The XenApp planning and installation documentation uses the following terminology.
An environment, including XenApp and Terminal Services, where applications are published on servers for use by multiple users simultaneously.
The farm servers that host published applications.
The farm servers that host services such as the data store or the license server. Typically, they do not host published applications.
A farm that is in regular use and accessed by users.
Design validation farm
A farm that is set up in a laboratory environment, typically as the design or blueprint for the production farm.
A preproduction pilot farm used to test a farm design before deploying the farm across the organization. A true pilot is based on access by select users, and then adding users until all users access the farm for their everyday needs.
The process in which a client transmits data to locate servers on the network and retrieves information about the server farm’s published applications. For example, during enumeration, the XenApp Plug-in for Hosted Apps communicates with the Citrix XML Service or the ICA browser, depending on the browsing protocol selected in the plug-in.
Enumeration can also be expalained as:
Application enumeration is when Citrix client software lists virtualized applications available on the XenApp servers. The client software transmits data to locate servers on the network and retrieves information about the published applications. For example, during enumeration, the XenApp online plug-in communicates through Citrix XML Service with the XenApp server to determine applications available for that user.
is a collection of citrix servers which provide published applications to all users(or, collection of servers that point to single database is a farm). It also prevent single failure of all citrix servers due to load balanced capabilities.
Citrix XenApp server uses server farms to organize and manage servers. This allows you to manage many settings as a unit rather than apply them individuallyto each machine. Servers in a farm all connect to the same datastore and generally have some features in common that make grouping them together logical. Farms also provide a method for application publishing. Publishing an application means to provide it to remote users from the server installation. Within the farm model are the two technologies that make the on-demand enterprise function: independent Management Architecture (IMA) and Independent Computing Architecture (ICA).
XenApp Setup comprises two installation wizards:
Create a New Farm. The first time you install XenApp, select Create a New Farm in the installation wizard and Setup creates the farm with that server hosting specific roles.The server where you installed XenApp and created the farm is the first farm server or the Create farm server.
Join an Existing Farm. When you run Setup on servers after installing XenApp on the first farm server, you take a different path in Setup and XenApp references the settings you specified on the first farm server. These servers join the existing farm and communicate with the first server in the farm.
The data store is the database where servers store farm static information, such as configuration information about published applications, users, printers, and servers. Each server farm has a single data store. To check the supported databases, click Here
A data collector is a server that hosts an in-memory database that maintains dynamic informationabout the servers in the zone, such as server loads, session status, published applications, users connected, and license usage. Data collectors receive incremental data updates and queries from servers within the zone. Data collectors relay information to all other data collectors in the farm. By default, the first server in the farm functions as the data collector.
By default, the data collector is configured on the first farm server during the Create Farm Setup and all other servers are configured with equal rights to become the data collector if the data collector fails. When the zone’s data collector fails, a data collector election occurs and another server takes over the data collector functionality. Farms determine the data collector based on the election preferences set for a server The data collector is an infrastructure server and applications are typically not published on it.
Other IMP def:
The data collector is responsible for managing all of the dynamic information in the farm. Dynamic information consists of items that change often such as connected sessions, disconnected sessions, and server loads. The data collector is responsible for knowing the global state of the farm. The data collector also performs resolutions. A resolution is a process where, upon user request, the data collector determines the least-loaded server that is hosting a load-balanced published application or desktop.
A zone is a grouping of XenApp servers that communicate with a common data collector. In large farms with multiple zones, each zone has a server designated as its data collector. Data collectors in farms with more than one zone function as communication gateways with the other zone data collectors.
The data collector maintains all load and session information for the servers in its zone. All farms have at least one zone, even small ones. The fewest number of zones should be implemented, with one being optimal. Multiple zones are necessary only in large farmsthat span WANs.
Zones within Citrix infrastructures are logical segments within a Citrix farm. Every zone has a data collector (described in the next paragraph). Servers in a zone will communicate with his zone data collector where the data collectors of every zone will exchange information which each other about his zones. Click Here to know more about zones.
Zones perform two functions:
Collecting data from member servers in the zone
Distributing changes in the zone to other servers in the farm
- Every farm will have zones and every zone will have data collectors.
What is a Zone Data Collector (ZDC)?
