Setting Up the Program Neighborhood
The steps for setting up a connection to the MetaFrame server are similar for most all versions the ICA clients. On some versions of the ICA client, such as those typically included with thin client terminals, however, your connection type choices are limited to just custom ICA connections. With the full version of the Citrix ICA client, you also get Program Neighborhood functionality. The Citrix Program Neighborhood enables you to make a connection to a published application set, in addition to making custom ICA connections. The following list describes these two types of connections in more detail:
Custom ICA desktop or application With this connection type, the user connects to the Citrix server and receives either a full desktop on the server or runs a particular published application. You would create a desktop connection normally for users who run most or all of their applications from Citrix MetaFrame, rather than their local desktop, such as thin client terminal users. This can be a good option for thin client terminals to connect to an application on the farm that might not have the capability to connect to the entire published application set.
Published application set By setting up an application set, your users are shown a set of application icons based on what applications you published to them. This application set is refreshed every time you start Program Neighborhood. This configuration is one of the most flexible for administrators because you have complete central control over the applications that your users have. You can easily deploy or remove applications for hundreds of users at a time by just adding them or removing them from the associated application publishing group. In addition, you can publish full desktops to your users, just like you would publish an application.
During the creation of the connection entries, you need to make several choices common to both custom ICA connections and published application sets. One of the most important choices is what method of connection that you will use. The following are the methods available with the Windows 32-bit ICA client:
LAN connection Use this connection method over a high-speed local area network. This type of connection will not use a local cache for bitmaps.
WAN connection Use this connection method over a low-speed connection, such as a wide area network connection. By default, this type of connection will use a local disk cache for bitmaps.
Dial-up (PPP/RAS) When users attempt to use this method of connection, Program Neighborhood will first attempt to establish the selected dial-up PPP or RAS connection, before making the connection with the server. Use this connection method if your users need to dial up to the Internet to connect to your server, or if they dial in remotely to a RAS server, and then connect to the Citrix server.
ICA Dial-In ICA Dial-In is a feature that enables remote Citrix MetaFrame users to dial into a modem or modems attached directly to the Citrix server. This is an excellent way to enable easy remote administration and offers the highest level of performance over a dial-up line for a Citrix MetaFrame connection.
During the setup of either a custom ICA application or an application set, you can specify whether the application will run in a remote desktop window or use Seamless Windows. For those who are not familiar with the Seamless Windows feature, the choice might not be obvious.
The main difference is in how functions such as resizing the application window and minimizing and maximizing the application are handled. With Seamless Windows, the Citrix client makes the application look and feel as any other application running on your desktop, even though it is actually running on the Citrix server. This is the preferred choice for most situations because it is the most seamless connection setup for your users.
Using a remote desktop window, the window itself normally has a title bar that identifies it as a Citrix application. In addition, you can resize two windows, the one around your application and the application itself. With Seamless Windows, your users see only the application window itself, making the choice less confusing. Seamless Windows is a feature available only with Citrix MetaFrame. You can use this feature through the regular 32-bit client or through the web client with NFuse.
Listing Servers, Applications, and Server Farms
During the creation of either a custom ICA or application set, you will need to select from a list of servers, applications, or server farms as shown in Figure 12.2. The process by which this list is generated is important to understand, because unless your network environment is set up correctly, users will not be able to browse servers, applications, and farms from this list and will need to manually enter the IP address or name of your servers every time they need to set up a connection to the server farm.
Figure 12.2 Browsing for servers during custom ICA connection creation.
Citrix Service Browsing Using Broadcasts
At the point you click the drop-down list under servers, as shown in Figure 12.2, your client sends out a broadcast message for any server in an XP environment or master browser in a MetaFrame 1.x environment on your network to retrieve the server list. Under MetaFrame 1.8, the master browser automatically responds by sending the list.
Under MetaFrame XP the data collector, by default, will not respond, unless they have the Microsoft Remote Access Service (RAS) loaded. This same process applies for users who are trying to browse for applications while making a custom ICA application connection or for server farms, when setting up a connection to an application set.
You can easily change this setting in MetaFrame XP using the Citrix Management Console by doing the following:
Log on to the Citrix Management Console with read/write access.
Right-click the farm name at the top of the screen.
Click the MetaFrame Settings tab shown in Figure 12.3.
Put a check next to Data Collectors Respond to ICA Client Broadcast Messages.
