem Socketent, Layer r educe (SSL), softthe w arpublic e key is made freely on to the desktop, and mor e. it. The client machine uses the public key to encrypt the available any client requesting data before sending it over the1"unprotected network. Only the possessor of the private key < ?xm l version= " 1.0" encoding= " I SO8859?> will be able to decrypt it. This is how e-commerce sites can function: any customer who Ta ble o f Con t en t s comes to the site can obtain the public key without any special Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide arrangement or mechanism. For ewor d

Several encryption algorithm and transport standards have arisen that have been adopted by Microsoft, Citrix, and others. Understanding them will allow an administrator to judge for themselves Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g whether a specific standard is appropriate for their server-based computing project. By implementing I ntr oducing Ser ver -Based Com puting and th e On- Dem and an encryption Chapter 1 - algorithm and transport method in the network backbone, the task of authenticating and Enterpr ise securing the network session is made further transparent to the end user. Cisco, Lucent, Nortel, and Chapter 2 - Window s Ter minal Ser vices other vendors facilitate this seamless authentication by their adoption of one or more security Chapter 3 standards. - Citr ix MetaFr am e Access Suite I ntr oduction

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Chapter 4

-

Chapter 8

- Security

Microsoft Point-to-Point Encryption (MPPE) MPPE uses preshared keys for authentication. This I mplem ent ation method secret key thatCenter is previously agreed upon by two systems. MPPE can be Chapter 5 - uses Ser vera- shared, Based Computing Data Architect ure used as the authentication method for PPTP or L2TP. Both are supported in Windows 2000 Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing Server and Windows Server 2003. Chapter 7 - The Client Envir onment Chapter 9 - Net w or k Managemen t Internet Protocol Security (IPSec) IPSec is the de facto standard for point-to-point VPN Pa r t I encryption. I I - I m ple m ent a n Oadvantage n-D e m a nd of Se rIPSec ve r - Baissethat d Com ti ng Envi r onm e nt network Theing great it ispuend-to-end at the

layer. Application

Chapter 10 - protocols Pr oj ect Managing Deploying an Enter pr ise SBC Envir onment security like SSLand require the application to change, while data link protocols like PPTP Chapter 11protect - Ser ver Configur ation: Windows inal Servtravel ices over other links in the clear. IPSec only a user on that specific link;Ter thempackets Chapter 12 - Ser Configur Citrservice: ix MetaFr am e Presentation Ser ver provides twover choices ofation: security Authentication Header (AH), which essentially allows

authentication of theI nstallation sender of and dataConfigur and is not Chapter 13 - Application at ionconsidered highly secure, and Encapsulating Security Payload (ESP), which both authentication of the sender and encryption of data. Chapter 14 - Client Configur ation andsupports Deploym ent The information Chapter 15specific - Pr ofiles, Policies, associated and Pr oceduwith res each of these services is inserted into the packet in a header follows the IP packet header. Separate key protocols can be selected, such as the Chapter 16 - that Securing Client Access ISAKMP/Oakley Chapter 17 - Net wor k protocol. Configur atSince ion it is implemented at the protocol layer, IPSec is an excellent

choice for server-based computing. It does not interfere with higher-level protocols like ICA and therefore is nearly transparent to the end user.

Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Point-to-Point-Tunneling Protocol PPTP Com is anputing extension of the Point-to-Point Protocol Ongoing Administr ation of the (PPTP) Ser v er - Based Envir onment (PPP) and has two functions. First, it establishes a control channel between the client and the Pa r t I server. V - Appendi x es it builds a "tunnel" for passing data between the client and the server. The tunnel Second, Appendix A - I nter netw or kan ingencryption Basics is constructed using algorithm (PPTP can support many) so that the client and server keys. supports tunnels with Model a single control channel and can Appendix B -exchange Creating an On-PPTP Dem and Enterprmultiple ise Financial Analysis multiplex betweenanthem. PPTP widest support Appendix C - Creating On- Dem and currently Enterpr iseenjoys Subscrthe iption Billing Model in network backbone I ndex equipment such as routers and switches. Chapter 21 -

List of Figur es List ofLayer Tables2 Tunneling Protocol (L2TP) L2TP is an alternative to PPTP proposed by Cisco Systems. List ofLike CasePPTP, Studies L2TP is an extension of PPP and attempts to include the best features of PPTP. Like List ofPPTP, Sidebars it can encapsulate other protocols besides TCP/IP. L2TP provides flexibility in the

assignment of IP addresses when TCP/IP is used. Dynamic, static, and privately managed IP addresses are supported. It uses a similar keyed encryption scheme to establish a tunnel. Both L2TP and PPTP are proposed IETF standards. Both are also supported as standards in all Cisco routers. Encryption for Server-Based Computing Both ICA and RDP support basic encryption services through their respective client and server configurations. RDP requires a "non-standard" port (TCP

3389) to be open through the firewall, and does not support authentication prior to connecting to the target server (secure application proxy). ICA has variable levels of security, and can be reconfigured to operate on a "standard" port thatmise usually Cit rix Me t aFra Access permitted Su it e fo r through W in do wenterprise s Ser ver firewalls—TCP 443 (HTTPS). By default, the ICA protocol little to the 2 00 3 : Th e adds O ff icial Guid e security already existing in Terminal Services. ICA uses a very basic method encrypt, or more data stream by using a key. It is really ISBN:0072195665 bytoSteve Kaplan et al. accurately scramble, the meant to help ensure that clear-text is not visible in the data stream. By invoking the 128-bit encryption McGr aw -Hill © 2003 (724 pages) option for ICA connections, the ICA session is encrypted with a 128-bit This guide ex plains how to build a r obust, reliable, and key RC5 encryption algorithm from RSA Data Security. RC5client uses com a combination symmetric and public-private key algorithms. The scalable thinputing envir of onment and deploy Windows Ser v er andkey MetaFr am e. Also MetaFrame XP client and 2000/ serverWindows use the 2003 Diffie-Hellman agreement algorithm with a 1024-bit key o centrbills alizethis application ent, r educeto soft w ar e to generate RC5 learn keys.t Citrix client asmanagem being safe enough run sessions over the Internet, and on the desktop, and mor e. indeed, many companies use or base their products on the RC5 encryption algorithm. Windows Server < ?xm l version= " 1.0" encoding= " I SO8859- 1" ?> RC4 encryption. Both Windows 2003 (with the 2003 RDC services use 128-bit, bi-directional Taencryption ble o f Con module) t en t s and Citrix MetaFrame XP Feature Release 3 are now certified as FIPS 140Citr ix MetaFrfor am use e Access Suite for Window s Ser v er 2003—The Official compliant in Federal Government information systems. In Guide either case, the direct connection from client to target server creates additional concerns, even when passing through most stateful For ewor d inspection I ntr oduction firewalls. Citrix remedies this problem through its MetaFrame Secure Gateway product as shown in er Figure 8-8. MetaFrame Secure isga specialized SSL application proxy, which Pa r t I - Ov vi e w of Ente r pr ise Se r ve r - Ba se dGateway Com put in supports integration with Ser web-based I ntr oducing ver -Basedapplication Com putingaccess and th e(MetaFrame On- Dem and Web Interface), multifactor Chapter 1 authentication Enterpr technologies ise like RADIUS or Secure Computing's SecureID, application layer isolation of internal external hosts Chapter 2 and - Window s Ter minal(internal Ser vicesCitrix servers are not exposed to the public Internet), and session management via ticketing. Chapter 3 - Citr ix MetaFr am e Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables

Figure 8-8: MetaFrame Secure Gateway

List of Case Studies List of Sidebars

Authentication, Authorization, and Accounting Services Authentication, authorization, and accounting (AAA) services provide the means to identify a user, grant access to specific resources, and document what the user did and when they did it. The vast majority of AAA services in a Windows Server 2003 server environment are provided by the Windows security model with authentication in the form of user account/password settings, authorization provided by discretionary Access Control Lists (on files, shares, and other OS-controlled resources like

print services), and accounting provided through event logs and event auditing policies. Windows Server 2003 Terminal Services and Citrix MetaFrame XP both support two-factor authentication (smart card). More robust as three-factor requires third-party software. Citauthentication rix Me t aFra m such e Access Su it e fo r Wauthentication in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Tip In Windows Server 2003, you can add users and groups directly to the Remote Desktop Users ISBN:0072195665 by Steve Kaplan et al. group to allow RDP or ICA access. Remote Desktop for Administration (equivalent to Windows McGr aw -Hill © 2003 (724 pages) 2000 Terminal Services—Remote Administration Mode) is now completely separate from This guide ex plains how to build a r obust, reliable, and Terminalscalable Services (Windows 2000 Terminal Services—Application Server Mode). thin- client com puting envir onment and deploy

Auditing

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Basic auditing should always be provided by server event logs and system logs from firewalls and

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> routers. Most database applications can support record-level auditing and transaction logging. Auditing Ta ble o f Con t en t s

by itself is a nice feature for 20/20 hindsight, but is of little use unless audit events are configured to generate administrative alert and notification messages.

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

I ntr oductionServer 2003 adds additional auditing capabilities to meet common government requirements Windows Pa r t I supplement - Ov er vi e w of Ente r pr ise Se r ve r -mechanisms. Ba se d Com putNotable in g and intrusion detection

changes include operation-based auditing

I ntr oducing Ser ver -Based Com puting and th e On- Dem and (analogous Chapter 1 - to accounting in AAA services) and per-user selective auditing (by name); and enhanced Enterpr ise logon/logoff and account management auditing-logon/logoff events now contain IP address and caller Chapter 2 - Window s Ter minal Ser vices information. Chapter 3

- Citr ix MetaFr am e Access Suite

The (MACS), Pa r t I IMicrosoft - De signiAudit ng a n Collection Ent e rpr i se System SBC Solut ion

a client-server application to be released in support of Windows Server 2003, provides real-timeforsecurity event collection, and stores event data in a SQL Pr epar ing Your Or ganization an On- Dem and Enterpr ise Chapter 4 database for Iready mplemanalysis. ent ation MACS can create a security boundary so that event-log data can be independently audited without the possibility of users or administrators tampering with the event data. Chapter 5 - Ser ver - Based Computing Data Center Architect ure This type of independent collection and audit are becoming the norm for regulated industries. Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing Chapter 7

- The Client Envir onment

Chapter 9

- Net w or k Managemen t

Intrusion Chapter 8 - Detection Security

Systems

Intrusion detection systems (IDS) are now built in to many firewall products. A fully evolved IDS system should encompass both Network IDS (NIDS) implemented on firewalls, routers, or appliances, and Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Host IDS (HIDS) implemented via software services on vulnerable servers. Enterprise NIDS services Chapter - Serthe ver built-in Configurcapabilities ation: Windows Ter m inal ServFor ices example, Cisco's PIX firewall recognizes go well11 beyond of most firewalls. Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver less than 100 attack profiles (natively), has only limited autonomous response capability, and attack Chapter 13 Application I nstallation and Configur at ion signatures are not regularly updated. When coupled with Cisco's IDS appliances, hundreds of attacks Chapter 14 - Client Configur ation and Deploym are recognized, signatures are updated muchent like antivirus software, and the IDS appliance can Chapter 15 - issue Pr ofiles, Policies, andchange Pr oceducommands res dynamically configuration to the firewall to block attacks as they occur. HIDS on the other function Chapter 16 - hand Securing Clientmuch Accesslike a firewall at the OS kernel level—any API or kernel call that is not specifically by the administrator requires explicit authorization. Calls that are not Chapter 17 -preapproved Net wor k Configur at ion "authorized" are by default, which means HIDS can block and log as yet "undefined" attacks. Chapter 18 - Pr intblocked in g Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Content Chapter 20 -Filtering Migr ation to Window s 2003 and Citr ix MetaFrame XP

Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 not - a technical security measure per se, filtering and management of Internet content, more Although Envir onment

specifically, filtering of user access to web content, and electronic mail content filtering and management are used to address two of the biggest liability and reputation issues in business today. Appendix A - I nter netw or k ing Basics Uncontrolled employee access to inappropriate (as determined by the corporate acceptable use Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model policy) Internet sites not only can damage the corporate image and risk civil and legal prosecution, but Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model can be a precursor to internal attacks on network security and resources. Case in point: an employee I ndex who surfs hacker web sites may be looking for tools to use, or they may be technologically illiterate List Figur es malicious logic that compromises the network. With regard to electronic mail, andof download List of Tables businesses may be concerned about unacceptable mail content originated or received under the List of Case identity, Studies spam that consumes storage resources, or originated content that divulges sensitive corporate List of SidebarsE-mail filtering is usually accomplished both on a bastion host in an Internet DMZ (ingress information. filtering of objectionable content and spam), and on the corporate mail server itself to control employee-to-employee and employee-to-external content. An additional "filtering" capability can be provided by the Packeteer bandwidth manager discussed in Chapter 6. Since the Packeteer recognizes applications, to include chat and instant messaging programs and protocols (MS-Chat, AIM, MSN Messenger), peer-to-peer sharing applications (Napster, Gnutella, Bear Share, Lime Wire), and commonly abused Internet bandwidth hogs (Windows Media, QuickTime, Real Media), these applications can be assigned a policy of zero bits per second or "never admit" to block access by Pa r t I V - Appendi x es

application. Chat programs are of particular concern as they often use dynamic ports and are one of the most active vectors for malicious logic ("bots"). Few business users can substantiate a legitimate need for chat, instant media. Cit rixmessaging, Me t aFra m Internet e Accessfile Susharing, it e fo r Worinstreaming do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Virus Protection by Steve

Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

Enterprise virus protection is a "must have" in any computing environment. A single uncontrolled This guide ex plains how to build a r obust, reliable, and outbreak can costscalable tens ofthinthousand of dollars in PC disinfection costs alone. Heavily infected networks client com puting envir onment and deploy must often be isolated from the Windows Internet and taken of service to e. allow Windows 2000/ 2003 Ser v out er and MetaFr am AlsoIT staff to get ahead of rampant infections. Although enterprise managem antivirus solutions offer learn t o centrmost alize application ent, r educe softsimilar w ar e capabilities, the solutions' on the desktop, e. effectiveness is determined moreand by mor implementation and maintenance ease than actual protection. Thel version= system must universally installed, employ a locked configuration to prevent software from < ?xm " 1.0" be encoding= " I SO8859- 1" ?> being disabled, and support centralized real-time reporting and alerting. In an SBC environment, the Ta ble o f Con t en t s most common differentiator is the behavior of the scanner Official software in a multiuser environment. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Guide Initially, only Trend Micro's Server Protect product would consistently run correctly in a multiuser For ewor d environment—most products created a new instance of the scanner for every instance of a user I ntr oduction application or session; Server Protect generated a single instance in the system's context to monitor all Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g writes to the server. Virus protection products must work seamlessly on all of the enterprise computer I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 Other systems. enterprise vendors have since improved their products' support for Windows Terminal Enterpr ise Services and Citrix MetaFrame. Chapter 2 - Window s Ter minal Ser vices Chapter 3

- Citr ix MetaFr am e Access Suite

Server Hardening

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr eparmeasures ing Your Or ganization an OnDemOS andand Enterpr ise Server 4hardening are specific for to the server applications. In the Windows NT Chapter I mplem ent ation

Terminal Server/Citrix MetaFrame XP environment, extensive modifications to the registry, directory - Ser ver - Based Computing Data Center Architect ure and file permissions, and registry permissions were required to "secure" the server. Beginning with Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing Windows 2000 and continuing in Windows Server 2003, the vast majority of these changes are made Chapter 7 - when The Client Envir onment dynamically Terminal Services mode is invoked. Server hardening in general can be Chapter 8 - Security risky—although standard security lockdowns may work with Terminal Servers and well-behaved Chapter 9 - Net or k Managemen t applications, thewvast majority of legacy applications do not fully comply with Microsoft's Terminal Pa rt I I I - I m pleand m ent ingexperience a n O n-D e mproblems. a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Services API will Chapter 5

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

To fully11 harden Terminal (as in theTer DoD C2Serv Trusted Chapter - Seraver ConfigurServer ation: Windows m inal ices Computer System Criteria), some changes stillver required. Microsoft Citrix am have online databases Chapter 12are - Ser Configur ation: Citrand ix MetaFr e Presentation Ser verand security sites that detail

changes configuration from file and directory permissions, to password and authentication Chapter 13in-server Application I nstallation and Configur at ion

methods, to configuration of server-side protocol stacks. Additional changes to baseline security configurations can be implemented with Microsoft's Security Configuration Editor. For those who want Chapter 15 - Pr ofiles, Policies, and Pr ocedu res government-type security restrictions, configuration guides (including Windows 2000 Terminal Chapter 16 - Securing Client Access Services) and preconfigured *.inf files for the Security Configuration Editor may be downloaded from Chapter 17 - Net wor k Configur at ion the National Security Agency's (NSA) System and Network Attack Center (SNAC) at Chapter 18 - Pr int in g www.nsa.gov/snac/win2k/. Chapter 14 - Client Configur ation and Deploym ent

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter Caution 20 - Migr Never ation runtothe Window automated s 2003 lockdown and Citr ix tools MetaFrame like the XPSecurity Configuration Editor on Chapter 21 -

production servers. Always Ongoing Administr ation of thetest Serfirst. v er - Based Com puting Envir onment

Patching knownxvulnerabilities Pa r t I V - Appendi es

and exploits with hotfixes and service packs is really fundamental

softwareAmaintenance, is often overlooked. Built-in features like Windows Update are more Appendix - I nter netw orand k ingyet Basics robust inBWindows Server 2003. Supplemental tools such as theModel Baseline Security Analyzer, which Appendix - Creating an OnDem and Enterpr ise Financial Analysis includesCa command-line hotfix (HFNetCheck), canBilling help Model verify the state of the server. Appendix - Creating an OnDemchecker and Enterpr ise Subscr iption I ndex

Service management has historically been a manual process. Microsoft designed Windows NT and

List of Figur2000 es Windows with a rather extensive list of services that were installed by default. Windows Server List of Tables 2003 has eliminated 19 major services from the default installation sequence. List of Case Studies

The List of following Sidebars is a short summary list of important security changes in Windows Server 2003: Stronger ACL to stop access to the root directory (c:\). Changed default share ACL from Everyone:F to Everyone:R. Changed DLL search order to start in system directory. Hardened Internet Explorer.

Increased restrictions on Anonymous users and changed group membership: Anonymous users are no longer members of "Everyone" by default. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

Put limits on 2blank account permissions; local accounts that have blank 00 3 : passwords. Th e O ff icialChanged Guid e passwords cannot be Kaplan used toetremotely connect to a machine. ISBN:0072195665 by Steve al. McGr aw -Hill © 2003 (724 pages)

Set LanManCompatibilityLevel=2 on Servers\Domain Controllers, by default. Windows Server This guide ex plains how to build a r obust, reliable, and 2003 will not scalable emit insecure LanMan responses, without being set to do so. thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

Restricted remote console applications to administrators learn t execution o centr alizeofapplication managem ent, r educe soft w ar eonly. on the desktop, and mor e.

Created two new accounts to run services with lower privileges. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con en t s IIS not tinstalled by default. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Some services changed to disabled by default, including For ewor d I ntr oduction

Alerter

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 Clipbook Enterpr ise Chapter 2 Distributed - Window slink Ter tracking minal Serserver vices Chapter 3

- Citr ix MetaFr am e Access Suite

License logging

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 Messenger I mplem ent ation Chapter 5 NetMeeting - Ser ver - Based Computing Center Architect ure remote desktopData sharing Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing

and remote access Chapter 7 Routing - The Client Envir onment Chapter 8 Chapter 9

- Security

Themes

- Net w or k Managemen t

Pa rt I I I - I m ple m enta ing an O n-D e mof a nd Se r vetools r - Ba se Com pu ti ng Envi onm e nt Microsoft supplies wide variety built-in todhelp secure the rTerminal

Server. In Windows 2003,

Chapter 10 - Pr oj ect Managing and policies) Deployingisan Enter pr ise EnvirTerminal onment Services-specific policies. policy-based enforcement (group expanded toSBC include Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

One interesting provided PowerFuse, environment lockdown utility designed for Chapter 12 - Ser feature ver Configur ation:by Citr ix MetaFr amae third-party Presentation Ser ver Terminal is theI nstallation ability to protect the Terminal Server from "rogue" applications (accidental or Chapter 13 Services, - Application and Configur at ion

intentional). Administrators can define resource consumption limits for applications and the PowerFuse CPUShield will police the application to prevent denial of service.

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access

User Environment Management

Chapter 17 - Net wor k Configur at ion

Chapter 18 the - Pr int inenvironment g Because user and experience in an SBC environment exist on the server, lockdown Chapter - Disaster and computing Business Continuity in theConversely, SBC Envir onment can be 19 easier than in Recovery a distributed environment. there is a far greater need for Chapter such security 20 - Migr measures. ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 - simple (from a security standpoint) Windows networks, Windows' group policies are an In relatively Envir onment

effective meansxof Pa r t I V - Appendi es controlling the

user environment. In Windows Server 2003, the cumbersome

Windows tool or for locking Appendix A AppSec - I nter netw k ing Basicsdown application availability has been replaced with built-in Software Restriction Appendix B -Polices. Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

In a Citrix MetaFrame XP server environment, many lockdown tasks are mitigated by Citrix's ability to publish applications and content directly, without the complexities and security problems associated List es withof aFigur full Windows "shell." When possible, running only Published Applications obviates the need to List of Tables lock down many settings associated with desktops and menus—applications run in a seamless List of Case Studies window with no exposure of the underlying Windows shell (explorer.exe). I ndex

List of Sidebars

As the number of users, different policies, and nested policies grow, the viability of group policies diminishes rapidly. Not only are complex nested policies hard to understand and decipher, excessive nesting can slow logon times substantially. Even the Citrix Published Applications are not suitable for all environments. Users may need, or legacy applications may demand, access to Windows shell components. In the worst-case scenarios, applications may be dependent upon "desktop" functionality, but incapable of running correctly when standard group polices are applied. In complex situations, third-party lockdown products like PowerFuse greatly simplify administration. Users and applications

can be provided a dynamic locked desktop, complete with an alternative (more secure) Windows shell component. PowerFuse adds a number of essential features, like the ability to control the spawning of child processes and executables. example, to w block Cit rix Me t aFra m For e Access Su it the e foability r W in do s Sercalls ver to launch Internet Explorer from an embedded message. 2 00URL 3 : Thine an O ffe-mail icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Me t aFra m e Access Su it e fo r W in do w s Ser ver Chapter Cit 9:rixNetwork Management 2 00 3 : Th e O ff icial Guid e ISBN:0072195665

by Steve Kaplan et al.

In the old days of small work group LANs, it was relatively easy for a system administrator to keep tabs McGr aw -Hill © 2003 (724 pages) on the status of desktop PCs, servers, and the network simply by looking at the lights on the front of This guide ex plains how to build a r obust, reliable, and the equipment. As these networks grew in complexity and scope, it became more than any person, or scalable thin- client com puting envir onment and deploy group of people, Windows could do 2000/ to know the status allvparts the network at all times. This problem Windows 2003ofSer er andofMetaFr am e. Also provided the challenge thealize first application network management system early NMS software was learn t ofor centr managem ent, r educe(NMS). soft w arThe e desktop, and to mor e. Event Viewer in Windows Server 2003 today. Next, the little more than a on logthe reader, similar the ability to read" 1.0" status and alert" I messages < ?xm l version= encoding= SO- 8859- 1"in ?>a standard format was added. This standard format became the Simple Network Management Protocol (SNMP). Manufacturers quickly added the ability Ta ble o f Con t en t s to format and send SNMP messages to all equipment. Today, Citr ix MetaFr am e Access Suite for Window s Serof v ertheir 2003—The Official Guidevirtually all network infrastructure devices such as routers, switches, bridges, and CSU/DSUs, as well as servers and For ewor d operating systems, can report their status using SNMP. It is this capability that makes modern NMS I ntr oduction packages like Microsoft Systems Management Server (SMS) and Microsoft Operations Manager Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g (MOM), Citrix Resource Manager (RM), and HP OpenView possible. The ability to receive and collate I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter SNMP 1messages is ise only the tip of the iceberg of what an NMS can do and what your organization Enterpr should use it for. Chapter 2 - Window s Ter minal Ser vices Chapter 3 server-based - Citr ix MetaFr am e Access Although computing is,Suite by nature, more centralized and architecturally simpler than Pa r t I I - De signi ng a n Entthis e rprdoes i se SBC ion distributed computing, not Solut mitigate

the need for a strong system management environment

Pr epar ing Your Or ganization an On-level Dem and Enterpr isefor services delivered and to use (SME).4It is- even more critical to establishforservice agreements Chapter I mplem ent ation

tools, such as an NMS, to manage them. This chapter discusses general SME messaging standards, - Ser ver - Based Computing Data Center Architect ure SME characteristics including monitoring and reporting for server-based computing, and concepts for Chapter 6 - Designingusing Your tools Netw or k forMicrosoft, Ser ver- Based put ing SME implementation from Citrix,Com Hewlett-Packard, and others. Chapter 5 Chapter 7

- The Client Envir onment

Chapter 8

Security People,-- Processes, and Product Net w or k Managemen t

Chapter 9

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Utilizing an NMS is only part of an organization's overall SME. An SME consists of the people,

Chapter 10 -and Pr ojproduct ect Managing Deploying anorganization Enter pr ise SBC onmentmanage the computing processes, ("threeand Ps") within an thatEnvir effectively Chapter 11 Ser ver Configur ation: Windows Ter m inal Serv ices resources of that organization. "Product" is more accurately "technology," but "two Ps and a T" doesn't Chapter 12same - Serpunch ver Configur ation: CitrWe ix MetaFr amsimplest e Presentation ver of the interrelationship between have the as "three Ps." find the way toSer think Chapter 13 Ps - is Application I nstallation and Configur at ion (SLAs). the three in terms of service level agreements Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Service Level Agreements 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve et al. between the IT staff and An SLA in this context is anKaplan agreement the user community about the McGr aw -Hill © 2003 (724 services being provided, the manner inpages) which they are delivered, the responsibilities of the IT support staff, and the responsibilities the users. SLA many important functions, including setting This guide exof plains how toAn build a rserves obust, reliable, and scalable thin-about client com onmentbeing and deploy the expectations of the users the puting scope envir of services delivered and providing accountability 2000/ Windows v erestablished and MetaFr am e. Also and a baseline ofWindows measurement for the IT2003 staff.Ser The SLAs in your organization also provide learn t o centr alize application managem ent, r educe soft w ar e the framework foronthe SME. After all, if you don't first figure out what you are managing and how you the desktop, and mor e. will manage it, what good will a tool do you? In addition to incorporating the three Ps, a service level < ?xm l version=should " 1.0" encoding= " I SO8859- 1"three ?> agreement address the following areas of responsibility:

Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Availability This section should explain when the services are provided, the frequency (if For ewor d appropriate), and the nature of the services.

I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Comhow puting th e OnDem Performance This section describes theand service is to beand performed and any underlying Chapter 1 Enterpr ise to the delivery of the service. processes related Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Usability This section should show how to measure whether the service is being used effectively. For example, a measure of success could be infrequent help desk calls.

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Table 9-1 shows a sample SLA for an enterprise backup service.

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Table 9-1: SLA for Enterprise Backup

Volumes Be Chapter 8 -toSecurity Backed Availability Chapter 9 Up - Net w or k Managemen t

Performance

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Palo Alto data Daily incremental Backups are scheduled center, Network backups of all and designed not to Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices appliance filer affect production system volumes. Chapter 12(400GB), - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver cluster performance. Weekly full backups. Chapter 13 Application I nstallation and Configur at ion HP 9000 Oracle Five weeks of tapes per Monthly full Deploym backups. Chapter 14 -(120GB), Client Configur ation and ent database month are used. Chapter 15 data - Pr ofiles, Policies, and Prfull ocedu res Quarterly backups. Denver Daily log report is Chapter 16Network - Securing Client Access center, Three months of daily generated noting which appliance Chapter 17 - filer Net wor k Configur ion used, then tapesatare tapes are in what cluster Chapter 18(800GB), - Pr int in g rotated. backup set. and HP Chapter 19 9000 - Disaster Recovery and Business Continuity in the SBC Envir onment Online backups: a Full backups Oracle Chapter 20database - Migr ation to Window s 2003 and Citr ix MetaFrame XP are taken snapshot is taken offsite the following (220GB). Ongoing Administr ation of the Ser v er - Based Com puting every 4 hours for the Chapter 21 Wednesday and are Envir onment Backup device is a NetApp. The last 12 returned according to a Pa rSpectra t I V - Appendi x es Logic tape snapshots are three-month cycle. Appendix A I nter netw or k ing Basics library with eight available, covering 48 Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Sample files Model are drives using AIT hours. Appendix C each - Creating restored iption Billing and verified Model tapes at data an On- Dem and Enterpr ise Subscr Archive/grooming three times per week. I ndex center. backup every two List of Figur es Archive/grooming weeks. List of Tables backup: files not List of Case Studies touched in 14 months List of Sidebars are written to tape every two weeks and are deleted from production storage after three backups. Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Usability Problem response according to standard help desk SLA. Nonpriority requests for restorations and archive turnaround is three days. Service performance reports are published weekly to users via an intranet site.

Ideally, the SLA is an extension of the overall business goals. Defining a group of SLAs for an organization that has never used them can be a daunting task. The following tips will help you with the

effort: Start by deciding which parts of your infrastructure go directly to supporting your business goals, Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver and define exactly how that happens. 2 00 3 : Th e O ff icial Guid e ISBN:0072195665 et of al. your current support capability. Do not definebyanSteve SLAKaplan in terms Think "outside the box" regarding McGr aw -Hill © 2003 (724 pages) how a particular service should be delivered. The result will be your goal for the SLA. Now work This guide exwhat plainshas howtotobe build a rto obust, reliable, andSLA. backward and figure out done reach the ideal

scalable thin- client com puting envir onment and deploy

Windowsat2000/ Windows 2003 Serindividual v er and MetaFr Also Rather than starting the ground level with SLAs am fore.particular services, try laying down learn t o centr alize application managem ent, r educe soft w ar e some universal rules for a so-called Master SLA. After all, some things will apply to nearly every on the desktop, and mor e. service you deliver. A good place to start is with the help desk, where all user calls are taken. < ?xm l version= " 1.0"the encoding= " I SO1" ?>prioritize, and assign calls. The problem response time, for Decide how help desk will8859handle, Ta ble o f Con t enwill t s be a standard time for all nonpriority calls. Once that is established, you can think example, Citr ix about MetaFrwhether am e Access Suite services for Window s Ser v er different 2003—The Official Guide different may need handling for priority calls. Decide what the For ewor d mission and goals are of the IT staff overall and how they support the business. Work backward I ntr oduction from that to how the service management function must be defined to align with those goals. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Establishing a viable SLASer forver the user Com community (whether I ntr oducing -Based puting and th e On-corporate Dem and users or fee-for-service (ASP) users) mandates equivalent SLAs with your providers. For example, most WAN providers (Qwest, Enterpr ise Sprint, 2AT&T) will guarantee various parameters (availability, bandwidth, latency) that impact your Chapter - Window s Ter minal Ser vices ability to deliver service to users. Ensure Chapter 3 - Citr ix MetaFr am e Access Suiteinternal SLAs do not invoke more stringent quality and reliability than external Pa r t I I - Deguarantees signi ng a n Ent e rpr i se SBCSLAs. Solut ion Chapter 1

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 - of defining and working with SLAs is adequate material for a book all its own. Our intention The subject I mplem ent ation

here is 5to get youverstarted framing your management services in terms of SLAs. You will find Chapter - Ser - BasedinComputing Datanetwork Center Architect ure them to be -not only a great help in sorting through the "noise" of information collected, but also an Designing Your Netw or k for Ser ver- Based Com put ing invaluable communication tool for users, IT staff, and management alike.

Chapter 6 Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver MessagingCit Standards 2 00 3 : Th e O ff icial Guid e

by familiar Steve Kaplan et al. messaging standards ISBN:0072195665 You will need to be with current for network management and McGr aw 2003 (724 understand the basics of-Hill how© they workpages) in order to effectively plan an SME. This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e We defined TCP/IP anddesktop, UDP in Chapter 6, but we mention them again here in the context of network on the and mor e.

TCP/IP and UDP

management in order to show the different philosophies under which some of the standards were

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> created. To put things in perspective, there are two major components in an SNMP-based Ta ble o f Con t en t s

management system: the management station and the SNMP agent. The management station polls agents on a cyclic basis to assess status and health. The agent responds to these queries with For ewor d formatted information. Additionally, the agent can send an unsolicited SNMP "trap" asynchronously I ntr oduction when it detects a health- or status-related event. The normal SNMP transport protocol is UDP, which Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g uses a "best effort" delivery mechanism. There is no guarantee the packet will ever arrive at its I ntr oducing Ser ver -Based Com puting and th e On- Dem and destination. Chapter 1 - The advantage is that UDP packets are small and of a similar size, lacking the complexity Enterpr ise of a TCP/IP packet. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Chapter 2

- Window s Ter minal Ser vices

Chapter 3 UDP - Citrpackets ix MetaFr am not e Access Suite Note are of fixed size; they are variable up to 65,536 bytes—the largest Pa r t I I - De datagram signi ng a n IP Entcan e rprsupport. i se SBC Solut ion Generally,

UDP frames will be 576 bytes or less, because IP

Pr eparall ingnetwork Your Or ganization for an an On-MTU Dem and Enterpr iseSending a UDP datagram larger links to support of 576 bytes. Chapter 4 requires I mplem ent ation than this risks fragmentation. Chapter 5

- Ser ver - Based Computing Data Center Architect ure Given the ofYour UDP,Netw it may more for delivery of management Chapter 6 limitations - Designing or k seem for Serthat ver-TCP BasedisCom putappropriate ing

information. is not Envir necessarily Chapter 7 - This The Client onment true; it depends on the application. All TCP really does is automatically retransmit if it doesn't receive an acknowledgment (ACK). When running with UDP, the Chapter 8 - Security SNMP 9manager fort detecting the lack of response and retransmitting. Consider the Chapter - Net wisorresponsible k Managemen case a ent response packet lost, network Pa r t I I Iin- which I m ple m ing a n O n-D e m is a nd Se rand ve r -the Ba se d Com puremains ti ng Envidown r onm efor nt five

seconds. With a TCPbased SNMP, TCP will retransmit several times and will eventually deliver the response. The response Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment it delivers will be at least five seconds out-of-date. With UDP, the management console will reissue the Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices request, and when the network is finally operational again, the response will be the most up-to-date Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver possible. Chapter 13 - Application I nstallation and Configur at ion

Chapter 14 A- trap, Clienthowever, Configur can ationbe and Deploym ent administrators don't depend on SNMP traps as the Note lost. Generally, Chapter 15 only - Pr notification ofiles, Policies, and Pr ocedu res traps work poorly in a lot of NMS implementations. of failures because Chapter 16 Instead, - Securing the Client management Access console periodically polls for status. Chapter 17 - Net wor k Configur at ion

TCP/IP also lacks a guaranteed delivery mechanism, but it at least supports packet resequencing and destination routing, making it less prone to delivery failure. This is important when considering which Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment protocol would provide a better transport option for system status and alert messages. Chapter 18 - Pr int in g

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir onment Management Protocol Simple Network

Pa r t I V - Appendi x es

Simple Network Protocol (SNMP) is an application layer protocol that uses the Appendix A - I nterManagement netw or k ing Basics underlying of the stack. SNMP version 1 (SNMPv1) uses UDP and IP. The Appendix B -transport Creatingservices an On- Dem and protocol Enterpr ise Financial Analysis Model inclusionCof- SNMPv1 widespread and you are likely to encounter it. Appendix Creating in an networking On- Dem andequipment Enterpr ise is Subscr iption Billing Model

SNMPv2 has been enhanced in a number of ways to make it more robust than its predecessor and is the most common implementation today. Ironically, SNMPv2 fell far short of the vision set forth in its List of Figur es specification, particularly in the area of security. SNMPv3 is the implementation designed to address List of Tables the security issue as well as the other shortcomings of its predecessors. The current specifications, List of Case Studies RFCs, and a supported hardware list can be found at www.snmp.org. I ndex

List of Sidebars

Note SNMPv1 and SNMPv2 have significant security weaknesses. Microsoft implementations rely on these versions and default to one community string (public) and "Accept Packets from all Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver hosts." 2Immediately upon installation of the SNMP service, these values should be changed 00 3 : Th e O ff icial Guid e to a unique community string and "Accept Packets from these hosts" with a list of valid host ISBN:0072195665 by Steve Kaplan et al. addresses. Virtually every LAN/WAN hardware vendor's default implementation of SNMP McGr aw -Hill © 2003 (724 pages) suffers from these same weaknesses, with community strings of "public," "private," or a This guide ex plains how to build a r obust, reliable, and documented string, and no trap or manager restrictions. Thus, it is important to always scalable thin- client com puting envir onment and deploy changeWindows default SNMP settings.2003 Ser v er and MetaFr am e. Also 2000/ Windows learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter The data 5 exchanged - Ser ver - Based between Computing managers Dataand Center agents Architect follows ure a standard hierarchical format described

as the management information base The manager ising responsible for taking the MIB data sent Chapter 6 - Designing Your Netw or k for(MIB). Ser verBased Com put by the agents, interpreting the format, aggregating, collating, and correlating it to higher-level events. Chapter 7 - The Client Envir onment The manager's task is also to make this information available for queries or reports. The structure of Chapter 8 - Security the MIBs the IETF int several requests for comments (RFCs), and new MIBs are being Chapter 9 is- defined Net w or kbyManagemen created themtime. MIBs various ofd devices their information Pa r t I I I - Iall m ple ent ing a n Ofor n-D e m a nd categories Se r ve r - Ba se Com pu tistore ng Envi r onm e nt

in a standard place

on the tree Thus, alland routers are inanthe same branch of the tree, all hubs are in the same Chapter 10 -hierarchy. Pr oj ect Managing Deploying Enter pr ise SBC Envir onment

branch, and all CSU/DSU devices are in the same branch, as shown in Figure 9-1—a simplified view of a network equipment MIB.

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

Figure 9-1: The MIB hierarchy

List of Figur es SNMP's community is similar to a domain in NT networking. An SNMP community defines a set of List of Tables agents that are related in some way. A community could define a company division, a geographic List of Case Studies location (such as a data center), or even a similar class of equipment, such as all routers. A manager List Sidebarsreceive and process messages from multiple communities and provide views into the canoftypically

messages separated by those communities, as shown in Figure 9-2.

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction

Figure 9-2: SNMP communities

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntrimproved oducing Ser verextended -Based Com puting and th e Onand widespread standard is SNMPv2. SNMP 1is being and continuously, but theDem current Chapter Enterpr ise Though any implementation must provide the basic features of the manager and agent, vendors are Chapter Window s Teras minal vices free to 2add-functionality theySer see fit based on the needs of the platform. SNMP has the following Chapter 3 - and Citr ixlimitations. MetaFr am e Access Suite advantages Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Some advantages include Pr eparof ingSNMP Your Or ganization for an On- Dem and Enterpr ise -

Chapter 4

I mplem ent ation It works in -its limited scope and easy toArchitect extend.ure Chapter 5 - well Ser ver Based Computing Datais Center Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Agents are ubiquitous on network equipment and operating systems.

Chapter 8 specifications - Security are simple and easy to implement. The Chapter 9 - Net w or k Managemen t

anSe agent Pa r t I The I I - I performance m ple m ent ing overhead a n O n-D e mof a nd r ve r -is Baminimal. se d Com pu ti ng Envi r onm e nt Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

A polling approach to collecting data is good for managed objects on a LAN.

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 12 -include Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Limitations Chapter 13 - Application I nstallation and Configur at ion

Weak Chapter 14 security! - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

It is very limited in scope and does not scale well in large implementations.

Chapter 16 - Securing Client Access Chapter Its 17 unique - Net messaging wor k Configur structure at ion makes it hard to integrate with other management tools. Chapter 18 - Pr int in g

Polling can cause a large bandwidth overhead in large networks.

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 many - Migrvendor-specific ation to Window sextensions 2003 and to Citreach ix MetaFrame It has standardXP MIB. Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir onment Note SNMPv1 and SNMPv2 can coexist by implementing a so-called SNMP Proxy to convert Pa r t I V - Appendi x es formats. Many manufacturers of monitoring tools, such as Hewlett-Packard, message Appendix A include - I nter netw ing Basics suchorakproxy with their standard offerings. Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Remote Monitoring Agent

I ndex

List of Figur Defined ines RFC 1757, Remote Monitoring Agent (RMON) is an extension of the most current SNMP List of structure Tables (MIB II) and attempts to address many of its limitations. RMON collects nine types of MIB List information: of Case Studies List of Sidebars

Host table of all addresses Host statistics Historical data Alarm thresholds

Configurable statistics Traffic matrix with all nodes

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

00 3 : Th e O ff icial Guid e "Host top N" 2tables by Steve Kaplan et al.

ISBN:0072195665

McGr aw -Hill © 2003 (724 pages) Packet capture/protocol analysis This guide ex plains how to build a r obust, reliable, and

Distributed logging events scalableofthinclient com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

RMON represents learn the tnext o centr generation alize application in network managem monitoring ent, r educe and addresses soft w ar e the need for network on the desktop,and and performance mor e. planning, fault troubleshooting, tuning better than any other current monitoring implementation. additional capabilities < ?xm l version= " 1.0"The encoding= " I SO8859- 1" ?>of RMON change the agent-manager paradigm somewhat. Since sending richer data packets over the network would increase the SNMP demand for bandwidth Ta ble o f Con t en t s significantly, implementations of RMON typicallyOfficial "smarter" Citr ix MetaFr am e Access Suite for Window s agents Ser v er are 2003—The Guidethan their SNMP counterparts. That is, more processing is done on the agent platform, and only aggregated information is sent over For ewor d the network. The trade-off is that more processing power is needed on the agent platform. I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

CMIP

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Similar to RMON, the complexity required of a Common Management Information Protocol (CMIP) - Window s Ter minal Ser vices agent and the potential amount of information the agent sends over the network are high. It is a Chapter 3 - Citr ix MetaFr am e Access Suite common feature in telecommunications equipment specifications, but it is rarely used in practice. It Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion was probably included due to the fact that messages can be sent over an alternate channel from Pr epar ing Your Or ganization for an On- Dem and Enterpr ise those used Chapter 4 - by data. Chapter 2

I mplem ent ation

Chapter 5 SNMP - Ser ver Based Computing Data Center Architect ure Note is -common in telecommunications equipment, even though the ISO standards say it Chapter 6 shouldn't - Designing Netw or k for ver- Based Com putbytes ing are an out-of-band communications be. Your For example, theSer Sonet D1+D2+D3 Chapter 7 channel - The Client onment usedEnvir to communicate control and management information between Sonet Chapter 8 equipment. - Security According to the Sonet specifications, CMIP is used over this channel. If you look

networks, Chapter 9 at- actual Net w orSonet k Managemen t the D1+D2+D3 channel is actually carrying either Bellcore's old command language, Pa r t I I I - I mASCII ple m ent ing a n O n-D e m a nd or Se rSNMP. ve r - Ba se d Com pu ti ng Envi r onm e nt Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

CMIP functions similarly to SNMP in that it sends an alert if certain thresholds are reached or a fault is detected.

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Some advantages of CMIP are Chapter 14 - Client Configur ation and Deploym ent

Its 15 object-oriented approach making extensions relatively easy to accomplish and Chapter - Pr ofiles, Policies, and is Prvery oceduordered, res manage. Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

It supports communication between managers as well as managers and agents.

Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment It supplies a standard framework for automation. Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Limitations include Ongoing Administr ation of the Ser v er - Based Com puting

Chapter 21 -

Envir onment

It is not widely supported in the data-networking world.

Pa r t I V - Appendi x es

Appendix I nter netw or k ing Basics and puts high demands on the agent platform. It is Athe- most complex protocol Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Its sheer complexity alsoDem means that CMIP implementations Appendix C - Creating an Onand Enterpr ise Subscr iption Billing from Modeldifferent vendors frequently I ndex cannot communicate. List of Figur es

Its extensible messaging architecture can cause high network bandwidth utilization.

List of Tables

List of Case Studies List of Sidebars

Cit rix Me t aFra mEnvironment e Access Su it e fo r W in doServer-Based w s Ser ver System Management for Computing 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 Steve Kaplan et al. In a server-basedbycomputing environment, where information resources are centralized, the need for McGr aw -Hill © 2003 pages) the frequency of unscheduled downtime is more tools and procedures that serve to (724 decrease important than ever. organizational on-demand and full, secure control of ThisThe guide ex plains how mandate to build a for r obust, reliable, computing and scalable thinclient com putingnecessary envir onment and deploy the environment dictates that the operations to support an SBC environment have more in Windows 2003(NOC) Ser v erofand amservice e. Also provider (ISP) or commercial common with theWindows Network2000/ Operation Center an MetaFr Internet learn t o centr alize application managem ent, r educe soft w ar e hosting service than withdesktop, a traditional, distributed corporate network. It is no longer acceptable for IT on the and mor e. staff to discover problems after they occur, as an audit function. They must have tools and procedures < ?xm l version= " 1.0" encoding= SO- 8859-on 1" ?> in place to perform predictive" Ianalysis potential problems and to isolate and contain problems Taduring ble o f the Controubleshooting t en t s process. An effective systems management environment will address these Citr ix MetaFr am e measurement Access Suite forofWindow s Ser vsystems er 2003—The Official Guide needs through the various and through the enforcement of service level For ewor d agreements. The data collected during measurement can be used in troubleshooting and making I ntr oduction For example, if a MetaFrame server crashes due to an application fault, the Citrix RM corrections. Pa r t I - Ov er vi ehave w of recorded Ente r pr isewhich Se r ve applications r - Ba se d Com put in grunning at the time of the crash. Without this package will were I ntr oducing Ser ver -Based Com puting and th e On- Dem and information, Chapter 1 - it would be challenging to find the crash's exact cause. An effective SME has the following objectives: Enterpr ise

Chapter 2

- Window s Ter minal Ser vices Improving the availability performance of the SBC resources. Chapter 3 - Citr ix MetaFr am e and Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Lowering the cost of IT maintenance and support services.

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Providing a service-level view of SBC resources.

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6 - Designing Your Netw for Serup verBased put ingand IT staff, but also any group affected The "people" part of the three Psorisk made not onlyCom of users Chapter 7 - Thebeing Clientdelivered. Envir onment by the services For many organizations, this means external customers, business

partners, even competitors. The SLAs associated with the services being delivered, and the Chapter 8 and - Security associated the "process" part of the three Ps and are, collectively, the tool that shows Chapter 9 -reports, Net w or kare Managemen t whether preceding "product" consists Pa r t I I I - Ithe m ple m ent ing aobjectives n O n-D e m aare nd being Se r ve rmet. - Ba seThe d Com pu ti ng Envi r onm eof ntall

the hardware and

software deliver the SLAs. Any technology utilized in Chapter 10necessary - Pr oj ect to Managing and information Deploying anneeded Enter prto isemeasure SBC Envirthe onment the SME meet the following basic requirements: Chapter 11should - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Provide a central point of control for managing heterogeneous systems A "central point" Chapter 14 Client Configur ation and Deploym ent refers to one tool or collection mechanism used to gather information from all sources. The actual Chapter 15 repository - Pr ofiles,could Policies, and Pr ocedutores data be distributed multiple locations where administrative activity takes place. Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

Allow event management across heterogeneous systems and network devices The toolset should support all the common operating system and network hardware platforms and provide Chapter 19 - extensibility Disaster Recovery and Business Continuity in the SBCifEnvir onment enough for custom interfaces to be configured, necessary. Chapter 18 - Pr int in g

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 - service-level views of any portion of the infrastructure A "service-level view" is an Provide Envir onment

of Pa r t I aggregation V - Appendi x es

lower-level events that correlate to show the impact of various failures in terms of

an established SLA. Appendix A - I nter netw or k A ingmessage Basics stating "Server 110 has crashed with an unknown error" has far lessBmeaning than hasAnalysis decreased by 10 percent" and "Application Appendix - Creating an"Application On- Dem and service Enterpr capacity ise Financial Model services for usersanin OntheDem Sanand Antonio region haveiption been Billing interrupted." Appendix C - Creating Enterpr ise Subscr Model I ndex

To further refine these requirements, more detail on the exact duties to be incorporated in the SME is

List of Figur es needed. Defining in specific terms what will be measured and how it will be measured will greatly aid in List of Tables the selection of the proper technology. We will discuss SME tools later in the chapter. List of Case Studies List of Sidebars

Configuration Management Arguably, the most common problem in managing distributed computer systems is configuration management. Even companies with very organized IT staffs can have complete chaos on the desktop with regard to which application or application versions are installed and which changes to the operating system are allowed. In an SBC environment, the chaos, so to speak, is limited to the data centers, but the need for configuration management is even greater. If a user changes a setting on his PC that causes it to crash, that user experiences unscheduled downtime. If an administrator makes a

change to a MetaFrame server that causes it to crash, every user currently logged on to that server experiences unscheduled downtime. An effective SME must have in place controls to restrict and audit changes within the center. should have the following Citdata rix Me t aFra A m configuration e Access Su itmanagement e fo r W in do wsystem s Ser ver characteristics: 2 00 3 : Th e O ff icial Guid e ISBN:0072195665 by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages) A clearly defined operational baseline The baseline defines the starting point for the guide ex plains how to build a r obust, reliable, and managementThis process. scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o system centr alizeA application ent, submitting, r educe soft w ar e A change tracking process formanagem requesting, prioritizing, approving, and on the desktop, and mor e.

testing changes to the operational baseline. Once a change has completed the process, it < ?xm l version= " I SO- 8859- 1" ?> becomes" 1.0" part encoding= of the baseline. Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Defined categories and priorities for changes For example, some changes need to be tracked, such as changes to group membership and administrative rights, but can be safely implemented I ntr oduction as an extension of the current baseline. Others must be implemented very quickly and may disrupt Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g user activity, such as critical security patches. From a software management perspective, most I ntr oducing Ser ver -Based Com puting and th e On- Dem and organization configuration management systems differentiate between patches, enhancements, Chapter 1 Enterpr ise and major revisions, and often employ a "release" process where any or all of these must be Chapter 2 - Window s Ter minal Ser vices tested and certified in a development/test environment before implementation in production Chapter 3 - Citr ix MetaFr am e Access Suite systems. For ewor d

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Chapter 4

-

Chapter 8

- Security

Implementation I mplem ent procedures ation Necessary steps that must be taken before implementation, such as how the- Based current state before change, how toure decide if a change is not working, how to Chapter 5 to-save Ser ver Computing DataaCenter Architect back out of a change, and how to use collected information Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing to modify the original change request and resubmit it. Envir onment Chapter 7 - The Client Modern computing environments are far too complex for an automated tool to check and restrict any - Net w or k Managemen t change. A combination of an effective automated tool and "best practice" procedures for change Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt management is the key to a successful configuration management function. Chapter 9

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Security Management

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Security management serves to ensure that users only have access to the applications, servers, and other computing resources they are authorized to use. Again, a combination of automated tools and Chapter 15 policies - Pr ofiles, Pr ocedu res employee arePolicies, called and for. The implementation of an Internet firewall to prevent unauthorized Chapter 16 Securing Client Access external access will do nothing to prevent a disgruntled employee from accessing and publishing Chapter 17 - information. Net wor k Configur ioncombination of automated internal system limitations, effective confidential Only atthe Chapter 18 Pr int in g monitoring, published "acceptable use" policies, and committed enforcement of those policies can Chapter - Disaster Recovery and Business Continuity in the SBC Envir onment serve to19deter such unforeseen incidents. Chapter 14 - Client Configur ation and Deploym ent

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Alerting

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

As in Pa r t we I V -discussed Appendi x es

Chapter 8, it is not enough simply to log attempts to bypass security within the SBC

environment. An effective SME should include a network management tool that will actively alert the Appendix A - I nter netw or k ing Basics appropriate a security ofise sufficient detected. For example, say an Appendix B - personnel Creating anif OnDem andbreach Enterpr Financialseverity Analysisis Model

employee where his group information is stored and figures out how to Appendix C discovers - Creatingthe an registry On- Dem settings and Enterpr ise Subscr iption Billing Model

change that value to Admin without using the management console. First, the registry should not allow the change to be made by that user because it has been locked against changes by anyone not List of Figur es currently in the Admin group. However, if the change is somehow made, the system should log an List of Tables event in the event log (auditing). The management agent program on that system should watch the List of Case Studies event log, detect the event, and send a page to the security administrator. Alternatively, the offending List of Sidebars user's account could be locked, as shown in Figure 9-3. I ndex

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Figure 9-3: A security alert within an SME

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

IP Address Name - Citr ix and MetaFrHost am e Access Suite Management

Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

In a large enterprise network, managing the identity of each node on the network can be a daunting

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 -network management tools will "autodiscover" nodes on the network, but this task can be task. Many I mplem ent ation

laborious chew up processing and network unless the addressing and naming Chapter 5 and - Ser ver - Based Computing Data Centerbandwidth Architect ure

schemes are well ordered. An effective SME will include policies for standard naming practices as well - Designing Your Netw or k for Ser ver- Based Com put ing as an efficient IP addressing scheme. There are several common attributes for host naming that must Chapter 7 - The Client Envir onment be considered: Chapter 6 Chapter 8

- Security

Chapter 9 namespace - Net w or k Managemen t The must be self-documenting. If you need to refer to a cross-reference chart to Pa r t I decode I I - I m ple m ent ingname, a n O n-D a nd Se r ve r -is Banot se dadministratively Com pu ti ng Enviusable. r onm e ntAs the host thee m namespace

a minimum, the

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise and SBC peripheral Envir onment namespace should self-document the server, client, (printer) pieces of the network Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices infrastructure. Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

For13Windows environments thatand use Active atDirectory and DNS: Chapter - Application I nstallation Configur ion Chapter 14 - Client Configur ation and Deploym ent

Ensure only valid characters are used (no underscores).

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 Keep - Securing it short.Client DNS,Access and hence Active Directory, namespace prepend data. A fully qualified

named CitrixServer01-Win-Seattle.Child Domain.ParentDomain.com may be selfChapter 17 host - Net wor k Configur at ion but it is unmanageable (and nearly un-typeable). A host name of CTX01WChapter 18 documenting, - Pr int in g is far in more Chapter 19 SEA.ChildDomain.ParentDomain.com - Disaster Recovery and Business Continuity the usable. SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

For Windows environments that also use WINS:

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir onment NETBIOS host names are limited to 15 characters (a Microsoft specification).

Pa r t I V - Appendi x es

Appendix A Observe - I nter netw k ing Basics the or limitations on allowable characters (\ * + = | : ; " ? < >,are prohibited). Some Appendix B "allowable" - Creating NETBIOS an On- Demname and Enterpr ise Financial characters (@ # $Analysis % ^ & (Model )_' { } . ~ !)are incompatible with the

character setDem andand should notise be Subscr used. iption Billing Model Appendix CDNS - Creating an OnEnterpr I ndex

Try to match the NETBIOS name to the DNS host name.

List of Figur es

List of Tables Some ideas we have seen effectively used are List of Case Studies

host names based on department and geographic location, followed by a numerical value. List ofCreate Sidebars For example, a user's Windows terminal in the Seattle accounting division might have SEAWBTACC16 as a host name. Create host names incorporating the type of device. (To extend the preceding example, an LPR printer might be named SEALPR-ACC4 or SEAP-ACCHP8100.) Using octets within an IP address to map a host identity should be avoided. Although some limited identity can be established, this invariably leads to an IP address scheme that is neither

hierarchical nor extensible. Note Many large organizations use Dynamic Host Control Protocol (DHCP) and Dynamic Domain Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Name Service (DDNS) to dynamically assign IP addresses and host names, respectively, to 2 00 3 : Th e O ff icial Guid e network nodes. These services have several advantages, including automated host name ISBN:0072195665 by Steve Kaplan et al. standardization and reduction of the number of IP addresses in use at one time by assigning McGr aw -Hill © 2003 (724 pages) temporary ones from a pool. If you utilize these services in your organization, be aware that it This guide ex plains how to build a r obust, reliable, and may complicate the SME if the NMS you choose is not compatible with, or not aware of, scalable thin- client com puting envir onment and deploy these services. NMS must be ableSer tov discover and manage Windows An 2000/ Windows 2003 er and MetaFr am e. Alsodynamically assigned hosts, or you will have the problem of all ofmanagem these nodes learn t o centr alize application ent, rgoing educe unmanaged. soft w ar e on the desktop, and mor e.

Using Service Level Agreements

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Citr Asixwe MetaFr mentioned am e Access earlier, Suite a service for Window levels agreement Ser v er 2003—The definesOfficial the policies Guide and procedures that will be

used the SME. The execution of those policies and procedures will rely in equal parts on For eworwithin d automated I ntr oduction tools and "acceptable use" policies that the employees within the organization must abide by. within theSeSME the Pa r t IEmploying - Ov er vi e wSLAs of Ente r pr ise r ve r - will Ba sehave d Com putfollowing in g Chapter 1

effects:

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

User expectations will be much closer to the reality of how a particular service is delivered. - Window s Ter minal Ser vices Many users see the network as a public utility that has 100-percent uptime. This is a good goal but Chapter 3 Citr ix MetaFr am e Access Suite often is- not realistic. Publishing an SLA will show the users what is realistic and what their options Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion are if the service delivery doesn't conform to the SLA. After all, very few public utilities can show a Pr epar Your Or 100-percent ganization foruptime. an On- Dem and Enterpr ise track of ing sustained Chapter 4 record Chapter 2

I mplem ent ation

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

IT staff will slow. ITororganizations without SLAs tend to spend an inordinate amount of Chapter 6 - growth Designing Your Netw k for Ser ver- Based Com put ing time fires" Envir because service personnel don't know where the boundaries are for the Chapter 7 "fighting - The Client onment service are providing. Users don't know where those boundaries are either. The cumulative Chapter 8 - they Security

effect will inevitably try to get as much service as they can, and the service staff will try Chapter 9 is - that Net wusers or k Managemen t to satisfy the users by delivering as much as they can. This serves to increase the number of service personnel needed. Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter IT service 12 - Serquality ver Configur will increase. ation: Citr ixWhen MetaFr the amservice e Presentation is well defined Ser ver and understood by users and

service the delivery of that at service will be more consistent. This happens for a Chapter 13 - personnel Applicationalike, I nstallation and Configur ion couple reasons. First, the and people trained Chapter 14 - ofClient Configur ation Deploym ent to administer the systems have more time to pay attention toofiles, their Policies, effectiveand management Chapter 15 - Pr Pr ocedu res since they spend less time fighting fires. Second, the users' of the service will be more in line with its delivery, which will reduce the Chapter 16 expectations - Securing Client Access

number A at relatively new concept, Application Quality-of-Service (Application QoS), Chapter 17 - of Netcomplaints. wor k Configur ion is a measure of how effectively applications are delivered to the user and thus can be one measure of IT service quality in an SBC environment. Application QoS service level views can be Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment found in some of the network management tools we will discuss later in the chapter. Chapter 18 - Pr int in g

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir onment System Management Environment Architecture

Pa r t I V - Appendi x es

With what been defined far, we can now look in detail at some specific duties covered by an Appendix A has - I nter netw or k ing so Basics effectiveBSME for the data center. The overall should include, at a minimum, the functions Appendix - Creating an OnDem and Enterpr isearchitecture Financial Analysis Model described following sections the entire SBC iption infrastructure. Appendix C in - the Creating an OnDem andfor Enterpr ise Subscr Billing Model I ndex

Network Discovery

List of Figur es

List of Tables It would be incredibly tedious if you had to enter information about each node before it could be List of Case Studies managed. Fortunately, nearly every modern NMS tool provides the ability to actively discover List of Sidebars information about nodes on the network. Though most polling is TCP/IP-based, an effective NMS uses

a variety of other methods to discover nodes, including NetBIOS and SAP broadcasts. The basic philosophy is "anything that will work." The majority of nodes will respond somehow, and those that don't can be handled as an exception and entered manually. Network discovery is a function shared by both the agent and the manager, and is shown in Figure 9-4.

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter Figure 1 - 9-4: Network discovery Enterpr ise Chapter 2

- Window s Ter minal Ser vices

Chapter 3 - Citr ix MetaFr am e Access Suite Hardware and Software Inventory Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

This functionPr isepar similar to node discoveryfor in design but is much more ing Your Or ganization an On- Dem and Enterpr ise detailed. Once a node is I mplem ent ation the discovery process will interrogate the device to find out about the discovered and is identified, Chapter 5 and - Ser ver - Based Computing Data software hardware configuration. If fatCenter clientsArchitect must beure used, this can be an invaluable tool to "meter"6 software—that is, toNetw find or out if the of Com licenses Chapter - Designing Your k for Sernumber ver- Based put ing purchased matches the number of licenses can also in creating inventories of hardware that need to be upgraded for a Chapter 7 in -use. TheItClient Enviraid onment particular Similar functionality is available for peripheral and network devices. Hardware and Chapter 8 project. - Security software inventory is usuallyt rolled into the overall configuration management process. Chapter 9 - Net w ordata k Managemen Chapter 4

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Monitoring and Messaging Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

The most common agent function is to "watch" the system and look for problems as defined in a rule base. Ideally, this rule base is administered centrally and shared by all similar agents. The agent's job Chapter 13 an - Application Configur ion in the rule base is triggered, as illustrated in is to send appropriateI nstallation message and whenever anat item Chapter 14 Client Configur ation and Deploym ent Figure 9-5. These items can consist of both errors, or traps, and collections of information such as Chapter 15 - Pr ofiles, and and Pr ocedu traffic thresholds, diskPolicies, utilization, log res sizes. Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Figure 9-5: Agent monitoring With SNMP-based systems, the agent processes events and sends messages with little to no filtering or processing on the local system. This is acceptable because SNMP messages are typically small and not likely to flood the network. In systems with more intelligent agents, where much more detailed information can be collected, the agent has the added task of collating or summarizing the data before

sending it to the manager. Otherwise, the added traffic caused by unsummarized messages could cause a bandwidth utilization problem. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

Note SNMP 2uses standard UDP ports 161 and 162. Port 162 is reserved for traps only. As a 00 3 : Th e O ff icial Guid e result, it can be made subject to bandwidth utilizationISBN:0072195665 rules in a router (queuing) or in a by Steve Kaplan et al. device such as the Packeteer Packetshaper. Similarly, CMIP reserves UDP and TCP ports McGr aw -Hill © 2003 (724 pages) 163 for the agent and 164 for the manager. These ports are common, but your platform may This guide ex plains how to build a r obust, reliable, and use different ones. scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

Management bylearn Exception Negative Monitoring be soft a function t o centror alize application managemThis ent, rcan educe w ar e of an agent or a manager. Sometimes receiving piece on thenot desktop, andamor e. of information from a system is just as critical as receiving one. A system may become unresponsive without ever sending a trap. In cases like this, it is useful to < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> have a periodic "heartbeat"—a small message that says nothing more than, "I'm here." If the agent or Ta ble o f Con t en t s manager does not receive this heartbeat, an alert is generated for follow-up. We have found this type Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide of monitoring to be a crucial part of the SME since not all platforms send alerts when they are For ewor d supposed to. I ntr oduction

Pa r t I - Ov er vi e w of Enteand r pr ise Se r ve r - Ba se dNETMON Com put in program, g Network Monitoring Tracking The

which ships with versions of Windows,

I ntr oducing -Based Com puting andits th scope e On- Dem and can track traffic Ser at aver very detailed level, but is limited to the data streams coming into Chapter 1 network and going outEnterpr of theise server it is running on, or the similar nodes it can recognize. An SME must Chapter 2 network - Window s Terand minal Ser vices between any two arbitrary points. It should follow established measure traffic problems Chapter Citr ix MetaFr am e Access Suitepaths, such as between data centers, an Internet router, or rules to3 do -detailed monitoring on critical Pa r t I I - DeMetaFrame signi ng a n Ent e rpr i se SBC Solut ion database between servers and back-end

servers. Thresholds can be established that

Pr epar ing Your Or ganization for an On-send Dem and Enterpr ise thresholds are reached. In many serve to4 guarantee acceptable performance and alerts if those Chapter I mplem ent ation heavy reliance on network performance makes this one of the most ways, an SBC environment's Chapter - Ser verfunctions. - Based Computing Center Architect ure can provide critical data for predictive crucial 5monitoring EffectiveData monitoring in the SME Chapter - Designing Your Netw or for Ser ver- Based Com put ing analysis6 about when the network iskapproaching saturation before it ever happens. Figure 9-6 shows Chapter 7 - at The Client Envir how agents multiple sites onment can feed data to a centralized manager. Chapter 8 - Security Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List ofFigure Sidebars 9-6: Multisite network monitoring

Remote Diagnostics By using the MetaFrame shadowing function, administrators can attach to and run a user's session anywhere on the network from a central location. Similarly, an SME should offer the ability to attach to network equipment and perform basic operations, such as uploading and downloading configurations and rebooting. If a particular node cannot be reached, the SME should provide enough data from surrounding nodes to determine what is wrong with the unresponsive equipment.

Data Collection rix Me t aFraduty m e Access Su it e data fo r Wcollection in do w s Ser ver primary responsibility of the While monitoringCit is the primary of the agent, is the 2 00 3 : Th e O ff icial Guid e manager. The manager must record all incoming information without filtering, or auditing could be ISBN:0072195665 by Steveinformation Kaplan et al. compromised. Relevant can be easily extracted from the manager's database using query McGr aw -Hill © 2003 (724 pages) and reporting tools. This guide ex plains how to build a r obust, reliable, and and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e There should be on a function above the level of the manager or managers (see Figure 9-7) that collates the desktop, and mor e. scalable client com puting envir onment Data Collation and thinEvent Correlation

data from all sources and compares this data with established patterns and rules. This type of collation < ?xm l version= " 1.0" encoding= " I SO- the 88591" ?> have been correlated, the result can be expressed in is called event correlation . When events Taterms ble o f of Con ts ant en SLA. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Figure EventRecovery correlation Chapter 19 - 9-7: Disaster and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting For example, Chapter 21 - a large enterprise network has a router failure between a large regional office and the Envir onment main data center. The router sends a trap saying that the memory stack has been corrupted. Pa r t I V - Appendi x esthe router Immediately after

goes down, several other traps indicating that the regional office cannot

Appendix A - are I nter netw or k ing Basics be reached sent from surrounding nodes at the data center. The manager in the data center Appendix B Creating an OnDem and in Enterpr Financial Analysis collects several hundred messages only aisefew minutes. At theModel point the first critical message is Appendix Creating an Onand Enterpr iseisSubscr iption Billing Model receivedCby- the manager, anDem automatic page sent to the system administrator on duty. When the I ndex system administrator logs on and begins investigating the problem, he sees the hundreds of messages

in the database. Fortunately, the event correlation function has categorized the different messages for List of Figur es him. checks the display of service level views and sees that the SLAs for network connectivity and List of He Tables application services to the regional office are not being met. His reaction to these issues is defined in List of Case Studies theofSLA for the associated service. Now he can use filtered queries to examine the detailed messages List Sidebars from across the network in order to solve the problem.

Note Though having service level views into problems is extremely useful, sometimes getting the information as soon as it is sent by an agent is more desirable. It is perfectly acceptable to Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver define certain key events from key agents so that they travel the entire escalation path 2 00 3 : Th e O ff icial Guid e directly to an administrator for follow-up. It is even possible to define some agents so that ISBN:0072195665 by Steve Kaplan et al. they send a page at the same time that a trap is sent across the network. (Sometimes bad McGr aw -Hill © 2003 (724 pages) news needs to travel faster than good news for an SLA to be met.)

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Other SME Functions Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e A few additional functions common ane.SME take on slightly different roles when applied to the SBC on the desktop, andto mor

infrastructure. We discuss these next.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaSoftware ble o f ConDistribution/Unattended t en t s Install When thinking in terms of a thin client, MetaFrame Citr ix MetaFr amfunction e Access of Suite for Window s Ser v erThere 2003—The Official to Guide performs the software distribution. is no reason distribute an application any For ewor dthan the server farm when nothing is running on the desktop except the ICA Client. Thus, the further I ntr oduction need for unattended installation of desktop software loses its importance (security updates and core Pa r t Iupdates - Ov er vi remain e w of Ente r pr ise Se rEven ve r - Ba se daCom put in g OS important). with server farm

containing 50 servers, it is not that difficult to

I ntr oducing Ser ver -Based Com This puting and th Onand proposition with 5000 desktops. install applications manually if necessary. would bee a farDem different Chapter 1 Enterpr ise

Note it isminal not necessary Chapter 2 Fortunately, - Window s Ter Ser vices to install applications manually on your server farm. We will streamlining Chapter 3 discuss - Citr ix methods MetaFr amfor e Access Suite this process in Chapters 12 and 13. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

If you don't have the luxury of taking the entire enterprise to thin-client devices, software distribution

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 and installation are more important and should be considered a critical part of the SME. We will I mplem ent ation

discuss5 this- function as part of the tools discussion later inure the chapter. Figure 9-8 shows software Chapter Ser ver - Based Computing Data Center Architect

distribution -inDesigning a thin-client network, while Figure 9-9 shows the same function in a traditional distributed, Your Netw or k for Ser ver- Based Com put ing or fat-client, network. For Enterprises that need remote security and core OS updates, Microsoft Chapter 7 - The Client Envir onment provides a new service, the Software Update Service (SUS), that links to Windows update and allows Chapter 8 - Security administrators to apply a subset of Microsoft's Systems Management Server (SMS) capabilities to Chapter 9 - Net w or k Managemen t Windows 2000 clients and servers, Windows Server 2003, and Windows XP. Chapter 6

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Figure 9-8: Software distribution in an SBC environment Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Figure 9-9: Software distribution in a distributed network

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Software Similarly, software meteringatbecomes far simpler in a server-based computing Chapter 13 Metering - Application I nstallation and Configur ion environment. All the applications areDeploym runningent on the server farm, and administrators can use Citrix RM Chapter 14 - Client Configur ation and to determine which are and running which Chapter 15 - Pr ofiles,users Policies, Pr ocedu res applications. Furthermore, scripting techniques can be

used to assign application access to user groups and to lock down the desktop to the point where users cannot run unauthorized applications. PowerFuse, one of the "security" tools mentioned in Chapter 17 - Net wor k Configur at ion Chapter 8, has an added benefit of allowing an application to be published to a large number of users Chapter 18 - Pr int in g while restricting concurrency to stay within licensing limitations. We will discuss these methods in Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapters 12,13,15, and 20. Chapter 16 - Securing Client Access

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Ongoing Administr software ation of the Ser v er - becomes Based Commuch putingmore complex and difficult to In a distributed client network, metering Chapter 21 Envir onment manage. Typically, an agent running locally on the desktop takes on the task of conversing with a Pa r t I V - Appendi x es manager and determining

whether a user is authorized to run a particular application. The agent also

Appendix A punitive - I nter netw or k ing Basics takes any measures necessary. Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

DesktopC Lockdown A common function ofise SME tools has Billing historically Appendix - Creating an On- Dem and Enterpr Subscr iption Modelbeen to lock down the desktop so that users cannot install unauthorized applications or make changes to the local operating system I ndex thatofwould make it unstable or affect performance. Chapter 15 discusses desktop lockdown of the List Figur es

MetaFrame XP servers using Group Policies and profiles as well as third-party applications like RES PowerFuse, AppSense, and triCerat. In a distributed environment, these same tools, in addition to List of Case Studies other major SME tools from Microsoft and HP, provide this functionality for each desktop. List of Tables

List of Sidebars

Desktop Remote Diagnostics In the past, remote control tools such as PCAnywhere from Symantec were used to connect to a user's desktop and allow an administrator to see what the user sees. With MetaFrame, the session shadowing feature built into the ICA session protocol provides this functionality from a central location in an efficient manner.

Management Reporting

The parts of the SME architecture presented so far have dealt mainly with collecting information and controlling the environment. Publishing and sharing the collected information and the results of those efforts for controlCit are important. The Su value ofr management increases the more it is rixjust Meas t aFra m e Access it e fo W in do w s Serinformation ver shared. The IT staff a policy 2 00should 3 : Th e adopt O ff icial Guid eof "no secrets" and share information in terms of measured SLAs with users and management. That being said, it is also important to present the information ISBN:0072195665 by Steve Kaplan et al. formatted appropriately for the audience. Management typically is most interested in bottom-line McGr aw -Hill © 2003 (724 pages) information and would not find a detailed network performance graph very useful. A one- or two-page This guide ex plains how to build a r obust, reliable, and report listing eachscalable servicethinlevel andcom the puting key metrics used toand show whether that service level is being client envir onment deploy Windows 2000/ Windows 2003make Ser v er MetaFr am e. Also met would likely be more appropriate. Users upand a diverse group in most large organizations, centr ent, r educe softWe w ar ehave found that publishing making it prudentlearn to errt oon thealize sideapplication of showingmanagem too much information. on the desktop, and mor e. the user SLA reports on a corporate intranet is a convenient method since it provides a central location < ?xm version= " 1.0" encoding= I SO- 8859-method 1" ?> for lthe information. If a more" proactive for distributing the information is desired, the URL for Tathe ble intranet o f Con t page en t s can be e-mailed to the users. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Note For ewor d The format of your reports should not be determined by the capabilities of the measurement and reporting tools. The report should reflect the results of business-driven service level agreements in order to be useful to their recipients. If your SME tools can produce the Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g reports using this format, so much the better. If they cannot, don't be afraid to process some I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 of- the reporting data manually until an automated system can be worked out. Enterpr ise I ntr oduction

Chapter 2

- Window s Ter minal Ser vices

Communication Plan Part of effective reporting is establishing a communication plan. A - Citr ix MetaFr am e Access Suite communication plan can also be thought of in this context as a "reporting SLA." You must decide who Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion is to receive the reports, at what frequency, and at what level of detail. If interaction between individuals Pr epar ing Your Or ganization for an On- Dem and Enterpr ise or groups Chapter 4 for - review or approval is needed, define how this is going to happen and document it as part I mplem ent ation of the plan. One very effective approach that is gaining popularity is to use the MetaFrame Secure Chapter 5 - Ser ver - Based Computing Data Center Architect ure Access Manager (MSAM) access product (discussed in detail in Chapter 16) to dynamically publish Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing these reports to users, based on their role login, via a web interface that also contains other useful Chapter The job Client Envir onment content7 for -their function. Chapter 3

Chapter 8

- Security On the 9subject what to publish,t we have found the following reports to be very useful. Chapter - Netof w or k Managemen Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Daily Reports The idea behind a daily report is to provide users and management with a concise view of performance against SLAs. The report should show only key indicators for each SLA. Sometimes Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices called a hot sheet, this report should only be one or two pages in length. Figure 9-10 shows an Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver example of such a report. The ideal delivery mechanism for such a report is on an intranet site (such Chapter 13 - Application I nstallation and Configur at ion as an MSAM site, as discussed earlier) or through e-mail. Enterprises often combine the hot sheet with Chapter 14 - Client Configur ation and Deploym ent other pertinent information that may effect user service over the next 24 to 72 hours, such as downtime Chapter 15 - configuration Pr ofiles, Policies, and Pr ocedu res configuration management process. or approved changes from the Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List ofFigure Figur es9-10: A daily report or hot sheet List of Tables

Periodic Periodic reports should have more detail than daily reports. At whatever interval is List of CaseReporting Studies defined in the communication plan, detailed performance information should be published to users List of Sidebars and management. This type of report should show all indicators used to measure SLA performance. The data used to generate this type of report is also used for predictive analysis or trending. For example, periodic views of disk space utilization will show how fast new disk space is consumed and when new storage should be put online. Trend reports allow you to stay ahead of demand and avoid resource-based outages.

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Enterprise Cit SME Tools 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 Steve Kaplanofettools al. in this discussion: system We consider two by classifications management tools and framework -Hilldesigned © 2003 (724topages) tools. FrameworkMcGr toolsaware manage virtually all components in the enterprise, including servers, routers, backplanes, and anything with aa local management This guide ex plains how to build r obust, reliable, and agent. Framework tools can scalable com puting envir onment and deploy integrate with other tools thinsuchclient as those for help desk call tracking. They are designed to be extensible Windows 2000/ Windows 2003 Serto v er and them MetaFrto am e. Also equipment that otherwise and often come with a built-in scripting capability allow manage learn t o centr alize application managem ent, r educe soft w ar e wouldn't be. Examples such tools on the of desktop, and include mor e. HP OpenView, Tivoli Netview, and CA UniCenter TNG. Framework tools can include targeted component programs for doing specific functions, and they < ?xm l version= encoding= " I SO- 8859- 1" ?> However, they are really intended for large enterprise often overlap" 1.0" with system management tools. Tanetworks. ble o f Con t en t s

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Note For ewor d The Citrix MetaFrame Network Manager integrates into enterprise framework tools. I ntr oductionCurrently, Network Manager requires Citrix MetaFrame XPe (not XPa or XPs) with Feature

3 (recommended), base Pa r t I - Ov erRelease vi e w of Ente r pr ise Se r ve r - BaMicrosoft se d Com put in g SNMP

service, and compilation of the Citrix MIBs intoI ntr theoducing framework manager's MIB database. support is limited to Ser ver -Based Com puting and th eNetwork On- Dem Manager and Chapter 1 Windows-based Enterpr ise versions of the framework management platforms. Chapter 2

- Window s Ter minal Ser vices

System management tools are far more targeted in scope and typically focus on only part of the - Citr ix MetaFr am e Access Suite infrastructure. Examples of such tools are MetaFrame Resource Management (RM), CiscoWorks Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion 2000, Microsoft Operations Manager (MOM), and Microsoft System Management Server (SMS). Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter System4 management I mplem enttools ationfit well within a large management framework. Since framework tools often sacrifice deep functionality for broad coverage, combination of the two is often required. This Chapter 5 - Ser ver - Based Computing Data Centerthe Architect ure paradigm of cooperative management tools is covered in depth in the white paper entitled Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing "Complementing Enterprise Management Platforms with Microsoft SMS," available from D. H. Brown Chapter 7 - The Client Envir onment Associates (www.dhbrown.com). Since this book's focus is on MetaFrame and Terminal Services, we Chapter 8 - Security will provide a detailed look at RM, MOM, and SMS and leave the evaluation of framework tools to the Chapter 9 - Net w or k Managemen t reader. Chapter 3

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

MetaFrame Resource Management

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

RM is the only management product specifically designed for MetaFrame and Terminal Services. It is an invaluable tool for collecting information in a session-based format on applications in use and Chapter 14 - Client Configur ation and Deploym ent system resources consumed. Its key features include audit trail capability, system monitoring, and Chapter 15 - Pr ofiles, Policies, and Pr ocedu res billing reports. Chapter 13 - Application I nstallation and Configur at ion

Chapter 16 - Securing Client Access

RM can17be-used with most ODBC-compliant databases such as Microsoft SQL Server and Oracle. A Chapter Net wor k Configur at ion wide range Chapter 18 - ofPrdata int in gis captured, including applications used and the time they are in use, as well as logs of 19 connections, and duration. Chapter - Disaster disconnections, Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Tip We recommend creating a file Data Source Name (DSN) (as opposed to a system DSN)

Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 because it saves time when setting up multiple servers. The DSN definition file can be placed Envir onment

on a file server and loaded on each MetaFrame server as needed. We also recommend setting the database to purge data automatically every few weeks or so if billing is not being Appendix A - I nter netw or k ing Basics used. If billing is being used, it will purge the data as part of its process. Pa r t I V - Appendi x es

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption such Billingas Model Many graphs can be created from various system metrics, application ranking and system I ndex utilization over time. The following shows some of the report types that are available: List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e ISBN:0072195665

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr30 oducing Ser ver -Based Com metrics puting and e On- Dem and with green, yellow, or red status RM tracks real-time performance andthdisplays them Chapter 1 over Enterpr ise indicators. One or multiple servers can be monitored from the same screen. Event thresholds can be Chapter 2 and - Window s Ter minal Ser vices defined, when reached, RM can send out an SNMP message, page, or e-mail. Chapter 3 - Citr ix MetaFr am e Access Suite

The alarm profile was Pa r t I Caution I - De signi ng adefault n Ent e rpr i se SBC Solut iondesigned for

a small server with a light load. A new profile

Chapter 4

needs to be created after collecting baseline of information for a few days or weeks. Pr epar ing Your Or ganization for an On-aDem and Enterpr ise period should be long enough to get a representative sample of usage. The problem IThe mplem ent ation

Chapter 5

is that counters fluctuate wildly, and unless the alarm profile thresholds are set - Ser ver - certain Based Computing Data Center Architect ure

Chapter 6

high enough, will alarms frequently. - Designing YourRM Netw or kgenerate for Ser verBasedtoo Com put ing

Chapter 7

- The Client Envir onment

If your organization wishes to use a charge-back model, the RM billing services can be used. Fees can - Security be tracked for connection time and various types of system utilization. Users can be grouped into cost Chapter 9 - Net w or k Managemen t centers for reporting. Chapter 8

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 is - Pr oj ectinManaging and Deploying Enter pr ise SBC Envir When RM used a server farm, the data an collection service runs onment in the background of each Chapter 11 - server, Ser ver as Configur ation: Windows Ter m inal Serv ices MetaFrame shown in Figure 9-11. Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List ofFigure Tables 9-11: RM architecture List of Case Studies List of Sidebars

Microsoft System Management Server SMS 2.0, the current version of System Management Server, provides its services through interaction with the underlying Windows Management Instrumentation (WMI), though it does have limited ability to receive and read SNMP and CMIP messages. SMS 2.0 adds significant features for Enterprise users, to include Active Directory integration and services optimization for low-bandwidth remote users.

Windows Management Instrumentation WMI is an implementation themDesktop Task (DMTF) Web-Based Enterprise Cit rix Me tof aFra e AccessManagement Su it e fo r W in do wForce's s Ser ver Management (WBEM) It utilizes 2 00 3 : initiative. Th e O ff icial Guid ethe Common Information model (CIM), also defined by the DMTF, to represent network nodes in an object-oriented fashion. SMS creates a global view of ISBN:0072195665 by Steve Kaplan et al. information resources using information gleaned from the network. It works very well for status McGr aw -Hill © 2003 (724 pages) reporting and does provide some downstream management in the form of remote control and This guide ex plains how to build a r obust, reliable, and diagnostics, software inventory, distribution and metering, inventory. scalable thin- client com puting envir onmentand and hardware deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

SMS is part of thelearn Microsoft t o centr BackOffice alize application suite of managem products. ent,It rcan educe provide soft w ar detailed e monitoring functions on of the desktop, and mor e. and store its accumulated information in a SQL Server for other members the BackOffice family database. A small client program acts as the SMS agent and provides the server with relevant < ?xm l version= " 1.0" encoding= " I SO- 88591" ?> statistical and error information. Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

SMS version 2.0 has been enhanced to support thousands of client nodes on a single server instance, though for purposes of practical deployment you will at least want to run a cluster of two servers.

For ewor d

I ntr oduction

Pa r t I -version Ov er vi e2.0 w of Ente r pr ise Se r ve r - Batoseinclude d Com put in g range SMS has been enhanced a wide

of support features, including

I ntr oducing Ser ver -Based Com puting and th e On- Dem and The Software Update Services Feature Pack. This is specifically designed to quickly and Enterpr ise

Chapter 1

-

effectively applyscritical security updates for Windows and Office. This Feature Pack provides the Chapter 2 - Window Ter minal Ser vices following tools: Chapter 3 - Citr ix MetaFr am e Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Security Update Inventory Tool

Chapter 4 Chapter 5

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Microsoft Office Inventory Tool for Updates

- Ser ver - Based Computing Data Center Architect ure

Chapter 6 Distribute - Designing Your Netw or k forWizard Ser ver- Based Com put ing Software Updates Chapter 7 - The Client Envir onment

Web Reporting Tool with Web Reports Add-in for Software Updates Chapter 8 SMS - Security Chapter 9

- Net w or k Managemen t

Management of most Microsoft OS platforms. The native Microsoft SUS cannot manage patch deployment for Win9x of WinNT systems; SMS can.

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Chapter 11 Windows - Ser ver 2000, Configur ation: Windows Ter m inal Serv icesservice, makes it possible to use Group Microsoft together with the Active Directory Policy to GroupCitr Policy is designed primarily to Chapter 12manage - Ser verdesktops. Configur ation: ix MetaFr am e Presentation Sergive ver organizations better control over

user and settings, and thus it easier Chapter 13 computer - Application I nstallation andmake Configur at ion to standardize desktop operating environments. Group Policy can also be used install software Chapter 14 - Client Configur ationtoand Deploym ent on certain machines. Although Group Policy can scale to15meet needs of organizations of any size, its software distribution features are very limited Chapter - Prthe ofiles, Policies, and Pr ocedu res in their 16 functionality, areAccess intended primarily for smaller organizations. Medium-sized and large Chapter - Securingand Client

organizations willwor find the advanced Chapter 17 - Net k Configur at ion software distribution features of SMS meet their needs far better than Group Policy, providing benefits such as

Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Complete hardware and software inventory for effective planning of software rollouts Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Rich targeting based uponation this inventory software pieces get to the right users Ongoing Administr of the Ser to v erensure - Based the Comright puting Envir onment and machines

Chapter 21 -

Pa r t I V - Appendi x es

A complete for tracking success and failure of distributions Appendix A - I nterstatus netw orsystem k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

A full scheduling system for determining when and how the software should be installed

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

I ndex A simple, web-based reporting tool for extracting all of this information List of Figur es

WAN-aware distribution components for ensuring that software can flow easily List ofAutomated, Tables your enterprise without adversely affecting your network List ofthroughout Case Studies List of Sidebars

The functionality provided by these tools is completely integrated with Systems Management Server inventory and software distribution to offer a simplified, largely automated solution for the deployment of security and Microsoft Office software updates.

Windows 2000 Server and Windows Server 2003 Management With Windows 2000 Server and Windows Server 2003, the WMI programs are built into the operating system. Active Directory provides a global view of resources and abstracts the resources available

from one server to be equally available to all users in a domain, or across domains. Cit rix Me t aFra mManager e Access Su it e fo r W in do w s Ser ver Microsoft Operations 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve Kaplan et al. is Microsoft's latest effort Microsoft Operations Manager (MOM) to migrate Windows platforms to McGr aw -Hill © 2003status. (724 pages) Enterprise management platform It provides the first true Microsoft "Enterprise" event management andThis reporting capabilities event management and alerting from multiple guide ex plains how by to integrating build a r obust, reliable, and scalable thinclient com puting envir onment deployManagement Console for a servers into a single entity. MOM works as a snap-in to the and Microsoft Windows 2000/ Windows 2003 every Ser v erMicrosoft and MetaFr am e. environment, Also consistent look and feel and supports virtually server from multiple SMS learn t o centr alize application managem ent, r educe soft w ar e servers to Exchange 2000, to Terminal Services. To extend the functionality of MOM, Citrix has on the desktop, and mor e. released the Citrix MetaFrame XP Management Pack for the Microsoft Operations Manager (MOM) < ?xm l version= " 1.0" encoding= XP " I SO8859- 1"for ?> Microsoft Windows Management Instrumentation (WMI). 2000 and Citrix MetaFrame Provider TaThese ble o f products Con t en t sintegrate monitoring of MetaFrame XP servers and server farms into Microsoft Citr ix MetaFr am e Accessand Suite forCitrix Window s Ser v er greater 2003—The OfficialinGuide Operations Manager give customers flexibility managing MetaFrame XP server For ewor dMOM provides an extensible management interface for interoperability with UNIX systems. Most farms. I ntr oduction for the IT staffer: MOM is essentially ready to run (and generate reports and manage importantly Pa r t I - Ovout er viof e wthe of box. Ente Specific r pr ise Sekey r ve r features - Ba se d Com put in g events) include

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Distributed event management Chapter 2 - Window s Ter minal Ser vicesMOM 2000 captures a wide variety of system and applications

events-from Windows systems distributed across an Enterprise environment and aggregates them Citr ix MetaFr am e Access Suite into a central event repository. These events can be consolidated to provide administrators with a high-level view of server and service availability, while also allowing an operator to drill down easily Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter into4 the- detailed event I mplem ent ationstream, all from a single console view at their desk. Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6 -Administrator-created Designing Your Netw orrules k for in Ser ver- Based Com put ingManager 2000 allow the system to Rules Microsoft Operations Chapter 7 automatically - The Client Envir onment message streams, either to respond to a specific fault scenario react to incoming

with Chapter 8 a predefined - Security action, or to consolidate the messages into a more meaningful or significant event. allow MOMt 2000 to react intelligently to anticipated event patterns, triggering Chapter 9 -Such Net wrules or k Managemen ormadministrative alerts. Rules link pu antievent sequence Pa r t I actions I I - I m ple ent ing a n O n-D e m a nd Se r vecan r - Baalso se d Com ng Envi r onm e nt

to Citrix KnowledgeBase

articles, providingand operators with probable causes, the approved response to Chapter 10 - instantly Pr oj ect Managing Deploying anguidance Enter pr iseonSBC Envir onment a specific problem scenario links toTer additional information. Chapter 11 - Ser ver Configur ation:and Windows m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 -Any Application I nstallation at ion Alerts MOM 2000 rule canand be Configur configured to generate specific alerts with associated severity Chapter 14 Client Configur ation and Deploym ent levels. An alert can represent a single event or multiple events from many sources. At any time, Chapter - Pr ofiles, Policies, Pr ocedu an 15 administrator can drill and down on anres alert to trace its history, the events associated with it and any related KnowledgeBase Chapter 16 - Citrix Securing Client Access articles. In addition, alerts can optionally trigger e-mails, pages,

SNMP and scripts to notify specific system operators and other management systems of Chapter 17 -traps, Net wor k Configur at ion emerging Chapter 18 - Prissues. int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation 2000 to Window s 2003 and Citr MetaFrame Reporting MOM provides access to aix broad rangeXP of pre-configured reports and charts. The Ongoing Administr ation of the Ser v er Based Com puting reports Chapter 21 - generated allow administrators to review, at a glance, the status of systems and services Envir onment

on the network and to plan changes to the infrastructure based on performance and availability data. MOM 2000 can generate HTML snapshots of all generated reports. These can then be Appendix A - I nter k ing Basics exported to a netw weborserver for access from web browsers, meeting the requirement to make Appendix B Creating an On- Dem and user Enterpr isemanagement Financial Analysis Model performance data visible to the and communities. Pa r t I V - Appendi x es

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex MOM

and Citrix MetaFrame

List of Figur es

The List of Citrix TablesMetaFrame XP Management Pack is a plug-in to Microsoft Operations Manager that

enables system administrators to monitor the health and availability of MetaFrame XPe servers and List of Case Studies

server farms, and anticipate and react quickly to many problems that may occur. The Citrix MetaFrame XP Management Pack interprets and reports on information supplied by the Citrix MetaFrame XP Provider software that runs on MetaFrame XPe servers, and also on system events generated on XPe servers. The Citrix MetaFrame XP Management Pack provides system administrators with real-time event and performance monitoring of MetaFrame XPe servers and server farms, from the MOM Administrator console. The Citrix MetaFrame XP Management Pack also includes an extensive knowledge base, with links to Citrix KnowledgeBase articles and other sources of information, which administrators can use to interpret events and troubleshoot problems.

List of Sidebars

Figure 9-12 shows a typical MOM Administrator Console display of open alerts from Citrix MetaFrame servers. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 2

- Window s Ter minal Ser vices Figure MOM Chapter 3 - 9-12: Citr ix The MetaFr am eAdministrator Access Suite Console Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise The following Chapter 4 - key features are provided when MOM and the Citrix MetaFrame XP Management Pack I mplem ent ation

are integrated into an SBC environment:

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing Event The Citrix MetaFrame XP Management Pack captures a variety of events Chapter 7 -management The Client Envir onment

from Chapter 8 MetaFrame - Security servers and server farms. These events are collated and then presented to the administrator via the MOM Administrator Console, allowing an overall view of MetaFrame server - Net w or k Managemen t operation.

Chapter 9

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter Performance 11 - Ser vermonitoring Configur ation: YouWindows can useTer the m inal Citrix Serv MetaFrame ices XP Management Pack to monitor

MetaFrame server performance. Rules can customized Ser andver new rules created to set Chapter 12 - Ser ver Configur ation: Citr ix MetaFr ambe e Presentation thresholds for key performance attributes Chapter 13 - Application I nstallation and Configurinatthe ion server farm. Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies,base and Pr ocedu resMetaFrame XP Management Pack includes an extensive Extensive knowledge The Citrix Chapter 16 Securing Client Access product support knowledge base, including links to relevant Citrix KnowledgeBase articles. Chapter 17 - Net wor k Configur at ion Centralized access to information about managing MetaFrame servers enables administrators to Chapter 18 - interpret Pr int in g events and troubleshoot problems. quickly Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Customizable rules and alerts You can configure the Citrix MetaFrame XP Management Pack to

Ongoing Administr ation of the Ser v er - Based Com puting alter Chapter 21 how - it responds to an event. You do this by modifying and extending the rules to best suit Envir onment

your environment. For example, you can configure the rule for the ICA session disconnection rate so that the alert that is triggered is meaningful and appropriate to your site. Citrix KnowledgeBase Appendix A - I nter netw or k ing Basics documentation is available to help you with this customization. Pa r t I V - Appendi x es

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex Citrix MetaFrame views Citrix MetaFrame views are available in the Public Views folder. These

allow you to monitor events and alerts raised for MetaFrame XPe servers and server farms, List ofviews Figur es to identify trends and performance issues occurring on MetaFrame servers and published List ofand Tables applications.

List of Case Studies List of Sidebars

The Citrix notification group The Citrix MetaFrame XP Management Pack includes a notification group, called the Citrix MetaFrame Administrators group. You can configure this group to ensure that the appropriate people are notified about problems with MetaFrame servers and server farms. Easy installation The Citrix MetaFrame XP Management Pack consists of a single file that is available from the Citrix web site. To install the Citrix MetaFrame XP Management Pack, simply

import this file into MOM using the MOM Administrator Console. Citrix MetaFrame Views in MOM The Citrix MetaFrame XP Management Pack includes a number of Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Citrix MetaFrame2views that are available in the Public Views folder in the MOM Administrator Console. 00 3 : Th e O ff icial Guid e These views allow an administrator to monitor events and alerts raised for MetaFrame XPe servers ISBN:0072195665 by Steve Kaplan et al. and server farms, and to identify trends and performance issues occurring on MetaFrame servers and McGr aw -Hill © 2003 (724 pages) published applications. This guide ex plains how to build a r obust, reliable, and

scalable thin- client com puting envir onment and deploy Note In the Citrix MetaFrame XP Management Pack, a managed MetaFrame server is a Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also MetaFrame server is running both Feature Release learn XPe t o centr alizethat application managem ent, r educe soft w2aror e later, and the Citrix MetaFrame Provider (discussed later), and that has a Feature Release 2 or later license on theXP desktop, and mor e. installed and activated. Note that after installing and activating a Feature Release 2 or 3 < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> license, it may take until the next computer scan before MetaFrame servers are recognized Ta ble o f Con t en t s as managed. An unmanaged MetaFrame server is a server running MetaFrame 1.8, XPa, Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide XPs, or XPe without the Citrix MetaFrame XP Provider or a Feature Release 2 license. For ewor d

I ntr oduction There are two main types of Citrix MetaFrame views: Health Monitoring views and Discovery views. Pa r t I - Ov er vi e w of views Ente r pr ise Se r system ve r - Ba seadministrators d Com put in g Health Monitoring provide

with real-time event and alert information,

I ntr oducing Ser ver -Based Com puting and th e On- Dem and together Chapter 1 with - performance monitoring details about MetaFrame XPe servers and server farms. Enterpr ise an overview of the structure of your MetaFrame installation, together with Discovery views provide Chapter 2 - about Window s Ter minal Ser vices servers. Table 9-2 provides a summary of the views. information individual MetaFrame Chapter 3 - Citr ix MetaFr am e Access Suite Pa r t I I -9-2: De signi ng a n Ent e rpr i seViews SBC Solut ion Table Citrix MetaFrame

Chapter 4

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Viewent Name View Description I mplem ation

View Type5 Chapter

-

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Health9 Chapter

Fromt - NetOpen w or k Alerts Managemen

Health

- Ser ver - Based Computing Data Center Architect ure

MetaFrame Events

Displays all the events raised by MetaFrame components on managed MetaFrame servers.

Displays all unresolved alerts raised against managed packs (not only Servers the Citrix MetaFrame XPEnvir Management Pack). Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC onment MetaFrame MetaFrame management Pa r t I I I - I m ple mCitrix ent ing a n O n-D e m a nd Se r ve r - Ba se dservers Com pu by ti ngall Envi r onm e nt

Chapter ver Configur ation: Windows Ter m Serv ices alerts raised by the Citrix Health11 - SerOpen Citrix Alerts Displays allinal unresolved Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver MetaFrame XP Management Pack. Chapter 13 - Application I nstallation and Configur at ion

Health

Active Sessions

Displays the number of active sessions on each managed MetaFrame server.

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter Client Access Health16 - Securing Published

Displays the published application load from the MetaFrame Load Manager component. Note that this From information is available only if you are using Citrix Load Chapter 18 - Pr int in g Load Manager in yourinserver farm andonment you have configured the Balancing Chapter 19 - Disaster Recovery and Business Continuity the SBC Envir level inXP the Citrix Management Console. Chapter 20 - Migr ation to Window s 2003application and Citr ix load MetaFrame Chapter 17 - NetApplication wor k Configur Load at ion

Health21 Chapter

Ongoing ation of Displays the Ser v er - Based Com puting ServerAdministr Load From the server load from the MetaFrame Load Envir onment

Load Balancing

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

Manager component. Note that this information is available only if you are using Citrix Load Manager in your server farm.

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Health C - Creating PooledanLicenses Displays number pooled licenses in use in each Appendix On- Dem In and Enterpr ise the Subscr iption of Billing Model I ndex

Use

List of Figur es List of Tables List of Case Studies ListDiscovery of Sidebars Managed

MetaFrame Servers Discovery

Unmanaged MetaFrame Servers

server farm, as a percentage of the total number of pooled licenses in the farm. After you install the Citrix MetaFrame XP Management Pack, this view is empty until 3:55 A.M. the next day. Displays all managed Citrix MetaFrame XPe servers in the Citrix MetaFrame Managed Servers computer group. Displays all unmanaged Citrix MetaFrame servers in the Citrix MetaFrame Unmanaged Servers computer group.

Discovery

MetaFrame Product Version

Displays information about the MetaFrame software versions on each managed MetaFrame server. After you Cit rix Me t aFra m e Access fo r W in do w s Ser ver install Su theit eCitrix MetaFrame XP Management Pack, this 2 00 3 : Th e O ff icial Guid viewe is empty until 3:55 A.M. the next day.

Discovery

MetaFrame information about the MetaFrame hotfixes McGr aw -Hill © 2003 (724Displays pages) Hotfixes installed on managed MetaFrame server. After you This guide ex plains how to build a reach obust, reliable, and install the Citrix MetaFrame XP Management Pack, this scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v eruntil and3:55 MetaFr amthe e. Also view is empty A.M. next day.

Discovery

MetaFrame on the desktop, and mor Displays e. all MetaFrame server farm and zone computer Computer Groups groups configured by the administrator.

by Steve Kaplan et al.

ISBN:0072195665

learn t o centr alize application managem ent, r educe soft w ar e < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

With MOM, the Citrix MetaFrame XP Management Pack can collect and analyze data from multiple

For ewor dzones, and servers, and distill critical management information for the Administrator. farms, I ntr oduction the Management Pack includes a number of predefined Citrix rules and scripts for Additionally, Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g generating alerts.

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

-

Chapter 7

- The Client Envir onment

Enterpr ise XP Provider As mentioned in the preceding Note, MOM requires access to the The Citrix MetaFrame Chapter 2 - Window Ter minal for SerWMI vices to function. The Citrix WMI provider integrates with the Windows Citrix MetaFrame XPs Provider Chapter Management 3 - Citr Instrumentation ix MetaFr am e Access (WMI),Suite a standard management infrastructure included as part of Microsoft and WMI is ion designed to help system administrators manage large, Pa r t I I - DeWindows signi ng a n2000 Ent e rpr i seXP. SBC Solut complex enterprise systems, networks. is aise standard for accessing and sharing Pr epar ing Your Orapplications, ganization forand an OnDem andWMI Enterpr Chapter 4 ent ation managementI mplem information from a variety of underlying technologies in an enterprise environment. It Chapter 5 system - Ser ver - Based Computing Center Architect ure provides administrators with aData single, consistent object-oriented interface to monitor and control6system components locally Chapter - Designing Your Netw or kor forremotely. Ser ver- Based Com put ing

The Citrix MetaFrame XP WMI Provider acts as an intermediary between the CIM (Common - Security Information Model) Object Manager and the system being managed. The purpose of a WMI provider is Chapter 9 - Net w or k Managemen t to extract management information from the underlying system and present this to a WMI consumer Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt (MOM). The Citrix MetaFrame XP Provider supplies information that includes Chapter 8

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Farm server farmCitr is ixa MetaFr group am of Citrix servers managed as a single entity. Details Chapter 12 data - Ser A verCitrix Configur ation: e Presentation Ser ver about in theI nstallation farm, zones in Configur the farm, published applications, and pooled licenses are Chapter 13 servers - Application and at ion provided. Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 data - Securing Access of Citrix servers that share a common data collector, which is a Zone A zoneClient is a grouping Chapter 17 - Net wor Configur at ion MetaFrame XPkserver that receives information from all the servers in the zone. The name of the

zone Chapter 18 in- which Pr int inthe g MetaFrame server operates is provided, together with details about the master and servers in theand zone Chapter 19the- other Disaster Recovery Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Server Chapter 21 - data Information about the MetaFrame server on which the Citrix MetaFrame XP Provider Envir onment

is installed is supplied—for example, details about the licenses assigned and in use, sessions, and applications running.

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Session data Information about the ICA running on Model the server is provided, such as Appendix C - Creating an On- Dem and Enterpr isesessions Subscr iption Billing I ndex session ID and name, together with information about the processes running within a session. List of Figur es List ofCitrix Tableslicense data Citrix license details, such as the status of licenses and the grace period, are List ofprovided, Case Studies together with information about license groups. For example, details about the licenses

the group and the number of pooled connection licenses available and in use. List ofinSidebars Load balancing data If you are using MetaFrame Load Manager, information is provided about the server load level and the application load level on the local MetaFrame server. Note that you must configure the application load level in the Citrix Management Console. Management Console The server load level is configured by default. For more information about

Citrix Load Manager, see the Load Manager Getting Started guide and the online help. rixPublished Me t aFra mapplication e Access Su it e fo rsuch W in as do w s Ser ver type, and version number of Application Cit data details, the name, 2 00 3 : Th e O ff icial Guid e applications are provided. Information about applications published on a particular MetaFrame ISBN:0072195665 Steve Kaplan et al. server is alsobysupplied. McGr aw -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and

User data User details, username andonment account information are provided, together with scalable thin-such clientascom puting envir and deploy Windows Windows 2003 Ser v er and MetaFr am e. Also information about user2000/ groups and membership. learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Static instances The date and time of static instances such as zone elections and disconnected

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> sessions is recorded. This data is useful in monitoring whether or not these events are occurring Ta ble o f Con t en t s

too frequently.

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

Events Information about events that occur, such as when an application is published, deleted, I ntr oduction is ise provided. Pa r t I moved, - Ov er vior e wupdated of Ente r pr Se r ve r -Also Ba se included d Com put are in g

details about the creation, maintenance, and deletion Iof application servers, folders, ntrpublished oducing Ser ver -Based folders, Com puting and thserver e On- Dem and and sessions, together with many Chapter 1 more events. Enterpr ise Chapter 2

- Window s Ter minal Ser vices

The Citrix MetaFrame XP Provider allows you to - Citr ix MetaFr am e Access Suite

Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Log Chapter 4 off - a session Logging off a session terminates the connection and all running programs. The I mplem ent ationto the session. user cannot reconnect Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Disconnect a session Disconnecting a session terminates the connection between the server - The Client Envir onment and the client. However, the user is not logged off and all running programs remain active. The Chapter 8 - Security user can later reconnect to the disconnected session. Chapter 7 Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Send to usersand You can send particular sessions. Chapter 10 messages - Pr oj ect Managing Deploying anmessages Enter pr ise to SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Part III: Implementing an On-Demand Server-Based 2 00 3 : Th e O ff icial Guid e ISBN:0072195665 by Steve Kaplan et al. Computing Environment McGr aw -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Chapter List Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Managing and Deploying an Enterprise SBC Environment < ?xm l Chapter version= "10: 1.0"Project encoding= " I SO- 88591" ?> Ta ble o f Con t en t s Chapter 11: Server Configuration: Windows Terminal Services

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d Chapter 12: Server Configuration: Citrix MetaFrame Presentation Server I ntr oduction

Application and Configuration Pa r t I Chapter - Ov er vi e13: w of Ente r pr iseInstallation Se r ve r - Ba se d Com put in g I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 - 14: Client Configuration and Deployment Chapter Enterpr ise Chapter 2

- Window s Ter minal Ser vices Chapter 15: Profiles, Policies, and Procedures

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I Chapter I - De signi ngSecuring a n Ent e rpr i se SBC Solut ion 16: Client Access

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Chapter 4

Chapter Network Configuration I17: mplem ent ation

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 18: Printing

Chapter 7 - The Client Envir onment and Business Continuity in the SBC Environment Chapter 19: Disaster Recovery Chapter 8 - Security

Chapter 20:wMigration to Windows 2003 and Citrix MetaFrame XP Chapter 9 - Net or k Managemen t Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 21: Ongoing Administration of the Server-Based Computing Environment

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Part Overview

Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

As part of transitioning from design to implementation, organizations must be able to translate the theoretical values and concepts discussed in Part II of this book into actions. Simply put: Transition Chapter 17 - Net wor k Configur at ion from concept to concrete. The authors felt that a more "real-world" set of circumstances and Chapter 18 - Pr int in g requirements was essential for managers, engineers, administrators, and technicians to focus on Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment design principles and relate them to specific outcomes relevant to their own environments. To ensure Chapter 20 - approach, Migr ation toan Window s 2003 Citr ix MetaFrame XP a consistent "actual" set ofand parameters was needed, and the following enterprise Ongoing Administr ation of the Ser v er Based Com puting customer created as a case study. As a disclaimer, readers are reminded that no implementation Chapter 21 was Envir onment was ever as easy as one envisioned in a textbook case, nor were the textbook cases "all inclusive." Pa r t I V - Appendi x es This study is no different; however, the authors intentionally designed a complex paradigm to Appendix A - I nter netw or k ing Basics showcase as many design elements and considerations as possible. Throughout Part III of this book, Appendix B - Creating an context On- Dem of andthis Enterpr Financial Analysis Model encouraged to take their time all references are in the caseise study. Readers are strongly Appendix C Creating an OnDem and Enterpr ise Subscr iption Billing reviewing the description of our theoretical customer and keep thatModel image in mind as they read the I ndex next 11 chapters. Chapter 16 - Securing Client Access

List of Figur es List of Tables

Case Study: Clinical Medical Equipment

List of Case Studies

List of Sidebars Clinical Medical Equipment Corporation (CME) is a fictitious company that designs, manufactures,

sells, and supports a proprietary diagnostic and treatment module for the health care industry worldwide.

The CME Global Structure Figure 10-1 shows the top-level wide-area-networking schematic of CME. CME maintains a data center at its five-building campus headquarters in Chicago, Illinois (Figure 10-2) supporting 1500 local

users and another 1500 remote users at remote offices. The CME global structure consists of: CME-CORP

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

2 00 3 : Th e O ff icial Guid e Provides services to two regional offices (CME-WEST and CME-EUR) and the Manufacturing ISBN:0072195665 by Steve Kaplan et al. Plant (CME-MEX) McGr aw -Hill © 2003 (724 pages)

Provides services to plains all mobile users the beta test site This guide ex how to buildand a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows Ser v erSales and MetaFr amwith e. Also Provides services2000/ to 50Windows directly 2003 connected Offices 15–20 employees, each under learn t o centr alize application managemregion ent, r educe soft w ar e the administrative control of their respective on the desktop, and mor e.

WEST region:" I10 < ?xm l version= " 1.0" encoding= SO-Offices 8859- 1" ?> Ta ble o f Con t en t s

EUR region: 10 offices

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

CORP region: 30 offices

I ntr oduction

CME-WEST Seattle 200 Pa r t I - Ov er vi e w of Entelocated r pr ise Seinr ve r - Ba sewith d Com putusers, in g Chapter 1 Chapter 2 Chapter 3

responsible for the Asia-Pacific region

I ntr oducing Ser ver -Based Com puting and th e On- Dem and CME-WEST will be the disaster recovery site for CME-CORP Enterpr ise - Window s Ter minal Ser vices

CME-EUR located in Frankfurt with 200 users, responsible for the EU, Middle East, and - Citr ix MetaFr am e Access Suite Africa

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or for with an OnDem and Enterpr ise located inganization Mexico City 300 users Chapter 4 CME-MEX I mplem ent ation

alsoComputing located in Data Chicago, butArchitect on the ure university campus Chapter 5 CME-TEST, - Ser ver - Based Center Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Figure The Clinical Medical (CME) network Chapter 20 - 10-1: Migr ation to Window s 2003Equipment and Citr ix MetaFrame XP schematic Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Figure- 10-2: Pr epar The ing CME Your Or Corporate ganizationCampus for an Ontopology Dem and Enterpr ise

Chapter 4 Chapter 5

I mplem ent ation

- Ser ver - Based Computing Data Center Architect ure

- Designing Your Netw or k for Ser ver- Based Com put ing The CME Computing Paradigm

Chapter 6 Chapter 7

- The Client Envir onment

Chapter Systems 8 and - Security capabilities required/planned at CME-Corporate include Chapter 9

- Net w or k Managemen t

Windows-based network for server services and applications, file and print services, database applications (SQL, Oracle), web services, and e-mail services Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 11 - Serclients ver Configur ation: arts Windows Ter m inal Serv ices Macintosh for graphic and marketing Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

AS400 legacy manufacturing data Chapter 13 - for Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Citrix MetaFrame XPe for user access to most corporate applications

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Chapter 16 hosts - Securing Client Access and engineering Unix for CAD applications Chapter 17 - Net wor k Configur at ion

Citrix Chapter 18 MetaFrame - Pr int in g for UNIX, allowing non-UNIX hosts to access UNIX applications, and providing UNIX access toand remote users and users slower links Chapter 19 application - Disaster Recovery Business Continuity in over the SBC EnvirWAN onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

VPN access for remote offices and roaming users (50 concurrent users)

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir onment Web-based access to Citrix MetaFrame services (up to 200 concurrent users)

Pa r t I V - Appendi x es

Appendix A pilot - I nter or k ing Basics A test of netw remote sales people using Sprint PCS cards with Internet Access Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Wireless LAN access toDem Citrix forEnterpr conference rooms, meeting rooms, and roaming users; wireless Appendix C - Creating an Onand ise Subscr iption Billing Model I ndex

access (restricted to Internet access) may be required for visitors

List ofDial-up Figur es access for roaming users who are unable to access an ISP (up to 20 concurrent users) List of Tables List ofApplications: Case Studies Internally developed manufacturing applications utilizing an Oracle database, List ofMicrosoft Sidebars Dynamics (with MS SQL DB back-end), Microsoft Office XP (other versions are used

throughout the company, but standardization on the XP version is desired), Microsoft CRM, Microsoft Exchange, Parametric Technologies Pro/Engineer (and associated data management tools using an Oracle Database), AutoCAD, Microsoft Visual Studio.NET, Adobe InDesign and Illustrator, and a legacy, custom developed AS400 manufacturing tracking application "Portal" access to limited CME applications for key customers and suppliers via Citrix MetaFrame Secure Access Manager

Interactive collaboration within applications via Citrix MetaFrame Conferencing Manager Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver The CME Business Model 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 Steve Kaplan et al. software, and logic, and The CME productbyintegrates hardware, as such, the next-generation product McGr aw -Hill © 2003 (724 pages) contains individually identifiable patient information as defined by HIPPA, thus requiring a network that can be adjusted to support standards when the next-generation product is deployed. This guide HIPPA ex plainssecurity how to build a r obust, reliable, and

scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and the MetaFr am"brain e. Alsotrust." Virtually all product The CME Corporate headquarters campus consolidates CME learn and t o centr alize application managem r educe soft w arSeamless e development, design, business strategy efforts areent, conducted there. interoperability on the desktop, and mor e. with dispersed sales and regional offices, as well as the ability to share services and resources with the < ?xm l version= " 1.0" encoding= " I SO- 88591" ?> manufacturing plant are essential. Senior staff members frequently travel from site to site and must Tahave ble o a f Con t en t s computing environment with access to necessary data and resources. consistent Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

The CME For ewor d regional offices are primarily tasked with sales-support coordination and ensuring acceptance (technical and political/legal) of the CME product in their respective region.

I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Sales and support offices provide direct site survey, installation, and on-going support for the CME

I ntr oducing ver -Based Comand puting and th e Onand medical1 module product.Ser Per-site design engineering is Dem accomplished by the staff at CME-CORP. Chapter Enterpr ise Chapter 2 - Window s Ter minal Ser vices strategies of other high-tech vendors and has deployed a "beta" CME learned from effective marketing Chapter 3 -atCitr MetaFr am e Access Suite college. The test facility is staffed by rotating groups of CME test facility theixlocal university's medical Pa r t I I - De signi a n Ent ereal-world rpr i se SBC testing Solut ion employees whongprovide in

a clinical environment, and who are also integrated with

Pr epar ing clinicians. Your Or ganization for an Onand Enterpr faculty,4students, and CME's strategy is Dem to leverage theirise product into the academic side of Chapter I mplem ent the medical industry so ation that it becomes an essential tool in the industry at large—what students and Chapter 5 learn - Serin ver - Basedthey Computing Data Center Architect ure clinicians school will demand in the workplace. Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing

Corporate, and sales office staff frequently travel to perspective customer and supplier sites Chapter 7 -regional, The Client Envir onment and must full access to corporate data and resources to do their jobs. Additionally, many Chapter 8 have - Security

employees home-based access to corporate applications to facilitate off-hours work, Chapter 9 - require Net w orfull k Managemen t flexible schedules, and continuity for employees on temporary leave.

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

The CME SBC Business Case

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

CME managers determined their current IT structure Chapter 13 - Application I nstallation and Configur at ion was both expensive and virtually unmanageable,

given the large number of sites, time zones, and applications. SBC was selected as the new paradigm and must solve current problems. At the top level, CME's goals for their SBC implementation are:

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Chapter 16 - IT Securing Access Reduce costs. Client Staff and hardware/software costs are skyrocketing as more sites are brought Chapter 17 Net wor k Configur ionnot have "full time" IT staff and have resorted to hiring temporary online. Most sales officesatdo Chapter 18 - Pr g keep systems up-to-date. Data distributed throughout the enterprise cannot be workers to int tryinand Chapter 19 - Disaster Recovery and demanding Business Continuity in the SBC Envir accessed easily and sites are increased bandwidth toonment support moving information from

site20to -site. Aation primetotarget fors hard reduction is the PC Chapter Migr Window 2003 cost and Citr ix MetaFrame XP replacement budget. The ongoing cost of CME'sOngoing five-yearAdministr PC replacement PCs per year is over $720,000 per year. ation of thecycle Ser vof er -600 Based Com puting

Chapter 21 -

Envir onment

Pa r t I Standardize V - Appendi x applications es

and application deployment. Regional and sales offices are seldom on

the A same version even the same applications) when it comes to office automation software. Appendix - I nter netw (or or k ing Basics Regional versionsanofOnoffice areAnalysis purchased locally, deployed inconsistently, Appendix B - Creating Demautomation and Enterprproducts ise Financial Model

andCincorrectly English versions officeiption automation products perform inconsistently on Appendix - Creatinglicensed. an On- Dem and Enterpr iseof Subscr Billing Model

non-English OS platforms. New software versions are deployed at each site and often the first site is already deploying the next new version before the last site even has the current version List of Figur es installed. I ndex

List of Tables

List ofProvide Case Studies consistent service irrespective of location. Employees who travel or work from home lack List ofreal-time Sidebars access to most of the information they need. Staffs have resorted to everything from

Instant Messaging to remote control software to keep in touch and gain access to corporate information. Provide the ability to rapidly activate new sites. CME projects a 50-percent increase in sales offices over the next three years. In many overseas locations, dedicated WAN access may be unavailable, take up to a year to install, or be cost-prohibitive.

Provide a secure infrastructure that is extensible to meet U.S. (HIPPA, DoD) and foreign-nation security requirements. Additionally, CME's technology is considered extremely proprietary and a likely target for espionage. Cit industrial rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Chapter Cit 10: Project Managing and Deploying an 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. Enterprise SBC Environment ISBN:0072195665 McGr aw -Hill © 2003 (724 pages) This guide how tothe build a r obust, reliable, and Project management is a key After the project plan designexisplains complete, implementation begins. scalable thin- client com puting envir onment and deploy element in successful execution. This chapter, while not attempting an in-depth discussion of such a Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also large topic, covers certain elements crucial to an SBC implementation, preparing for learn t o centr alize application managem ent, r educe soft wincluding ar e organizational change, sponsorship, project manager authority, stakeholder buy-in, project on the executive desktop, and mor e. reporting and tracking, task assignment, project change control, scope creep, and timeline < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> management. We show examples of how tools such as service-level agreements and help desk Ta ble o f Con t en t s software help manage changes to the environment to enhance benefits to management and end Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide users. We also talk about the needs for the support environment both during and after the For ewor d implementation. I ntr oduction

Pa r t I chapter - Ov er vi ealso w of covers Ente r prthe ise methodologies Se r ve r - Ba se d Com in g This forput migrating

from a PC-based to a server-based

I ntr oducing Ser ver -Based Com puting and th e On- Dem and computing Chapter 1 -environment. First, we'll review the process of setting up a proof-of-concept pilot program. ise We next talk Enterpr about expanding the pilot to a beta in order to identify and resolve any issues that arise in Chapter 2 - Window s Ter minal Ser vices We then cover expanding the beta to an enterprisewide rollout a small-scale production environment. Chapter 3 - Services. Citr ix MetaFr am e Access Suitepostproduction processes of ongoing measurement and of Terminal Finally, we discuss Pa r t I I - De signi ng acontrol, n Ent e rpr i se SBC Solut reporting, change upgrades, andion changes

Chapter 4

-

to the environment.

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Preparing for Organizational Change - Ser ver - Based Computing Data Center Architect ure

Chapter 5 Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

ChapterWhen 7 - word The Client onment of theEnvir [server-based computing] project started to spread across the company, a Chapterflood 8 -ofSecurity requests for new PCs came in. The requests for new systems were threefold higher Chapterthan 9 -the Netprevious w or k Managemen t folks figured we wouldn't ask them to discard a brand new system. year. Some Pa r t I I I A- letter I m plefrom m ent our ing aCFO n O n-D a nd Se r ve r -in Baall se d Com pu tireminded ng Envi r onm e nt that to eallm controllers divisions them

this project was not

Chapteroptional 10 - Prand oj ectthat Managing all PC and purchases Deploying would an Enter be subject pr ise SBC to heightened Envir onmentscrutiny. Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

—Anthony Lackey, Vice President of MIS, Chief Technology Officer, ABM Industries

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

In most organizations, it is difficult to successfully migrate to a server-based computing environment

Chapter - Pr ofiles, Policies, and Pr ocedu through15mandate alone. An edict from topres management is essential, but the planning team needs to Chapter 16 Securing Client Access supplement it with a strategy for internally selling the project as part of their overall change Chapter 17 - Net wor kITConfigur at ion have ultimate project ownership, and an IT member will probably management plan. will probably Chapter 18 Pr int in g have to take the initiative in promoting server-based computing throughout the organization. For Chapter 19 of - this Disaster Recovery and Business Continuity in the leading SBC Envir onment purposes chapter, we will assume that the IT person the initiative is the CIO. Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Tip IT people often underestimate theSer resistance that a puting paradigm shift to an enterprise SBC nearly Ongoing Administr ation of the v er - Based Com Chapter 21 always generates. Envir onment Pa r t I V - Appendi x es

Implementing an enterprise SBC environment does not involve a major alteration in an organization's mission statement or culture. It does, however, change to some extent the way in which employees Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model accomplish their daily work. Planning for organizational change can address these concerns and help Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model minimize project roadblocks. The steps for managing the change process are Appendix A - I nter netw or k ing Basics

I ndex

1. Establish a need and sense of urgency for implementing SBC.

List of Figur es

List of 2.Tables Create a compelling vision of the SBC environment. List of Case Studies

3.Sidebars Recruit executive support. List of 4. Carefully plan the process. 5. Communicate to all stakeholders. 6. Build SBC momentum and remove obstacles. 7. Monitor the progress.

8. Publicize early successes. 9. Expand the environment. CitSBC rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

10. Prepare for future SBC-enabled capabilities. by Steve Kaplan et al.

ISBN:0072195665

McGr aw -Hill © 2003 (724 pages)

Establishing Need forhow Implementing SBCand Thisaguide ex plains to build a r obust, reliable, scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Alsothe justifications for SBC. A The Project Definition Document discussed in Chapter 4 should include learn t o centr alize application managem ent, r educe soft ar eletter from the CEO, for sense of urgency should now be included in order to generate support.w A on the desktop, and mor e. example, can explain the financial benefits that will accrue from SBC and consequently make it clear < ?xm " 1.0" encoding= I SO-organization 8859- 1" ?> is undertaking. thatl version= this is a course of action"the Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Creating a Compelling Vision of the SBC Environment

For ewor d

I ntr oduction While the CIO may have a vision for an organizational-wide SBC deployment, the actual Pa r t I - Ov er vi e w often of Enteunfolds r pr ise Se r ve rvarious - Ba se d stages. Com put in implementation over It gis

important to develop a vision that can be shared

I ntr oducing Ser ver -Based Com puting andenterprise. th e On- DemThe andpilot and beta can be very useful with management and users alike in an on-demand Chapter 1 ise in this regard.Enterpr A particularly attractive advantage that can be demonstrated to both users and Chapter 2 - Window s Ter minal Ser vices management is the ability to work seamlessly from home through the Internet. Users tend to get very Chapter - Citr ix MetaFrbecause am e Access Suite excited3by this capability of the vastly increased flexibility it affords them. They no longer need Pa I I constrained - De signi ng aby n Ent e rpr i selocation. SBC Solut ion tor tbe physical Management

is naturally enthusiastic as well because the

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise productivity Chapter 4 - of their employees can significantly rise since they are no longer unable to work due to a I mplem ent ation cold or car troubles. Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Recruiting Executive Support - The Client Envir onment

Chapter 7

Chapter 8 4, - Security In Chapter we discussed the importance of obtaining executive sponsorship for the project. Chapter 9 conflicts - Net w orwill k Managemen t Inevitably, arise in terms of resource availability, and even outright opposition to the project Pa r t I surface. I I - I m pleThe m ent ing a n O n-D e m a ndmust Se r ve r - Ba se dtoCom puin ti ng r onm ethese nt can executive sponsor be able step andEnvi resolve

issues in order to keep

Chapter 10 -on Prtrack. oj ect Managing and Deploying an Enter pr ise SBC Envir onment the project Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

In order12to better facilitate organizational change, of the project should be expanded to Chapter - Ser ver Configur ation: Citr ix MetaFr am epromotion Presentation Ser ver enlist the of other top managers. The CIO should meet with the appropriate executives either Chapter 13 support - Application I nstallation and Configur at ion

in a group individually. She should take theent time to explain the server-based computing philosophy Chapter 14 or - Client Configur ation and Deploym

to them along with the financial and other benefits that they can expect. She should also be realistic about the challenges they can expect to face during the project implementation and the results they Chapter 16 - Securing Client Access will see upon its completion. Her team should customize an appropriate excerpt from the project plan Chapter 17 - Net wor k Configur at ion to hand out to these executives. Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery Business the SBC Envir onment If a subscription model for SBCand billing will beContinuity adopted,inthe CIO should explain to the executives how Chapter 20 - Migr ation Window s 2003 and Citrdepartmental ix MetaFrame budgets. XP the program works andtohow it will impact their She can emphasize that the IT

department will Ongoing utilizeAdministr this model ation to break of the Ser even v erbut - Based do so Com in puting a manner that enables departments to Envir efficiently onment operate far more and with greater accountability than under a PC-based computing Pa r t I V - Appendi x essubscription-billing model for an enterprise SBC environment is discussed in environment. The Appendix A I nter netw or k ing Basics Appendix D. Chapter 21 -

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Carefully Planning the Process

Chapter 4 explores the intricate technical planning recommended for an enterprise SBC deployment. It is also important to plan for handling the organizational issues identified by the feasibility committee during the organizational assessment.

IT Staff Assessment

Is the IT staff ready for server-based computing? They should be early users of the technology during the pilot phase and be convinced enough about the benefits that they are advocates themselves. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

If the IT staff is used to operate in the ad hoc manner normally associated with network administration, 2 00 3 : Th e O ff icial Guid e they need to understand that server-based computing requiresISBN:0072195665 the rigors of mainframe shop by Steve Kaplan et al. methodology, including limited access, change control, and planning and procedures. Controls must McGr aw -Hill © 2003 (724 pages) be put into place to ensure that the IT staff will help, not hinder, the SBC implementation. If certain This guide ex plains how to build a r obust, reliable, and staff members are unwilling or unable to support the project, they should be reassigned to another scalable thin- client com puting envir onment and deploy support area. Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

Skill Levels Does staff have necessary skills to install and manage an enterprise SBC onthe theITdesktop, andthe mor e. environment? They must have Windows 2003 Server expertise and experience, including the ability to < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> do registry edits. Scripting capabilities are also a requirement for large implementations. A router Ta ble o f Con t en t s expert must be available to manage large wide area networks. A skills assessment should be part of Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide the initial project planning, and training or additional personnel obtained in order to cover the skill areas For ewor d that are lacking. I ntr oduction

Pa I - Ov er viWhat e w of training Ente r pr ise Se r ve r - Ba sefor d Com in g ITr tTraining is appropriate theput IT staff

prior to implementation? A Windows Terminal

I ntr oducing Ser ver -Based Comare puting and th e On- Dem and If most of the work will eventually Services and MetaFrame XP class strongly recommended. Chapter 1 class Enterpran iseadvanced MetaFrame XP course is recommended as well. be done internally, Chapter 2

- Window s Ter minal Ser vices

Chapter 3 -Assessment Citr ix MetaFr am e Access Suite Cultural Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

How will server-based computing be received the organization? The design plan should be Pr epar ing Your Or ganization for an in OnDem and Enterpr ise modified, where necessary, I mplem ent ation in order to ensure that the organization's cultural norms will not be a roadblock success. Chapter 5 to - Ser ver - Based Computing Data Center Architect ure Chapter 4

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Working Environment In an environment where users commonly run similar applications and work as - The Client Envir onment part of a unit, such as a bank, SBC is likely to be very well accepted. Users will immediately appreciate Chapter 8 - Security the higher reliability and increased flexibility that SBC enables. An engineering firm, on the other hand, Chapter 9 - Net w or k Managemen t with independent users accustomed to purchasing and loading their own software, will likely run into Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt severe resistance if they try to force employees to operate only in the thin-client mode. Chapter 7

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Chapter 11Users - Ser ver Configur ation: Windows Ter m inal Serv ices Remote Remote users tend to be very enthusiastic toward SBC because they receive access to the corporate databases andation: networking services need in order Chapter 12 - Ser ver Configur Citr ix MetaFr am ethey Presentation Ser verto do their jobs more productively.

It is crucial provide both adequate and redundant Chapter 13 -toApplication I nstallation and Configur at ion bandwidth to prevent problems with reliability and performance that can quickly turn remote users Chapter 14 - Client Configur ation and Deploym ent against server-based computing. Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Managers Managers, in general, tend to resist the idea of SBC until they actually use one; then they quickly become converts. They are usually impressed by the increased productivity they witness Chapter 17 - Net wor k Configur at ion among their employees, as well as the capability for their employees to work from home. The project Chapter 18 - Pr int in g management team can help foster enthusiasm among the managers for SBC by showing them when Chapter 19 - corporate Disaster Recovery Business Continuity the SBC Envirbottom onmentlines. the reduced IT costsand should be reflected on indepartmental Chapter 16 - Securing Client Access

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Political Chapter 21 -Assessment Envir onment Pa r t I V - usually Appendicomes x es Politics

down to allocation of resources, money, power, or all three. How will the SBC

Appendix A - I nter or k ing Basicsstatements of the different departments involved? What happens to project impact thenetw profit-and-loss Appendix a regional B IT - Creating division when an On-the Dem computing and Enterpr model ise Financial switches Analysis to a centralized Model SBC architecture? It is

important awareanofOnthese in order takeiption actions to minimize Appendix C to - be Creating Demissues and Enterpr ise to Subscr Billing Model potential disruption to the project. Some scenarios and resolutions are described in the next section in this chapter, I ndex "Communicating to All Stakeholders." List of Figur es List of Tables

Communicating to All Stakeholders

List of Case Studies List of Sidebars

Communication is perhaps the biggest key to successfully managing organizational change. In addition to the executive communications mentioned previously, it is also important to educate and inform both internal IT staff and middle management as well as PC users.

IT Staff Migrating to SBC invokes a fear on the part of IT that often significantly supersedes that of end users.

PC fix-it technicians, for example, will likely see SBC as a threat to their job security. Regional IT staff will also be wary since the need for remote office support personnel usually is eliminated. The CIO must come up with strategy that including fewer user complaints, Citarix Me t aFra m epresents Access the Su itproject's e fo r W inadvantages, do w s Ser ver elimination of the2majority desk calls, 00 3 : Th of e Ohelp ff icial Guid e much more efficient troubleshooting, and more time for IT staff to learn new and challenging move forward. ISBN:0072195665 by Steve Kaplan et al.technologies to help the organization McGr aw -Hill © 2003 (724 pages)

Middle Management and PC Users This guide ex plains how to build

a r obust, reliable, and scalable thin- client com puting envir onment and deploy Videos can be more effective internal marketing thanMetaFr whiteam papers. Windows 2000/ Windows 2003 Sertools v er and e. AlsoA video that presents the learnuser's t o centr alize application ent, educe w arin e the company. The CEO technology from the perspective can bemanagem prepared forr all PC soft users on by thestarting desktop, moroff e. with a supportive introduction. The video can help with the can add legitimacy theand video

orientation process by including footage < ?xm l version= " 1.0" encoding= " I SO8859- 1"of?>the Windows terminal that will be utilized and how the new desktops will look, the applications that will be available via SBC, and the process for migrating users' Ta ble o f Con t en t s existing data. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

Large companies may wish to create a separate video targeted specifically toward middle management. This video can focus on the high-level benefits of server-based computing. It should Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g emphasize how removing the frustrations of PC-based computing leaves employees with more time to I ntr oducing Ser ver -Based Com puting and th e On- Dem and concentrate Chapter 1 - on their business. I ntr oduction

Enterpr ise

Chapter 2 - Window Ter minal Serthe vices Other techniques to shelp market concept can include rainbow packets, at-a-glance documents for Chapter 3 asked - Citr ixquestions, MetaFr am ee-mail Accessmessages, Suite frequently and phone calls. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Caution Pr Do noting oversell enterprise environment. Set ise realistic expectations. Make sure epar Your Orthe ganization for SBC an OnDem and Enterpr the benefits, but also let them know about any problems or limitations they Iusers mplemknow ent ation canver expect encounter,Data particularly in termsure of performance and reliability, during the Chapter 5 - Ser - BasedtoComputing Center Architect implementation period. Remember the rule of selling: underpromise and over Chapter 6 - Designing Your Netw or k for Ser ver- Based Com puteffective ing deliver. Chapter 7 - The Client Envir onment Chapter 4

Chapter 8

- Security

- Net w or k Managemen t Building SBC Momentum and Removing Obstacles

Chapter 9

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

The ultimate goal ofManaging IT shouldand be to create aanbuzz about This can be accomplished by Chapter 10 - Pr oj ect Deploying Enter pr ise the SBCproject. Envir onment keeping11the- pilot program small controlled, by making sure the beta is a resounding success. Chapter Ser ver Configur ation:and Windows Ter m and inal Serv ices Including that are either not possible, much moreSer difficult Chapter 12 capabilities - Ser ver Configur ation: Citr ix MetaFr am eorPresentation ver to accomplish, in the fat-client environment (such as effective logon home, document collaboration, and single sign-on) helps Chapter 13 - Application I nstallation andfrom Configur at ion

make server-based computing particularly attractive. Improved help desk support is another SBC attribute often highly valued by users. It is important to limit the size and scope of the beta not only to Chapter 15 - Pr ofiles, Policies, and Pr ocedu res ensure control, but also to help create an atmosphere of scarcity and exclusivity. The objective is to Chapter 16 - Securing Client Access have users clamoring to be included as part of the SBC project. Limiting PC purchases before an Chapter 17 - Net wor k Configur at ion enterprise rollout also makes users more eager to get on the server-based computing bandwagon. Chapter 14 - Client Configur ation and Deploym ent

Chapter 18 - Pr int in g

Chapter 19 department - Disaster Recovery and Business in the SBC SBC Envir onment Users and heads must buy into Continuity the goals of project and understand its powerful Chapter - Migr ationfortothe Window s 2003 and Citr ix MetaFrame XP positive20implications organization. Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir Meetings onment Management

Pa r t I V - Appendi x es

Hold group managers Appendix A - meetings I nter netwwith or k ing Basics from different departments or divisions. Give them a chance to air their concerns and perspectives. Emphasize the benefitsAnalysis to the entire Appendix B - Creating an On- Dem and Enterpr ise Financial Model organization of implementing server-based computing. Stress that,Enterpr although they may perceive that their employees have less Appendix C - Creating an OnDem and ise Subscr iption Billing Model

control over their environment within SBC, managers actually now can devote time to their business rather than to managing their computing infrastructure.

I ndex

List of Figur es

List of Tables While the goal for these meetings should be to provide a forum for managers to ask questions and air List of Case Studies concerns, it should be clear that the project is going to take place. It is important to emphasize the List of Sidebars positive benefits and develop a spirit of cooperation and enthusiasm.

Entitlement Issues Department staff may feel that, because the money for the new system is coming out of their budget, they are entitled to their own servers. Employees, meanwhile, may feel they are entitled to their own PCs to run in fat-client mode. These perceptions need to be changed. Users need to understand the benefits that server-based computing provides to the organization as a whole. Some former

capabilities, such as the ability to operate CD-ROMs, might be limited if they run in pure thin-client mode. On the other hand, users will gain computing advantages such as the ability to see their desktop from any PC or Windows incentive is the potential for telecommuting. Cit rix Meterminal. t aFra m e Another Access powerful Su it e fo r user W in do w s Ser ver Many users discover prefer a server-based computing environment because they experience 2 00 3that : Ththey e O ff icial Guid e increased reliability worry about causing problems by ISBN:0072195665 by and Steveperformance. Kaplan et al. They also do not have to inadvertently changing their desktop. A properly configured SBC environment will limit their ability to McGr aw -Hill © 2003 (724 pages) delete icons or INI files or create other mischief. This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. If the corporate network has a history of performance or reliability problems, department managers

Problems with Windows Perception 2000/ Windows of Central 2003 SerIT v er

arel going to be very reluctant" I to put all of their eggs in the corporate data center basket. To reassure < ?xm version= " 1.0" encoding= SO88591" ?> them, explain the elaborate steps that are being taken to upgrade the network infrastructure and Ta ble o f Con t en t s describe the procedures that will result in a farOfficial more reliable Citr ix MetaFr ampolicies e Accessand Suite for Window s Ser v er 2003—The Guide network environment.

Explaining the redundancy and disaster recovery capabilities of the SBC environment can help further For ewor d mitigate any fears.

I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

It is often productive to define an SLA in cooperation with the department managers in order to clarify

I ntr oducing Ser ver -Based Com puting and th e On- Dem and expectations. Chapter 1 - If IT fails to meet the SLAs, the managers should have some recourse, such as credits in Enterpr ise

a bill-back situation.

Chapter 2

- Window s Ter minal Ser vices

Chapter 3 - Citr ix MetaFr am e Access Suite Budgetary Concerns Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Server-based Chapter 4 - computing, by definition, means centralized computing. Individual computing fiefdoms I mplem ent ation will disappear. You may wish to implement a billing model that charges departments for actual system Chapter 5 order - Sertover - Based Computing Data Center Architect ure An example of such a subscriptionusage in alleviate fears of arbitrary budgetary impacts. Chapter 6 - Designing YourinNetw or k forC. Ser ver- Based Com put ing Appendix billing model is presented Chapter 7

- The Client Envir onment

Disposition Issues Chapter 8 - Security Chapter 9

- Net w or k Managemen t

If the project design plan calls for replacing certain PCs with Windows terminals, department heads may not be happy about the impact on their budgets. During this preliminary stage, discuss disposition Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment issues and how they will impact book value. If possible, incorporate charitable deductions in order to Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices lower the burden. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Monitoring the Progress

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Constantly solicit and measure user feedback. IT can then make any adjustments necessary in order to ensure user satisfaction. This will add a great deal to the process of building a very successful Chapter 17 - Net wor k Configur at ion enterprise SBC environment. Chapter 16 - Securing Client Access Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Publicizing Early Successes

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Chapter Internal21success stories should be generated about the attributes of the on-demand enterprise. The Envir onment

idea is to create a buzz around the organization where people are excited about, rather than resistant to, the upcoming changes. At the VA Medical Center, for example, we had a doctor thank our Appendix A - I nter netw or k ing Basics implementation team for making his life better because he could now access so much more of the Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model data he needed, and he could do it much more quickly and far more easily than he could in the Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model previous distributed PC environment. Pa r t I V - Appendi x es

I ndex

List of Figur es

Expanding the SBC Environment

List of Tables

List of Case Studies

Most organizations choose to roll out to enterprise SBC in phases. The original scope of the project is often less than a complete enterprise deployment. As the SBC phases are successfully implemented, and the user surveys show improved satisfaction with IT, the scope of the SBC environment can be expanded. Providing feedback to management about the existing and expected financial savings can help to further promote SBC expansion.

List of Sidebars

Preparing for Future SBC-Enabled Opportunities

Once the SBC environment has been expanded throughout the enterprise, the organization's IT department should run exceptionally well. Employees will have more computing capabilities than before, at a muchCit lower ITtbudget, with Su fewer ITr personnel. Thever organization will also have rix Me aFra m e and Access it e fo W in do w s Ser opportunities that2go are 00 3beyond : Th e Othose ff icialthat Guid e realistic in a distributed PC environment. We discuss some of those opportunities in this book, more efficient centralized storage ISBN:0072195665 by Steve Kaplan et such al. as business continuance, devices, and greatly enhanced security and virus protection. But, other possibilities are now potentially McGr aw -Hill © 2003 (724 pages) available as well.This For guide instance, a large janitorial organization might decide to have a Windows terminal ex plains how to build a r obust, reliable, and manufacturer make their thinterminals lookputing like time clocks in order to enable janitors to enter data right scalable client com envir onment and deploy WindowsA2000/ Windows company 2003 Ser vmight er andoutfit MetaFr am e. Also into the ERP application. construction foreman and inspectors with wireless learn tto o centr application managem ent, r educe w ar e the job sites. An tablet devices in order havealize real-time information flow back and soft forth from on the desktop, and mor e. organization concerned about ramifications from the Sarbanes-Oxley Act might introduce third-party products such as KVS, which" Iwill to track and categorize all e-mail documents for quick < ?xm l version= " 1.0" encoding= SO-enable 8859- 1"them ?> Taand ble o f Con tdiscovery. en t s simple Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Causes of Project Failure 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve Kaplan et al. failures are, unfortunately, Examples of server-based computing not in short supply. They often occur McGr aw -Hill © 2003 a (724 pages) when an organization implements server-based computing pilot or beta with a goal toward enterprise expansion, but then the rollout. organizations approach Thisforgoes guide ex plains how Many to build a r obust, reliable, and a Terminal Services scalable thinclient comperspective. puting envir onment andit is deploy implementation from a PC networking Although sometimes possible to deploy a Windows Windows 2003 Ser v erwithout and MetaFr am e. Also successful Windows 20032000/ Server or Novell network extensive planning and piloting, this will learn t o centr alize application managem ent, r educe soft w ar e rarely work in an on enterprise server-based computing deployment. Think of installing an enterprise SBC the desktop, and mor e. environment as replacing employees' PCs with a mainframe. Both cultural and political aspects are < ?xm l version= 1.0" encoding= " I SO- 88591" ?>unplanned deployment nearly a guarantee of failure. added to the "technical challenges to make

Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Inadequate Preparation for Organizational Change

For ewor d

I ntr oduction

IT often underestimates the impact of SBC on the various cultural and political aspects of the organization. Preparing for the organizational change as described earlier in this chapter is a key I ntr oducing Ser ver -Based Com puting and th e On- Dem and component Chapter 1 - to a successful enterprise deployment. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Enterpr ise

Chapter 2

- Window s Ter minal Ser vices

Skipping Project - Citr ix MetaFr amPlanning e Access SuiteSteps

Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Many organizations skip the pilot, project definition, and infrastructure assessment steps and go

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter straight4to project planning, I mplem ent ation or even a beta. This is bound to be troublesome if not an outright failure. Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Lack of a- Designing Proof-of-Concept Pilot Your Netw or k for Ser ver- Based

Chapter 6

Com put ing

Chapter 7 - The Clientpilot Envirisonment The proof-of-concept essential for testing all applications under server-based computing before Chapter 8 - Security implementation. Proceeding immediately to a production pilot or beta can leave users frustrated with Chapter 9 -performance Net w or k Managemen t application or reliability or both. Even a small number of frustrated users can provide the Pa r t I Iof I -negative I m ple m ent ing a n Othat n-D ewill m a quell nd Se rany ve r -further Ba se d Com pu ti ng Envi r onm e nt type feedback server-based computing

expansion.

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter Lack 11 of a- Ser Project ver Configur Definition ation: Windows Document Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Some internal evangelists might beand soldConfigur on the atidea Chapter 13 - Application I nstallation ion of enterprise SBC and persuade management to

implement one without enough thought to the objectives, scope, roles, risks, and success criteria. Without a project definition document, the planning, project management, and implementation teams Chapter 15 - Pr ofiles, Policies, and Pr ocedu res have no touchstone with which to keep the project on track. Chapter 14 - Client Configur ation and Deploym ent Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

Lack of an Infrastructure Assessment

Chapter 18 - Pr int in g

Chapter - Disaster Recovery andlike Business in the SBC Envir onment Project19 design committees often to skip Continuity the infrastructure assessment step and jump straight to planning. tends the most enjoyable of the project, Chapter 20 This - Migr ationtotobe Window s 2003 and Citrpart ix MetaFrame XP when participants contribute their

knowledge toOngoing build a solution. is-virtually impossible Administr Unfortunately, ation of the Ser it v er Based Com puting to create an optimally effective onment plan without aEnvir detailed infrastructure assessment. Additionally, infrastructure flaws that are tolerated Pa r t I V -distributed Appendi x es under computing are likely to be amplified in a server-based computing environment. When Appendix A - I nter netw or k ing Basics users become completely dependent upon a central server farm for executing their applications, the infrastructure has to be solid. Appendix B - Creating an extremely On- Dem and Enterpr ise Financial Analysis Model Chapter 21 -

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Inadequate Planning

I ndex

List of Figur es

List Sometimes, of Tables even large server-based computing implementations are performed without knowledge of

basic toolsStudies and methodologies that can dramatically facilitate deployment. We once had lunch with the List of Case architects of a 5000-seat MetaFrame project who were complaining about bandwidth issues. It turned List of Sidebars out that they had never even heard of the bandwidth management tools discussed in Chapter 6. Using bandwidth management from the start would have prevented their problems.

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Project Management 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve Kaplan et to al.a successful SBC conversion. Astute project management is key Here are the major steps in project McGr aw -Hill 2003 (724 pages) managing an enterprise SBC©implementation:

This guide ex plains how to build a r obust, reliable, and 1. Identify a project manager.

scalable thin- client com puting envir onment and deploy

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also 2. Put together a project management team.

learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

3. Create a project implementation plan. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble4.o f Prepare Con t en t sfor implementation.

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

5. Start the project.

For ewor d

I ntr oduction 6. Provide user support. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

7. Measure I ntr success. oducing Ser ver -Based Com puting and th e On- Dem and -

Chapter 1

Enterpr ise

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Identifying a Project Manager

Pa I I - De signi ngcompetent a n Ent e rpr iproject se SBC Solut ion Ar tdedicated and manager

is essential to a successful implementation. There

Pr epar Your Orfor ganization for an On- Dem and Enterpr ise should have both the responsibility should 4be only oneing manager the overall project, and that person Chapter I mplem ent ation and the authority to keep it on track. Communication is key. The project manager needs to make sure Chapter 5 good - Serand ver -bad Based Computing Data Center Architect ure that both news travel fast. Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing Caution According to a onment four-year study by The Standish Group International of 23,000 IT projects, Chapter 7 - The Client Envir Chapter 8

only 24 percent of the projects are successful (ComputerWorld: Online News, 06/18/98). - Security

Chapter 9

Thew or larger the project, - Net k Managemen t the less chance it has for success. Migrating to a server-based

major ITdproject. thisr onm project Pa r t I I I - I m plecomputing m ent ing a nenvironment O n-D e m a nd is Sear ve r - Ba se Com pu tiGive ng Envi e nt

the full attention of your IT

staff, do not and run itDeploying in parallel other projects. Chapter 10 - Pr oj ectand Managing anwith Enter pr iseITSBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Putting Together a Project Management Team

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Although project manager have overall authority, it is often a good idea to appoint a team Chapter 14 one - Client Configur ationshould and Deploym ent

to assist with the project implementation plan. An IT manager and business manager are two key positions that help resolve problems and keep the project on track. Someone from procurement Chapter 16 - Securing Client Access should be on the team along with experts in the various technologies that will be utilized. The executive Chapter 17 - Net wor k Configur at ion sponsor should at least be associated with the team in order to lend his or her authority. It is important Chapter 18 - Pr int in g to include employees who are involved in the areas of the company that will be affected by the project. Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment This provides two benefits: first, the team benefits from their expertise in the area in question; and Chapter Migr ation toget Window 2003 andinCitr MetaFrame second,20the- employees to bes involved theixchange, withXP the hope that they will be less resistant to Ongoing Administr ation of the Ser v er Based Com puting it. Chapter 21 Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Envir onment

Pa r t I V - Appendi x es

Controlling Project Change

Appendix A - I nter netw or k ing Basics

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Scope creep is highly likely in a large SBC deployment. Users will often insist on accessing applications that were never included in the plan. They may insist that the project's viability in terms of I ndex meeting established performance and uptime SLAs as well as projected ROI targets hinges on these List of Figur es additions. The ability to rapidly deploy an application in a server-based computing environment is one List of Tables of its strongest selling features, yet the application implementation is a detailed process requiring List of Case preliminary Studies extensive testing. A change control process is essential for keeping the SBC project on List of Sidebars track. Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Change Control Process < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Change requests in server-based computing range from minor, as a user's request to continue Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Officialsuch Guide accessing his local C drive, to major, such as a demand to host a DOS application that is known to For ewor d

have problems running under Windows 2003 Server. Because you are implementing a central processing environment, all changes to the design plan should be approved by the project manager Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g and recorded. Changes that will affect the project budget or schedule may require additional approval. I ntr oduction

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Consider, for example, a request to add an application to the Terminal Services environment during - Window s Ter minal Ser vices the server farm rollout phase. This requires that the rollout be postponed while the new application is Chapter 3 Citr ix MetaFr am e Access Suite thoroughly -tested in conjunction with the other hosted applications. All affected parties and Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion stakeholders require notification of the rollout post-ponement. Once the new configuration proves Pr epar ing Your Or ganization for an On- Dem and Enterpr ise stable, 4a new Chapter - server image disk needs to be created, and the server rollout begins again. Since this I mplem ent ation seemingly innocuous change can have broad implications, not only for the project time and budget but Chapter 5 - Ser ver - Based Computing Data Center Architect ure also for many users, it is probably appropriate to have the business manager and IT manager sign off Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing on the change along with the project manager. Chapter 2

Chapter 7

- The Client Envir onment

Chapter 8 - Security Change Control Chapter 9

Guidelines

- Net w or k Managemen t

Changes should only or when Pa rt I I I - I m ple m ent ingbe a n made O n-D ewhen m a nd required Se r ve r - Baby sestakeholders d Com pu ti ng Envi r onm circumstances e nt

cause a

significant from the project design plan. The for all changes should be documented Chapter 10 deviation - Pr oj ect Managing and Deploying an Enter pr reasons ise SBC Envir onment along with to the schedule or budget result. Chapter 11 any - Serchanges ver Configur ation: Windows Ter m inalthat Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Conflict Resolution

Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Conflicts are inevitable in a large project. An enterprise SBC environment will demand IT resources

Chapter - Pr ofiles, Pr ocedu resSome users will be frustrated at a perceived loss of that are15already likelyPolicies, to be inand short supply. Chapter 16 Securing Client Access personal flexibility. Many users consider themselves IT experts and will disagree with the technology or Chapter Net wor k Configur at ion the way17it is- deployed. Conflicts should be quickly referred to the project manager for resolution. Chapter 18 Pr int in g Approaches to solving the problem include Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Ignoring the conflict Sometimes it is better for the project manager to simply ignore the conflict if

Ongoing Administr ation of the Ser v er - Based Com puting Chapter it is21not- likely to have a big impact on the project or is likely to resolve itself. Envir onment Pa r t I V - Appendi x es

Appendix A - I nter or k ingThis Basics Breaking upnetw the fight approach is useful if both parties are stuck in an argument. The Appendix B - manager Creating an Dem andinEnterpr isetake Financial Analysis project canOninterfere order to the energy outModel of the argument. Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

Compromising Compromise may be required at times, such as allowing a user who was

List ofscheduled Figur es to be entirely thin client to run in hybrid mode. Keep in mind, though, that any List ofnonstandard Tables implementations detract from overall project efficiency and organizational computing List ofeffectiveness. Case Studies List of Sidebars

Confronting This approach involves getting all parties together to work out their problem in an environment promoting conflict resolution. Forcing a resolution Sometimes the project manager must use his or her authority, or the authority of the IT manager or the business manager, to mandate a resolution. This method should be used as a last resort.

Creating a Project Implementation Plan Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

An enterprise SBC project withGuid a project definition document that states the goals, scope, roles, 2 00 3 : Th estarts O ff icial e risks, success criteria, andKaplan projectetmilestones. The project design plan then lays out the specifics of ISBN:0072195665 by Steve al. the major SBC components. A project implementation plan is the third step in this process. While the McGr aw -Hill © 2003 (724 pages) project planning document provides a roadmap for implementation, the project implementation This guide ex plains how to build a r obust, reliable, and document coversscalable the project aspects of migrating to an SBC environment. thin-management client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also managem ent, r educe soft w ar e on the desktop, and mor e.

learn t o centr alize application Project Constraints

Thel version= project implementation created with regard to time, money, and people resources. < ?xm " 1.0" encoding= plan " I SO-must 8859-be 1" ?> Identifying these constraints will help determine how to apply corporate resources to the project. The Ta ble o f Con t en t s following table thatfor management theOfficial SBC implementation be done quickly: Citr ix MetaFr am e indicates Access Suite Window s Serhas v er decreed 2003—The Guide For ewor d I ntr oduction Most Constrained

Moderately Constrained

Least Constrained

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Time

Budget

XEnterpr ise X

Pa People r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

X

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter Time is4the- most important I mplem ent ationelement, while human resources are less constrained. Since time has the

least flexibility, internal resources need to be diverted to the Chapter 5 - Ser ver - Based Computing Data Center Architect ureSBC project, while funds also should be used to6bring in outsideYour consultants perhaps implementers. Chapter - Designing Netw or k and for Ser ver- Based Com put ing Chapter 7

- The Client Envir onment

Another constraint, often inevitable in a server-based computing implementation, is user satisfaction. - Security Users can make or break an SBC implementation, and they are likely to resist the change if no Chapter 9 - work Net w is or kdone. Managemen t preparatory It is therefore essential for the project manager to keep the users in mind Pa r t I I I designing - I m ple m ent a n O n-D e mThe a nd objective Se r ve r - Ba should se d Combe puboth ti ng Envi r onm e nt disruption in user when theing project plan. to minimize Chapter 10 Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment operations and to generate enthusiasm among users for the new server-based computing paradigm. Chapter 8

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Your Ser verPlan Configur ation: Citr ix MetaFr am e Presentation Ser ver Defining Chapter 13 - Application I nstallation and Configur at ion

Your plan take Configur shape as youand define the major Chapter 14 will - Client ation Deploym ent elements of implementation. Consider timing, key milestones, budget, and communicate Chapter 15 - and Pr ofiles, Policies, and Pr ocedu resthe plan to everyone involved. Chapter 16 - Securing Client Access

Project Timing Time is invariably the most constrained resource, and it is often not the most visible to

Chapter 17 - Clearly Net wor kcommunicating Configur at ion the timing of the project's phases will help to convey the participants. Chapter 18 Pr int in g appropriate level of urgency. Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Key Milestones Identifying key milestones participants Chapter 20 - Migr ation to Window s 2003 and enables Citr ix MetaFrame XP to easily measure progress. StakeholdersOngoing should be involved in defining Theputing milestones can provide a chance for the Administr ation of the Sermilestones. v er - Based Com Envir onment team to pause and ask, "Where are we and how far do we have to go?" They can also provide an Pa r t I V - Appendi x es opportunity for positive communication to the stakeholders and the company at large when they are reachedAon- time Appendix I nterand netwon or kbudget. ing Basics Chapter 21 -

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Estimated Project Costs and Cash Flows Defining the broad budget for the project conveys the significance of the resources being expended. It also enables appropriate stakeholders to measure I ndex expenditures against it. Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model List of Figur es

List of Tables Implementation Strategy There are certainly many different ways to implement SBC. Providing a List of Case of Studies summary your strategic approach will help eliminate confusion and uncertainty. List of Sidebars

Upside and Downside Potentials Any new IT project has risks as well as potential rewards. Upside potential in this environment can include many unexpected results such as increased sharing of best practices among previously isolated corporate divisions.

Likely Points of Resistance with Strategies for Overcoming Them Potential technical, financial, and political roadblocks should be listed along with approaches for

resolving them. For instance, if employees in a particular remote office are determined to keep their own file server and LAN, a strategy for a phased implementation in their case might be appropriate. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

Technical Challenges Terminal Services is an evolving technology. Technical challenges will be 2 00 3 : Th e O ff icial Guid e present in every large enterprise rollout. Identify any problem areas that could jeopardize customer ISBN:0072195665 by Steve Kaplan et al. satisfaction with the project. Set action plans for resolving technical challenges. For instance, if a 16-bit McGr aw -Hill © 2003 (724 pages) application is quirky on Windows 2003 Server, it should either not be hosted, or it should be isolated on This guide ex plains how to build a r obust, reliable, and a separate serverscalable or server farm and accessed from the main production farm via Passthrough. thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

Identifying Unresolved Design Some design parameters willwremain vague prior to the learn t o centr alizeIssues application managem ent, r educe soft ar e project implementation. These questionable on the desktop, and mor e. areas should be referred to experts to help eliminate any confusion or uncertainty. For instance, when designing a Network-Attached Storage solution, we bring < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> in the manufacturer in order to size the unit appropriately. Ta ble o f Con t en t s

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Defining Project Roles

For ewor d

I ntr oduction Define the roles and responsibilities of staff members during the project implementation. Some of the Pa r t I -you Ov er vi e w need of Ente ise Seinclude r ve r - Ba se d Commanagement put in g roles might tor pr define project

assistance, teams for implementing

I ntr oducing Ser ver -Based Com puting and th e On- Dem and server-based Chapter 1 - computing migration, procurement, wide area network implementation, bandwidth ise managementEnterpr facilitation, and storage consolidation. If using an integrator or consultants, define their Chapter 2 - Window s Ter roles, responsibilities, andminal tasksSer asvices well. These may be limited to consulting, or they may include Chapter - Citr ix MetaFr am e Access Suite project 3management or hands-on implementation. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Managing Pr the eparTasks ing Your Or ganization -

Chapter 4

for an On- Dem and Enterpr ise

I mplem ent ation

Projects down Computing by tasks that canCenter be defined as ure a unit of work that is important to the project Chapter 5 are - broken Ser ver - Based Data Architect completion. can Your also Netw include subtasks. Assign managers to each task and set Chapter 6 - Tasks Designing or k related for Ser verBased Com put ing performance SLAs. ForEnvir instance, one task may be to order an ATM link to the data center by a certain Chapter 7 - The Client onment date. The may be to order all data lines and equipment on or before the due date. Chapter 8 SLA - Security Chapter 9

- Net w or k Managemen t

Developing a Work Breakdown Structure Tasks need to be organized into logical milestones, sequenced, assigned, associated with necessary resources for their completion, and communicated to Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment team members. The work breakdown structure (WBS) is a standard method of organizing project Chapter Sertwo ver formats: Configur ation: Ter m inal Serv tasks in11one- of either Windows an organizational chartices with each box listing tasks, as shown in Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver form tends to work better for Figure 10-3, or an outline WBS, as shown in Figure 10-4. The outline Chapter 13 Application I nstallation and Configur at ion projects with many layers of tasks. Both techniques show the different levels required and include Chapter 14 - or Client Configur ation Deploym ent and minor tasks. subprojects milestones, majorand tasks, subtasks, Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List ofFigure Tables 10-3: Organizational chart method of a work breakdown structure List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

Figure 10-4: Outline method of a work breakdown structure

I ntr oduction Pa r t I - Ov er vi eawProject of Ente rSchedule pr ise Se r veThe r - Bakey se d is Com g Developing to put findinways

to schedule parallel activities in order to

I ntr oducing Ser ver -Based Com puting and th e On- Dem and complete Chapter 1 the - project within the allotted time frame. Building an enterprise SBC architecture is Enterpr somewhat akin to a ise construction project. The most common scheduling technique in this case is the Chapter Window s(CPM), Ter minal Ser vices critical 2path- method which uses historical data to estimate task durations. Chapter 3

- Citr ix MetaFr am e Access Suite

Coordinating Tasks In earpr large enterprise Pa r t I I - De signi ng a n Ent i se SBC Solut ionproject,

different elements of the organization will require coordination Pr between Assign specific managers, as necessary, epar ing them. Your Or ganization for an On- Dem and Enterpr ise to ensure this coordination takes Chapter 4 place. For each taskent it should I mplem ation be clear who has ultimate responsibility for its completion. Though several5people contribute, only one be responsible. This is the person whom the Chapter - Sermay ver - Based Computing Dataperson Centercan Architect ure project manager will rely on for communication on the status of that task. Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing Chapter 7

- The Client Envir onment

Defining Project Documentation Detail how the project will be documented for IT staff, managers, - Security and end users. This documentation should conform to the communication plan described later in this Chapter 9 - Net w or k Managemen t chapter. It should include documentation about the data center configuration as well as about Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt equipment and data lines at each remote office. Chapter 8

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Chapter 11 - Ser Configur ation: Windows Ter m inal Serv Establishing anver Internal Marketing Plan Formulate anices internal marketing plan, as described in Chapter Chapter 121. -Identify Ser ver points Configur of ation: resistance Citr ix in MetaFr the organization am e Presentation and establish Ser ver action plans for overcoming

them. 13 - Application I nstallation and Configur at ion Chapter Chapter 14 - Client Configur ation and Deploym ent

Preparing for Implementation

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access

Organizational foratthe Chapter 17 - Netpreparation wor k Configur ion project implementation should start with a word from the executive sponsor. Chapter 18 Surveys - Pr int incan g then be distributed in order to more precisely define the project tasks. Ordering lines and the nextand stepBusiness in preparing for deployment of implementation teams. Chapter 19 equipment - Disaster is Recovery Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Announcing the Project to the Organization Ongoing Administr ation of the Ser v er - Based Com puting

Chapter 21 -

Envir onment

Announcement of the project should incorporate sponsorship statements from key corporate executives and give all employees a clear vision of what is coming, what it will look like, what to expect, Appendix A - I nter netw or k ing Basics how it will benefit them and the organization, and how it will affect their daily work. At ABM Industries, Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model the vice president of MIS created a "Back to Business" video that emphasized SBC's ability to eliminate Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model much of the futzing that PCs tend to foster. By mixing humor with a description of benefits, ABM I ndex created an extremely effective marketing tool. Pa r t I V - Appendi x es

List of Figur es List of Tables Executive

Mandate

List of Case Studies

Although we put a lot of emphasis on selling the project to users, an executive mandate is still List of Sidebars required. A formal letter should go out from a high-ranking executive, preferably the CEO, telling all managers and users that SBC will be taking place. It should emphasize that this is an organizational initiative and that everyone is expected to make it work.