Each zone in a Presentation Server farm has its own traffic cop or ZDC. A ZDC may also at times be referred to as the Zone Manager. The ZDC maintains all load and session information for every server in the zone. ZDCs keep open connections to other farm ZDCs for zone communication needs. Changes to/from member servers of a ZDCs zone are immediately propagated to the other ZDCs in the farm.
Applications can be delivered to users by either streaming or hosting the applications on the server. If you are streaming applications, either to client or server, you must install a streaming file server in your environment. When streaming applications, you create profiles of the application and then store the profile on a file or Web server.
You can deliver applications to users by either virtualizing them on the desktop (streaming) or by virtualizing them on the server (hosting). If you are virtualizing applications on the desktop, either streaming to the client or server, create a streaming profile server in your environment. To virtualize applications on the desktop, you create profiles of the application and then store the profile on a file or Web server. The profile consists of the manifest file (.profile), which is an XML file that defines the profile, as well as the target files, a hash key file, the icons repository (Icondata.bin), and a scriptsfolder for pre-launch and post-exit scripts.
A Citrix License Server is required for all XenApp deployments. Install the license server on either a shared or stand-alone server, depending on your farm’s size. After you install the license server, download the appropriate license files and add these to the license server.
is a set of services and APIs that provide the Program Neighborhood ICA Client with a filtered view of all of the published applications (managed applications) in a given enterprise that a particular user can access.
The Web Interface is a required component in any environment where users access theirapplications using either the XenApp plugin or a Web browser. Install the Web Interface on a stand-alone computer; however, where resources are limited, the Web Interface is sometimes collocated with other functions..
XenApp Web and XenApp Services Sites
XenApp Web and XenApp Services sites (formerly known as Access Platform and Program Neighborhood Agent Services sites, respectively) provide an interface to the server farm from the client device. When a user authenticates to a XenApp Web or XenApp Services site, either directly or through the XenApp plug-in or the Access Gateway, the site:
Forwards the user’s credentials to the Citrix XML Service
- Receives the set of applications available to that user by means of the XML Service
- Displays the available applications to the user either through a Web page or by
- Placing shortcuts directly on the user’s computer
IMA(Independent Management Architecture)
A data store, which is a database for storing MetaFrame XP server configuration information, such as published applications, administrator names and permissions, and server listings, total licenses, load balancing configuration, MetaFrame XP security rights, and printer configuration.
A protocol for transferring the ever-changing background information between MetaFrame XP servers, including server load, current users and connections, and licenses in use.
In MetaFrame XP, IMA does not replace the ICA protocol. The ICA protocol is still used for client-to-server user sessions. The IMA protocol is used for server-to-server communication in performing functions such as licensing and server load updates, all of which occur “behind the scenes.”
– IMA has a data store, a database to store MetaFrame XP configuration information.
– IMA has a protocol, to transfer the changing data between MetaFrame XP servers including server load and current user connections.
IMA Service citrix
Its a collection of subsystems (dll) that communicate each other and provides services/functions to the presentation server. It works on the port 2512 and 2513. The port 2512 is used for communication between servers and the port 2513 is used for communication with CMC.
Independent Management Architecture Service (or IMA) provides the communication between servers in your Citrix environment.
IMA exists to manage your XenApp farm by providing a method of communication directly with each server. The types of data that are used through this service would be sessions, server load, licenses, and other data that you can view in your management tools. This communication exists on TCP port 2512 by default.
IMA is important for communication to your Citrix Application server but not necessary for current connected sessions. You can successfully stop IMA if needed to do things like recreate local host cache without effecting users that are logged in.
Independent Computing Architecture
ICA is a protocol designed specifically for transmitting Windows graphical display data as well as keyboard and mouse input over a network. ICA is one of two technologies used by Citrix servers, the other being WinFrame.ICA has the following benefits:
- Like Remote Desktop Services RDP Protocol, but with many enhancements.
- Very “thin”
- Screen Updates and keyboard/mouse movements, peripherals, printers, disks and so on.
- Optimized for WAN delivery, Bandwidth optimized, Latency sensitive.
- Printing and file transfers reduce performance.
Independent Computing Architecture (ICA) is a proprietary protocol for an application server system, designed by Citrix Systems. The protocol lays down a specification for passing data between server and clients, but is not bound to any one platform.