Click OK and close the CMC.
This can be a very beneficial setting for ease of connection setup for MetaFrame XP and is highly recommended if you have a MetaFrame XP-only environment. If you have a mix of MetaFrame 1.8 or XP servers in different farms on the same network, you should leave this setting unchecked because unpredictable behavior might result when users attempt to browse for Citrix services.
Figure 12.3 MetaFrame settings on a farm.
Citrix Service Browsing and Wide Area Networks
Broadcasts only go as far as your broadcast domain, which in most cases is your local area network. This means that if you enable this setting, users on the local area network will now be able to browse for Citrix services using broadcasts, however users on the remote sites will not. With MetaFrame XP, there are three methods around this issue, which are covered in the following sections.
Use TCP/IP + HTTP for Browsing
The first method is to take advantage of the new browsing capabilities of the TCP/IP + HTTP protocol. When you select TCP/IP + HTTP from the protocol list and click the down arrow to browse for Citrix services, the client sends out a directed packet to ica by default. If ica or ica.[workstation domain name] resolves to the address of one of your Citrix servers, the client will retrieve the list of services from that server. As long as you set up name resolution correctly using WINS and/or DNS across your enterprise, clients from anywhere on your network will easily be able to browse for Citrix services using the TCP/IP + HTTP protocol.
With the version 6.2, release 985, of the 32-bit ICA client, Citrix now refers to the TCP/IP + HTTP protocol as HTTP/HTTPS instead. This is due to the inclusion of SSL encryption capabilities in the Citrix ICA client.
Although a detailed discussion of naming service set up is beyond the scope of this book, the basic goal is to make ica or ica.[workstation domain name] pingable from all workstations in your enterprise. If the domain name for your company is acme.com, for example, you should make an entry on your DNS servers for ica.acme.com. You also need to ensure your workstations are set to acme.com through DHCP. The following short instructions show you how to do this. (These instructions assume you have already set up enterprise-wide WINS replication and DNS replication for the domains of which your workstations are set to be a member.)
Enter a new static entry for ica in your WINS server. Set it for the IP address of your primary data collector.
Make sure you are setting the domain name for your workstations to the correct domain name using DHCP. Just like there is an entry on DHCP for what DNS servers your workstations will use, you also can set their member domain.
Enter a new host entry for ica.[your workstation's domain name] on your primary internal DNS server for each domain name you use on your workstations at all locations. Set the new host entry to the IP address of your primary data collector.
Make sure your workstations are set to use either a WINS server and/or a DNS server for name resolution. DNS is the preferred choice for name resolution.
Try pinging ica from a couple of test workstations on the network to verify that name resolution is working correctly. It should resolve to the IP address of your primary data collector.
Although you can set the IP address that ica resolves to, to any server in your farm, it is recommended to set it to the address of the data collector. In larger environments, as discussed in Chapter 6, "Planning a Terminal Server and Citrix MetaFrame XP Solution," it is recommended to dedicate one of your servers as the farm data collector to handle requests such as service browsing requests. Remember, this is easy to do now with MetaFrame XP because Citrix does not require the 15-user base license anymore.
Changes in the ICA Client Version 6.2 (Release 985)
Citrix made a significant change in the search order for a MetaFrame server farm in the ICA client version 6.2, release 985. When setting up an application set in previous versions of the 32-bit ICA client, the client would default to sending a TCP/IP broadcast message to try and find the farms that are on the local area network. With release 985, however, the default protocol is HTTP/HTTPS and the default server address is ica or ica.[domain name]. This change makes it even more useful and important to make sure that ica or ica.[domain name] is a resolvable hostname on your network that points to the address of the data collector for your MetaFrame XP farm.
Set Up a Local Citrix MetaFrame XP Server
Another option is to set up a Citrix MetaFrame XP server on the local network to handle browse list requests. Unlike MetaFrame 1.8, Citrix MetaFrame XP does not need an ICA gateway setup for browse lists to be shared between servers across a wide area network.
By default, a data collector is elected for every local network. All the data collectors on a farm replicate a common browse list of all Citrix services available across the farm. This means that if a client on the remote network sends out a broadcast, and there is a Citrix MetaFrame XP server on that network, it will respond to the broadcast with a list of services. For this technique to work, you need to enable Citrix server browsing using broadcasts as shown in the "Citrix Service Browsing Using Broadcasts" section.