Surveys The distributed nature of a PC-based computing environment means that many organizations,

particularly larger ones, do not have a good grasp of the exact equipment and applications run by users. This is especially the case with remote offices or where managers have had the authority to purchase their own and Creating both Cit hardware rix Me t aFra m esoftware. Access Su it e fo r surveys W in do wfor s Ser verusers and remote offices will enable the project manager toffassess theetrue environmental condition and make appropriate ordering 2 00 3 : Th e O icial Guid decisions. Even organizations with system (NMS) in place often find ISBN:0072195665 by Steve Kaplan et an al. existing network management that the inventoryMcGr capabilities are not accurate enough to rely upon. In such cases, the inventory report aw -Hill © 2003 (724 pages) from the NMS can be used as a basis for the survey, and then the user This guide ex plains how to build a r obust, reliable, and representative for the site can be asked to correct the report. scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

WAN Survey If the learn existing t o centr WAN alizeinfrastructure application managem does not ent, provide r educeadequate soft w ar e connectivity to all remote on the Services, desktop, and mor e. offices under Terminal a site survey should be completed at least 60 days before the installation in" order to allow for bandwidth upgrades. This timing is crucial due to the inevitable delays < ?xm l version= 1.0" encoding= " I SO8859- 1" ?> caused by the local and national exchange carriers. A user count and printer count (including types of Ta ble o f Con t en t s printers) will help determine the type and size bandwidthOfficial connection Citr ix MetaFr am e Access Suite for Window s Ser v erof2003—The Guide to each site. Including the address and ZIP code helps the WAN team decide whether certain technologies, such as a DSL For ewor d connection, are viable options. I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

LAN Survey Make sure the LANs in the selected remote offices are ready for a transition to server-

I ntr oducing Ser ver -Based Com puting and that th e OnDem and worked in a PC-based computing based computing. For example, daisy-chained hubs might have Chapter 1 Enterpr ise

environment can kill server-based computing sessions. This is because users often have at least one - Window s Ter minal Ser vices more Ethernet hop to the data center server backbone that may be enough to exceed the IEEE Chapter 3 - Citr ix MetaFr am e Access Suite Ethernet standard. Another example is a poorly performing server that may have problems when the Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion implementation team tries to copy data from it. Such problems can also give the field deployment Pr epar ganization they for anmight On- Dem andinEnterpr isemigrate local desktops and teams a up"ing forYour whatOrequipment need order to Chapter 4 "heads I mplem ent ation servers. For example, if the LAN backbone has problems, the field technician might plan on bringing Chapter 5 - Ser ver - Based Computing Data Center Architect ure his own hub to connect the server to the deployment PC with a CD-RW drive to pull the data from the Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing server. Chapter 2

Chapter 7

- The Client Envir onment

Chapter Application 8 - Security Survey Despite the best efforts of the planning committee and despite any company

policies9 that- are created regarding Chapter Net w or k Managemen t the SBC implementation, some users in remote offices will nearly always they are required to doe nt their Pa r t I I I -have I m plelocal m entapplications ing a n O n-D ethat m a nd Se rinsist ve r - Ba se d Com pu tifor ng them Envi r onm

job. It is far better to

learn about applications ahead of timeanin Enter orderprto appropriate Chapter 10 - these Pr oj ect Managing and Deploying isemake SBC Envir onment accommodations for them as part 11 of the implementation design process. Chapter - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Note In the infrastructure assessment phase described in Chapter 4, we discussed the importance of learning everything about an application before hosting it via server-based computing. This Chapter 14 - Client Configur ation and Deploym ent rule must still be followed even in the sometimes-unwieldy arena of remote office migration. Chapter 15 We - Prlearned ofiles, Policies, Prway. oceduIn res this theand hard one implementation, we came across many custom-written Chapter 16 applications - Securing Client Access utilized in remote offices. Most were written in Microsoft Access and easily Chapter 17 migrated - Net worto k Configur at ion computing. At one site, however, we migrated an application to the server-based Chapter 18 corporate - Pr int in g data center and were told it no longer worked. After extensive debugging, we Chapter 19 asked - Disaster Recovery and information. Business Continuity in the SBC Envir the user for more The user replied, "Theonment application never really worked, I thought that it might workand once moved it." XP Chapter 20 but - Migr ation to Window s 2003 Citryou ix MetaFrame Chapter 13 - Application I nstallation and Configur at ion

Ongoing Administr ation of the Ser v er - Based Com puting Chapter Printer21 Survey An accurate count of the number and type of printers and print servers will help Envir onment

determine the type Pa r t I V - Appendi x es and

size of connection required to each remote site. It is also important to

determine printers apart from users' default printers. Printers that are not going to be Appendix A any - I nter netw orrequired k ing Basics supported part of the SBCDem environment be eliminated. Otherwise, they are bound to cause Appendix B as - Creating an Onand Enterprshould ise Financial Analysis Model

problems may even lead to and Terminal Services blue screens. implementation team can bring Appendix C and - Creating an OnDem Enterpr ise Subscr iption Billing The Model new printers with them to replace the nonsupported units.

I ndex

List of Figur es Survey It is important that the IP addresses are managed across the enterprise. Whether IP Address List of this isTables done manually or by using management software, the point is that the lack of a workable List of Case Studies scheme can cause a lot of system administration overhead and confusion. If such a system is not in List of Sidebars place before the SBC project, consider using the project as an excuse to put one in place.

PC Survey Determining the condition of each user's PC may aid a decision about whether to replace it with a Windows terminal. Create criteria for determining whether a PC is compatible with the SBC environment. This might include having an existing network interface card (NIC), having an existing desired local operating system, or being within a certain number of years old. User Survey Complete a user survey at least two weeks before installation to allow enough time to

order and ship required equipment as well as to set up the user accounts. This survey should cover all relevant information about each user, including whether the user requires access to only SBCapproved applications user's machine Cit rix and Me twhether aFra m e the Access Suexisting it e fo r W in do w s meets Ser verSBC standards. The survey should also measure satisfaction with 2 00 3users' : Th e O ff icial Guid e the existing computing environment in order to establish a baseline for judging the success implemented. by Steve Kaplan of et the al. SBC environment onceISBN:0072195665 McGr aw -Hill © 2003 (724 pages)

Order Equipment This guide ex plains how

to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Equipment must Windows be ordered for Windows the SBC 2003 implementation wellam ase.for any upgrades to the existing 2000/ Ser v er and as MetaFr Also infrastructure. learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Equipment Purchase Lead Time The surveys will show the existing type and condition of the

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> equipment at headquarters and at remote offices. Order new equipment required for the installation a Ta ble o f Con t en t s

minimum of two weeks beforehand. This is necessary in order to stage the equipment prior to a large rollout. If you are rolling out 2500 Windows terminals to remote offices, for example, the logistics For ewor d become daunting in terms of delivery confirmation, asset tracking, and shipping. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide I ntr oduction

Pa r t I - Ov er vi e w of Ente r prIt ise r ve r - Ba se Com put in g Asset Tracking System is Se important todhave some

type of asset tracking system in place in order to

I ntr oducing Ser ver and -Based Com itputing and th e IfOnDem and record 1the equipment ordered where is deployed. your organization does not yet utilize one, Chapter Enterpr the SBC project is aise good time to start. Ideally, the system would be accessible by the field deployment Chapter 2 - so Window s Ter minal Ser vices technicians that as they deploy each user, they can enter that user's equipment information directly Chapter - Citr ix MetaFr am e Access Suite into the3system. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Remote Office LANs offices may inadequate hubs,ise or even lack a network altogether. Pr epar ing Remote Your Or ganization for have an OnDem and Enterpr Order any hubs, switches, network interface cards, print servers, and cabling to be put in place ahead I mplem ent ation of the migration team. If you are ordering many remoteure offices, order four weeks ahead of time to Chapter 5 - Ser ver - Based Computing Datafor Center Architect allow for staging and shipping. Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing Chapter 4

Chapter 7

- The Client Envir onment

Chapter 9

- Net w or k Managemen t

Personnel Resources Chapter 8 - Security

Necessary personnel must be identified for both the upgrades and for the actual project implementation. For instance, later in this chapter we describe the composition of the implementation Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment teams. Decisions need to be made about the number of technicians required to migrate users at Chapter 11 - Ser veratConfigur ation: Windows Terthe m inal Serv migration ices headquarters and all remote offices. While actual time for a user in a remote office Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver can often be kept down to about an hour, travel and logistics make a four-hour average estimate more Chapter 13The - Application I nstallation and Configur at ion will determine how many technicians are assigned realistic. time, money, and resource constraints Chapter 14 - Client Configur ation and Deploym ent to the project. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Infrastructure Upgrades Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

In Chapter 4, we discussed the importance of doing an in-depth infrastructure assessment. The project management team needs to review that assessment again, factoring in the results from the surveys. Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Deficiencies in the network infrastructure that were tolerated in a PC-based computing environment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP are likely to be disastrous once users depend upon the corporate data center for all of their Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 - Any infrastructure deficiencies must be resolved prior to the SBC migration. Both processing. Envir onment equipment and human resources must be secured for the upgrades and for the project Pa r t I V - Appendi x es implementation. Chapter 18 - Pr int in g

Appendix A - I nter netw or k ing Basics

Appendix B - Creating anThe On- data Dem and Enterpr iserequires Financialupgrades Analysis Model Data Center Upgrade center often such as implementing a gigabit Appendix C Creating an OnDem and Enterpr ise Subscr iption Billing Model switching solution or a new firewall to enable secure Internet access. These projects require planning I ndex and implementation before the enterprise rollout. List of Figur es

Network Backbone Upgrade One way to think of the MetaFrame XP server farm is as if it were List of Tables

actually hundreds List of Case Studies or thousands of PCs. The backbone infrastructure, therefore, needs to be both very fast and reliable. Examine the existing backbone carefully using a network analysis tool, if necessary, in order to spot any deficiencies. Any problems must be fixed before the beta implementation.

List of Sidebars

Network Operating System Upgrades Some organizations take the opportunity during an SBC implementation to either upgrade or migrate their network operating systems. This should be treated as a separate subproject, and the migration or upgrade should be completed before the server-based computing enterprise rollout—ideally, before the beta. Attempting to do this project concurrently with an enterprise SBC implementation leaves far too many variables to troubleshoot in the event of problems. It can have another undesirable side effect: users who experience problems related to the

change in operating system or infrastructure may think that the Terminal Services or MetaFrame XP software is responsible. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

Data Center Storage The project design planning document will include the selected storage medium 2 00 3 : Th e O ff icial Guid e at the data center, whether NAS, SAN, or general-purpose fileISBN:0072195665 servers. The surveys will show the by Steve Kaplan et al. amount of hard drive storage currently required by users and by remote office servers, enabling McGr aw -Hill © 2003 (724 pages) ordering of the appropriate storage for the data center. Of course, user and remote office storage This guide ex plains how to build a r obust, reliable, and requirements for scalable SBC-hosted applications can be ignored. Significant economies of scale are obtained thin- client com puting envir onment and deploy by centralizing allWindows data storage of2003 requiring a surplus for am each user. As a result, the 2000/instead Windows Ser v er and MetaFr e. Also learn t ostorage centr alize managem ent, r educe soft of w arexisting e requirement for central willapplication be less than the cumulative totals distributed hard on the desktop, and mor e. drives. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Wide Area Network Upgrades The surveys will show the number of users per remote office, enabling Ta ble o f Con t en t s

decisions about how much bandwidth to supply. Some organizations will install their first WAN as part of the SBC architecture. Others will upgrade their existing system, while still other organizations will For ewor d add redundancy. In an ideal world, this implementation should be completed well before the SBC I ntr oduction rollout, but in practice it is often not possible. Allow 60 days for ordering and installing data connectivity Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g lines or upgrades whether using a frame relay connection, a leased line, DSL, cable, or ISDN. Do not I ntr oducing Ser ver -Based Com puting On- Dem andthey are staying on schedule. Test rely on 1your- telecommunications company; followand up th toemake sure Chapter Enterpr ise the lines once they are in place before sending an implementation team to a remote office. Also test Chapter 2 - Window s Ter minal Ser vices redundancy, even if this is just a dial-up to the data center. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

We found thatingCitrix easily become lightning rod for blame. If, during a thin-client Pr epar Yourcan Or ganization for an aOnDem and Enterpr ise I mplem entsuffer ation from infrastructure or other problems completely unrelated to Citrix, they migration, users Chapterstill 5 are - Ser ver -to Based Data Center Architect likely thinkComputing it is the cause. Perhaps this is ure just a case of transference, but the remedy Chapteris6 clearly - Designing to minimize Your potential Netw or k for problems Ser ver-by Based not Com trying put toing do other IT projects concurrent with a ChapterCitrix 7 - implementation. The Client Envir onment Chapter 4

Chapter 8

- Security

—Sean Finley, Assistant Vice President and Deputy Director of Electronic Services, - Net w or k Managemen t ABM Industries

Chapter 9

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Starting the Project

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Establish a regular meeting schedule to review milestones and budgets. Work on the exception principle. Focus on what is not going according to plan. Fix it fast. Be prepared to add resources in Chapter - Prthe ofiles, Policies,Issue and Pr reslist of targets and key troubleshooting assignments. order to15meet schedule. aocedu weekly Chapter 14 - Client Configur ation and Deploym ent Chapter 16 - Securing Client Access Chapter 17 - Net Quality wor k Configur at ion Maintaining and Accountability Chapter 18 - Pr int in g

Make careful and informed decisions about Continuity key equipment or leases. System reliability Chapter 19 - Disaster Recovery and Business in thepurchases SBC Envir onment should 20 be a- prime consideration any SBC project. Unreliable Chapter Migr ation to Window sin2003 and Citr ix MetaFrame XP system elements can jeopardize

overall system performance. and puting vendors to ensure that they are staying on Ongoing AdministrMonitor ation ofall thesubcontractors Ser v er - Based Com Chapter 21 -their assigned tasks. Move quickly to correct targets that aren't being met. target with Envir onment Pa r t I V - Appendi x es

ProjectA Budget Appendix - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

It will be difficult to accurately estimate the budget required for a large SBC deployment because of the tremendous number of variables involved. Fortunately, server-based computing tends to save I ndex organizations so much money that even significant budget overruns would compare favorably with the List of Figur es PC-based computing alternative. Appendix B shows how to prepare a financial analysis of serverList of basedTables computing versus PC-based computing. Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

List of Case Studies

Budget Contingencies Management will want to see a budget and expect the project manager to List of Sidebars hold to it. This is why it is important to build in contingencies for travel, cost overruns, and unexpected problems. It will sometimes be necessary to spend more than planned in order to achieve the desired results. It is also wiser to deviate from the budget in order to circumvent a problem before it becomes a crisis. Again, the vast savings enabled by the overall project should make this the wise alternative. Budget Monitoring Tying the budget to the project milestones is a good method for monitoring progress and keeping expenditures on track. It also can provide stakeholders with a clearer example

of benefits. For instance, a project milestone might be replacing 500 old PCs with new Windows terminals. The Windows terminals cost $400 each, while purchasing 500 new PCs would cost $1000 each (including the PCs require). Offset budget at this point against the Citextra rix Meinstallation t aFra m e Access Su it e fo r W inthe do wproject s Ser ver cost of purchasing new PCs and the Guid cost eof upgrading those new PCs in two or three years. 2 00 3 : Th e O ff icial by Steve Kaplan et al.

Communication McGr Plan aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and

It is essential to communicate about the project with users. We recommend over-communicating scalable thin- client com puting envir onment and deploy about the projectWindows migration2000/ parameters expectations. Regular Windowsand 2003 Ser v er and MetaFr ame-mails e. Also are certainly valuable. Prepare a list of frequently asked to help users their new environment. learn t o centr alizequestions application(FAQs) managem ent, rinform educe soft w arabout e on the desktop, and mor e.

Issue Regular Project Updates Relay the key achievements since the last update. Talk about the < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> project status and where the project is going in the next period. Discuss what is required to ensure Ta ble o f Con t en t s success. Part of the established communication plan should be to report on the project's progress to Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide key stakeholders. For ewor d

I ntr oductionComplaints Enhance the help desk department as explained later in the chapter. Enlist the Handling Pa r t Iof- regional Ov er vi e wmanagers, of Ente r pr ise Se r ve r - Ba se Com put g aid if necessary, todhelp set in user

expectations during the implementation.

I ntrexpectations oducing Ser ver Com that puting and thbe e OnDem and Managing is -Based something should done continuously during the process. This Chapter 1 user ise will decreaseEnterpr the number of calls to the help desk. Chapter 2

- Window s Ter minal Ser vices Publishing News Use Suite e-mail or an intranet to publish ongoing news about the migration. Chapter 3 - Deployment Citr ix MetaFr am e Access

Let ofapotential other Pa r t Iusers I - De know signi ng n Ent e rprbottlenecks i se SBC Solutor ion

problems before they take place. Share the wins as well. Publish Pr user about thefor migration. epartestimonials ing Your Or ganization an On- Dem and Enterpr ise

Chapter 4

-

I mplem ent ation Deployment Guide Creating a deployment guideArchitect for implementation teams is discussed later in this Chapter 5 - Ser ver - Based Computing Data Center ure

chapter. In -some organizations, users will be doing their own client setup. In these cases, the Designing Your Netw or k for Ser ver- Based Com put ing deployment guide can be of great assistance to them as well.

Chapter 6 Chapter 7

- The Client Envir onment

Chapter 8

- Security

Customer - Net Care w or k Managemen t

Chapter 9

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Providing adequate user support is essential to a successful enterprise SBC implementation. Even though users may experience initial problems, they will have much better attitudes if they can receive Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices prompt and competent help. Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Enhancing the Current Support Structure

Chapter 14 - Client Configur ation and Deploym ent

Chapter Pr ofiles, Policies, and Pr ocedu res Part of 15 the -infrastructure assessment described in Chapter 4 is an analysis of the organization's help desk methodology andClient escalation Chapter 16 - Securing Access procedures. Once the enterprise SBC environment is in place and

stabilized, Chapter 17 help - Netdesk wor k requirements Configur at ion will fall. Not only does Citrix MetaFrame XP enable superior troubleshooting shadowing capabilities, but also the number of problems will fall because the Chapter 18 - Pr intthrough in g processing place centrally. theContinuity implementation phase, however, Chapter 19 -takes Disaster Recovery andDuring Business in the SBC Envir onment the frequency of support requests increase. In Window additions to the and confusion and problems Chapter 20 will - Migr ation to 2003 Citr ix MetaFrame XP of implementing a new computing infrastructure,Ongoing the help desk will, in effect, be vsupporting twoputing environments during the transition. Be Administr ation of the Ser er - Based Com Chapter 21 to- supplement the help desk with additional personnel during this period. prepared Envir onment Pa r t I V - Appendi x es

Establishing Service Level Agreements Establish and manage service level agreements (SLAs) for the help desk during project implementation. Ensure that users receive the help they need to get them Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model through the transition without frustration. Appendix A - I nter netw or k ing Basics

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

I ndex Support Processes Tech support should cover every shift and every time zone. A process should be List of Figurand es the appropriate personnel identified, for escalating problems that are not resolved by the in place, List of Tables first-line support people in an acceptable time frame. List of Case Studies

Virtual Call Center Create a virtual call center where any member of the implementation team can assist if required. Use help desk software to enable this collaboration among different individuals from different areas working on the same user problem. ABM Industries, for instance, wrote custom software in Lotus Notes that tracks every help desk request from initiation of the call to ticket closing. Any implementation team member can sort by user or by problem in order to more quickly troubleshoot and resolve the issue.

List of Sidebars

Triage Process Have a swat team available to go onsite to handle particularly tricky problems that surface during the implementation. Consider using outside experts for the SWAT team that have a

high level of experience with MetaFrame XP, Windows, and networking.

Status Reporting Cit rix

Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

The help desk should work in conjunction with the purchasing ISBN:0072195665 department and the project by Steve Kaplan et al. management team to give continuous status updates. These updates can take place through phone McGr aw -Hill © 2003 (724 pages) calls, e-mail, and an intranet. They should reflect user attitudes about the migration process in order This guide ex plains how to build a r obust, reliable, and for adjustments to be made. scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Measuring Success

< ?xm Establish l version= success " 1.0" encoding= metrics ahead " I SO-of 8859time1"and ?> measure results against them. For instance, an SLA Tamight ble o fbe Con en t s tot enable users in remote offices to access their data within 24 hours of migrating to server-

based computing. Measure report sthe results ofOfficial how long it takes users to gain access. Citr ix MetaFr am e Access Suite and for Window Seractual v er 2003—The Guide For ewor d

Using Measurement I ntr oduction

Tools at Milestones

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Survey users at project milestones to measure their perceptions versus expectations. For instance, a

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter project 1milestone might Enterpr ise be to have all small remote offices online as SBC users. Surveying users can

reveal any performance Chapter 2 -problems Window swith Ter minal Ser vices or reliability, which will enable adjustments to the design plan before proceeding to the next milestone. - Citr ix MetaFr am e Access Suite

Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Project Success on a Macro Level Pr epar ing Your Or ganization for an

Chapter 4

-

On- Dem and Enterpr ise

I mplem ent ation

On a macro level, metrics should include project performance against budgeted costs, estimated - Ser ver - Based Computing Data Center Architect ure timelines, and user satisfaction. Measuring success is discussed further in this chapter under the Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing section "Postproduction Management of the SBC Environment." Chapter 5 Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Proof-of-Concept Pilot Program 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve Kaplan al.a proof-of-concept pilot program In Chapter 4, we discussed settingetup as an important element in the McGr awSBC -Hill © 2003 (724 pages) design of an enterprise environment. The pilot is also the first step in an enterprise rollout. It serves as a basicThis testguide of application performance ex plains how to build a using r obust,Terminal reliable, Services. and

scalable thin- client com puting envir onment and deploy Windowsshould 2000/ Windows 2003 Ser v er system and MetaFr am e. Also At first, the pilot program be a nonproduction designed to ensure that the desired learntogether t o centr alize application ent, and r educe soft w arServices. e applications perform adequately overmanagem MetaFrame Terminal The next step is to on the desktop, and mor e. expand the nonproduction pilot to a small production pilot with carefully selected participants running < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> specific applications. Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Pilot Platform

For ewor d

I ntr oduction The pilot hardware should be representative of the hardware that will eventually be used in the data Pa r t I - Ov vi e w ofthe Ente r pr ise Se rrollout. ve r - Ba se d Com put in g center to er support enterprise The pilot program

should not be constrained by any difficulties

I ntr oducing Ser ver -Based Com puting and th e On- Dem and or limitations Chapter 1 - in the existing network infrastructure. For instance, if the network backbone is causing Enterpr ise should be set up on a separate backbone. If a data line to a remote office latency issues, the pilot Chapter 2 fails, - Window Terremote minal Ser vicesshould not be part of the pilot program. frequently thensthe office Chapter 3 - Citr ix MetaFr am e Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Application Selection Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Chapter 4

-

I mplem ent ation

The objective is to load all applications to be hosted under SBC as part of the proof-of-concept, Chapter 5 - Ser ver - Based Computing Data Center Architect ure nonproduction pilot program. That being said, most organizations have far too many applications to Chapter 6 Designing Your Netw or k for Ser ver- Based Com put ing reasonably- host together in a MetaFrame environment. During the infrastructure assessment and Chapter The Client Envir onment project 7plan- design process, the appropriate applications are studied in great detail and are carefully Chapter 8 for- server-based Security selected computing. Since the pilot takes place before this assessment begins, you Chapter 9 down - Netthe w orapplications k Managementot be hosted in this environment by following a few rules of thumb: can pare Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Use samples. representative Chapter 10representative - Pr oj ect Managing and Applications Deploying an should Enter prbe ise aSBC Envir onmentsample of the production suite. Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Eliminate duplications. Look over the list of all applications to eliminate obvious duplications. For instance, if 90 percent of projected SBC users run Microsoft Office and 10 percent run Corel Chapter 14 - Client Configur ation and Deploym ent WordPerfect Office, you can reasonably assume that MS Office will win out as the new corporate Chapter 15 - Prunder ofiles,server-based Policies, and Pr ocedu res standard computing. Chapter 13 - Application I nstallation and Configur at ion

Chapter 16 - Securing Client Access

Develop selection criteria.at Create a list with "must-have" and "should-have" features to help pare Chapter 17 - Net wor k Configur ion down in the pilot program. For instance, a must-have feature would be that an Chapter 18 the - Prapplications int in g application is stable under and standard NT Continuity workstation. A should-have feature would be that the Chapter 19 - Disaster Recovery Business in the SBC Envir onment application isation 32 bit. Chapter 20 - Migr to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Testing

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ingand Basics The performance, stability, interaction of the various applications individually and collectively under Appendix - Creating an be On-tested Dem and Enterpr ise Financial Analysis TerminalB Services must and evaluated. One way to doModel this is by using test lists. Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

The application information gathered during the infrastructure assessment can be used to prepare the test lists. The lists should include the attributes to be tested along with the expected outcomes. Record List of Figur es the actual outcome for each test and whether it passed or failed. In Chapter 15, we discuss application List of Tables testing in some detail. I ndex

List of Case Studies List of Sidebars

Expanding to a Production Pilot Program

Start with a prepilot survey geared to recording the current state of user performance, reliability, and satisfaction in a fat-client environment. Use the survey results to set expectations for the users about the performance under MetaFrame XP. Be sure they are prepared for the inevitable problems that the new environment will precipitate, as well as for any differences they are likely to encounter by running their applications in a server-based computing environment.

It is acceptable to ask "leading" questions in the survey to set expectations, but they should strive for quantifiable answers where practical. For example, instead of asking, "Does your PC crash on a daily basis?" you can ask, "How per day PCwneed to be rebooted?" The results Cit rix Me t many aFra mtimes e Access Su itdoes e fo r your W in do s Ser ver should be tabulated published the eusers who participated. If an intranet site is available, 2 00and 3 : Th e O ff icialtoGuid consider doing the online rather bysurvey Steve Kaplan et al. than with paper forms. ISBN:0072195665 McGr aw -Hill © 2003 (724 pages)

Selecting Applications This guide ex plains how

to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy The objective of the pilot program is to prove of server-based computing by running crucial Windows 2000/ Windows 2003the Servalue v er and MetaFr am e. Also learn t o centr alize application Misbehaving, managem ent, rbut educe soft w ar e applications should not be applications successfully in this environment. noncrucial, onthe theproduction desktop, and morThey e. included as part of pilot. can be tested further for inclusion as part of the beta if

their problems canencoding= be solved" Ior isolated a two-tier server farm, as discussed in Chapter 12. < ?xm l version= " 1.0" SO8859- 1"using ?> Ta ble o f Con t en t s

Tip You can use batch files or WSH (Windows Scripting Host) to remove or move icons from SBC applications that are currently run locally on a user's PC. This allows for a quick rollback in the For ewor d event that the pilot program does not succeed. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide I ntr oduction

Pa r t I following - Ov er vi e w of some Ente r pr ise Se r verequirements r - Ba se d Com put g The are minimum forinrunning

an application in a production pilot

I ntr oducing Ser ver -Based Com puting and th e on On-your Dem own and list. program. are suggestions to help get you started Chapter 1 These Enterpr ise

The stable thevices current distributed environment. Chapter 2 application - Window sis Ter minalinSer Chapter 3

- Citr ix MetaFr am e Access Suite

If it is a DOS application, it does not extensively poll the keyboard. This can cause huge CPU utilization on the MetaFrame XP server. You should seriously consider replacing any DOS Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 application with ent a 32-bit I mplem ation Windows version if possible. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

If it is an older or custom application, make sure it doesn't use hard-coded pathnames for files. - Designing Your Netw or k for Ser ver- Based Com put ing Since most paths need to be user specific in a multiuser environment, this can cause major Chapter 7 - The Client Envir onment headaches. Chapter 6 Chapter 8

- Security The Chapter 9 application - Net w or krepresents Managementhe t most users possible. Using our previous example, we would want

MSmOffice not because former represents Pa r t I to I I test - I m ple ent ingand an O n-DWordPerfect e m a nd Se r ve Office r - Ba se d Com pu tithe ng Envi r onm e nt

90 percent of the

users. Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Applications with back-end integration requirements (such as database or terminal session connectivity) have upgraded to the latest version. We have found that many applications that fit Chapter 13 - Application I nstallation and Configur at ion this description, such as IBM Client Access or various reporting packages, work fine in a multiuser Chapter 14 - Client Configur ation and Deploym ent environment but only if you use the latest version. Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 and - Securing Client Access Testing Evaluation Chapter 17 - Net wor k Configur at ion

Start with test Chapter 18 the - Pr int inlists g defined in the pilot program for component and system testing, and layer in tests aimed at production environment. Such Continuity tests would larger number of users running the Chapter 19 the - Disaster Recovery and Business in include the SBCaEnvir onment applications, competing reconnection to a user Chapter 20 - Migr ation to network Window straffic, 2003 and Citr ix MetaFrame XPsession, use of shadowing to support an application, and the effect on applications up and restoring data. Ongoing Administr ation of the Ser voferbacking - Based Com puting

Chapter 21 -

Envir onment

Determine what performance data needs to be collected and how to collect it. System management tools such as Citrix RM can be useful here, as well as user surveys. One of the best testing methods at Appendix A - I nter netw or k ing Basics this stage is simply saturation: let the users pound away at the applications, and see what they come Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model up with. Pa r t I V - Appendi x es

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex Selecting

the Participants

List of Figur es List The of production Tables pilot program should include a larger sample of users than the nonproduction pilot, but

theofnumber should remain relatively small. The exact number will be based on the size of your List Case Studies organization List of Sidebarsand the complexity of your application environment. Ideally, the users selected should be representative of the users who will participate in the SBC environment, but they should also be friendly to the project. We have found that keeping the number of participants in the production pilot between five and ten users, and no more than 50 for large companies, seems to work best. Choose which categories of users will participate in the pilot, keeping in mind that you are looking for a representative mix of the ultimate SBC participants. A small pilot, therefore, might still include thinclient only, mobile, and hybrid users. We recommend including at least one Windows terminal as part

of the pilot, if possible, in order to get across the point that this is a new way of delivering applications. Of course, a Windows terminal can only be used when all required applications for a user or group are accessible over MetaFrame XP.m e Access Su it e fo r W in do w s Ser ver Cit rix Me t aFra 2 00 3 : Th e O ff icial Guid e

Location of users is also important. If users in remote offices will be part of the pilot program, the ISBN:0072195665 by Steve Kaplan et al. network's wide-area infrastructure needs to be very sound. As discussed in Chapter 4, remote office McGr aw -Hill © 2003 (724 pages) users should be trained ahead of time not to engage in excessive bandwidth utilization practices such This guide ex plains how to build a r obust, reliable, and as copying data from a local hard drive back to the data center server, or downloading MP3 files from scalable thin- client com puting envir onment and deploy the Internet connection via2000/ the MetaFrame XP Ser server farm. Alternatively, Windows Windows 2003 v er and MetaFr am e. Alsoyou should have a method to limit the bandwidth available users. We've already discussed TCP learn t o centrto alize application managem ent, r educe softrate w ar econtrol and custom queuing on the desktop, mor e. as two common methods. We'veand summarized these and other requirements as follows: < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Choose a small but representative mix of users. The users selected should access different Ta ble o f Con t en t s

groups of applications from different types of clients.

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d this opportunity to test key parts of your infrastructure with server-based computing. Choose Use I ntr oduction users in major regional offices, telecommuters, and VPN users. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Choose users who are to theCom thin-client concept. users are fine as long as the I ntr oducing Ser open ver -Based puting and th e On-Demanding Dem and demandsEnterpr are reasonable, but avoid high-maintenance users. ise

Chapter 1 Chapter 2

- Window s Ter minal Ser vices

At this -stage, choose users who are computer literate and can make the "paradigm shift" Citr ix MetaFr am e Access Suite necessary to participate fully. We are not saying they have to be programmers or system I I - De signi ng a n Ent e rpr i se SBC Solut ion administrators, just experienced users who have some command of their current desktop.

Chapter 3 Pa r t

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Customer Care During the Pilot - Ser ver - Based Computing Data Center Architect ure

Chapter 5 Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing We discussed customer care in detail earlier in this chapter. It is crucial to alert the help desk and to

Chapter 7 -mechanisms The Client Envir onment put special in place for expediting any problems users encounter. A sour experience Chapter 8 pilot - Security during the program, even among friendly users, could end up poisoning the entire SBC project. Chapter - Net w or if k users Managemen t fast and competent responses to issues that arise, they are more On the 9other hand, receive Pa r t I I Ito- start I m plean m ent ing strong, a n O n-Dfavorable e m a nd Se buzz r ve r - Ba se d Com pu ti ng Envi r onm eA ntgood likely early, about the new technology.

technique is to have a

Chapter - Pr oj in ectwhich Managing and desk Deploying an Entercategorize pr ise SBC Envir onment "triage"10 process the help can quickly a pilot call from a normal production call Chapter 11 it- appropriately. Ser ver Configur ation: Windows Ter m inal ices to the first tier of support, it should go and route After a call is identified andServ routed

directly12 to the pilot team. This is excellent method Chapter - Ser verimplementation Configur ation: Citr ix MetaFr aman e Presentation Ser verfor keeping the team in tune with the users making continuous, to the pilot environment. Chapter 13 and - Application I nstallation incremental and Configurimprovements at ion Chapter 14 - Client Configur ation and Deploym ent

Training Chapter 15 - Techniques Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access

It is important for the ultimate success of the project to formulate a training plan for all employees involved, including users, help desk technicians (all levels), and administrators. Some suggestions are Chapter 18 - Pr int in g provided here: Chapter 17 - Net wor k Configur at ion

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Users If Ongoing your organization, like many, is already using Windows desktop environment, moving to Administr ation of the Ser v er - Based Comaputing Chapter 21 will - not represent a large functional difference to users. Training a large number of users is SBC Envir onment very expensive. Pa r t I also V - Appendi x es

We recommend integrating a short orientation, perhaps 15 to 30 minutes, into

the A user The user should be oriented, the data migrated, the client installed, Appendix - Imigration nter netw orprocess. k ing Basics andBthe- client device configured all during sameAnalysis visit by aModel deployment technician. Appendix Creating an OnDem and Enterpr ise the Financial Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex Help desk The people fielding technical support and administrative requests must not only List ofunderstand Figur es the basics of server-based computing, but they must also be trained in how to do List ofwhatever Tables they do now in the new environment. Creating users, adding them to groups, and giving List ofthem Case access Studies to file storage and applications are different tasks in MetaFrame XP and must be the

of training. The deployment team is a good source of targeted information on these List ofsubject Sidebars operations, so build time into the schedule to allow them input into the training plan. System administrators These individuals usually represent the smallest group and need the most training. They will eventually receive calls from other groups and are responsible for solving problems in production. You should build money into the budget for the training programs offered by Citrix and Microsoft. Specifically, the Citrix Certified Administrator (CCA) and Microsoft Certified System Engineer (MCSE) should be considered for administrators.

Controlling the Pilot Program Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

A carefully implemented pilot program is likely to be successful, but this very success leads to quick 2 00 3 : Th e O ff icial Guid e requests for enhancements. It is important not to cave into pressure from users to introduce new ISBN:0072195665 by Steve Kaplan et al. variables, such as additional applications, as part of the pilot. Do not stray from your pilot plan until McGr aw -Hill © 2003 (724 pages) after the initial testing is complete. If adjustments such as adding applications must be made before a This guide ex plains how to build a r obust, reliable, and beta implementation, the initial proof-of-concept testing offline should be repeated and then the new scalable thin- client com puting envir onment and deploy server image introduced the users. Don't assume the pilot worked with ten Windowsto2000/ Windows 2003 Ser v erthat and since MetaFr amproduction e. Also t o centr alize managem ent, rmust educebe soft w ar e before being deployed. applications that itlearn is acceptable to application add an 11th. Everything tested on the desktop, and moris e. limited. If you are forced to spend a lot of time testing new Also realize that your deployment team applications or features at the last minute, it is likely to have an impact on the schedule. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Creating a Variance Process Define a variance process before the pilot that defines the handling of scope creep. You can publish this process as part of the user survey or other communication given to For ewor d the pilot users. Decide who needs to approve requests for additional applications or pilot participants, I ntr oduction and have a mechanism ready to handle this process. We've found such requests often come from Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g management members who outrank the deployment team. If you must implement a change, be ready I ntr oducing Ser ver -Based Com puting and th e On- Dem and to clearly Chapter 1 and - concisely communicate the impact it will have on the deployment schedule, resources, Enterpr ise and cost. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Chapter 2

- Window s Ter minal Ser vices

Chapter 3 Objections - Citr ix MetaFr e Access SuiteComputing Despite careful pilot participant selection, some Handling to am Server-Based Pa r t I I -may De signi a n Ent rpr iconcept. se SBC Solut ion users still ng object to ethe Be prepared

to do a quick sales job that shows them both the

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise personal Chapter 4 and - corporate benefits of migrating to an SBC environment. If you run into unreasonable or I mplem entbe ation unfounded objections, ready to pass them to the proper management members. The executive Chapter Serpilot ver - Based Computingchoice Data Center ure sponsor5 for- the is an excellent to helpArchitect handle objections. Another important tool is to have Chapter 6 at- hand Designing Your any Netwobjection. or k for Ser ver- Based Com put ing the facts regarding Chapter 7

- The Client Envir onment We've found that users sometimes couch objections in terms sympathetic to their case that do not Chapter 8 - Security

always 9reflect the facts. For example, a user may go to his manager and say, "The pilot team says I Chapter - Net w or k Managemen t can't printer desk pilot team published Pa r t I I Ihave - I m the ple m ent ingon a nmy O n-D e m aanymore." nd Se r ve r - In Ba reality, se d Comthe pu ti ng Envi r onm e nt

a list of compatible printers, and this user's printer wasn't on it. Be ready to tell this user and his manager how they can get Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment a compatible printer or what to do as a work-around. Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Assessing Performance

Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Document your expectations of the pilot program before you begin. Decide up-front upon the success metrics for the pilot. Take measurements of application performance in the current distributed Chapter 16 - Securing Client Access environment, and compare these to performance under server-based computing. For example, the Chapter 17 - Net wor k Configur at ion time it takes to launch Microsoft Word can be measured in both environments. (It should be faster Chapter 18 - Pr int in g under server-based computing.) Other examples include the time it takes to print a certain document Chapter 19 a - specific Disaster file. Recovery and Business Continuity in the SBC Envir onment or to open Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

In addition toOngoing the user-oriented metrics mentioned, include Administr ation of the Ser v er - Based Comsystem puting and cost metrics. An example of a onment system metricEnvir is the time it currently takes to support a regional file server when it fails as compared to Pa r t Itime V - Appendi esfix a file server in the data center. An example of a cost metric would be the cost of the it takesxto Appendix A - I nter netw or ksite ing Basics flying a technician to the where a problem is occurring as opposed to having a technician handle Appendix the problem B - at Creating the data an center. On- Dem and Enterpr ise Financial Analysis Model Chapter 21 -

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

After the pilot, create a report on whether success metrics were met. Document any problems encountered along with their solutions. Document any open issues or new questions raised by the List of Figur es pilot, along with the actions being taken to resolve them. I ndex

List of Tables

List of Case Studies List of Sidebars

rix Pilot Me t aFraProgram m e Access Suto it e a fo rBeta W in do w s Ser ver Expanding Cit the 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve Kaplan et al. still a pilot, should represent A beta deployment, while conceptually users and environments that will McGr aw -Hill © 2003 (724 pages) be part of the enterprise rollout. The beta will be invaluable as a mechanism for discovering and resolving major performance issueshow before going enterprise production. It should not be This guide ex plains to build a rto obust, reliable, and thinclient for comthe puting envir onment deploy implemented untilscalable after the design enterprise rolloutand is well underway and the funds for the Windows 2000/ Windows 2003 Ser v erperforming and MetaFrbeta am e.could Also end up killing the project; entire project have been justified. Even so, a poorly learn t o centr alize application managem ent, r educe soft w ar e therefore, it is essential the beta and be implemented with the same high level of diligence used in the pilot on the desktop, mor e. phases. You should also try to make the beta implementation as nondisruptive to the current < ?xm l version= " 1.0" encoding= " I SO- 88591" ?> production environment as possible by running as many services in parallel as allowable. For example, Taifble Con t en s a new network backplane and a new enterprise-class file server for the SBC youo fintend tot run Citr ix MetaFr am e Access forsystems Window sonline Ser v eras2003—The Guidesystems. Users can then move implementation, leave Suite the old you bring Official up the new For ewor d old to the new system incrementally. This also serves the purpose of "leaving yourself an from the I ntr oduction out." The smooth running of your business is more important than this project. If something doesn't go Pa r t I -be Ov able er vi e to w of r prto ise r ve r - Ba se d Com put in g right, goEnte back a Se known, reliable state.

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Customer Care During Beta - Window s Ter minal Ser vices

Chapter 2 Chapter 3

Citr ix MetaFr am e Access Suite As with the-pilot program, responsiveness to users' problems will greatly influence their opinions about the project. Enhance the help desk and call center staff for quicker turn-around.

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Chapter 4

-

Chapter 9

- Net w or k Managemen t

In the spirit ofI mplem havingent noation secrets from the user community, a published outage log should be created Chapter 5 via - Ser ver - Based Computing Data Center Architect ure for users an intranet web site or through an internal electronic forms application such as Microsoft Chapter 6 or - Designing YourEncourage Netw or k forusers Ser verCom put ing any system outages or problems. Exchange Lotus Notes. to Based let IT know about Chapter 7 - The Clientfor Envir onment Also provide a forum beta participants to offer feedback unrelated to problems. This can help Chapter increase 8 user - Security satisfaction. Now is the time to refine the support process and be ready for production. Help desk personnel, along with system administrators, should be trained and ready for the demand. If you intend to deploy system Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment management servers or a network management framework tool that integrates with your help desk Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices system, they should go through final implementation at this point. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Maintenance Window

Chapter 14 - Client Configur ation and Deploym ent Chapter - Pr ofiles, Policies, and Praocedu res As with15 a mainframe environment, maintenance window should be scheduled once a production server-based computing environment is in place. During this time, the deployment team and system Chapter 16 - Securing Client Access

administrators tasks Chapter 17 - Netwill worperform k Configur at ionthat require a significant portion of the infrastructure to be offline. Such activities include Chapter 18 - Pr int in g hardware and software upgrades, switching over network connections or carrier lines, or19troubleshooting and correcting problems before theySBC cause production outage. Chapter - Disaster Recovery and Business Continuity in the Enviraonment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

The maintenance window should be scheduled during the least disruptive time. If an organization is

Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 - in scope or works 24/7, it may be difficult to set aside a regular time slot, but it should be international Envir onment

done if possible. During the implementation process of both the beta and the enterprise deployment, the maintenance window will likely need to occur more frequently than after project completion. It is Appendix A - I nter netw or k ing Basics important to user acceptance to avoid unscheduled downtime whenever possible. Since SBC users Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model are completely dependent on the network for their processing, unscheduled downtime will create Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model unhappiness and loss of productivity. Pa r t I V - Appendi x es

I ndex

List of Figur es Unscheduled

Nonemergency Maintenance

List of Tables

Some organizations might not be able to, or may not wish to, have a regularly scheduled maintenance List of Case Studies window. In these situations, carefully created procedures should still be utilized to ensure minimal List of Sidebars disruption to the organization. For instance, the policy may be to give users at least three days notice before nonemergency maintenance will be performed. Scripting can be created to send out initial emails to the affected parties explaining the nature of the maintenance, the likely effects, and the projected duration. A reminder e-mail might be sent again a few hours before the maintenance begins.

Emergency Maintenance

Sometimes, with or without regular maintenance windows, emergency maintenance procedures will need to take place. Again, policies should be developed ahead of time to let affected users know about the maintenance with as much time asSupossible minimize work disruption. Keep in Cit rix Me t aFra m e Access it e fo r Wininorder do w stoSer ver mind that the maintenance potentially 2 00 3 : Th e can O ff icial Guid e affect the work of hundreds or thousands of SBC users. by Steve Kaplan et al.

ISBN:0072195665

The rigorous testing done in the pilot and beta phases is intended to keep unscheduled downtime to McGr aw -Hill © 2003 (724 pages) an absolute minimum. In cases where it does happen, make sure the help desk has emergency This guide ex plains how to build a r obust, reliable, and response procedures in place. One option is to include a recorded message explaining the situation, scalable thin- client com puting envir onment and deploy the expected resolution, theWindows projected service time. The idea is to avoid burdening the Windowsand 2000/ 2003 Ser vrestoration er and MetaFr am e. Also learn t o with centra alize application ent, w ar e problem when they should help desk or technicians lot of user callsmanagem reporting ther educe same,soft known theefforts desktop, and mor e.service. be concentrating on their on restoring < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Infrastructure Assessment

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

The beta For ewor d should utilize the same hardware slated to be part of the enterprise rollout. The network infrastructure now plays a crucial role. A network problem that goes unnoticed or is tolerated under a I ntr oduction PC-based likely to beput amplified Pa r t I - Ov ercomputing vi e w of Enteenvironment r pr ise Se r ve ris - Ba se d Com in g

many times under a server-based computing environment. Forver example, oneputing organization I ntr oducing Ser -Based Com and th e we On-worked Dem andwith had Novell servers with Chapter 1 malfunctioning Enterpr routing. ise Users did not notice it when running in fat-client mode. When they became completely upon MetaFrame Chapter 2 -dependent Window s Ter minal Ser vices servers, the routing problems quickly became intolerable. Chapter 3

- Citr ix MetaFr am e Access Suite

One intended outcome of the infrastructure assessment is to identify any network or infrastructure issues and resolve them before a beta rollout. Some problems, though, are likely to be missed. IT Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter should 4be prepared to resolve them quickly as they show up. Users should understand that a beta is I mplem ent ation still an expanded pilot and that bugs will have to be worked out. Chapter 5 - Ser ver - Based Computing Data Center Architect ure Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Adequate Bandwidth - The Client Envir onment

Chapter 7

Chapter Security will be adequate to remote offices where users will be part of the beta. User Ensure8that- bandwidth Chapter - Net k Managemen t counts 9should bew or verified. Bandwidth management tools that actually shape WAN traffic such as Pa r t I I I - I m PacketShapers ple m ent ing a n Oshould n-D e m abe nd utilized, Se r ve r - Ba se d Com pu ti ng Envi onm e nt Packeteer if possible. Take into rconsideration

any additional traffic

Chapter 10during - Pr ojthe ect transition Managing period, and Deploying an Enter pr ise SBC accordingly. Envir onment required and order the bandwidth Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Local12Legacy Access Chapter - Ser verSystem Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

In an enterprise server-based computing rollout, we recommend putting databases adjacent to the MetaFrame XP server farm. During the beta, though, this may not always be possible. Remote users Chapter 15 - Pr ofiles, Policies, and Pr ocedu res may require access to local servers or host systems, but their sessions are now running on the Chapter 16 - Securing Client Access MetaFrame XP server farm at headquarters. As Figure 10-5 shows, this means that users are Chapter 17 - Net wor k Configur at ion accessing local servers across the WAN. Depending upon the databases and WAN bandwidth, they Chapter 18 - Pr int in g may experience much slower performance than they are used to. The beta participants should have Chapter 19 - Disaster and along Business in the SBC their expectations setRecovery accordingly, withContinuity the knowledge that Envir it is aonment temporary problem that will be Chapter 20 Migr ation to Window s 2003 and Citr ix MetaFrame XP eliminated once the enterprise rollout takes place. Chapter 14 - Client Configur ation and Deploym ent

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Figure 10-5: Accessing legacy servers across the WAN The other reason that legacy systems need focused attention is that they tend to be expensive or special purpose and cannot easily be run in parallel as the server-based computing project plan may

dictate. These systems usually need to be "cut over" rather abruptly as they move from the old to the new environment. A separate, detailed project plan to accomplish this is required, as is a separate project team to address thet aFra special needs ofSuthese Cit rix Me m e Access it e fosystems. r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Local File Sharing by Steve

Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

During the beta, remote users may still be allowed to share files locally. During the enterprise rollout, This guide ex plains how to build a r obust, reliable, and this practice should be eliminated wherever possible. The beta is the perfect time to start making the scalable thin- client com puting envir onment and deploy transition. Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e and mor e.

on the desktop, CD-ROM Sharing

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> If users at a site need to share CD-ROMs, this can be done using a small CD-ROM server or even a Ta ble o f Con t en t s

PC with sharing enabled. We recommend against this if it can be avoided because it is difficult to support centrally. If CD-ROMs must be shared, place a CD-ROM server at the data center nearest the For ewor d user, and use groups and scripting to give the user access to the volumes as part of the login process. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Application Considerations During I ntr oducing Ser ver -Based Com puting and thBeta e On- Dem and

Chapter 1

-

Enterpr ise Make sure all ofsthe to be run via server-based computing are part of the beta. Some Chapter 2 -that Window Terapplications minal Ser vices

selection criteria include - Citr ix MetaFr am e Access Suite

Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

The total number of people who need to run the application

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

I mplem ent ation How often the users require access to the application

Chapter 5

- Ser ver - Based Computing Data Center Architect ure How users would haveortok remain on Based PCs instead Chapter 6 many - Designing Your Netw for Ser verCom putof ingWindows terminals if you do not migrate

the7 application Chapter - The Client Envir onment Chapter 8

- Security

Some applications may have exhibited troublesome signs during the pilot, but it might take a beta to - Net w or k Managemen t see how they really perform under a production environment. In this case, the problematic applications Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt should be layered into the beta one at a time in order to minimize disruption to other applications and Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment to users' perceptions of the SBC environment's reliability. Chapter 9

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 same - Ser ver ation: Citr ixnew MetaFr am e Presentation Ser ver Apply the rigorConfigur for testing these applications before deploying them as part of the beta as

you would in yourand enterprise environment. The beta is your last chance to Chapter 13 if - deploying Applicationthem I nstallation Configurproduction at ion work the out of the testing deployment Chapter 14kinks - Client Configur ation and and Deploym ent process before going live. Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

User Selection During Beta

Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

The beta Chapter 18 should - Pr intbe in ga microcosm of the ultimate enterprise SBC environment. As with the pilot phases, users should be friendly to the and concept of server-based Users can be layered into the beta Chapter 19 - Disaster Recovery Business Continuity in computing. the SBC Envir onment until all20 categories andtogroups ofsusers Chapter - Migr ation Window 2003 are and represented. Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21sure - to get an accurate count for the number of users in remote offices. If the number is too Also, be Envir onment

low, the bandwidth ordered will not be sufficient. As with the production pilot, users should also be aware that they will be participating in a beta and are likely to have some performance and reliability Appendix A - I nter netw or k ing Basics issues come up. Pa r t I V - Appendi x es

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

Properly documenting and testing key procedures during the beta process is one of the

fundamental elements to a successful large-scale SBC deployment. The documents Westaff List of Figur es developed were an indispensable tool, which allowed us to efficiently create over 1100 user List of Tables accounts for over 260 locations. It also enabled us to maintain consistency among all accounts List of Case Studies and helped us complete our rollout one month ahead of schedule. List of Sidebars —Rob Hutter, Systems Engineering Manager, Westaff

Testing During Beta

The test lists prepared for the pilot program should be updated for the beta and utilized again. In addition, appropriate infrastructure tests for bandwidth and redundancy should be performed, and their results evaluated.Cit The period the time a in healthy intolerance for error. If a system is not rix beta Me t aFra m eisAccess Suto it ehone fo r W do w s Ser ver performing as expected, it eshould beGuid fixedeimmediately. After all, garbage doesn't smell better with 2 00 3 : Th O ff icial age. ISBN:0072195665 by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages) This Agreements guide ex plains how to build a r obust, reliable, and Service Level

scalable thin- client com puting envir onment and deploy

Windows 2000/ Windows 2003 Serof v era and MetaFr am agreement e. Also Earlier in this chapter, we introduced the concept service level (SLA) and how to use learn t o centr alize application managem ent, r educe soft w ar e SLAs for the enterprise SBC environment. You can also apply SLAs effectively to the deployment on the desktop, and mor e. process. They can be used to provide the pilot and beta users with the proper expectations for system < ?xm l version= " 1.0" encoding= " I SO88591" ?> stability, performance, and help desk response times, for example. It is important both to set service Talevel ble oagreements f Con t en t s and to manage them. For instance, a beta user may have a problem with her newly Citr ix MetaFr amclient. e Access Suite for Window s Ser er 2003—The Official Guide installed ICA This affects her ability tovparticipate in the beta, but it does not affect her ability to For d The associated SLA for help desk response should reflect this by allowing enough time for doewor work. I ntr oduction over-burdened technicians to respond to more critical problems first. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Incorporating Enterpr iseWhat You Learned from the Pilot Program

Chapter 1 Chapter 2

- Window s Ter minal Ser vices

Now is the time to review the information collected during the pilot. Help desk call logs, user requests - Citr ix MetaFr am e Access Suite and comments, performance metrics, application changes performed, and system administration logs Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion all provide a wealth of information and a platform for improvement during the beta phase. Chapter 3

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Beta Assessment - Ser ver - Based Computing Data Center Architect ure

Chapter 5 Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

IT must honestly assess whether the beta environment meets the production scope requirements. If - The Client Envir onment not, adjustments must be made either to the technology or to the scope. Sometimes, the beta will have Chapter 8 - Security outcomes exceeding expectations that might also lead to scope reevaluations. For example, an Chapter 9 - Net w or k Managemen t organization originally intending to deploy only a couple of applications may determine that users are Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt eager to run all of their applications in the new way. If this is the case, the beta should reflect any Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment changes before the enterprise rollout occurs. Chapter 7

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Enterprise Cit Rollout 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 Steve et al. before the start of the enterprise All contingenciesby must be Kaplan completed rollout. Data centers and aw -Hill 2003 (724 pages) network upgradesMcGr should be ©complete. Equipment staging should be ready. Rollout teams should be ready to be deployed. This guide ex plains how to build a r obust, reliable, and

scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

User Training During Rollout

Ensure high attendance for training sessions through management e-mails and user incentives. Be

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> creative. Include project marketing along with the training sessions in order to reinforce initial project Ta ble o f Con t en t s

acceptance. Use rainbow packets, desk-side orientation, and videos. If your help desk charges users per incident, establish a grace period for free support during the conversion. As discussed previously, For ewor d the amount of training necessary is likely to be limited to a short orientation to the new environment. Of I ntr oduction much greater importance is effective marketing to get the users to embrace the change as something Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g positive. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Expanding Service - Window s Ter minalLevel Ser vices Agreements

Chapter 2 Chapter 3

- Citr ix MetaFr am e Access Suite

Beta SLAs should be expanded to fit the conditions appropriate to a production rollout. For example, you may want to intentionally set the help desk response to a short period—say, one hour—for newly Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 users, converted to make sure any initial problems are solved quickly. I mplem ent ation Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

- Designing Your Netw or k for Ser ver- Based Com put ing Creating a Deployment Guide

Chapter 6 Chapter 7

- The Client Envir onment For a large Chapter 8 - enterprise Security conversion to server-based computing, creating a deployment guide can be very

helpful 9in making the process go tsmoothly. This is particularly important if you have a large number of Chapter - Net w or k Managemen remote offices requiring multiple implementation teams. Though the audience for such a guide is technically proficient, it is important to have a guide for reasons of consistency. If deployment Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment technicians are allowed to carry out the migration their own way, it will be that much more difficult to Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices troubleshoot problems as they arise. The deployment guide should include the following sections: Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Chapter 13 communication - Application I nstallation andthe Configur at ion technician with answers to common questions User FAQ Arm deployment Chapter 14 Client Configur ation and Deploym ent encountered during the pilot and beta stages. This type of FAQ will help tremendously with conflict Chapter 15 - Pr and ofiles, Policies, and Pr ocedu res resolution will help maintain a professional image for the technician. Chapter 16 - Securing Client Access

Contact information Listatthe Chapter 17 - Net wor k Configur ion appropriate contacts and phone extensions for IT staff to support specific issues, including desktop migration, printer setups, wide area network problems, and Windows terminals. The escalation paths for different types of problems should be clear.

Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Chapter 20 migration - Migr ationprocedure to Window sSpell 2003out andthe Citr ix MetaFrame XP migrating data. Figure 10-6 shows a Data specific steps for Ongoing Administr ation of the Ser v er Based Com puting copy Chapter 21 of- the data migration procedure that ABM Industries used for their remote offices. Envir onment Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Figure 10-6: ABM's data migration procedure guidelines Client installations The deployment guide should include detailed instructions for installing each type of ICA client you intend to deploy. Each installation method should include a checklist and

any relevant screenshots to make the procedure clear. Tip Using Web Interface for MetaFrame to deploy applications or a published desktop will Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver automatically deploy the ICA client and keep it current with the latest release. 2 00 3 : Th e O ff icial Guid e ISBN:0072195665 by Steve Kaplan et al.Include a table showing all Desktop device configuration categories of users and their McGr aw -Hill © 2003 (724 pages) associated devices, such as hybrid PCs, laptops, and Windows terminals. Include a list of the This guide ex to build r obust, reliable, and appropriate equipment forplains eachhow category of auser, such as a monitor or network card. Include IP scalable thin- client com puting envir onment and deploy and DNS setup as well as things like how to set up LPD printing on Windows terminals.

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e Shadowing on users Support personnel the desktop, and mor e. can use shadowing to take control of users' PCs or

Windows terminals for troubleshooting purposes. Show how to set up shadowing, including screen < ?xm l version= " I SO- 8859- 1" ?> prints for" 1.0" eachencoding= step. Ta ble o f Con t en t s Citr ix VPN MetaFr oramInternet e Accessdial-up Suite for connectivity Window s SerIfv er remote 2003—The usersOfficial are connecting Guide to the data center through a

WAN For ewor d or VPN, explain how to set up the VPN client software on a PC, configure the Windows terminal's SecureICA functions, or whatever is appropriate to your environment. I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Printing Recap which printers are supported and which ones will work with bandwidth

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 management devices, if appropriate. If printers are not supported, include instructions about the Enterpr ise

proper tominal take Ser when such a printer is encountered during deployment. Chapter 2 -procedures Window s Ter vices Chapter 3

- Citr ix MetaFr am e Access Suite IP address scheme A workable IP addressing scheme needs to be implemented if it hasn't been already. If DHCP is to be used, explain how to configure the client to take advantage of it.

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Chapter 4

-

Chapter 7

- The Client Envir onment

mplem ent ation General Imigration issues Include answers to problems that the implementation team may Chapter 5 - Sersuch ver - Based Computing Architect encounter, as what to do if aData userCenter scheduled for ure migration is absent or if a user's PC is not Chapter 6 - Designing Netw or k for Ser ver- Based Com put ing operating properly Your under MetaFrame. Chapter 8

- Security Creating Migration Databases

Chapter 9

- Net w or k Managemen t

Pa I I I - migration I m ple m ent ing a n Oan-D e m anumber nd Se r veof r - Ba se d Com puall ti ng Envi r onm e nt Ar thuge involves large employees, requiring current

information. Developing

Chapter 10 -toPr oj ect Managing and Deploying will an Enter pr ise SBC Envir onment databases sort and track this information significantly enhance the process. Making this Chapter 11 available - Ser ver in Configur Windows Ter msuch inal Serv ices publishing, will help assure its adoption database some ation: ubiquitous fashion, as web

and currency. The are some foramdifferent aspects ofver the deployment process that you Chapter 12 - Ser ver following Configur ation: Citr ixideas MetaFr e Presentation Ser should 13 consider trackingI nstallation in this way.and Configur at ion Chapter - Application Chapter 14 - Client Configur ation and Deploym ent

Locations Chapter 15 - PrDatabase ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access

List every location and pertinent information, including current status, data connectivity status, number of users, type of users, and the implementation team assigned. The implementation, WAN, and Chapter 18 - Pr int in g procurement teams should update this database as part of their normal process. For example, after a Chapter - Disaster Recovery andteam Business Continuity in the SBC Envir onmentdatabase from the user's user is 19 installed, the deployment member can connect to the locations Chapter 20 Migr ation to Window s 2003 and Citr ix MetaFrame XP new client and enter the information that the user has been installed and any asset information on the Ongoing Administr ation of the Ser v er - Based Com puting equipment Chapter 21 -assigned to that user. Chapter 17 - Net wor k Configur at ion

Envir onment

Pa r t I V - Appendi x es

Change-Management Database

Appendix A - I nter netw or k ing Basics Appendix Track everything B - Creating that an changes On- Dem atand theEnterpr data center, ise Financial including Analysis new applications, Model printer drivers, and all

unscheduled downtime. ThisDem enables muchise better troubleshooting of modifications causing problems. Appendix C - Creating an Onand Enterpr Subscr iption Billing Model Significant changes in the field, such as large bandwidth increases, premise router changes, and the I ndex like, List of can Figuralso es be entered here for all to see. List of Tables

Survey Databases

List of Case Studies List of Sidebars

User surveys taken at the various deployment stages can be entered and the results tracked here.

Migrating Headquarters Converting users at headquarters to a server-based computing environment is much easier than migrating remote offices. The planning design document should cover most of the contingencies you are likely to run up against when migrating headquarters. The close proximity of these users to IT and

the lack of bandwidth variables make it relatively easy to identify and remedy problems. For these reasons, it is generally advisable to migrate headquarters before migrating users at remote offices, even though the latter havemthe greaterSu need. always, Cit rixmay Me t aFra e Access it e foAs r W in do w snew Serusers ver should be added to the SBC environment in layers order minimize 2 00 3 in : Th e O fftoicial Guid e disruptions caused by unexpected problems. by Steve Kaplan et al.

User TrainingMcGr forawHeadquarters Migration -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and

If IT is unable to bring users to headquarters for training before migration, they will have to rely on scalable thin- client com puting envir onment and deploy videos and other Windows media such asWindows documentation for much of the am server-based computing orientation. A 2000/ 2003 Ser v er and MetaFr e. Also quick training procedure beapplication developedmanagem for the implementation learn t o should centr alize ent, r educe softteam w ar e to use when they are at the on the desktop, and mor e. site doing the conversion. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Operating System Upgrades TaClient ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Although the MetaFrame XP client will operate with nearly any client, from DOS to Windows XP to LINUX, some organizations prefer to standardize on one operating system platform to make I ntr oduction administration easier. In this case, the operating system can be migrated as part of the implementation Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g process. Since the result will be users accessing their applications from the corporate data center, I ntr oducing Ser ver -Based Com puting and th e On- Dem and individual Chapter 1 PC - issues are a minor concern in terms of project success. For ewor d

Enterpr ise

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

User Data Migration

Pa t I possible I - De signi a n scripts Ent e rprto i semigrate SBC Solut ion off Itris tong write data

users' local PCs and transfer it to a centralized file

Pr epar Your Or ganization for batch an On-files Demor and Enterpr server. 4This- can being accomplished through with WSHise (Windows Scripting Host). Chapter I mplem ent ation Chapter 5 - Application Ser ver - Based Computing Data Center Architect ure Desktop Migration Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing In the pilot weEnvir recommended leaving local applications in place and moving, or removing, Chapter 7 -program, The Client onment

icons. In Chapter 8 a production - Security environment, we recommend eliminating SBC applications from local PCs altogether order ensure thatt users operate only in the intended server-based computing Chapter 9 in - Net w orto k Managemen

environment. There are many methods for uninstalling applications. Microsoft SMS has this capability, or you can "roll your own," using scripting tools such as WSH and ADSI, as mentioned in Chapter 15. Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Planning for Remote Office Migration

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

The project design document will almost certainly focus on the corporate data center and users at headquarters. Although remote offices and their users can be categorized in broad terms, the project Chapter 15 - Pr ofiles, Policies, and Pr ocedu res plan is not likely to encompass specific implementation details if a large number of remote facilities are Chapter 16 - Securing Client Access part of the project. In these cases, we recommend creating a separate implementation plan for the Chapter 17 - Net wor k Configur at ion actual server-based computing rollout. Chapter 14 - Client Configur ation and Deploym ent

Chapter 18 - Pr int in g

Chapter 19 Remote - Disaster Recovery and Business Continuity in the SBC Envir onment Assess Office Infrastructure Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Completing aOngoing detailedAdministr assessment office Com networks ation of of the the remote Ser v er - Based putingand environments enables much Envir onment better planning and, consequently, a much smoother implementation. A good tool for this is a site Pa r t I V - Appendi es survey. You canxassess the infrastructure, the number of users, equipment, and any other special Appendix - Isurvey. nter netw orwe k ingwill Basics needs inAthe As discuss later in the chapter, you will have several teams available for doing field During the inevitable the team Appendix B deployments. - Creating an OnDem and Enterpr ise periods Financialwhen Analysis Model members are not in the field due to scheduling, have them perform theEnterpr surveys. Appendix C - Creating an OnDem and ise Subscr iption Billing Model Chapter 21 -

I ndex

Note You may already have a tool in place, such as Microsoft SMS, that is capable of doing hardware inventory across the WAN. This is useful but is not a substitute for a site survey. List of Tables Use the polling results from SMS during the survey as part of the discussion with the people List of Case Studies onsite, but don't treat it as gospel. Not all hardware you are interested in will respond to a List of Sidebars poll, and you need to be as accurate as possible. List of Figur es

Determining Time Constraints Since implementing SBC is usually very economically advantageous, time is often the biggest project constraint. Establish guidelines to ensure that project timelines are met. Communicate these time limits to users before the implementation in order to help gain their support in making the migration successful. Make the time limits part of the SLA for the implementation team, and manage them. This

means accurate collection of the data and publishing the results to the team. Then discuss what can be done to improve problem times. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

Implementation 2Team Follow-Up Create a way for the implementation teams to check on the status 00 3 : Th e O ff icial Guid e of each time-critical item remotely. One method to accomplishISBN:0072195665 this follow-up is to create an intranet by Steve Kaplan et al. site that can be accessed once the user is online. McGr aw -Hill © 2003 (724 pages)

This guideTime ex plains how a r obust, reliable, and that an implementation team System Implementation Limit Settoabuild maximum amount of time scalable thin- client com puting envir onment and deploy member can spend on any single system to ensure that an office can be migrated in a reasonable Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also amount of time. For instance, you may determine that converting user learn t o centr alize application managem ent, r educeasoft w artoe server-based computing should take no more than an hour. a conversion runs over an hour, the user is given a Windows on the desktop, andIf mor e. terminal, and her existing data is not migrated to the data center. Though this is obviously not ideal, it < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> will keep the project on track and only inconvenience the user in question. Ta ble o f Con t en t s

Citr MetaFr am e Access Ser vto er the 2003—The Official PCix Preparation Time Suite Limitfor SetWindow a limit,s tied conversion timeGuide limit, on how much time to spend For ewor d a PC for migration. For instance, if the conversion time limit for a PC is an hour, you may preparing I ntr oduction wish to set a 30-minute time limit on preparing the PC. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Communication Lines IfSer a ver new or upgraded WAN confirm that the line was I ntr oducing -Based Com puting andwas th e put On-into Demplace, and ise installed, andEnterpr test connectivity before the implementation team's arrival at a remote office. Do not, under any rely on telecommunication provider's word that the line is in and working. Chapter 2 circumstances, - Window s Ter minal Serthe vices Test it yourself. Chapter 3 - Citr ix MetaFr am e Access Suite Chapter 1

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

User Accounts Set up user accounts in NT a minimum of one day before the installation. The help

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter desk, in4 cooperation with the field deployment teams, should do the setup. I mplem ent ation Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Netw or k for Ser ver- Based Com put ing Remote- Designing Office Your Data Migration

Chapter 6 Chapter 7

- The Client Envir onment In a typical Chapter 8 -conversion Security from PC-based to server-based computing, data will be migrated from PCs and

remote9office servers back to thet corporate data center. Remember that the migration process can Chapter - Net w or k Managemen

take longer than planned due to unexpected problems such as delays in the WAN implementations, conflicts in employee work schedules, and delayed shipments of hardware. Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

User Training for Remote Office Migration

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Users should first be exposed to preliminary marketing materials and videos so that they know what to Chapter 14 Client Configur ation and Deploym ent expect. The implementation team's responsibilities should include a brief user training session. Users Chapter Pr ofiles, Policies,that and they Pr ocedu resreceived training prior to the implementation team's should 15 sign- forms indicating have Chapter departure. 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

In some organizations, the ability of SBC to deliver computing capabilities inexpensively means that it will sometimes be a user's first experience with networking services, or even with using a computer. In Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment these cases, extra thought needs to go into the training of using the PC, applications, and network in Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP order to save the help desk from a deluge of calls. Chapter 18 - Pr int in g

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Desktop Data Migration

Pa r t I V - Appendi x es

Appendix A many - I ntertechniques netw or k ing for Basics There are migrating data from PCs back to the data center, depending upon the Appendix B Creating an OnDem and Enterpr ise Analysis Model infrastructure and service level agreements. It isFinancial important to come up with a universal method where Appendix an network On- Dem and Enterpr ise the Subscr iption Billing Model possible.CIn- aCreating local area environment, bandwidth should be sufficient to copy the data I ndex directly to the servers. If a wide area network has sufficient bandwidth to copy files to the data center, List Figur es thisofmethodology will be the easiest to use. Your first impulse might be to copy the user data over the List of Tables network to the data center. In a large, distributed organization with many offices, this could quickly

cripple theStudies network. Sometimes simple methods are the best ones. After trying many sophisticated List of Case methods, we've found the following works well: List of Sidebars 1. Tell the users that they will have access to their current working files immediately, and the rest of the data on their hard disks in 48 hours, as part of the deployment SLA. 2. Make sure the users' accounts and login environment are ready. 3. From the users' desktops, copy their working files across the network to the data center. The data allowance for this copy should be small—perhaps 5MB to 10MB maximum. Most users will

have far less data than this. 4. Using a prepared boot disk and a parallel-attached backup device, reboot the PC and copy the Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver contents to2 00 the3 removable media. : Th e O ff icial Guid e ISBN:0072195665 by Steve al. Note There areKaplan manyetoptions when deciding what to copy to the media in such an McGr aw -Hill © 2003 (724 pages) operation. If users have been using Windows for a while, most of their data is This guideinexthe plains to build folder. a r obust, reliable, and probably My how Documents Rather than guess, it is better to copy all data scalable thin- client com puting envir onment and deploy except the Windows directory. Program files, of course, should not be copied.

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e 5. Send the removable media viamor overnight shipping to the data center. on the desktop, and e.

< ?xm l6.version= Provide " 1.0" a brief encoding= orientation. " I SO- 8859When1"users ?> log in, they should immediately have access to their Ta ble o f working Con t en t files s and new applications. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

7. dWithin 48 hours, load the removable media at the data center and copy the files into the users' For ewor directories.

I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Note If minimal filtering was carried out when copying the data from the client, filtering should be

I ntrwhen oducing Ser ver -Based Comat puting and center. th e On- Dem and a simple script that copies files restoring the media the data Consider Chapter 1 done Enterpr ise

by extension (*.xls, *.doc, *.wri, and so on) to the users' new home directories. It will catch - Window s Ter minal Ser vices most of the data they need. If anything is missed, you still have the removable media to refer Chapter 3 - Citr ix MetaFr am e Access Suite to. Store this media long enough to be sure users won't be likely to need another restore. Chapter 2

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Or ganization On- Dem and Enterpr ise At ABM4 Industries, our Your engineers workedfor in an conjunction with personnel to form six migration teams. Chapter ation up data from PCs, and tape drives to back up data from servers. We sent We used JazI mplem drives ent to back Chapter 5 and - Ser ver - Based Center Architect delivery, ure the drives tapes back Computing to the data Data center by overnight where they were restored to ABM's Chapter 6 Appliance - Designing Your k for SerinverBased put ing Network Filer. WeNetw hadoran SLA place thatCom guaranteed users access to their information Chapter 7 hours - TheofClient Envir onment within 48 conversion to the new environment. Chapter 8

- Security Migration Server Data can be moved to the data center before the rollout via backup tapes. Chapter 9 of - Net w or k Data Managemen t

Anything that that ber - Ba moved over Anyemodern Pa rt I I I - I m plechanges m ent ing aafter n O n-D e mdate a nd can Se r ve se d Com puthe ti ngWAN. Envi r onm nt

backup program can do backups based on the "archive bit" of the file that is set each time a file is written to tape. A full Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment backup of the server can be done and sent to the data center before the deployment team arrives. Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices After all the users at that site have been converted, a differential backup (only changed files) is run and Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver sent via overnight delivery to the data center. Those files are then restored as soon as possible. This Chapter 13 - Application I nstallation and Configur at ion scheme works because any file the user is currently working on is copied to the data center over the Chapter 14 - Client Configur ation and Deploym ent WAN for immediate access as part of that user's migration process. Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 Applications - Securing Client Access Rogue Chapter 17 - Net wor k Configur at ion

Even the often does not prepare implementation teams for what they face in the field. Chapter 18 best - Prplanning int in g When unexpected applications areBusiness discovered, the project Chapter 19 - Disaster Recovery and Continuity in themanager SBC Envirshould onmentbe immediately notified, particularly the ation userstoare scheduled be Citr converted to run XP in thin-client mode only. A decision can Chapter 20 -if Migr Window s 2003toand ix MetaFrame then be made about whether allow applications locally, or to halt the rollout and do Ongoing Administrto ation of access the Ser vto erthe - Based Com puting Chapter 21 the preparatory testing required to host the applications over SBC. One technique is to migrate what Envir onment you at that office Pa r t I can V - Appendi x es

but leave one or two PCs and the local file server just for running the problem

application. period" in which the equipment will be removed and the application will Appendix A - Establish I nter netwaor"sunset k ing Basics no longer availableanorOnsupported. Appendix B be - Creating Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Remote Office Migration Teams

I ndex

List of Figur es

A project with many remote offices will likely require several teams to ensure a successful migration List of Tables within a reasonable List of Case Studies time period. These might include one or more implementation teams, a WAN team, and a procurement team.

List of Sidebars

Implementation Teams Enough implementation teams should be chosen to meet the timelines for data migration. An implementation team completes the appropriate remote site surveys and submits them (online preferably) to the WAN team. The WAN team can then make sure that adequate communication lines are ordered and installed before the field team's arrival.

Choosing Team Members Desirable qualities for team members include both technical skills and training capabilities. Personality and training skills generally outweigh technical skills. Making the implementation process very simple can compensate for ofver technical skills in implementers. Cit rix Me t aFra m e Access Su it e fo r W inthe do wlack s Ser On the other hand, superior technical skills 2 00 3 : Th e O ff icial Guid e do not compensate for the lack of interpersonal skills. When implementers do a Kaplan good job the server-basedISBN:0072195665 computing system, the users are more by Steve et explaining al. understanding when inevitable problems occur. The individual team member should be armed with McGr aw -Hill © 2003 (724 pages) skills for conflict resolution and must be familiar with the support and This guide ex plains how to build a r obust, reliable, and escalation process. Team members must also be people that com the puting users will trust and and wantdeploy to work with. scalable thin- client envir onment Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learnMix t o centr alizea application r educe w armigration, e Consultant/IT Staff If using consulting managem companyent, to help withsoft your we recommend on theand desktop, andconsultants mor e. using a mix of internal external on each team. This provides expertise and objectivity combined with internal IT and organizational < ?xm l version= " 1.0" encoding= " I SO8859- 1" ?> knowledge. It also provides a good, informal method of transferring knowledge from external experts to internal staff. Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Facilitating Effective Teamwork It is important that the implementation teams work together and share their experiences in order to avoid making the same mistake twice. Facilitate this practice by I ntr oduction giving each team member a cell phone and two-way radio, by giving each member access to the Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g corporate e-mail system, and by having members of the project management team join each I ntrteam oducing verof-Based Com puting and thweekly e On- Dem and implementation forSer part their trips. Scheduling teleconferences for all members can be Chapter 1 Enterpr ise particularly useful in helping to avoid making repetitive mistakes and for sharing ways to improve the Chapter 2 - Window s Ter minal Ser vices implementation process among all teams and members. These conferences can also be a forum for Chapter 3 - Citr ix MetaFr am e Access Suite sharing good news and quickly improving methods when problems occur. For ewor d

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise The Road Chapter 4 -Kit The material that each deployment team member will carry makes up the road kit. It I mplem ent ation should be well stocked, and the procedures for replenishing it should be simple and understood by Chapter 5 - Ser before ver - Based Computing Data Center Architect ure team members they visit the first site. Using our example methods described in the chapter, a Chapter - Designing k for Ser drive, ver- Based Comovernight put ing road kit6might contain aYour bootNetw disk,orCD-RW laptop, courier materials, Ethernet cables, Chapter 7 -cables, The Client onment cross-over and Envir an extra floppy drive. Chapter 8 - Security

WAN 9Team Chapter - Net w or k Managemen t Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

The WAN team orders data connections and bandwidth upgrades. They confirm the installation of these lines. They order and ship any required routers or bandwidth management devices to remote Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices sites before the implementation, or make sure the telecommunication provider does so. Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Procurement Team

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr Policies, and Pr ocedu Responsible forofiles, the overall logistics of theres project, the procurement team orders and ships the equipment. should check to ensure receipt of the equipment at least one week before Chapter 16 - They Securing Client Access

installation. procurement Chapter 17 - The Net wor k Configur atteam ion also updates the remote office surveys to reflect the new equipment properly tracks the asset on the company's books after it has been installed. They Chapter 18 -and Pr int in g should 19 also- process returns and Continuity have the ability quickly respond to mistakes and make Chapter Disaster equipment Recovery and Business in the to SBC Envir onment sure the and the site have theixequipment Chapter 20deployment - Migr ationteam to Window s 2003 and Citr MetaFrame they XP need. Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir onment Deployment Challenges

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Every server-based computing implementation will face unique challenges depending upon the Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model existing environment, project scope, and technology utilized. Some issues will be impossible to

anticipate. arean fairly and include travel, printing, Appendix C Others - Creating On-common Dem and Enterpr ise Subscr iption Billinglocal Modelfile sharing, CD-ROM sharing, and access to legacy systems from remote locations. I ndex List of Figur es

Tip Do not make assumptions. When replacing a user's PC with a Windows terminal for one of our clients, the implementation team encountered a particularly irate user. The implementation List of Case Studies team member could not get the new terminal to communicate with the existing monitor despite List of Sidebars hours of troubleshooting. After a second day of lost productivity, the team leader finally discovered that the monitor had never worked. The user neglected to tell the installer because he wanted to see if the new Windows terminal could fix it. List of Tables

Travel Extensive remote office implementations require dealing with issues such as travel arrangements and scheduling. Covering large geographical regions may necessitate a great deal of travel, which may in

turn limit the number of willing participants on implementation teams. In addition, last-minute scheduling changes can quickly eat up the travel budget. Careful planning and control are essential in managing this project Cit rixcost. Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Bad Tapes orbyBackups Steve Kaplan et

ISBN:0072195665

al. McGr aw -Hill © 2003 (724 pages)

It is best not to rely on existing backup tapes. The safest procedure is not to wipe out any hard drives or This guide ex plains how to build a r obust, reliable, and recycle existing PCs until you are sure that all required data is off the PCs, on the new servers, and the scalable thin- client com puting envir onment and deploy users have had the opportunity confirm2003 this and offMetaFr on theam operation. Windows 2000/to Windows Ser v sign er and e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Printing

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Printing is such a major challenge that we devoted Chapter 17 to it. In general, try to standardize as Ta ble o f Con t en t s

much as possible on the printers used. In particular, try to limit the print drivers to those supported natively by Windows Server 2003. Some older printers simply will not run well under Terminal For ewor d Services. Replacing these printers before the migration will eliminate the added pressure on the I ntr oduction implementation teams of ordering new ones onsite. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Data Line Chapter 1 -

IProcurement ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 2 problems - Window sinTer minal WAN Ser vices Anticipate getting connectivity completed according to installation promises. Plan to Chapter 3 work - Citr MetaFr e Access Suitethat the data connectivity is complete before installation. Even do more upixfront in am order to ensure Pa r t I I -a De signi ng a n Ent carrier e rpr i se (LEC) SBC Solut ion when local exchange confirms

that a data connection is complete, take the time to test

Pr epar ing Your Or ganization for between an On- Dem it yourself. We've seen miscommunication anand LECEnterpr and aise national telecommunication carrier Chapter 4 cost a projectI mplem weeksent of ation time and thousands of dollars. Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter PCs 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment Using Web Chapter 8 - Interface Security for MetaFrame automatically deploys and keeps the ICA client current.

Otherwise, task of tinstalling the Citrix MetaFrame XP client can become arduous when Chapter 9 -even Net wthe or k easy Managemen

migrating thousands of users. In this case, the easier migration may be to simply give users a Windows terminal. Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Inaccurate Site Surveys

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation Configur at ion Most organizations depend on userand surveys to determine the type and state of equipment in remote Chapter 14 Client Configur ation and Deploym ent offices. Impress upon the survey respondents how crucial it is for them to report this information Chapter 15 -in Pr ofiles,toPolicies, and Pr ocedu res accurately order avoid costly implementation delays and potential downtime. If your organization already16has- aSecuring tool in place does hardware inventories, such as Microsoft SMS or HP OpenView, Chapter Clientthat Access

make sure current.atIfion possible, confirm critical items shown in the inventory, such as site Chapter 17 -the Netdata wor kisConfigur routers18 or servers, a phone call. Chapter - Pr int in with g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Suof it e the fo r W in do w s Environment Ser ver Postproduction Management SBC 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 Steve Kaplan al. SBC is now rolledbyout across the et enterprise. Your users are happy, and your IT staff has joined the aw -Hill © 2003 (724 pages) swelling ranks of McGr server-based computing evangelists. Performance should be compared with both expectations andThis established success metrics. resultsreliable, shouldand be reported to both management guide ex plains how to buildThe a r obust, scalable thin- client com puting envir onment and deploy and users.

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Measuring User Satisfaction

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> One method for measuring user satisfaction is to send out surveys asking users to grade the project Ta ble o f Con t en t s

on various criteria, including performance, reliability, how well it meets expectations, ease of use, training, and implementation. Compare the user satisfaction results with those obtained in surveys For ewor d taken before the SBC deployment. You can also use the surveys to find out what other attributes users I ntr oduction would like. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Rate Project Milestones Enterpr ise

Chapter 1 Chapter 2

- Window s Ter minal Ser vices

Were project milestones reached on time? For instance, one milestone may have been to migrate all - Citr ix MetaFr am e Access Suite headquarters users within 60 days of the project start. Record and publish the results. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion Chapter 3

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

ation UpdatingI mplem the ent Budget

Chapter 5

- Ser ver - Based Computing Data Center Architect ure Measure expenditures against theSer budget. Update financial feasibility model with the project Chapter 6 actual - Designing Your Netw or k for ver- Based Com the put ing

costs as as with costs they accrue going forward. This will enable a return on investment (ROI) Chapter 7 well - The Client Enviras onment to be calculated for the project over a three-to-five-year period. Chapter 8 - Security Chapter 9

- Net w or k Managemen t

Measuring SBC Benefits

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

During 11 the -beta andConfigur the production deployment, youServ established service levels for your SBC Chapter Ser ver ation: Windows Ter m inal ices environment. These service ation: levelsCitr represent an between Chapter 12 - Ser ver Configur ix MetaFr amagreement e Presentation Ser verthe IT staff and the user community. of the agreement that the ITatstaff Chapter 13 - Part Application I nstallation is and Configur ion will manage the system to meet certain

established metrics and goals. The data needed to establish whether these goals are being met needs to be collected diligently and continuously. For example, if part of the SLA is 99.99 percent system Chapter 15 - Pr ofiles, Policies, and Pr ocedu res uptime, every blue screen or other server outage needs to be recorded, as well as major network Chapter 16 - Securing Client Access disruptions for a given region or data center. Chapter 14 - Client Configur ation and Deploym ent

Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Publishing Results

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

The collected data does no good unless the appropriate people review it. There should be a policy of

Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 -between the IT staff and the user community. Establish a reporting cycle as part of the SLA. no secrets Envir onment

It may not be critical for a user to see daily status, but it may be appropriate to display quarterly or monthly SLA results. This will depend on your corporate culture and what your internal reporting Appendix A - I nter netw or k ing Basics capabilities are. Pa r t I V - Appendi x es

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Establishing an SBC Steering Committee

I ndex

List of Figur es

A technique for keeping IT staff and the user community focused on continuous improvement is to create a committee made up of both groups. The user representatives should be as diverse as the List of Case Studies reach of the server-based computing project. If the SBC environment is multinational, a representative List of Sidebars from each major region or country should participate. The exact scope and responsibility of the committee will depend on your corporate culture, but it should at least evaluate and recommend changes to the server-based computing environment. List of Tables

Providing a Forum for Feedback "Outside the Box" The help desk will record user problems and outages. In addition, you should provide a way for any

employee of the company to give suggestions or constructive criticism. This input should be reviewed and evaluated by the steering committee. We've found that brilliant suggestions sometimes come from the most unlikelyCit places. rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e ISBN:0072195665 by Steve Kaplan et al. Making Fact-Based Decisions on the Future Direction of Your McGr aw -Hill © 2003 (724 pages) SBC Environment This guide ex plains how to build a r obust, reliable, and

scalable thin- client com puting envir onment and deploy

Collecting and reporting established the users results in invaluable Windowson 2000/ WindowsSLAs 2003 and Ser vkeeping er and MetaFr am e. involved Also information for making the future of your company's server-based computing initiative. learn t decisions o centr alizeabout application managem ent, r educe soft w ar e on the desktop, and mor e. be factions within the company that remain unconvinced as Even after a successful rollout, there may to the value of server-based facts to back up a recommendation to expand the < ?xm l version= " 1.0" encoding= "computing. I SO- 8859- 1"Having ?> infrastructure or add applications can mean the difference between an environment's success or its Ta ble o f Con t en t s failure. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

Establishing a Server-Based Computing Lab

I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

To maintain aI ntr high quality ofver service, is necessary lab environment where new versions oducing Ser -Based itCom puting andtothmaintain e On- Demaand of software- and hardware can be evaluated and tested. This lab does not need to be onsite. In fact, Enterpr ise manufacturers oftensallow theirSer facilities Chapter 2 - Window Ter minal vices to be used for this purpose, as long as you agree to share the results. Regularly check the web sites of Microsoft and Citrix for the latest information on changes and Chapter 3 - Citr ix MetaFr am e Access Suite upgrades. Theng Citrix knowledge base, in ion particular, is an excellent place to find this kind of information. Pa r t I I - De signi a n Ent e rpr i se SBC Solut Since your SBC environment now tested stable, anyEnterpr changeisemust be rigorously evaluated and Pr epar ing Your Oris ganization for and an OnDem and Chapter 4 tested before deployment. I mplem ent ation Chapter 1

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Your Netw or k for Ser ver- Based Com put ing Sharing- Designing Your Experiences

Chapter 6 Chapter 7

- The Client Envir onment After getting proper clearance from management, seek out other companies that have undergone Chapter 8 - the Security

similar 9server-based and offer to share information. Even if a nondisclosure Chapter - Net w or k computing Managemendeployments, t agreement is necessary, result willSebe enrichment theEnvi server-based Pa r t I I I - I m ple m ent ing a n the O n-D e m a nd r vean r - Ba se d Com puof ti ng r onm e nt

computing environment

at each10company. server-based forums and events from Citrix and Chapter - Pr oj ectParticipate Managing in and Deploying ancomputing-related Enter pr ise SBC Envir onment Microsoft upConfigur on the ation: latest developments andServ share Chapter 11 to- keep Ser ver Windows Ter m inal icesyour experiences. Finally, seek out peers on the Internet, groups, rooms, or other Chapter 12 - Serin verdiscussion Configur ation: Citr chat ix MetaFr am ee-forums, Presentation Ser verareas. Chapter 13 - Application I nstallation and Configur at ion

Server-based computing on an enterprise level is an emerging technology. Manufacturers of server-

Chapter 14 - Clienthardware Configur ation Deploym based computing and and software areent eager to help you publicize your success by writing and Chapter 15 Pr ofiles, Policies, and Pr ocedu res publishing success stories. In this way, you can help contribute to the growing momentum behind this Chapter 16tremendously - Securing Client Access new and exciting industry. Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Chapter Cit 11: Server Configuration: Windows 2 00 3 : Th e O ff icial Guid e ISBN:0072195665 Steve Kaplan et al. Terminalby Services McGr aw -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learnthus t o centr alize managem ent, to r educe w ar e As we've established far in thisapplication book, it takes far more buildsoft a server-based computing on the desktop, and mor e.

Overview

environment than just following the installation manuals for the software. In this chapter, we will < ?xm l version= " 1.0" encoding= " I SO- 8859- 1"tips, ?> tricks, and techniques we have developed over the last discuss the installation and configuration Tafive ble years o f Conof t en ts working with the server-based computing products from Citrix and Microsoft. Clearly, the Citr ix MetaFr Access Suite for Ser v er 2003—The Official Guide and configuring the servers majority of am theework required to Window build ans SBC environment is in building

and applications, and thus this chapter covers the many nuances and tricks to sizing and building a For ewor d stable Terminal Services Farm based on Windows 2000/2003. The next chapter,Chapter 12, will I ntr oduction cover and ofdCitrix MetaFrame, Pa r t I - the Ov erinstallation vi e w of Ente r prconfiguration ise Se r ve r - Ba se Com put in g

and Chapter 13 will cover the installation of the applications. All three chapters installation steps in the form of checklists. Our I ntr oducing Ser ver -Based will Comprovide puting and th e On- Dem and Chapter 1 checklists willEnterpr include isenot only the steps to installing and configuring the software, but also explanations of pertinent options their effects, indications where additional configuration may be Chapter 2 - Window s Ter minal Serand vices required, information on hotfixes and service packs, and general information we think is necessary in Chapter 3 - Citr ix MetaFr am e Access Suite order deploy the Pa r t I I -toDe signi ng a ntechnology Ent e rpr i se effectively. SBC Solut ion Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter We will4assume, for ent theation purposes of this chapter, that the reader is familiar with the basics of installing I mplem

and configuring, and with administering Windows 2000 Server. Chapter 5 - Ser ver - Based Computing Data Center Architect ure Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing Although we provide detailed, step-by-step instructions, we are not advocating that every server be

Chapter 7 scratch. - The Client Envirwe onment built from Rather, will also discuss how to use various tools to effectively create additional Chapter - Security servers8from a standard image. This standard image will be accessed from an application deployment Chapter 9 CD-ROM - Net w or to k Managemen t build additional servers in the server farm. server or automatically Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Caution Many the suggestions and recommendations thisonment chapter involve making changes Chapter 10 - Pr oj ectof Managing and Deploying an Enter pr ise SBC in Envir directly to the registry. Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

We recommend that readers adhere to the following safety guidelines before making any of these changes to the registry:

Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Become familiar with REGEDT32 and REGEDIT (REGEDIT is fully functional in Windows 2003, but16REGEDT32 required in some instances in Windows 2000 due to deficiencies with Chapter - SecuringisClient Access

REGEDIT). Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Always make backups to the key being changed with the REGEDT32 "save key" feature. This will allow you to go back to a previous state and possibly save hours of rebuilding as you create your Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP first "gold image." Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir onment Never change the registry on a production server or on a server you can't otherwise afford to lose.

Pa r t I V - Appendi x es

Appendix - I nter netw or k ing Basics We haveA tested these changes on several production systems, but it isn't possible to test them on all Appendix B platforms - Creatingand an OnDem and Enterpr ise Financial Model hardware configuration settings. As such,Analysis we recommend strongly that you follow the

pilot andCbeta methodology theseiption changes before Appendix - Creating an On- and Dem thoroughly and Enterpr test ise Subscr Billing Modelrelying on them in a production SBC environment. I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m eServer Access SuHardware it e fo r W in do wPlatform s Ser ver Planning the Terminal 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by the Steve Kaplanand et al. Prior to purchasing servers installing the operating system, the first question that must be awservers -Hill © 2003 pages) The art of determining how many and what size servers answered is how McGr many are(724 needed. are required for aThis server-based computing infrastructure longand been argued and discussed with guide ex plains how to build a r obust, has reliable, scalable client com puting envir onment and deploy more disagreement than thinagreement. The disagreement surrounds the fact that both applications and Windows 2000/ Windows to 2003 Ser v er andinMetaFr Also end users vary greatly from organization organization termsam ofe.required resources, how they use learn t o centr alize application managem ent, r educe soft w ar e the resources, how often they use them, and how well behaved they are (that is, do the applications or on the desktop, and mor e. users have memory leaks, large bandwidth requirements, crashing problems, or other difficulties). < ?xm l version= " 1.0" encoding= " I SO-a8859?> Chapter 10 detailed how to build pilot 1" environment and the need for testing prior to implementation. TaTesting ble o f Con t en t s is absolutely essential to providing an organization with the basics of whether applications will Citr ix MetaFr am eSBC Access Suite for Window s Ser v erthey 2003—The Official Guide users. However, the problem perform in an environment, and whether will scale to multiple For ewor d with a simple test in a small pilot environment is that most applications, networks, and servers do not I ntr oduction scale linearly indefinitely (due to the large number of variables just listed), making it unreliable to Pa r t I - Ov er vi e w of Ente r pron ise aSesmall r ve r - Ba se d Com put in g simply extrapolate based testing environment. Thus, if an organization plans to scale an I ntr oducing Ser ver -Based Com puting th e OnDem and SBC to1the-enterprise with 500 users or more, weand strongly recommend simulating a larger number of Chapter ise is to build a test environment to simulate at least 10 percent of the eventual users. A goodEnterpr test plan Chapter 2 number - Window Ter minal Ser vicesto understand and estimate how many servers are needed. expected of sconcurrent users Chapter 3 case - Citrstudy ix MetaFr am example, e Access Suite Using our as an Clinical Medical Equipment Corporation (CME) (introduced in Pa r t I I - De signi ng a3000 n Enttotal e rpr iusers se SBCand Solut ion concurrent users, we will need to test 250 concurrent Chapter 10), with 2500 Pr epar ing Your Or ganization for an On- Dem and Enterpr ise users. Prior Chapter 4 - to detailing how to perform large-scale simulations, a discussion on server hardware and I mplem ent ation is worthwhile. operating system installation

Chapter 5

- Ser ver - Based Computing Data Center Architect ure The following section discusses in more depth Chapter 6 - Designing Your Netwserver or k for hardware Ser ver- Based Com put ing and provides some examples of what

size servers start withEnvir andonment what server components to consider. Chapter 7 - to The Client Chapter 8

- Security

- Net w or k Managemen t Server Hardware

Chapter 9

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Since an puts users at an theEnter mercy of the server hardware has always Chapter 10 SBC - Pr environment oj ect Managing andallDeploying pr ise SBCservers, Envir onment been a11 major point discussion. years there Chapter - Ser ver of Configur ation: Four Windows Terago, m inal Servwas ices a dramatic performance, reliability, and support12difference "whiteCitr box" and servers soldSer byver the top three server players (then Chapter - Ser verbetween Configur ation: ix servers MetaFr am e Presentation HP, Compaq, and IBM).I Ever since,and major industry Chapter 13 - Application nstallation Configur at ionchanges in the form of dramatic cost reduction of

the hardware, Intel hardware standardization, and the globalization of third-party support, have all come together to dramatically level the playing field of server hardware manufacturers. Today, Dell Chapter 15 - Pr ofiles, Policies, and Pr ocedu res consistently competes head-to-head with HP (which now incorporates Compaq) and IBM, and we have Chapter 16 - Securing Client Access found that many white-box vendors produce reliable hardware with almost identical components to Chapter 17 - Net wor k Configur at ion HP, Dell, and IBM. Although the risk of destroying an SBC project by choosing the wrong server Chapter 18 - Pr int in g hardware platform is now lower than it was four years ago, we still highly recommend choosing a Chapter 19that - Disaster Recovery Business Continuity in the and SBC that Envirhas onment provider is Windows Serverand 2003 certified by Microsoft, proven priority onsite, 24/7 Chapter 20 Migr ation to Window s 2003 and Citr ix MetaFrame XP support. Chapter 14 - Client Configur ation and Deploym ent

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

onmentto keep each server in the farm as similar as possible, because variations in Note It isEnvir important Pa r t I V - Appendi x es hardware can lead to the need for additional images or scripting work. Thus, when Appendix A purchasing - I nter netwservers, or k ing Basics buy sufficient quantities to account for items like future growth (plan at Appendix B least - Creating an OnDem and Enterpr ise Financial Analysis one year out), redundancy requirements, and testModel systems. Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Central I ndex

Processing Units

List of Figur es

The number of processors, the amount of memory, and I/O speed will all influence the number of users that can run applications on a server. Since enterprises will be running servers in a loadList of Case Studies balanced farm, the number of users per server must be balanced against the number of servers in the List of Sidebars farm. Additionally, because of the shared DLL environment of Windows 2000 and 2003, some applications may have conflicts with other applications, memory leaks, or other programmatical deficiencies, thus requiring additional servers to house separate applications. Consequently, a greater number of low-scale servers will provide more fault-tolerance and application flexibility (and if they crash, fewer users will be affected), while a smaller number of highly scaleable servers (say, 4-, 16-, or 32-processor servers) will be simpler to manage and will take less space, HVAC, and power in the data center. For all but the largest environments, we have found a good compromise, both based on cost and functionality, to be two-processor servers with 2–4GB of RAM in a 2U rack-based form factor List of Tables

running Windows Server 2003, Standard Edition. A two-processor server (P4 Zeon) or better will provide excellent performance for 20–60 users, depending on the application suite (see the serversizing discussion Cit that enterprises orver more), blade servers or highly rixfollows). Me t aFraFor m elarger Access Su it e fo r (2500 W in dousers w s Ser scalable servers 2should bee considered in eorder to minimize the data center requirements and daily 00 3 : Th O ff icial Guid management activities. Additionally, as 16–32 processor servers become more commonplace, the use ISBN:0072195665 by Steve Kaplan et al. of VMware ServerMcGr or Microsoft Connectix Virtual Server products to virtualize 4–16 Windows Server aw -Hill © 2003 (724 pages) 2003 servers on one hardware machine may become economically This guide ex plains how to build a r obust, reliable, andadvantageous. The determining factor will be in how HP, IBM, and other high-end server manufacturers price these highly scalable scalable thin- client com puting envir onment and deploy Windows 2000/ Windows v er Corp., and MetaFr am e. Alsois not obvious, as the 2500 hardware platforms. Regarding our case 2003 study,Ser CME the decision learn tcan o centr application managem w arwe e can fit on a server, concurrent user count go alize either way, depending onent, howr educe manysoft users on the desktop, and mor e. available data center space, and current cost of the hardware options. Since the most significant < ?xm l version= encoding= " I SO1" ?>the discussion later in this chapter on how to perform a variable is the" 1.0" number of users per8859server, Tamore ble o fprecise Con t enserver ts sizing test is critical. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Memory For ewor d I ntr oduction

Nearly all servers today come with ECC (Error-Correcting Code) memory, and most have a maximum capacity of 4–6GB in a basic configuration. Windows Server 2003 Standard Edition will accept 4GB of I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 and - the 32-bit Enterprise and Datacenter Editions support 32GB and 64GB respectively. As memory, Enterpr ise stated earlier, we only recommend the use of highly scalable servers (four processors or more, 32GB Chapter 2 - Window s Ter minal Ser vices or more of memory) in SBC environments with over 2500 users in conjunction with a Virtualization Chapter 3 - Citr ix MetaFr am e Access Suite product (for example, VMware Server or Microsoft Connectix Virtual Server), as the Virtualization Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion reduces the risk of having hundreds of users impacted by one blue-screen or fatal software error. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Network- Interface Cards Ser ver - Based Computing

Chapter 5 Chapter 6

Data Center Architect ure

- Designing Your Netw or k for Ser ver- Based Com put ing

Most servers today come with Gigabit networking built-in, and in most cases, dual Gigabit networking.

Chapter 7 - card The Client onment If a network needsEnvir to be added to a server, we recommend only using the "server" type—that is, Chapter 8 - that Security those NICs have their own processor and can offload the job of handling network traffic from the Chapter 9 also - Netrecommend w or k Managemen CPU. We usingt two NICs in a teaming configuration to provide additional bandwidth Pa I I I server - I m pleas m ent n O n-D e m a nd(ifSe r ve network r - Ba se d Com ti ng the Enviserver r onm e remains nt tor tthe wellingasa redundancy one cardpufails,

live since it can run

Chapter 10 remaining - Pr oj ect live Managing off of the card).and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Note NICsation: have the ability to am autonegotiate between Chapter 12 Most - Ser10/100 ver Configur Citr ix MetaFr e Presentation Ser ver speeds and full- and half-duplex We have experienced significant Chapter 13 settings. - Application I nstallation and Configur at ion problems with this in production, especially when

mixing NICs and network backbone equipment from different vendors. Thus, we strongly recommend nailing the cards to 100Mbit full-duplex (assuming that the server NICs plug into Chapter 15 - Pr ofiles, Policies, and Pr ocedu res a 100Mbit switch), and standardizing it on all equipment. See Chapter 6 for a more detailed Chapter 16 - Securing Client Access discussion of network design and requirements. Chapter 14 - Client Configur ation and Deploym ent

Chapter 17 - Net wor k Configur at ion Chapter 18 Hard - Pr intDrives in g Server

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter The hard 20 drive - Migr system ation to plays Window a different s 2003 and role Citr withix terminal MetaFrame servers XP than it does for standard file servers.

In general, noOngoing user data is stored or of written onv er a -terminal server, Administr ation the Ser Based Com putingand a server image will be available for rebuild, soEnvir the onment main goal when designing and building the hard drive system for a terminal server is Pa r t I Vspeed - Appendi es read andxuptime. We have found hardware RAID 5 to be a cost-effective approach to gaining Appendix A speed - I nterand netwuptime or k ing Basics both read (if any one of the drives fails, the server will remain up). RAID 5 requires a Appendix B of- three Creating an Onand Enterpr ise Financial Analysis Model minimum drives andDem a hardware RAID controller. We recommend the use of the smallest, fastest drives available at ise theSubscr time of this writing.) Appendix C - Creating an(18GB, On- Dem15K and RPM Enterpr iption Billing Model Chapter 21 -

I ndex

Another option that is becoming affordably priced and offers even greater speed and reliability is solid state drive systems. Because solid state drives do not have moving parts, they can be up to 800 List of Tables percent faster and dramatically more reliable than EIDE or SCSI drives. We suspect that as vendors List of Case Studies increase reliability and the cost of solid state systems decrease, they will become common place in List of Sidebars SBC environments. List of Figur es

Other Hardware Factors The following are related recommendations for an SBC hardware environment: Power supplies Server power supplies should be redundant and fail over automatically if the

primary unit fails. Cit rix Me t aFra m e Access Su it efor fosafety, r W in do w s Ser verand ease of access. Never put Racking All server farms should be racked scalability, 2 00 3 : Th e O ff icial Guid e servers on unsecured shelves within a rack. by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

Cable management label (or both) all cables traveling between servers and This guideClearly ex plains howortocolor buildcode a r obust, reliable, and the network patch panel network backbone. It will save tremendous amount of time later scalable thin-or client com puting envir onment and adeploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also when troubleshooting a connection. learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Multiconsole Use a multiconsole switch instead of installing a monitor or keyboard for each

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> server. It saves space, power, and HVAC. Ta ble o f Con t en t s

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Pre-Installation Considerations 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve et and al. configuring Windows Server Before getting started withKaplan loading 2000 or 2003, there are some McGr aw -Hill © 2003 (724 pages) important considerations to think about.

This guide ex plains how to build a r obust, reliable, and

Review the Microsoft hardware compatibility list. Microsoft publishes this list at scalable thinclient com puting envir onment and deploy Windows 2000/ Windows 2003 Ser vnot er and MetaFr am e. Also http://www.microsoft.com/hwdq/hcl/, but does guarantee that the hardware listed will work learn t o centrServices, alize application ent, ar ework. It does certify that the flawlessly with Terminal nor thatmanagem hardware notr educe listed soft will wnot on the desktop, and mor e. hardware listed has been tested and provides a good starting point for evaluation. Only consider hardware" 1.0" not on the list "ifI SOit is 8859known1"to < ?xm l version= encoding= ?> work with Terminal Services and MetaFrame. Ta ble o f Con t en t s

existing fileWindow server,sdomain controllers,Official and Active Citr ix Make MetaFrsure am e your Access Suite for Ser v er 2003—The GuideDirectory infrastructure are

installed and functioning properly . You will be storing scripts, Group Policy objects, and templates For ewor d centrally, not on each MetaFrame server. In addition, a file server will need to be installed and be accessible when your servers go online. I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oduction Pa r t

I ntrall oducing Serdrivers ver -Based puting and are th e available On- Dem and Make required andCom startup disks . Even with the maturity of the Chapter 1 sure Enterpr ise

Windows Server platform, hardware is constantly changing, and special drivers may be required - Window s Ter minal Ser vices for RAID controllers, NICs, the BIOS, or other server components when loading Windows Server Chapter 3 - Citr ix MetaFr am e Access Suite 2000/2003. Make sure these are available and on the appropriate media before you begin. Chapter 2

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Review Chapter 4 - information on platform-specific issues . The respective web-based knowledge bases from ent ation Citrix andI mplem Microsoft have a wealth of information on different server hardware. It is prudent to Chapter 5 -this Serinformation ver - Based Computing Data Center Architect ure before they occur. This review may review and circumvent potential problems Chapter 6 serve - Designing Youryour Netwmind or k for Ser verBased Com putto ingpurchase. even to change about which hardware Chapter 7

- The Client Envir onment Prepare hardware. Thoroughly prepare and test your hardware before attempting to load any Chapter 8 - Security

software. Make all shipping protection has been removed. Open the case and make sure all Chapter 9 - Net w or ksure Managemen t

components are securely seated and installed correctly. Power-on the server and run the vendor's diagnostics on the entire system. If your vendor hasn't "burned in" the server, let the diagnostics Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment run at least overnight, if not for a few days, to eliminate any "lemons" before you begin to rely on Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices the system. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Chapter 13 - Application I nstallation and Configur atDon't ion assume power, cooling, or moisture levels are Double-check the data center environment. Chapter 14 Client Configur ation and Deploym ent adequate. Check them out with the data center staff and compare them to published tolerances Chapter 15 the - Pr ofiles, Policies, and Pr ocedu res from hardware manufacturer. Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su itProcedures e fo r W in do w s Ser ver Operating System Installation 2 00 3 : Th e O ff icial Guid e

by Steve Kaplan et al. are meant to provide a ISBN:0072195665 The following step-by-step instructions quick reference for installing Windows aw -HillServer © 2003 2003 (724 pages) 2000 Server and McGr Windows with Terminal Services. Included in these instructions are the post-installation changes weexrecommend address limitations the operating system itself. These This guide plains how toto build a r obust, reliable,inand scalable thinclient comdefault puting envir onment and can deploy limitations are often due to insufficient values, but they also be settings to work around Windowswe 2000/ Windows 2003 Sertov er MetaFr am e. Also bugs, or simply changes think are necessary theand "health and well-being" of an SBC environment. learn t o centr alize application managem ent, r educe soft w ar e After each recommended change, we provide the setting value or instructions, as well as the reason. on the desktop, and mor e. Where possible, we have also provided a URL reference with more information on why that change < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> may be necessary. Ta ble o f Con t en t s Citr MetaFr e Access forfarm, Window s Ser v er every 2003—The Official Forix the firstam server buildSuite in the document step in orderGuide to create installation procedure

documentation. This documentation will be the blue print for all future server builds and serve as a For ewor d portion of a disaster recovery plan. I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

The following is an example of the installation procedures needed for Windows 2000 Server:

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Step 2 Description Chapter - Window s Ter minal Ser vices Chapter 3

1.

- Citr ix MetaFr am e Access Suite Install and configure server hardware:

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Unpackage and prep hardware I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Update the firmware to the latest versions

2. Compaq/Dell servers will be used, run the appropriate configuration Chapter 7 If -hardware The Clientlike Envir onment example, Smart Start. Chapter 8 software—for - Security Chapter 9 Press - Net F6 w orto k Managemen t 3. install third-party SCSI or RAID driver(s) that are not currently on the Pa r t I I I - I m ple m ent ing a n CD-ROM, O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Windows 2000 if needed.

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

4.

Press ENTER to continue with the installation.

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

5. agree ation: with the agreement. Chapter 12 Press - Ser F8 ver to Configur Citrlicense ix MetaFr am e Presentation Ser ver Chapter 13 Follow - Application I nstallation Configur at ion 6. on screen promptsand to create the appropriate partitions. Chapter 14 - Client Configur ation and Deploym ent

7.

Select to format the partition using the NTFS file system.

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

will format partition and copy installation files. When completed, it will reboot Chapter 16 Setup - Securing Clientthe Access system continue Chapter 17 the - Net wor k and Configur at ion to the GUI setup. Chapter 18 Click - Pr int in g to continue. 8. Next Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

9.

Select the regional settings and click Next.

10.

Enter a name and company Ongoing Administr ation of name the Serand v er -click BasedNext. Com puting

11.

Select the appropriate license settings and click Next.

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Envir onment

Pa r t I V - Appendi x es

12. computer Appendix A Select - I nteranetw or k ing name, Basics enter the administrator password, and click Next. Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Note that Windows 2000 allows passwords of up to 127 characters. We Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

recommend that the Administrator account password be at minimum nine characters long and that it includes at least one punctuation mark or nonprinting ASCII character in the first seven characters.

13.

The installer will now be prompted to select the Windows 2000 components to be installed. We recommend selecting only what is needed, and to remove the following: Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ffand icialUtilities Guid e Multimedia, games, and chat. In Communications, we Accessories by Steve Kaplan et al. remove Chat and Phone Dialer as well as theISBN:0072195665 accessibility wizards. McGr aw -Hill © 2003 (724 pages) This guideService ex plains how to build a r obust, reliable, and Indexing

scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also Internet Information Services (IIS) Inent, addition to soft increasing security risks on a learn t o centr alize application managem r educe w ar e MetaFrame on the desktop, server, and ifmor IISe.is left checked, the installer will have the option of

installing NFuse during the install of MetaFrame, which is not recommended, as

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> NFuse should be separated from the application servers. Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Script Debugger

For ewor d

I ntr oductionIn addition, mark the Terminal Services check box to enable Terminal Services. Pa 14. r t I - Ov er vi e w of r prand ise Se r ve r -settings Ba se d Com in g Next. Select theEnte Date Time andput click

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 15. 1 Select Application Server Mode and click Next. Enterpr ise Chapter - Window s Ter minal Ser vices for application compatibility. 16. 2 Select the default permissions Chapter 3 - Citr ix MetaFr am e Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Permissions compatible with Windows 2000 users This setting gives default

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Terminal Services users the same permissions as a member of the users group and I mplem ent ation

Chapter 4

-

Chapter 5

cause issues with some legacy applications. - Ser could ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7 Chapter 8

- ThePermissions Client Envir onment compatible with Terminal Server 4.0 users This setting gives - Security default Terminal Services users full access to critical registry and file system

Chapter 9

thus enabling support for legacy applications while creating a possible - Net locations, w or k Managemen t

security and, user Pa r t I I I - I m ple m ent ing a nhole O n-D e m amore nd Se rimportant, ve r - Ba se d giving Com puthe ti ngend Envi r onmthe e ntability to

affect the stability

system.and Deploying an Enter pr ise SBC Envir onment Chapter 10 - Pr ojof ectthe Managing Chapter 11 Click - SerNext. ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

17.

The installer is now prompted to configure the network settings. We highly recommend configuring the network adapter cards now. Select Custom and click Next.

Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

18. 15 Double-click Internetand Protocol and enter the appropriate TCP/IP address Chapter - Pr ofiles, Policies, Pr ocedu(TCP/IP) res Chapter 16 information - Securing documented Client Access during the design phase. Chapter 17 - Net wor k Configur at ion

Note We recommend entering the FQDN for the domain the server is a part of in the DNS Suffix for this connection area of the DNS tab, located behind the Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Advanced button. Chapter 18 - Pr int in g

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Click Next. Administr ation of the Ser v er - Based Com puting Ongoing Envir onment The next screen will ask if you would like to join a domain or remain part of a workgroup. Appendi x es Select the appropriate setting and click Next.

Chapter 21 -

19.

Pa r t I V -

Appendix A - I nter netw or k ing Basics

Setup continues by copying system files and registering system components.

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

20. Finish an to reboot on for first iption time. Billing Model Appendix CClick - Creating On- Demand andlog Enterpr isethe Subscr I ndex 21.

Install any necessary drivers. The system should be placed into install mode to install

List of Figurany es hardware or hardware drivers. Refer to the "Installing and Configuring Applications" List of Tables section in Chapter 13 for more information on install mode. List of Case Studies

Choose Start | Run. In the dialog box that appears, type: change user /install. Then click OK.

List of Sidebars

When the install of the new hardware is completed, place the system back in Execute mode. Choose Start | Run. In the dialog box that appears, type: change user /execute. Then click OK.

22.

If the Novell Client is required, install it at this point. When completed, disable the Novell System Tray Icon.

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

Disable2the System 00 3Novell : Th e O ff icial Tray Guid eicon by using this key:

ISBN:0072195665 by Steve Kaplan et al. [HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Network Provider\ Menu Items] "Enable aw -Hill © 2003 (724 pages) SystemMcGr Icon"=string:YES.

This guide plains how toadjust build the a r obust, reliable, and order. If slow logons are ex experienced, network bindings scalable thin- client com puting envir onment and deploy

23.

Windows Service 2000/ Windows and MetaFr am e. Also Install Microsoft Pack 2.2003 It canSer bev er found at learn t o centr alize application managem ent, r educe soft w ar e http://www.microsoft.com/windows2000/downloads/servicepacks/sp3/default.asp. on the desktop, and mor e.

< ?xm l version= "Note 1.0" encoding= I SO- 8859?>NOT recommend installing Service Pack 3. Be sure to As of this" writing, we1"do Ta ble o f Con t en t s test all service packs on a non-production server prior to installing them in a Citr ix MetaFr am e Access Suite forenvironment. Window s Ser v er 2003—The Official Guide production For ewor d

24.

Install any Microsoft security roll-up hotfixes or patches.

I ntr oduction

These can ber pr downloaded from Pa r t I - Ov er vi e w of Ente ise Se r ve r - Ba se d Com put in g Chapter 1

http://www.microsoft.com/windows2000/downloads/critical/q311401/default.asp . I ntr oducing Ser ver -Based Com puting and th e On- Dem and -

ise ForEnterpr more information check http://www.microsoft.com/technet/treeview/default.asp? Chapter 2 url=/technet/security/news/w2ksrp1.asp. - Window s Ter minal Ser vices Chapter 3

25.

- Citr ix MetaFr am e Access Suite

Run Microsoft Windows Update and install all critical updates and service packs, root certificates, and Windows compatibility updates. These can be found at the following Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 web - address: http://www.microsoft.com/windowsupdate I mplem ent ation Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 5

- Ser ver - Based Computing Data Center Architect ure Note

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Remember to use change user /install mode for any updates. For more information on change user /install mode, please refer to Chapter 13.

Chapter 7

- The Client Envir onment 26. 8 Set the media type, duplex setting, and the speed that the NIC is required to use within Chapter - Security

environment. Verify tthat the switch or managed switch is configured to the preferred Chapter 9 the - Net w or k Managemen setting. Never NIC to r"auto the Pa r t I I I - I m ple m ent ing a nallow O n-Dthe ema nd Se ve r - Badetect" se d Com pusettings. ti ng Envi r onm e nt Chapter 10 Go - Pr ect Managing Deploying an |Enter pr ise and SBCDial-Up Envir onment toojStart | Settingsand | Control Panel Network Connections. Right-click Network. Choose Properties | Configure. Chapter 11 Local - SerArea ver Configur ation: Windows Ter m inal Serv ices Then click the Advanced Tab. Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

27.

Disable any additional network interface cards or implement NIC teaming per the

Chapter 13 supplied - Application I nstallation and Configur at ion vendor installation procedures. Chapter 14 - Client Configur ation and Deploym ent

Go to Start | Settings | Control Panel | Network and Dial-Up Connections.

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

additional Chapter 16 Right-click - Securingany Client Access NICs and click Disable. Chapter - Net wor k Configur at ion 28. 17 Create and format any additional partitions. Chapter 18 - Pr int in g

29.

Move the page file to another faster drive or the second partition, if available, and set the PAGEFILE to 2.1 (4095MB max) times the total amount of physical RAM installed on the Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP server. Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 Go - to Start | Settings | Control Panel. Double-click the System applet. Select the Envir onment

Advanced Pa r t I V - Appendi x es

tab. Choose Performance Options, then select Change.

Appendix A Increase - I nter netw k ing Basics 30. the or Registry Size. 125MB should be sufficient. Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Go to Start | Settings | Control Panel. Double-click the System applet. Select the Advanced tab. Choose Performance Options, then select Change and change the Registry Size (the last field at the bottom of the page).

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

List of Figur es List of following Tables The is an example of the installation procedures needed for Windows Server 2003: List of Case Studies ListStep of Sidebars Description

1.

If hardware like Compaq/Dell servers will be used, run the appropriate configuration software—for example, Smart Start.

2.

Press F6 to install third-party SCSI or RAID driver(s) that are not currently on the Windows Server 2003 CD-ROM, if needed.

3.

Press ENTER to continue with the installation.

4.

Press F8 to agree with the license agreement.

5.

Follow onscreen prompts to create the appropriate partitions.

6.

2 00 3 : Ththe e O partition ff icial Guid e the NTFS file system. Select to format using

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

ISBN:0072195665

by Steve Kaplan et al. Setup will format the partition and copy installation files. When completed, it will reboot McGr aw -Hill © 2003 (724 pages) the system and continue to the GUI setup. This guide ex plains how to build a r obust, reliable, and

7.

Select the regional and clickenvir Next. scalable thin-settings client com puting onment and deploy

8.

Enter a learn namet oand company name and click Next. centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. Enter the Product Key and click Next.

9.

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

< ?xm l version= " 1.0" encoding= " I SO8859- 1" ?> 10. Select the appropriate license settings and click Next. Ta ble o f Con t en t s

11. Select a computer name, enter thev er administrator password, and click Next. Citr ix MetaFr am e Access Suite for Window s Ser 2003—The Official Guide For ewor d

Note Windows Server 2003 allows passwords of up to 127 characters. We recommend theseAdministrator Pa r t I - Ov er vi e w of Ente r pr ise Se r that ve r - Ba d Com put in g account password be a minimum of nine characters long and that it include at least one punctuation mark or nonI ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 printing ASCII character in the first seven characters. Enterpr ise I ntr oduction

Chapter - Window s Ter minal Ser vicesand Time setting and click Next. 12. 2 Select the appropriate Date Chapter 3 - Citr ix MetaFr am e Access Suite

13.

The installer is now prompted to configure the network settings. We highly recommend configuring the network adapter cards now. Select Custom and click Next.

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Chapter 4

-

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

NoteClient - The It is Envir recommended onment to enter the FQDN for the domain the server is a part of in

Chapter 8

the DNS Suffix for this connection area of the DNS tab, which is located - Security

Chapter 9

the Advanced button. - Net w orbehind k Managemen t

14.

I mplem entInternet ation Double-click Protocol (TCP/IP) and enter the appropriate TCP/IP address Chapter 5 information - Ser ver - Based Computing Data the Center Architect ure documented during design phase.

Pa r t I I I - I m ple m ent ing a nNext. O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Click

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

15.

The next screen will ask if you would like to join a domain or stay a part of a workgroup. Select the appropriate setting and click Next.

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

continues by copying files and registering system components. Chapter 13 Setup - Application I nstallation andsystem Configur at ion Chapter - Client Configur ationand andlog Deploym 16. 14 Click Finish to reboot on forent the first time. Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

17.

The server will display the Manage Server GUI after the initial logon.

Chapter 16 - Securing Client Access

Click the Add or Remove a Role link.

Chapter 17 - Net wor k Configur at ion Chapter 18. 18 Click - Pr int Next in g to continue.

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

19.

Select Terminal Server and click Next.

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

20.

Click Next toAdministr install Terminal Server. Ongoing ation of the Ser v er - Based Com puting Envir onment Close all programs and click OK.

Chapter 21 -

21.

Pa r t I V - Appendi x es

22. server will and you will need to log on again. Appendix A The - I nter netw or kreboot ing Basics Appendix B Click - Creating On-Configure Dem and Enterpr ise Financial Analysis Model 23. Finish an in the Your Server Wizard. Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

24.

I ndex

For Windows Server 2003, you have to assign the groups that will be allowed to access the terminal server through Terminal Services

List of Figur es

Go to Start | All Programs | Administrative Tools | Computer Management. Click Local Users and Groups to expand it. Then click Groups. Double-click Remote Desktop Users, List of Case Studies and add the users or groups that are appropriate. List of Tables

List of Sidebars

25.

We recommend removing any unnecessary components from Windows. Go to Start | Control Panel | Add/Remove Programs. Select Add/Remove Windows Components. We recommend always removing the Accessibility Wizard and Communication Folder from the Accessories and Utilities.

26.

Install any necessary drivers. To do so, the system should be placed in install mode. Refer to the "Installing and Configuring Applications" section in Chapter 13 for more Cit rix t aFramode. m e Access Su it e fo r W in do w s Ser ver information onMe install 2 00 3 : Th e O ff icial Guid e

Choose Start | Run. In the dialog box that appears, type change user /install. Then ISBN:0072195665 by Steve Kaplan et al. click OK. McGr aw -Hill © 2003 (724 pages)

When the newhow hardware place the system back in Execute Thisinstall guideof exthe plains to build isa completed, r obust, reliable, and mode. scalable thin- client com puting envir onment and deploy 2000/ Windows 2003 Ser v er and MetaFr am e. Also ChooseWindows Start | Run. In the dialog box that appears, type change user /execute. Then learn t o centr alize application managem ent, r educe soft w ar e click OK. on the desktop, and mor e.

27. If the Novell Client "isI SOrequired, install it at this point. < ?xm l version= " 1.0" encoding= 8859- 1" ?> Ta ble o f Con t en t scompleted, disable the Novell System Tray icon. When Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

To disable the Novell System Tray icon, use the following key:

For ewor d

[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Network Provider\Menu Items] "Enable System Icon "=string:YES.

I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Chapter 1

If slow logons are experienced, bindings I ntr oducing Ser ver -Based Comadjust putingthe andnetwork th e On- Dem and order. -

28.

Enterpr ise

Run Microsoft Windows Update and install all critical updates and service packs, root Chapter 2 - Window s Ter minal Ser vices certificates, and Windows compatibility updates. Chapter 3

- Citr ix MetaFr am e Access Suite

These can be downloaded from the following web address: http://www.microsoft.com/windowsupdate.

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

Note to useData change user /installure mode for any updates. For more - Ser ver -Remember Based Computing Center Architect

Chapter 6

information on /installCom mode, please refer to Chapter 13. - Designing Your Netw orchange k for Seruser ver- Based put ing

Chapter - The onment 29. 7 Set the Client mediaEnvir type, duplex setting, and the speed that the NIC is required to use within Chapter 8 the - Security environment. Verify that the switch or managed switch is configured to the preferred

allow thet NIC to "auto detect" the settings. Chapter 9 setting. - Net wNever or k Managemen Pa r t I I I - I m pleto m Start ent ing| Control a n O n-DPanel e m a nd| Se r ve r - BaConnections. se d Com pu ti ng Envi r onm eLocal nt Go Network Right-click

Area Network.

Chapter 10 Choose - Pr oj ect Managing| and Deploying an click Enter pr iseAdvanced SBC EnvirTab. onment Properties Configure. Then the Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

30.

Disable any additional Network Interface Cards or implement NIC Teaming per the supplied vendor installation procedures.

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

to Start | Control Panel | Network Chapter 14 Go - Client Configur ation and Deploym entConnections. Right-click any additional NICs and click Disable.

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 31. 16 Create - Securing and format Client Access any additional partitions. Chapter 17 - Net wor k Configur at ion

32.

Move the page file to another faster drive or the second partition if available and set the

Chapter 18 PAGEFILE - Pr int in g to 2.1 (4095MB max) times the total amount of physical RAM installed on the Chapter 19 server. - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Go to Start | Control Panel. Double-click the System applet. Click the Advanced tab.

Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 Click Settings under Performance, then select the Advanced tab and choose Change. Envir onment Pa r t I V - Appendi x es

Service Packs and Hotfixes

Appendix A - I nter netw or k ing Basics

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

The Golden for loading post-release service packs and hotfixes is "Don't Unless You Have To." Appendix C - Rule Creating an On- Dem and Enterpr ise Subscr iption Billing Model Unfortunately, critical applications or hardware issues often require service packs or hotfixes to correct I ndex

critical problems or install the latest releases. Microsoft periodically releases service packs that are the List of Figur es culmination of fixes to problems discovered by customers and Microsoft technical support. Customers with an urgent need for a fix that was created after a service pack can often receive it in the form of a List of Case Studies hotfix from Microsoft technical support. Citrix also releases periodic service packs in order to reduce List of Sidebars the number of interim hotfixes. List of Tables

The following list shows the current recommended service packs as of this writing: Windows NT Server 4.0, Terminal Server Edition Service Pack 6 and security roll up, found at http://www.microsoft.com/ntserver/terminalserver/downloads/critical/q317636/default.asp . Windows 2000 Server Service Pack 3

Windows Server 2003 No service packs as of this writing, only post-release hotfixes. We strongly recommend checking the Citrix and Microsoft web sites for the current level of service Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver packs and related2 00 issues whether they apply. 3 : Thto e evaluate O ff icial Guid e by Steve Kaplan et al.

ISBN:0072195665

Note Windows 2000 and 2003 use a "Windows Update" feature similar to Windows 98 that allows McGr aw -Hill © 2003 (724 pages) hotfixes to be automatically downloaded from the Internet. We strongly recommend against guide exupdate plains how to build a r obust, reliable, allowingThis automatic on production servers. It doesand not provide the level of testing rigor scalable thin- client com puting envir onment and deploy that is required maintain a stable Windows to 2000/ Windows 2003and Ser vrobust er and server MetaFrfarm. am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Performance Optimization 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve Kaplan et al. Servers is quickly evolving Performance Optimization of Terminal from a mystic art to a tested science. McGruseful aw -Hill resources © 2003 (724 pages) There are now many and tools to aid in performance optimization, and the quest toward more efficient use ofexhardware bettera performance forand end users is certainly a noble use of This guide plains howand to build r obust, reliable, thin- client com puting envir onment and deploy time. One notablescalable web resource is http://www.tweakcitrix.com.

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t olike centr alize application managem ent,are r educe soft wof ar eadd-on tools to Citrix that In addition to resources the tweakcitrix web site, there a variety on the desktop, and mor e. provide performance enhancement and application control. Four products that we have used and < ?xm recommend l version= "are 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

RES PowerFuse PowerFuse is a software tool that reduces server pauses caused by misbehaving applications by intercepting an application that is using more resources than allowed I ntr oduction (for example, if the threshold is set to 90 percent, and any application passes that percentage, it is Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g relegated to a lower priority). PowerFuse also provides user and application lockdown, software I ntr oducing Ser ver -Based Com puting andtools. th e OnDem and metering, printer control, and other useful SBC A demonstration copy can be found at Chapter 1 Enterpr ise http://www.powerfuse.com. For ewor d

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

AppSense an all-encompassing Pa r t I AppSense I - De signi ng a n Ent e rprhas i se created SBC Solut ion

suite of tools for server-based computing that doesPreverything from desktop lockdown configuration, to performance epar ing Your Or ganization for an On-and DemGUI and policy Enterpr ise Chapter 4 Process IManagement mplem ent ation(IPM) technology, which dynamically manages the level of processor and memory utilization allocated to each More information and evaluation software can be found Chapter 5 - Ser ver - Based Computing Datauser. Center Architect ure at http://www.appsense.com. Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing Chapter 7

- The Client Envir onment

Chapter 8 - Security triCerat tricerat has a similar printer, profile, and lockdown solution set to PowerFuse and Chapter 9 - Net Although w or k Managemen t AppSense. these solutions do not specifically map to performance enhancement, we Pa r t I have I I - I mfound ple m ent O n-D e m a nd Se r veperception r - Ba se d Com pu tibe ngdramatically Envi r onm e ntimpacted thating thea nuser performance can

by efficient profile

Chapter 10 - Pr oj ect Managinglockdown, and Deploying Entercontrol. pr ise SBC Envir onment deployment, application and an printer More information and evaluation software Chapter Ser veratConfigur ation: Windows Ter m inal Serv ices can11be- found http://www.tricerate.com. Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

RTO Software (formerly Kevsoft) TScale (also offered by Wyse as Expedian) improves server performance 30–40 percent by optimizing virtual memory use on the server. An evaluation copy Chapter Pr ofiles, Policies, and Pr ocedu res can15be- found at http://www.wyse.com/products/software/expedian.htm or at Chapter 16 Securing Client Access http://www.rtosoft.com/evaluate_ts.html. Chapter 14 - Client Configur ation and Deploym ent

Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Tigi Tigi drives, as discussed earlier in this chapter, are solid state drives that replace the standard hard drive or RAID sybsystem of a MetaFrame server. Due to the amount of processing and I/O Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP bottleneck that is reduced by the use of a solid state drive, some MetaFrame servers may support Ongoing Administr ation of the Ser v er - Based Com puting Chapter up 21 to twice as many users with a Tigi drive than with a standard drive bottleneck subsystem. Envir onment Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver AutomatedCit Server Creation 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 bywork Steveneeded Kaplan to et create al. Since much of the and maintain a user's desktop is mitigated by moving to McGr aw -Hill 2003 (724 server-based computing, the©main job pages) of building IT infrastructure becomes that of server and network configuration. Although many organizations intend to standardize the server build process, few can This guide ex plains how to build a r obust, reliable, and scalable thin- client cominstall putinginstructions. envir onmentThe and server deploy build process, including the accomplish this goal by merely writing Windows 2000/ Windows 2003 Ser v er and MetaFr am e.steps Also and is thus prone to application installation, typically will incorporate hundreds of manual learn t o centr alize application managem ent, r educe soft w ar e installation errorson and As the and frequency of new servers and applications theomissions. desktop, and mor number e. increases, the task of building and maintaining the servers becomes quite onerous. The other problem < ?xm l version= " 1.0"control encoding= I SO- 8859- 1" ?> is one of change and" consistency. Unless there is a standard method for building a server, a Tamyriad ble o f Con t en t s of problems are bound to crop up. These can include DLL library conflicts, application version Citr ix MetaFr am e Access Suite for Window s Ser vdifferences, er 2003—Theand Official Guide differences, application optional component driver conflicts. In this section, we will For ewor d two methods to address this task: server imaging (also referred to as cloning) and introduce I ntr oduction scripted installs. Though they are not mutually exclusive, they do have a different focus. unattended Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Imaging is theI ntr process which a standard collection components is defined, tested, and oducingby Ser ver -Based Com puting and thofe software On- Dem and certified. ThisEnterpr collection ise includes the operating system, the applications, utilities, and any system configuration changes necessary make the system work, as shown in Figure 11-1. A system image Chapter 2 - Window s Ter minal Serto vices is often created using a third-party utility such as Symantec Ghost Corporate Edition and PowerQuest's Chapter 3 - Citr ix MetaFr am e Access Suite DeployCenter allow great flexibility in how the image gets loaded on a Pa r t I I - De signisoftware. ng a n Ent eThese rpr i se programs SBC Solut ion target system. include creating afor self-loading on a media set like a bootable floppy disk Pr Options epar ing Your Or ganization an On- Demimage and Enterpr ise Chapter 4 and CD-ROM, or creating a software distribution server in which the same image can be "multicasted" I mplem ent ation to multiple servers. suchData products can speedure up the loading process by orders of Chapter 5 -target Ser ver - Based Using Computing Center Architect magnitude. The imaging method for bulk server creation has the following advantages: Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing Chapter 1

Chapter 7

- The Client Envir onment

Chapter 8

- Security

The imaging process requires no programming or scripting knowledge.

Chapter 9 - Net wan or kimage Managemen t Multicasting to multiple target servers saves time and is a standard feature of most Pa r t I server I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt imaging products.

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Imaging canver save on backup backup window time, and server restore time. By saving the Chapter 11 - Ser Configur ation: space, Windows Ter m inal Serv ices images theConfigur critical ation: servers night, is no longer need to include the server OS and Chapter 12 - from Ser ver Citreach ix MetaFr amthere e Presentation Seraver applications in the backup job, and although it isatimportant to back up the imaging server on a regular Chapter 13 - Application I nstallation Configur ion schedule (for instance, once per week).

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Figure 11-1: Imaging Limitations of imaging include An image is specific to each hardware type. Differences in NICs, video cards, array controllers, and manufacturers are difficult or impossible to handle within a simple image. Thus multiple images are often required and can be timely to maintain.

It is difficult to track all the components and configuration changes that go into an image. For example, many large enterprise applications have several options that can be chosen during Cit rix Me how t aFrathe m eapplication Access Suwill it e fo r WUnless in do w sallSer installation that affect run. of ver these options are recorded, there 2 00sure 3 : Th e O ffwere icial Guid e when the image was created. is no way to be which chosen by Steve Kaplan et al.

ISBN:0072195665

After the image isaw successfully installed McGr -Hill © 2003 (724 pages) on a target computer, information that is unique to the computer must be changed. This information the system This guide ex plains how to build a rincludes obust, reliable, and identifier (SID), IP address, and so on. scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also t o creation centr alizeprocess application managem ent, r educe soft w ar e software packages that Scripting the bulklearn server involves the creation of recorded on target the desktop, andasmor e. can be replayed on servers, shown in Figure 11-2. A package can simply be the standard application setup program that1"runs < ?xm l version=software " 1.0" encoding= " I SO- 8859?> unattended with a predefined answer file, or it can be a Taproprietary ble o f Con tset en tof s software components and system configuration changes created with a commercial software packaging program such as Citrix Manager One server acts as a deployment Citr ix MetaFr am e Access Suite for Window s SerInstallation v er 2003—The Official(IM). Guide host and contains the software packages. Windows Scripting Host can be used to replay the packages For ewor d and make any needed configuration changes the same way on all servers. Optionally, a tool such as I ntr oduction IM can used to Se create packages. IM has its own facility for distributing these Pa r t from I - OvCitrix er vi e w of be Ente r pr ise r ve r - application Ba se d Com put in g packages. The method of bulk server advantages: I ntrscripting oducing Ser ver -Based Com putingcreation and th ehas On- the Demfollowing and Chapter 1

-

Enterpr ise

One build can support different hardware types.

Chapter 2

- Window s Ter minal Ser vices

Chapter 3 - Citr ix MetaFr am e Access Suite Microsoft supports scripting. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

A high degree for loadingforapplications, service packs, Pr epar of ingflexibility Your Or ganization an On- Dem and Enterpr ise utilities, and making I mplem ent ationis possible with scripting. configuration changes

Chapter 4 Chapter 5

- Ser ver - Based Computing Data Center Architect ure A single applicationYour canNetw be changed and without Chapter 6 - Designing or k for Ser ver-deployed Based Com put ing significantly affecting the actual

deployment Chapter 7 - The script. Client Envir onment Chapter 8

- Security It provides consistency at the OS level across all configured builds. This consistency helps provide

Chapter 9 - for Netthe w orentire k Managemen t stability environment. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

11-2: Scripting Pa r t I Figure V - Appendi x es Appendix A - I nter netw or k ing Basics

Limitations include

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an OnDem and Enterpr ise Subscr iption Billing Model System Management Server If anything other than a commercial package such as IM or Microsoft I ndex (SMS) is used, knowledge of scripting is required. Though we feel the effort is justified, learning List ofVBScript Figur es or JScript requires a higher level of commitment than simple batch programming. List of Tables

of the operating system, such as the %systemroot% directory, must be granted read/write List ofAreas Case Studies for all users in order for the scripts to run. Though these security holes can be closed later, List ofaccess Sidebars this must be taken into account during the server build process.

The two methods for building servers, using an imaging product and scripting, are not mutually exclusive. In fact, they can be used together quite effectively. We will discuss an example of this later in the chapter.

Imaging Products

Both Symantec Ghost and PowerQuest DeployCenter imaging programs include free trial versions with a built-in expiration feature. DeployCenter can be found at Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver can be found at http://www.powerquest.com/downloads/eval-corp.cfm . Symantec Ghost 2 00 3 : Th e O ff icial Guid e http://www.symantec.com/sabu/ghost/indexB.html. by Steve Kaplan et al.

ISBN:0072195665

Both products have unique However, a simple, generalized procedure for creating a disk McGr aw -Hillfeatures. © 2003 (724 pages) image can be abstracted. First, to create a disk follow these This guide ex plains how to build image, a r obust, reliable, andsteps: thinclient com puting enviror onment deploy 1. Boot to thescalable network with the boot CD-ROM floppy.and This floppy is created manually or with Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also utilities from Symantec or PowerQuest. The boot disk will map network drive for storing learn t o centr alize application managem ent, r educe soft a w ar e images. on the desktop, and mor e. < ?xm l2.version= 1.0" encoding= I SO- 88591" ?>program from the floppy or from the mapped network Once "booted, run the "imaging client Ta ble o f drive. Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

3. dSelect Disk to Image from the client interface. For ewor I ntr oduction

4. Choose a location on the network to store the file and proceed.

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and To load1 a disk image, follow these steps: Chapter Enterpr ise

the network withSer thevices boot floppy from the target computer. 1. Boot Chapter 2 - to Window s Ter minal Chapter 3

- Citr ix MetaFr am e Access Suite 2. Once booted, run the imaging client program from the floppy or from the mapped network drive.

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

I mplem entto ation 3. Choose Image Disk from the client interface.

Chapter 5

- Ser ver - Based Computing Data Center Architect ure 4. Choose the correct from drive Chapter 6 - Designing Yourimage Netw orfile k for Serthe ver-network Based Com putand ing proceed. Chapter 7

- The Client Envir onment

5. Remove the boot CD-ROM while the target computer is being imaged so that it will reboot from - Security the local hard drive once imaged.

Chapter 8 Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Microsoft Support

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windowsconfiguration Ter m inal Servproblems ices To overcome some of the postinstallation that can crop up, Microsoft created a System12Preparation Utility (SPU) NT,e and MicrosoftSer continues to support system cloning Chapter - Ser ver Configur ation: for CitrWindows ix MetaFr am Presentation ver

with Windows 2000 andI 2003 with Sysprep version Chapter 13 - Application nstallation and Configur at ion1.1. The release of these tools coincides with Microsoft's cloning technology. The Windows SPU provides each cloned PC Chapter 14 -public Clientendorsement Configur ation of and Deploym ent with a unique identifierand (SID). It provides a registry entry that Microsoft technical support can Chapter 15 - Prsystem ofiles, Policies, Pr ocedu res use to determine whether system has been cloned. Refer to the Microsoft web site at Chapter 16 - Securing Clienta Access

http://www.microsoft.com/windows2000/techinfo/planning/default.asp to download this utility. We have Chapter 17 - Net wor k Configur at ion used these products many times with no trouble for server cloning. We also know firsthand of at least two major PC hardware manufacturers that use cloning products internally.

Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

PowerQuest DeployCenter Version 5.5

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

onment PowerQuest Envir DeployCenter software allows users to image and deploy Windows Server 2003, Pa r t I V - Appendi x es Windows 2000 Server, Windows 2000 Advanced Server, and Windows NT Server machines, as well Appendix A - 98, I nterMillennium, netw or k ing and Basics as Windows 2000 Professional. DeployCenter automatically converts a PDC Appendix B Creating an OnDem and Enterpr ise domain Financialcontroller) Analysis Model (primary domain controller) to a BDC (backup when an image file is restored. An Appendix C Creating an OnDem and Enterpr ise Subscr iption Model image can be created directly to a SCSI or ATAPI CD-R or Billing CD-R/W drive. DeployCenter supports I ndex multicast and unicast deployment, and has a custom script builder that streamlines the process of List of Figur es preparing a system for cloning and deployment by providing a simple interface for creating, editing, andof testing List Tables Microsoft SysPrep answer files. DeployCenter also has a feature that will reassign a new unique SID. List of Case Studies List of Sidebars

Symantec Ghost Corporate Edition Version 7.5 Ghost is the most mature of the imaging software products and is still arguably the best and most reliable utility for cloning computers. Version 7.5 now includes a multicast feature as well as native support for Windows 2000 Remote Installation Server. Ghost can be used to roll out Windows 2000, Windows XP, and PXE-Compliant (PC98) computers. The program includes some excellent utilities such as Ghost Walker, which can assign a compatible SID, and Ghost Explorer, which allows the

selection of individual files and directories within an image file. Tip There is a potential problem with user profile corruption when the profile is dynamically loaded Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver on a newly built server with time stamps newer than the profile. This same problem occurs on 2 00 3 : Th e O ff icial Guid e servers that were cloned or built manually. The work-around is to set the server's clock back to ISBN:0072195665 by Steve Kaplan et al. well before the profile was created, perhaps one year. After the first login as the Administrator, McGr aw -Hill © 2003 (724 pages) set the clock to the current date and time. This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t Image aFra m e Access Su it e fo r W in do w s Ser ver Further Standard Definition 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 byuse Steve Kaplan etand al. scripting (scripting is covered Obviously the best of imaging in Chapter 22) occurs after the McGr aw -Hill © 2003 (724 pages) Chapters 12 and 13 will finish the building process by covering the server is completely configured. Citrix installation and application's This configuration, guide ex plains and how the to build a r obust, installation reliable, andand configuration. Chapter 13 will scalable thin- client com puting management envir onment and deploy using Citrix Installation also discuss software installation and version automation Windows Windows Serthe v er final and MetaFr e. Also Manager software. With all2000/ these things in2003 place, cloningamcan be performed.

learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Server Sizing and Capacity Planning

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

With the maturation of server-based computing, a variety of software tools have emerged to provide SBC server capacity planning and testing. Mercury Interactive's LoadRunner For ewor d (http://www.mercuryinteractive.com) and Scapa Technologies' StressTest (http://www.scapatech.com) I ntr oduction have both developed an extensive set of planning, testing, and monitoring software tools that provide Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g very sophisticated analysis and results for large enterprise environments attempting to determine how I ntr oducing Ser ver -Based Com puting and th e On- Dem and many servers Chapter 1 - will be required for a given user load and performance expectation. Both of these tools Enterpr ise are relatively simple to use and will test the aggregate effects of all variables on a Terminal Server Chapter 2 - Window s Ter minal Ser vices Farm, including server load, network bandwidth, encryption, compression, and so on. These tools Chapter 3 - Citr ix MetaFr am e Access Suite make it very easy to run all-encompassing tests, and measure the results effectively. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing high-powered, Your Or ganization for form-factor an On- Dem and isenow readily available on every But, with small rackEnterpr servers Chapter 4 inexpensive, ent ation street corner,I mplem the tradeoff between an inexact estimate of the number of required servers and the time Chapter 5 - required Ser ver - Based Computing Data Center Architect ureweighed. Since neither tool is inexpensive and money to work with an enterprise tool must be Chapter 6 - lists Designing Your Netw k for Ser ver-lists Based put ing it is our opinion that environments with (StressTest for $25,000 andor LoadRunner forCom $50,000) Chapter 7 2500 - Theusers Clientmay Envir onment less than benefit from a less expensive (albeit less automated) approach. We will detail an in this section that provides reasonably accurate server-sizing data points for small Chapter 8 approach - Security

to mid-sized Note tthat as an environment reaches 2500 users or more, this approach is Chapter 9 - environments. Net w or k Managemen very and time-consuming, thepuuse oner onm of the Pa r t I Itedious I - I m ple m ent ing a n O n-D e m athus nd Senecessitating r ve r - Ba se d Com ti ngofEnvi e ntenterprise

tools mentioned

earlier.10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

User and Simulation Chapter 12 - Application Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

The goal of simulation is to determine with relative accuracy, the number of servers required to support a given amount of users at a given acceptable performance level.

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Chapter Note 16 The - Securing numberClient of terminal Accessservers is not the only concern when considering the capacity and

an environment. As an environment grows, other services such as network Chapter 17 scalability - Net wor kofConfigur at ion Chapter 18 bandwidth, - Pr int in g file servers, license servers, web servers, security servers, and others, will also

additional resources. Chapter 19 require - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

In order to build an effective simulation, it is important to define two variables:

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

applications that the environment will support. 1. The major Envir onment

Pa r t I V - Appendi x es

2. The performance speed or response time required (typically defined in wait time) for a function to occur (for example, an acceptable wait time for Word to start after a user has clicked the icon Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model might be 1.5 seconds, based on a typical wait time for users' current fat-client environment). Appendix A - I nter netw or k ing Basics

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

I ndex Once these variables are defined, there are three steps to complete the simulation and gather the List of Figur es data: List of Tables

1. Create a script or automated process to simulate a user running an application or performing a

List of Case Studies task. List of Sidebars

2. Prepare to monitor the server farm. 3. Execute the scripts simulating multiple users, across multiple sessions (and preferably across multiple servers in a load-balanced test farm). These three steps warrant additional discussion. Create a Script or Automated Process Although the option of rounding up a large herd of test users

and asking them to run their applications for several days in the test environment may sound appealing, in most cases it will be desirable to automate the process by creating a script or automated procedure to closely simulate the usersSu perform jobs tasks in the environment. The Cit rix Me t aFra m way e Access it e fo r their W in do w sand Ser ver challenge with creating or process 2 00 3 : the Th e script O ff icial Guid e to run the simulation is that the users' use of applications and processes must be understood in order to obtain accurateISBN:0072195665 results. This can only be accomplished by Steve Kaplan et al. by interviewing and observing live users prior to creating the script. McGr aw -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and

Once the approach is understood, the next step is to choose a scripting tool. Three potential scripting scalable thin- client com puting envir onment and deploy tools are WinTask, WinBatch, and AutoIT. These range in price from free to $100, and provide a Windows 2000/ Windows 2003 Ser tools v er and MetaFr am e. Also macro-type recording which creates amanagem recording filer educe that can from a command learn feature, t o centr alize application ent, softbe w arlaunched e on the desktop, and mor e. prompt. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Preparing to Monitor the Server Farm Prior to actually executing the scripts, it is important to put a Ta ble o f Con t en t s

monitoring tool in place to gather results while the simulation is running. Two obvious monitoring and reporting tools are Citrix Resource Manager (RM) and Windows Performance Monitor. Since RM will For ewor d be covered in Chapter 21, and Performance Monitor tends to be simple and quick to configure for this I ntr oduction purpose, we will cover it briefly here: Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

1. Configure Performance Monitor (perfmon.exe) to create a new log file. I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

-

Enterpr ise

2. We recommend logging, at a minimum, the following counters on all servers in the test Chapter 2 - Window s Ter minal Ser vices environment: Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion Terminal Services: Active Sessions

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

I mplem ent ation Physical Disk: % Disk Time

Chapter 6

- Memory: DesigningPages/sec Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Network Net w or k Interface: Managemen Bytes t Total/sec

Processor: % Processor Time:_Total

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

3. Keep mind that thereand areDeploying also specific counters Terminal Services (under Citrix Chapter 10 - in Pr oj ect Managing an Enter pr ise for SBCCitrix Envirand onment and ICA and Terminal Services) that may be very helpful, especially for larger simulations where counters like Zone Collections, IMA traffic, and IMA data store communications need to Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver be understood in order for background components and servers to be scaled appropriately. Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 13 - Application I nstallation and Configur at ion

Chapter 14 the - Client Configur and Deploym ent Execute Scripts Onceation the Performance Monitor logging is configured, we are ready to begin the Chapter 15 Pr ofiles, Policies, and Pr ocedu simulation. Since connecting hundreds ofres client desktops and running from workstation to workstation Chapter 16 the - Securing Client to invoke script is not on Access most folks' fun-to-do list, we recommend utilizing the Citrix Server Test Kit (CSTK)17and- aNet group specialized Chapter wor k of Configur at ion client machines to automate the simulation of a large number of

users and Chapter 18 sessions. - Pr int in g The CSTK is free, and can be downloaded from http://www.citrix.com/cdn. Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

A CSTK environment has four main components:

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 Pa r t

Ongoing Administr ation of the Ser v er - Based Com puting

Envir onment This is the interface that runs on the server farm and is used to start and stop The CSTK Console I the V - Appendi x es tests, apply simulation scripts, and configure test-user accounts.

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

The user simulation scripts These are the scripts created in the previous section. The CSTK tool also includes some useful scripts for more generic tasks such as Internet Explorer and I ndex Microsoft Office 2000. Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model List of Figur es List of Tables

client The client tool runs on every ICA test session and employs the user simulation List ofThe CaseCSTK Studies List ofscripts. Sidebars

The client launcher utility This is the secret ingredient. It can be used to automatically launch multiple ICA clients from one PC or virtual machine environment. It also saves gobs of time over having to manually log on and launch 100 different sessions. As we stated earlier in this chapter, we recommend simulating at least 10 percent of the final number of concurrent users. The CSTK supports running multiple test sessions from one client machine,

although the number of sessions will be limited by the memory of the client machine (about 12MB of memory per client session is required). Thus, for small test environments, a group of thin clients or low-end PCs mayCit provide capacity.SuInitthe environment though—take our rix Me sufficient t aFra m e Access e focase r W inof doawlarger s Ser ver case study CME Corp., 10e percent test will require 250 concurrent client sessions. 2 00 3 : for Th eexample—a O ff icial Guid Clearly, a more creative environments in order to keep the test by Steveapproach Kaplan et will al. be necessary for larger ISBN:0072195665 environment fromMcGr becoming overly expensive and space consuming. aw -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and

One approach that dramatically reduces the size of the client test environment is to utilize powerful scalable thin- client com puting envir onment and deploy client PC workstations running machine software VMware or Microsoft Windows 2000/virtual Windows 2003 Ser v er andlike MetaFr am e. Workstation Also centr alize application managem ent, r educe soft w ar e Connectix Virtuallearn PC tot ocreate multiple client operating system environments that will each run on the desktop, e. multiple client sessions. Powerfuland PCmor workstations for this purpose can be procured for well under $1000 and can support up to 48 client sessions per workstation. The minimum specifications for the < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> client test workstation are Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Intel P4 1.6 GHz

For ewor d

I ntr oduction 1GB of memory Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

40GB hard I ntrdrive oducing Ser ver -Based Com puting and th e On- Dem and -

Chapter 1

Enterpr ise

100MBit networks interface Chapter 2 - Window Ter minal Ser vices Chapter 3

- Citr ix MetaFr am e Access Suite VMware Workstation version 4 or Microsoft Connectix Virtual PC for Windows version 5

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Windows Chapter 4 - 95, Windows 98, Windows ME, Linux, Windows 2000 Professional, or Windows XP—If I mplemenvironment ent ation the production will contain a mixture of these clients, then run a mixture on a test Chapter 5 - Ser ver - Based Computing Databoth Center Architect ure all of these running virtually as guest workstation. VMWare and Connectix support hosting Chapter 6 - Designing Netw or k forfrom Ser verBased Com put ing operating systems Your simulaneously Windows Server 2003 or Linux. Chapter 7

- The Client Envir onment Once the test workstations are configured, load the CSTK environment and configure up to eight Chapter 8 client - Security

client sessions each of six virtual machines within the server. Once the test is completed, turn off Chapter 9 - Neton w or k Managemen t

the performance monitor logging and go back to performance monitor to study the logs. Depending on the results, additional users can be added and tested, or fewer users tested to determine the Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment maximum number of users supported at a specific performance expectation. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 12Madden's - Ser verwell-written Configur ation: CitrCitrix ix MetaFr am e Presentation Ser verTechnical Design Guide, Second Brian S. book MetaFrame XP Advanced Chapter 13 Application I nstallation and Configur at ion Edition gives the following step-by-step guide to using the CSTK (used by permission): Chapter 14 - Client Configur ation and Deploym ent

From this it isPolicies, obviousand thatPrcapacity Chapter 15 section, - Pr ofiles, ocedu resplanning is a multiphased, complex project, but it is an absolutely in all but the smallest environments, to ensure success of a Terminal Chapter 16 necessary - Securing project, Client Access Services Chapter 17deployment. - Net wor k Configur at ion Chapter 18 - Pr int in g

Detailed Steps to Use CSTK to Conduct the User-Load Simulation

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Chapter 20 - to Migr ation to Window s 2003 andworks, Citr ix MetaFrame In order understand how the CSTK let's review XP step-by-step how it's used: Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 first thing you need to do is prepare your environment. Ideally, you'll be able to run your 1. -The Envir onment

tests on an isolated test network. Gather your MetaFrame server and the necessary ICA client devices. (You'll probably want to activate the Citrix licenses on your test server so that Appendix A - I nter netw or k ing Basics an annoying pop-up window does not break your scripts every ten minutes.) Just remember Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model that "officially" Citrix advises against activating your server until it is finalized. It's your call. Pa r t I V - Appendi x es

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

2. If you haven't done so already, install the CSTK on your server. (Remember to put your

List of Figur es server into install mode first.) After the CSTK is installed, you'll notice that the "CSTK Client" List of Tablesis automatically launched whenever a user logs on. For now, you can just ignore that. List of Case Studies

3. Launch the CSTK administrative console. (Go to Start | Programs | Citrix Server Test Kit 2.1 | CSTK Console.) You will use this console to configure your testing environment and run your tests.

List of Sidebars

4. Import the application simulation scripts created earlier into the CSTK environment. This process will make these scripts available to the CSTK. To do this, choose Tools | Add Application Scripts. You can specify anything you want for the Script Name. Use the "Browse" button to browse to the path of the executable of your script. You can specify any necessary command-line parameters in the Parameters box. For example, if you used

AutoIt to create your script, you might need to specify AutoIt.exe in the Program Name box, and yoursrcriptname.txt in the Parameters box. Specify whether your application applies to "Normal Users" "Power Users." users onlyver run one script at a time, and Cit rix Me t or aFra m e Access SuNormal it e fo r W in do will w s Ser power2users wille run multiple simultaneously. 00 3 : Th O ff icial Guidscripts e by Steve Kaplan et al.

ISBN:0072195665

5. After you've added the Application Test Scripts application scripts, you need to configure McGr aw -Hill © 2003 (724 pages) groups of test users that will use your scripts (go to User Group | Add, or click the plus (+) This guide ex plains how to build a r obust, reliable, and buttonscalable on the toolbar). When you specify users, you're essentially indicating which thin- client com puting envir onment and deploy application scripts runWindows for which users they log on. Windows 2000/ 2003 Serwhen v er and MetaFr am e.When Also adding a user group, the learn t o you're centr alize application managem ent,tor educe w ar eof Normal Users or Power first question asked is whether you want add asoft group the desktop, and mor e. click OK. Users.onMake your selection and < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> 6. Next, you need to specify a range of usernames that will run an application script (or Ta ble o f Con t en t s

scripts) when they log on. Specify the usernames by entering the basename and the number of users. For example, to apply a script to users "brian1" through "brian 5," you For ewor d would enter "brian" as the basename and "5" as the number of users. If this is the first time I ntr oduction that you're using the CSTK and you don't have any test user accounts created, you can Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g click the Create Users button. This will create the test user accounts based on the baseline I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 -name and number of users. These user accounts are created with blank passwords. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Enterpr ise

Chapter 27. -Before Window s Ter minal vices the script or scripts you want this user group to run and click you click OK,Ser highlight Chapter 3 -the Citr ix MetaFr amIfeyou Access Suiteto create normal users, selecting multiple scripts will cause Add button. elected Pa r t I I - De signi a n Ent e rprthem i se SBC Solut ion the ng users to run one by one

Chapter 4 Chapter 5 Chapter 6 Chapter 7

and the list of available scripts will only show those that

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise -you've designated for normal users. If you elected to create power users, selecting multiple I mplem entcause ation the users to execute them all at the same time, and the list of available scripts will -scripts Ser verwill - Based ure for power users. In a sense, normal onlyComputing show thoseData thatCenter you'veArchitect designated -users Designing Your Netw or k for Serscripts ver- Based put ing execute their application in a Com "serial" fashion, and power users execute them in -a The Client fashion. Envir onment "parallel"

Chapter 8

- Security add a groupt of users and click OK, you'll see them listed on the main CSTK Chapter 98. -Once Net wyou or k Managemen

console screen. You can add as many groups of users as you want (as long as the basenames are not the same in two different groups). Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 11 ver Configur ation: Windows Ter m inal Serv 9. -AtSer this point, the CSTK is fully configured and ices you should save your testing environment Chapter 12 -configuration. Ser ver Configur ation: Citr ix MetaFr am e Presentation ver You can save the entire configuration, Ser including user groups and applications, Chapter 13 -byApplication I nstallation and Configur at File. ion Your settings are then saved as an INI file with a choosing File | Save Configuration Chapter 14 -.CST Client Configur ation and Deploym ent file extension. You can load your settings into the CSTK so that you don't have to Chapter 15 -manually Pr ofiles, set Policies, and Pr ocedu resscratch in the future. When you save a configuration file, it up everything from Chapter 16 -does Securing not include Client Access the application script information. When adding application scripts to the

they are available Chapter 17 -CSTK, Net wor k Configur at ion until deleted. If you delete one, loading a configuration file where was used Chapter 18 -it Pr int in g will not bring it back. Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

10. In order to begin the testing process, choose Test | Start Test or click the lightning bolt button on the toolbar. You'll notice that starting the test doesn't actually do anything. You Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 -have to log users on in order for the scripts to execute. This is also a good time to start your Envir onment performance monitor logging process as described back in step 6. Pa r t I V - Appendi x es Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Appendix A -From I nterone netwof or your k ing Basics 11. ICA client devices, log on as one of your test users. This should be a user Appendix B -that Creating an On- Dem andofEnterpr ise Financial Model is configured in one the user groups inAnalysis the CSTK console. Since a shortcut to the Appendix C -CSTK Creating an was On- Dem and to Enterpr Subscr iption Billing Client added the AlliseUsers\Startup folder Model when the CSTK was installed, it will I ndex launch after logon and the appropriate application script or scripts will start to run. List of Figur es

12. In order to easily launch multiple ICA sessions from a single 32-bit Windows client device, List of Tables you can use the CSTK Client Launcher. Log on to a client workstation and run List of Case Studies

CSTKlaun.exeCSTKlaun.exe from the "ClntLaun" folder of the CSTK directory. When you run it, it will detect the path of the ICA client executable (wfcrun.exe). Verify that this path is correct and enter the usernames that you want the sessions to be run from. The username entries follow the same baseline syntax as the groups within the CSTK. For example, if you have ten test workstations that you plan to use for ten sessions each, you would configure your CSTK for usernames "test1" through "test100." Then, you would configure the CSTK Client Launcher to use "test1" through "test10" on the first workstation, "test11" through "test20" on the second workstation, and so on.

List of Sidebars

13. After you specify the users that will run on a workstation, you need to click the Create Entries button in the CSTK Client Launcher to create custom ICA connections for each user in the Cit workstation's Neighborhood. Clicking thisver button brings up a screen that rix Me t aFraProgram m e Access Su it e fo r W in do w s Ser allows2you specify the default 00 3 to : Th e O ff icial Guid e options used for each connection (such as the name of the serverbyto Steve connect to, protocols, and so on) Configure your options as needed and click OK. ISBN:0072195665 Kaplan et al. McGr aw -Hill © 2003 (724 pages)

14. Before you run your test, click the Advanced Delay button to specify the delay between This guide ex plains how to build a r obust, reliable, and sessions. This allows you to choose how much time passes between launching sessions. scalable thin- client com puting envir onment and deploy One ofWindows the nice2000/ features is that2003 it permits specify more time as more Windows Ser v eryou andtoMetaFr amprogressively e. Also sessions are allowing you to anticipate slowersoft responses as the server gets more learn t olaunched, centr alize application managem ent, r educe w ar e on the desktop, and mor e. loaded. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> 15. After you've configured the delay, click the Run button on the Launcher's main screen. ICA Ta ble o f Con t en t s

user sessions will begin to be launched, and they will run the scripts that you specified for the user groups in the CSTK console.

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

I ntr oduction As you add users to your testing environment, you should add them in small groups. For example, Pa r t I if- you're Ov er vi testing e w of Ente ise Seyou r ve rmight - Ba se dwant Comto putadd in g ten 100r pr users,

users every five minutes for the first hour or

I ntr oducing Ser ver -Based Com e On- be Dem and to figure out how each user so,1and- then add users one-by-one. Byputing doingand this,thyou'll able Chapter Enterpr ise system. affects the overall Chapter 2

- Window s Ter minal Ser vices Don't to MetaFr stop your Chapter 3 forget - Citr ix am eperformance Access Suite monitor recording log once your testing is complete. Once

stopped, cane rpr examine to determine Pa r t I it's I - De signi ngyou a n Ent i se SBCit Solut ion

the results of your test.