What is Client Lock Down?
Answer :- Typically ‘client lockdown’ is the process of securing an endpoint so that the user can only access authorised features. An example of this would be turning the device into a ‘Thin Client’ by locking it down so that an end user can only connect to published apps or desktops and can not use other features.
Worker Groups are new in Citrix XenApp 6. They’re collections of XenApp servers that reside in the same farm and are managed as a single unit. Worker Groups let you collect servers into groups for publishing applications, load balancing, and policy filtering. They’re particularly useful for larger installations where many XenApp servers must be managed as a single unit.
A worker group is simply a collection of XenApp servers in the same farm. Worker groups allow a set of similar servers to be grouped together and managed as one
Session shadowing lets you monitor and interact with user sessions. When you shadow a user session, you can remotely view the user session display and interact with the session using your own keyboard and mouse.
Caution: Shadowing restrictions are permanent. If you disable shadowing or shadowing features during Setup, you cannot reconfigure them after Setup, and they apply to any policies for user-to-user shadowing.
Prohibit shadowing of user sessions on this server: Disables user session shadowing on this server.
Allow shadowing of user sessions on this server: Enables user-session shadowing by the server.
You can apply the following restrictions:
Prohibit remote control: By default, authorized users can view a session they are shadowing and use their keyboard and mouse to interact with it. This option lets authorized users know their session is being shadowed.
Force a shadow acceptance popup: By default, an acceptance prompt notifies users when an authorized user attempts to shadow their sessions. This option prevents authorized users from shadowing sessions without sending an acceptance prompt.
Log all shadow connections: Enables logging of shadowing attempts, successes, and failures in the Windows event log.
Connecting to the Data Store
A factor in planning your data store is deciding how you want servers in the farm to access the server on which the data store database is running: directly or indirectly. (You specify the access method when you run Setup to install XenApp on servers to join an existing farm.)
- Direct access – If you are in an large farm environment, have a mission-critical farm, or are using Oracle, SQL Server, or DB2 as the database for your data store, Citrix recommends accessing the data store directly. For direct access, a server must have appropriate ODBC drivers installed and configured.
- Indirect access – With indirect access, servers in the farm connect to an intermediary server running XenApp, which connects to the data store directly. If you are in a small to medium environment and are using SQL Server Express or Microsoft Access for your data store, each server in the farm (other than the Create Farm server), must access the data store indirectly.
Citrix does not recommend indirect access for mission-critical farms because the intermediary server is a single point of failure. By default, indirect access uses TCP port 2512 for communication between servers in the farm and the intermediary server that connects to the data store. If the servers are in different subnets divided by a firewall, be sure this port is open on the firewall.
Protecting the data store is part of securing your server farm; this includes protecting the data and restricting who can access it. In a direct connection, all farm servers share a single user account and password for accessing the data store.
You can install Provisioning Services and create a single desktop operating system image (vDisk) that you can stream to multiple desktops hosted in the VM infrastructure.
Provisioning Services requires a database in which to store configuration information. Before you install Provisioning Services, ensure that an instance of Microsoft SQL Server 2005 or Microsoft SQL Server 2008 is available. This can be an existing database on the network (provided it can communicate with the Provisioning Services VM) or it can be a fresh installation. Microsoft SQL Server 2005 Express Edition is provided on the XenDesktop installation media if you need to create a new database server.
Netscalar: Citrix’s NetScaler provides 100% application availability, application and database server offload, acceleration and advanced attack protection. Deployed directly in front of web and database servers, NetScaler solutions combine high-speed load balancing and content switching, data compression, content caching, SSL acceleration, application flow visibility and a powerful application firewall into a single, easy-to-use platform.
Mostly netscalar is used for web interface load balancing.
Smart Auditor: Smart Auditor records applications that we publish to users. We can set prompt or disable prompt that applicaiton is recorded in smart auditor. So, if we dont configure, users wont get a prompt that their sessions is recorded. More information about smart auditor can be found Here
Edgesight Monitors xenapp servers and report(sms/mail) if any servers are not responding. To do this, all xenapp servers should have edge sight agent installed. Edgesight monitors only servers and NOT applications.
Edgesight installation is not recommended in citrix xenapp server because it has some problem with Terminal services(Remote Desktop Services).