Chapter 4

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Chapter Cit 12: Server Configuration: Citrix MetaFrame 2 00 3 : Th e O ff icial Guid e ISBN:0072195665 by Steve Kaplan et al. Presentation Server McGr aw -Hill © 2003 (724 pages) Thisinguide exTerminal plains howServices to build installation, a r obust, reliable, and server sizing and server imaging, Chapter 11 covered depth including scalable thin- client com puting envir onment and deploy and detailed Terminal Services optimization. The next step in the process of an SBC environment Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also creation is the installation and configuration of MetaFrame XP Presentation learn t o centr alize application managem ent, r educe soft w ar e Server software (MetaFrame XP) on and itsdesktop, components. the and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Citrix MetaFrame XP Presentation Server Installation and Configuration

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

I ntr oduction Chapter 3 discussed MetaFrame, its functions, and its purposes in detail, but for the purposes of quick Pa r t I - Ov er vi eare w of Ente r pr ise Se r ve Ba seMetaFrame d Com put in gXP review, here several reasons tor -add

to a Terminal Services-based SBC environment: I ntr oducing Ser ver -Based Com puting and th e On- Dem and -

Chapter 1 Chapter 2

Enterpr ise

- Window s Ter minal Ser vices

Secure, encrypted access without having to open firewall holes MetaFrame Secure Gateway - Citr ix MetaFr am e Access Suite provides a secure infrastructure by which users can access the SBC environment literally Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion anywhere, anytime, and anyplace, regardless of the firewall configurations, assuming the Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 environment allows SSL (port 443) traffic. Although Terminal Services RDP traffic is encrypted, it I mplem ent ation requires that port 3389 be open on both the data-center firewall and the user's location. Full Chapter 5 - Ser ver - Based Computing Data Center Architect ure installation and configuration details for MetaFrame Secure Gateway will be provided in Chapter Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing 16. Chapter 3

Chapter 7

- The Client Envir onment

Chapter 8

- Security True load management Microsoft's built-in Network Load Balancing can be effective Chapter 9 application - Net w or k Managemen t

butseenterprise absolutely Pa r t I for I I - environments I m ple m ent ingwith a n O100 n-D eusers m a ndor Seless, r ve r - Ba d Com pu tienvironments ng Envi r onm e nt

require a more

robust approach determining which users applications are placed on which Chapter 10 -and Pr ojflexible ect Managing and in Deploying an Enter pr ise SBCand Envir onment servers circumstances. Chapter 11 - under Ser verwhat Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13Citrix - Application I nstallation and Configur at ion The Web Interface wizard-based deployment tool Not only does this tool provide an Chapter 14 - Client Configurtoation and Deploym automated approach deploying accessentto the SBC environment, but just as handy, it provides Chapter an 15 automated - Pr ofiles, approach Policies, to and deploying Pr ocedu res the ICA Client itself. Full installation and configuration details

for16 MetaFrame Web Interface Chapter - Securing Client Access will be provided in Chapter 16. Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Universal Access to applications from any client device Although Microsoft now supports Chapter 19 Disaster Recovery and OS Business the SBC Envir client access from Macintosh X andContinuity Windows in clients, Citrix notonment only provides support for Mac Chapter 20Windows, - Migr ation Window s 2003 Citroperating ix MetaFrame XP including most varieties of UNIX and and but toalso for over 100and client systems, Ongoing Administr ation of the Ser v er - Based Com puting Linux, DOS, and embedded devices. Chapter 21 Envir onment Pa r t I V - Appendi x es

Enterprise management tools Citrix offers Resource Manager, Installation Manager, and Appendix A - I nter netw or k ing Basics

Network Manager, well a host of embedded Appendix B - Creating anas OnDemas and Enterpr ise Financialmanagement Analysis Modeltools that provide administrators with critical information and the automation of enterprise SBC server environments.

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

List ofCitrix Figur es Password Manager and Conferencing Manager Password Manager and Conferencing List ofManager Tables are the newest brothers to MetaFrame XP in the Citrix MetaFrame Access Suite family.

Manager provides a simple and elegant single sign-on solution for MetaFrame XP List ofPassword Case Studies (although it also works in non-Metaframe environments), and Conferencing List ofenvironments Sidebars Manager provides an all-inclusive collaborative conference interface that leverages the shadow features of MetaFrame XP. These two products further enhance the user experience of the server-based computing environment.

rix Presentation Me t aFra m e Access Su it e fo r W(MetaFrame in do w s Ser ver MetaFrameCitXP Server XP) 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 Steve Kaplan et al. MetaFrame XP isbyavailable for Windows NT 4.0 Terminal Services Edition (although support from McGr © 2003 (724 pages) Microsoft and Citrix is aw no -Hill longer widely available), Windows 2000 Server (all editions), and Windows Server 2003 (Standard, Enterprise, editions). At the This guide ex plains and how Datacenter to build a r obust, reliable, andtime of this writing, MetaFrame XP client comrelease. puting envir onment and deploy Feature Release scalable 3 (FR-3)thinis the latest Citrix introduces new feature releases on a six-month Windows 2003releases Ser v er and MetaFr amFeature e. Also releases and other Citrix schedule, so planWindows to install2000/ or update feature as needed. learn t o centr alize application managem ent, r educe soft w ar e hotfixes and evaluation can mor be downloaded from http://www.citrix.com/download. on the software desktop, and e.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Preparing the Citrix Data Store Environment

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

As discussed in Chapter 3, Citrix provides four choices for database storage of the Data Store, including MS Jet (based on MS Access), MS SQL Server (and its run-time cousin MSDE, officially I ntr oduction supported with Feature Release 3), Oracle, and IBM DB2. Since this text focuses on enterprise Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g environments, we will look at Microsoft SQL Server. Although Oracle and DB2 are also excellent I ntr oducing Ser ver -Based Com puting and th On- Dem and enterprise choices, SQL Server, according to eCitrix customer information, has been the most Chapter 1 database Enterpr ise deployed database of enterprises for the purpose of Citrix Data Store collection. SQL supports all Chapter 2 - Window s Ter minal Ser vices current Citrix Features, including Database replication, direct-mode access, and the Resource Chapter 3 - Citr ix MetaFr am e Access Suite Manager Summary Database feature that came with FR-2. MSDE also supports these features, Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion without the need for a SQL client access license, although it is limited in database size. For readers Pr epar ing Your Or ganization for an On- Dem and Enterpr ise interested Chapter 4 in - running the Citrix Data Store on Oracle, we highly recommend referencing the I mplem ent ation MetaFrame XP Advanced Concepts guide. For ewor d

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6 - Designing Your Netw or k for ver- Based Com put Server ing Installation and Preparation ofSer Microsoft SQL Chapter 7

- The Client Envir onment

Chapter If your enterprise 8 - Security already has a SQL Server 2000 with available capacity, simply connect to it

according thewfollowing MetaFrame installation instructions. If a SQL server with capacity is not Chapter 9 to - Net or k Managemen t readily it ing will aneed to ebe configured dedicated Pa r t I I I -available, I m ple m ent n O n-D m ainstalled nd Se r ve rand - Ba se d Com pu tion ng a Envi r onm e ntWindows

2000 or 2003

Server 10 hardware box. Obviously, management SQL is a full-time activity all to itself, but Chapter - Pr oj ect Managing andthe Deploying an Enterofpraise SBCserver Envir onment for the 11 purposes of aConfigur Citrix Data a general default installation (with some minor adjustments) Chapter - Ser ver ation:Store, Windows Ter m inal Serv ices running12on -a Ser dedicated hardware suffice. security, stability, Chapter ver Configur ation: box Citr ixwill MetaFr am eFor Presentation Ser ver and functionality reasons it is imperative keep current with the and latest serviceat pack Chapter 13 -toApplication I nstallation Configur ion level. Chapter 14 - Client Configur ation and Deploym ent

To download the latest service pack for Microsoft SQL Server 2000, visit

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res http://www.microsoft.com/sql/downloads/default.asp. Chapter 16 - Securing Client Access

Note Microsoft Chapter 17 If- you Net installed wor k Configur at ion SQL Server 2000 using the Typical installation option or via Chapter 18 unattended - Pr int in g installation procedures (sqlins.iss file), then you will need to set the default SQL

mode.and By default, is onment the default security model. Chapter 19 authentication - Disaster Recovery BusinessWindows ContinuityAuthentication in the SBC Envir you try to connect a ix MetaFrame to the newly created Data Store by Chapter 20 Therefore, - Migr ationwhen to Window s 2003 and Citr MetaFrameserver XP using a standard SQL login administrator (SA), you will receive the following Ongoing Administr ation of like the system Ser v er - Based Com puting Chapter 21 error message: Envir onment Pa r t I V - Appendi x es

Unable to connect to server SERVER_NAME:

Appendix A - I nter netw or k ing Basics

Appendix B Server: - Creating On- Dem and 16, Enterpr ise1[Microsoft][ODBC Financial Analysis Model Msgan18452, Level State SQL Server Driver][SQL Server] Appendix C Login - Creating an OnDem and Enterpr ise Subscr iption Billing failed for user 'sa'. Reason: Not associated with a Model trusted SQL Server connection. I ndex List of FigurTo es prevent this behavior, change the authentication mode to Mixed from the SQL Enterprise

Manager on the SQL server (located on the Security tab of the server properties). List of Tables List of Case Studies

Creating the MetaFrame XP Data Store with SQL Server 2000

List of Sidebars

Once the SQL server is running, the Data Store can be created on the SQL Server. The following instructions provide step-by-step instructions for creating the Data Store: 1. Choose Start | Programs | Microsoft SQL Server | Enterprise Manager. 2. In the Enterprise Manager's left pane, expand the tree until you reach the folder level:

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

3. Right-click Enterpr the iseDatabases folder and choose New Database.

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

4. A box Chapter 18dialog - Pr int in gappears. In the Name box, enter a name and click OK. Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

5. Expand the Security folder.

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 2

- Window s Ter minal Ser vices 6. Right-click Logins and choose New Login.

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19dialog - Disaster Recovery andthe Business Continuity in the SBC Envir onment 7. A box appears with General tab displayed. In the Name box, enter a name. Make Chapter note 20 - of Migr to because Window s you 2003will and Citr ix XP the MetaFrame XP installation. theation name need toMetaFrame enter it during Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

8. In the Envir Authentication section of the General tab, click SQL Server Authentication and enter a onment Remember the password; you must enter it during the MetaFrame XP installation. Pa r t I V -password. Appendi x es Appendix A - I nter netw or k ing Basics

9. In the Defaults area of the General tab, change the Database to the name you specified in Step 4.

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3 - the Citr ix MetaFr amAccess e Access Suite 10. Click Database tab. In the Database list, select the database name specified in Step Pa r t I I - 4. De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

mplem ent ation 11. In the IDatabase Roles list, select DB_Owner. Leave other selected roles checked.

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

12. Click You an areOnprompted confirm password youModel created in Step 5. Doing so Appendix B - OK. Creating Dem and to Enterpr ise the Financial Analysis the an database Appendixcompletes C - Creating On- Demcreation. and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Citrix MetaFrame XP Installation Requirements For a new Citrix MetaFrame XP m Server installation orr upgrade, is required: Cit rix Me t aFra e Access Su it e fo W in do w sthe Serfollowing ver 2 00 3 : Th e O ff icial Guid e

1GB of free disk space by Steve Kaplan et al.

ISBN:0072195665

McGr aw -Hill © 2003 (724 pages)

MS Windows 2000 Server with Service Pack 2 or Windows Server 2003 This guide ex plains how to build a r obust, reliable, and

scalable thinclient com puting and deploy Installer 2.0 (Windows 2003 comes nativeenvir withonment MS Installer 2.0) or Windows 2000 SP3 Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Preinstallation Tasks

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> installation, you should do the following: TaPrior ble oto f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Choose the server farm name to be used.

For ewor d

I ntr oduction Configure the Data Store per the instructions given previously in this chapter. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Obtain FR-3 products connection licenses http://www.mycitrix.com. I ntr oducing Serand ver -Based Com puting andfrom th e OnDem and -

Chapter 1

Enterpr ise

Record- alternative server addresses. Window s Ter minal Ser vices

Chapter 2

Chapter 3 Citrix - Citr XML ix MetaFr e Access Suite the install. Verify portam settings following Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Installation Instructions for Citrix MetaFrame XP with Feature I mplem ent ation Chapter 5 - Ser ver - Based Computing Data Center Architect ure Release 3 (FR-3) Chapter 4

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing These step-by-step instructions for installing MetaFrame with FR-3 are not intended to be all-inclusive, Chapter 7 - The Client Envir onment

but will8provide a good basis for installation in most organizations. Chapter - Security Chapter 9

- Net w or k Managemen t

Installing Pa r t I I I - I m pleMicrosoft m ent ing a n OWindows n-D e m a nd SeInstaller r ve r - Ba se dService Com pu ti ng2.0 Envi r onm e nt Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

If using Windows 2003, the Windows installer is already updated, but in Windows 2000, the first task in installing MetaFrame XP is to install Windows Installer version 2.0.

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Chapter 13 - Application I nstallation and Configur at ion Installer Service 2.0: The following details how to install Microsoft Windows Chapter 14 Client Configur ation and Deploym ent 1. Browse to the \support\msi20\ folder on the MetaFrame XP Feature Release 3 server CD-ROM Chapter and 15 -double-click Pr ofiles, Policies, and Pr ocedu res instmsiw.exe. Chapter 16 - Securing Client Access

2. Setup willwor update the Windows Installer Service and prompt you to click OK to continue. Chapter 17 - Net k Configur at ion Chapter 18 - Pr int in g

3. Click Yes to reboot the server.

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Step-by-Step Installation Instructions for MetaFrame XP Feature Release 3

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir onment To install MetaFrame XP FR-3, do the following:

Pa r t I V - Appendi x es

1. Place the Metaframe XP FR3 CD-ROM into the CD-ROM drive and let it autorun.

Appendix A - I nter netw or k ing Basics

Appendix B - the Creating On- to Dem and Enterpr ise Financial Analysis Model 2. Click buttonannext Install or Update Metaframe. Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

3. Click the button next to Metaframe XP Feature Release 3.

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

4. Click Next on the Welcome to the Citrix Metaframe XP for Windows Installation Wizard.

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

5. Select the radio button for I Accept The License Agreement and click Next.

5. 6. Select the radio button for the version of Metaframe that was purchased and click Next. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

7. Select the appropriate Product Code and click Next.

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

8. Make sureation you select the sappropriate installation options Chapter 20 - Migr to Window 2003 and Citr ix MetaFrame XP and click Next. Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Note Do not install Web Interface for MetaFrame on a Citrix MetaFrame XP/Windows 2003 Terminal Server. Although Web Interface for MetaFrame can be installed on the Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver MetaFrame XP server for pilot or small test environments, it is not recommended for 2 00 3 : Th e O ff icial Guid e production environments due to inherent insecurity and potential performance ISBN:0072195665 by Steve Kaplan et al. bottlenecks. Additionally, if using Installation Manager, only install the Installation McGr aw -Hill © 2003 (724 pages) Manager packager service on the packager server. This guide ex plains how to build a r obust, reliable, and

client com puting envir onment and deploy 9. Choose toscalable create athinnew farm if it is a new farm installation, or choose to join a farm if it is an Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also additional learn server, then click Next. t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6 - Designing Your Netw or k as for the Serappropriate ver- Based Com put Store ing 10. Enter the farm name as well Data type (we will be using Microsoft SQL Chapter server 7 - The Envir onment for Client this example) and click Next. The default zone name will be the subnet address Chapter (192.168.250.0 8 - Security shown in the example). Users can change this to Houston Zone or something Chapter that 9 -isNet w orexplanatory k Managementhan t more the subnet address, but all future server builds will have to join Pa r t I I I -that I m ple m ent ing athey n O n-D m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt zone when aree built.

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise ODBC Financial Analysis Model 11. Enter an appropriate description for the data source and choose the appropriate Appendixdatabase C - Creating an OnDem and Enterpr ise Subscr iption Billing Model server, then click Next. I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e ISBN:0072195665

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t12. I - Ov er vi e w of Ente r pr ise Se r ve r - Ba seand d Com put in g Select SQL server authentication enter the

login ID and password that was created in the

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter SQL 1 - portion of the install, then click Next. Enterpr ise Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

13. Make sure the default database is the one you created for the Citrix Data Store and click Next.

Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

14. Click Finish to complete the data source creation and it will bring up an ODBC Microsoft SQL Server Setup screen:

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t15. I - Ov Click er vithe e w of Test Ente Data r pr ise Source Se r ve button. r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

16. Make sure the test was successful and click OK for the Test Results, then click OK again when you go back to the ODBC Microsoft SQL Server Setup screen.

Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

17. Enter the appropriate account for the initial Citrix Farm administrator and click Next.

17. Note It is important to use a domain administrator account, and to create several local administrator accounts following installation. If this is not done and the domain Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver settings are changed, the CMC will become inaccessible, requiring a full rebuild of the 2 00 3 : Th e O ff icial Guid e server. ISBN:0072195665 by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

18. Select the appropriate shadow permissions and click Next. Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

EnvirIfonment Note you choose the option to prohibit shadowing of the ICA sessions on this server, a full Pa r t I V - Appendi x reinstall es of MetaFrame XP will have to be performed to reverse this decision. On the Appendix A - I nterother netw or k ing Basics hand, if shadowing is enabled during installation, it can later be disabled using Appendix B - Creating the Citrix an OnConnection Dem and Enterpr Configuration ise Financial Utility Analysis without Model a reinstall. Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

19. Configure the XML service port (it is frequently changed from 80 to 8080 or 8081 to support the Web Interface for MetaFrame and MetaFrame Secure Gateway installation discussed in List of Figur es Chapter 16), document the port chosen, and click Next. I ndex

List of Tables

List 20. of Case Studies Click Finish to accept the installation options and to install the product. List of Sidebars

21. After installation is complete, select the option to Launch The Client Distribution Wizard and click Finish. 22. Click Next on the Welcome screen. 23. Select the appropriate source location and click Next. 24. Click Next to choose a Typical install.

25. After the installation of the ICA clients, click Finish. 26. Click Yes to server. Citrestart rix Me tthe aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t for aFra m e Access Su it e fo r W in do w s Ser ver Citrix MetaFrame UNIX 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by isSteve Kaplan et al. on MetaFrame XP for Windows Although this book primarily focused 2003, UNIX-based applications McGr aw -Hill 2003 (724 pages) continue to be a mainstay of ©many large enterprise environments, and Windows and UNIX users alike can benefit from This seamless, single-point, webified these and applications. Because of the overall guide ex plains how to build a access r obust, to reliable, scalable thin- clientincom puting web-based envir onmentseamless and deploy value of server-based computing providing access to all applications from any Windows 2000/ Windows 2003that SerMetaFrame v er and MetaFr e. Also device, for all users, the authors felt strongly foram UNIX should be featured in this book. learn t o centr alize application managem ent, r educe soft w ar e A large majority of the features and infrastructure discussed throughout this book will apply equally to on the desktop, and mor e. MetaFrame for UNIX and MetaFrame XP for Windows 2003. Features and tools such as Web < ?xm l version= " 1.0" encoding= " I SO- 88591" ?> Gateway, Load Management, and any-device access Interface for MetaFrame, MetaFrame Secure Taare ble further o f Con tpromoted en t s by bringing the UNIX applications to the Citrix SBC infrastructure fold.

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

MetaFrame for UNIX version 1.2 offers the same value as MetaFrame for Windows, but with a For ewor d UNIX/Java I ntr oduction twist: low-bandwidth, universal client access over any network connection to any UNIX or Java forr ve UNIX provides web-based Pa r t I -application. Ov er vi e w ofMetaFrame Ente r pr ise Se r - Ba se d Com put in g

access to these applications from any of Citrix's over 200 client platform choices, atputing a lower cost I ntr oducing Ser ver -Based Com and th eper On-seat Demthan and many X-Window client Chapter 1 applications. Enterpr An additional benefit is a dramatically lower bandwidth use, allowing remote deployment ise of applications that have rarelySer seen their way past the local area network. MetaFrame for UNIX Chapter 2 - Window s Ter minal vices supports a large majority of Citrix usability Chapter 3 - Citr ix MetaFr am e Access Suite features across platforms. An example is the copy and paste user from any client Pa r t I I -feature-a De signi ng a n Ent e rpr i setype SBC of Solut ion device can copy and paste between any ICA applications, regardless ofPrwhether is running from UNIX server, epar ing the Yourapplication Or ganization for an OnDemaand Enterpr ise Windows 2003 Server, or Chapter 4 Windows 2000 Server. I mplem ent ation Chapter 5

- Ser ver - Based Computing Data Center Architect ure

- Designing Your Netw or k for for Ser ver- Based Com Other put ing Integrating MetaFrame UNIX with Citrix Servers

Chapter 6 Chapter 7

- The Client Envir onment

Chapter MetaFrame 8 - for Security UNIX will coexist with other Citrix servers (for example, MetaFrame XP) on a network

by sharing information. License pooling only works though if the XP servers are in Chapter 9 -master Net w orbrowser k Managemen t mixed interoperability. Pa r t I I I mode - I m plefor m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Although MetaFrame for UNIX Operating Systems servers cannot be added to MetaFrame XP server farms, an ICA Passthrough client can be utilized to access applications on MetaFrame for UNIX using Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Program Neighborhood. Using ICA passthrough technology will allow non-Win32 ICA Clients to take Chapter 13 - Application I nstallation and Configur at ion advantage of the Citrix Program Neighborhood features. This is done by publishing the ICA Client on a Chapter 14 - Client Configur ation and Deploym ent MetaFrame for Windows server and having clients "pass through" the server's Citrix Program Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Alternatively, Citrix XML Service with Web Interface for Neighborhood client to access a server farm. Chapter 16 Securing Client Access MetaFrame can be used to provide users with access to Windows and UNIX applications from one Chapter 17 - Net wor k Configur at ion location. Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 18 - Pr int in g

Note administration between Windows andSBC UNIX versions Chapter 19 Cross-server - Disaster Recovery and Business Continuity in the Envir onmentof MetaFrame is not withtothis release. Chapter 20 possible - Migr ation Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir onment System Requirements

Pa r t I V - Appendi x es

Appendix A - lists I nterthe netw or k ing Basics This section minimum machine specifications and operating system requirements for Appendix MetaFrame B - for Creating UNIX.an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Minimum I ndex

Machine Specifications

List of Figur es

The minimum machine specifications depend upon how many connections are to be supported. As a general rule, we recommend each server have between 16 and 24MB of RAM per ICA connection. List of Case Studies However, the memory may need to increase depending upon the type of applications being hosted List of Sidebars and the session properties, such as color depth and size. Table 12-1 lists the minimum hardware specifications and are intended as guidelines only. Note that these requirements are much lower than the typical hardware requirements for a Windows MetaFrame XP environment, largely due to the assumption that most UNIX applications and operating systems make more efficient use of the hardware. List of Tables

Table 12-1: MetaFrame for UNIX Hardware Requirements

Requirement for 1–3 Connections

Platform Sun Solaris SPARC

Requirement for More Than Three Connections

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3Sparcstation : Th e O ff icial20 Guid e Ultra-30 ISBN:0072195665 by Steve Kaplan et al. 128MB RAM UltraSPARC-II 248 MHz McGr aw -Hill © 2003 (724 pages)

Sun Solaris IntelThis guide P133 ex plains how to build a r obust,PIIreliable, 300 and scalable thinclient com puting envir onment and 128MB RAM 256MBdeploy RAM

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn C110 t o centr alize application managem ent, r educe soft wPA-RISC ar e 120 MHz PA-RISC A400 440 MHz on the desktop, and mor e.

HP-UX

128MB RAM

256MB RAM

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> IBMo fAIX 43P Model 150 Ta ble Con t en t s

44P Model 270

Citr ix MetaFr am e Access 128MB Suite forRAM Window s Ser v er 2003—The Official Guide 256MB RAM For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se rRequirements ve r - Ba se d Com put in g UNIX Operating System

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

-

Chapter 3

- Citr ix MetaFr am e Access Suite

This section provides Enterpr iseinformation about the operating system requirements for MetaFrame for UNIX on each of2 the- platforms. Chapter Window s Ter minal Ser vices Table 12-2 shows the operating system requirements for MetaFrame for UNIX.

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 - Operating System Requirements for MetaFrame for UNIX Table 12-2: I mplem ent ation Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Supported Operating

Required Operating System

Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing Platform Systems Software/Packages Chapter 7

- The Client Envir onment

Sun Solaris Chapter 8 - Security

Solaris 2.6 (also known as SunOS a n O n-D e m a nd Se r ve r - Ba se d 5.6)

SPARC Chapter 9 - Net w or k Managemen t Pa r t I I I - I m ple m ent ing

X-Window System with the appropriate window manager for the platform—for Com pu ti ng Envi r onm e nt example, CDE

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Solaris 7 (also known as Solaris Chapter 13 - Application I nstallation and Configur at ion 2.7 and SunOS Chapter 14 - Client Configur ation and Deploym ent 5.7)

SUNWxwoft X-Window System optional fonts

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Solaris 8, SPARC Chapter 17 - Net wor k Configur at ion version Chapter 18 - Pr int in g

SUNWuiu8 Iconv modules for UTF-8 Locale (Check if these packages are installed using the pkginfo command, see note following this table).

Chapter 19 - Disaster Recovery and Solaris 9, Business SPARC Continuity in the SBC Envir onment

version s 2003 and Citr ix MetaFrame Chapter 20 - Migr ation to Window XP The Iconv libraries must be Ongoing Administr ation of the Ser v er - Based installed—check Com puting that the following files Chapter 21 Envir onment Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

exist in the /usr/lib/iconv folder: UCS-2*.so

Appendix B - Creating an On- Dem and Enterpr ise Financial UTF-8*.so Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model 8859-1*.so I ndex

Sun Solaris Intel

List of Figur es

Solaris 8 Intel version

Same as earlier entry for Sun Solaris SPARC

List of Tables

ListHP-UX of Case Studies HP-UX version 11.x List of Sidebars (including 11i)

IBM AIX

AIX version 4.3.3, 5.1, and 5.2

X-Window System with the appropriate window manager for the platform—for example, CDE X-Window System with the appropriate window manager for the platform—for example, CDE

Note On Solaris versions 7, 8, and 9, the SUNWxwoft X-Window System optional fonts and SUNWuiu8 Iconv modules for UTF-8 Locale packages are installed when you do an endCit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver user install. 2.6,Guid the packages are not installed in an end-user install. 2 00 3On : ThSolaris e O ff icial e ISBN:0072195665

by Steve Kaplan et al. Operating System Patches For information about the operating system patches that are required, McGr aw -Hill © 2003 (724 pages) see document CTX222222 in the Solution KnowledgeBase on the Citrix web site at This guide ex plains how to build a rinobust, reliable, KnowledgeBase and http://knowledgebase.citrix.com/. The information the Solution is updated regularly.

Euro

scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also Currency Symbol Support learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

MetaFrame for UNIX supports the ISO 8859-15 Euro-currency symbol, if the underlying UNIX < ?xm l version= " 1.0" supports encoding=it." ITo SO-ensure 8859- 1" ?> support, you may need to install patches recommended operating system this Ta ble o f Con t en t s

by your operating system and hardware vendor. See the web site for your operating system

Citr ix MetaFr am eorAccess Suite Window svendor Ser v er for 2003—The Official Guide manufacturer contact yourforhardware details of the appropriate patches and for For ewor d instructions for ensuring Euro symbol support. I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

InstallingI ntrMetaFrame Version 1.2 oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

-

Enterpr ise

This section explains how to

Chapter 2

- Window s Ter minal Ser vices

Chapter 3 - the CitrCitrix ix MetaFr am eadministrator Access Suite user and group Create server Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Install MetaFrame for UNIX for the first time Pr epar ing Your Or ganization for an On- Dem and Enterpr ise -

Chapter 4

I mplem ent ation

Installation Chapter 5 - SerOverview ver - Based Computing Data Center Architect ure Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Perform the- following steps to install MetaFrame: The Client Envir onment 1. For first-time installations of MetaFrame, create the Citrix server administrator user and group Chapter 8 - Security accounts. Chapter 9 - Net w or k Managemen t Chapter 7

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

2. Install MetaFrame from the CD-ROM.

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 -first-time Ser ver Configur ation:ofWindows Ter m add inal Serv ices 3. For installations MetaFrame, the MetaFrame path(s) to all users' paths, so that Chapter the 12 MetaFrame - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver commands can be executed. Chapter 13 - Application I nstallation and Configur at ion

4. Start MetaFrame processes on theent server. Chapter 14 - the Client Configur ation and Deploym Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Creating the Citrix Server Administrator User and Group For first-time installations of MetaFrame for UNIX, create the Citrix server administrator group account and a user in this group before installing Chapter 17 - Net k Configur at ion MetaFrame. Thiswor account is required by some MetaFrame commands that demand special Chapter 18 Pr int in g administration rights for MetaFrame, but do not require root access to the UNIX system. Chapter 16 - Securing Client Access

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Note must settoup the Citrix server group Chapter 20 You - Migr ation Window s 2003 andadministrator Citr ix MetaFrame XP and user account before installing MetaFrame. The installation will Ser failviferthe ctxadm Ongoing Administr ation of the - Based Comgroup puting and ctxsrvr user have not been created. Envir onment Do not use the Citrix server administrator user or group for any purposes other than MetaFrame system administration. Appendi x es

Chapter 21 Pa r t I V -

Appendix A - I nter netw or k ing Basics

Create the Citrix server administrator's group using the group name ctxadm and create a Citrix server administrator using the username ctxsrvr. Make sure the ctxsrvr user is added to the ctxadm group, Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model and that the ctxadm group is its primary group. Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model I ndex

List of Figur es

Installing MetaFrame for UNIX on Solaris

List of Tables

List of Casethe Studies Although installation of MetaFrame for UNIX varies slightly for all supported versions of UNIX, we willofcover the installation on Solaris, as this offers a good example of the steps and procedures List Sidebars

required. This section describes how to install MetaFrame for UNIX version 1.2 for the first time. 1. Log on as root at the server on which MetaFrame for UNIX will be installed. 2. Mount the MetaFrame CD-ROM. 3.

3. Change to the directory for the version of MetaFrame to be installed. For example, type: cd /cdrom/mfunix/solaris_version (cd /cdrom/mfu_fr2/solaris) where solaris_version is the name of the on the (SPARC or Intel) of Solaris Citdirectory rix Me t aFra m e CD-ROM Access Sufor it e the fo r platform W in do w architecture s Ser ver being used. The path /cdrom/mfunix/... but it may change depending on how the 2 00 3 : Th e Oisffusually icial Guid e specific system mounts the ISBN:0072195665 by Steve Kaplan et CD-ROM. al. McGr aw -Hill © 2003 (724 pages)

4. To install the MetaFrame package, type pkgadd -d /cdrom/mfunix/pkgfile_name pkg. This This guide ex plains how to build a r obust, reliable, and starts the package installation script. For example, pkgadd -d /cdrom/mfunix/solaris/CTXSmf. scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

Note Use command in Step 4 rather than ther educe command syntax listed in the MetaFrame learnthe t o centr alize application managem ent, soft w ar e for UNIX administration guide from Citrix—the Citrix guide is incorrect. on the desktop, and mor e. < ?xm l5.version= 1.0" encoding= " I SO- 8859- 1" ?> script installation, type y to start MetaFrame when the At the"prompt for the startup/shutdown Ta ble o f machine Con t en t sis booted and stop it when the machine is shut down. If answered yes, the script Citr ix MetaFr am e Access Suite for Window s Ser vdirectory. er 2003—The Official Guide S99ctxsrv is installed in the /etc/rc2.d For ewor d

6. At the prompt for the man page installation, type y to install the MetaFrame man pages. I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

7. At the prompt for anonymous users, type y to create 15 anonymous user accounts to enable

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter guest 1 - access (this is optional, and generally not recommended for security reasons). Enterpr ise Chapter 2

- Window s Ter minal Ser vices

8. At the prompt about security settings for setuid/setgid, type y to set the correct file permissions - Citr ix MetaFr am e Access Suite for the MetaFrame files and processes (a yes answer to this question is required, or MetaFrame Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion will not operate correctly). Chapter 3

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

mplem ent ation 9. At theInext prompt, type y to continue installing MetaFrame. When complete, a message states Chapter that 5 -the Serinstallation ver - Based Computing Data and Center ure prompt is displayed. was successful theArchitect command Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing Note not Client attempt to share Chapter 7 Do - The Envir onmentvia NFS or copy the MetaFrame for UNIX installation files between

The configuration database cannot be duplicated. Chapter 8 servers. - Security Chapter 9

- Net w or k Managemen t

Setting the Paths to MetaFrame for UNIX Commands There are two types of MetaFrame commands: user and system administrating commands. Any user can run the user commands, which Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment include the MetaFrame commands for logging off and disconnecting from a server. User commands Chapter 11 - Ser ver Configur ation: for Windows m inal Serv ices are installed in /opt/CTXSmf/bin/ SolarisTer and HP-UX, and in /usr/lpp/ CTXSmf/bin for AIX. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

System13administration be run Chapter - Applicationcommands I nstallation can and only Configur at ionby the ctxsrvr user (or members of the ctxadm group).14 Commands in this group include server, Chapter - Client Configur ation and Deploym ent published application, and ICA Browser configuration tools. Administration installed Chapter 15 - Pr ofiles, commands Policies, and are Pr ocedu res in /opt/ CTXSmf/sbin for Solaris and HP-UX, and /usr/lpp/CTXSmf/sbin for AIX. Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

Generally, nothing has to be done to allow users to run user commands from their sessions. The path to these commands is added to each user's path upon connection to the server, so any user can Chapter - Disasteruser Recovery and Business in theHowever, SBC Envirconfiguration onment access19 MetaFrame commands from anContinuity ICA session. may have to be Chapter 20 Migr ation to Window s 2003 and Citr ix MetaFrame XP performed for users to access MetaFrame commands if the user's shell script startup file (for example, Ongoing Administr theinstance, Ser v er - Based Com puting .profile 21 or .login) overrides the ation path. of For on HP-UX, the default system profile (/etc/profile) Chapter Envir onment sets the PATH environment variable explicitly. Chapter 18 - Pr int in g

Pa r t I V - Appendi x es

Appendix A - Iuser nter netw or k ing Basics To configure access to MetaFrame commands if C shell is being used, use a .login file for the Appendix B add - Creating antoOnand Enterpr ise Financial Analysis Model user, and the path theDem user commands. For example: Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

For HP-UX and Solaris: setenv PATH ${PATH}:/opt/CTXSmf/bin

List ofFor Figur es setenv PATH ${PATH}:/usr/lpp/CTXSmf/bin AIX: List of Tables

If aofBourne or similar shell is being used, employ a .profile file for the user, and add the path to the List Case Studies user For example: List of commands. Sidebars For HP-UX and Solaris: PATH=${PATH}:/opt/CTXSmf/binexport PATH For AIX: PATH=${PATH}:/usr/lpp/CTXSmf/binexport PATH In addition to the user commands, a Citrix server administrator should be able to run the system administration commands. After a first-time installation of MetaFrame, the system needs to be configured so that the ctxsrvr user can run all the commands from the MetaFrame server console, and

also from an ICA session. To configure ctxsrvr access to MetaFrame commands when using a C shell, use a .login file for the Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver ctxsrvr user, and 2add the path to the user and administrator commands. For example: 00 3 : Th e O ff icial Guid e ISBN:0072195665 by Steve Kaplan et al. For HP-UX and Solaris: setenv PATH {PATH}:/opt/CTXSmf/sbin:/opt/CTXSmf/sbin

McGr aw -Hill © 2003 (724 pages)

For AIX: setenv ThisPATH guide ${PATH}:/usr/lpp/CTXSmf/sbin:/usr/lpp/CTXSmf/sbin ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows Windows 2003 Ser v er and MetaFr e. Also If a Bourne or similar shell2000/ will be used, use a .profile file for the am ctxsrvr user, and add the path to the learn t commands. o centr alize application managem ent, r educe soft w ar e user and administrator For example: on the desktop, and mor e.

For HP-UX and Solaris: "PATH=${PATH}:/opt/CTXSmf/sbin:/opt/CTXSmf/sbinexport PATH < ?xm l version= " 1.0" encoding= I SO- 8859- 1" ?> Ta ble o f Con t en t s

For AIX: PATH=${PATH}:/usr/lpp/CTXSmf/sbin:/usr/lpp/CTXSmf/sbinexport PATH

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

For ewor d the Path to the Man Pages Generally, nothing needs to be done to allow users to display Setting I ntr oduction man pages for MetaFrame for UNIX commands from a session. The path to these files is added to Pa r t I - user's Ov er vi MANPATH e w of Ente r pr ise Se r ve r - Ba se d Comupon put inconnection g every environment variable

to the server. However, access may

I ntr oducing -Based Comman puting and th e OnDem and need to1 be -configured to Ser thever MetaFrame pages if the user's shell script startup file (for example, Chapter Enterpr ise .profile or .login) overrides the path. Chapter 2

- Window s Ter minal Ser vices To display the MetaFrame pages from the server console when logging on as ctxsrvr, the Chapter 3 - Citr ix MetaFr amman e Access Suite

MANPATH environment must beion set Pa r t I I - De signi ng a n Ent evariable rpr i se SBC Solut

to point to the location of the installed man pages. This is only requiredPrifepar this ing is the first of MetaFrame on the Your Orinstall ganization for an On- Dem andserver. Enterpr ise

Chapter 4

-

I mplem ent ation To set the environment Chapter 5 MANPATH - Ser ver - Based Computingvariable… Data Center Architect ure Chapter 6

Designing Your Netw or k for Ser ver- Based Com put ing If using a C- shell:

Chapter 7

- The Client Envir onment

Chapter For8 HP-UX - Security and Solaris: setenv MANPATH ${MANPATH}:/opt/CTXSmf/man Chapter 9

- Net w or k Managemen t

For AIX: setenv MANPATH ${MANPATH}:/usr/lpp/CTXSmf/man

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

If using a Bourne shell:

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

For12HP-UX Solaris:ation: MANPATH=${MANPATH}:/opt/CTXSmf/man Chapter - Ser and ver Configur Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

For AIX: export MANPATH

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Starting and Stopping MetaFrame for UNIX

Chapter 16 - Securing Client Access

Chapter 17 - Net wor Configur atstart ion the MetaFrame process on each server using the ctxsrv When installation is kcomplete, Chapter 18 Pr int in g command. Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

To start20MetaFrame: Chapter - Migr ation to Window s 2003 and Citr ix MetaFrame XP at the MetaFrame Administr ation server of the asSer a Citrix v er - Based server Com administrator puting (for example, log in with the 1. Log onOngoing onment defaultEnvir user ctxsrvr).

Chapter 21 -

Pa r t I V - Appendi x es

2. AtA the type ctxsrv start. Appendix - Icommand nter netw or kprompt, ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Note If during installation you chose to add the startup/shutdown script, MetaFrame will automatically start when the machine is booted.

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

List Figur esMetaFrame process on a server, use the ctxshutdown command. With ctxshutdown, To ofstop the List Tables theoftime can be specified for when the shutdown process will begin, and users can be notified that the List server of Case is about Studies to shut down. List of Sidebars

When the shutdown process begins, applications will terminate, except for those that have registered window hints. These applications will attempt to interactively log users off by displaying a series of prompts. With ctxshutdown, the maximum duration that users have to respond to these prompts can be specified. Any sessions that are still active when this period expires are terminated and the users are automatically logged off. The server prevents users from logging on during the shutdown process. To stop MetaFrame: 1.

1. Log on to the MetaFrame server as a Citrix server administrator. 2. At the command prompt: use the ctxshutdown command to shut down the server using the Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver defaults. By default, the server shutdown process begins after 60 seconds; the message 2 00 3 : Th e O ff icial Guid e "Server shutting down. Auto logoff in 60 seconds" is sent to all users logged on to the server. ISBN:0072195665 by Steve Kaplan et al. Applications that have registered window hints (the WM_DELETE_WINDOW attribute) have a McGr aw -Hill © 2003 (724 pages) further 30 seconds to interactively log users off before terminating. To specify other parameters This guide ex plains how to build a r obust, reliable, and with the ctxshutdown command, see Table 12-3 for a list of parameters and descriptions of scalable thin- client com puting envir onment and deploy what they Windows do. 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on ctxshutdown the desktop, and mor e. Table 12-3: Command Parameters < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> To Perform the Following: Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d Shut down the server using the defaults. By default, the server

Use This Command: ctxshutdown

shutdown process begins after 60 seconds; the message "Server I ntr oduction down. 60seseconds" is gsent Pa r t I - Ovshutting er vi e w of Ente rAuto pr ise logoff Se r ve rin - Ba d Com put in

to all users logged on toI ntr theoducing server.Ser Applications that puting have registered window hints (the ver -Based Com and th e OnDem and Chapter 1 Enterpr ise WM_DELETE_WINDOW attribute) have a further 30 seconds to Chapter 2 interactively - Window slog Terusers minal off Serbefore vices terminating. Chapter 3

- Citr ix MetaFr am e Access Suite

Operate in quiet mode. This reduces the amount of information displayed to the administrator by the ctxshutdown command.

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 4 Chapter Chapter Chapter Chapter Chapter Pa r t I I I

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

I mplem entthe ation Specify when shutdown process will begin, and how long the 5 message - Ser verwill - Based ComputinginData CenterThe Architect ureis 60 seconds. be displayed, seconds. default 6 When - Designing Your Netw orand k forthe Sershutdown ver- Basedprocess Com put ing this period expires begins, 7 applications - The Client Envir onment that have registered window hints (the attribute) will attempt to interactively log 8 WM_DELETE_WINDOW - Security the user off. Applications that have not registered window hints will 9 - Net w or k Managemen t - Iterminate m ple m entimmediately. ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Specify how much time applications with registered window hints

Chapter 11(the - WM_DELETE_WINDOW Ser ver Configur ation: Windows Ter m inal Serv ices attribute) have in seconds to Chapter 12interactively - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver log users off. The default is 30 seconds. When this

ctxshutdown q ctxshutdown m seconds

ctxshutdown l seconds

Chapter 13period - Application I nstallation andsessions Configur at ionautomatically expires, any remaining are Chapter 14terminated, - Client Configur ation and Deploymlogged ent users are automatically off, and the MetaFrame Chapter 15process - Pr ofiles, Policies, and Pr ocedu res stops. Chapter 16 - Securing Client Access

Specify the message displayed to all users logged on to the server. If you do not specify a message, the default message "Server Chapter 18 - Pr int in g shutting down. Auto logoff in x seconds" is displayed, where x = the Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment number of seconds specified in the -m option (or the default of 60 Chapter 20seconds, - Migr ation s 2003 and Citr ix MetaFrame XP if thistoisWindow not specified). Chapter 17 - Net wor k Configur at ion

Chapter 21 -

ctxshutdown message

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Publishing a MetaFrame for UNIX Application

Appendix A - I nter netw or k ing Basics

Appendix B - Creating On-desired Dem andUNIX Enterpr ise Financial Analysis Model Once MetaFrame andanany applications are installed on the UNIX server, the next step is Appendix C the - Creating an OnDem the and application Enterpr ise Subscr iption Billing to publish application. Once is published, it will Model be available to any ICA client I ndex (version 6.0 and later) and can be published via Web Interface for MetaFrame (see Chapter 16). List of Figur es

Use the ctxappcfg command to publish an application. The command prompts the administrator for the information required to publish the application. Application installation is not part of the application List of Case Studies publishing process. Before an application can be published, both MetaFrame for UNIX and the List of Sidebars application must be installed. The order in which the application and MetaFrame are installed does not matter. Once an application is installed, it can be published at any time. List of Tables

To publish an application: 1. Log on to the MetaFrame for UNIX server as a Citrix server administrator. 2. At the command prompt, type ctxappcfg. 3.

3. You will see the following prompt: App Config>. Type add. When you add a new application, the program requests each item of information required. Table 12-4 lists the syntax and parameters Add program. Citfor rixthe Me App t aFraConfig m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Table 12-4: and Parameters for the App Config Add Program ISBN:0072195665 by Syntax Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

At the Type: Prompt:This guide ex plains how to build a r obust, reliable, and

scalable thin- client com puting envir onment and deploy

Windows 2003 Ser v er and MetaFr am e. Also Name: Windows 2000/ The user selects this name when setting up an ICA connection to this learn t o centr alize application managem ent, r educe soft w ar e published application. The name does not need to be the same as on the desktop, and mor e. the name of the executable file for a particular program. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Command The command line required to run the application or script file—for Ta ble o f Con t en t s

line: /usr/bin/diary.bin. Citr ix MetaFr am e Access Suiteexample: for Window s Ser v er 2003—The Official Guide For ewor d

Working

The default working directory. This directory must exist. Leave blank to specify the user's home directory. Note that ~/sub-dir is supported; of Ente r pr ise Se r ve r - Ba se d Com put in g ~otheruser is not.

I ntr oduction directory: Pa r t I - Ov er vi e w

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

-

Chapter 3

- Citr ix MetaFr am e Access Suite

Anonymous Enterpr ise y if the application is for anonymous use only, or n if it is only for users with explicit accounts. Chapter 2 [yes|no] - Window s Ter minal Ser vices published application is automatically Pa r t I I - The De signi ng a n Ent e rpr i se SBC Solut ion

enabled. It can now be accessed from an ICA Client by setting uping a connection to this for published application fromisethe client, or by configuring Web Pr epar Your Or ganization an On- Dem and Enterpr Chapter 4 I mplem ent ation Interface for MetaFrame. Chapter 5

- Ser ver - Based Computing Data Center Architect ure 4. At App Config prompt, Chapter 6 the - Designing Your Netw ortype k forexit. Ser ver- Based Com put ing Chapter 7

The Client Envir onment Note A- user cannot use the root account (su) to log on or connect to a MetaFrame for UNIX

Chapter 8 application, - Security even though MetaFrame XP allows connecting to MetaFrame XP published Chapter 9 applications - Net w or k Managemen t as the administrator user. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter - PrClient oj ect Managing and Deploying an Enter pr ise SBC Envir onment About10ICA Keyboard Support Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

This section how to use Citr ICAixClient with non-English Chapter 12 - describes Ser ver Configur ation: MetaFrdevices am e Presentation Ser ver keyboards with MetaFrame for UNIX servers. MetaFrame for UNIXand supports ICA Client devices that use the following keyboards: Chapter 13 - Application I nstallation Configur at ion Chapter 14 - Client Configur ation and Deploym ent

US English 409

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter - Securing UK16English 809 Client Access Chapter 17 - Net wor k Configur at ion

French Chapter 18 - 40c Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

German 407

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

SwedishOngoing 41d Administr ation of the Ser v er - Based Com puting

Chapter 21 -

Envir onment

40ax es Pa r t I Spanish V - Appendi Appendix A - I nter netw or k ing Basics

Italian 410

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On-Keyboard Dem and Enterpr ise Subscr iption Billing Model keyboard support: Configuring Non-English Support To configure non-English I ndex

1. Ensure you start the server in the country locale of the ICA Client keyboard that your users are using. For example, if your users have German keyboards, start the server in a German locale. List of Tables This ensures that the session runs in an appropriate locale where fonts containing the required List of Case Studiessymbols are in the font path and keyboard symbols appear correctly on the screen. keyboard List of Figur es

List of Sidebars

2. Make sure your users select the appropriate keyboard in the Settings dialog box on the client device. For further information about selecting keyboards, refer to the Client Administrator's Guides for the clients you are deploying. Note You can alter the locale for an individual user by setting environment variables in their startup files.

Troubleshooting Non-English Keyboard Support If users experience problems obtaining accent symbols, such as the circumflex accent (^), it may be that the application they are using does not support dead keys. dead that does when pressed—instead, it CitArix Me tkey aFraismae key Access Su it e not fo r produce W in do w a s character Ser ver modifies the character by the next 2 00 3 :produced Th e O ff icial Guid e key press. For example, on a generic French PC keyboard the ^ (circumflex) key iseta al. dead key. When this key isISBN:0072195665 pressed, and then the A key is pressed, by Steve Kaplan "â" is generated. McGr aw -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and

Configuring MetaFrame forcom UNIX Event Logging scalable thin- client puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

Following an initial learn install t o centr of MetaFrame alize application for UNIX, managem events ent, are r educe not configured soft w ar e to be sent to the system on the desktop, and mor e. log (syslog). < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> MetaFrame uses the following event log levels: Ta ble o f Con t en t s Citr ix user.notice MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

user.info I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

user.warning

Chapter 1

-

user.err

Chapter 2

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

- Window s Ter minal Ser vices

Chapter 3 - Citr ix MetaFr am e Access Suite user.debug Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

To record MetaFrame events, add a linefor to the /etc/syslog.conf fileise and specify the event log levels to Pr epar ing Your Or ganization an OnDem and Enterpr be recorded.I You must be logged in as root to edit syslog.conf. mplem ent ation

Chapter 4 Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Note The event log level names that MetaFrame uses may also be used by other programs. You - Designing Your Netw or k for Ser ver- Based Com put ing may see messages from other software in the event log.

Chapter 6 Chapter 7

- The Client Envir onment

Chapter 8 - Security For example, adding the following line to the end of syslog.conf (separated with a tab, not a space) Chapter - Net wlog or k messages Managemen t causes9all event from MetaFrame for UNIX to be put in the file /var/adm/messages: Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

For10Solaris AIX: user.notice;user.info Chapter - Pr ojand ect Managing and Deploying an/var/adm/messages Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

For HP-UX: user.notice;user.info /var/adm/syslog/syslog.log

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 The - Application I nstallation and Configur at ion Note file you use (for example, /var/adm/messages) must exist. If it does not, then create it. Chapter 14 You - Client Configur ation and Deploym ent may also want to send certain types of MetaFrame event details to the console. For Chapter 15 example, - Pr ofiles,toPolicies, res ensure and thatPr allocedu MetaFrame for UNIX error messages appear on the console, add line to the file /etc/syslog.conf: user.err /dev/console. For details about configuring Chapter 16 this - Securing Client Access

event logging, see the syslog.conf man page. Chapter 17 system - Net wor k Configur at ion Chapter 18 - Pr int in g

Configuration Requirements to Run Version Chapter 19 - Disaster Recovery and Business Continuity in the1.2 SBCFeatures Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Generally, after installing or upgrading to MetaFrame for UNIX version 1.2, the following is required in

Ongoing Administr ation of the Ser v er - Based Com puting Chapter - utilize the latest features of this release. Some items to consider: order to21fully Envir onment Pa r t I V - Appendi x es

Ensure that your ICA Client users are running Version 6.3 or later ICA Clients. Without Version 6.3

Appendix A - ICA I nterClients, netw or kusers ing Basics or later will be unable to take advantage of some of the new features, including: Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

ICAan session size colorise depth Appendix CGreater - Creating On- Dem andand Enterpr Subscr iption Billing Model I ndex

Multimonitor display

List of Figur es

List of Tables Greater bandwidth efficiency List of Case Studies

HTTP browsing List of Sidebars SSL security The latest ICA Clients are available for download at http://www.citrix.com/download/. Ensure that version 1.6 of the Citrix XML Service or later is installed on all MetaFrame for UNIX servers. Version 1.7 of the Citrix XML Service is available as an optional package that can be chosen during the installation of version 1.2. If the latest version of the XML Service is not used,

the new features will not be available to users who connect to applications via Web Interface for MetaFrame. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

Note If you are installing the XML Service on a machine for the first time (in other words, the XML 2 00 3 : Th e O ff icial Guid e Service is not installed on the machine already) publishing is disabled by default. Therefore, ISBN:0072195665 by Steve Kaplan et al. before the XML Service will respond to Web Interface or client HTTP browsing requests, McGr aw -Hill © 2003 (724 pages) publishing must be enabled. This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Citrix Licensing 2 00 3 : Th e O ff icial Guid e

by Steve detailed Kaplan etinformation al. Thenext section provides and instructions ISBN:0072195665 on MetaFrame XP and MetaFrame for McGr awas -Hill 2003 (724 pages) utility. UNIX licensing, as well the© new mlicense This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e Software licensing, software, continues to evolve. Both Microsoft and Citrix licensing is required on just the like desktop, and mor e.

MetaFrame XP FR-3 Licensing

for all Citrix MetaFrame XP environments. As discussed in Chapter 2, Microsoft licensing with Windows

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> 2003 offers both a per-user and per-seat (per computer) implementation. Citrix licensing is offered on Ta ble o f Con t en t s

a concurrent user basis. With both Microsoft and Citrix licensing, the license is not only an agreement describing the cost to the user and revenue to the vendor, it is also a technical implementation in which For ewor d licenses are managed by the servers, and user access is disallowed if insufficient licenses are I ntr oduction available. Although most companies today look at software licensing as purely an ethical and legal Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g concern, for many applications, including Citrix and Microsoft, it is also a technical concern. On more I ntr oducing Ser ver -Based calls Com puting and th e Onand because users couldn't get than one we have received from customers inDem a panic Chapter 1 occasion Enterpr ise logged in as a result of too few licenses, or a configuration mistake with the licensing. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Chapter 2

- Window s Ter minal Ser vices

Chapter 3 - Citr ix MetaFr am e Access Suite The technical implementation of Citrix MetaFrame XP licensing requires that one license be available Pa r t each I I - Deconcurrent signi ng a n user Ent e rpr i seconnection SBC Solut ion for ICA to a

MetaFrame XP server farm. The ICA Client software is

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise essentially Chapter 4 -free, as it can be installed on any device at no cost. Of course, when it is used to connect to I mplem entaation a server, it will use up concurrent license on the server farm. The MetaFrame XP licensing is Chapter 5 -intelligent Ser ver - Based Computing Data Center ure is running more than one session into sufficiently enough to recognize when aArchitect single user Chapter 6 and - Designing k for Ser put ing MetaFrame XP connection licenses the farm, thus onlyYour takeNetw one or license forverthatBased user.Com Because Chapter 7 - specific The Client Envir onment are version (that is, they understand the difference between an XPs server and an XPe server),8 we- highly recommend that all server farms use the same MetaFrame XP version. This will Chapter Security

avoid the Chapter 9 problem - Net w orof k MetaFrame Managemen t checking out two licenses to a single user because that user is connecting to m both a MetaFrame server and MetaFrame Pa r t I I I - I m ple ent ing a n O n-D e mXPs a nd Se r ve r - Ba sesecondly d Com pu tito ngaEnvi r onm e nt

XPe server.

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Once the first MetaFrame XP starter pack is purchased, the server software and license can be installed on as many servers as desired. The license code provides for concurrent connections, Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver regardless of how many servers those connections are spread across, as long as all the servers are in Chapter 13 - Application I nstallation and Configur at ion the same farm. Obviously, each additional server does require a new license of Windows 2003 Server, Chapter 14 - Client Configur ation and Deploym ent but from a Citrix standpoint, the number of servers has little bearing on the number of concurrent Chapter 15 This - Prprovides ofiles, Policies, Pr ocedu res licenses. a greatand deal of flexibility for SBC administrators, allowing them to add servers Chapter 16 Securing Client Access as more power or flexibility is needed within the farm, without having to purchase more Citrix licensing. Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 17 - Net wor k Configur at ion

Tip18Possibly Chapter - Pr int the in g most significant gain from this new licensing paradigm is that it allows an administrator to build non-production test servers within farm without having to purchase Chapter 19 - Disaster Recovery and Business Continuity in the SBChis Envir onment additional Citrixtolicenses. Chapter 20 - Migr ation Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 How Citrix MetaFrame XP Licenses Are Purchased Envir onment Pa r t I V - Appendi x es

Citrix sells its software licenses through a worldwide group of resellers who purchase the licenses through several large distributors or, in the case of the Global 2000 program, the resellers purchase Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model the Flex licenses from Citrix directly. Chapter 3 covers the various licensing program options. It is Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model important to note from a technical standpoint that the program the licenses are purchased under will I ndex affect the technical implementation of how they are input and activated. Appendix A - I nter netw or k ing Basics

List of Figur es List Citrix of Tables Retail and Flex Software Licensing Any standard purchase of less than 375 licenses will be

provided List of Casethrough Studies resellers in the form of standard retail license packs or Easy Licensing electronic licensing packs. There are two main differences between Easy Licensing and standard retail licensing: List of Sidebars With Easy Licensing, all ordering and delivery is done from http://www.MyCitrix.com, in conjunction with a reseller. Since no physical paper is shipped, the time between order and install is dramatically reduced. Easy Licensing does not require activation—simply key in the license codes and you are ready to go. In contrast, standard retail license packs require a two-step procedure of keying in the licensing, and then going to the Citrix site to activate the licenses.

Retail and Easy License packs of Citrix XPs, XPa, or XPe come in two varieties: Cit rixpack Me t aFra m e Access Su it e fo r W in do w s Ser ver A 20-user starter 2 00 3 : Th e O ff icial Guid e

Steve pack Kaplan al. A concurrentby license (inetincrements of 5, 10, 20, 50, ISBN:0072195665 and 100 concurrent user licenses) McGr aw -Hill © 2003 (724 pages)

The main difference the starter pack concurrent license pack is that the starter pack This between guide ex plains how to buildand a r the obust, reliable, and comes with media and documentation obvious requirement for first-time Citrix buyers). It is scalable thin- client com(an puting envir onment and deploy 2000/ v er and MetaFr e. Alsolicense, which must be important to note,Windows however, that Windows a starter 2003 pack Ser also comes with aam starter learn t o centr application managem ent, r educe soft w ar e installed prior to installing any alize connection packs. on the desktop, and mor e.

Corporate Educational Purchases Corporations purchasing more than < ?xm l version=and " 1.0" encoding= " ILicense SO- 8859-Agreement 1" ?> 375 concurrent user licenses at a time may choose to buy licenses under Citrix's Corporate License Ta ble o f Con t en t s Program (CLP) through the reseller channel. CLP licenses (referred to as open licenses) require a Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide purchase up-front, but offer a significant discount. Open licenses come in the same 5, 10, 20, 50, and For ewor d 100 concurrent license packs, but rather than requiring a starter pack, the open licenses come with a I ntr oduction product code and a media kit (purchased separately). The media kit and product codes again can be Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g installed on as many servers in the farm as desired. The license codes are installed and activated in I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 way the same as allise other Citrix codes. Since most open licenses involve a large number of Enterpr installations, administrators willSer benefit Chapter 2 - Window s Ter minal vices from the new mlicense tool detailed next. This tool provides an automated method to install and activate a large number of licenses. Chapter 3 - Citr ix MetaFr am e Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

TechnicalPrAspects of How MetaFrame XP Licensing Works epar ing Your Or ganization for an On- Dem and Enterpr ise

Chapter 4

-

I mplem ent ation

MetaFrame XP licensing is all stored and managed at the server level. There is never any licensing Chapter 5 - Ser ver - Based Computing Data Center Architect ure installed, managed, gathered, or stored on any client device. The MetaFrame XP license keys are Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing installed and activated through the Citrix Management Console or by using the mlicense utility (see the Chapter 7 section - The Client Envir onment mlicense that follows). Once the license keys are installed, Citrix then stores the license keys in Chapter 8 farm's - Security the Citrix IMA Data Store. Each server in the farm contains a local host cache database of the Chapter 9 - Net w orto k Managemen t are not denied access to the farm if one server is down. If a server IMA licensing data ensure users Pa r t I I I connectivity - I m ple m entto ing O n-Dfor e mmore a nd Se r ve r96 - Ba hours, se d Com pulicensing ti ng Envi rcomponent onm e nt loses thea nfarm than the of the IMA service Chapter 10 Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment stops, and users are no longer able to log on to that particular server. Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

The zone foration: the IMA Store the license within the server farm. The Chapter 12 data - Sercollectors ver Configur CitrData ix MetaFr amtrack e Presentation Serusage ver IMA communication within the farmand keeps all ofatthe Chapter 13 - Application I nstallation Configur ion servers constantly up-to-date regarding total number of licenses available and in use.

Chapter 14 - Client Configur ation and Deploym ent Chapter - Pr ofiles, Policies, and Pr oceduwith res a MetaFrame XP server, a license is checked out from When a15user initiates an ICA connection Chapter 16 Securing Client Access the IMA Data Store pool. When the user logs off, the connection license is checked back in to the pool Chapter 17 - licenses Net wor k in Configur at ion of available the Data Store. Chapter 18 - Pr int in g

Adding, Backing Up Licenses with in the mlicense The following processes Chapter 19Activating, - Disaster and Recovery and Business Continuity the SBC EnvirUtility onment do not work theation licenses have already been manually added Chapter 20 - ifMigr to Window s 2003 and Citr ix MetaFrame XPto the Citrix Management Console. Ongoing Administr ation of the Ser v er - Based Com puting Chapter Use the21mlicense utility to add multiple licenses, activate multiple licenses, and back up licenses in a Envir onment

MetaFrame XP server farm. mlicense can be used in a MetaFrame XP server farm with servers running MetaFrame XP Feature Release 1, 2, or 3. MetaFrame XP Feature Release 3 includes the Appendix A - I nter netw or k ing Basics mlicense utility. For the purposes of this utility, the term serial number refers to license numbers before Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model they are added to the farm and the term licensenumber is synonymous with license string and license Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model key. Pa r t I V - Appendi x es

I ndex

List of Figur es following tasks before running mlicense: Perform the List of Tables 1. Create a filename.txt file and input all of the license serial numbers to be added to the List of Case Studies XP server farm. You can add other text to the filename.txt file, such as section MetaFrame List of Sidebars headings. The mlicense utility reads the license serial numbers in the file and then adds them to

the Data Store. Note Use all uppercase letters when adding license serial numbers to the filename.txt file. 2. For MetaFrame XP Feature Release 2 server farms, download and install Hotfix XE102W064 on each of the servers. This hotfix must be present on the MetaFrame XP Feature Release 2 servers before running mlicense in the farm.

3. For MetaFrame XP Feature Release 1 and 2 server farms, download the mlicense utility from ftp://ftp.citrix.com/etaXP/Utils/mlicense.exe and copy Mlicense.exe to the %system Root%\System32 directory one ofSu the indo the Cit rix Me t aFra m eonAccess it eservers fo r W in w sfarm. Ser ver 2 00 3 : Th e O ff icial Guid e

Directions for Using mlicense Full administrative rights or delegated administrative rights are ISBN:0072195665 by Steve Kaplan et al. required to execute this command. McGr aw -Hill © 2003 (724 pages) 1. From a command prompt, run thetocommand parameters This guide ex plains how build a r obust, reliable, listed and in Table 12-5. For example: C:\Documents scalable andthinSettings\Administrator>mlicense client com puting envir onment and add deploy /I C:\Temp\filename.txt /O Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also C:\Temp\filename.xml. learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Table 12-5: mlicense Command-Line Utility Syntax and Parameters < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Command Syntax Parameters Ta ble o f Con t en t s

Parameter Options

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

mlicense /?

I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise

/? — Displays the syntax for the utility and information about the Se r ve r - Ba se d Com put in g utility's options.

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

-

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

mlicense Enterpr [activate ise /I filename_processed /activate filename_ .xml — The filename of processed.xml — Activates the Chapter 2 filename_processed.xml] - Window s Ter minal Ser vices the license number and filename_processed.xml Chapter 3 - Citr ix MetaFr am e Access Suite activation codes output licenses in the MetaFrame Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion filefor from CASand Enterprfarm. Pr epar ing Your Or ganization an the On- Dem ise When this command is Chapter 4 I mplem ent ation Multiple License successfully completed, Activation web ure site mlicense displays the Chapter 5 - Ser ver - Based Computing Data CenterCAS Architect to be used. Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing message, "Successfully activated all the licenses." Chapter 7 - The Client Envir onment /I — Input command.

mLicense [/L number] [/Q]

number — The /L — Allows you to list the maximum number of number of licenses to be put in Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment license numbers that the filename.xml file by Ser ver Configur ation: Windows Ter m inal Serv ices each filename.XML file mlicense. This is optional. Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver will contain. The /Q — This command runs after Application I nstallation andmaximum Configur atnumber ion that mlicense /L. Client Configur ation and Deploym can be ent specified is Pr ofiles, Policies, and Pr ocedu res 2000.

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 Chapter 11 Chapter 12 Chapter 13 Chapter 14 Chapter 15 -

Chapter 16 - Securing Client Access

mlicense [backup /O backupfilename.txt]

backupfilename.txt — The filename Chapter 18 - Pr int in g containing a backup of Chapter 19 - Disaster Recovery and Business Continuity in the SBC the license serial Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP numbers.

/Backup — Saves the serial number strings from the MetaFrame farm in the Envir onment backupfilename.txt file for backup and disaster recovery Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 purposes. Chapter 17 - Net wor k Configur at ion

Envir onment

Pa r t I V - Appendi x es

/O — Output

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

mlicense [add /I filename.txt — The /add filename.txt — Adds the name of the text file filename.txt] [/O license serial numbers from Cit rix Me t aFra m e Access fo r license W in do w s Ser listing Su all itofe the filename.xml] thever filename.txt file to the 2 00 3 : Th e O ff icial Guid e numbers to be serial mlicense tool. When this ISBN:0072195665 by Steve Kaplan et al.added. command is successfully McGr aw -Hill © 2003 (724 pages) completed, mlicense displays filename.xml — The This guide ex plains how to build a r obust, reliable, the and message, "Successfully name of the output scalable thin- client com puting envir onment and deploy added all the serial numbers." .XML file Ser specified Windows 2000/ Windows 2003 v er and MetaFr am e. Also mlicense learn t o centr alize application managem when using the ent, r educe soft w ar e does not add autoactivated licenses to the on the desktop, and mor e.

creating the filename.txt file, filename.xml> syntax. Ta ble o f Con t en t s be sure to use all uppercase This file uploaded to Citr ix MetaFr am e Access Suite for Window s Ser v eris 2003—The Official Guide letters. the CAS Multiple For ewor d

I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise

License Activation web site. Se r ve r - Ba se d Com put in g

Chapter 1

I ntr oducing Ser ver -Based Com puting and th e On- Dem and -Note You can save the filename.xml file to a directory of your choice by specifying the Enterpr ise

Chapter 2

directory path.Ser mlicense - Window s Ter minal vices outputs the filename.xml file, which includes the license

Chapter 3

toebe usedSuite for activation. - Citr ixnumbers MetaFr am Access

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

2. Open the web browser and navigate to the Multiple Activation page on the Citrix Activation

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter (CAS) 4 - web site. Upload the filename.xml file. The web site processes the filename.xml file and I mplem ent ation

returns a filename_processed.xml file. Save the filename_processed.xml file on the server.

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

-Note Designing Your Netw or k for for using Ser verBased ingare on the CAS Multiple License Detailed directions the CASCom webput site - The Activation Client Envirweb onment page.

Chapter 7 Chapter 8

- Security 3. Run activate Chapter 9 - the Netmlicense w or k Managemen t command, using the filename_processed.xml file. Use the

parameters next Pa r t I I I -command I m ple m ent ing a n O n-Dlisted e m a nd Se ras ve ran - Baexample: se d Com pu ti ng Envi r onm e nt Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

C:\Program Files\Citrix\System32>mlicense activate /Ifilename_processed.xml

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter The 12 -licenses Ser ver Configur Citr ixinMetaFr am e Presentation are nowation: activated the MetaFrame farm. Ser ver Chapter 13 - Application I nstallation and Configur at ion

4. After the licenses, the backup feature of mlicense to create a backup file of the Chapter 14 - activating Client Configur ation anduse Deploym ent licenses; for example:

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter C:\Documents 16 - Securing Client Access and Settings\Administrator>mlicense backup /O Chapter 17 - Net wor k Configur at ion Chapter C:\Temp\backupfilename.txtMLicense 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

5. Use this command-line utility to add groups of licenses to a MetaFrame XP Feature Release 1 or Feature Release 2 farm. Executing mlicense with no parameters displays help for the utility.

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Table 12-5 lists the syntax and parameters for the mlicense command line utility.

Pa r t I V - Appendi x es

Appendix - I nter netw orutility k ing Basics Use thisAcommand-line with the parameters and syntax listed in Table 12-5 to add groups of Appendix licensesB - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Example: mlicense add /I C:\Temp\filename.txt /O C:\Temp\filename.xml /L 10 I ndex List of Figur es

The preceding example puts ten license numbers in each of the filename.xml files. The first file is

List of Tables named filename.xml, the second file is named filename_1.xml, then filename_2.xml, and so on. If you List Case do of not useStudies the /L option and the filename.txt file has more than 2000 license numbers, mlicense List of Sidebars creates filename.xml with the initial 2000 license numbers and filename_1.xml with any license

numbers over and above the initial 2000. For example, if filename.txt contains 2100 license numbers, mlicense creates filename.xml that contains 2000 license numbers and filename_1.xml that contains the additional 100 license numbers. Example:

This allows the output file naming convention to restart. In this example, it overwrites the existing files such as filename.xml, filename_1.xml, and filename._2.xml in the directory. If you do not use the /Q option, the files are using next number insthe convention, such as Cit created rix Me t aFra m the e Access Su it e foavailable r W in do w Sernaming ver filename_3.xml, filename_4.xml, andGuid filename_5.xml. 2 00 3 : Th e O ff icial e ISBN:0072195665

by Steve Kaplan et al.

McGr aw -Hillfor © 2003 (724 pages) Citrix MetaFrame UNIX Version 1.2 Licensing This guide ex plains how to build a r obust, reliable, and thinclient com puting envir onment and deploy XP licensing in four significant Citrix MetaFramescalable for UNIX licensing is different from Citrix MetaFrame Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also ways: learn t o centr alize application managem ent, r educe soft w ar e

1. MetaFrame onfor theUNIX desktop, is licensed and morper e. server and per concurrent user. For instance, a 15-user license can only be put on one server—if additional server power is required, even though the < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> first server is only supporting five users, a second 15-user license is required. Although server Ta ble o f Con t en t s licenses can be pooled as the farm grows (using Citrix load balancing), more thought and Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide planning need to go into determining how many servers will be needed to support the number For ewor d of expected concurrent users. I ntr oduction

Pa r t I - Ov er vi e w of Entesells r pr iseMetaFrame Se r ve r - Ba se d Com putininbase g Note Citrix for UNIX

Chapter 1

-

packs as small as three users to alleviate the

I ntr oducing Ser ver -Based puting and e On-for Dem pain of having to buy Com MetaFrame forthUNIX 20and users for a small server that may Enterpr onlyisebe capable of supporting three users.

Chapter 2

- Window s Ter minal Ser vices 2. MetaFrame for UNIX sold inSuite a base license (as opposed to a Starter Kit like MetaFrame XP) Chapter 3 - Citr ix MetaFr am eisAccess

or 15 and bump Pa r t I I - of De3signi ng users, a n Ent e rpr iadditional se SBC Solut ion packs

of 5, 10, 20, 50, and 100 concurrent connection licenses. The are notforinterchangeable MetaFrame XP bump packs (and the Pr epar ingbump Your packs Or ganization an On- Dem and with Enterpr ise Chapter 4 ent ation pricingI mplem is different as well). Chapter 5

- Ser ver - Based Computing Data Center Architect ure 3. MetaFrame for UNIX doesornot have different like MetaFrame XPs, XPa, or XPe. Chapter 6 - Designing Your Netw k for Ser verBasedversions Com put ing

Instead, the additional features of Citrix Load balancing are sold and licensed as separate - The Client Envir onment products.

Chapter 7 Chapter 8

- Security

Chapter 9 - Net wlicensing or k Managemen t 4. Microsoft is not required. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Because differences, as of version 1.2, licensing cannot beonment shared between MetaFrame XP Chapter 10 of- these Pr oj ect Managing and Deploying an Enter pr ise SBC Envir server farms andver MetaFrame for UNIX server unless Chapter 11 - Ser Configur ation: Windows Ter farms m inal Serv icesthe MetaFrame XP servers are in mixed mode. 12 Additionally, will not witham MetaFrame for UNIX. Chapter - Ser ver mlicense Configur ation: Citrwork ix MetaFr e Presentation Ser verCitrix is currently considering using the licensingI nstallation management for bothatMetaFrame for UNIX and MetaFrame XP, so common Chapter 13 same - Application and Configur ion management and more seamless pooling Chapter 14 - Client Configur ation andlicense Deploym ent between products may be available with future releases.

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 the - Securing Client Although MetaFrame forAccess UNIX licensing is not as consumer friendly, it is cheaper per concurrent Chapter 17 Net wor k Configur at ion connection license. Additionally, MetaFrame for UNIX deals with multiple concurrent licensing similarly Chapter 18 - Pr XP int inin g that it generally is efficient enough to use only one license for one user, even if to MetaFrame Chapter 19 Disaster Recovery andtoBusiness in the onment they have multiple sessions open multipleContinuity MetaFrame for SBC UNIXEnvir servers. MetaFrame for UNIX's Chapter 20 - Migr ation to Window s 2003 and multiple Citr ix MetaFrame client device licensing allows users to start sessions XP on the same server or on different servers, while Ongoing using only Administr a single ation Citrix of the user Sercount, v er - Based assuming Com puting the following conditions exist: Chapter 21 Envir onment

1. All connections must be from the same client device.

Pa r t I V - Appendi x es

Appendix A - Ia nter netw or k ing Basics session on the same Citrix server as the first session, the new 2. When user starts a second Appendixsession B - Creating an OnDem and Enterpr ise Financial does not consume a second user count. Analysis When a Model user starts a second session on a Appendixdifferent C - Creating an On- Dem isedoes Subscr BillingaModel Citrix server, the and newEnterpr session notiption consume second user count if all the following conditions are true: I ndex List of Figur es List of Tables

The first session consumed a pooled user count.

List of Case Studies The user makes all connections from the same client device. List of Sidebars

All servers are on the same subnet (using the same master ICA Browser). Citrix servers exhaust all local (unpooled) user counts before consuming pooled user counts. Therefore, a user assigned a local user count uses a second user count when starting a second session on a different Citrix server. Installing MetaFrame for UNIX Licenses To install the licenses on a Citrix for MetaFrame server,

install the software, enter the serial numbers, and activate the licenses through the activation tool using the following steps: 1. Add the supplied Cit rix Me t aFra m e Access it ectxlicense fo r W in do w command. s Ser ver At the command prompt, type serial number usingSu the 3 : Th e O ff icial Guid e ctxlicense2 00 -add serial-number. Type the serial number exactly as it appears (it is case ISBN:0072195665 Steve Kaplan al. that the Citrix license has sensitive).by A message will et state been successfully added. MetaFrame -Hill © 2003 (724 pages) generatesMcGr and aw displays a unique 35-character license number, based on the serial number Thisserial guidenumber ex plainsishow build a r obust, reliable, and entered. The theto 25-character number that can be found in three places: scalable thin- client com puting envir onment and deploy Windows Ser v er and MetaFr in amversion e. Also 1.1 On the sticker 2000/ on theWindows back of2003 the CD-ROM booklet, learn t o centr alize application managem ent, r educe soft w ar e on sealed the desktop, e. CD-ROM pack, in Feature Release 1 On the insideand flapmor of the < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> On a web site, if you have been given a URL through an electronic licensing program Ta ble o f Con t en t s Citr ix2.MetaFr Access Suite Window s Ser er 2003—The Official Guideproduct activation web site Get am an eactivation codeforfrom Citrix for vthe license from the Citrix For ewor dhttp://www.citrix.com/activate/ and follow the instructions on the screen. You will need to supply I ntr oduction the 35-character license number generated in Step 1. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

3. Activate Citrix Ser license using Com ctxlicense. At th the command I ntrthe oducing ver -Based puting and e OnDem andprompt, type ctxlicense -activate Enterpr ise activation-code. Paste in the license number from the Clipboard, or type it in, license-number Chapter and 2 -type Window in the s Ter activation minal Ser code vicessupplied by Citrix. A message stating that the Citrix license has activated The software is now ready for use. Chapter been 3 - successfully Citr ix MetaFr am e Accessappears. Suite Chapter 1

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

MetaFrame for UNIX License Pooling By default, all user licenses are pooled across Citrix servers.

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 reserve You can licenses for use only on a local Citrix server by lowering the number of pooled I mplem ent ation

licenses. areData not available to other Citrix servers and cannot be used for client Chapter 5 Unpooled - Ser ver - local Basedlicenses Computing Center Architect ure device 6licensing. Chapter - Designing Your Netw or k for Ser ver- Based Com put ing Chapter 7

The Client Envir onment To change -the pooled user count, the 35-character license number must be supplied. To display all

Chapter 8 - Security Citrix licensing information for a specific server or server pool, use ctxlicense -list from a command Chapter - Net in w oras k Managemen t prompt9(logged a Citrix administrator). A description of each license, the license number, user Pa r t I I I and - I mpooled ple m entuser ing acount, n O n-Dand e m aan nd indication Se r ve r - Ba se Com pu tiitng r onm eor nt not, count ofdwhether is Envi activated

is provided.

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

To change user count MetaFrame for ices UNIX servers: Chapter 11 -the Serpooled ver Configur ation: across Windows Ter m inal Serv Chapter 12 -on Ser ation:server Citr ix MetaFr am e server Presentation Ser ver 1. Log tover theConfigur MetaFrame as a Citrix administrator. Chapter 13 - Application I nstallation and Configur at ion

2. At command prompt, typeDeploym ctxlicense Chapter 14 the - Client Configur ation and ent -pool license-number pooled-count Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

The pooled count must be between zero and the total number of user counts installed with this license number. Any remaining user counts become local to this server only.

Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

Since MetaFrame Chapter 18 - Pr int infor g UNIX does not have an IMA Data Store like MetaFrame XP, the licenses are all stored on first installed server, a backup copy in is stored theonment second installed server. If the Chapter 19 the - Disaster Recovery and and Business Continuity the SBCon Envir license20 server should the backup willixcontinue to license users for 48 hours, after which all Chapter - Migr ation fail, to Window s 2003server and Citr MetaFrame XP licensing will Ongoing be lost. Administr ation of the Ser v er - Based Com puting

Chapter 21 -

Envir onment

The default Pa r t I Note V - Appendi x es

settings for pooled licenses will generally reduce the number of licenses a

needs, as such, the pooled count shouldn't be changed without a lot of Appendix A company - I nter netw or k ingand Basics thought about how it may change the license count available.

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Chapter Cit 13: Application Installation and 2 00 3 : Th e O ff icial Guid e ISBN:0072195665 by Steve Kaplan et al. Configuration McGr aw -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alizediscussed applicationso managem ent, r educe w ar e software applications to The purpose of the infrastructure far in this book is tosoft provide on the desktop, and mor e.

Overview

users. Whether these applications automate the organization (say, using ERP, MRP, or CAD/CAM), < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?>for them (with such things as accounting applications, word provide recordkeeping and documentation Taprocessors, ble o f Con t en ts spread sheets, document management, and so on), or allow the organization to Citr ix MetaFr am eeffectively Access Suite for Window s Ser v er 2003—The Official Guide communicate (through e-mail, printing, file sharing, or presentation software), applications

have critical to a vast majority of organizations and their users. Without applications, there is For eworbecome d nooduction need for IT infrastructure of any kind. I ntr Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Since all enterprise organizations (as well as a large majority of small- and mid-sized businesses)

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 -applications that fill these needs, the debate comes down to how to most effectively and today have Enterpr ise

cost-efficiently build sanTer ITminal infrastructure Chapter 2 - Window Ser vices that provides these applications to users that need them.

Additionally, many organizations, as they have grown and become more diverse, desire to deploy - Citr ix MetaFr am e Access Suite these applications to a wider set of users with fewer constraints.

Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise At the core Chapter 4 -of the on-demand computing (ODC) value statement is providing these applications to I mplem ent ation

users anytime, anyplace, from any device. Of course it goes without saying that the users must be able - Ser ver - Based Computing Data Center Architect ure to run the applications without delay, slowness, or problems, and with the latest base of available Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing features. We have made the argument throughout this book that server-based computing (SBC) Chapter 7 at - all TheofClient onment succeeds theseEnvir far more efficiently than standard client-server computing. There is one large Chapter - Securityapplications have to work in the SBC environment. If the applications don't run as caveat 8though—the Chapter - Netinwan or kSBC Managemen t well, or9better, environment as they do from a desktop PC, then the SBC project will fail. Pa r t I I this I - Im ple m ing a n Othat n-D eapplication m a nd Se r veinstallation r - Ba se d Com pu ti ng Envi r onm eisntthe fulcrum upon which any With said, it ent is obvious and configuration Chapter 10 Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment server-based computing project will swing from success to failure. Chapter 5

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapters andver 11Configur both discussed a am pilot or test environment Chapter 12 10 - Ser ation: Citrbuilding ix MetaFr e Presentation Ser ver prior to making any significant

investment SBC infrastructure. significant Chapter 13 -inApplication I nstallationThe andmost Configur at ion reason for the test environment is to ensure that an organization's applications run effectively in an SBC setting. Although chances are good that most, if not all, of your applications will run in an SBC environment because of Microsoft's push to make Chapter 15 - Pr ofiles, Policies, and Pr ocedu res application developers want the Windows 2000 and 2003 certifications, there are still older Chapter 16 - Securing Client Access applications, or poorly written ones, that remain at the core of many organizations. The success of any Chapter 17 - Net wor k Configur at ion SBC project depends largely on whether these applications can be fixed, upgraded or replaced, run in Chapter 18 - Pr int in g hybrid mode (run locally on some users' machines while all other applications are run from the server) Chapter 19 - of Disaster andtoBusiness Continuity in access the SBCitEnvir onment If none of these are an for a period time, orRecovery relegated a kiosk where users as needed. Chapter 20 Migr ation to Window s 2003 and Citr ix MetaFrame XP option, the project simply can't go forward. Chapter 14 - Client Configur ation and Deploym ent

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

onment This chapter Envir will focus on how applications are installed in an SBC environment, the applications' Pa r t I V Appendi x es requirements, some tricks to making non-conforming applications work, application optimization, Appendix I nterchecklists netw or k ing specific A tips- and forBasics common applications, and application testing methodology. Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

The installation and testing presented iniption this chapter is not only critical at implementation, Appendix C - Creating an On-methodology Dem and Enterpr ise Subscr Billing Model but throughout the life of the server-based environment. All application installation and updates, even minor hotfixes, must be subjected to a strict systematic installation and testing methodology.

I ndex

List of Figur es List of Tables

List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver ApplicationCitStrategies 2 00 3 : Th e O ff icial Guid e

by Steve an Kaplan al. The idea behind building SBCetenvironment in the first placeISBN:0072195665 is to provide a means of distributing McGr aw © 2003 pages) common applications to -Hill users that (724 is low in cost and complexity, but high in functionality and performance. It isThis important toplains keephow this to "end state" in mind when and selecting or writing applications to be guide ex build a r obust, reliable, scalable thinclient com puting onment run in an SBC environment. An application thatenvir is not stableand in adeploy traditional distributed computing Windows Windows 2003 Ser v er and computing. MetaFr am e. In Also network isn't likely to work 2000/ any better under server-based fact, it may exhibit new learn t o centr alize application managem ent, r educe soft w ar e problems. It is also critical to take the client environment into account. If both PCs and Windows on the desktop, and mor e. terminals are being evaluated, the capabilities and user experience of each are quite different and will < ?xm l version= " 1.0" functionality. encoding= " I SO- 8859- 1" ?> affect application Ta ble o f Con t en t s Citr MetaFr am einstallation Access Suite forupdates, Window seven Ser v er 2003—The Official Allixapplication and minor hotfixes, must Guide be subjected to a strict systematic

installation and testing methodology. From a high level, we suggest the following methodology: For ewor d I ntr oduction 1. Identify and confirm the requirement for the installation, update, or hotfix. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

2. Research the manufacturer instructions for the I ntr oducing Ser ver -Based Com putingand andwarnings th e On- Dem and software to be installed.

Chapter 1

-

Enterpr ise 3. If is simply hotfixSer orvices software update, utilize MetaFrame Installation Manager (IM) to Chapter 2 the- fix Window s Teraminal

current version of the software from the test environment. Reinstall the Chapter unpublish 3 - Citr ix(uninstall) MetaFr am the e Access Suite original application using IM. Although this process may seem unnecessary, it is critical, as it ensures a common starting point when the update is propagated to other servers. Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 4

-

I mplem ent ation

4. Install the application in the test environment.

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6 Chapter 7

- Run Designing Your Netw or k for Ser verBased Com put ing any postinstallation scripts or application compatibility tests. - The Client Envir onment

Chapter 8

- Configure Security the application.

Chapter 9

- Net w or k Managemen t

5. Perform the testing algorithm recommended in the "Application Testing Procedure" section of this chapter.

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Make Ser verany Configur ation: fixes, Windows Ter mchanges, inal Serv ices necessary registry or optimizations. Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

6. Following full testing, use IMand to publish application to one production server. If it is an update Chapter 13 - Application I nstallation Configurthe at ion utilize the IM image includes Chapter or 14 hotfix, - Client Configur ation and that Deploym ent the full uninstallation and reinstallation as recommended in Step 3.

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Access 7. Re-perform theClient testing algorithm. Chapter 17 - Net wor k Configur at ion

8. Publish to in the Chapter 18 - Pr int g remaining required production servers. Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Application Features and Requirements

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir onment We have created the following list of features and requirements to aid you in the application selection Pa r t I V Appendi x es process: Appendix A - I nter netw or k ing Basics

Applications should and perform well in a Analysis traditional, distributed computing environment. Appendix B - Creating an be On-stable Dem and Enterpr ise Financial Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

The application should have stated support from the manufacturer. In the early days of serverbased computing technology, application support was hit or miss (more miss than hit). With List of Figur es Windows 2000 Server, and now Windows Server 2003, however, in order for a software package List ofto Tables gain the Microsoft Windows Certification, the application must also support execution under List ofTerminal Case Studies Services. As such, multiuser support has become the norm rather than the exception. I ndex

List of Sidebars

Ideally, an application should execute in multithreaded fashion and make efficient use of memory and CPU resources when running in a multiuser environment. Note that this precludes DOS and all 16-bit applications, although there are tricks we will discuss later in this chapter that may allow them to limp by. The use of multimedia in applications should be kept to an absolute minimum. Sound, graphics, or video should be limited to mission-critical features only, because the complexity and cost of the

extra network bandwidth consumed by these features must be justified. The application should make the most use of the Windows printing system and be as efficient as Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver possible in the creation and distribution of print jobs. Here again, we issue a warning regarding 2 00 3 : Th e O ff icial Guid e graphic-intensive programs: they typically generate enormous print files that then travel over the ISBN:0072195665 by Steve Kaplan et al. LAN or WAN to the printer. This must be taken into account when planning for the management of McGr aw -Hill © 2003 (724 pages) the available bandwidth. This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Application Optimization

We discuss the process of installing and configuring applications in later sections. But first, it is necessary to"address some specific optimization issues for the following categories of applications. < ?xm l version= 1.0" encoding= " I SO- 88591" ?> Ta ble o f Con t en t s

DOS andam16-Bit Applications Citr ix MetaFr e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

In order for a DOS or 16-bit application to run under Windows NT 4.0, a separate resource pool must be created for that program. This is due to the fact that such applications cannot share memory in the Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g same way as 32-bit programs that were created specifically to run on Windows NT. This resource I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter pooling1program is called "ntvdm" for "NT Virtual Dos Machine." It uses the partitioning capability of the Enterpr ise Intel architecture to create a virtual 8086 environment in which each DOS program can run. When Chapter 2 - Window s Ter minal Ser vices running a DOS or 16-bit Windows program on Windows NT, ntvdm will show up as the executable in Chapter 3 - Citr ix MetaFr am e Access Suite the task manager, rather than the program executable itself. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion I ntr oduction

Pr epar ing Your Or ganization for an OnDem2003 and Enterpr Note 2000 Server and Windows Server do notise effectively support ntvdm, so if DOS Chapter 4 Windows I mplem ent ation Chapter 5 Chapter 6

or 16-bit applications are required, plan to build a Windows NT 4.0 TSE/MetaFrame XP - Ser ver - Based Computing Data Center Architect ure server environment and dedicate it to running these applications. - Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

BecauseCthese older programs share they do not scale well. We have seen Appendix - Creating an On- Demcannot and Enterpr iseresources, Subscr iption Billing Model

environments in which an application was being migrated from an older 16-bit version to a newer 32-bit version. The 16-bit program took two to three times the resources of its newer 32-bit cousin. We List of Figur es realize these older programs may still be required, particularly as part of a migration effort, but every List of Tables effort should be made to phase them out completely. I ndex

List of Case Studies

List of Sidebars DOS Program Keyboard Polling Another feature to look out for with DOS programs is keyboard

polling. Most DOS programs were written to run in a single-user environment, and data entry screens typically do nothing until the user presses a key. In order to respond as quickly as possible, the program polls the keyboard, sometimes hundreds or thousands of times per second. In a multiuser environment this can wreak havoc with system performance. Even though Windows NT runs ntvdm to give such a program its own resource pool, it must still grant access to hardware components such as the keyboard, mouse, and video. In some cases, the keyboard polling can be adjusted to more reasonable levels by using a standard command like DOSKBD or a third-party utility such as Clip2F or

Tame. If the DOS program will not respond to limiting the keyboard polling, it should not be used in an SBC environment. A problematic DOS application will often consume 100 percent of the available resources on a MetaFrame XP server. Again, are not available under Windows Cit rix Me t aFra m e Access SuDOS it e fokeyboard r W in do wutilities s Ser ver 2000 Server or Windows 2003, soeWindows NT 4.0 TSE must be used to run a DOS 2 00 3 : ThServer e O ff icial Guid application. ISBN:0072195665 by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

Tip The DOSKBD (or other similar utility) can be run from the autoexec.nt file that is accessed for This guide ex plains how to build a r obust, reliable, and each DOS session. The autoexec.nt file is specified with the PIF editor. Issuing the following scalable thin- client com puting envir onment and deploy command at the command prompt canSer collect initial statistics on the DOS application: Windows 2000/ Windows 2003 v er and MetaFr am e. Also DOSKBDlearn /StartMonitor t o centr alizeSOMEPROG.EXE application managem ent, r educe soft w ar e on the desktop, and mor e.

32-Bit Applications and the Registry < ?xm l version= " 1.0" encoding= " I SO88591" ?> Ta ble o f Con t en t s

Just because an application is written to be 32-bit does not mean it makes effective use of the registry. It is important that such an application use the registry to store its settings for a variety of reasons.

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

I ntr oduction Application packaging is much simpler when all changes made by the installation process are Pa r t I stored - Ov er vi of Ente r prgroup ise Se rof veregistry r - Ba se d keys. Com put in g ineaw particular

Chapter 1

-

Chapter 4

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

The application Enterpr ise installation process in Terminal Services (change user /install) makes a copy of the2 registry changes that an install Chapter - Window s Ter minal Ser vices program generates for each user (HKEY_CURRENT_USER). If an application uses an INI file incorrectly writes user-specific information to the Chapter 3 - Citr ix MetaFr am e Access or Suite key, Solut it is problematic to get that application functioning in a multiuser Pa r t I HKEY_LOCAL_MACHINE I - De signi ng a n Ent e rpr i se SBC ion environment. Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Custom Chapter 5 -Applications Ser ver - Based Computing Data Center Architect ure Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Many custom applications work quite well in an SBC environment. Such applications should be 32-bit - The Client Envir onment and avoid hard-coded values for elements such as network paths or data sources. Keep in mind any Chapter 8 - Security library dependencies such as those required by Visual Basic, too, since these libraries will have to be Chapter 9 - Net w or k Managemen t installed with the applications on each Terminal Server in the farm. Chapter 7

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing Deploying information an Enter pr ise Envir onment An application should write alland user-specific toSBC the HKEY_CURRENT_USER registry key Chapter - Ser ver Configur ation: to Windows Ter m inal Serv ices and all 11 global system information the HKEY_LOCAL_MACHINE key. Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rixConfiguring Me t aFra m e Access Su it e fo r W in do w s Ser ver Installing and Applications 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve Kaplan Since the operating system needsettoal.allow multiple users to run and access applications (and thus McGr aw -Hill simultaneously, © 2003 (724 pages) a program must be installed in such a fashion that the application registry settings) registry changes This are replicated for all users. There are two basic methods for installing an application guide ex plains how to build a r obust, reliable, and thinenvir onment deploy on a MetaFrame scalable XP server toclient causecom thisputing replication to takeand place. The recommended method is to use Windows 2003 Ser v er and MetaFr amThe e. Also the Control PanelWindows and run 2000/ the Add/Remove Programs application. other is to run the change user learn t o centr alize application managem ent, r educe soft w ar e /install and change user /execute commands from a command prompt. on the desktop, and mor e.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Using Add/Remove Programs

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

The advantage to installing an application using Add/Remove Programs from the Control Panel is that it creates the "shadow key" properly in all cases. The Add/Remove Programs application monitors I ntr oduction changes to the HKEY_CURRENT_USER key and saves them in the shadow key. This key is then Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g propagated to each user, as shown in Figure 13-1, so that they may have unique settings for that I ntr oducing Ser ver -Based Com puting and th e On- Dem and application. Chapter 1 For ewor d

Enterpr ise

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Figure Shadow key propagation Chapter 13 - 13-1: Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Note Do not allow the system to reboot until after you click Finish in the Add/Remove Programs application to ensure that the shadow key information is safely written.

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

Using Change User /Install

Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Using the change user/install command works well most of the time, but we have seen that in some cases shadow key information is missed. For example, there is a known problem installing Internet Ongoing Administr ation of the Ser v er - Based Com puting Explorer Chapter 21in -this manner, but it works perfectly well using the Add/Remove Programs application. This Envir onment method involves opening a command prompt, typing change user /install, installing the application, Pa r t I V - Appendi x es then typing change user /execute. Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Appendix A - I nter netw or k ing Basics

Appendix Creating an method, On- Dem and Enterpr Analysis NoteB If- you use this make sureise youFinancial do not allow theModel system to reboot without first issuing Appendix C the - Creating On-/execute Dem and Enterpr ise Subscr Billing change an user command. If youiption do not issueModel the command, the system may not I ndex

properly record the changes to the registry.

List of Figur es

The Application Installation Checklist

List of Tables

List of Case Studies

List The of basic Sidebars procedure for installing applications on a Windows 2000 Server or Windows Server 2003

running MetaFrame XP is as follows: 1. Make sure you are logged onto the test server console as a member of the local Administrators group. 2. Reset any remote sessions with the Citrix Management Console. 3. Disable logons to the server using the Citrix Management Console (select Server | Properties |

3. MetaFrame XP settings, then uncheck the Enable Logons to this Server check box) to prevent users from logging in during the application installation. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

4. Run the Add/Remove Programs application and select the application's setup program to begin 2 00 3 : Th e O ff icial Guid e installation. ISBN:0072195665 by Steve Kaplan et al. McGr awthe -Hillapplication © 2003 (724 pages) 5. Click Finish after has completed installation and before the server reboots. This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy 6. If an application compatibility script exists, run it. Review the notes in the script and any "read 2000/ Windows 2003 then Ser v er and MetaFr am e. Also me" notesWindows on application compatibility, perform any other necessary steps. learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

7. At this point, the application is installed, and testing can begin.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Though Ta ble Note o f Con t en t s you can uninstall an application with Add/Remove Programs, we don't recommend

Chapter 11 or Installation Manager We recommend using the imaging outlined Citr ix MetaFrit.am e Access Suite for Window s Ser v er process 2003—The OfficialinGuide (discussed later in this chapter) to create standard server images including packaged applications. If an application needs to be removed, simply restore the image that was I ntr oduction current before the application package was installed or unpublish the application within Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g Installation Manager. Other methods can leave remnants of the application in the form of I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 leftover registry changes or library files that can cause problems with the system or with Enterpr ise other applications. Chapter 2 - Window s Ter minal Ser vices For ewor d

Chapter 3

- Citr ix MetaFr am e Access Suite

Postinstallation Changes

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Although a large I mplem majority ent ation of current applications run without a hitch in a Windows 2000 Server and Windows 2003 Terminal Services there Chapter 5 Server - Ser ver - Based Computing Dataenvironment, Center Architect ure remain some older and more rogue applications that simply aren't designed appropriately. For theingolder applications, a bit of tweaking may Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put be needed after installation on the MetaFrame XP server using the Add/Remove Programs application Chapter 7 - The Client Envir onment or the command-line method. Most postinstallation changes provide necessary changes to userChapter 8 - Security specific program settings, or library file locations. Chapter 9 - Net w or k Managemen t Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

As multiuser environments have grown increasingly popular, some application vendors have created fixes to make their applications work in a Terminal Services environment. An application compatibility Chapter - Ser ver ation: Windows Tertomthe inal operating Serv ices system that are necessary for a specific script is11a batch file Configur that makes any changes Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation ver of Application Compatibility application to function in a multiuser environment. There are twoSer types Chapter 13 Application I nstallation and Configur at ion Scripts: Install and Logon. Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Chapter 14 - Client Configur ation and Deploym ent Chapter Install15Scripts - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access

The two17main functions of theatInstall Script are to remove any inappropriate changes to the Chapter - Net wor k Configur ion

HKEY_LOCAL_MACHINE registry key, and to verify that the logon scripts are correct. An Install Script will first verify that the root drive has been properly specified. If it has not, the script will open the Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment ROOTDRV2.CMD file so it can be specified. If the root drive has been specified, it proceeds to correct Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP inappropriate writes to HKEY_LOCAL_MACHINE as well as perform any other necessary cleanup Ongoing Administr ation of the Ser v er - Based Com puting Chapter - the application run correctly. Finally, it adds a call to the USRLOGN2.CMD file that will work to21 make Envir onment call the appropriate Logon Script for the application. Pa r t I V - Appendi x es Chapter 18 - Pr int in g

Appendix A - I nter netw or k ing Basics

Logon Scripts

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating On-scripts Dem andare Enterpr ise Subscr iption problems Billing Model As the name implies, an these designed to correct with the user logon environment, I ndex either with the HKEY_CURRENT_USER key, the user's home directory, or user-specific application List of FigurThe es USRLOGN2.CMD batch file calls the application Logon Scripts. This script is called by settings. List Tables theofmain logon file, USRLOGON.CMD. USRLOGON.CMD is responsible for creating the RootDrive

variable used by all logon scripts to identify the user's home directory. List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Thel version= RootDrive variable defines both the1"user's home drive and the home path and can be used < ?xm " 1.0" encoding= " I SO8859?> instead of the UNC path defined in the user properties of the Computer Management utility. Use of the Ta ble o f Con t en t s

drive letter am is preferable because the user will have access to directories above the directory where Citr ix MetaFr e Access Suite for Window s Ser v ernot 2003—The Official Guide the home drive is mapped.

For ewor d

I ntr oduction

Softricity SoftGrid for Terminal Servers

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

It is important to noteisethat a useful third-party tool is available to resolve some of the typical application Enterpr installation problems application compatibility, DLL conflicts, and Windows registry conflicts. Chapter 2 - Window s with Ter minal Ser vices Softricity (www.softricity.com/products/) offers a product called SoftGrid for Terminal Servers that Chapter 3 - Citr ix MetaFr am e Access Suite dramatically changes the application installation and deployment approach. With the SoftGrid solution, Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion applications are never installed on the Terminal Servers. run inside Softricity's Pr epar ing Your Or ganization for an OnDem andInstead, Enterpr applications ise Chapter 4 SystemGuard virtualent environment, which protects the computer's operating system from any I mplem ation alterations theComputing application to run intact. Chapter 5 -and Serenables ver - Based Data Center Architect ure Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

SystemGuard is a virtual run-time environment within which an application executes. It maintains the - The Client Envir onment integrity and reliability of the operating system by shielding it from change that is normally created by Chapter 8 - Security the application as it is installed and run. However, since the applications execute locally, access is still Chapter 9 Net w or k Managemen t available to- all local services including cut and paste, OLE, printing and network drives. Chapter 7

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect and Deploying an with Enter pr iseor SBC Envir onment We recommend thatManaging enterprise environments 1000 more users consider Softricity or other similar 11 solutions to reduce complexity testing required Chapter - Ser ver Configurthe ation: Windowsand Ter m inal Serv ices on Terminal Servers providing large

numbers Chapter 12 of- applications. Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Installation Tips

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Though16it is- impossible to provide Chapter Securing Client Accessinstallation tips for all common applications, we thought it would be appropriate include a few toatset Chapter 17 - to Net wor k Configur ion expectations. There is a wealth of information about application configurations Chapter 18 - Pr on int inthe g Citrix web site (http://support.citrix.com). We have found the online knowledge center (Citrix's knowledge baseand andBusiness user forums) to beinparticularly useful, as it contains many Chapter 19 - Disaster Recovery Continuity the SBC Envir onment

technical from usersson application and Chapter 20 notes - Migr ationother to Window 2003 and Citr ixdifficulties MetaFrame XPthe methods used to fix or work around them.

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

The following examples show the format for application installation and configuration checklists. They are provided both as an example of the process of installing an application under MetaFrame XP and Appendix A - I nter netw or k ing Basics as a suggestion for recordkeeping purposes. Pa r t I V - Appendi x es

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Appendix C - Installation Creating an On-Instructions—Installing Dem and Enterpr ise Subscr iption Microsoft Billing Model Example

Office XP on Windows Server 2003 for Use in a Terminal Services/MetaFrame Environment

I ndex

List of Figur es

List Tables Forofthe purposes of providing an example of a common application installation in a Terminal Services List of Case Studies environment, we will utilize our fictional case study, CME Corp introduced in Chapter 10, as an List of Sidebars example. CME Corp, a medical device manufacturer with 3000 employees worldwide, will be

deploying Microsoft Office XP. In order to install Office XP in the Terminal Services environment, a Microsoft Transform file (MST) will be used for installation. The MST file allows for full customization of the install, including configuration of the Outlook profile with a user-specific profile.

Note Unlike Office 2000, Office XP does not require a special transform to install Office on a Terminal Services-enabled computer. Office XP Setup detects that it is being run under Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Terminal Services and it preconfigures all the proper options. Because a transform file 2 00 3 : Th e O ff icial Guid e allows a custom configuration, including Outlook Profile configuration, we will cover the ISBN:0072195665 by Steve Kaplan et al. custom transform file setup in this section. McGr aw -Hill © 2003 (724 pages)

Thisthe guide ex plains how to build a r obust, reliable, and To install Office, do following:

scalable thin- client com puting envir onment and deploy

administrative installation of Office 1. Create anWindows 2000/ Windows 2003 Ser v erXP. and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

2. Install the on Microsoft the desktop, Officeand XP mor Resource e. Kit. The ORK can be downloaded from www.microsoft.com/office/ork/xp/appndx/appa04.htm .

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

3. Create a custom Microsoft Transform file.

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor 4. dExecute the Microsoft Office XP installation program to install Microsoft Office XP. (CME Corp

will use Installation Manager as described later in this chapter, and thus will need to add the I ntr oduction package to Ente the CMC.) Pa r t I - Ov er vi e w of r pr ise Se r ve r - Ba se d Com put in g I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 Installation Note of Office XP on a Terminal Services-enabled system requires the use of the Enterpr ise

mode configuration. A computer configured for Remote Administration Chapter 2 Application - Window s Server Ter minal Ser vices

is not recognized by Suite Office XP Setup and installs Office XP as if it were being installed Chapter 3 mode - Citr ix MetaFr am e Access to a generic workstation.

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter Creating 4 an - Administrative Installation of Office XP To create an administrative installation of Office I mplem ent ation

XP, run the setup program with a /a switch and choose an installation directory on an easily accessible - Ser ver - Based Computing Data Center Architect ure network share. For example, from the desktop of any Windows 2000 Server machine in the Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing environment, click Start | Run, and then type setup.exe /apath\name SHORTFILENAMES=TRUE Chapter 7 - The Client Envir onment /qb /L* path\name of log file. Chapter 5

Chapter 8

- Security

Chapter The following 9 - Net are w or various k Managemen command-line t options available: Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

/a Enables Windows Installer to perform an administrative installation of a product on a network share.

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

SHORTFILENAMES=TRUE Directs Windows Installer to create all filenames and folders with MSChapter 14 - Client Configur ation and Deploym ent DOS-compatible filenames. Required when you run Windows Installer from the command line.

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access

Chapter /qb17Sets - Net thewor user k Configur interface at ion to the basic level (simple progress and error handling). Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

/L* Turns on logging and sets a path for the log file. The * flag causes the switch to log all

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP information. Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I path\name V - Appendi xof es log

file Path and filename of the Windows Installer log file.

Appendix A - I nter netw or k ing Basics

Installing the Office XP Resource Kit The Office XP resource kit can be downloaded from www.microsoft.com/office/ork/xp/appndx/appa04.htm . Install it accepting all of the defaults.

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

I ndex Creating a Custom Office XP Terminal Services Transform File After installing the Office XP List of Figur es Resource Kit, we are ready to create a custom Microsoft Terminal Server Transform (MST) file with List Tables Installation Wizard for CME's environment. We will later use this file with Installation theofCustom List Manager of Caseto Studies deploy Office XP to all current and future MetaFrame Servers. List of Sidebars

To create and configure a custom Microsoft Office XP Terminal Services Transform file: 1. Click Start | Programs | Microsoft Office Tools | Microsoft Office XP Resource Kit Tools | Custom Installation Wizard. Click Next to go forward with the installation. 2. Click the Browse button. 3. Browse to the PROPLUS.MSI file (this filename will be different for the Premium or Standard

3. versions of Office XP) located on the administrative installation share and click OK, then click Next. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

4. Select Create a new MST file and click Next. 2 00 3 : Th e O ff icial Guid e

by Steveand Kaplan et the al. file TERMSRVR.MST toISBN:0072195665 5. Select a location name save the new MST and click Next. McGr aw -Hill © 2003 (724 pages)

6. Specify theThis Default path and the Organization guideinstallation ex plains how to build a r obust, reliable,name and and click Next. scalable thin- client com puting envir onment and deploy Windows Windows Ser v er and versions MetaFr amas e. part Also of the Office XP install and 7. Specify if you want 2000/ to uninstall any2003 previous Office click Next.learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Select" 1.0" the features that you8859do not want to install and click Next. (Set the installation state of the < ?xm l8.version= encoding= " I SO1" ?> selected feature to Not Available, Hidden, or Locked. Select the Do Not Migrate Previous Ta ble o f Con t en t s Installation State check box.) Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

Note The Do Not Migrate Previous Installation States check box must be selected for each feature that is set to Not Available, Hidden, or Locked. Carefully choose which Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g features to install. Features like animation and the office assistant should notbe I ntr oducing Ser ver -Based Comcause putingunnecessary and th e On- Dem andon the server. installed, since they can strain Chapter 1 I ntr oduction

Enterpr ise

Chapter 2 - Next Window Terfollowing minal Ser screens, vices 9. Click on sthe making any customizations appropriate. Chapter 3 - Citr ix MetaFr am e Access Suite

the Outlook customize the Pa r t10. I I - On De signi ng a n EntScreen: e rpr i se SBC Solut ion

Default Profile page, choose New Profile, and name the profilePr %username%, click Next. epar ing Your Orthen ganization for an On- Dem and Enterpr ise Chapter 4 I mplem ent ation 11. Select Configure anComputing ExchangeData Server connection Chapter 5 - Ser ver - Based Center Architectand ure enter an Exchange Server name, then click Next. Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing Chapter 7 - Customize The Client Envir onmentOutlook Profile and Account Information. 12. Click Additional Chapter 8 - Security

13. Click choose Outlook Address Book, then click Next and Finish on the Add Account Chapter 9 - Add Net wand or k Managemen t Pa r t I I I -Wizard. I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

14. Click Next.

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ix MetaFr e Presentation Ser veruntil the wizard is complete. 15. Continue to click Nextation: whileCitr making anyam appropriate changes Chapter 13 - Application I nstallation and Configur at ion

Executing Microsoft XPDeploym Installation Chapter 14 -the Client ConfigurOffice ation and ent Program For basic installation to one server, use the Add/Remove or change as described earlier in this chapter and click Start | Chapter 15 - PrPrograms ofiles, Policies, and Pruser ocedu/install res Run, then setup.exe /qb. Click OK. Chapter 16 type - Securing ClientTRANSFORMS=C:\TERMSRVR.MST Access Chapter 17 - Net wor k Configur at ion

To install this application to multiple servers, please see the "MetaFrame Installation Manager" section later in this chapter.

Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Managing the Application List Ongoing Administr ation of the Ser v er - Based Com puting

Chapter 21 -

Envir onment

Before launching into the application test process, it is important to have a controllable list of applications targeted for production. The list should be as small as possible but still have Appendix A - I nter netw or k ing Basics representative applications in any category that your company needs to use. What must be avoided is Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model a lack of standardization within a category. For example, a large organization may be using both Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model Microsoft Office 2000 and Office XP. Make every effort to choose one application (or suite, in this case) I ndex for deployment in the SBC environment. It will reduce complexity, ease support, and cause less List of Figur es confusion to the user community. Pa r t I V - Appendi x es

List of Tables List of Case Studies

Application Testing Procedure

List of Sidebars

Each application should go through two phases of testing—component testing and system testing—in order to assess how it functions running by itself and as part of a fully configured server. The strategy is to have as much breadth and depth of testing coverage as is practical, given the realities of most fast-paced corporate IT departments. The effort of creating and refining an application testing process is worthwhile. Over time, the IT staff will become fast, proficient, and confident at running the tests.

Component Testing

This phase of testing is designed to exercise an application running by itself in a multiuser environment. This can be especially important with applications that were not written specifically for Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver this environment,2do not have application-compatibility scripts, or are older DOS or 16-bit applications. 00 3 : Th e O ff icial Guid e ISBN:0072195665 by Steve Kaplan et al. Generic Functions The generic functions of the component test phase are functions that are McGr aw -Hill © 2003 (724 pages) common to most applications. Examples of generic functions are Execute (run the program), Exit, Fileguide ex plains to build of a rgeneric obust, reliable, andis important to ensure the Print, File-Open, This and Cut and Paste.how Coverage functions thin- client com puting envir onment and deploy application worksscalable as expected in a multiuser environment. One test list can be created that will cover Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also every application learn slated deployment, or at managem least broad ofwapplications. Not every test on t ofor centr alize application ent,categories r educe soft ar e the list will apply, on butthe running theand testmor list e. is important nonetheless. desktop,

< ?xm l version= " 1.0" encoding= " I SO- 88591" ?> Specific Functions As the name implies, these are functions that are specific to each application. At Taleast ble oone f Con t enlist t s should be created for each application to cover specific functions. Examples are test Citr ix MetaFr am e Access Suite for Window s Ser vcreating er 2003—The running a custom macro in Microsoft Excel, a newOfficial projectGuide in Visual J++, and changing the For eworsaturation d color in Adobe Photoshop. I ntr oduction Pa r t I - Ov erTesting vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g System

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

The system-testing Enterprphase ise is designed to ensure that an application behaves predictably on a server loaded2with- other applications. This is also typically the phase that includes some load testing for Chapter Window s Ter minal Ser vices performance. A system test involves running the following steps: Chapter 3 - Citr ix MetaFr am e Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Run the component tests again on a fully configured server. Such a server has all the applications

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 -for production deployment loaded, the network connected, and is participating in a domain, slated I mplem ent ation

a server farm, load balancing. The idea is to set up Chapter 5 - Ser ver and - Based Computing Data Center Architect urean environment that is as close to the production environment as possible. - Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 6

Chapter 7 necessary - The Client Envir onment Test application integration functions—for example, database access through Microsoft Chapter 8 -cutting Security Excel, and pasting between applications, running a mail-merge macro in Microsoft Word, Chapter 9 - Netawcustom or k Managemen t or running client application that provides a front-end user interface to a legacy system. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Load application. Establish as many user as are likely to be used in production. Chapter 10 test - Prthe oj ect Managing and Deploying an Enter prsessions ise SBC Envir onment This either doneation: literally, or through or a commercial testing application covered Chapter 11can - Ser ver be Configur Windows Ter m scripting inal Serv ices inChapter 11. several run test on the application Chapter 12 - Ser verHave Configur ation:people Citr ix MetaFr amlists e Presentation Ser ver simultaneously. Chapter 13 - Application I nstallation and Configur at ion

Test the application using all targeted client environments. This includes not only desktop PCs, laptops, and Windows terminals, but also different points in the enterprise network and other Chapter 15 - Pr ofiles, Pr ocedu res different types ofPolicies, networkand connections. Chapter 14 - Client Configur ation and Deploym ent Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Anecdotal Testing Chapter 18 - Pr int in g

We have that aRecovery period ofand "beating on the application" all other formal testing has been Chapter 19 found - Disaster Business Continuity in the after SBC Envir onment done is20 often veryation useful. This type of undirected allows Chapter - Migr to Window s 2003 and Citr ix testing MetaFrame XP the testers to think "outside the box" and exercise Ongoing functionsAdministr that theation test-list creators notCom have thought of. Anecdotal testing is no of the Ser v ermay - Based puting Chapter 21 for - formal testing and should never be used as the sole testing method. substitute Envir onment Pa r t I V - Appendi x es

Test Lists

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

There isCno- secret to creating good lists,ise butSubscr thereiption is anBilling art to itModel that can only be mastered with Appendix Creating an On- Dem andtest Enterpr practice. The most important thing to remember is not to let "best get in the way of better." In other I ndex words, it isesbetter to start with a basic test list and make it better over time than to delay the test List of Figur process until the perfect test list is completed. The perfect test list will never be realized without List of Tables experience in the process. List of Case Studies List of Sidebars

We have provided an example test list as a starting point. Feel free to adapt it to other programs or even modify its structure to fit your needs. Table 13-1 shows a test list of generic functions that can be applied to most applications. In addition to this generic list, a more specific list should also be developed to ensure that a particular application's functionality has been fully tested. Table 13-1: Generic Functions Test List 1

Step 1

2

Test (Generic)

Expected Result

Description

Result

Pass/Fail

Notes

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver e O ff icial Guid e Launch2 00 3 : Th Click the The Application P ISBN:0072195665 Kaplan et al. Methodby SteveApplication application is McGr aw icon -Hill ©on 2003 #1 executes. executed. the(724 pages)

desktop. This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy LaunchWindowsClick Start | The Ser v er andApplication P 2000/ Windows 2003 MetaFr am e. Also centr alize application managem ent, Methodlearn t o Programs, application is r educe soft w ar e on the desktop, and mor e.executes. #2 the program executed.

group, and < ?xm l version= " 1.0" encoding= " I SO8859- 1" ?> the Ta ble o f Con t en t s application Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

name.

I ntr3oductionOpen a

Choose File |

The

The default I ntr oducing the Ser ver -Based Comlast puting On- Dem and dataand th e directory menu. Enterpr ise directory is was - Window s Ter minal Ser vices displayed. displayed.

P

Pa r t I - Ov erdocument vi e w of Ente r pr ise Sefrom r ve r - Ba se ddefault Com put Open orin g

Chapter 1 Chapter 2 Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

4 Chapter 5

Chapter 8

Print Choose File |DataCurrent Document - Seraver - Based Computing Center Architect ure document Print from document - Designing Your Netw or k for Ser ver- Based Comprinted. put ing the onment menu. prints in - The Client Envir full. - Security

Chapter … 9

- Net w or k Managemen t

Chapter 6 Chapter 7

Might want to run this test two more times to see which directory is displayed.

P

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

24 10 Exit Choose | The P Chapter - Pr oj ect Managing andFile Deploying an Enter pr iseApplication SBC Envir onment Method #1

Exit from the menu.

application exits.

is exited

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter - Application I Click nstallation 25 13 Exit the Xand in Configur The at ion Chapter 14 Method - Client Configur theation upperand Deploym application ent

Application is exited

P

right and corner exits. Chapter 15 #2 - Pr ofiles, Policies, Pr ocedu res

This method is faster.

of the main Chapter 16 - Securing Client Access application Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

window.

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Note the in the tables withXP information specific to the application Chapter 20 Substitute - Migr ation to generic Window information s 2003 and Citr ix MetaFrame being tested. Ongoing Administr ation of the Ser v er - Based Com puting

Chapter 21 -

Envir onment

Pass FailxStatus Pa r t I V - or Appendi es Appendix A - I nter netw or k ing Basics

Once a test list has been run, a report of the application, test lists, tests run, and the status can be generated. It is not unreasonable to expect an application to pass all tests before being considered for Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model production deployment. Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model I ndex List of Figur es Test Cycles List of Tables

All oftest listsStudies run on a particular application are considered one test cycle. Keep in mind, all tests may List Case notofpass. Following the test cycle, and after any fixes or corrections have been made, all test lists with List Sidebars failed tests should be run again. Once all the failed tests have passed, a final run of the entire suite of test lists is advisable to make sure nothing new was "broken" during this phase. This is often referred to as regression testing. The cycle repeats until all tests pass or until the pass percentage meets a predetermined acceptance level. Once all tests have passed or met the goal, the application can be considered a candidate for production deployment.

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver The Production Deployment Process 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve Kaplan et al. Once an application has completed the testing process, it is time to manage its deployment into the McGr aw -Hill © 2003 (724 pages) production environment. Unless extensive load testing was done before deployment, we recommend putting the application on one or justhow a few servers to begin with and This guide ex plains to build a r obust, reliable, andusing the ICA Passthrough thinputing envir deploy capability to directscalable users to theclient new com application, as onment shown inand Figure 13-2. You should also consider Windows user 2000/group Windows Ser v eremploying and MetaFrthe am e. Also having an "early adopter" that2003 can begin application before it is deployed learn t o centr alize application managem ent, r educe soft w ar e throughout the enterprise. A week or two of running the application in this manner can reveal any laston the desktop, and mor e. minute issues not discovered in testing, without unduly burdening the user community with problems.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Figure Deploying application few servers Chapter 10 - 13-2: Pr oj ect Managinganand Deployingtoana Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Sample Process Checklist for Application Deployment

Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

The following checklist provides a guideline for an application deployment process. Modify it to fit your organization and established procedures.

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access

1. A request for at application support is made to IT. Chapter 17qualified - Net wor k Configur ion Chapter 18 - Pr int in g

2. Verification that management has approved the application is completed.

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Chapter 20contact - Migr ation to for Window s 2003 and has Citr ix MetaFrame XP This person will be the point of contact 3. A person the application been identified. Ongoing Administr ation of the Ser v er - Based Com puting for communicating the application's status. Chapter 21 Envir onment Pa r t 4. I V -Review Appendiof x es the

application's specifications and requirements is done.

Appendix A - I nter netw or k ing Basics

Is the software 32-bit?

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Are Creating On- Dem and Enterpr ise Subscr iption Billing Model therean registry entries? I ndex List of Figur es If internally developed, are network paths hard-coded? List of Tables

Are there any system library dependencies?

List of Case Studies

List of 5.Sidebars Install the application on the test server. Document all steps of the install.

6. Perform any necessary software configurations for operation in a Terminal Services environment—for example, registry changes, INI file settings, file or directory modifications. 7. Create specific function test lists. Determine the suitability of generic function test lists and modify as appropriate. Create test lists for both component and system test phases. 8.

8. Begin Test Cycle 1. Perform component testing. 9. Repeat component testing until all tests have passed, or the pass percentage is acceptable. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

2 00 3 : Th e O ff icial Guid e 10. Begin system testing. Add the application to the last good server image that includes other ISBN:0072195665 Steve Kaplan et operating al. productionbyapplications and system modifications. Rerun component tests and add McGr aw -Hill © 2003 (724 pages) system tests. This guide ex plains how to build a r obust, reliable, and thin- client com puting envir onment Test and deploy 11. As part of scalable system testing, load-test the application. with a single user, (usually the contact Windows specified in Step 3).2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

12. Get five test users from the contact to run selected system test lists. Determine whether further load testing is necessary or8859if results < ?xm l version= " 1.0" encoding= " I SO1" ?> can be extrapolated from the five-user test. Ta ble o f Con t en t s

Repeat test Suite cycle for until all system have passed. Citr 13. ix MetaFr am ethe Access Window s Ser vtests er 2003—The Official Guide For ewor d

14. Turn over testing documentation and certification to production IT staff for installation.

I ntr oduction

Pa r t15. I - Ov er vi ethe w ofapplication Ente r pr ise on Se rone ve r - or Ba se d Com put in g Install two production

servers. Set up ICA Passthrough to make the

I ntr oducing Ser ver -Based Com puting and th e On- Dem available to the appropriate users. Monitor the and server's performance to ensure that Chapter application 1 Enterpr ise there are no utilization spikes or any other irregularities. Chapter 2

- Window s Ter minal Ser vices 16. Survey users to see application is performing properly. Chapter 3 - Citr ix MetaFr amife the Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

17. Schedule production deployment using a chosen distribution method (for instance, imaging or

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter Installation 4 Manager—covered later in this chapter). I mplem ent ation Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

18. Deploy the application.

Chapter 7 - one The week Client of Envir onment survey a sample of users to see if the application is performing 19. After production, Chapter properly. 8 - Security Chapter 9

- Net w or k Managemen t

Mass Deployment

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11application - Ser ver Configur ation: Windows Ter m inal Serv ices Once an has gone through the preceding installation and testing procedure, Step 17 calls for production deployment theixfarm to all who need Chapter 12 - Ser ver Configuracross ation: Citr MetaFr am users e Presentation Serthe verapplication. Obviously, in smaller

organizations, the installation of an and application two or three servers is often less time-consuming Chapter 13 - Application I nstallation Configuron at ion than the it would take ation to automate and implement the process. But, in larger enterprises, such as Chapter 14time - Client Configur and Deploym ent our case CME Policies, Corp, the installation of an application across 100 servers can be a daunting Chapter 15 study, - Pr ofiles, and Pr ocedu res task. In16 this- case, the investment in developing the automation and deploying it pays off very quickly. Chapter Securing Client Access We have deploy full suites of applications overnight across thousands of Chapter 17 seen - Netlarge wor k enterprises Configur at ion servers to thousands of users by utilizing one of the automation procedures we will detail here.

Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Imaging Software

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting As detailed Chapter 21 - in Chapter 11, Ghost and DeployCenter can be utilized to build a standard server Envir onment

installation image and clone that image to multiple other servers. This process is extremely useful for the initial builds of the servers, and for major rebuilds, but can be tedious for minor application Appendix A and - I nter netw or k ing (such Basicsas hotfixes and patches). For the purposes of server and application upgrades maintenance Appendix B Creating an OnDem and Enterpr ise we Financial Analysisthe Model maintenance and singular application installs, recommend use of MetaFrame Installation Appendix C Creating an OnDem and Enterpr ise Subscr iption Billing Model Manager. Pa r t I V - Appendi x es

I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver MetaFrameCitInstallation Manager 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve Kaplan et al.to automate the application Installation Manager (IM) is designed installation process and facilitate McGr aw -Hill ©MetaFrame 2003 (724 pages) application replication across XP servers throughout the enterprise. Although IM does not facilitate the initialThis server building and configuration process, it is quite guide ex plains how to build a r obust, reliable, and handy for software installation thinclient puting envir onment deploy and maintenance.scalable Through the usecom of IM, applications can and be distributed across multiple servers in Windows 2000/ Windows 2003 Ser v er and MetaFr am e. is Also minutes rather than days or weeks. MetaFrame Installation Manager bundled with MetaFrame XPe learn t o centr alize application managem ent, r educe soft w ar e and cannot be purchased separately. IMe.is fully integrated into the CMC. on the desktop, and mor

< ?xm l version=Installation " 1.0" encoding= " I SO-creates 8859- 1"a ?>central repository for software application packaging and MetaFrame Manager Tadistribution. ble o f Con t en ts Having a central repository that packages, distributes, and inventories applications aids Citr ix MetaFr am eby Access Suite for Window s Ser v er 2003—The Official Guide administrators For ewor d

Allowing all software to be managed in a single location

I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Allowing scheduling of application deployment/distribution during low server load times

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

ise AllowingEnterpr retention/tracking of all applications/versions contained in each server in the server farm

Chapter 2

- Window s Ter minal Ser vices If the farm is configured an application load-balanced architecture, IM allows for the rapid tuning Chapter 3 - Citr ix MetaFrusing am e Access Suite

and of aapplications the server Pa r t I Iplacement - De signi ng n Ent e rpr i se onto SBC Solut ion

groups, as well as ensuring consistency across all server types.Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 I mplem ent ation

IM Components

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7 - provides The Clientdetails Envir onment This section regarding the IM components. Chapter 8 - Security

Packager Chapter 9 - Net w or k Managemen t Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

IM Packager monitors application installation routines and records changes as installation commands in a script. The script file and application files are used to install the application on target servers in the Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices MetaFrame server farm. Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Chapter 13 Packager - Application I nstallation and Configur at ion Since the is primarily responsible for recording application installations, it is recommended Chapter 14 Client Configur ation and Deploym ent that Packager run in an environment that closely approximates the environment of the target servers. Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Installer Chapter 16 -Service Securing Client Access Chapter 17 - Net wor k Configur at ion

Installer Service interprets the ADF or MSI File in the package and installs the software on the target servers. In order for the package to execute on a server, the Installer Service must be installed and Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment running. Chapter 18 - Pr int in g

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir onment File Server

Pa r t I V - Appendi x es

A file server required store application packages that have been created by the Packager. A Appendix A - is I nter netw orto k ing Basics network Bshare must be file server with read-write permissions and be accessible to all Appendix - Creating an created On- Demon andthe Enterpr ise Financial Analysis Model servers using IM to install applications. Onceisea Subscr package is created and stored, the administrator can Appendix C - Creating an OnDem and Enterpr iption Billing Model deploy the package referencing the network share point to the target servers in the server farm.

I ndex

List of Figur es

Citrix Installation Manager Plug-In

List of Tables

List of Case StudiesManager Plug-In is a plug-in that works with the Citrix Management Console (CMC). Citrix Installation List of Sidebars Using the Citrix Installation Manager Plug-In, an administrator can

Schedule install and uninstall jobs View a job's status View packages Change package properties

Create server groups The ApplicationCit Packaging Process In creating anr application package, the administrator is granted rix Me t aFra m e Access Su it e fo W in do w s Ser ver three options: 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

Package Installation Recording Packager captures the procedures to install an application.

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy 2000/Program Windows Packager 2003 Ser v er and MetaFr am application e. Also Package an Windows Unattended prompts for the and associated learn t o centr alize application managem ent, r educe soft w ar e command-line parameters. This is for applications that can be installed without a user interface. on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Package Files Packager prompts for files and/or folders. Ta ble o f Con t enSelected ts Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

If the option Package Installation Recording is selected, the Packager prompts for the choice of adding Application Compatibility Scripts and/or Additional Files. It then records the installation of an application I ntr oduction and builds the package, which is stored in the network file share. For ewor d

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and If the option Chapter 1 - A Package for an Unattended Program is selected, the Packager requests the application Enterpr ise executable, optional command-line parameters, and any additional files. The executable, commandChapter 2 - Window Ter minal Ser vices line parameters, ands additional files are then compiled into a package and stored in the network file Chapter share. 3 - Citr ix MetaFr am e Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

If the option Package Files is selected, the Packager prompts for the files and/or folders. Pr epar ingSelected Your Or ganization for an OnDem and Enterpr ise These files and/or folders are collected and created as a package that is stored in the network file I mplem ent ation share. 5 - Ser ver - Based Computing Data Center Architect ure Chapter Chapter 4

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Figure 13-3 provides a conceptual design of the package-building process.

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

Figure The Chapter 18 - 13-3: Pr int in g conceptual design of a package-building process Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

The Job Ongoing Process Administr ation of the Ser v er - Based Com puting

Chapter 21 -

Envir onment

Pa Ar tjob I V is - Appendi a package x es that

has been scheduled for installation or uninstallation on target servers. The

process Ato -create a joborisk ing displayed Appendix I nter netw Basics in Figure 13-4. To create a job, the administrator selects a packageBto- be installed uninstalled. The Job window prompts for the target servers to process the Appendix Creating an or OnDem and Enterpr ise Financial Analysis Model job, the name of the job, andDem a schedule forise theSubscr job. Ifiption the administrator Appendix C - Creating an Onand Enterpr Billing Model chooses to execute the job immediately, the job is saved to IM and then immediately executed. If the administrator chooses to I ndex schedule List of Figurthe es job later, the job is saved to IM and executed at the scheduled time. List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9 - 13-4: Net w or k Managemen t Figure The IM job creation process Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

IM Installation Configuration Chapter 11 - Ser ver and Configur ation: Windows Ter m inal Serv ices

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

For our case study of CME Corp, we will plan to install Office XP across the entire server farm of 100 Windows Server 2003 Terminal Servers running Citrix MetaFrame XP FR-3.

Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Chapter The following 15 - Prtasks ofiles,were Policies, completed and Pr ocedu priorres to the installation of other components. Chapter 16 - Securing Client Access

Windows Server 2003 with MetaFrame XP FR-3 was installed and fully tested on the test server farm.

Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Chapter - Disaster Recovery and Business Continuity in the in SBC Envir onment All19 server fully qualified domain names were registered DNS. Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Since IM is part of MetaFrame XPe, of XPe the type of product version to install. The Ongoing Administr ation thewas Ser vselected er - Based as Com puting Envir onment MetaFrame installation was performed according to the instructions listed in Chapter 12.

Chapter 21 -

Pa r t I V - Appendi x es

The environment setuporshown in Figure 13-5 involves four servers. The configurations of the servers in Appendix A - I nter netw k ing Basics Figure 13-5 listed an in Table 13-2. Appendix B - are Creating On- Dem and Enterpr ise Financial Analysis Model

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Table 13-2: Server Configurations for Installation Manager

I ndex

List of Figur es List of Tables List of Case Studies List of Sidebars

Server Name

Operating System (OS)

Application and Function

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2Windows 00 3 : Th e Server O ff icial2003 Guidwith e MetaFrame IM Packager software packaging ISBN:0072195665 by XPSteve FR-3Kaplan et al. server McGr aw -Hill © 2003 (724 pages)

Server A Server B

Any accessible network file share

Network share point

Windows Server 2003 with MetaFrame

IM installer service and IM subsystem

This guide ex plains how to build a r obust, reliable, and scalable thinclient 2003 com puting envir onment and Management deploy Windows Server with MetaFrame Console Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also XPe FR-3 learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Server C Server D

FR-3 " I SO- 8859- 1" ?> < ?xm l version= " 1.0" XPe encoding= Ta ble o f Con t en t s

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter Figure 10 - 13-5: Pr oj ect Installation ManagingManager and Deploying serveranconfigurations Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

This environment operates by creating and storing packages on a network server file share (Server B). After the packages are created, the packages can be deployed to Servers A, C, and D, although in a Chapter 14 - Client like Configur andthe Deploym ent serving these roles should be dedicated to provide large environment CMEation Corp, machines Chapter 15 Pr ofiles, Policies, and Pr ocedu res the flexibility and bandwidth necessary. Chapter 13 - Application I nstallation and Configur at ion

Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Packaging Office XP for IM

Deployment

Chapter 18 - Pr int in g

Microsoft XP uses a Microsoft InstallerContinuity packagein(MSI) for unattended Chapter 19 Office - Disaster Recovery and Business the SBC Envir onmentinstallation. The MSI file for MS 20 Office XPation is PROPLUS.msi. We and will utilize the customXP transform file we created earlier in the Chapter - Migr to Window s 2003 Citr ix MetaFrame chapter.

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

To create a MetaFrame Installation Manager Package for Office XP, the following steps must be performed.

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

1. Create a folderanforOnOffice XP on the IM server (Server B). Appendix B - Creating Dem and Enterpr isenetwork Financialshare Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

2. Insert the MS Office XP CD or connect to a network share with Office XP.

I ndex

List of es a command prompt on Server A. 3. Figur Open List of Tables

4. Case Change drives to either the CD-ROM drive or the network share with MS Office 2000. List of Studies List of Sidebars

5. Type the following: msiexec /a PROPLUS.msi. 6. Enter the product code. 7. Enter the IM network share path (\\Server B\Office XP share)—the Office XP administrator installation files will be copied. 8. Copy the Termsrvr.mst file created earlier in the chapter to the IM network share path (\\Server

8. B\Office XP share) on Server B. Creating the Office XP Package The following steps should be performed in order to add the Office Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver XP MSI package 2(or any other MSI package) to the CMC. 00 3 : Th e O ff icial Guid e 1. Open the CMC. by Steve Kaplan et al.

ISBN:0072195665

McGr aw -Hill © 2003 (724 pages)

2. Expand the Installation Manager node.

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy

3. Right-clickWindows the Packages node. 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

4. Select AddonPackage. the desktop, and mor e.

< ?xm l5.version= 1.0"package encoding= " I SO- 8859- 1" ?> Enter "the name. Ta ble o f Con t en t s

Choose to add command-line parameters. Citr ix6.MetaFr am e Yes Access Suitetransforms for Windowor s Ser v er 2003—The Official Guide For ewor d

7. Add the Termsrvr.mst file.

I ntr oduction

Pa r t I - Ov er vi eMS w of Ente r pr Se r ve r - Ba seTarget d Com put in g Scheduling Office XPisePackage for Servers

The following steps detail the procedures

I ntr oducing Ser ver -Based Com puting and th e On- Dem and required Chapter 1 for- scheduling and installing the MS Office XP Package on target servers. Enterpr ise

1. Open the CMC.

Chapter 2

- Window s Ter minal Ser vices

Chapter 3 - Citr ix MetaFr am e Access Suite 2. Expand the Installation Manager node. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

3. Expand the Packages Pr epar ing Your Ornode. ganization for an On- Dem and Enterpr ise -

Chapter 4

I mplem ent ation 4. Right-click Office XP package. Chapter 5 - Ser verthe - Based Computing Data Center Architect ure Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

5. Select Install Package.

Chapter 8 - Security 6. Select the target servers on which the package will be installed. Chapter 9 - Net w or k Managemen t

Next. Pa r t 7. I I I -Click I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

8. Schedule a time to execute the package or execute the package immediately.

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 12 -Caution Ser ver Configur ation: Citr ix MetaFr am e Presentation ver by testing a small package Executing a package is bandwidth intensive.Ser Start Chapter 13 - Application I nstallation and Configur at of ionservers to get a feel for the load that will be put on targeted to a limited number the network. For Deploym larger server farms, schedule the execution for off-hours, and Chapter 14 - Client Configur ation and ent

executions over time to ensure the network can support the additional Chapter 15 - Pr ofiles,spread Policies,the and Pr ocedu res Executions over a WAN will require even greater planning and testing to Chapter 16 - Securingload. Client Access that the package will be fully executed prior to users resuming use of the Chapter 17 - Net wor kensure Configur at ion Chapter 18 - Pr int in gWAN. Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

9. Click Finish.

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting 10. Click Chapter 21 - OK. Envir onment Pa After r t I Vthese - Appendi steps x es are

completed, the CMC displays a Job entry for the Office XP package. The Job

entry states job name, status, Appendix A - the I nter netw or k ing Basicsand scheduled time. Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver ApplicationCitLicensing 2 00 3 : Th e O ff icial Guid e

by Steve Kaplan et al.we hear when discussing ISBN:0072195665 One of the most common questions server-based computing is this: How will McGr aw -Hill © 2003 (724 it change the licensing requirements ofpages) an organization's applications? The answer is simple: It won't—but it will make it easier to manage, track,a and add/delete Most application This guide ex plains how to build r obust, reliable, licenses. and scalable thinclient com puting and deploy manufacturers license their applications eitherenvir on aonment concurrent user basis, a per-computer basis, or a Windows 2000/ Windows 2003 and MetaFr am e. Also per-user basis. By having the applications and Ser anyv er application metering software centralized, learn t o centr alize application managem ent, r educe soft w ar e managing and reporting of application software is dramatically simplified. Although neither Windows on the desktop, and mor e. Server 2003 nor Citrix MetaFrame XP inherently track application usage or access, MetaFrame < ?xm l version= " 1.0" encoding= SO- 88591" ?> Resource Manager (included" I with MetaFrame XPe) provides a variety of tools and reports regarding Tauser ble oand f Con t en t s application usage. Additionally, tools from RES, Softricity, triCerat, and AppSense provide Citr ix MetaFr am e Access Suite for Window Ser v er 2003—The Official Guide robust application usage, metering, ands reporting. For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFraand m e Access Su it e fo r W in do w s Ser ver ApplicationCitAccess Security 2 00 3 : Th e O ff icial Guid e

by Steve of Kaplan et al. Following the installation applications, the security should beISBN:0072195665 configured to only allow specific group McGr aw -Hill ©applications 2003 (724 pages) access to applications. Some (for example, Office XP) will be provided to a large majority of users, whereasThis other applications, liketoaccounting and reliable, payroll software, should be tightly locked guide ex plains how build a r obust, and scalable thin- client com puting onment andisdeploy down. Locking down file permissions based onenvir group access an obvious way to lockdown an Windows 2000/ Windows 2003 Ser v er and am e. Also application, but this method is usually time-consuming, asMetaFr most applications have multiple learn t o centr alize application managem ent, r educe soft w ar e components like on registry entries, shared DLLs, and executable files. Additionally, many applications the desktop, and mor e. can be accessed through operating system holes or other applications such as web browsers. For < ?xm l version= " 1.0" encoding= SO- 8859?> Corp, we highly recommend the use of RES, triCerat, larger environments, like our" Icase study1"CME TaSoftricity, ble o f Con ts ort en AppSense utilities to provide a cleaner and more automated approach to locking down Citr ix MetaFr amand e Access Suite for Window s Serany v er non-authorized 2003—The Official Guide at accessing the application. applications their usage, while logging attempts For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Chapter Cit 14: Client Configuration and Deployment 2 00 3 : Th e O ff icial Guid e ISBN:0072195665

by Steve Kaplan et al.

As discussed throughout this text, server-based computing focuses the vast majority of IT work and expertise McGr aw -Hill © 2003 (724 pages) simplifies the client environment to the thinnest form possible. Delivery of on-demand computing requires tha This guide ex plains how to build a r obust, reliable, and configuration be instant and invisible to end users. The advances made by both Microsoft and Citrix over the scalable thin- client com puting envir onment and deploy trend of reducingWindows desktop 2000/ configuration, many to MetaFr nothing. Windows in 2003 Sercases v er and am Chapter e. Also 7 detailed the client choices; this discusses the configuration and installation of managem the clients. learn t o centr alize application ent, r educe soft w ar e on the desktop, and mor e.

ICA Client Options for Application Access

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Windows Server connections from the following types of clients: Citr ix MetaFrTerminal am e Access Suitewith for MetaFrame Window s SerXP v er accepts 2003—The Official Guide For ewor d

A device running a web browser (I.E. 5.0 or Netscape 3.7 or later)

I ntr oduction

Pa r t I A- Ov vi e w of Ente r pr ise or Se rRDP ve r - Ba se d Com put in g thinerclient running ICA clients

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Enterpr ise Windows operating system with an ICA or RDP client installed A PC running any

Chapter 2

- Window s Ter minal Ser vices A PowerPC Macintosh 68K Macintosh (ICA only) or a Macintosh running OS X with an ICA or RDP cl Chapter 3 - Citr ix MetaFr amor e Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

A PC running a Linux operating system with a windowing system and an ICA client installed

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

An IBM, HP, or SUN UNIX desktop running a windowing system with an ICA client installed Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter Any 6 number - Designing of tablet Your and Netw handheld or k for Ser devices ver- Based running ComWindows put ing CE, Pocket PC, or CE.NET with an RDP Chapter 7

- The Client Envir onment

A Java-enabled device (anything from a cell phone to a Linux appliance) running the ICA Java client - Security

Chapter 8

Chapter 9 - Net k Managemen The decision as wtoorwhich of theset client types an organization will use is dependant on their current network, Pa r t I I I - I m ple m ent whether ing a n O n-D e m aan nd organization Se r ve r - Ba se dwill Com ti ng Envi e nt a requirements, and or not bepurunning allr onm or just

few applications from the serve

Chapter - Pr oj ect Managing andinDeploying Enter pr14-1 ise SBC Envir onment Hybrid 10 environment is discussed Chapter an 7).Table compares the features of the ICA client option cho Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - MetaFrame Ser ver Configur Citr ix MetaFr am e Presentation Ser ver Table 14-1: XPation: Feature Release 3 ICA Client Comparison Chapter 13 - Application I nstallation and Configur at ion

Win32 CE Chapter 14 - Client Configur ation and Deploym ent P'cktPC 7.00 WBT Chapter 15 - Pr ofiles, Policies, and Pr ocedu res 7.00

7.00

Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

Java (applet only) 7.00

Mac OS X 6.30

Chapter 18 +- Graphics Pr int in g Display Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

16/256 colors

x

x

x

Linux X86 7.00

Solaris SPARC 6.30

256

x

x

x

x

16/24-bit color Ongoing Administr x ation of xthe Ser v er -xBased Com puting x

x

x

x

x

x

x

x

x

x

x

x

x

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Envir onment

than x es Pa rGreater t I V - Appendi

x

x

x

x

1280x1024 Appendix A - I nter netw or k ing Basics Appendix B cache - Creating an On-xDem and Enterpr ise Financial Analysis Memory x x x Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

Persistent cache

x

x

x

x

x

x

x

x

ListCompression of Figur es

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

List of Tables

Seamless windows

List of Case Studies

ListText of Sidebars entry prediction

x( [16]) x

x x

x

Panning

x

x

Scaling

x

x

x

Client Devices Local files

x

x

x

x

Local printers

x

x

x

x

x

x

x

x

manual

manual

manual

m

x

x

x

x

x

x

x

clipboard x s Ser v er 2003—The x x Guide CitrText ix MetaFr am e Access Suitex for Window Official

x

x

x

x

ForRTF eworclipboard d

x

x

x

x

x

x

x

x

x ( [11])

x ( [11])

x

x

x

x

Printer detect Cit rix Me tauto manual aFra m e Access Su it emanual fo r W in do wmanual s Ser ver 2 00 3 : Th e O ff icial Guid e

Universal Printer x by Steve Kaplan et al. Driver

x

ISBN:0072195665

McGr aw -Hill © 2003 (724 pages)

Universal PrinterThis guide xex plains how to build a r obust, reliable, and Driver 2 scalable thin- client com puting envir onment and deploy Serial ports

x

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also x alize application x x x ( [3])soft w arxe learn t o centr managem ent, r educe on the desktop, and mor e.

Audio (server to

x

x

x

Medium

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> client) Ta ble o f Con t en t s

x

x

x

I ntr oduction

clipboard x Se r ve r - Baxse d Com putx in g Pa rGraphics t I - Ov er vi e w of Ente r pr ise I ntr oducing Serxver -Based Com puting and th e On- Dem Middle1 button x and Chapter Enterpr ise

emulation

Chapter 2

- Window s Ter minal Ser vices

Connections Chapter 3 - Citr ix MetaFr am e Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Custom connections

x

x

x

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ationx NFuse (ALE) x ( [6]) x ([6]) x Chapter 5 - Ser ver - Based Computing Data Center Architect ure Chapter 4

-

x x(

[7])

[2])

x

x(

x

x

x

x

x

x

x

x

x

x

x

x

x

"Native" PN x - Designing Your Netw or k for Ser ver- Based Com put ing Chapter 7 - The Client Envir onment x PN Lite x Chapter 6 Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

PN Agent

x

x

x

Pa rTCP/HTTP t I I I - I m plebrowsing m ent ing a n O x n-D e m a nd Se x r ve r - Ba sexd Com pu ti ngxEnvi r onm e nt x

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Disconnect/reconnect

x

x

x

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

x

x

Chapter 12 - reconnect Ser ver Configurxation: Auto client ( [10]) Citr ixx MetaFr am xe Presentationx Ser ver Chapter 13 - Application I nstallation and Configur at ion

Roaming user reconnectx

x

Chapter 14 - Client Configur ation and Deploym ent

x

x

x

n/a

x

x

x

x

x

x

x

x

x

x

x

x

x

manual

manual

m

x

x

x

x

x

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Auto client Chapter 16 - update Securing ClientxAccess Chapter 17 - Net wor k Configur at ion

NDS credentials

Chapter 18 - Pr int in g

x

x

Ext. parameter x and Business x x x Envir onment x Chapter 19 - Disaster Recovery Continuity in the SBC passing Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr Content x ation of the Ser v er - Based Com puting x Chapter 21 publishing Envir onment Pa rContent t I V - Appendi es redir. xclient-

PN

manual

manual

x manual

Appendix svr A - I nter netw or k ing Agt. Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Content redir. svrclient

x

x

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

integration ListCDE of Figur es List(UNIX) of Tables ListSpeed of Case Studies browse

x

x

x

x

List of Sidebars

Packaging Web-install version

x

x [1])

Componentized

x(

ActiveX/Plugin/applet

x( [15])

x

x

x applet

Client object (ICO)

x

Signed packages Cit rix Me txaFra m e Access Su it e fo r W in do wxs Ser ver 2 00 3 : Th e O ff icial Guid e

Security

ISBN:0072195665

by Steve Kaplan et al.

Basic encryptionMcGr aw -Hillx © 2003 (724xpages)

x

x

This guide ex plains how to build a r obust, reliable, and 128-bit encryption x x x x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

scalable thin- client com puting envir onment and deploy Windows SOCKS 4 and 5Windows 2000/ x x 2003 Serxv er and MetaFr x am e. Alsox learn t o centr alize application managem ent, r educe soft w ar e and mor SSL (inc DNS on the desktop, x x e. x x x

resolution) < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s TLS

x

x

x

x

x

x

x

x

Proxy Discovery ForAuto ewor d

x

n/a

n/a

x

x

x

x

x

I ntr oduction

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x ( [12])

x ( [4])

x

x

x ( [12])

x ( [12])

x

x ( [13])

x

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Secure Proxy

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

NTLM ProxyI ntr oducing Serxver -Based xCom puting and x th e On- Dem and Enterpr ise Authentication

Chapter 1 Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Smart Card

x

x

Pa rInternational t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter - support Time 4Zone x x I mplem ent ationx Chapter 5 - Ser ver - Based Computing Data Center xArchitect ure x International x x Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing keyboards Chapter 7

- The Client Envir onment

Fr, Ger, Sp versions x - Security Chapter 9 - version Net w or k Managemen t Japanese x Chapter 8

x

x

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Unicode Keyboard Support

x

x

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter SDKs12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

OEM SDK

x

x

Chapter 14 - Client Configur ation and Deploym ent Chapter VC SDK 15 - Pr ofiles, Policies, x and Pr ocedu x res

x

x

x

x ( [13])

Chapter 16 - Securing Client Access

8 Medium only, and limited sound quality due to EPOC OS constraints

Chapter 17 - Net wor k Configur at ion

9 Applet Chapter 18 mode - Pr intonly in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

14 Just adds parameters to "InitialProgram" string, doesn't use Control VC

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

[16]Win32

7.0 client has support for .NET "rounded" corners.

[3]Windows

and Solaris only, using Cit rix Me t aFra m e third-party Access Su software it e fo r W in do w s Ser ver

[11]Provided [6]Requires

2 00 3 : Th e O ff icial Guid e

by local UNIXKaplan OS, where by Steve et al. necessary

ISBN:0072195665

McGr aw -Hill © 2003 (724 pages)

Internet and Pocket Explorer fixes from MS

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy MIME registration for IE 2003 Ser v er and MetaFr am e. Also Windows 2000/ Windows learn t o centr alize application managem ent, r educe soft w ar e [2]Not with Netscape 6 on the desktop, and mor e. [7]Automated

< ?xm version= " 1.0" encoding= " I SO- 8859- 1" ?> [10]l Not when embedded in web page, since Auto Reconnect is not supported by ICA Client Object Ta ble o f Con t en t s Citr [1]ix am e Access Suite for Window show Ser vto erremove 2003—The Officialfrom Guide A MetaFr white paper is available explaining modules the Win32 web client. For ewor d [15] I ntr oduction The download-and-run zero-install ActiveX control will be updated for version 7.0. There will be a full ver Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g [12]Linux x86 Fr, Sp versions at 6.0 functionality

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

[4]Fr, Ger, Sp versions of Solaris/Sparc, HP-UX and AIX clients at 3.0 functionality. Chapter 2 - Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

[5]Fr, Sp versions of SCO, SGI, Sol x86, SunOS, Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

and Tru64 clients have less than 3.0 level functionality. Ge

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise [13]Available Chapter 4 - by request, comes with minimal documentation I mplem ent ation Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Our case study company CME has approximately 1500 users on the five-building campus network, and ano - Designing Your Netw or k for Ser ver- Based Com put ing locations throughout the world, and it supports over 600 traveling and home users. The local users have hist Chapter 7 - The Client Envir onment every five years. In order to reduce ongoing PC costs, CME has decided to provide all applications to users u Chapter 8 - Security With all applications provided through SBC, a majority of users will be able to use a thin client. Since the lea Chapter 9 - Net w or k Managemen t this year, CME has decided to replace the PCs with thin clients, creating a mix of thin clients and PCs throug Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt discussed in Chapter 7, purchasing thin clients rather than PCs creates significant savings (CME will save $6 Chapter - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment clients 10 compared with buying PCs). Chapter 6

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

The thin CME has chosen Linux-based thin clients, Chapter 12clients - Serthat ver Configur ation: Citr ixare MetaFr am e Presentation Ser with ver a basic ICA and RDP client, and no w thin clients a remote management tool that the latest ICA client and ICA client configurations d Chapter 13 -have Application I nstallation and Configur at pushes ion boot. 14 - Client Configur ation and Deploym ent Chapter Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Thus, for the first 600 users, the client configuration is now set. For the other 2400 users though, the client o a decision made on which ones to run where. The remaining sections of this chapter will complete this analy Chapter 17 - Net wor k Configur at ion client choices. Chapter 16 - Securing Client Access Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

The Push or Pull Client Debate

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Chapter Although 21 the - device choice to run the ICA client is nearly limitless, the way in which we provide visibility of the Envir onment

limited to four choices:

Pa r t I V - Appendi x es

Appendix A - I nterWeb netwInterface or k ing Basics MetaFrame client Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

MetaFrame Program Neighborhood and Neighborhood Agent client Appendix C - Creating an OnDem and Enterpr iseProgram Subscr iption Billing Model I ndex

A Microsoft Terminal Server Advanced Client web interface client

List of Figur es

List ofATables manually configured ICA or RDP client connection List of Case Studies

The three of these choices are "push based," meaning they provide a user with the icon, configuration, c List of first Sidebars the client software without the user having to understand the configuration, perform it, or step through an ins requires that a user (or administrator) perform an installation, configure the client software, and then configu we will focus on these four methods of client deployment and what is required for the client-side configuratio configurations, security configurations, and customization are discussed at length in Chapter 16. All the latest Citrix ICA clients are available from Citrix's web site (www.citrix.com/downloads). There are thre client software: Program Neighborhood, Program Neighborhood Agent, and Web Client. And three varieties

executable (ica32.exe), a cab file (wfica.cab), and a Microsoft Installer Package (ica32.msi). All three packag In order to make sense of these choices and reduce the complexity to answer the simple question of which c Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver will focus our attention back on our reference case study company, CME Corporation. CME has a very wide 2 00 3 : Th e O ff icial Guid e network configurations, application requirements, and end-user skill sets. ISBN:0072195665 by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

MetaFrameThis Web Clients guideInterface ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows Windows 2003 Ser v er and MetaFr am e. Also When applications (or full 2000/ desktops) are published through MetaFrame Web Interface, users access them v learn t o centr application soft(or w arhave e is very easy for end users, as alize they only have tomanagem know a ent, URLr educe address it bookmarked or linked to) to on the desktop, and mor e. Published application. Users only see the applications that have been published to them by the administrato Console and"users and groups from Active < ?xm l version= 1.0" encoding= " I SO88591" ?>Directory, Novell NDS, or Novell eDir). No client configuration is TaInterface ble o f Con t en t s Macintosh, UNIX, and Windows client types, as well as Netscape Navigator and Windows supports Citr 14-1 ix MetaFr showsam a etypical AccessMetaFrame Suite for Window Web Interface s Ser v er 2003—The access site. Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Figure 14-1: The MetaFrame Web Interface site

Chapter 9 study - Netorganization, w or k Managemen t has over 400 home-based and traveling users who need remote access Our case CME, Pa r t to I I I200 - I mconcurrent ple m ent ingremote a n O n-D e m a nd Se rall ve rdepartments - Ba se d Com puwho ti ng need Envi r onm e nt up users from to work

from home on nights and weeke

Chapter 10 road-warrior - Pr oj ect Managing and Deploying an Enterexecutives. pr ise SBC Envir users are sales people, and company Theonment home users have a large variety of clien configurations, Macintosh, Windows Windows Chapter 11 - Serincluding ver Configur ation: Windows Ter 98, m inal Serv ices2000, and Windows XP machines. All the remot

e-mail and Microsoft Office In addition these applications, the sales group nee Chapter 12 -their Ser ver Configur ation:applications Citr ix MetaFrand am efiles. Presentation Serto ver Relationship Management softwareand package, CRM, and the executives need access to their financ Chapter 13 - Application I nstallation ConfigurMicrosoft at ion (Microsoft spreadsheets, and Crystal Chapter 14 Excel - Client Configur ationFRx, and Deploym ent Reports applications, with links to the SQL server accountin will discuss network configuration to support and secure these users, but for the purposes of this chapte Chapter 15 - the Pr ofiles, Policies, and Pr ocedu res

should 16 use-and how toClient deploy it in the simplest, lowest-cost model, with the smallest amount of ongoing sup Chapter Securing Access recommend using the MetaFrame Web Interface client.

Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Configuring the MetaFrame Web Client for Silent User Installation

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Chapter 20 - Migr to Window 2003 and Citr ix MetaFrame XP To configure the ation ICA Win32 Webs Client for silent user installation: Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 the ICA client files from ica32t.exe using your preferred compression utility. This installer pack 1. Extract Envir onment

directory (substitute language with the language of the ICA client software) of the Components CD-R XP media pack: Icaweb\language\ica32. Languages to choose from include

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

Appendix B - En Creating an On- Dem and Enterpr ise Financial Analysis Model (English) Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables

Fr (French) De (German)

List of Case Studies Ja (Japanese) List of Sidebars

Es (Spanish) 2. Locate and open the Ctxsetup.ini file in any text editor. 3. To suppress the initial user prompt, locate the InitialPrompt parameter. Change the value of the settin 4. To suppress the Citrix License Agreement dialog box, locate the DisplayLicenseDlg parameter. Chan 1 to 0.

5. Save the file and exit the text editor. 6. Repackage filesmfor distribution your users Citthe rix client Me t aFra e Access Su it etofo r W in do w and s Serinstall ver the ICA Win32 Web Client. The ICA 00 3 : Th e Oica32t.exe, ff icial Guidis e located in the directory (substitute language with the language of extracting 2executable, by Steve Kaplan et al. in your MetaFrame XPISBN:0072195665 Components CD-ROM included media pack: Icaweb\language\ica32. McGr aw -Hill © 2003 (724 pages)

Installing theThis ICAguide Win32 Web ex plains howClient to build

a r obust, reliable, and scalable thin- client com puting envir onment and deploy 2000/ Windows 2003 Ser v er and MetaFr am e. Also To Install the ICAWindows Win32 Web Client: learn t o centr alize application managem ent, r educe soft w ar e 1. Run ica32t.exe. on the desktop, and mor e. < ?xm l2.version= " 1.0"prompt encoding= " I SO-you 8859?> The initial informs the1"Citrix ICA Win32 Web Client is about to be installed. Click Yes to co Ta ble o f Con t en t s

Theam Citrix License Agreement appears. Yes toOfficial acceptGuide the agreement. Citr ix3.MetaFr e Access Suite for Window s Ser v erClick 2003—The For ewor d

4. A window appears stating Setup is copying files to the client device. The default file location for the IC Files\Citrix\icaweb32.

I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and 5. Citrix Chapter 1 - ICA Web Client notifies you once the install completes successfully. Click OK to clear the mess Enterpr ise Chapter 6. If 2 you - Window are running s Ter minal Netscape Ser vices Navigator, you must restart the browser. Chapter 3

- Citr ix MetaFr am e Access Suite

Deploying Interface Pa r t I I - De signithe ng a nMetaFrame Ent e rpr i se SBCWeb Solut ion

Client

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 - Web Interface provides users with four choices of client software that will be pushed to the user. MetaFrame I mplem ent ation

force the of ver a given client software choice, or Architect leave it to Chapter 5 use - Ser - Based Computing Data Center urethe user to choose which one to use. Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

The universal Win32 web client This client software is identical to the Program Neighborhood Win32 c The Client Envir onment include- the Program Neighborhood files and does not install an icon on the desktop or in the Start menu Chapter 8 - Security available as a self-extracting executable and as a .cab file. At approximately 1.8MB in size, this package Chapter 9 ICA - Net w or k Managemen other Win32 clients. Thet smaller size allows users to more quickly download and install the client so Pa r t I ICA I I - IWin32 m ple m Web ent ingClient a n O n-D m a nduser Se r ve r - Ba se d Com pu ti ng Envi ra onm e nt for esilent installation. There is also minimal installation choice for this clien Chapter 10 Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment footprint (about 1.01MB) and thus takes about half the time to download. Table 14-2 shows the feature Chapter 11regular - Ser ver Configur Ter m inal Serv ices and Win32 web ation: client Windows installation. Chapter 7

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 14-2: - Application I nstallation and Configur at ionWin32 Web Client and ICA Win32 Web Client Minimal Table Feature Comparison of the ICA Chapter 14 - Client Configur ation and Deploym ent

Feature

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access ChapterUser-to-user 17 - Net worshadowing k Configur at ion Chapter 18 - Pr int in g

Smart card support

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

ICA Win32 Web Client

X X

ChapterContent 20 - Migr redirection ation to Window s 2003 and Citr ix MetaFrame XP

X

Ongoing Administr ation of the Ser v er - Based Com puting ChapterEnhanced 21 Envircontent onmentpublishing support

X

Pa r t I V Roaming - AppendiUser x es

X

Reconnect

Appendix A - I nter netw or k ing Basics

Support for SSL/TLS of ICAisesession data Appendix B - Creating an On-encryption Dem and Enterpr Financial Analysis Model

X

Appendix C - Creating On- Dem and Enterpr ise Subscr iption Billing Model Support for WebanInterface for MetaFrame XP, NFuse Classic, and the Web I ndex Interface Extension for MetaFrame XPe

X

List of Figur es

Support for MetaFrame Secure Gateway

List of Tables

X

List of Case StudiesInternet proxy support Enhanced List of Sidebars

X

Auto Client Reconnect

X

Novel Directory Services support

X

Extended parameter passing

X

Seamless windows

X

Client device mapping

X

Client drive mapping

X

Client printer Citmapping rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

X

2 00 3 : Th e O ff icial Guid e

Sound support

by Steve Kaplan et al. TCP/IP + HTTP server McGr aw -Hill ©location 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and Wheel mouse support

scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also Multiple monitor support learn t o centr alize application managem ent, r educe soft w ar e onscaling the desktop, and mor e. Panning and < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Per-user time-zone support Ta ble o f Con t en t s

X X X X X X

Windows integration Citr ix MetaFr am e Clipboard Access Suite for Window s Ser v er 2003—The Official Guide

X

For ewor d

X

Low bandwidth requirements

I ntr oduction

latency Pa r t I - SpeedScreen Ov er vi e w of Ente r pr isereduction Se r ve r - Ba se d Com put in g

X

I ntr oducing Ser ver -Based Com puting and th e On- Dem and ChapterDisk 1 caching and data compression Enterpr ise

X

Chapter 2

- Window s Ter minal Ser vices

Chapter 3 Java - Citr ix MetaFr e Access Suite The ICA clientam The Java ICA client was updated significantly with Feature Release 3 to include m Pa r t I Java I - Declient signi ng a n Ent e rpr i se include SBC Solut ion enhancements

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

I mplem ation Support forent SSL communication

Chapter 5

- Ser ver - Based Computing Data Center Architect ure code,Netw which Chapter 6 Unpackaged - Designing Your or k allows for Serthe ver-administrator Based Com putto ingselect which features to not install, allowing a

the Envir download time Chapter 7 decrease - The Client onment Chapter 8 Chapter 9

- Security

New connection center that supports multiple published application processing - Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e look m a ndand Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Seamless application feel

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

(cuts down on screen Chapter 11 Improved - Ser ver screen Configurrendering ation: Windows Ter m inal Serv icesflashing) Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

The Java client is the smallest and most non-obtrusive of the ICA clients, intended for use on machines that don't allow software installation (such as a Kiosk). The ICA Java client will run on any operating sys Chapter 14 - Client ation and Deploym Machine (JVM)Configur installed. The Java clientent is not as speed-optimized as the other ICA clients for high late Chapter 15 Pr ofiles, Policies, and Pr ocedu environments, so although it is much res improved, it is still generally relegated to situations where it is the o Chapter 13 - Application I nstallation and Configur at ion

Chapter 16 - Securing Client Access

The Citrix Chapter 17Macintosh - Net wor k client Configur at ionhas ICA client software for both the older Macintosh clients (MAC OS) and systems. Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

The UNIX ICA client UNIX users who connect to the MetaFrame Web Interface site must use the appro Administrators may configure MetaFrame Web Interface to automatically detect and download the appr

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

onment Since most ofEnvir CME's remote users are on Windows laptops and home PCs, we recommend that CME confi Pa r t I V - Appendi x es and push to the users the appropriate ICA client (or ICA client update) for their machine. In order to support Appendix A -Kiosks, I nter netw k ing Basics that CME allow users to customize their Web Interface login session to s and airport weorrecommend Appendix B Creating an On-improve Dem andload Enterpr ise Financial those modules required to speeds. We willAnalysis use theModel full installation of the Win32 Web Client (ica Appendix C Creating an OnDem and Enterpr ise Subscr iption Billing Model of the additional features and performance. I ndex

The client does not require any user or client-side configuration for CME users. There is a fair List of Web Figur Interface es

configuration List of Tables and optimization for Web Interface though, which will be covered step by step in Chapter 16. IC settings are covered later in this chapter.

List of Case Studies

List of Sidebars A larger question should be raised at this point—why not use this client for all 3000 users at CME? Although

simple and sufficiently powerful for use throughout the organization, for cases where the client machine type there are some advantages to fully integrating the Program Neighborhood Agent client discussed next—for i from the user since it doesn't require opening a web browser and going to a URL—meanwhile, it allows for m obvious point for thin-client users though is that, as discussed in Chapter 7, many thin clients do not have a w

Microsoft Terminal Server Advanced Client

Terminal Server Advanced Client (TSAC) was released in October of 2000 and as of this writing is essential based ActiveX control (COM object) that can be used to run Terminal Services sessions within Microsoft Inte tool is similar in form and MetaFrame butver TSAC only supports Win32-based clien Cit rix Mefunction t aFra m etoAccess Su it e Web fo r WInterface, in do w s Ser 2 00 : Th e O icialapplication Guid e Additionally, TSAC is3limited toffone or server connection per URL. Figure 14-2 shows a basic TS by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Figure 14-2: Aing Terminal Advanced Client Pr epar Your OrServer ganization for an OnDemsite and Enterpr ise -

Chapter 4

I mplem ent ation

The TSAC -web package is downloadable from Microsoft's web site at Ser ver - Based Computing Data Center Architect ure www.microsoft.com/windows2000/server/evaluation/news/bulletins/tsac.asp and includes the downloadable Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing pages that can be used as a starting point for delivering Terminal Server applications through Internet Explo Chapter 7 - The Client Envir onment TSAC to develop client-side applications that interact with applications running on a Terminal Server. TSAC Chapter 8 - Security organizations, or for smaller deployments of one or Two applications where MetaFrame XP is not being use Chapter 9 - Net w or k Managemen t that does not require desktop setup, configuration, and manual updates. Chapter 5

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 the - Pr oj ectclients Managing Deploying an Enter pr over ise SBC Although RDP haveand improved dramatically theEnvir last onment three years, they are still missing some c Chapter enterprise 11 deployments. - Ser ver Configur Chapter ation: 3Windows went into Termore m inaldetail, Serv ices but as a quick example, here are several reasons

will be using the ver ICAConfigur client rather RDPamclient: Chapter 12 - Ser ation: than Citr ixthe MetaFr e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

ICA supports non-Windows machines with full-featured, full-color client connections. Since CME has ov machines, this support is critical.

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Chapter 16supports - Securing Client Access ICA enterprise application load balancing rather than just the round-robin approach utilized by Chapter 17 Net wor k Configur at ion when supporting thousands of users across nearly 100 servers. Chapter 18 - Pr int in g

ICA protocol. When Continuity comparedinwith streaming nature of RDP, ICA will support 30 Chapter 19is a - non-streaming Disaster Recovery and Business thethe SBC Envir onment given CME shas many worldwide, Chapter 20 WAN - Migrlink. ationSince to Window 2003 and WAN Citr ix links MetaFrame XP optimal use of these expensive links is criti

Ongoing Administr ation of the Ser v er - Based Com puting Chapter The 21MetaFrame Web Interface and integration with Secure Gateway provide a powerful secured access Envir onment

reconfiguration or port opening. This solution is not available with RDP. The RDP solution requires open RDP web deployment solution is only useful with a very limited number of applications, since a user can Appendix A - I nter netw or k ing Basics each URL. Pa r t I V - Appendi x es

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

MetaFrame Program Neighborhood Agent Client

I ndex

List of Figur es

With MetaFrame Feature Release 1, Citrix introduced a new Win32 client choice called Program Neighborh Agent is a Windows 32 Desktop client that utilizes a Web Interface Server for its configuration. For local PCs List of Case Studies of-both-worlds solution, including a robust set of desktop integrated features, yet requires little to no client-si List of Tables

List of Sidebars

PN Agent supports Client-to-Server Content Redirection, which utilizes the MetaFrame Web Interface Serve automatically update a user's MIME type associations to call ICA applications rather than local applications. a Microsoft Word File in Windows Explorer, the Microsoft Word Published Application from the MetaFrame X than a local copy of Microsoft Word. When a user disconnects from the MetaFrame XP farm, the MIME type associations. Program Neighborhood Agent employs a simplified user interface (compared with the Full PN client), which

features. For example, because all connection information is pushed down from a Web Interface site, the Pr does not require (or allow) a user to specify a farm to connect to, or to create a custom ICA connection. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

Program Neighborhood Agent is a separate Win32 client downloadable from the Citrix web site, and is only 2 00 3 : Th e O ff icial Guid e clients. It is installed using the ica32a.exe or ica32a.msi files. ISBN:0072195665

by Steve Kaplan et al. McGr awAgent -Hill © 2003 (724 pages) Program Neighborhood icons can be accessed from icons placed directly on the user's Windows des guideremotely ex plains by how build a r obust, reliable, and Tray by the user, This or done thetoadministrator. scalable thin- client com puting envir onment and deploy 2003won't Ser v er MetaFr am e. Also Of the 1200 localWindows campus 2000/ usersWindows at CME who beand receiving a new thin client, about 900 are on Windows learn t o centr alize application managem ent, r educe soft w ar e 300 are on Macintosh and UNIX/Linux PCs). The Program Neighborhood Agent client makes an excellent cl on the desktop, and mor e.

< ?xm version= of " 1.0" " I SO- 8859- 1"Microsoft ?> An lexample howencoding= a MetaFrame-based Great Plains installation appears to a user running from a TaProgram ble o f Con t en t s Neighborhood Agent installed is shown here. Notice that it looks identical to the user, as if it was in Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Access Installing the ICAClient Win32 Program

Neighborhood Agent

Chapter 17 - Net wor k Configur at ion

The ICA PN Chapter 18Win32 - Pr int in gAgent can be installed using one of the following packages: Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

ica32a.msi A Windows Installer package for use with Windows 2000 Active Directory Services or Micros Server; approximately 1.9MB in size

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir ica32a.exe A onment self-extracting executable; approximately 2.75MB in size

Pa r t I V - Appendi x es

Installing ICAnetw Win32 Program Appendix A the - I nter or k ing Basics Neighborhood Agent with the Windows Installer Package The PN A (ica32a.msi) can be distributed Appendix B - Creating an On- Demwith and Microsoft Enterpr iseSystems FinancialManagement Analysis ModelServer or Windows 2000 Active Directo located in of the directories language Appendix C one - Creating an On- Dem (substitute and Enterprlanguage ise Subscrwith iptionthe Billing Model of the ICA client software) of the Com your MetaFrame XP media pack: I ndex List ofIcaweb\language\ica32 Figur es List of Tables

Icainst\language\ica32\pnagent

List of Case Studies

List ofNote Sidebars To install the ICA client software using the Windows Installer package, the Windows Installer Serv

client device. This service is present by default on Windows 2000 and Windows XP systems. To in devices running earlier versions of the Windows operating system, you must use the self-extracting Windows Installer 2.0 Redistributable for Windows, available at www.microsoft.com. Since our case study, CME, has over 900 local campus PCs and another 1500 PCs at remote campus locat Client on, it is obvious that an automated choice for this installation is required. Since CME will be using Web configuration information for the PN Agent client, CME will leverage Web Interface to also distribute this clien

Configuring the Windows Installer Package for Silent User Installation The PN Agent Windows Installe "silent" user installation to ensure users don't see the installation options or attempt to interrupt or make the rix Me t informs aFra m e the Access it e fo r W in dosoftware w s Ser ver choices. WindowsCitInstaller user Su when the client is successfully installed. The user mus message box. 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al.

ISBN:0072195665

To configure the McGr Program Neighborhood Agent Windows Installer package for silent user installation: aw -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and 1. At a command prompt, type msiexec /I MSI_Package /qn+ [Key=Value]… where MSI_Package is t package. scalable thin- client com puting envir onment and deploy

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e The following keys set: and mor e. on can the be desktop,

PROGRAM_FOLDER_NAME= , where Ta ble o f Conof t en t s Programs folder on the Start menu containing the shortcut to the Program Neighborhood A name the Citrix Program Agent. This function is not supported during client upgrades. Citr ix value MetaFrisam e Access Suite Neighborhood for Window s Ser v er 2003—The Official Guide For ewor d

ENABLE_DYNAMIC_CLIENT_NAME={Yes | No}. To enable dynamic client name support during silen propertyENABLE_DYNAMIC_CLIENT_NAME in the installer file must be Yes. To disable dynamic client n I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g to No.

I ntr oduction Pa r t

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

CLIENT_ALLOW_DOWNGRADE={Yes | No}. By default, this property is set to No. This prevents an ins - Window s Ter minal Ser vices the client.

Chapter 2 Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I ENABLE_SSON={Yes I - De signi ng a n Ent e rpr | i se No}. SBC Solut The ion default

value is No. If you enable the SSON (Passthrough authentic ALLOW_REBOOT Pr epar ingproperty Your Or ganization to No to avoid for anautomatic On- Dem and rebooting Enterprof isethe client system. -

Chapter 4

I mplem ent ation SERVER_LOCATION=. The default Chapter 5 - Ser ver - Based Computing Data Center Architectvalue ure is PNAgent. Enter the URL of the Web Interfa

file.6 The format must beNetw in the Chapter - Designing Your or kformat for Serhttp:// ver- Based Com put ing or https://. Chapter 7 Chapter 8 Chapter 9

- The Client Envir onment

Note The Program Neighborhood Agent appends the default path and file name of the configuratio - Security change the default location of the configuration file, you must enter the entire new path in the - Net w or k Managemen t

Pa r t I ALLOW_REBOOT={Yes I I - I m ple m ent ing a n O n-D a nd The Se r ve r - Ba se value d Com is puYes. ti ng Envi r onm e nt |e m No}. default

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

DEFAULT_NDSCONTEXT=. this parameter to set a default context for N Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv Include ices you12are- including more ation: than one the entire value in quotation marks and separate the con Chapter Ser ver Configur Citr context, ix MetaFrplace am e Presentation Ser ver following are examples of correct Chapter 13 - Application I nstallation andparameters: Configur at ion Chapter 14 - Client Configur ation and Deploym ent

DEFAULT_NDSCONTEXT=Context1 Chapter 15 - Pr ofiles, Policies, and Pr ocedu res DEFAULT_NDSCONTEXT="Context1,Context2" Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

The following represents an incorrect parameter:

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

DEFAULT_NDSCONTEXT=Context1,Context2

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Central Configuration of the Program Neighborhood Agent Client

Appendix A - I nter netw or k ing Basics

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

The advantage of PN Agent over the other ICA clients (other than the web client) is that it is configured centr

Appendix C - Creating an On- Dem Enterpr ise Subscr iptionfile Billing Model Neighborhood Agent Admin tool and (which changes an XML on the Web Interface server) rather than via co I ndex devices. List of Figur es

To ofaccess List Tablesthe Program Neighborhood Agent Admin tool, connect to http://servername/Citrix/PNAgentAdmin on of theCase server running MetaFrame Web Interface. List Studies List of Sidebars

The custom options for all users running the Program Neighborhood Agent on a network are defined in a co server running the MetaFrame Web Interface. The client reads the configuration data from the server when and updates at specified intervals. This allows the client to dynamically display the options the administrator the data received. The settings configured using the Admin tool affect all users who read from this configura A default configuration file, config.xml, is installed with default settings and is ready for use without modificat environments. However, this file can be edited, or multiple configuration files created, using the Program Ne This allows an administrator to add or remove a particular option for users quickly and to easily manage and

single location. The config.xml file is placed in the \Inetpub\wwwroot\Citrix\PNAgent directory on the Web Interface server du Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver New and backup2configuration files created using the PN Agent Admin tool are stored in the same folder as 00 3 : Th e O ff icial Guid e The data configuration files serve two purposes: ISBN:0072195665

by Steve Kaplan et al. McGr -Hill © 2003 that (724 pages) To point clients toaw the servers run users' published resources This guide ex plains how to build a r obust, reliable, and scalable thin- on client com puting envir onment and deploy To control the properties users' local desktops, thereby defining what tabs and options users can cus Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educeas soft w ar e in the user's Properties dialog bo A configuration file controls the range of parameters that appear options on the desktop, and mor e.

available options to set preferences for their ICA sessions, including logon mode, screen size, audio quality,

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> published resources. Ta ble o f Con t en t s

Multiple configuration created tov fill all of an organization's Citr ix MetaFr am e Accessfiles Suitecan for be Window s Ser er 2003—The Official Guideneeds using the Program Neighborho creating For ewor d a configuration file and saving it on the server running the new Web Interface, users will need to be points to the new file.

I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Note SSL/TLS-secured communications between the client, server, Web Interface, and smart card logo

I ntr oducing verbe -Based Com puting and th eSettings On- Dem section and featuresSer can activated in the Server of the Program Neighborhood Agen Chapter 1 These Enterpr ise Chapter 2

must be enabled on the MetaFrame server to utilize SSL/TLS-secured communications. - Window s Ter minal Ser vices

Chapter 3 - Citr MetaFr e Access As discussed at ix length inam Chapter 10,Suite it is important to test all enterprise-wide applications in the test environ Pa r t I IPN - De signi ng a n Ent e rprshould i se SBCbe Solut ion The Agent deployment tested

by installing a copy of the client on a single client device, then o

Pr eparoperating ing Your Or ganization an On- Dem andThe Enterpr different systems andforenvironments). testise installations will allow a full evaluation of t Chapter 4 Windows I mplemor entnot ation determine whether adjustments are required to fit your particular network needs. Comparing between Chapter 5 can - Sermonitor ver - Based Data changes Center Architect client, you theComputing effects of your on the ure client behavior. Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing

Caution TheClient settings in onment the configuration file are global, thus affecting all users connecting to that instan Chapter 7 - The Envir Chapter 8 Chapter 9

Neighborhood Agent Admin tool automatically creates a backup file (with the extension .bak) w - Security loaded the tool.t - Net w or k into Managemen

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Configuring Farmwide Settings The Program Neighborhood Agent Admin tool is divided into several secti definition of different aspects of the user experience. These sections include

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter Client 12 Tab - SerControl ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Server Settings

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 -Methods Pr ofiles, Policies, and Pr ocedu res Logon Chapter 16 - Securing Client Access

Application Chapter 17 - Net Display wor k Configur at ion Chapter 18 - Pr int in g

Application Refresh

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Session Options Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir Administrators canonment define whether users see any tabs in the Properties dialog box of the Program Neighborh Pa r t I V Appendi options they canx es and cannot customize. Each tab, and the settings that can be customized, are detailed nex Appendix A - I nter netw or k ing Basics

By default, can an access theand Program Agent Properties dialog box from the Windows Sys Appendix B -users Creating On- Dem EnterprNeighborhood ise Financial Analysis Model choose to or display tabs in and the Client Control section of Model the Program Neighborhood Agent Admin t Appendix C hide - Creating an OnDem EnterprTab ise Subscr iption Billing Application Display, Application Refresh, and Session Options tabs.

I ndex

List ofNote FigurChanging es these parameters directly affects the contents of the Properties dialog box for all users a List of Tables you are modifying. If you remove a tab from the Client view, users cannot customize any options o List of Case Studies

Enabling and Disabling User-Customizable Options This section contains an overview of the options ava List of Sidebars box. The instructions are presented in the order of the tabs on which each option appears. Server Tab Options The Server tab options can be modified using the Program Neighborhood Agent A options pages for Server Settings and Logon Methods. Server Settings This allows you to configure server connection and configuration refresh settings. Othe when users are redirected to a different server—at connection time or at a scheduled client refresh. Ena here as well, changing URLs to use the HTTPS protocol automatically.

Logon Methods Providing a choice of multiple logon modes may be necessary in environments where client device but use different logon modes. This allows you to determine what logon methods are availa Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver logon method, and to allow a user to save his password. The definable logon methods include Anonym 2 00 3 : Th e O ff icial Guid e with Passthrough authentication, User prompt, and Passthrough authentication. If multiple logon method ISBN:0072195665 by Steve Kaplan et al. choose their preferred logon method from a drop-down list. NDS credentials from the specified tree can McGr aw -Hill © 2003 (724 pages) prompted for a logon or who select Passthrough authentication. If you do not want users to have access This guide ex plains how to build a r obust, reliable, and Client Tab Control section of the Program Neighborhood Agent Admin tool to hide the Server tab altoge scalable thin- client com puting envir onment and deploy tab at any time. Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

Note By on default, users who for credentials can save their password. To disable this fu the desktop, and are morprompted e. save password check box in the Logon Methods section of the Program Neighborhood Agen < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> enable the Passthrough authentication feature when you first installed the Program Neighborh Ta ble o f Con t en t s the client software before you can use the Passthrough authentication logon mode. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

For ewor d Application Display Tab Options The options available on the Application Display tab let users place l I ntr oduction various locations of the client device, including the Windows desktop, the Start menu, the Windows Syst Pa r t I thereof. - Ov er vi Using e w of Ente r pr ise Se r veDisplay r - Ba se d options Com put in the Application in gthe

Program Neighborhood Agent Admin tool, you can

I ntr oducing Ser ver -Based Com puting and th e On- Dem and allowed Chapter 1 - to customize. The client queries the configuration file at connection time to validate each user p ise If you do not want users to have access to any of these options, you can use the Clie element Enterpr in the file. Chapter 2 - Window s Ter minal Ser vices Program Neighborhood Agent Admin tool to hide the Application Display tab altogether. You can show o Chapter 3 - Citr ix MetaFr am e Access Suite

Theion options Pa r t I Session I - De signiOptions ng a n EntTab e rprOptions i se SBC Solut

available on the Session Options tab let users set preferen depth, and sound ICA sessions. the Session section of the Program Neighborho Pr epar ing quality Your Orof ganization for an Using On- Dem and EnterprOptions ise Chapter 4 define what settings are available to the user. Users can choose each available option from a list. The p I mplem ent ation depth quality affect theData amount ofArchitect bandwidth Chapter 5 and - Sersound ver - Based Computing Center ure the ICA session consumes. To limit bandwidth server default for some or all of the options on this tab. the server default removes all settings fo Chapter 6 - Designing Your Netw or k for Ser ver- Based Com putForcing ing other than Default, from the interface. The settings configured on the Web Interface server apply. If you Chapter 7 - The Client Envir onment access to any of these options, you can use the Client Tab Control section of the Program Neighborhoo Chapter 8 - Security Session Options tab altogether. You can show or hide the tab at any time. Chapter 9 - Net w or k Managemen t Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Application Refresh Tab Options The options available on the Application Refresh tab let users custo client queries the Web Interface server to obtain an up-to-date list of their published resources. The App Chapter 11 the - Ser ver Configur ation: Ter If m you inal Serv from Properties dialog boxWindows by default. wantices to give users control over the refresh rate, you nee Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation ver Enabling the Application Refresh tab makes all options on itSer user-customizable, unless you modify each Chapter 13 Application I nstallation and Configur at ion Refresh section of the PN Agent Admin tool. Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Chapter 14 - Client Configur ation and Deploym ent

Customizing ICAPolicies, Win32and Program Neighborhood Agent This section presents general information ab Chapter 15 - Prthe ofiles, Pr ocedu res preferences the client device running the Program Neighborhood Agent. To customize user preferences Chapter 16 - on Securing Client Access Agent: 17 - Net wor k Configur at ion Chapter

1. In Windows Chapter 18 the - Pr int in g System Tray, right-click the Program Neighborhood Agent icon and choose Propertie Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

2. Select the Session Options tab.

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting 3. Make Chapter 21 - the desired configuration changes. Envir onment Pa r t 4. I V -Click Appendi essave OKxto

your changes.

Appendix A - I nter netw or k ing Basics

For more information, see online for the Program Neighborhood Agent. Appendix B detailed - Creating an On- Dem andthe Enterpr iseHelp Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Configuring the Server URL The Program Neighborhood Agent client requires input of the URL pointing to is the default configuration file) on the server running MetaFrame Web Interface.

I ndex

List of Figur es

List of Tables Should the Web Interface server address need to be changed, the PN Agent client will also have to be upda List change of Case theStudies URL of the Web Interface server from the PN Agent Client: List of 1.Sidebars In the Windows System Tray, right-click the Program Neighborhood Agent icon and choose Propertie

2. The Server tab displays the currently configured URL. Click Change and enter the server URL as dire appears. Enter the URL in the format http://, or https://, to encrypt the co 3. Click Update to apply the change and return to the Server tab, or click Cancel to cancel the operation 4. Click OK to close the Properties dialog box.

To delete memorized server URLs: 1. In the Windows System Tray, right-click the Program Neighborhood Agent icon and choose Propertie Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

2. Select the2Server tab. 00 3 : Th e O ff icial Guid e by Steve Kaplan et al.

3. Click Change. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide to build r obust, reliable,server and URLs. 4. Click the down arrowextoplains view how the entire lista of memorized scalable thin- client com puting envir onment and deploy

2003 Ser v er and MetaFr am e. Also 5. Right-clickWindows the URL2000/ to beWindows deleted and select Delete from the menu that appears. learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

6. Click Update.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> OK. Ta ble7.o f Click Con t en ts Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

MetaFrame Program Neighborhood Client

For ewor d

I ntr oduction

The Pa r t I big - Ovbrother er vi e w to of the EnteProgram r pr ise Se rNeighborhood ve r - Ba se d ComAgent put in g client

is the Win32 Program Neighborhood (PN) client, server farms,I ntr application sets, published applications. The primary benefit of Program Neighborhood ov oducing Ser ver and -Based Com puting and th e OnDem and Chapter 1 Enterpr ise user has a nearly infinite number of settings that can be changed to customize the cli Agent client is that the more complex, mustsbe at the client (rather than through the Web Interface server), and does no Chapter 2 - Window Terconfigured minal Ser vices MIME types client.am Similar to PN Agent, PN allows an administrator to push the ICA application icons Chapter 3 - on Citrthe ix MetaFr e Access Suite has granted to the end-users' desktops (and Start menu) as soon as they start the Citrix Pa r t I been I - De signi ng apermission n Ent e rpr i seto) SBC Solut ion Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 Neighborhood Program icons can be accessed from the PN client, or the icons can be placed directly on the I mplem ent ation

Start menu the orComputing be done remotely by the administrator. Chapter 5 - by Ser veruser, - Based Data Center Architect ure Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Program Neighborhood with some custom ICA connection folders is shown next.

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Program Neighborhood vs. Program Neighborhood Agent Envir onment

Pa r t I V - Appendi x es

BecauseA the options Appendix - Iconfiguration nter netw or k ing Basics must be configured (either remotely or locally) via the configuration files o

rather than centrally via the Web Interface server, Program Neighborhood is more client-configuration intens in which the Full Program Neighborhood Client should be used rather than PN Agent:

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex When there is no Web Interface server in the environment List of Figur es List ofWhen Tablesthe users require detailed configuration of the client List of Case Studies

In disparate user environments, where each user has very different client settings requirements, thus ma and configuration of the client software of little value

List of Sidebars

In our case study, CME, none of these instances exist, so CME will use the PN Agent client for all LAN camp

UNIX and Linux ICA Clients Table 14-1 shows how the UNIX and Linux ICA clients stack up to the Win32 ICA clients. The Linux 7.0 clien

and speed to the Win32 clients. The only significant missing feature of the Linux 7.0 client is the Program Ne isn't applicable to Linux. The UNIX clients remain one version behind the Linux and Win32 clients, but are sti Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

Although the normal deployment methods used in a Windows environment are not applicable (for instance, 2 00 3 : Th e O ff icial Guid e on), a MetaFrame Web Interface site can still be utilized to deploy the UNIX/Linux ICA client. Another option ISBN:0072195665 by Steve Kaplan et al. script. Many UNIX and Linux environments utilize centrally stored and executed scripts for most applications McGr aw -Hill © 2003 (724 pages) client will deploy effectively using this method. This guide ex plains how to build a r obust, reliable, and

scalable thin- client com puting envir onment and deploy Our case study, CME, has 200 local and remote UNIX desktops used by engineers for Computer Aided Des Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also as 100 Linux desktops by the softwaremanagem development teams.soft CME both a MetaFrame Web Int learn t utilized o centr alize application ent, r educe w ar utilizes e scripts stored on on thethe main file server, pathed from the UNIX and Linux machines, to run a full desktop publis desktop, and mor e. desktop provides Microsoft Office applications, Microsoft Outlook, MathCAD, and other PC-based engineerin < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> applications to the engineers and developers. Ta ble o f Con t en t s

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Macintosh Clients

For ewor d

I ntr oduction

ICA and RDP clients are available for Macintosh OS X users, both of which are fast and full-featured. For us the ICA client is the only choice available, although it is a full revision behind the Win32, Linux, and Mac OS I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 - for both PowerPC and 68K versions. The ICA Macintosh clients come in .HQX and .DMG (for O is supported Enterpr ise is very 2similar to the sWin32 configuration Chapter - Window Ter minal Ser vices (without the Program Neighborhood features). As Table 14-1 show and printer mapping are fully supported on the Macintosh ICA clients. Chapter 3 - Citr ix MetaFr am e Access Suite Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access it e foICA r W in do w s Ser ver Performance Optimization ofSuthe Clients 2 00 3 : Th e O ff icial Guid e

Steve Kaplan al. to improve the ICA clientISBN:0072195665 Many optimizationbysettings can beetset user experience. Although most of McGr aw -Hill © 2003 (724(and pages)are only necessary) with slow or highly latent connections, these settings only make a difference one of these features—SpeedScreen Browser improves This guide ex plains how to buildAcceleration a r obust, reliable, and the user experience even when scalable thin- client com puting envir onment and deploy bandwidth is not limited. Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

SpeedScreen Browser Acceleration

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> This feature was first introduced with Feature Release 3 and ICA client version 7.0. It is available to Ta ble o f Con t en t s

users running Internet Explorer 5.5 or later, and enhances the speed at which images are downloaded and displayed within the ICA client.

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

I ntr oduction SpeedScreen Browser Acceleration is enabled on the server by default when FR-3 is installed. To Pa r t I - Ov eror vi enable/disable e w of Ente r pr iseSpeedScreen Se r ve r - Ba se d Browser Com put inAcceleration g configure

on the server, from the Citrix

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Management Chapter 1 - Console, right-click the top level farm and choose Properties. From the Properties Enterpr ise menu, choose the SpeedScreen Browser Acceleration property. Figure 14-3 shows the SpeedScreen Chapter 2 Acceleration - Window s Ter minal Ser vices Browser properties page. Chapter 3 - Citr ix MetaFr am e Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

Figure 14-3: The SpeedScreen Browser Acceleration properties page

Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

If SpeedScreen browser acceleration is enabled on the client, but not the server, SpeedScreen

Chapter - Migr ation istodisabled. Window s 2003 and Citr ix MetaFrame XP browser20acceleration Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Optimization of ICA Connections for Wireless Wide Area Networks and Other Highly Latent Connections

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Millions of today applications over aModel local area network (LAN). Thanks Appendix C MetaFrame - Creating anusers On- Dem andaccess Enterprtheir ise Subscr iption Billing to the low latency and high bandwidth afforded by the LAN, the user's experience is normally I ndex indistinguishable from having the applications running locally on a PC. List of Figur es List of Tables

As we move outside of the LAN though, the connection choices for users to connect to their SBC applications in many geographies are slim, and the relatively new solutions offered by wireless WAN List of Sidebars (wWAN) carriers like DirecPC satellite and mobile wireless carriers like Sprint, T-Mobile, Verizon, AT&T, Nextel, and others offer a tremendous solution in the SBC environment. By providing truly anytime-anywhere access to the SBC environment, these solutions enable even traveling laptop carriers to stay connected everywhere, sans the airplane itself (although Boeing is working to provide satellite connectivity on planes as well). List of Case Studies

Wireless WANs, however, present the challenge of lower bandwidth and higher latency, as well as jitter (variable latency).

These issues can be so pronounced in wWANs that the user experience is degraded to the point of being unacceptable. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00and 3 : Th e O ff icial e elements that define the speed of a network. Throughput Tip Throughput latency are Guid the two ISBN:0072195665 by Steve Kaplan al. pass from source to destination is the quantity of data thatetcan in a specific time. Round-trip -Hill © 2003 for (724apages) latency isMcGr the aw time it takes single data transaction to occur (that is, the time between requesting data andexreceiving it).toAlthough most literature from wWAN providers focuses on This guide plains how build a r obust, reliable, and scalable thin- client com puting envir onment and deployusability. When shopping for a throughput, the latency is far more important to MetaFrame Windows 2000/ 2003 Ser v er and MetaFr am e. Also wWAN carrier, check onWindows their latency. learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

The underlying wireless networks are based on circuit-switched voice architectures, which do not contain efficient mechanisms data-link layer acknowledgements. To improve data < ?xm l version= " 1.0" encoding= " Ifor SO-sending 8859- 1" ?> Taefficiency, ble o f Conthe t en networks ts typically wait for multiple frames to arrive before replying with an acknowledgement. This delay directlys reflected in the packet latency. Citr ix MetaFr am e Access Suite forisWindow Ser v er 2003—The Official Guide For ewor d

Latency has a critical impact on the MetaFrame user experience since every user action must travel across the network from the client to the server, and the server response must return to the client Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g before the user sees an update. On a LAN, latency is typically very low—less than 10 ms. Latencies on I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 - however, are typically in the 50 to 200 ms range, while wireless WANs are usually in the wired WANs, Enterpr ise 300 to 3000 range. Chapter 2 - ms Window s Ter minal Ser vices I ntr oduction

Chapter 3

- Citr ix MetaFr am e Access Suite Latency normally increases with a corresponding increase in the size of the TCP packet. On a LAN, this increase is barely noticeable since ample bandwidth is generally available. On a wired WAN, it Pr epar ing Your Or ganization for an On- Dem and Enterpr ise typically4 has Chapter - a minor impact. On a wWAN, for example, the latency for a 32-byte packet may be 400 I mplem ent ation ms, while the latency for a 1460-byte packet may be significantly more at 1800 ms. This high (and Chapter 5 - Ser ver - Based Computing Data Center Architect ure variable) latency on a wWAN can significantly interfere with a MetaFrame session to the point where Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing the user may find the experience unacceptable. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 7

- The Client Envir onment

Chapter Citrix provides 8 - Security a variety of features and settings that can be set and configured to improve the user

experience wWANs. It is important to note that these changes to not equalize the user experience Chapter 9 -with Net w or k Managemen t when with WAN connection, but dotitake ther onm usere nt experience Pa r t I I I compared - I m ple m ent ingaawired n O n-D e m a nd Se r ve r - Ba se d they Com pu ng Envi

from unbearable

to bearable. alsoManaging importantand to note that these features are Envir not available Chapter 10 - It Pris oj ect Deploying an Enter pr ise SBC onment with the Microsoft Remote Desktop Chapter 11Client. - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Since our recommendation for all remote users is to utilize the MetaFrame Web Interface client, the client settings discussed will be implemented on the Web Interface Server. We recommend setting up Chapter 14 - Client Configur ation and Deploym ent two distinct Web Interface sites, one for slow connections and the other for standard connections, as Chapter 15these - Pr ofiles, Policies, and Prfeatures ocedu res that users on LANs and wired WANs will want to maintain. some of settings will remove Chapter 16 Securing Client Access If users are using a custom-configured Program Neighborhood Client, the settings referenced can be Chapter 17 -onNet wor k Configur at ion performed the client. Chapter 13 - Application I nstallation and Configur at ion

Chapter 18 - Pr int in g

The settings and features that can be set and optimized Chapter 19 - Disaster Recovery and Business Continuity in include the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Enable SpeedScreen3 Latency Reduction

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir onment Enable Maximum Data Compression

Pa r t I V - Appendi x es

Appendix A - Mouse I nter netw or k ing Basics Enable Movement and Keystroke Queuing Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Enable Appendix C - Persistent Creating anCache On- Dem and Enterpr ise Subscr iption Billing Model I ndex

Optimize IIS to cache images and utilize the Cache-Control HTTP Header

List of Figur es List of Tables Enabling

SpeedScreen Latency Reduction

List of Case Studies

Citrix developed the SpeedScreen latency features to improve the user experience over high-latency List of Sidebars connections. SpeedScreen improves the user experience by providing immediate mouse and keyboard feedback to the client, effectively making the connection appear real-time even when it is significantly delayed. Latency reduction is available only if a client is connecting to a server that is configured for latency reduction. SpeedScreen is set and configured both at the server side and on the client side. The client side options are Auto, On, and Off. By default, the client connections are set to Auto. The server side is

configured using the SpeedScreen Latency Reduction Manager utility (choose Start | Citrix | MetaFrame XP | Speed Screen Latency Reduction Manager). Figure 14-4 shows the SpeedScreen Latency utility running MetaFrame server. Cit rixon Methe t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Figure 14-4: The SpeedScreen Latency utility

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 2 two - Window s Ter minal that Ser vices There are specific actions the SpeedScreen Latency Protection feature will take when turned Chapter 3 - high Citr ixlatency MetaFr am e Access Suite on (or when is detected): Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 Local Text Echo Local Text Echo allows the ICA client software to create font characters locally I mplem ent ation

on the client device without waiting for them to be sent to the MetaFrame server and then updated - Ser ver - Based Computing Data Center Architect ure on the client display. When a session begins, the ICA client sends the server a list of fonts installed Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing on the client device. As a user types a font, the local font is displayed the instant the key is Chapter 7 - The Client Envir onment depressed, giving the user immediate feedback. This feature is very useful for users over highChapter 8 Security latency- connections who do a lot of typing, as it removes the annoyance of waiting for the typing to Chapter 9 up. - Net w or k Managemen t catch Chapter 5

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Mouse WhenWindows Mouse Click Feedback Chapter 11 - Click Ser verFeedback Configur ation: Ter m inal Serv icesis enabled, the cursor on the client

changes from the normal select pointer (usually an arrow, depending on the mouse pointer scheme chosen) to the working-in-background pointer (usually a pointer with an hourglass). Since Chapter 13 - Application I nstallation and Configur at ion mouse click feedback is performed on the ICA client, the client can provide instant click feedback Chapter 14 - Client Configur ation and Deploym ent to the user, even if the server hasn't recognized the click yet. Anyone who has worked on a very Chapter 15 - Pr ofiles, Policies, and Pr ocedu res slow PC understands how useful this feature is in reducing frustration caused from clicking Chapter 16 - Securing Client Access multiple times on an object when it isn't clear whether the first click actually worked. When the Chapter 17 -finally Net wor k Configur at ionthe number of clicks implemented, multiple instances are now open, server catches up with Chapter 18 Pr int in g and the user experience spirals downhill from there. Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

When the set to the default server turnXP these features on when the server sees Chapter 20 client - Migrisation to Auto, Window s 2003 and Citr ix settings MetaFrame latency of 500 ms or more. Weation recommend default Ongoing Administr of the Serchanging v er - Basedthe Com putingSpeedScreen Latency Threshold settings to 150 Envir msonment for the high-latency threshold, and 75 ms for the low-latency threshold. These settings ensure xthis Pa r t I V - Appendi es feature is indeed activated at times when user experience is poor. Chapter 21 -

Appendix A - I nter netw or k ing Basics

For known, slower connections (for example, if you are connecting over a wWAN or dial-in connection), set the client mode to On to force the feature on, regardless of the latency detected by Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model the server. Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model I ndex

List Figur To ofset thees client mode to On via the Web Interface Server, edit the template.ica file and add the List of Tables following entries: List of Case Studies List of Sidebars ZLMouseMode

1 ZLKeyboardMode

(0-disabled, 1-enabled, 2-auto) 1

Enabling Data Compression Data compression improves user experience for low-bandwidth connections. The ICA client compresses the data on the client side, and the MetaFrame server decompresses the data on the

server side. This compression and decompression inflicts a processor performance penalty on both the server and the client, but with the current processor power available on both sides, this penalty is negligible. Citrix'sCit internal statistics showSuthat compression produces an average ratio of two to rix Metest t aFra m e Access it e ICA fo r W in do w s Ser ver one, and higher ratios highly 2 00 3 :when Th e O ff icialgraphical Guid e pages and print jobs are employed. by Steve Kaplan et al.

ISBN:0072195665

It is important to note that if ICA compression is enabled, a network compression tool such as McGr aw -Hill © 2003 (724 pages) Packeteer's Xpress, Expand's ACCELERATOR, or Verizon Wireless's Venturi Software Technologies This guide ex plains how to build a r obust, reliable, and will not improve performance. In fact, these tools often slow performance and cause other problems scalable thin- client com puting envir onment and deploy when ICA compression is enabled. Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

To enable maximum compression thee. Web Interface Server, edit the template.ica file and add the on the desktop, andvia mor following entries:

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Compress On Suite for Window s Ser v er 2003—The Official Guide Citr ix MetaFr am e Access MaximumCompression For ewor d

On

I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Queuing Mouse Movements and Keystrokes I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

-

Enterpr ise

Clicking the Queue Mouse Movements and Keystrokes check mark in the client settings causes the Chapter 2 - Window s Ter minal Ser vices Program Neighborhood client to send mouse and keyboard updates less frequently to the MetaFrame Chapter 3 - Citr ix MetaFr am e Access Suite server. Check this option to reduce the number of network packets sent from Program Neighborhood Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion to the MetaFrame server. Intermediate mouse packets are discarded and the number of keystroke Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter packets4 are- coalesced into a single larger packet. I mplem ent ation

Chapter 5 mouse - Ser vermovement - Based Computing Data Center Architect ure on the Web Interface server, edit the To set the and keystroke queuing settings Chapter 6 - Designing Your or k forentries: Ser ver- Based Com put ing template.ica file and add theNetw following Chapter 7

- The Client Envir onment

Chapter 8 - Security MouseTimer 200 Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

(This setting canver beConfigur varied, but increasing value too much Chapter 11 - Ser ation: Windowsthis Ter m inal Serv ices could degrade interactive response.) Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion KeyboardTimer50 Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

(This setting can be varied well, but again, increasing this value too much could degrade interactive Chapter 16 - Securing Clientas Access response.)

Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Enabling Persistent Cache

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 persistent - Migr ation to Window s 2003logon and Citr ix and MetaFrame XPthe performance of graphics operations Enabling cache decreases time improves Ongoing Administr ation of therequires Ser v er - Based Com puting during an ICA session. Since this feature local disk or firmware space, it is not available for Chapter 21 Envir (Windows onment some ICA clients CE thin clients, for example, as generally these devices do not have Pa r t I V - Appendi x es

sufficient local storage space to maintain the cache files).

Appendix A - I nter netw or k ing Basics

To enable persistent cache on the Interface server, edit the template.ica file and add Appendix B the - Creating an OnDemfeature and Enterpr ise Web Financial Analysis Model the following entry: an On- Dem and Enterpr ise Subscr iption Billing Model Appendix C - Creating I ndex List PersistentCacheEnabled of Figur es

On

List of Tables List of Case Studies

Using the Cache-Control List of Sidebars

HTTP Header in IIS

Microsoft Internet Information Server (IIS) can be configured to improve the browsing experience of the Web Interface Web Site for wWAN users. These configurations are based on client-side caching of the Web Interface images. As IIS settings are beyond the scope of this, please refer to Microsoft IIS documentation for more information on cache settings.

rix Me t aFraClient m e Access Su it e fo r W in do w s Ser ver Security onCitthe ICA 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 Steveintegration Kaplan et al. Citrix ICA clients by support with enterprise security standards. Some of the more typical McGrare aw -Hill © 2003 (724 pages) standards supported

This guide ex plains how to build a r obust, reliable, and

Connecting through SOCKS server or Secure server (also known as security proxy scalable athinclient proxy com puting envir onment proxy and deploy Windows Windows Ser v er and server) MetaFr am e. Also server, HTTPS proxy 2000/ server, or SSL 2003 tunneling proxy learn t o centr alize application managem ent, r educe soft w ar e on ICA the desktop, and mor e. the Secure Gateway or SSL Relay solutions with Secure Integrating the Win32 Clients with Sockets Layer (SSL) and Transport Layer Security (TLS) protocols < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Connecting to a server through a firewall

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

Connecting to a Server Through a Proxy Server

I ntr oduction

Pa r t I - servers Ov er vi e w of used Ente r to pr ise r ve r - Bainto, se d Com g Proxy are limitSeaccess andput outinof,

a network, and to handle connections between

I ntr oducing Ser ver -Based Com puting and th e On- Dem and ICA clients Chapter 1 -and MetaFrame servers. The ICA Win32 clients support SOCKS and secure proxy Enterpr ise protocols, and can automate the detection and configuration of the ICA protocol to work with the client Chapter 2 - In Window s Ter minal with Ser vices connection. communicating the MetaFrame server, the Win32 Program Neighborhood Agent Chapter Citr ix MetaFr am e Access Suite server settings that are configured remotely on the and the3 ICA- Win32 Web Client use proxy Pa r t I I - De signi ng Interface a n Ent e rprserver. i se SBCWeb SolutInterface ion MetaFrame Web

2.0 is configured by default to autodetect the client

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise web browser Chapter 4 - settings and pass these to the client's ICA session. In communicating with the web server, I mplem ent ation the ICA Win32 Program Neighborhood Agent and the ICA Win32 Web Client use the proxy server Chapter - Ser ver -through Based Computing Data CenterofArchitect ure web browser on the client device. settings5 configured the Internet settings the default Chapter 6 -the Designing Your Netw or kdefault for Serweb ver- Based Com ingclient device need to be set for the Obviously, local settings of the browser onput the Chapter 7 - proxy The Client EnvirSee onment appropriate settings. Chapter 16 for information about configuring proxy server settings for Chapter these ICA 8 clients. - Security Chapter 9

- Net w or k Managemen t

Using Clients with Gateway Pa r t I I I - Ithe m pleICA m ent Win32 ing a n O n-D e m a nd Se r ve r -Secure Ba se d Com pu ti ng Envifor r onmMetaFrame e nt Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

For external users (and some highly secure internal users), the ICA Win32 clients can be configured to use the Secure Gateway or SSL Relay service. The clients support both SSL and TLS protocols, which Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver are discussed at length in Chapters 8 and 16. Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 13 - Application I nstallation and Configur at ion

Chapter 14provides - Client strong Configur ation and to Deploym ent the privacy of ICA connections and certificate-based SSL encryption increase Chapter 15 -authentication Pr ofiles, Policies, and Pr ocedu res you are connecting to is a genuine server. server to ensure the server Chapter 16 - Securing Client Access

TLS Security) Chapter 17(Transport - Net wor kLayer Configur at ion is the latest, standardized version of the SSL protocol. The Internet Engineering Taskforce (IETF) renamed it TLS when it took over responsibility for the development of SSL as an open standard. TLS secures data communications by providing server Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment authentication, encryption of the data stream, and message integrity checks. Because there are Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP only minor technical differences between SSL Version 3.0 and TLS Version 1.0, the certificates Ongoing Administr ation of the Ser v er - Based Com puting Chapter - for SSL in your MetaFrame installation will also work with TLS. Some organizations, you21use Envir onment including those in the U.S. government, require the use of TLS to secure data communications. Pa r t I V - Appendi x es These organizations may also require the use of validated cryptography, such as FIPS 140. FIPS Appendix A - I nter netw or k ing Basics 140 (Federal Information Processing Standard) is a standard for cryptography. Security is covered Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model in more depth in Chapters 8,16, and 17. Chapter 18 - Pr int in g

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

I ndex System Requirements for SSL/TLS In addition to the system requirements listed for each ICA client, List Figur es must be met for SSL/TLS support: theoffollowing List of Tables

device must support 128-bit encryption. List ofThe Caseclient Studies List of Sidebars

The client device must have a root certificate installed that can verify the signature of the Certificate Authority on the server certificate. The ICA client must be configured to be aware of the TCP listening port number used by the SSL Relay service on the MetaFrame server.

Verifying Cipher Strength/128-Bit Encryption Internet Explorer users can determine the encryption level of their system by doing the following: 1.

1. Start Internet Explorer. 2. From the Help menu, click About Internet Explorer.

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

00 3 : Th e O ff icial Guid e 3. Check the2Cipher Strength value. If it is less than 128 bits, you need to obtain and install a highISBN:0072195665 by Steve Kaplan et al. and search for "128encryption upgrade from the Microsoft web site. Go to www.microsoft.com McGr aw -Hill © 2003 (724 pages) bit" or "strong encryption." This guide ex plains how to build a r obust, reliable, and thin-the client com puting envir deployExplorer installed, or if you are not 4. Downloadscalable and install upgrade. If you do onment not haveand Internet Windows 2000/ Windows 2003 v er andvisit MetaFr am e. Also certain about the encryption level of yourSer system, Microsoft's web site at learn t o centr alize application managem ent, r educe soft w ar e www.microsoft.com to install a service pack that provides 128-bit encryption. on the desktop, and mor e. < ?xm l Note version= The" 1.0" ICA encoding= Win32 clients " I SO-support 8859- 1"certificate ?> key lengths of up to 4096 bits. Ensure that the bit Ta ble o f Con t en t s of your Certificate Authority root and intermediate certificates and those of your lengths certificates, do Window not exceed length your ICAGuide clients support. Otherwise, your Citr ix MetaFrserver am e Access Suite for s Serthe v er bit 2003—The Official For ewor d

connection may fail.

I ntr oduction

Configuring the ICA Client for Use with MetaFrame Secure Gateway MetaFrame Secure Gateway can be configured for either Normal mode or Relay mode. With Secure Gateway in Normal mode, the I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 Client only ICA configuration required is to enter the fully qualified domain name (FQDN) of the Secure Enterpr ise Gateway server. If Secure Gateway is used in Relay mode, the Secure Gateway server functions as a Chapter 2 - Window s Ter minal Ser vices proxy and the ICA client needs to be configured to use: Chapter 3 - Citr ix MetaFr am e Access Suite Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

The fully qualified domain name (FQDN) of the Secure Gateway server

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

mplem entofation The portI number the Secure Gateway server

Chapter 5

- Ser ver - Based Computing Data Center Architect ure Configuring the ICA Win32 Program Agent and Web Client for MetaFrame Secure Chapter 6 - Designing Your Netw or k for Neighborhood Ser ver- Based Com put ing

Gateway Win32 Neighborhood Agent and the Win32 Web Client use settings that are Chapter 7 The - The ClientProgram Envir onment configured Chapter 8 -remotely Security on MetaFrame Web Interface to connect to servers running MetaFrame Secure

Gateway. Chapter 16 for information on properly setting up the Web Interface server to integrate Chapter 9 See - Net w or k Managemen t with Secure Gateway.

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Configuring the ICA Win32 Program Neighborhood Client for MetaFrame Secure Gateway To

Chapter 11 the - Ser ver Configur Windows Terserver: m inal Serv ices configure details of your ation: Secure Gateway Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

1. Start the Program Neighborhood Client.

Chapter 13 - Application I nstallation and Configur at ion Chapter 14you - Client Configur ation and Deploym entright-click the application set to be configured and 2. If are configuring an application set: Chapter select 15 - Pr ofiles, Policies, and Pr ocedu res Application Set Settings. The Application Set dialog box appears. If you are configuring Chapter an 16 existing - Securing Client Access custom ICA connection: right-click the custom ICA connection you want to configure Chapter and 17 -select Net wor k Configur at ion Connection Properties dialog box appears. If you are configuring all Properties. The

custom Chapter future 18 - Pr int in g ICA connections: right-click in a blank area of the Custom ICA Connections and select Custom Settings. Custom Connections dialog box Chapter window 19 - Disaster Recovery and Connection Business Continuity in The the SBC EnvirICA onment Chapter appears. 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21you - are configuring an application set or an existing custom ICA connection: from the Network 3. If Envir onment Pa r t I V -Protocol Appendi xmenu, es

select SSL/TLS + HTTPS. If you are configuring all future custom ICA connections: from the Network Protocol menu, select HTTP/HTTPS. Appendix A - I nter netw or k ing Basics Appendix B the - Creating an OnDem and Firewalls. Enterpr ise Financial Analysis Model 4. On Connection tab, click Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex5. Enter the FQDN of the Secure Gateway server in the Secure Gateway address box. List of Figur es

Note The FQDN must list, in sequence, the following three components: Host name

List of Tables

List of Case Studies List of Sidebars

Intermediate domain Top-level domain For example: my_computer.my_company.com is an FQDN, because it lists, in sequence, a host name (my_computer), an intermediate domain (my_company), and a top-level domain (com). The combination of intermediate and top-level domains (my_company.com) is generally referred to as the domain name.

6. Enter the port number in the Port box. 7. Click OK twice.

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Configuring and Enabling ICA Clients for SSL and TLS ISBN:0072195665 by Steve Kaplan et al. aw -Hill © 2003 (724 pages) SSL and TLS areMcGr configured in the same way, use the same certificates, and are enabled This guide ex plains how to build a r obust, reliable, and simultaneously. scalable thin- client com puting envir onment and deploy

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also When SSL and TLS are enabled, each time a connection is initiated the Client attempts to use TLS learn t o centr alize application managem ent, r educe soft w ar e first, then tries SSL. If it desktop, cannot connect on the and morwith e. SSL, the connection fails and an error message appears. < ?xm l version= encoding= for " I SO?> Forcing TLS" 1.0" Connections All8859ICA 1" Win32 Clients To force the ICA Win32 clients (including the TaICA ble o f Con tWeb en t s Client) to connect with TLS, the Secure Gateway server or SSL Relay service needs Win32 Citr ix MetaFr am einAccess Suite for Window Ser v er 2003—The Guide TLS specified the configuration (see sChapter 16 for moreOfficial details). To manually configure the ICA For ewor dProgram Neighborhood Client to use SSL/TLS: Win32 I ntr oduction 1. Open the Program Neighborhood client. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

2. If you Iare configuring an-Based application set to and usethSSL/TLS: the application set you want ntr oducing Ser ver Com puting e On- DemRight-click and Enterprand ise select Application Set Settings. The Application Set dialog box appears. If you to configure Chapter are 2 - Window s Ter Ser vices configuring anminal existing custom ICA connection to use SSL/TLS: right-click the custom ICA Chapter connection 3 - Citr ix MetaFr am etoAccess Suiteand select Properties. The Connection Properties dialog box you want configure Pa r t I I - appears. De signi ngIf ayou n Ent are e rpr configuring i se SBC Solut all ion future custom ICA connections to use SSL/TLS: right-click in a blank areaing of Your the Custom ICA Connections window and select Custom Connection Settings. Pr epar Or ganization for an On- Dem and Enterpr ise Chapter 4 I mplem ICA ent ation The Custom Connections dialog box appears. Chapter 1

Chapter 5

- Ser ver - Based Computing Data Center Architect ure 3. If are configuring an application set Based or an existing custom ICA connection: From the Chapter 6 you - Designing Your Netw or k for Ser verCom put ing

menu, select SSL/TLS + HTTPS. If you are configuring all future custom ICA Chapter Network 7 - TheProtocol Client Envir onment connections: from the Network Protocol menu, select HTTP/HTTPS. - Security

Chapter 8

Chapter 9 -the NetFQDN w or k Managemen t 4. Add of the SSL/TLS-enabled MetaFrame server(s) to the Address List. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 5. Click 10 - OK. Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

To configure the ICA Win32 Program Neighborhood Agent to use SSL/TLS, do the following:

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

SSL/TLS Ito encrypt application and launch data passed between the 1. To Chapter 13 use - Application nstallation and Configurenumeration at ion Neighborhood and theent MetaFrame Web Interface server, configure the Chapter Program 14 - Client Configur ationAgent and Deploym settings in and the configuration file on the web server (see Chapter 16 for more Chapter appropriate 15 - Pr ofiles, Policies, Pr ocedu res

The configuration Chapter details). 16 - Securing Client Accessfile must also include the machine name of the MetaFrame server hosting the SSL certificate.

Chapter 17 - Net wor k Configur at ion Chapter 18 use - Prsecure int in g HTTP (HTTPS) to encrypt the configuration information passed between the 2. To Chapter Program 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Neighborhood Agent and the Web Interface server, enter the URL of the server Chapter hosting 20 - Migr to Windowfile s 2003 and Citr ix https:// MetaFrame XP theation configuration in the format on the Server tab of the Ongoing Administr ation of Properties the Ser v er -dialog Based Com Program Neighborhood Agent box. puting Chapter 21 Envir onment Pa r t configure I V - Appendi To thex es Appsrv.ini

file to use TLS:

Appendix A -the I nter netw or kNeighborhood ing Basics Program Agent if it is running. Make sure all Program Neighborhood 1. Exit Appendixcomponents, B - Creatingincluding an On- Dem Enterpr iseCenter, Financial Analysis theand Connection are closed.Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex2. Open the individual's user-level Appsrv.ini file (default directory: %User Profile%\Application

Data\ICAClient) in a text editor. List of Figur es List of Tables

3. Locate the section named [WFClient]. Set the values of these two parameters as follows:

List of Case Studies

List of Sidebars SSLCIPHERS={GOV | All}

SECURECHANNELPROTOCOL={TLS | Detect}. Set the value to TLS, or Detect to enable TLS. If Detect is selected, the Program Neighborhood Agent tries to connect using TLS encryption. If a connection using TLS fails, the client tries to connect using SSL. 4. Save your changes.

Certificate Revocation List Checking New with FeatureCit Release Citrix certificate list checking. When certificate rix Me t 3, aFra m e released Access Su it e fo r Wrevocation in do w s Ser ver revocation list checking is enabled, ICA 2 00 3 : Th e O ff icialthe Guid e Win32 clients check whether or not the server's certificate has been revoked. the cryptographic authentication of the MetaFrame XP server ISBN:0072195665 by This Stevefeature Kaplanimproves et al. and improves theMcGr overall security of the SSL/TLS connections between an ICA Win32 client and a aw -Hill © 2003 (724 pages) MetaFrame XP server. This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy

Several levels of Windows certificate2000/ revocation list2003 checking can enabled. Windows Ser v er andbeMetaFr am e.For Alsoexample, the client can be learn t o centr alizecertificate application managem ent, rthe educe soft w arnetwork e configured to check only its local list, or to check local and certificate lists. In on the can desktop, and mor e.for certificate checking to allow users to log on only if all addition, the certificate be configured Certificate Revocation Lists are verified. < ?xm l version= " 1.0" encoding= " I SO8859- 1" ?> Ta ble o f Con t en t s

To enable certificate revocation list checking, in the Template.ica file on the Web Interface server, configure the SSLCertificateRevocationCheckPolicy setting to one of the following options:

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

I ntr oduction

list checking Pa r t I NoCheck - Ov er vi e wNo of certificate Ente r pr ise revocation Se r ve r - Ba se d Com put in gis Chapter 1

performed.

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

CheckWithNoNetworkAccess The local list is checked.

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

listSolut andion any Pa r t I FullAccessCheck I - De signi ng a n Ent The e rpr ilocal se SBC Chapter 4

network lists are checked.

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

FullAccessCheckAndCRLRequired The local list and any network lists are checked; users can - Ser ver - Based Computing Data Center Architect ure log on if all lists are verified.

Chapter 5 Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7 -FIPS The Client onment Requirements Meeting 140 Envir Security Chapter 8

- Security To meet 140 requirements, the following parameters listed in the following subsections Chapter 9 FIPS - Net w orsecurity k Managemen t

must ining thea nTemplate.ica onr -the Web Interface server, in the Pa r t I I Ibe - Iincluded m ple m ent O n-D e m a nd file Se r ve Ba se d Com pu ti ng Envi r onmor e nt

user-level Appsrv.ini

file of the client device. and Deploying an Enter pr ise SBC Envir onment Chapter 10 local - Pr oj ect Managing Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Configuring the Appsrv.ini file to Meet FIPS 140 Security Requirements To configure the Appsrv.ini file to meet FIPS 140 security requirements:

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Program Neighborhood Agentent if it is running. Make sure all Program Neighborhood 1. Exit Chapter 14 -the Client Configur ation and Deploym components, including the Connection Center, are closed.

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Chapter 16 - Securing Client Access 2. Open the individual's user-level Appsrv.ini file (default directory: %User Profile%\Application Chapter Data\ICAClient) 17 - Net wor k Configur at ion in a text editor. Chapter 18 - Pr int in g

3. Locate the section named Chapter 19 - Disaster Recovery and[WFClient]. Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

4. Set the values of these three parameters as follows:

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

SSLENABLE=On

Pa r t I V - Appendi x es

Appendix A - SSLCIPHER=GOV I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - SECURECHANNELPROTOCOL=TLS Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

5. Save your changes.

List of Figur es

List of TablesRoot Certificates on the ICA Win32 Clients To use SSL/TLS to secure communications Installing between ICA clients and the MetaFrame server, a root certificate is needed on the List of CaseSSL/TLS-enabled Studies

client device that can verify the signature of the Certificate Authority on the server certificate. List of Sidebars The Citrix ICA Win32 clients support the Certificate Authorities supported by the Windows operating system. The root certificates for these Certificate Authorities are installed with Windows and managed using Windows utilities. They are the same root certificates used by Microsoft Internet Explorer. One exception to this is the Java client. Since this is a server-deployed client, the administrator of the Web Interface server must update the Java configuration files to include the Certificate Authority information and path.

If you use your own Certificate Authority, you must obtain a root certificate path from that Certificate Authority and install it on each client device. This root certificate path is then used and trusted by both Microsoft InternetCit Explorer ICASu Win32 rix Me tand aFrathe m e Citrix Access it e fo rClient. W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Depending on anbyorganization's policies and procedures, an administrator may prefer to install the root ISBN:0072195665 Steve Kaplan et al. certificate on each client device instead of directing users to install it. In most cases, if an organization McGr aw -Hill © 2003 (724 pages) is using Windows 2000 Server or Windows Server 2003 with Active Directory, the root certificate can This guide ex plains how to build a r obust, reliable, and be deployed and scalable installedthinusing Windows 2000 Group Profiles. client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

Note We strongly selecting amanagem common, Internet-based, Certificate Authority learn trecommend o centr alize application ent, r educe soft w artrusted e (such as or Thawte) toe.eliminate the following client-side configuration steps, onVerisign the desktop, and mor regardless of whether you use Secure Gateway or SSL gateway services to make the < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> connection. Ta ble o f Con t en t s Citr MetaFr e Access Suiteonfor Window Ser v er device: 2003—The Official Guide Toixinstall aam root certificate the Win32s Client For ewor d

1. Double-click the root certificate file. The root certificate file has the extension .cer, .crt, or .der.

I ntr oduction

Pa r t 2. I - Ov er vi ethat w ofyou Enteare r pr installing ise Se r ve rthe - Ba se d Comroot put incertificate. g Verify correct

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

EnterprCertificate. ise 3. Click Install

Chapter 2

- Window s Ter minal Ser vices 4. The Import starts. Click Next. Chapter 3 -Certificate Citr ix MetaFr am e Wizard Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

5. Choose the Place All Certificates in the Following Store option and then click Browse.

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

6. On the Select Certificate Store screen, select Show physical stores. Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 7. Expand 6 - Designing the Trusted Your Root Netw or Certification k for Ser verAuthorities Based Comstore put ing and then select Local Computer. Click Chapter OK. 7 - The Client Envir onment Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

8. Click Next and then click Finish. The root certificate is installed in the store you selected.

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

For more details about certificates, and the server-side configuration, please see Chapter 16.

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Smart Ser ver Configur Windows Ter m inal Serv ices Enabling Card ation: Logon Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

This section smart card on the MetaFrame server, and that the client Chapter 13 - assumes Applicationthat I nstallation andsupport Configurisatenabled ion device 14 is properly up and configured with ent third-party smart card hardware and software. Refer to Chapter - Client set Configur ation and Deploym

the documentation cameand withPryour smart Chapter 15 - Pr ofiles,that Policies, ocedu res card equipment for instructions about deploying smart cards within your network.

Chapter 16 - Securing Client Access Chapter 17 card - Net removal wor k Configur at set ion on the MetaFrame server determines what happens if the smart The smart policy Chapter 18 Pr int in g card is removed from the reader during an ICA session. The smart card removal policy is configured Chapter 19and - Disaster and Business Continuity in the SBC Envir onment through, handledRecovery by, the Windows operating system. Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

To enable smart cardAdministr logon with Passthrough requires a smart card to be present or Ongoing ation of the Ser v authentication er - Based Com puting inserted in the smart card reader at logon time. With this logon mode selected, the Program Envir onment Neighborhood Pa r t I V - AppendiAgent x es prompts the user for a smart card personal identification number (PIN) when it starts up. then caches the PIN and passes it to the server every time the Appendix A Passthrough - I nter netw orauthentication k ing Basics user requests a published resource. The user not have to subsequently reenter a PIN to access Appendix B - Creating an OnDem and Enterpr ise does Financial Analysis Model published If authentication basedise onSubscr the cached PIN fails or if a published resource itself Appendix C resources. - Creating an On- Dem and Enterpr iption Billing Model requires user authentication, the user continues to be prompted for a PIN. I ndex Chapter 21 -

List of Figur es

Perform the following to enable smart card logon with Passthrough authentication:

List of Tables

1. From the Program Neighborhood Agent Admin tool, select Logon Method from the Configuration Settings menu.

List of Case Studies List of Sidebars

2. Click Smart Card Passthrough Authentication to select the option. 3. Save your changes. To enable smart card logon without Passthrough authentication requires a smart card to be present or inserted in the smart card reader when the user tries to log on. With this logon mode selected, the Program Neighborhood Agent prompts the user for a smart card PIN (personal identification number)

when it starts up and every time the user requests a published resource. To enable smart card logon without Passthrough authentication, do the following: Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

1. From the Program Admin tool, select Logon Method from the 2 00 3 : ThNeighborhood e O ff icial GuidAgent e Configuration settings menu. ISBN:0072195665 by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

2. Click Smart Card Logon to select the option.

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy

3. Verify thatWindows Passthrough Authentication is not selected. 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

4. Save youron changes. the desktop, and mor e.

< ?xm l version= NDS " 1.0" encoding= I SO- 8859- 1" ?> Enabling Logon "Support Ta ble o f Con t en t s Citr MetaFr NDS am e Access for Window s Ser er 2003—The Official Guide Toixenable LogonSuite Support, perform thevfollowing: For ewor 1. dFrom the Program Neighborhood Agent Admin Tool, select Logon Method from the I ntr oduction Configuration settings menu. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

2. Click Use NDS Credentials for Com Prompt User I ntr oducing Ser ver -Based puting andand th ePassthrough On- Dem and authentication to select the option.Enterpr ise

Chapter 1 Chapter 2

- Window s Ter minal Ser vices 3. Enter the ixdefault Chapter 3 - Citr MetaFrtree am ename. Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

4. Save your changes.

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Connecting to a Server Through a Firewall - Ser ver - Based Computing Data Center Architect ure

Chapter 5

Chapter 6 firewalls - Designing Your Netw or k for Ser verBasedon Com ing Network can allow or block packets based theput destination address and port. Chapter 7 - The Client Envir onment

Note Chapter 8 Additional - Security steps beyond what is covered here may be required to connect to a MetaFrame behind a firewall, depending on the firewall and server configurations. The use Chapter 9 server - Net wfarm or k Managemen t am MetaFrame interface with Secure Gateway eliminates Pa r t I I I - I mofple ent ing a n OWeb n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e ntthe

requirement to perform

configurations and simplifies the client setup. Please see Chapter 10 these - Pr ojclient-side ect Managing and Deploying andramatically Enter pr ise SBC Envir onment for more details. Chapter 11 Chapter - Ser ver16 Configur ation: Windows Ter m inal Serv ices

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

To use the ICA Win32 Clients through a network firewall that maps the server's internal network IP

Chapter I nstallation and Configur ion address13to -anApplication external Internet address, do the at following: Chapter 14 - Client Configur ation and Deploym ent

1. Open the Program Neighborhood Client.

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Chapter 16you - Securing Client Access 2. If are configuring an application set: right-click the application set to be configured and Chapter select 17 - Net wor k Configur at ion Application Set Settings. The Application Set dialog box appears. Chapter 18 - Pr int in g

3. If are configuring a custom ICA connection: the custom Chapter 19you - Disaster Recovery and Business Continuity inright-click the SBC Envir onment ICA connection you want andtoselect Custom Settings. The Chapter to 20 configure - Migr ation Window s 2003 Connection and Citr ix MetaFrame XP Custom ICA Connections dialog box appears. Ongoing Administr ation of the Ser v er - Based Com puting

Chapter 21 -

Envir onment

4. Click Add. The Add Server Location Address window appears.

Pa r t I V - Appendi x es

Appendix A - Ithe nterexternal netw or k ing Basics 5. Enter Internet address of the MetaFrame server. Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

6. Click The an newly address of theModel MetaFrame server appears in the Appendix C - OK. Creating On- added Dem andexternal Enterpr Internet ise Subscr iption Billing I ndex

Address List.

List of Figur es

7. Click Firewalls.

List of Tables

List of Studies 8. Case Select Use Alternate Address for Firewall Connection. List of Sidebars

9. Click OK twice. Note All MetaFrame servers in the farm must be configured with their alternate (external) address.

Locking Down the ICA Client As discussed in Chapters 7,11,13, and 15, the lockdown of the desktop device, regardless of the

device, is an important aspect to maintaining a minimal maintenance client environment. If a configuration can be changed on the client machine, there is a risk that it can be broken, and of course, if the device fails, configurations will toinbe Thus, if the device can be fully Cit rix Meany t aFra m e Access Su it ehave fo r W dore-input. w s Ser ver locked such that 2user and software (including client access software) cannot be 00 3 configurations : Th e O ff icial Guid e changed, the environment will require ISBN:0072195665 by Steve Kaplan et al. significantly less support. McGr aw -Hill © 2003 (724 pages)

We introduced three applications for this purpose: RES PowerFuse, AppSense, and triCerat, all of This guide ex plains how to build a r obust, reliable, and which do a good scalable job of efficiently and effectively locking down the desktop. thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

ICA and RDP Client Drive, Printer, and COM Port Mapping < ?xm Both l version= ICA and" 1.0" RDPencoding= clients now " I SOsupport 8859- local 1" ?> drive, printer, and COM port mapping. Local Mapping Taallows ble o f the Conclient t en t s to force the server to map a local device so that a user is able to employ a local

device fromamwithin the remote session. Citr ix MetaFr e Access Suite forserver Window s Ser v er 2003—The Official Guide For ewor d

Although local mapping can be very useful for remote, home, and traveling users, it is important to selectively apply local mappings in remote office and LAN environments since the data stream created Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g from sending data back and forth from the server to the client can be very intensive, and cause other I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 sessions ICA/RDP fail. Enterprto ise I ntr oduction

Chapter 2

- Window s Ter minal Ser vices

All three items can be enabled or disabled from the server in the Citrix Management Console (for ICA) - Citr ix MetaFr am e Access Suite or the Terminal Services Configuration utility (for RDP). The server can also be configured to default to Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion the client settings. The client local mapping settings can be configured for the RDP Client from the Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Local Resources tab. Chapter 4 Chapter 3

I mplem ent ation

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Thin-Client Configuration - Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 6 Chapter 7

- The Client Envir onment

As discussed in Chapter 7, most thin-client vendors have management software to remotely flash - Security updates and configurations to their thin clients. Although we prefer the simplest thin clients that just run Chapter 9 - Net w or k Managemen t ICA and RDP client software, we still recommend purchasing the enterprise versions of these Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt management suites, to aid in the mass setup and configuration of thin clients. Generally, this Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment management software requires a server running TFTP to put the management software and updated Chapter Ser verfor Configur ation: Windows m inal Servcalled ices Rapport Enterprise for this purpose. images11 on.- Wyse, example, provides anTer application Chapter 8

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Publishing the Full Desktop vs. Seamless Windows

Chapter 14 - Client Configur ation and Deploym ent

Chapter Pr ofiles, and Pr oceduitres Prior to15 the-advent of Policies, lockdown software was often necessary to limit a user to a specific application Chapter 16 Securing Client Access or small group of applications in order to ensure that users didn't maliciously or accidentally change Chapter 17 - Netthat wor could k Configur at ion server settings cause instability (such as installing printers). By choosing to publish an Chapter 18 Pr int in g application in a "desktop window," that application appears to take up the entire screen when a user Chapter Disaster Recovery and Business Continuity in the SBC was Envircreated onment in order to make access logs in.19 The- Seamless Windows feature of the Win32 ICA Client to individual applications transparent toMetaFrame the user. These application icons appear just as any Chapter 20 - published Migr ation to Window s 2003 and Citr ix XP

other icons on the user's PC desktop. user necessarily Ongoing Administr ation of The the Ser v erdoesn't - Based Com puting know that the application is actually onment running on a Envir server. With MetaFrame XP, all applications using Seamless Windows on a user's Pa r t I V - Appendi es desktop share ax connection, so it is not necessary to log on again each time one of these applications Appendix A - I nter netw or k ing Basics is executed. Chapter 21 -

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

The significant downside thatDem weand have seen ise in using Windows Appendix C - Creating an OnEnterpr SubscrSeamless iption Billing Model with a large number of

applications is that users don't understand when and where applications are coming from, and thus they struggle with understanding where their printers, files, and utilities are. In addition, if something List of Figur es doesn't work, they immediately blame the server farm, propagating the user community perception List of Tables that the server-based solution doesn't work. Because of this user perception problem, if we are List of Case Studies publishing more than one or two applications, we utilize a locked-down, full-desktop environment. List of Sidebars Although it isn't as slick, when users can recognize which environment they are in, it is easier to set and meet their expectations of application access and performance. I ndex

Autoupdate MetaFrame includes the ICA Client Update Configuration utility that allows an administrator to manage the ICA client versions in use on the network. The database of the various ICA client versions is created when MetaFrame is installed and is located in the \%SystemRoot%\ICA\ClientDB directory.

When a new client version for a particular type of client is placed in this directory, users with that client will see a notice the next time they log on. This notice informs them that a new client is available. Depending on theCit settings themClient Update the user can choose to skip the rix Me tin aFra e Access Su itConfiguration e fo r W in do wutility, s Ser ver update, or update2 00 at that 3 : Thtime. e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Chapter Cit 15: Profiles, Policies, and Procedures 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al.

ISBN:0072195665

This chapter examines the different types of profiles that are available to assist in controlling and McGr aw -Hill © 2003 (724 pages) optimizing the server-based computing environment. The chapter also covers general deployment tips guide ex plains how to build a r obust, reliable, and and guidelines forThis using Windows Group Policies to implement standard computing environments, and scalable thin- client com puting envir onment and deploy introduces the new Windows Server 20032003 policy wellam ase.the Group Policy Management Windows 2000/ Windows Sersettings v er and as MetaFr Also Console (GPMC).learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

The last section of this chapter covers recommended best practices for using profiles and Group < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Policies, with the focus on SBC infrastructure as it relates to the CME case study. Ta ble o f Con t en t s

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

User Profiles

For ewor d

I ntr oduction

A user profile is simply a registry hive in file format (NTuser.dat) and a set of profile folders (stored in %systemdrive%\Documents and Settings) that contain information about a specific user's environment I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 and preference settings. Profiles include settings such as printer connections, background wallpaper, Enterpr ise ODBC settings, MAPI settings, color schemes, shortcuts, Start menu items, desktop icons, mouse Chapter 2 - Window s Ter minal Ser vices settings, folder settings, and shell folders such as My Documents. Profiles are automatically created Chapter 3 - Citr ix MetaFr am e Access Suite the first time a user logs into any NT-based machine, including a Terminal Server. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise NTuser.dat Chapter 4 - (the file that stores the user's registry-based preferences and configurations) is loaded by I mplem ent ation

the system during logon and mapped into the registry under the subtree HKEY_CURRENT_USER.

Chapter - be Serfound ver - Based Computing Data Center Architect ure such as C:\Documents and This file5 can at the root of the user's profile location, Chapter 6 - Designing Your NetwThe or k for ver- Based Com such put ingas Application Data, Cookies, Desktop, Settings\username\NTuser.dat. setSer of profile folders Chapter 7 Menu - Theare Client onment and Start alsoEnvir located at the root of a profile location such as C:\Documents and Chapter 8 - Security Settings\username\Application Data. The Application Data profile folder is where applications and Chapter 9 - Net w or k Managemen t other system components store user data, settings, and configuration files. There are two types of Pa r t I I I - Ilocal m ple m entroaming. ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt profiles: and

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Local Profiles

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation at ionthat exists on a single machine. By default, a user As the name implies, a local profileand is aConfigur user profile Chapter 14 - aClient ation andhave Deploym ent local profiles on different machines. This type of will employ local Configur profile and may several

profile is useful for the average Chapter 15not - very Pr ofiles, Policies, and Pr oceduuser res since it cannot traverse a load-balanced server farm. Local profiles lead to end-user confusion as applications and environment changes do not follow the Chapter 16 - Securing Client Access users when logk inConfigur to different Chapter 17 - they Net wor at ion servers in the farm. For example, a user may change their background Chapter 18 - setting Pr int in gto green on one Terminal Server, log out, and then log back in to a different

Terminal to find that theand background is not green. This is caused by having two separate local Chapter 19 Server - Disaster Recovery Business Continuity in the SBC Envir onment profiles, with one on each server. Local profiles are useful for administrators or service accounts that do not need their settings to roam from one server to another.

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Roaming Profiles

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

Aroaming is a centrally stored versioniseofFinancial a local profile. The profile is "roaming" in that it is Appendix B profile - Creating an On- Dem and Enterpr Analysis Model copied toC every computer the user in toise asSubscr their "local" profile.Model There, it is utilized as a locally Appendix - Creating an OnDem andlogs Enterpr iption Billing cached copy until the user logs out, at which point it is saved back to the central storage location for I ndex

profiles. This List of Figur es is the primary type of profile employed in an SBC network due to the necessity of having user settings "roam" with the user. A roaming profile can also be mandatory. The corresponding files have an extension specific to the type: NTuser.dat for a roaming profile and NTuser.man for List of Case Studies mandatory roaming. Mandatory profiles are covered more in depth in the next section. List of Tables

List of Sidebars

Roaming profiles allow users to make changes to their environment. These changes are then recorded in the locally stored copy of the roaming profile. Once a user logs off, the profile changes are copied back to the network share from which it was originally loaded. This profile is then used the next time the user logs in to the SBC environment. Another item to remember with roaming profiles is that the last write wins. An example of this can be seen when a user logs in to two different machines simultaneously. They may change something in their profile in one session (such as the background color to green) and proceed to log out. They then change the background color to blue in the other

session and log out. As a result, the user will end up having a blue background the next time they log in to a machine. This is due to the fact that the last logout causes the profile to be written back to the profile storage location which overwrites anySu previous writes. Cit rix Me t aFra m e Access it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Roaming profiles have the following advantages:

For ewor d

I ntr oduction User-specific application settings, such as default file locations, file history, and fonts are saved to Pa r t I the - Ovprofile. er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

-

Chapter 3

- Citr ix MetaFr am e Access Suite

Users can Enterpr customize ise the desktop environment. They can change colors, fonts, backgrounds, desktop icons, and the Start menu. Chapter 2 - Window s Ter minal Ser vices Default limitations of roaming profiles include

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Profiles Chapter 4 - have no restriction on file size, which can lead to rapidly increasing disk space and I mplem ent ation

network bandwidth consumption. This becomes a problem particularly when users drag large - Ser ver - Based Computing Data Center Architect ure documents onto their desktop for easy access.

Chapter 5 Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7 - The Envir onment Users are notClient prevented from making changes that might render their environment unstable or Chapter unusable. 8 - Security Chapter 9

- Net w or k Managemen t

Although roaming profiles were designed to allow users to make changes, roaming profiles can be locked down to reduce the changes a user can make to their environment. A review of how to Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment implement roaming profiles with Group Policy to achieve a balance between giving users sufficient Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices rights to change what they need while maintaining control and manageability of the profiles is Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver presented later in this chapter. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Mandatory Roaming Profiles

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access

A mandatory roaming profile is a specific type of roaming profile that is preconfigured by an administer and cannot be changed by the user. This type of profile has the advantage of enforcing a common Chapter 18 - Pr int in g interface and a standard configuration. A user can still make modifications to the desktop, Start menu, Chapter - Disaster and Business in thelogs SBCout, Envir or other19elements, butRecovery the changes are lost Continuity when the user asonment the locally stored profile is not Chapter 20 Migr ation to Window s 2003 and Citr ix MetaFrame XP saved back to the network share. Chapter 17 - Net wor k Configur at ion

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir onment Mandatory roaming profiles are created by renaming the NTuser.dat file in the roaming profile to Pa r t I V Appendi x es NTuser.man. Mandatory profiles should be used for kiosk environments or where users cannot be Appendix A change - I nter netw or k ing Basicsto their profiles. trusted to settings related Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Mandatory haveand theEnterpr following Appendix C -roaming Creatingprofiles an On- Dem ise advantages: Subscr iption Billing Model I ndex

Profile size is fixed and typically small. This alleviates disk storage problems and potential network

List ofcongestion. Figur es List of Tables

network traffic is cut in half since the locally cached profile is never copied back to the List ofProfile Case Studies server. List ofprofile Sidebars No user settings are saved. This eliminates some help-desk calls as it prevents users from inadvertently destroying their environments. If the user has made inappropriate changes to the environment, logging out and logging back in will reset them to an original configuration. The following are disadvantages of mandatory roaming profiles: No user settings are saved. This lack of flexibility may lead to the need to create various

"standard" mandatory roaming profiles to accommodate different needs. User-specific application settings, such as Microsoft Outlook profile settings, are not saved with the Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver profile. Mailbox settings need to be set each time a user logs in to the system or be configured 2 00 3 : Th e O ff icial Guid e before the profile is changed to mandatory. ISBN:0072195665

by Steve Kaplan et al. aw -Hill © 2003 (724 pages) Many of the sameMcGr beneficial restrictions of mandatory roaming profiles can be accomplished using a guide ex plains how to build flexibility. a r obust, reliable, and standard roamingThis profile without compromising For this reason, mandatory profiles are not scalable thin- client com puting envir onment and deploy often utilized in the SBC environment. Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Profile Mechanics

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> profile locations can be specified in an Active Directory domain. Both are TaTwo ble oseparate f Con t enroaming ts

configured from within Suite the Active Directory and Computers administration program. Citr ix MetaFr am e Access for Window s SerUsers v er 2003—The Official Guide For ewor d

Terminal Server Profile Path This profile path is used when a user logs in to a server with Terminal Services running. It is configured from the Active Directory Users and Computers Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g administration program on the Terminal Services Profile tab, as shown in Figure 15-1. This setting I ntr oducing Ser verin -Based Comenvironment puting and thto e keep On- Dem and Terminal Server profiles separate is strongly recommended an SBC users' Chapter 1 Enterpr ise from their standard client OS profile. I ntr oduction

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20Figure - Migr15-1: ation The to Window s 2003 and profile Citr ix MetaFrame XP Terminal Server path Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Note Windows Pa r t I V - Appendi x es

Server 2003 Active Directory environments can use Group Policy to set the

Terminal profile path. Appendix A - I nter netw orServer k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

User Profile Path This profile path is used when a user logs into a computer without Terminal Services running (such as a local workstation or laptop) or when no specific Terminal Server I ndex profile path is specified. This profile path is configured from the Active Directory Users and List of Figur es Computers administration program on the Profile tab, as shown in Figure 15-2. Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

User Path Chapter 3 Figure - Citr 15-2: ix MetaFr amProfile e Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 The importance of these two profile paths is critical in setting up an optimized SBC environment and is I mplem ent ation

illustrated in the following example. Users located at the CME-EUR site log in to Windows 2000 - Ser ver - Based Computing Data Center Architect ure Professional desktops before launching Citrix applications. They have a value for User Profile Path Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing populated for their user accounts that points to a local server (\\frankfurtsrv\profiles\%username%). Chapter 7 - The Client Envir onment This keeps the profiles for their local workstation close to their workstation for optimal retrieval. The Chapter 8 Security same users- log in to MetaFrame servers that are located back at CME-CORP in Chicago, Illinois. The Chapter 9 Services - Net w or k Managemen Terminal profile path for tthese users points to a server located in the corporate network in Pa r t I I I - I (chicagosrv\profiles\%username%). m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Chicago This is done to avoid having profiles copied from the Chapter 10 server - Pr oj ect Deploying an Enter pr ise Envirand onment Frankfurt overManaging the WANand links to the MetaFrame XPSBC servers avoids user confusion that may Chapter 11 Ser ver Configur ation: Windows Ter m inal Serv ices arise from having a common profile for both their local workstation and MetaFrame XP sessions. Chapter 5

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter Profile 13 Processing - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

The process that occurs whenand a user logsres in to a Terminal Server is as follows. The Terminal Server Chapter 15 - Pr ofiles, Policies, Pr ocedu

contacts a domain controller to determine where the roaming profile is located as specified in the Terminal Services Profile text field in the user's account. If this field exists, the profile is copied down to Chapter 17 - Net wor k Configur at ion a locally cached version of the profile. If the Terminal Services Profile field is left blank, the Terminal Chapter 18 - Pr int in g Server will look at the Profile Path text field and download that profile if it exists. If both fields are blank, Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment the Terminal Server will use a local profile (if one already exists), or create one if it does not exist by Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP copying settings from the default users profile on the machine they are logging in to. This process is Ongoing Administr ation of the Ser v er - Based Com puting illustrated Chapter 21 in - Figure 15-3. Chapter 16 - Securing Client Access

Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I Figure I I - I m ple m ent ing a nprocessing O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt 15-3: Profile

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Home Directory

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Like the profile path settings, two different home directories can be specified. Terminal Services Home

Chapter 14 (shown - ClientinConfigur Deploym Directory Figure ation 15-1) and specifies theent directory used when a user logs in to a server running Chapter 15 Pr ofiles, Policies, and Pr ocedu res Terminal Services. The Home folder (shown in Figure 15-2) specifies the user's home directory when Chapter 16not - utilizing SecuringaClient Access they are machine with Terminal Services. Chapter 17 - Net wor k Configur at ion

Note Services Home directory can be specified with Group Policy as described later Chapter 18 The - PrTerminal int in g chapter. Chapter 19 in- this Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Windows 2000 and 2003 will default the home directory location to the user's profile if no other

Ongoing Administr ation of the Ser v er - Based Com puting location21is specified, causing a profile's size to swell as users store information at this location. Since a Chapter Envir onment

user's profile is copied across the network every time they log in to, or out of, another computer, the goal is to minimize the size of the profile. Home directories accomplish this by giving the users a Appendix A - I nter netw or k ing Basics location to store their personal information outside of the profile. Pa r t I V - Appendi x es

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Appendix - Creating On- Dem and Enterpr isewere Subscr iption Billing appropriately Model NoteC Support for an legacy applications that not designed still may require the use I ndex of application compatibility scripts. The data from the application compatibility scripts are List of Figurstored es in the home directory. Chapter 13 has more information on the use of application

compatibility scripts. List of Tables List of Case Studies

Home directories should be placed on network file servers that are co-located with the Terminal Servers in order to facilitate the efficient transfer of files. In relation to our case study CME Corp, we recommend creating a home directory share called "Home" on the local enterprise file server closest to the user and storing the home directories in this share.

List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Group Policies 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by used SteveinKaplan et al.2000 and Windows Server Group Policies are Windows 2003 to define change and McGr aw -Hill They © 2003are (724used pages)to define user and computer configurations for groups of configuration management. users and computers. Configuration of Group Policy is done through This guide ex plains how to build a r obust, reliable, and the Group Policy Object Editor scalable Management thin- client com Console puting envir onment and deploy from within the Microsoft (MMC) snap-in. The Group Policy settings are Windows 2000/ Windows Ser v er andwith MetaFr am e. Also contained in a Group Policy Object, which2003 is associated selected Active Directory objects such as learn t o centr alize application managem ent, r educe soft w ar e sites, domains, and organizational units. There is also an option for local policy creation to assist in on the desktop, and mor e. controlling specific computers.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaUsing ble o f Group Con t en ts Policy, an administrator is able to control the policy settings for the following: Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

Registry-based policies This includes Group Policy for the Windows 2000 and 2003 operating systems and their components, as well as for applications. To manage these settings, use the I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g Administrative Templates node of the Group Policy snap-in.

I ntr oduction Pa r t

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Security options Local computer, Chapter 2 - Window s Ter minal Ser vices domain, and network security settings Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Software installation and maintenance options Centralized management of application Pr epar ing Your Or ganization installation, updates, and removal. for an On- Dem and Enterpr ise Chapter 4 I mplem ent ation

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Scripts startup Chapter 6 - options DesigningThis Yourincludes Netw or kscripts for Serfor ver-computer Based Com put ing and shutdown, as well as user logon and Chapter 7 logoff. - The Client Envir onment Chapter 8

- Security

Chapter 9 - redirection Net w or k Managemen Folder options tThis allows administrators to redirect users' special folders to network Pa r t I storage I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt locations.

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Implementing Windows Group Policies for registry-based policies, security options, and folder Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices redirection essential in a well-managed SBCam environment. Administrators should use Group Policy Chapter 12 -is Ser ver Configur ation: Citr ix MetaFr e Presentation Ser ver to ensure have what they need performattheir Chapter 13 users - Application I nstallation andtoConfigur ion jobs, but do not have the ability to corrupt or

incorrectly configure their environment. Many common user lockdown settings are contained in the Windows Explorer component under the User Configuration section. A new Terminal Server Chapter 15 - Pr ofiles, Policies, and Pr ocedu res configuration section is available in Windows Server 2003 Group Policy that did not exist in Windows Chapter 16 - Securing Client Access 2000. The new settings are contained in the Terminal Services component under Computer Chapter 17 - Net wor k Configur at ion Configuration. The Terminal Services component of the Computer Configuration Group Policy Chapter 18 - Pr int in g provides a place to set several important configurations, including Chapter 14 - Client Configur ation and Deploym ent

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Setting settings Chapter 20 - keep-alive Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 - the path for the Terminal Services roaming profile location Setting Envir onment Pa r t I V - Appendi x es

Setting the path for the Terminal Services home directory

Appendix A - I nter netw or k ing Basics

Appendix B that - Creating an On- Dem andActive Enterpr ise Financial Analysis Model Machines are a member of an Directory domain process Group Policies in a very Appendix C Creating an OnDem and Enterpr ise Subscr iption Billing Model systematic way. The processing order is as follows: I ndex

1. Local Group Policy Object

List of Figur es List of 2.Tables Site

List of Case Studies

3.Sidebars Domain List of

4. Organizational unit (OU) Exceptions to the default order are due to Group Policies being set to no override, disabled, block policy inheritance, or loopback processing. The key things to remember are the order in which policies are applied, and that a Domain setting will override a Site setting. Understanding this will help in troubleshooting problems with policy settings not being implemented. For example, if the same settings are applied at both the Site and OU levels, the OU policy will still be implemented unless

special settings (such as no override) have been configured. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it eConsole fo r W in do w s Ser ver The Group Cit Policy Management 2 00 3 : Th e O ff icial Guid e

Steve Kaplan eta al. Windows Server by 2003 introduced new tool to manage GroupISBN:0072195665 Policy called the Group Policy McGr aw -Hill © 2003 (724 pages) is a separate installation and can only be used in Management Console (GPMC). The GPMC conjunction with Windows 2003 installation files can be found at This guideServer ex plains howmachines. to build a rThe obust, reliable, and scalable thin- client com puting envir and deploy www.microsoft.com/windowsserver2003/gpmc. Theonment management console can be installed on either 2000/ Windows 2003 Ser v erwith andSP1. MetaFr am e. Also Windows Server Windows 2003 or Windows XP Professional learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Some of the key enhancements of the Group Policy Management Console include the following: < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Af unified interface that makes Group Policy easier to administer Ta ble o Con t engraphical ts Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

The ability to back up and restore Group Policy Objects

For ewor d

I ntr oduction Import/export and copy/paste of Group Policy Objects and Windows Management Instrumentation Pa r t I filters - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Simplified Enterpr management ise of Group Policy-related security and delegation HTML -reporting for GPO settings and the resultant set of policy data Citr ix MetaFr am e Access Suite

Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Scripting of Group Policy-related tasks exposed within this tool Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Chapter 4

-

Chapter 9

- Net w or k Managemen t

I mplem ent ation The Group Policy Management Console allows an administrator to view the scope of created policies, Chapter 5 in- Figure Ser ver -15-4. BasedItComputing Data Architect to ureview the resulting policies applied to users as shown also enables anCenter administrator Chapter 6 - Designing Yoursee Netw k for Ser verBased Com handy put ing in situations where settings are not Figure 15-5. This is very or computers, as you can in or Chapter 7 as - expected, The Client as Envir onment behaving the administrator can see which policy is overriding the other and make the Chapter appropriate 8 - changes. Security Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

Figure Thean Group Policy Console policyModel scope Appendix B - 15-4: Creating On- Dem and Management Enterpr ise Financial Analysis Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Figure 15-5: The Group Policy Management Console Group Policy results I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Citrix Policies 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve Kaplan et al. Citrix introduced user policies in Feature Release 2 for MetaFrame XP. Citrix user policies are similar McGr aw -Hillbut © 2003 pages) to controlling only MetaFrame XP-related settings. They in nature to Group Policies are (724 restricted are configured from CMChow and to can be aapplied groupsand or specific users. They are Thiswithin guide the ex plains build r obust,toreliable, thin- client com puting onmentdown and deploy particularly usefulscalable in configuring settings such envir as locking the number of sessions a user or group Windows 2000/shadowing Windows 2003 Ser v er andCitrix MetaFr am e. allow Also an administrator to turn on of users can have, or in setting permissions. polices learn t o centr alize application managem ent, r educe soft w ar e and off the following options per and group ore.user: on the desktop, mor

< ?xm l version= " 1.0" encoding=mapping " I SO- 8859- 1" ?> Local drive/printer/port Ta ble o f Con t en t s

optionsSuite and for permissions Citr ix Shadowing MetaFr am e Access Window s Ser v er 2003—The Official Guide For ewor d

Concurrent login sessions

I ntr oduction

Pa r t I Content - Ov er vi eredirection w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Time zone Enterpr controls ise Encryption settings - Citr ix MetaFr am e Access Suite

Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Auto-client update

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Best Practices 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve Kaplan al. be using roaming profiles In relation to our case study, CMEetwill for all standard users due to the fact McGr awability -Hill ©to 2003 (724 pages) that users will need the configure application settings and have them roam between servers. Roaming profilesThis will exist locations: a roaming profile for their guideinextwo plains how to build a r obust, reliable, and local workstation located on a file scalable com puting envir and deploy server at the same office,thinandclient a roaming profile foronment the MetaFrame environment located on a file 2000/ Windows 2003CME Ser v will er and e. Also server where the Windows MetaFrame servers reside. useMetaFr local am profiles for the administrators and learn t o centr alize application managem ent, r educe soft w ar e service accounts.on Mandatory profiles will be implemented for the kiosk stations that are used as job the desktop, and mor e. application terminals at the manufacturing sites. Some of the major challenges of a mix of local, < ?xm l version= encoding= " I SO- 88591" ?> roaming, and" 1.0" mandatory roaming profiles are

Ta ble o f Con t en t s Citr ix Implementing MetaFr am e Access Suite group for Window s Ser 2003—The Official different policies forv er users when they logGuide in to a Terminal Server For ewor d

Limiting the profile file size

I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Locking down the desktop

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Enterpr ise Eliminating inappropriate application features

Chapter 2

- Window s Ter minal Ser vices Limiting to local Chapter 3 - access Citr ix MetaFr am eresources Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Controlling application availability

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

In order to overcome these challenges, CME will use Group Policy to redirect appropriate folders to - Ser ver - Based Computing Data Center Architect ure minimize profile size, lock down the desktop environment, and eliminate inappropriate application Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing features. Citrix user policies and published applications will be used to limit access to local resources, Chapter 7 - The Client Envir onment define shadow permissions, and control application availability. Chapter 5

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Implementing Different Group Policies for Users When They Log Chapter in to 10a Terminal - Pr oj ect Managing Server and Deploying an Enter pr ise SBC Envir onment Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Since the are special-use computers within the environment, users should have Chapter 12 Terminal - Ser ver Servers Configur ation: Citr ix MetaFr am e Presentation Ser ver

different settings and configurations applied to their environment when they log in to the MetaFrame XP servers versus logging in to a local workstation or laptop. The processes for achieving this are Chapter 14 - Client Configur ation and Deploym ent listed next. Chapter 13 - Application I nstallation and Configur at ion Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

1. Create a separate OU in Active Directory for the MetaFrame XP servers. Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

2. Move the MetaFrame XP servers to the newly created OU.

Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery Business in the SBCXP Envir onment 3. Create and apply a newand Group PolicyContinuity to the MetaFrame server OU. Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

4. AssignOngoing appropriate permissions to the Policy. Administr ation of the Ser vGroup er - Based Com puting

Chapter 21 -

Envir onment

5. Enable loopback processing within the Group Policy Object.

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

Creating a Separate OU in Active Directory for the MetaFrame XP Servers

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Appendix C - Creating On- Dem and Enterpr15-6, ise Subscr iptionaBilling Model Follow these steps, asanillustrated in Figure to create separate OU in Active Directory: I ndex

1. Choose Start | Programs | Administrative Tools | Active Directory Users and Computers.

List of Figur es

List of 2.Tables Select Action | New | Organizational Unit. List of Case Studies

3.Sidebars Enter the name for the OU that will house the MetaFrame XP servers. Click OK. List of

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Figure 15-6: Creating a separate OU for MetaFrame servers Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

Moving the Enterpr MetaFrame ise XP Servers to the Newly Created OU

Chapter 2

- Window s Ter minal Ser vices Perform steps move Suite the MetaFrame XP servers to the newly created OU: Chapter 3 the - following Citr ix MetaFr am etoAccess

(found Pa r t 1. I I - Locate De signithe ng aMetaFrame n Ent e rpr i seserver SBC Solut ion

in the Servers or Computers OU), right-click it, and choose Move. Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 I mplem ent ation 2. Select thever newly created OU dedicated forArchitect MetaFrame Chapter 5 - Ser - Based Computing Data Center ure servers and click OK. Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

3. Repeat this process for all MetaFrame XP servers.

Chapter 8 - and Security Creating Applying Chapter 9

a New Group Policy to the MetaFrame XP Server OU

- Net w or k Managemen t

Pa r t I I I -15-7 I m ple m ent ing n O n-D e of m aand Se r Group ve r - Ba se d ComFollow pu ti ng these Envi r onm e ntto Figure shows the acreation new Policy. steps

Chapter Policy: 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser verthe Configur ation: Windows Ter m inal Serv ices 1. Right-click OU and select Properties. Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

2. Choose the Group Policy tab. Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

3. Click New.

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access 4. Enter an appropriate name for the Group Policy. Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Figure 15-7: Creating a new Group Policy

create a new Group

Assigning Appropriate Permissions to the Group Policy Figures 15-8 andCit 15-9 themapplication and Group Policies rix show Me t aFra e Access Su it edenial fo r W of in do w s Ser ver by group. The steps to apply 2 00Policy 3 : Th are e O ff icial Guid e or remove a Group by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 5 - 15-8: Ser ver - Based Computing Center ure group Figure Applying the Group Data Policy to theArchitect Citrix users Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

Figure 15-9: Denying the Group Policy to the Domain Admins group

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Appendix C - Creating an OnDemObject and Enterpr ise Subscr iption Billing Model 1. Select the Group Policy and click Properties. I ndex

2. Figur Select List of es the Security tab. List of Tables

3. Add and remove appropriate users and groups (deny the Apply Group Policy attribute to any user or group to which the Group Policies should not apply).

List of Case Studies List of Sidebars

Enabling Loopback Processing Within the Group Policy Object Figures 15-10 and 15-11 show the Group Policy Enabling process and how to change the loopback mode setting to Replace. The steps are as follows: 1. Select the Group Policy Object and click Edit. 2. Choose Computer Configuration | Administrative Templates | System | Group Policy folder and

2. double-click to select the User Group Policy loopback processing mode. 3. Check the radio button next to Enabled.

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

2 00 3 : Th e O ff icial Guid e 4. Set the mode to Replace or Merge based on the user environment. by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Figure 15-10: Enabling Group Policy loopback processing

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Figure 15-11: Setting loopback mode to Replace Ongoing Administr ation of the Ser v er - Based Com puting

Chapter 21 -

Envir onment

Pa r t I V - Appendi x es

Note "Replace" means that the user settings defined in the computer's Group Policy Objects replace the user settings normally applied to the user through Group Policy. "Merge," on the Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model other hand, means that the user settings defined in the computer's Group Policy Objects and Appendix C the - Creating an On-normally Dem and applied Enterpr ise Subscr iption ModelIf the settings conflict, the user user settings to the user are Billing combined. I ndex settings in the computer's Group Policy Objects take precedence over the user's normal List of Figursettings. es Appendix A - I nter netw or k ing Basics

List of Tables List of Case Studies

Limiting the Profile File Size

List of Sidebars

Profiles tend to grow in size over time. This is largely due to users saving documents in their My Documents folder, dragging items onto their desktop, or saving information into the Application Data folders contained in the profile. To keep the profile sizes minimized for our case study, CME will configure network shares to store profiles, and configure the preceding folders for redirection to the user's home directory using Group Policy. CME will store Terminal Server profiles in a share called TS_Profiles. This helps to distinguish them from normal profiles used on client operating systems. These normal profiles will be stored in a share called NT_Profiles.

The redirection of Application Data, Desktop, and My Document folders is configured within the existing Group Policy assigned to the MetaFrame server's OU as shown in Figure 15-12. To configure rix Me t aFra m e Access Su it e fo r W in do w s Ser ver redirection, followCit these steps: 2 00 3 : Th e O ff icial Guid e

MetaFrame Servers policy from within the Group Policy Object Editor. 1. Edit the existing ISBN:0072195665 by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

2. Open User Configuration | Windows Settings | Folder Redirection. This guide ex plains how to build a r obust, reliable, and

thin- client com puting onment and deploy 3. Right-clickscalable Application Data and select envir Properties.

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e 4. The settingonfield option should be set to Basic - Redirect everyone's folder to the same location. the desktop, and mor e.

The Target Folder Location option should be set to Create A Folder For Each User Under The < ?xm l5.version= " 1.0" encoding= " I SO- 88591" ?> Ta ble o f Root Con t en Path. ts Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

6. Set the root path to the location of the user's home directory (\\FileServer\Home).

For ewor d

I ntr oduction 7. Follow steps 3 through 6 for Desktop and My Documents. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Figure Settings Application Data redirection Chapter 16 - 15-12: Securing Client for Access Chapter 17 - Net wor k Configur at ion

Note Folder redirection through Group Policy is only available with Active Directory domains.

Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Locking Down the Desktop

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 - of control that users are given over their desktop environments varies from organization to The amount Envir onment

organization. Securing Pa r t I V - Appendi x es

the desktop can be accomplished in many ways, including

Appendix A - I nter netw or k ing Basics

Using Group Policy to redirect the Desktop and Start menu folders to a common read-only folder on a network share and to limit the functionality of the Windows Explorer shell.

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

I ndex Using a third-party utility such as RES Powerfuse, triCerat's Simplify Lockdown, or AppSense List ofApplication Figur es Manager for desktop lockdown and folder redirection. List of Tables

Group Policy to completely remove Desktop, Start menu, and Windows Explorer shell List ofUsing Case Studies

functionality and use the Citrix Program Neighborhood Agent client executed from the MetaFrame XP server desktop.

List of Sidebars

In reference to the CME case study, CME will use one of the third-party utilities to assist with implementing a locked-down desktop environment and use Group Policy to assist with redirecting critical folders (such as My Documents, Application Data, and Desktop) to the user's home directory.

Eliminating Inappropriate Application Features

Many common applications, such as the Microsoft Office XP Suite, have features that are not appropriate for an SBC environment. An example of this type of feature is the Office Assistant that represents the help interface in the line. The Cit rix Me t aFra m e Office AccessXP Suproduct it e fo r W in do w s Office Ser verAssistant utilizes unnecessary 2 00 3 : Th O ffanimated icial Guidgraphic, e resources and, because ofe the does not perform well in a MetaFrame XP ISBN:0072195665 by common Steve Kaplan et al. environment. Many applications have compatible template files for Group Policy. The Office McGr aw -Hill © 2003 (724 pages) XP template file is office10.adm and the Office 2003 template file is office11.adm. These template files can be added to guide the Group Policy one of the and Administrative Template areas in the This ex plains howbytoright-clicking build a r obust, reliable, scalable thinclient com envir onment and Templates. deploy Group Policy Management Console andputing clicking Add/Remove By clicking the Add button, Windows 2000/ Windows 2003 Ser v er and file MetaFr e. it Also an administrator can browse to the appropriate template andam add to the Group Policy learn t o centr alize application managem ent, r educe soft w ar e Management Console. template files on the The desktop, and mor e. are located in the %systemroot%\inf directory if the application has been installed on that server; otherwise, they can be copied from the product media. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaAnother ble o f Con t en t s area of concern is applications that display splash screens at initialization. Many of common Citr these, ix MetaFr sucham ase Net Access Meeting Suite and for Window Internets Explorer, Ser v er 2003—The can be controlled Official Guide via Group Policies. Several other

applications have command-line switches that enable an administrator to publish the application to For ewor d users with these graphics suppressed. I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Custom .adm files can be created to add additional policies as well as custom registry settings through

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 Policy the Group interface. For more information on writing custom .adm files, please refer to Microsoft Enterpr ise

support2 article number 323639. Chapter - Window s Ter minal Ser vices Chapter 3

- Citr ix MetaFr am e Access Suite

Limiting Access to Local Resources

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Local resource I mplem access ent ation can be controlled through two methods. The first method is through the use of the Citrix Configuration accessed by ure editing the properties of the ica-tcp or ica-ipx Chapter 5 Connection - Ser ver - Based Computingconsole, Data Center Architect connection. The problem with this tool is that it has to be configured on each server individually and Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing applies to all users logging in to the server. The better method is to use Citrix User Policies. An Chapter 7 - The Client Envir onment example of allowing access to local drives follows. A policy is configured for denying drive access as Chapter 8 - Security well as any other custom settings that are needed for different local LPT or COM port access. The Chapter 9 - Net w or k Managemen t following steps required to eset drive rules Pa rt I I I - I m ple mare ent ing a n O n-D m aup nd different Se r ve r - Balocal se d Com puaccess ti ng Envi r onmper e ntuser or group: 1. Open the Citrix Management Consoleanand logpriniseasSBC a full Citrix administrator. Chapter 10 - Pr oj ect Managing and Deploying Enter Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

2. Right-click Policies and select Create Policy.

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies

3.Sidebars Enter a descriptive policy name and click OK. List of 4. Double-click the new policy to display the properties. 5. Open the Client Devices section. 6. Click Client Drive Mapping. 7. Click the radio button for Rule Enabled.

8. Click the selection box next to the drives that should not be available to the user or group. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

9. Click Connect Client Drives.

Chapter 7 - the Theradio Clientbutton Envir onment 10. Click for Rule Enabled. Chapter 8 - Security

11. Click radio button for Connect Client Drives at Logon. Chapter 9 - the Net w or k Managemen t Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

12. Go back to the Client Devices section and enable access to other local resources such as COM and LPT ports and printers.

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 12 - OK Ser ver Configur ix MetaFr amProperties e Presentation Serbox. ver 13. Click to close theation: AllowCitr Drive Access dialog Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

14. Right-click the policy and click Assign Users.

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 15. Add 1 -the users and groups to which you would like this policy to apply. Enterpr ise Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - OK Pr ofiles, Policies, and Prbox ocedu resapply the policy to those users. 16. Click to close the dialog and Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

Controlling Application Availability

Chapter 18 - Pr int in g

Chapter 19 - availability Disaster Recovery and Business Continuity in the SBC Envir onment Application is controlled using Citrix published applications. When published applications Chapter 20 - via Migr ation to Window s 2003 Console and Citr ix(CMC), MetaFrame XP are created the Citrix Management the administrator grants access to selected

groups or users. Ongoing All ofAdministr the CMEation users of will the get Ser vtheir er - Based applications Com puting based on published application group membership.Envir onment

Chapter 21 -

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

Change Control

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an all On-changes Dem and and Enterpr ise Subscr Billing Model We recommend testing tracking any iption modifications to policies and profiles through a I ndex revision control system. This can be as simple as keeping a written change log or as complex as using List of Figur es revision control software such as Component Software, Inc.'s CS-RCS List of Tables (www.componentsoftware.com/products/rcs/) or Merant's PVCS List (www.merant.com/Products/ECM/tracker/home.asp). of Case Studies Whatever the case, the important thing is that all

personnel involved with administering the system or making changes follow the same change control List of Sidebars procedure and have easy access to tracking systems.

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Chapter Cit 16: Securing Client Access 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al.

ISBN:0072195665

As discussed in Chapter 14, there are many ways to provide on-demand access to the server-based McGr aw -Hill © 2003 (724 pages) environment. Choosing which method depends on many factors, the most important of which is the This guide ex plains how to build a r obust, reliable, and location of the end users. For internal LAN/WAN users, securing access to the servers is not needed, scalable thin- client com puting envir onment and deploy and thus a simpleWindows deployment MetaFrame Interface witham Program 2000/ofWindows 2003Web Ser v er and MetaFr e. Also Neighborhood Agent provides a full solution. home-based or traveling users (external learn t oFor centr alize application managem ent, though r educe soft w ar e users accessing the on theInternet), desktop, Citrix and mor network via the public hase.developed a client access method that provides secure, simple access via a familiar web < ?xm l version= " 1.0" encoding= " I SO-interface. 8859- 1" ?>A secure access center, for the purpose of this book, can refer to both methods available for creating a web-based access solution: MetaFrame Secure Ta ble o f Con t en t s Gateway (the combination of MetaFrame Web Citr ix MetaFr am e Access Suite for Window s Ser v er Interface, 2003—TheSecure Official Ticket Guide Authority, and MetaFrame MetaFrame Secure Access Manager (a combination of Web Extensions, Secure Secure Gateway) and For ewor d Ticket Authority, and MetaFrame Secure Gateway). Secure Gateway and Web Interface are I ntr oduction components of MetaFrame XP Presentation Server, and MetaFrame Secure Access Manager is a Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g stand-alone product that integrates with MetaFrame XP Presentation Server. Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Secure - Access Window s TerCenter minal Ser vices Deployments

Chapter 2 Chapter 3

- Citr ix MetaFr am e Access Suite

Of toion server-based computing, Pa r t all I I -the De trends signi ngleading a n Ent eorganizations rpr i se SBC Solut

one of the most significant is the dependency Pr onepar IT staff to make everything toDem deploy intuitive ing Your Or ganization for easy an Onand and Enterpr ise for end users. This dependency Chapter leads to4 the- necessity making any software deployment obvious, and void of any required end-user I mplem entof ation instructions. Thus, the largest cost savings of SBCArchitect is in theure actual deployment of the application. Chapter 5 - Ser ver - Based Computing Data Center Although Citrix allows a user to manually configure an ICA session, and even allows an administrator Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing to automatically push an ICA application icon to users' desktops, the most recognized interface for Chapter 7 - The Client Envir onment users today is still a web interface. The web browser has become the ubiquitous access center—even Chapter 8 - Security the most nonsavvy end user has seen a web interface, and a significant number of the working Chapter 9 - Net w or k Managemen t population spends some portion of their day clicking web icons and blue hyperlinks, and typing URL Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt addresses. Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Chapter 11 Citrix - Serprovides ver Configur ation:automated Windows Ter m inal Serv ices Although several ways to deploy an access center to end users (in addition Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser verfrom Citrix Program to the nonautomated method of having a user create an ICA session Chapter 13 - Application I nstallation Configur at ion Interface and MetaFrame Secure Gateway Neighborhood), the combination of and MetaFrame Web Chapter 14a -secure, Client Configur ationdeployment and Deploym entcontinues to revolutionize server-based computing. provides web-based that Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Web Interface and Secure Gateway are both included with all versions of MetaFrame XP. Web Interface is also supported on Solaris platforms, but the latest version of Secure Gateway is only Chapter 17 - Net wor k Configur at ion supported on Windows 2000 Server or Windows Server 2003 platforms. Some enterprises will want to Chapter 18 - Pr int in g go further than just secure access to MetaFrame applications, however, and will deploy MetaFrame Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Secure Access Manager to further "webify" their environment. Chapter 16 - Securing Client Access

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me aFra m e Access Su it e fo r W inGateway do w s Ser ver Deployment Case StudyCitfor a tMetaFrame Secure 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve Kaplan et al. Our case study, CME Corp, has defined requirements for external access regarding traveling sales aw -Hill © 2003 and (724 pages) staff, home users,McGr Internet kiosks, wireless Internet WANS (Sprint, Verizon, T-Mobile, and others), supporting everything from dial-up broadband speeds. This guide ex plainsto how to build aconnection r obust, reliable, and

scalable thin- client com puting envir onment and deploy Windows 2000/ WindowsCME 2003has Ser chosen v er and to MetaFr am e. Also In order to support these requirements, implement MetaFrame Web Interface with learn t o centrto alize application managem ent, r educe soft w ar e MetaFrame Secure Gateway create an access center. on the desktop, and mor e.

CME's secure access center" deployment runs on Microsoft Internet Information Server version 6.0 on < ?xm l version= " 1.0" encoding= I SO- 8859- 1" ?> Figure 16-1 diagrams the infrastructure pieces that make up the secure access Windows Server 2003. Ta ble o f Con t en t s center. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Figure The CME secure diagram Chapter 6 - 16-1: Designing Your Netw or kgateway for Ser verBased Com put ing Chapter 7

- The Client Envir onment

Notice from- Figure 16-1 that a single dedicated server is used for both the Web Interface and the Security Secure Gateway software. The ability to place both Secure Gateway and Web Interface on a single Chapter 9 - Net w or k Managemen t server was introduced with Secure Gateway 2.0. In addition to reducing hardware costs, consolidating Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt these two functions also reduces costs by only requiring one server certificate. Also note that in order Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment to minimize the risk of hardware failure, two servers are used to provide fault tolerance in conjunction Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices with a third-party load balancer. Chapter 8

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Chapter 13 - Gateway Applicationdeployment I nstallation in and at ion Zone (DMZ) is accompanied by a third-party The Secure theConfigur Demilitarized Chapter 14 - Clientfrom Configur ation(other and Deploym ent certificates are also supported). The MetaFrame XP server certificate Verisign third-party

and MetaFrame for UNIX servers, wellres as a Secure Ticket Authority (STA) server, are in the internal Chapter 15 - Pr ofiles, Policies, and Pras ocedu LAN. The server Client also has a server certificate issued by an internal Certificate Authority (CA) to Chapter 16 STA - Securing Access encrypt17 the- traffic from itself toat the Chapter Net wor k Configur ion Web Interface/Secure Gateway server. Additional WAN/LAN CME network18details are Chapter - Pr int in gdiscussed and diagrammed in Chapter 17. Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver MetaFrameCitSecure Gateway Deployment 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve Kaplan et al. as a secure Internet-ready MetaFrame Secure Gateway functions gateway for Citrix Independent McGr aw(ICA) -Hill © traffic 2003 (724 pages) MetaFrame servers and Secure Sockets Layer (SSL)Computing Architecture between enabled ICA Client workstations. Allhow datatotraversing the Internet the client workstation and the This guide ex plains build a r obust, reliable,between and client com puting envir onment deploy Secure Gateway scalable server isthinencrypted, ensuring privacy and and integrity of information flow. Secure 2003secures Ser v er and MetaFr am e. server Also Gateway providesWindows a single2000/ pointWindows of entry and access to Citrix farms. SSL technology is learn t o centr alize application managem ent, r educe soft w ar e used for encryption, allowing secure transfer of data across public networks. Secure Gateway is also on the desktop, and mor e. designed to make firewall traversal with MetaFrame solutions easier. It is completely transparent to < ?xm l version= " 1.0" encoding= " I SO8859- 1" ?> both application programs and network devices, eliminating the need for any program modifications, Tafirewall ble o f Con t en t s or equipment upgrades. changes,

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

Benefits of a Secure Gateway Deployment

I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

As discussed in Chapters 3 and 12, MetaFrame Secure Gateway is one of the most significant new

I ntr oducing Ser ver puting andAlthough th e On- Dem andhas long provided access via the features by Citrix in -Based the pastCom three years. Citrix Chapter 1 developed Enterpr ise

Internet, prior to Secure Gateway, organizations often struggled with providing Internet access to SBC - Window s Ter minal Ser vices environments due to security concerns. Although both Citrix's ICA and Microsoft's RDP protocols Chapter 3 - Citr ix MetaFr am e Access Suite support 128-bit encryption, both protocols also require that firewall ports be opened at both the client Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion and data center sides of the Internet. MetaFrame Secure Gateway solves these security issues and Pr epar ing Your Or ganization for an On- Dem and Enterpr ise provides Chapter 4 the - following benefits: Chapter 2

I mplem ent ation

Chapter 5 -encryption Ser ver - Based Computing Data Center Architect ure Strong (SSL 128-bit and TLS 140-bit) Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing Authentication (achieved through Web Interface) Chapter 7 - The Client Envir onment Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Hidden internal network addresses for Citrix servers

Pa r t I Firewall I I - I m ple m ent ing through a n O n-D a em a nd Seaccepted r ve r - Ba seport d Com pu ti ng r onm e nt traversal widely (TCP portEnvi 443)

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Simplified server certificate management are required only on the Secure Gateway Chapter 11 - Ser ver Configur ation: Windows Ter(certificates m inal Serv ices server) Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Simple support for a large number of servers

Chapter 14 - Client Configur ation and Deploym ent

Chapter - Pr ofiles, for Policies, and Pr ocedu res No15 requirement separate client software (only a Secure Gateway-enabled ICA Client is Chapter required) 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

This firewall change creates both logistical and security challenges for companies, especially in instances where the client-side firewall may not be modified. An example of this is when one Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment company's employees are housed on another company's campus. Chapter 18 - Pr int in g

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Ongoing Administr ation ofby theencapsulating Ser v er - Based ICA Comtraffic puting(TCP port 1494) into SSL (TCP port Secure21 Gateway solves this problem Chapter Envir onment

443). Since SSL is a widely supported standard and utilized for many other web purposes, it provides a readily accepted transmission method for traffic traversing firewalls and the Internet.

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix A typicalBSecure - Creating Gateway an Ondeployment Dem and Enterpr involves ise Financial interaction Analysis of theModel following five Citrix components (also

shown inCFigure 16-2):an On- Dem and Enterpr ise Subscr iption Billing Model Appendix - Creating I ndex

A client device with an ICA Client, Version 6.30 or later, installed

List of Figur es

List ofThe Tables MetaFrame Web Interface server List of Case Studies

MetaFrame STA List ofThe Sidebars The MetaFrame Secure Gateway server The Citrix MetaFrame server(s)

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

Figure 16-2: Citrix components required for Secure Gateway Deployment

I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

End-User Interactions When Connecting to the Secure Gateway Enterpr ise Chapter 2 - Window s Ter minal Ser vices Deployment Chapter 1

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I Ifollowing - De signisection ng a n Ent e rpr i se Solut ion The details theSBC interactions

between the client devices and the back-end secure Prinfrastructure. epar ing Your Or ganization for an On- Dem and Enterpr ise access center -

Chapter 4

I mplem ent ation The user are as follows: Data Center Architect ure Chapter 5 interactions - Ser ver - Based Computing

Chapter 6 user - Designing k for SerURL ver- Based Comweb put ing 1. A accessesYour the Netw Webor Interface with the browser over port 80 (just like any other Chapter web 7 - site). The Client Envir onment Chapter 8

- Security 2. The web servicet where Web Interface resides has a default page to redirect the user Chapter 9 -IIS-based Net w or k Managemen

automatically to an HTTPS/SSL URL that then passes through the Secure Gateway service on the same server to secure the traffic over port 443. Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 11 -user Ser ver Configur ation: Windows m inal Serv ices 3. The is now interacting securely Ter with the Web Interface/Secure Gateway environment and Chapter is 12presented - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver with the login page. Chapter 13 - Application I nstallation and Configur at ion

4. The enters theiration credentials and submits the authentication request, which is passed Chapter 14 -user Client Configur and Deploym ent overPolicies, SSL toand the Pr Secure Gateway service (thus preventing the user credentials from Chapter encrypted 15 - Pr ofiles, ocedu res passed inClient plainAccess text). Chapter being 16 - Securing Chapter 17 - Net wor k Configur at ion

5. Once the Secure Gateway service obtains the user credentials, it opens a state ticket with the STA server and then passes the credentials to the MetaFrame farm over the defined XML Chapter service 19 - Disaster Recovery Business theport SBC Envirfor onment port (the default and is port 80 butContinuity CME will in use 8081 security purposes). Chapter 18 - Pr int in g

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

6. The user credentials areation checked Ongoing Administr of the via Serthe v er -Citrix BasedXML Comservice puting and verified by Microsoft Active Envir(or onment Directory other directory services such as Novell e-Dir).

Chapter 21 -

Pa r t I V - Appendi x es

7. Based on anetw successful authentication, the XML service communicates back to the Web Appendix A - I nter or k ing Basics service dynamically renders an access pageModel for the user with their application set AppendixInterface B - Creating an and On- Dem and Enterpr ise Financial Analysis if there are any them in the MetaFrame XP Message Center. AppendixorCindicates - Creating an OnDem andproblems, Enterpr isedisplaying Subscr iption Billing Model I ndex

8. When a user clicks an ICA published application, the Web Interface service sends the IP

List of Figur es address and port for the requested MetaFrame server to the STA and requests a session ticket List of Tables for the user. The user-installed ICA Client then securely establishes an ICA connection over List of Case Studies SSL/443. List of Sidebars

9. The Secure Gateway service receives the session ticket over 443 from the client and contacts the STA for ticket validation. If the ticket is valid, the STA returns the IP address of the MetaFrame server on which the requested application resides. If the session ticket is invalid or has expired, the STA informs the Secure Gateway service and an error message appears on the client device. 10. On receipt of the IP address for the MetaFrame server, the Secure Gateway server establishes

10. an ICA connection to the MetaFrame server over 1494 in a proxy-like manner. When the ICA connection is established, the Secure Gateway server encrypts and decrypts data flowing through the Citconnection. rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Me t aFra m e Access Su it e fo r W in do w s Ser ver InstallationCitofrixthe Secure Gateway Deployment 2 00 3 : Th e O ff icial Guid e

Kaplan al. be completed in order ISBN:0072195665 The following is abylistSteve of tasks thatetmust to successfully install and use aw -HillMetaFrame © 2003 (724 pages) MetaFrame WebMcGr Interface, STA, and MetaFrame Secure Gateway for the CME deployment. This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy

1. Select server(s) that meet the minimum requirements for each component (Web Interface, Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also Secure Gateway, learn t o and centrSTA). alize application managem ent, r educe soft w ar e on the desktop, and mor e.

2. Create DNS records for the Web Interface/Secure Gateway server and STA(s). < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble3.o f Obtain Con t enan t s SSL certificate for the Web Interface/Secure Gateway server using the fully qualified Citr ix MetaFr am e name Access(FQDN). Suite for Window s Ser v er 2003—The Official Guide domain For ewor d

4. Optionally, obtain an SSL certificate for the STA using the FQDN. I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

5. Install and configure the Web Interface web server.

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

ise 6. InstallEnterpr and configure the STA component.

Chapter 2

- Window s Ter minal Ser vices 7. Install andix configure Secure Gateway component. Chapter 3 - Citr MetaFr am the e Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

8. Lock down the MetaFrame Secure Gateway deployment. Pr epar ing Your Or ganization for an On- Dem and Enterpr ise -

Chapter 4

I mplem ent ation

Ser ver - Based Deployment Computing Data Center Architect ure Secure - Gateway Requirements

Chapter 5 Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing The following areClient requirements for each of the components necessary for the Secure Gateway Chapter 7 - The Envir onment

Deployment. Chapter 8 - Security Chapter 9

- Net w or k Managemen t

Client System Requirements

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

ICA Version 6.30 or later

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 -browser Ser ver Configur ation: Citr ix MetaFr e Presentation Ser ver A web and operating system that am support 128-bit encryption and have the appropriate root Chapter 13 - Application certificates installed.I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Web Interface System Requirements Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access

Microsoft Windows 2000 or 2003 Server with the latest service packs and hotfixes installed. Web Interface will run on Solaris platforms as well, but since Secure Gateway does not, this total Chapter 18 - Pr int in g solution requires a Windows Server platform. Chapter 17 - Net wor k Configur at ion

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 RAM. - Migr ation to Window s 2003 and Citr ix MetaFrame XP 1GB Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Internet Information Envir onmentServer 5.0/6.0 (IIS) installed and configured.

Pa r t I V - Appendi x es

Citrix Secure Gateway is natively supported by Web Interface, as well as by NFuse Classic 1.6 and 1.7.

Appendix A - I nter netw or k ing Basics

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

STA System Requirements

I ndex

List ofMicrosoft Figur es Windows 2000 or 2003 Server with the latest service packs and hotfixes installed List of Tables

RAM List of500MB Case Studies List of Sidebars

Internet Information Server 5.0/6.0 (IIS) installed and configured

MetaFrame Secure Gateway System Requirements Microsoft Windows 2000 Server or Windows Server 2003 with the latest service packs and hotfixes installed 1GB RAM

Additional 150MB hard drive space

MetaFrame Server Farm Requirements Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

MetaFrame XP ServerKaplan for Windows with Feature Release ISBN:0072195665 2 or later by Steve et al. and/or

McGr aw -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy

MetaFrame Secure Access Manager, Version 2.0 Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also and/or

learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

< ?xm l version= " 1.0"Server encoding= " I SO-Operating 8859- 1" ?> Systems, Version 1.1 or later MetaFrame for UNIX Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Creating DNS Records for the Web Interface/Secure Gateway Server I ntr oduction and STA(s) For ewor d

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

The assigned URL for the Web Interface/Secure Gateway server must be Internet resolvable. The

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 needs STA only to be Enterpr iseresolved by the Web Interface/Secure Gateway server. The ability to resolve

FQDNs2 is an important security aspect Chapter - Window s Ter minal Ser vices required for certificate-based implementations. Chapter 3

- Citr ix MetaFr am e Access Suite

Obtaining an SSL Certificate for the Web Interface/Secure Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 - Server Gateway I mplem ent ation Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 5

Ser ver - Based Computing Data Center Architect ure A Digital ID,- also known as a digital certificate or SSL certificate, is the electronic equivalent of a

Chapter 6 or- business Designinglicense. Your Netw for Ser ver-issued Based by Com ing authority that individuals or passport It isorakcredential a put trusted Chapter 7 - The Envir onment organizations canClient present electronically to prove their identity or their right to access information. Chapter 8

- Security When a9 CA- such issues Digital IDs, it verifies that the owner is not claiming a false identity. Chapter Net w as or k VeriSign Managemen t

Just issues a passport vouches for ethe Pa r t I Ias I - when I m ple a m government ent ing a n O n-D e m a nd Se r ve r - Baand se d officially Com pu ti ng Envi r onm nt identity of

the holder, when

a CA gives a digital certificate,anit is puting name behind your right to use your Chapter 10 -your Pr oj business ect Managing and Deploying Enter pr iseitsSBC Envir onment company andConfigur web address. Chapter 11 name - Ser ver ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

This section describes the basic process for obtaining a third-party server certificate from a well-known CA such as Verisign or Thawte. The processes for obtaining a certificate may differ slightly between Chapter 14the - Client ation the and same. Deploym ent CAs will include a variety of services and extras with CAs, but steps Configur are basically Most Chapter 15 Pr ofiles, Policies, and Pr ocedu res their certificate offerings. These services may include 40- or 128-bit SSL (Global Server) IDs, business Chapter 16 - Securing Client Access authentication, and protection against economic loss resulting from the theft, corruption, Chapter 17 Net wor k Configur at ion impersonation, or loss of a certificate. Services may also include trials of a security analysis or security Chapter - Pr intaccelerated in g auditing18service, certificate delivery, and certificate revocation and replacement periods. Be sure19and each potential CA for details on individual services. Chapter - check Disasterwith Recovery and Business Continuity in their the SBC Envir onment Chapter 13 - Application I nstallation and Configur at ion

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

CME has chosen to use a 128-bit SSL Server ID from Verisign for their Web Interface/Secure Gateway

Ongoing Administr ation of the Ser v er - Based Com puting Chapter server. 21 This- will secure the traffic and packets from the Internet to the DMZ. CME uses Microsoft Envir onment

Certificate Services Pa r t I V - Appendi x es

for the STA server certificate to secure the traffic and packets from the DMZ to the

internal A network. Appendix - I nterThese netw or kcertificates ing Basics allow all the traffic passing from the client to the server in the Secure Gateway deployment to use 443 the firewalls it traverses. Appendix B - Creating an On- Dem and port Enterpr isethrough Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Requesting the Server Certificate

I ndex

List of Figur In order toes complete the certificate request, you must provide the following documentation to the CA: List of Tables

of Organization Before a Secure Server ID can be issued, the CA will need to verify that List ofProof Case Studies company or organization has the legal right to conduct business under the name you specify List ofyour Sidebars in your enrollment request. Documentation may include a business license, the registration of a trade name, or a Dun & Bradstreet number. If you have a Dun & Bradstreet D-U-N-S Number registered for your organization, it may help expedite the verification process and issuance of your Secure Server ID. Note Your organization's legal name must match the organization name in your enrollment request. Otherwise, the CA will be unable to authenticate your organization.

Proof of Domain Name To issue your certificate, your domain name registration must be verified against the organization name provided during enrollment. CAs can only issue a Secure Server ID to the organization thatt aFra has m the legal right toeuse name. Cit rix Me e Access Su it fo r the W indomain do w s Ser ver The Common Name (domain name) for the2 00 server useGuid the eServer ID must be the FQDN. For CME's FQDN, 3 : Ththat e O will ff icial "access.cme.com," cme.com is al. the domain name and access is the host name. In ISBN:0072195665 by Steve Kaplan et "www.cme.com," cme.com is the domain name and www is the host name. McGr aw -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and

Generate a CSR Follow the instructions that came with your server software to generate a key pair scalable thin- client com puting envir onment and deploy and a Certificate Signing Request (CSR). generation creation of the server's private Windows 2000/ Windows 2003 Key Ser v pair er and MetaFr amise.the Also and public keys. copy ofalize the application public key managem is included with the submitted learnAt o centr ent, r educe soft w ar e CSR and then integrated on the e. do the following: into your Digital ID. desktop, To createand themor CSR, < ?xm l version= " 1.0"Internet encoding= " I SO- 88591" ?> on the Web Interface/Secure Gateway server. Services Manager 1. Open Ta ble o f Con t en t s

2. am Right-mouse-click the Default Site link Official and select Properties from the context Citr ix MetaFr e Access Suite foron Window s Ser v Web er 2003—The Guide For ewor d

menu. On the Directory Security tab, select Server Certificate.

I ntr oduction

3. Begin the Certificate Request Wizard.

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 14. -Create a new certificate. To do so, provide the following: Enterpr ise Chapter 2 Chapter 3

- Window s Ter minal vicesthat's easy for you to remember. This will correspond to the a. Name Pick aSer name - Citr ix Friendly MetaFr amname e Access Suite on the summary screen. The bit length field determines the

Pa r t I I - De signi ng acertificate's n Ent e rpr i seencryption SBC Solut ion strength.

We recommend a setting of 1024 to provide

Pr eparreasonable ing Your Or ganization an On-without Dem andsacrificing Enterpr iseperformance. encryptionfor strength I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

b. Organization and Organizational Unitput The - Designing Your Netw or k for Ser ver- Based Com ing legal name of your organization and

Chapter 7

the name of your division or department. - The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net k Managemen c.w or The Common tName (domain name) This is the valid DNS name of your Web

Pa r t I I I - I m ple m entInterface ing a n O n-D m a ndSecure Se r ve rGateway - Ba se d Com pu ti ngIf Envi onm e ntto sitee and server. you rdecide

change the common

Chapter 10 - Pr oj ect name Managing of theand site,Deploying you will have an Enter to obtain pr ise SBC a new Envir certificate. onment This will correspond with

Issuedation: To: field on theTer summary screen. Chapter 11 - Ser verthe Configur Windows m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallationInformation and ConfigurFill at ion d. Geographical in the appropriate information. Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

e. File Name Name your file and place it in a location that is easy to find. The default is C:\certreq.txt; do not alter the file extension.

Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

f. Request Fileand Summary allinthe information, Chapter 19 - Disaster Recovery Business Confirm Continuity therequest SBC Envir onment and make sure the Issued To: entry matches theixFQDN assigned Chapter 20 - Migr ation to Window s 2003 and Citr MetaFrame XP to the Web Interface site. Also Chapter 21 -

confirm that ation the Organization contains the legal name of your organization. Ongoing Administr of the Ser v erentry - Based Com puting Envir onment

Complete Pa r t I V - 5. Appendi x es

the wizard by clicking Finish.

Appendix A - I nter netw or k ing Basics

Submit the CSR and Select Your Server Software Open a web browser on the Web Interface/Secure Gateway and enter the URL for a CA. CME used Verisign at www.verisign.com. Appendix C each - Creating an their On- Dem Enterpr isefor Subscr iption Billing Modelfor a certificate, we will not Since CA has ownand instructions submitting a request I ndex document all the steps involved. However, each CA has detailed instructions on their web sites for List ofsubmitting Figur es the request. Some generic answers to the required CSR information are that the List ofrequest Tables should be for a Web Server Certificate or SSL certificate, the type of server software will List ofbe Case Studies and the encryption strength should be a minimum of 128-bit. Microsoft, Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

List of Sidebars

When you cut and paste the request from the text file to the CA's online form, select the entire text area including the lines "-----BEGIN NEW CERTIFICATE REQUEST-----" and "-----END NEW CERTIFICATE REQUEST-----".

Complete and Submit the Application Review and confirm the information drawn from your CSR. If any of the information is incorrect, generate a new CSR with the appropriate information. Things to note for filling out the online forms include

Technical contact This person must be authorized to run and maintain your secure web server. The technical contact receives the Secure Server ID and other notification e-mails. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Organizational contactet The ISBN:0072195665 be employed by your company. by Steve Kaplan al. organizational contact must This contact must authorized to make a binding agreement to the Secure Server Service McGr aw -Hillbe © 2003 (724 pages) Agreement your This should a different This for guide ex organization. plains how to build a r obust,bereliable, and person than the technical contact.scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e the desktop, and mor e. receives invoices and receipts by regular mail. Billing on contact The billing contact < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Wait for Processing and Final Verification The CA now examines the information you have Ta ble o f Con t en t s

submitted. If everything you entered is correct, they should be able to authenticate your organization and issue your Secure Server Digital ID, usually in three to five business days. Your For ewor d technical contact will usually receive an e-mail message confirming your enrollment. Final I ntr oduction Verification is the last step of the order process and can only be completed after your organization Pa r t I name - Ov erand vi e wdomain of Ente rname pr ise Se r ve rbeen - Ba se verified. d Com put in g have Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Enterpr ise Install Your ID When your Digital ID is approved, the CA will usually e-mail it to your technical Chapter 2 - Window s Ter minal Ser vices contact. When you receive your Digital ID, make a backup copy of it and store it on a floppy disk or Chapter 3 - Citr ix MetaFr e Access Suite it. The Secure ID will look much like the request.txt file CD-ROM, noting the am date you received earlier. Open Notepad on ion the server and paste in the entire certificate response Pa r t I submitted I - De signi ng a n Ent e rpr i se SBC Solut includingPrthe lines "-----BEGIN CERTIFICATE-----" andEnterpr "-----END epar ing Your Or ganization for an On- Dem and ise CERTIFICATE-----". Save the Chapter 4 I mplem ent ation file with an extension of .CER somewhere where it is easy to access. To install your Digital ID, Chapter 5 - Ser ver - Based Computing Data Center Architect ure follow these instructions: Chapter 61. -Open Designing Your Netw or kManager for Ser verComInterface/Secure put ing Internet Services onBased the Web Gateway server. Chapter 7 - The Client Envir onment

the Default Web Site, and from the context menu select Properties. On Chapter 82. -Right-mouse-click Security Chapter 9

Security ttab, select Server Certificate. -the NetDirectory w or k Managemen

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

3. Complete the certificate request wizard with the following steps:

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

pending request the certificate. a.verProcess Chapter 11 - Ser Configurthe ation: Windows Ter mand inal install Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

b. Enter the path and filename by browsing to the .CER file you saved earlier.

Chapter 13 - Application I nstallation and Configur at ion

Chapter 14 - Client Configur ation and Deploym ent and verify that the information contained in the c. Check the certificate summary Chapter 15 - Pr ofiles, Policies,file and Pr ocedu the res original request. response matches Chapter 16 - Securing Client Access

d.wor Complete wizard by clicking Finish. Chapter 17 - Net k Configurthe at ion Chapter 18 - Pr int in g

The Web Interface/Secure Gateway server is now ready to continue the installation and configuration

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment of the MetaFrame Secure Gateway. Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting

OptionalEnvir Installation of Internal STA onment

Chapter 21 -

Pa r t I V - Appendi x es

For maximum security, a server certificate can be installed on the STA to encrypt the traffic from the DMZ to the internal STA server using SSL encryption. An Internet-based certificate can be used, as Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model described in the previous section, or a certificate can be obtained from your company's internal CA. Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model For more information on configuring a nonpublic CA, such as Microsoft Certificate Services, please I ndex refer to that system's technical documentation. Appendix A - I nter netw or k ing Basics

List of Figur es List of Tables

Installing MetaFrame Web Interface

List of Case Studies List of Sidebars

Although Web Interface can be installed as part of the MetaFrame XP installation, in order to take advantage of its security features for external users, we recommend installing it on a stand-alone machine in a DMZ separate from the internal domain. For LAN-based Web Interface deployments supporting Program Neighborhood Agent Clients, the Web Interface server should be installed in the LAN. If both external and internal users will be supported (which is very common), two Web Interface servers should be used—one internal and one in the DMZ.

Upgrading from Previous Versions

You can upgrade from NFuse 1.51, 1.6, or 1.7 to Web Interface using the Components CD-ROM or the Web Interface files downloaded from the Citrix web site. If you are upgrading from NFuse 1.51 (or Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver a newer version),2settings in the NFuse.properties file are migrated to the nfuse.conf file. This means 00 3 : Th e O ff icial Guid e that existing settings are automatically migrated to the latest version of Web Interface. If you are ISBN:0072195665 by Steve Kaplan et al. upgrading from a version prior to NFuse 1.51, you must first remove the old version before installation. McGr aw -Hill © 2003 (724 pages)

This guide exaplains how to build aof r obust, reliable, operating and We recommend performing complete reinstall the Windows system and Web Interface thin- client com puting envir onment and deploy rather than doingscalable an upgrade from a previous version of NFuse.

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e When Web Interface is installed, filesmor aree.installed in two main locations: the software directory and the on the desktop, and

web server's document root.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaWeb ble o f Interface Con t en t s Installation File Locations Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Onewor thedWindows platform, the installation directory is located in C:\Program Files\ Citrix\NFuse. Web For Interface I ntr oductionsoftware and configuration components are stored in the installation directory, including Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

nfuse.properties file

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Web Interface Java objects (.jar files)

Chapter 2

- Window s Ter minal Ser vices

Chapter 3 - Citrfile ix MetaFr am e Access Suite nfuse.conf Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

ICA templates (.icaYour files) Pr epar ing Or ganization for an On- Dem and Enterpr ise -

Chapter 4

I mplem ent ation Note Windows platforms, theData nfuse.conf is stored Chapter 5 On - Ser ver - Based Computing Center file Architect ure in C:\Program Files\Citrix\NFuse\conf. Chapter 6 Chapter 7

The Web Interface files in this location are global. Therefore, if you make changes to - Designing Your Netw or k for Ser ver- Based Com put ing nfuse.conf, these settings are applied to all web pages served by this Web Interface server. - The Client Envir onment

Chapter 8 server's - Security The web document root location depends upon where you installed your web server. On Chapter 9 this - Net or k Managemen Windows, is wtypically installedt in the C:\Inetpub\wwwroot directory. The Web Interface presentation Pa r t I Ilayout I - I m ple m ent ing a nare O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt and components stored in this location.

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter Required 11 - Ser Information ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

When Web is installed separately fromat MetaFrame XP using the Components CD-ROM or Chapter 13 - Interface Application I nstallation and Configur ion web download files, the installer is prompted for information during the installation that includes

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Chapter MetaFrame 16 - Securing server Client identity Access You must identify one or more MetaFrame servers in the farm that

will17act- as contact points between the server farm and the Web Interface server. You can specify Chapter Net wor k Configur at ion MetaFrame names, IP addresses, or FQDNs. You can specify the name of any server in Chapter 18 - Pr intserver in g the19farm. We highly recommend using the FQDN in forthe ease ofEnvir deployment Chapter - Disaster Recovery and Business Continuity SBC onment and management. Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting TCP/IP Chapter 21 - port You must specify the TCP/IP port on which the specified servers are running the Citrix Envir onment

XML Service. If you do not know this port number, you can determine it by checking a MetaFrame server's port information. For more information about how to do this, see the next section, "Viewing Appendix - I nter or k ing Basics the A Citrix XMLnetw Service Port Assignment." In the CME deployment, we have chosen port 8081 for Appendix B Creating an OnDem and MetaFrame Enterpr ise Financial the XML service running on the servers.Analysis Model Pa r t I V - Appendi x es

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

ICA Clients You will be prompted for the Components CD-ROM or CD image. Setup copies the contents of the CD's ICAWEB directory to a directory called /Citrix/ICAWEB that it creates off the List of Tables web server's document root. All web sites created by the installation process assume that the web List of Case Studies server contains the ICA Client files in this directory structure. If you do not want to copy the ICA List of Sidebars Clients to the web server during Web Interface installation, you can copy them to the server later. Make sure you create the required directory structure. For example, in a typical English installation, it would be webroot>/Citrix/ICAWEB/en/. List of Figur es

Viewing the Citrix XML Service Port Assignment The Citrix XML Service is the communication link between the MetaFrame server farm and the server running Web Interface. Since IIS shares default port 80, and it is a well-known port for hackers, an

alternative port such as 8081 is recommended for the Citrix XML Service. This should have been selected during the install of MetaFrame on the first server in the farm. See Figure 16-3 for a screen shot of the configuration page for XML port. Cit rix Me t aFra m the e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Figure 16-3: MetaFrame Management Console's XML port identification tab

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Note To view the Citrix XML Service port assignment, open the Management Console for Chapter 5 MetaFrame - Ser ver - Based Data Center Architect ure XP. Computing In the left pane, right-click the server and select Properties. In the Properties Chapter 6 dialog - Designing Your Netw or k for Ser verBased tab Comtoput ing the port assignment. If necessary, you box, select the MetaFrame Settings view Chapter 7 can - The Client the Envir onment change port used on the MetaFrame XP server. See Chapter 12 for more details. Chapter 8 - Security Chapter Step-by-Step 9 - Net w or Installation k Managemen tof

MetaFrame Web Interface

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

These steps provide a detailedand installation for Web Chapter 10 - Pr oj ect Managing Deployingguide an Enter pr ise Interface: SBC Envir onment Chapter 1. Log 11 -inSer ation: Windows Ter m inal Serv ices as ver an Configur administrator. Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

2. If you are installing the Web Interface from the Components CD-ROM, insert the CD-ROM in your web server's CD drive. The Citrix MetaFrame XP Components dialog box appears. Select Chapter 14 - Client Configur ation and Deploym ent the Web Interface option. If you downloaded Web Interface from a download site, copy the file Chapter 15 - Pr ofiles, Policies, and Pr ocedu res NFuseClassic20-IIS.msi to your web server. Double-click the file. Chapter 13 - Application I nstallation and Configur at ion

Chapter 16 - Securing Client Access

Chapter 17 -Installation Net wor k Configur ion 3. The Wizardatguides you through the installation process. Chapter 18 - Pr int in g

4. On Welcome to Web Interface For MetaFrame XPSBC Installation Wizard screen, click Next. Chapter 19 the - Disaster Recovery and Business Continuity in the Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

5. Read and accept the license agreement and click Next.

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir 6. Click OK toonment restart IIS.

Pa r t I V - Appendi x es

Appendix 7. Click A - Next I nter netw to accept or k ingthe Basics default location for the Web Interface files. By default, Setup will install

intoOntheDem C:\Program Files\Citrix\NFuse directory. AppendixWeb B - Interface Creating an and Enterpr ise Financial Analysis Model Make note of this directory as it directoryan where the and NFuse.txt nfuse iption .conf files reside. AppendixisCthe - Creating On- Dem Enterprand ise Subscr Billing Model These will be discussed in I ndex

more detail later in this chapter.

List of Figur es

8. On the Connecting To A Citrix Server screen enter the FQDN or IP address of a Citrix server in your farm that will provide Web Interface with published application information. This will include List of Case Studies the TCP port on which that server is running the Citrix XML service. (For CME Corp this will be List of Sidebars 8081.) Additional servers can be added for redundancy at a later point. List of Tables

9. If the port is changed from the default port of 80, a warning dialog box will appear. Click Accept to continue. 10. The next screen asks if you would like to install the ICA Clients from the Components CD to the ICAWEB directory for use in the Web Interface portal. This is highly recommended, as this is the ICA Client that will be downloaded to the users prior to starting the ICA session. This

location will be the directory where all future ICA Client updates are installed. Accept the defaults and click Next. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

Caution Although there is an ICAWEB directory on the MetaFrame XP Presentation Server 2 00 3 : Th e O ff icial Guid e CD, installing the clients from this CD-ROM or sources other than the components ISBN:0072195665 by Steve Kaplan et al. CD will not create the proper directory structure under the Web Interface root web. McGr aw -Hill © 2003 (724 pages) This will cause a failure when the user attempts to install the auto-detected client This guide ex plains how to build a r obust, reliable, and due to incorrect path configurations. scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

11. Click Nextlearn on the To application Install screen to continue with the t o Ready centr alize managem ent, r educe softinstallation. w ar e on the desktop, and mor e.

12. After installation is successful, click Finish. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble Con tthe en tinstaller s 13.o f Exit screen. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

14. dTest the Web Interface installation by opening a web browser and in the address box type For ewor

http://localhost/citrix/metaframexp. Enter a username, password and domain and verify that you are able to launch a published application. Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oduction Pa r t I -

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

EnterprWeb ise Configuring Interface Through the Web Administration Tool

Chapter 2

- Window s Ter minal Ser vices Citrix introduced new, easy-to-use Chapter 3 - Citr ixa MetaFr am e Access GUI Suiteadministration tool to configure the MetaFrame servers,

authentication settings, Pa r t I I - De signi ng a n Entserver-side e rpr i se SBC firewall Solut ionsettings,

client-side firewall settings, ICA Client deployment settings, and Pr ICA customization. The Web Web tool is a GUI interface for epar ing Your Or ganization forInterface an On- Dem andAdministration Enterpr ise Chapter 4 making changes to the nfuse.conf file located in C:\Program Files\Citrix\NFuse\conf folder. After I mplem ent ation making5changes using theComputing Web Administration tool, simplyure save and apply them so the new Chapter - Ser ver - Based Data Center Architect configuration takes effect. Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing Chapter 7

- The Client Envir onment

The Web Administration tool can only configure Windows 2000 or 2003 servers running Internet - Security Information Server, and requires Internet Explorer version 5.0 or later. The configuration of Web Chapter 9 - Net w or k Managemen t Interface using the Web Administration tool will be broken into four sections: Chapter 8

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

1. General Chapter 10 - Pr ojSettings ect Managing and Deploying an Enter pr ise SBC Envir onment Configuring User Authentication Chapter 11 a. - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

2. Server Settings

Chapter 13 - Application I nstallation and Configur at ion

Configuring Farmsent Chapter 14 a. - Client ConfigurMetaFrame ation and Deploym Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

b. Configuring MetaFrame Servers

Chapter 16 - Securing Client Access

Chapter 17 c. - Net wor k Configur ion Configuring the at Server-Side Firewall Chapter 18 - Pr int in g

3. Client SettingsRecovery and Business Continuity in the SBC Envir onment Chapter 19 - Disaster Configuring the Client-Side Firewall Chapter 20 a. - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 b. - Controlling ICA Client Deployment Envir onment Pa r t I V - Appendi x es

c. Controlling ICA Customization

Appendix A - I nter netw or k ing Basics

Appendix B - to Creating an OnEnterpr iseInterface Financialweb Analysis 4. How customize theDem textand on the Web site Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex5. Introduction to Web Interface Extension Mode List of Figur es

General List of TablesSettings List of Case Studies

The general settings page and its configuration options provide the interface for general administration of the Web Interface site. The next section details these options and the recommended settings. To begin configuration, open a browser and enter the URL http://localhost/citrix/metaframexp/wiadmin.Figure 16-4 shows the Web Interface configuration page.

List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction

configuration page Pa r t I Figure - Ov er vi16-4: e w ofThe EnteWeb r pr iseInterface Se r ve r - Ba se d Com put in g I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 - User Authentication In the Authentication section, you can configure the ways in which Configuring Enterpr ise

users can tominal Web Ser Interface Chapter 2 authenticate - Window s Ter vices and, subsequently, to your MetaFrame XP server farm.

Authentication to Web Interface takes place when a user accesses Web Interface using the Login - Citr ix MetaFr am e Access Suite dialog box. If authentication is successful, Web Interface returns the user's application set. Explicit authentication, guest logins, desktop credential passthrough (single sign-on), and smart card Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 authentication to Web can all be configured. I mplem entInterface ation Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Methods for Authenticating to Web Interface In this section, we explore the methods Web Interface Designing Your Netw or k for Ser ver- Based Com put ing employs to-authenticate users.

Chapter 6 Chapter 7

- The Client Envir onment

Chapter Note 8 The - Security type of authentication you specify does not affect the method used for ICA Program

Agent Clients. To change the authentication method used by the Program Chapter 9 Neighborhood - Net w or k Managemen t Config.xml Pa r t I I I - I mNeighborhood ple m ent ing a nAgent O n-D eClients, m a nd Seedit r ve rthe - Ba se d Com pu tifile. ng Envi r onm e nt Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

The following are the authentication options:

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 -card Ser ver Citr ix MetaFr am e Presentation Ser ver Smart By Configur selectingation: this check box, users can authenticate to Web Interface by inserting a Chapter 13 Application I nstallation and Configur at ion smart card into a smart-card reader attached to the client device. The user is prompted for a PIN. Chapter 14 - Client Configur ation and Deploym ent

Desktop Passthrough Chapter 15 - PrCredential ofiles, Policies, and Pr oceduBy resselecting this check box, users can authenticate to Web Interface using theClient credentials Chapter 16 - Securing Access they provided when they logged in to their Windows desktop. Users do 17 not -need to reenter their credentials at the Web Interface Login page, and their application set Chapter Net wor k Configur at ion is automatically displayed. By combining Desktop Credential Passthrough with Passthrough authentication, users are provided with single sign-on. Passthrough authentication is a feature Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment provided by the Win32 ICA Client. Chapter 18 - Pr int in g

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Ongoing ation of the Ser v er - Based Comisputing If theAdministr Passthrough authentication feature enabled on the Win32 ICA Client, an Chapter 21Caution Envir onment

attacker can send the user an ICA file that causes the user's credentials to be misrouted to an unauthorized or counterfeit MetaFrame server. Thus, we do not Appendix A - I nter recommend netw or k ing Basics enabling this feature. Pa r t I V - Appendi x es

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Guest Selecting box will guest users access Appendix C -login Creating an On-this Demcheck and Enterpr isegive Subscr iption Billing Modelthrough Web Interface (without I ndex requesting a username and password) to any applications published for anonymous use on the

server(s). List ofMetaFrame Figur es List of Tables

Explicit authentication Selecting this check box requires users to supply a username and password to log in to Web Interface. You can configure User Principal Names (UPN) List of Sidebars ([email protected] , for example), Microsoft domain-based authentication, Novell Directory Service (NDS), and RSA SecurID authentication. List of Case Studies

To configure explicit login to Web Interface: 1. Click Authentication in the left menu. 2. Select Explicitly Login. 3.

3. Select one of the following authentication methods: Cit rixauthentication Me t aFra m e Access Su it e fo r W in doUser w s Ser ver Use UPN This option specifies Principle Name (UPN) authentication. 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al.

ISBN:0072195665

Use NT authentication This option allows the specification of Microsoft domain-based McGr aw -Hill © 2003 (724 pages) authentication. To force users logainr obust, to a specific enter a domain in the Login This guide ex plains how to to build reliable,domain, and domain field and scalable thin- click client Add. com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e Use NDS This on theauthentication desktop, and mor e. option allows the specification of Novell Directory Service

(NDS) authentication.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am Use e Access RSA SecurID Suite for This Window option s Serallows v er 2003—The the specification Official Guide of an RSA SecurID authentication For ewor d

database for token support.

I ntr oduction

4. Under Allow User to Change Password, select Yes, On Expiry, or No. Choosing On Expiry will allow a user to change their login password only when the password has expired. When a I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter password 1 expires, a web page is displayed in which users can enter a new password. The Enterpr ise expiration time is set in the system. On Expiry support was introduced with MetaFrame Chapter 2 - Window s Ter minal Ser operating vices XP Feature Release 2. Chapter 3 - Citr ix MetaFr am e Access Suite Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Password Change Considerations If there are differences between your MetaFrame farms, there

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise are additional Chapter 4 - issues that should be considered before giving users the option to change their I mplem ent ation

password. For example, password changing is only supported by Citrix MetaFrame XP with Feature - Ser ver - Based Computing Data Center Architect ure Release 2, thus the password change request must be directed to a farm containing this version of Chapter 6 Designing Your Netw or k for Ser ver- Based Com put ing MetaFrame- XP. Chapter 5 Chapter 7

- The Client Envir onment

Chapter Caution 8 - Security If multiple MetaFrame XP farms utilizing different authentication domains will be Chapter 9

supported, a password change will only affect the domain to which it is issued, potentially - Net w or k Managemen t

in the Pa r t I I I - I m pleleading m ent ingtoainconsistency n O n-D e m a nd Se r ve rfarms - Ba se dthat Comcan pu tibe ng accessed Envi r onm eby nt

the associated user (as the

same must be validan across allise farms). Citrix recommends that end-user Chapter 10 - Pr oj ect credentials Managing and Deploying Enter pr SBC Envir onment password changing disabled situations. Chapter 11 - Ser ver Configur ation: be Windows Terin m these inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

To configure authentication to MetaFrame XP:

Chapter 13 - Application I nstallation and Configur at ion

in theand leftDeploym menu. ent 1. Click Chapter 14 - Authentication Client Configur ation Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

2. To enable Passthrough authentication, select either Auto, Yes, or No under Enable ICA Client

Chapter Passthrough 16 - SecuringAuthentication. Client Access Auto will provide the greatest amount of compatibility with other Chapter Web 17 - Interface Net wor k Configur at ion and MetaFrame settings. If the user logs in to the Web Interface using desktop Chapter credential 18 - Pr int in g Passthrough authentication, the Web Interface attempts to authenticate to Chapter MetaFrame 19 - Disaster and Businessauthentication Continuity in the onmentpasses the captured XPRecovery using Passthrough andSBC the Envir ICA Client Chapter credentials 20 - Migr ation to MetaFrame Window s 2003 and Citr ix MetaFrame to the server. If the user logs inXPto the Web Interface using a smart card, the ICA Ongoing Client Administr does not ation pass of the the captured Ser v er - Based PIN toCom the puting MetaFrame server and the user is Chapter 21 Envirfor onment prompted their PIN. Pa r t I V - Appendi x es

3. To smart authentication, select either Auto, Yes, or No. Choose No unless Smart Appendix A enable - I nter netw or kcard ing Basics AppendixCard B - support Creating isanrequired. On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Note After all the configurations have been made, click Save. The Overview page appears. Click the Apply Changes link. When the Apply Changes page appears click the Apply Changes List of Figur es button. Until you click this button, the configuration changes you made will not be written to List of Tables the nfuse.conf file. If you exit the Administration Tool before applying the changes, all List of Case configurations Studies will be lost. I ndex

List of Sidebars

Server Settings This section of the Web Interface Administration page provides the hooks into the MetaFrame server farm infrastructure. It is linked from the main Web Interface admin page. Configuring MetaFrame Farms You can configure one or more MetaFrame farms within the same administrative domain to communicate with Web Interface. Applications from multiple MetaFrame

farms are displayed in the same way as a single farm; folders are displayed first, followed by application icons. Consequently, applications with the same name from multiple farms will appear in a random position in application set.SuWe you application names are Citthe rix user's Me t aFra m e Access it e recommend fo r W in do w s Serensure ver unique across the2 00 farms bye publishing applications in folders with different names. 3 : Th O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

To create and manage the MetaFrame farms to be accessed by Web Interface, perform the following: 1. Click Manage inplains the left menu. This Farms guide ex how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy

2. Enter a name for the MetaFrame the Windows 2000/ Windows farm 2003 in Ser v erfarm and name MetaFrfield. am e. Also learn t o centr alize application managem ent, r educe soft w ar e

3. Click Add.on The thefarm desktop, nameand appears mor e. in the Citrix MetaFrame Farms list. < ?xm l4.version= 1.0" encoding= " I SO8859?> If you "specify more than one farm1"name, highlight a name in the list and click the up and down Ta ble o f Con t en t s

buttons to place these in the appropriate order. To remove a farm name, highlight it in the Citrix

Citr ix MetaFr am e Access Suite Window Ser v er 2003—The Official Guide MetaFrame Farms listforand click sRemove. For ewor d

Note The Web Interface acquires application data from all farms before displaying applications; I ntr oduction is rcontacted inr -the order that Pa r t I - Ov ereach vi e w farm of Ente pr ise Se r ve Ba se d Com putitinappears g Chapter 1

in the configuration file. As a result, a farm thatI ntr is oducing slow to respond will impact overall Ser ver -Based Com puting andresponsiveness th e On- Dem andwhen obtaining application sets. -

Enterpr ise Configuring MetaFrame Servers for Use by Web Interface Use the Citrix MetaFrame Servers page Chapter 2 - Window s Ter minal Ser vices

to specify names of one more Suite MetaFrame servers running the Citrix XML Service. Server Chapter 3 the - Citr ix MetaFr am eorAccess

settings are configured for each individual MetaFrame farm. To view and configure farm settings, select a farmPrfrom the Selected Farm drop-down list, and click the appropriate Server Settings links. epar ing Your Or ganization for an On- Dem and Enterpr ise

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 4

-

I mplem ent ation

You can specify

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing MetaFrame running Chapter 7 - The servers Client Envir onmentthe XML Service The address of one or more MetaFrame servers

running Citrix XML Service. Chapter 8 - the Security Chapter 9

- Net w or k Managemen t

Pa r t I Fault I I - I mtolerance ple m ent ingThis an O n-D e menables a nd Se r ve r - Ba se d Com pu ti ng Envi r onm erunning nt option fault tolerance among servers

the Citrix XML Service.

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Load balancing between servers This option enables load balancing between servers running the Citrix XML Service.

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

XML port This isand the Pr TCP/IP port used by the Citrix XML Service on the MetaFrame Chapter 15 service - Pr ofiles, Policies, ocedu res servers the Server Chapter 16 - specified Securing in Client Access addresses list. Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g This is the protocol used to transport data between the server running Web Transport type Chapter 19 Disaster and server. Business Continuity in the SBC Envir onment Interface and theRecovery MetaFrame Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Specifying MetaFrame Servers Running the Ongoing Administr ation of the Ser v erCitrix - BasedXML ComService puting Specify the MetaFrame servers running the Citrix service in the server list box by entering the server name or IP address. By EnvirXML onment adding from the same farm, Web Interface will detect when an error occurs while Pa r t I V - multiple Appendi xservers es communicating with a or server, and cause all further communication to be transferred to the next server Appendix A - I nter netw k ing Basics in the list. failed server bypassed for aisespecific time periodModel (by default, 60 minutes), and the Appendix B The - Creating an On-is Dem and Enterpr Financial Analysis bypass time can the Bypass Anyiption Failed Server For field in the Citrix MetaFrame Appendix C - period Creating an be On-specified Dem and in Enterpr ise Subscr Billing Model Servers page. If all servers in the list fail to respond, Web Interface will retry the servers every ten I ndex seconds. List of Figur es Chapter 21 -

List ofNote Tables If you are using a secure connection between the web server and the MetaFrame server (in List of Case other Studies words, you set the Transport type to SSL Relay or HTTPS), ensure the server name List of Sidebars you specify matches the name on the server's certificate.

Configuring Load Balancing You can enable load balancing between servers running the Citrix XML Service by selecting the Load Balancing check box. Enabling load balancing evenly distributes all incoming session requests among the servers listed in the server address box. Configuring the TCP/IP Port for XML Communication To configure the MetaFrame XP farm's TCP/IP listener Port for XML Communication, enter the port number in the XML service port field. All

MetaFrame servers in the farm must have the Citrix XML Service configured on the same port. For CME Corp, we used port 8081. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

Configuring the 2Transport Protocol To configure the transport protocol, select HTTP, HTTPS, or 00 3 : Th e O ff icial Guid e SSL Relay. If SSL Relay will be used, specify the TCP port of the SSL Relay in the SSL server port ISBN:0072195665 by Steve Kaplan et al. field. Integration with Secure Gateway eliminates the need to use anything other than the default HTTP McGr aw -Hill © 2003 (724 pages) transport type. This guide ex plains how to build a r obust, reliable, and

thin- client com puting envir onment and deploy REMEMBER:scalable After all the configurations have been made, perform the Save | Apply Changes | Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also Apply Changes to commit theent, changes the nfuse.conf file. learn t o centr alize routine application managem r educe to soft w ar e on the desktop, and mor e.

Configuring Server-Side Firewall In the Server-Side Firewall section of the Web Interface < ?xm l version= " 1.0" encoding= " I SO8859- 1" ?> Administration console, you can configure Web Interface to include the firewall IP address in the .ICA Tafiles. ble oDepending f Con t en t s upon how you have configured your firewall and your MetaFrame servers, you can Citr ix the MetaFr am e Access Suite for Window s Serto v erconfigure 2003—The Official Guide The following types of use Server-Side Firewall Settings page Web Interface. For ewor d addressing are supported within Web Interface: I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Normal addressing The IP address given to the client is the actual address of the MetaFrame

Chapter 1 server. Chapter 2

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

- Window s Ter minal Ser vices

Chapter 3 - Citr ix MetaFr am e AccessSome Suite firewalls use IP address translation to convert private Network address translation Pa r t I (internal) I - De signiIP ngaddresses a n Ent e rprinto i se SBC Solut ion public (external)

IP addresses. If you are using a firewall with network

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise address Chapter 4 - translation enabled and you have configured your MetaFrame server(s) for this feature, ent ationthe Web Interface to supply the appropriate IP address, depending upon you needI mplem to configure Chapter 5 - Ser ver - Based Computing Data Architect ure whether clients connect from inside orCenter outside the firewall. Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Port address translation You can define mappings from internal MetaFrame IP addresses to - Security external IP addresses and ports. Using this feature, you can route traffic to internal MetaFrame Chapter 9 - Net w or k Managemen t servers through a single external IP address. Chapter 8

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 Server-Side - Pr oj ect Managing Deploying anthe Enter pr ise SBC From the Firewalland Settings page, sections thatEnvir can onment be configured by the administrator Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices are Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Default translation setting Chapter 13 - address Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Specific address translation settings

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter MetaFrame 16 - Securing serverClient address Access translation map (for all clients using translated address) Chapter 17 - Net wor k Configur at ion

Secure Gateway for MetaFrame (for all clients using Secure Gateway)

Chapter 18 - Pr int in g

Chapter - Disaster Recovery Businessoptions, Continuity SBC onment To help19decipher these firewalland interaction we in willthe use ourEnvir case study CME again. CME's Chapter 20 Migr ation to Window s 2003 and Citr ix MetaFrame XP secure deployment places the Web Interface server in their DMZ. CME's network administrators have of theTranslation Ser v er - Based Comfrom puting chosen21 not- toOngoing supportAdministr Networkation Address (NAT) their internal network into the DMZ. Chapter Envir onment

This dramatically simplifies the deployment since the Citrix servers will communicate directly to the Web Interface server on their native LAN IP addresses. Additionally, since Secure Gateway will be Appendix A - isI nter netw ortok ing Basics used, there no need specify alternative addresses within the configurations of the MetaFrame XP Appendix B Creating an OnDem Enterpr Financial Model further discussion is the Secure servers. With a configuration likeand CME's, theise only settingAnalysis that requires Appendix C Creating an OnDem and Enterpr ise Subscr iption Billing Model Gateway for MetaFrame option. Detailed instructions for Secure Gateway configuration settings are I ndex covered later in this chapter in the "Step-by-Step Instructions for Installing and Configuring MetaFrame List of Figur es Secure Gateway" section. Pa r t I V - Appendi x es

List of Tables

Web Interface List of Case Studies

ICA Client Settings

List of Sidebars

The Client Settings portion of the Web Interface Administration page allows configuration of the ICA Client firewall settings, client proxy settings, client download settings, and ICA Client customization settings. Configuring Client-Side Firewall Settings on the Web Interface Server If a proxy server firewall is in place between the ICA client and the Web Interface server, you can specify whether clients must communicate with the MetaFrame server via the proxy server.

From the Client-Side Firewall Settings page, you can Cit rix Me t aFraSetting m e Access Su itdefault e fo r Wproxy in do wrules s Serfor verclients, or specify that proxy Configure Default Proxy Specify 2 00 3 : Th e O ff icial Guid e behavior is controlled by the ICA Client. ISBN:0072195665

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

Configure Individual Settings Configure exceptions the default behavior by associating This guide Proxy ex plains how to build a r obust, reliable, to and client addresses or partial addresses with envir a particular server address. scalable thin- client com puting onment proxy and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

Configuring Default learn Proxy t o centrSettings alize application If a proxy managem server is ent, used r educe at the softclient w ar e side of your Web Interface on the and mor e. for clients. Alternatively, you can specify that the proxy installation, you can set desktop, default proxy rules behavior is controlled by the "ICA < ?xm l version= " 1.0" encoding= I SO-Clients. 8859- 1"For ?> most installations, the default value of Auto (Client autodetects proxy settings) provides the greatest interoperability with the variety of networks that the Ta ble o f Con t en t s ICA Client runs behind, while requiring the least amount of Official client-side configuration. In our CME case Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Guide study, their Secure Gateway deployment utilizes this Auto setting to improve the ICA client deployment For ewor d choices while minimizing the need to have remote administrators make changes to their proxy server I ntr oduction or firewall settings. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g I ntr oducing Ser ver -Based Com puting and th e On- Dem and To configure Chapter 1 - the default proxy settings, click the Client-Side Firewall link. For most cases, keep the Enterpr ise

default Auto choice. The other choices are Client, None, and Use Explicit Mapping.

Chapter 2

- Window s Ter minal Ser vices

Chapter 3 - Citr ix MetaFrProxy am e Access Suiteon the Web Interface Server In the event that the default Configuring Individual Settings Pa r t I I setting - De signi ng not a n Ent e rpr i se SBC Solut ion Auto was chosen, the Client-Side

Firewall settings page provides a place to configure

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise exceptions Chapter 4 -to the default proxy server behavior. To do this, associate client addresses or partial I mplem ent ationproxy server address. addresses with a particular Chapter 5

- Ser ver - Based Computing Data Center Architect ure Note browsers Web Chapter 6 If- web Designing Yourconnect Netw or ktofor SerInterface ver- Basedthrough Com put a ingproxy server or firewall that hides the

IP address, the Client address prefixmust specify the client address, as Web Chapter 7 client's - The Client Envir onment sees it. If a web browser connects through a proxy, specify the external address of Chapter 8 Interface - Security proxy the Client address prefix. This does not apply to Program Neighborhood Agent Chapter 9 the - Net w or kinManagemen t users.