Edgesight for load balancing is a seperate component from citrix, using which we can know how many users can a server support and within which we can calculate how many citrix servers we can have in our enviornment.
Citrix Password Manager: Citrix Password Manager provides password security and single sign-on access to Windows, Web, and terminal emulator applications running in the Citrix environment as well as applications running on the desktop. Users authenticate once and Password Manager does the rest, automatically logging on to password-protected information systems, enforcing password policies, monitoring all password-related events, and even automating user tasks, including password changes.
Citrix Branch Repeater: Citrix Branch Repeater appliances optimize your WAN links(in other words compresses ICA packets), giving your users maximum responsiveness and throughput at any distance. A Branch Repeater appliance is easy to deploy, because it works transparently. A twenty minute installation accelerates your WAN traffic with no other configuration required. You do not have to change your applications, servers, clients, or network infrastructure. Also, you can change them after Branch Repeater installation without affecting traffic acceleration. A Branch Repeater appliance needs reconfiguration only when your WAN links change.
Dazzle provides users with self-service access to the applications and desktops they need to work productively. Icons for those applications and desktops can be presented on the local desktop, on the Dock, or in the Dazzle folder available from the Finder.
The new, easy-to-use interface allows users to subscribe to applications and desktops hosted on XenApp and XenDesktop servers with a single click, replacing the need for individual connection files used by earlier versions of the plug-in.
Merchandising Server is a virtual appliance located in the datacenter that manages the setup, distribution and updates of plug-ins for Citrix Receiver. After performing a simple, one-time setup for Citrix Receiver, users automatically receive their plug-ins from Merchandising Server. Merchandising Server provides the administrative interface for configuring, delivering, and upgrading plug-ins for your users’ computers.
A hosted application, also known as Internet-based application, web-based application, online application and Application Service Providers (ASPs) are software applications where the software resides on servers that are accessed through the Internet instead of the more traditional software that is installed on either a local server or on individual PCs.
Hosting an application means that the application is installed on the Terminal Server and delivered to an end user with the application processing occuring mainly on the Terminal Server with the end user just seeing keyboard/window refreshing from their session.
Reduced costs, instant deployment, easier to maintain and reduced administration are among some of the main benefits.
Citrix XTE Service:
XTE stands for eXtensible Transformation Engine. XTE is a common infrastructure component used in multiple Citrix products. The XTE Service hosts the Password Manager Web services. This service is the same XTE Service that MetaFrame Presentation Suite uses; however, it uses added modules with a different configuration. The added modules and configurations prevent the Password Manager Service from being installed on a machine with other Citrix applications that use the XTE Service. In addition, the security model recommends the Password Manager Service server be placed in a physically secure location with limited access.
Citrix XTE server is for SSL Relay, Session Reliability and Password Manager Web Services. The name of the service for Session Reliability is ” Citrix XTE “. When you have any session reliability issues, restart XTE service and check.
The SSL Relay is a component that uses SSL to secure communication between Web Interface servers and server farms. The SSL Relay provides server authentication, data encryption, and message integrity for a TCP/IP connection. The SSL Relay is provided by the Citrix XTE Service.
The SSL Relay operates as an intermediary in the communication between the Web Interface server and Citrix XML Service. When using the SSL Relay, the Web server first verifies the identity of the SSL Relay by checking the relay’s server certificate against a list of trusted certificate authorities.
Application streaming simplifies application delivery to users by virtualizing applications on client devices. Administrators can install and configure an application centrally and deliver it to any desktop on demand.
Use the application streaming feature to install and configure an application on one file server in your App Hub, publish the application using the XenApp publishing wizard, and deliver it to any desktop or server on demand. To upgrade or patch an application, you make the updates only in the location where you stored the application. Application streaming augments application delivery not only to user desktops, but also to servers in your server farms.
Other Definition for Streaming:
Streaming an application means installing it into a profile and running it in an isolation environment. The application can then be either streamed to a server and then published to an end user or the application can be streamed directly to the client and even ran offline (like a laptop that is off the network). Not having the application directly installed on the servers can help with server/appmanagement. The application profile is just pulled down from a share location and once loaded the application launches.
Application streaming offers the following features:
- Apps cannot interfere with each other.Therefore you don’t have to regression
- Test all your applications every time you update or deploy a new app
- You can run multiple versions of the same app on the same server or workstation
- You can easily upgrade an application by repackaging and pointing the published app at the new package.