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Deploying ICA Clients with Web Interface As discussed in previous chapters, Web Interface is an

Chapter 11 tool - Ser Configurand ation: Windows the Ter m inalClient. Serv ices excellent forver deploying upgrading ICA In the ICA Client deployment page, the Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation ver following actions can be accomplished in order to configure andSer customize the deployment of ICA Chapter Clients:13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Automatically deploy the ICA Win32 Web Client Configure the Web Interface to automatically deploy the ICA Win32 Web Client installation file.

Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Specify how applications areBusiness launched and embedded whether applications are Chapter 19 - Disaster Recovery and Continuity in the SBCControl Envir onment launched from, or to embedded into, HTML pages. XP Chapter 20 - Migr ation Window s 2003 and Citrweb ix MetaFrame Chapter 21 Pa r t

Ongoing Administr ation of the Ser v er - Based Com puting

Envir onment Customize ICA Java Client deployment Specify the components included in the ICA Java Client I V - Appendi x es deployment, or allow users to select the components that they require.

Appendix A - I nter netw or k ing Basics Appendix The ICABClient - Creating Deployment an On- Dem pageand of the Enterpr Web iseInterface FinancialAdministration Analysis Model tool provides for easy

deployment installation of the appropriate Clients client devices. Web Interface detects the Appendix C - and Creating an On- Dem and Enterpr ise ICA Subscr iptionon Billing Model user's client operating system and web browser type, then displays a link to download the appropriate I ndex ICAofClient installation file. Chapter 14 identifies the differences in ICA Clients and discusses how to List Figur es choose which one to use. See Table 14-1 for more information. List of Tables List of Case Studies

Note To use ICA Client installation, the server running the Web Interface must contain the appropriate ICA Client installation files. Administrators should periodically (monthly) check for updates on Citrix's web site and update the Web Interface ICA Client directory (the default English directory is in %webroot%/Citrix/ICAWEB/en/).

List of Sidebars

To configure ICA Client installation, click ICA Client Deployment in the left menu. Under Client Download Setting, select either Auto, Yes, or No. The default setting is Auto, which is appropriate for most environments, as it will present to the user (via the Web Interface message center) a link to install the appropriate version of the ICA Client, based on the client operating system. If Yes is chosen, the

user will always be presented with the option to install the ICA Client, which can be confusing to end users. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

Also available in the Client download setting dialog box is a check box labeled Enable Automatic 2 00 3 : Th e O ff icial Guid e Download Of ICA Win32 Web Client. The advantage to enabling this feature is that, if Web Interface ISBN:0072195665 by Steve Kaplan et al. detects an older version of the ICA Web Client, it will allow the client to be upgraded to the latest McGr aw -Hill © 2003 (724 pages) installed version on the Web Interface server. This guide ex plains how to build a r obust, reliable, and

thin- client com puting envir onment and deploy Note To use scalable the automatic download feature on Windows 2000 Professional clients or other Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also locked-down workstations, users must have administrative learn t o centr alize application managem ent, r educe softrights w ar e on the client device, or the ActiveXon control must beand registered in Active Directory. See Chapter 15 for more details. the desktop, mor e. < ?xm l version=How " 1.0"Applications encoding= " I SO88591" ?> Specifying Are Launched and Embedded Web Interface allows administrators to Taconfigure ble o f Conhow t en tICA s published applications are launched from a web browser. The applications can Citr ix MetaFr am e Access Window swindow Ser v er or 2003—The Official Guide either be launched as aSuite newfor seamless embedded in the body of the web browser. The For ewor dbehavior of Web Interface is to launch a new ICA seamless session window. The advantage of default I ntr thisoduction behavior is that it will support multiple simultaneous ICA applications running on a user's desktop. Pa I - Ovinstances, er vi e w of Ente pr isebrowser Se r ve r - Ba se dbe Com in g Inr tsome the rweb may tooput locked

down to support launching a new window

I ntr oducing ver -Based Com puting th e On- Dem and (Internet in kioskSer mode, for example), orand an administrator may prefer to embed an application Chapter 1 Explorer Enterpr to provide users the ise perception of a "webified" application. In both of these scenarios, the embedded Chapter - Window s Ter minal Ser vices choice 2is appropriate. Chapter 3 - Citr ix MetaFr am e Access Suite

The of whether launched Pa r t I Ichoice - De signi ng a n Entapplications e rpr i se SBC are Solut ion

from or embedded into HTML pages is configured using the ICAPrClient Deployment page. for an On- Dem and Enterpr ise epar ing Your Or ganization Chapter 4 -

I mplem ent ation To specify how are launched embedded, click on the ICA Client deployment link in Chapter 5 - Serapplications ver - Based Computing Data and Center Architect ure

the left menu. Under Embedded applications, select one of the following: - Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 6

Chapter - The Client Envir onment No7 Choosing this option launches applications in a separate window on the local desktop. An ICA Chapter 8 must - Security Client be installed on the client device. If an ICA Client is not present, you can deploy ICA Chapter 9 - on Netyour w or kusers' Managemen t using web-based ICA Client installation. Clients devices Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Yes embeds applications into Specify ICA Client that will be used to Chapter 10This - Proption oj ect Managing and Deploying an web Enterpages. pr ise SBC Envirthe onment launch Chapter 11 - the Serembedded ver Configurapplication. ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 Auto - Application I nstallation and Configur ion user's client device and web browser and deploys This option automatically detectsatthe Chapter 14 the - Client Configur ation and Deploym ent appropriate ICA Client. If a Windows platform is detected, the ICA Win32 Web Client or Chapter 15 Netscape - Pr ofiles,plug-in Policies, Pr ocedu res is and deployed, depending on the user's web browser. The Web Interface the Java Chapter 16 deploys - Securing ClientClient Accessif it detects that the user is not on a Windows platform, or if it is

to detect theatuser's Chapter 17 unable - Net wor k Configur ion client device and web browser. Chapter 18 - Pr int in g Chapter 19 Java - Disaster Business in the SBC of Envir ClientRecovery Selectionand of this optionContinuity forces deployment theonment ICA Java Client, regardless of Chapter 20 the - Migr ation to Window s 2003 and Citr ix MetaFrame XP user's platform. The ICA Java Client can be configured to be a small download, so this Ongoing Serbandwidth v er - Based connections Com puting or on devices with high levels of worksAdministr well for ation usersofonthe low Chapter 21 option Envir onment

security that limit the install of additional software.

Pa r t I V - Appendi x es

Appendix A decides - I nter netw or selection k ing Basics User This lets users decide how to launch their applications. When this option is Appendix B - Creating an choose On- Dem how and Enterpr ise Financialare Analysis Model enabled, users can their applications launched in their Settings page. If the check

box Clabeled By Default As Embedded Applications is selected, then Appendix - Creating an On-Launch Dem and Applications Enterpr ise Subscr iption Billing Model I ndex applications are embedded into web pages by default. There will be two options to specify the ICA

that will be used to launch the embedded application. List ofClient Figur es List of Tables

Auto This option automatically detects the user's client device and web browser and List of Case Studies List of Sidebars deploys the appropriate ICA Client.

Java Client Select this to force deployment of the ICA Java Client, regardless of the user's platform. Note If this check box is left unselected, applications will launch in a separate window on the local desktop by default.

If the Java ICA Client will be used, it can be configured in the Java Client Settings section of the ICA Client Deployment page of the Web Interface Administration site. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

The size of the ICA Java Client download is determined by the packages included in the download. 2 00 3 : Th e O ff icial Guid e The fewer packages selected, the smaller the download (the download can be as small as 300K). To ISBN:0072195665 by Steve Kaplan et al. limit the size of the download for users on low bandwidth connections, deploy only a minimum set of McGr aw -Hill © 2003 (724 pages) components. Alternatively, administrators can enable users to control which components are required. This guide ex plains how to build a r obust, reliable, and

thin- client com puting envir onment and deploy The following is ascalable descriptive list of the ICA Java Client packages, which can be loaded from the Java Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also Client Settings dialog box: learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= Audio This " 1.0" package encoding= enables " I SO- 8859applications 1" ?> running on the MetaFrame server to play sounds Ta ble o f Con t en s through a tsound device installed on the client computer. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

Clipboard This enables users to copy text and graphics between web server applications and applications running locally on the client device.

I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

-

Chapter 3

- Citr ix MetaFr am e Access Suite

Legacy Enterpr server ise support This package will allow users to connect to servers running MetaFrame XP2Server for Windows with earlier Chapter - Window s Ter minal Ser vices Feature Releases of MetaFrame XP and MetaFrame for UNIX. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Local text echo This option accelerates the display of the input text on the client device.

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

SSL/TLS Secures communication using Secure Sockets Chapter 5 - Ser ver - Based Computing Data Center Architect ure Layer (SSL) and TLS (Transport Layer Security). SSL/TLSYour provides server authentication, encryption of the data stream, and message Chapter 6 - Designing Netw or k for Ser ver- Based Com put ing integrity Chapter 7 - checks. The Client Envir onment Chapter 8

- Security

Chapter 9 - Net wSelecting or k Managemen t Encryption this package provides strong encryption to increase the privacy of ICA Pa r t I connections. I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Client drive mapping Enables users to access their local drives from within an ICA session. When a user connects to the MetaFrame server, their client drives are automatically mounted, Chapter 13 - Application I nstallation and Configur at ion such as floppy disks, network drives, and CD-ROM drives. Users can access their locally stored Chapter 14 - Client Configur ation and Deploym ent files, work with them during their ICA sessions, and save them again on a local drive or on a drive Chapter Pr ofiles, Policies, ocedu res on 15 the -MetaFrame server.and ToPrenable this setting, users must also configure client drive mapping in Chapter 16 Securing Client Access the ICA Java Client Settings dialog box. See the Citrix ICA Java Client Administrator's Guide for Chapter 17 information. - Net wor k Configur at ion more Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Printer mapping This selection enables users to print to their local or network printers from an ICA session.

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I Configuration V - Appendi x es

UI This enables the ICA Java Client Settings page. This web page can be used to

Appendix A - I nter k ingClient. Basics configure thenetw ICA or Java Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

In addition the preceding options, administrator may allow users to control which Java Appendix C -toCreating an On- package Dem and Enterpr isethe Subscr iption Billing Model Client packages are enabled. To enable this feature, select the Allow User To Choose Packages check box.

I ndex

List of Figur es

List of final Tables The selection in the Java Client Settings dialog box provides support for private Certificate List of Case Studies Authorities. If you have configured Secure Gateway or the Citrix SSL Relay service with a server List of Sidebars certificate obtained from a private CA (such as Microsoft Certificate Services), select Use Private

Certificate Authority. Enter the filename for the certificate in the Root Certificate File Name field. The certificate must be located in the same directory on the web server as the Java Client packages (such as /Citrix/ICAWEB/en/icajava on IIS). Note When enabling this option, Citrix recommends that you configure the web server to use SSL/TLS connections in order to encrypt the transfer of the root certificate with the Java Client.

REMEMBER: After all the configurations have been made, perform the Save | Apply Changes | Apply Changes routine to commit the changes to the Web Interface nfuse.conf file. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

00 3 : Th e O ff icial Guid e Controlling ICA 2Customization of the Web Interface Site The final section of the Web Interface ISBN:0072195665 by SteveCustomization, Kaplan et al. allows administrators to Administration tool, ICA control whether users can override the McGr aw -Hill © 2003 (724 pages) default published application settings for Window size, Window color, and Audio quality. This guide ex plains how to build a r obust, reliable, and scalable thinclient com puting envir onment deploy User-configured settings are stored as cookies on the clientand device. These settings are remembered Windowslaunched 2000/ Windows v er and from MetaFr am device. e. Also Depending on the operating for all future applications via the2003 WebSer Interface that learn t o centr alize application managem ent, r educe soft w ar e system and web browser used, these cookies may be specific to each user or all users will have the on the desktop, and mor e. same settings. Customized settings made by guest users (logged in using the Guest User option) are < ?xm version= 1.0"client encoding= " I SO88591" ?> are local to the user's machine and will not follow a user notl saved to "the device. These settings Tafrom ble oPC f Con en t s to tPC. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

REMEMBER: After all the configurations have been made, perform the Save | Apply Changes | For ewor d Apply Changes routine to commit the changes to the Web Interface nfuse.conf file.

I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Customizing the Text on the Com Web Interface Web I ntr oducing Ser ver -Based puting and th e OnDemSite and

Chapter 1

-

Enterpr ise Web Interface for MetaFrame be "branded" with custom text and graphics to customize the Chapter 2 - Window s Ter minal may Ser vices

default web- site. The following section describes how to make subtle changes that customize the site Citr ix MetaFr am e Access Suite to match your organization. Figure 16-5 shows an example of a custom Web Interface application list page.

Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Figure customation Weband Interface page Chapter 14 - 16-5: ClientAConfigur Deploym ent showing the contents of a Microsoft folder Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Customizing the Text on the Web Interface Default Web Site Customization of the text found on the Web Interface web pages is done through a single file, the nfuse.txt file located in the default Web Chapter 17 - Net wor k Configur at ion Interface directory (C:\program files\Citrix\NFuse\). Chapter 16 - Securing Client Access Chapter 18 - Pr int in g

Chapter - Disaster andWeb Business Continuity in the SBC Envir In order19to change theRecovery text on the Interface screens, change the onment text in the referenced sections Chapter 20 - Welcome, Migr ation to Window s 2003 Citr ix MetaFrame XP (LoginTitle, PleaseLogin, for and example). Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

After makingEnvir changes to the nfuse.txt file, restart the IIS services: onment

Pa r t 1. I V -Click Appendi x es Start | Run

and type iisreset. Click OK.

Appendix A - I nter netw or k ing Basics

2. Verify that all the have started. Appendix B - Creating an necessary On- Dem andservices Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

Caution Be careful when editing this file. For recovery purposes, make a copy of the Web Interface.txt file before editing.

List of Figur es

List of Tables Customizing the Graphics on the Web Interface Default Web Site Customizing graphics is more List of Casethan Studies complex customizing the text due to the nature of ASP pages. However, an administrator may

substitute their own custom graphics and edit the associated .inc files to point to the new graphic files. List of Sidebars The graphics files are located in the \Citrix\MetaFrameXP\site\media folder under the web root of the default Web Interface web site. Two commonly modified graphics files and their associated reference files are citrix.jpg This graphic is the Citrix logo found on the button on the right-hand side of the default web site. To change this logo, first place a copy of your company's logo in the aforementioned

directory. Then edit the messagecenter.inc file in the Citrix\MetaFrameXP\site\include directory and replace it with the name and location of your logo. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e nfusehead.gif This graphic is the Web Interface banner found over the login box and list of Steve Kaplan al. enumerated by applications. Toetchange this logo, first place aISBN:0072195665 copy of your company's logo in the McGr aw -Hill © 2003 (724 pages) aforementioned directory. Then edit the layout.inc file in the Citrix\MetaFrameXP\site\include guideit ex plains to and buildlocation a r obust,ofreliable, and directory andThis replace with the how name your logo. scalable thin- client com puting envir onment and deploy

Windows 2000/ Windows Serresolution-intensive v er and MetaFr am e. graphics, Also Caution Be careful when using large2003 files or as these images will learn t o centr alize application managem ent, r educe soft w ar e affect the load performance of the page. Make sure that the files are prepared for web on the desktop, and mor e. use. The recommended file types are .jpg or .gif. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaAbout ble o f Con t en t s Web Interface Extension Mode Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Web Interface Extension, which is only supported in the MetaFrame XPe version, gives users the ability For ewor d to oduction access published applications from multiple MetaFrame XPe server farms located in separate I ntr administrative Web Interface Extension Pa r t I - Ov er vi e wdomains. of Ente r pr ise Se r ve r - Ba se d Com putprovides in g

users unified access to these typically disparate published application sets. This called aggregation, greatly simplifies user access I ntr oducing Ser ver -Based Comprocess, puting and th e OnDem and Chapter 1 to applications in organizations with multiple server farms. Enterpr ise Chapter 2

- Window s Ter minal Ser vices

Note Enterprise Services for NFuse and NFuse Classic have been integrated into MetaFrame - Citr ix MetaFr am e Access Suite XPe. Enterprise Services for NFuse is now called Web Interface Extension for MetaFrame I I - De signi ng a n Ent e rpr i se SBC Solut ion XP.

Chapter 3 Pa r t

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Configuring Web Interface Extension Mode To use Web Interface Extension, configure the Web - Ser ver - Based Computing Data Center Architect ure Interface server to communicate with the MetaFrame XPe server running Web Interface Extension. Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing This is a global setting that causes Web Interface to communicate with a server running Web Interface Chapter 7 -rather The Client EnvirMetaFrame onment Extension, than with servers running the Citrix XML Service. Chapter 5

Chapter 8

- Security To configure Web Extension mode, click Mode in the left menu, and select the Enable The Chapter 9 - Net w orInterface k Managemen t

Web box. desktop credential Passthrough Pa r t I I IInterface - I m ple mExtension ent ing a n check O n-D e m a ndTo Se allow r ve r - Ba se d Com pu ti ng Envi r onm e nt

and smart card

authentication Web Interface and the Interface type a password in the Chapter 10 - Pr between oj ect Managing and Deploying an Web Enter pr ise SBC Extension, Envir onment Password Authenticating To The Web Interface Extension Chapter 11 For - Ser ver Configur ation: Windows Ter m inal Serv ices field. Web Interface Extension checks this password tover authenticate the server running Interface.Ser ver Chapter 12 - Ser Configur ation: Citr ix MetaFr amWeb e Presentation Chapter 13 - Application I nstallation and Configur at ion

Note In addition to these basic Web Interface steps, there are myriad other configuration considerations required to support Web Interface Extension mode. Please refer to the Web Chapter 15 Interface - Pr ofiles, Policies, and Pr ocedu res XP Administrator's Guide for complete details on Extension for MetaFrame Chapter 16 configuring - Securing Web ClientInterface Access Extension mode. Chapter 14 - Client Configur ation and Deploym ent

Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Step-by-Step Instructions for Installing STA

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter - MigrDLL ationthat to Window s 2003 Citrby ix MetaFrame XP STA is 20 an ISAPI is loaded and and called Internet Information Services (IIS) when a request for Ongoing Administr ation of the Ser v er Based Com puting a ticket21 is received from Web Interface. The primary purpose of the STA is to generate and validate Chapter Envir onment

tickets for access to MetaFrame published applications. The recommended deployment is on a dedicated server installed in the secure network alongside the MetaFrame XP server farm. Figure 16Appendix - I nterinnetw k ing Basics 1, shownA earlier thisorchapter, depicts CME's deployment of the STA. Pa r t I V - Appendi x es

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating Installing STA an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

To ofinstall perform the following tasks: List FigurSTA, es List of Make sure the server you are using for STA installation has IIS 5.0 or greater installed, 1.Tables List of Case configured, Studies and running. If this is a Windows 2003 Web Edition server, the IIS version will be

6.0. List of Sidebars 2. On the STA server, insert the Citrix MetaFrame XP Feature Release 3 Components CD-ROM. The Components menu will appear. 3. Click the Secure Gateway button. 4. Click Secure Ticket Authority to start the installation program. Follow the standard installation steps. During the installation folder selection screen, select an appropriate destination folder.

This folder must be the IIS scripts folder. By default, this will be C:\inetpub\scripts. If you have altered the default location for the scripts, browse to the correct location. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver O ff icial Guid e

Configuring STA 2 00 3 : Th e

ISBN:0072195665

by Steve Kaplan et al.

When installation of the software is complete, the STA Configuration tool is launched. The following McGr aw -Hill © 2003 (724 pages) information needs to be entered to configure STA: This guide ex plains how to build a r obust, reliable, and

1. Select Typical or Advanced recommendation is to select the Advanced scalable thin- client Configuration. com puting envirOur onment and deploy Windows 2000/ 2003 Ser v values er and MetaFr am for e. Also Install option to specify allWindows the configuration required STA operation. Click Next. learn t o centr alize application managem ent, r educe soft w ar e on the desktop, andfor mor e. 2. Specify configuration values STA. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

STA ID This is a unique identification string for the STA server. Enter a maximum of 16

Citr ix MetaFr am e Access Suitecharacters, for Windowuppercase s Ser v er 2003—The Officialpunctuation, Guide alphanumeric only. Spaces, and special characters For ewor d are not allowed. I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Ticket Timeout Specifies the lifetime (in milliseconds) of a ticket issued by the STA. A

Chapter 1

I ntr oducing Ser ver -Based Com puting and th e On- Dem and - value of 0 means that the ticket will never expire. The default value for Ticket Timeout is Enterpr ise

Chapter 2

- 100000 Window sms Ter(100 minalseconds). Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n EntTickets e rpr i se SBC ionspecifies Maximum ThisSolut option

Chapter 4

the maximum number of valid tickets that an STA

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise - can be issued at any given point in time. The default value for Maximum Tickets is 100000. I mplem ent ation

Chapter 3. To 5 use - Ser the vernew - Based configuration Computing settings, Data Center the Architect World Wide ure Web Publishing Service must be

If you Your prefer to restart service manually, clear the Restart The Service check box. Chapter restarted. 6 - Designing Netw or k for the Ser verBased Com put ing Chapter 7

- The Client Envir onment

Chapter 8

- Security

4. Click Finish to exit the configuration utility.

Chapter 9

- Net w or k Managemen t Changing STA's Configuration Settings

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 -the Pr oj ect Managingsettings and Deploying Enter pr iseinstall SBC Envir onment To change configuration enteredanduring the process, run the STA Configuration tool. Chapter 11 Ser ver Configur ation: Windows Ter m inal Serv ices To run the configuration utility: Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

1. Click Start | Programs | Citrix | Secure Gateway | Secure Ticket Authority Configuration.

Chapter 13 - Application I nstallation and Configur at ion Chapter 2. Make 14 - Client the necessary Configur ation changes and Deploym and clickentFinish to exit the utility. Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Note Restart the World Wide Web Publishing Service to allow configuration changes to take effect.

Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Step-by-Step Instructions for Installing and Configuring MetaFrame Secure Gateway

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Enviracts onment Secure Gateway as an SSL gateway for ICA network traffic that services requests between the Pa r t I V Appendi x es ICA Client and the MetaFrame XP Server using a Windows service that must run on a Windows 2000 Appendix - I nter netw k ing Basics or 2003 Aserver. For ourorcase study, CME Corp, we are using a single DMZ deployment. The Secure Appendix - Creating an On- Dem and Enterpr isebe Financial Analysis GatewayB and Web Interface components will installed on the Model same machine. The following stepAppendix by-step instructions C - Creatingshow an Onhow Dem toand implement Enterpr ise thisSubscr configuration. iption Billing Model I ndex

Installing List of Figur es

MetaFrame Secure Gateway

List of Tables

Log in as an administrator to the Web Interface/Secure Gateway server (installed in the DMZ) and perform the following tasks:

List of Case Studies List of Sidebars

1. Insert the Citrix components CD-ROM or download the image file and select the Secure Gateway Service option. 2. For the Installation mode, select Secure Gateway Service and for the Deployment scenario choose MetaFrame XP Server Only, then proceed to the installation. 3. Install the Secure Gateway Service, Management Console, and Diagnostic tools. The default selected items are appropriate for a standard secure deployment.

Configuring the MetaFrame Secure Gateway Citthe rix Secure Me t aFraGateway m e Access Su it eisfo r W in do wthe s Ser ver Gateway Service After installation of Service complete, Secure 2 00 3 : Th e O ff icial Guid e Configuration tool is launched. The following configuration is a typical best practices install and ISBN:0072195665 by Steve Kaplan et al. accommodates the needs specific to our case study, CME Corp. McGr aw -Hill © 2003 (724 pages)

prompt, the administrator can choose either a Typical or Advanced 1. At the configuration This guide ex plains how to build a r obust, reliable, and configuration. We thinrecommend Advanced configuration to properly set Secure Gateway scalable client coman puting envir onment and deploy Service parameters suchWindows as security strengths andMetaFr STA servers. Windows 2000/ 2003 Ser v er and am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. 2. At the Certificate Configuration screen, select the server certificate to be used by the Secure Gateway Service. Since only one certificate can be bound to the Secure Gateway Service, < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> ensure that the proper certificate is selected by using the View button. Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

3. In the Select Secure Protocol And Select Cipher Suite section, the default setting is acceptable for most commercial deployments. Check with your organization's security policy for a definitive I ntr oduction answer. For ewor d

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

4. An additional I ntr oducing configuration Ser ver -Based screen Comallows puting for andcustomization th e On- Dem and of the IP addresses and ports that Enterpr ise the Secure Gateway server listens on for incoming client connections. The Monitor All IP Chapter Addresses 2 - Window s Terbox minal Ser vices check forces the Secure Gateway to listen for client connections on all available Chapter IP 3 addresses - Citr ix MetaFr am server. e AccessInSuite on this the TCP port field, enter a listener port number. The Secure Pa r t I I - Gateway De signi nglistens a n Entfor e rpr i se SBC Solut ion on the port specified for all available IP addresses on the client connections server. port, andfor theanone will beEnterpr using,ise is 443. PrThe epar default ing YourTCP Or ganization On-we Dem and Chapter 4 Chapter 1

I mplem ent ation 5. Custom settings can beCenter configured on the Chapter 5 - Serconnection ver - Based Computing Data Architect ure Secure Gateway server as well. These

include No Traffic Restrictions, The Secure Gateway Proxy, and Use An Chapter options 6 - Designing YourOutbound Netw or k for Ser verBased ComUse put ing Control Chapter Access 7 - The Client List Envir(ACL). onmentIn a typical DMZ install, there is no need to configure these options, default value of No Outbound Traffic Restrictions is appropriate. Chapter so 8 the - Security Chapter 9

Net w or k Managemen t 6. The-(STA) configuration screen is an important component of the Secure Gateway installation. Add the FQDN of the STA and appropriately set its communication protocol. We recommend Chapter securing 10 - Pr ojthe ect communication Managing and Deploying pr ise the SBCSecured Envir onment protocolan byEnter enabling With HTTPS check box. If Chapter multiple 11 - SerSTA ver Configur ation: Windows Ter m inal Serv ices servers have been deployed to support redundancy, these can be configured here Chapter but 12 the - Ser ver Configur ation: MetaFr am matches e Presentation Serofver administrator needsCitr to ix ensure this the list STAs configured during the Web Chapter Interface 13 - Application I nstallation and Configur at ion install. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 14 - Client Configur ation and Deploym ent

7. The Parameters setting Chapter 15 -Connection Pr ofiles, Policies, and Pr ocedu resallows the administrator to configure Connection Timeout

Cookie Cache Timeout (sec), and Connection Limits. In most cases, the default settings Chapter (sec), 16 - Securing Client Access

are appropriate. We recommend you baseline the server during initial testing of the deployment and then modify these values to best represent your organization's deployment needs.

Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Chapter 19 -Note Disaster Recovery andenabling Businessthe Continuity in theLimits SBC Envir We recommend Connection fieldonment only if the processor on this Chapter 20 - Migr server ation toisWindow s 2003 and Citr ix MetaFrame XP capable of processing the maximum number of connections based on the Chapter 21 -

Ongoing Administr Serclient v er - Based putingthat enabling this setting does not run typical usage ation profileofofthe your base.Com Ensure Envirthe onment CPU continuously at very high loads, and that your users experience good quality

Pa r t I V - Appendi x es

of service.

Appendix A - I nter netw or k ing Basics

8. Logging Exclusions addresses of network devices (load balancers, for example) that Appendix B - Creating an On-lists Demthe andIPEnterpr ise Financial Analysis Model extraneous log information youSubscr may want exclude from the Secure Gateway event Appendixgenerate C - Creating an On- Dem and Enterpr ise iptionto Billing Model I ndex

log. Unless such devices are included in the deployment network, there is typically no need to

enter List of Figur es any Logging Exclusions and the default of none is acceptable. List of Tables

9. Under Logging Parameters, select the appropriate logging level for the environment. Since Secure Gateway writes to its own event log section, we recommend you choose the All Events List of Sidebars Including Informational logging option during the initial deployment to help with troubleshooting and then select the Error And Fatal Events option once the deployment normalizes. List of Case Studies

10. Under the Web Interface configuration section, enter information about the server running Web Interface and its appropriate location. For CME, we installed Web Interface on the same machine as Gateway Services. As a result, we must choose the Installed On This Computer option and input 443 in the TCP Port field to secure the communications between Web Interface and Secure Gateway.

Changing Secure Gateway Configuration Settings Cit rix Me t aFra mentered e Access Su it ethe fo rinstall W in do w s Ser ver To change configuration settings during process, run the Secure Gateway Service 2 00 3 : Th O ff icial Gateway Guid e Configuration tool. Stop thee Secure Service before making changes to its configuration. To ISBN:0072195665 by Steve run the configuration utility:Kaplan et al. McGr aw -Hill © 2003 (724 pages)

Click Start | Programs Citrix | Secure Gateway | Secure Gateway This guide |ex plains how to build a r obust, reliable, and Service Configuration. Make scalable thin-Changes client commade putingdo envir and deploy the necessary changes. notonment take effect until the service is restarted. The Windows 2000/ Windows 2003 Ser v er and ifMetaFr am e. Also program restarts the service automatically; however, you prefer to do this manually, clear the learn t o centr alize application managem ent, r educe soft w ar e Start Secureon Gateway Service check box. Click Finish to exit the utility. the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Configuring the Web Interface Server Ta ble o f Con t en t s

to Support Secure Gateway

Now that the configured,Official Web Interface must be configured to Citr ix MetaFr amSecure e AccessGateway Suite forcomponents Window s Ser are v er 2003—The Guide properly For ewor d support the Secure Gateway installation. Web Interface provides the Web front-end that ICA Client users connect to, and supports the ticketing and authentication functions of Secure Gateway. I ntr oduction The listofdetails how to rconfigure Interface Pa r t I following - Ov er vi e w Ente r pr ise Se ve r - Ba se dWeb Com put in g

to utilize Citrix Secure Gateway.

I ntr oducing Ser ver -Based Com puting and th e On- Dem and 1. From Chapter 1 - the Web Interface/Secure Gateway server, open the Web Interface Web Administrator Enterpr ise (http://localhost/citrix/metaframexp/wiadmin). Chapter 2

- Window s Ter minal Ser vices 2. Click Server-Side link. Chapter 3 - the Citr ix MetaFr am eFirewall Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

3. The Server-Side Firewall settings page is presented. Click the Secure Gateway for MetaFrame

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter radio 4 - button in the Default Address Translation Setting section to set Secure Gateway as the I mplem ent ation

method for ICA sessionData traffic. Chapter default 5 - Ser ver - Based Computing Center Architect ure Chapter 6

Your Netw or k for Ser ver- Based Com put ing 4. One- ofDesigning the features introduced in Web Interface allows the specification of specific address

Chapter translation 7 - The Client Envir onment settings per IP network. If you would like to set a specific IP network to utilize a Chapter different 8 - Security address translation than the default, enter the IP network number in the Client Address Chapter Prefix 9 - Net or k Managemen t textwbox, select the Address Translation Option radio button, and click Add. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

5. Scroll down the Secure section the page. Chapter 10 - Pr oj ect to Managing and Gateway Deployingfor an MetaFrame Enter pr ise SBC Envirof onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

6. Enter the FQDN address of the server running the Secure Gateway component in the Address (FQDN) text box.

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Chapter 14 - Client Configur ation and Deploym ent 7. Enter the port the Secure Gateway component is listening on in the Port text box. Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

8. If have a firewall configured to perform network address translation between the Secure Chapter 16you - Securing Client Access boxk and the MetaFrame server, then check the Use Alternate Addresses Of Chapter Gateway 17 - Net wor Configur at ion MetaFrame Servers check box.

Chapter 18 - Pr int in g

Chapter 19 the - Disaster Recovery and Business in thethe SBC Envir name onmentof the server running the 9. In Secure Ticket Authorities URL Continuity text box, enter FQDN Chapter STA 20 - component Migr ation toinWindow s 2003 and Citr ix MetaFrame XP place of and click the Add button. Chapter 21 Pa r t I V -

Ongoing Administr ation of the Ser v er - Based Com puting

EnvirInonment Note order to secure the communication between Web Interface and STA, change the Appendi x default es URL path from HTTP to HTTPS.

Appendix A - I nter netw or k ing Basics

10. Repeat Step 9 an in order to and addEnterpr multiple servers for high availability. If you will be using Appendix B - Creating On- Dem iseSTA Financial Analysis Model

STAs an weOnrecommend checking the Use TheBilling Secure Ticket Authority List For Load Appendixmultiple C - Creating Dem and Enterpr ise Subscr iption Model I ndex

Balancing check box to enable round-robin load balancing.

List 11. of Figur es Save when finished. Click List of Tables

Click the Apply Changes button to commit the changes. List 12. of Case Studies List of Sidebars

The Secure Gateway implementation is now complete.

New Secure Gateway Administrative Tools Two additional tools were added to the Secure Gateway 2.0 deployment: Secure Gateway Diagnostics and Secure Gateway Management Console. After the initial install of both Web Interface and Secure Gateway is complete, run the Diagnostic tool before performing any user testing. This utility will verify that all setup and configurations are not only installed but also working properly with their back-end

systems (this will test all the way down to Certificate level). Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction The Management Console is a useful utility to access common system administration tools (such as Pa r t Ievent - Ov erviewer). vi e w of It Ente r pr ise Se r vefor r - Ba se d Com put in g the is also useful accessing specific

information and statistics regarding the Secure Gateway services, I ntr oducing such as Sernumber ver -Based of Com active puting connections and th e OnandDem performance. and -

Chapter 1

Enterpr ise

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

MetaFrame Secure Access Manager

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

As discussed earlier in this chapter, Web Interface leveraging Secure Gateway for MetaFrame provides a powerful implementation tool for user communities to securely access your Citrix Chapter 17 - Net wor k Configur at ion MetaFrame server farm. With that said, there may be business cases or corporate mandates that Chapter - Pr int g dictate 18 access to in discrete applications or processes that are not necessarily available from the Chapter 19 Disaster Recovery and Business Continuity SBC Envir onment MetaFrame farm. Citrix developed an offering to fulfill in thisthe growing need in early 2000 by introducing Chapter 20 Migr ation to Window s 2003 and Citr ix MetaFrame XP their first release of a non-MetaFrame ICA server access solution: NFuse Elite. Chapter 16 - Securing Client Access

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envirbased onment NFuse Elite was on Sequoia System's portal technology, which opened the door for Citrix to Pa r t I V - Appendi x es broaden their product offering beyond the Multi User NT/2000 architecture. After initial successful Appendix deployments A - I of nter this netw environment or k ing Basics and market analysis, Citrix learned from its experiences and listened to their customers/channel integrated a new offering. This offering culminated in 2003 Appendix B - Creating an On-partners Dem and and Enterpr ise Financial Analysis Model with the C release of MetaFrame Access Manager 2.0Billing (MSAM). This solution has provided many Appendix - Creating an On- DemSecure and Enterpr ise Subscr iption Model changes over the previous release, including the following noteworthy features: I ndex List of Figur es

Secure access for remote users utilizing the same Secure Gateway for MetaFrame service described earlier.

List of Tables

List of Case Studies

List ofAdvanced Sidebars indexing services, including file systems and remote web servers, via Index Server for

MetaFrame. Integrative support with multiple MetaFrame ICA server farms, which aggregates all access services to one easy-to-use, secure web interface. Improved and updated Content Delivery Agents (CDAs) and development tools (SDKs) for wider integration with corporate data systems.

International compatibility via single-byte support for non-English characters associated with Western European languages and compiled installation code for German and Spanish operating systems. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

MSAM vs. MetaFrame ICAet by Steve Kaplan

ISBN:0072195665

al. McGr aw -Hill © 2003 (724 pages)

Utilizing Citrix's years of experience in providing scalable, enterprise solutions to end-user applications, This guide ex plains how to build a r obust, reliable, and it is no surprise when examining the MSAM deployment environment that it mimics key concepts scalable thin- client com puting envir onment and deploy developed in the Windows MetaFrame ICA realm. Table 16-1 someamofe.the similarities between the 2000/ Windows 2003 Ser v er shows and MetaFr Also environments. learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Table 16-1: Similarities of ICA and MSAM < ?xm l version= " 1.0" encoding= " I SO88591" ?> Environments Ta ble o f Con t en t s

MetaFrame ICA Environment

MetaFrame Secure Access Environment

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

XP application servers are situated in a I ntrMetaFrame oduction

Agent servers are arranged in a loadbalanced environment to increase data resumption of ICASer user I ntr oducing versessions. -Based Com puting and th e processing On- Dem andperformance and data Chapter 1 Enterpr ise resumption of CDA data presentation. farm for Pa rload-balanced t I - Ov er vi e w of Ente r princreased ise Se r ve r -scalability Ba se d Comand put in g

Chapter 2

- Window s Ter minal Ser vices

Centralized state tracking of farm data and metrics - Citr ix MetaFr am e Access Suite is stored in the MetaFrame Data Store.

Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Agent server load information, licensing and session states are centralized to a master State Server.

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Chapter 4

-

Chapter 9

- Net w or k Managemen t

mplem ent ation MetaFrameI XP provides a secure browser Secure SSL deployment enables Chapter 5 for - Ser ver - Based Computing Data Center ArchitectInternet ure interface intuitive access to Published access to the Access Center's Chapter 6 - Designing Your Netw or k for and Ser verBased ComContent put ing Delivery Agents (CDA) utilizing Applications utilizing Secure Gateway STA Chapter services, 7 protected - The Client with Envir SSL onment encryption. Secure Gateway, Login Agent services, and STA. Chapter 8 - Security

MetaFrame Web Interface provides a userMSAM provides flexible user customizable/administratively controlled web configuration and administration of the Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment interface. access center and available CDAs. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

MetaFrame XPver web and database MSAM Ser provides easy-to-install web and Chapter 12 - Ser Configur ation: Citrcomponents ix MetaFr am e Presentation ver are simple install and administer. Chapter 13 - to Application I nstallation and Configur at ion

database components.

Chapter 14 - Client Configur ation and Deploym ent MetaFrame XP leverages common user group

MSAM leverages common user group management systems (MS Active Directory, Novell E-directory, and so on) to provide access-specific CDA, and pages in the Access center.

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Novell management systems (MS Active Directory, Chapter 16 Securing Client Access E-directory, and so on) to provide access-specific Chapter 17 - Applications. Net wor k Configur at ion Published Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

So, with20all-these similarities, what makes Its XP uniqueness resides in the concept of Chapter Migr ation to Window s 2003 andMSAM Citr ix unique? MetaFrame creating a very specific accessation center, which allows users to utilize resources from a Ongoing Administr of the Ser not v er -only Based Com puting Envir onment MetaFrame server farm but also discretely provides a web-based interface into the organization's Pa r t I V - Appendi x es MSAM goes beyond the standard, development-intensive application of mining information stores. Appendix information A - from I ntera netw database or k ing Basics and providing a web look and feel to view it. Citrix has developed a standardB programmatical interface called Appendix - Creating an OnDem andtool Enterpr ise Content FinancialDelivery Analysis Agents Model (CDAs) to allow the preprogramming of connectivity applications and aBilling web page, Appendix C - Creating an On- Dem between and Enterpr ise Subscr iption Model and has initiated the creation of several hundred CDAs for more popular applications and interfaces. With Content Delivery Agents, it is I ndex possible List of Figurtoesprocess data on an Agent server farm and deliver an interactive experience to the end user without significant programming overhead. List of Tables Chapter 21 -

List of Case Studies

The CDA becomes the focus of the MSAM deployment, just as installing and publishing applications

List do of in Sidebars the MetaFrame XP environment. One advantage is that since the administrator is centrally

creating and deploying specific CDAs to access only the content (a subset of the application) a user needs to interact with, there is not the vast amount of administrative overhead required to "lock down" a Terminal Server deployment. The ability to provide data and content to a user more efficiently ultimately leads to time and money savings. An example of this is the following: Under a typical MetaFrame XP application deployment, an administrator installs the full client of the document managementsystem and then publishes access to an end user or group. Each time a user accesses their data from within the application, it may take five to ten menu picks and a lot of user input to

access the data required. Under the MSAM deployment scenario, that same administrator would instead configure a CDA and add it to the users' MSAM Access Center, which automatically drills down and pulls the dataCitthey to interact with.Su Although bever some programming required to rix need Me t aFra m e Access it e fo r Wthere in do may w s Ser create the interface on whether 2 00(depending 3 : Th e O ff icial Guid e a CDA already exists), the objective is to streamline user access and use of and, ultimately, the data. ISBN:0072195665 byapplications, Steve Kaplancontent, et al. McGr aw -Hill © 2003 (724 pages)

One other concept heavily emphasized by MSAM (though administratively controllable, of course) is This guide ex plains how to build a r obust, reliable, and the capability of the end user to modify the look and feel of their web-based access center. This is very scalable thin- client com puting envir onment and deploy similar in conceptWindows to a My Yahoo or MSN 2003 Passport-based site over public Internet. These sites 2000/ Windows Ser v er and MetaFr am the e. Also learn t o what centr alize application managem ent, site r educe ar e allow a user to log on to is typically a standard public andsoft be wpresented with a personalized on with the desktop, mor e. view of the content the abilityand to customize and optimize the web experience. MSAM, unlike these public sites, does use local cached or settings to store these optimizations. This allows < ?xm l version= " 1.0" not encoding= " I SO8859- credentials 1" ?> a user who accesses the data center from various computer resources (such as a business laptop, Ta ble o f Con t en t s home machine, or Internet kiosk) to always have access to their as they are stored in Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Officialcustomizations, Guide the central MSAM State/Web Server located securely in the company's data center. For ewor d I ntr oduction

CME Case Study of MSAM

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting andJust th e In OnDem (JIT) and outsourced manufacturing The CME architecture requires remote Time Chapter 1 deployment Enterpr ise

facilities. To effectively meet this requirement, CME's manufacturing partners require direct, secure, - Window s Ter minal Ser vices and easy-to-use access to a number of internal systems at CME in order to meet their manufacturing Chapter 3 - Citr ix MetaFr am e Access Suite service level agreements and update their project status. For this specific case, we will look at the Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion relationship between Nickel Plastic Parts, Inc. (NPPI) and CME. Chapter 2

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

I mplem ation NPPI's success has ent been based on its ability to provide inexpensive, high-quality injection-molded Chapter Ser ver - Basedfor Computing Data Center NPPI Architect plastic 5parts- specialized the medical industry. keyure technologies involve a propriety processing Chapter - Designing Netw orbefore k for Ser ver- Based method6 of handling rawYour materials molding, as Com wellput asing scrutinized methods of verifying that the Chapter 7 accurate - The Client Envir onment parts are according to engineering requirements and are sanitized for use in operating Chapter - Security rooms.8CME has experienced a long-standing relationship with NPPI, but in recent years CME's shift to JIT manufacturing hast caused some production scheduling snags. In order to improve the Chapter 9 - Net w orprocesses k Managemen success their JITing processes, that all its outsourced manufacturing partners, Pa r t I I I - Iof m ple m ent a n O n-D e CME m a nd mandated Se r ve r - Ba se d Com pu ti ng Envi r onm e nt including an access deployed theSBC CMEEnvir IT department to review order and Chapter 10 NPPI, - Pr ojutilize ect Managing andsolution Deploying an Enterby pr ise onment forecasting NotConfigur only will the partner responsible for monitoring this data and acting on it, but Chapter 11 - data. Ser ver ation: Windowsbe Ter m inal Serv ices they will12have access to overall product shipment as Ser wellver as the latest engineering and Chapter - Ser ver Configur ation: Citr ix MetaFr am eschedules Presentation manufacturing requirement documents. This ensures Chapter 13 - Application I nstallation and Configur at ion that any late stage changes to design requirements are accounted for. Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu resof internally developed manufacturing systems (running CME already has established deployments Chapter 16 Securing Client Access from Oracle Database Servers) as well as Documentum for document management and revision Chapter - Netprocedures wor k Configur at ion control17 of their and manufacturing specification sheets. In order to provide not only realChapter 18 Pr int in g time access, but also discrete, role-based control of these data sources, CME's IT staff has turned to Chapter - Disaster Recovery and Business in the SBC Envir onment Citrix's 19 MetaFrame Secure Access ManagerContinuity (MSAM) as the access center of choice for these data sources. features that madesMSAM attractive included ease Chapter 20Key - Migr ation to Window 2003 and Citr ix MetaFrame XP of deploying a standards-based,

browser-accessible Interface, MSAM Content Delivery Agents to their OngoingWeb Administr ation availability of the Ser v of er -existing Based Com puting Enviras onment internal systems, well as the security provided by MSAM's Gateway Services. Figure 16-6 shows a Pa r t I V - Appendi x esfull secure access deployment with Web Interface, Secure Gateway, and MSAM. diagram of CME's Chapter 21 -

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Figure 16-6: CME's full Secure Access Center deployment with Web Interface, Secure Gateway, and MSAM

In this deployment, MSAM administrators are able to create an easily managed, role-based, look and feel so that when a partner accesses the MSAM web interface they are presented only with those rix Me t aFra that m e Access Su it e fo r W to in do w s Ser verportion of the manufacturing Content Delivery Cit Agents (CDA) have authorization access their 00 3 : Th e O ff icial data Guidfrom e requirements and2 sales forecasting Oracle as well as process documentation from ISBN:0072195665 Kaplan et al. Documentum. AsbyanSteve added benefit, CME is also able to provide their partners with additional McGr aw -Hill © marketing, 2003 (724 pages) information on CME's general such as recent press releases, stock prices, and other This guide ex plains how to build a r obust, reliable, and pertinent information. scalable thin- client com puting envir onment and deploy 2000/isWindows 2003 Ser vInformation er and MetaFr e. Also At the core of thisWindows deployment the MSAM CDA. in am each area of the access center that learn t o centr alize application managem ent, r educe soft w ar e the user has rights to is provided by a CDA. In this case, there are one or more Oracle CDAs that on the desktop, and mor e. connect directly to the specific information required by NPPI account managers to fulfill JIT. In addition, < ?xm l version= " 1.0" encoding= "to I SO88591" ?> there is a CDA programmed obtain process documents out of Documentum so that NPPI Taproduction ble o f Con tteams en t s are generating the correct parts based on the latest requirements. Both the Oracle Citr ix Documentum MetaFr am e Access Suite for Window Ser v erthe 2003—The Guide and CDAs already exist, slimiting amount Official of custom programming required to build For ewor d the connectivity. I ntr oduction

Inr torder this data over Pa I - Ovto er provide vi e w of Ente r pr isesecurely Se r ve r - Ba se dthe Compublic put in gInternet,

without deploying an expensive and complex VPNI ntr solution, IT-Based staff have implement Secure oducingCME Ser ver Com opted puting to and th e On- Dem and Gateway services to provide Chapter 1 SSL-encrypted dataise transfers over common HTTPS ports. An additional requirement was to provide Enterpr the flexibility support CME's Chapter 2 - to Window s Ter minal partners' Ser vices security deployments without modifications. NPPI's IT staff, for example, requires all internal users pass through their outbound web proxies in order to gain access Chapter 3 - Citr ix MetaFr am e Accessto Suite tor tInternet resources. Since Gateway Pa I I - De signi ng a n Ent e rpr iSecure se SBC Solut ion has no problem accepting connections from client-side proxy devices, staff not havefortoanchange their policies in order to accommodate Pr NPPI's epar ing IT Your Or do ganization On- Dem andsecurity Enterpr ise Chapter 4 this solution. I mplem ent ation Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Once the server-side deployment is completed by CME, NPPI users simply connect to this access - Designing Your Netw or k for Ser ver- Based Com put ing center using a functional web browser supporting high encryption and the MSAM Gateway Client.

Chapter 6 Chapter 7

- The Client Envir onment

Chapter 8

- Security

Deployment for MSAM - Net w or Requirements k Managemen t

Chapter 9

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

This section outlines the following concepts:

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11services - Ser ver Configur Windows Ter m inal Serv ices Key required toation: support the deployment Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Minimum hardwareI specifications Chapter 13 - Application nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Typical security requirements for an Internet deployment of MSAM

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Chapter 16 - considerations Securing Client and Access Scaling growth accommodation Chapter 17 - Net wor k Configur at ion

Content Delivery Chapter 18 - Pr int in g Agent resource sites Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Key MSAM Services

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Chapter MSAM,21 in its - most basic Internet-based deployment, has the following components: Secure Access Envir onment

Manager, Web Service extensions, STA, Agent Server, and Secure Gateway for MetaFrame and Login Agent. There are also the additional ancillary components: the user-side MSAM Gateway Client and Appendix A - I nter netw or k ing Basics the Index Server for MetaFrame. Table 16-2 describes the roles associated with each MSAM service. Pa r t I V - Appendi x es

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Table 16-2: MSAM Services and Their Functions

I ndex

List of Figur es List of Tables List of Case Studies List of Sidebars

MSAM Component Service

System Role Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Kaplan et al.of the MSAM deployment.ISBN:0072195665 Secure Access by Steve This is the core It maintains all information aw -Hillthe © 2003 (724 pages) Manager (SAM)McGrabout Access Center, CDA information, custom user information, load how information, much more. and This licensing, guide ex plains to build aand r obust, reliable, scalable thin- client com puting envir onment and deploy SAM also requires the existence of a database service to store information. Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also options either to managem use the MS Desktop Engine (provided on learnThe t o centr alizeare application ent,SQL r educe soft w ar e on the and mor e.or an enterprise Database Service such as Microsoft thedesktop, install CD-ROM)

SQL Server.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Server Con t en t s Web These extensions are where the CDA information is presented to the user CitrExtensions ix MetaFr am e Access Window s Serinstalls v er 2003—The Official inSuite a webforformat. WSE on MS IIS and Guide is dynamically updated by the For(WSE) ewor d I ntr oduction Pa r t I - Ov er vi e w

SAM. LAN users may access this web site directly to utilize their access center. This is also where Internet user requests are relayed by the Secure of Ente Gateway r pr ise Seinr ve the r - Ba DMZ. se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 Ticket Secure The MSAM STA is installed with each Agent Server and maintains proper Enterpr ise

Authority (STA) state information with the SAM. Secure Gateway also will utilize at least - Window s Ter minal Ser vices one STA for validation of secure Internet connection states.

Chapter 2 Chapter 3

- Citr ix MetaFr am e Access Suite

Pa rAgent t I I - De signi ng a n Ent e rprServer(s) i se SBC Solut Server Agent areion the

equivalent of Citrix MetaFrame XP farm servers

(AS) 4 Chapter

-

Pr epar ingbecause Your Or ganization for an OnDemofand ise they generate the bulk theEnterpr content/information for end users. I mplem ent ation

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

In this case, the information processed is data for Content Delivery Agents instead of feature-rich GUI applications.

Secure Chapter 7

AsEnvir in a onment secure Web Interface deployment, Secure Gateway services - The Client Gateway for enable the encryption of data into SSL packets to be relayed to the end Chapter 8 - Security user over HTTPS ports. This is a requirement for Internet deployments. MetaFrame Chapter 9 - Net w or k Managemen t Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Login Agent

This is in parallel with the Secure Gateway install. LA provides the external

Chapter andaDeploying an Enter ise SBC Envir onment (LA) 10 - Pr oj ect Managing MSAM user web interface. It isprable to log the user into the MSAM Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices environment and install any required plug-ins (such as the Gateway Client) Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation and can be secured for HTTPS traffic. ThisSer is ver a requirement for Internet Chapter 13 - Application I nstallation and Configur at ion deployments. Chapter 14 - Client Configur ation and Deploym ent

MSAM Gateway Client

The MSAM Gateway Client is key to proper Internet deployments and similar to having an ICA Client installed. Its role is to facilitate Securing Client Access communications with the MSAM internal environments and act as a Net wor k Configur at ion tunneling client, which will allow a remote client into LAN-based resources Pr int in g at the data center. For example, if there is a web site CDA that links to an Disaster internal Recoverydata and center Business Continuity in the Client SBC Envir onment URL, the Gateway enables the remote user to Migr ationview to Window s 2003 and Citr ix MetaFrame XP the contents of that URL by tunneling the web browser requests to Ongoing the Administr ation of the server, Ser v er - Based Secure Gateway which Com thenputing links to the internal resource.

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 Chapter 17 Chapter 18 Chapter 19 Chapter 20 Chapter 21 -

Envir onment

Pa r t I V - Appendi x es

The MSAM Gateway Client is required for Internet deployments.

Appendix A - I nter or k ing Basics in general can be critical to simplifying data access. Citrix Index Server for netwIndex services Appendix B Creating an OnDem and isetoFinancial Analysis MetaFrame (IS) has provided ISEnterpr not only index file serversModel and their contents, but also to Appendix C - Creating hook an OnDem and Enterprinformation ise Subscr iption Model (optional) into searchable from Billing any web site and other data stores. I ndex Index Server is optional to the install of MSAM but is included free with the List of Figur es

product.

List of Tables List ofNote Case In Studies a basic configuration, the administrator can combine MetaFrame Secure Access Manager List of Sidebars and STA on the first server in the internal secure LAN.

Minimum MSAM Hardware Specifications This section outlines the minimum server hardware required to deploy MSAM. In effect, as few as three servers (two internal to your data center network and one in its DMZ), can fulfill the requirements. In a later section, we discuss scaling considerations for a more robust deployment. Component Minimum Requirements for MetaFrame Secure Access Manager

512MB of physical memory Microsoft Windows 2000/2003 Server Family or later with latest service pack Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

00 3 : Th e O ff icial Guid e For Windows2 2000 Server, Microsoft .NET Framework 1.0 with Service Pack 2 or later by Steve Kaplan et al.

ISBN:0072195665

McGr aw -HillComponents © 2003 (724 pages) Microsoft Data Access (MDAC) Version 2.7 This guide ex plains how to build a r obust, reliable, and

Internet Information or later scalable Services thin- client(IIS) com5puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

Microsoft SQL learn Server t o centr 2000 alize with application Service Pack managem 2 or ent, laterr educe (or) soft w ar e on the desktop, and mor e.

Microsoft SQL Server 7 with Service Pack 3 or later (or)

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t enSQL t s Desktop Edition (MSDE) Service Pack 3 or later Microsoft Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

A network interface card (NIC) For ewor d I ntr oduction

Minimum Requirements for STA

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and 256MB Chapter 1 - of physical memory. Enterpr ise Chapter 2 - additional Window s Ter minal Ser vices 150MB physical memory. Chapter 3 - Citr ix MetaFr am e Access Suite

interface Pa r t I A I -network De signi ng a n Ent ecard. rpr i se SBC Solut ion Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter To4support secure communication (optional), an installed certificate and installed root path are I mplem ent ation

necessary. Chapter 5 - Ser ver - Based Computing Data Center Architect ure Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing Note The administrator can combine the Secure Gateway and the Logon Agent on the second

Chapter 7 server. - The Client Envir onment This server is installed in the data center's DMZ for increased security. Chapter 8 - Security

Minimum for MetaFrame Secure Gateway Chapter 9 Requirements - Net w or k Managemen t Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Microsoft Windows 2000/2003 Server Family or later with latest service packs

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - RAM Ser ver Configur ation: Windows Ter m inal Serv ices 256MB Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

150MB memory Chapter 13 - physical Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

A network interface card

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Information Securing Client Access5 or later Internet Services Chapter 17 - Net wor k Configur at ion

Minimum for Logon Agent Chapter 18 Requirements - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

150MB additional physical memory

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Installed Chapter 21 - into IIS service default root Envir onment Pa r t I To V - support Appendi xsecure es

deployment an IIS-based web certificate

Appendix A - I nter netw or k ing Basics

NoteB Due to system resources, index should be installed Appendix - Creating an OnDem and the Enterpr iseserver Financial Analysis Model on a separate server located the internal LAN. Appendix C on - Creating an OnDem and Enterpr ise Subscr iption Billing Model I ndex

Minimum Requirements for Index Server for MetaFrame

List of Figur es List ofMicrosoft Tables Windows 2000/2003 Server Family or newer with latest service pack List of Case Studies

Internet Information Services 5 or newer (installed by default on Windows 2000 servers)

List of Sidebars

Microsoft .NET Framework 1.0 with latest service pack 1GB RAM 10GB hard disk storage (30GB recommended) 1GHz Pentium 4 dual processor

A network interface card Minimum Requirements for the Client Device

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

00 3 : Th e O ff icial Guid e Standard PC2architecture by Steve Kaplan et al.

ISBN:0072195665

McGr aw card -Hill © 2003 (724 pages) A network interface This guide ex plains how to build a r obust, reliable, and

Internet connection scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

Compatible 32-bit learn tWindows o centr alize operating application system managem ent, r educe soft w ar e on the desktop, and mor e.

Internet Explorer 5.0 (with High Encryption Pack) or later

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Conto t en ts Ability download and install browser plug-ins (the Gateway Client is deployed through browser Citr ix plug-ins) MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

Trusted root certificate path required to connect to the Secure Gateway/Login Agent server I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Typical Security Requirements anand Internet Deployment of MSAM I ntr oducing Ser ver -Based Comfor puting th e On- Dem and

Chapter 1

-

Enterpr ise The following security guidelines Chapter 2 - Window s Ter minal Sershould vices be considered when deploying an Internet-accessible MSAM

environment: - Citr ix MetaFr am e Access Suite

Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Firewall Rules

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 - appropriate ports. From the Internet, TCP port 80 and 443 inbound access to the Secure 1. Open I mplem ent ation

Agent server inData the DMZ be configured. Chapter Gateway/Login 5 - Ser ver - Based Computing Centermust Architect ure Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

2. Configure outbound and inbound access . From the Secure Gateway /Logon Agent server in the - The Client Envir onment DMZ, inbound access to STA/SAM server on port 443 and ports to any internal resource server Chapter (such 8 - Security as Citrix or web servers) that a CDA may call directly should be configured. Chapter 7 Chapter 9

- Net w or k Managemen t

Pa Additional r t I I I - I m ple Requirements m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an EnterNetwork pr ise SBC Envir onment 1. Configure Address translation rules . Proper Address Translation rules from internal Chapter LAN 11 - to Ser ver Configur ation: Windows Ter m inal Serv ices DMZ access, and from the DMZ to the Internet, must be configured and tested. Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

2. Update DNS tables. Updateand forward andatreverse looks for both internal and Internet DNS Chapter 13 - Application I nstallation Configur ion Secure Gateway/Logon Agentent server must have its FQDN registered with both internal Chapter servers. 14 - Client Configur ation and Deploym DNS Chapter and 15 -Internet-based Pr ofiles, Policies, andservers. Pr oceduThe res STA server needs only to have its FQDN registered with internal DNS servers.

Chapter 16 - Securing Client Access Chapter 17 - Net wor k Certificates. Configur at ionIn order to properly accommodate SSL communications, a verifiable 3. Install Server Chapter web 18 - type Pr intcertificate in g must be bound to the Secure Gateway/Logon Agent server and a separate Chapter certificate 19 - Disaster Recovery andSTA. Business Continuity in the SBC Envir onment installed on the In most cases, we recommend using a standard Internet Chapter deployed 20 - Migrcertificate ation to Window s 2003 and Citr ix MetaFrame XP so on) for the Secure Gateway/Logon (for instance, Verisign, Thawte, and Ongoing Administr ation of the Ser v er - Based Com puting Chapter Agent 21 - and then using an internally generated certificate for the STA. Envir onment Pa r t 4. I V -Configure Appendi x es Root

Certificate paths . Users must have the root path of the Secure Gateway/Logon

onk ing their clients (this is one of the reasons to purchase an Internet-based AppendixAgent A - I installed nter netw or Basics as opposed to having to manually deploy the root CA path to each client who wishes Appendixcertificate B - Creating an On- Dem and Enterpr ise Financial Analysis Model The Agentiption mustBilling have Model the root path for the certificate AppendixtoCconnect). - Creating an Secure On- DemGateway/Logon and Enterpr ise Subscr I ndex

issued to the STA installed in its system registry in order to properly function.

List of Figur es

Environment Scaling Considerations for MSAM

List of Tables

List of Case Studies In the previous sections, we outlined what it takes to get the minimum servers implemented in order to List of Sidebars support a functional MSAM environment. As with many minimum requirement documents, we have not

accounted for "real world" enterprise deployments, where end-user performance and high availability are required. Because of the modular nature of MSAM, an administrator has the option of increasing the deployment footprint in stages or all at once depending on the initial number of users and the type of service required. The following list outlines some of the areas to consider when designing MSAM for an enterprise deployment. 1. Increase the number of Access Servers, as well as disable this responsibility on the primary

1. Secure Access Manager machine. This is similar in concept to the N+1 rule of thumb in MetaFrame XP server deployments. By Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver increasing2the number of Access Servers, you not only provide more processing power to your 00 3 : Th e O ff icial Guid e farm, but you also increase its availability due to server ISBN:0072195665 redundancy.

by Steve Kaplan et al. McGr aw -Hilldatabase © 2003 (724 pages) 2. Utilize an enterprise for your state information. This guide ex plains how to build a r obust, reliable, and thin- client com puting envirsuch onment deployServer, instead of MS SQL By utilizingscalable an enterprise database service, as and MS SQL Windows 2000/ Windows Ser vare er and MetaFr am e. Also Desktop Engine, performance and2003 security greatly improved. learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

For large-scale deployments, consider clustering the back-end database servers for increased

< ?xm l version= availability. " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Implement a Web/SSL balancer web extensions Secure Gateway. Citr ix3.MetaFr am e Access Suite forload Window s Ser v for er 2003—The Officialand Guide For ewor d

This is the most reliable way of increasing availability of Internet access to the Secure Gateway/Logon Agent servers. Load Balancers have the ability to distribute the Secure Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g Gateway process, thus eliminating a bottleneck in the event of high user loads (300–500 plus I ntr oducing Ser ver -Based Com puting and th e On- Dem and connections). Chapter simultaneous 1 I ntr oduction

Enterpr ise

Chapter 2 Do - Window s Terany minal Serof vices Note not enable type SSL acceleration or caching as this will degrade the end-user Chapter 3 experience - Citr ix MetaFr Access Suitenature of the data processed. dueam to ethe dynamic Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Common- Pr Content epar ing Your Delivery Or ganization Agent for an Resource On- Dem andSites Enterpr ise

Chapter 4

I mplem ent ation Since content delivery agents (CDAs)Data are key to aArchitect successful Chapter 5 - Ser ver - Based Computing Center ure deployment of MSAM, it is worth noting

just a few many available content Chapter 6 of - the Designing Your Netwpreprogrammed or k for Ser ver- Based Com delivery put ing agent resources. Chapter 7

- The Client Envir onment

Chapter 8 product - SecurityCDs All CDAs available at the time of product release are included on your Citrix Chapter 9 - CD. Net w or k Managemen t product Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Citrix web site You can download new and updated CDAs from the Citrix web site. The main site for information about MetaFrame Secure Access Manager, including information about CDAs and Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver software development kits (SDKs), is www.citrix.com/secureaccess. Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Citrix portal Registered can download CDAs from www.citrix.com/mycitrix. Chapter 15 customer - Pr ofiles, Policies, and Pr oceducustomers res Chapter 16 - Securing Client Access Chapter 17 Developer - Net wor k Configur at ion Citrix Network The Citrix Developer Network (CDN) is an open enrollment Chapter 18 Pr int in g membership program that provides access to developer toolkits, technical information, and test Chapter 19 - Disaster Recovery Business Continuity in theintegrators, SBC Envir onment programs for software andand hardware vendors, system licensees, and corporate

developers solutions into Chapter 20 - Migrwho ationincorporate to Window sCitrix 2003computing and Citr ix MetaFrame XP their products. For more information, go to www.citrix.com/cdn. Ongoing Administr ation of the Ser v er - Based Com puting

Chapter 21 -

Envir onment

Pa r t I V - Appendi x es

Microsoft web part resources There are a number of web part areas on the Microsoft web site, but this is a good address to get you headed in the right direction: Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model www.microsoft.com/sharepoint/server/downloads/webparts/introduction.asp. Appendix A - I nter netw or k ing Basics

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

I ndex Caution Neither Citrix nor the authors of this book have fully tested the large variety of prewritten List of Figur es CDA programs available. Always fully review and understand the impacts of any thirdList of Tables

party code under consideration and always implement and thoroughly test it before using

it in a production environment. List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Chapter Cit 17: Network Configuration 2 00 3 : Th e O ff icial Guid e

Overview

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and

This chapter applies scalable the design thin- client principles com puting fromenvir Partonment II of theand book deploy to the process of provisioning and 2000/ Windows 2003 Ser v for er and am e. environment Also implementing an Windows Enterprise network infrastructure the MetaFr case study (CME Corp). learn t o centr alize application managem ent, r educe soft w ar e Specifying the detailed configuration steps for every device in the network would require a book of its on the desktop, and mor e. own: the focus is on those components that have a direct bearing on Enterprise SBC architecture < ?xm l version= " 1.0" encoding= " I SO- 88591" ?> performance. Emphasis is placed on LAN/WAN transport hardware, essential security parameters to Taallow ble o fCitrix Con ttraffic en t s to traverse the network, and bandwidth management relevant to Citrix traffic flows. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Toewor keep For d things in perspective, network hardware manufacturers tout their products as "five 9s" for reliability (99.999 percent reliable)—but they assume power availability is a perfect 100 percent. I ntr oduction Software vendors Pa r t I - Ov er vi e w of (including Ente r pr ise Microsoft Se r ve r - Baand se d Citrix) Com putcite in g"five

9s" for availability of their solutions, but again assume the network is 100 available. Forand CME's requirements, whether Enterprise SBC or I ntr oducing Serpercent ver -Based Com puting th e OnDem and Chapter 1 Client-Server, traditional the network design must come as close as technically and financially possible Enterpr ise to that perfect "100-percent" world. Chapter 2 - Window s Ter minal Ser vices Chapter 3

- Citr ix MetaFr am e Access Suite

To reiterate from Chapter 6, network design is interdependent on all other infrastructure components—from server services such as DNS and WINS, to IP addressing schemes, to node Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter naming4 and- management practices. The "implementer" must view the Enterprise implementation of I mplem ent ation server-based computing "wholistically" to ensure success. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Network Requirements Definition 2 00 3 : Th e O ff icial Guid e

Steve Kaplan (in et al. Defining the exactbyrequirements terms of network hardwareISBN:0072195665 and network bandwidth) provides the aw -Hill 2003 (724 pages) key component ofMcGr design and© implementation. Referring to the CME case study and Figure 10-1, later in the chapter, WAN This requirements guide ex plainsare howcalculated to build a first. r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

WAN Requirements

Based on known values (site role, location, available connectivity, use load, and so on) the CME

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> network designers reviewed existing resources and developed WAN bandwidth and hardware Ta ble o f Con t en t s

requirements per site.

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

Current WAN Hardware

I ntr oduction

Pa r t I CME - Ov erinfrastructure vi e w of Ente r pr ise Se r ve r - Baase d Com put inof g The currently has wide range

low-end, multivendor devices, many of which are

I ntr oducing Ser ver -Based Com puting and th e On- Dem and somewhat Chapter 1 -antiquated. Sites are connected to CME Corp via high-cost, low-bandwidth dedicated frame Enterprcarried ise relay virtual circuits on multiple T1 facilities. CME Corp needs to standardize devices and Chapter 2 - Window s Teras minal Ser vices configurations as much possible to ensure interoperability and simplify network management and Chapter 3 - Citr ix MetaFr amanalyzing e Access Suite configuration control. After the inventory, designers determined that the resources in Table Pa r t I I could - De signi ng a n EntThe e rprexact i se SBC Solut ion of 17-1 be reused. sequence

replacement and redeployment must be included on the

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise master4project timeline. Chapter I mplem ent ation Chapter 5 - Reusable Ser ver - Based Computing Data Center Architect ure Table 17-1: WAN Hardware Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing

WAN 7Hardware Current Site Chapter - The Client Envir onment Chapter 8

Quantity

Projected Status

Future Use

1

Keep

Atlanta, GA

- Security

Chapter - Net w or k Managemen Cisco91760 Router Atlanta, tGA

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Detroit, Keep Chapter 10 - Pr oj ect Managing andMI Deploying an1 Enter pr ise SBC Envir onment

Detroit, MI

Chapter 11 - Ser ver Configur ation: MT Windows Ter1m inal Serv ices Helena, Keep

Helena, MT

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Miami, FL and Configur 1 at ion Chapter 13 - Application I nstallation

Keep

Miami, FL

Chapter 14 - Client Configur ation and Deploym Minneapolis, MN ent 1

Keep

Minneapolis, MN

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

New Orleans, LA

1

Keep

Salt Lake City, UT

Salt Lake City,

1

Keep

Salt Lake City, UT

Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery UT and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

San Antonio, TX

Chapter 21 -

1

Keep

Ongoing Administr ation of the Ser v er - Based Com puting Envir onmentWinnipeg, MB 1 Keep

Pa r t I V - Appendi x es

Corp Appendix A - I nter netw or kCME ing Basics

2

Replace

Appendix B - Creating an OnDem and Enterpr ise2 Financial Analysis Model CME-WEST Replace Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

San Antonio, TX Winnipeg, MB Sales Offices Sales Offices

I ndex

CME-MEX

1

Replace

Sales Offices

List of Figur es

CME-TNG

1

Keep

CME-TNG

Cisco PIX-515E w/FO

CME Corp

1

Replace

CME-WEST

Cisco PIX-515E

CME-WEST

1

Replace

CME-MEX

CME-EUR

1

Keep

CME-EUR

CME-TNG

1

Delete

Sales Offices

CME-MEX

1

Replace

Sales Offices

List of Tables

List of Case Studies List of Sidebars

Cisco PIX-506E

WAN Bandwidth The bandwidth requirements fallminto two basic service: dedicated private WAN and InternetCit rix Me t aFra e Access Su ittypes e fo r of W in do w s Ser ver 3 : three Th e Omain ff icial Guid e based VPN WAN.2 00 The sites have significantly different bandwidth needs than the typical ISBN:0072195665 Sales Office site. by CME Corp mustetbe bandwidth of all remote sites as it Steve Kaplan al.able to handle the aggregate hosts the enterprise core. CME-WEST needs high bandwidth to CME Corp to support replication of McGr aw -Hill © 2003 (724 pages) date and servicesThis in support disaster well reliable, as a reasonably robust Internet presence to guide exof plains how recovery, to build a as r obust, and scalable thin- client comofputing envir onment andfarm deploy allow CME-WEST to assume the role the corporate server in the event of a catastrophic 2000/ Windows 2003 Ser v for er and MetaFr am e. Also failure. Table 17-2Windows details engineering calculations WAN bandwidth. learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Table 17-2: WAN Bandwidth Calculation Worksheet

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 5

- Ser ver - Based Computing Data Center Architect ure Required forYour the CME Corp bandwidth equal to all site Chapter 6 bandwidth - Designing Netw or k for Private Ser ver-WAN Based reflects Com put aggregated ing

virtual circuits plus additional overhead. The 35MB "provisioned" capacity will in fact require ATM DS3 Chapter 7 - The Client Envir onment service.8 Chapter

- Security

Chapter 9

- Net w or k Managemen t Required bandwidth for the CME Corp Internet reflects aggregated bandwidth equal to all inbound and outbound Internet traffic for all sites, including VPN-connected sites based on their maximum Chapter 10 - data Pr oj ect Managing andMobile Deploying anMobile Enter prCitrix, ise SBC Envir onment provisioned rate, as well as VPN, and Supplier MSAM bandwidth projections. Chapter 11 Ser ver Configur ation: Windows Ter m inal Serv ices The 25MB "provisioned" capacity will in fact require dual ATM DS3 service, with each DS3 pipe Chapter - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver carrying12a 15MB virtual circuit. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 13 - Application I nstallation and Configur at ion

CME-WEST requirements are somewhat deceptive. Both Internet and Private WAN access are Chapter 14 - Client Configur ation and Deploym ent provided facilities. The WAN Chapter 15over - PrATM ofiles,DS3 Policies, and Pr ocedu res bandwidth is increased (well above the level justified by user access) to support on-going Chapter 16 - Securing Client Accessoff-hours data replication to CME-WEST as the "hot site."

Additionally, by providing service over DS3 facilities, the Sales Office site virtual circuits could be reterminated in the event of a catastrophic failure at CME Corp. Internet bandwidth is similar, the dayChapter 18 - Pr int in g to-day requirement is a mere 1.5MB, but the DS3 ATM service allows the virtual circuit to change to Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment 15MB or more to reterminate site-to-site VPNs in a disaster scenario. Chapter 17 - Net wor k Configur at ion

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Ongoingand Administr ation of the Ser v eris- Based puting For both CME-MEX, bandwidth basedCom on availability of ATM service. Both will be Chapter 21CME-EUR Envir onment Server 2003 Active Directory Domain, and printing will be via network printers sites within the Windows Pa r t I V - Appendi x es

through the VPN (outside the Citrix ICA channel) to allow bandwidth management of VPN traffic by the

Appendix A -CME-MEX I nter netw or k ing Basics Packeteer. bandwidth appears artificially low based on the number of users at the site, but Appendix B Creating an and Enterpr ise Financial Analysis the majority of the users OnareDem Plant Floor production workers withModel only occasional access to Citrix or the Appendix C -services. Creating an On- Dem and Enterpr ise Subscr iption Billing Model CME Corp I ndex

North American (CORP) Sales Offices will be provisioned as "interworked" circuits, reencapsulated List of Figur es from frame relay (site end) to ATM (CORP end). List of Tables List of Case Studies

Several peripheral bandwidth calculations are included: MSAM Access bandwidth is not "supplied" by

List of Sidebars CME, but as the remote activities terminate at CME Corp, it is included in the overall load. Dial-up RAS

does not impact the raw bandwidth, but must be included in specifying the CME Corp security hardware. CME Corp will reuse their existing RAS hardware.

WAN Hardware Basic WAN hardware suites are consistent across similar sites to ease configuration management and allow for easier network management. Again, CME Corp and CME-WEST are unique, based on their

enterprise roles. As a significant segment of the corporate WAN is VPN-based, VPN termination hardware (firewalls for site-to-site connections and a VPN concentrator for client-to-site connections) are included. Table 17-3 themhardware have Cit rix Melists t aFra e Access the Su itdesigners e fo r W in do w s selected. Ser ver 2 00 3 : Th e O ff icial Guid e

Table 17-3: WANbyand Security Steve Kaplan Hardware et al.

ISBN:0072195665

McGr aw -Hill © 2003 (724 pages)

Purpose

Quantity

Description

This guide ex plains how to build a r obust, reliable, and puting envir onment and deploy512MB DRAM, (2) FE/GE Private WAN scalable 1 thin- client com Cisco 7401ASR, 128MB Flash, Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also ports, T3-ATM Port Adapter, IOS IP/FW/IDS/IPSEC56 router learn t o centr alize application managem ent, r educe soft w ar e mor e. 7401ASR, 128MB Flash, 512MB DRAM, (2) FE/GE Internet router on the2desktop, and Cisco

ports, T3-ATM Port Adapter, IOS IP/ FW/IDS/IPSEC56 < ?xm l version= " 1.0" encoding= " I SO- 88591" ?> Ta ble o f Con t en t s Firewall/VPN

1

Cisco 535-UR and 535-FO (failover), (2) 66MHZ GE Interfaces, (2) 66MHZ 4-Port FE interfaces, 3DES License, (2) VPN Accelerator+

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction

3030, Pa rVPN t I - Ov er vi e w of Ente 2 r pr ise Se r ve r -Cisco Ba se d VPN Com put in g

redundant power supplies concentrator I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 (clients) Enterpr ise Chapter 2

- Window s Ter minal Ser vices

Private WAN 1 Cisco 7401ASR, 128MB Flash, 512MB DRAM, (2) FE/GE - Citr ix MetaFr am e Access Suite ports, T3-ATM Port Adapter, IOS IP/ FW/IDS/IPSEC56 router

Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Internet router 1 Cisco Flash, Pr epar ing Your Or ganization for7401ASR, an On- Dem128MB and Enterpr ise512MB DRAM, (2) FE/GE I mplem ent ation ports, T3-ATM Port Adapter, IOS IP/ FW/IDS/IPSEC56

Chapter 4 Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Firewall/VPN

Chapter Internet 8 router - Security Chapter 9

1 1

Cisco 515E redundant (failover) w/IPSEC 3DES, PIX-4FE Interface for DMZ support

As determined by host nation and ISP; use Cisco 3725, 32MB Flash, 128MB DRAM, IOS IP/FW/IDS Plus IPSec 3DES O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Firewall/VPN

Cisco 515E redundant (failover) w/IPSEC 3DES

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Internet 1 As by host nation Chapter 12 router - Ser ver Configur ation: Citr ix determined MetaFr am e Presentation Serand ver ISP; use Cisco 3725, 32MB Flash, 128MB DRAM, IOS IP/FW/IDS Plus IPSec Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and 3DES Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu Firewall/VPN 1 Ciscores 515E redundant (failover) w/IPSec 3DES Chapter 16 - Securing Client Access

Private 30 Chapter 17WAN - Net wor k Configur at ion

Cisco 1760, 32MB Flash, 64MB DRAM, (1) FE Port, T1 router CSU/DSU, IOS IP Plus Software Chapter 18 - Pr int in g Chapter 19 router - Disaster Recovery and Business Continuity thenation SBC Envir Internet 10 As determined by in host andonment ISP, use CME-owned Chapter 20 - Migr ation to Window s 2003 and Citrappropriate ix MetaFrame XP 1760 with interface cards where possible Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 Firewall/VPN 10 PIX-506E w/IPSEC 3DES Envir onment Pa r t I V - Appendi x es

Internet router

10

As determined by host nation and ISP, use CME-owned

Appendix A - I nter netw or k ing Basics 1760 with appropriate interface cards where possible Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Firewall/VPN 3DES Appendix C - Creating an10On- Dem and PIX-506E Enterpr isew/IPSec Subscr iption Billing Model I ndex Private WAN Listrouter of Figur es

1

Cisco 1760, 32MB Flash, 64MB DRAM, (1) FE Port, ADSL Interface, IOS IP Plus Software

List of Tables List of "standard" Case Studies The high-capacity WAN router has more than adequate horsepower for CME's WAN connections List of Sidebarsand can easily be seen as "overkill" for CME-WEST. Aside from the obvious answer, that

CME-WEST may need to assume CME Corp's role, standardizing on the same model for all highbandwidth sites ensures the redundant Internet router at CME Corp can restore service for any other router without loss of service. It is effectively a global spare that is in service to support load balancing and redundancy for CME Corp's Internet connectivity. The redundant (failover) firewall with gigabit interfaces ensures low-latency throughput between the Internet router and the corporate LAN.

Although traffic load for the client access VPN is not high, redundancy is still required. As an additional benefit, the VPN Concentrator can support site-to-site tunnels with multiple authentication methods. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

Primary (Internet)2 routers outside 00 3 : Thfor e Osites ff icial Guid ethe U.S. and Canada remain "to be determined." Hardware installed outside the U.S. usually requires both host nation approval (HNA) and acceptance by the ISBN:0072195665 by Steve Kaplan et al. servicing ISP. In many countries, the PSTN is a pseudo-governmental entity and protects itself from McGr aw -Hill © 2003 (724 pages) competition by restricting the hardware that can be connected. In cases where the host nation and the This guide ex plains how to build a r obust, reliable, and ISP are amenable, CME-owned routers (Ciscoenvir 3725 or Cisco scalable thin- client com puting onment and1760) deploywould be used. Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

LAN Requirements

< ?xm l version= 1.0" encoding=are " I SO88591"metrics ?> Per-site LAN "requirements based on similar to the WAN calculations. The primary factor is Taobviously ble o f Con t ennumber ts the of hosts (Ethernet devices) at a given site, and assumes 10/100MB switched Citr ix MetaFr am econnectivity Access Suiteunless for Window Ser v er 2003—The Official Guide Fast Ethernet highers throughput (Fast Ethernet port aggregation via Fast For ewor d EtherChannel (FEC), Gigabit Ethernet, or Gigabit Ethernet port aggregation via Gigabit EtherChannel

(GEC)) is required. All Sales Offices and CME-TNG will use identical hardware. Regional offices and I ntr oduction the plantr pr(CME-WEST, CME-EUR, and Pa r t Imanufacturing - Ov er vi e w of Ente ise Se r ve r - Ba se d Com put in g

CME-MEX) are similar but with more capacity at CME-WEST supportSer data center Com reconstitution. Corp designed as a highly robust faultI ntrtooducing ver -Based puting and CME th e OnDemisand Chapter 1 Enterpr ise At the four primary sites, server requirements (network cards) are identified to tolerant infrastructure. Chapter 2 - Window s Ter minal Ser vices help calculate the number of FEC, Gigabit, and GEC ports needed. Chapter 3

- Citr ix MetaFr am e Access Suite

Current LAN Pa r t I I - De signi ng Hardware a n Ent e rpr i se SBC Solut ion Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 - LAN infrastructure at the four primary sites uses some Ethernet switch hardware The current I mplem ent ation

compatible CME's overall goals, Data but switches are primarily stackable units that will be replaced by Chapter 5 - with Ser ver - Based Computing Center Architect ure faster enterprise-class, chassis-based TheCom remaining Chapter 6 - Designing Your Netw or k forhardware. Ser ver- Based put ing primary site LAN hardware and all Sales Office hardware a hodgepodge of non-manageable consumer-class devices (hubs and Chapter 7 - The Client is Envir onment switches) unsuitable for CME's enterprise services. Table 17-4 lists the inventory available for - Security reallocation.

Chapter 8 Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Table 17-4: WAN and Security Hardware

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter - Ser ver Configur ation: Windows Ter Quantity m inal Serv icesProjected WAN 11 Hardware Current Chapter 12 - Ser ver Configur ation: Ser ver SiteCitr ix MetaFr am e Presentation Status Chapter 13 - Application I nstallation and Configur at ion

Cisco Catalyst 3548XLEN

CME Corp

21

Replace

Sales Offices (21)

1

Replace

Sales Offices (1)

1

Replace

Sales Offices (1)

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access CME-WEST Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

CME-EUR

Future Use

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing AdministrCME-MEX ation of the Ser v0er - Based Comn/a puting Envir onment

Cisco Catalyst 2950G24-EI

Pa r t I V - Appendi x es

CME Corp

5

Replace

Appendix A - I nter netw or k ing Basics

Sales Offices (5)

Appendix B - Creating an On- Dem CME-WEST and Enterpr ise0Financial Analysis n/a Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es

CME-EUR

0

n/a

CME-MEX

3

Replace

List of Tables List of Case Studies

Sales Offices (2) CME-EUR (1)

List of Sidebars

Cisco Catalyst 3550-48SMI

CME Corp

12

Replace

CME-MEX (5) Sales Offices (7)

CME-WEST

1

Keep

CME-EUR

1

Replace

Sales Offices (1)

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 Keep 2 00 3 : Th e O CME-MEX ff icial Guid e by Steve Kaplan et al. Cisco Catalyst 3508XLCME Corp 1 McGr aw -Hill © 2003 (724 pages) EN

ISBN:0072195665

Replace

CME-MEX (1)

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting 2 envir onment and Keep deploy Spare (2) Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e By reallocating the switches from the main site, CME has adequate hardware to deploy manageable on the desktop, and mor e.

switches to 38 of the 50 Sales Offices, and can provide a 3508 switch as a wiring closet aggregation < ?xm l version= encoding= " I SO1" ?> point and five" 1.0" 48-port switches for 8859the manufacturing plant floor at CME-MEX. Ta ble o f Con t en t s Citr ix MetaFr am e Access for Window s Ser v er 2003—The Official Guide Sales Office LAN Suite Hardware For ewor d

Sales Offices share a common set of attributes: Less than 48 users; no requirement for Gigabit I ntr oduction Ethernet, FEC, and LAN Pa r t I - Ov er vi e w or of GEC; Ente r pr ise aSesingle r ve r - Ba se d segment Com put inwith g

no need for Layer 3 switching. Based on equipment made available four and primary sites, CME I ntr oducing Serby verupgrading -Based Comthe puting th e OnDem and has 75 percent of the necessary Chapter 1 hardware for upgrading Enterpr ise the Sales Office on-hand. LAN requirements at CME-TNG are similar to a typical 2sales office. CME has decided Chapter - Window s Ter minal Ser vicesto stay with similar hardware for the remaining needs: 14 new Catalyst 2950G-24-EI switches (12 Sales Chapter 3 - Citr ix MetaFr am e Access Suite Offices, one for CME-TNG, one spare). Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

CME-MEXPrLAN Hardware epar ing Your Or ganization

Chapter 4

-

for an On- Dem and Enterpr ise

I mplem ent ation

CME-MEX -is Ser thever first "enterprise" LAN that requires a Layer 3 switching solution. The majority of the - Based Computing Data Center Architect ure 300 users are associated with the manufacturing floor and need only occasional LAN (or Citrix) Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing access; hence the reallocation of switches from CME Corp meets the requirements. Host connectivity Chapter 7 - The Client Envir onment requirements are Chapter 5

Chapter 8

- Security

Chapter 9 - NetEthernet w or k Managemen t 10/100MB (Plant Floor), 210 distributed connections, isolated from the Pa r t I administrative/server I I - I m ple m ent ing a n O n-D e m a nd Se rby ve access r - Ba se dlists Com(Layer pu ti ng 3) Envi r onm e nt LAN segment

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

10/100MB (Administrative/Servers), 135 centralized connections, isolated from the Plant Chapter 11 - SerEthernet ver Configur ation: Windows Ter m inal Serv ices Floor by access lists 3) e Presentation Ser ver Chapter 12 LAN - Sersegment ver Configur ation: Citr ix (Layer MetaFr am Chapter 13 - Application I nstallation and Configur at ion

10/100MB Ethernet (Uplink to WAN equipment), five centralized connections, isolated by access

Chapter 14(Layer - Client lists 3) Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Gigabit to 3508XL-EN switch), one connection Chapter 16 - Ethernet Securing (Downlink Client Access Chapter 17 - Net wor k Configur at ion

Table 17-5 summarizes the additional LAN hardware needed for CME-MEX.

Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Table 17-5: CME-MEX LAN Hardware

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr the Ser v er - Based Com puting LAN Hardware Purposeation ofDescription Chapter 21 Envir onment Pa rCisco t I V - Catalyst Appendi x es

LAN Core

Cisco 4507 7-slot Chassis, redundant power supplies, (2) Catalyst Supervisor 4 with Enhanced Layer 3 IOS software, (3) 48-port 10/100/100 Ethernet Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Modelmodules 4507 System Appendix A - I nter netw or k ing Basics

Appendix C - Creating Distribution an On- Dem and Enterpr ise Subscr iption Billing(Excess Model form CME Corp), (1) Cisco Catalyst Cisco 3508-XL-EN Chassis I ndex 3508 System 1000BaseTX GBIC, (5) 1000BaseSX GBIC List of Figur es

Cisco Catalyst 3550 System

List of Tables

List of Case Studies

Plant Access

(5) Cisco 3550-48-SMI Chassis (Excess from CME Corp), (5) 1000BaseSX GBIC

List of Sidebars

CME-EUR LAN Hardware CME-EUR is similar to CME-MEX in scope, but does not currently require a Layer 3 switching solution. To maintain consistency of hardware and position CME-EUR for future Layer 3 initiatives, the site will be built as Layer 3 from the beginning. The 200 users are associated with management and administration of the European Region sales force, as well as limited engineering functions. Host connectivity requirements are

10/100MB Ethernet (Administrative/Servers), 212 centralized connections, isolated by access lists (Layer 3) Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

2 00 3 : Th e O ff icial Guidequipment), e 10/100MB Ethernet (Uplink to WAN five centralized connections, isolated by access ISBN:0072195665 by Steve Kaplan et al. lists (Layer 3) McGr aw -Hill © 2003 (724 pages)

Table 17-6 summarizes theexLAN hardware needed for CME-EUR. This guide plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also Table 17-6: CME-EUR LAN Hardware

learn t o centr alize application managem ent, r educe soft w ar e

desktop, andDescription mor e. LAN Hardwareon thePurpose < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Cisco Catalyst LAN Cisco 4507 7-slot Chassis, redundant power supplies, (2) Ta ble o f Con t en t s

4507 System

Supervisor 4 with Enhanced Layer 3 IOS software, (5) 48port 10/100/100 Ethernet modules

Core

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

CME-WEST LAN Hardware

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

-

Chapter 4

-

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Enterpr ise is similar to CME-EUR in its day-to-day role, but the site's scope as the CME The CME-WEST LAN Chapter 2 Recovery - Window s TerSite" minalrequires Ser vicesbasic additional capacity, as well as the ability to incrementally Disaster "Hot Chapter - Citr ixThe MetaFr e Access Suite expand3services. 200amusers are associated with management and administration of the West Pa r t I I - De signiforce ng a nand Ent have e rpr i se SBC Solut ion Region sales limited engineering functions. Host connectivity requirements are Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

I mplem ent ation 10/100MB Ethernet (Administrative), 217 centralized connections, isolated by access lists (Layer Chapter 3) 5 - Ser ver - Based Computing Data Center Architect ure

10/100- Ethernet (Servers), four centralized connections, isolated by access lists (Layer 3) (for site The Client Envir onment support servers (domain controller, DNS, and so on))

Chapter 7 Chapter 8

- Security

Chapter 9 - Ethernet Net w or k (Servers), Managemen16 t centralized connections, isolated by access lists (Layer 3) (for Gigabit Pa r t I stand-by I I - I m pleservers m ent ingina n O n-D e mfarm, a nd Sedomain r ve r - Ba controllers, se d Com pu tiand ng Envi r onm e nt the Citrix data storage

and archive subsystems

Chapter 10 - to Pr oj ect Managing andCorp Deploying an Enter pr ise SBC Envir onment needed reconstitute CME servers) Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Gigabit (Disaster Recovery) Chapter 12 - Ethernet Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Ten centralized connections for stackable switches during disaster recovery

Chapter 14 - Client Configur ation and Deploym ent

Chapter 15 Sixteen - Pr ofiles, Policies, connections and Pr ocedu res centralized for reconstituted servers during disaster recovery Chapter 16 - Securing Client Access

10/100 24 centralized connections for reconstituted servers and Chapter 17 - Ethernet Net wor k (Disaster Configur atRecovery), ion peripherals disaster recover Chapter 18 - Pr intduring in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

10/100 Eth10/100 Ethernet (Servers), four centralized connections, isolated by access lists (Layer

Chapter 20 -site Migr ation toservers Window(domain s 2003 and Citr ix MetaFrame 3) (for support controller, DNS, andXP so on) Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 Envir onment(Uplink to WAN equipment), five centralized connections, isolated by access 10/100MB Ethernet Pa r t I lists V - Appendi (Layer x3)es

Appendix A - I nter netw or k ing Basics

Table 17-7 the Dem LANand hardware for CME-EUR. Appendix B - summarizes Creating an OnEnterpr needed ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Table 17-7: CME-WEST LAN Hardware I ndex ListLAN of Figur es

Purpose

Description

LAN Core

Cisco 6513 13-slot Chassis, Redundant power supplies, (2) Supervisor 720 with Enhanced Layer 3 IOS software, (6) 48port 10/100/100 Ethernet modules, (2) 16-Port Gigabit Ethernet (TX) modules, (1) 16-port Gigabit Ethernet (GBIC) module, (10) multimode fiber-optic GBIC modules

ListHardware of Tables List of Case Studies ListCisco of Sidebars

Catalyst 6513 System

CME Corp LAN Hardware

CME Corp, as the Enterprise core, requires significantly more resources than any other site. Requirements unique to CME Corp include the following. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

Redundant Core 2using for servers, 1000BaseSX for infrastructure equipment such as 00 3 : 1000BaseTX Th e O ff icial Guid e distribution switches, and 10/100/1000BaseTX for other peripherals and low-load servers: ISBN:0072195665 by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

Gigabit Ethernet (1000BaseTX)

This guide ex plains how to build a r obust, reliable, and

scalable thin- client com puting envir onment and deploy(34 per core switch) Sixty-eight production Citrix MetaFrame server connection

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e Eight dual-gigabit Ethernet connections (16 ports, eight ports/four servers per core) for on the desktop, and mor e.

special purpose production Citrix MetaFrame servers (high-bandwidth applications)

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con Six t en test/development ts Citrix MetaFrame server connections (three per core) for application

test development Citr ix MetaFr am and e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

Twenty connections for infrastructure servers (domain controllers, print servers, mainframe, and so on)

I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 Ten - dual-gigabit Ethernet connections (20 ports, ten ports/five servers per core) for special Enterpr ise Chapter 2

purpose high-load servers like Oracle, Microsoft Exchange, Microsoft SQL, profile/home - Window s Ter minal Ser vices directory file servers, and backup servers

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I Gigabit I - De signi ng a n Ent e rpr i se SBC Solut ion Ethernet (1000BaseSX)

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Chapter 4

Twenty connections I mplem ent ation to Campus distribution layer concentration points (two per campus switch, two uplinks to the private two uplinks to the VPN WAN/Internet) Chapter 5 - Ser ver - Based Computing Data WAN, Center and Architect ure Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

10/100/1000BaseTX Ethernet

Chapter 8 Up - Security to 48 connections per core switch for load servers and peripherals, to include Chapter 9 compatibility - Net w or k Managemen with 10MBt Ethernet devices Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Private10 WAN Interconnect Switch: Chapter - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Four 1000BaseSX connections and two 10/100/1000BaseTX connections.

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion VPN WAN/Internet Interconnect Switch (DMZ Distribution Switch): Chapter 14 - Client Configur ation and Deploym ent

Gigabit (1000BaseTX)) Chapter 15 - Ethernet Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access

Four dedicated connections for firewall interconnects

Chapter 17 - Net wor k Configur at ion

Chapter 18 - Ethernet Pr int in g (1000BaseSX) Gigabit Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

connections for links to the DMZ aggregation switch, routers, Core switches, Chapter 20 Eight - Migr ation to Window s 2003 andACCESS Citr ix MetaFrame XP andOngoing PacketShaper Administr ation of the Ser v er - Based Com puting

Chapter 21 -

Envir onment

10/100/1000BaseTX Ethernet

Pa r t I V - Appendi x es

Appendix A Up - Ito nter or k ing Basics 48netw connections for a firewall and DMZ servers Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Intrusion Detection Appendix C - Creating an Module On- Dem and Enterpr ise Subscr iption Billing Model I ndex

Content Services Module

List of Figur es

List of Tables Campus Distribution Switches (eight required): List of Case Studies

to 288 10/100/100 Ethernet connections per chassis for each of eight building concentration List ofUp Sidebars points A minimum of four gigabit fiber-optic uplinks per chassis to build backbone connectivity Wireless LAN access switches for each campus building, as summarized in Table 17-8. Table 17-8: CME Corp LAN Hardware

LAN Hardware Cisco Catalyst 3550-12G System

Purpose

Quantity

Description

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e Access O ff icial Guid e3 OUTSIDE Cisco 3550-12G, Enhanced Layer 3 by SteveACCESS Kaplan et al. Switch, IOS, (2)ISBN:0072195665 1000BaseTX ports, (10) Gigabit McGr aw -Hill © 2003 (724 pages) DMZ, Access Switch, Interface Converter (GBIC) slots; (3)

Spare Access Switch 1000BaseSX This guide ex plains how to build a r obust, reliable, and Multimode fiber-optic scalable thin- client com puting envir onment andmodules deploy GBIC Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

learn tDistribution o centr alize application r educe soft w ar e 6-Slot Chassis; Cisco DMZ 1 managem ent, Cisco Catalyst 6506 on the desktop, and mor e. Catalyst Switch redundant power supply; (2) 6506 Supervisor2/MSFC2 with Enhanced < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> System Layer 3 IOS; (1) 16-Port Gigabit Ta ble o f Con t en t s Ethernet Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official(GBIC) Guide module; (1) intrusion detection system (IDS) module; (1) For ewor d Content Switching Module; (1) 48-Port I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g 10/100/1000 (TX) Module; (8) 1000BaseSX Multimode fiber-optic I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 GBIC modules, (4) 1000BaseTX GBIC Enterpr ise modules Chapter 2 - Window s Ter minal Ser vices Chapter Cisco3

- Citr ixLAN MetaFr am(A e Access Core & B) Suite 2

Cisco Catalyst 6513 13-slot Chassis; Redundant Power Supply; (2) Catalyst Enterpr ise 6513 4 - Pr epar ing Your Or ganization for an On- Dem and Supervisor 720 with Enhanced Layer 3 Chapter I mplem ent ation IOS software, 1GB DRAM, 64MB Flash; System Chapter 5 - Ser ver - Based Computing Data Center Architect (1)ure 2-port 10GB dCEF720 Switching Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing (5) 16-port (GBIC) Gigabit module; Chapter 7 - The Client Envir onment Ethernet dCEF256 Switching modules; Chapter 8 - Security (1) 48-port 10/100/100 CEF256 Chapter 9 - Net w or k Managemen t Ethernet module; (1) (65) multimode Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Comfiber-optic pu ti ng EnviGBIC r onm emodules; nt (2) singleChapter 10 - Pr oj ect Managing and Deploying an Enter pr ise mode SBC fiber-optic Envir onment modules Pa rCatalyst t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Cisco Distribution Switch 1 Cisco 4506 6-Solt Chassis; redundant Catalyst (Corp-A), Distribution power supply; (1) Supervisor 4 with Chapter 13 - Application I nstallation and Configur at ion 4506 Switch (Admin-A), Enhanced Layer 3 IOS; (1) 2-GBIC/ 32Chapter 14 - Client Configur ation and Deploym ent port 10/100 Ethernet module; (4) 48System Distribution Switch Chapter 15 - Pr ofiles, Policies, and Pr ocedu res port 10/100/100 Ethernet module; (3) (Admin-B), Chapter 16 - Securing Client Access 1000BaseSX GBIC Distribution Switch Chapter 17 - Net wor k Configur at ion (Sales-A), Chapter 18 - Pr intDistribution in g Switch Chapter 19 - Disaster (Eng-A), Recovery Distribution and Business Continuity in the SBC Envir onment Switch Chapter 20 - Migr ation to (Eng-B), Window s 2003 and Citr ix MetaFrame XP Distribution Switch Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 Envir(Eng-C) onment Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Pa r t I V - Appendi x es

Cisco Distribution Switch 1 Cisco 4506 6-Solt Chassis; redundant Catalyst (IT-A) power supply; (1) Supervisor 4 with Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model 4506 Enhanced Layer 3 IOS; (1) 2-GBIC/32Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model System port 10/100 Ethernet module; (3) 48I ndex port 10/100/100 Ethernet module; (4) List of Figur es 1000BaseSX GBIC Appendix A - I nter netw or k ing Basics

List of Tables ListCisco of Case StudiesWireless LAN ListCatalyst of Sidebars 3524 System

1

Access Switches

(5) Cisco 3524XL-EN-PWR, 24-port 10/100 Ethernet with power injection, (6) 1000BaseSX GBIC, (1) 1000BaseTX GBIC

CME Corp Wireless LAN Requirements The CME Corp Wireless LAN (WLAN) provides coverage for roaming users as well as on-demand

coverage for outside events on campus (the "Courtyard"). The initial deployment will be based on the 802.11b wireless standard (11.0 MBps/2.4 GHz). The radio equipment can be upgraded to the 17-9 summarizes the WLAN 802.11a standardCit torix provide up to MBps Su access 5 in GHz. Me t aFra m e54 Access it e foat r W do w Table s Ser ver hardware. The combination and low-gain directional antennas will be installed 2 00 3 : Th e of O ffomni-directional icial Guid e (based on a site survey) assureetcoverage throughout the campus while minimizing radiation beyond ISBN:0072195665 by StevetoKaplan al. the campus boundaries. McGr aw -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and

Table 17-9: CMEscalable Corp WLAN Hardware thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

LAN Hardwarelearn t o centrQuantity Description alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Cisco Aironet 1200

32

Cisco Aironet 1200-series Wireless Access

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Wireless Point configured for 802.11b Ta ble o f ConAccess t en t s Point CitrOmni ix MetaFr am e Access Suite for v er 2003—The Official Guide Antenna 20 Window s Ser Indoor Omni antenna For ewor d

Directional Antenna

I ntr oduction

12

Indoor/Outdoor Directional Diversity Patch antenna

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Enterpr ise Bandwidth Management Requirements

Chapter 2

- Window s Ter minal Ser vices For most WAN and segments of the VPN WAN network, CME designers Chapter 3 of- the CitrPrivate ix MetaFr am e network Access Suite

established requirements fori se advanced Pa r t I I - De signi ng a n Ent e rpr SBC Solutbandwidth ion

management, primarily to protect latency-sensitive traffic from burst, ill-behaved suchfor as an NetBIOS HTTP, Pr epar ing Your Ortraffic ganization On- Demover and IP, Enterpr ise and printing. Per-site hardware Chapter 4 listed in TableI mplem 17-10ent is ation based on the site bandwidth to be "shaped." Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter Table 17-10: 6 - Designing CME Bandwidth Your NetwManagement or k for Ser ver-Hardware Based Com put ing Chapter 7

- The Client Envir onment

Chapter 8

- Security

LAN Hardware

Purpose

Chapter 9 - Net w or k Managemen PacketShaper CME Corpt Private

Quantity

Description

1

PacketShaper 8500 with (1) two-port LAN Expansion Module (LEM) Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Pa r8500 t I I I -System I m ple m ent ing aWAN n O n-D e m a nd Se r ve r - Ba se d Com pu ti1000BaseSX ng Envi r onm e nt fiber-optic

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

PacketShaper 6500 System

CME Corp Internet

1

PacketShaper 6500 with (1) two-port 1000BaseSX fiber-optic LEM, licensed for 45MB shaping

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

PacketShaper CME-WEST Chapter 15 - Pr ofiles, Policies, and Pr ocedu res 1 6500 16 System Private WAN Chapter - Securing Client Access

PacketShaper 6500, licensed for 45MB shaping

Chapter 17 - Net wor k Configur at ion Private PacketShaper CME-MEX

2 PacketShaper 2500, licensed for WAN CME-EUR 10MB shaping Chapter 19 - Disaster Recovery Internetand Business Continuity in the SBC Envir onment Chapter - Pr int in g 2500 18 System

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

PacketShaper

Private WAN Sites

30

PacketShaper 1550, licensed for

Ongoing Administr ation of the Ser v er - Based Com puting Chapter 2MB shaping 1550 21 System Envir onment Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

Primary Internet Connection (CME Corp)

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

CME depends heavily on its Internet upstream to deliver VPN WAN connectivity (IPSec), Roaming

I ndex Client Access (VPN and Citrix), MSAM Access for key suppliers, and to allow public access to the CME List of site. FigurAlthough es web these are considered the critical requirements, the majority of all outbound Internet List of Tables access is provided through these same connections and competes for throughput. The upstream ISPs List of Case Studies that router-based QoS values such as IP Precedence or DSCP will be honored, so a cannot guarantee List of Sidebars Packeteer is essential.

Private WAN Bandwidth management of the Private WAN encompasses both the CME Corp side and the remote site side of each virtual connection. The aggregate number of sites to be managed and monitored requires a solution that is both standardized and centrally managed.

Remote Sites All remote sites funnel through CME Corp for all services. To ensure traffic is policed to protect Citrix and other critical traffic flows, remote sites will use low-end Packeteer units as part of a distributed bandwidth solution.Su it e fo r W in do w s Ser ver Cit rixmanagement Me t aFra m e Access 2 00 3 : Th e O ff icial Guid e

CME-TNG CME-TNG has far more bandwidth than the assigned staff will need. As this is not a ISBN:0072195665 by Steve Kaplan et al. production site, bandwidth management is desirable, not mandatory. Extensive application-level McGr aw -Hill © 2003 (724 pages) identification and control is not required, so management will be exercised via QoS features on the link This guide ex plains how to build a r obust, reliable, and routers. scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

CME Corp From learn the network core application looking outmanagem to the remote Private WAN t o centr alize ent, r educe soft w ar esites, 31 separate locations must be managed. virtually parameters. A central unit capable of 30-plus individual on All thehave desktop, and identical mor e. partitions is required.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

CME-WEST

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d CME-WEST bandwidth management is participative with the main unit on the CME Corp Private WAN I ntr oduction During normal business hours, preferential treatment is given to latency-intolerant traffic connection. Pa r t I - and Ov erH.323 vi e w ofVideo Ente r pr ise Se r ve r - Ba se d(VTC)). Com put After in g (Citrix Teleconferencing

hours, priority is given to bulk data replication

I ntr oducing ver -Based Com puting th e On- Dem from the core toSer ensure data archives at and CME-WEST areand current enough to reconstitute Chapter 1 network Enterpr ise is no current requirement to manage bandwidth utilization over the Internet CME's business. There Chapter 2 - however, Window s Ter minal Ser vices connection; in the event of a catastrophe at CME Corp, the CME-WEST Internet pipe would Chapter 3 the - lifeline Citr ix MetaFr am e Access Suite become for CME-EUR and CME-WEST Sales Offices and would require bandwidth Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion management.

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

mplemCME-EUR ent ation CME-MEXI and

Chapter 5

- Ser ver - Based Computing Data Center Architect ure Bandwidth forNetw bothorsites somewhat ining scope. The primary concern is to ensure Chapter 6 -management Designing Your k forisSer ver- Basedlimited Com put

the limited set of Client authorized outbound Internet users do not degrade performance of traffic destined Chapter 7 - The Envir onment for the 8network core via the VPN tunnel. Traffic must be managed behind the firewall. Chapter - Security Chapter 9

- Net w or k Managemen t

Network Security Requirements

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter Security 11 -Concepts Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

CME's 13 fundamental security concept is Configur one of layered security and least-privilege. Default security Chapter - Application I nstallation and at ion

levels have been assigned to ensure all firewalls offer equivalent protection, and a precise written security plan details what traffic may or may not enter (or exit) at any given level of the security model. Chapter 15 - Pr ofiles, Policies, and Pr ocedu res (See Figure 17-1.) Chapter 14 - Client Configur ation and Deploym ent Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Figure 17-1: The layered security hierarchy

With the large number of security devices (firewalls, IDS, VPN Concentrator) deployed in the Enterprise, a single source management system was needed to maintain the secure environment, track configuration andmmonitor and events. CME selected Citchanges, rix Me t aFra e Access Surespond it e fo r Wto insecurity-related do w s Ser ver Cisco's CiscoWorks Management Solution (VMS) with additional Cisco Security Agents 2 00VPN/Security 3 : Th e O ff icial Guid e (CSA) for host-based IDS Kaplan on exposed will be deployed at both locations ISBN:0072195665 by Steve et al. servers. Mirror image systems with all configuration changes deployed from the CME Corp management suite. CiscoWorks VMS will McGr aw -Hill © 2003 (724 pages) manage all security devices, including the embedded IDS module in the DMZ Distribution switch. This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy

Intrusion Detection for the 2000/ Private WAN segment monitored byam a e. Cisco Windows Windows 2003 Seris v er and MetaFr Also 4235 IDS Sensor appliance learn t o centr VMS alize application managem ent, r educe soft w ar e managed by the CiscoWorks suite. on the desktop, and mor e.

Finally, to ensure security on network devices, authenticate VPN and RAS user identity, and enforce < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> security and authentication on wireless segments, CME will deploy a redundant pair of RADIUS Ta ble o f Con t en t s servers using Cisco Secure Access Control Server (CSACS) at CME Corp, with a tertiary unit at CMECitr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide WEST. Table 17-11 identifies the components of the security management solution. For ewor d

I ntr oduction

Table 17-11: Security Management Hardware/Software

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Security -Software I ntr oducing Ser ver -Based Quantity Com puting Description and th e On- Dem and

Chapter 1

Enterpr ise

CiscoWorks VMS s Ter minal Ser 2 vices Chapter 2 - Window

CiscoWorks VMS (Unrestricted)

Chapter - Citr ix MetaFr am e Access Cisco3Security Agent 1 Suite

25-Agent Bundle

Pa r(Server) t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Chapter 4

Cisco Secure Access 3 CSACS, primary and redundant for CME Corp, I mplem ent ation Control Server backup for CME-WEST Chapter 5 - Ser ver - Based Computing Data Center Architect ure Chapter 6

Designing Your Netw or k for Ser ver- Based Com put ing Cisco IDS- Sensor 1 Cisco 4235 IDS Sensor

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Network Infrastructure Management Requirements

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Management of the network infrastructure encompasses a primary NMS site at CME Corp and a secondary, albeit limited, NMS capability at CME-WEST as a backup. For seamless interoperability, Chapter 12 use - Ser ver Configur ation: Citrspecifically ix MetaFr amCiscoWorks e Presentation SerManagement ver CME will CiscoWorks products, LAN Solution (LMS) for the Chapter 13 Application I nstallation and Configur at ion corporate campus, CiscoWorks Routed WAN Management Solution for maintaining the status and Chapter Client Configur ation and Deploym ent state of14 the- Private WAN network, and CiscoWorks Wireless LAN Solutions Engine to manage the Chapter 15 Pr ofiles, Policies, and Pr ocedu res corporate WLAN segment. To control PacketShaper configurations and monitor the status of Chapter 16 bandwidth, - Securing Client Access enterprise CME will use Packeteer's PolicyCenter and ReportCenter products. The CiscoWorks management Chapter 17 - network Net wor k Configur at ion solution components listed in Table 17-12 share a common interface security management products discussed previously. Chapter 18 with - Prthe int in g Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Table 17-12: Infrastructure Management Chapter 20 - Migr ation to Window s 2003 and Hardware/Software Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 -Software Security Quantity Description Envir onment Pa rCiscoWorks t I V - Appendi x es LMS

1

LAN Management Solution

Appendix A - I nter netw or k ing Basics

CiscoWorks RWAN an On- Dem2 and Enterpr ise Routed WAN Management Appendix B - Creating Financial Analysis Model Appendix C - Creating Subscr iption Billing Model CiscoWorks WLSE an On- Dem1 and Enterpr ise Wireless LAN Management I ndex

Packeteer PolicyCenter

List of Figur es

ListPacketeer of Tables ReportCenter List of Case Studies

1

Centralized management of Packeteer devices

1

Centralized reporting and analysis

List of Sidebars

Network Naming, Addressing, and Routing Requirements The Host Naming Scheme After extensive discussions and arguments, CME elected to use a host naming system that met most of their design requirements: short, self-documenting, and extensible. The most complex issue, how to easily differentiate between the 1760 router in Athens, GR, and the one in Athens, GA was resolved by

basing the site name on the International Airline Travel Association (IATA) three-letter code for the major airport. Greece becomes "HEW," and Georgia becomes "AHN." Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

Figure 17-2 shows a partial breakdown of the naming conventions. 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 2

- Window s Ter minal Ser vices Figure CME naming Chapter 3 - 17-2: Citr ix The MetaFr am host e Access Suitescheme (partial) Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 The Addressing Scheme I mplem ent ation Chapter 5

- Ser ver - Based Computing Data Center Architect ure

CME's Internal IP addressing scheme uses the ranges specified by RFC 1918, Address Allocation for - Designing Your Netw or k for Ser ver- Based Com put ing Private Internets, and was designed to ensure adequate capacity for growth in terms of additional main Chapter 7 - The Client Envir onment corporate campus infrastructure and users, expansion of existing primary sites, and addition of more Chapter 8 - Security sales offices on demand. More importantly, the design was intended to be generally hierarchical to Chapter 9 - Net w or k Managemen t allow summarization of routing information at key points such as the DMZ distribution switch and the Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Private WAN distribution router. Chapter 6

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

The sample scheme shown inTer Table does not include details on how addresses Chapter 11 - of Serthe ver overall Configur ation: Windows m inal17-13 Serv ices are assigned within each LAN segment subnetam (DHCP ranges versus Chapter 12 - Ser ver Configur ation: Citr ix MetaFr e Presentation Ser ver static address range or standardized ranges forI specific equipment within the static range). Chapter 13 - Application nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Table 17-13: Network Chapter 15 - PrInternal ofiles, Policies, andAddressing Pr ocedu res Scheme (Partial) Chapter 16 - Securing Client Access SUBNET MASK USE

SUBNET

MASK

USE

10.2.1.0

/24

Point-to-Point

Chapter 17 - Net wor k Configur at ion

10.0.0.0 Chapter 18 - Pr int in/8 g

CME Master RFC

1918 Chapter 19 - Disaster Recovery and Address Business Continuity in the SBC Envir onment Links to CMESpace Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP 10.1.0.0 Chapter 21 -

Ongoing ation of the Ser v er - Based Com puting /16Administr CME-CORP 10.2.1.0 Envir onment

CORP LAN

/30

ORD-SCO-A to ORD-SCO-B

/30

Servers Core-Aise Financial Analysis Model Appendix B - Creating an On- Dem and Enterpr

ORD-SCO-A to ORD-SDMZ-A

Appendix C - Creating and Enterpr ise Subscr iption Billing Model 10.1.1.0 /24an On- Dem CME-CORP 10.2.1.8 /30 I ndex Servers Core-B

ORD-SCO-B to ORD-SDMZ-A

Pa r t I V - Appendi x es

Address Space

10.1.0.0 /24 or k ing CME-CORP Appendix A - I nter netw Basics

List of Figur es

10.2.1.4

10.2.1.12

List of Tables

/30

List of Case Studies List of Sidebars

ORD-SCO-A to Future ORD-SDI?

10.1.32.0

/24

CME-CORP LAN CORP

{--------------------------Sequence Continues-------------------------}

10.1.33.0

/24

RESERVED LAN CORP Growth

10.2.1.28

10.1.34.0

/24

CME-CORP LAN ADM

/30

10.1.35.0

/24

CME-CORP LAN ADM

10.2.1.32

/30

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver /243 : Th e ORESERVED 10.2.1.36 2 00 ff icial Guid eLAN

10.1.36.0

ADMetGrowth by Steve Kaplan al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

{--------------------------Sequence Continues----10.2.1.40 This guide ex plains how to build a r obust, reliable, and ---------------------}

ORD-SCO-A to ORD-SDI-A ORD-SCO-A to ORD-SDI-B ORD-SCO-A to ORD-SDI-C

scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 and MetaFr am e. Also /24 CME-CORP LAN Ser v er {--------------------------Sequence Continues--learn t o centr alize application managem ent, r educe soft w ar e IT -----------------------} on the desktop, and mor e.

10.1.44.0

10.1.45.0 /24 LAN < ?xm l version= " 1.0" encoding= "RESERVED I SO- 8859- 1" ?> IT Growth Ta ble o f Con t en t s

10.2.1.62

/30

ORD-SCO-A to ORD-SDI-?

Citr10.1.46.0 ix MetaFr am e Access Window s Ser v er 2003—The Official Guide /24 Suite for RESERVED LAN For ewor d I ntr oduction

Growth

Pa r10.1.47.0 t I - Ov er vi e w of /24 Ente r pr ise RESERVED Se r ve r - Ba se dLAN Com put in10.2.1.64 g

Chapter 1

/30 Growth I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise 10.2.1.68 /30

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

CME-CORP Pa r10.2.0.0 t I I - De signi ng a/24 n Ent e rpr i se SBC Solut ion

10.2.1.72

/30

Chapter 4

Point-to-Point Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation Links

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

10.2.0.0

Chapter 7

/24

Point-to-Point Links to Private - The Client Envir onment WAN

- Security 10.2.0.0 /30 ORD-SCO-A to Chapter 9 - Net w or k Managemen t

ORD-SCO-B to ORD-SDI-A ORD-SCO-B to ORD-SDI-B ORD-SCO-B to ORD-SDI-C

{--------------------------Sequence Continues-------------------------}

Chapter 8

10.2.1.92

/30

ORD-SDI-I Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

ORD-SCO-B to ORD-SDI-?

Chapter 10 - Pr oj ect/30 ManagingORD-SCO-B and Deployingtoan Enter pr ise SBC Envir onment 10.2.0.4 Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices ORD-SDI-I Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

10.2.0.8

/29

ORD-SDI-I to ORD-RPVT-A

10.101.0.0

/16

CME PrivateWAN-Connected Sites LAN

10.101.0.0

/22

CME-WEST LAN

/22

Future Primary Site LAN

/22

Future Primary Site LAN

ORD-RPVT-A to 10.101.12.0 /22 Private WAN Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model Sales Site

Future Primary Site LAN

Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 10.2.0.16 16 - Securing /30 Client Access ORD-RPVT-A to Chapter 17 - Net wor k ConfigurORD-RTNG-A at ion Chapter 18 - Pr int in g

10.2.0.20

/30

ORD-RPVT-A to 10.101.4.0 Private WAN Chapter 20 - Migr ation to Window s 2003 Sales Site and Citr ix MetaFrame XP

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

{---------------------------Sequence Envir onment Continues---Pa r---------------------} t I V - Appendi x es

10.101.8.0

Appendix A - I nter netw or k ing Basics

10.2.0.252

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model I ndex List of Figur es

10.101.32.0

/24

ORD-TNG LAN

List of Tables

10.101.33.0

/24

CME Private WAN Sales Office LAN

List of Case Studies List of Sidebars

SUBNET

MASK

USE

{--------------------------Sequence Continues-------------------------}

10.201.0.0

/16

CME VPN-WANConnected Sites LAN

10.101.255.0

/24

CME Private WAN Sales Office LAN

10.201.0.0

/22

10.201.4.0

CME-EUR LAN

/22 CME-MEX LANSu it e fo r W in do w s Ser ver Cit rix Me t aFra m e Access 2 00 3 : Th e O ff icial Guid e

10.201.8.0

/22

Future Primary

by Steve Kaplan et al. Site LAN McGr aw -Hill © 2003 (724 pages)

10.201.12.0 10.201.32.0

ISBN:0072195665

/22guide exFuture Primary This plains how to build a r obust, reliable, and scalable thin-Site client LAN com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also /24 t o centrCME WAN managem ent, r educe soft w ar e learn alize VPN application on the desktop, andOffice mor e.LAN Sales

< ?xm l version= " 1.0" encoding= "CME I SO- 8859?> 10.201.33.0 /24 VPN 1" WAN Ta ble o f Con t en t s Sales Office LAN Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Continues--------------------------------} For{-------------------Sequence ewor d I ntr10.201.255.0 oduction

/24

CME VPN WAN

Pa r t I - Ov er vi e w of Ente r pr ise Sales Se r ve rOffice - Ba se dLAN Com put in g

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 2 - Window s Ter minal Ser vices 10.254.0.0 /16 CME-CORP DMZ Chapter 3 - Citr ix MetaFr am eAddress Access Suite Space Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

10.254.0.0

Chapter 4

-

/24

CME-CORP

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation PUBLIC DMZ

Chapter 5 - Ser ver/22 - Based Computing Data Center Architect ure 10.254.1.0 CME-CORP Chapter 6

- Designing Your Netw or k forPUBLIC Ser ver- Based Com put ing SECURE

Chapter 7

- The Client Envir onment DMZ

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

10.254.4.0

/22

CME-CORP ACCESS DMZ

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect/24 ManagingCME-CORP and Deploying an Enter pr ise SBC Envir onment 10.254.4.0 ACCESS-DMZ Chapter 11 - Ser ver Configur ation: Interconnect Windows(ICF) Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

10.254.5.0

/24

CME-CORP ACCESS DMZ CORP WLAN Pool

Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

10.254.6.0 /24Policies, CME-CORP ACCESS DMZ ALT Chapter 15 - Pr ofiles, and Pr ocedu res WLAN Pool Chapter 16 - Securing Client Access Chapter 17 - Net wor k ConfigurCME-CORP at ion 10.254.7.0 /24 Chapter 18 - Pr int in g

ACCESS DMZ

Chapter 19 - Disaster Recovery andPool Business Continuity in the SBC Envir onment RAS Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

10.254.8.0 Ongoing /23Administr CME-CORP ation of the Ser v er - Based Com puting SECURE Envir onment ACCESS DMZ Pa r t I V - Appendi x es Chapter 21 -

Appendix A - I nter netw Basics 10.254.8.0 /24 or k ing CME-CORP Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model SECURE Appendix C - Creating an On- Dem and Enterpr ACCESS DMZ ise Subscr iption Billing Model

ICF

I ndex List of Figur es

10.254.9.0

List of Tables

List of Case Studies

/24

CME-CORP SECURE ACCESS DMZ VPN Pools

List of Sidebars

Public (Internet routable) IP addresses are from CME's registered block of addresses. For the purposes of the case study, CME owns 20.20.20.0/22 (20.20.20.0 to 20.20.23.254). The range 20.20.20.0/23 (20.20.20.0 to 20.20.21.254) is assigned to CME Corp, and dynamically routed via two different upstream service providers. 20.20.22.0/24 is assigned to CME-WEST for support of the disaster recovery site.

Routing Protocols and Methods

The complexity of the CME network mandates careful selection of routing protocols. Given that CME's internal and external (Internet) segments will never directly exchange routing information (due to RFC 1918 addressing Cit and constraints), Protocols (IGP) and Exterior rixsecurity Me t aFra m e Access separate Su it e fo rInterior W in doGateway w s Ser ver Gateway Protocols (EGP) 2 00 3 : Th eare O ffused. icial Guid e by Steve Kaplan et al.

ISBN:0072195665

Interior Networks Of the three logical choices for dynamic Interior Gateway Protocols (IGP), Interior McGr aw -Hill © 2003 (724 pages) Border Gateway Protocol (IBGP) was considered too complex and ill suited for the large number of This guide ex plains how to build a r obust, reliable, and small (/24 or smaller) networks. Further, the cost of resources to handle IBGP at Private WAN sites scalable thin- client com puting envir onment and deploy was prohibitive and redistributing IBGP routes IGP made little sense. Of the two remaining Windows 2000/ Windows 2003 into Ser vanother er and MetaFr am e. Also learn t oPath centrFirst alize(OSPF) application ent, r educeInterior soft w arGateway e options, Open Shortest andmanagem Cisco's Enhanced Routing Protocol the desktop, and mor e. (EIGRP), EIGRP on is more suited to a meshed network (like the CME Corporate Campus), and was the most appropriate with" I one exception: < ?xm l version= " 1.0" choice, encoding= SO- 88591" ?> the DMZ. CME will use their registered Autonomous System Number (ASN) from BGP for their EIGRP implementation, but for the sake of illustration, Ta ble o f Con t en t s configurations in the case study will use Cisco register (109). The exception to using Citr ix MetaFr am e Access Suite for Window s Ser v erSystems 2003—The OfficialASN Guide EIGRP as the IGP is in the DMZ: Internet routers, firewall OUTSIDE interfaces, and VPN For ewor d Concentrators will all run an instance of OSPF to meet the requirement that BGP can only announce I ntr oduction routes learned from an IGP. On the other side of the security boundary, the firewall, DMZ Distribution Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g Switch (6509), and VPN Concentrator will run a separate instance of OSPF to propagate DMZ routes I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 - network. The DMZ Distribution Switch will redistribute OSPF routes into the EIGRP to the internal Enterpr ise process. Chapter 2 - Window s Ter minal Ser vices Chapter 3

- Citr ix MetaFr am e Access Suite Exterior Networks The registered ASN does dual-duty: the registration process is mandatory for use with Exterior Border Gateway Protocol (EBGP) (the Internet routing protocol) to ensure interoperability Pr epar ing Your Or ganization for an On- Dem and Enterpr ise with different Chapter 4 - ISP upstream providers and allow local copies of the full Internet Routing Table to be I mplem ent ation maintained; the same ASN is used for EIGRP, even though the EIGRP ASN is never exposed outside Chapter 5 - Ser ver - Based Computing Data Center Architect ure the private network. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Network Configuration 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve software, Kaplan et and al. concepts defined, implementation With all of the hardware, can proceed. Planners at CME McGr aw © 2003 interdependent (724 pages) developed at timeline to -Hill schedule tasks, such as site cutovers and equipment reallocations. following configuration examples arehow nottointended be all-inclusive; This guide ex plains build a rto obust, reliable, and many of the basic steps are omitted to scalable client com puting envirand onment and deploy on those germane to the thinEnterprise infrastructure MetaFrame support.

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Private WAN Sites (CORP Sales)

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Private WAN Sales Offices (connected directly to CME Corp) all share common configurations. The CME-TN Ta ble o f Con t en t s

configuration is similar, but with bandwidth management provided by the site router. Figures 17-3 and 17-4 d the basic configuration for these sites.

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Figure- 17-3: Typical Private WAN site network Security

Chapter 8 Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - 17-4: Net wor k Configur at ionsite network Figure The CME-TNG Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Router Chapter 20 Configuration - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 - router configuration employs a single 768KB (CIR) frame relay PVC carried over a physical T1 The standard Envir onment

loop while the CME-TNG site uses an ATM VC over DSL. The two configurations are similar:

Pa r t I V - Appendi x es

Appendix A settings - I nter netw k ing Basics Basic for aorPrivate WAN frame relay connection (ATL-RPVT-A) Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

settingsan On- Dem and Enterpr ise Subscr iption Billing Model Appendix CLAN - Creating I ndex List of Figurinterface es FastEthernet0 List of Tablesdescription Atlanta LAN

ip address 10.200.33.1 255.255.255.128 List of Case Studies speed 100 List of Sidebars full-duplex

WAN settings interface Serial0/0 description T1 Circuit ID 99ABGG243117

no ip address encapsulation frame-relay IETF no fair-queue Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver service-module t1 remote-alarm-enable 2 00 3 : Th e O ff icial Guid e frame-relay lmi-type ISBN:0072195665 by Steve Kaplan et al. cisco McGr aw -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and

Frame relay PVC (subinterface) scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t oSerial0/0.16 centr alize application managem ent, r educe soft w ar e interface point-to-point on the desktop, and mor e. description Uplink To CME-RPVT-A < ?xm l version= bandwidth " 1.0" encoding= 768" I SO- 8859- 1" ?> Ta ble o f Con ip t en taddress s 10.2.0.22 255.255.255.252 Citr ix MetaFr frame-relay am e Access Suite interface-dlci for Window s Ser v er 16 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Chapter 1

Routing I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 2 router - Windoweigrp s Ter minal 109Ser vices

auto-summary Chapter 3 no - Citr ix MetaFr am e Access Suite log-neighbor-changes Pa r t I I - Deno signieigrp ng a n Ent e rpr i se SBC Solut ion Chapter 4 Chapter 5

network 10.0.2.20 0.0.0.3 Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation network 10.101.33.0 0.0.0.255 - Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing Basic for aEnvir Private WAN ATM/DSL connection (ORD-RPVT-TNG-A) Chapter 7 settings - The Client onment Chapter 8 Chapter 9

- Security LAN settings - Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

interface FastEthernet0 description CME-TNG LAN 11 - Ser ver Configur ation: Windows Ter m inal Serv ices ip address 10.200.32.1 255.255.255.128 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver speed 100 13 full-duplex - Application I nstallation and Configur at ion 14 service-policy - Client Configur ation and Deploym ent input CITRIX-LAN

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter Chapter Chapter Chapter

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 WAN - Netsettings wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 interface - Disaster Recovery ATM0 and Business Continuity in the SBC Envir onment

Uplink toand CME-RPVT-A Chapter 20 description - Migr ation to Window s 2003 Citr ix MetaFrame XP bandwidth 800 ation of the Ser v er - Based Com puting Ongoing Administr onment 10.2.0.18 255.255.255.252 ipEnvir address Pa r t I V - Appendi es atm xvc-per-vp 256 Appendix A no - I nter atm netw ilmi-keepalive or k ing Basics 0/32an On- Dem and Enterpr ise Financial Analysis Model Appendix B pvc - Creating ip Dem 10.2.0.17 Appendix C - protocol Creating an Onand Enterpr ise Subscr iption Billing Model vbr-nrt 800 800 16 I ndex List of Figur es oam-pvc manage List of Tables encapsulation aal5snap Chapter 21 -

List of Case Studies List of Sidebars

Traffic management dsl operating-mode auto service-policy output LLQ hold-queue 224 in

Bandwidth Management The Private WANCit site simplistic: guarantee bandwidth for serv rixbandwidth Me t aFra mmanagement e Access Su itparadigm e fo r W inis dothe w s most Ser ver based computing2and 00 3 :control Th e O other ff icial traffic. Guid e by Steve Kaplan et al.

ISBN:0072195665

Private WAN Sites (Frame Relay) Management of traffic flows across the Private WAN network is controlle McGr aw -Hill © 2003 (724 pages) PacketShaper units at each end of each link. A typical site configuration, shown in Figure 17-5, accomplishe This guide ex plains how to build a r obust, reliable, and following: scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

Guarantees essential throughput at high priority forent, video teleconferencing (VTC) sessions learn t o centr alize application managem r educe soft w ar e on the desktop, and mor e.

Guarantees a minimum bandwidth to every Citrix session, with priority access to additional bandwidth. A < ?xm l version= encoding= " I SO8859?> Packeteer, those that are known to require more initial bandwidt individual" 1.0" applications are visible to 1" the Ta ble o f Con t eninduce ts that may user perceptions of slowness (for instance, the screen display does not keep up with Citr ix keyboard MetaFr am einput) Access Suite for Window Ser v er 2003—The Official Guide can be given even smore granular preferential treatment with regard to bandwidth. For ewor d

A generic container for "Controlled Traffic" is created to constrain ill-behaved flows like HTTP to a reaso I ntr oduction Within certain Pa r t I amount - Ov er vi of e wbandwidth. of Ente r pr ise Se r vethat r - Bacontainer, se d Com put in g

applications have priority access to the constrained bandwidth. example: traffic toputing and from a Sales Office I ntrFor oducing Ser verFTP -Based Com and th e On- Dem anddirectly to the Internet is generally less Chapter 1 importantEnterpr than HTTP from the same site. ise Chapter 2

- Window s Ter minal Ser vices

A generic container for "Restricted Traffic" is created to control applications that are not considered "ess - Citr ix MetaFr am e Access Suite to business activities but are not expressly prohibited. Unacceptable traffic (Gnutella) as discarded I I - De signi ng a n Ent e rpr i se SBC Solut ion immediately.

Chapter 3 Pa r t

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - 17-5: ClientTypical Configur ation and Deploym ent settings Figure private WAN Packeteer Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

The Private WAN SiteClient (ATM/DSL) Chapter 16 - Securing Access As mentioned previously, the ATM/DSL connection to the CME-TNG site not require of PacketShaper-based bandwidth management, but it still needs at least some con Chapter 17 -the Netexpense wor k Configur at ion to assure for Citrix sessions. The router (ORD-RPVT-TNG-A) is configured using Cisco's Modu Chapter 18 performance - Pr int in g

Quality19 of Service (QoS) command-line interface (CLI)inorthe MQC. management command "service Chapter - Disaster Recovery and Business Continuity SBC The EnvirTraffic onment policy output LLQ" shown in the basic configuration is based on the following parameters:

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Ongoing Administr ation of the Ser v er - Based Com puting Define Chapter 21 -Citrix traffic by protocol (TCP port) Envir onment Pa r t I V - Appendi x es

access-list 101 permit Appendix A - I nter netw or k ing Basics tcp any any eq 1494 Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Classify Citrix entering from the LAN into a logical group

I ndex List of Figur es

class-map match-all ICA-LAN match access-group 101

List of Tables

List of Case Studies List of Sidebars

Mark traffic classified as "ICA-LAN" (above) for preferential treatment using IP precedence policy-map CITRIX-LAN class ICA-LAN set ip precedence 5 class class-default

set ip precedence 0 Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

Classify Citrix2 00 exiting to the WAN into a logical group 3 : Th e O ff icial Guid e

ISBN:0072195665

by Steve Kaplan et al.

class-map McGr match-all ICA-WAN aw -Hill © 2003 (724 pages) match ip precedence This guide ex plains5how to build a r obust, reliable, and class class-default scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and(queuing) mor e. Enforce preferential treatment for up to 384KB of Citrix traffic < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s policy-map LLQ Citr ix MetaFr am e ICA-WAN Access Suite for Window s Ser v er 2003—The Official Guide class For ewor d bandwidth 384

class class-default I ntr oduction Pa r t I - Ovfair-queue er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 2

- Window s Ter minal Ser vices VPN WAN Sites (CME-WEST Sales and CME-EUR Sales) - Citr ix MetaFr am e Access Suite

Chapter 3

Pa r t I I - De signi a n Ent e rprSales i se SBC Solutsites ion CME-EUR andng CME-MEX Office

rely on Internet connectivity for their VPN lifeline to CME Corp.

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise mentioned Chapter 4 -previously, the selection of a specific Internet router may not be an option due to host nation or IS I mplem ent ation

restrictions. The relatively low bandwidth also implies that the host nation ISP or circuit provider may not gua

Chapter - Ser ver of - Based Computing Datamanagement Center Architect ure service5in the form an SLA. Bandwidth is therefore not cost effective. To ensure a limited ab Chapter 6 failures, - Designing or kequipped for Ser verBased Com put ing cope with eachYour site Netw will be with a dial-up modem to allow remote terminal connectivity to t Chapter - The Client onment firewall7in the event of aEnvir failure or problem (CME Corp staff will direct connection of the modem to the firewa Chapter - Security console8 and reconfigure as required). Refer to Figure 17-6 for a graphic hardware layout of a typical site. Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Figure 17-6: A typical VPN WAN site network

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Firewall Configuration

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On-configuration Dem and Enterpr Analysis The standard firewall/VPN for ise all Financial CME-WEST and Model CME-EUR sites establishes a VPN tunnel b Appendix - Creatingaccess an On-to Dem Enterpr Subscr iption Billing Model disallowsC outbound theand Internet byise client PCs. The IPSec tunnel settings are a mirror image of the I ndex end-point on the ORD-FPUB-A (CME Corp) firewall. IP addresses used for the public segment are as assign

theofservicing List Figur es ISP. List of Tables

Basic settings for the HEW-FPUB-A (Athens) firewall:

List of Case Studies List of Sidebars

nameif ethernet0 OUTSIDE security 0 interface ethernet0 100Full ip address OUTSIDE 88.88.88.88 255.255.255.240

Define logical groups of objects to simplify configuration

object-group network CME-Servers object-group description CME Servers and NMS Accessible to VPN Sites network-object 10.1.0.0 255.255.254.0 Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver network-object 2 00 3 : Th e 10.1.45.0 O ff icial Guid e255.255.255.0 object-group network HEW-LAN ISBN:0072195665 by Steve Kaplan et al. object-group description CME-MEX LAN Subnets McGr aw -Hill © 2003 (724 pages) network-object 10.201.32.0 255.255.255.0 This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also Define what local learn traffic t o centr isalize allowed application to traverse managem the tunnels ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= access-list " 1.0" encoding= ORD-VPN " I SOpermit 8859- 1" ?> ip object-group HEW-LAN object-group CME-Servers Ta ble o f Con t en t s access-list VPN-NO-NAT permit object-group HEW-LAN object-group CME-Servers Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

Exempt site-to-site VPN traffic from the Network Address Translation (NAT) process I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

nat (inside) 0 Ser access-list I ntr oducing ver -Based ComVPN-NO-NAT puting and th e On- Dem and -

Chapter 1

Enterpr ise

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

that implicitly Pa r t I Specify I - De signi ngIPSec a n Entis e rpr i se SBCtrusted Solut ion Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

ent ation permit-ipsec sysopt I mplem connection

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing Specify of remote side identity is by IP address Chapter 7 - that The authentication Client Envir onment Chapter 8

- Security

isakmp identity address Chapter 9 - Net w or k Managemen t Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Enable ISAKMP negotiation on the external interface

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

isakmp enable outside Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Define IPSec polices

Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

crypto ipsec transform-set cme-set esp-3des esp-sha-hmac crypto map cme-map 10 ipsec-isakmp Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment crypto map cme-map 10 set transform-set cme-set Chapter 20 - Migr ation to Window and address Citr ix MetaFrame XP crypto map cme-set 10s 2003 match ORD-VPN Ongoing Administr ation of the Ser v er Based Com puting crypto Chapter 21 - map cme-set 10 set peer 20.20.20.4 Envir onment crypto map cme-set interface OUTSIDE Chapter 18 - Pr int in g

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B -the Creating anKey On- Exchange Dem and Enterpr Financial Analysis Model Define Internet (IKE)ise policies Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex isakmp policy 10 authentication pre-share List ofisakmp Figur es policy 10 group 2 List ofisakmp Tables policy 10 encryption 3des List ofisakmp Case Studies policy 10 hash sha List of Sidebars

Specify the preshared key for each tunnel isakmp key h&3jN(sv5Km.(s14 address 20.20.20.4 netmask 255.255.255.255

CME-EUR Like the Sales Office sites, reliesSu onitInternet connectivity. Unlike the sales offices, CME-EUR has Cit rix Me t CME-EUR aFra m e Access e fo r W in do w s Ser ver 3 :greater Th e O ffdemands, icial Guid including e higher throughput2 00 and printing and Domain replication. Because of the "comme ISBN:0072195665 grade Internet requirements, CME-EUR has an SLA for their Internet service. Bandwidth management is by Steve Kaplan et al. necessary to control traffic traversing the VPN tunnel and ensure that the relatively high number of Citrix McGrthe aw -Hill © 2003 (724 pages) sessions do not become "starved" bandwidth. has limited onsite IT staff and will not require This guide ex plainsfor how to build a CME-EUR r obust, reliable, and scalable thin- client com puting onment and deploy The CME-EUR LAN switch is a immediate access to a modem connection forenvir remote reconfiguration. Windowsand 2000/ Windows Ser v er andonly MetaFr am e.Layer Also 3 requirements (isolating the inter consolidated distribution access layer2003 module, with limited learn t o centr alize application managem ent, r educe soft w ar e LAN segment from the uplink to the Packeteer and firewall). The CME-EUR configuration is detailed in Figu on the desktop, and mor e. 7. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Figure 17-7: The CME-EUR network Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Firewall Chapter 7 -Configuration The Client Envir onment Chapter 8

- Security

The firewall- and VPN configuration for CME-EUR is similar to a Sales Office firewall configuration, but allow Net w or k Managemen t specific LAN hosts to access the Internet directly. The configuration example shown under CME-MEX is app Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt to CME-EUR as well. Chapter 9

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Bandwidth Management

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 -management Application I nstallation and is Configur Bandwidth at CME-EUR similarattoiona Private WAN site, but as almost all traffic is routed to C Chapter 14 the - Client Deploym ent before it enters the tunnel. Other modifications would inclu Corp over VPNConfigur tunnel, ation trafficand must be policed

modified trafficand related to printing from the corporate site (NetBIOS IP, LPR), and less restricti Chapter 15restrictions - Pr ofiles, on Policies, Pr ocedu res Active Directory Domain replication Chapter 16 - Securing Client Access traffic to the local domain controller. Chapter 17 - Net wor k Configur at ion

CME-MEX

Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

CME-MEX CME-EUR, withand theCitr additional restrictions imposed by the production environment. T Chapter 20 -parallels Migr ation to Windowbut s 2003 ix MetaFrame XP manufacturing plant floor has little service beyond Ongoing Administr ationneed of thefor Ser v er - Based Comlimited puting Citrix connectivity and no need for externa Envir onmentthe corporate network. Again, bandwidth management is necessary to control client Internet access through Pa r t I V - Appendi es behavior (allow xreliable access to Citrix, police printing bandwidth consumption, allow management and Appendix administration A - I nter staff netw Internet or k ingaccess, Basics and restrict production subnets to corporate intranet access). Figure 17shows the network components. Appendix B assembled - Creating an On- Dem and Enterpr ise Financial Analysis Model Chapter 21 -

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix Figure MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide 17-8: The CME-MEX Network For ewor d I ntr oduction

Firewall Configuration Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 -firewall and VPN parameters (conceptually identical to CME-EUR) define the subnets that travers CME-MEX Enterpr ise

VPN tunnel but allow direct outbound access for a limited number of LAN hosts, specified by a fully qualified - Window s Ter minal Ser vices domain name (FQDN). As these sites are domain members of the CME Active Directory domain with a local Chapter 3 - Citr ix MetaFr am e Access Suite domain controller/internal DNS server, the firewall can use the internal DNS and dynamic DNS registration o Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion DHCP-addressed LAN hosts to identify hosts granted access by FQDN. Again, the VPN parameters are a m Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 those image of at CME Corp. I mplem ent ation Chapter 2

Chapter 5 settings - Ser verfor - Based Computing Data Center Architect ure Basic MEX-FPUB-A Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

nameif ethernet0 OUTSIDE security 0 - Security interface ethernet0 100Full Chapter - Net w or OUTSIDE k Managemen t ip9 address 66.66.66.66 255.255.255.240 Chapter 8

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter Define 11 -logical Ser vergroups Configur ofation: objects Windows to simplify Ter mconfiguration inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Applicationnetwork I nstallationCME-Servers and Configur at ion object-group Chapter 14 - Client Configur ation and Deploym object-group description CMEentServers and NMS Accessible to VPN Sites Chapter 15 network-object - Pr ofiles, Policies,10.1.0.0 and Pr ocedu255.255.254.0 res

network-object 255.255.255.0 Chapter 16 - Securing Client 10.1.45.0 Access object-group network Chapter 17 - Net wor k Configur at ionMEX-LAN object-group description CME-MEX LAN Subnets Chapter 18 - Pr int in g network-object 10.201.4.0 Chapter 19 - Disaster Recovery and Business 255.255.252.0 Continuity in the SBC Envir onment object-group Chapter 20 - Migr ation network to Window s INTERNET-ACCESS 2003 and Citr ix MetaFrame XP object-group description Local Hosts Allowed Internet Access

Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 network-object host mex-dc01.cme.com Envir onment Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

Define what local traffic is allowed to traverse the tunnels

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

#notice it is a mirror of the one applied to the host PIX access-list ORD-VPN permit ip object-group MEX-LAN object-group CME-Servers List of Figur es access-list VPN-NO-NAT permit object-group MEX-LAN object-group CME-Servers I ndex

List of Tables

List of Case Studies List of Sidebars

Exempt site-to-site VPN traffic from the Network Address Translation process nat (INSIDE) 0 access-list VPN-NO-NAT nat (INSIDE) 1 object-group INTERNET-ACCESS global (OUTSIDE) 1 interface

Specify that IPSec is implicitly trusted sysopt connection permit-ipsec Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al.

ISBN:0072195665

Specify that authentication of remote side identity is by IP address McGr aw -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and scalable thinclient com puting envir onment and deploy isakmp identity address Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Enable ISAKMP negotiation on the external interface < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

isakmp enable outside

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Define IPSec policies Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and crypto Chapter 1 - ipsec transform-set cme-set esp-3des esp-sha-hmacv Enterpr ise

crypto map cme-map 10 ipsec-isakmp - Window s Ter minal Ser vices crypto map cme-map 10 set transform-set cme-set Chapter 3 - Citr ix MetaFr am e Access Suite address ORD-VPN crypto map cme-set 10 match Pa r t I crypto I - De signimap ng a ncme-set Ent e rpr i se 10 SBCset Solutpeer ion 20.20.20.4 Pr epar ing Your Or ganization for an On- Dem and Enterpr ise crypto Chapter 4 - map cme-set interface OUTSIDE Chapter 2

I mplem ent ation

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6 -Internet Designing Netw or k(IKE) for Ser ver- Based Com put ing Define KeyYour Exchange policies Chapter 7

- The Client Envir onment

Chapter 8 - Security isakmp policy 10 authentication pre-share Chapter 9 - Net w or k Managemen t 2 isakmp policy 10 group Pa r t I isakmp I I - I m ple m ent ing a 10 n O n-D e m a nd Se r ve 3des r - Ba se d Com pu ti ng Envi r onm e nt policy encryption

Chapter 10 - Prpolicy oj ect Managing and Deploying an Enter pr ise SBC Envir onment isakmp 10 hash sha Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Specify preshared key for each tunnel at ion Chapter 13 - the Application I nstallation and Configur Chapter 14 - Client Configur ation and Deploym ent

isakmp address 20.20.20.4 netmask 255.255.255.255 Chapter 15 - Prkey ofiles,!h^Fsn)9,Oq$z@cU Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

Bandwidth Management Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

CME-MEX is a somewhat larger mirror of CME-EUR. Basic bandwidth allocations are the same, but outboun Internet access is restricted by the PacketShaper based on approved host names (manually defined in the Ongoing Administr ation to of the the host's Ser v erIP - Based Comas puting PacketShaper rules) as compared address resolved by the internal DNS on the domain Chapter 21 Envir onment controller. Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

Core LAN Switch Configuration

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On-(MEX-SCO-A) Dem and Enterprisise iption Billing Model advanced Layer 3 routing functiona The CME-MEX core switch theSubscr first switch that requires with its associated VLANs. By subnetting CME-MEX's address space, the designers simplified the process o I ndex

restricting access to many services from the plant floor (production) hosts. The following partial configuration List of Figur es shows both the Layer 2 VLAN assignments and the Layer 3 routed interfaces. Note that VLAN 1 (default) is List of Tables only interswitch List of for Case Studies VLAN control traffic, and VLAN 999 is passed through the switch at Layer 2 for visibility, b cannot be routed to any other VLAN. Each Layer 3 VLAN interface will have access lists defined to limit List of Sidebars

accessibility from VLAN-to-VLAN. Finally, the 802.1Q trunk to the plant floor switches only transports the PL VLAN and the SERVER VLAN (used for management). vlan vlan vlan vlan

2 name SERVERS 3 name ADMIN 4 name PLANT 201 name INSIDE

vlan 999 name OUTSIDE ! interface Vlan1 Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver no ip address 2 00 3 : Th e O ff icial Guid e ! ISBN:0072195665 by Steve Kaplan et al. interface Vlan2 McGr aw -Hill © 2003 (724 pages) description This CME-MEX Servers guide ex plains how to build a r obust, reliable, and ip address 10.201.0.129 scalable thin- client 255.255.255.128 com puting envir onment and deploy ! Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e interface Vlan3 the desktop, and mor e. description on CME-MEX ADMIN ipl version= address 255.255.255.0 < ?xm " 1.0"10.201.1.0 encoding= " I SO8859- 1" ?> Ta ble ip ohelper-address f Con t en t s 10.201.0.100 ! ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide Citr interface Vlan4 For ewor d description CME-MEX Plant Floor I ntr oduction 10.201.2.1 Pa rip t I -address Ov er vi e w of Ente r pr ise Se r255.255.254.0 ve r - Ba se d Com put in g ! I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 interface Vlan201 Enterpr ise description CME-MEX firewall Chapter 2 - Window s Ter minal Ser vices (MEX-FPUB-A INSIDE) ip address 10.201.0.14 255.255.254.240 Chapter 3 - Citr ix MetaFr am e Access Suite !r t I I - De signi ng a n Ent e rpr i se SBC Solut ion Pa interface PrVlan999 epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 no ip address I mplem ent ation ! Chapter 5 - Ser ver - Based Computing Data Center Architect ure interface GigabitEthernet4/1 Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing description Uplink PacketShaper 6500 Inside Interface Chapter 7 - The Client Envirto onment switchport access vlan 999 Chapter 8 - Security switchport mode access Chapter 9 - Net w or k Managemen t spanning-tree portfast Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt speed 100 Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment duplex full Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices ! Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver interface GigabitEthernet4/2 Chapter 13 - Application I nstallation and Configur at ion description trunk to MEX-SDI-A Port Gi0/1 Chapter 14 - Client Configur ation and Deploymdot1q ent switchport trunk encapsulation Chapter 15 Pr ofiles, Policies, and Pr ocedu res switchport trunk native vlan 2 Chapter 16 - Securing Client Access vlan 1,2,4 switchport trunk allowed Chapter 17 Net wor k Configur switchport mode trunkat ion Chapter 18 - Pr int in g ! Chapter interface 19 - Disaster GigabitEthernet4/3 Recovery and Business Continuity in the SBC Envir onment description Connected MEX-FPUB-A OUTSIDEXP Chapter 20 - Migr ation to Windowto s 2003 and Citr ix MetaFrame switchport access vlan 999 Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 Envirmode onment switchport access Pa rspanning-tree t I V - Appendi x es portfast Appendix speedA 100 - I nter netw or k ing Basics duplex Appendix B -full Creating an On- Dem and Enterpr ise Financial Analysis Model ! Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model interface GigabitEthernet4/4 I ndex Connected to MEX-FPUB-B OUTSIDE Listdescription of Figur es switchport access vlan 999 List of Tables switchport mode access List of Case Studies spanning-tree portfast List of Sidebars speed 100 duplex full ! interface GigabitEthernet4/47 description Connected to MEX-FPUB-A INSIDE switchport access vlan 201 switchport mode access

spanning-tree portfast speed 100 duplex full Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

! 2 00 3 : Th e O ff icial Guid e interface GigabitEthernet4/47 ISBN:0072195665 by Steve Kaplan et al. description McGr Connected to (724 MEX-FPUB-B INSIDE aw -Hill © 2003 pages) switchport access vlan 201 This guide ex plains how to build a r obust, reliable, and switchport mode scalableaccess thin- client com puting envir onment and deploy spanning-tree Windows portfast 2000/ Windows 2003 Ser v er and MetaFr am e. Also speed 100 learn t o centr alize application managem ent, r educe soft w ar e duplex full on the desktop, and mor e. ! l version= " 1.0" encoding= " I SO- 8859- 1" ?> < ?xm Tainterface ble o f Con t enGigabitEthernet5/1 ts Connected to MEX-SDC01 Citrdescription ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide switchport access vlan 2 For ewor d mode access I ntrswitchport oduction portfast Pa rspanning-tree t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g ! I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 interface GigabitEthernet6/1 Enterpr ise description ADMIN Client Chapter 2 - Window s Ter minal Ser vices switchport access vlan 3 Suite Chapter 3 - Citr ix MetaFr am e Access Pa rswitchport t I I - De signi ngmode a n Entaccess e rpr i se SBC Solut ion spanning-tree portfast Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 7

- The Client Envir onment

I mplem ent ation

Access Configuration Floor) Chapter 6 Switch - Designing Your Netw or k for (Plant Ser ver- Based Com put ing The individual access switches (MEX-SAI-A through E) on the plant floor are virtually identical. Client interfac - Security (fast Ethernet) are assigned to the "PLANT" VLAN, and the first gigabit Ethernet interface is configured as an Chapter 9 - Net w or k Managemen t 802.1Q trunk to the distribution switch (MEX-SDI-A). MEX-SDI-A interfaces are all configured as trunks, with Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt management address and default gateway (they are Layer 2 only) set for VLAN 2 (SERVERS). Chapter 8

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

vlan 2 name SERVERS vlan 4 name PLANT Chapter 13 - Application I nstallation and Configur at ion ! Chapter 14 - Client Configur ation and Deploym ent interface Vlan1 Chapter - Pr ofiles, Policies, and Pr ocedu res no ip15address Chapter 16 - Securing interface Vlan2 Client Access Chapter 17 Net k ConfigurServers at ion descriptionwor CME-MEX (Management VLAN Chapter 18 Pr int in g ip address 10.201.0.151 255.255.255.128 Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment ! Chapter interface 20 - Migr GigabitEthernet0/1 ation to Window s 2003 and Citr ix MetaFrame XP description trunk to MEX-SDI-A Gi0/2 Ongoing Administr ation of the SerPort v er - Based Com puting Chapter 21 Envirtrunk onment encapsulation dot1q switchport Pa rswitchport t I V - Appendi xtrunk es native vlan 2 Appendix A - I ntertrunk netw or kallowed ing Basics vlan 1,2,4 switchport Appendix switchport B - Creating modeantrunk On- Dem and Enterpr ise Financial Analysis Model ! Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model interface FastEthernet0/1 I ndex Plant Floor Access Listdescription of Figur es access vlan 4 Listswitchport of Tables Listswitchport of Case Studiesmode access spanning-tree portfast List of Sidebars ! ip default-gateway 10.201.0.129 Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

CME-WEST CME-WEST is the "backup" site for CME Corp. As shown in Figure 17-9, CME-WEST is actually an extensib

subset of that infrastructure, including both Internet and Private WAN access. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction

Figure 17-9: The CME-WEST network

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Enterpr ise Internet Router Configuration

Chapter 2

- Window s Ter minal Ser vices The CME-WEST access router (Cisco 7401) uses a single 1.5MB ATM Virtual Circuit (VC) carried o Chapter 3 - Citr ixInternet MetaFr am e Access Suite

ATM port ng foraInternet access. point-to-point Pa r t I I DS3 - De signi n Ent e rpr i se SBCThe Solut ion

subnet is assigned by the ISP, with CME-WEST's deleg address space routed theOrISP. Pr epar ing by Your ganization for an On- Dem and Enterpr ise Chapter 4 I mplem ent ation Basic SEA-RPUB-A Chapter 5 settings - Ser verfor - Based Computing Data Center Architect ure Chapter 6 Chapter 7 Chapter 8

- Designing Your Netw or k for Ser ver- Based Com put ing

WAN interface settings

- The Client Envir onment - Security

interface ATM1/0 - Net w or k Managemen t no ip address - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt ip route-cache policy 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment no ip mroute-cache 11 - Ser ver Configur ation: Windows Ter m inal Serv ices atm scrambling cell-payload 12 atm - Ser ver Configurcbitplcp ation: Citr ix MetaFr am e Presentation Ser ver framing 13 no - Application I nstallation and Configur at ion atm ilmi-keepalive

Chapter 9 Pa r t I I I

Chapter Chapter Chapter Chapter

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

VC to the ISPAccess Chapter 16 ATM - Securing Client Chapter 17 - Net wor k Configur at ion Chapter 18 interface - Pr int in g ATM1/0.11 point-to-point

Some-ISP 1.5MB Pipe in the SBC Envir onment Chapter 19 description - Disaster Recovery and Business Continuity address 100.100.100.102 Chapter 20 ip - Migr ation to Window s 2003 and Citr ix255.255.255.252 MetaFrame XP pvc 4/32Administr ation of the Ser v er - Based Com puting Ongoing ubr Envir 1500 onment Pa r t I V - Appendi oam-pvc x es manage aal5snap Appendix A - encapsulation I nter netw or k ing Basics Chapter 21 -

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

LAN interface settings

List of Figur es

interface fastethenet0/0 List of Tables description CME-WEST router-to-firewall LAN segment ip address 20.20.22.1 255.255.255.192 List of Sidebars speed 100 duplex full List of Case Studies

Firewall Configuration The CME-WEST firewall configuration is essentially a subset of the CME Corp configuration. It allows outbo access to the Internet for selected hosts, provides a single DMZ equivalent to CME Corp's SECURE-PUBLIC

for a tertiary Secure Gateway and tertiary DNS. The VPN tunnels to the remote branches are not configured copies of the CME Corp configuration ensure they can be rapidly created. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver O ff icial Guid e

Private WAN 2Router 00 3 : Th e

by Steve Kaplan et al.

ISBN:0072195665

The CME-WEST Private WAN Cisco 7401 is virtually identical to the Internet router, with the exception of the McGr aw -Hill © 2003 (724 pages) provisioned bandwidth and service type (vbr-nrt versus ubr). Additionally, the Private WAN router participates This guide ex plains how to build a r obust, reliable, and dynamic routing protocol (EIGRP) common to all Private WAN sites. scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

Basic settings for router SEA-RPVT-A learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

WAN interface settings

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

interface ATM1/0 no ip address For ewor d ip route-cache policy I ntr oduction no ip mroute-cache Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g atm scrambling cell-payload I ntr oducing Sercbitplcp ver -Based Com puting and th e On- Dem and atm framing Chapter 1 Enterpr ise no atm ilmi-keepalive

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - DeATM signi ng n Ent e rpr i se SBC Solut ion VCa settings

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

interface ATM1/0.100 point-to-point - Ser ver - Based Computing Data Center Architect ure description Uplink to CME Corp 6 - Designing Your Netw or k for Ser ver- Based Com put ing ip address 10.2.0.254 255.255.255.252 7 - The Client Envir onment pvc 1/10 8 - vbrt-nrt Security 6000 6000 16 9 - oam-pvc Net w or k Managemen manage t - I m ple m ent ing a n O n-D e aal5snap m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt encapsulation

Chapter 5 Chapter Chapter Chapter Chapter Pa r t I I I

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

interface Isettings Chapter 13 LAN - Application nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

gigabitethernet0/0 Chapter 15 interface - Pr ofiles, Policies, and Pr ocedu res segment to CME-WEST Core (SEA-SCO-A) Chapter 16 description - Securing Client LAN Access 10.101.3.254 255.255.255.248 Chapter 17 ip - Netaddress wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Routing

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 router eigrp 109 Envir onment

no auto-summary Pa r t I V - Appendi x es eigrp Appendix A no - I nter netw orlog-neighbor-changes k ing Basics 10.101.0.0 0.0.3.255 Appendix B network - Creating an On- Dem and Enterpr ise Financial Analysis Model network 10.2.0.254 0.0.0.3

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es

Bandwidth Management

List of Tables

List of PacketShaper Case Studies at CME-WEST does dual-duty through the added LEM. One segment manages the 6MB The List of Sidebars connection to CME Corp while the other monitors the Internet connection. Rules for traffic management in e

segment are equivalent to rules in the stand-alone counterparts at CME Corp. No IPSec rules are establishe VPN termination, but should the need arise, configuration settings for the CME Corp Internet PacketShaper be modified and imported quickly.

Core LAN Switch Configuration The CME-WEST LAN Core is somewhat underutilized on a day-to-day basis, but the over-build is necessary

position the switch as a backup for CME Corp. The switch's Layer 3 configuration is similar to CME-MEX with VLANs defined to isolate clients from the subset of servers that are homed at CME-WEST. CME-WEST has substantially more other Su regional including Citactive rix Meservers t aFra mthan e Access it e fo r offices, W in do w s Ser verredundant domain controllers, online backup servers for network security a backup Citrix server that is part of the CME Corp fa 2 00 3 : Th e and O ff icial Guidmanagement, e and an array of repository and backup and data that are replicated from CME C ISBN:0072195665 by Steve Kaplan et al. servers used to store images McGr aw -Hill © 2003 (724 pages)

A significant portion of the core switch's capacity is "preconfigured" to support drop-in LAN access switches This guide ex plains how to build a r obust, reliable, and would be purchased and deployed as part of a disaster recovery effort. Again, configurations (including serv scalable thin- client com puting envir onment and deploy configurations) for critical systems at CME Corp are up"am ate.CME-WEST. CME-WEST will reuse CM Windows 2000/ Windows 2003 Ser v er"backed and MetaFr Also learnand t o centr alize by application managem ent, VLANs r educe soft ar e Corp's IP addresses identities re-creating the same for w reconstituted servers. on the desktop, and mor e.

CME Corp

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr The ix MetaFr CME Corp am e Access infrastructure Suite foris Window intended s Ser to meet v er 2003—The design objectives Official Guide (fast, redundant, hierarchical, fault-tolera

and sodforth) now and in the foreseeable future. In many cases, subsystem design components for the case For ewor including I ntr oductionsupporting network and security management elements, are beyond what many corporate network employ many ofr -those networks Pa r t I - Ovtoday. er vi e wConversely, of Ente r pr ise Se r ve Ba se d same Com put in g

would be redesigned and reengineered for greate capacity and Isurvivability if the performance warranted effort ntr oducing Ser ver -Based Com puting and th the e OnDem and and expense. When looking at the aggrega Chapter 1 of leading edge hardware technologies, compare them to the cost of industry-leading ERP software packag Enterpr ise server systems—typically, infrastructure Chapter 2 - Window s Ter minal Ser vices cost is a fraction of the major business application package, and the application package is considered soSuite vital that "we lose money" when the system is down. The underlying ne Chapter 3 - Citr ix MetaFr am e Access must atsigni least Pa r t I I be - De ngas a nreliable Ent e rpras i se the SBCapplication Solut ion software: based on the designer's efforts, CME's Enterprise SB network should be up theOr task. Pr epar ing to Your ganization for an On- Dem and Enterpr ise Chapter 4

-

I mplem ent ation

Internet Access Module Chapter 5 - Ser ver - Based Computing Data Center Architect ure Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

The CME Corp high-bandwidth Internet access module consists of the Cisco 7401 routers and associated sw - The Client Envir onment ports on the ORD-SDMZ-A switch. The routers operate using EBGP as a routing protocol against two upstre Chapter 8 - Security ISPs, and are responsible for announcing CME's primary Internet-routable subnet into the Internet routing ta Chapter 9 - Net w or k Managemen t Internally, the outers use OSPF and static routes to receive routing information (routes must be learned from Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt IGP before being injected into the BGP process). The combination of OSPF, BGP, and redundant routers vir Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment eliminates the need to implement more troublesome techniques like Hot Standby Routing Protocol (HSRP) Chapter - Ser ver Configur Protocol ation: Windows Terto m ensure inal Servany icescombination of routes and equipment can carry Virtual 11 Router Redundancy (VRRP) Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation vermaintain a full copy of the Internet rout traffic. As an added advantage, the Internet gateway routers willSer also Chapter 13 Application I nstallation and Configur at ion tables for instant access. Chapter 7

Chapter 14 - Client Configur ation and Deploym ent

Internet Each Internet terminates a single 15MB ATM virtual circuit carried over a DS3 local Chapter 15Routers - Pr ofiles, Policies, androuter Pr ocedu res Point-to-Point subnetsClient for each upstream ISP are provided by the ISP, and the routers run BGP, with restrict Chapter 16 - Securing Access prevent17cross-routing of ISP traffic Chapter - Net wor k Configur at ion through CME Corp. Router configurations are similar to the CME-WEST Internet router (ATM ubr service).

Chapter 18 - Pr int in g

Chapter 19Configuration - Disaster Recovery and Corp Business Continuity in the SBC Envir onment Firewall The CME firewall is typical of an enterprise-class firewall. It, like the regional s Chapter 20 Migr ation to Window s 2003 and Citr ix MetaFrame XP firewalls at CME-EUR, CME-MEX, and CME-WEST, maintains session state tracking, resulting in stateful fa Ongoing ation ofstateful the Serfailover v er - Based Com puting to the redundant unit.Administr Unfortunately, cannot support IPSec tunnels since the encryption proc Chapter 21 Envir onment

dynamically negotiated—all IPSec tunnels will temporarily drop during a failover. The CME Corp firewall set FPUB-A & B) manages multiple DMZs based on the original corporate security model. Each DMZ is assigne Appendix A - I nter netw or k ingsecure) Basics security level, with normal ingress and egress rules applied. As a footnot progressively higher (more Appendix B Creating an OnDem and Enterpr ise secure FinancialDMZ Analysis Model isolation of the second "public" DNS in a more serves two purposes. First, the more secure ser Appendix C Creating an OnDem and Enterpr ise Subscr iption Billing be the "master" for replicating zone updates. Second, the server inModel the PUBLIC DMZ coexists with corporate I ndex servers (public targets). A malicious attack on, and compromise of, a web server could expose the DNS serv List of Figur es from within the same DMZ. The DNS server in the SECURE-PUBLIC DMZ shares the DMZ with direct attack List of Tables servers that only allow HTTPS (SSL) traffic and are easier to secure. The ACCESS DMZ is intended to term inbound connections from known, unencrypted but authenticated sources (RAS, Wireless, and others), and List of Case Studies inspection rules to these traffic flows. The SECURE-ACCESS DMZ is only for termination of traffic that is bo List of Sidebars encrypted during transport (with strong encryption), and authenticated (read here—VPN clients). Access list the CME Corp PIX are built much like lists for all other sites, but are far more complex due to the many traffi that must be allowed through the firewall. Even traffic originating in a "secure" segment like the SECURE-PU DMZ must be filtered by firewall rules and exposed to IDS monitoring before being allowed inside the firewal following subset of the firewall configuration provides the basic settings for VPN tunnels, address translation filtering rules. Pa r t I V - Appendi x es

Basic settings, including failover parameters nameif gb-ethernet0 Cit rix Me t aFra OUTSIDE m e Access security Su it e fo r W 0 in do w s Ser ver 2 00 3 : Th e O ff icial Guid esecurity 100 nameif gb-ethernet1 INSIDE ISBN:0072195665 by Steve Kaplan et al.security 20 nameif ethernet0 PUBLIC McGr aw -HillSECURE-PUBLIC © 2003 (724 pages) nameif ethernet1 security 40 nameif ethernet2 ACCESS security This guide ex plains how to build a r60 obust, reliable, and scalable thinclient com puting envir onment nameif ethernet3 FAILOVER security 99 and deploy Windows 2000/ Windows 2003 Ser0v er and MetaFr am e. Also nameif ethernet4 intf4 security learn t o centr alize application managem ent, r educe soft w ar e nameif ethernet5 SECURE-ACCESS security 80 on the desktop, and mor e. interface gb-ethernet0 1000Full < ?xm l version= " 1.0" gb-ethernet1 encoding= " I SO- 88591" ?> interface 1000Full Ta ble o f Con t en t s ethernet0 100Full interface Citr ix interface MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide ethernet1 100Full For ewor d interface ethernet2 100Full I ntr oduction interface ethernet3 100Full Pa r t I interface - Ov er vi e w of ethernet4 Ente r pr ise Se r100Full ve r - Ba se d Com put in g shutdown I ntr oducing Ser ver -Based Com puting and th e On- Dem and interface ethernet5 100Full Chapter 1 EnterprOUTSIDE ise ip address 20.20.20.4 255.255.255.0 Chapter - WindowINSIDE s Ter minal10.254.10.1 Ser vices ip2 address 255.255.255.248 Chapter - Citr ix MetaFr am e 10.254.0.1 Access Suite ip3 address PUBLIC 255.255.255.0 Pa r t I ip I - De signi ng a nSECURE-PUBLIC Ent e rpr i se SBC Solut ion address 10.254.1.1 255.255.255.0 Pr epar ing Your Or ganization for On- Dem and Enterpr ise ip4 address ACCESS 10.254.4.1 an 255.255.255.248 Chapter I mplemintf4 ent ation 127.0.0.1 255.255.255.255 ip address Chapter - Ser ver -FAILOVER Based Computing Data Center Architect ure ip5 address 1.1.1.1 255.255.255.252 Chapter - Designing Your Netw or k for10.254.8.1 Ser ver- Based Com put ing ip6 address SECURE-ACCESS 255.255.255.248 Chapter 7 - The ip Client Envir onment failover address OUTSIDE 20.20.20.5 255.255.255.0 Chapter failover 8 - Security ip address INSIDE 10.254.10.2 255.255.255.248 failover 10.254.0.2 255.255.255.0 Chapter 9 - Net wip or k address ManagemenPUBLIC t ipingaddress SECURE-PUBLIC Pa r t I failover I I - I m ple m ent a n O n-D e m a nd Se r ve r - Ba se d 10.254.1.2 Com pu ti ng Envi 255.255.255.0 r onm e nt failover ip Managing addressand ACCESS 10.254.4.2 Chapter 10 - Pr oj ect Deploying an Enter pr ise 255.255.255.248 SBC Envir onment failover ip Configur address FAILOVER 1.1.1.2 Chapter 11 - Ser ver ation: Windows Ter m inal Serv255.255.255.252 ices failover ip Configur address SECURE-ACCESS 10.254.8.2 Chapter 12 - Ser ver ation: Citr ix MetaFr am e Presentation Ser 255.255.255.248 ver failover link FAILOVER Chapter 13 - Application I nstallation and Configur at ion failover lan interface FAILOVER Chapter 14 - Client Configur ation and Deploym ent failover lan enable Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - OSPF Pr int in routing g Enable processes; public routes are redistributed to the private process Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation999 to Window s 2003 and Citr ix MetaFrame XP router ospf Ongoing Administr ation of the Ser v er - Based Com 20.20.20.0 255.255.255.0 area 0 puting Chapternetwork 21 Envir onment

router ospf 1 network 10.254.0.0 255.255.255.0 area 20 Appendix A - I nter netw or k ing Basics network 10.254.1.0 255.255.255.0 area 40 Appendix B - Creating an On- Dem255.255.255.248 and Enterpr ise Financialarea Analysis network 10.254.4.0 60 Model Appendix C Creating an OnDem and Enterpr ise Subscr iption Billing network 10.254.8.0 255.255.255.248 area 80 Model I ndex network 10.254.10.0 255.255.255.248 area 100 List of Figur es redistribute ospf 999 Pa r t I V - Appendi x es

List of Tables List of Case Studies

logical groups of objects to simplify configuration List ofDefine Sidebars object-group network CME-Servers object-group description CME Servers and NMS Accessible to VPN Sites network-object 10.1.0.0 255.255.254.0 network-object 10.1.45.0 255.255.255.0 object-group network VPN-Sites object-group description LAN Subnets of Remote Sites

group-object FRA-LAN group-object MEX-LAN group-object HEW-LAN Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver group-object AKL-LAN 2 00 3 : Th e O ff icial Guid e object-group network FRA-LAN ISBN:0072195665 by Steve Kaplan et al. object-group description CME-EUR LAN Subnets McGr aw -Hill © 2003 (724 pages) network-object 10.201.0.0 255.255.252.0 This guide ex plains how to build a r obust, reliable, and object-group network MEX-LAN scalable thin- client com puting envir onment and deploy object-group Windowsdescription 2000/ Windows 2003 CME-MEX Ser v er LAN and MetaFr Subnets am e. Also learn t o centr alize application managem ent, r educe soft w ar e network-object 10.201.4.0 255.255.252.0 on the desktop, and mor e. object-group network HEW-LAN object-group description Athens LAN Subnets < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con network-object t en t s 10.201.32.0 255.255.255.0 AKL-LAN Citr ix object-group MetaFr am e Access network Suite for Window s Ser v er 2003—The Official Guide object-group description Auckland LAN Subnets For ewor d network-object 10.201.33.0 255.255.255.0 I ntr oduction CME-ENG Pa r t I object-group - Ov er vi e w of Entenetwork r pr ise Se r ve r - Ba se d Com put in g object-group description LAN I ntr oducing Ser ver -Based ComEngineering puting and th e OnDemSubnets and Chapter 1 network-object 10.1.41.0 255.255.255.0 Enterpr ise 10.1.42.0 255.255.255.0 Chapter 2network-object - Window s Ter minal Ser vices network-object 10.1.43.0 Chapter 3 - Citr ix MetaFr am e Access Suite 255.255.255.0 Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 -what local traffic is allowed to traverse the tunnels to each site Define I mplem ent ation Chapter 5

- Ser ver - Based Computing Data Center Architect ure access-list MEX-VPN ip Chapter 6 - Designing Your Netwpermit or k for Ser ver-object-group Based Com put ing CME-Servers object-group FRA-LAN

access-list FRA-VPN permit ip object-group CME-Servers object-group MEX-LAN Chapter 7 - The Client Envir onment access-list Chapter 8 - Security HEW-VPN permit ip object-group CME-Servers object-group HEW-LAN access-list ip object-group CME-Servers object-group AKL-LAN Chapter 9 - Net w or k AKL-VPN Managemenpermit t Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Exempt site-to-site VPN traffic from the Network Address Translation (NAT) process

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

access-list VPN-NO-NAT permit ip object-group CME-Servers object-group VPN-

Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Chapter 15 -address Pr ofiles,translation Policies, and Pr ocedu res Define rules for selected traffic Chapter 16 - Securing Client Access Chapter 17 (inside) - Net wor k Configur at ion nat 0 access-list VPN-NO-NAT Chapter 18 Pr int in g nat (inside) 1 object-group CME-Servers Chapter 19 (inside) - Disaster Recovery and BusinessCME-ENG Continuity in the SBC Envir onment nat 2 object-group Chapter 20 - Migr ation to Window s 2003 and Citr ixnetmask MetaFrame255.255.255.255 XP global (outside) 1 20.20.20.192 Ongoing Administr ation of the Ser v er - Based Com puting global Chapter 21 - (outside) 2 20.20.20.193 netmask 255.255.255.255 onment static Envir (inside,outside) 20.20.20.100 10.254.0.100 netmask 255.255.255.255 0 Pa r t I static V - Appendi x es (inside,outside)

20.20.20.101 10.254.1.101 netmask 255.255.255.255 0

Appendix A - I nter netw or k ing Basics static (inside,outside) 20.20.20.110 10.254.0.110 netmask 255.255.255.255 0 Appendix B Creating an On- Dem and Enterpr ise Financial 10.254.1.111 Analysis Model static (inside,outside) 20.20.20.111 netmask 255.255.255.255 0 Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model netmask 255.255.255.255 0 static (inside,outside) 20.20.20.121 10.254.1.121 I ndex List of Figur es

List ofSpecify Tables traffic that is allowed to originate an inbound connection to web servers, secure gateway servers

servers, and mail relay servers

List of Case Studies List of Sidebars

access-list access-list access-list access-list access-list access-list access-list

OUTIDE-IN OUTIDE-IN OUTIDE-IN OUTIDE-IN OUTIDE-IN OUTIDE-IN OUTIDE-IN

permit permit permit permit permit permit permit

tcp tcp tcp tcp udp udp tcp

any any any any any any any

host host host host host host host

20.20.20.100 20.20.20.101 20.20.20.100 20.20.20.100 20.20.20.110 20.20.20.111 20.20.20.121

eq eq eq eq eq eq eq

http http 443 443 domain domain smtp

access-group OUTSIDE-IN in interface OUTSIDE Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

Specify that IPSec is implicitly trusted 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al.

ISBN:0072195665

sysopt connection McGr aw -Hill ©permit-ipsec 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Specify that authentication remote2003 side identity is byMetaFr IP address Windows 2000/of Windows Ser v er and am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

isakmp identity address

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

ISAKMP on thesexternal interface Official Guide Citr ix Enable MetaFr am e Accessnegotiation Suite for Window Ser v er 2003—The For ewor d I ntr oduction isakmp enable outside Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Chapter 1

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Define-IPSec policies Enterpr ise

Chapter 2

- Window s Ter minal Ser vices

Chapter 3 - Citr ix MetaFr am e Access Suite cme-set esp-3des esp-sha-hmac crypto ipsec transform-set Pa r t I crypto I - De signimap ng a ncme-map Ent e rpr i se 10 SBCipsec-isakmp Solut ion

crypto Prmap epar ing cme-map Your Or ganization 10 set for transform-set an On- Dem and Enterpr cme-set ise ent ation crypto I mplem map cme-set 10 match address MEX-VPN Chapter 5 - Ser ver -cme-set Based Computing Data Center Architect ure crypto map 10 set peer 66.66.66.66 Chapter 6 - Designing Your Netw for Ser ver- Based Com put ing crypto map cme-map 11or kipsec-isakmp Chapter crypto 7 - The map Client cme-map Envir onment 11 set transform-set cme-set crypto map cme-set 11 match address FRA-VPN Chapter 8 - Security crypto map 11t set peer 77.77.77.77 Chapter 9 - Net w or cme-set k Managemen map cme-map 21 ipsec-isakmp Pa r t I crypto I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt crypto 21 Deploying set transform-set cme-set Chapter 10 - Prmap oj ect cme-map Managing and an Enter pr ise SBC Envir onment crypto map 21 Windows match address HEW-VPN Chapter 11 - Ser ver cme-set Configur ation: Ter m inal Serv ices crypto map 21 Citr set peer am 88.88.88.88 Chapter 12 - Ser ver cme-set Configur ation: ix MetaFr e Presentation Ser ver crypto map cme-map 22 ipsec-isakmp Chapter 13 - Application I nstallation and Configur at ion crypto map cme-map 22 set transform-set cme-set Chapter 14 - Client Configur ation and Deploym ent crypto map cme-set 22 match address AKL-VPN Chapter 15 - Pr ofiles, Policies, and Pr ocedu res crypto map cme-set 22 set peer 99.99.99.99 Chapter 4

Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 -IKE Pr int in g Define policies

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to10 Window s 2003 and Citr ix pre-share MetaFrame XP isakmp policy authentication Ongoing Administr ation of the Ser v er - Based Com puting isakmp Chapter 21 - policy 10 group 2 Envir onment

isakmp policy 10 encryption 3des isakmp policy 10 hash sha

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix Specify C - the Creating per-site an preshared On- Dem andkeys Enterpr ise Subscr iption Billing Model I ndex List ofisakmp Figur es key !h^Fsn)9,Oq$z@cU address 66.66.66.66 netmask 255.255.255.255 List ofisakmp Tables key $7nA0;*45Fzq!@zQ address 77.77.77.77 netmask 255.255.255.255 List ofisakmp Case Studies key h&3jN(sv5Km.(s14 address 88.88.88.88 netmask 255.255.255.255 List ofisakmp Sidebars key @n8Ao,^674n*3bFc address 99.99.99.99 netmask 255.255.255.255

VPN (Client VPN) The VPN termination for roaming clients is provided by the Cisco 3030 VPN Concentrato (redundant). Routing is a combination of static and OSPF to allow external routes to be propagated to the In router and PIX firewall. Individual client settings vary based on their role in the CME corporate environment— are authenticated by the Windows 2000 Active Directory domain, some by internal accounts on the VPN concentrator, and some by RADIUS. Tunnel settings also vary, with most users locked in to "tunnel everythin

security reasons. Most tunnels use preshared keys, but the VPN concentrator is the "test-bed" for implemen certificate-based keying for future use on site-to-site PIC VPN tunnels. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

Bandwidth Management Internet bandwidth at CME Corp cannot be "shaped" in the same way internal WA 2 00 3 : Th e O ff icial Guid e Figure 17-10 shows sites can, but as a minimum, certain traffic types must be protected. ISBN:0072195665 by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d Figure 17-10: CME Corp Internet Packeteer settings I ntr oduction

toe w and MetaFrame Secure Gateway, Pa r t I Traffic - Ov er vi of from Ente rthe pr ise Se r ve r - Ba se d Com put in g

MSAM Access for supplier's, and public access to public web are given preferential over most I ntrpresence oducing Ser ver -Based Com putingtreatment and th e OnDem and inbound/outbound traffic flows.

Chapter 1

-

Enterpr ise IPSec, known tunnel Chapter 2 -with Window s Ter minalendpoints Ser vices defined by source and destination address, is guaranteed a minimu

amount with preferential Chapter 3 - of Citrbandwidth ix MetaFr am e Access Suite access to additional bandwidth up to the Internet access bandwid the remote site (after all, the Citrix traffic from the sites is inside the IPSec packets).

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter Normal 4 - web browsing from the internal network is held as routine traffic, while web traffic sessions origin I mplem ent ation

from the MetaFrame server farm are given slightly better treatment. If users see poor performance whe - Ser ver - Based Computing Data Center Architect ure browsing the web from Citrix, they may try to circumvent the system to cruise the web.

Chapter 5 Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7 - The Client Envir(6509) onmentConfiguration The DMZ distribution switch (Catalyst 6509) configuration i DMZ Distribution Switch Chapter 8 It-employs Security a combination of routed (Layer 3 interface) and non-routed (Layer 2 only) segments to i complex. Chapter traffic flows, 9 - expose Net w or kall Managemen segmentst to the Intrusion Detection Module (IDS), and allow management platform v Pa I I I - Istatistics. m ple m entAdditionally, ing a n O n-D eisolated m a nd Serouted r ve r - Basubnets se d Comare pu ticreated ng Envi rby onm e ntContent ofr ttraffic the

Services Module to allow

load-balance (HTTP and and Deploying DNS) across multiple and web servers. Although detailed configurat Chapter 10 - PrIP oj traffic ect Managing an Enter pr iseDNS SBC Envir onment are beyond of thisation: chapter, fundamental 2 and Layer 3 configurations echo those of other Chapter 11 - the Serscope ver Configur Windows Ter m inalLayer Serv ices corporate several notable exceptions: Chapter 12 switches - Ser ver with Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

The switch runs multiple routing protocols such as

Chapter 14 - Client Configur ation and Deploym ent

Chapter 15 OSPF - Pr ofiles, Policies, and Pr ocedu for route distribution with res the PIX firewall internal interface, VPN concentrator internal interfa Chapter 16 and - Securing Client Access the ACCESS-DMZ distribution switch (ORD-SDE-A), and RAS appliance (PortMaster) Chapter 17 - Net wor k Configur at ion

Chapter 18 EIGRP - Pr int for in g route distribution with the CME Corp core switches (ORD-SCO-A and B) Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Routing information is cross-distributed from OSPF to EIGRP and vice-versa

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Several of Ongoing the isolated Administr VLANs ation(isolated of the Serfrom v er - Based the main Comrouting puting processes) are visible to the Content Serv Envir onmentload-balancing of web traffic to appropriate servers. Module to facilitate

Chapter 21 -

Pa r t I V - Appendi x es

Figure 17-11 shows the Appendix A - I nter netw or kcombined ing Basics Internet access layer, Security and VPN modules, DMZ distribution switch peripheral Appendix B equipment. - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

Figure 17-11: CME Corp Internet, Security Perimeter, and VPN/firewall configuration I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

ACCESS-DMZ Switch Configuration A secondary distribution switch (Cisco 3550-12G) (ORD-SDE-A) is us

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 the - PIX firewall ACCESS DMZ interface and the separate access segments or wireless LAN (WLA between Enterpr ise

dial-up Remote Access Services (RAS). The 3550 enforces intersegment routing restrictions to limit the abili - Window s Ter minal Ser vices wireless and RAS users to communicate directly, provides a first line of defense for the firewall against RAS Chapter 3 - Citr ix MetaFr am e Access Suite WLAN sources Denial of Service attempts, and aggregates the multiple VLAN/WLAN segments for the wire Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion network. Finally, to avoid exposing critical equipment and servers, the Catalyst 3550 provides DHCP server Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 to -the WLAN segments. The switch runs OSPF on the uplink to the primary DMZ distribution switch services I mplem ent ation SDMZ-A) and on the downlink to the PortMaster. The routes to the connected Layer 3 interfaces for the wire Chapter 5 - Ser ver - Based Computing Data Center Architect ure segments are announced up-stream, but blocked on all other interfaces by distribution lists and "passive inte Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing settings. The PortMaster does not need a route to the WLAN, and the WLAN devices are Layer 2 only. Chapter 2

Chapter 7

- The Client Envir onment

Chapter 8

- Security The Private WAN Module

Chapter 9

- Net w or k Managemen t

Pa r t I IPrivate I - I m ple m entdistribution ing a n O n-Dmodule e m a nd Se r ve r - Baof sethe d Com pu tirouter, ng Envidistribution r onm e nt The WAN consists Cisco

aggregation switch, PacketSha

Chapter Pr oj ect Managing and Deploying an Enter pr ise Envir onment Figure 17-12 depicts the operational and an10 IDS- appliance to preinspect traffic arriving from theSBC sites. Chapter configuration. 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es

Figure 17-12: The Private WAN Distribution module

List of Tables

List of Private Case Studies The WAN Router The Cisco 7401 router is configured to use a 1000Base SX LAN interface and an List of Sidebars DS3 WAN interface. Configuration for the routing protocol (EIGRP) is similar to the Private WAN site routers

except that it has a much larger scope of assigned subnets (10.0.2.0/24). Configuration of the ATM interface similar to that of CME-WEST. Bandwidth Management The PacketShaper 8500 defines unique shaping parameters for each remote Priv WAN site based on the site's assigned LAN subnet range. By controlling bandwidth at the LAN edge, the tra destined for the Internet is "prepoliced" to appropriate values and no per-site settings are required on the Inte PacketShaper for these sites. The policies and partitions of remote sites are replicated at the main Private W

PacketShaper. In Figure 17-13, note that the CME-TNG site (with bandwidth managed by MQC on the route classified as "ignore" (do not manage this traffic). Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Figure CME WAN PacketShaper settings Chapter 2 - 17-13: Window s TerCorp minalPrivate Ser vices Chapter 3

- Citr ix MetaFr am e Access Suite

The other notable feature is the CME-WEST "HotSite Replication" rule, a time-based rule that opens up the site bandwidth after-hours and guarantees best performance to intersite data replication to support disaster Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter recovery. 4 Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

I mplem ent ation

Chapter 5 -bandwidth Ser ver - Based Computing Center Architect ure Instead, policing is managed by settings for the CME-TNG is not controlledData by the PacketShaper. Chapter - Designing Yourrouter. Netw or k for ver- Based Com putsubnets ing Virtual 6Circuit (VC) on the To theSer PacketShaper, the associated with CME-TNG are classified Chapter 7 - rule Theso Client onment or policing of traffic flows is enabled. The same MQC parameters invoke an "Ignore" thatEnvir no shaping Chapter 8 - Security the CME-TNG router (ORD-RPVT-TNG-A) are used on the CME Corp's Private WAN router interface to CM Chapter TNG. The 9 following - Net w or kshows Managemen partialt configurations for the CME Corp interface. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

WAN (ATM subinterface and virtual circuit. Note that theonment output queuing policy is applied to the Chapter 10 setting - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir subinterface versus the main interface at CME-TNG.)

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

interface ATM1/0.32 point-to-point Chapter 13 - Application I nstallation and Configur at ion 800KB to CME-TNG Chapterdescription 14 - Client Configur ationADSL and Deploym ent ip address 10.2.0.17 255.255.255.252 pvc 1/32 Chapter 16 - Securing Client Access vbr-nrt 800 800 16 Chapter 17 - Net wor k Configur at ion encapsulation aal5snap Chapter 18 - Pr int in g service-policy output CME-TNG Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

onment Identical Envir traffic classification and marking parameters

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

class-map match-all ICA-LAN match access-group 101 Appendix C - Creating an On- DemICA-WAN and Enterpr ise Subscr iption Billing Model class-map match-all I ndex match ip precedence 5 List of!Figur es List ofpolicy-map Tables CITRIX-LAN List of Case Studies class ICA-LAN List of Sidebars set ip precedence 5 class class-default set ip precedence 0 policy-map CME-TNG class ICA-WAN bandwidth 384 class class-default fair-queue Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

! access-list 101 permit tcp any any eq 1494 access-list 101 remark Identify ICA traffic by TCP Port# Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al.

The Campus McGr LANawAccess/Distribution Module -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and

Access and distribution layer topology for the CME Corp campus was redesigned (based on the topology in scalable thin- client com puting envir onment and deploy 10-2) to form a virtual "ring" (that is, in fact, a Layer partial mesh) centered on the data center facility. By Windows 2000/ Windows 2003 Ser v er3 and MetaFr am e. Also centr alizebuildings application managem educeredundant soft w ar e and Layer 3 (Figure 17-14), the changing all linkslearn fromt oindividual to the core toent, be rboth on the desktop, and to mor e. designers eliminated issues related spanning tree in the campus network—spanning tree instances on ea switch are only locally significant because of the Layer 3 (routed) boundary. Switch routing tables will always < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> contain the next-best route to the core, ensuring immediate convergence in case of a link failure. Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Figure 17-14: Campus LAN access/distribution topology

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Typical16LAN Access/Distribution Chapter - Securing Client Access Switch Configuration The campus building switches are only partially f tolerant17(single module), Chapter - Netsupervisor wor k Configur at ion but multi-homed at Layer 3 to ensure connectivity to the core. Figure 17 shows the Chapter 18 physical - Pr int in gconnectivity. Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Figure 17-15: Campus LAN access/distribution (partial) Building distribution switches in the "virtual ring" are all based on the same template: 10/100/1000 Ethernet connections for in-building hosts, with multiple fiber-optic gigabit uplinks to adjacent switches and the core sw for resiliency. Individual interfaces for switch-to-switch connectivity have no need for VLAN parameters, so th locked in as Layer 3 routed interfaces only with the "no switchport" command.

Switch-to-switch connectivity for a typical LAN distribution switch, using ORD-SDI-C (ENG-C) as a model fol The local LAN Citsegment rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e ISBN:0072195665

by Steve Kaplan et al. vlan 2 name ENG-C-Clients McGr aw -Hill © 2003 (724 pages) ! guide ex plains how to build a r obust, reliable, and interface This Vlan1 scalable thin- client com puting envir onment and deploy no ip address Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also ! learn t o centr alize application managem ent, r educe soft w ar e interface onVlan2 the desktop, and mor e. description ENG-C Clients < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> ip address 10.1.43.1 255.255.255.0 Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d Switch-to-switch (distribution-to-distribution) I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

interface GigabitEthernet1/1

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapterdescription 1 Link to ORD-SDI-B Port Gi1/2 Enterpr ise

no switchport - Window s Ter minal Ser vices ip address 10.2.1.138 255.255.255.252 Chapter 3 - Citr ix MetaFr am e Access Suite interface GigabitEthernet1/2 Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion description Link to ORD-SDI-D Port Gi1/1 Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapterno 4 switchport I mplem ent ation ip address 10.2.1.141 255.255.255.252 Chapter 2

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7 - The Client Envir onment Switch-to-switch (distribution-to-core) Chapter 8

- Security

Chapter 9

- Net w or k Managemen t interface GigabitEthernet2/1 description Uplink to ORD-SCO-A Port Gi4/3 Chapterno 10 switchport - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapterip 11 address - Ser ver Configur ation: Windows Ter m inal Serv ices 10.2.1.42 255.255.255.252 Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver ! Chapter 13 Application I nstallation and Configur at ion interface GigabitEthernet2/2 Chapterdescription 14 - Client Configur ation to and ORD-SCO-AB Deploym ent Uplink Port Gi4/3 Chapterno 15 switchport - Pr ofiles, Policies, and Pr ocedu res Chapterip 16 address - Securing10.2.1.74 Client Access 255.255.255.252

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Routing

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

router Ongoing eigrp Administr 109 ation of the Ser v er - Based Com puting Chapterno 21 auto-summary Envir onment eigrpx eslog-neighbor-changes Pa r t I V no - Appendi network 0.0.0.255 Appendix A - I nter10.1.43.0 netw or k ing Basics network 10.2.1.40 0.0.0.3 Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model network 10.2.1.72 0.0.0.3 Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

network 10.2.1.136 0.0.0.7

List of Figur es List of Tables

The WLAN Access Module

List of Case Studies

List of WLAN Sidebars The Access Points (Cisco 1200 series) are configured as 802.1Q trunks on their internal (Ethernet)

interfaces. VLAN 871 is used for management but is not "mapped" to an equivalent WLAN segment. VLAN mapped to the corporate WLAN on a unique non-broadcast System Security Identifier (SSID) that requires RADIUS (LEAP) authentication. By tying the WLAN segment to RADIUS, CME IT staff can force positive mu authentication of clients, enforce session key rotation, and ensure only specifically authorized users are allow WLAN access. VLAN 873 is mapped to a "public" WLAN that uses no encryption or authentication and assu default SSID values (tsunami). The Layer 3 interface for VLAN 873 is filtered by multiple access lists designe restrict WLAN clients from accessing CME Corp public servers (web servers) and the Internet. As a security

measure, the Layer 3 interface on switch ORD-SDE-A is maintained in a "shutdown" state to prevent use of segment without prior coordination. As a secondary check, access attempts (associations) are logged by the individual AccessCit Points ast aFra an audit trail—the justver not connected beyond the Access Point rix Me m e Access SuWLAN it e fo r is W "active," in do w s Ser Figure 17-16 shows WLAN topology. 2 00the 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Figure Chapter 4 - 17-16: The Campus WLAN access/distribution topology I mplem ent ation Chapter 5

- Ser ver - Based Computing Data Center Architect ure

The Core Module Your Netw or k for Ser ver- Based Com put ing Chapter 6 - Designing Chapter 7

- The Client Envir onment

The dual Catalyst 6513 core (Figure 17-17) is linked by a 10GB Ethernet fiber link using single-mode fiber - Security transceivers originally intended for far greater distance (optical attenuation is required), this allows the serve Chapter 9 - Net w or k Managemen t and core switches to be physically separate in different areas of the data center without loss of throughput. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Individual fiber links (Layer 3) to every campus distribution switch, the DMZ switch, and the Private WAN dist Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment module ensure that no single failure, or even the failure of an entire core switch, can disrupt operations. Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices (Remember, the Citrix farm and critical servers are distributed redundantly across both switches.) Failure of Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver core-to-core fiber link imposes little, if any, performance penalty as the multiple links through the distribution Chapter 13will - Application I nstallation andload-balance Configur at ion(via EIGRP) the traffic. switches dynamically reroute and Chapter 8

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Figure 17-17: The dual core module

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex The Core Switch Configuration A partial configuration from switch ORD-SCO-A illustrates the connectivity List of Figur eslayer and adjacent core switch. Key elements of the configuration for servers are reflected in mo distribution

ports 1 and 2 (Gigabit EtherChannel (GEC)), and module 12 ports 1 and 2 (Fast EtherChannel (FEC)). List of Tables List of Case Studies

The local LAN segment for the server farm

List of Sidebars

vlan 2 name ServerFarm-A ! interface Vlan1 no ip address ! interface Vlan2

description ServerFarm-A Hosts ip address 10.1.0.1 255.255.255.0 Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Switch-to-switch (core-to-core)

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

interface This TenGigabitEthernet 3/0a r obust, reliable, and guide ex plains how to build description Backbone to ORD-SCO-B 3/0deploy scalable thin- client link com puting envir onment and Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also no switchport learn10.2.1.1 t o centr alize255.255.255.252 application managem ent, r educe soft w ar e ip address on the desktop, and mor e.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Switch-to-switch (ORD-SCO-A-to-distribution) Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor interface d GigabitEthernet5/1

description Link to ORD-SDI-A Port Gi2/1 I ntr oduction Pa r t I - no Ov erswitchport vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

ip address 10.2.1.33 255.255.255.252 I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise interface GigabitEthernet5/2 Chapterdescription 2 - Window s Ter Link minalto SerORD-SDI-B vices Port Gi2/1 Chapterno 3 switchport - Citr ix MetaFr am e Access Suite 10.2.1.37 Pa r t I I ip - De address signi ng a n Ent e rpr i se SBC255.255.255.252 Solut ion interface Pr eparGigabitEthernet5/3 ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 I mplem entLink ation to ORD-SDI-C Port Gi2/1 description Chapterno 5 switchport - Ser ver - Based Computing Data Center Architect ure 10.2.1.41 Chapterip 6 address - Designing Your Netw or k255.255.255.252 for Ser ver- Based Com put ing interface GigabitEthernet5/4 Chapter 7 - The Client Envir onment Chapterdescription 8 - Security Link to ORD-SDI-D Port Gi2/1 no switchport Chapter 9 - Net w or k Managemen t 10.2.1.45 255.255.255.252 Pa r t I I Iip - I maddress ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt interface GigabitEthernet5/5 Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment description Link to ORD-SDI-E Port Gi2/1 Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices no switchport Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver ip address 10.2.1.49 255.255.255.252 Chapter 13 - Application I nstallation and Configur at ion interface GigabitEthernet5/6 Chapter 14 - Client Configur ation and Deploym ent description Link to ORD-SDI-F Port Gi2/1 Chapter 15 - Pr ofiles, Policies, and Pr ocedu res no switchport Chapterip 16 address - Securing10.2.1.53 Client Access 255.255.255.252 Chapter 17 Net wor k Configur at ion interface GigabitEthernet5/7 Chapterdescription 18 - Pr int in g Link to ORD-SDI-G Port Gi2/1 Chapterno 19 switchport - Disaster Recovery and Business Continuity in the SBC Envir onment Chapterip 20 address - Migr ation10.2.1.57 to Window s 2003 and Citr ix MetaFrame XP 255.255.255.252 interface Ongoing GigabitEthernet5/8 Administr ation of the Ser v er - Based Com puting Chapter 21 Envir onment description Link to ORD-SDI-H Port Gi2/1 Pa r t I V no - Appendi x es switchport Appendix - I nter netw or k ing Basics 255.255.255.252 ipA address 10.2.1.61 Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model interface GigabitEthernet5/16 Appendix description C - Creating an Link On- Dem to and ORD-SDMZ-A Enterpr ise Subscr Portiption Gi5/1 Billing Model I ndex no switchport ip address 10.2.1.5 255.255.255.252 List of Figur es GigabitEthernet6/1 List ofinterface Tables description Link to ORD-SDI-I Port Gi0/3 List of Case Studies no switchport List of Sidebars ip address 10.2.0.1 255.255.255.252 Chapter 1

GEC for the file server interface Port-channel1 no ip address

switchport access vlan 2 switchport mode access interface Cit GigabitEthernet9/1 rix Me t aFra m e Access Su it e fo r W in do w s Ser ver description 2 00 3 GEC-1 : Th e O ffPrimary icial Guid ePort (ORD-SFS-01 NIC 0) switchport access vlan ISBN:0072195665 by Steve Kaplan et al.2 switchport McGrmode aw -Hillaccess © 2003 (724 pages) channel-group 1 mode desirable This guide ex plains how to build a r obust, reliable, and spanning-tree scalable portfast thin- client com puting envir onment and deploy interface Windows GigabitEthernet9/2 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn GEC-1 t o centr alize applicationPort managem ent, r educe soft w ar 1) e description Secondary (ORD-SFS-01 NIC on the desktop, and mor e. switchport access vlan 2 switchport mode access < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o fchannel-group Con t en t s 1 mode desirable spanning-tree portfast Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction

FEC for the RADIUS server

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

interface Enterpr Port-channel101 ise address Chapterno 2 ip - Window s Ter minal Ser vices access vlan Suite 2 Chapterswitchport 3 - Citr ix MetaFr am e Access mode Pa r t I I switchport - De signi ng a n Ent e rpr access i se SBC Solut ion interface Pr eparGigabitEthernet9/1 ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 description I mplem entFEC-1 ation Primary Port (ORD-SSE-01 NIC 0) access vlan Data 2 Chapterswitchport 5 - Ser ver - Based Computing Center Architect ure switchport mode access Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing 101 mode desirable Chapterchannel-group 7 - The Client Envir onment spanning-tree portfast Chapter 8 - Security 100 Chapterspeed 9 - Net w or k Managemen t duplex full Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt interface GigabitEthernet9/2 Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment description FEC-1 Secondary Port (ORD-SSE-01 NIC 1) Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices switchport access vlan 2 Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver switchport mode access Chapter 13 - Application I nstallation and Configur at ion channel-group 101 mode desirable Chapter 14 - Client Configur ation and Deploym ent spanning-tree portfast Chapterspeed 15 - Pr100 ofiles, Policies, and Pr ocedu res Chapterduplex 16 - Securing full Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Routing Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

router Ongoing eigrp Administr 109 ation of the Ser v er - Based Com puting Envir onment no auto-summary Pa r t I V no - Appendi eigrpx eslog-neighbor-changes Appendix A - I nter10.1.0.0 netw or k ing Basics network 0.0.0.255 Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model network 10.2.1.0 0.0.0.255 Chapter 21 -

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

Server-Side List of Figur es

Network Settings

List of Tables

Network interoperability requires correct (matching) configurations between the server-side hardware (netwo interface card (NIC)) and the associated switch interface. Using Intel NIC hardware as an example, there are List of Sidebars several critical settings that must be configured to ensure the best performance: List of Case Studies

Speed Set manually to 100 MBps for FastEthernet Auto-negotiate with flow control allowed for GigabitEthernet

Duplex Set manually to full-duplex for FastEthernet

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

2 00 3 : Th e O ff icial Guid e Auto-negotiate for GigabitEthernet by Steve Kaplan et al.

ISBN:0072195665

McGr aw -Hill © 2003 (724 pages) Power management This guide ex plains how to build a r obust, reliable, and

Disabled (no low power standby) scalable thinclientduring com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

Load balancing learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Use link aggregation (FEC or GEC)

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t sadapter-based fault tolerance Avoid Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Requires disabling spanning tree or using a hub (half-duplex)

For ewor d I ntr oduction

Uses only one NIC at a time

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntrswitch-based oducing Ser ver -Based Com puting and th e On- Dem and fault tolerance Chapter 1 Avoid Enterpr ise Chapter 2 Chapter 3

- Window s Terspanning minal Ser vices Requires tree be enabled, and incurs the spanning tree listening-learning-forwardin - Citr ix MetaFrdelay am e Access Suite transition (15 seconds) when failing over

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 4

-

only one at a time Pr Uses epar ing Your OrNIC ganization for an On- Dem and Enterpr ise I mplem ent ation

balancing Chapter 5 Avoid - Seradaptive ver - Basedload Computing Data Center Architect ure Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security Only the primary receives traffic

Chapter 9

- Net w or k Managemen t

Only the primary NIC handles broadcast traffic

Outbound NIC selection (by destination IP) is off-loaded to an operating system service

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Creating an FEC/GEC EtherChannel (Layer 2 link aggregation) is the preferred method for increasing the

Chapter 11 bandwidth - Ser ver Configur ation: Windows Ter or m inal Serv ices aggregate available to MetaFrame other servers. By their nature, they are fault-tolerant and ca Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver with only one member of the team, but with two or more members active, traffic is dynamically load-balance Chapter - Application I nstallation and Configur at ion across 13 a virtual "fat pipe." Chapter 14 - Client Configur ation and Deploym ent

Basic configuration an EtherChannel "team," and then adding members. One member mu Chapter 15 - Pr ofiles,involves Policies,creating and Pr ocedu res designated "primary" andAccess this MAC address will register as the address of the team. Figure 17-18 shows Chapter 16 - as Securing Client teamed17configuration and identifies Chapter - Net wor k Configur at ion the team MAC address and IP address. Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Figure 17-18: The FEC adapter team Individual member adapters must be correctly configured independently for 100MB, full-duplex. The second adapter is shown in Figures 17-19 through 17-21. Note that it reports the MAC address of the team/primary

adapter. Finally, Figure 17-21 shows the power management settings (enabled by default) that are inapprop for a server and may cause flapping on an FEC team. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Figure 17-19: The FEC member adapter (general)

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Figure 17-20: The FEC member adapter (link settings)

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Figure 17-21: The FEC member adapter (power management)

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Chapter Cit 18: Printing 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al.

ISBN:0072195665

Since the inception of networking, printing has been a primary concern during the design and McGr aw -Hill © 2003 (724 pages) implementation phases of building networks. Whether the issue is quality of the print job, bandwidth This guide ex plains how to build a r obust, reliable, and needs, performance requirements, paper tray demystification, or simply determining "Where did my scalable thin- client com puting envir onment and deploy print job go?" administrators have struggled with secure, and simple printing solutions to Windows 2000/ Windows 2003 Serproviding v er and MetaFr amfast, e. Also their users. This chapter Windowsmanagem printing ent, environment, learn t o explains centr alizethe application r educe softshows w ar e the options available to on the desktop, and e. administrators within MetaFrame XP,mor defines terminology unique to SBC printing, and provides a troubleshooting section for systematic resolution of the most common problems. Third-party print < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> driver utilities are also discussed as alternatives for managing the SBC print environment beyond the Ta ble o f Con t en t s tools inherent in MetaFrame XP. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

Windows Printing Explained

I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

From the perspective of most is a very simple process. I ntr oducing Ser verusers, -Basedprinting Com puting and th e On- Dem and Type some text into an Chapter 1 - click the printer icon in the toolbar, and pick up the pages from the printer. Unfortunately, application, Enterpr ise things aren't simple forminal a system administrator. Devoting just a bit of thought to the difficulties of Chapter 2 - so Window s Ter Ser vices printing3in complex environments is enough Chapter - Citr ix MetaFr am e Access Suite to give the average administrator a headache. In a less complex Pa r t I I - Deprinting signi ng environment, a n Ent e rpr i se the SBCclient Solut computer, ion

print server, and printer (or print device if you are fluent in Microsoft-speak) allfor located a single well-connected LAN environment. When Pr epar ing Yourare Or typically ganization an On-in Dem and Enterpr ise Chapter printer 4problems occur, an administrator is able to walk to all of the devices involved in the print I mplem ent ation process to investigate and troubleshoot problems. As companies grow, expanded LANs and WANs Chapter 5 - Ser ver - Based Computing Data Center Architect ure complicate printing. The print server, client, and printer may all be on different segments of the Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing network with some components located at different physical sites. Chapter 7 - The Client Envir onment Chapter 8

- Security In an SBC environment these three key components (client, printer server, and printer) are often

Chapter - NetWAN w or k links. Managemen t located9across New concepts and new terms also exist in an SBC environment, which Pa r t I I Ibe - Iunderstood m ple m ent ing n O n-D m a nd Se r vedesign, r - Ba se dimplement, Com pu ti ng and Envimaintain r onm e nt must in aorder toeeffectively

that environment. Printing

Chapter 10 cause - Pr oj ect Managing and Deploying Enter pr iseusers SBC Envir onment problems end-user frustration and, in an turn, cause to reject new technology. With proper Chapter 11 Ser ver Configur ation: Windows Ter m inal Serv ices planning, testing, consideration, and a good troubleshooting methodology, however, SBC printing can Chapter 12 - Ser Configur ation: Citr ix MetaFr am e Presentation Ser ver be managed andverwork properly. Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

The Windows Print Process

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client effectively Access The Windows environment shields the end user from the complexities of the print process. Chapter 17 to - appreciate Net wor k Configur at ion of developing and maintaining a complex and robust print However, the difficulty

environment, an must understand the fundamentals of the print process. Chapter 18 - Pr intadministrator in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

When a Windows user clicks the print icon, the following occurs:

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

generates anofoutput file document 1. The application Ongoing Administr ation the Ser v erincluding - Based Com puting formatting called an enhanced Envir onment metafile (EMF).

Chapter 21 -

Pa r t I V - Appendi x es

2. The sent theBasics local print spooler. Appendix A -EMF I nterisnetw orto k ing Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

3. From the EMF file, the local print spooler generates a spool file using a print driver. The spool file includes printer-specific information needed by the printer to create the final document.

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

List of 4. Figur Theesprint job is queued by the print spooler in the local spool folder and forwarded to the printer

or print server where it is transformed from print commands to hard output. List of Tables List of Case Studies

In SBC environments the MetaFrame server acts like a regular client workstation during printing. The application running from the Terminal Server generates the EMF, the EMF file is sent to the local print spooler, and a spool file is generated. The spool file may then be sent directly to the printer, to the print server that holds the queue for that printer, or to a client connected to the MetaFrame XP server where it is re-spooled to the printer or print server.

List of Sidebars

The MetaFrame XP Print Architecture

Users in an SBC environment can print to the following types of printers: Printers connected to ports on the user's client device on Windows, WinCE, DOS, Linux, UNIX, or Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Mac OS platforms. 2 00 3 : Th e O ff icial Guid e ISBN:0072195665 by created Steve Kaplan et al.such as printing from a PostScript Virtual printers for tasks driver to a file on a Windows McGr aw -Hill © 2003 (724 pages) client device.

This guide ex plains how to build a r obust, reliable, and scalable thin- client com servers puting envir andnetwork. deploy Shared printers connected to print on aonment Windows Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t odirectly centr alize application managem ent, r educe soft w ar e Printers connected to MetaFrame XP servers. on the desktop, and mor e.

Thel version= printer objects that ICA clients use can < ?xm " 1.0" encoding= " I SO- 88591" ?> be categorized by connection types. There are three kinds of printer connections in a MetaFrame XP server farm: client connections, network connections, and Ta ble o f Con t en t s local connections. This chapter refers to printers in a serverOfficial farm as client printers, network printers, Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Guide and local printers, depending on the type of connection they have in the farm. For ewor d I ntr oduction

Client Printers

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Serdifferently ver -Baseddepending Com puting on andthe th eICA On-Client Dem and Client printers are defined platform. Chapter 1 Enterpr ise Chapter - Window sand TerWinCE minal Ser vicesdevices, a client printer is physically connected to a port on the On2DOS-based client Chapter 3 device - Citr ixby MetaFr am e Access Suite client a cable. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

On UNIXPrand devices, a PC PostScript printer eparMacintosh ing Your Orclient ganization for an On-or Dem and Enterpr ise connected to a serial port (or a USB portI mplem for newer Macintoshes) is considered a client printer. ent ation

Chapter 4 Chapter 5

- Ser ver - Based Computing Data Center Architect ure

On 32-bit Windows platforms (Windows 9x, Windows NT, Windows 2000, and Windows XP), any - Designing Your Netw or k for Ser ver- Based Com put ing printer that is set up in Windows (these printers appear in the Printers folder on the client device) is Chapter 7 - The Client Envir onment a client printer. Locally connected printers, printers that are connected on a network, and virtual Chapter 8 - Security printers are all considered client printers. Chapter 6

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Network Printers

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter - are Ser ver Configur to ation: inal Servon ices Printers11that connected printWindows servers Ter andmshared a Windows network are referred to as Chapter network12printers. - Ser ver In Configur Windows ation: network Citr ixenvironments, MetaFr am e Presentation users can Ser set ver up a network printer on their

computers they have permission connect toatthe Chapter 13 -if Application I nstallation to and Configur ion print server. In a MetaFrame XP environment, administrators can Configur import network and Chapter 14 - Client ation andprinters Deploym entassign them to users based on group membership. When a15network printer is setand up for use on Chapter - Pr ofiles, Policies, Pr ocedu resan individual Windows computer, the printer is a client printer 16 on the client device. Chapter - Securing Client Access Chapter 17 - Net wor k Configur at ion

Local Printers

Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery andbyBusiness Continuityon in the the MetaFrame SBC Envir onment Alocal printer is a printer created an administrator XP server using the Add Chapter 20 Migr ation to Window s 2003 and Citr ix MetaFrame XP Printer Wizard from within the Printers applet in the Control Panel. Like a network printer, print jobs Ongoing Administr of the device Ser v er -and Based Com printed21 to a- local printer bypassation the client can beputing sent either to a Windows print server or Chapter Envir onment

directly to a printer, depending on how the printer has been created on the server. If the printer is added to the MetaFrame server with the port pointed to a share such as \\printserver\sharename, then Appendix I nter netw or k ing Basics the printAjob- is sent to the print server before heading to the printer. The print queue can be Windows-, Appendix B Creating an OnDem Enterpr ise Financial Model the actual printer itself (such as NetWare-, or UNIX-based. If the and printer is added and theAnalysis port specifies Appendix C Creating an OnDem and Enterpr ise Subscr iption Billing Model an lpr queue to the printer's IP address), then the MetaFrame server is essentially the print server, and I ndex the job is sent directly to the printer. Local printers are not typically utilized in an enterprise MetaFrame List Figur es XPofenvironment because of the need for the administrator to set up every printer in the environment on List of Tables each MetaFrame XP server. However, local printers can be utilized successfully in smaller MetaFrame XPoffarms List Case (three Studiesor fewer servers). Pa r t I V - Appendi x es

List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Client Printer Mapping 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve Kaplan et al.to access client printers from Client printer mapping allows a user within an ICA session. Client printers are m McGr aw -Hill © 2003 (724 pages) login and are called auto-created printers. They are automatically removed from the server upon session ter often rely on auto-created provide access to a printer print management utilities may not be av This guideprinters ex plainstohow to build a r obust, reliable,as and thin-in client com puting onmenton and Client printers arescalable supported different ways envir depending thedeploy operating system of the client machine. Met Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also clients, provided a suitable driver is automatically map all printers that are installed locally on Windows 32-bit learn t o centr alize application managem ent, r educe soft w ar e clients require manual thee.printer mapping process. on theintervention desktop, andinmor

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Auto-Creation of Client Printers

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

The auto-creation of client printers for Windows 32-bit clients is a complex process that allows for great flexi environment. The basic process is outlined next.

For ewor d

I ntr oduction

ICA session initiation/login a user Pa r t 1. I - Ov er vi e w of Ente r pr ise Se r ve r - When Ba se d Com putlogs in g Chapter 1 Chapter 2 Chapter 3

in, a series of programs are run, including the followin

I ntr oducing Ser ver -Based Com puting and th e On- Dem and - Login scripts (if available) Enterpr ise - Client Window s Ter minal Ser(if vices drive mapping enabled) - Citr ix MetaFr am e Access Suite

Printer (if Solut enabled) Pa r t I I - De signi ng a nauto-creation Ent e rpr i se SBC ion Chapter 4

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise - Application compatibility scripts (if present) I mplem ent ation

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

2. User rights are evaluated and permissions checked The MetaFrame server determines if the use - Designing Your Netw or k for Ser ver- Based Com put ing locally installed printer. These rights are set in the following places:

Chapter 6 Chapter 7

- The Client Envir onment

Chapter 8

- Citrix Security User Policies - Net w or k Managemen t

Chapter 9

MetaFrame farm Pa r t I I I - I m ple m ent ing a nXP O n-D e m settings a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Citrix connection configuration/Connection client settings

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 12 - For Ser ver Configur Citr ixusers MetaFr am e Presentation Serproperties) ver W2K, Activeation: Directory and computers (user Environment tab Chapter 13 - Application I nstallation and Configur at ion

user does have the preceding rights, then no client printers will be mapped. Chapter If 14the- current Client Configur ationnot and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

3. Exact driver match Each user's print drivers are matched against the printer drivers installed on the

Chapter match 16 - Securing Client description Access for the driver is found, then the client printer is mapped. Chapter 17 - Net wor k Configur at ion

spaces and other subtle differences, such as case sensitivity, in driver description Chapter 18 -Note Pr intAdditional in g differences can occur between the same printer drivers on different operating systems. For Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment 4 - PCL" will not a server driver Chapter 20 - Migr LaserJet ation to Window s 2003 andmatch Citr ix MetaFrame XP "HP LaserJet 4." Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 4. Translation match Printer driver descriptions are then matched against the mappings found in the IM Envir onment

contains Pa r t I V -database Appendi x es

mappings between client printer driver descriptions and printer drivers installed on

Appendix A - I nter netw or k ing Basics

5. Create printer share The printer share for locally attached printers is created with the format Client N

AppendixNetwork-attached B - Creating an OnDem and isewith Financial Analysis Model printers areEnterpr created the format Client Name#\\PrintServer\ShareName. For ex Appendixnamed C - Creating an OnDem and Enterpr ise Subscr iption Billing Model a successfully created printer shar WS01, with a locally attached printer name of PRINTER1, I ndex

be named WS01#PRINTER1. While its network-attached printer on \\PRNTSRV_01\PRINTER2 wou

List of Figur es WS01#\\PRNTSRV_01\PRINTER2. List of Tables

6. Case Additional List of Studies printers Steps 3 through 5 are repeated for each client printer. List of Sidebars

The auto-creation process is shown in Figure 18-1.

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Figure 18-1: The auto-creation process

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d that a print job takes for auto-created client printers can change based on what type of printer it is a The path I ntr oduction configured. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Locally connected client Ser printers always print through the ICADem channel I ntr oducing ver -Based Com puting and th e Onand back to the client and are spooled loc Enterpr ise shown in Figure 18-2.

Chapter 1 Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7 - 18-2: The Client Envirattached onment printer Figure A locally Chapter 8 - Security Chapter 9

- Net w or k Managemen t

The behavior of network printers that are auto-created from the client can vary. If the network printer is autojob will spool back through the ICA channel to the client machine, then to the network print server, and then Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Figure 18-3. This configuration is ideal for clients printing to network printers across a WAN link from the Me Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices print job being streamed within the ICA channel. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

Figure 18-3: Network printer ICA

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating anauto-created On- Dem and Enterpr ise Subscr iption Billing If the network printer is as a network printer then the Model job is spooled directly to the print server, a I ndex architecture is good when the network printer is on the same LAN as the MetaFrame XP server or where WA List of Figur es speed will be faster and the ICA channel does not have to process the print information. factor, as print List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e ISBN:0072195665

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

Figure 18-4: Network printer

I ntr oduction

Pa r t I - Ov vi e w of Enteand r pr ise Se rto veusing r - Ba seauto-created d Com put in g client There areermany pros cons

printers.

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise Advantages of auto-created client printers: Chapter 2 - Window s Ter minal Ser vices Chapter 1

-

Seamless connection Chapter 3 - Citr ix MetaFr amofe printers. Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Users see familiar printers.

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation All supported local printers are available. Chapter 5 - Ser ver - Based Computing Data Center Architect ure Chapter 4

-

Quick of existing printers. Chapter 6 setup - Designing Your client Netw or k for Ser ver- Based Com put ing Chapter 7

- The Client Envir onment

Chapter 8

- Security

Printer queues or permissions do not have to be configured on the MetaFrame XP server side.

Chapter 9 - Netof w or k Managemen t Disadvantages auto-created client printers: Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Increased bandwidth usedand by Deploying MetaFrame sessions. Chapter 10 - Pr oj ect Managing an XP Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Printing speed is usually decreased and higher resolution or color printers may overtax low-end client de

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - must Application I nstallation and Configuron at ion Printers be installed and configured each client. Chapter 14 - Client Configur ation and Deploym ent

Users add, delete, or modify Chapter 15 can - Pr ofiles, Policies,update, and Pr ocedu res their printers in a way that breaks the auto-creation process. Chapter 16 - Securing Client Access

Driver management is necessary to ensure compatibility.

Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Windows Terminal Services Automatic Printer Redirection

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - redirection Migr ation toisWindow and Citr ixauto-creation MetaFrame XPin MetaFrame XP but is limited to locally attac RDP printer similarsto2003 client printer Ongoing Administr ation of the Ser v eron - Based Com puting and the local printer must use a driver installed the server. There is limited support for print driver mappin Chapter 21 Envir onment print driver setting. The automatic redirection of client printers is only available for Windows 32-bit operating Pa r t I V - Appendi x es terminals and 16-bit

Windows clients can manually create queues but there is no support for any other opera

Appendix A - I nter netw or k ing Basics Appendix MetaFrame B - Creating XP Auto-Created an On- Dem and Enterpr Client ise Printing Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Client printer auto-creation can be configured at the following levels: I ndex List of Figur es

List ofPer Tables MetaFrame XP farm This is configured in the CMC by selecting Printers in the left pane of the Print List of Case Studies List of Sidebars

Per Server This is configured by clicking Client Settings in the Properties of the ica-tcp connection in Cit Per User This is configured by Citrix user policies within the Policies section of the CMC.

Per MetaFrame XP Farm The farm settings are configured from the Citrix Management console by right-clic clicking Properties. In the Printer Management Properties dialog box, select Printers from the left pane as sh

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Figure 18-5: The Printer Management Properties window

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing The Auto-Created Client Printers section of this page has many options. If auto-creation of client printers is t Chapter 7 - The Client Envir onment

in the farm, sure the box is checked next to Auto-create Client Printers When User Logs On. There are Chapter 8 - make Security created9 printer this section. Chapter - Netacts w or kunder Managemen t Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - printer Pr oj ect Managing and an Enter pr ise SBC Envir onment Update properties atDeploying each logon Selecting this option pulls the printer settings from the client Chapter 11 Ser ver Configur ation: Windows Ter m inal Serv ices user changes made to printer settings while in an ICA session are temporary and will not be retained. Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Inherit client printer's settings for keeping printed documents Selecting this option forces the use o regard to printed documents.

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access

Delete jobs at logout Selecting this option deletes pending print jobs on auto-created cl Chapter 17 - pending Net wor k print Configur at ion

of the session. Do not select this option if you want the pending print jobs to be available when a use Chapter 18 ICA - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - create Migr ation to Window s 2003 and Citr MetaFrame XP Selecting this option forces the server to con Always client network printers asixclient printers Ongoing Administr ation of print the Ser v erare - Based Com puting auto-created client printers so all jobs directed through the client (using the ICA channel) instea Chapter 21 Envir onment printer. When this option is selected, printing from MetaFrame XP servers to network printers that are au Pa r t I WAN V - Appendi x es connections.

This is due to the fact that data sent to the client is compressed within the ICA sessio

Appendix - Ito nter netw or k ing Basics printAjob the printer. Additionally, if two network printers have the same printer share name, the printer Appendix B - This Creating an should On- Demnot andbe Enterpr ise Financial Analysis Model is used. option selected if you want print jobs to be sent directly from MetaFrame XP Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

This section also lets us specify which client devices the client machine attempts to create at logon. I ndex List of Figur es List ofDefault Tables client printer only Selecting this option auto-creates only the printer set as the Win32 client's d List of Case Studies List of Sidebars

Local (non-network) client printers only Selecting this option auto-creates only the local client printer attached client printers are physically connected via an LPT, COM, USB, or other local port. All client printers Selecting this option auto-creates all of the client printers on a user's client device. Use connection settings for each server Selecting this option selects which client printers are auto-cr

Connection Configuration. Per Server The per server printer auto-creation settings are found in the Citrix Connection Configuration pro Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Settings under the Properties of the ica-tcp connection. These settings apply to any client connected to this s 2 00 3 : Th e O ff icial Guid e overriding Citrix User Policy or auto-creation is turned off at theISBN:0072195665 farm level. The key options in this section are by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

Connect client at logon option automatically maps client printers during session Thisprinters guide ex plains howSelecting to build athis r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also Default to main learnclient t o centr printer alize application Selecting managem this optionent, forces r educe thesoft default w ar e printer on the server to be the clie on the desktop, and mor e. < ?xm l version= " 1.0"configuration encoding= " I SO8859- 1" ?> Inherit user Selecting this option uses the individual user's settings in Active Directory ins Ta ble o f Con t en t s configuration. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

By default, connect only the client's main printer Selecting this option only maps the client's default

I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Disable Chapter 1 - Windows client printer mapping Selecting this option turns off client printer mapping on the s Enterpr will override anyise settings configured on the MetaFrame XP farm level. Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Disable Client LPT port mapping Selecting this option disables LPT port mapping on the server.

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pruse eparof ingCitrix Your user Or ganization forthe an only On- Dem Enterpr isemanage auto-created printer settings fo Per User policies is wayand to effectively Chapter 4 The I mplem ent ation

example was given in Chapter 15 for creation of a Citrix user policy. The policy settings that are relevant to a - Ser ver - Based Computing Data Center Architect ure Client Devices in the Client LPT Ports and Client Printer sections. The pertinent policy settings are

Chapter 5 Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment Turn client LPT port mapping When set to Rule Enabled, client LPT port mapping is disabled. Chapter 8 off - Security Chapter 9

- Net w or k Managemen t

Pa r t I Connect I I - I m ple m ent ing a n O n-DWhen e m a ndset Se to r veRule r - Ba se d Com puclient ti ng Envi r onm are e nt client printers Enabled, printers

connected through the ICA chan

Chapter 10necessary - Pr oj ect to Managing and Deploying an Enter pr ise SBCupon Envirlogon. onment also select which client printers to connect Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Default to client's main printer When set to Rule Enabled, the clients local default printer is set as the

Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Turn When Chapter 15 Off - PrClient ofiles, Printer Policies, Mapping and Pr ocedu res set to Rule Enabled, all client printers are disabled for the user Chapter 16 - Securing Client Access

Note Citrix User Policies override all other printer auto-creation settings configured at the server or farm

Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Driver Universal Print

Configuration

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter The Universal 20 - Migr Print ation Driver to Window (UPD)s is2003 a Citrix-provided and Citr ix MetaFrame driver that XPuses PCL4 or PCL5c for Windows 32-bit and

for other clients. The UPD is discussed later the chapter more depth. It is important to remember that th Ongoing Administr ation of the Serin v er - Based Comin puting EnvirThe onment created printers. UPD configuration is accessed by logging in to the CMC, right-clicking the Printer Mana Pa r t I V - Appendi es settings are located in the Drivers section. There are four settings for the UPD, as show Properties. The xUPD Chapter 21 -

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Figure 18-6: The Drivers tab of CMC

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing Native onlyEnvir Never uses the UPD. Chapter 7 - driver The Client onment Chapter 8

- Security

Chapter 9 - Netdriver w or k Managemen t uses the UPD. Universal only Always Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Use universal driver only if native driver is unavailable Uses the UPD only for printers that do not ha another print driver already in the CMC.

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Both and native drivers Creates Chapter 14 universal - Client Configur ation and Deploym ent each printer with the UPD and a separate printer using the instances eachPolicies, printer).and Pr ocedu res Chapter 15 - Prof ofiles, Chapter 16 - Securing Client Access

This section of the properties also contains a check box to Automatically Install Native Drivers For Auto-crea This box should be checked if native drivers are being used and you want to automatically install and use na Chapter 18 - Pr int in g exist. Chapter 17 - Net wor k Configur at ion

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter - Migr ation to Window s 2003 and Citr ix MetaFrame XP Driver20Compatibility Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir onment Driver compatibility is a configurable option from within MetaFrame that allows administrators to specify eithe Pa r t I V Appendi x es drivers for printer auto-creation or a list of incompatible drivers that are not to be mapped when presented to Appendix A - ICreate). nter netw Incompatible or k ing Basics drivers would typically be ones such as Fax drivers, Adobe distillers, and client (Never Appendix B - Creating an OnDem and Enterpr and managing these lists is accessed by ise Financial Analysis Model Appendix C - Creating an CMC. On- Dem and Enterpr ise Subscr iption Billing Model 1. Logging in to the I ndex

2. Figur Opening the Printer Management section. List of es List of Tables

3. Right-clicking Drivers and selecting Compatibility.

List of Case Studies

List of Driver Sidebars The Compatibility console has several options, as shown in Figure 18-7. The server platform for the d

primary choice is Allow Only Drivers In The List (Allowable) or Allow All Drivers Except Those In The List (Ne added to or removed from these lists with the Add and Remove buttons. The driver name can be either type list of drivers already installed on the MetaFrame XP servers.

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Enterpr ise compatibility Figure 18-7: Driver

Print Mappings Pa r t I I - Driver De signi ng a n Ent e rpr i se SBC Solut ion Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 -mappings are integral to a successful implementation of client auto-created printers. By using pri Print driver I mplem ent ation

administrator can known compatible drivers on the server- and client-side drivers Chapter 5 - Ser vercreate - Basedmappings Computingbetween Data Center Architect ure exist on6 the- server. TheYour Driver Mapping console provides a graphical interface to map client printer drivers to Chapter Designing Netw or k for Ser ver- Based Com put ing mappings in theEnvir dataonment store so it is available to all servers in the farm. To access the Driver Mapping c Chapter 7 is - held The Client 1. Log to the CMC. Chapter 8 -inSecurity Chapter 9

- Net w or k Managemen t

2. Open the Printer Management section.

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing 3. Right-click Drivers and and clickDeploying Mapping.an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

The Driver consoleation: shown inixFigure you toSer enter, Chapter 12 -Mapping Ser ver Configur Citr MetaFr18-8 am e allows Presentation ver remove, or edit driver mappings. A dr Add and typing theI exact client-side print driver. Chapter 13then - Application nstallation and Configur at ion Afterward, choose an existing server driver from a drop the mapping to make sure ation the print prints Chapter 14 - Client Configur and driver Deploym ent properly to the client printer. An administrator could map a c color laser butPolicies, print output would Chapter 15 -driver, Pr ofiles, and Pr ocedunot res be usable. Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Figure 18-8: Driver mapping Note Only an "allowable" or "never create list" can be created.

Printer Bandwidth Management MetaFrame XP has built-in functionality to manage bandwidth within an ICA session. When a print job Cit rix Me t aFra m e Access Su it e foprinter r W in do w s Ser ver channel, it leads 2to00increased Failure to control printer bandwidth leads to slow or u 3 : Th e O bandwidth ff icial Guidconsumption. e printing. If the bandwidth managed, to complete but the user's session is not adv by SteveisKaplan et al. the print jobs take longerISBN:0072195665 print jobs are allowed to consume in the ICA channel can be configured either on the per-server level or on McGr aw -Hill © 2003 (724 pages) is a guideline for This usingguide printer bandwidth management: ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s BandwidthAllocatedforICA This value is the bandwidth size allocated for ICA traffic across a specific W Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

AveragePerSessionBandwidth This is the average bandwidth used per ICA session.

I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

NumberofConcurrentUsers I ntr oducing Ser ver -Based ThisCom value puting is the and number th e On-of Dem concurrent and users that access the MetaFrame Enterpr ise link.

Chapter 1 Chapter 2

- Window s Ter minal Ser vices Note results in a negative number, set the bandwidth available for printing to 5Kb. Chapter 3 If- this Citrequation ix MetaFr am e Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

For example, if there were a T1 from site to site with a 500Kb allocated partition for ICA and 10 concurrent u

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter then we4 would limit the user printing bandwidth per session to 20Kb. I mplem ent ation Chapter 5

- Ser ver - Based Computing Data Center Architect ure As mentioned earlier, the settings for printer bandwidth management can be configured on a per-server or p

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Server-Level Setting The server level setting can be configured in the properties of the individual server, or Management section of the CMC. The following steps are used to configure the bandwidth setting for an ind

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

1. Log in to the CMC.

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Printer Application I nstallation and Configur at ion 2. Click Management. Chapter 14 - Client Configur ation and Deploym ent

3. Click Bandwidth tab in Pr theocedu right-hand pane. Chapter 15 - the Pr ofiles, Policies, and res Chapter 16 - Securing Client Access

4. Right-click the server to be configured and click Edit.

Chapter 17 - Net wor k Configur at ion

Chapter 18 - the Pr intradio in g button next to Limited and enter the number of Kbps that are appropriate for that serve 5. Click Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Note setting a servers can copied other servers Chapter 20 The - Migr ation for to Window 2003be and Citr ixto MetaFrame XP in the environment by right-clicking the serv theOngoing dialog box that would appropriate for that setting. Administr ation be of the Ser v er - Based Com puting

Chapter 21 -

Envir onment

The user-level settings for printer bandwidth are set within Citrix user policies. The settin set at the server level. For instructions on the creation of Citrix user policies, please refer to Chapter 15. The Appendix A - I nter netw or k ing Basics held in the Client Devices section of the policy under Client Printers | Client Printer Bandwidth. The policy sh Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model the appropriate Kbps input in the box for that user or group. User-Level Setting Pa r t I V - Appendi x es

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

Thin-Client Printing

List of Figur es List of Tables

Thin clients do not have the ability to auto-create printers. If a printer is locally attached to a thin client, the IC or the Client Printers dialog box in the CMC must be used to create the printer within the user's ICA session.

List of Case Studies List of Sidebars

ICA Client Printer Configuration The ICA Client Printer Configuration utility allows users to control the creation, deletion, connection, and disc session. The utility is used by client machines that do not have a native Windows Print Manager, such as the based thin client. The ICA Client Printer Configuration utility must be run from inside an ICA session. If users program from a published desktop, publish the ICA Client Printer Configuration utility as a separate publishe or configure client printers.

To create a new printer with the ICA Client Printer Configuration utility: 1. Select the Printer menu and click New or press the INSERT key. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

2. This launches the Add ICA Client Printer Wizard, which uses dialog boxes to prompt the user for a pr ISBN:0072195665 by Steve Kaplan et al. port to which the printer is connected, and a name to use for the printer. These dialog boxes are simil McGr aw -Hill © 2003 (724 pages) printer on a Windows 95 or Windows NT workstation. This guide ex plains how to build a r obust, reliable, and thin- clientiscom puting envir onment deploy 3. Once all ofscalable this information obtained, the utility willand send a request for information to the client abou Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also information necessary for creating the printer. On a DOS machine, this information is written to the pr learn t o centr alize application managem ent, r educe soft w ar e connects again, printerand is created on the the desktop, mor e. in the ICA session. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Client Printers Ta ble o f Con t en t s Citr ix MetaFr e Access Suite forwithin Window Ser v erallows 2003—The Official Guideto be created based on client name. The Client am Printers dialog box thes CMC for client printers For ewor d

Tooduction add a client printer from the CMC: I ntr Pa r t 1. I - Ov er vi w of r pr ise Se r ve r - Ba se d Com put in g Log ine to theEnte CMC.

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

2. Open Printer ise Management. Enterpr

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

3. Right-click Printers and click Client Printers.

Pa r t 4. I I - Click De signi a n Ent e rpr i se SBC Solut ion thengAdd button.

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

mplem ationname and the printer name, and then select the driver and the port that should b 5. Enter Ithe ICAent Client

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing UNIX Client Printer Auto-Creation - The Client Envir onment

Chapter 7

Chapter 8 - auto-created Security The default printer for the UNIX client can be set on either a user or machine level. Chapter 9 - Net w or k Managemen t

1. Edit the configuration file, wfclient.ini:

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - For Pr ojaect Managing and should Deploying Enter pr ise SBC Envir onment single user this be an $HOME/.ICAClient. Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

all users of ation: a machine, $ICAROOT/Config will work. Chapter 12 - For Ser ver Configur Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

2. In the [WFClient] section of the file, type

Chapter 14 - Client Configur ation and Deploym ent

DefaultPrinter=PrinterName

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - DefaultPrinterDriver=PrinterDriverName Securing Client Access Chapter 17 - Net wor k Configur at ion

PrinterName is a name for the chosen printer, and PrinterDriverName is the name of the Micro Chapter where 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

3. Save and close the file.

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

EnvirClient onment Printer Auto-Creation Macintosh

Pa r t I V - Appendi x es

No special needed Appendix A -configuration I nter netw or kis ing Basics to set up local printers to print during an ICA session for MAC clients. Use settings Bduring the session. Appendix - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

To print a document during an ICA session:

I ndex

1. Figur Make List of es a connection to a server and open the application you want to use. When you are ready to print menu choose one of the following two printing settings.

List of Tables

List of Case Studies List of Sidebars Print Automatically Prints (using the current printer settings) when you select the printer and cl

Print With Dialog After you select the printer and click Print, you see the standard Macintosh Pr change printer settings. Click the setting you want to use. 2. From the application's File menu, choose Print. 3. In the Print dialog box, select the printer: Client\username#\Mac Printer or Client\Macintosh ICA Clien

Java Client Printer Auto-Creation Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

The ICA Java Client threeGuid values 2 00 must 3 : Th pass e O ff icial e for auto-creation to be successful. by Steve Kaplan et al.

ISBN:0072195665

McGr aw -Hillsignificant © 2003 (724 name pages) to identify the printer. Printer name A locally This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Port name AWindows file name, portWindows name, or printer andamprint queue. 2000/ 2003 Ser vIP eraddress and MetaFr e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Driver The printer driver. The driver name must match the driver name on the MetaFrame XP server ex

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaThe ble oJava f Conparameter t en t s name to use when passing the printer name to the ICA Java Client is user.localclientpri Citr ix MetaFr am e Access Suite for Windowwhere s Ser v er Official Guide the2003—The printername is the same as that specified in user.localclien Java parameter user.printername.port For ewor d the parameter user.drivername.driver, where drivername is also the name specified in user.localprinters. I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Network Printers 2 00 3 : Th e O ff icial Guid e

by Steve Kaplan et al. Auto-created network printers allow an administrator to import ISBN:0072195665 available printers from network print McGr aw -Hill will © 2003 (724 pages) servers. The import process install, if it is not already installed, the print driver from the network print server onto the XPhow server whena ar obust, user logs in. Once ThisMetaFrame guide ex plains to build reliable, and the printers are imported, an thin- client com puting envir onment and deploy administrator canscalable assign users or groups to have that printer auto-created automatically. Additionally, it 2000/print Windows 2003 for Serthat v er and MetaFr am e.can Alsobe given the ability to then is possible to set Windows basic default properties printer. Users learn t o centr alize application managem ent, r educe soft w ar e change those print or theand administrator can push those settings back down to the user at each onsettings the desktop, mor e. user logon. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaAdvantages ble o f Con t en s oftnetwork auto-created printers: Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Printers can be auto-created for users on a per-user or group basis. For ewor d I ntr oduction

Printer settings can be set for the user.

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting th e OnDem and MetaFrame XP integration with network printand servers is seamless. Chapter 1 Enterpr ise

Network traffic iss minimized byvices taking the client out of the print process. Chapter 2 - Window Ter minal Ser Chapter 3

- Citr ix MetaFr am e Access Suite

Disadvantages of network auto-created printers:

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise There is Chapter 4 - no way to specify which printer is set as default for users that have multiple printers I mplem ent ation

created.

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6 - Designing Your Netw or k forunless Ser verBasedauto-creation Com put ing is also used. Users cannot utilize local printers client Chapter 7 - The Client Envir onment Chapter 8

- Security Importing Network Print Server

Chapter 9

- Net w or k Managemen t

Pa r t I Iimport I - I m ple ent ing aprint n O n-D e m a nd r ve r - simple. Ba se d Com pu ti ng Envi r onm e nt The of m Network servers is Se rather

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

1. Log in to the CMC.

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser verPrinter Configur ation: Citr ix MetaFr am e Presentation Ser ver 2. Right-click Management. Chapter 13 - Application I nstallation and Configur at ion

3. Click Networkation Printand Server. Chapter 14 - Import Client Configur Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

4. Enter the NETBIOS name or IP address of the print server in the Server field, then enter an

Chapter account 16 - Securing Client Access that has full permission to all printers on that server and click OK. Chapter 17 - Net wor k Configur at ion

The printers Chapter 18 - from Pr int inthat g server should now appear under Printers in the Printer Management section of the CMC. Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the SerAuto-Creation v er - Based Com puting Configuring Network Printer

Chapter 21 -

Envir onment

Pa r t I V -must Appendi x es Users be assigned

permissions to imported network printers in order for them to appear in their

Appendix A - IThe nter netw or k ing ICA session. process forBasics assigning user permissions to these printers is quite simple. Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

1. Log in to the CMC.

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex2. Open Printer Management. List of Figur es

3. Click Printers (available printers will appear in the right-hand pane).

List of Tables

List of Studies the printer to be configured and click Auto-Creation. 4. Case Right-click List of Sidebars

5. Add users or groups by selecting them and clicking Add. Then click OK, as shown in Figure 189.

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente ise Se r ve r - Ba se d Com put in gdialog Figure 18-9:r prThe Auto-Creation Settings

Chapter 1

-

box

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Note preferences as paper size, copy count, print quality, and orientation can be set Chapter 2 Printing - Window s Ter minal such Ser vices Chapter 3

for a printer by clicking the Printing Preferences button on the Auto-Creation screen. - Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Note Auto-created network printer settings can be updated at each logon by selecting the Printers

Pr epar Or ganization for anProperties On- Dem and Enterpr ise This should be selected if autoofing theYour Printer Management in the CMC. Chapter 4 section I mplem ent ation

created network printers are to be updated with settings assigned in the Management - Ser ver - Based Computing Data Center Architect ure Console. Any changes made by users are replaced with the assigned settings every time the Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing users log on. Do not select this option if you want to retain the changes that users make Chapter 7 during - The ICA Client Envir onment sessions to their network printer settings. Chapter 5

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Printer Default

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

The Windows Printers folder may need to be published to end users to allow them to set a default

Chapter - Ser ver Configur ation: Ter mPrinters inal Servfolder ices is traditionally in the Control Panel or is printer 11 if only network printers are Windows utilized. The Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver desktop or only published accessible from the Start menu, but if users are using a locked-down Chapter 13 - Application I nstallation and Configur at iondefault printer. The best way to accomplish this is applications, they need a way to manage their own Chapter 14 Client Configur ation and Deploym ent to give the user a published application of the Printers folder. Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

The Printers folder is aClient shellAccess extension that usually resides off the Control Panel. A globally unique ID Chapter 16 - Securing (GUID)17 declares shell extensions. Chapter - Net wor k Configur at ion Printers are a Control Panel extension in the registry under

HKEY_CLASSES_ROOT\CLSID\ {2227A280-3AEA-1069-A2DE-08002B30309D}. This generated identifier represents the extension and points to the proper DLL to run it. It defines the icon, the folder Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment name, and so on. Using this extension with its default name value (Printers), you can run the extension Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP independently in an Explorer instance. For example: Chapter 18 - Pr int in g

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

a new folder on the desktop and name it Printers, {2227A280-3AEA-1069-A2DE1. CreateEnvir onment When you press ENTER after you create this folder, you will notice that the Pa r t I V -08002B30309D}. Appendi x es changes the Printers folder icon. If you open the folder, you will see your printers. Appendixfolder A - Iicon nter netw or k ingtoBasics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

2. Create this new folder in the All Users profile folder in the Start menu.

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex3. Publish the folder as a published application. List of Figur es

List of Tables Copy the \Windows\explorer.exe program to a new location with a new name (for example,

C:\Print\explorerp.exe). List of Case Studies List of Sidebars

Rename it so that it runs as a unique process. Publish the function using the new Explorer instance. Name the application Print and use the following command line (assuming you created the Printers folder on the root drive C): C:\print\explorerp.exe n,/root,C:\Printers.{2227A280-3AEA-1069-A2DE-08002B30309D}.

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Local Printers 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve(less Kaplan et three al. In smaller environments than MetaFrame XP servers) local printers can provide a robust McGrwithout aw -Hill © 2003 (724 a pages) printing environment requiring large amount of administration to maintain them. All MetaFrame XP servers in this configuration become print reliable, servers and and need individual print queues to This guide ex plains how to build a r obust, scalable com puting envir onment and each network printer usedthinby client clients. There are utilities such asdeploy the Print Migrator 3 from Microsoft Windows 2000/ Windows v er with and MetaFr am e. Also (found on the Windows 2000 resource kit)2003 that Ser assist propagation of printers from one server to learn t o centr alize application managem ent, r educe soft w ar e another, but in larger farms this process becomes very time intensive. When a new printer is on the desktop, and mor e. introduced to the environment, the administrator needs to configure the printer on each Terminal < ?xm l version= 1.0" encoding= " I SO- 8859- 1" ?> Server in the "environment.

Ta ble o f Con t en t s Citr ix MetaFr am Access Suite for s Ser v erXP 2003—The Advantages ofe local printers on Window a MetaFrame server: Official Guide For ewor d

Excellent LAN printing performance.

I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Reliable.

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Enterpr Printer setup periseuser is very controlled.

Chapter 2

- Window s Ter minal Ser vices Disadvantages printers on a MetaFrame XP server: Chapter 3 - Citrof ix local MetaFr am e Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Additional overhead for MetaFrame XP server to process print jobs.

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

No local printer support.

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6 WAN - Designing Netw or k for Ser ver- Based Com put ing Poor printingYour performance. Chapter 7 - The Client Envir onment

Users must browse the network for printers they need that are not configured. Chapter 8 - Security Chapter 9

- Net w or k Managemen t

Printers must be configured on all servers in the farm.

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Printer Driver Selection

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Driver selection is a critical decision for SBC printing. It is important to have a print driver that will be compatible with the multiuser environment and at the same time provide the printing functionality that Chapter 14 - Client Configur ation and Deploym ent is required by the users. While things have come a long way from the Windows NT 4.0 Terminal Chapter - Pr ofiles, Pr ocedu reslimited support from third-party providers, drivers are still a Server 15 Edition's "bluePolicies, screen and of death" and Chapter 16 Securing Client Access paramount concern of printing in the SBC environment. The following driver selection topics are Chapter 17 and - Net wor kadvantages Configur at ion explained their and disadvantages discussed: the printer manufacturer native driver, Chapter 18 Pr int in g the Microsoft operating system native driver, and the Citrix Universal Print Driver. Chapter 13 - Application I nstallation and Configur at ion

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

The Printer Manufacturer Native Driver

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir onment Theprinter manufacturer native driver is a print driver included with the printer or downloaded from the Pa r t I V - Appendi x es printer manufacturer's web site. Appendix A - I nter netw or k ing Basics Appendix Advantages B - of Creating printeran manufacturer On- Dem and native Enterprdrivers: ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

All features of the printer are included with the driver (printing to mailboxes, two-sided printing, collating, stapling, and so on).

List of Figur es

List of Tables Disadvantages of printer manufacturer native drivers: List of Case Studies

drivers are often not written for a multiuser environment and may cause the spooler service to List ofThe Sidebars crash any time a user prints with that driver. Although they may be certified as multiuser-compliant, some advanced features still may not function properly (graphics printing, landscape, duplex, watermarks, and so forth). Drivers are not designed for a network environment and often have additional components that are not desirable (control panels, print monitors, and others).

Printer manufacturer native drivers have become better over time in terms of supporting the Terminal Services structure, but there are still many inherent problems. Windows Server 2003 drivers have improved due to more compatibility Cit rix multiuser Me t aFra m e Access Surequirements it e fo r W in doby w sMicrosoft. Ser ver There will always be issues with drivers written by3third due to the 2 00 : Th eparties O ff icial Guid e complexities involved in the print subsystem and the reluctance of some third-party providers to correctly code and ISBN:0072195665 test drivers for Terminal Services. by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and Microsoft Operating System Native Driver

scalable thin- client com puting envir onment and deploy

Windows Windows Ser vbuilt-in er and drivers MetaFr am Also with the Windows operating Microsoft operating system2000/ native drivers2003 are the thate.ship learn t o centr alize application managem ent, r educe soft w ar e system. Windowson2000 Server included for over 2800 devices and Windows Server 2003 the desktop, and mordrivers e. natively supports over 3800 devices. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaAdvantages ble o f Con t en s of tMicrosoft native drivers: Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Drivers are included with the operating system. For ewor d I ntr oduction

Drivers are written as a part of the operating system so there will be fewer incompatibility problems.

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Enterpr ise Many driver features are still available.

Disadvantages drivers: Chapter 3 - Citrof ix Microsoft MetaFr am native e Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Advanced printer features are not always supported (printing to mailboxes, stapling, and so on).

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Printers that are newer than the operating system do not have drivers.

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6 -option Designing Your preferred Netw or k for Ser ver- Based Com put ingwritten for compatibility with Terminal This driver is usually because it is specifically Chapter 7 and - The Envir onment Services still Client has many of the required printer features. Chapter 8

- Security

- Net w or k Managemen t The Citrix Universal Print Driver

Chapter 9

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 Universal - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onmentXP Feature Release 1. The The Citrix Print Driver (UPD) was first introduced in MetaFrame Chapter 11 version - Ser ver2,Configur Ter m inal Serv ices new UPD includedation: with Windows MetaFrame XP Feature Release 3, has support for monochrome or Chapter 12 - Ser ation:resolution. Citr ix MetaFr amdriver e Presentation Seror ver color printing as ver wellConfigur as 600-dpi The uses PCL4 PCL5 for Windows 32-bit and

Macintosh LinuxI clients andand PostScript-compatible printers use PostScript. Chapter 13 clients. - Application nstallation Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Note The extended features (color, 600 dpi) are achievable only with the 7.0 version of the Win32 and Linux ICA Clients. The original UPD is available to Win32 and Macintosh OS X clients on Chapter 16 - Securing Client Access version 6.30 or later. Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 17 - Net wor k Configur at ion

Chapter 18 - of Pr int g Advantages thein Universal Print Driver: Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

There noation additional printsdrivers to install on MetaFrame Chapter 20 are - Migr to Window 2003 and Citr ix MetaFrame XP XP servers. Ongoing Administr ation of the Ser v er - Based Com puting Chapter It is21a very stable print driver. Envir onment Pa r t I V - Appendi x es

It is included with MetaFrame XP software.

Appendix A - I nter netw or k ing Basics Appendix Disadvantages B - Creating of the an Universal On- DemPrint and Enterpr Driver:ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

It is only supported on Win32, Mac OS X, and Linux clients.

List ofWindows Figur es printers that cannot print using PCL 4 or PCL 5c will not work. List of Tables

printer features such as duplex, stapling, and watermarks are not supported. List ofAdvanced Case Studies List of Sidebars

It is limited to 600 dpi. Large print jobs due to the rasterization of the EMF file before it is processed by the local print driver.

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Print DriverCitMaintenance 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve et al. The proper installation andKaplan removal of print drivers is an important part of managing the printing McGr aw -Hill © 2003 (724 pages) environment. If the driver is not installed or removed properly it can cause printing system instability in the SBC environment. It is also important make the print This guide ex plains how totobuild a rsure obust,that reliable, anddrivers are consistent throughout the environment.scalable thin- client com puting envir onment and deploy

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Driver Installation

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> The proper way to install print drivers is to use the Print Server Properties dialog box. It can be found Ta ble o f Con t en t s

by going to Start | Settings | Printers. In the Printers window, select File, then choose Server Properties. On the Drivers tab, administrators can see all the print drivers installed on the server. They can also For ewor d add, remove, and update drivers, as shown in Figure 18-10. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - 18-10: Pr ofiles, Policies, and res Server Properties dialog box Figure The Drivers tabPrinocedu the Print Chapter 16 - Securing Client Access

Drivers17 can- also be kinstalled Chapter Net wor Configurusing at ion the Add Printer Wizard. The Add Printer Wizard method installs the printer 18 as on a int normal Chapter - Pr in g workstation. An unused local port is selected during the installation of the

printer.19 The- printer is Recovery then deleted leaving the drivers behind for use in auto-creation. Chapter Disaster and manually Business Continuity in print the SBC Envir onment

The preferred method for adding print drivers is the Print Server Properties dialog box. A few quick tips for driver installation:

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Only install print drivers for printers that will be used by ICA Clients in the farm.

Pa r t I V - Appendi x es

Appendix A - install I nter netw k ing Basics Always printordrivers on the same MetaFrame XP server and then replicate the drivers to the Appendix B Creating an On- Dem and Enterpr ise Financial Analysis Model other servers in the farm. Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex If possible, install print drivers that work for multiple printer types. This limits the number of List ofrequired Figur es print drivers in the environment. List of Tables

Driver Removal

List of Case Studies List of Sidebars

Print drivers can be removed from the server Operating System in a similar fashion to installation. The Driver section of the Server Properties dialog box (shown in Figure 18-10) has a Remove button for the removal of print drivers. It is best to remove any unneeded print drivers. Print drivers causing printer spooler instability should be removed immediately.

Driver Replication

Driver replication allows for print driver installation on multiple servers without having to visit each server and manually install the driver. It is important to only replicate Windows 2000 drivers to other Windows 2000 servers andt aFra onlymWindows Windows 2003 servers. There are two builtCit rix Me e Access2003 Su it edrivers fo r W to in do w s Ser ver in ways to handle2driver replication a MetaFrame XP environment: 00 3 : Th e O ff icialinGuid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

MetaFrame XP manual driver replication

ISBN:0072195665

Thisauto-replication guide ex plains how to build a r obust, reliable, and MetaFrame XP

MetaFrame

scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also XP Manual Driver Replication learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Manual replication requires administrator input to invoke the process, which then runs without further < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> user intervention. Ta ble o f Con t en t s Citr Manual ix MetaFr replication am e Access is started Suite for by Window the following s Ser v steps: er 2003—The Official Guide For ewor 1. dLog in to the CMC. I ntr oduction

Open Management. Pa r t 2. I - Ov er vi ePrinter w of Ente r pr ise Se r ve r - Ba se d Com put in g I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 - Drivers. 3. Click Enterpr ise Chapter 2

- Window s Ter minal Ser vices

4. Select the driver or drivers to be installed on the right-hand side. (Hold the CTRL key for - Citr ix MetaFr am e Access Suite multiple select.)

Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr eparaing Your Ordriver ganization for anReplicate On- Dem and Enterpr ise 5. Right-click selected and click Drivers. Chapter 4 I mplem ent ation Chapter 6. Click 5 - Yes Ser ver to -the Based warning Computing message. Data Center Architect ure Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

7. Select whether you want to replicate to all the same platform servers or if you want to select the - The Client Envir onment servers, and also choose whether to overwrite any existing drivers that may have existed (as Chapter 8 - Security shown in Figure 18-11). Chapter 7 Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

18-11: TheBasics Replicate Driver console Appendix A -Figure I nter netw or k ing Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

MetaFrame XP Auto-Replication

I ndex

List of automatic Figur es The replication process is designed for drivers that frequently change in the environment. List of Tablesreplication requires no user intervention to start the replication process but it can cause Automatic

longer IMAStudies service start times as well as increased CPU and network traffic loads. List of Case List of Sidebars

Auto-replication is configured using the following steps: 1. Log in to the CMC. 2. Open Printer Management. 3. Right-click Drivers and click Auto-replication. 4. Choose the operating system platform of the drivers to be configured and then click the Add

4. button to add the drivers that should be auto-replicated. Note The Print Migrator 3 utility included with the Resource Kit media for Windows 2000 can also Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver be used2 00 to 3replicate print drivers. The only advantage of this utility over the MetaFrame XP : Th e O ff icial Guid e utility is its ability to replicate drivers from servers thatISBN:0072195665 are not part of the MetaFrame XP by Steve Kaplan et al. farm. The Print Migrator 3 must only be used during scheduled maintenance times, as it McGr aw -Hill © 2003 (724 pages) stops the spooler service during the replication. This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Troubleshooting 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steveproblems Kaplan et in al.the SBC environment can Troubleshooting printing be complex and exasperating. The following aw -Hill © 2003 (724 pages) section outlines aMcGr methodology to solve the most common printing problems. Most printing problems can be avoided or fixed by investigating a number basic areas reliable, such as and printer settings configuration, client-side This guide ex plains how to of build a r obust, scalable thinclientdrivers, com puting envirpermissions, onment and deploy printer drivers, server-side printer printing printer driver names, and client name.

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Printer Settings Configuration

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> There are several locations in the SBC environment where printer settings can be configured. Any one of Ta ble o f Con t en t s

these areas can contribute to printer problems so they are a great place to start when troubleshooting printing problems.

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

I ntr oduction Citrix Policies Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing ver -Based Com puting andresultant th e On- Dem andallows for the auto-creation of client Check 1any -defined CitrixSer Policies to ensure that the policy Chapter ise will override all other printer configurations listed in this section, so they are, in turn, printers. CitrixEnterpr Policies Chapter - Window s Ter minalproblems Ser vices occur. The settings in question are located under Client Devices | the first2place to check when Chapter 3 -Ports Citr ixand MetaFr am ePrinters. Access Suite Client LPT Client To ensure functionality, make sure that the Turn Off Client LPT Port Pa r t I I - Deoption signi ng n Ent e rpr i se under SBC Solut Mapping is anot enabled the ion Client

LPT Ports section. Enabling this option causes any locally

Pr epar ing Your Or ganization for ansession. On- Dem Ensure and Enterpr attached to not auto-create in a user's thatise in the Client Printers | Connect Client Chapter 4 printer I mplem Printers dialog box, ifent it ation is Rule Enabled, the Connect Client Printers At Logon option is checked and Chapter 5 - settings Ser ver - Based Data Architect ureRule Disabled. appropriate belowComputing are set, and thatCenter the option is not Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing Chapter Farm 7Settings - The Client Envir onment Chapter 8

- Security The next verify configurations is the Farm settings for printer configuration. Open the CMC and right Chapter 9 place - Netto w or k Managemen t

click the Printer Management listing. The settings will reside under both the Drivers and Printers sections. Common problems under the Drivers section include having the option Native Drivers Only checked and not Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment having the Automatically Install Native Drivers For Auto-created Client And Network Printers option Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices unchecked. This will cause any printers in which native drivers were not already loaded on the server to fail. Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Common problems in the Printer section are not having the Auto-create Client Printers When User Logs On Chapter 13 - Application I nstallation and Configur at ion option set or isolating printers to be mapped to only the default client-side printer. The former will cause no Chapter 14 - Client Configur ation and Deploym ent printer to be created; the latter will cause only one printer to show up (the clients' default). Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter - Securing Client Access Citrix16 Connection Configuration Chapter 17 - Net wor k Configur at ion

The Citrix Chapter 18 Connection - Pr int in g Configuration administration program (found on the ICA Administrator toolbar or by choosing | All Programs Citrix | Citrix Connection also has settings that can define Chapter 19 Start - Disaster Recovery |and Business Continuity in Configuration) the SBC Envir onment whether20printers or not.and Double-click or right-click and select Edit on the protocol listener Chapter - Migrare ationauto-created to Window s 2003 Citr ix MetaFrame XP

(ica-tcp, ica-ipx, and so on) to configure the settings. Select the Client Settings button and ensure that the Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21Client Connect Printers Envir onmentAt Logon option is checked if the Inherit User Config check box is not selected. Also, ensure the xfollowing Pa r t I V - that Appendi es

boxes are not checked under the Client Settings Area:

Appendix A - I nter netw or k ing Basics

Disable Windows Client Printer Mapping

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Client Creating an Mapping On- Dem and Enterpr ise Subscr iption Billing Model Disable LPT I ndex List Active of FigurDirectory es

Users and Computers

List of Tables

In Active List of CaseDirectory Studies Users and Computers, check the user's account settings by double-clicking the user

account. Ensure that Connect Client Printers At Logon is selected on the Environment tab. This setting is applied if the Inherit User Config check box is set in the Citrix Connection Configuration administration program.

List of Sidebars

Client-Side Drivers The next area to investigate if printers are not correctly showing up for users is the client-side driver. Verify that the latest and correct manufacturer's driver is loaded for the specific printer having problems. It is also

essential at this point to make sure the local print subsystem is working. Test local printing with Notepad or another locally installed application to the printer in order to verify basic local printing functionality. Printing in the SBC environment bemsuccessful if the not operational. Problems at the local Cit rixwill Menot t aFra e Access Su it e local fo r Wsubsystem in do w s Serisver level must be solved additional troubleshooting steps are taken. 2 00 3before : Th e O ff icial Guid e ISBN:0072195665

by Steve Kaplan et al. aw -Hill © 2003 (724 pages) Server-SideMcGr Drivers

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting onment problems, and deploy the MetaFrame XP servers must also Beyond the client-side drivers and local printerenvir subsystem Windows 2000/ Windows 2003 v er and MetaFr am e. Also have a locally installed driver that matches the Ser client-side driver for auto-creation to succeed. The match learn t o centr alize application managem ent, r educe soft w ar e must be exact or on a mapping must be created through the CMC. The drivers installed on a MetaFrame serve the desktop, and mor e. can be verified in two ways. The first is through the Server Properties dialog box which can be accessed by < ?xm l version= encoding= 88591" ?> going to Start" 1.0" | Printers | File"|I SOServer Properties. The Driver tab shows a list of current drivers installed on th Taserver. ble o f Con ts Thet en second method is to view the following registry location: Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Environments\WindowNT x86\Drivers\Version-3

For ewor d

I ntr oduction

Pa r t I key - Ov er vi e w of subfolders Ente r pr ise Se - Ba se d Com put in g This contains forr ve allr the printers installed

on the server. The proper method for installing

I ntr oducing ver -Based Com"Print putingDriver and thMaintenance" e On- Dem and section of this chapter. Follow this additional drivers Ser is detailed in the Chapter 1 printer procedure toEnterpr ensureise the MetaFrame XP server will have a suitable driver for auto-creation to succeed. Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Printing Permissions

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter After ensuring 4 that there are no printer settings causing printers not to create, and verifying both client and I mplem ent ation

server drivers, the next thing to attack is permissions. Sufficient rights must be granted to the user to enable - Ser ver - Based Computing Data Center Architect ure them to create and eventually print to the printer. A quick test of whether permissions are causing problems Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing with the creation or access to printers is to log in to the MetaFrame XP server with an administrator level logi Chapter 7 - The Client Envir onment from the end user's client. If the printer successfully auto-creates in this case, a permissions problem is mos Chapter 8 cause. - Security likely the Chapter 5

Chapter 9

- Net w or k Managemen t

Pa Inr torder I I I - Ito m auto-create ple m ent ing aanprinter O n-D e m successfully, a nd Se r ve r - Ba a user se d Com must pu have ti ng Envi access r onmto e nt certain

files and directories on the

server. 10 For-printer are two that must be set. A user should have a Chapter Pr oj ectauto-creation, Managing andthere Deploying an important Enter pr ise permissions SBC Envir onment least Read, and List Folder Ter Contents permissions to the directory Chapter 11 - Write, Ser verExecute, Configur ation: Windows m inal Serv ices %systemroot%\system32\spool. additionally haveSer Read, Chapter 12 - Ser ver Configur ation:Users Citr ix should MetaFr am e Presentation ver Write, Execute, and List Folder Contents the file %systemroot%\system32\printer.inf. Chapter 13 permissions - ApplicationtoI nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Assigning user permission to Imported Network Print Server(s) through the CMC does not automatically grant the user the right to actually print to the printer. This permission set merely auto-creates the printer Chapter 16 user's - Securing Client within the profile. ThisAccess information is located in the following registry keys in the profile: Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 17 - Net wor k Configur at ion

HKEY_CURRENT_USER\Printers\Citrix\NetworkPrinters Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

HKEY_CURRENT_USER\Printers\Connections

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Finally,21 verify Chapter - that the user has at least Print permissions on the print server. This may be explicit (named Envir onment

user) or implicit (group membership).

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

Printer Driver Names

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Printer driver names also play an important part in the auto-creation process. The problem stems from the fact that different operating systems have different named drivers for the same printer. For example, an HP List of Figur es LaserJet 5 printer has a driver name of "HP LaserJet 5P" in the Windows 2000/2003 operating system List of Tables (MetaFrame XP server) and "HP LaserJet 5P/5MP (HP)" on a Windows 95/98/Me environment environment List of Case Studies (typical client PC). This fundamental difference will cause the printer auto-creation to fail. As far as the List of Sidebars MetaFrame XP server is concerned it does not have an exact driver match. I ndex

For this reason, it is critical to know the exact printer driver name used on both the client and server. This information is used to create a mapping entry in the CMC to ensure proper auto-creation. As explained earlier in this chapter, a mapping defined in the CMC determines what driver is used when a user tries to connect.

Client Name Another item thatCit can printer problems name thatver the local ICA Client uses. The setup rixcause Me t aFra m e Access Suis it ethe fo client r W in do w s Ser 2 00Client 3 : Th easks O ff icial e name during installation and defaults to the local NetBIOS name program for the ICA for aGuid client An alternate name specified. on printing if all client PCs do not have uniqu by may StevebeKaplan et al.This setting has an effectISBN:0072195665 client names. When printer auto-created McGraaw -Hill ©is2003 (724 pages) on a MetaFrame XP server it includes the client name as part o the path in the format clientname#printername. example, if a PC This guide ex plains how to build For a r obust, reliable, and with the name PC215 connects to a scalable com puting envir onment and will deploy MetaFrame server with anthinHPclient LaserJet 4 attached, the printer be mapped as PC215#HP LaserJet 4. If Windows 2000/ Windows 2003 Ser v er and MetaFr am same e. Alsoclient name and printer, the server two machines connect to the same MetaFrame XP server with the learn t o centr alize application managem ent, r educe soft w ar e will have problems figuring out where to send print jobs since the queues will have the same name. This on the desktop, and mor e. leads to user print jobs being sent to another user's printer, the correct printer, or nowhere at all. Always use < ?xm l version= 1.0" encoding= " I SO8859- to 1" ?> unique client "names on users' systems avoid this pitfall. Chapter 17 discusses naming conventions to Taensure ble o f Con t en tclient s unique names. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

It is also For ewor d important to note that if a user creates or changes the ICA Client name and places a comma in that name, auto-creation of printers will no longer function for that client. The comma must be removed for Clien I ntr oduction Printer Auto-creation tor pr work. The also Pa r t I - Ov er vi e w of Ente ise Se r veclient r - Ba sename d Com is put in g

limited to 20 (single-byte) characters.

Chapter 1

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 2

- Window s Ter minal Ser vices

Additional Troubleshooting Topics

Chapter 3 - Citr ix MetaFr am e Access The previous sections addressed theSuite most common problems but there are many other obscure pitfalls. Thi Pa r t I I - De signi ng a n Ent e rpr i se that SBC could Solut ion section details additional items lead

Chapter 4

-

Updating

to problems.

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise IServer mplem entInformation ation

Chapter 5

- Ser ver - Based Computing Data Center Architect ure If you add remove a Your printer onoraknetwork print server, Chapter 6 or - Designing Netw for Ser verBased Comupdate put ing the print server information to ensure that th

console7 displays the available printers on the Printers tab. Select a print server and use the Update Network Chapter - The Client Envir onment

Print Server from the right-click menu, the toolbar, or the Actions menu. This is a manual process Chapter 8 - command Security since print server information does not update automatically. - Net w or k Managemen t

Chapter 9

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

When changing the driver on the print server, remove the object from the print server, refresh the printer

Chapter 10 - the Pr ojCitrix ect Managing and Deploying Enter pr ise the SBCprinter Envir onment node within Management Console,an and ensure is removed. Log on as a user and then Chapter 11 Ser ver Configur ation: Windows Ter m inal Serv ices log off after verifying the printer is successfully deleted. Add the printer with the new driver to the print server Chapter Ser ver Configur Citr ix Management MetaFr am e Presentation Ser ver refresh12 the-print server withination: the Citrix Console, add the user to the imported print server, and Chapter 13 Application I nstallation and Configur at ion retest with the previous logged on/off user. Chapter 14 - Client Configur ation and Deploym ent

Changing of and a network printer Chapter 15 the - Prshare ofiles, name Policies, Pr ocedu res deletes all usernames entered in the auto-creation list for the printer 16 in the Citrix Management Console. These assignments are written to the datastore and associated Chapter - Securing Client Access with the share name of the network printer. When you make changes to the printer on the network print server, make sure the usernames are reassigned to the printer in the Citrix Management Console.

Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Chapter 19 a - print Disaster Recovery andall Business Continuity the farm. SBC Envir Removing server removes of its printers fromin the Thisonment is the opposite of importing a network Chapter 20 Migr ation to Window s 2003 and Citr ix MetaFrame XP print server. If you remove printers, ICA Client users cannot print to them. If you want to do this, select the Ongoing Administr ation of the Ser v er - Based Com puting print server Chapter 21 - to remove, and then choose Discard Network Print Server from the right-click menu, the console Envir onment toolbar, or the Actions menu. After you confirm the command, the print server no longer appears on the Pa r t I V - Appendi x es Network Print Server

tab and its printers aren't displayed on the Printers tab.

Appendix A - I nter netw or k ing Basics

This process also removes from the user's profile at the next logon. Ensure users are not Appendix B - Creating an On-the Demobject and Enterpr ise Financial Analysis Model reconnecting to a disconnected when thisModel issue. Appendix C - Creating an On- Demsession and Enterpr ise troubleshooting Subscr iption Billing I ndex

Third-Party List of Figur es

Ginas

List of Tables

No, third-part ginas does not refer to Geena Davis, but instead to other third-party vendors such a Novell (Nwgina.dll) or PCAnywhere (AWgina.dll) that may block the Citrix Gina (Ctxgina.dll) from accomplishing its List of of Sidebars task auto-creating printers. The primary operating system Gina is specified in the following registry key: List of Case Studies

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\GinaDll By default, initial installations of Microsoft operating systems do not show this value and Msgina.dll is considered the default Gina. Third-party vendors such as Citrix (Ctxgina.dll), Novell (Nwgina.dll), or PCAnywhere (AWgina.dll) modify this winlogon key and add the GinaDll value. When MetaFrame XP is installed, if the GinaDll value is not Msgina.dll, Citrix adds a new value in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\ctxgina.d Potential problems can occur if another application is added after MetaFrame that overwrites this Gina. If yo Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver continue to have 2printing problems after checking the previous topics then look into this registry key to make 00 3 : Th e O ff icial Guid e sure the Citrix Gina is the primary Gina used by the system. ISBN:0072195665 by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

Important Files

This guide ex plains how to build a r obust, reliable, and

thin- client com puting envir onment and deploy There are severalscalable files that are critical for successful printer functionality in the SBC environment. Corruption Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also of any of the following files can lead to complications with learn t o centr alize application managem ent,printing. r educe soft w ar e on the desktop, and mor e.

Cdmprov.dll (located in the %systemroot%\Program Files\Citrix directory) enumerates printers during th < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> login process. Ta ble o f Con t en t s Citr ix Cpmmon.dll MetaFr am e Access (located Suite in for theWindow %systemroot%\Program s Ser v er 2003—TheFiles\Citrix Official Guide directory) is used during the printing

process back to the client. For ewor d I ntr oduction

Compatibility Pa r t I - Ov er vi e w of Lists Ente r pr ise Se r ve r - Ba se d Com put in g I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 -that any Driver Compatibility settings are not causing problems with the printers that are not Make sure Enterpr ise

working2 successfully. Printer Chapter - Window s In TerCMC minal| Ser vicesManagement, there is a Drivers section. Right-click the Drivers entry

and select -Compatibility to display the Compatibility dialog box. Ensure that if Allow All Drivers Except Those Citr ix MetaFr am e Access Suite In The List is selected, that the printer driver name for the client currently having difficulties is not listed. If it is listed, then this setting is blocking the auto-creation of the printer. If the Allow Only Drivers In The List option Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 - make sure the driver being used is present in the list. is selected, I mplem ent ation Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

The Lexmark Z2 Driver - Designing Your Netw or k for Ser ver- Based

Chapter 6

Com put ing

Chapter 7 -Z2 The Client are Envir onmentin the environment, provide a mapping to use another driver when printing If Lexmark printers present Chapter 8 - Security to this printer. The Lexmark Z-series monolithic driver is linked to the Lexmark installer and may cause the Chapter 9 - Net w or k Managemen auto-creation process to functiont improperly. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment The Spooler Service Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Although ensure theMetaFr spooler is running and no event viewer messages indicate Chapter 12 it -sounds Ser ver basic, Configur ation: that Citr ix am eservice Presentation Ser ver

spooler13problems. If theI spooler service is stopped Chapter - Application nstallation and Configur at ionon a MetaFrame server, all connected users will lose the sessions printers. Restarting the spooler will correct the problem. On the Windows 2000/2003 server, adjust the spooler service to restart automatically after failure. This can be accomplished through Start | Control Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Panel | Administrative Tools | Services. Locate the Print Spooler service, right-click it, and select Properties. Chapter 16 - Securing Client Access On the Recovery tab set the options for First, Second, and Subsequent failures to Restart The Service. Set Chapter 17 - Net wor k Configur at ion the Restart The Service After field to one minute. Chapter 14 - Client Configur ation and Deploym ent

Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Thin Clients

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 CE-based Windows thin clients will not auto-create printers in the same way workstations do because printe Envir onment

drivers do not exist locally on the thin-client device. The ICA Client Printer Configuration program or the Client Printers section of the CMC should be used to initially connect and troubleshoot thin-client printing. Appendix A - I nter netw or k ing Basics Double-check the client names specified in the Client Printers section if this utility is being used, or select Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model New from the Printer menu to create an initial mapping in the ICA Client Printer Configuration program. Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model Additionally, contacting the specific OEM device manufacturer for support regarding the appropriate printing I ndex support in SBC environments can provide insight into problems. Pa r t I V - Appendi x es

List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Solutions Su it e fo r W in do w s Ser ver Third-PartyCitVendor Printing 2 00 3 : Th e O ff icial Guid e

by advancements Steve Kaplan et and al. improved functionality, ISBN:0072195665 Even with all of the there are still times when a third-party McGr to awoptimize -Hill © 2003printer (724 pages) application is needed management. Third-party printing tools can reduce administrative load, and simplify for end users. The Citrix Universal Thisincrease guide experformance, plains how to build a r obust,operation reliable, and scalable thin- client com puting envir onment deploy Print Driver (UPD), first released with FR1, was Citrix's first and major step toward simplified printing. With Windows 2000/ Windows 2003 SerThis v er and MetaFr am e. Also the release of FR3 Citrix has improved the UPD. section discusses the Citrix UPD along with the learn t o centr alize application managem ent, r educe soft w ar e following third-party printing solutions: on the desktop, and mor e. < ?xm l version= ThinPrint" 1.0" v5.5 encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Simplify Printing v2 Window s Ser v er 2003—The Official Guide Citr ix triCerat MetaFr am e Access Suite for For ewor d

FutureLink UniPrint XP Server v2.24

I ntr oduction

Pa r t I Citrix - Ov erUPD vi e w is ofaEnte r pr ise Se r ve rprinter - Ba se ddriver Com put in g The PCL4 or PCL5 implementation

that also works with non-PCL printers

I ntr oducing Ser ver -Based Com puting e OnDem and by the UPD's Interpreter on the such as1 PostScript and proprietary printers. Print and jobsthare rasterized Chapter Enterpr ise client side and are subsequently processed by the native printer drivers. Chapter 2

- Window s Ter minal Ser vices

Chapter 3 - Citr ix MetaFr am e Access Suite FutureLink UniPrint XP Server v2.24 Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

The UniPrint Pr XP Server provides universal capability by generating PDF files and sending them epar ing Your Or ganization forprinting an On- Dem and Enterpr ise to the local client forent printing. I mplem ation The UniPrint XP Server component is installed on the Terminal Server and the5 UniPrint client, andComputing Adobe Acrobat 4.0 orArchitect later andure the ICA Client are installed on the client Chapter - Ser ver - Based Data Center machine. The server component installs a Universal Print Driver Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing that has a user-selectable virtual printer. Once a print jobEnvir is submitted Chapter 7 - The Client onment to the UniPrint UPD, the server component converts this print job to PDF format, sends it to the client, and uses the client's locally installed print driver to print using the Chapter 8 - Security client's default local printer. Chapter 9 - Net w or k Managemen t Chapter 4

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

UniPrint XP Server provides three PDF compression techniques when creating print jobs. Note that the supported compression techniques are susceptible to degradation of image quality. This is most Chapter 11 -when Ser ver Configur ation: Windows Terrich m inal Serv ices noticeable printing documents that are in color. Additionally, font consistency can be a Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver required fonts causing font problem whenever the destination client does not have the document's Chapter 13 Application I nstallation and Configur at ion substitution. To avoid this, turn on UniPrint's embed font property to convert the text to an image. The Chapter - Client Configur and Deploym caveat 14 is that rendering textation as an image will ent increase print job size. For more information on UniPrint Chapter 15 -visit Pr ofiles, Policies, and Pr ocedu res XP Server, www.futurelink.net. Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Chapter 16 - Securing Client Access

ThinPrint v5.5 Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

ThinPrint provides core printing functionality along with print job compression and session-based, bandwidth control driver-free printing via its ThinPrint Output Gateway (TPOG) printer module. The Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP TPOG printer on the server is mapped to remote client printers automatically with ThinPrint Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 - by defining a template definition, class definition, or manually by renaming the TPOG AutoConnect Envir onment printer name to explicitly point to a specific remote-client printer. ThinPrint's patented Driver Free Pa r t I V - Appendi x es Printing technology makes it possible to transmit print data without a printer driver installed on the Appendix A - I nter netw or k ing Basics server. The TPOG simulates a printer driver and sends compressed print data in a printer-dependent Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model format to the local print system. There, the print data is rendered by the local printer driver. The Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model advantages to this technology are obvious: central administration no longer needs to change printer I ndex drivers when client printers are added or changed; printer driver conflicts with the deployed software List of Figurno eslonger occur; CPU load is reduced because of print job rendering; all printers on all ports platform List of Tables are supported. Thus both users and administrators benefit from considerable improvements. ThinPrint List of allows Case Studies also the use of a print server in your server farm even when the client is separated from the List of by Sidebars host NAT and firewall issues with the Virtual Channel Gateway. Additionally, over 90 percent of the thin client manufacturers (as well as many print server, network printers, PDA, and cell phone manufacturers), embed the ThinPrint client directly into their hardware. Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

triCerat ScrewDrivers v2 Simplify Printing v2™ is based on the well-known ScrewDrivers™ architecture. It is a universal printer driver that hooks into the Windows Print Spooler Service to provide full functionality of local printers. It

sends print jobs in the EMF format, which is the native Windows Spooling format. Once the job is compressed and sent to the client side plug-in, it is decompressed and rendered to the local client printer. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

On the Terminal Server, the ScrewDrivers printer driver mimicsISBN:0072195665 the standard Windows printer options by Steve Kaplan et al. and capabilities of the client printer, such as resolution, paper size, and available trays. Printers are McGr aw -Hill © 2003 (724 pages) built automatically and allow users to have a seamless printing experience. This guide ex plains how to build a r obust, reliable, and

scalable thin- client com puting envir onment and deploy Simplify Printing builds printers seamlessly during login and reconnection to sessions through a query Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also of the local clientlearn printers. On alize logout/disconnect, printers are automatically t o centr application managem ent, r educe soft w ar e deleted. Administrators can specify whether only thedesktop, client's default is built, or if a set number or all of the client's printers on the and morprinter e. are built. Users can specify which printers they want to have priority, as well as which printers they do < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> not want built. Users are never required to do any administration if the default options are acceptable. Ta ble o f Con t en t s Other options such as bandwidth control can be set on a server-wide or connection-specific basis Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide through the server and/or client control panel. For more information, visit www.tricerat.com. For ewor d

I ntr oduction Table 18-1 provides a comparison of third-party print utilities. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Table 18-1: Chapter 1 - Third-Party Printing Utility Summary Enterpr ise Chapter 2

- Window s Ter minal Ser vices

Chapter 3 - Citr ix MetaFr am e Access Suite Simplify UPD Pa rFeatures t I I - De signi ng a n Citrix Ent e rpr i se SBC Solut ionPrinting v2

ThinPrint v5.5

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter Resolution 4 600 dpi Any (based on Any (printer I mplem ent ation Chapter 5 Chapter 6 Chapter 7

printer manufacturer - Ser ver - Based Computing Data Center Architect ure manufacturer driver) - Designing Your Netw or k for Ser ver- Based Com put ing driver)

- The Client Envir onment Metafile Chapter 8 - SecurityPCL4, PCL5c, or

EMF

EMF

UniPrint XP Server v2.24 Up to 1200 dpi

PDF

Support Metafile Chapter 9 - Net w or kPostScript Managemen t Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Color Support

Yes

Yes

Yes

Yes

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Network ICA ICA, RDP5, Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

ICA, RDP5,

Protocols Native Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am eTCP/IP PresentationNative Ser verTCP/IP Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Compression ICA-based Yes

ICA, RDP5, Native TCP/IP

Yes

Yes

Yes

No

Chapter Policies, and Pr ocedu res on 15 - Pr ofiles,compression Chapter 16 - Securing Client Access transmission Chapter 17 - Net wor k Configur at ion

Printer AutoCreation

Chapter 18 - Pr int in g

Yes

Yes

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Supported Win32 ICA Clients Chapter 20 - Migr ation to Window s 2003 and 95/98/Me/ Citr ix MetaFrame XPWindows 3.1, 98, Me,of the Ser Client NT/2000/ 95/98/Me, NT, Ongoing(Win95, Administr ation v er - Based Com puting Chapter 21 Platforms Envir onment NT, 2000, XP/2003, 2000, CE, XP, Pa r t I V - Appendi x es Windows XP) some Linux, UNIX, Appendix A - I nter netw version or k ing6.20 Basics or embedded OS/2 (Win16), Feature Smartphone, Appendix B - Creatinglater. an OnDem and EnterprNT/XP ise Financial Analysis Model 1 isand Enterpr ise Subscr iption Billing PocketPC Appendix C - CreatingRelease an On- Dem Model 2002, required on the Symbian I ndex server. Macintosh List of Figur es OS X is supported List of Tables on client version List of Case Studies 6.30 and Linux List of Sidebars clients are supported with ICA client 7.00.

Windows 95, 98, NT, 2000, XP, Embedded NT and XP, and Macintosh

Client-Side ICA Client version ICA 6.X and Valid ThinPrint System 6.20 or later. 600 higher (ICA 4.x client for e Access on Su it e fo r W in do w sselected Ser ver OS. Requirements Cit rix dpi Me andt aFra colormare request), 2 00not 3 : Th e O ff icial available untilGuid e RDP 5.0 Win32 OS is ISBN:0072195665 by Steve Kaplan et al. the 7.00 client required for McGr aw -Hill © 2003 (724 pages) version. "Driver Free This guide ex plains how to build a r obust, reliable, and Printing"

ICA Client version 6.20 or later, PDF reader

scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also Server-Side Terminal Services, Terminal Terminal learn t o centr alize managem ent, r educe soft w ar e System MetaFrame XPapplication Services, Services, on the desktop, and mor e. Requirements FR3 MetaFrame MetaFrame (any version < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?>optional (1.8 Ta ble o f Con t en t s and later supported) Citr ix MetaFr am e Access Suite for Window s Sersupported) v er 2003—The Official Guide For ewor d

Bandwidth Control

Yes—Global setting

I ntr oduction

Yes—Global

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Yes—Global and per port

Size of Spool Large Smalland th e On- Dem Small I ntr oducing Ser ver -Based Com puting and Enterpr ise File

Chapter 1 Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Terminal Services, MetaFrame optional (1.8 and later supported) No Medium

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

DecidingPron the Best Third-Party Printing Utility epar ing Your Or ganization for an On- Dem and Enterpr ise

Chapter 4

-

I mplem ent ation

The only way to select the most suitable solution for a target environment is to perform a similar Chapter 5 - Ser ver - Based Computing Data Center Architect ure performance analysis of the solutions being considered. However, based on the results of our tests, Chapter 6 - Designing or k for Ser ver- Based Com put ing the following guidelinesYour can Netw be used: Chapter 7

- The Client Envir onment Allocate sufficient bandwidth for printing as it will help reduce sporadic and poor response times Chapter 8 - Security

due the equation located in the "Printer Bandwidth Management" section, earlier in Chapter 9 to -printing. Net w or kUse Managemen t Pa r t I this I I - Ichapter. m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Use PostScript Level 2 or PCL 6 printers whenever possible as these formats generate smaller print jobs.

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Chapter 13black-and-white - Application I nstallation and as Configur at ion color for colored printers. Use or grayscale the default Chapter 14 - Client Configur ation and Deploym ent

Configure the defaults of and all printers Chapter 15 - Pr ofiles, Policies, Pr ocedu to resrun at low resolution unless the application requires highresolution prints. Client Access Chapter 16 - Securing Chapter 17 - Net wor k Configur at ion

For a small footprint (system and network overhead) solution, consider using UniPrint XP Server

Chapter 18 it- generates Pr int in g small print jobs. since Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

For20a practical solution, consider using At no XP cost, Citrix UPD provides good Chapter - Migr ation to Window s 2003 and Citrix Citr ix UPD. MetaFrame performance withAdministr support ation for printing-related bandwidth management. Ongoing of the Ser v er - Based Com puting

Chapter 21 -

Envir onment

good cross-platform Pa r t I For V - Appendi x es

support, consider using ThinPrint since it supports Linux, UNIX, OS/2, and

Win16 Appendix A -operating I nter netwsystems. or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Case StudyCit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve Kaplandid et al. CME, our case study company, an audit of their print environment before they implemented McGrfirm aw -Hill 2003 (724 pages) MetaFrame XP. The had©each department list its currently used printers complete with driver names. Once theThis list of printers washow determined, MetaFrame XPand server was set up to test the print guide ex plains to build a ar obust, reliable, scalable thin- client com puting envir onment and deploy drivers by installing the Microsoft operating system native driver and then printing to the driver from two Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also was available, it was then client machines simultaneously. If no Microsoft native driver for the printer learn t o centr alize application managem ent, r educe soft w ar e tested with the Citrix Universal Print on the desktop, andDriver mor e. unless additional print features beyond the UPD's abilities were required. If advanced features were required past the UPD or Microsoft drivers, the print < ?xm l version= " 1.0" encoding= I SO- 88591" ?> manufacturer's drivers were "installed and tested. If a printer did not print in the proper format or Tacaused ble o f Con en t s spooler to crash, the printer was put into a Drivers Compatibility list for incompatible thetprint Citr ix MetaFr e Access Suitelist forwill Window er 2003—The Official drivers. All am printers on this have stoSer bevreplaced rather than Guide risk having a bad printer in the For ewor d environment. Once a list of good printers was determined, a short list of supported printers was I ntr oduction created for the procurement department to use when purchasing new printers. Design goals required Pa I - Ovone er viprinter e w of Ente r prfor iselow-volume Se r ve r - Ba seclient d Comprinting, put in g high-volume network printing, low-volume color atr tleast each I ntr oducing Ser ver -Based Com puting and th e of OnDem and client printing, and high-volume color printing. The audit the environment also verified that all Chapter 1 ise corporate asset number for the machine name so that the client name will be departments Enterpr used the Chapter Window s Terfor minal Ser vices unique 2and- appropriate all clients within the corporate environment.

Chapter 3

- Citr ix MetaFr am e Access Suite

CME Microsoft Native time Pa r t I I uses - De signi ng a n Ent e rprdrivers i se SBCany Solut ion

there is a Microsoft native driver for the printer or if there is a driver that can being mapped the current driver. TheEnterpr UPD will Pr epar Your Ortoganization for client an OnDem and ise be used for client auto-created Chapter 4 printers and some I mplemprinters ent ationthat remain in the environment waiting to be replaced. The print device manufacturer's driverComputing will be used for Center a few limited machines in marketing and engineering that Chapter 5 - Serprint ver - Based Data Architect ure require additional print features. Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing Chapter 7

- The Client Envir onment

The print drivers will all be loaded onto one MetaFrame XP server initially and then replicated from that - Security server to all other servers using MetaFrame XP manual driver replication. Future drivers will be tested Chapter 9 - Net w or k Managemen t first on one MetaFrame test server farm before replication to the production farm. Chapter 8

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - will Pr oj be ect provided Managingtoand Enter pr ise SBC Envir onment The printers theDeploying users by an using auto-created network printers for users at corporate Chapter 11 a- print Ser ver ConfigurRoaming ation: Windows Ter m inal Serv ices sites with server(s). sales personnel, FAT clients, and executives that have a locally

attached or that connect from willam use auto-created client Chapter 12 printer - Ser ver Configur ation: Citr home ix MetaFr e Presentation Ser ver printers. Citrix User Policies will set the 13 client auto-creation settings.and TheConfigur optionsatinionthe Printer Management properties of the CMC for Chapter - Application I nstallation Always14 Create Client Network As Client Chapter - Client Configur ationPrinters and Deploym ent Printers and Delete Pending Print Jobs At Logout will be selected to the and default settings. Chapter 15 - in Praddition ofiles, Policies, Pr ocedu res Chapter 16 - Securing Client Access

The printer bandwidth between sites will be managed by the Packeteer for Network auto-created printers and each user that has auto-created client printers will have bandwidth restrictions specified Chapter 18 - Pr int in g within a Citrix User policy. Chapter 17 - Net wor k Configur at ion

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter The Printers 20 - Migr folder ation willtobeWindow published s 2003 for and the Citr users ix MetaFrame so they canXP set their default printer. The other major

print management steps CME ation is taking is to of their on printer management and Ongoing Administr of the Sertrain v er - all Based Com managers puting Envir onment policies so that end users will have an immediate place to go for common support early in the process. Pa r t e-mail I V - Appendi An will bex es sent to the enterprise explaining how to set a default printer and how to acquire the Appendix A printers. - I nter netw or k ing Basics necessary Chapter 21 -

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Chapter Cit 19: Disaster Recovery and Business 2 00 3 : Th e O ff icial Guid e ISBN:0072195665 by Steve Kaplan et al. Continuity in the SBC Environment McGr aw -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also o centr alize application managem ent,spotlight r educe soft w ar wake e Disaster recoverylearn and tbusiness continuity jumped into the in the of the September 11 on the desktop, and mor e.

Overview

terrorist strikes, 2001 California power outages, and 2003 East Coast blackout. Unfortunately, many < ?xm l version= 1.0" encoding= I SO-assume 8859- 1" ?> people think "of these events "and that it will never happen to them. Indeed, statistically, most Taorganizations ble o f Con t enwill t s never experience a major geopolitical or natural disaster. On the other hand, the Citr ix MetaFrof ambusiness e Access interruption Suite for Window s Ser v er 2003—The Guide likelihood due to normal day-to-dayOfficial activities such as employee turnover,

database For ewor d maintenance, power fluctuations, file maintenance, and component failures is nearly guaranteed. I ntr oduction We see customers almost daily who have experienced significant loss due to these far more Pa r t I - common Ov er vi e w occurrences. of Ente r pr ise Se r ve r - Ba se d Com put in g I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter A large1number of studies have been published on this topic, with some very interesting statistics Enterpr ise

emerging. of the more statistics are Chapter 2 Some - Window s Ter minaltelling Ser vices Chapter 3

- Citr ix MetaFr am e Access Suite A Gartner report estimates that two out of five companies that experience a disaster will go out of business within five years.

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

I mplem ent ation experiencing disasters never reopen, and 29 percent close within two 43 percent of companies Chapter 5 (McGladrey - Ser ver - Based years andComputing Pullen). Data Center Architect ure Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing One of 500 data centers will have a severe disaster each year (McGladrey and Pullen). Chapter 7 out - The Client Envir onment Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Most companies value each 100 megabytes of data at more than $1 million (Jon Toigo).

Pa r t I I this I - Im ple mindustry ent ing a n O n-D e m a ndthe Se question r ve r - Ba seis d not Comwhether pu ti ng Envi r onmfor e ntdisaster, With much agreement, to plan

but rather how to

Chapter - Pr oj ect andtoDeploying Enter pr ise SBC Envir onment plan for10disaster, andManaging how much spend onanthe plan. This chapter will focus on how to utilize a Chapter 11 - Ser ver Configur ation: Windows Ter m inal ices recovery and business continuity within server-based computing environment to provide full Serv disaster

the realm possibility large and small businesses Ser alike. Chapter 12 of - business Ser ver Configur ation:for Citr ix MetaFr am e Presentation ver Chapter 13 - Application I nstallation and Configur at ion

It is important to note that even smaller organizations will benefit from the discussion in this chapter. Many small companies feel that they cannot afford server redundancy, let alone data center Chapter 15 - Pr ofiles, Policies, and Pr ocedu res redundancy. Although this chapter will focus more on a mid-size organization plan, these same best Chapter 16 - Securing Client Access practice approaches will apply to even the smallest customers—just on a lesser scale. Even a homeChapter 17 - Net wor k Configur at ion based workstation with a large hard drive configured to mirror data from the main corporation, Chapter 18 - Pr int in g stationed next to a single MetaFrame server to handle remote access will dramatically reduce the risk Chapter 19 business - Disaster Recovery Business Continuity in the SBC Envir onment of severe loss in mostand disaster scenarios. Chapter 14 - Client Configur ation and Deploym ent

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m eBusiness Access Su it e fo r W in do w s Ser ver Disaster Recovery vs. Continuity 2 00 3 : Th e O ff icial Guid e

by today Steve have Kaplan et al. Most organizations a disaster recovery (DR) plan inISBN:0072195665 place, although very few have thought aw -Hillfewer © 2003have (724 pages) it out thoroughly, McGr and even it documented or tested on a consistent basis. Most DR plans for smaller organizations consist of a tape maintain This guide ex plains how to backup build a rand obust, reliable,the andassumption that anything further scalable thin- client com puting envir onment deploy is that although a tape backup will cost more than the statistical chance of downtime. The and challenge Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also does provide potential recovery, it does not provide business continuity (BC). A business continuity learn t o centr alize application managem ent, r educe soft w ar e plan is an all-encompassing, documented plan of how an organization will return to productive activity on the desktop, and mor e. within a predefined period of time. This not only includes IT services, but also telecommunications, < ?xm l version= " 1.0" encoding= " I SO- and 8859?> It is important to understand that recovering from a manufacturing, office equipment, so1"on. Tadisaster ble o f Con ts is at en subset of business continuity. Although DR is the most important part of business Citr ix MetaFrjust am ehaving Access the Suite for Window s Sermission-critical v er 2003—The data Official continuity, ability to recover (orGuide never losing it in the first place) is For ewor d not sufficient to return most organizations to even a minimum level of productivity. Additional concepts I ntr oduction such as end-user access and offsite storage locations are critical for a full return to productivity. In the Pa r t I - light Ov er vi e w of Ente r pr ise Se r ve r - of Ba the se d data, Com put in g same though, without recovery access is a mute point. Most organizations today could I ntr oducing Ser ver -Based Com puting and th e On- Dem and not re-create Chapter 1 - such electronic information as accounting and e-mail data in the event that computer Enterpr ise records are lost or corrupted, or recovery from tape backup fails (a significant statistical probability). Chapter 2

- Window s Ter minal Ser vices Business planning broken into two phases: Chapter 3 continuity - Citr ix MetaFr am eshould Access be Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Minor disasters that do not involve a major facility problem (data base corruption, temporary power

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 server loss, failures, virus outbreaks, and so on) I mplem ent ation Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Major disasters that may require relocation (natural or geopolitical disasters, for example)

Chapter 7 - phases, The Client Envir onment can be built to describe the risk mitigation procedures, as well as From these documentation Chapter 8 procedures - Security required to maintain business productivity. recovery Chapter 9

- Net w or k Managemen t

When creating a business continuity plan, the following aspects should be considered:

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

What defines a minor and major disaster, and what are the critical points at which a BC plan will

Chapter - Ser ver Configur ation: Windows Ter m inal Serv ices be 11 enacted? Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

What business systems (including non-IT-based systems), and employees are Chapter 13 applications, - Application key I nstallation and Configur at ion defined critical? Chapter 14 - as Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Where will employees be housed if their main location is unavailable?

Chapter 16 - Securing Client Access

Chapter 17 time - Netperiod wor k Configur at ion for mission-critical systems to be down, and what is an acceptable What is acceptable Chapter 18 Pr int in g time to enact the BC plan? Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

How access data, business systems, and applications be provided within the Chapter 20 will - Migr ationtotocritical Window s 2003 and Citr ix MetaFrame XP predefined time period following disaster? Ongoing Administr ation ofathe Ser v er - Based Com puting

Chapter 21 -

Envir onment

Who will be responsible for enacting and maintaining the BC plan?

Pa r t I V - Appendi x es

Appendix - I nter netw or kiting Basicsthat BC planning focuses primarily on two objectives: recovery time From theA preceding list, is clear Appendix B Creating an OnDem and Enterpr ise Financial Model "How long can we be down?" andrecovery point. Put simply, an organization must askAnalysis the question Appendix C -doCreating anto OnDemavailable and Enterpr ise that Subscr iptionWhen Billinginitiating Model a DR/BC study, many and "What we need have after time?" I ndex companies start out with an attitude that the entire IT infrastructure has to be continuously available, or List of Figur es at least recoverable, in a very short time window, such as four hours. Without server-based computing List though, of Tables few companies can afford this kind of high availability for the entire IT infrastructure. And even

withof SBC, effort should be made to prioritize what must be recovered and how long it can take. List Case an Studies List of Sidebars

Recovery Time Objectives When examining the disaster recovery needs of your organization, you will likely find differing service level requirements for the different parts of your system. For example, it may be imperative that your billing and accounting system come back online within two hours in the event of a disaster. While inconvenient, it may still be acceptable for the manufacturing database to recover in 24 hours, and it may be acceptable for engineering data to come back online in two weeks (since it may be useless

until new facilities are in place anyway). A key to a successful BC plan is knowing what your recovery time objectives are for the various pieces of your infrastructure. Short recovery times translate directly into high costs, due to the of technology such Cit rix Me requirements t aFra m e Access Su it e fo r W in doas w sreal-time Ser ver data replication, redundant server farms, and2 high-bandwidth WAN Fortunately, with MetaFrame and Terminal Services, you 00 3 : Th e O ff icial Guidlinks. e don't have to huntbydown across applications; all of your application ISBN:0072195665 StevePCs Kaplan et al.the enterprise to recover their servers will be located in the data center. We recommend using a tiered approach when applications McGr aw -Hill © 2003 (724 pages) Figure 19-1 shows an example of one company's top recovery time and users must be restored. This guide ex plains how to build a r obust, reliable, and objectives. scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7 - 19-1: The Client Envir time onment Figure Recovery objectives Chapter 8

- Security Note plan requires Chapter 9 A- continuity Net w or k Managemen t an ongoing process of review, testing, and reassessment, since

sufficiently over of ae nt year, Pa r t I I I - I mmost ple morganizations ent ing a n O n-Dwill e mchange a nd Se r ve r - Ba se d Com puthe ti ngcourse Envi r onm

thus making a two-year-

DR/BC plan useless. Chapter 10 old - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

The SBC Solution to Business Continuity

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

A major14theme throughout this book has been Chapter - Client Configur ation and Deploym entbuilding robustness into an SBC infrastructure. Redundancy ofofiles, the network, application, and data center has been discussed. We also made Chapter 15 - Pr Policies, server, and Pr ocedu res the assumption that onandAccess offsite tape backups are performed nightly. Most minor disasters can be Chapter 16 - Securing Client mitigated by simply following the best practices in this book. It is impossible though to guarantee uptime for a single location, due to the large number of both internal and external risks. Additionally, Chapter 18 - Pr int in g the data center is not the only thing requiring redundancy—a workstation with access to the missionChapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment critical applications and data for an employee to work from is also required. Chapter 17 - Net wor k Configur at ion

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Ongoing Administr ation of the Ser v er - Based Com puting Some of Chapter 21the - more typical problems with a distributed environment that are solved with an SBC solution Envir onment are listed here: Pa r t I V - Appendi x es

Appendix Foreseeable A - I nter netw disasters or k ingoften Basics entail evacuation of large numbers of workers, thus leading to the

need totalanflexibility knowledge-based workers Appendix B to- have Creating On- Demfor andwhere Enterpr ise Financial Analysis Modelwork, what device they are working andanwhen theyand work. Appendix C - from, Creating On- Dem Enterpr ise Subscr iption Billing Model I ndex

Even if the workers are not displaced, if the data center is displaced, it is highly unlikely in a distributed environment that users will still have sufficient bandwidth to access the data at a new List of Tables location. In an SBC environment, the bandwidth requirements are much lower and more flexible List of Case Studies (we show later in this chapter that Internet bandwidth from any source is sufficient if the SBC List ofenvironment Sidebars is built properly). List of Figur es

The availability of specific replacement PCs on a moment's notice cannot be guaranteed, thus making it difficult in a distributed environment to guarantee that a user will have the necessary processing power to run their applications. In an SBC environment, a user's desktop CPU power and operating system environment are largely irrelevant, allowing the use of whatever hardware is on hand.

The manpower required to quickly install and configure ten or more applications for hundreds or thousands of users is enormous in a distributed environment. In an SBC environment, the applications don't to beminstalled arever already on the server farm (or Cit rixneed Me t aFra e AccessorSuconfigured, it e fo r W inas do they w s Ser backup server farm). 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al.

ISBN:0072195665

With this clear advantage, many organizations today are embracing server-based computing as the McGr aw -Hill © 2003 (724 pages) only possible solution to IT business continuity. This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Server-Based Computing Business Continuity Design Conceptually, there are two simple approaches to fulfill immediate resumption failover requirements in an SBC environment—failover of the data center and failover of the client environment. If both are in < ?xm l version= " 1.0" encoding= " I SO88591" ?> Taplace, ble o f under Con t en ts major disaster circumstances, an organization will simply switch the data center to another location, and then users connect the new data center Citr ix MetaFr am e Access Suitehave for Window s Ser v er to 2003—The Official Guidefrom wherever they can get an Internet For ewor d connection. Of course the larger an organization is, and the more dispersed its users are, the more complex this task will be. Additionally, for small organizations, this solution may appear to be I ntr oduction overkill, the of the redundant data Pa r t I - Ovas er vi e wcost of Ente r pr ise Se r ve r - Ba se dcenter Com putmay in g

exceed the value of the data. Approaches to reducing the Icost of business in an SBC environment ntr oducing Ser vercontinuity -Based Com puting and th e On- Deminclude and

Chapter 1

-

Enterpr ise Defining only a subset of users and applications that need access following a disaster, thus Chapter 2 - Window s Ter minal Ser vices

reducing the amount of redundant infrastructure. - Citr ix MetaFr am e Access Suite

Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Placing lower expectations when defining what is acceptable downtime, thus allowing the use of a

Pr epar ing Your for an On- Dem and Enterpr ise cold rather thanOraganization hot backup. Chapter 4 backup I mplem ent ation Chapter 5 - Serthe ver acceptable - Based Computing Data Center Architect ure Increasing amount of data loss. For example, if a full day of data loss is Chapter 6 - Designing Your Netw or kredundant for Ser ver-data Basedcenters Com putrequire ing acceptable, then the main and less bandwidth than if all data must Chapter - The onment be 7current toClient withinEnvir 30 minutes. Chapter 8

- Security From this it is clear that prior tto implementing an SBC business continuity plan, we must answer Chapter 9 list, - Net w or k Managemen

the questions from the first section of this chapter regarding how long we can be down, and who needs to have access. In order to provide guidance in this process, we will call upon our case study, CME Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Corp, again. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

The CME Business Continuity Plan

Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

CME's infrastructure, as described in the Introduction to Part III of this book, is similar to many midsized and enterprise organizations. CME has multiple locations, a large number of mission-critical Chapter 16 - Securing Client Access applications, and the perceived need for immediate recovery from data loss. In Chapter 17, we defined Chapter 17 - Net wor k Configur at ion that CME will have one central data center to reduce complexity and cost, and allow for central Chapter 18 - Pr int in g management. Although we will define some IT resources and equipment at CME-WEST in Seattle, Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir CME-WEST users will access their applications and data at CME Corponment in Chicago, since that is where Chapter 20 Migr ation to Window s 2003 and Citr ix MetaFrame XP the live, up-to-the-minute data resides, and also because it is very costly to maintain the bandwidth Ongoing Administr ation of the Ser v er - Based Com puting required Chapter 21to -real-time mirror database and files between two geographically disparate locations. Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Envir onment

Pa r t I Vapparent - Appendi x es The downside

to this approach though is that all of CME's eggs are in one basket—at the

Appendix A -headquarters I nter netw or k data ing Basics CME Corp center. Should a natural, accidental, or geopolitical disaster occur on or Appendix - Creating On- Dem isepotentially Financial Analysis near thisBsite, all 3000anusers will and loseEnterpr access, forever. Model To resolve this problem, CME has

defined a backup site, CME-WEST, as Subscr the hotiption backup site.Model In order to minimize costs, CME Appendix C remote - Creating an OnDem and Enterpr ise Billing will only replicate a subset of the corporate data-center hardware to permit rapid recovery of missionI ndex critical services and applications and allow managers to make an informed decision regarding List of Figur es permanent List of Tables rebuilding of the entire corporate data center at the alternate site. In order to achieve this

objective, has defined a pre-positioned hot backup at CME-WEST for initial reconstitution (8–24 List of Case CME Studies hour survivable), which provides immediate access for a subset of users while the corporate staff is moved to CME-WEST.

List of Sidebars

CME's IT staff have met with CME's executives and answered the questions posed earlier in this chapter. Table 19-1 shows the results: Table 19-1: CME's Business Continuity Definitions

Business Continuity Question

CME's Answer

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00are 3 : Th e O ff icial Guid What applications defined CMEe has determined that not all applications and users ISBN:0072195665 for access and availability in as critical, and what by Steve is Kaplan et al.have the same requirement the case of a major disaster. As such, CME has defined acceptable downtime McGr awfor -Hill them? © 2003 (724 pages) three tiers of This guide ex plains how to build a ravailability: obust, reliable, and scalable thin- client com puting envir onment and deploy 1. Tier one requires application availability and user Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also within hours, of cause, Tier learn t o centr alize applicationaccess managem ent,two r educe softregardless w ar e on the desktop, and mor e. two requires application availability and user

access within 24 hours, and Tier three requires

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> application availability and user access within two Ta ble o f Con t en t s

weeks. The Tier-one applications include Microsoft Exchange e-mail, and Microsoft Great Plains accounting software (including payroll, human resources, and accounts receivable/payable Com put in g functions).

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

2.

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Tier-two applications include the Oracle-based Manufacturing (including production schedules, bill of materials, supply chain information, inventory, and so on).

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6 Chapter 7

3.

Tier three includes all remaining applications. Note that this timeline has been set at two weeks to - Designing Your Netw or k for Ser ver- Based Com put ing allow for a temporary facility move.

- The Client Envir onment Who are key personnel Chapter 8 the - Security

1.

Tier-one key personnel who require access include all top-level managers/directors, critical IT staff, predefined support staff - I m ple m ent ing a n O n-D e m a nd Se r ve r -and Ba seadlimited Com punumber ti ng Enviof r onm e nt (about people total).onment It is important to note that 10 - Pr oj ect Managing and Deploying an Enter50 pr ise SBC Envir some these 11 - Ser ver Configur ation: Windows Ter m inalofServ iceskey users must be located at CMEWEST to provide skillset 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser verredundancy in the case of a major disaster in Chicago. 13 - Application I nstallation and Configur at ion

requiring tier? t Chapter 9 access - Net w oratk each Managemen Pa r t I I I

Chapter Chapter Chapter Chapter

Chapter 14 - Client Configur ation and Deploym ent

2.

The key personnel to which access must be guaranteed grows in Tier two to include a larger set Securing Client Access of personnel (about 500 people total) across all Net wor k Configur at ion CME locations required to operate these key Pr int in g systems. These additional personnel include Disaster Recovery and Business Continuity in the SBC Envir onment accountants, human resource managers, Migr ation to Window s 2003 and Citr ix MetaFrame XP remaining IT staff, key manufacturing and Ongoing Administr ation of the Serdevelopment v er - Based Com puting engineers, and lower-level Envir onment managers.

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 Chapter 17 Chapter 18 Chapter 19 Chapter 20 Chapter 21 -

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

3.

Tier three includes all remaining personnel.

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

What defines a major disaster Any event that will cause a minimum of eight hours of and what are the critical points downtime at the Chicago data center will enact the data Cit rixcontinuity Me t aFra m e Access it e fo r Examples W in do w s of Ser verinclude a major server center Su failover. this at which a business 2 00 3 : Th e O ff icial Guid e hardware or network infrastructure failure, which, due to plan will be enacted? ISBN:0072195665 by Steve Kaplan et al.delays in getting replacement equipment, causes an Note that CME Corp data McGr aw -Hill © 2003 (724outage pages) at the data center for more than eight hours; a center has internal data This guide ex plains how to build ex-employee a r obust, reliable, and malicious sabotages the infrastructure; a redundancy, including scalable thin- client com puting envirorganization onment and deploy government confiscates redundant network core 2000/ Windows 2003 Ser v er and MetaFr am e. Also servers and data Windows due to illegal employee activity. of less common components, bandwidth, learn t o centr alize application managem ent, r educe softExamples w ar e disasters might include a severe snowstorm that renders the desktop, and mor e. servers, HVAC, on and power. major utilities offline or causes structural damage to the Thus, the business continuity < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> building; a train derailment at the nearby depot forces plan Ta ble o f only Con tcalls en t sfor a data center evacuation due to a hazardous spill; a localized inam thee event a major Citrfailover ix MetaFr AccessofSuite for Window s Ser v er 2003—The Official Guide geopolitical disaster renders the facility unusable. disaster in which the For ewor d

determination that more than eight hours of localized Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g downtime will occur (this may I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 - or a well-known be a guess Enterpr ise fact, depending on sthe Chapter 2 - Window Tertype minalofSer vices disaster and available Chapter 3 - Citr ix MetaFr am e Access Suite information). Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion I ntr oduction

Pr epar ing Your Or ganization for notification an On- Dem and ise How long Once of a Enterpr major outage has been issued, a Chapter 4 -is acceptable before I mplem ent ation decision will be made by the BC team (which consists of enacting the business continuity Chapter 5 who - Seris ver - Based Computing Data Center Architect the CIO, CTO, CEO,ure CFO, and their support personnel) plan and responsible for Chapter 6 the - Designing Ser verput ing whether to failover to the CMEwithin oneBased hour Com regarding enacting BC plan?Your Netw or k for Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

WEST data center. Note though that this provides only one hour of time to accomplish the actual failover of the data center within the specified two-hour window.

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

How will access to critical data Employees required for Tier-one and Tier-two continuity and applications be provided must have broadband or dial-up Internet connectivity from Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices home and must complete the BC training and maintain within the predefined time Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver the accompanying BC documentation at their residences. period following a disaster and Chapter Application be I nstallation and Configur at ion the broadband connectivity and a thin CME will provide where13will- employees Chapter 14 Client Configur ation and Deploym ent client or corporate laptop for the 50 Tier-one designated housed if their corporate Chapter 15 - Pr ofiles, Policies, and Pr ocedu res employees. Tier-two employees will use existing headquarters location is Chapter 16 Securing Client Access employee-provided hardware and Internet connectivity to unavailable? Chapter 17 - Net wor k Configur at ion connect from their residences or other CME branches. These Internet connections will provide full access to the Chapter 18 - Pr int in g Tier-one and Tier-two Tier three will utilize a Chapter 19 - Disaster Recovery and Business Continuity in the applications. SBC Envir onment makeshift if required, Chapter 20 - Migr ation to Window s 2003 and Citr ixfacility MetaFrame XP in addition to any homeaccess. Ongoing Administr ation ofbased the Ser v er - Based Com puting Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Chapter 21 -

Envir onment

Pa r t I Vthe - Appendi x escontinuity requirements With business

documented and defined, CME's IT group is now able to

Appendix A technical - I nter netw or k ingof Basics create the portion the document to ensure that the requirements will be met. Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Plan Su it e foto r WMeet in do w sBusiness Ser ver An Information Technology Continuity 2 00 3 : Th e O ff icial Guid e Requirements ISBN:0072195665 by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

CME's server-based computing environment makes the implementation of these requirements This guide ex plains how to build a r obust, reliable, and possible. CME-WEST, as the recovery site for Tier one and Tier two, will need to have hot support for scalable thin- client com puting envir onment and deploy 500 users. TheseWindows users will require the defined Tier-one applications, 2000/ Windows 2003 Ser v er anddata, MetaFr am e. Also and access through the Internet. We assume Tieralize threeapplication will eithermanagem be implemented back learn that t o centr ent, r educe softatwthe ar e Chicago facility or that a the desktop, mor e. temporary facilityon (which could beand CME-WEST) will be used. During the two-week window between Tierl version= two and "three, CME IT will have to work < ?xm 1.0" encoding= " I SO88591" ?> feverishly to acquire all of the required hardware to replace any hardware lost in the disaster. Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Hot Backup Data Center Design

For ewor d

I ntr oduction

Arhot backup data Pa t I -backup Ov er vi edata w of center Ente r pris isea Se r ve r - Ba se d center Com putwith in g

real-time servers, ready to be used at a moment's notice. The advantage of a Com hot backup data is that I ntr oducing Ser ver -Based puting and thcenter e On- Dem and it provides a fast resumption plan. Chapter 1 The disadvantage isise that it requires redundant hardware that generally remains idle except to receive Enterpr updates2 and periodics testing. Chapter - Window Ter minal Ser vices Chapter 3

- Citr ix MetaFr am e Access Suite

The most important element of the data center design is geographical location. In order for the backup data center to truly provide resumption, the data center must be located a significant distance from the Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 center, main data and should not be subject to the same disasters as the main data center (for I mplem entitation example, both data centers should not be close enough that a single hurricane could render them Chapter 5 - Ser ver - Based Computing Data Center Architect ure both useless). Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7 of -the The Client Envirdesign onmentcomponents should mimic the main design center. In the case of The rest data center Chapter 8 have - Security CME, we defined that the backup data center only needs to support 500 users, so the data Chapter 9 be - Net w or ksmaller Managemen center will much than tthe corporate data center that supports 3000 users. Additionally, Pa r t I I Iis- no I m ple m ent a n O n-D a nd Seand r ve rtraining - Ba se d Com pu ti ng Envior r onm e ntof there need to ing replicate thee mtesting environment, some

the redundancy that

Chapter 10the- main Pr oj ect Managing Deploying an Enter prhot ise backup SBC Envir onment exists at data center.and Thus, the CME-WEST data center will be about ten percent of the size of the main data center.Ter m inal Serv ices Chapter 11 and - Sercost ver Configur ation: Windows Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Backup Center Components Chapter 13 Data - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Although the backup data center is much smaller than the main data center, defining the critical components is still an important part of the business continuity plan to ensure that everything will work Chapter 16 - Securing Client Access upon failover. Although the list of required hardware and software for most organizations will differ, Chapter 17 - Net wor k Configur at ion studying the components required at the CME data center and comparing these to the headquarters' Chapter 18 - will Pr int in g you to extrapolate what is needed for your organization. data center allow Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

CME's 20 backup data center will require components: Chapter - Migr ation to Window s 2003the andfollowing Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21Citrix Ten MetaFrame Envir onment XP servers imaged from the CME headquarters data center to support the

possible users Pa r t I 500 V - Appendi x es

required upon failover.

Appendix A - I nter netw or k ing Basics

A DMZ-based Secure Gateway/Web Interface Server and an internal Web Interface.

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Appendix - Creating an Authority On- Dem and Enterpr ise Subscr iption Billing Model OneCSecure Ticket server I ndex

Database server List ofOne FigurOracle es List of Tables

One Microsoft SQL server

List of Case Studies

List ofOne Sidebars Microsoft Exchange server

The LAN and WAN networking components defined in Chapter 17 Internet connectivity utilizing a separate ISP than what is used at the Chicago data center A firewall with DMZ and VPN hardware An Internet-based secondary mail server to queue mail in case the Exchange server is offline

Internal and Internet DNS servers Storage areaCit network rix Me tsolution aFra m e (SANS) Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Appropriate tape backup units data and any information not ISBN:0072195665 by Steve Kaplan et to al.facilitate the recovery of archived located on the SAN McGr aw -Hill © 2003 (724 pages) guide ex plains how to build a r obust, reliable, and UPS backupThis generator power for the data center

Hot Site

scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also Datalearn andt oDatabase Resumption centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

The most critical part of the business continuity plan is the ability to recover the file and database data

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> (the disaster recovery section of business continuity). Even if the full business continuity plan is not Ta ble o f Con t en t s

enacted, the recovery of data is critical. For example, if the Oracle data becomes corrupt or the Oracle cluster should completely fail, even though this does not constitute a disaster, it is critical that the data For ewor d be recovered quickly and easily. Worse yet, if a government seizure should happen, there must be a I ntr oduction plan to restore the data to non-seized hardware in a timely manner. In order to service this, all Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g databases, files, and e-mail data must be copied to the backup data center nightly at a minimum. I ntr oducing Ser ver -Based Com puting and th e On- Dem and Although Chapter 1 this - is easy to accomplish with file data, doing this with database and e-mail data is more Enterpr ise difficult. The larger SANS vendors (HP, EMC, and LeftHand Networks) all support a snapshot Chapter 2 - Window s Ter minal Ser vices technology to effectively copy Exchange and database data across a WAN to another similar SANS Chapter - Citr ix also MetaFr am e non-hardware-based Access Suite device.3There are some technologies such as NSI Software's Double Take Pa r t I mirror I - De signi ng a n Ent e rpr i se SBC that Microsoft Exchange and Solut otherion database software. Note that in the CME scenario we are Pr epar ing Your Or ganization for an On- Dem and Enterpr ise only copying Chapter 4 - the data at night. Thus, if a disaster happens late in the day, requiring failover to CMEI mplem ent ation WEST, all data created in the course of the day will be lost. If your organization requires less data loss Chapter 5 - Ser ver - Based Computing Data Center Architect ure risk than this, the solutions from LeftHand, EMC, HP, and NSI can provide up-to-the-second Chapter 6 - redundancy Designing Your Netw orcalled k for Ser ver- Based Com but put ing transaction (typically double-commit), the dedicated bandwidth requirements Chapter 7 - Thecosts Clientincrease Envir onment and associated dramatically. Chapter 17 defined that, for CME, 6 MBit of their 12-MBit Chapter 8 pipe - Security dedicated will be partitioned at night to support the data mirroring. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent O n-D e m a nd Se r ve r - Ba se d ComAccess pu ti ng Envi r onm e nt Restoration ofing thea nApplications and User

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

For any11environment that wishes have a robust, resumption plan, all applications requiring Chapter - Ser ver Configur ation: toWindows Ter m inalfast Serv ices

immediate and flexible userix access following a disaster must be installed in a server-based Chapter 12 -availability Ser ver Configur ation: Citr MetaFr am e Presentation Ser ver computing environment at the backup data center. In CME's case, all applications required for Tierone and Tier-two business continuity are installed on the SBC server farm at CME-WEST. Thus, Chapter 14 - Client Configur ation and Deploym ent failover of the applications simply requires repointing users from the CME Corp data center to the Chapter 15 - Pr ofiles, Policies, and Pr ocedu res CME-WEST data center Secure Gateway/Web Interface server. The Web Interface server and Chapter 16 - Securing Client Access MetaFrame farm will be configured identically to the larger farm at CME corporate. All applications, Chapter 17 - Net wor k Configur at ion load balancing services, and user services supported from the corporate MetaFrame farm will be fully Chapter 18 from - Pr intthe in gCME-WEST farm, with no additional configuration or work following the failover. supported Chapter 13 - Application I nstallation and Configur at ion

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

User access to these becomes theixremaining hurdle. As seen in Figure 19-2, all CME Chapter 20 - Migr ation applications to Window s 2003 and Citr MetaFrame XP remote offices have an Internet/VPN with the exception Ongoing Administr ation ofconnection, the Ser v er - Based Com puting of the American sales offices. Envir onment CME has also defined that all of the Chicago Tier-one and Tier-two users who may have been Pa r t I V - Appendi x es disaster will have access from their home Internet connections (assuming, of displaced from the Appendix I nter netw orTelco k ing Basics course, A that- Chicago's infrastructure has not been rendered unavailable by the disaster). Thus, with the Bexception of the American offices, all users will have full access to the CME-WEST Appendix - Creating an OnDem andsales Enterpr ise Financial Analysis Model backup data center through the Internet. The planiption calls Billing for all Model Tier-two employees at the American Appendix C - Creating an On- Dem and Enterpr iseBC Subscr sales offices to utilize Internet connections (home based, coffee shop based, and so on) for I ndex connectivity List of Figur es until their frame relay connections can be repointed to the DS3 ATM in Seattle (about 72 hours typically). List of Tables Chapter 21 -

List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor Figure d 19-2: CME's network infrastructure I ntr oduction

All tor use a dbackup Pa r t Tier-one I - Ov er viusers e w of will Entebe r prtrained ise Se r ve - Ba se Com putURL in g

to access Internet-based MetaFrame Secure Gateway resources at CME-WEST. for th immediate and allows for propagation I ntr oducing Ser ver -BasedThis Comprovides puting and e On- Dem access and Chapter delays 1in "repointing" both public DNS resources and BGP routing tables to claim the corporate identity Enterpr ise Chapter 17. Within the 24-hour window, the BGP and DNS changes at CME-WEST, as discussed in Chapter 2 - Window s Ter minal Ser vices will have propagated, allowing Tier-two users access through the standard Internet accessible URL. Chapter 3 - Citr ix MetaFr am e Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

It is important to note that this entire business continuity plan hinges on the Internet connectivity at

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 - Chapter 17 specifies that CME-WEST has a DS3 line with a 1.5MB virtual circuit that can CME-WEST. I mplem ent ation

be increased in a 24-hour period to 15 Mbit. This bandwidth increase will be required to support the - Ser ver - Based Computing Data Center Architect ure 500 Tier-two users needing access over the Internet, and eventually, retermination of the VPNChapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing connected branch and regional offices. Manual BGP failover will provide a seamless failover for all Chapter 7 - The Client Envir onment Internet-based connectivity (including VPN connections and Internet e-mail) between CME Corp and Chapter 8 - Security CME-WEST (the CME-WEST firewall will be reprogrammed to serve as the CME Corp firewall after Chapter 9 - Net w orto k Managemen BGP convergence allow IPSect connections without changing the remote sites). All directly Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt connected networks (Seattle and American sales offices) will use an Internet connection in the case of Chapter - Prrelay oj ect failure. Managing andATM Deploying an Corp Enter pr isebe SBC Envir ATM or10 frame If the at CME will down foronment an extended period of time, the Chapter 11 Ser ver Configur ation: Windows Ter m inal Serv ices frame relay links in the American sales offices can be repointed to CME-WEST over the private WAN Chapter 12 within - Ser ver ATM DS3 72 Configur hours. ation: Citr ix MetaFr am e Presentation Ser ver Chapter 5

Chapter 13 - Application I nstallation and Configur at ion

In addition remote user access, some employees will need co-located office space. CME-WEST Chapter 14 -toClient Configur ation and Deploym ent was designed sufficient in the Chapter 15 - Prwith ofiles, Policies,capacity and Pr ocedu resform of WLAN hardware and prepositioned access

switches (see Chapter 17 for further discussion) to support temporary users from other locations.

Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

Full Restoration Plan

Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Following a major disaster, and an accompanying failover to CME-WEST, and if the disaster requires a new facility, there is a risk that restoration of the original Chicago location may not happen within two Ongoing Administr ation of the Ser v er - Based Com puting Chapter - at all. As such, the Tier-three plan may require either enhancing the temporary weeks 21 or not Envir onment infrastructure atxCME-WEST and salvaging the Chicago site (to make CME-WEST the new corporate Pa r t I V - Appendi es home) orA rebuilding a new CME Corp data center in Chicago or some other location to house and Appendix - I nter netw or k ing Basics support all the CME Corp users long term. Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Appendix Creating an facility On- Dem Enterpr Billing Model Again, if Cthe- CME Corp is and rebuilt and ise theSubscr serveription and network infrastructure restored and tested, I ndex a period of downtime (usually 24 hours) must be planned to manually fail back the BGP and DNS to List of Figur point backes to the primary location and to return users to that facility. List of Tables List of Case Studies

Documentation

List of Sidebars

Now that CME's plan is falling into place, an all-inclusive document needs to be created. This document should, at a minimum, include the following: Emergency phone numbers for all manufacturers and support vendors Names and contact information for the 50 Tier-one people

Specifics on how the plan will be implemented, and who will implement it Network diagrams

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

2 00 3 : Th e O ff icial Guid e Security policies

ISBN:0072195665

by Steve Kaplan et al. McGr aw -Hill ©information 2003 (724 pages) Emergency IT response

This guide ex plains how to build a r obust, reliable, and

This document should bethinreviewed andputing updated twice per year by the BC committee. Additionally, the scalable client com envir onment and deploy Windows 2000/receive Windows 2003 training Ser v er and MetaFrto amkeep e. Also 50 Tier-one employees should formal annually them updated with policies and learnemployees t o centr alizeshould application managem ent, r educe w ardocument e procedures. Tier-two receive a yearly e-mail or soft other to keep them on the desktop, and mor e. updated on the procedures. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Maintenance of the Hot Backup Data Center

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d the hot backup data center will not be used for general day-to-day activity (other than the Although I ntr oduction storage area network that will receive the backups every night), in order to guarantee two-hour failover, Pa r t Ibackup - Ov er vidata e w of Ente r pr ise Se r - Ba se d Com putsame in g the center must ber ve maintained. The

maintenance items that are logged to the main

I ntr oducing Ser ver -Based Com puting and th e On- Dem and data center Chapter 1 - must also be replicated to the backup site. Items such as service packs, hotfixes, Enterpr ise application updates, security updates, and so on must all be kept up-to-date. A simple approach to Chapter Window s Terand minal Ser vices 2003 servers up-to-date is to use the imaging procedures keeping2 the- MetaFrame Windows Chapter 3 in - Citr ix MetaFr amimage e Access discussed Chapter 11 to theSuite backup site servers monthly. Additionally, the SANS should be Pa r t I I - Deweekly signi ngto a nensure Ent e rpr i se the SBCdata Solutbeing ion checked that

Chapter 4

-

copied over every night is indeed current and usable.

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Test of -the Business Continuity Plan Ser ver - Based Computing Data Center Architect ure

Chapter 5 Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing Twice a year (for example, once during a summer break and once during a winter break), the business

Chapter 7 plan - The Client be Envir onment continuity should tested. It is imperative that all Tier-one personnel be included in this test. The Chapter 8 -ensure Security test should successful connectivity, availability, and data integrity, as well as confirm that Chapter 9 knows - Net whow or k Managemen everyone and when tot set procedures in motion. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Disaster Recovery Service Providers 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve et al.discussed in this chapter can It is important to note that Kaplan everything be outsourced to myriad providers, McGr aw -Hillwill © 2003 pages) although your organization still (724 have to set the parameters of Table 19-1 and follow through with yearly testing andThis updating. It plains is important chosen and understands your organization's guide ex how to that buildwhoever a r obust,isreliable, thin- client com onment and deploy environment andscalable can accommodate theputing SBC envir infrastructure portion of the solution.

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Chapter Cit 20: Migration to Windows 2003 and Citrix 2 00 3 : Th e O ff icial Guid e ISBN:0072195665 by Steve Kaplan et al. MetaFrame XP McGr aw -Hill © 2003 (724 pages) Thisfunctionality, guide ex plains how toand buildperformance a r obust, reliable, and in a server-based computing Given the improved stability, available scalable thin- client com puting envir onment and deploy paradigm founded on Windows Server 2003 and Citrix MetaFrame XP, most businesses will want to Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also upgrade as soonlearn as possible. Like any major overhaul of the corporate migrating to the t o centr alize application managem ent, r educe soft w infrastructure, ar e Windows Server on 2003/Citrix MetaFrame XP environment is not without its limitations and pitfalls. the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Introduction to Migration

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

This chapter addresses upgrade and migration concepts and considerations, both from an OS For ewor d (Windows server) perspective, and from the server-based computing (Terminal Services/Citrix MetaFrame) perspective. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g I ntr oduction

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Enterpr ise Why Migrate?