- Rollback is the same as above.
- A method to deploy apps to multiple workstations and servers.
- Apps that won’t work in a multi user environment will often work when virtualised.
- Install once, deliver anywhere
- seamless updates
- Application isolation
- Application caching
- Wide range of target environments
- Dual mode streaming
- Easy delivery of applications to farm servers
- Consistent end-user experience
- Offline access
- Once configured and delivered, applications are available to the user while disconnected from the network.
- Easy disaster recovery
All the above mentioned benefits are explained clearly in the PDF at link: Application Streaming
Streamed to Server: Application(Streamed App) caching will be done on server.
Streamed to Client: Applications caching will be done on client and resources wil be client ones. Even disconnected from server, users can use the application. Default time for the cached application is 21 days. It can be configured with minimum 2 days and maximum is 365 days. It can be configured by policy.
You should already be familiar with client-server architecture, redirection, and application publishing.
This illustration shows a basic deployment of XenApp.
Citrix XML Service and the Citrix XML Broker
The Citrix XML Broker functions as an intermediary between the other servers in the farm and the Web Interface. When a user authenticates to the Web Interface, the XML Broker:
- Receives the user’s credentials from the Web Interface and queries the server farm for a list of published applications that the user has permission to access. The XML Broker retrieves this application set from the Independent Management Architecture (IMA) system and returns it to the Web Interface.
- Upon receiving the user’s request to launch an application, the broker locates the servers in the farm that host this application and identifies which of these is the optimal server to service this connection based on several factors. The XML Broker returns the address of this server to the Web Interface.
The XML Broker is a function of the Citrix XML Service. By default, the XML Service is installed on every server during XenApp Setup. However, only the XML Service on the server specified in the Web Interface functions as the broker. (The XML Service on other farm servers is still running but is not used for servicing end-user connections.) In a small farm, the XML Broker is typically designated on a server dedicated to several infrastructure functions. In a large farm, the XML Broker might be configured on one or more dedicated servers.
The XML Broker is sometimes referred to as a Citrix XML Server or the Citrix XML Service. For clarity, the term XML Broker is used to refer to when the XML Service functions as the intermediary between the Web Interface and the IMA service, regardless of whether it is hosted on a dedicated server or collocated with other infrastructure functions. This illustration uses a large farm to show how the Web Interface and the XML Broker work together.
(1) The user connects to the Web Interface through the XenApp plug-in or a Web browser;
(2) the Web Interface contacts the XML Broker to determine which applications are available for this user;
(3) the XML Broker queries the IMA service for this information and returns the results to the Web Interface;
(4) the Web Interface displays the available applications to the user either through a Web page or by placing shortcuts directly on the user’s computer.
How Load Balancing Works
The load balancing (LB) feature distributes client requests sent to the system across several servers to optimize resource utilization. In a real-world scenario, a limited number of servers can provide service to a large number of clients. The servers can become overloaded causing a decrease in their performance. The system selects the server using the load balancing criteria and forwards the incoming client requests to it. Thus, the system balances the load on the servers.
Citrix Single Sign-on (formerly Citrix Password Manager) provides password security and single sign-on access to Windows, Web, and terminal emulator applications running in the Citrix environment as well as applications running on the desktop. Users authenticate once and Single Sign-on does the rest, automatically logging on to password-protected information systems, enforcing password policies, monitoring all password-related events, and even automating user tasks, including password changes.
Subscription Advantage and Licensing
When you purchase a new Citrix product, your purchase includes a one-year membership in Citrix Subscription Advantage. This membership entitles you to, among other benefits, any product updates, including major and minor releases, released during your membership period. For example, if you purchased XenApp, Advanced edition on July 22, 2009, you are entitled to any updates released for XenApp, Advanced edition until July 21, 2010. After your initial one-year membership period expires, you may choose to renew your Subscription Advantage membership. After paying Citrix for your renewal, you must go to citrix.com and download a license file containing your renewal license.
Note: A Subscription Advantage membership and its associated license are distinct from your license to run the product. If you do not renew your Subscription Advantage membership, your Citrix products do not stop working; however, you are not entitled to any software releases after it expires.