Chapter 2

- Window s Ter minal Ser vices The benefits of migrating away from Windows NT 4.0 are well documented and plentiful. Heading the Chapter 3 - Citr ix MetaFr am e Access Suite

list dependency name Pa r t are I I - the De signi ng a n Ent eon rprNetBIOS i se SBC Solut ionresolution services

and the lack of integrated directory services. Given thating most organizations migrate away versions of the Windows operating Pr epar Your Or ganization will for an On- Dem andfrom Enterpr ise Chapter 4 systems withIamplem finite ent lifeation expectancy, the benefits of migration in a server-based computing network are simple:5Windows 2000 Server and Windows Server 2003 ure domains provide the extensible global Chapter - Ser ver - Based Computing Data Center Architect structure that works hand-in-hand with the global deployment of server-based networks. MetaFrame Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing XP and Windows Server 2003 provide greater fault tolerance, resilience, manageability, and flexibility. Chapter 7 - The Client Envir onment They also offer a licensing model more appropriate to a computing paradigm that is no longer tied to Chapter 8 - Security the user's workstation, and provide superior accessibility, scalability, and security. Chapter 9 - Net w or k Managemen t Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

That said, large-scale migrations and upgrades are never easy and are always subject to long nights and unforeseen problems. To that end, a combination of Microsoft best practices for upgrading the Chapter 11 system - Ser ver Configur ation: Windows Ter mbest inal practices Serv ices for MetaFrame XP migration are operating and domain, as well as Citrix Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation Sercomputing ver needed. A subset of Microsoft's strategies related to server-based is covered in the Chapter 13 Application I nstallation and Configur at ion "Migration Limitations and Restrictions" section that follows. However, administrators should develop a Chapter - Client ation Deploym ent specific14project planConfigur detailing all and of the Microsoft-centric steps required for domain and server Chapter 15 From - Pr ofiles, Policies, and Pr ocedu res Consulting Services (CCS) developed a specific upgrades. the Citrix perspective, Citrix philosophy managing migration. Chapter 16 -for Securing Client Access Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Chapter 17 - Net wor k Configur at ion

CCS Citrix Chapter 18 - PrMigration int in g

Methodology

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

The CCS migration methodology is made up of the following five main phases:

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Analysis Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I Design V - Appendi x es

Appendix A - I nter netw or k ing Basics

Implementation Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

Readiness

List ofProduction Figur es rollout List of Tables

In addition to the five main phases, a management checkpoint is included at the end of each phase to List of Case Studies

review deliverables and assess overall project status. Project management is also required throughout each phase. The CCS migration methodology is depicted in Figure 20-1.

List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and

Figure 20-1:scalable The CCS migration methodology thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

The five phases of the tCCS methodology are managem explainedent, in the following sections. learn o centr alize application r educe soft w ar e on the desktop, and mor e.

Analysis The analysis phase is broken down into four segments: < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en ts Project scope Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Project plan For ewor d I ntr oduction

Infrastructure assessment

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Proof Chapter 1 of - concept Enterpr ise Chapter The following 2 - Window deliverables s Ter minal are created Ser vices during the analysis phase: Chapter 3

- Citr ix MetaFr am e Access Suite

Project plan

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter Infrastructure 4 assessment I mplem ent ation Chapter 5 -if Ser ver - Based Computing Data Center Architect ure In addition, a proof of concept is conducted, those results are also published during the analysis Chapter phase. 6 - Designing Your Netw or k for Ser ver- Based Com put ing Chapter 7

- The Client Envir onment Design8 The Chapter - design Securityphase includes the following segments: Chapter 9

- Net w or k Managemen t

Native MetaFrame XP architecture

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Identification of migration strategy Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Migration architecture Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

The following deliverables are created during the design phase:

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 -MetaFrame Pr ofiles, Policies, and Pr ocedu res Native XP architecture design Chapter 16 - Securing Client Access

Migration architecture design Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Implementation The implementation phase includes the development and testing of any components or scripts that were identified and planned during the design phase. Examples of implementation Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP phase deliverables include Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Chapter 21 Pa r t

Ongoing Administr ation of the Ser v er - Based Com puting

EnvirInstallation onment Unattended scripts used to build a new server, including the operating system, I MetaFrame, V - Appendi x es and user applications and configurations

Appendix A - I nter netw or k ing Basics

Logon/logoff scripts used to and customize user's environment Appendix B - Creating an OnDem Enterpr the ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

Components needed to integrate published applications into a web portal using MetaFrame Web Interface and MetaFrame Secure Gateway

List of Figur es

List ofCustomized Tables Web Interface web pages List of Case Studies

Readiness The readiness phase consists of the following two main segments: List of Sidebars Testing Pilot The testing and pilot segments are used to verify that the native MetaFrame XP architecture and the migration architecture will scale to support production users.

Production Rollout The production rollout phase consists of the installation and configuration of the non-pilot portion of the production environment. This includes the rollout of the migration architecture that will evolve into MetaFrame Citthe rix native Me t aFra m e AccessXP Suarchitecture. it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m and e Access Su it e fo r W in do w s Ser ver Migration Limitations Restrictions 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve Kaplan etupgrade al. Table 20-1 highlights the possible paths. Within the table, Windows NT 4.0 Terminal Server McGr aw -Hill 2003 (724 pages) Edition and all Windows 2000© versions are assumed to use Microsoft's native RDP-based services only (no Citrix software). This guide ex plains how to build a r obust, reliable, and

scalable thin- client com puting envir onment and deploy 2000/ Windows 2003 Ser v er and MetaFr am e. Also Table 20-1: The Windows Operating System and MetaFrame Upgrade Matrix

learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Upgrade

Upgrade

Upgrade To " I SO- 8859- 1"Possible < ?xm l version=From " 1.0" encoding= ?> Ta ble o f Con t en t s Windows NT 3.51 Server

Windows 2000 Server

Yes

Recommended

Caveats

No

Hardware limitations drivers

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

I ntr oduction

Legacy settings and files

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Windows -NT 3.51 Windows No Citr ix MetaFr am e Access Suite Server Server Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion 2003 Chapter 3

No

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem Windows NT 4.0 ent ation Windows Yes Yes Chapter Computing Data Center Architect ure Server5 - Ser ver - Based2000 Chapter 4

-

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing Server

Chapter 7

- The Client Envir onment

Chapter 8 Chapter 9

Service Pack 5 (required)

Windows - Security Server - Net w or k Managemen t 2003

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 -NT Pr oj ect Managing and Deploying SBC Envir onment Windows Windows Yesan Enter pr iseYes Chapter - Ser ver Configur ation: Windows Ter m inal Serv ices Server11Enterprise 2000 Chapter Edition 12 - Ser ver Configur Server ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I Windows nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Server

Legacy settings and files Service Pack 5 (required) Service Pack 6a (recommended) Must use equivalent versions Legacy settings and files Service Pack 5 (required)

Chapter 15 - Pr ofiles, Policies, 2003and Pr ocedu res Chapter 16 - Securing Client Access

Service Pack 6a (recommended)

Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Chapter 19 -2000 Disaster Recovery and Business the SBC Envir onmentMust use equivalent Windows Windows YesContinuity inYes Chapter Server20 - Migr ation to Server Window s 2003 and Citr ix MetaFrame XP versions Chapter 21 -

2003 ation of the Ser v er - Based Com puting Ongoing Administr Envir onment

NT 4.0 Pa rWindows t I V - Appendi x es

Windows Terminal Server 2000 Appendix A - I nter netw or k ing Basics Edition (TSE) Server

Yes

No

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an Windows On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es

Server 2003

Legacy settings and files Service Pack 5 (required)

List of Tables

Service Pack 6a (recommended)

List of Case Studies List of Sidebars

Windows NT 4.0 TSE MetaFrame 1.0

Must use equivalent versions

Licensing changes Windows 2000 Server Windows Server 2003

No

No

Uninstall Citrix MetaFrame Licensing changes

Windows NT 4.0 Windows No No TSE MetaFrame 2000 Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 1.8 Server 2 00 3 : Th e O ff icial Guid e

Windows by Steve Kaplan et al. Server McGr aw -Hill © 2003 (724 pages) 2003

Reinstall Citrix MetaFrame 1.8 Licensing changes

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and thin- client com puting Windows 2000 scalableWindows No envir onment No and deploy Not supported by Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also Server MetaFrame Server Citrix learn t o centr alize application managem ent, r educe soft w ar e 1.8 2003 and mor e. on the desktop,

Windows 2000 Windows Yes < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble Server o f Con MetaFrame t en t s Server

Yes

Licensing changes

2003 CitrXP ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction

Upgrading the Domain

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Enterpr ise is a significant first step, especially when upgrading from Windows NT 4.0. The Upgrading the domain Chapter 2 sections - Window s Ter minal Ser vicessteps to perform the upgrade from a variety of operating next few discuss the required Chapter 3 - Citr ix MetaFr am e Access Suite systems. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Upgrading Pr from epar ingWindows Your Or ganization NT 3.51 for anServer On- Dem and -

Chapter 4

Enterpr ise

I mplem ent ation

Although speaking, an upgrade path from Architect Windowsure NT 3.51 to Windows 2000 is possible, the Chapter 5 strictly - Ser ver - Based Computing Data Center authors6 strongly recommend it not The upgrade process is both inconsistent in its results, Chapter - Designing Your Netw or kbe fortaken. Ser verBased Com put ing and unpredictable in terms stability owing to the significant incompatibilities in hardware abstraction Chapter 7 - The Client Envirof onment layers (HAL) and drivers. In rare cases where the network is trapped in a dependency on a legacy NT Chapter 8 - Security 3.51 domain controller, a rolling upgrade to Windows NT 4.0 and/or Windows 2000 may be needed. Chapter 9 - Net w or k Managemen t This should be viewed as a transitional upgrade only, with the upgraded server gracefully demoted and removed from the domain as soon as possible. Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Upgrading from Windows NT 4.0 Server

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application nstallationNT and4.0 Configur at ion 2000 Server or Windows Server 2003 is more The upgrade path from IWindows to Windows Chapter 14 Client Configur ation and Deploym ent linear. The fundamental Microsoft restrictions must be met in terms of hardware capability, and Chapter 15 -and Pr ofiles, and Pr ocedu res application driverPolicies, compatibility. In addition, the primary domain controller (containing the read/write copy of16 the- accounts must be upgraded first. Although NT 4.0 Service Pack 5 is the stated Chapter Securing database) Client Access

minimum Service Pack 6a provides greater stability and the same NTFS version Chapter 17 requirement, - Net wor k Configur at ion compatibility asintService Pack 5 (NTFS version 5). Note that NTFS 5 compatibility does not allow a Chapter 18 - Pr in g Windows 4.0 server to access of the features 2000onment NTFS, specifically: release Chapter 19 NT - Disaster Recovery and all Business ContinuityofinWindows the SBC Envir points (also mount points sor2003 junction Encrypting Chapter 20 - called Migr ation to Window and points), Citr ix MetaFrame XPFile System (EFS), and disk quotas. Finally, all upgrades version toofversion upgrading to an equivalent, or later, Ongoing from Administr ation the Serare v er limited - Based to Com puting Chapter 21 system. operating For example, you cannot upgrade from Windows NT 4.0 Enterprise Edition to Envir onment Windows Serverx es 2003, Pa r t I V - Appendi

you must use Windows Server 2003 Advanced Server.

Appendix A - I nter netw or k ing Basics

Experience has shown that a transitional upgrade is by far the preferred method to migrate a domain from Windows NT 4.0 to Windows 2000 Server or Windows Server 2003, with or without Active Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model Directory. In this context, transitional means the upgraded server platforms (PDCs and BDCs) exist I ndex only long enough to allow their roles to be moved to a new "clean install" server. Any upgrade from List of FigurNT es 4.0 to Windows 2000 or later is imperfect, and legacy files and settings derived over the Windows List of Tables lifecycle of the original server are carried forward to the "new" domain model. The simplified List of Case Studies transitional upgrade process is Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

List of Sidebars

Validate to legacy NT 4.0 PDC based on Microsoft's upgrade recommendations. Install and configure a new NT 4.0 Interim server as a BDC with all required patches and services packs. This may be a high-end workstation rather than a server platform. Promote this interim BDC to PDC. This may be either a logical promotion using dcpromo to simultaneously demote the old PDC, or a ruthless promotion with dcpromo where the old PDC is offline and inaccessible.

Verify that the read/write copy of the SAM database is completely replicated before proceeding. rix Me t aFra (now m e Access SuWindows it e fo r W in do wor s Ser ver Upgrade the Cit Interim server PDC) to 2000 Windows Server 2003 and install 2 00 3 : Th e O ff icial Guid e Active Directory as a mixed mode domain. by Steve Kaplan et al.

ISBN:0072195665

aw -Hill © 2003 (724 pages) Verify that allMcGr services (WINS, DNS, file replication) are working correctly. This guide ex plains how to build a r obust, reliable, and

Verify that the upgrade is client properly by member servers. This may require a reboot scalable thincomacknowledged puting envir onment and deploy Windows 2000/ Windows 2003 Ser er and MetaFr amand e. Also of Windows 2000 or later member servers to vre-register DNS services in Active Directory. learn t o centr alize application managem ent, r educe soft w ar e the desktop, andPDC) mor e.from the domain and rebuild as Windows 2000 Server or Remove the on Legacy BDC (old Windows Server 2003, rejoin the domain, < ?xm l version= " 1.0" encoding= " I SO- 88591" ?> promote to domain controller, and verify services and synchronization. Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Once the rebuilt Domain Controller is stable, transfer the operation's master roles as necessary and reverify services and synchronization.

For ewor d

I ntr oduction

Pa r t I Continue - Ov er vi e w of Ente r pr iseremaining Se r ve r - Ba se d ComBDCs put in g as required. rebuilding the Legacy

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Demote Enterpr and remove ise the Interim Domain Controller if appropriate.

Although this process may seem more cumbersome than the textbook Microsoft upgrade, consider the - Citr ix MetaFr am e Access Suite complexity of trying to configuration manage a directly upgraded server: Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion Chapter 3

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Which Chapter 4 -files and versions are Legacy and not used by the current OS? Which registry entries are I mplem ent ation

no longer valid?

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6 -profile Designing Your Netw or k be formanaged? Ser ver- Based Com put ing Which information must The information in %systemroot%\ Chapter 7 - The Client Enviror onment profiles\%username% that in Documents And Settings\%username%? Chapter 8

- Security Which elements are still Chapter 9 -profile Net w or k Managemen t linked? Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Additional limitations, such as how to overcome the boot partition size limitation of Windows NT 4.0 (4.0GB native, 7.6GB maximum), are not always considered during an in-place upgrade.

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

One of 12 the -most commonly overlooked upgrade deals with the Microsoft Terminal Services Chapter Ser ver Configur ation: Citr ix MetaFr amcaveats e Presentation Ser ver Licensing In a Windows NTand 4.0Configur domainatwith Chapter 13 service. - Application I nstallation ion Windows 2000 or Windows Server 2003 member Terminal or without Citrix MetaFrame), the Licensing Service must be installed on a Chapter 14 Servers - Client(with Configur ation and Deploym ent Windows or later member soon as the domain is upgraded to Windows 2000 or Chapter 15 2000 - Pr ofiles, Policies, andserver. Pr oceduAs res Windows 2003,Client Terminal Services Licensing can only run on a domain controller. Terminal Chapter 16 Server - Securing Access Services immediately Chapter 17breaks - Net wor k Configur upon at ion upgrade and remains so until it is deinstalled from the member server and reinstalled and relicensed on the Domain Controller.

Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Upgrading from Windows 2000 Server

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting The Windows Chapter 21 - 2000 to Windows Server 2003 upgrade is seamless and subject only to the previously Envir onment

discussed hardware, application, and version limitations. One notable exception is Novell Netware integration. If your environment requires interoperability with Novell over IPX/SPX (NWLink), you Appendix A - the I nter netwversion or k ing Basics cannot use 64-bit of Windows Server 2003. Additionally, Windows 2003 Server-based Appendix B Creating an On- Dem and Enterpr Financial2000 Analysis Model domains can operate in one of three modes:iseWindows Mixed Mode (NT 4.0 compatible), Appendix C Creating an OnDem and Enterpr ise Subscr iption Billing Model Server 2003 Mode (all Windows 2000 Native Mode (no NT 4.0 domain controllers), or Windows I ndex domain controllers must be Windows Server 2003). Table 20-2 lists the features available for each List of Figur es mode. Pa r t I V - Appendi x es

List of Tables List Table of Case 20-2: Studies The Windows Server 2003 Domain Mode Feature Matrix List of Sidebars

Domain Feature

Windows 2000 Mixed

Windows 2000 Native

Windows Server 2003

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Disabled Th e O ff icial Guid e Domain controller by Steve Kaplan et al. rename tool

Disabled

Enabled

ISBN:0072195665

McGr aw -Hill © 2003 (724 pages)

Update logon Disabled Disabled This guide ex plains how to build a r obust, reliable, and timestamp scalable thin- client com puting envir onment and deploy

Enabled

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

Kerberos KDC learn t oDisabled Disabled Enabled centr alize application managem ent, r educe soft w ar e key version on the desktop, and mor e. numbers

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble User o f password Con t en t s on Disabled

Disabled

Enabled

CitrInetOrgPerson ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide Forobject ewor d I ntr oduction

Universal Groups

Enabled for distribution groups.

Enabled.

Chapter - Citr ix MetaFr am e Access Suite Group3 Nesting Enabled for distribution

Enabled.

Enabled.

Allows full group

Allows full group nesting.

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Chapter 1 Chapter 2

Allows both I ntr oducing Ser ver -Based Com puting and th e On- Dem and Disabled for security security and Enterpr ise groups. distribution groups. - Window s Ter minal Ser vices

Pa r t I I - De signi ng a n Entgroups. e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Disabled for security nesting. I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6 Chapter 7 Chapter 8

Enabled. Allows both security and distribution groups.

groups, except for domain local security groups that - Designing Your Netw or k for Ser ver- Based Com put ing can have global groups as - The Client Envir onment members. - Security

Converting Disabled.t Chapter 9 - Net w or k Managemen

Enabled.

Pa rGroups t I I I - I m ple m ent ing aNo n O group n-D e m a nd Se r ve r - Ba se d Com pu ti ngconversion Envi r onm e nt conversions Allows

Chapter 10 - Pr oj ect Managing and Deploying an Enter prbetween ise SBC Envir onment allowed. security Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices and groups Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver distribution groups. Chapter 13 - Application I nstallation and Configur at ion

SID History

Disabled.

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Enabled. Allows conversion between security groups and distribution groups.

Enabled.

Enabled.

Allows migration of security principals from one domain to another.

Allows migration of security principals from one domain to another.

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Upgrading Terminal Servers Ongoing Administr ation of the Ser v er - Based Com puting

Chapter 21 -

Envir onment

Operating system Pa r t I V - Appendi x esupgrades based

on Microsoft's best practices allow administrators to migrate from

one Terminal Server next. Upgrade considerations for Windows NT 4.0 TSE and Windows Appendix A - I nter netwOS or k to ingthe Basics 2000 areB listed next. While upgrades possible,Analysis administrators Appendix - Creating an On-these Dem and Enterpr are ise Financial Model should consider the

implications movinganmultiple OSiseversions to a common standard. Although the benefits of Appendix C - of Creating On- Demdisparate and Enterpr Subscr iption Billing Model having all Terminal Servers running the same (modern) OS are obvious, configuration control and management may be lost. A Windows Server 2003 Terminal Server built from the ground up will be List of Figur es radically different from a server that was migrated from Windows NT 4 to Windows 2000 to Windows List of Tables Server 2003. If a precise configuration control and management process requires servers to be List of Case Studies identical, do not upgrade, rebuild. I ndex

List of Sidebars

Upgrading from Windows NT 4.0 TSE The TSE-to-Windows 2000 Server (Terminal Server) or TSE-to-Windows Server 2003 (Terminal Server) upgraded path is subject to the same limitations discussed in the "Migration Limitations and Restrictions" section. Although not addressed as a critical consideration in that section, administrators must be aware that the upgrade also upgrades Internet Explorer. Any Terminal Service applications dependent upon IE functionality must be compatible with IE 5.01 or later. Additionally, licensing based

on the old Operating Systems Equivalency provision (if a user ran Windows 2000 Professional on their desktop, they did not need a Terminal Service Client Access License) has been removed. All users (either by device Cit or by must a Windows 2003 CAL. rix user) Me t aFra m ehave Access Su it e foServer r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Upgrading from Windows by Steve Kaplan et2000 al.

ISBN:0072195665

McGr aw -Hill © 2003 (724 pages)

The Windows 2000 to Windows Server 2003 upgrade is seamless and subject only to the previously This guide ex plains how to build a r obust, reliable, and discussed hardware, application, license, and version limitations. scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Upgrading Citrix MetaFrame

< ?xm Upgrading l version= existing " 1.0" encoding= Windows "2000 I SO- 8859servers 1" ?> that are already running MetaFrame XP is a straightforward TaMicrosoft-centric ble o f Con t en t s in-place upgrade. Conversely, upgrading both the OS version and the Citrix

MetaFrame version requires special considerations. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

Upgrading I ntr oduction

from Windows NT 4.0 TSE and MetaFrame 1.8

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Microsoft documentation indicates Citrix MetaFrame 1.8 must be deinstalled prior to upgrading to

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 2000. Windows Thisise is not strictly true, and although not a recommended upgrade path, it is a viable Enterpr

subject2for -several restrictions: Chapter Window s Ter minal Ser vices Chapter 3

- Citr ix MetaFr am e Access Suite The operating system must be upgraded first.

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise After Chapter 4 the - OS upgrade, Citrix MetaFrame 1.8 for Windows NT will show as "installed" but will not mplem ent ation function,I and error messages will indicate a new version of Citrix MetaFrame is required. Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Reinstall Citrix MetaFrame 2000.Com put ing Chapter 6 - Designing Your Netw1.8 or kfor forWindows Ser ver- Based Chapter 7

- The Client Envir onment

Chapter 8

- Security

This upgrade process preserves all published applications and MetaFrame settings.

Chapter 9

- Net w or k Managemen t Upgrading from Windows 2000 and MetaFrame 1.8

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 from - Pr oj ect Managing Deploying anXP Enter ise SBC Envir Migration MetaFrame 1.8and to MetaFrame onpr Windows 2000onment is intended to be a transitional Chapter 11not - Ser ver Configur ation: During Windows m inal Serv ices strategy, a permanent fixture. theTer migration process, the MetaFrame server farm must run Chapter 12 - Ser ver Configur ation: Citrthe ix MetaFr e Presentation SerXP veradvanced features. The following in Interoperability mode, which limits use ofam some MetaFrame

general13limitations apply: Chapter - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Upgrade Citrix MetaFrame from 1.8 to XP first.

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Access Migration licensesClient are required. Chapter 17 - Net wor k Configur at ion

Avoid Chapter 18 leaving - Pr int inthe g farm in Interoperability mode for an extended period. Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

The MetaFrame XP server farm must have the same name as the MetaFrame 1.8 server farm. When you install MetaFrame XP on the first server in the farm, name the server farm at the same Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21you - create the data store. time Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Pa r t I V - Appendi x es

Note ICA Clients see the MetaFrame XP and MetaFrame 1.8 farms operating in mixed mode

Appendix A - I nter or k ing Basics as anetw single farm. However, they are actually two separate farms. Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Management Utilities are different. Appendix C - Creating an OnDem and Enterpr ise Subscr iption Billing Model I ndex

MetaFrame XP farms and MetaFrame 1.8 farms are managed by separate utilities. You can manage a MetaFrame 1.8 farm using MetaFrame 1.8 utilities including Citrix Server List of Tables Administration (mfadmin.exe) and Published Application Manager (appcfg.exe). You should List of Case Studies use the updated versions of these tools that are installed on each MetaFrame XP server. We List of Sidebars do not recommend running previous versions of these tools from the existing MetaFrame 1.8 servers. List of Figur es

Use the Published Application Manager utility to configure and modify published applications for MetaFrame 1.8 servers. Use the Citrix Server Administration utility to configure options on MetaFrame 1.8 and MetaFrame XP servers. Note that the settings on MetaFrame XP servers take effect only when the server farm is operating in mixed mode.

Use the Citrix Management Console to manage a MetaFrame XP farm. Published Application Manager cannot be used to manage applications migrated to MetaFrame XP servers.Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

When MetaFrame XP is configured for mixed mode operation, MetaFrame 1.8 farms and ISBN:0072195665 by Steve Kaplan et al. MetaFrame XP farms appear unified because ICA browsers in both farms pool information. A McGr aw -Hill © 2003 (724 pages) MetaFrame XP server becomes the master ICA browser of both farms. The new master ICA This guide ex plains how to build a r obust, reliable, and browser holds information about the published applications available on each server. scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

MetaFrame XP mixed mode requires twoent, types of network Both MetaFrame 1.8 learn t o centr alizeoperation application managem r educe soft w artraffic. e servers and MetaFrame XP and servers communicate via UDP Port 1604 for MetaFrame 1.8 server on the desktop, mor e. communication. In addition, IMA TCP Port 2512 traffic exists between all MetaFrame XP servers < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> for MetaFrame XP server communication. Operating in MetaFrame XP mixed mode results in Ta ble o f Con t en t s increased network traffic and can affect network scalability. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

For ewor Ford additional details, refer to the Citrix XP Migration whitepaper at I ntr oduction http://support.citrix.com/servlet/KbServlet/download/30-102-7632/XP_Migration_Whitepaper.pdf Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

During the transitional phase (before servers MetaFrame XP), the following functional I ntr oducing Ser ver -Based all Com puting are andmoved th e On-to Dem and limitations exist: Enterpr ise

Chapter 1 Chapter 2

- Window s Ter minal Ser vices

In mixed mode, the XML Service connects to the Program Neighborhood Service using Program - Citr ix MetaFr am e Access Suite Neighborhood Named Pipes. In native mode, the XML Service connects to the IMA Service using I I - De signi ng a n Ent e rpr i se SBC Solut ion an IMA Remote Procedure Call (RPC).

Chapter 3 Pa r t

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

The ICA Client uses the Program Neighborhood virtual channel to connect to the Program - Ser ver - Based Computing Data Center Architect ure Neighborhood Service in mixed mode, and to the Program Neighborhood subsystem in native Chapter 6 mode. - Designing Your Netw or k for Ser ver- Based Com put ing Chapter 5 Chapter 7

- The Client Envir onment

Chapter The 8 ICA - Security Client uses the ICA browser protocol (UDP Port 1604) to connect to the ICA browser

service mixed and to Chapter 9 - inNet w or k mode, Managemen t the browser subsystem in native mode. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

In mixed mode, the Program Neighborhood and ICA browser services exist and are enabled, while the Program Neighborhood and browser subsystems are disabled. The Program Neighborhood Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices and ICA browser services interact with the local Windows Registry. Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Chapter 13 - Application I nstallation and Configur at(mfadmin.exe) ion In mixed mode, Citrix Server Administration makes RPC connections to all Chapter 14 Client Configur ation and Deploym ent MetaFrame 1.8 and MetaFrame XP servers. It also connects to Termsrv via Winstation API (RPC). Chapter 15 - Pr ofiles,Citrix Policies, and Administration Pr ocedu res In native mode, Server makes RPC connections only to MetaFrame 1.8 Chapter servers. 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

In mixed mode and in native mode, Published Application Manager (appcfg.exe) reads application information only from MetaFrame 1.8 servers. Published applications for MetaFrame XP are Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment managed only through the Citrix Management Console. Chapter 18 - Pr int in g

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Ongoing Administr ation of the Ser v er - Based Com puting The Chapter 21IMA - service exists in both modes of operation. It communicates with other servers via the IMA Envir onment

protocol over TCP Port 2512. It also connects to Termsrv via Winstation API (RPC), the local host cache via ODBC, and the data store via ODBC. The IMA service interacts with the local Windows Appendix A - Ionly nter netw or k ing Basics Registry in mixed mode. Pa r t I V - Appendi x es

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

This upgrade processanpreserves all published MetaFrame. Appendix C - Creating On- Dem and Enterpr ise applications Subscr iption and Billing Model I ndex

Licensing List of Figur es

Considerations

List of Tables

One of the most confusing parts of upgrading a Citrix MetaFrame farm is the limitations imposed by Microsoft's Terminal Services licensing, which varies based on the domain environment and the List of Sidebars operating system used for the Terminal Servers. Table 20-3 summarizes the licensing server options. List of Case Studies

Table 20-3: Microsoft Terminal Services Licensing

Domain

Terminal Server OS

Licensing Server

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2Windows 00 3 : Th eNT O ff icial Guid e Windows NT member server, Windows 2000 member ISBN:0072195665 by Steve Kaplan et al.server, or Windows Server 2003 member server TSE McGr aw -Hill © 2003 (724 pages)

Windows NT

Windows 2000

Windows 2000 member server or Windows Server 2003

This guide ex plains how to build a r obust, reliable, and member server scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also Windows Windows Server 2003 member server learn t o centr alize application managem ent, r educe soft w ar e Server 2003 and mor e. on the desktop,

Windows Windows 2000 domain controller or Windows Server 2003 < ?xm l version= " 1.0"Windows encoding=NT " I SO- 88591" ?> Ta ble 2000 o f Con t en t s TSE member server Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Windows 2000

For ewor d I ntr oduction

Windows 2000 domain controller or Windows Server 2003 member server

2003 Windows Pa r t I - Ov er vi e w ofWindows Ente r pr ise Se r ve r - Ba se d Com Server put in g

2003 member server

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 Windows Windows NT Windows Server 2003 member server Enterpr ise

2003

TSE

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ixWindows MetaFr am2000 e Access Suite Windows Server 2003 member server

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Windows 2003

Chapter 4

-

Windows Server 2003 member server

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

For Windows Server 2003Computing Terminal Servers, a new licensing Chapter 5 - Ser ver - Based Data Center Architect ure server is required (Windows 2000 will not support6 Windows Server 2003 Terminal Services licensing). a Windows Server 2003 Chapter - Designing Your Netw or k for Ser ver- Based Com put However, ing

licensing server will support Windows 2000 and Windows 2003 licensing as well as legacy Windows - The Client Envir onment NT TSE licensing. On the plus side, a Windows Server 2003 license server does not have to be a Chapter 8 - Security domain controller, and when installed in a Windows 2000 domain, eliminates the former restriction that Chapter 9 - Net w or k Managemen t Windows 2000 Terminal Services Licensing Service must reside on a DC. During migration to Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Windows Server 2003, the first step is to install a new Windows Server 2003 license server. Chapter 7

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Chapter Ser ver Configur m inalmust Servbe icesconfigured as a license server compatible Finally,11 the-Windows Serveration: 2003 Windows licensingTer server Chapter 12 - Ser ver Configur ation: Citr ix MetaFr e Presentation Ser ver with Windows 2000 server, as discussed in theam Microsoft KnowledgeBase article Q278513. Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Chapter Cit 21: Ongoing Administration of the Server2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. Based Computing EnvironmentISBN:0072195665 McGr aw -Hill © 2003 (724 pages) Thisadministration guide ex plains is how to build that a r obust, reliable, and The goal of ongoing to ensure IT services are delivered according to service level scalable thin- client com puting envir onment and deploy requirements thatWindows are agreed to by IT management and other relevant decision makers within a 2000/ Windows 2003 Ser v er and MetaFr am e. Also company. The day-to-day operations of an IT department should be proactive and require that the learn t o centr alize application managem ent, r educe soft w ar e proper products, on services, and infrastructure are in place to identify and prevent potential problems. the desktop, and mor e. This chapter provides guidance on how to manage and troubleshoot server-based computing < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> environments. Through these methodologies, achieving reliable, available, supportable, and Ta ble o f Con t en t s manageable solutions built on Microsoft and Citrix products and technologies can be attained. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

For ewor d This chapter also examines the need to develop dedicated support systems to track and facilitate endI ntr oduction user problems, perform maintenance on infrastructure, track service level agreements, and Pa r t I - Ov er vi e wtoof Ente r pr ise Se r ve r - Ba se dIT Com put in g communicate the end-user community progress

and relevant problems. In some companies this

I ntr oducing Ser ver -Based puting and operations, th e On- Demor and may be1 any- combination of help desk,Com service desk, call center services. Regardless of Chapter Enterpr ise they are combined, the need and function of these critical components must be what it is called or how Chapter 2 for - Window s Termanagement minal Ser vicesand operation of the SBC environment. analyzed successful Chapter 3 - Citr ix MetaFr am e Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Scheduled Maintenance Activities Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Chapter 4

-

I mplem ent ation

There are specific tasks that should be performed on a daily, weekly, monthly, and quarterly interval to Chapter 5 - Ser ver - Based Computing Data Center Architect ure ensure service levels are being met. General tasks are outlined in this section to provide a guide for Chapter 6 Designing Your Netw or k for Ser ver- Based Com put ing MetaFrame- XP administrators. It is very important to schedule time at defined intervals to ensure Chapter 7 - The Client happen Envir onment maintenance activities and any administrative actions are documented for reference later. Chapter 8 - and Security Daily issues maintenance should be tracked and reviewed so persistent problems can be Chapter 9 and - Net w or k Managemen t identified a timeline can be created for resolving them. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

On a quarterly basis, a baseline should beise conducted Chapter 10 - Pr oj ect Managing andcomparison Deploying an Enter pr SBC Enviragainst onment the information monitored and gathered throughout theation: period. This will anyices inconsistencies that may need to be Chapter 11 - Ser ver Configur Windows Teridentify m inal Serv addressed. a user loadCitr trend analysis help administrators determine proper use of Chapter 12 - Performing Ser ver Configur ation: ix MetaFr am ewill Presentation Ser ver

server resources. If trending indicates Chapter 13 - Application I nstallation anddegradation Configur at ionof server performance due to overload of users,

expansion of the MetaFrame environment (such as adding additional load balanced servers) may be necessary. A project, which includes analysis of infrastructure and design, should be initiated and Chapter 15 - Pr ofiles, Policies, and Pr ocedu res subsequent requisition of hardware, software, and resources scheduled. Chapter 14 - Client Configur ation and Deploym ent Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

Daily Maintenance Activities

Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Daily maintenance activities are centered on the essential tasks needed to ensure the Citrix farm is highly available and is servicing the end-user needs. These tasks should include, but not be limited to, Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 the following: Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Pa r t I V - Appendi x es

Back up the datastore A Microsoft Access-based datastore (DS) can be backed up either using

Appendix A - I nterbackup netw or k ing Basics utility or by copying the backup datastore file (mf20.bak) that is thedsmaint command Appendix B Creating an OnDem and Enterpr ise Financial Analysisshare. Model This task is most commonly created every time the IMA service is stopped to a network Appendix C - Creating an aOnDem and Enterpr ise Subscr iption Billing Model executed daily with scheduled script. Third-party datastores (SQL or Oracle) require additional I ndex configurations from within SQL or Oracle management software to ensure proper backup of the List ofdatastore. Figur es See Figure 21-1 for a sample reboot script that copies the backup datastore file to a List ofnetwork Tables share. List of Case Studies List of Sidebars

Figure 21-1: Sample reboot script

Reboot servers Servers should be rebooted frequently to eliminate any "hung" processes or Cit A rixsimple Me t aFra m e Access Su the it e fo r Wshown in do win s Ser ver 21-1 can be used as a Figure memory leaks. reboot script like one 2 00 3 : Th e O ff icial Guid e scheduled task to reboot servers with MetaFrame XPs or XPa. MetaFrame XPe has reboot ISBN:0072195665 by Steve and Kaplan et be al. scheduled from the server functionality included can properties in the CMC. McGr aw -Hill © 2003 (724 pages)

CautionThis Do not reboot more than ten servers every ten minutes. Rebooting more than ten guide ex plains how to build a r obust, reliable, and scalable com cause puting severe envir onment andthe deploy servers thinat a client time can load on datastore, prompting delays in IMA Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also service start times. learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Note Sleep.exe is part of the Windows 2000 Resource Kit and the Windows Server 2003 < ?xm l version= " 1.0" Resource encoding= Kit. " I SO- 8859- 1" ?> Ta ble o f Con t en t s

that all servers communicating properly Official with the datastore This can be done either Citr ix Verify MetaFr am e Access Suite are for Window s Ser v er 2003—The Guide bydrunning qfarm from the command line with the /app and /load extensions to make sure all For ewor

servers are showing up and load values are appropriate, or by viewing the status of the server from the CMC. qfarm with the /app switch will detail which servers are providing which Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g applications, checking to make sure all servers and appropriate applications are listed to verify I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 communication. qfarm with the /load switch will detail all servers and their associated load levels. Enterpr ise Load levels should be within Chapter 2 - Window s Ter minal Serzero vicesto 9999 at all times. A load level of 10000 indicates a server is reporting maximum load on a particular load evaluator. If the load level is above 10000, it indicates Chapter 3 - Citr ix MetaFr am e Access Suite a problem with load balancing or the datastore. qfarm used with the /online or /offline switch will Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion display which servers are currently online or offline in the farm. I ntr oduction

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Perform a thorough review Review any Resource Manager performance alerts, virus - Ser ver - Based Computing Data Center Architect ure notifications, and datastore backup logs or scripts for proper execution. Notifications should be Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing configured for these whether they are e-mail or SNMP traps. Chapter 5 Chapter 7

- The Client Envir onment

Chapter Assess 8 - event Security viewer errors Event logs should be checked daily on all servers to ensure that the

operating system, applications, Chapter 9 - Net w or k Managemen t and system security are functioning normally. Microsoft Operations a great toe m view centrally but other Pa r t I Manager I I - I m ple is m ent ing a utility n O n-D a ndevent Se r velogs r - Ba se d Com pu ti ng Envi event r onm elog nt

consolidation tools exist

that dramatically simplify daily task of checking each event log by providing a unified Chapter 10can - Pr oj ect Managing and the Deploying an Enter pr ise SBC Envir onment interface, such the products made by (see bw.rippletech. com for more Chapter 11 - Ser ver as Configur ation: Windows TerRippleTech m inal Serv ices information), Sentry Proation: (see www.sentry-pro.com for moreSer information), or Gravity Square (see Chapter 12 - Ser ver Configur Citr ix MetaFr am e Presentation ver www.gravitysquare.com for more Chapter 13 - Application I nstallation andinformation). Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Troubleshoot problems Troubleshoot daily user problems and handle emergency hardware

Chapter 15 -such Pr ofiles, Policies, Pr ocedu res cards, and so on. issues as failed hardand drives, network Chapter 16 - Securing Client Access

Check states using Citrix Management Console Reset lengthy disconnected Chapter 17 - for Netsession wor k Configur at ion sessions if int disconnect times are not enforced. Record and trend the number of disconnected, idle, Chapter 18 - Pr in g and sessions to helpand refine the MetaFrame session disconnect settings. Chapter 19active - Disaster Recovery Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Weekly Maintenance Activities

Chapter 21 -

Envir onment

Pa r t I V - Appendi x es Weekly maintenance activities

focus on proactive tasks that are aimed at keeping both the farm and

Appendix A - I nterThese netw oractions k ing Basics servers healthy. should include, but not be limited to, the following: Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Verify need notiseexceed current purchased licensing Theclicense Appendix C -concurrent Creating an user On- Dem anddoes Enterpr Subscr iption Billing Model I ndex

connections command provides an overview of current usage of all Citrix products. Look for a low number of available licenses to determine when there is need for additional licensing.

List of Figur es

List ofCheck Tables free space Check free space on all servers to ensure sufficient space is available for List ofproper Case Studies operation. Once a server gets below ten percent of total disk space available, the List ofperformance Sidebars of the server will be affected.

Ensure antivirus definitions are up-to-date Generate reports Create reports on downtime/uptime, performance problems, and lingering issues to understand and react to problems in the environment. Update the user community on current problem resolution and uptime of environment through e-mail, intranet (MSAM covered in Chapter 16 can provide a great solution for end-user communication), or other means.

Review and apply any critical Windows, application, or Citrixupdates/hotfixes It is critical to stay up-to-date with the latest patches or fixes to prevent unnecessary problems. The changes should be applied first toSu verify rollout to production servers. Cit rix to Meattest aFraserver m e Access it e fooperability r W in do w before s Ser ver 2 00 3 : Th e O ff icial Guid e

Monthly

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

Monthly maintenance activities focushow on to high-level farm administration This guide ex plains build a r obust, reliable, and and housekeeping. These tasks scalable clientto,com envir onment and deploy should include, but not bethinlimited theputing following: Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and for morICA e. sessions Review current bandwidth versus bandwidth Monitor bandwidth utilization

needed to support printing, session responsiveness, and potential growth. < ?xm l version= " 1.0" encoding= " I SO8859- 1" ?> Ta ble o f Con t en t s Citr ix Update MetaFr amprinter e Access Suite for Window s Ser v er 2003—The Official Guide drivers, and driver mappings, and remove unused drivers The latest versions For ewor of dthe drivers should be used, all servers should contain the same drivers, unused drivers should I ntr oduction be removed, and driver mappings and compatibility lists should be updated. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Quarterly Enterpr ise

Chapter 1 Chapter 2

- Window s Ter minal Ser vices

Quarterly maintenance activities focus on reviewing current farm design and monitoring performance - Citr ix MetaFr am e Access Suite levels. These tasks should include, but not be limited to, the following:

Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Chapter 4

-

Chapter 7

- The Client Envir onment

AnalyzeIusage mplem ent and ation growth patterns Analyze farm usage and future growth patterns to estimate requirements expansion of theData MetaFrame XP environment, then perform budgetary and Chapter 5 - Ser verfor - Based Computing Center Architect ure growth planning. Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing Chapter 8 defrag - Security Run and chkdsk on all drives Third-party defragmentation utilities, such as Executive Chapter 9 - NetDiskeeper, w or k Managemen Software's shouldt be utilized to facilitate scheduled and robust defragmentation. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Perform test restores of the datastore from tape backup to an isolated testing environment Since the DS is an important component of the MetaFrame environment, we recommend Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver performing periodic restores from tape backup. This restore should follow established procedures. Chapter 13 - Application I nstallation and Configur at ion The DS should be restored onto equipment similar to that in the production environment. To avoid Chapter 14 - Client Configur ation and Deploym ent network conflicts and the risk of affecting the production environment, the restored DS should be Chapter 15 isolated - Pr ofiles, ocedu res in Chapter 10). Administrators should check the in an testPolicies, networkand (asPrdiscussed Chapter 16 Securing Client Access operability of the restored datastore by adding a MetaFrame server into the farm and connecting Chapter 17 application. - Net wor k Configur at ion to an Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Perform baseline comparisons against previous baselines Baseline comparisons indicate whether the current sizing of the farm is adequate. If performance problems are identified, Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 additional hardware and software will need to be purchased and implemented. Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Farm Management 2 00 3 : Th e O ff icial Guid e

by Steve Kaplan al. that the farm continuesISBN:0072195665 Farm Management is required toetverify to meet the needs of the MetaFrame aw -Hill © 2003 pages) XP environment. McGr Servers should be(724 monitored to verify that the load is appropriate. Too many users, runaway processes, leaks,how and to poor applications on a server Thismemory guide ex plains build a r obust, reliable, and can lead to poor performance. scalable thin- client com puting envir onment and deploy Windows 2000/ Windows Ser v er and MetaFrused am e.to Also The Citrix Management Console (CMC) is2003 the central program monitor and manage learn t oand centr alize application r educe softprogram w ar e MetaFrame XP servers server farms. Themanagem CMC is aent, Java-based that ships with on the desktop, and mor e. MetaFrame XP. Each Citrix product (such as Installation Manager) adds software modules (Java < ?xm l version= " 1.0" encoding= " I SO8859- 1" ?> other features for those products. Applets) to the CMC to provide controls and Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

The Citrix Management Console

For ewor d

I ntr oduction The Citrix Management Console allows the MetaFrame XP administrators to do the following: Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Configure servers settings from anyand connected workstation. I ntr oducingand Serfarm ver -Based Com puting th e On- Dem and

Chapter 1

-

Enterpr ise View current sessions, users, and processes. Chapter 2 information - Window s about Ter minal Ser vices Chapter 3

Citr ix MetaFr am e Access Suite Set up -and manage printers for ICA Client users.

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Publish Chapter 4 - applications and monitor application usage. I mplem ent ation

Enter, assign MetaFrame XP licenses. Chapter 5 -activate, Ser ver - and Based Computing Data Center Architect ure Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Monitor, reset, disconnect, and reconnect ICA Client sessions.

Chapter 8 messages - Security to ICA Client users and shadow their ICA sessions. Send Chapter 9 - Net w or k Managemen t

Each has by default. Pa r t I I IMetaFrame - I m ple m entXP ingserver a n O n-D e mthe a ndCMC Se r veinstalled r - Ba se d Com pu ti ng However, Envi r onm ethe nt

MetaFrame XP CD-ROM

can be 10 used toojinstall the CMCand on Deploying other Windows workstations. This enables the MetaFrame Chapter - Pr ect Managing an Enter pr ise SBC Envir onment Operations manage CitrixWindows server farms from non-MetaFrame computers. Only users in the Chapter 11 - Group Ser vertoConfigur ation: Ter m inal Serv ices Citrix Administrators group are authorized to use CMC. Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am the e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

The CMC queries the Zone Data Collector (or a server you select) for information such as running processes, connected users, and server loads. Depending on the size of the server farm, the console Chapter 15 - performance Pr ofiles, Policies, andserver Pr ocedu res It is best to open only one copy of the CMC at a time and might affect in the farm. Chapter 16 Securing Client Access connect it to the Zone Data Collector (ZDC) so the console can query data directly. Auto refresh of the Chapter 17 - Net Configur at ionsituations due to the additional strain it places on the ZDC server. CMC should notwor be kused in most Chapter 14 - Client Configur ation and Deploym ent

Chapter 18 - Pr int in g Chapter Controlling 19 - Disaster Access Recovery to the and Citrix BusinessManagement Continuity in the Console SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

The CMC uses a standard Windows and account authentication to grant access to Ongoing Administr ation oflogon the Ser v eruser - Based Com puting Chapter 21 - Citrix administrators. Access to the CMC must be granted by adding a user or group to the designated Envir onment MetaFrame XP xAdministrators Pa r t I V - Appendi es

section of the CMC. A MetaFrame XP administrator with CMC read-

write privileges can add Appendix A - I nter netw or kMetaFrame ing Basics XP administrators from within the Citrix Management Console. To add a Citrix right-click MetaFrame XP Analysis Administrators Appendix B - administrator, Creating an OnDem and the Enterpr ise Financial Model node in the console tree in the left-handCwindow pane MetaFrame Administrator. Appendix - Creating anand On-choose Dem and Add Enterpr ise SubscrXP iption Billing ModelIn the dialog box that appears,

select the user and group accounts that will be added to the Citrix Administrators group in the console and click Next. The Select Tasks dialog box now appears. Select the appropriate access level for the List of Figur es new administrator and click Next. The access granted to an administrator is fully customizable. There List of Tables are options for View Only, Full Administration, and Custom. Custom permissions can be used to create List of Case Studies level-one help desk personnel access, which only allows for administration of user sessions. All levels List of Sidebars of the CMC have their own access rights, so it is possible to create administrator logins for managers such that they have access only to the areas they need to perform their job, but little else beyond that. I ndex

Using Server and Application Folders Within CMC The CMC provides the ability to group servers and applications into folders. There is no correlation between CMC folders and Program Neighborhood folders displayed within application sets. The CMC folders help to manage a large number of servers and increase the performance of the CMC because

the CMC only queries data for the servers or applications in the current folder view. One way to increase the response time of the CMC is to divide the list of servers into folders based on their zones. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e Managing Zones by Steve Kaplan et al.

ISBN:0072195665

McGr aw -Hill © 2003 pages) In a MetaFrame XP server farm, a (724 zone is a grouping of MetaFrame XP servers that share a common data collector, which a MetaFrame XPtoserver receives information from all the servers in the This is guide ex plains how build that a r obust, reliable, and thin- client com puting onment and deploy zone. A zone in ascalable MetaFrame XP server farm envir elects a Zone Data Collector for the zone if a new server v er andZDC MetaFr am e. Also joins the zone, a Windows member 2000/ serverWindows restarts,2003 or theSer current becomes unavailable. A ZDC becomes learn t o centr alize application managem ent, r educe soft w ar e unavailable if theon server goes down or is disconnected from the network, or if you move the server to the desktop, and mor e. another zone. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaWhen ble o f aCon t enelects ts zone a new ZDC, it uses a preference ranking of the servers in the zone. You can set theix preference for the a zone on the Zones tab Guide in the server farm's Properties dialog Citr MetaFr am e ranking Access Suite forservers Windowin s Ser v er 2003—The Official

box. Each zone has four levels of preference for election of a ZDC. The preference levels, in order For ewor d from highest to lowest preference, are I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Most Preferred

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Preferred

Chapter 2

- Window s Ter minal Ser vices

Chapter 3 - Preference Citr ix MetaFr am e Access Suite Default Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Not Preferred Pr epar ing Your Or ganization for an On- Dem and Enterpr ise -

Chapter 4

I mplem ent ation All servers a zone are assigned to one the four election Chapter 5 -inSer ver - Based Computing Dataof Center Architect ure preference levels. When the zone elects

a new ZDC,- itDesigning tries to select a server from the first preference level. If no servers at this level are Your Netw or k for Ser ver- Based Com put ing available, the zone selects a server from the second level, and so on.

Chapter 6 Chapter 7

- The Client Envir onment

Chapter 8 - Security When you create a farm, the election preference for all servers is Default Preference, except for the Chapter 9 -added Net w or Managemen t first server tok the zone, which is set to Most Preferred and is the initial ZDC. Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

On the 10 Zones in Managing the console, colored symbol next toonment each server name to indicate the Chapter - Prtab oj ect and aDeploying an Enterappears pr ise SBC Envir election11preference setting. You change the default preference to designate a specific Chapter - Ser ver Configur ation:can Windows Ter m inal Servelection ices server as data To doCitr this, theam election preference for the server to Most Preferred. If Chapter 12 the - Ser vercollector. Configur ation: ix set MetaFr e Presentation Ser ver you do 13 not -want some servers to beand theConfigur ZDC, set the election preference for those servers to Not Chapter Application I nstallation at ion Preferred.

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Managing Users and ICA Sessions

Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

Some of the main tasks of a MetaFrame XP administrator revolve around management of users and sessions. If a server has a problem or needs to be taken down for maintenance, then logons must be Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment disabled and later reenabled. Sessions will also need to be reset, logged out, or disconnected for Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP users so they can get back into the system with a clean start. Chapter 18 - Pr int in g

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

To View Current Users

Pa r t I V - Appendi x es

Appendix - I nter or k ing on Basics Current Ausers withnetw sessions a server can be viewed from the Users tab either of the server's folder Appendix B Creating an OnDem andinEnterpr ise Financial Analysis Model or by selecting the individual server the server's tree from within the CMC. The Users tab on the Appendix - Creating an On-an Dem and Enterpr ise Subscr Model server's Cfolder level allows administrator to view alliption of theBilling sessions in the farm. The following I ndex information for each session is shown: List of Figur es List of Tables

User The name of the user account accessing the system

List of Case Studies List of Sidebars

Server The name of the MetaFrame XP server for the session Application The Published Application name for the application running in the session Client Name The name given to the ICA Client device in the ICA Client software

Session Displays the type of session and a session number Cit rix Me t aFra m e Access it e fo r on W inthe do w s Ser ver Session ID The numeric identifier of theSusession host server 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665

by Steve Kaplan et al.

State The current status the(724 ICApages) session McGr aw -Hill ©of2003 This guide ex plains how to build a r obust, reliable, and thin- client com puting envir onment and deploy Logon Timescalable The time the user logged on to the server

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e Selecting an individual only shows on theserver desktop, and mor e.the sessions on that server. There is an additional column for

Idle Time when sessions are viewed from the server level. This column shows the time that a session < ?xm version= " 1.0"but encoding= " I SO- 8859?> application. hasl been active, not interacting, with1"the Ta ble o f Con t en t s Citr The ix MetaFr currentam users e Access logged Suite onfor to Window a servers can Ser valso er 2003—The be viewedOfficial from a Guide command prompt with the query

user The query user command only shows the users on the current server, unless For eworcommand. d another server is specified with the /server: parameter. It does not return the application I ntr oduction orr tclient from Pa I - Ovname er vi e winformation of Ente r pr ise Se rthe ve r -command Ba se d Com line. put in g I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

To Enable or Disable Logons Enterpr ise

Chapter 2

- Window s Ter minal Ser vices

To enable or disable logons from the CMC, do the following: - Citr ix MetaFr am e Access Suite

Chapter 3

theSBC treeSolut in CMC Pa r t 1. I I - Right-click De signi ng aanserver Ent e rprini se ion

and choose Properties.

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 disable 2. To logons by ICA Client users, clear the Enable Logons To This Server check box on I mplem ent ation

Settings tab. Data Center Architect ure Chapter the 5 MetaFrame - Ser ver - Based Computing Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

3. To restore the ability of ICA Clients to connect to the server, select Enable Logons To This - The Client Envir onment Server on the MetaFrame Settings tab.

Chapter 7 Chapter 8

- Security

Chapter Logons9 can- also Net wbe or kdisabled Managemen from t the command prompt using the change logon command. The Pa command r t I I I - I m has ple mthree ent ing options: a n O n-D enable e m a ndlogons, Se r ve r - disable Ba se d Com logons, pu ti ng orEnvi query r onm what e nt the

current logon state of

the server Chapter 10 is. - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Managing ICA Chapter 12 - Ser ver Sessions Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

User's sessions can be managed from the CMC by viewing the users either at the server level of the CMC or by choosing the individual server under the server's tree. Many options are available by rightChapter 15 - Pr ofiles, Policies, and Pr ocedu res clicking the individual user. Chapter 14 - Client Configur ation and Deploym ent Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

Connect allows an administrator to connect to a user's disconnected session. If a user is Chapter 18 - PrThis int in g disconnected, this allows an administrator to connect to the user's session and both close applications and save documents.

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

EnvirThis onment Disconnect allows the administrator to manually disconnect a user's session, letting the user Pa r t I be V - gracefully Appendi x es disconnected without closing any applications. They can then be reconnected from Appendix A - client. I nter netw or k ing Basics another Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

Send Message This permits messages to be sent to the client side of the ICA session. Users can be notified of new applications, upgrades, or system shutdowns.

List of Figur es List of Tables

This option allows shadowing of the selected session as long as the CMC is being run List ofShadow Case Studies an ICA session. Shadowing cannot be initiated this way from the console of the server. List offrom Sidebars

Reset Resetting a session terminates all processes that are running in the session and can cause applications to close without saving data. Status This shows incoming and outgoing traffic as well as compression taking place on the inbound and outbound ICA traffic.

Logoff Selected Session This option closes applications and attempts to save changes to information before terminating the session. Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

by Steve Kaplan et al. Session Information Gives detailed information about theISBN:0072195665 ICA session such as session McGrdepth, aw -Hill client © 2003 IP (724 pages) processes, color addresses, screen resolution, encryption, DLLs in use, and client caches. This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Managing Application Access

Management of application access is an important day-to-day task. Users or servers may need to be

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> added or removed from individual applications at any time. A user may need one-time access to a Ta ble o f Con t en t s

specific application or an application may stop functioning correctly at any time.

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

Adding and Removing Users from a Published Application

I ntr oduction

Pa r t I - Ov er vi e w of Entedo r prnot ise have Se r ve to r - Ba d Com put in g Although applications besepublished for

ICA Clients to access them, publishing provides

I ntr oducing Ser ver -Based Com puting and th e On- Dem and management Chapter 1 - benefits and makes application access easier for end users. Applications can be Enterprfrom ise the CMC on any server. centrally managed Chapter 2

- Window s Ter minal Ser vices To give3a user access to am a published application, open the CMC and do the following: Chapter - Citr ix MetaFr e Access Suite Pa r t 1. I I - Right-click De signi ng athe n Ent e rpr i se SBC Solut ion Published Application

and select Properties.

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mpleminent ation 2. Click Users the left column. Chapter 5 - Ser ver - Based Computing Data Center Architect ure Chapter 4

-

3. Select a domain,Your andNetw addorthe users or groups by clicking Chapter 6 - Designing k for Ser verBased Com put ing the Add button. Chapter 7

- The Client Envir onment

To remove a user, access the same user tab, highlight the user or group that should be removed and - Security click the Remove button.

Chapter 8 Chapter 9

- Net w or k Managemen t

Pa t II I - Im m ent n O n-DDirectory e m a nd Segroup, r ve r - Baadministrators se d Com pu ti ngcan Envigrant r onm e nt Ifraccess isple given toing anaActive access

to new users by adding

Chapter 10account - Pr oj ect Managing and 2000 Deploying an Enter pr ise SBC Envir onment the user to the Windows Group. Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Adding a Server from PublishedSerApplication Chapter 12 and - SerRemoving ver Configur ation: Citr ix MetaFr ama e Presentation ver Chapter 13 - Application I nstallation and Configur at ion

The CMC can be used to add and remove servers from a published application. Once a server has been added to a published application, users can connect to the published application on the newly Chapter 15 - Pr ofiles, Policies, and Pr ocedu res added server. Chapter 14 - Client Configur ation and Deploym ent Chapter 16 - Securing Client Access

Chapter - Net worakserver Configur at ion To add17 or remove from a published application: Chapter 18 Pr int in g 1. Open the CMC. Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

2. Click folder on the to view published applications. Chapter 20 - the MigrApplications ation to Window s 2003 andleft Citrpane ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 3. Right-click the published application and select Properties. Envir onment Pa r t I V - Appendi x es

4. Click Servers in the left column.

Appendix A - I nter netw or k ing Basics

Appendix B add - Creating an highlight On- Dem and ise Financial 5. To a server, the Enterpr server from the list Analysis in the leftModel pane and click the Add button. Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex6. To remove a server, highlight the server in the list in the right pane and click the Remove

button. List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Basic Troubleshooting Techniques 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve any Kaplan et al. Although troubleshooting distributed system can be challenging and time-consuming, applying a McGr awto -Hill © 2003 (724 pages)can help sort through possible causes and reveal the root structured methodology troubleshooting cause of most problems. This guide ex plains how to build a r obust, reliable, and

scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser vfor er some and MetaFr e. Also This section includes troubleshooting procedures of theammore common problems found in an learn t o centr alize application managem ent, r educe soft w ar e SBC environment. on the desktop, and mor e.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Connections

Citr ix MetaFr e Access Suite for Window s Ser v er 2003—The Official Guide One of the am most common problems in the SBC environment that requires troubleshooting involves For ewor d connectivity. When users cannot connect to the MetaFrame servers, there are numerous possibilities I ntr to oduction consider. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

The ICAIClient is not properly Thisthiseoften theand problem if only one user cannot ntr oducing Serconfigured ver -Based Com puting and On- Dem connect Enterpr to the farm. ise If the user is using Program Neighborhood, check the server location address by 2selecting the sconnection, right-clicking, and selecting the Properties option. The proper server Chapter - Window Ter minal Ser vices location address should be entered in the Address List box by clicking the Add button. Note that if Chapter 3 - Citr ix MetaFr am e Access Suite + HTTP is the protocol used, the appropriate XML port must be entered when Pa r t I TCP/IP I - De signi ng a n Ent e rpr i se SBC being Solut ion adding the server If the Program Agent Pr epar ing location. Your Or ganization for an Neighborhood On- Dem and Enterpr iseis being used, make sure the Web Chapter 4 InterfaceI mplem URL isent correct. ation Chapter 1

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

The MetaFrame server is not accepting any more connections Check to make sure logons - Designing Your Netw or k for Ser ver- Based Com put ing have not been disabled by launching the CMC, highlighting the server(s) in question, right-clicking, Chapter 7 - The Client Envir onment and selecting Properties. Next, click the MetaFrame XP Settings option and make sure in the Chapter 8 - Security Control Options section that the Enable Logons To This Server check box is selected. Chapter 6

Chapter 9

- Net w or k Managemen t

Pa r t I The I I - I MetaFrame m ple m ent ingserver's a n O n-D eload m a ndlevel Se r ve Ba se d Com Envi r onm isr -too high If pu theti ng load level ofeantserver

is too high, new

Chapter 10 - Pr oj ect andtoDeploying an Check Enter prthe ise SBC onment sessions will notManaging be directed the server. loadEnvir on the server from within the CMC. Chapter 11 - Ser Configurination: Windows Ter m the inal Load Serv ices Highlight thever server(s) question and click Manager Monitor tab. If the server is

reporting a full check theCitr Load Evaluators to make sure Chapter 12 - Ser ver load, Configur ation: ix MetaFr am e Presentation Serthey ver are appropriate. This can also be 13 checked by running qfarm /load from a atcommand prompt. A server at maximum load will Chapter - Application I nstallation and Configur ion report as 10000. Chapter 14 load - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

The listeners are down Listeners (both ICA and RDP) are the control mechanism by which new sessions are established to MetaFrame XP servers. The state of the listeners can be checked Chapter 17 - Net wor k Configur at ion from the CMC. Click the server(s) in question and select the Sessions tab. The listeners for both Chapter 18 - Pr int in g ICA (ICA-tcp) and RDP (RDP-Tcp) will be shown and should be in a listen state. If either is in a Chapter 19 state, - Disaster andcannot Business in the SBC Envir onment down new Recovery connections beContinuity established to the server, and the listener should be reset Chapter 20 Migr ation to Window s 2003 and Citr ix MetaFrame XP by right-clicking the listener and selecting Reset. If this does not bring the listener back to a listen Ongoing Administr ation of theAlso Ser vverify er - Based puting state, the MetaFrame server. thatCom nothing else is using port 1494. A common Chapter 21 reboot Envir onment way to check connectivity to the MetaFrame servers is to run the following from a command Pa r t I V - Appendi x es prompt: Chapter 16 - Securing Client Access

Appendix A - I nter netw or k ing Basics Appendix telnet B - Dem and 1494 Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

The response should be ICA ICA ICA, which is an ICA Banner from the Citrix server. This output will continue until the Telnet session is broken or times out. If this does not appear there List of Figur es may be a problem with the listeners. I ndex

List of Tables

List ofThere Case Studies are not enough idle sessions available By default, there are two idle sessions available List offor Sidebars logons. If more than two connections are made before one of the idle sessions frees up, an

error is received on the client when trying to connect. Typically, if the user attempts to connect again, they will be able to log on. If errors of this nature occur during peak login times, increase the number of idle sessions by editing the HKLM\System\CurrentControlSet\Control\Terminal Server\IdleWinStationPoolCount registry key. There are network issues present This could be on the server or client side of the network. The main items to verify include the following: are the server's network cards functioning properly; are

routers and switches between the client and server configured correctly; are firewall settings blocking ICA traffic; and are client network cards configured and functioning properly. As mentioned earlier, of the waysSu toitestablish connectivity to the Citrix server is to run the Cit rix one Me t aFra m best e Access e fo r W in do w s Ser ver following from a 3command prompt: 2 00 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

telnet 1494

ISBN:0072195665

This guidebe ex plains to buildICA, a r obust, and The response should ICAhow ICA which reliable, is an ICA Banner from the Citrix server. If this scalable thin- client com puting envir onment and deploy does not appear and the ICA listener is up and running, then something is blocking Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also communication from the client to the server. learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Core services not functional Both the Independent Management Architecture (IMA) and Citrix < ?xm l version= " 1.0" encoding= " I SO- 8859?> XML services must be running for a1"MetaFrame XP server to function properly. Check both of Ta ble o f Conservice t en t s states by selecting Control Panel | Administrative Tools | Services to ensure they are these Citr ix both MetaFr e Accessstate. Suite Iffor Window s Ser v er 2003—The Official the Guide inam a Started their status shows blank, right-click service and select the Start For ewor d option. I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Shadowing Users I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

-

Enterpr ise

Many end-user problems can be resolved without physically visiting the user by utilizing the shadowing Chapter 2 - Window s Ter minal Ser vices technology included with MetaFrame. Permissions for shadowing are best set up in a Citrix Policy and Chapter 3 - Citr ix MetaFr am e Access Suite only granted to administrators and managers within the company. Shadowing rights enable the control Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion of a user session to instruct the user on how to perform a certain function, troubleshoot client-side Pr epar ing Your Or ganization for an On- Dem and Enterpr ise problems, Chapter 4 or - promote general education about applications, printing, and system orientation. There I mplem ent ation are a couple of ways to initiate shadowing. One can be started from within the CMC by right-clicking Chapter 5 - Ser ver - Based Computing Data Center Architect ure the user sessions to be shadowed and selecting the Shadow option. Another method is to use the Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing Shadow Taskbar found on the ICA Administrator Toolbar. A popular way to give managers access to Chapter 7 -without The Client Envir onment shadowing giving them permissions to the CMC is to publish the Shadow Taskbar program as Chapter 8 - application. Security a published Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Troubleshooting the SQL Datastore

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 utilizing - Ser vera Configur ation: Windows Terseveral m inal Serv ices If you are SQL Datastore there are troubleshooting tips that can assist the Chapter 12 Ser ver Configur ation: Citr ix MetaFr am e Presentation Serfollowing ver administrator in discovering and fixing connectivity problems. The list consolidates the most Chapter 13 problems - Application I nstallation andthe Configur at ion common encountered with SQL Datastore and how to correct the issues. Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

The wrong credentials are supplied for SQL authentication During the configuration of a SQL Datastore, a username and password are entered, which are used for accessing the Datastore Chapter 17 - Net wor k Configur at ion database. If this username or password is changed without updating the DSN used to connect to Chapter 18 - Pr int in g the Datastore, connectivity problems will be encountered. Chapter 16 - Securing Client Access

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

The DSNOngoing is configured for NTofauthentication notCom SQL authentication Ensure that the DSN file Administr ation the Ser v er - Based puting Chapter 21 is configured for the proper method of authentication by opening the Data Sources (ODBC) from Envir onment Control Pa r t I within V - Appendi x esPanel

| Administrative Tools.

Appendix A - I nter netw or k ing Basics Appendix - Creating an On- Dembetween and Enterpr Financial Analysis Model TheBnetwork connection theise SQL server and the MetaFrame server is down Test Appendix C Creating an OnDem and Enterpr ise Subscr iption Billing connectivity by using Data Sources (ODBC) utility from within Model Control Panel | Administrative Tools I ndex by selecting the DSN and clicking the Configure button. List of Figur es List of Tables

Log space Ensure you have the Truncate Log At Checkpoint option selected or have adequate backups scheduled to ensure that the logs do no grow unnecessarily.

List of Case Studies List of Sidebars

Worker threads In larger farms (greater than 256 servers), the number of worker threads needs to be increased for proper operation. This can be achieved by using the SQL Server Enterprise Manager, right-clicking the server name, selecting properties, then clicking the Processor tab and changing the Maximum worker thread count from 256 to a number greater than the number of servers in the farm.

Troubleshooting IMA The IMA service and underlying subsystems are Cit rix Me t aFra m e Access Su it ethe fo rcore W in of do MetaFrame w s Ser ver XP and must be running on all 2 00 3 : Th e O ff icial Guid e farm servers for proper operation. The following list consolidates the most common problems ISBN:0072195665 encountered withby theSteve IMA Kaplan serviceetand al. how to correct the issues. McGr aw -Hill © 2003 (724 pages)

If an error is received after booting a MetaFrame server that states one or more services failed to This guide ex plains how to build a r obust, reliable, and start, and thescalable non-starting service the IMA service, the service more time to start since the thin- client comisputing envir onmentallow and deploy initial load onWindows the IMA 2000/ service will cause delays default timeout of the service Windows 2003 Ser v erpast andthe MetaFr am e.six-minute Also manager. learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

If a direct" 1.0" connection to the DS is being < ?xm l version= encoding= " I SO88591" ?> used, verify that ODBC connectivity exists. Ta ble o f Con t en t s

If the Local Host Cache (LHC) (imalhc.mdb) is missing, corrupt, or provides incorrect information, start by refreshing the LHC and then move on to re-creating the LHC. To refresh the LHC, run the For ewor d following from a command prompt: dsmaint refreshlhc. If this fails, re-create the LHC with the I ntr oduction following command: dsmaint recreatelhc. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Review- the I ntrEvent oducing Viewer Ser verlogs -Based for any Com errors, puting and andthresearch e On- Dem the andCitrix Knowledge Center Enterpr ise or contact your local Citrix reseller to assist in troubleshooting. (support.citrix.com),

Chapter 1 Chapter 2

- Window s Ter minal Ser vices

Chapter If the 3ODBC - Citr ix Connection MetaFr am e Access Fails Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

If using directPrmode connections to the DS, ODBC connectivity is required for proper operation of the epar ing Your Or ganization for an On- Dem and Enterpr ise IMA service. ODBCentissues IIfmplem ation are suspected, try the following:

Chapter 4 Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Verify the name of the DSN file the IMA service is using by looking in the registry setting - Designing Your Netw or k for Ser ver- Based Com put ing HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\IMA\DataSourceName.

Chapter 6 Chapter 7

- The Client Envir onment

Chapter 8 - Security Reinstall the latest compatible version of MDAC to verify that the correct ODBC files are installed. Chapter 9 - Net w or k Managemen t

ODBC tracing Pa r t I Enable I I - I m ple m ent ing a n Ofor n-Dfurther e m a nd troubleshooting. Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Other Common Problems

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Other common problems revolve around licensing, Chapter 13 - Application I nstallation and Configur at ionsuch as when servers will not accept product licenses. do occur licenses to a MetaFrame XP server, connect to Chapter 14 If -problems Client Configur ationwhile and adding Deploymproduct ent the CMC, server, and selectres the Set MetaFrame Product Code option. Verify that the Chapter 15 right-click - Pr ofiles, the Policies, and Pr ocedu

appropriate is setClient for the server. Once this is verified, run the clicense refresh command from a Chapter 16 - code Securing Access command prompt to refresh active licensing. If there are still problems, stop and restart the IMA service.

Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver OperationsCitSupport 2 00 3 : Th e O ff icial Guid e

by includes Steve Kaplan et al. Whether a network server-based computing or not, it ISBN:0072195665 is critical to have a support methodology McGrsystems aw -Hill © in 2003 (724 pages) and their appropriate place to ensure user issues can be tracked, resolved, and communicated toThis those necessary an to appropriate amount of time. guide ex plains in how build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Ser vand er and MetaFr customer am e. Also assistance is continually The role that IT support plays inWindows providing2003 efficient effective t o centr alize managem r educe soft w ar e this service is key to evolving. Whetherlearn a company has application a service desk, help ent, desk, or call center, on the desktop, and mor e. bringing customer service to a higher level. Through proper staffing, process development, and use of < ?xm l version= " 1.0" encoding= " I SO- 88591" ?> tools and technology, the IT support organization must handle the day-to-day problems of the user Tacommunity, ble o f Con t en ts administer the environment, and report back to the business the uptime of the network. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

ITewor management should be treated like a business entity even if it is not revenue-generating. For d

Customers, whether internal staff or outside interests, judge the quality of the entire IT organization by the service they provide. Most companies utilize a three-tier approach to supporting its user Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g community. The first level is the initial point of contact for user problems. At this level, the support staff I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter - a basic understanding of Citrix administration. They should be able to log and track should 1have Enterpr ise problems, basic (reset sessions, create printer mappings, and so on), notify Chapter 2 provide - Window s Terproblem minal Serresolution vices the company of system outages, and be able to escalate to the second level of support. Chapter 3 - Citr ix MetaFr am e Access Suite I ntr oduction

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

The second tier of support is mainly concerned with the day-to-day operation of the MetaFrame

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise environment. Chapter 4 - At this level, periodic checks of the system are performed, event logs are processed, I mplem ent ation

backup and core services are verified, licensing levels are monitored, advanced problems are - Ser ver - Based Computing Data Center Architect ure resolved, and the installation and rebuilding of servers is performed. Coordination with the first level of Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing support, and escalation of irresolvable problems to the third level of support are also performed. The Chapter 7 of - support The Client Envir onment third level ensures the MetaFrame environment meets the business needs of the Chapter 8 - Security organization and adheres to the service level agreements (SLA) in place for the company. They are Chapter 9 -with Net capacity w or k Managemen concerned planning,t advanced problems resolution, ensuring service packs/hotfixes are Pa r t I I I - to I mthe ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Comand pu tiescalating ng Envi r onm e nt applied environment, reviewing business needs, problems to authorized Citrix Chapter 10 Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment resellers when needed. Chapter 5

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

It is important that informal customer surveys be performed regularly to gather Chapter 12 - Ser verboth Configur ation:and Citrformal ix MetaFr am e Presentation Ser ver

objective about each tier of support. Systems, Chapter 13 data - Application I nstallation and Configur at ionpeople, and processes can then be changed and new customer data gathered to ensure constant improvement.

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Part IV: Appendixes 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

Appendix List

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e Appendix A: Internetworking Basics on the desktop, and mor e.

Appendix B: Creating an On-Demand Enterprise Financial Analysis Model

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Appendix C: Creating an On-Demand Enterprise Subscription Billing Model

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver AppendixCit A: Internetworking Basics 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al.

ISBN:0072195665

The server-based computing (SBC) paradigm is heavily dependent upon the capacity and McGr aw -Hill © 2003 (724 pages) performance of the internetwork that connects client nodes to the SBC server farm. In larger This guide ex plains how to build a r obust, reliable, and companies and enterprise environments, workload and associated technical expertise are typically scalable thin- client com puting envir onment and deploy divided among a Windows number of "experts" or teams of vspecialists (network, database, mail server, web 2000/ Windows 2003 Ser er and MetaFr am e. Also servers, and so on). smaller companies onmanagem the otherent, hand, theresoft may learnAtt o centr alize application r educe w arbe e one or two experts the desktop, mor e. responsible for allonaspects of theand organization's IT infrastructure. In either case, the focus of IT staff members charged with making the SBC1"network work is usually server-centric, in spite of the < ?xm l version= " 1.0" encoding= " I SO8859?> dependence on network services. These same systems administrators still need a clear understanding Ta ble o f Con t en t s of networking to be able to plan and design (as discussed the second Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The in Official Guide section of this book), and then implement, operate, maintain, and troubleshoot (as discussed in the final section). This appendix For ewor d provides a low-level networking introduction to provide common ground for discussing issues and I ntr oduction concepts with other IT staff members, vendors, and service providers. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

ise The OSI- Enterpr Model

Chapter 2

- Window s Ter minal Ser vices The Open Interconnection Chapter 3 Systems - Citr ix MetaFr am e Access (OSI) Suite model was originally developed by the International

in ion 1974 to Standards Organization Pa r t I I - De signi ng a n Ent e(www.iso.org) rpr i se SBC Solut

establish a standardized model for interconnecting networks andPrcomputers using multivendor networks epar ing Your Or ganization for an On- Demand and applications. Enterpr ise Although originally envisioned Chapter 4 - standard, it has become less of an implementation standard and more a benchmark as a formal I mplem ent ation model.5The- principles applied when creating the OSI model Chapter Ser ver - Based Computing Data Center Architect urewere Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

A layer should be created where a different level of abstraction is needed.

Chapter 8 layer - Security Each should perform a well-defined function. Chapter 9 - Net w or k Managemen t

ofing each ber ve chosen with an defining Pa r t I The I I - I function m ple m ent a n layer O n-D eshould m a nd Se r - Ba se d Com pueye ti ngtoward Envi r onm e nt

internationally

standardized protocols. Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

The layer boundaries should be chosen to minimize the information flow across the interfaces.

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Chapter 13number - Application I nstallation and Configur at ionthat distinct functions need not be thrown together The of layers should be large enough Chapter 14 same - Client Configur and Deploym ent enough that the architecture does not become in the layer out ofation necessity, and small

unwieldy. Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access

The resulting effort defined a seven-layer model (Figure A-1) that allows information to be passed up and down through the hierarchy, layer to layer, such that each layer needs to only provide a standardsChapter 18 - Pr int in g based interface to adjacent layers and has no dependence on non-adjacent layers. In simple terms, Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment the network layer does not need to know anything about the physical media or the application data Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP being transported, it only needs to know how to pass the information down to the data link layer or up Ongoing to the transport layer.Administr ation of the Ser v er - Based Com puting Chapter 21 Chapter 17 - Net wor k Configur at ion

Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Figure Data flow the OSI model Chapter 3 - A-1: Citr ix MetaFr amand e Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 4

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

I mplem ent ation OSI Model Layers

Chapter 5

- Ser ver - Based Computing Data Center Architect ure Each of6 the- layers defined theorOSI (keep only a model, it's only a model) Chapter Designing Yourby Netw k formodel Ser verBasedrepeating—it's Com put ing

performs functions allow applications to ultimately transmit data over the physical media. Chapter 7 specific - The Client Envirto onment

The model's seven layers (commonly a protocol stack) are used extensively to define equivalency of Chapter 8 - Security

function in other protocol stacks such as the Internet Protocol Suite. Although most other protocol - Net w or k Managemen t stacks do not have a one-to-one mapping to the OSI model's layers, the actual protocols are referred to by their OSI equivalent function. For example, Novell's Sequenced Packet Exchange (SPX) protocol Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment does not fully map to the OSI model transport layer, but it is still functionally referred to as a transportChapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices layer protocol. Within the model, layers 1 through 4 (the "lower" layers) support data transport between Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver end nodes or devices while 5 through 7 (the "upper" layers) deal with application support. Chapter 9

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent The Application Layer Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

At the top "stack" is the application layer. It supports application and end-user processes. Chapter 16 of - the Securing Client Access Communication partners are identified, quality of service is identified, user authentication and privacy Chapter 17 - Net wor k Configur at ion are considered, Chapter 18 - Pr intand in g any constraints on data syntax are identified. Everything at this layer is applicationspecific. layer provides application services for fileintransfers, e-mail, and other network software Chapter 19This - Disaster Recovery and Business Continuity the SBC Envir onment services. are applications entirely inXP the application level. Chapter 20 Telnet - Migrand ationFTP to Window s 2003 andthat Citrexist ix MetaFrame Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 The Presentation Layer Envir onment Pa r t I V - Appendi x es

The presentation layer provides independence from differences in data representation by translating from application to network format, and vice versa. The presentation layer works to transform data into Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model the form that the application layer can accept. This layer formats and encrypts data to be sent across a Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model network, providing freedom from compatibility problems. It is sometimes called the syntax layer. Appendix A - I nter netw or k ing Basics

I ndex List of Figur es The Session

Layer

List of Tables

The layer establishes, manages, and terminates connections between applications. It also sets List of session Case Studies up,ofcoordinates, and terminates conversations, exchanges, and dialogues between the applications at List Sidebars each end.

The Transport Layer The transport layer provides transparent transfer of data between end systems, or hosts, and is responsible for end-to-end error recovery and flow control. It ensures complete data transfer. The OSI model defines different transport services, four connection-oriented and one connectionless.

The Network Layer The network layerCitprovides switching and routing rix Me t aFra m e Access Su it e technologies, fo r W in do w s creating Ser ver logical paths, known as virtual circuits, for transmitting data node toenode. Routing and forwarding are functions of this layer, as 2 00 3 : Th e Ofrom ff icial Guid well as addressing, error handling, congestionISBN:0072195665 control, and packet sequencing. Note by internetworking, Steve Kaplan et al. that the term "switching" refers to path switching and has nothing to do with Ethernet switches. For any McGr aw -Hill © 2003 (724 pages) protocol stack to This be viable in an enterprise environment, it must have guide ex plains how to build a r obust, reliable, and a routable address at this layer. scalable thin- client com puting envir onment and deploy Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and e. At the data link layer, data frames aremor encoded and decoded into bits for the physical media. This layer

The Data LinkWindows Layer2000/ Windows 2003

furnishes transmission protocol knowledge < ?xm l version= " 1.0" encoding= " I SO8859- 1" ?>and management and handles errors in the physical layer, flow control, and frame synchronization. The data link layer is divided into two sublayers: the Media Ta ble o f Con t en t s Access Control (MAC) Suite layer for andWindow the Logical Control (LLC) layer. The MAC sublayer controls how Citr ix MetaFr am e Access s Ser vLink er 2003—The Official Guide a ewor computer on the network gains access to the data and permission to transmit it (CSMA/CD for For d

Ethernet) as well as logical addressing (MAC address). The LLC layer controls frame synchronization, flow control, and error checking. Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g I ntr oduction

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 The Physical Layer Enterpr ise Chapter 2

- Window s Ter minal Ser vices

The physical layer conveys the bit stream—electrical impulse, light, or radio signal—through the Citr ix MetaFr am e Access Suite network at -the electrical and mechanical level. It provides the hardware means of sending and Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion receiving data on a carrier, including defining cables, cards, and physical aspects. Fast Ethernet, Pr eparare ing protocols Your Or ganization for anlayer On- Dem and Enterpr ise RS232,4 and- ATM with physical components. Chapter Chapter 3

I mplem ent ation

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

OSI Model DataYour Flow - Designing Netw or k for Ser ver- Based Com put ing

Chapter 6 Chapter 7

- The Client Envir onment

Understanding data flow through the OSI model, particularly the lower layers, is key to understanding - Security network design, performance, and troubleshooting. Figure A-2 shows the process of data Chapter 9 - Net w or k Managemen t encapsulation from Layer 7 down to transmission on the wire at Layer 1. The original application Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt message is encapsulated at each successive layer by appending and in some cases prepending the Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment lower layers' protocol information to the payload. This layered functionality is what allows a single Chapter 11 - to Ser veron Configur ation:server Windows m inal ices workstation log to a Novell overTer IPX andServ a Windows server over TCP/IP. Chapter 8

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

A-2:xData Pa r t I Figure V - Appendi es

encapsulation in the OSI model

Appendix A - I nter netw or k ing Basics

Referring back to Figure A-1, the logical communication is peer-to-peer at the same layer. The Telnet client application on one host communicates to the Telnet server application on another host. The data Appendix - one Creating an communicates On- Dem and Enterpr iption Billing link layerCon device withise theSubscr data link layer on Model another device. The physical data I ndex flow is up and down the protocol stack. Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

List of Figur es

Intermediate List of Tables nodes (the three-layer stack in the middle of Figure A-1) may only need functionality at theoflower layers, as they need not be aware of communication at the upper layers. As an List Case three Studies example, a Telnet session from Dallas to Chicago may transit many intermediate nodes over the List of Sidebars

Internet. At each of those sites, data needs to be deencapsulated only as far as the network layer to allow path selection and forwarding. From a LAN standpoint, a Layer-1 device refers to a device that functions at the physical layer. Repeaters and multiport repeaters (LAN hubs) are Layer-1 devices. They regenerate and retransmit an electrical signal consisting of ones and zeros. A Layer-2 LAN device works at the data link layer, meaning it is protocol-aware at Layer 2 and

recognizes Layer-2 frame formats and addresses (MAC addresses). LAN switches are Layer-2 devices; they forward (directed) or flood (broadcast) frames on the network, but each port is independent of the signal physical ondo any port. Citelectrical rix Me t aFra m e and Access Su it emedia fo r W in w sother Ser ver 2 00 3 : Th e O ff icial Guid e

Classifying a device as a Layer-3 device means the device works at the network layer and recognizes ISBN:0072195665 by Steve Kaplan et al. network layer addressing and protocol. Routers and Layer-3 LAN switches are at this layer. McGr aw -Hill © 2003 (724 pages) Communications between dissimilar LAN technologies such as between Token Ring and Ethernet This guide ex plains how to build a r obust, reliable, and requires Layer-3 scalable functionality. For example, in a network with a Token Ring segment and an Ethernet thin- client com puting envir onment and deploy segment, the Layer-2 frame formats are incompatible. ToMetaFr communicate Windows 2000/ Windows 2003 Ser v er and am e. Alsofrom one segment to the learn t o centr alize application managem ent, r educe soft wsegment ar e other, the frame formats and media access control methods from one must be "stripped ondata the desktop, and mor e. away" to allow the to be reencapsulated in the correct format for the other segment. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

The OSI Model as a Benchmark

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Figure For ewor dA-3 shows a greatly simplified correlation of the OSI model to common protocol stacks. Note that the Internet Protocol stack defines only four layers and that common network operating systems I ntr oduction consistently clear between Layers Pa r t I - Ov er vihave e w ofaEnte r prseparation ise Se r ve r - Ba se d Com put in g5

through 7 functions and Layer 4, primarily driven by theIubiquitous of TCP/IP. ntr oducing nature Ser ver -Based Com puting and th e On- Dem and Chapter 1 Enterpr ise

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - A-3: Ser ver Configur ation: Citr ix MetaFr am the e Presentation Figure Common protocol suites versus OSI modelSer ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver The InternetCitProtocol 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 by Steve et al. referred to as TCP/IP) comprises The Internet Protocol suiteKaplan (commonly the essential protocol stack McGr aw © 2003 (724 pages) for modern networks. To-Hill effectively plan or manage a network based on TCP/IP, one must understand the network addressing methodology. This guide ex plains how to build a r obust, reliable, and

scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

The IP Protocol Stack

As mentioned previously, the Internet Protocol stack consists of only four layers. It does not define the

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> physical layer connectivity as in the OSI model, but it allows connectivity to the same types of physical Ta ble o f Con t en t s

media through compatibility at the "link" layer. Of the four layers, the transport and network layers are of primary interest.

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

I ntr oduction The IP Application

Layer

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntrclassifies oducing Ser -Based Com puting and th eprotocols On- Dem and The IP 1protocol allver application (user-oriented) into a single layer. IP is primarily Chapter Enterpr ise concerned with internetworking so these protocols are handled monolithically. Chapter 2

- Window s Ter minal Ser vices

Chapter The IP3

- Citr ix MetaFr am e Access Suite Transport Layer

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

The IP transport layer of two primary connection-oriented (session) service via TCP, Pr epar ing consists Your Or ganization for an services: On- Dem and Enterpr ise and connectionless I mplem service ent ation via UDP. TCP is used for guaranteed delivery by tracking individual segments UDP providesData lessCenter overhead and "faster" service, but does not guarantee Chapter 5 in - sequence. Ser ver - Based Computing Architect ure delivery. Connection-oriented service is used for most data transfer needs while connectionless Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing service is used extensively for voice over IP (VoIP) and similar needs. To understand the difference, Chapter 7 - The Client Envir onment envision two environments: First, a Citrix session (ICA) where video display data is transported to and Chapter 8 - Security from a server—because data integrity is more important than speed, the key-clicks and resulting Chapter 9 - Net w or k Managemen t screens must be accurately represented, and second, a VoIP call—the talker is not subject to flow Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt control and a listener must receive most of the data in a contiguous flow to hold a conversation. As a Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment result, they cannot wait for the missing pieces of the conversation to be retransmitted and Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices reassembled, even over a poor quality path. Data flow is more important than integrity. Chapter 4

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

The IP Network Layer

Chapter 14 - Client Configur ation and Deploym ent Chapter - Pr ofiles, Pr ocedu res The IP 15 network layer Policies, consistsand of the addressing and routing protocols needed to get IP packets across Chapter the Internet. 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

The IP18Link Layer Chapter - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

The IP link layer (also called the network access layer) employs industry standard drivers and OSIcompatible data link layer services (Ethernet, Token Ring, and so on).

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

IP Addressing

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

The textbook for one 300-level course to teachModel IP addressing logic by jumping Appendix B - Creating an On- Demcollege and Enterpr ise attempts Financial Analysis straight into math, espousing mathematical concept of aModel "bitwise AND." For those Appendix C - binary Creating an OnDem and the Enterpr ise Subscr iption Billing

unaccustomed to IP addressing, this explanation immediately falls in the range between voodoo and techno-babble. Nonetheless, binary math is the key to really understanding IP addressing. A "bitwise List of Figur es AND" means, given two expressions (IP address in binary and mask in binary), the bitwise AND result List of Tables returns a 1 if both expressions have 1s in a bit position, otherwise the result is 0. This is the logical List of Case Studies process used to derive the network (or subnet) from an address and mask combination. The first List of Sidebars example under the upcoming "Address Classes" section illustrates the bitwise logic. I ndex

Addressing Basics Standards define IP addresses by "class" and further define reserved and private address ranges. Reserved addresses are not usable by host devices, while "private" addresses are private in the sense that they are not routable over the Internet and must undergo network address translation (NAT) to a registered public IP address when traversing the Internet. Table A-1 lists the IP address allocations

and classes. Table A-1: IP Address Allocations Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Decimal Range

Class

Default ISBN:0072195665 Mask/Length

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

1.0.0.0-126.255.255.255 This guide ex plains Classhow A to build a r obust, reliable, 255.0.0.0/8 and scalable thin- client com puting envir onment and deploy 128.0.0.0Class B 2003 Ser v er and MetaFr 255.255.0.0/16 Windows 2000/ Windows am e. Also learn t o centr alize application managem ent, r educe soft w ar e 191.255.255.255 on the desktop, and mor e.

192.0.0.0-

Class C

255.255.255.0/24

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> 223.255.255.255 Ta ble o f Con t en t s

Citr224.0.0.0ix MetaFr am e Access Suite forClass Window D s(Multicast) Ser v er 2003—The Official NoneGuide

First Octet 0xxxxxxx 10xxxxxx 110xxxxx 1110xxxx

For239.255.255.255 ewor d I ntr oduction

240.0.0.0255.255.255.254

Class E (Experimental)

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

None

11111xxx

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise Special Address

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

10.0.0.0-10.255.255.255

RFC 1918

255.255.255.0/8

Pa r127.0.0.0t I I - De signi ng a n Ent e rpr i seReserved SBC Solut ion - Loopback

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise 127.255.255.255 Chapter 4 I mplem ent ation

169.254.0.0Automatic Chapter 5 - Ser ver - Based Computing DataPrivate Center IP Architect ure255.255.0.0/16 169.254.255.255 Addressing Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing Chapter 7 - The Client Envir onment 172.16.0.0RFC 1918 Chapter 8 - Security 172.31.255.255 Chapter 9

255.255.0.0/12

- Net w or k Managemen t

192.168.0.0192.168.255.255

RFC 1918

255.255.255.0/16

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 Classes - Ser verClass Configur ation: Citrencompass ix MetaFr am e126 Presentation verwith over 16 million unique Address A networks networks,Ser each Chapter 13 Application I nstallation and Configur at ion addresses. The decimal values specified are based on the underlying binary values such that the first Chapter 14 (octet) - Client ation defines and Deploym ent eight bits of Configur the address the class. Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Class encompass Chapter 16 B - networks Securing Client Access over 14,000 networks, each with over 65,000 addresses. Chapter 17 - Net wor k Configur at ion

Class C networks encompass some two million possible networks of 254 addresses each.

Chapter 18 - Pr int in g

Chapter 19 D - Disaster in the SBC many Envir onment Class networksRecovery are usedand forBusiness multicastContinuity services (including dynamic routing protocols), while networks are reserved. Chapter 20 Class - MigrE ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Chapter Each of21the- first three classes carries a presumed (default) self-encoded mask. This is evident when Envir onment

entering an IP address Pa r t I V - Appendi x es

on most network hardware; once the address is entered, the default mask

automatically populates. example, in the IP address 10.10.10.1: Appendix A - I nter netw or kAs ing an Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Decimal: 10. 10.iption Billing 1Model Appendix C - Creating an10. On- Dem and Enterpr ise Subscr I ndex Mask (decimal): List of Figur es

255.

0.

0.

0

00001000

00001000

000010000

00000001

(binary): ListMask of Case Studies

11111111

00000000

000000000

00000000

ListBitwise of Sidebars AND:

00001000

00000000

000000000

00000000

10.

0.

0.

0

Binary:

List of Tables

Network (decimal):

The first octet starts with the binary sequence 0xxxxxxx, making it a Class A address. Binary Basics The binary values of each octet reveal the structure of the IP address. Use a simplified conversion table to convert decimal to binary. In IP addressing, the default mask can be modified to reduce (subnet) or expand (supernet) existing networks. In common notation, the mask is expressed

either in decimal format (255.255.255.128) or as a number of 1s in the mask (/25). In the following example, the binary values use the same address (10.10.10.1) with different subnet masks. To n determine the "size" of the ofithosts), Cit rix Me tnetwork aFra m e (number Access Su e fo r Wuse in dothe w sformula Ser ver 2 -2. When determining the maximum number of 3hosts given subnet, n represents the number of 0s in the binary mask. 2 00 : Th e on O ffaicial Guid e When determining number subnets, n is the number of 1s added to the default mask. ISBN:0072195665 by the Steve Kaplanofetpossible al. McGr aw -Hill © 2003 (724 pages)

Decimal:

10. 1 and This10. guide ex plains how to build 10. a r obust, reliable, scalable thin- client com puting envir onment and deploy Mask (decimal):Windows 255. 2000/ Windows 0. 0. v er and MetaFr 0 am e. Also 2003 Ser learn t o centr alize application managem ent, r educe soft w ar e Binary: 00001000 00001000 000010000 00000001 on the desktop, and mor e. Mask (binary):

11111111

00000000

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

000000000

00000000

The address and mask define one network (no bits added to the default mask). There are 24 0s in the mask, so the network has 2 -2 host addresses (16,777,214). The two excluded addresses (the -2) For ewor are thedhost address of all zeros (10.0.0.0), which defines the network, and the host address of all I ntr oduction ones (10.255.255.255), which defines a broadcast to all hosts on this network. Citr ix MetaFr am e Access Suite 24 for Window s Ser v er 2003—The Official Guide

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

In a routed environment, addresses each end of the must I ntr oducing Ser ver -BasedatCom puting and th link e OnDem be anddifferent (different networks or Enterpr subnet). To use the ise 10.x.x.x address space, subnetting is required to define smaller networks.

Chapter 1 Chapter 2

- Window s Ter minal Ser vices

Chapter 3 - Citr ix MetaFr Decimal: 10. am e Access 10.Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Mask (decimal):

255.

255.

10.

1

254.

0

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation 00001000 00001000 000010000 00000001

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Binary:

Mask (binary):

11111111

11111111

111111110

00000000

Chapter 7 - The onment The address andClient maskEnvir define multiple networks (15 bits were added to the default mask). The original Chapter - been Security network8 has subnetted to produce 215-2 individual (32,766) subnets. There are nine 0s in the Chapter 9 each - Net w or k Managemen t addresses (510). The two excluded addresses are the host mask so subnet has 29-2 host Pa r t I I I - Iof m ple ent ing a n O n-D e m awhich nd Se rdefines ve r - Ba se d Com pu ti ngand Envithe r onm e ntaddress address all m zeros (10.10.10.0), the network, host

of all ones

Chapter 10 - Pr ojwhich ect Managing DeployingtoanallEnter pr ise SBC network. Envir onment (10.10.11.255), defines and a broadcast hosts on this Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Why Binary? Until addressing second nature, onlySer thever binary values can reveal problems Chapter 12 - Ser ver IP Configur ation: becomes Citr ix MetaFr am e Presentation with the13addressing scheme. From and the last example, Chapter - Application I nstallation Configur at ion the host A at 10.10.10.1 with a mask of

255.255.255.240 needs to communicate to host B plugged into the same hub with an address of 10.10.10 21 and a mask of 255.255.255.240. All appears well, but they cannot communicate over IP.

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

Decimal (A):

10.

10.

10.

1

Chapter Decimal 18 (B): - Pr int in g 10.

10.

10.

21

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Mask (decimal):

255.

255.

255.

240

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Binary (A): Ongoing00001000 00001000 00000001 Administr ation of the Ser v er000010000 - Based Com puting Envir onment Binary (B): 00001000 00001000 000010000 00010101

Chapter 21 -

Pa r t I V - Appendi x es

Mask (binary): 11111111 Appendix A - I nter netw or k ing Basics11111111

111111111

11111000

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

The bits in the host address that correspond to the ones in the mask must match for both devices to be on the same logical network. In this case, host A is on network 10.10.10.0 while host B is on network I ndex 10.10.10.16. Even though they share the same Layer-1 electrical signal and they can see each other's List of Figur es at Layer 2, they cannot communicate without a router. MAC address Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

List of Tables List of Case Studies

IP Protocols and Ports

List of Sidebars

Referring back to Figure A-1, note that at both the transport and network layer, services are keyed to specific protocols (of which IP is one) and ports (such as TCP port 23 for Telnet). Numerous web sites have extensive lists of both well-known and not-so-well-known ports and protocols. The partial lists in Table A-2 (protocols) and Table A-3 (ports) covers the majority of values common in modern networking.Table A-4, meanwhile, lists Internet Control Message Protocol message types and codes.

Table A-2: Common IP Protocols Literal

Value

Description

icmp

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver : Th e O ffProtocol icial Guid e 0 2 00 3 Internet ISBN:0072195665 by Steve Kaplan et al. 1 McGr aw Internet Control Message Protocol, RFC 792 -Hill © 2003 (724 pages)

igmp

ex plains to build a r obust, reliable, 2 This guide Internet Grouphow Management Protocol, RFCand 1112

ipinip

4 Windows IP-in-IP 2000/ encapsulation Windows 2003 Ser v er and MetaFr am e. Also

tcp

6 on theTransmission desktop, and Control mor e. Protocol, RFC 793

ip

scalable thin- client com puting envir onment and deploy learn t o centr alize application managem ent, r educe soft w ar e

< ?xm l version= " 1.0" SO- 8859- Routing 1" ?> igrp 9 encoding= Interior" IGateway Protocol Ta ble o f Con t en t s

udp

17

User Datagram Protocol, RFC 768

Forgre ewor d

47

General Routing Encapsulation

50

Encapsulated Security Payload for IPv6, RFC 1827

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide I ntr oduction

esp

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

ah 1 Chapter

-

I ntr Ser ver -BasedHeader Com puting and thRFC e On-1826 Dem and 51oducing Authentication for IPv6, Enterpr ise

eigrp 2 Chapter

88 Enhanced - Window s Ter minal SerInterior vices Gateway Routing Protocol

Chapter ospf 3

- Citr am eShortest Access Suite 89ix MetaFr Open Path First routing protocol, RFC 1247

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

nos

Chapter 4

pcp

-

OperatingforSystem NetWare) Pr94 epar ing Network Your Or ganization an On-(Novell's Dem and Enterpr ise I mplem ent ation 108

Payload Compression Protocol

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter Literal 9

- Net w orProtocol k ManagemenValue t

Table A-3: Common TCP/UDP Ports Description

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

ftp-data

TCP

20

File Transfer Protocol (data port)

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Chapter Configur ation: Windows Ter mFile inal Serv ices Protocol (control port) ftp 11 - Ser verTCP 21 Transfer Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

ssh

TCP

22

Secure Shell

Chapter 13 - Application I nstallation and Configur at ion

Chapter telnet14 - Client TCP Configur ation and Deploym 23 ent RFC 854 Telnet Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

smtp

TCP

25

Simple Mail Transport Protocol

domain TCP/UDP Chapter 17 - Net wor k Configur at ion

53

DNS (Domain Name System)

Chapter 18 - Pr int in g

67

Bootstrap Protocol Server

Chapter 16 - Securing Client Access

bootps

UDP

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

bootpc UDPto Window s 2003 68 and Citr ixBootstrap Protocol Client Chapter 20 - Migr ation MetaFrame XP Chapter tftp 21 -

Ongoing Administr ation of the Ser v er - Based Com puting UDP 69 Trivial File Transfer Protocol Envir onment

Pa rgopher t I V - Appendi x esTCP

Appendix A - I nter netw or k ing Basics

finger

TCP

70

Gopher

79

Finger

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix an On- Dem and Enterpr ise Subscr www C - Creating TCP 80 Worldiption WideBilling Web Model I ndex

pop3

TCP

110

Post Office Protocol — Version 3

TCP

123

Network Time Protocol

netbios-ns

TCP

137

NETBIOS Name Service

netbios-dgm

TCP

138

NETBIOS Datagram Service

bgp

TCP

179

Border Gateway Protocol, RFC 1163

ssl (https)

TCP

443

Secure HTTP (secure sockets layer)

smb

TCP

445

Microsoft SMB

isakmp

UDP

500

ISAKMP

List of Figur es Listntp of Tables List of Case Studies List of Sidebars

syslog

UDP

lpd

514

System Log

TCP 515 — printer spooler Cit rix Me t aFra m e Access Su it Line e fo rPrinter W in doDaemon w s Ser ver 2 00 3 : Th e O ff icial Guid e

rip

TCP

520

by Steve Kaplan et al. TCP 1433 McGr aw -Hill © 2003 (724 pages)

mssql

Routing Information Protocol ISBN:0072195665

Microsoft SQL

This guide ex plains how to build a r obust, reliable, and TCP 1494 Citrix ICA scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr e. Also TCP 1521 Structured QueryamLanguage Network learn t o centr alize application managem ent, r educe soft w ar e onTCP the desktop, 1645, and mor e. 1646 Remote Authentication Dial-In User Service

citrix-ica sqlnet radius

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> rdp TCP 3389 Ta ble o f Con t en t s

Microsoft RDP

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

Table A-4: ICMP Types and Codes

I ntr oduction

Pa r t ICMP I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Type

Message Code I ntr oducing Ser ver -Based Com puting Code and thMeaning e On- Dem and Enterpr ise

Chapter 1

-

Chapter0 2

Echo sReply - Window Ter minal Ser vices

Chapter3 3

- Citr ix MetaFr am e Access Suite0 Destination

Net unreachable

Pa r t I I - De signiUnreachable ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise 1 Host unreachable I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

3

Port unreachable

Chapter 8

- Security

4

Chapter 9

- Net w or k Managemen t

Fragmentation needed and Don't Fragment was set

2

Protocol unreachable

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

5 an Enter Source Chapter 10 - Pr oj ect Managing and Deploying pr iseroute SBC failed Envir onment Chapter 11 - Ser ver Configur ation: Windows Serv icesnetwork unknown 6 Ter m inal Destination Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

7 host unknown Chapter 13 - Application I nstallation and Configur atDestination ion Chapter 14 - Client Configur ation and Deploym 8 ent Source host isolated Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access

9

Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

10

Communication with destination network is administratively prohibited Communication with destination host is

Chapter 19 - Disaster Recovery and Business Continuity administratively in the SBC prohibited Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

11

Destination network unreachable for type of

12

Destination host unreachable for type of service

13

Communication administratively prohibited

Ongoing Administr ation of the Ser v er - Based Com puting service Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Appendix C - Creating an On- Dem and Enterpr Billing Model 14 ise Subscr Host iption precedence violation I ndex

15

List of Figur es List of Tables 4

Source Quench

List of Case Studies

5

List of Sidebars

Precedence cutoff in effect

Redirect

0

Redirect datagram for the network (or subnet)

1

Redirect datagram for the host

2

Redirect datagram for the type of service and network

3

Redirect datagram for the type of service and host

8

Echo

11

Time Exceeded 0 Su it eTime toinlive (TTL) in transit Cit rix Me t aFra m e Access fo r W do w s Serexceeded ver 2 00 3 : Th e O ff icial Guid e

1

Fragment reassembly time exceeded ISBN:0072195665

12

by Steve Kaplan et al. Parameter Problem 0 McGr aw -Hill © 2003 (724 pages)

13

This guide ex plains how to build a r obust, reliable, and 1 Missing a required option scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2 2003 Ser v er length and MetaFr am e. Also Bad learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. Timestamp

Pointer indicates the error

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> 14 Timestamp Reply Ta ble o f Con t en t s

15 Citr ix MetaFr am eInformation Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

Request

I ntr oduction

Information Reply

16

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

17

Address I ntr oducingMask Ser ver -Based Com puting and th e On- Dem and Enterpr ise Request

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

18

Address Mask Reply

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter - the literal value is the common name. When defining access control lists or firewall rules In Table4 A-2, I mplem ent ation

to control access to the corporate data center, some protocols are generally "safe" and can be - Ser ver - Based Computing Data Center Architect ure permitted (such as esp, the encrypted traffic in IPSec) while others may need to be restricted (such as Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing gre, to prevent non-approved tunneling through the network). Chapter 5 Chapter 7

- The Client Envir onment

Chapter 8 ports - Security Individual at the transport layer are a more granular way of controlling, monitoring, and managing Chapter 9 - Both Net w or k Managemen traffic flows. Citrix (ICA, TCPt port 1494) and Microsoft (RDP, TCP port 3389) use defined ports Pa r t I can I I - Ibe m ple m entmanaged ing a n O n-D m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt that easily to erestrict traffic.

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

ICMP messages areConfigur included as aWindows reference twoServ reasons: Chapter 11 - Ser ver ation: Terfor m inal ices First, some ICMP messages are

essential well-behaved network while others Chapter 12 to- aSer ver Configur ation: Citr(unreachables), ix MetaFr am e Presentation Serare ver essential troubleshooting tools

(echo, echo-reply, traceroute); second, the remaining messages will propagate through the network and create a security and denial-of-service (DoS) risk if not controlled. As an example, mask reply Chapter 14 - Client Configur ation and Deploym ent messages can be used for fingerprinting the network, redirects can be used for DoS attacks, and echo Chapter 15 - Pr ofiles, Policies, and Pr ocedu res requests should not be allowed "in" from the Internet. Chapter 13 - Application I nstallation and Configur at ion

Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver AppendixCit B: Creating an On-Demand Enterprise 2 00 3 : Th e O ff icial Guid e ISBN:0072195665 Steve Kaplan et al. Financialby Analysis Model McGr aw -Hill © 2003 (724 pages) Thisfinancial guide ex plains how to involve build a unique r obust, variables reliable, and Every organization's analysis will and methods of calculation, but you scalable thin- client com puting envir onment and deploy can use the model presented in this appendix as a framework for creating your own SBC financial Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also evaluation. This model a method for identifying common learn t odefines centr alize application managem ent, r educecosts soft wand ar e savings involved when migrating to enterprise computing. on the server-based desktop, and mor e. < ?xm l Tip version= " 1.0" encoding= I SO- 88591" ?> The Citrix ACE Cost "Analyzer (www.acecostanalyzer.com) is a great tool for providing a quick, Ta ble o f Con t en t s

high-level analysis of the type of savings that can be expected from deploying SBC. We

Citr ix MetaFr am e Access Suite the for concept Window s and Ser vdevelopment er 2003—The of Official Guide contributed to both the ACE Cost Analyzer and frequently For ewor d recommend it to our clients. The model we present here is intended as a more rigorous drillI ntr oduction down into specific anticipated product costs and benefits in order to present a compelling Pa r t I - Ovreturn er vi e won ofinvestment Ente r pr ise Se r ve r to - Bathe se dkey Com put in g (ROI) financial

Chapter 1

-

decision makers.

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Building a Spreadsheet Model - Window s Ter minal Ser vices

Chapter 2 Chapter 3

- Citr ix MetaFr am e Access Suite We recommend creating a spreadsheet that calculates both expected server-based computing costs and savings over a three-to-five-year time frame. The savings come from reducing the costs involved Pr epar ing Your Or ganization forThese an On-costs Dem and Enterpr iseexisting expenses and anticipated in a client-centric computing environment. include both Chapter 4 I mplem ent ation future expenses. For instance, if SBC enables you to eliminate the requirement to upgrade PCs as part Chapter 5 - Ser ver - Based Computing Data Center Architect ure of a regular refresh cycle, then the cost of purchasing and installing the PCs becomes an annual Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing average savings under server-based computing. Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 7

- The Client Envir onment

Chapter It is not8necessary - Security to be creative when financially justifying an enterprise SBC project. The hard

quantifiable shouldt easily pay for the project and also provide a good return on Chapter 9 - savings Net w or kalone Managemen investment. We recommend quantifying such Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se rsoft ve r - savings, Ba se d Com pu tias ng reduced Envi r onmuser e nt

downtime, and then listing

these savings theDeploying return onan investment Although the value of certain Chapter 10 - Prindependently oj ect Managingof and Enter pr isecalculation. SBC Envir onment benefits11from implementing SBC can exceed of Serv the combined savings, we still recommend listing Chapter - Ser ver Configur ation: Windows Terthat m inal ices benefits12separately well. ation: TakingCitr this approach makes Chapter - Ser ver as Configur ix conservative MetaFr am e Presentation Ser ver a very strong statement to management about the Ioverwhelming of at the Chapter 13 - Application nstallation and value Configur ionproject. It also helps the feasibility committee defend their evaluation against anyone who tries to poke holes in the financial analysis.

Chapter 14 - Client Configur ation and Deploym ent

Chapter 15 - financial Pr ofiles, Policies, and Pr ocedu res An effective model utilizes a multidimensional spreadsheet that isolates the different variables Chapter 16 Securing Client Access involved. This makes the spreadsheet both easy to follow and easy to adjust for different assumptions. Chapter 17 - Net wor k Configur at ion We recommend creating a spreadsheet with four tabs: Demographics, Logistics, Costs, and Report. Chapter 18 - Pr int in g

Information the Demographics, Logistics, in and sections will come from assumptions Chapter 19 - entered Disasterinto Recovery and Business Continuity theCosts SBC Envir onment and research by the committee. sectionXPwill show the results of calculations Chapter 20 - Migr ationfeasibility to Window s 2003 andThe CitrReport ix MetaFrame derived from Ongoing information entered into sections. Administr ation of the the other Ser v erthree - Based Com puting

Chapter 21 -

Envir onment

In order to simplify the model, do not bother listing costs that are equivalent under both server-based and client-centric scenarios. For instance, if you plan to purchase new Windows Server 2003 file Appendix A - I nter netw or k ing Basics servers regardless of whether you build an on-demand enterprise or not, do not list the cost of these Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model servers in your financial model. Pa r t I V - Appendi x es

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

I ndex Note This model is only a starting point for providing a thorough SBC financial analysis. When List of Figurengaged es to prepare an analysis for a client, we inevitably add many more detailed List of Tables calculations based upon discovery of the specific organizational environment. List of Case Studies

Demographics

List of Sidebars

The number of users and remote offices participating in the SBC project are identified and categorized along with salary information for both IT staff and non-IT employees. Figure B-1 shows a Demographics spreadsheet example.

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8 - B-1: Security Figure Demographics section of a financial justification model Chapter 9 - Net w or k Managemen t Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Number Chapter 10 -of PrUsers oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Whether employees or contractors, the number of expected SBC users should be estimated and categorized as to what degree of hosted applications they are likely to require. Common Chapter 13 - Application I nstallation and Configur at ion categorizations include thin-client, mostly thin-client, minimal thin-client, and other. Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Thin-client TheseClient usersAccess will run their entire desktops from the Citrix server farm. They will either Chapter 16 - Securing use Windows terminals or PCs configured as Windows terminals with local drive mapping disabled.

Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Mostly users runand theCitr majority of applications from the Citrix server farm, but Chapter 20 - thin-client Migr ation toThese Window s 2003 ix MetaFrame XP may still Ongoing run some applications Certain laptop users and users requiring unique Administr ation locally. of the Ser v er - Based Com puting Enviroften onment applications fall into this category.

Chapter 21 -

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

Minimal thin-client These users primarily operate in client-centric mode and will use serverbased computing selectively. This group might include headquarters employees who use clientAppendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model centric PCs at work, but who like to dial into the network from home. It might also include I ndex salespeople who are often on the road, but who need to access corporate applications and List ofdatabases. Figur es It might include remote PC users who simply like to save time by accessing their eList ofmail Tables through MetaFrame XP Presentation Server rather than downloading it. Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

List of Case Studies List of Sidebars

Other This category will differ by organization. It might include R&D engineers who want to run Windows applications on their UNIX workstations. It might include customers who run applications as anonymous Internet browsers utilizing Secure Gateway. Or it may be limited to a single company executive who insists on continuing to run the majority of his applications on a Mac.

Remote Offices The composition of remote offices will have a big impact on the design of the server-based computing

architecture. We recommend different categorizations such as home office, small office, medium office, large office, jumbo office, and regional office. Some general parameters follow, though of course they will be for almost everySu organization. Citdifferent rix Me t aFra m e Access it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e ISBN:0072195665 Steve Kaplan et is al.the new branch office. Telecommuters Home officebyThe home office typically dial into the McGr aw -Hill © 2003 (724 pages) network or come in through the Internet. They sometimes use their own PCs and sometimes use This PCs guideor exlaptops. plains how to build a r obust,implements reliable, anda server-based computing company-issued If the organization thin- client com puting envir onment and deploy environment,scalable telecommuters are good candidates for inexpensive Windows terminals.

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Small remote office Generally, these offices range from one to five users and have only low< ?xm l version= bandwidth " 1.0" connectivity encoding=to" I headquarters, SO- 8859- 1" ?> if any. Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Medium remote office These offices range from 5 to 14 users. They sometimes have their own file and e-mail servers. Limited bandwidth connectivity is often in place.

For ewor d

I ntr oduction

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Large remote officeSer These offices range from 39Dem users. I ntr oducing ver -Based Com puting and15 th etoOnandThey often have their own servers and will sometimes Enterpr ise have their own network administrators on staff. They frequently have highspeed connections to headquarters. Chapter 2 -bandwidth Window s Ter minal Ser vices Chapter 1

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Jumbo remote office These offices range from 41 to 200 users. They almost always have Pr epar ing Your Or ganization for an On- Dem and Enterpr ise multiple Chapter 4 - servers and often have local network administrators in addition to high-speed bandwidth I mplem ent ation connections. Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing Regional office offices have over 200 users along with IT support staff onsite. Chapter 7 - The ClientThese Envir onment Chapter 8

- Security

Salary Information - Net w or k Managemen t

Chapter 9

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Salary information should be listed for all categories of IT staff and should be loaded for FICA, workers compensation insurance, vacation, and so on. The average hourly loaded cost for non-IT personnel Chapter Serlisted. ver Configur ation: Windows Ter msalary inal Serv ices should 11 also- be Include projected annual increase percentages as well. Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application nstallation and Configur at ion Employee Growth IRate Chapter 14 - Client Configur ation and Deploym ent

The expected growth should Chapter 15 - Premployee ofiles, Policies, andrate Pr ocedu res be obtained from management. For simplicity, we usually assume16that this growth rateAccess will apply across the board to all categories of employees and to all Chapter - Securing Client

locations. course, mayatwish Chapter 17 Of - Net wor k you Configur ion to fine-tune your spreadsheet with more specific calculations if appropriate. This information will be utilized to project increased IT resource demands.

Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Logistics

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 - spreadsheet section is for making assumptions about how usage and growth variables The Logistics Envir onment

will usersx es and equipment. Pa r t Iimpact V - Appendi

Where appropriate, the logistics should reflect the specific user or

remote-office categories in the Demographics section of the spreadsheet. Figure B-2 shows a Appendix A - I nter netw or kdefined ing Basics LogisticsBspreadsheet example. Appendix - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 2 - B-2: Window s Ter minal Serof vices Figure Logistics section a financial justification model Chapter 3 - Citr ix MetaFr am e Access Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Internal Cost ofingCapital Pr epar Your Or ganization -

Chapter 4

for an On- Dem and Enterpr ise

I mplem ent ation

The feasibility committee obtain theCenter organization's internal cost of capital from finance. This Chapter 5 - Ser ver - Based should Computing Data Architect ure figure will used to calculate the of both Chapter 6 be - Designing Your Netw or kpresent for Ser value ver- Based Comproject put ing costs and savings. Chapter 7

- The Client Envir onment

Chapter 8

- Security

Usage

Chapter - Net w or k Managemen t economies in licensing, infrastructure requirements, and support An SBC9 environment often enables Pa r t I I I - I the m plenumber m ent ingofa n O n-D e m a nd Se r ve r - Ba se Com pu than ti ng Envi onm e nt because concurrent users tends todbe less the rnumber

of total users. In some

Chapter Pr oj ect Managing Deploying Enter pr ise SBC Envir onment cases, 10 this -discrepancy can beand very large. A an multinational manufacturer based in California, for Chapter 11 Ser ver Configur ation: Windows Ter m inal Serv ices instance, saves a great deal of money on Citrix MetaFrame XP Presentation Server licenses because Chapter 12 -around Ser verthe Configur Citrin ix different MetaFr amtime e Presentation ver their users worldation: operate zones. TheSer figures relating to user, server, and Chapter 13 usage - Application nstallation and Configur at ion electricity includeI the following: Chapter 14 - Client Configur ation and Deploym ent

Concurrent users by category List res the expected concurrency percentage for each category of Chapter 15 - Pr ofiles, Policies, and Pr ocedu users.

Chapter 16 - Securing Client Access Chapter 17 - usage Net worCalculate k Configur at ionnumber of users per MetaFrame XP Presentation server, which will Server the Chapter 18 Pr int in g enable you to calculate the total number of servers required in the Report section. Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Increase in supported users eachand year servers continue to become more powerful, they will Chapter 20 - Migr ation to Window s 2003 CitrAs ix MetaFrame XP be able to support much larger numbers Ongoing Administr ation of the Ser vof erusers. - Based Estimating Com puting this percentage enables you to more accurately Envir forecast onmentthe number of new and replacement MetaFrame servers required in the years which I ahead, V - Appendi x eswill continue to fall relative to the number of users accessing them.

Chapter 21 Pa r t

Appendix A - I nter netw or k ing Basics

Electricity usage Different manufacturers and products have a different KWH usage for their PCs and Windows terminals. HP currently has wattage requirements posted on their web site. Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model Windows terminals commonly require up to 85 percent less electricity than PCs. Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model I ndex

List of Figur es

Hardware Life Cycle Estimates

List of Tables

List of Case In order to Studies build a realistic financial model, the feasibility committee should estimate life cycles for PCs, laptops, Windows terminals, and servers. These figures should reflect the number of expected months List of Sidebars

of use for each device, like those listed next: Personal computers The average realistic PC life cycle in most organizations seems to range between two and four years, though some organizations keep them even longer. Laptops The average laptop's life expectancy is generally around two thirds that of PCs.

Windows terminals Since Windows terminals tend to have mean times between failure measured in Cit decades, processing thever MetaFrame servers, the Windows rix Me t and aFra since m e Access Su it e takes fo r Wplace in do won s Ser terminals' expected 2 00 3 : Th lifee cycle O ff icial should Guideasily e exceed the time frame of the financial analysis. by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

Servers The life cycle for servers tends to range between two and four years. The increasing This guide plains to build awhen r obust, reliable, and MetaFrame XP Presentation power of servers shouldexalso behow considered used to operate scalable thin- client com puting envir onment and deploy Server because it means that fewer servers more This makes it more Windows 2000/ Windows 2003 Sercan v er handle and MetaFr amemployees. e. Also economicallylearn compelling to centralize computing. t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Data Storage < ?xm l version= " 1.0"

encoding= " I SO- 8859- 1" ?>

Ta ble o f Con t en t s

If appropriate, an estimate should be made for the increased centralized storage that will be required for each category of user once users become SBC clients.

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Reduction

in Help Desk Calls/Personnel

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

The feasibilityI ntr committee should estimate impact ane SBC willand have in reducing either help desk oducing Ser ver -Based Com the puting and th On- Dem ise personnel—depending upon how their organization accounts for this expense. support callsEnterpr or support Chapter 2 - Window Ter minalcharge Ser vices For instance, IT mays already users $100 per month for both phone and technician support. Chapter 3 - Citr ix MetaFr am e Access Suitethat under server-based computing, support calls will The feasibility committee might estimate Pa r t I I - De signi ngfollowing a n Ent e rpr i se SBC per Solutcategory ion decrease by the amounts of user: thin-client, 80 percent; mostly thin-client, 60 percent; minimal thin-client, 20ganization percent; other, 80 percent. Pr epar ing Your Or for an OnDem and Enterpr ise Chapter 1

Chapter 4

-

I mplem ent ation

Chapter Reduction 5 - Ser inverNetwork - Based Computing Administrative Data Center Personnel Architect ure Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing This figure reflect theonment lower number of administrators required as a result of eliminating servers Chapter 7 -should The Client Envir

in remote offices. - Security

Chapter 8 Chapter 9

- Net w or k Managemen t Bandwidth Considerations

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 bandwidth - Pr oj ect Managing and Deploying Enter pr ise SBC Envir onmentcomputing environment. Estimate requirements for both a an PC-based and server-based Chapter 11 Ser ver Configur ation: Windows Ter m inal Serv ices These depend upon the applications utilized, the size of the remote offices, and the extent to which Chapter 12 full - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver users are thin-client users. Chapter 13 - Application I nstallation and Configur at ion

Third-Party Backup Chapter 14 - Client ConfigurSubscriptions ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Most PC-based computing environments allow users to maintain data on their local hard drives. If IT already backs up this data, then additional storage may not be required. If users are required to back Chapter 17 - Net wor k Configur at ion up their own hard drives, then include this time as a soft cost for lost productivity. If a third-party service Chapter 18 - Pr int in g is utilized, include the percentage of users who subscribe to this service. Chapter 16 - Securing Client Access

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Soft Cost Figures Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

onment Soft costs areEnvir those costs that are harder to quantify, but that still clearly impact the organization.

Pa r t I V - Appendi x es

Application The estimated number of application upgrades or rollouts is used to calculate Appendix A - IRollouts nter netw or k ing Basics their costs, thatOnexcess personnel or Financial contractors are required Appendix B -assuming Creating an Dem and Enterpr ise Analysis Model to accomplish them. If your organization simply forgoes mostand application because the huge cost of performing them Appendix C - Creating an On- Dem Enterpr iseupgrades Subscr iption BillingofModel within a PC-based computing environment, then having the latest software can be identified separately I ndex as of a server-based computing benefit on the Report spreadsheet section. List Figur es List of Tables List ofNumber Case Studies of major application rollouts per year Rollouts of new application packages or List ofoperating Sidebars systems

Number of minor application rollouts per year Software version upgrades

Lost Productivity Estimate the amount of user productivity lost each year due to downtime and PC-based computing limitations such as inaccessibility to required corporate data.

Number of average user minutes downtime per rollout The expected length of downtime Cit rixfor Meboth t aFra m e Access Su it rollouts. e fo r W in do w s Ser ver suffered by users major and minor 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al.

ISBN:0072195665

PC upgrades Theawexpected downtime users undergo when they receive a new PC. McGr -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and scalableThe thinclient com puting envir onment Help desk delays expected lost productivity time and whiledeploy waiting for the help desk to resolve a Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also PC problem.learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Costs < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Estimated costs for both the existing PC-based computing environment and the proposed SBC are entered into the Costs section of the spreadsheet. Figure B-3 shows a Costs spreadsheet example. For ewor d Where appropriate, modify costs to reflect the specific user category as defined in the Demographics I ntr oduction section of the spreadsheet. Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion

Figure B-3: Costs section of a financial justification model

Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

An SBC Center Chapter 20 Data - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 - in Chapter 5, building an on-demand enterprise will involve configuring one or more data As discussed Envir onment

centers to support Pa r t I V - Appendi x esenterprise

server-based computing. This is likely to require a more robust and

redundant of most existing PC-based computing environments. You may be able Appendix A architecture - I nter netw orthan k ing that Basics to upgrade existing dataDem centers, or youisemay wish to build new ones or co-locate them with a Appendix B -your Creating an Onand Enterpr Financial Analysis Model

third-party such AT&T or Verio. The feasibility committee needs to choose a preliminary Appendix C service - Creating an as OnDem and Enterpr ise Subscr iption Billing Model strategy, including the number of data centers, and assign appropriate costs for the model.

I ndex

List of Figur es Servers Include both the cost and installation expense for each server. MetaFrame List of Tables

Windows Server 2003 Software Microsoft licenses Windows Server 2003 Terminal Services on List of Case Studies either the basis of total number of users or devices. See Chapter 2 for licensing details. List of Sidebars Citrix Software Citrix software is licensed on a concurrency basis, as explained in Chapter 3. In addition to the basic MetaFrame XP Presentation Server licenses, most organizations also purchase at least some of the other MetaFrame Access Suite components, including MetaFrame Secure Access Manager, Password Manager, and Conferencing Manager. LAN Backbone As discussed in Chapter 6, an SBC data center requires a very robust LAN backbone. This usually means a minimum 100MB switching configuration and may include FDDI or gigabit

switching for larger implementations along with redundancy. Bandwidth Management If you have remote offices, you may want to consider utilizing bandwidth Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver management, as2discussed in Chapter 6. One good solution is to use a bandwidth management 00 3 : Th e O ff icial Guid e device such as Packeteer's PacketShaper. These units can easily pay for themselves by increasing ISBN:0072195665 by Steve Kaplan et al. the utilization of available bandwidth from 40 to 80 percent. McGr aw -Hill © 2003 (724 pages)

Thisenough guide exmoney plains how to build to a rproperly obust, reliable, Installation Ensure is allocated install and all of the data center components. scalable thin- client com puting envir onment and deploy Remember that much of the work may have to be done during off-hours in order not to disrupt your Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also current environment. learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Maintenance and Support Include estimated costs for both annual maintenance and support of < ?xm l version= encoding= " I SO- 8859- 1" ?> hardware and" 1.0" software. Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide Storage Costs For ewor d

Estimate the cost per megabyte for required increased data-center storage to support the SBC users. I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

ElectricityI ntr Costs oducing

Chapter 1

-

Ser ver -Based Com puting and th e On- Dem and

Enterpr ise

Include2the- company's average cost per kilowatt. Chapter Window s Ter minal Ser vices Chapter 3

- Citr ix MetaFr am e Access Suite

Increased Bandwidth Costs

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Although Chapter 4 the - bandwidth costs to remote offices may fall under server-based computing, the data I mplem ent ation

center bandwidth requirements may increase.

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6 - Recovery/Business Designing Your Netw or k forContinuance Ser ver- Based Com put ing Disaster Chapter 7

- The Client Envir onment

Chapter The feasibility 8 - Security committee needs to determine the extent to which the SBC will include disaster recovery

and business continuance. The associated costs should then be entered into the spreadsheet. Chapter 9 - Net w or k Managemen t Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Client10Costs Chapter - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

The cost for PCs and laptops includes sales tax, shipping, and administration. Software operating system costs are included along with annual hardware support costs. A realistic installation cost should Chapter 13 - Application I nstallation and Configur at ion reflect the hours it takes to configure each device. For most organizations, this ranges between three Chapter 14 - Client Configur ation and Deploym ent to eight hours per PC or laptop. Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 of- any Securing Client Access The lack moving parts makes the installation and annual support costs for Windows terminals

minimal. Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Help Desk CostsRecovery and Business Continuity in the SBC Envir onment Chapter 19 - Disaster Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Some organizations will show help desk costs as reductions in the number of support personnel

Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 Others required. might already have an assigned monthly support cost per user. Envir onment Pa r t I V - Appendi x es

Remote-Office Server Costs

Appendix A - I nter netw or k ing Basics

Appendix - Creating an Onand Enterpr ise Financial Analysis Model Servers Bin remote offices willDem usually be eliminated under an SBC scenario. It is therefore important to Appendix C Creating an OnDem and Enterpr ise Subscr iption Billing estimate the costs for these servers, including ancillary equipmentModel such as tape backups, tape backup I ndex software, uninterruptible power supplies and software, network O/S software, and network List of Figur es software. Include costs for installing new servers along with the costs for annual server management List maintenance. of Tables List of Case Studies

Conferencing List of Sidebars

Costs

Several Internet conferencing programs charge fees to enable sharing of documents to both internal personnel and external clients. They typically charge by the minute. Exclusive of telecommunications costs, fees commonly range around .30 to .50 per minute, or about $50 to $150 per month per user.

Migration Costs Estimate the costs for migrating PC users to server-based computing desktops, including the cost of

migrating the data to the corporate data center. Four hours for migrating each PC is probably a reasonable figure. Include the estimated cost to migrate information from remote office servers back to the corporate data Also for preparing thever project definition and planning Cit rixcenter. Me t aFra m einclude Accessthe Sucost it e fo r W in do w s Ser documents, as well 2 00as 3 :the Th einfrastructure O ff icial Guidassessment. e by Steve Kaplan et al.

Remote-Office Bandwidth Costs McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and

Compare the costscalable of bandwidth required for a PC-based computing environment with the cost for thin- client com puting envir onment and deploy providing adequate bandwidth for aSer server-based computing Windows 2000/connectivity Windows 2003 v er and MetaFr am e. Alsoenvironment. Both figures will depend upon thelearn size of offices and the bandwidth Using t o remote centr alize application managem ent, medium. r educe soft w ar e the Internet or a VPN is on to the and expensive mor e. likely, for example, bedesktop, much less than using a dedicated leased line or frame relay connection. computing could < ?xm l version=Server-based " 1.0" encoding= " I SO- 88591" ?> either reduce or increase the bandwidth cost to a remote office depending upon the number of users and applications required. Effective use of an ERP Ta ble o f Con t en t s application in a remote office, for instance, may require much higher bandwidth under PC-based Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide computing than under server-based computing. For ewor d I ntr oduction

Miscellaneous Costs

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and This category Chapter 1 - includes the miscellaneous additional costs for both the server-based and PC-based Enterpr ise

computing environments. Examples include costs for bandwidth management devices for the larger - Window s Ter minal Ser vices offices and the cost of using a third-party service to back up user hard drives.

Chapter 2 Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I -Costs De signi ng a n Ent e rpr i se SBC Solut ion Soft

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Chapter 4

-

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

I mplem enttime ationshown on a minute or hourly basis should be entered into this part of the The cost of employee Chapter 5 - Ser ver - Based Computing Data Center Architect ure spreadsheet. Chapter 7

The Client Envir onment

Chapter 8

Report --

Security

Chapter 9 - section Net w or kpulls Managemen The Report togethert all of the information from the Demographics, Logistics, and Costs Pa r t I I I - I of m ple ent ing a n O n-D ema nd Se r ve r -isBaase d Com pu ti ng Enviestimate r onm e nt sections themspreadsheet. The end result net present value

for building an SBC and for

Chapter 10 - itPr ect Managing and Deploying Enter pr ise SBC Envir the savings isojexpected to generate over a an three-to-five-year time onment frame. The present value of the Chapter 11 - Ser Configur ation: by Windows Ter m inal Serv total savings canver then be divided the present value of ices the total cost of the project to show the Chapter 12 return - Ser ver Configur ation: MetaFr am e Presentation Ser ver expected on investment for Citr theixSBC initiative. Chapter 13 - Application I nstallation and Configur at ion

We like to list the categories in the first column and then the summarized costs for the ensuing years in the following columns, as seen in Figure B-4, which shows an example of a Report spreadsheet Chapter 15 - Pr ofiles, Policies, and Pr ocedu res section over a three-year analysis period. Chapter 14 - Client Configur ation and Deploym ent Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Figure B-4: Report section of a financial justification model Cit rix Me t aFra m e Access Su it e Demographics Summary 2 00 3 : Th e O ff icial Guid e

fo r W in do w s Ser ver ISBN:0072195665

by Steve Kaplan et al. We find it useful to recap the total number of expected concurrent employees by year, along with the McGr aw -Hill © 2003 (724 pages) number of expected MetaFrame servers required in a demographics summary. Since technology is This guide exfaster plains than how to build a r obust,growth reliable,rate, and the number of servers required almost certainly accelerating your employee scalable thin- client com puting envir onment and deploy each year shouldWindows actually 2000/ decline. Windows 2003 Ser v er and MetaFr am e. Also

SBC Costs

learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

< ?xm l version= " 1.0" " I SO8859?> SBC costs are the encoding= summation of all the 1" different components involved in constructing and maintaining Ta ble o f Con t en t s

an on-demand enterprise data center.

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor Tipd You may wish to break down costs and savings on a per-user basis in order to analyze the

impact of an SBC from a different angle. I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Data Center Costs In the sample shown in Figure B-4, we consolidate the costs by hardware and

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 - software, and support costs. installation, Enterpr ise Chapter 2

- Window s Ter minal Ser vices

Migration Costs - Citr ix MetaFr am e Access Suite

Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Migration costs include the project definition, infrastructure assessment and planning costs, as well as

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 migration the client costs and remote-office migration costs. I mplem ent ation Chapter 5

- Ser ver - Based Computing SBC Savings

Chapter 6

Data Center Architect ure

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7 - The ClientinEnvir onment As mentioned earlier the appendix, the SBC savings equate to the money not spent that would have Chapter 8 - Security been required to sustain a PC-based computing environment. Chapter 9

- Net w or k Managemen t

PC Savings PC Savings Pa r t Iand I I - ILaptop m ple m ent ing a n O n-Dand e m aLaptop nd Se r ve r - Ba se dsection Com pu summarizes ti ng Envi r onmthe e nt expected

savings from less-

frequent PCs andand laptops. The an figures fromEnvir multiplying Chapter 10upgrades - Pr oj ectofManaging Deploying Entercome pr ise SBC onment the total cost of the laptop

or PC by 12 and dividing it by the life cycle of the device. For instance, suppose a PC costs $1250, including taxes, installation, shipping, and administration. If your company policy is to replace PCs Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver every 18 months, then your annual savings by going to server-based computing will be $1250 × (12 / Chapter 13 - Application I nstallation and Configur at ion 18) = $833 per PC. If appropriate, the annual maintenance savings for PCs and laptops should also be Chapter 14 - Client Configur ation and Deploym ent reflected in this category. Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Chapter 16 Terminal - SecuringSavings Client Access Windows Windows terminal savings result from being able to purchase lessChapter 17 Windows - Net wor kterminals Configur atrather ion expensive than PCs for new users. In the example in Figure B-4, we assume

that PCs gradually Chapter 18will - Pr int in g be replaced with Windows terminals as they come up in their normal refresh cycle. 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Yearly Support Savings Yearly support savings are a result of using Windows terminals or from using

Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 - down like Windows terminals rather than fat-client PCs for new users. PCs locked Envir onment Pa r t I V - Appendi x es

IT Staff Savings

Appendix A - I nter netw or k ing Basics Appendix B - Creating an OnDemdesk and Enterpr isePC Financial Analysis Model The amount of decreased help support, desktop support, and remote office network Appendix C Creating an OnDem and Enterpr ise Subscr iption Billing Model administrator support required under an SBC should be summarized by showing a decline in either the I ndex monthly charge per user or in a reduced salary cost for IT personnel. List of Figur es

According to a 2003 Gartner Research Report, password-related help desk calls account for List ofNote Tables List of Case nearly Studies25 percent of call volume, on average. This means that implementing the Password

Manager component of the MetaFrame Access Suite alone should generate significant List of Sidebars

reductions in help desk staffing requirements. User productivity will also be increased since users no longer will need to wait for the help desk to assist them with forgotten passwords.

Remote-Office Server Savings Remote-office server savings result from no longer having to upgrade and maintain remote-office servers. The annual savings from not having to upgrade the servers are calculated in the same

manner as the savings from not upgrading PCs and laptops. Note All servers in remote offices may not be eliminated under an SBC model, depending upon Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver factors 2such as the size of the office and bandwidth availability. If any remote office servers 00 3 : Th e O ff icial Guid e will remain under SBC, then the calculations will need to be modified appropriately. ISBN:0072195665 by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

Power Savings

This guide ex plains how to build a r obust, reliable, and

thin- client com puting envir onment and deploy Electricity savingsscalable are included for the replacement of PCs with Windows terminals, and for the Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also elimination of remote-office servers (adding back the increased electricity learn t o centr alize application managem ent, r educe soft w ar eusage for the Citrix servers in the data centers). on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Conferencing Savings Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v erenables 2003—The Officialapplication Guide Citrix MetaFrame Conferencing Manager also real-time sharing for both internal For ewor d and external users, but at a one-time fixed fee that is included as part of the SBC software cost. I ntr oduction Conferencing savings are therefore the annual expense of the organization's web-based conferencing Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g service.

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Enterpr ise Backup Savings

Chapter 2

- Window s Ter minal Ser vices Any hard such as theSuite money that will no longer be required for third-party backup Chapter 3 backup - Citr ix savings MetaFr am e Access

services are reflected here. softSolut backup Pa r t I I - De signi ng a n Ent e rpr iAny se SBC ion

savings are quantified apart from the ROI calculation.

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 Summary I mplem ent ation Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Subtract the SBC costs from the anticipated savings to show the net SBC savings each year. - Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 6

Chapter 7 the - The Client Envir Calculate expected ROI onment of an SBC by subtracting the net present value of the SBC costs from the Chapter 8 - value Security net present of the SBC savings. Then divide this figure by the net present value of the SBC Chapter costs. 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Soft Savings Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Show soft from the ROI include savings Chapter 12 savings - Ser verapart Configur ation: Citr ixcalculation, MetaFr am eand Presentation Ser ver from reduced user downtime

and inaccessibility to required corporate data. Specific productivity savings can also be calculated from Chapter 13 - Application I nstallation and Configur at ion utilizing the Password Manager and Secure Access Manager components of the MetaFrame Access Suite.

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access

Benefits

Chapter 17 - Net wor k Configur at ion Chapter - Pr int in g List the18 expected benefits from implementing an SBC along with the financial report. It might even be Chapter 19 - to Disaster Recovery Business Continuity in the SBC Envir onment appropriate quantify some ofand them, but excluding them from the ROI calculation should still leave a Chapter project 20 savings - Migr easily ation large to Window enough s 2003 to justify and Citr theix SBC MetaFrame implementation. XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

rix Me t aFra m e Access Su it e fo r W in do w s Ser ver AppendixCit C: Creating an On-Demand Enterprise 2 00 3 : Th e O ff icial Guid e ISBN:0072195665 by Steve Kaplan et al. Subscription Billing Model McGr aw -Hill © 2003 (724 pages) This guide ex plains are howoften to build a r obust, and In most organizations, IT expenses allocated onreliable, the basis of somewhat arbitrary criteria, such scalable thin- client com puting envir onment and deploy as a percentage of sales. On the other hand, commercial Application Service Providers (ASPs) must Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also charge their customers' fees that are clearly based upon usage of their application hosting services. By learn t o centr alize application managem ent, r educe soft w ar e utilizing Citrix access infrastructure create on the desktop, andtomor e. an on-demand enterprise, IT can become a corporate computing utility, provisioning software as a service. This enables them to apply a similar billing model < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> as a commercial ASP to their organization's internal customers. The advantage is greater Ta ble o f Con t en t s accountability as departments, offices, and users quickly understand the costs of IT resources they Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide consume. By adjusting their consumption habits to minimize IT expenses, the entire organization For ewor d benefits. This model also tends to spotlight the types of hidden IT costs that frequently plague many I ntr oduction organizations utilizing a client-centric model of computing. For purposes of this model, we'll refer to Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g accessing SBC as part of the on-demand enterprise as a Corporate ASP. Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Monthly Subscription - Window s Ter minal Ser Fees vices

Chapter 2 Chapter 3

- Citr ix MetaFr am e Access Suite

IT can charge users a monthly subscription fee structured like a cable company bill. Each user and each remote office is charged a basic monthly fee for utilizing the Corporate ASP. Additional fees Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 cover supplementary applications, services, and changes. Account change fees help to ensure that I mplem ent ation users remain conscious of the administrative costs their requests for system modifications entail. Chapter 5 - Ser ver - Based Computing Data Center Architect ure Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Basic User Fees

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Basic user are monthly charges for products and services necessary for a user to access the Chapter 16 -fees Securing Client Access

Corporate Fork example, department with ten user accounts would be charged a basic monthly Chapter 17 ASP. - Net wor Configur ataion fee for each of the ten named users to receive help desk support and the necessary hardware, software, and disk space.

Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Help desk support The basic include charge for help desk support. SBC both Ongoing Administr ation user of thefee Sershould v er - Based Comaputing Envir onment greatly simplifies the user-computing environment and allows help desk personnel to "shadow" Pa r t I user V - Appendi x es When including Password Manager, which by itself should reduce the average help sessions. Appendix - I nter netw or k ingbyBasics deskA support requests 25 percent, this charge should run far less than it would in a clientcentric Appendix B -computing Creating anenvironment. On- Dem and Enterpr ise Financial Analysis Model Chapter 21 -

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

Network device Users require a PC, laptop, Macintosh, UNIX Workstation, or Windows terminal

List ofinFigur es to access the Corporate ASP. Although it probably makes more sense to let departments order List ofpay Tables for their own equipment, IT does need to set a price for access. List of Case Studies List of Sidebars

Disk space The basic subscription fee should include a certain amount of disk space in the corporate data center. Basic software suite Users will have access to the standard corporate software suite such as Microsoft Office and e-mail. This suite should include virus-protection software and all licensing costs for accessing Terminal Services and MetaFrame XP Presentation Server.

Basic Office Fees The monthly basic covers the expense awremote office onto the Corporate ASP. Citoffice rix Mefee t aFra m e Access Su it e of foputting r W in do s Ser ver 2 00 Th e O ff icialbyGuid The charges might be3 :categorized sizee of office, as described in Appendix B and as shown here: Office Type Small Medium Large

ISBN:0072195665 by Steve Kaplan et al. McGr aw -Hill 2003 (724 pages) Number of ©Users Basic Monthly Fee Shared Disk Space This guide ex plains how to build a r obust, reliable, and 1–5 50 envir onment and 500MB scalable thin- client com $ puting deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also 5–14 $150 1GB learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. 15–30 $250 2GB

< ?xm l version= " 1.0"41–200 encoding= " I SO- 8859-$900 1" ?> Jumbo Ta ble o f Con t en t s

10GB

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Shared disk space in the corporate data center Remote offices may require shared disk space For ewor d in excess of the amount for individual users. I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser verfee -Based Cominclude puting and th e OnDem and Bandwidth The monthly should the cost of connectivity as well as the cost of Chapter 1 Enterpr ise

bandwidth management and support.

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Large Pa r t I Printing I - De signi ng a nremote Ent e rproffices i se SBCoften Solut have ion

print servers, and small offices use print management hardwarePrat theingcorporate data center. office should epar Your Or ganization for General an On- Dem and fees Enterpr ise cover basic printing, using Chapter 4 corporate standard printers. I mplem ent ation Chapter 6 - Designing Your Netw k for Ser verBased Com put ing a basic level of administrative support Administrative support Theormonthly fee can also include Chapter - The Client Envir onment for7each office. Chapter 8

- Security

Chapter 9

- Net w or k Managemen t Extra User Fees

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter - Pr ojcompany, ect Managing andtack Deploying an Entercharges pr ise SBC onmentservices. The following table As with10 a cable IT can on additional forEnvir additional Chapter 11 Ser ver Configur ation: Windows Ter m inal Serv ices shows an example of basic and additional monthly subscription fees. Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion User Subscription Fees

Amount

Chapter 14 - Client Configur ation and Deploym ent

Basic15 user fees Chapter - Pr ofiles, Policies, and Pr ocedu res Chapter 16 PC - Securing Clientterminal, Access network and MetaFrame software licensing, MS Includes or Windows Chapter - Netantivirus wor k Configur at ion 200MB data center storage Office,17e-mail, software,

$150

Chapter 18 - Pr int in g

Additional user fees

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Laptop20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter

$ 50

Ongoing Extra 100MB storageAdministr ation of the Ser v er - Based Com puting Chapter 21 Envir onment

$ 10

32-bit Pa Each r t I V -extra Appendi x esapplication

$ 10

Appendix A - I nter netw or kServer-supported ing Basics Local printer (Terminal drivers) Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

$5

Some ofCthe categories additional fees are follows: Appendix - Creating an of OnDem and Enterpr iseas Subscr iption Billing Model I ndex List ofNonstandard Figur es software Users requiring access to nonstandard corporate applications should pay List ofadditional Tables fees. Unusually resource-intensive or 16-bit applications requiring separate MetaFrame List ofXP Case Studies Presentation servers will be more expensive. List of Sidebars

Hardware types It generally costs slightly more to maintain and support a PC configured as a Windows terminal than it does to support a genuine Windows terminal. A laptop user who runs applications both locally and through the Corporate ASP will likely require significantly more support. IT can tack on additional charges depending upon the type of hardware utilized and the degree to which the user operates in complete thin-client mode.

Additional disk space IT can charge users extra for additional data storage requirements. Cit rix Medevices t aFra m esuch Access Su it e fo r Wscanners in do w s Ser ver Local devices Local as printers and can be charged appropriately. 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al.

ISBN:0072195665

Access fromMcGr home A small charge might be levied for employees who want to work from home aw -Hill © 2003 (724 pages) as well as from the office, though server-based computing makes This guide ex plains how to build a r obust, reliable, and this process relatively painless. IT may instead choose toclient bundle this service asonment part ofand the deploy basic monthly user fees in order to scalable thincom puting envir Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also encourage working from home. learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Extra Office Fees

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaIT blecan o f charge Con t en extra ts fees to remote offices requiring additional storage space or printing requirements Citr ix MetaFr e Access Suite foror Window s Ser v changes er 2003—The beyond theam basics. New users application also Official fall intoGuide this category. For ewor d I ntr oduction

Account Change Fees

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntrfoster oducing Ser ver -Based Com puting and th the e OnDem and In order1 to help computing efficiency throughout organization, IT may wish to charge remote Chapter Enterpr ise

offices or departments for each account change. An account change is a new account setup or an - Window s Ter minal Ser vices addition or deletion to a user or office account. For example, adding or deleting a specific application Chapter 3 Citr ix MetaFr am e Access Suite to a user or- group desktop would be an account change. An account change would also take place if Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion an office decided to increase or decrease its shared disk space at the data center. Chapter 2

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix MeManager t aFra m e Access it e fo r W in do w s Ser ver Using Resource forSuSpecific Usage Billing 2 00 3 : Th e O ff icial Guid e

by Steve (RM) Kaplan et al. Citrix Resource Manager may be used to supplement theISBN:0072195665 monthly subscription fee model by McGr aw -Hill © 2003 per (724 minute pages) of connection time. It also enables billing by memory billing users for some applications utilization and/or This processor utilization. A to semiconductor guide ex plains how build a r obust,manufacturer, reliable, and for example, might utilize a scalable application thin- client com puting a envir onment andofdeploy common manufacturing requiring huge amount RAM per user. RM can add a 2000/ Windows 2003 Ser v er resources and MetaFr am Also supplemental feeWindows for the inordinate amount of server thate.manufacturing users consume. learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

RM Billing

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

RM can create its own billing reports, which can be delivered directly to users or imported into another accounting or ERP application.

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

I ntr oduction User Delineation Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and RM provides Chapter 1 - the capability of going through the domain structures and creating bills for users or Enterpr ise groups. RM enables billing by user or by cost center using the Windows domain structure, or you can Chapter 2 - own Window Ter minal Ser vices create your costs center assignments. For example, you might bill by office or by department. Chapter 3 different - Citr ix geographical MetaFr am e Access Suitecan automatically be charged in their own currency. Users in locations Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Billing Reports Pr epar ing Your Or ganization -

Chapter 4

for an On- Dem and Enterpr ise

I mplem ent ation

Billing reports can constructed to show resources used,ure session start time, session elapsed time, Chapter 5 - Ser verbe - Based Computing Data Center Architect process6 loaded time, CPU utilized, andCom process Chapter - Designing Yourtime, Netw memory or k for Ser ver- Based put ingactive time. Figure C-1 shows a screen print from RMClient report. Chapter 7 an - The Envir onment Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

Figure Detailanfrom RM and report Appendix B - C-1: Creating On- Dem Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Index

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

A

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and AAA (authentication authorization and access), 158,234

scalable thin- client com puting envir onment and deploy

AAA servers, 168Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

ABM Industries case study, 8 on the desktop, and mor e. access infrastructure schematic, 30 < ?xm ldata version= " 1.0" procedures, encoding= " I SOmigration 3208859- 1" ?> Ta ble o f Con t en t s facilitating growth, 16 Citr ixon-demand MetaFr am e enterprise Access Suite for Window s Ser29–30 v er 2003—The Official Guide implementation, For ewor userd survey form, 118 I ntr oduction

ACE Cost Analyzer (Citrix), 686

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Access (application), 419Ser ver -Based Com puting and th e On- Dem and I ntr oducing Enterpr users, ise Access for external limited, 95

Chapter 1 Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Access infrastructure (Citrix enterprise), 4

Access layer (network 153,Solut 161–168 Pa r t I I - De signi ng a n Entdesign), e rpr i se SBC ion

security exposures, 226 Or ganization for an On- Dem and Enterpr ise Pr epar ing Your Chapter 4 - 161 switches, I mplem ent ation Chapter - Serresources, ver - Based Computing Data Center Architect ure Access5to local limiting, 477–480 Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing

Access to SBC resources

Chapter 7 - The Client Envir onment designing, 156–158 Chapter 8 - 157–158 Security methods, Chapter 9

- Net w or k Managemen t

Access switch configuration (plant floor), 563

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

ACCESS-DMZ configuration (Cisco 3550–12G), Chapter 10 - Pr ojswitch ect Managing and Deploying an Enter pr ise573 SBC Envir onment Chapter Account 11change - Ser ver fees, Configur 704–705 ation: Windows Ter m inal Serv ices Chapter 12 - (audit Ser vertrails Configur ation: Citr ix MetaFr Accounting of data access), 217 am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

ACE Cost Analyzer, 686

Chapter 14 - Client Configur ation and Deploym ent

ACLcheck 95 Policies, and Pr ocedu res Chapter 15 -utility, Pr ofiles, Active Directory, 79,155 Chapter 16 - Securing Client Access design, Chapter 17 125 - Net wor k Configur at ion User18Manager, Chapter - Pr int in 93 g

Users print settings, 614 Continuity in the SBC Envir onment Chapter 19 &- Computers Disaster Recovery and Business Chapter Active Directory 20 - Migrdomain, ation to Window 55 s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of Ser v er469–470 - Based Com puting Active Directory OU for MetaFrame XPthe servers, Chapter 21 Envir onment

Active Pa r t I V -session Appenditimeout, x es

50

Appendix ActiveX A control, - I nter 46 netw or k ing Basics Appendix B - Creating an OnAdd/Remove Programs, 401Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Addressing scheme, 548,550

I ndex

Administration List of Figur es of SBC environment, 8, 653–667 Administrative security measures, 222 List of Tables List of Case Studies Administrator-created rules (MOM 2000), 271 List of Sidebars

Administrators (network) need for skilled, 114 remote connect to server console, 65 ADSL (Asymmetric DSL), 173 Agent monitoring, 256–258 ALE client, 210

Alerting,252,271 Allow Drive Access Properties dialog, 478–479 Cit rix Me t aFra Analysis phase (migration), 643 m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Anecdotal testing,by408 Steve Kaplan et al. aw -Hill93 © 2003 (724 pages) Anonymous userMcGr accounts,

ISBN:0072195665

This guidesyntax ex plains to build a r384 obust, reliable, and App Config Add program andhow parameters,

scalable thin- client com puting envir onment and deploy

Application installation and2000/ configuration, 395–419 Windows Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

Appliance-basedon bandwidth managers, 179–185 the desktop, and mor e. Application access, 419

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> ICA client options for, 422–442 Ta ble o f Con t en t s

managing, 661–662

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Application addressing, 92 For ewor d I ntr Application oduction Compatibility Scripts, 58, 402–403 Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Application COM/DCOM objects, 61

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 - data, user-specific, 60 Application Enterpr ise Chapter Application 2 - Data Window redirection, s Ter minal 475 Ser vices Chapter 3 - environment, Citr ix MetaFr am e Access Suite Application 119–120 Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Application Execution Shell, 96

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Application failure I mplem inent multiuser ation environment, 57

Chapter 5 - gateways, Ser ver - Based Computing Data Center Architect ure Application 230–231 Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Application installation, 59 - The Client Envir onment checklist,402 Chapter 8 - Security methodology, 397 Chapter - Net w or k Managemen t tips,9404–406 Chapter 7

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Application layer (IP), 676

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Application (OSI model), 674Windows Ter m inal Serv ices Chapter 11 - layer Ser ver Configur ation: Chapter 12 - licensing, Ser ver Configur Application 419 ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - list, Application I nstallation and Configur at ion Application managing, 407 Chapter 14 - Client Configur ation and Deploym ent

Application navigation, 92

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Application 398–400 Chapter 16 - optimization, Securing Client Access Chapter Application 17 - packaging, Net wor k Configur 120,413–414 at ion Chapter 18 - portal, Pr int in79 g Application Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Application QoS (Quality-of-Service), 255

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Application rollout cost estimates, Ongoing Administr ation692 of the Ser v er - Based Com puting Envir onment Application Server mode (Terminal Server), 64

Chapter 21 -

Pa r t I V - Appendi x es

Application servers, 25

Appendix A - I nter netw or k ing Basics

Application defined, 84 Dem and Enterpr ise Financial Analysis Model Appendix B - set, Creating an OnApplication Settings, 450, 454and Enterpr ise Subscr iption Billing Model Appendix C - Set Creating an OnDem I ndex Application strategies, 397–400 List of Figur es

Application survey, 302

List of Tables

Application testing procedure, 407–408

List of Case Studies

Application updates and hotfixes methodology, 397 List of Sidebars Applications, 56–62,120,396 adding/removing users, 662 architectural design of, 123 controlling availability of, 481 deployment of, 13–15,410–419 during beta, 317 eliminating features of, 476–477

features and requirements, 397–398 installing and configuring, 400–406 limiting users Cit to published, 94–95 rix Me t aFra m e Access Su it e fo r W in do w s Ser ver locking down,2419 00 3 : Th e O ff icial Guid e for pilot program, 308–310, 312 ISBN:0072195665 by Steve Kaplan et al. postinstallation changes to, 402–403 McGr aw -Hill © 2003 (724 pages) publishing,92–96 This guide ex plains how to build a r obust, reliable, and requirements scalable of, 120 thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also selecting,397–398 learn t o centr alize application managem ent, r educe soft w ar e

AppSense,6,15,204, 344desktop, and mor e. on the Asset tracking system, 303 < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaAT&T, ble o f Con for SBC t en t sdata center hosting, 136

Citr ix MetaFr am e AccessTransfer Suite forMode), Window170–172 s Ser v er 2003—The Official Guide ATM (Asynchronous For ewor d

ATM cell loss probability (CLP) bit, 178

I ntr oduction

ATM relay, 173put in g Pa r t I -data Ov ercenter vi e w ofconnected Ente r pr ise to Seframe r ve r - Ba se d Com Auditability,- network I ntr oducing design Ser ver for,-Based 152 Com puting and th e On- Dem and

Chapter 1

Enterpr ise

Auditing,236,252

Chapter 2

- Window s Ter minal Ser vices

Authentication, 156, 217 am e Access Suite Chapter 3 - Citr ix MetaFr Pa Authorization, r t I I - De signi217 ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Auto Update Chapter 4 - feature (MetaFrame), 209 I mplem ent ation

Auto-Creation Settings dialog (printing), 606 Chapter 5 - Ser ver - Based Computing Data Center Architect ure

Autologin, Chapter 6 209 - Designing Your Netw or k for Ser ver- Based Com put ing Chapter 7 - systems The Client Envir onment applications, 145–146 Automated with dependent Chapter 8 - Security

Automatic Activation (licensing), 63

Chapter 9

- Net w or k Managemen t

Automation design, 125

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Autoupdate, Chapter 10 - 456 Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - inSer ver 243 Configur ation: Windows Ter m inal Serv ices Availability, SLA, Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Index

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

B

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and Back-end database design, 125

scalable thin- client com puting envir onment and deploy

Windows 2000/ BackOffice suite (Microsoft), 269Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

Backup architecture design, 125 and mor e. on the desktop, Backup data center components, 634 < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaBackup ble o f Con environment, t en t s 122

Citr ix MetaFr am e Access Suite698 for Window s Ser v er 2003—The Official Guide Backup savings estimates, For ewor d

Backup service, SLA for, 243–244

I ntr oduction

Backup 25Ente r pr ise Se r ve r - Ba se d Com put in g Pa r t I - Ovsystem, er vi e w of Backup tapes, I ntr 327 oducing Ser ver -Based Com puting and th e On- Dem and -

Chapter 1

Enterpr ise

Bandwidth - Window s Ter minal Ser vices ensuring adequate, 315 Chapter 3 - Citr ix MetaFr am e Access Suite planning, 175–185 Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion remote office, 12 Pr epar ing Your Or ganization for an On- Dem and Enterpr ise WAN, Chapter 4 533–535 I mplem ent ation when migrating to a new network, 178 Chapter 2

Chapter 5

- Ser ver - Based Computing Data Center Architect ure Bandwidth center), Chapter 6 -availability Designing(data Your Netw or k 142 for Ser ver- Based Com put ing

Bandwidth (WAN), 176 Chapter 7 -calculation The Client worksheet Envir onment Chapter 8 -consumption, Security Bandwidth 22 Chapter 9 - Net w or k Managemen t

Bandwidth cost estimates, 694

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Bandwidth 691 Chapter 10 -estimates, Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Bandwidth 28, 177–185 Chapter 11 -management, Ser ver Configur ation: Windows Ter m inal Serv ices appliance-based, 179–185 Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver CME 571–572I nstallation and Configur at ion Chapter 13Corp, - Application CME-EUR, 558 Configur ation and Deploym ent Chapter 14 - Client CME-MEX, Chapter 15 - Pr560 ofiles, Policies, and Pr ocedu res

CME-WEST,566 data center, 143 Chapter 17 - Net wor k Configur at ion printer, 601–602 Chapter 18 - Pr int in g private WAN, 553–555,573–577 Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment requirements, 544–546 Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP router-based,179 Chapter 16 - Securing Client Access

Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 -management hardware, CME, 545 Bandwidth Envir onment Pa r t I V - Appendi x es Bandwidth partitioning,

183

Appendix A - I nter netw or k ing Basics

Bandwidth prioritization, 184

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Baseline configurations, 148

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

B-channels, 172–173 I ndex List of Figur es domain controller), 55 BDC (backup List of Tables Beta assessment, 318 List of Case Studies

Beta projects application considerations during, 317 customer care during, 314 expanding pilot program to, 130,313–318 reliability and performance of, 113 testing during, 318 user selection during, 317

List of Sidebars

Billing model, 701–706

Billing reports, Resource Manager, 705 Billing services, Resource Manager, 268 Cit680 rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Binary basics, 679, 2 00 3 : Th e O ff icial Guid e

B-ISDN (broadband ISDN), 172 et al. by Steve Kaplan Bit stream, 675 McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

Bitmap cache, 46This guide ex plains how to build a r obust, reliable, and

scalable thin- client com puting envir onment and deploy

Bitwise AND, 678Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

Boolean rules (load evaluator), 91 on the desktop, and mor e. Branch office dedicated media access, 157

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> office TaBranch ble o f Con t enVPN t s access, 157 Citr ix (Basic MetaFr am e Access Suite 172 for Window s Ser v er 2003—The Official Guide BRI Rate Interface), For ewor d

Bridging or conversion technologies, 145

I ntr oduction

Browser-based applications, 21–22

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Browser-based 14, 28-Based Com puting and th e On- Dem and I ntrinterface, oducing Ser ver Enterpr ise Budget, updating, 328

Chapter 1 Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Budget contingencies, 305

Budget monitoring, Pa r t I I - De signi ng a n305 Ent e rpr i se SBC Solut ion Pr epar ing Or ganization for an On- Dem and Enterpr ise Budgetary concerns ofYour IT, 292 Chapter 4 I mplem ent ation

Bulk compression, 45

Chapter 5

- Ser ver - Based Computing Data Center Architect ure Business (BC), 17–18, 26, 218, 625–639 Chapter 6 continuity - Designing Your Netw or k 133, for Ser verBased Com put ing

cost7 estimates, 694 Envir onment Chapter - The Client documentation, 638 Chapter 8 - Security

IT plan for, 633–639 - Net w or k Managemen t

Chapter 9

Business continuity design 629–630 Pa rt I I I - I m ple m ent ing a n O (SBC), n-D e m a123, nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Chapter 10 continuity - Pr oj ect plan, Managing Business 626 and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices for CME, 630–633 Chapter 12 - Ser ver627 Configur ation: Citr ix MetaFr am e Presentation Ser ver considerations, Chapter phases 13 -of, Application 627 I nstallation and Configur at ion

test 14 of, 639 Chapter - Client Configur ation and Deploym ent Chapter 15 interruption, - Pr ofiles, Policies, and ocedu res Business statistics on,Pr626 Chapter 16 - Securing Client Access

Business loss, reducing risk of severe, 626

Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Index

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

C

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and CA UniCenter TNG, 266

scalable thin- client com puting envir onment and deploy

Windows Windows Cable management (data 2000/ center), 144 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

Cable modem, 174–175 on the desktop, and mor e. Cache file pointer, 60 < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaCache-control ble o f Con t en tHTTP s header in IIS, 447

Citr ix MetaFr am e Client AccessAccess Suite forLicense), Window s62–63 Ser v er 2003—The Official Guide CAL (Microsoft For ewor d

Campus LAN access/distribution diagram, 578

I ntr oduction

Campus LAN access/distribution module, Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d 577–579 Com put in g Campus LAN I ntr access/distribution oducing Ser ver -Based topology, Com puting 577 and th e On- Dem and -

Chapter 1

Enterpr ise

Campus WLAN access/distribution topology, 580

Chapter 2

- Window s Ter minal Ser vices

Capacity 110,150 Chapter 3 planning, - Citr ix MetaFr am e Access Suite Pa Captaris r t I I - DeRightFax, signi ng a n16 Ent e rpr i se SBC Solut ion

Pr epar ing Your Or452–453, ganization492 for an On- Dem and Enterpr ise CAs (Certificate Authorities), Chapter 4 I mplem ent ation

CATV (cable TV), Chapter 5 - Ser ver174 - Based Computing Data Center Architect ure

CBWFQ Chapter 6 (class-based - Designing weighted Your Netwfair or k queuing), for Ser ver-179 Based Com put ing Chapter 7 - Connection The Client Envir onment CCC (Citrix Configuration), 614 Chapter 8 - Security migration methodology, 642–643 Chapter 9 settings, - Net w or614 k Managemen t printer Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

CCS (Citrix Consulting Services), 642

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

CDAs (content delivery agents), 98,518–520,529

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

CDDI (Copper Data Interface), 171am e Presentation Ser ver Chapter 12 - SerDistributed ver Configur ation: Citr ix MetaFr Chapter 13 sharing, - Application I nstallation and Configur at ion CD-ROM 316–317 Chapter - Client ationsavings and Deploym Central14 data center,Configur economic of, 6 ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Central IT, problems with perception of, 291–292

Chapter 16 - Securing Client Access

Centralization, savings Chapter 17 - Neteconomic wor k Configur at ionof, 6 Chapter Centralized 18 - host Pr int architecture, in g 32 Chapter 19 - network Disaster diagram, Recovery 225 and Business Continuity in the SBC Envir onment Centralized Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Centralized standards, 113

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Certificate, obtaining from CA, 492–495 Envir onment

Pa r t I V - Appendi x es documentation, Certificate request

492–495

Appendix A - I nter netw or k ing Basics

Certificate Revocation List, 451–452

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Change Ccontrol (pilot),an111 Appendix - Creating On- Dem and Enterpr ise Subscr iption Billing Model Change control (policies and profiles), 481 I ndex List of Figur es Change control process (project), 121,296 List of Tables

Change control (project), 121,295–297

List of Case Studies

Change management database, 321

List of Sidebars

Change management (SBC project), 117–118,130,321 Change user/install command, 401 CIM (Common Information Model), 269,276 CIM Object Manager, 276 Cipher Strength value, 449

CIR (Committed Information Rate), 171 Circuit gateways, 230 rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Cisco hierarchicalCit enterprise design, 153–154 2 00 3 : Th e O ff icial Guid e

Cisco Local Director, 168 Kaplan et al. by Steve Cisco NBAR, 179McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide Cisco Security Wheel, 220 ex plains how to build a r obust, reliable, and

scalable thin- client com puting envir onment and deploy

Cisco Universal Gateway, 168 Windows 2003 Ser v er and MetaFr am e. Also Windows 2000/ learn t o centr alize application managem ent, r educe soft w ar e

Citrix Business Alliance, 22 on the desktop, and mor e. Citrix enterprise access infrastructure, 4

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaCitrix ble o licensing, f Con t en t s386–394 Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide Citrix MetaFrame. SeeMetaFrame For ewor d

Citrix and Microsoft, 22–23

I ntr oduction

Citrix notification group, 273

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Citrix policies,I ntr 467–468 oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise Citrix policies printer settings, 613

Chapter 1 Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Citrix resellers, categories of, 116

Citrix andngFlex software Pa r t I I Retail - De signi a n Ent e rpr i selicensing, SBC Solut 387 ion Pr epar Clark, Graham, 22 ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 I mplem ent ation

Classification (of network traffic), 177–178

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Client access, securing, 483–529 Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing Chapter 7 - The Client Envir onment Client application design, 129 Chapter 8 - Security Client caching, 49 Chapter 9

- Net w or k Managemen t

Client categories, 196

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Client classifications, 196–197and Deploying an Enter pr ise SBC Envir onment Chapter 10 - Pr oj ect Managing Chapter 11 -estimates, Ser ver Configur Client cost 694 ation: Windows Ter m inal Serv ices Chapter 12 - Sermatrix, ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Client decision 194,197–200 Chapter 13 - Application I nstallation and Configur at ion

Client deployment, four methods of, 425

Chapter 14 - Client Configur ation and Deploym ent

Client design, Chapter 15 - Pr128–129 ofiles, Policies, and Pr ocedu res Chapter Client devices, 16 - Securing 26–27 Client Access

categories of,wor 196 Chapter 17 - Net k Configur at ion PC 18 vs. Windows Chapter - Pr int in g Terminal, 209 types 196,212, 422 Chapter 19of,- 7, Disaster Recovery and Business Continuity in the SBC Envir onment using 194 to Window s 2003 and Citr ix MetaFrame XP Chapter 20 thinnest, - Migr ation Client environment, Ongoing122, Administr 193–213 ation of the Ser v er - Based Com puting

Chapter 21 -

Envir onment

Client installations, 319

Pa r t I V - Appendi x es

Client local 455 Appendix A - mapping I nter netwsettings, or k ing Basics Appendix Client name, B - Creating print settings an Onand, Dem616 and Enterpr ise Financial Analysis Model Appendix C - Creating an upgrades, On- Dem and322 Enterpr ise Subscr iption Billing Model Client operating system I ndex

Client operating systems, 128,322

List of Figur es

Client printer autocreation, 46,590–602 List of Tables Client printer mapping, 590–605 List of Case Studies List of Sidebars Client printers, 46,589,590–603

Client Printers dialog (CMC), 603 Client software updates, 209 Client Update Configuration utility, 456 Clients. SeeICA clients Client-side print drivers, 614

Client-to-Server Content Redirection, 432 Clipboard redirection, 46 Cit rix Me t222 aFra m e Access Su it e fo r W in do w s Ser ver Closed security paradigm, 2 00 3 : Th e O ff icial Guid e

CLP (Corporate License 388 by SteveProgram), Kaplan et al.

ISBN:0072195665

McGr aw -Hill © 2003 (724 pages) CMC (Citrix Management Console), 85, 658–659 adding/removing users, Thisapplication guide ex plains how662 to build a r obust, reliable, and scalable thin- client adding/removing a server, 662 com puting envir onment and deploy 2000/ Windows 2003 Ser v er and MetaFr am e. Also Client PrintersWindows dialog, 603 learn t o centr alize application managem ent, r educe soft w ar e controlling access to,desktop, 658–659 on the and mor e. Drivers tab, 599 < ?xm lmanaging version= " 1.0" encoding=from, " I SO- 661 8859- 1" ?> ICA sessions Ta bleserver o f Conand t en tapplication s folders, 659 Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

CME (Clinical Medical Equipment) Corp case study, 280–284 application access, 422,425,426–430 I ntr oduction applications installation, 404–406 Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g bandwidth management hardware, 545 I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter bandwidth 1 - management requirements, 544–546 Enterpr ise business continuity plan, 630–633 Chapter 2 - Window s Ter minal Ser vices business model, 283–284 Chapter 3 - Citr ix MetaFr am e Access Suite computing paradigm, 282–283 Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion corporate campus topology, 282 Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter full Secure 4 Access Center deployment, 522–523 I mplem ent ation global structure, 280–282 Chapter 5 - Ser ver - Based Computing Data Center Architect ure host naming scheme, 548–549 Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing IT plan for business continuity, 633–639 Chapter 7 - The Client Envir onment LAN requirements, 537–544 Chapter 8 520–523 - Security MSAM, Chapter 9 - configuration, Net w or k Managemen t network 551–586 Pa r t network I I I - I m ple m ent ing a n O532–586 n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt infrastructure, Chapter 10 - infrastructure Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment network management, 547–548 Chapter 11 Ser ver Configur ation: Windows Ter m inal Serv ices network naming/addressing/routing, 548–551 Chapter 12 - requirements Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver network definition, 532–551 Chapter network 13 - schematic, Application 281 I nstallation and Configur at ion network requirements, Chapter 14 - security Client Configur ation and546–547 Deploym ent print15environment, 622–623 Chapter - Pr ofiles, Policies, and Pr ocedu res private bandwidth 545 Chapter 16 WAN - Securing Client management, Access private sites, 551–555 Chapter 17 WAN - Net wor k Configur at ion routing Chapter 18 protocols - Pr int in g and methods, 549–551 SBC business case, 284 Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Secure Gateway deployment, 485–487 Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Secure Gateway installation, 490–529 Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 server-side network settings, 583–586 Envir onment ICA clients, Pa r t using I V - Appendi x es 431–432 WAN requirements, 532–537 Appendix A - I nter netw or k ing Basics For ewor d

CME Corp Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Campus module, 577–579 Appendix C - LAN Creating an OnDem and Enterpr ise Subscr iption Billing Model I ndexcore module, 580–583

Internet List of Figur esaccess module, 567–573

Internet Packeteer settings, 572 LAN hardware, 541–543 List of Case Studies network configuration, 566–586 List of Sidebars network configuration diagram, 574 primary Internet connection, 544 private WAN module, 573–577 Private WAN PacketShaper settings, 576 WLAN access module, 579–580 WLAN hardware, 544 WLAN requirements, 542,544 List of Tables

CME-EUR bandwidth management, 546 LAN hardware, Cit540 rix Me t aFra m e Access Su it e fo r W in do w s Ser ver network configuration, 2 00 3 : Th557–558 e O ff icial Guid e network diagram, 558 Kaplan et al. ISBN:0072195665 by Steve Sales VPN WAN 555–557 McGrsites, aw -Hill © 2003 (724 pages) CME-MEX This guide ex plains how to build a r obust, reliable, and scalable thin-546 client com puting envir onment and deploy bandwidth management, Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also LAN hardware, 539 learn t o centr alize application managem ent, r educe soft w ar e network configuration, 558–563 on the desktop, and mor e. network diagram, 559 < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> diagram, 552 TaCME-TNG ble o f Con tsite en t network s

CME-WEST Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide bandwidth management, 545 For ewor d LAN hardware, 540–541 I ntr oduction 563–566 Pa r t network I - Ov er viconfiguration, e w of Ente r pr ise Se r ve r - Ba se d Com put in g network diagram, 564Ser ver -Based Com puting and th e On- Dem and I ntr oducing Sales VPN WANise sites, 555–557 Enterpr

Chapter 1

Chapter 2 - Window CMIP agent, 249 s Ter minal Ser vices Chapter 3 - Citrof, ix MetaFr advantages 249 am e Access Suite Pa r t limitations I I - De signiof, ng 250 a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter CMPM4(Password Manager), 94,358 I mplem ent ation

CO (Central 173 Computing Data Center Architect ure Chapter 5 - Office), Ser ver - Based Chapter 6 - Designing Code sharing, 36,58 Your Netw or k for Ser ver- Based Com put ing Chapter 7 - The Collaboration, 14 Client Envir onment Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Collision domain, 169

COM/DCOM Pa r t I I I - I m pleobjects, m ent ing61 a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Chapter 10 - Pr oj ect Managing265, and 290, Deploying Communication (corporate), 306 an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Communication lines (connectivity), 323 Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Compatibility scripts, 58

Chapter 13 - Application I nstallation and Configur at ion

Complaints, 306 ation and Deploym ent Chapter 14 - handling, Client Configur Chapter Complex 15 hybrid - Pr ofiles, clients, Policies, 196,201 and Pr ocedu res Chapter 16 - testing, Securing407 Client Access Component Chapter 17 - Net wor k Configur at ion

Components, as functional building blocks, 154

Chapter 18 - Pr int in g

Compression tools, 446 Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Computer Group Policy, Chapter 20 Configuration - Migr ation to Window s 2003 465 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Concurrent Chapter 21 - remote users, 426 Envir onment

Conferencing, 9,x695, Pa r t I V - Appendi es 698

Conferencing Manager 14,100–101,358 Appendix A - I nter netw or(MetaFrame), k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Configuration management system, 251–252 Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Configuration security lockout, 209

I ndex

Configuration weaknesses (security), 221

List of Figur es

Conflict resolution (project), 296–297 List of Tables List of Case Studies Connection licenses (MetaFrame), price list for, 101 List of Sidebars

Connection process in an RDP session, 42 Connection security, 209 Connections, troubleshooting, 662–664 Connectivity issues, 145 Connectivity options, ICA, 82–83 Console session (Windows NT), 35

Consultants, hiring for SBC project, 116 Contact information, 319 rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Content filtering, Cit 236–237 2 00 3 : Th e O ff icial Guid e

Contra Costa County, 14 Kaplan et al. by Steve McGr control aw -Hill ©(data 2003 (724 pages)139–140 Cooling and humidity center),

ISBN:0072195665

This Protection, guide ex plains Copy On-Write Page 36 how to build a r obust, reliable, and

scalable thin- client com puting envir onment and deploy

Core LAN switch Windows configuration, 566 Ser v er and MetaFr am e. Also 2000/ 560–563, Windows 2003 learn t o centr alize application managem ent, r educe soft w ar e

Core layer (network design), 154,160,227–228 on the desktop, and mor e. Core module, CME Corp, 580–583

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> configuration, CME Corp, 580–583 TaCore ble o switch f Con t en ts Citr ix MetaFrculture, am e Access for Window s Ser v er 2003—The Official Guide Corporate SBCSuite project and, 112 For ewor d

Corporate data, protection of, 217–218

I ntr oduction

Corporate licensing (of MetaFrame), 102

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Corporate security policy,Ser tasks to develop, 219–220 I ntr oducing ver -Based Com puting and th e On- Dem and Enterpr ise Corporate standards, embracing, 15

Chapter 1 Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Corporation, political assessment of, 289

CoS 178 ng a n Ent e rpr i se SBC Solut ion Pa r t I I tags, - De signi Pr30, epar ing Your Or ganization for an On- Dem and Enterpr ise Cost analysis, 692–695 Chapter 4 I mplem ent ation

Cost of PCs vs. Windows Terminals, 194–195

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Cost savings of SBC, 6–13, Chapter 6 - Designing Your 692–695 Netw or k for Ser ver- Based Com put ing Chapter - The Clientjustifying, Envir onment Cost of7SBC project, 114–115 Chapter 8 - Securitynetwork design for, 152 Cost-effectiveness, Chapter 9 - Net w or k Managemen t

CPUs (central processing units), 334

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

CRM (Customer Resource Management), Chapter 10 - Pr oj ect Managing and Deploying14 an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices CSR (Certificate Signing Request), 493 Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver CSTK (Citrix Server Test Kit), 351–356 Chapter 13 - Application I nstallation and Configur at ion

CSTK user-load simulation, 353–356

Chapter 14 - Client Configur ation and Deploym ent

Ctxappcfg (UNIX), and 382–383 Chapter 15 command - Pr ofiles, Policies, Pr ocedu res Chapter Ctxlicense 16 -command, Securing Client 393 Access Chapter 17 - Net wor k Configur at ion Ctxshutdown command (UNIX), 381–382 Chapter 18 - Pr int in g

Ctxsrv command (UNIX), 381

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Cultural20assessment, Chapter - Migr ation 289 to Window s 2003 and Citr ix MetaFrame XP

Custom application 400 Ongoingoptimization, Administr ation of the Ser v er - Based Com puting

Chapter 21 -

Envir onment

Custom applications, and migration to SBC, 119

Pa r t I V - Appendi x es

Customer 666 Appendix A assistance, - I nter netw or k ing Basics Customer 130,306–307 Appendix B care, - Creating an On- Dem and Enterpr ise Financial Analysis Model during 314 an On- Dem and Enterpr ise Subscr iption Billing Model Appendix C beta, - Creating I ndexduring the pilot, 311 List of Figur es Customer surveys, 667 List of Tables CWC (Citrix Web Console), 85 List of Case Studies List of Sidebars

Index

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

D

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and Daily maintenance activities, 654–656

scalable thin- client com puting envir onment and deploy

Windows 2000/ Windows Daily reports (system management), 2652003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

Data center, 23–26, 132desktop, and mor e. on the bandwidth availability, 142 < ?xm lbandwidth version= " 1.0" encoding= "143 I SO- 8859- 1" ?> management, Ta ble o f Con t en t s cable management, 144 Citr ixcooling MetaFr am Access Suite for Window s Ser v er 2003—The Official Guide ande humidity control, 139–140 For ewor costd estimates, 692–694 I ntr oduction economic savings of, 6 Pa r t environmental I - Ov er vi e w of issues Ente r prof, ise138–141 Se r ve r - Ba se d Com put in g I ntr oducing Ser ver -Based Com puting and th e On- Dem and fire 1suppression, 140 Chapter Enterpr ise geography and location of, 142 Chapter - Window s Ter minal hot 2backup, 634–636, 638 Ser vices Chapter 3 -bandwidth, Citr ix MetaFr am e Access Suite Internet 166 Pa r t Internet I I - De signi ng a n access Ent e rpr imodule, se SBC Solut services 167ion Pr epar ing Your Or ganization for an On- Dem and Enterpr ise legacy 144–145 Chapter 4 hosting, I mplem ent ation network considerations, 142–144 Chapter 5 - Serenterprise, ver - Based Computing Data Center Architect ure on-demand 24 Chapter 6 - Designing Your organizational impact of,Netw 138 or k for Ser ver- Based Com put ing Chapter 7 - security, The Client Envir onment physical 141 Chapter 8 -and Security policies procedures, 127 Chapter power 9 requirements, - Net w or k Managemen 138–139t Pa r t RAS I I I - Imodule, m ple m ent 169 ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt redundant, 26 Managing and Deploying an Enter pr ise SBC Envir onment Chapter 10 - Pr18, oj ect reliability Chapter 11 - of, Ser143 ver Configur ation: Windows Ter m inal Serv ices seismic/weather activity and, Chapter 12 - Ser ver Configur ation:140–141 Citr ix MetaFr am e Presentation Ser ver staff13salaries, 114 I nstallation and Configur at ion Chapter - Application storage, Chapter 14 -304 Client Configur ation and Deploym ent upgrade, 304 Chapter 15 - Pr ofiles, Policies, and Pr ocedu res VPN termination module, 166 Chapter 16 - Securing Client Access VPN WAN access module, 164–167 Chapter 17 - Net wor k Configur at ion

Data center 123,131–146 Chapter 18 - architecture, Pr int in g Chapter Data center 19 - design, Disaster132–146 Recovery and Business Continuity in the SBC Envir onment Chapter 20 - environment, Migr ation to Window Data center 120 s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 - hosting, 136 Data center Envir onment Pa Data r t I Vcompression, - Appendi x es

enabling, 446

Appendix A - I nter netw or k ing Basics Data encapsulation process, 675 Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Data flow, and the OSI model, 673,675–676

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Data integrity, protecting, 217 I ndex Data line procurement, 327 List of Figur es

List of Tables Data link layer (OSI model), 674–675 List of Case Studies

Data migration, 319–320,323–325

List of Sidebars

Data organization, 128 Data protection, 217–218 Data storage, offsite, 144 Data storage estimates, 691 Data Store backing up, 654–655

creating on SQL Server, 360–364 direct or indirect access to, 87 replication of, Cit 87rix Me t aFra m e Access Su it e fo r W in do w s Ser ver storage choices, 2 00359 3 : Th e O ff icial Guid e by 44–46 Steve Kaplan et al. Data transmission,

ISBN:0072195665

McGr aw -Hill © 2003 (724 pages)

Database resumption plan, 635–636

This guide ex plains how to build a r obust, reliable, and

Database Roles list (SQLthinServer), scalable client 364 com puting envir onment and deploy Windows 2000/ Windows Datacenter Edition (Windows 2003), 38 2003 Ser v er and MetaFr am e. Also

learn t o centr alize application managem ent, r educe soft w ar e

DCOM activationon modes, the desktop, 62 and mor e. DCOM compliance, 61–62 " I SO- 8859- 1" ?> < ?xm l version= " 1.0" encoding= TaDCOM ble o f Con t en t s (Distributed Component Object Model), 61 Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide DDNS (Dynamic Domain Name Service), 254

For ewor d

Dead keys (keyboard), 384 I ntr oduction Pa Dell r t I Optiplex - Ov er vi ehybrid w of Ente PC,r pr195 ise Se r ve r - Ba se d Com put in g

I ntrestimates, oducing Ser ver -Based Com puting and th e On- Dem and Demographics 696 Chapter 1 Enterpr ise

Denied2session request, Chapter - Window s Ter182 minal Ser vices

Deployment 327–328 Chapter 3 - challenges, Citr ix MetaFr am e Access Suite Pa r t I I - De signi ng a n306, Ent e319–320 rpr i se SBC Solut ion Deployment guide,

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 - news, publishing, 306 Deployment I mplem ent ation

Design5phase (migration), 643 Chapter - Ser ver - Based Computing Data Center Architect ure Chapter 6 a- network DesigningforYour Netw or k for Ser ver- Based Com put ing Designing SBC, 147–192 Chapter 7 - The Client Envir onment

Desktop application migration, 322

Chapter 8

- Security

Desktop data migration, 324–325 - Net w or k Managemen t

Chapter 9

Desktop Pa r t I I I - I devices m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt configuration of, Managing 320 Chapter 10 - Pr oj ect and Deploying an Enter pr ise SBC Envir onment four11 categories 194 ation: Windows Ter m inal Serv ices Chapter - Ser ver of, Configur Chapter 12lockdown, - Ser ver 202–204, Configur ation: Citr ix MetaFr am e Presentation Ser ver Desktop 264,476 Chapter 13 Application I nstallation Desktop remote diagnostics, 264 and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

DHCP (Dynamic Host Control Protocol), 254

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Dial-up16 access to SBCClient resources, Chapter - Securing Access 168 Chapter Dial-up17 connectivity, - Net wor k 320 Configur at ion Chapter 18 - Pr int inobtaining g Digital certificate, from CA, 492–495 Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Direct dial access, 158,168,227

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Direct dial remote access module, Ongoing Administr ation 168 of the Ser v er - Based Com puting Envir onment Directory Services, 155

Chapter 21 -

Pa r t I V - Appendi x es

Disaster recovery (DR), 17–18,26,133,151,625–639 cost estimates, 694 Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model design,123 Appendix C -providers Creating for, an Onservice 639Dem and Enterpr ise Subscr iption Billing Model Appendix A - I nter netw or k ing Basics

I ndex

Disaster recovery plan, 626

List of Figur es

Disconnect List of Tables timeouts, 50 List Disconnected of Case Studies desktop object, 43 List of Sidebars session, 43 Disconnected

Disconnection process in an RDP session, 44 Discovery views, 273 Distributed event management, MOM 2000, 270 Distributed network, software distribution in, 263 Distributed network diagram, 224

Distributed vs. server-based network usage, 148–149 Distribution layer (network design), 153,161,227 Cit rix Me t aFra m e Access it e fo r W in do w s Ser ver DMTF (Desktop Management Task Force), Su 269 2 00 3 : Th e O ff icial Guid e

DMZ Distribution by Switch 572–573 Steve(6509) Kaplanconfiguration, et al. Dodrill, Wayne, 8,McGr 22 aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and Domain considerations, 55–56

scalable thin- client com puting envir onment and deploy

Domain controller, mixed mode or native 2003 mode, 56 Windows 2000/ Windows Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

Domain DNS, 156 on the desktop, and mor e. Domain model design, 125

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> upgrades, TaDomain ble o f Con t en t s 644–648

Windows NT 3.51 644 s Ser v er 2003—The Official Guide Citr ixfrom MetaFr am e Access Suiteserver, for Window from For ewor d Windows NT 4.0 Server, 645–646 from Windows 2000 Server, 647 I ntr oduction

Pa DoS r t I -(denial-of-service) Ov er vi e w of Ente r pr attacks, ise Se r 684 ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based DOS program keyboard polling, 399 Com puting and th e On- Dem and Chapter 1 Enterpr ise

DOS and application optimization, Chapter 2 16-bit - Window s Ter minal Ser vices 398–400 DOS and Windows programs, 58 Chapter 3 16-bit - Citr ix MetaFr am e Access Suite Pa r t I I VDM - De signi ng a n Ent eMachine), rpr i se SBC36 Solut ion DOS (Virtual DOS

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 utility, DOSKBD 399–400 I mplem ent ation

Downtime/lost productivity estimates, Data 692 Center Architect ure Chapter 5 - Ser ver - Based Computing Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing Driver compatibility, 598–600 Chapter 7

- The Client Envir onment

Chapter 8

- Security

Driver Free Printing (ThinPrint), 619 Driver Mapping dialog, 601 - Net w or k Managemen t

Chapter 9

Drivers (ofmCMC), Pa r t I I I - tab I m ple ent ing 599 a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Chapter Pr oj ect Managing and Deploying Drivers10 tab -(Print Server Properties), 611 an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

DSCP (Differentiated Services Code Point), 178

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

DSL (Digital Subscriber Line), 173–174

Chapter 13 - Application I nstallation and Configur at ion

DSN definition file, Configur 267 Chapter 14 - Client ation and Deploym ent Chapter 15 module - Pr ofiles, Policies,581 and Pr ocedu res Dual core diagram, Chapter 16 - Securing Client Access

Dumb terminal sessions, 32

Chapter 17 - Net wor k Configur at ion

Dumb terminals, 32

Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Index

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

E

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and Easy Licensing (of MetaFrame), 102,387

scalable thin- client com puting envir onment and deploy

Windows 2000/ 4 Windows 2003 Ser v er and MetaFr am e. Also Economic justification for SBC, learn t o centr alize application managem ent, r educe soft w ar e

Economic savings SBC, 6–13 and mor e. onofthe desktop, Electricity, cost of, 9,694 < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaE-mail ble o f Con filtering, t en t s237

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide E-mail servers, 25 For ewor d

Emergency maintenance, 315

I ntr oduction

Employee Pa r t I - Ov erproductivity, vi e w of Ente r9pr ise Se r ve r - Ba se d Com put in g Encryption,-232–234 I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

Enterpr ise

Encryption levels, 49,448–449

Chapter 2

- Window s Ter minal Ser vices

Encryption 232 Chapter 3 -standards, Citr ix MetaFr am e Access Suite Pa Enterprise, r t I I - De signi interconnectivity ng a n Ent e rpr iin, se 148 SBC Solut ion

Pr eparservice, ing Your SLA Or ganization for an On- Dem and Enterpr ise Enterprise backup for, 243–244 Chapter 4 I mplem ent ation

Enterprise edition 2003), 38Data Center Architect ure Chapter 5 - Ser ver(Windows - Based Computing

Enterprise firewall system 231 Chapter 6 - Designing Your(diagram), Netw or k for Ser ver- Based Com put ing Chapter 7 - The Client Envir onment 360–362 Enterprise Manager (SQL Server), Chapter 8 - Security

Enterprise rollout, 318–328

Chapter 9

- Net w or k Managemen t

Enterprise SBC, 4–23.See alsoProject;SBC architecture components, 23–28 Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment steps in planning, 108

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Enterprise tools, 266–277 Chapter 12 SME - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation Environmental benefits of SBC, 18 and Configur at ion Chapter 14 Client Configur ation and Deploym ent Environmental issues of data center, 138–141 Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Equipment, ordering, 303

Chapter 16 - Securing Client Access

Equipment lead time, 303 Chapter 17 -purchase Net wor k Configur at ion Chapter ERP (Enterprise 18 - Pr intResource in g Planning), 14,28 Chapter 19169 - Disaster Recovery and Business Continuity in the SBC Envir onment Ethernet, Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Event correlation (network diagnostics), 259–261

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Event log (auditing), 252 Envir onment

Pa r t I V log - Appendi Event levels,x es 384–385

Appendix A - I nter netw or k ing Basics

Event logging, 252,384–385

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Event management, Appendix C - Creating 272 an On- Dem and Enterpr ise Subscr iption Billing Model Event monitoring, 271 I ndex List of Figur es errors, 656 Event viewer List of Tables

Exchange server, multiuser access to, 59

List of Case Studies

Exchange 2003 migration, 12

List of Sidebars

Executive mandate, 301 Executive sponsor, for SBC project, 114 Executive support, recruiting, 288 Explicit user accounts, 93 Exterior network routing protocols, 551

External Connector (EC) license, 64 External SLAs, 243 Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Index

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

F

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and Failure domain, 154

scalable thin- client com puting envir onment and deploy

2000/ Windows 2003 130 Ser v er and MetaFr am e. Also FAQs (frequentlyWindows asked questions) database, learn t o centr alize application managem ent, r educe soft w ar e

Farm Management, 657–662 on the desktop, and mor e. Farm metric server, 88 < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?>

TaFarm ble o fsettings Con t enfor t s printer configuration, 613–614 Citr ix MetaFr am e170 Access Suite for Window s Ser v er 2003—The Official Guide Fast Ethernet, For ewor d

Fat-client PCs, 70

I ntr oduction

Fault 151 Pa r t I - tolerance, Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g Faxing, 16 - I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise FDDI (Fiber Distributed Data Interface), 171

Chapter 1 Chapter 2

- Window s Ter minal Ser vices

FDQN,3components of, 450 Chapter - Citr ix MetaFr am e Access Suite Pa Feasibility r t I I - De signi committee, ng a n Ent 112–115 e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise FEC adapter Chapter 4 - team, 585 I mplem ent ation

FEC member adapter (general), 585 Data Center Architect ure Chapter 5 - Ser ver - Based Computing

FEC member adapter (link 586 Chapter 6 - Designing Your settings), Netw or k for Ser ver- Based Com put ing Chapter 7 - The Client (power Envir onment FEC member adapter management), 586 Chapter 8 - Security

FEC/GEC, creating, 584–586

Chapter 9

- Net w or k Managemen t

Fees (monthly subscription), 702–705

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

File DSN Name), 267 Chapter 10 (Data - Pr ojSource ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices File security, 60–61 Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

File servers, 24,413

Chapter 13 - Application I nstallation and Configur at ion

File services design, 124

Chapter 14 - Client Configur ation and Deploym ent

FILEMON 61 Policies, and Pr ocedu res Chapter 15 utility, - Pr ofiles, Chapter - Securing Client Access Finley, 16 Sean, 304 Chapter 17 - Net wor k Configur at ion

FIPS 140 (Federal Information Processing Standard), 448,452–453

Chapter 18 - Pr int in g

Fire suppression (data center), 140

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Firewall20configuration Chapter - Migr ation examples to Window s 2003 and Citr ix MetaFrame XP 567–571 CME Corp, Ongoing Administr ation of the Ser v er - Based Com puting CME-EUR, 557onment Envir 558–560 Pa r t CME-MEX, I V - Appendi x es CME-WEST, 565 Appendix A - I nter netw or k ing Basics VPN BWAN site, 555–557 Appendix - Creating an On- Dem and Enterpr ise Financial Analysis Model Chapter 21 -

Appendix - Creating Firewall Crules, 527 an On- Dem and Enterpr ise Subscr iption Billing Model I ndex Firewall security, 95 List of Figur es

Firewall system diagram, 229

List of Tables

Firewalls, List of Case228–232 Studies

connecting List of Sidebars to servers through, 454–455 for SBC, 231–232 types of, 230–231

Firewall/VPN device, 164,166 Financial justification model, 685–699 Costs section, 692–695 Demographics section, 687–689 employee growth rate, 689

Logistics section, 689–692 number of users, 688 remote offices, Cit688–689 rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Report section, 696–699 2 00 3 : Th e O ff icial Guid e salary information, 689Kaplan et al. ISBN:0072195665 by Steve McGr aw -Hill © 2003 Five 9s, network products cited as, (724 532pages) guide ex plains Flex licensing (of This MetaFrame), 102 how to build a r obust, reliable, and

scalable thin- client com puting envir onment and deploy

Forberg, John, 14Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

Forum for feedback, 329 on the desktop, and mor e. FQ (fair queuing), 178

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> 492–493 TaFQDNs, ble o f Con t en t s Citr ix MetaFr am e28, Access Frame Relay, 171 Suite for Window s Ser v er 2003—The Official Guide For ewor d data center connected to, 173 ATM I ntr oduction vs. point-to-point connections, 172 Pa r t for I - Ov er vi e w of Ente r pr553–554 ise Se r ve r - Ba se d Com put in g private WAN sites,

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Framework Chapter 1 - tools, 266 Enterpr ise

Freeman, 198 Chapter 2 Sonya, - Window s Ter minal Ser vices Chapter Full desktop 3 - Citr ix MetaFr am e Access Suite Pa r t vs. I I - published De signi ngapplications, a n Ent e rpr i se201 SBC Solut ion

vs. Seamless Windows, 456 Pr epar ing Your Or ganization for an On- Dem and Enterpr ise -

Chapter 4

I mplem ent ation

Full restoration plan, 638

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Future direction of SBC environment, 329 - Designing Your Netw or k for Ser ver- Based Com put ing FutureLink UniPrint XP Envir Server v2.24, 619 Chapter 7 - The Client onment Chapter 6 Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Index

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

G

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

guide ex plains how to build a r obust, reliable, and Games and otherThis personal programs, eliminating, 15

scalable thin- client com puting envir onment and deploy

Windows unit, 2000/ Windows Gartner Group's Datapro study by, 82003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

Giga Information on Group researchand project, the desktop, mor e.4, 32 Gigabit Ethernet, 170

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaGilbert, ble o f Con Louis, t en t7s Citr ix MetaFr am e Access Ginas, third-party, 617 Suite for Window s Ser v er 2003—The Official Guide For ewor d

Glyph and bitmap caching, 45

I ntr oduction

Government complying Pa r t I - Ov er vi eregulation, w of Ente r pr ise Se r ve rwith, - Ba se18 d Com put in g GPMC (Group I ntr Policy oducing Management Ser ver -Based Console), Com puting 465–467 and th e On- Dem and -

Chapter 1

Enterpr ise

GQoS (MS Generic Quality of Service) API, 178

Chapter 2

- Window s Ter minal Ser vices

Group Policy, 464–466 Chapter 3 - Citr ix MetaFr am e Access Suite

applying to Citrix users group, 471 assigning Pr permissions to, 471 epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 - 470 creating, I mplem ent ation denying Domain Admins group,Data 472 Center Architect ure Chapter 5 - toSer ver - Based Computing different per user, 468–473 Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing processing order, 465 Chapter 7 - The Client Envir onment vs. SMS, 269–270 Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 8

- Security Group Policy Object, loopback processing in, 472–474 Chapter 9 - Net w or k Managemen t

Pa r t I I I -Policy I m pleObject m ent ing a n O n-D e msnap-in, a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Group Editor MMC 464

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Group Policy results, 467

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Growth estimating,689–690 Chapter 13 - Application I nstallation and Configur at ion facilitating,16 Chapter 14 - Client Configur ation and Deploym ent planning for, 110

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

G3 Wireless Internet access, 162

Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Index

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

H

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and Hard drives (Terminal Server), 335–336

scalable thin- client com puting envir onment and deploy

Windows Windows 2003 Hardened location (offsite 2000/ data storage), 144 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

Hardware on the desktop, and mor e. bandwidth management, 545 < ?xm lLAN, version= " 1.0" encoding= " I SO- 8859- 1" ?> 538–543 Ta ble o f Con t en t s network infrastructure management, 548 Citr ixsecurity MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide management, 547 For ewor d 532–533, 535–537 WAN, I ntr oduction WLAN, 544 Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Hardware environment, 120

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

Hardware inventory, 255–256 Enterpr ise

Chapter 2 life - Window s Ter minal 690–691 Ser vices Hardware cycle estimates, Chapter 3 - Citr ix MetaFr am e Access Suite

Hardware list, WAN and security, 536–537

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Hardware products, cited asOrfive 9s, 532for an On- Dem and Enterpr ise Pr epar ing Your ganization I mplem ent ation Headquarters, migrating, 321–322

Chapter 4 Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Health Monitoring views, 273

Help desk calls/personnel estimates, 691 - The Client Envir onment

Chapter 7

Help desk estimates, 694 Chapter 8 cost - Security Chapter 9 delays, - Net w or9k Managemen t Help desk Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Help desk personnel, training, 312

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Help desk staffing, cost of, 8

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Help desk of, 8ation: Citr ix MetaFr am e Presentation Ser ver Chapter 12 support, - Ser ver cost Configur Chapter 13 - Application I nstallation Heterogeneity, managing, 19–20 and Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Hierarchical enterprise design, 153–154

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Hiller, Jonathan, 13

Chapter 16 - Securing Client Access

HKEY_CURRENT_USER, 59–60, Chapter 17 - Net wor k Configur at ion400–401, 403 Chapter 18 - Pr int in g HKEY_LOCAL_MACHINE, 59–60,400,403 Chapter 19Tony, - Disaster Holland, 80 Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Home directory, 464

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Home folder,Envir 464onment

Pa r t I V - Appendi x es

Homogenizing clients, 7

Appendix A - I nter netw or k ing Basics

Host name management, 252–254

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Host naming, common of, Enterpr 253–254 Appendix C - Creating anattributes On- Dem and ise Subscr iption Billing Model I ndex Host naming scheme, 548–549 List of systems, Figur es 25 Host List of Tables

Hot backup data center, 634–636,638

List of Case Studies

Hotofsheet, 265 List Sidebars

Hot site data and database resumption, 635 Hotfixes and updates methodology, 397 HP iPAQ, as client device, 212 HP OpenView, 208,266 HSB (Home State Bank) SBC data center, 135

HTTPS (secure HTTP), 451 Hutter, Rob, 317 rix Me t aFra m e Access Su it e fo r W in do w s Ser ver HVAC evaluation,Cit 140 2 00 3 : Th e O ff icial Guid e

HVAC units, 139 by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages) Hybrid clients, 196, 200–206

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and Hybrid firewalls, 231

scalable thin- client com puting envir onment and deploy

Hybrid mode, 110Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

Hybrid user profiles, 204 on the desktop, and mor e.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Index

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

I

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and IBM NetStation, 207

scalable thin- client com puting envir onment and deploy

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also ICA client environment, 82–85 learn t o centr alize application managem ent, r educe soft w ar e

ICA client for hybrids, 205–206 on the desktop, and mor e. ICA client for MacOS, 206, 441–442 < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?>

TaICA ble o client f Conoptions t en t s for application access, 422–442 Citr ix client MetaFrprinter am e Access Suite for 603 Window s Ser v er 2003—The Official Guide ICA configuration, For ewor d

ICA client settings (Web Interface), 505–510

I ntr oduction

ICA Windows, Pa r t I client - Ov er7.00 vi e w for of Ente r pr ise 198 Se r ve r - Ba se d Com put in g ICA client for I UNIX ntr oducing and Linux, Ser ver383–384, -Based Com 441 puting and th e On- Dem and -

Chapter 1

Enterpr ise

ICA Client Update Configuration utility, 456

Chapter 2

- Window s Ter minal Ser vices

ICA clients Chapter 3 - Citr ix MetaFr am e Access Suite

configuring for SSL and TLS, 450–451 distribution of, 205 Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 drive - and COM port mapping, 455 local I mplem ent ation locking 455 Chapter 5 -down, Ser ver - Based Computing Data Center Architect ure on a PC vs. a Windows 209Ser ver- Based Com put ing Chapter 6 - Designing Your terminal, Netw or k for performance optimization of, 442–447 Chapter 7 - The Client Envir onment published to the Desktop, 202 Chapter 8 - Security vs. RDP clients, 431–432 Chapter 9 - Net w or k Managemen t security on, 447–456 Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

ICA COM redirection, 206 Chapter 10 and - PrLPT oj ect port Managing and Deploying an Enter pr ise SBC Envir onment Chapter ICA compression, 11 - Ser ver446 Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver ICA connectivity, 82–83, 442–447 Chapter 13 - Application I nstallation and Configur at ion

ICA desktop, 82–84

Chapter 14 - Client Configur ation and Deploym ent

ICA (Independent Computing Architecture), Chapter 15 - Pr ofiles, Policies, and Pr ocedu res 79–85 ICA Java packages, Chapter 16 Client - Securing Client 508 Access Chapter 17 - Net wor k Configur at ion ICA Passthrough client, 202,375 Chapter 18 - Pr int in g

ICA Presentation Services protocol, 80–81

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

ICA sessions, managing from the CMC, 661

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

ICA Win32 clients Ongoing Administr ation of the Ser v er - Based Com puting Envir onment ICA Win32 Web client Pa r t I V - Appendi x es installing,427–428 Appendix A - I nter netw or k ing429 Basics vs. minimal installation, Appendix B Creating an OnDem and Enterpr ise Financial Analysis Model with Secure Gateway, 448–450 Appendix C Creating an OnDem and Enterpr ise Subscr iption Billing Model silent user installation, 427 Chapter 21 -

I ndex

ICMP messages, 684

List of Figur es

ICMP types and codes, 683

List of Tables

Idleofsession, 41 List Case Studies List Sidebarsnumbers, increasing, 42 Idleofsession

IDS (Intrusion Detection System), 158,236 IETF (Internet Engineering Taskforce), 448 IIS, cache-control HTTP header, 447 IM (Installation Manager), 89,412–418 IM Packager, 417

IMA (Independent Management Architecture), 87,665–666 IMA data store, 87 IMA protocol, 87 Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

IMA service, 87 by Steve Kaplan et al. Image display, 45McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and Imaging (cloning), 345–346

scalable thin- client com puting envir onment and deploy

Imaging software,Windows 348–349, 413Windows 2003 Ser v er and MetaFr am e. Also 2000/ learn t o centr alize application managem ent, r educe soft w ar e

Implementation cost vs. risk (graph), 221 on the desktop, and mor e. Implementation phase (migration), 644

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaImplementation ble o f Con t en t steams (migration), 325–326 Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide Inactivity timeouts, 50–51 For ewor d

Incremental rules (load evaluator), 91

I ntr oduction

Industry trends, and On-Demand Enterprise, 18–20

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Information security, 18 Ser ver -Based Com puting and th e On- Dem and I ntr oducing Enterpr ise Infrastructure assessment, 118–122,294,315–317

Chapter 1 Chapter 2

- Window s Ter minal Ser vices

Infrastructure design (network), 159–185 - Citr ix MetaFr am e Access Suite connecting modules, 168–185 Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion media selection, 168–175 Chapter 3

Chapter 4

-

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

InfrastructureI mplem upgrades, ent ation 303–305

Chapter 5 - Ser ver - Based Computing Data Center Architect ure Install Scripts, 403 Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Intellectual property theft, preventing, 15

Chapter 7

- The Client Envir onment Intelligent Chapter 8 encoding, - Security 45

Interconnectivity enterprise,t 148 Chapter 9 - Net winorthe k Managemen Pa r t I I I - application I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Internal support, 120

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Internal cost of capital, 689

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Internal12network addressing scheme, 550 Chapter - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Internal13network routingIprotocols, Chapter - Application nstallation 549–550 and Configur at ion Chapter - Client Internal14SLAs, 243 Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Internet, as a redundant network, 143–144

Chapter 16 - Securing Client Access

Internet access, remote user, 167–168

Chapter 17 - Net wor k Configur at ion

Internet18access module, CME Corp, 567–573 Chapter - Pr int in g Chapter - Disaster Recovery and Business Continuity in the SBC Envir onment Internet19access security exposures, 227 Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Internet bandwidth, data center, 166

Ongoing Administr ation of the Ser v er - Based Com puting Chapter Internet21connection bandwidth management, 544 Envir onment Pa r t I V - Appendi x es License, Internet Connector

64

Appendix A - I nter netw or k ing Basics

Internet MSAM deployment security requirements, 527–528

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Internet Packeteer settings, 572

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Internet router configuration, 564–565,567 I ndex List of Figur es Internet services access module (data center), 167 List of Tables Internetworking basics, 671–684 List of Case Studies

Inventory of hardware and software, 255–256

List of Sidebars

IP address allocations, 678 IP address classes, 679 IP address management, 252–254 IP address survey, 302 IP addressing, 678–680 IP addressing mask, 679–680

IP addressing scheme, 253,320 IP application layer, 676 Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

IP (Internet Protocol), 2 00 3 676–684 : Th e O ff icial Guid e IP link layer, 678 by Steve Kaplan et al.

ISBN:0072195665

McGr aw -Hill © 2003 (724 pages)

IP network layer, 677

This guide ex plains how to build a r obust, reliable, and

IP protocol stack,scalable 676–678 thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also IP protocols and ports, 680–684

learn t o centr alize application managem ent, r educe soft w ar e

IP subnetting, 154 on the desktop, and mor e.

IP transport 677 < ?xm l version=layer, " 1.0" encoding= " I SO- 8859- 1" ?> TaIPSec ble o f (Internet Con t en t sProtocol Security), 164, 233 Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

IPSec overhead of VPN connectivity, 164

For ewor d

ISDN BRI, 173–174

I ntr oduction

ISDN Digital 172–173 Pa r t I - (Integrated Ov er vi e w ofServices Ente r pr ise Se r veNetwork), r - Ba se d Com put in g I ntr oducing Ser ver -Based Com puting and th e On- Dem and ISDN PRI, Chapter 1 -172, 174 Enterpr ise

ISP (Internet Service Provider) NOC, 250 - Window s Ter minal Ser vices

Chapter 2

ISVs (independent software 22 Chapter 3 - Citr ix MetaFr am evendors), Access Suite Pa I I - De signi ng a n Ent e rprdepartment i se SBC Solut ion ITr t(information technology)

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise budgetary Chapter 4 - concerns, 292 complexityI mplem of, 19ent ation Chapter 5 - Ser ver Computing Data Center Architect ure consolidation of,- Based 19 Chapter cost6 of, -6 Designing Your Netw or k for Ser ver- Based Com put ing Chapter 7 - of, The17Client Envir onment flexibility Chapter 8 - Security perception of central, 291–292 Chapter 9 - Net wtreated or k Managemen t IT management, as a business entity, 666 Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

IT plan for business continuity, 633–639

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

IT service and,ation: 255 Windows Ter m inal Serv ices Chapter 11 quality, - Ser verSLAs Configur Chapter IT staff 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter as part 13 of - Application pilot program, I nstallation 111 and Configur at ion

assessment of, Configur 288–289ation and Deploym ent Chapter 14 - Client requirements for SBC, 113–114 Chapter 15 - Pr ofiles, Policies, and Pr ocedu res salaries 114 Client Access Chapter 16 - of, Securing savings reductions in,at698 Chapter 17 -from Net wor k Configur ion

sharing with users and management, 264 Chapter 18 -information Pr int in g

skill levels of, 289 threat of job loss, 290 Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP training,289 Ongoing Administr ation of the Ser v er - Based Com puting Chapter user21support from, 666 Envir onment

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Pa ITU r t I T.120 V - Appendi protocol, x es

33

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Index

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

J

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy 2000/ Windows 2003 Ser v er and MetaFr am e. Also Java applications,Windows 104 learn t o centr alize application managem ent, r educe soft w ar e Java client, 206,430, 508–509 on the desktop, and mor e.

Java,209

FR-3 enhancements to, 428

< ?xm lprinter version= " 1.0" encoding= " I SO- 8859- 1" ?> auto-creation, 604–605 Ta ble o f Con t en t s

JIT (Just In Time) manufacturing, 520

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Job process (application packaging), 415–416 For ewor d I ntr oduction JVM (Java Virtual Machine), 104,209,430 Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Index

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

K

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and Kernel address space, in TSE, 34

scalable thin- client com puting envir onment and deploy

Windows 298 2000/ Windows 2003 Ser v er and MetaFr am e. Also Key milestones (project), learn t o centr alize application managem ent, r educe soft w ar e

Keyboard supporton(UNIX), 383–384 the desktop, and mor e. Keystrokes, queuing, 446–447 < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Index

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

L

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

guide ex plains how to build a r obust, reliable, and Lackey, Anthony,This 29,114, 127,136,286

scalable thin- client com puting envir onment and deploy

LAN access, 157Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

LAN access module, 161–162 on the desktop, and mor e. LAN access security exposures, 226 < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?>

TaLAN ble oaccess/distribution f Con t en t s module (campus), 577–579 Citr ix MetaFr am e Access Suite for configuration, Window s Ser v er 2003—The Official Guide LAN access/distribution switch 578–579 For ewor d

LAN device layers, 676

I ntr oduction

LAN point, Pa r t I -distribution Ov er vi e w of Ente161 r pr ise Se r ve r - Ba se d Com put in g LAN hardware I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise CME Corp, 541–543 Chapter 2 - Window CME-EUR, 540 s Ter minal Ser vices Chapter 3 - Citr ix MetaFr am e Access Suite CME-MEX, 539 Pa r t CME-WEST, I I - De signi ng540–541 a n Ent e rpr i se SBC Solut ion current, 538–539 Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 I mplem sales office, 539 ent ation Chapter 1

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

LAN media selection, 168–171

LAN requirements, 537–544 - The Client Envir onment

Chapter 7

LAN survey, Chapter 8 - 301–302 Security Chapter 9 - LAN Net w or k Managemen LANE (ATM Emulation), 171t Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Laptops,26–27 expense of, 7,696 Chapter 11for, - Ser need 7 ver Configur ation: Windows Ter m inal Serv ices

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Large business network design, 188,190–192

Chapter 13 - Application I nstallation and Configur at ion

Latency, Chapter 14443–444 - Client Configur ation and Deploym ent Chapter Latency15protection - Pr ofiles, (SpeedScreen), Policies, and Pr ocedu 444–446 res Chapter Securing ICA Client Access Latency16on- WWANs, connections for, 442–447 Chapter 17 - Net wor k Configur at ion

Layer 1 LAN device, 676

Chapter 18 - Pr int in g

Layer 219CoS and queuing, 178and Business Continuity in the SBC Envir onment Chapter - Disaster Recovery Layer 220cut-through switching, 160 Chapter - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Layer 221LAN Chapter - device, 676 Envir onment

Layer LAN device, Pa rt I V 3 - Appendi x es

676

Layer 3 A QoS queuing, 178–179 Appendix - Iand nter netw or k ing Basics Appendix - Creating an On- Dem Layer 3 B switched backbone, 160and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Layer 3 switches, 161

I ndex

Layer 3 TCP/IP switching, 160

List of Figur es

Layered security hierarchy, 546 List of Tables List of Case Studies Directory Access Protocol), 155 LDAP (Lightweight List of Sidebars

LEC (local exchange carrier), 136

Legacy hosting (data center), 144–145 Legacy LAN support, 156–157 Legacy servers, accessing across the WAN, 316 Legacy systems, sunset period for, 146 Lexmark Z2 print driver, 618

Liability, protection from, 218 License codes, 388 License keys, 388Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

License number and serialKaplan number, 388 by Steve et al.

ISBN:0072195665

McGr aw -Hill © 2003 (724 pages) License pooling, 393–394 This guide419 ex plains how to build a r obust, reliable, and Licensing of applications,

scalable thin- client com puting envir onment and deploy

Licensing (Citrix),Windows 101–102, 386–394 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn centr alize application managem ent, r educe soft w ar e delivery options for,t o102 onvs. thestandard desktop, retail, and mor e. Easy Licensing 387 list for MetaFrame, < ?xm lprice version= " 1.0" encoding= 101 " I SO- 8859- 1" ?> Ta blestarter o f Conpack t en t svs. concurrent license pack, 387 388–391 Citr ixtechnical MetaFr amaspects e Accessof, Suite for Window s Ser v er 2003—The Official Guide For ewor d considerations of upgrades, 651–652 Licensing I ntr oduction

Licensing server, 651–652

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Licensing (Windows), 62–65

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter and1Terminal Services execution modes, 63–65 Enterpr ise

Windows 2000, 63–64 Chapter 2 - Window s Ter minal Ser vices

Windows Server 2003,am37, 64–65 Suite Chapter 3 - Citr ix MetaFr e Access Pa LineTo() r t I I - Decommand, signi ng a n 45 Ent e rpr i se SBC Solut ion

Pr epar Link layer 678 ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 (IP), I mplem ent ation

Linux ICA 206, 425,Computing 441 Chapter 5 clients, - Ser ver - Based Data Center Architect ure

LLQ (low queuing), Chapter 6 latency - Designing Your 179 Netw or k for Ser ver- Based Com put ing Chapter 7 - The Client Envir onment Load Management (MetaFrame XP), 89–91 Chapter - Security load8 evaluator rules, 90 Chapter 9 - Citrix Net w or k Managemen in mixed environment, 91t Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Load manager (Presentation Server), 23

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

LoadRunner,349

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Local browsing, 209Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 12 - Ser ver Chapter 13 -backup, Application I nstallation and at ion Local data eliminating need for,Configur 9 Chapter 14 - Client Configurwith, ation128 and Deploym ent Local devices, integration Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Local file sharing, 316

Chapter 16 - Securing Client Access

Local legacy system 315–316 Chapter 17 - Net wor k access, Configur at ion Chapter Local Mapping, 18 - Pr int 455 in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Local peripherals, 206 Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Local printers, 590,592,608–610

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Local profiles, 458onment Envir

Pa r t I V resources, - Appendi x es Local limiting

access to, 477–480

Appendix A - I nter netw or k ing Basics

Local Text Echo, 445

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Local user Appendix C -accounts, Creating 93 an On- Dem and Enterpr ise Subscr iption Billing Model Locations database, 321 I ndex List of Figur es an application, 419 Locking down List of Tables

Locking down desktops, 113,202–204,264,476

List of Case Studies

Locking down the ICA client, 455

List of Sidebars

Logging (for troubleshooting), 152 Logon scripts, 124,403 Logons, enabling or disabling, 660–661 Lotus Notes users, migrating from R4 to R5, 8 Lowber, Peter, 8

L2TP (Layer 2 Tunneling Protocol), 233 Lucent Portmaster, 168 Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Index

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

M

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and Macintosh ICA client, 206,430,441–442,604

scalable thin- client com puting envir onment and deploy

2000/ Windows 2003 MACS (MicrosoftWindows Audit Collection System), 236Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

Madden, Brian S.,on353 the desktop, and mor e. Mainframe computing, vs. SBC, 5 < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaMainframe ble o f Con tshop en t s mentality, 121

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide Maintenance For ewor costd of, 6,8 I ntr oduction emergency,315 Pa r t unscheduled I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g nonemergency, 314

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter Maintenance 1 - activities, scheduled, 654–657 Enterpr ise

Maintenance window, 314minal Ser vices Chapter 2 - Window s Ter Chapter 3 - Citr ix MetaFr am e Access Suite MAN (Metropolitan Area Network) backbone, 171 Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Manageability, network design for, 151–152

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 MetaFrame Managed I mplem entserver, ation 273 Chapter 5 - Ser ver - Based Computing Data Center Architect ure Management, introducing SBC to, 290 Chapter 6 - Designing Your 258 Netw or k for Ser ver- Based Com put ing Management by exception, Chapter 7 - The Client Envir onment

Management meetings, 291

Chapter 8

- Security

Management reporting, 264–266t Chapter 9 - Net w or k Managemen Pa r t I I I - I m ple support m ent ing for a n the O n-D e m a nd 114 Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Management project,

Chapter 10 -assessing Pr oj ect Managing and Deployingof, an289 Enter pr ise SBC Envir onment Managers, cultural environment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Mandatory roaming profiles, 459–460

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Manufacturer support contracts, 120 Chapter 13 - Application I nstallation and Configur at ion Chapter Manufacturer-supplied 14 - Client Configur software, ation and 208Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Mass deployment of applications, 412 Chapter 16 - Securing Client Access

Maxspeed Maxterm, 207

Chapter 17 - Net wor k Configur at ion

Measurement Chapter 18 - Prtools int in gat milestones, 307 Media selection (infrastructure), 168–175 Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to network Window sdesign, 2003 and Citr ix MetaFrame XP Medium-sized business 186–190 Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 clearing, Memory, 61 Envir onment

Memory leaks, preventing, Pa r t I V - Appendi x es

61

Appendix - I nter netw or k ing334–335 Basics MemoryA(Terminal Server), Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Memory utilization, 61

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Messaging,16,245–250

I ndex

Messaging List of Figur esstandards, 245–250 List of Tables MetaFrame List of Case Studies evolution of, 70–79 List of Terminal SidebarsServices and, 72–73

MetaFrame Access Suite, 23,67–104 software products, 68 Terminal Services enhancements, 68–69 MetaFrame licensing, 101–102 MetaFrame 1.0/1.8, 72 MetaFrame Presentation Center for UNIX, 103–104

MetaFrame for UNIX, 103–104,374–386 Euro currency symbol support, 376 event logging,Cit 384–385 rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e 376 O ff icial Guid e hardware requirements, ISBN:0072195665 ICA client keyboard by Steve support, Kaplan 383–384 et al. installation,377–386 McGr aw -Hill © 2003 (724 pages) installation onThis Solaris, guide378–381 ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy license pooling, 393–394 Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also minimum machine specs, 375 learn t o centr alize application managem ent, r educe soft w ar e OS patches, 376 on the desktop, and mor e. OS requirements, 376–377 < ?xm lwith version= 1.0" encoding= " I SO- 8859- 1" ?> other" Citrix servers, 375 Ta blestarting o f Con tand en t sstopping, 381 Citr ixsystem MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide requirements, 375–377 For ewor d version 1.2 configuration, 385–386 I ntr oduction version 1.2 licensing, 392–394 Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

MetaFrame for UNIX application, publishing, 381–383

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 - views, 273–275 MetaFrame Enterpr ise Chapter 2 - Web Window s Ter minal vices MetaFrame Interface. SeeSer Web Interface for MetaFrame Chapter 3 - XP, Citr ix MetaFr am e Access Suite MetaFrame 359–374 Pa r t as I I -aDe signi ng a n Ent e access rpr i se SBC Solut96–98 ion Web application center,

Pr epar ing Your Or ganization auto-created client printing, 594–597 for an On- Dem and Enterpr ise Chapter 4 I mplem ent ation

auto-replication,612–613 - Ser ver - Based Computing Data Center Architect ure installation/upgrade requirements, 364–365 Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing introduction to, 73–79 Chapter 7 - The Client Envir85–91 onment management features, Chapter 8 mode - Security mixed operation, 650–651 Chapter 9 - Net w or k Managemen t preinstallation tasks, 365 Pa r t preparing I I I - I m plethe m ent ing store, a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt data 359–364 Chapter - Pr oj ect Managing print10architecture, 589–590and Deploying an Enter pr ise SBC Envir onment Chapter reasons 11 - to Ser use, ver 358–359 Configur ation: Windows Ter m inal Serv ices upgrading to,ver 649–652 Chapter 12 - Ser Configur ation: Citr ix MetaFr am e Presentation Ser ver upgrading to from MetaFrame Chapter 13 - Application I nstallation1.8, and 649–650 Configur at ion upgrading to from TSE and Chapter 14 - Client Configur ationMetaFrame and Deploym1.8, ent 649 upgrading fromPolicies, Windows 2000 andres MetaFrame 1.8, 649–651 Chapter 15 - Prto ofiles, and Pr ocedu versions 73 Chapter 16 - of, Securing Client Access Chapter 5

MetaFrame (FeatureatRelease 3),73 Chapter 17 - XP Net FR-3 wor k Configur ion feature Chapter 18 -grid, Pr int74–79 in g ICA19 client comparison, 423–424 Chapter - Disaster Recovery and Business Continuity in the SBC Envir onment installation of,ation 365–374 Chapter 20 - Migr to Window s 2003 and Citr ix MetaFrame XP

licensing,386–391 Ongoing Administr ation of the Ser v er - Based Com puting Envir onment purchasing, 387–388 MetaFrame XP licenses,

Chapter 21 -

Pa r t I V - Appendi x es

MetaFrame XP Management Pack plug-in, 271–272

Appendix A - I nter netw or k ing Basics

MetaFrame Presentation Server. SeeMetaFrame XPAnalysis Model Appendix B - XP Creating an On- Dem and Enterpr ise Financial MetaFrame Presentation Server 23 Appendix C - XP Creating an On- Dem and farm, Enterpr ise Subscr iption Billing Model I ndex MetaFrame XP Provider, 271,275–277 List of Figur es

MetaFrame XP servers configuration, 357–394 List of Case Studies grouping of, 659 List of Sidebars separate OU for, 469–470 List of Tables

MetaFrame XP server, 271,273 Metric states (farm metric server), 88 Metrics design, 127 MIB hierarchy (diagram), 247 MIB (management information base), 246–248

MIB II (SNMP), 248 Microsoft, and Citrix, 22–23 Cit rix Me t aFra Microsoft BackOffice suite, 269 m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Microsoft LicensebyClearing House, Steve Kaplan et 63 al.

ISBN:0072195665

McGr aw Microsoft NetMeeting, 33-Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and Microsoft Office 2003, 13–14

scalable thin- client com puting envir onment and deploy

Microsoft Office XP Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t oof, centr 476alize application managem ent, r educe soft w ar e eliminating features on the desktop, and mor e. installation,405–406 for IM deployment, 417–418 < ?xm lpackaging version= " 1.0" encoding= " I SO- 88591" ?> TaMicrosoft ble o f Con t en t s operating system native drivers, 609 Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Microsoft SMS, 205

For ewor d

Microsoft I ntr oductionSoftware Update Service, 262 Pa Microsoft r t I - Ov er SQL vi e wServer, of Ente installation r pr ise Se r veand r - Basetup, se d Com 359–360 put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Microsoft Services. See Terminal Services Chapter 1 Terminal Enterpr ise

Microsoft Server, Chapter 2 Virtual - Window s Ter111 minal Ser vices

Microsoft Installer Chapter 3 Windows - Citr ix MetaFr am eService Access 2.0, Suiteinstalling, 365 Pa r t I I - management, De signi ng a n Ent e rpr i se SBC Solut Middle introducing SBC to,ion 290

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 headquarters, Migrating 321–322 I mplem ent ation

Migrating users from R4 Data to R5, 8 Chapter 5 Lotus - Ser Notes ver - Based Computing Center Architect ure Chapter 6 to- Windows Designing Server Your Netw or korfor Ser verMigrating 2000 2003, 56 Based Com put ing Chapter 7 - The Client Envir onment

Migration cost estimates, 695–696

Chapter 8

- Security

Migration databases, creating, 321 - Net w or k Managemen t

Chapter 9

Migration 319–320 Pa r t I I I - I missues, ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Chapter 10 of- server Pr oj ectdata, Managing Migration 325 and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Migration teams (remote office), 325–326

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Migration to SBC. SeeProject

Chapter 13 - Application I nstallation and Configur at ion

Migration 2003 and ation MetaFrame XP, 641–652 Chapter 14 to- Win Client Configur and Deploym ent Chapter 15 - measurement Pr ofiles, Policies, andat, Pr 307 ocedu res Milestones, tools Chapter 16 - Securing Client Access

Miller, Michael P., 73

Chapter 17 - Net wor k Configur at ion

Mission-critical applications, prioritizing, 177

Chapter 18 - Pr int in g

Mixed mode domain controller, 56 Business Continuity in the SBC Envir onment Chapter 19 - Disaster Recovery and Chapter 20 - Migr ation toMetaFrame Window s 2003 Citr ix MetaFrame XP Mixed mode operation, XP, and 650–651 Ongoing Administr ation of the Ser v er - Based Com puting Mlicense 388–391 Chapter 21 utility, Envir onment

Mlicense activate command, Pa r t I V - Appendi x es

389

Appendix - I nterand netw or k ing Basics390–391 MlicenseA syntax parameters, Appendix B - Creating an OnDem and 85 Enterpr ise Financial Analysis Model MMC (Microsoft Manager Console), Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

MMS (MS Metadirectory Services), 155

I ndex

Mobile hybrid List of Figur es clients, 201 List Mobile of Tables user client type, 196 List of Casebuilding Studiesblocks (network design), 159–168 Modular List of Sidebars

Modular component design, 148

Modularity (network design), 154 MOM (Microsoft Operations Manager), 270–277 Administrator Console, 272 MetaFrame views in, 273,275 and MetaFrame XP Management Pack, 271 WMI consumer, 276

Monitoring and messaging, 256–258 Monthly maintenance activities, 657 Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Monthly subscription fees, 702–705 2 00 3 : Th e O ff icial Guid e account change, 704 ISBN:0072195665 by Steve Kaplan et al. basic office, 703 McGr aw -Hill © 2003 (724 pages) basic user, 702–703 This guide ex plains how to build a r obust, reliable, and extra office, 704 scalable thin- client com puting envir onment and deploy extra user, 703–704 Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

Moore's Law, 19 learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Mouse Click Feedback, 445

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> movements and keystrokes, queuing, 446–447 TaMouse ble o f Con t en t s

Moving average vs. high threshold (loads evaluator), 90–91 Official Guide Citr ix MetaFr am e Access Suite for Window Ser v er 2003—The For ewor d average (load evaluator), 90 Moving I ntr oduction

MPPE (Microsoft Point-to-Point Encryption), 233

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

MSAM (MetaFrame Secure Access 98, 265, I ntr oducing Ser ver -BasedManager), Com puting and th 518–521 e On- Dem and Chapter 1 case - study, 520–523 CME Enterpr ise deployment requirements, 524–529 Chapter 2 - Window s Ter minal 521, Ser vices designing for ixenterprise Chapter 3 - Citr MetaFr amdeployment, e Access Suite528–529 Pa r t environment I I - De signi ngscaling, a n Ent e528–529 rpr i se SBC Solut ion

Internet deployment security requirements, 527–528 Pr epar ing Your Or ganization for an OnDem and Enterpr ise Chapter 4 vs. MetaFrame ICA, 518–520 I mplem ent ation minimum hardware specs, 524–527 Chapter 5 - Ser ver - Based Computing Data Center Architect ure portal screenshot, Chapter 6 page - Designing Your 99 Netw or k for Ser ver- Based Com put ing services, Chapter 7 - 524–527 The Client Envir onment

MSI (Windows Installer) package, 46 Chapter 8 - Security Chapter 9 - Net Transform w or k Managemen t MST (Microsoft file), 404 Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Multimedia, in applications, 398

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Multiple11keyboards, with Seamless Windows, Chapter - Ser ver Configur ation: Windows Ter84 m inal Serv ices

Multisession environment, single-session applications in, 56 Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13network - Application I nstallation and Configur at ion Multisite monitoring (diagram), 259 Chapter 14 - Client Configur ation and Deploym ent

Multithreading (application), 398

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Multiuser application issues, 58

Chapter 16 - Securing Client Access

Multiuser Chapter 17 environment - Net wor k Configur at ion application Chapter 18 - Pr failure int in g in, 57 use19 of the Registry, 59 Chapter - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter Multiuser 20 Windows - Migr ation application to Window execution, s 2003 and 35Citr ix MetaFrame XP OngoingWindows), Administr ation of 70–72 the Ser v er - Based Com puting MultiWin 33,35, Chapter 21(multiuser Envir onment Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Index

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

N

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy 2000/ Windows 2003 Ser v er and MetaFr am e. Also Name resolution,Windows 156 learn t o centr alize application managem ent, r educe soft w ar e Naming practices, on253–254 the desktop, and mor e.

NAEIR,200

NAS (network attached storage) devices, 6,24–25

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaNAT ble o(network f Con t en address ts translation), 678

Citr ix MetaFr amdomain e Accesscontroller, Suite for Window s Ser v er 2003—The Official Guide Native mode 56 For ewor d

NBAR (Network Based Application Recognition), 179

I ntr oduction

NDS enabling, Pa r t I -Logon Ov er viSupport, e w of Ente r pr ise Se 454 r ve r - Ba se d Com put in g NDS (Novell IDirectory ntr oducingServices), Ser ver -Based 155,454 Com puting and th e On- Dem and -

Chapter 1

Enterpr ise

Negative monitoring, 258

Chapter 2

- Window s Ter minal Ser vices

Neoware and Eon,am 207 Chapter 3 Capio - Citr ix MetaFr e Access Suite Pa NetMeeting r t I I - De signi (MS), ng a33 n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise NETMON 258 Chapter 4 program, I mplem ent ation

Network Chapter 5 administrators - Ser ver - Based Computing Data Center Architect ure

estimating the number needed, 691 - Designing Your Netw or k for Ser ver- Based Com put ing need for skilled, 114

Chapter 6 Chapter 7

- The Client Envir onment Network Chapter 8 architecture, - Security 121–122 Chapter 9 backbone - Net w or design, k Managemen Network 124 t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Network backbone upgrade, 304

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Network bandwidth, planning, 175–185

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Network tools,ation: 446 Citr ix MetaFr am e Presentation Ser ver Chapter 12compression - Ser ver Configur Chapter 13configuration, - Application 531–586 I nstallation and Configur at ion Network Chapter 14design - Client Configur ation and Deploym ent Network principles, 153–154 Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Network design process goal areas, 153

Chapter 16 - Securing Client Access

Network for SBC, 126–127, Chapter 17design - Net wor k Configur at ion 147–192 auditability, Chapter 18 - Pr152 int in g

connecting the modules, 168–185 cost-effectiveness,152 Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP high-level goals of, 148–152 Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 infrastructure Envirdesign, onment 153–154, 159–185 symbols, Pa r t logical I V - Appendi x es 159 manageability,151–152 Appendix A - I nter netw or k ing Basics resiliency, 150–151 Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model sample networks, 186–192 Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model scalability,150 I ndex speed,150 List of Figur es top-down view of, 148

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

List of Tables

Network diagnostics data collation, 258–260 List of Sidebars event correlation, 259–261 List of Case Studies

Network discovery, 255–256 Network faxing, 16 Network layer (IP), 677 Network layer (OSI model), 674 Network Load Balancing (MS), 358

Network management, 13,241–277 Network Manager, 266 Cit rix t aFra m e Access Su it e fo r W in do w s Ser ver Network monitoring andMe tracing, 258–259 2 00 3 : Th e O ff icial Guid e

Network naming/addressing/routing, by Steve Kaplan et al.548–551

ISBN:0072195665

McGr aw -Hill © 2003 (724304 pages) Network operating system upgrades, This importing, guide ex plains Network print server, 605how to build a r obust, reliable, and

scalable thin- client com puting envir onment and deploy

Network printer auto-creation, configuring, 606–607 Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

Network printer ICA, 593 on the desktop, and mor e. Network printer SMB, 594

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> printers, TaNetwork ble o f Con t en t s 590, 593–594, 605–607 Citr ix MetaFr am e Access for 9s, Window Network products, citedSuite as five 532 s Ser v er 2003—The Official Guide For ewor d

Network redundancy, 143–144

I ntr oduction

Network requirements definition, 532–551

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Network resources, protecting, 217–218 I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise Network security Chapter 2 - Window definitions of, 216s Ter minal Ser vices Chapter 3 158 - Citr ix MetaFr am e Access Suite design, Pa r t requirements, I I - De signi ng 546–547 a n Ent e rpr i se SBC Solut ion Chapter 1

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 topologies, Network 12,ation 145 I mplem ent

Network of, 177 Data Center Architect ure Chapter 5 traffic, - Serclassification ver - Based Computing Chapter 6 unreliability, - Designing20–21 Your Netw or k for Ser ver- Based Com put ing Network Chapter 7 - The Client Envir onment

NFuse Classic, 96,210

Chapter 8

- Security

NFuse Elite, 518 - Net w or k Managemen t Nickols, 117 Pa r t I I I - IFred, m ple m ent ing a n O n-D e m a nd Chapter 9

Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment NICs (network interface cards), 335 Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

NLB (Network Load Balancing), 42

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

NM (Network Manager), 88–89

Chapter 13 - Application I nstallation and Configur at ion

NMS (network management system), 242 ent Chapter 14 - Client Configur ation and Deploym Chapter 15 - Pr ofiles, Policies, and Pr ocedu NOC (Network Operations Center), 250 res Chapter 16 - Securing Client Access

Non-production pilot program, 109

Chapter 17 - Net wor k Configur at ion

Nonstandard systems, 145–146

Chapter 18 - Pr int in g

Non-Windows client design, 128 Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation Novell eDirectory, 155to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting NTuser.dat, Chapter 21 - 458 Envir onment

Ntvdm Virtual Pa r t I V - (NT Appendi x esDos

Machine), 398

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Index

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

O

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and ODBC (Open Database Connections), 61,666

scalable thin- client com puting envir onment and deploy

Windows 2000/396 Windows 2003 Ser v er and MetaFr am e. Also ODC (on-demand computing), learn t o centr alize application managem ent, r educe soft w ar e

ODE (on-demandonenterprise), 109 the desktop, and mor e. Office 2003, 13–14 < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaOffice ble o f XP Con t en t s

of, 476 Citr ixeliminating MetaFr am efeatures Access Suite for Window s Ser v er 2003—The Official Guide installation, 405–406 For ewor d packaging for IM deployment, 417–418 I ntr oduction Pa r t I - Ov er vi e w VPN of Ente r pr ise164, Se r ve r - Ba se d Com put in g Office-to-office tunnel, 166

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter Offsite 1data- replication, 151 Enterpr ise

Offsite 2data- storage, Chapter Window s144 Ter minal Ser vices Chapter 3 - Citr ix MetaFr4 am e Access Suite On-Demand Enterprise, Pa r t architectural I I - De signi ngdesign, a n Ent e28–29 rpr i se SBC Solut ion

data center, Pr epar 24 ing Your Or ganization for an On- Dem and Enterpr ise I mplem29–30 ent ation implementation, Chapter 5 - trends Ser verand, - Based Computing Data Center Architect ure industry 18–20 Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing preparing for, 107–130 Chapter 4

Chapter 7 - The388 Client Envir onment Open licenses, Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Open security paradigm, 222

Operating (client), 128e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Pa r t I I I - I msystems ple m ent ing a n O n-D Chapter 10 - support, Pr oj ect Managing Operations 666–667 and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Serchange, ver Configur ation: Windows Ter m inal Serv ices Organizational preparation for, 286–293 Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Organizational impact of data center, 138

Chapter 13 - Application I nstallation and Configur at ion

OSI Layer 154 Chapter 14 3 - core Clientswitch, Configur ation and Deploym ent Chapter OSI model 15 -layers, Pr ofiles, 673–675 Policies, and Pr ocedu res Chapter 16 -Systems SecuringInterconnect) Client Access model, 44, 672–676 OSI (Open Chapter 17 Net wor k Configur at ion as a benchmark, 676 Chapter - Pr int in675–676 g data18flow, 673, Chapter 19 - Disaster and Business Continuity in the SBC Envir onment vs. protocol suites,Recovery 677 Chapter 20 Migr ation to Window s 2003 and Citr ix MetaFrame XP OUs (in Active directory), 469–470 Ongoing Administr ation of the Ser v er - Based Com puting Chapter Outage21mitigation, 137–138,151 Envir onment Pa r t I V - Appendi x es Outsourcing, 133–134

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Index

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

P

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and Packet filtering firewalls, 230

scalable thin- client com puting envir onment and deploy

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also Packet latency, 443 learn t o centr alize application managem ent, r educe soft w ar e

Packet priorization, 181–183and mor e. on 180, the desktop, PacketShaper (Packeteer), 180–185 < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> 184 Ta bleino action, f Con t en ts analysis report, 185 Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide bandwidth per session, 180–181 For ewor d partition policy, 181–183 I ntr oduction prioritization,181–182 Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g priority-based packet shaping, 181–183 I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 session-based policies, 180–183 Enterpr ise PacketShaper settings Chapter 2 - Window s Ter minal Ser vices CME private WAN, Chapter 3 Corp - Citr ix MetaFr am e576 Access Suite Corp Pa r t CME I I - De signiInternet, ng a n Ent572 e rpr i se SBC Solut ion private WAN, 554 Pr epar ing Your Or ganization for an On- Dem and Enterpr ise -

Chapter 4

mplem ent ation 453–454 Passthrough Iauthentication,

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Password Manager (MetaFrame), 94,358

PatBlt()7 command, 45 Envir onment Chapter - The Client

Patching vulnerabilities and exploits, 238 Chapter 8 known - Security Chapter 9 - Net w or6k Managemen t Patterson, Wayne, Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

PC disposition, 199,200,292

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

PC preparation limit, 323 Chapter 11 - Sertime ver Configur ation: Windows Ter m inal Serv ices

PC savings 696 ation: Citr ix MetaFr am e Presentation Ser ver Chapter 12 - estimates, Ser ver Configur Chapter 13 - 302 Application I nstallation and Configur at ion PC survey, Chapter 14 - Client Configur ation and Deploym ent

PC users, introducing SBC to, 290

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

PCs (personal computers), 26,328 administration and TCO, 8 Chapter 17 - Net wor k Configur at ion advantages of keeping, 200 Chapter 18 - Pr int in g converting to full thin client, 196 Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment cost of upgrading, 7 Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP donation or disposal of, 199–200 Ongoing Administr ation eliminating as status symbol, 15 of the Ser v er - Based Com puting Chapter 21 Envir onment eliminating theft of, 17 Pa r t I V - Appendi x es fat-client,70 Appendix A - I nter netw or k ing Basics limitations of using, 200 Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model for pilot users, 110 Chapter 16 - Securing Client Access

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

PC-based computing, vs. mainframe hosting, 5

I ndex

PC-based environment, remote office in, 10 List of Figur es List of vs. Tables PCs Windows Terminals, cost of, 194–195 List of Case Studies PDC emulator, 56 List of Sidebars

PDC (primary domain controller), 55 PeopleSoft,14 Performance, in SLA, 243 Performance monitoring, 272 Performance optimization of ICA clients, 442–447 Periodic reporting (system management), 265–266

Persistent cache, enabling, 447 Physical layer (OSI model), 675 rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Physical security Cit measures, 141,222 2 00 3 : Th e O ff icial Guid e

Pilot platform, 308 ISBN:0072195665 by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages) Pilot program, 109–112, 308–313 application selection, This guide 308 ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy applications,112 Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also assessing performance, 313 learn t o centr alize application managem ent, r educe soft w ar e change control, 111 on the desktop, and mor e. choosing user for, 110–111 < ?xm lcontrolling, version= " 1.0" encoding= " I SO- 8859- 1" ?> 312–313 Ta ble o f Con t en t s documenting performance, 111 Citr ixexpanding MetaFr am etoAccess for Window s Ser v er 2003—The Official Guide a beta,Suite 313–318 For ewor d expanding to production, 309–313 I ntr oduction testing,309 Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Pilot server(s), 111

Chapter 1

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Pilot test, expanding to a beta, 130 Enterpr ise

Chapter 2 - Window s Ter minal Ser vices Pilot users Chapter - Citr ix MetaFr am e Access as a3 representative sample, 109 Suite Pa r t at I I headquarters, - De signi ng a n 110–111 Ent e rpr i se SBC Solut ion

Pr epar ing Your ganization for an On- Dem and Enterpr ise high-quality reliable PCsOr for, 110 Chapter 4 I mplem ent ation remote office, 110–111 Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Planning (project), importance of, 294

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing Plonchak, E., 9Envir onment Chapter 7 Patricia - The Client

PN Agent Chapter 8 (Program - Security Neighborhood Agent), 201, 432–440 Chapter - Net w or kservice, Managemen t Point to9 Point serial 171–172 Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Point-to-point connections vs. frame relay, 172

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Policies, Chapter 11Citrix, - Ser467–468 ver Configur ation: Windows Ter m inal Serv ices

Policies12and design, Chapter - procedures Ser ver Configur ation:127 Citr ix MetaFr am e Presentation Ser ver Chapter - Application I nstallation and Configur at ion Policies13(security), 218–219. See also Group policy Chapter 14 - requirements, Client Configur ation and Deploym ent common 222–223 Chapter 15 - Pr ofiles, Policies, and Pr ocedu res developing, 219–239 Chapter 16 - Securing Client Access Policy scope, 466 Chapter 17 - Net wor k Configur at ion

Policy setting (Group Policy), 464–465

Chapter 18 - Pr int in g

Policy weaknesses Chapter 19 - Disaster(security), Recovery 221 and Business Continuity in the SBC Envir onment Chapter Political20assessment - Migr ationoftothe Window corporation, s 2003 and 289Citr ix MetaFrame XP Ongoing Administr of the Ser v er - Based Com puting Political21considerations of SBC,ation 113–114 Chapter Envir onment

Postproduction management Pa r t I V - Appendi x es

of SBC environment, 328–330

Appendix POTS (Plain A - IOld nter Telephone netw or k ing Basics Service), 172 Appendix B - Creating for an data On- Dem and Enterpr ise Financial Analysis Model Power requirements center, 138–139 Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Power savings estimates, 698

I ndex

PowerFuse List of Figur es utility, 6, 239, 263 PowerQuest List of Tables DeployCenter version 5.5, 348–349 List of Case Studies PPTP (Point-to-Point-Tunneling Protocol), 233 List of Sidebars

PQ (Priority Queuing), 178

Predictive analysis (system management), 266 Presentation layer (OSI model), 44,674 Presentation Server (MetaFrame XP), 4,112 load manager, 23 web interface component, 28

Presentation Server farm, 23 Primary Internet connection bandwidth management, 544 Me t aFra m e Access Su it e fo r W in do w s Ser ver Print architectureCit of rix MetaFrame XP, 589–590 2 00 3 : Th e O ff icial Guid e

Print driver installation, 610 by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages) Print driver maintenance, 610–613

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and Print driver mappings, 599–601

scalable thin- client com puting envir onment and deploy

Print driver removal, 611 2000/ Windows 2003 Ser v er and MetaFr am e. Also Windows learn t o centr alize application managem ent, r educe soft w ar e

Print Driver replication, 611–613 on the desktop, and mor e. Print drivers < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> client-side,614 Ta ble o f Con t en t s Lexmark Z2, 618 Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide server-side,614–615 For ewor d

Print server architecture design, 124 I ntr oduction Pa Print r t I -Server Ov er viProperties e w of Ente rdialog, pr ise SeDrivers r ve r - Batab, se d 611 Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Print spooler Chapter 1 - service, 618 Enterpr ise

Printer 2bandwidth management, 601–602 Chapter - Window s Ter minal Ser vices Printer 3default, Chapter - Citr607 ix MetaFr am e Access Suite

Pa r t I I - driver De signi ng a n Ent e rpr i se SBC Solut ion Printer names, 615–616

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter - selection, 608 Printer 4driver I mplem ent ation

Printer 5Management Properties window, Chapter - Ser ver - Based Computing Data595 Center Architect ure Chapter - Designingnative Your Netw or k608–609 for Ser ver- Based Com put ing Printer 6manufacturer driver, Chapter 7

- The Client Envir onment

Printer settings (MetaFrame XP), 594 - Security configuration, 613–614 Chapter - Net w or k Managemen t per 9farm, 595–596 Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt per server, 597 Chapter - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment per 10 user, 597 Chapter 8

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Printer survey, 302

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Printers13 - Application I nstallation and Configur at ion Chapter compatibility lists, 618 important files, 617 Chapter 15 - Pr ofiles, Policies, and Pr ocedu res local,608–610 Chapter 16 - Securing Client Access network, 605–607 Chapter 17 - Net wor k Configur at ion and third-party Ginas, 617 Chapter 18 - Pr int in g updating server information for, 616–617

Chapter 14 - Client Configur ation and Deploym ent

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Printing,320,327,587–623,618

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Printing environment, 122 Ongoing Administr ation of the Ser v er - Based Com puting Envir onment Printing permissions, 615

Chapter 21 -

Pa r t I V - Appendi x es

Printing problems, troubleshooting, 613–618

Appendix A - I nter netw or k ing Basics

Printing B solutions, third-party, 618–622 Appendix - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an OnDem and Enterpr ise Subscr iption Billing Model Printing system selection, 398 I ndex Private key encryption, 232 List of Figur es

Private WAN bandwidth management, 545,553–555,573–577 List of Case Studies for CME Corp, 573–577 List of Sidebars distribution module, 575 Packeteer settings, 554 List of Tables

Private WAN router, 573 for CME-WEST, 565–566 configuration, 552–553 Private WAN site network diagram, 551 Private WAN sites (ATM/DSL), 554–555

Private WAN sites (CORP Sales), 551–555 Procurement team, 326 Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

Production deployment process, 410–413 2 00 3 : Th e O ff icial Guid e

ISBN:0072195665 Production pilot program, by Steve Kaplan 109–110, et al. 309–313 application selection, McGr aw -Hill 309–310 © 2003 (724 pages) customer careThis during, guide311 ex plains how to build a r obust, reliable, and scalable thinclient com puting envir onment and deploy selecting participants, 310–311 Windows of, 2000/ testing and evaluation 310Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e training techniques, 311–312 on the desktop, and mor e.

Production rollout phase (migration), 644

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> file size, TaProfile ble o f Con t en t slimiting, 473–475 Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide Profile processing, 462–463 For ewor d

Profiles,204–205,458–464

I ntr oduction best practices, 468–481 Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

challenges of a mix of, 468

I ntr oducing Ser ver -Based Com puting and th e On- Dem and change Chapter 1 -control, 481 Enterpr ise

mechanics of, 460–464

Chapter 2

- Window s Ter minal Ser vices

Program Neighborhood, 84–85,375,440–441 - Citr ix MetaFr am e Access Suite Program 435–437, 441 Pa r t I I - DeNeighborhood signi ng a n Ent eAgent, rpr i se SBC Solut ion Chapter 3

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Program Agent client, 432–440 Chapter 4 Neighborhood I mplem ent ation

Program Neighborhood client, 430,440–441 - Ser ver - Based Computing Data Center Architect ure Project. See also SBC Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing announcing the organization, Chapter 7 - ThetoClient Envir onment 301 change control, 121, 295–297 Chapter 8 - Security change management, 117–118 Chapter 9 - Net w or k Managemen t conflict resolution, 296–297 Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt constraints on, 297 Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment coordinating tasks, 300 Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices costs and cash flows, 298 Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver criteria for success of, 117 Chapter 13 - Application I nstallation and Configur at ion feasibility committee, 112–115 Chapter 14 - Client Configur ation and Deploym ent identifying unresolved design issues, 298 Chapter 15 - Pr ofiles,strategy, Policies, 298 and Pr ocedu res implementation Chapter 16 Securing Client Access internal marketing plan for, 300 Chapter 17 - financially, Net wor k Configur at ion686 justifying 114–115, Chapter 18 Pr int in g maintaining quality and accountability, 305 Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment managing the tasks, 299–300 Chapter preparing 20 - Migr for implementation, ation to Window s 300–305 2003 and Citr ix MetaFrame XP starting,305–306 Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 onment strategiesEnvir for overcoming resistance to, 298 Pa r t technical I V - Appendi x es challenges, 298 Appendix A and - I nter netw or k potentials, ing Basics 298 upside downside Appendix work Bbreakdown - Creatingstructure, an On- Dem 299–300 and Enterpr ise Financial Analysis Model Chapter 5

Appendix C - Creating Project budget, 305 an On- Dem and Enterpr ise Subscr iption Billing Model I ndex

Project definition document, 116–118,293–294

List of Figur es

Project design plan, 122–130 List of Tables Project documentation, 300 List of Case Studies List of Sidebars Project failure, causes of, 293–294

Project goals, 116 Project implementation plan, 297–300 Project management, 130,294–307 Project management team, 295 Project manager, identifying, 294

Project milestones, 117,328 Project plan, defining, 297–298 Cit rix Me t aFra m e of, Access Su it e fo r W in do w s Ser ver Project planning steps, importance 293–294 2 00 3 : Th e O ff icial Guid e

Project planning team, 115–118 by Steve Kaplan et al. Project risks, 117McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide Project roles, 116–117, 298ex plains how to build a r obust, reliable, and

scalable thin- client com puting envir onment and deploy

Project schedule,Windows 299 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

Project scope, 112, 116 on the desktop, and mor e. Project success, measuring, 307

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> timing, TaProject ble o f Con t en t297 s Citr ix MetaFr am e Access Suite for Window Project updates, issuing regular, 306 s Ser v er 2003—The Official Guide For ewor d

Proof-of-concept pilot program, 109–112,293,308–313

I ntr oduction

Protection of data, 217–218

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Protection of Iresources, 217–218 ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise Protection from viruses, 237–239

Chapter 1 Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Protocol selection, 156–157

Protocol vs.a nOSI Pa r t I I - Desuites signi ng Entmodel, e rpr i se 677 SBC Solut ion Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Proxy server, Chapter 4 - connecting to a server through, 447–448 I mplem ent ation

PSTN (public switched telephone network), 168

Chapter 5

- Ser ver - Based Computing Data Center Architect ure Public key encryption, Chapter 6 - Designing 232 Your Netw or k for Ser ver- Based Com put ing Chapter 7 Application - The Client Manager, Envir onment Published 92–93 Chapter 8 applications - Security Published Chapter 9 - Net w or k users, Managemen 662 t adding/removing Pa r t limiting I I I - I m users ple m ent a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt to,ing 94–95

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Publishing the desktop, 202

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Publishing desktop vs. Seamless 456 Chapter 12 -full Ser ver Configur ation: Citr Windows, ix MetaFr am e Presentation Ser ver Publishing applications, Chapter 13 -individual Application I nstallation201–202 and Configur at ion Chapter 14 -results, Client Configur ation and Deploym ent Publishing 329 Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Push or pull client debate, 425

Chapter 16 - Securing Client Access

PVC (permanent virtual circuits), 171

Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Index

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Q

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also Quarterly maintenance activities, 657 learn t o centr alize application managem ent, r educe soft w ar e Query user command, on the 660 desktop, and mor e.

QoS tags, 178

Queuing, types of, 178–179

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaQueuing ble o f Con mouse t en t s movements and keystrokes, 446–447 Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Index

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

R

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows Rainbow document, 129 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e RAS module (data 169 and mor e. on center), the desktop,

RAID,151

RAS (Remote Access Service) server, 168

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaRDC ble o encryption f Con t en t s levels, 49 Citr ix MetaFr am eControl, Access Suite RDC Remote 49–51for Window s Ser v er 2003—The Official Guide For ewor d

RDC (Remote Desktop Connection), 37 Microsoft's design goals for, 47 Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g vs. RDP Version 5.0, 47–48 I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter Windows 1 - 2003 and, 47 I ntr oduction

Enterpr ise

RDC session administration, 50–52 Chapter 2 - Window s Ter minal Ser vices Chapter 3 -RDP, Citr ix OSs MetaFr am e Access RDC using supported, 47 Suite Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

RDP client software architecture, 48–51

Chapter 4 RDP clients

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

vs. ICA 431–432 Chapter 5 -client, Ser ver - Based Computing Data Center Architect ure

local and COMYour portNetw mapping, Chapter 6 drive - Designing or k for 455 Ser ver- Based Com put ing RDP 5.0, 2000 with, 46–47 Chapter 7 Windows - The Client Envir onment Chapter 8 - Security RDP packet, 44 Chapter 9

- Net w or k Managemen t

RDP (Remote Desktop Protocol), 33,35,38,41–51,72 data transmission optimization, 45 Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment encapsulating screen data, 45 Chapter 11API - Ser versent Configur main calls to, 45ation: Windows Ter m inal Serv ices

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

RDP session connection process, 42 Chapter 14 - Client Configur ation and Deploym ent diagram of, 36 Chapter 15 - Pr ofiles, Policies, and Pr ocedu res disconnection process, 44 Chapter 16 -values, Securing timeout 52 Client Access

Chapter 13 - Application I nstallation and Configur at ion

Chapter 17 - Net wor k Configur at ion

RDP Version 5.0 vs. RDC, 47–48

Chapter 18 - Pr int in g

RDPDD, Chapter 1945, - 49 Disaster Recovery and Business Continuity in the SBC Envir onment Chapter RDPWD 20 (RDP - Migr Winstation ation to Window Driver), s 2003 35 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting RDPWSX, Chapter 21 35, - 41 Envir onment

Readiness phase Pa r t I V - Appendi x es(migration),

644

Appendix Real-time A event - I nterand netw performance or k ing Basicsmonitoring, 271 Appendix B - Creating an PCs), On- Dem and Enterpr ise Financial Analysis Model Reassignment pool (for 199 Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Reboot script, 655

I ndex

Recovery point, 627 List of Figur es Recovery time, 627–628 List of Tables List of Case time Studies Recovery objectives, 628 List of Sidebars

Redundancy,143–144,151,156 Redundant data centers, 18 Registry changes, replicated for all users, 400 Registry security, 61 Registry settings, 203 Registry (Windows), 56

32-bit applications and, 400 use of in multiuser environment, 59 Regulated industries, Cit rixsecurity Me t aFra policies m e Access of, 218–219 Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Regulatory compliance benefits of SBC, 18 by Steve Kaplan et al.

ISBN:0072195665

Reliability (data center), McGr aw 143 -Hill © 2003 (724 pages) Reliability and redundancy, 21plains how to build a r obust, reliable, and This guide ex scalable thin- client com puting envir onment and deploy

Remote access, defined, 70 Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o126 centr alize application managem ent, r educe soft w ar e Remote access design, on the desktop, and mor e.

Remote access support, 426

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Remote administration of Terminal Server, 63 Ta ble o f Con t en t s

Remote branch office WAN access module, 162–165 Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d connection to server console, 65 Remote I ntr oduction Remote control, 46 Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Remote Desktop for Administration, 64–65

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Enterpr ise 38 Remote Desktop Client,

Chapter - Window s258, Ter minal Remote2 diagnostics, 264 Ser vices Chapter 3 - Citr ix MetaFr am e Access Suite

Remote office bandwidth, 12

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Remote office cost estimates,for 695 Prbandwidth epar ing Your Or ganization an On- Dem and Enterpr ise I mplem ent ation Remote office connectivity, 15–17

Chapter 4 Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Remote office data migration, 323–325

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing Remote7 office infrastructure, assessing, 322 Chapter - The Client Envir onment Chapter Remote8 office - Security infrastructures, 10–12,322 Chapter - Net w or k Managemen t Remote9 office LANs, 303 Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Remote office migration, planning for, 322–323

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Remote11office migration teams, Chapter - Ser ver Configur ation:325–326 Windows Ter m inal Serv ices Chapter Remote12office - Ser inver PC-based Configur environment, ation: Citr ix MetaFr 10 am e Presentation Ser ver Chapter - Application I nstallation and Remote13office in SBC environment, 11 Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Remote office server cost estimates, 695

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Remote16office server savings estimates, 698 Chapter - Securing Client Access Remote17office users, 16 Chapter - Net wor k Configur at ion Chapter - Pr int in g access, 157–158, 167–168 Remote18user Internet Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Remote users, assessing cultural environment of, 289

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Replicate Driver console, 612 Ongoing Administr ation of the Ser v er - Based Com puting Envir onmentmanagement), 264 Report formats (system

Chapter 21 -

Pa r t I V - Appendi x es

Reporting, MOM 2000, 271

Appendix A - I nter netw or k ing Basics

Reporting SLA, 265

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Reputation the company, protection of, 218 Appendix C -ofCreating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex RES PowerFuse, 344 List of Figur es

Resiliency, network design for, 150–151

List of Tables

Resource pooling, 398

List of Case Studies

Resources List of Sidebars limiting access to local, 477–480 protecting,217–218 Restricted security paradigm, 222 Reusable code, 148 Revision control system, 481 RFCs (requests for comments), 247

Risk assessment, 221 RM billing services, 268,705 Cit rix Me 88, t aFra m e266–268, Access Su it e fo r W in do w s Ser ver RM (Resource Manager), 112, 705 2 00 3 : Th e O ff icial Guid e architecture diagram, 268 ISBN:0072195665 by Steve Kaplan et al. report detail, 706 McGr aw -Hill © 2003 (724 pages) for specific usage billing, 705 This705 guide ex plains how to build a r obust, reliable, and user delineation, scalable thin- client com puting envir onment and deploy

RMON (Remote Monitoring Windows 2000/ Agent), Windows 248–249 2003 Ser v er and MetaFr am e. Also Road kit, 326

learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Roaming profiles, 204–205,458–459

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> applications, 146,325 TaRogue ble o f Con t en t s Citr ix MetaFr am e Access Rogue servers, 146 Suite for Window s Ser v er 2003—The Official Guide For ewor d

ROI savings estimates, 696–699

I ntr oduction

Rollout (enterprise SBC), 318–328 Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g Root certificate, I ntr 453 oducing Ser ver -Based Com puting and th e On- Dem and -

Chapter 1

Enterpr ise

RootDrive variable, 403

Chapter 2

- Window s Ter minal Ser vices

Round-trip -latency, 443 Citr ix MetaFr am e Access Suite

Chapter 3

Router configuration, private WAN, 552–553 Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Router 4trap, Chapter - 261 I mplem ent ation

Router-based bandwidth management, 179 - Ser ver - Based Computing Data Center Architect ure Routing protocols and methods, 549–551 Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing Chapter 5

Chapter 7 - The Client Envir onment344 RTO Software (formerly Kevsoft), Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Index

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

S

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

guide ex plains how to build a r obust, reliable, and Sales office LAN This hardware, 539

scalable thin- client com puting envir onment and deploy

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also SAN (storage area network) devices, 6,24–25 learn t o centr alize application managem ent, r educe soft w ar e

SBC architectureon components, the desktop,23–28 and mor e.

SBC costs and savings spreadsheet model, 686–699

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaSBC ble odata f Concenter. t en t s SeeData center

Citr ix MetaFr am e Access Suiteplanning, for Window s Ser v er 2003—The Official Guide SBC deployment process, 288–289 For ewor d

SBC environment. See alsoSBC applications in, 396 Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g compelling vision of, 287 I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter disaster 1 - recovery/business continuity, 625–639 Enterpr ise expanding,292 Chapter 2 - Window s Ter minal Ser vices future direction of, 329 Chapter 3 - Citr ix MetaFr am e Access Suite keeping the end state in mind, 397 Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion monitoring progress, 292 Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter ongoing 4 - administration of, 653–667 I mplem ent ation postproduction management of, 328–330 Chapter 5 - Ser ver - Based Computing Data Center Architect ure publicizing early successes, 292 Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing remote office in, 11 Chapter 7 The Client Envir onment software- distribution in, 262 Chapter 8 in- planning, Security 108 steps Chapter 9 - Net w or662–666 k Managemen t troubleshooting, I ntr oduction

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

SBC lab, establishing, 330

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

SBC market prediction, 32 ation: Windows Ter m inal Serv ices Chapter 11 - Ser ver Configur Chapter SBC migration 12 - Serproject. ver Configur SeeProject ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion SBC model, 4 Chapter 14 - Client Configur ation and Deploym ent

SBC momentum, building, 290–291

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

SBC (server-based computing). See alsoEnterprise SBC;SBC environment Chapter 16 - Securing Client Access

building enthusiasm for, 113 business continuity design, 629–630 Chapter 18 - Pr int in g communicating about to all stakeholders, 290 Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment concerns and myths about, 20–23 Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP cost estimates, 696 Ongoing Administr ation of the Ser v er - Based Com puting Chapter economic 21 - justification for, 4, 6–13 Envir onment encryption for, 234 Pa r t I V - Appendi x es environmental benefits of, 18 Appendix A - I nter netw or k ing Basics establishing a need for implementing, 287 Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model flexibility and low cost of, 5 Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model handling objections to, 312–313 I ndexvs. mainframe computing, 5 List of Figurbusiness es major benefits of, 13–18 List of Tables measuring benefits of, 329 List of Case Studies migrating to, 130 List of Sidebars network design for, 147–192 vs. PC-based computing, 5 political considerations of, 113–114 regulatory compliance benefits of, 18 removing obstacles to, 290–291 savings estimates, 696 software distribution and, 205 solution to business continuity, 629 Chapter 17 - Net wor k Configur at ion

strategic benefits of, 4 system management environment for, 250–266 SBC steering committee, Cit rix Me329 t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

SBC-enabled opportunities, preparing for, 292–293 by Steve Kaplan et al.

ISBN:0072195665

Scalability, network design 150(724 pages) McGr aw -Hillfor, © 2003 Scheduled maintenance activities, This guide ex plains654–657 how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy

Scope creep (project), 116 Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e Scripting,346–347 on the desktop, and mor e.

SD (ScrewDrivers), triCerat, 620

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> SDSL (Symmetric DSL), 173 Ta ble o f Con t en t s

Seamless feature, 84,Window 456 s Ser v er 2003—The Official Guide Citr ix MetaFrWindows am e Access Suite for For ewor d access center, 484, 522–523 Secure I ntr oduction Secure access center deployments, 484,522–523 Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Secure Access Manager. SeeMSAM

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Enterpr ise Secure Gateway deployment, 485–490 Chapter benefits 2 - of, Window 488 s Ter minal Ser vices installation of,ix 490–529 Chapter 3 - Citr MetaFr am e Access Suite Citrix 489 Solut ion Pa r t required I I - De signi ng acomponents, n Ent e rpr i se SBC requirements of,ing 491 Pr epar Your Or ganization for an On- Dem and Enterpr ise Chapter 4 I mplem to, ent 489–490 ation user connection Chapter - Ser ver - Based Computing Data Center Architect ure Secure5Gateway deployment diagrams, 97, 486–487 Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Secure Gateway Diagnosis, 517

Chapter 7

- The Client Envir onment Secure8Gateway Management Console, 517 Chapter - Security Chapter Secure9Gateway - Net wfor or k MetaFrame, Managemen t 79, 96, 235, 484 Pa r t configuration I I I - I m ple m ent settings, ing a n O 515 n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

configuring, 514–516 Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment ICA11 Win32 clients with, 448–450 Chapter - Ser ver Configur ation: Windows Ter m inal Serv ices installing, Chapter 12 - 513–514 Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter - Application Secure13 Gateway server I nstallation and Configur at ion Chapter FQDNs 14 -for, Client 492Configur ation and Deploym ent

SSL15certificate for,Policies, 492–495 Chapter - Pr ofiles, and Pr ocedu res Chapter 16 client - Securing Client Access Securing access, 483–529 Chapter 17 - Net wor k Configur at ion

Security,16,25,215–239 application,419 Chapter 19 of- exposure, Disaster Recovery and Business Continuity in the SBC Envir onment areas 223,226–228 Chapter 20 Migr ation to Window s 2003 and Citr ix MetaFrame XP as cumulative, 216 Ongoing Administr ation of the Ser v er - Based Com puting changes Chapter 21 - in Windows Server 2003, 238–239 Envir onment CME requirements for, 546–547 Pa r t I V - Appendi x es desktop, 113,202–204,264,476 Appendix A -MSAM I nter netw or k ing Basics Internet deployment requirements for, 527–528 Appendix B Creating an On- Dem and Enterpr ise Financial Analysis Model definitions of, 216 Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model file,60–61 I ndexon the ICA client, 447–456 List of Figur es nature of, 216–219 Chapter 18 - Pr int in g

List of Tables Security alert within an SME, 253 List of Case Studies

Security concepts, 546–547

List of Sidebars

Security design, 129,158,223 Security design technical considerations, 223 Security environment, 122 Security hierarchy, 546 Security management, 252 Security management hardware and software, 547

Security measures administrative, 222 physical,222 Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 00 3 : Th e O ff icial Guid e technical, 223,2228–239 by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

Security methodologies, 218–219

ISBN:0072195665

Security model vs. user impact (graph), 219 This guide ex plains how to build a r obust, reliable, and scalable Security paradigms, 222 thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

Security policy, 218–219 learn t o centr alize application managem ent, r educe soft w ar e common requirements, on the desktop, 222–223 and mor e. developing,219–239

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> policy 222–223 TaSecurity ble o f Con t en tdefinition, s

Citr ix MetaFr am e Access Suite for220–221 Window s Ser v er 2003—The Official Guide Security posture assessment, For ewor d

Security process, 219

I ntr oduction

Security Pa r t I - Ovproxy er vi e wserver, of Ente447–448 r pr ise Se r ve r - Ba se d Com put in g Security threats by-Based source,Com 221 I ntr categorized oducing Ser ver puting and th e On- Dem and -

Chapter 1

Enterpr ise

Security weaknesses, sources of, 221

Chapter 2

- Window s Ter minal Ser vices

Security Wheel (Cisco), 220 - Citr ix MetaFr am e Access Suite

Chapter 3

Seismic activity, center 140 Pa r t I I - De signi ngdata a n Ent e rpr iand, se SBC Solut ion Pr epar Your number, Or ganization Serial number and ing license 388 for an On- Dem and Enterpr ise Chapter 4 I mplem ent ation

Server backbone, 25 - Ser ver - Based Computing Data Center Architect ure Server certificate Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing 495onment installed STA,Envir Chapter 7 - on Thethe Client obtaining from CA, 492–495 Chapter 8 - Security Chapter 5

Chapter Server 9farm- Net w or k Managemen t Pa r t architecture I I I - I m ple m design, ent ing a 124 n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

event monitoring, 271 an Enter pr ise SBC Envir onment Chapter 10 and - Prperformance oj ect Managing and Deploying fail-over, Chapter 11 - 18 Ser ver Configur ation: Windows Ter m inal Serv ices single to multiple 14 am e Presentation Ser ver Chapter 12 point - Seraccess ver Configur ation: points, Citr ix MetaFr wireless deviceI nstallation accessing,and 213 Chapter 13 - tablet Application Configur at ion Chapter Server 14 hardening, - Client 237–238 Configur ation and Deploym ent Chapter - Pr ofiles, Server 15 reboot, 655 Policies, and Pr ocedu res Chapter 16 - Securing Client Access

Server-based vs. distributed network usage, 148–149

Chapter 17 - Net wor k Configur at ion

Server-side Chapter 18 - network Pr int in g settings (CME), 583–586 Server-side drivers, 614–615 Chapter 19 - print Disaster Recovery and Business Continuity in the SBC Envir onment Chapter - Migr ation Window s 2003 Service20level views intotoproblems, 261 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 SLAs Services, for, 242–244 Envir onment

Services design,x es 154–156 Pa r t I V - Appendi Appendix - I nter netw41–42 or k ing Basics Session Aconnections, Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Session disconnection, 43–44

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Session layer (OSI model), 674

I ndex

Session reconnection, 44 List of Figur es List of Tables Session Shadowing, 9,98–100,264 List of Case Studies

Session state, checking for, 656

List of Sidebars

SessionID,34

Sessions (dumb terminal), 32 SessionSpace,34,37,41 Shadow key, 59 Shadow key propagation, 401 Shadow pipe, 50

Shadowed session, 50 Shadowing,98–101,320,258,664 Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

Sharing your experiences, 330 2 00 3 : Th e O ff icial Guid e Shrink wrap method of MetaFrame licensing, 102 by Steve Kaplan et al.

ISBN:0072195665

McGr aw -Hill © 2003 (724 pages) Simple hybrid clients, 196, 201 This guide ex plains how to build a r obust, reliable, and Simplicity, as a goal, 20

scalable thin- client com puting envir onment and deploy

Windows Simplify Printing v2, 620 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

Single point access to multiple farms, 14 on the desktop,server and mor e. Single point of failure, 21

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaSingle-session ble o f Con t en t applications s in multisession environment, 56 Citr ix MetaFr amimportance e Access Suite for Window328 s Ser v er 2003—The Official Guide Site surveys, of accurate, For ewor d

16-bit application optimization, 398–400

I ntr oduction

SLAs agreements), 318put in g Pa r t I - (service Ov er vi e wlevel of Ente r pr ise Se r ve242–244, r - Ba se d Com

for an enterprise backup service, I ntr oducing Ser ver -Based243–244 Com puting and th e On- Dem and Chapter 1 establishing, 307 Enterpr ise expanding, 319 s Ter minal Ser vices Chapter 2 - Window using SME, am 254–255 Chapter 3 within - Citrthe ix MetaFr e Access Suite Pa r t I I (SpeedScreen - De signi ng a n Latency Ent e rpr i se SBC Solut manager, ion SLR Reduction)

81

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Small business network design, 186 Chapter 4 I mplem ent ation

Smart card 453–454Data Center Architect ure Chapter 5 - logon, Ser verenabling, - Based Computing Chapter SME (System 6 - Designing Management Your Netw Environment) or k for Serfor ver-SBC, Based121, Com 126–127, put ing 250–266

architecture, Chapter 7 - The255–266 Client Envir onment basic 250–251 Chapter 8 requirements, - Security objectives, 250 Chapter 9 - Net w or k Managemen t alert within, Pa r t security I I I - I m ple m ent ing a253 n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt three Chapter 10Ps- of, Pr oj242, ect 250 Managing and Deploying an Enter pr ise SBC Envir onment using 254–255 Chapter 11 SLAs - Serwithin, ver Configur ation: Windows Ter m inal Serv ices

SME tools, Chapter 12 -266–277 Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - 269 Application I nstallation and Configur at ion SMS agent, Chapter 14 - Client Configur ation and Deploym ent

SMS (MS System Management Server), 262,268–270 vs. Group Policy, 269–270 Chapter 16 - Securing Clientsuite, Access in Microsoft BackOffice 269 Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 17 - Net wor k Configur at ion

SMS version 2.0 enhanced features, 269

Chapter 18 - Pr int in g

SNMP 19 agent, 245 Recovery and Business Continuity in the SBC Envir onment Chapter - Disaster Chapter SNMP 20 communities, - Migr ation247–248 to Window s 2003 and Citr ix MetaFrame XP Ongoing station, Administr ation of the Ser v er - Based Com puting SNMP 21 management 245 Chapter Envir onment

SNMP structure Pa r t I V - MIB Appendi x es

(MIB II), 248

Appendix SNMP (Simple A - I nter Network netw or kManagement ing Basics Protocol), 246–248

advantages of, 247an On- Dem and Enterpr ise Financial Analysis Model Appendix B - Creating limitations of, 248 an On- Dem and Enterpr ise Subscr iption Billing Model Appendix C - Creating I ndexUDP ports, 257 List of Figur es 245 SNMP traps, List of Tables SNMP versions, 246 List of Case Studies

SNMP-based network management, 245

List of Sidebars

SOCKS proxy server, 447 Soft cost estimates, 695 Soft cost figures, 692 Soft savings estimates, 699 Softricity SoftGrid for Terminal Servers, 403–404 Softricity SystemGuard virtual environment, 404

Software distribution, 261–263 automation of, 205 in a distributedCit network, rix Me t aFra 263 m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O262 ff icial Guid e in SBC environment, 205, by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

Software distribution applications, 205

ISBN:0072195665

Software metering, 263–264 This guide ex plains how to build a r obust, reliable, and scalable thinclient Software products, cited as five 9s, com 532puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

Solaris, installinglearn MetaFrame t o centr on, alize378–381 application managem ent, r educe soft w ar e on the desktop, Solution KnowledgeBase (Citrix),and 376mor e. < ?xm l version= " 1.0" encoding= " I SO8859- 1"172 ?> SONET (Synchronous Optical Network), Ta ble o f Con t en t s

Speed (network), 150,443

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

SpeedScreen, 81 For ewor d

Browser Acceleration, 442–443 I ntr oduction

Pa r t Latency I - Ov er viProtection, e w of Ente r444–446 pr ise Se r ve r - Ba se d Com put in g

Latency Reduction Manager, 444

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 - Threshold, 446 Latency Enterpr ise

Latency 445 Chapter 2 - utility, Window s Ter minal Ser vices

link 3performance and,am 82e Access Suite Chapter - Citr ix MetaFr Pa Splash r t I I - De screens, signi ngeliminating, a n Ent e rpr i se 476 SBC Solut ion

Pr epar ing Your618 Or ganization for an On- Dem and Enterpr ise Spooler4 service (printing), Chapter I mplem ent ation

Spreadsheet model, 686–699 Chapter 5 - Ser ver - Based Computing Data Center Architect ure

SPU (System Preparation for Windows 348 Chapter 6 - Designing YourUtility) Netw or k for Ser ver-NT, Based Com put ing Chapter 7 - The Client Envirsetting onmentthe default, 360 SQL authentication mode, Chapter 8 - Security

SQL database servers, 25

Chapter 9

- Net w or k Managemen t

SQL Datastore, troubleshooting, 664–665

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

SQL Server 363 Chapter 10 - Authentication, Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - 2000 Ser ver Configur ation: Windows Ter m inal Serv ices SQL Server Chapter 12 - the SerData ver Configur ation: Citr ix MetaFr am e Presentation Ser ver 360–364 creating Store on, Chapter 13 - Application nstallation and Configur at ion Enterprise Manager,I 360–362 Chapter installation 14 - Client and Configur setup, 359–360 ation and Deploym ent

latest packPolicies, for, 360and Pr ocedu res Chapter 15 service - Pr ofiles, Chapter 16 - Securing Client Access SSL certificate, obtaining from CA, 492–495 Chapter 17 - Net wor k Configur at ion

SSL ICA clients, configuring, 450–451

Chapter 18 - Pr int in g

SSL Relay service, 448

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

SSL (Secure Socket public key, and 232 Citr ix MetaFrame XP Chapter 20 - Migr ationLayer) to Window s 2003 Ongoing Administr ation the Ser v er - Based Com puting SSL/TLS, requirements for, of 448 Chapter 21 system Envir onment

STA configuring, 513 Appendix A - I nter netw or k ing Basics installing,512–513 Pa r t I V - Appendi x es

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

STA configuration settings, 513 ise Subscr iption Billing Model Appendix C - Creating an On-changing, Dem and Enterpr I ndex STA server, certificate installed on, 495 List of Figur es IT staff Staffing. See List of Tables

Standard edition (Windows 2003), 38

List of Case Studies

Standard naming practices, 253–254 List of Sidebars Standardization, centralized, 113 Starting and stopping MetaFrame for UNIX, 381 Status reporting, 307 Storage cost estimates, 694 STP (Spanning Tree Protocol), 154

StressTest,349 Subscription Advantage (MetaFrame licensing), 102 Citmodel, rix Me t701–706 aFra m e Access Su it e fo r W in do w s Ser ver Subscription billing 2 00 3 : Th e O ff icial Guid e

Sullivan, Ray, 6 by Steve Kaplan et al. awout -Hillsystems, © 2003 (724 pages) Sunset period to McGr phase 146

ISBN:0072195665

This129 guide ex plains how to build a r obust, reliable, and Support personnel,

scalable thin- client com puting envir onment and deploy

Support structureWindows and processes, 121 2003 Ser v er and MetaFr am e. Also 2000/ Windows learn t o centr alize application managem ent, r educe soft w ar e

Survey databases, 321 on the desktop, and mor e. Surveys, 301–303

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaSUS ble o(Software f Con t en t sUpdate Service), 262 Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide Switch configuration For ewor d Catalyst 6509, 572–573 I ntr oduction Cisco 3550–12G, 573 Pa r t CME I - Ov Corp er vi e wcore, of Ente 580–583 r pr ise Se r ve r - Ba se d Com put in g

LAN access/distribution, 578–579 I ntr oducing Ser ver -Based Com puting and th e On- Dem and -

Chapter 1

Enterpr ise

Symantec Ghost Corporate Edition v 7.5, 348–349

Chapter 2

- Window s Ter minal Ser vices

Sysprep version 1.1, 348 - Citr ix MetaFr am e Access Suite

Chapter 3

System global object, 61e rpr i se SBC Solut ion Pa r t I I - De signi ng a n Ent Pr epar ing Your ganization System4 implementation timeOrlimit, 323 for an On- Dem and Enterpr ise Chapter I mplem ent ation

System Management Environment. See SME - Ser ver - Based Computing Data Center Architect ure System management 266–277 Chapter 6 - Designing tools, Your Netw or k for Ser ver- Based Com put ing Chapter 5

Chapter - Thegraphs, Client Envir System7 metrics 267onment Chapter 8

- Security System testing, 407–408

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Index

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

T

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and Tablet PCs, as client devices, 212

scalable thin- client com puting envir onment and deploy

2000/ 2003196 Ser v er and MetaFr am e. Also TCO (total cost ofWindows ownership) ofWindows client types, learn t o centr alize application managem ent, r educe soft w ar e

TCP rate control,on 179–185 the desktop, and mor e. TCP-based SNMP, 245 < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaTCP/IP, ble o f Con 44,t245 en t s

Citr ix MetaFrports, am e Access Suite for Window s Ser v er 2003—The Official Guide TCP/UDP 681–682 For ewor d

Team follow-up, 323

I ntr oduction

Team work, 326 Pa r t I - Ov er vi facilitating e w of Ente reffective, pr ise Se r ve r - Ba se d Com put in g Technical security I ntr oducing measures, Ser ver223 -Based Com puting and th e On- Dem and -

Chapter 1

Enterpr ise

Technology weaknesses (security), 221

Chapter 2

- Window s Ter minal Ser vices

Telecommuting, 17MetaFr am e Access Suite Chapter 3 - Citr ix Pa TERMDD r t I I - De signi (Terminal ng a n Ent Server e rpr iDevice se SBC Driver), Solut ion35, 41

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Terminal Chapter 4 Server I mplem ent ation

automated creation of, 344–349 - Ser ver - Based Computing Data Center Architect ure hardware platform, 333–336 Chapter - Designing Your Netw or k for Ser ver- Based Com put ing OS 6installation, 337–343 Chapter 7 - The optimization, Client Envir onment performance 344 Chapter 8 - Security pre-installation, 336 Chapter 9 path, - Net460–461 w or k Managemen t profile Pa r t service I I I - I m packs ple m ent ing hotfixes, a n O n-D e343 m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt and Chapter 10 Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment sizing and capacity planning, 349–353 Chapter use11 of the - Ser term, ver 33 Configur ation: Windows Ter m inal Serv ices user12application 350–353 Chapter - Ser ver simulation, Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 5

Chapter 13 Services, - Application I nstallation Terminal 4,32–38, 31–65 and Configur at ion Chapter 14 - Client Configur ation and automatic printer redirection, 594Deploym ent Chapter 15architecture - Pr ofiles, Policies, and Pr ocedu46–51 res client in Windows 2000, Chapter client 16device - Securing options, Client 33 Access

design, Chapter 17 123–125 - Net wor k Configur at ion in the Chapter 18 enterprise, - Pr int in g 51, 55–62 history 33–36 Recovery and Business Continuity in the SBC Envir onment Chapter 19 of, - Disaster Home 464 Chapter 20 Directory, - Migr ation to Window s 2003 and Citr ix MetaFrame XP

licensing,62–65 Ongoing Administr ation of the Ser v er - Based Com puting Chapter and21 MetaFrame, 72–73 Envir onment Pa r t MetaFrame I V - Appendienhancements x es

to, 68–69

multiuser issues, Appendix A - Ienvironment nter netw or k ing Basics57 upgrading from TSE, 648–649 Appendix B - Creating an OnDem and Enterpr ise Financial Analysis Model

upgrading from Windows 2000, Appendix C - Creating an On- Dem and649 Enterpr ise Subscr iption Billing Model Windows Server 2003 features, 51–55

I ndex

Terminal Code (Citrix), 32 List of FigurServices es List of Tables Terminal Services Manager, 50 List of Case Studies

Test cycles, 409

List of Sidebars

Test lists, 408–409 Testing,112 during beta, 318 of pilot program, 309 of production pilot, 310 Testing environment, 121

TextOut() command, 45 Theft of intellectual property, preventing, 15 Cit rix Me17 t aFra m e Access Su it e fo r W in do w s Ser ver Theft of PCs, eliminating, 2 00 3 : Th e O ff icial Guid e

Thin-client computing, 71–72, 194, ISBN:0072195665 by Steve Kaplan et196 al. Citrix SystemsMcGr synonymous with, 72pages) aw -Hill © 2003 (724 configuration, 456 This guide ex plains how to build a r obust, reliable, and printing,603,618 scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also ThinPrint v5.5, 619–620

learn t o centr alize application managem ent, r educe soft w ar e

32-bit applications, on Registry the desktop, and,and 400mor e. Threats to security categorized by8859source, 221 < ?xm l version= " 1.0" encoding= " I SO1" ?> TaThree-tiered ble o f Con t en ts infrastructure (network design), 159 Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Throughput and latency, 443

For ewor d

Tigi drives, 344 I ntr oduction Pa Time r t I - constraints, Ov er vi e w ofdetermining, Ente r pr ise Se323 r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Time zones, Chapter 1 - data center and, 142 Enterpr ise

Timeout for RDP 52 Chapter 2 values - Window s Tersessions, minal Ser vices

Timeouts, 50 am e Access Suite Chapter 3 control - Citr ix of, MetaFr Pa r t I I Netview, - De signi ng Tivoli 266a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 TLS (Transport Layer 448,450–451 I mplem entSecurity), ation

Token 5Bus,- 170 Chapter Ser ver - Based Computing Data Center Architect ure Chapter - Designing Your Netw or k for Ser ver- Based Com put ing Token 6Ring, 170 Chapter 7

- The Client Envir onment

Chapter 8

- Security

T.120 protocol, 33

TPOG (ThinPrint Output Gateway), 619 - Net w or k Managemen t

Chapter 9

Training Pa r t I I I - Icosts, m ple m9ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Chapter 10environment, - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Training 121 Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Training plan, 129

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Training techniques, 311–312

Chapter 13 - Application I nstallation and Configur at ion

Transport (IP), 677 ation and Deploym ent Chapter 14 layer - Client Configur Chapter 15 layer - Pr ofiles, Transport (OSI Policies, model), and 674Pr ocedu res Chapter 16 - Securing Client Access

Transport protocols, network management and, 245

Chapter 17 - Net wor k Configur at ion

Travel time and budget, 327

Chapter 18 - Pr int in g

Trending management), Chapter 19 (system - Disaster Recovery and266 Business Continuity in the SBC Envir onment Chapter - Migr307 ation to Window s 2003 and Citr ix MetaFrame XP Triage 20 process,

Tricerat, Chapter 21344 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

TriCerat ScrewDrivers Pa r t I V - Appendi x es

v2, 620

Appendix - I nter TS CAL Apool, 62 netw or k ing Basics Appendix - Creating an On- Dem and Enterpr ise Financial TS CAL B(Windows Terminal Services License), 62–63 Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

TSAC site, 431

I ndex

TSAC (Terminal Server Advanced Client), 46,430–432 List of Figur es List TSCC of Tables (Terminal Services Configuration/Connections), 50 List of (Terminal Case Studies TSE Services Edition) with NT 4.0 OS, 33–36,72 List of Sidebars address spaces, 34

upgrading Terminal Servers from, 648 VMM in, 34,36 TS-EC (Terminal Server External Connector), 64 TSE-to-Windows 2000 Server upgrade, 648 TSE-to-Windows Server 2003 upgrade, 648

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Index

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

U

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and UDP, network management and, 245

scalable thin- client com puting envir onment and deploy

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also UDP packets, 245 learn t o centr alize application managem ent, r educe soft w ar e

UDP ports, for SNMP, on the257 desktop, and mor e. Uninstalling an application, 402 < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaUniversal ble o f Conaccess, t en t s 14

Citr ix MetaFrWin32 am e Access Suite for Universal web client, 428Window s Ser v er 2003—The Official Guide For ewor d

UNIX.SeeMetaFrame for UNIX

I ntr oduction

UNIX auto-creation, 604 Pa r t I - client Ov er viprinter e w of Ente r pr ise Se r ve r - Ba se d Com put in g UNIX ICA clients, I ntr oducing 206,430, Ser441 ver -Based Com puting and th e On- Dem and Enterpr ise Unlicensed software, preventing use of, 15

Chapter 1 Chapter 2

- Window s Ter minal Ser vices

UPD (Citrix Print 598, 609–610 Chapter 3 - Universal Citr ix MetaFr amDriver), e Access Suite Pa Updates r t I I - Deand signi hotfixes ng a n Ent methodology, e rpr i se SBC Solut 397 ion

Pr epar ingand YourMetaFrame, Or ganization645 for an On- Dem and Enterpr ise Upgrade OSs Chapter 4 matrix, I mplem ent ation

Upgrading software, 209 Chapter 5 -client Ser ver - Based Computing Data Center Architect ure

Upgrading domain,Your 644–648 Chapter 6 -the Designing Netw or k for Ser ver- Based Com put ing Chapter 7 -MetaFrame, The Client Envir onment Upgrading 649–652 Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Upgrading PCs, cost of, 7

Upper management support for the project, 114

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

UPS (uninterruptible power supply), 139 Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 in- SLA, Ser ver Configur ation: Windows Ter m inal Serv ices Usability, 243 Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Usage and growth estimates, 689–690

Chapter 13 - Application I nstallation and Configur at ion

User access (external), limited, 95

Chapter 14 - Client Configur ation and Deploym ent

User account Chapter 15 - Prsetup, ofiles, 323 Policies, and Pr ocedu res Chapter 16 - Securing User accounts, 92–94Client Access Chapter 17 - Net wor k Configur at ion

User address space, in TSE, 34

Chapter 18 - Pr int in g

User authentication, 92

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

User communication 319 s 2003 and Citr ix MetaFrame XP Chapter 20 - Migr ationFAQ, to Window Ongoing Administr ation of489–490 the Ser v er - Based Com puting User connection to Secure Gateway, Chapter 21 Envir onment

User data migration, 322

Pa r t I V - Appendi x es

User environment management, 239 Appendix A - I nter netw or k ing Basics Appendix B - objects, Creating 61 an On- Dem and Enterpr ise Financial Analysis Model User global Appendix C Creating an On- Dem and Enterpr ise Subscr iption Billing Model User interface design, 128 I ndex

User perception of network infrastructure, 113

List of Figur es

User policies and procedures design, 127 List of Tables List User of Case policies Studies (Windows), 203.See alsoGroup Policy List of Sidebars User profile file size, limiting, 473–475

User profile path, 461–462 User profile processing, 462–463 User profiles, 204–205,458–464 best practices, 468–481 change control, 481 design of, 124

mechanics of, 460–464 User satisfaction, measuring, 328 Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver User security, 158 2 00 3 : Th e O ff icial Guid e

User selection during beta,Kaplan 317 et al. ISBN:0072195665 by Steve McGr aw -Hill © 2003 (724 pages) User support, 306–307 during beta, 314 This guide ex plains how to build a r obust, reliable, and scalable during the pilot, 311 thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

User support processes, 307 alize application managem ent, r educe soft w ar e learn t o centr on the desktop, and306–307 mor e. User support structure, enhancing, < ?xm l version= 1.0" encoding= " I SO- 8859- 1" ?> User survey, "302–303 Ta ble o f Con t en t s

User survey form, 118

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

User training For ewor d

during rollout, 319 I ntr oduction

headquarters migration, Pa r t for I - Ov er vi e w of Ente r pr ise Se321 r ve r - Ba se d Com put in g

for remoteI ntr office migration, 323–324 oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise User-level printer bandwidth management, 602

Chapter 1 Chapter 2

- Window s Ter minal Ser vices User-load simulation, using CSTK, 353–356

Chapter 3

- Citr ix MetaFr am e Access Suite

Usernames and passwords, 95

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Users Pr epar ing Your Or ganization for an On- Dem and Enterpr ise mplem ent ation limiting toI published applications, 94 Chapter managing, 5 - Ser 660–661 ver - Based Computing Data Center Architect ure shadowing, 664 Chapter 6 - Designing Your Netw or k for Ser ver- Based Com put ing three-tier approach to supporting, Chapter 7 - The Client Envir onment 666–667 training, 311 Chapter 8 - Security viewing Chapter 9 -current, Net w or 660 k Managemen t Chapter 4

Pa r t I I I - I m pleapplication m ent ing a n data, O n-D e60 m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt User-specific

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Index

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

V

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and Variance process, creating, 312

scalable thin- client com puting envir onment and deploy

Windows 2000/ VDM (Virtual DOS Machine), 36Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

Verisign,492

Virtual call center, 307

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaVirus ble o fprotection, Con t en t s 237–239 Citr ix MetaFr am e Access Virus risk, reducing, 15Suite for Window s Ser v er 2003—The Official Guide For ewor d

VLANs (Virtual LANs), 154

I ntr oduction

VMM inr -TSE, 36put in g Pa r t I - (Virtual Ov er vi eMemory w of EnteManager), r pr ise Se r ve Ba se d34, Com VMWare, 111 I ntr oducing Ser ver -Based Com puting and th e On- Dem and -

Chapter 1

Enterpr ise

VPN access (WAN access module), 164–165

Chapter 2

- Window s Ter minal Ser vices

VPN concentrator, 164,166 Chapter 3 - Citr ix MetaFr am e Access Suite Pa VPN r t I I connections, - De signi ng a 166 n Ent e rpr i se SBC Solut ion

Pr eparIPSec ing Your Or ganization for an On- Dem and Enterpr ise VPN connectivity, overhead of, 164 Chapter 4 I mplem ent ation

VPN dial-up Chapter 5 - connectivity, Ser ver - Based 320 Computing Data Center Architect ure

VPN router, Chapter 6 - 164 Designing Your Netw or k for Ser ver- Based Com put ing Chapter 7 - The Client Envir onment VPN termination suite, 164 Chapter 8 - Security

VPN terminations, 166

Chapter 9

- Net w or k Managemen t

VPN tunnel, 164,166

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

VPN (Virtual private network), and 143–144, 175 an Enter pr ise SBC Envir onment Chapter 10 - Pr oj ect Managing Deploying Chapter 11 -access Ser vermodule Configur(data ation:center), Windows Ter m inal Serv ices VPN WAN 164–167 Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

VPN WAN site network diagram, 556

Chapter 13 - Application I nstallation and Configur at ion

VPN WAN site firewall configuration, 555–557

Chapter 14 - Client Configur ation and Deploym ent

VPN WAN 555–557 Chapter 15 -sites, Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing VPN/firewall, 164,166 Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Index

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

W

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and WAN access module scalable thin- client com puting envir onment and deploy data center VPN, 164–167 Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also dedicated media, learn162–163 t o centr alize application managem ent, r educe soft w ar e on the desktop, mor e. remote user Internet access, and 167–168 VPN access, 164–165 < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaWAN ble o faccess Con t ensecurity ts exposures, 227 Citr ix MetaFr am e Access WAN architecture, 126Suite for Window s Ser v er 2003—The Official Guide For ewor d

WAN bandwidth, 533–535

I ntr oduction

WAN calculation 534 Pa r t I - bandwidth Ov er vi e w of Ente r pr iseworksheet, Se r ve r - Ba se176, d Com put in g I ntr oducing Ser ver -Based Com puting and th e On- Dem and WAN bandwidth management, 573–577 Chapter 1 Enterpr ise

WAN distribution layer, 161

Chapter 2

- Window s Ter minal Ser vices

WAN hardware, Chapter 3 - Citr ix535–537 MetaFr am e Access Suite

532ng a n Ent e rpr i se SBC Solut ion Pa r t current, I I - De signi

current reusable, Pr epar ing533 Your Or ganization for an On- Dem and Enterpr ise mplem ent ation WAN media,I 171–175

Chapter 4 Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

WAN requirements, 532–537

WAN router- configuration, 552–553 The Client Envir onment WAN and security hardware list, 536–537 Chapter 8 - Security Chapter 7

Chapter 9 -(ATM/DSL), Net w or k Managemen WAN sites 554–555 t Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

WAN sites (VPN), 555–557

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

WAN survey, 301

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

WAN team, Chapter 12 - 326 Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - bandwidth Application management, I nstallation and177 Configur at ion WAN traffic Chapter 14 - Client Configur ation and Deploym ent

WAN upgrades, 304–305

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

WAN (wide area network) accessing legacy servers, 316 Chapter 17 - Net wor k Configur at ion bandwidth management, 553–555 Chapter 18 - Pr int in g connectivity, 28 Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Packeteer settings, 554 Chapter 16 - Securing Client Access

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

WBEM (Web-Based Enterprise Management), 269

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envirdata onment Weather activity, center and, 141

Pa r t I V - Appendi x es

Web application access center, MetaFrame as, 96–98

Appendix A - I nter netw or k ing Basics

Web Edition of Windows 2003, 38

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Web Interface Administration tool, 499–512 Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndexgeneral settings, 499–502

ICA client List of Figur es settings, 505–510 server settings, 502–505

List of Tables

Web Interface configuration page, 500 List of Case Studies List of Sidebars Web Interface for MetaFrame, 14,96–97,206,210–211

application publishing architecture, 211 configuring, 499–512 installing,495–499 step-by-step installation of, 498–499 upgrading from previous versions, 495 Web Interface for MetaFrame clients, 206,426–430

Web Interface Server FQDNs for, 492 mouse movements 446–447 Cit rix & Mekeystrokes, t aFra m e Access Su it e fo r W in do w s Ser ver persistent cache 447 2 00enabling, 3 : Th e O ff icial Guid e SSL certificatebyfor, 492–495 ISBN:0072195665 Steve Kaplan et al. McGr aw -Hill © 2003 (724text pages) Web Interface Web site, customizing on, 510–511 This guide ex plains how to build a r obust, reliable, and Web-based applications, 21–22

scalable thin- client com puting envir onment and deploy

Weekly maintenance Windows activities, 2000/656 Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

WFQ (weighted fair queuing), 178 on the desktop, and mor e. Windows applications, 16-bit vs. 32-bit, 58

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Clipboard, and Seamless Windows, 84 TaWindows ble o f Con t en t s Citr ix MetaFrInstaller am e Access for Window s Ser v er 2003—The Official Guide Windows MSI Suite package, 46 For ewor d

Windows Installer Service 2.0, installing, 365

I ntr oduction

Windows NT 644put in g Pa r t I - Ov er vi e3.51 w of server Ente r prdomain ise Se r veupgrade, r - Ba se d Com Windows NTI 4.0, benefits ofver migrating from, 642 and th e On- Dem and ntr oducing Ser -Based Com puting -

Chapter 1

Enterpr ise

Windows NT 4.0 Server domain upgrade, 645–647

Chapter 2

- Window s Ter minal Ser vices

Windows NT 4.0 Server TSE. See TSE - Citr ix MetaFr am e Access Suite

Chapter 3

Windows Registry, Pa r t I I - De NT signi ng a n Ent56 e rpr i se SBC Solut ion Pr process, epar ing Your Or ganization for an On- Dem and Enterpr ise Windows 588–589 Chapter 4 print I mplem ent ation

Windows printing, 588–590 - Ser ver - Based Computing Data Center Architect ure Windows Server 2000 2003, to, 56Based Com put ing Chapter 6 - Designing or Your Netwmigrating or k for Ser verChapter 5

Chapter 7 Server - The Client onment Windows 2003, Envir 37–38 Chapter 8 -mode Security domain features, 647–648 Chapter licensing, 9 - 64–65 Net w or k Managemen t Pa r t migration, I I I - I m ple12 m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

security 238–239and Deploying an Enter pr ise SBC Envir onment Chapter 10 - changes, Pr oj ect Managing WMI, Chapter 11270 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 server - Ser ver Configur ation: Windows environment, 121Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Windows Task Manager Applications tab, 399

Chapter 14 - Client Configur ation and Deploym ent

Windows Terminal Services. SeeTerminal Services

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Windows 194–195, 206–209 Chapter 16 terminals, - Securing27, Client Access as thin-client devices, 194 at ion Chapter 17 - Net wor k Configur basic 207 Chapter 18setup, - Pr int in g

with embedded programs, 208 management of, 207–209 Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP savings estimates, 697

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Windows 2000 Envir graphical onment enhancements, 46

Pa r t I V - Appendi x es

Windows 2000 licensing, 63–64

Appendix A - I nter netw or k ing Basics

Windows 2000 with RDP 5.0, 46–47

Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

WindowsC 2003 editions 38–41 ise Subscr iption Billing Model Appendix - Creating an comparison, On- Dem and Enterpr I ndex Windows 2003 and MetaFrame XP, migration to, 641–652 List of Figur2003 es Windows RDC, 47 List of Tables

Wines, Lee, 15

List of Case Studies

WinFrame, 71 List of Sidebars

WINS,125,156 WINS architecture design, 125 Win32 ICA client, Seamless Windows feature, 456 Win32 Program Neighborhood (PN) client, 440–441 WinView,71

Wireless tablet device, 213 Wireless WANs, 7,442–447 Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver WLAN access module, 161–163 2 00 3 : Th e O ff icial Guid e

WLAN hardware,byCME Corp, 544et al. Steve Kaplan McGr CME aw -HillCorp, © 2003542, (724544 pages) WLAN requirements,

ISBN:0072195665

WLAN topology, This 580 guide ex plains how to build a r obust, reliable, and

scalable thin- client com puting envir onment and deploy

WLAN (wireless LAN) access, Windows 2000/157 Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e CME Corp, 579–580 on theand, desktop, and mor e. security exposures 226–227 < ?xm l version= " 1.0" encoding= WMI consumer (MOM), 276 " I SO- 8859- 1" ?> Ta ble o f Con t en t s

WMI provider, 275–277

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

WMI (Windows Management Instrumentation), 269–270 For ewor d I ntr Work oduction breakdown structure, 299–300 Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Workforce mobility, 17

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 environment, Working Enterpr ise assessing, 289 Chapter Working-in-background 2 - Window s Terpointer, minal Ser 445 vices Chapter 3 (wireless - Citr ix MetaFr am7, e 442–447 Access Suite WWANs WANs), Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Wyse Rapport Enterprise application, 456

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Wyse WinTerm I mplem Windows ent ation terminal, 27,30,195,207

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Index

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

X

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and X.500 directory services standard, 155

scalable thin- client com puting envir onment and deploy

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also XML port configuration page, 497 learn t o centr alize application managem ent, r educe soft w ar e

XML Service (Citrix), 375, 497 and mor e. on the desktop, XML Service port assignment, viewing, 497 < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> TaX-Windows, ble o f Con t en 374 ts

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Index

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Y

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and Yearly support savings estimates, 697

scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Index

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Z

by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages)

ISBN:0072195665

This guide ex plains how to build a r obust, reliable, and ZAKs (Zero Administration Kits), 203–204

scalable thin- client com puting envir onment and deploy

ZDC server, 85 Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e

ZDC (Zone Data on Collector), 86,659 the desktop, and mor e. Zones, managing, 659 < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver List of Figures 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al.

ISBN:0072195665

aw -Hill © 2003 (724 pages) Chapter 1: McGr Introducing Server-Based Computing and the OnThis guide ex plains how to build a r obust, reliable, and Demand Enterprise scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learncombines t o centr alize application managem Figure 1-1: SBC flexibility with low costs. ent, r educe soft w ar e on the desktop, and mor e.

Figure 1-2: A typical remote office in a PC-based computing environment < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Figure 1-3: A typical office utilizing enterprise server-based computing

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d Figure 1-4: A typical on-demand enterprise data center I ntr oduction

1-5: WinTerm terminal Pa r t I Figure - Ov er vi ew A ofWyse Ente r pr ise Se r veWindows r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 -1-6: ABM Industries' on-demand enterprise infrastructure Figure Enterpr ise Chapter 2

- Window s Ter minal Ser vices

Chapter- Citr 2: ixWindows Terminal Services MetaFr am e Access Suite

Chapter 3

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Figure 2-1: Execution a ganization multiuser for Windows Pr epar ing YourofOr an On- application Dem and Enterpr ise

Chapter 4

-

I mplem ent ation

Figure session Chapter 5 -2-2: SerAn ver RDP - Based Computing Data Center Architect ure Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Figure 2-3: The connection process in an RDP session

Chapter 8 -2-4: Security Figure The Terminal Services Manager application showing a disconnected session Chapter 9 - Net w or k Managemen t

2-5: disconnection process anseRDP session Pa r t I Figure I I - I m ple m The ent ing a n O n-D e m a nd Se r ve rin - Ba d Com pu ti ng Envi r onm e nt Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Figure 2-6: Remote Desktop Client remote control process

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 12 -2-7: SerSetting ver Configur ation: Citr ixfor MetaFr e Presentation Ser ver Figure timeout values RDPam sessions Chapter 13 - Application I nstallation and Configur at ion

Chapter 3: Citrix MetaFrame Access Suite

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access

Figure 3-1: ICA presentation services

Chapter 17 - Net wor k Configur at ion Chapter Figure 18 -3-2: Pr int How in g SpeedScreen improves link performance Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Figure 3-3: ICA's connectivity options

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting Figure Chapter 21 -3-4: MetaFrame Secure Gateway example deployment Envir onment Pa r t I Figure V - Appendi es 3-5: xMSAM

portal page screenshot

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Chapter 4: Preparing Your Organization for an On-Demand Enterprise Implementation I ndex Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model List of Figur es List ofFigure Tables 4-1: ABM's user survey form List of Case Studies

Chapter 5: Server-Based Computing Data Center Architecture

List of Sidebars

Figure 5-1: Legacy systems located near MetaFrame servers

Chapter 6: Designing Your Network for Server-Based Computing Figure 6-1: Distributed vs. server-based network usage

Figure 6-2: Network design logical symbols Figure 6-3: Typical LAN access module

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Figure 6-4: Typical WLAN access module by Steve Kaplan et al.

ISBN:0072195665

McGr awbranch -Hill © 2003 (724 pages)access module (dedicated media) Figure 6-5: Typical office WAN This guide ex plains how to build a r obust, reliable, and

Figure 6-6: Typical office WAN access module and (VPN router) scalablebranch thin- client com puting envir onment deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t obranch centr alize application managem ent, (VPN r educehardware) soft w ar e Figure 6-7: Typical office WAN access module on the desktop, and mor e.

Figure 6-8: Typical branch office WAN access module (VPN firewall)

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Figure 6-9: Typical data center VPN termination module

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor Figure d 6-10: Typical data center Internet services access module I ntr oduction

6-11: center RAS Pa r t I Figure - Ov er vi e w ofTypical Ente r prdata ise Se r ve r - Ba se dmodule Com put in g I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter Figure 1 -6-12: Frame relay vs. T1/E1 point-to-point connections Enterpr ise Chapter 2 -6-13: Window s Ter minal Ser vices Figure ATM data center network connected to frame relay Chapter 3 - Citr ix MetaFr am e Access Suite

6-14: PRISolut structure Pa r t I Figure I - De signi ng ISDN a n EntBRI e rprand i se SBC ion Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Chapter 4 -6-15: Network with a Packeteer PacketShaper Figure I mplem ent ation Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Figure 6-16: Denied session request

Chapter 7 -6-17: The Client Envir onment Figure Bandwidth partitioning Chapter 8

- Security

Figure prioritization Chapter 9 -6-18: Net wBandwidth or k Managemen t Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Figure 6-19: Packeteer analysis report

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 -6-20: Ser ver Configur ation: Windows m inal Serv ices Figure A small business network Ter example Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Figure A medium-sized network Chapter 13 -6-21: Application I nstallationbusiness and Configur at ion example (dedicated media) Chapter 14 - Client Configur ation and Deploym ent

Figure 6-22: A medium-sized business network example (Internet/VPN media)

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Chapter 16 -6-23: Securing Client Accessbusiness network example (Core) Figure A medium-sized Chapter 17 - Net wor k Configur at ion

Figure Chapter 18 -6-24: Pr int A in glarge business network example (distribution/core layer) Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Figure 6-25: Large business distribution and core components

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ation of the Ser v er - Based Com puting

Chapter Envir 7: The onmentClient Environment

Chapter 21 -

Pa r t I V - Appendi x es

Figure A netw Windows Appendix A -7-1: I nter or k ingterminal Basics with various embedded programs Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Figure 7-2: The Web Interface application publishing architecture

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex Figure 7-3: A wireless tablet device accessing a Citrix MetaFrame server farm List of Figur es List of Tables

Chapter 8: Security

List of Case Studies List of Sidebars

Figure 8-1: Security model vs. user impact Figure 8-2: Cisco Systems' Security Wheel Figure 8-3: Implementation cost vs. risk Figure 8-4: A distributed network in which each regional work site has its own resident file server

Figure 8-5: A centralized network in which the load-balanced file servers reside all in one place Figure 8-6: Classic firewall system

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

2 00 3 : Th e O ff icial Guid e Figure 8-7: The basic enterprise firewall system by Steve Kaplan et al.

ISBN:0072195665

McGr aw -HillSecure © 2003 (724 pages) Figure 8-8: MetaFrame Gateway This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the and mor e. Figure 9-1: The MIBdesktop, hierarchy

Chapter 9: Network Management < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Figure 9-2: SNMP communities Ta ble o f Con t en t s

Citr ix Figure MetaFr am e Access Suite for within Window Ser v er 2003—The Official Guide 9-3: A security alert ans SME For ewor d

Figure 9-4: Network discovery I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Figure 9-5: Agent monitoring

Chapter 1

-

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Figure 9-6: Multisite network monitoring

Chapter 2

- Window s Ter minal Ser vices

Chapter 3 -9-7: CitrEvent ix MetaFr am e Access Suite Figure correlation Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Figure 9-8: Software distribution in an environment Pr epar ing Your Or ganization forSBC an OnDem and Enterpr ise

Chapter 4

-

I mplem ent ation

Figure a distributed network Chapter 5 -9-9: SerSoftware ver - Baseddistribution Computing in Data Center Architect ure Chapter 6

Designing Your Netw or k for Ser ver- Based Com put ing Figure -9-10: A daily report or hot sheet

Chapter 7

- The Client Envir onment

Chapter Figure 8 -9-11: Security RM architecture Chapter 9

- Net w or k Managemen t

Figure 9-12: The MOM Administrator Console

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Part III: Implementing an On-Demand Server-Based Computing Environment

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Chapter 14 -10-1: ClientThe Configur ation and Deploym ent (CME) network schematic Figure Clinical Medical Equipment Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Figure The CME Campus topology Chapter 16 -10-2: Securing Client Corporate Access Chapter 17 - Net wor k Configur at ion

Chapter 10: Project Managing and Deploying an Enterprise SBC Environment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Ongoing Administr ation of the Ser v er - Based Com puting Chapter 21 -10-3: Organizational chart method of a work breakdown structure Figure Envir onment Pa r t I V - Appendi x es

Figure 10-4: Outline method of a work breakdown structure

Appendix A - I nter netw or k ing Basics

Appendix B -10-5: Creating an On- legacy Dem andservers Enterpracross ise Financial Analysis Model Figure Accessing the WAN Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex Figure 10-6: ABM's data migration procedure guidelines List of Figur es

Chapter 11: Server Configuration: Windows Terminal Services

List of Tables

List of Case Studies List ofFigure Sidebars 11-1: Imaging

Figure 11-2: Scripting

Chapter 13: Application Installation and Configuration Figure 13-1: Shadow key propagation

Figure 13-2: Deploying an application to a few servers Figure 13-3: The conceptual design of a package-building process Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

00 3 : Th e O ff icial Guid e Figure 13-4: 2The IM job creation process by Steve Kaplan et al.

ISBN:0072195665

aw -Hill Manager © 2003 (724server pages) configurations Figure 13-5: McGr Installation This guide ex plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e desktop, and mor e. Figure 14-1: on Thethe MetaFrame Web Interface site

Chapter 14: Client Configuration and Deployment < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Figure 14-2: A Terminal Server Advanced Client site Ta ble o f Con t en t s Citr ix Figure MetaFr am e Access Suite for Window s Ser v Acceleration er 2003—The properties Official Guide 14-3: The SpeedScreen Browser page For ewor d

Figure 14-4: The SpeedScreen Latency utility I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter- I15: Profiles, Policies, and Procedures

Chapter 1

Enterpr ise

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Figure 15-1: The Terminal Server profile path

Pa r t I Figure I - De signi ng User a n Ent e rpr i se SBC Solut ion 15-2: Profile Path

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Figure 15-3: I mplem Profile ent ation processing Figure -15-4: The Group Policy Management Console policy scope Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 6

Chapter 7 -15-5: The Client Envir onment Figure The Group Policy Management Console Group Policy results Chapter 8 - Security

Figure a separate OU for MetaFrame servers Chapter 9 -15-6: Net wCreating or k Managemen t Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Figure 15-7: Creating a new Group Policy

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 -15-8: Ser ver Configur ation: Windows m inal Servusers ices group Figure Applying the Group PolicyTer to the Citrix Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver

Figure Denying the Groupand Policy to the Domain Admins group Chapter 13 -15-9: Application I nstallation Configur at ion Chapter 14 - Client Configur ation and Deploym ent

Figure 15-10: Enabling Group Policy loopback processing

Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Chapter 16 -15-11: Securing Client Access mode to Replace Figure Setting loopback Chapter 17 - Net wor k Configur at ion

Figure for Application Data redirection Chapter 18 -15-12: Pr int inSettings g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment

Chapter 16: Securing Client Access

Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir onment Figure 16-1: The CME secure gateway diagram

Pa r t I V - Appendi x es

Appendix A -16-2: I nterCitrix netw or k ing Basics required for Secure Gateway Deployment Figure components Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Figure MetaFrame Management XML port identification tab Appendix C -16-3: Creating an On- Dem and EnterprConsole's ise Subscr iption Billing Model I ndex

Figure 16-4: The Web Interface configuration page

List of Figur es List ofFigure Tables 16-5: A custom Web Interface page showing the contents of a Microsoft folder List of Case Studies

Figure 16-6: CME's full Secure Access Center deployment with Web Interface, Secure Gateway, and MSAM

List of Sidebars

Chapter 17: Network Configuration Figure 17-1: The layered security hierarchy Figure 17-2: The CME host naming scheme (partial)

Figure 17-3: Typical Private WAN site network Figure 17-4: Cit TherixCME-TNG network Me t aFra msite e Access Su it e fo r W in do w s Ser ver 2 00 3 : Th e O ff icial Guid e

Figure 17-5: Typical private WAN Packeteer settings

ISBN:0072195665 by Steve Kaplan et al. McGr aw -Hill © 2003 (724 pages) Figure 17-6: A typical VPN WAN site network This guide ex plains how to build a r obust, reliable, and thin- client com puting envir onment and deploy Figure 17-7: scalable The CME-EUR network Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also t o centr alize application managem ent, r educe soft w ar e Figure 17-8: learn The CME-MEX Network on the desktop, and mor e.

17-9: CME-WEST network < ?xm l Figure version= " 1.0"The encoding= " I SO- 88591" ?> Ta ble o f Con t en t s

Figure 17-10: CME Corp Internet Packeteer settings

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d Figure 17-11: CME Corp Internet, Security Perimeter, and VPN/firewall configuration I ntr oduction

17-12: module Pa r t I Figure - Ov er vi e w of The Ente Private r pr ise SeWAN r ve r - Distribution Ba se d Com put in g I ntr oducing Ser ver -Based Com puting and th e On- Dem and Chapter 1 -17-13: CME Corp Private WAN PacketShaper settings Figure Enterpr ise Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Figure 17-14: Campus LAN access/distribution topology

Pa r t I Figure I - De signi ng aCampus n Ent e rprLAN i se SBC Solut ion 17-15: access/distribution

(partial)

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Figure 17-16: I mplem The entCampus ation WLAN access/distribution topology

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Figure -17-17: The dual core module Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 6

Chapter 7 -17-18: The Client Envir onment Figure The FEC adapter team Chapter 8 - Security

Figure The FEC member adapter (general) Chapter 9 -17-19: Net w or k Managemen t Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Figure 17-20: The FEC member adapter (link settings)

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 -17-21: Ser verThe Configur Windows Ter(power m inal Serv ices Figure FEC ation: member adapter management) Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Chapter 18: Printing

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Figure 18-1: The auto-creation process

Chapter 16 - Securing Client Access

Chapter 17 -18-2: Net wor k Configur at ion printer Figure A locally attached Chapter 18 - Pr int in g

Figure Network printer Chapter 19 -18-3: Disaster Recovery andICA Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Figure 18-4: Network printer

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting

Envir onment Figure 18-5: The Printer Management Properties window

Pa r t I V - Appendi x es

Appendix A -18-6: I nterThe netwDrivers or k ing Basics Figure tab of CMC Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Figure Driver Appendix C -18-7: Creating an compatibility On- Dem and Enterpr ise Subscr iption Billing Model I ndex

Figure 18-8: Driver mapping

List of Figur es List ofFigure Tables 18-9: The Auto-Creation Settings dialog box List of Case Studies

Figure 18-10: The Drivers tab in the Print Server Properties dialog box

List of Sidebars

Figure 18-11: The Replicate Driver console

Chapter 19: Disaster Recovery and Business Continuity in the SBC Environment Figure 19-1: Recovery time objectives

Figure 19-2: CME's network infrastructure Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver

Chapter 20:2 00 Migration toGuid Windows 2003 and Citrix MetaFrame XP 3 : Th e O ff icial e by Steve Kaplan et al.

ISBN:0072195665

Figure 20-1: McGr The CCS aw -Hill migration © 2003 (724 methodology pages) This guide ex plains how to build a r obust, reliable, and thin- client com puting envir onment and deploy Chapter 21:scalable Ongoing Administration of the Server-Based Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also t o centr alize application managem ent, r educe soft w ar e Computinglearn Environment on the desktop, and mor e. < ?xm l Figure version= " 1.0"Sample encoding= " I SO8859- 1" ?> 21-1: reboot script Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide

Appendix A: Internetworking Basics

For ewor d

I ntr oduction

Figure A-1: Data flow and the OSI model

Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Figure Chapter 1 -A-2: Data encapsulation in the OSI model Enterpr ise Chapter 2 -A-3: Window s Ter minal Ser vices Figure Common protocol suites versus the OSI model Chapter 3 - Citr ix MetaFr am e Access Suite

Appendix B: Creating an On-Demand Enterprise Financial Pr epar ing Your Or ganization for an On- Dem and Enterpr ise Analysis Model I mplem ent ation

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Chapter 4 Chapter 5

- Ser ver - Based Computing Data Center Architect ure Figure Demographics section averfinancial Chapter 6 -B-1: Designing Your Netw or k for of Ser Based justification Com put ing model Chapter 7

- The Client Envir onment

Chapter 8

- Security

Figure B-2: Logistics section of a financial justification model

Chapter 9 -B-3: Net Costs w or k Managemen Figure section of at financial justification model Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Figure sectionand of aDeploying financial an justification Chapter 10 -B-4: Pr ojReport ect Managing Enter pr isemodel SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Appendix C: Creating an On-Demand Enterprise Subscription Billing Model Chapter 14 - Client Configur ation and Deploym ent Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Figure C-1: Detail from RM report

Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver List of Tables 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al.

ISBN:0072195665

aw -Hill © 2003 (724 pages) Chapter 2: McGr Windows Terminal Services This guide ex plains how to build a r obust, reliable, and scalable 2003 thin- client com Comparison puting envir onment and deploy Table 2-1: Windows Editions

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e Table 2-2: RDP Version 5.0 vs. RDC on the desktop, and mor e.

2-3: Windows Server 2003 New < ?xm l Table version= " 1.0" encoding= " I SO88591" ?>Features and Benefits Ta ble o f Con t en t s

Chapter 3: Citrix MetaFrame Access Suite

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d

I ntr oduction Table 3-1: Citrix ICA Value-Add Features Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

Table 3-2: I ntr MetaFrame oducing SerXP ver -Based FR-3 Feature Com puting Gridand th e On- Dem and -

Chapter 1

Enterpr ise Table List Pricing (New Customer) Chapter 2 3-3: - Window s Ter minal Ser vices Chapter 3

- Citr ix MetaFr am e Access Suite

Table 3-4: List Pricing (Upgrades)

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise

Chapter 4

mplem ent ation Chapter- I5: Server-Based Computing Data Center Architecture

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6 5-1: - Designing Your Netw or k for Ser verCom put ing Table Comparison of Commercial FireBased Suppression Systems Chapter 7 - The Client Envir onment

Chapter- Security 6: Designing Your Network for Server-Based Computing

Chapter 8 Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Table 6-1: Sample WAN Bandwidth Calculation Worksheet

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices

Chapter 7: The Client Environment

Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion

Table 7-1: Three-Year Price Comparison—PC vs. Windows Terminals

Chapter 14 - Client Configur ation and Deploym ent Chapter 15 7-2: - Pr ofiles, and Pr ocedu res Table ClientPolicies, Categories Chapter 16 - Securing Client Access

Table DecisionatMatrix Chapter 17 7-3: - NetClient wor k Configur ion Chapter 18 - Pr int in g

Chapter 9: Network Management

Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Ongoing Administr ationBackup of the Ser v er - Based Com puting Table SLA for Enterprise Chapter 21 9-1: Envir onment Pa r t I Table V - Appendi x es 9-2: Citrix

MetaFrame Views

Appendix A - I nter netw or k ing Basics

Chapter 12: Server Configuration: Citrix MetaFrame Presentation Server I ndex Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model

Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model List of Figur es

Table 12-1: MetaFrame for UNIX Hardware Requirements

List of Tables

List ofTable Case Studies 12-2: Operating System Requirements for MetaFrame for UNIX List of Sidebars

Table 12-3:ctxshutdown Command Parameters Table 12-4: Syntax and Parameters for the App Config Add Program Table 12-5: mlicense Command-Line Utility Syntax and Parameters

Chapter 13: Application Installation and Configuration

Table 13-1: Generic Functions Test List 1 Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver Table 13-2: Server Configurations for Installation Manager 2 00 3 : Th e O ff icial Guid e ISBN:0072195665

Steve Kaplan et al. Chapter 14:by Client Configuration and Deployment McGr aw -Hill © 2003 (724 pages) This guide ex plains how to build a r obust, reliable, and

Table 14-1: MetaFrame Feature Release ICA Client scalable thin-XP client com puting envir3onment and Comparison deploy Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also

Table 14-2: Feature of the ICA Win32ent, Webr educe Clientsoft and ICA learn t o Comparison centr alize application managem w ar e Win32 Web Client Minimal Installation on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s

Chapter 16: Securing Client Access

Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d Table 16-1: Similarities of ICA and MSAM Environments I ntr oduction

MSAM and Their Functions Pa r t I Table - Ov er16-2: vi e w of Ente rServices pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

ise Chapter Enterpr 17: Network Configuration

Chapter 3 17-1: - Citr ix MetaFr amWAN e Access Suite Table Reusable Hardware Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Table 17-2: WAN Calculation Pr epar ing Bandwidth Your Or ganization for anWorksheet On- Dem and Enterpr ise -

Chapter 4

I mplem ent ation Table WAN andComputing Security Hardware Chapter 5 17-3: - Ser ver - Based Data Center Architect ure Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Table 17-4: WAN and Security Hardware

Chapter 8 17-5: - Security Table CME-MEX LAN Hardware Chapter 9 - Net w or k Managemen t

CME-EUR LAN Pa r t I Table I I - I m17-6: ple m ent ing a n O n-D e mHardware a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment

Table 17-7: CME-WEST LAN Hardware

Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 17-8: - Ser ver Configur ation:Hardware Citr ix MetaFr am e Presentation Ser ver Table CME Corp LAN Chapter 13 - Application I nstallation and Configur at ion

Table CME Corp ation WLAN Chapter 14 17-9: - Client Configur andHardware Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res

Table 17-10: CME Bandwidth Management Hardware

Chapter 16 - Securing Client Access

Chapter 17 17-11: - Net wor k Configur at ion Table Security Management Hardware/Software Chapter 18 - Pr int in g

Table Infrastructure Management Hardware/Software Chapter 19 17-12: - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP

Table 17-13: Internal Network Addressing Scheme (Partial)

Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Chapter 18: Printing

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics

Table Third-Party Printing Summary Appendix B 18-1: - Creating an On- Dem and Utility Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model

Chapter 19: Disaster Recovery and Business Continuity in the SBC Environment List of Tables I ndex

List of Figur es

List of Case Studies

Table 19-1: CME's Business Continuity Definitions

List of Sidebars

Chapter 20: Migration to Windows 2003 and Citrix MetaFrame XP Table 20-1: The Operating System and MetaFrame Upgrade Matrix Table 20-2: The Windows Server 2003 Domain Mode Feature Matrix

Table 20-3: Microsoft Terminal Services Licensing Cit rix Me t aFra m e Access SuBasics it e fo r W in do w s Ser ver Appendix A: Internetworking 2 00 3 : Th e O ff icial Guid e

Steve Kaplan et al. Table A-1: IPbyAddress Allocations

ISBN:0072195665

McGr aw -Hill © 2003 (724 pages)

Table A-2: Common IPex Protocols This guide plains how to build a r obust, reliable, and scalable thin- client com puting envir onment and deploy Windows TCP/UDP 2000/ Windows Table A-3: Common Ports2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, mor e. Table A-4: ICMP Types and and Codes < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver List of Case Studies 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al.

ISBN:0072195665

aw -Hill © 2003 (724 pages) Chapter 5: McGr Server-Based Computing Data Center Architecture This guide ex plains how to build a r obust, reliable, and scalable client comBuilds putingTheir envir onment andData deploy CASE STUDY: HomethinState Bank Own SBC Center

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e CASE STUDY: ABM Chooses AT&T to House Their Main Data Center on the desktop, and mor e. < ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars

Cit rix Me t aFra m e Access Su it e fo r W in do w s Ser ver List of Sidebars 2 00 3 : Th e O ff icial Guid e by Steve Kaplan et al.

ISBN:0072195665

aw -Hill ©Configuration: 2003 (724 pages) Chapter 11:McGr Server Windows Terminal Services This guide ex plains how to build a r obust, reliable, and scalable client putingthe envir onment and deploy Detailed Steps to UsethinCSTK to com Conduct User-Load Simulation

Windows 2000/ Windows 2003 Ser v er and MetaFr am e. Also learn t o centr alize application managem ent, r educe soft w ar e on the desktop, and mor e.

< ?xm l version= " 1.0" encoding= " I SO- 8859- 1" ?> Ta ble o f Con t en t s Citr ix MetaFr am e Access Suite for Window s Ser v er 2003—The Official Guide For ewor d I ntr oduction Pa r t I - Ov er vi e w of Ente r pr ise Se r ve r - Ba se d Com put in g

I ntr oducing Ser ver -Based Com puting and th e On- Dem and Enterpr ise

Chapter 1

-

Chapter 2

- Window s Ter minal Ser vices

Chapter 3

- Citr ix MetaFr am e Access Suite

Pa r t I I - De signi ng a n Ent e rpr i se SBC Solut ion

Pr epar ing Your Or ganization for an On- Dem and Enterpr ise I mplem ent ation

Chapter 4

-

Chapter 5

- Ser ver - Based Computing Data Center Architect ure

Chapter 6

- Designing Your Netw or k for Ser ver- Based Com put ing

Chapter 7

- The Client Envir onment

Chapter 8

- Security

Chapter 9

- Net w or k Managemen t

Pa r t I I I - I m ple m ent ing a n O n-D e m a nd Se r ve r - Ba se d Com pu ti ng Envi r onm e nt

Chapter 10 - Pr oj ect Managing and Deploying an Enter pr ise SBC Envir onment Chapter 11 - Ser ver Configur ation: Windows Ter m inal Serv ices Chapter 12 - Ser ver Configur ation: Citr ix MetaFr am e Presentation Ser ver Chapter 13 - Application I nstallation and Configur at ion Chapter 14 - Client Configur ation and Deploym ent Chapter 15 - Pr ofiles, Policies, and Pr ocedu res Chapter 16 - Securing Client Access Chapter 17 - Net wor k Configur at ion Chapter 18 - Pr int in g Chapter 19 - Disaster Recovery and Business Continuity in the SBC Envir onment Chapter 20 - Migr ation to Window s 2003 and Citr ix MetaFrame XP Chapter 21 -

Ongoing Administr ation of the Ser v er - Based Com puting Envir onment

Pa r t I V - Appendi x es

Appendix A - I nter netw or k ing Basics Appendix B - Creating an On- Dem and Enterpr ise Financial Analysis Model Appendix C - Creating an On- Dem and Enterpr ise Subscr iption Billing Model I ndex List of Figur es List of Tables List of Case Studies List of Sidebars