This is a highly recommended option where you have two or more large data centers with numerous Citrix clients at each data center. Unlike MetaFrame 1.8, MetaFrame XP can be installed on as many servers as needed without incurring the cost of a base license. For this reason, you could choose one of your Windows 2000 servers on the remote site, load Terminal Services and XP, and then enable Citrix service browsing using broadcasts. At that point, any clients on the remote LAN should be able to browse for Citrix services using broadcasts.
Manually Entering Server Locations
The final alternative for locating servers across a wide area network, or on a local area network if service browsing using broadcasts is disabled, is to click the Server Location button during connection setup and enter an address for your Citrix server. This is also the only way to attach to a Citrix server through a reverse proxy setup or using an alternate address across a firewall connection. For more information on using clients through a firewall or proxy server, refer to Chapter 17, "Firewalls and SSL Relay."
The window that appears when you click the Server Location button is shown in Figure 12.4. In this window, you have several options for manually specifying the location of your Citrix server farm. By default, for all protocols except TCP + HTTP, the address is set for (Auto-Locate). If the client is using the Auto-Locate feature to browse for Citrix services, it is using broadcast packets and must be on the same local area network as the Citrix servers. If the client is across a wide area network, you would set up the ability to browse for Citrix services by doing the following:
Click the Add button.
Enter the appropriate address type. If using TCP/IP, you can specify a server name, IP address, or DNS address for the server you want to connect to, and then click OK.
Go back to step 1 to continue adding addresses.
Figure 12.4 Server location.
When you browse for Citrix services, the client will send a packet to every server in the list. The client will display the list of services from the first server that responds. Generally you should put the address of your data collector server or servers in this list, otherwise any server that responds might have to respond with the address of the data collector, causing your client to have to send out another discovery packet.
As a means of disaster recovery, you also can specify up to two backup groups of servers from which the client can obtain a list of services. For more information on disaster recovery techniques, refer to Chapter 26, "Disaster Recovery Techniques and Enhancing Reliability."
Setting an IPX/SPX or NetBEUI Server Location Address
If you are using IPX/SPX, enter the network:node address (for example, 101:0877789f4509) in the Server Location window. You can determine the network address and node address by using the ipxroute config command on your Terminal Server console. Remember that the network number is unique not only for a segment, but also for a frame type. Make sure your client and the server are using the same IPX/SPX frame type. For NetBIOS over NetBEUI, your only choice is to enter the server name.
Setting Up a Custom ICA Connection
The following instructions show how to set up a custom ICA connection for either a desktop or an application using a full Windows 32-bit ICA client:
Run the Citrix Program Neighborhood from the user's desktop or from the Citrix ICA Client folder in the Program menu.
Double-click Application Set Manager from the main window and then click Custom ICA Connections.
Double-click Add ICA Connection.
At the Add New ICA Connection window that appears, select whether the connection method will be using a LAN, WAN, Dial-up, or ICA Dial-In, and click Next.
Enter the name for the custom ICA connection entry.
Select the appropriate protocol, and then select whether the connection will be to a desktop or a published application. If the connection is to a desktop, you will need to either select the server from the drop-down list, or enter the pingable name or address of the server. If it is to an application, you will need to select the application from the drop-down list. Click Next.
If the connection is to a published application, select whether to run in a Seamless Window or remote desktop.
Select the encryption level or use default, and then click Next.
If you want the have the user log on automatically, enter the user's name, password, and domain, and then click Next.
Select the number of colors used by the connection or use the server default and click Next.
If the connection is to a desktop, you will be prompted for an application to start when the connection is made. If you want an application started automatically for this connection, enter the application name and working directory, and then click Next.
Click Finish to create the connection.
The custom ICA connection entry you just created will now appear in the Program Neighborhood. If you want to change any properties for the connection in the future, right-click the connection and select Properties. The following options can be set only after the connection is made, by right-clicking the custom ICA connection entry and clicking the Options tab:
Use Data Compression This option is set by default for all custom ICA connection entries. It has a minimal effect on system performance versus the network bandwidth it can save. However, you might want to disable it when all your users have high-speed local area network connections to the server.
Use Disk Cache for Bitmaps Controls whether bitmaps are cached to disk from a Citrix session. This option can greatly improve screen-paint times on slow connections and is enabled by default when you select WAN as the connection method.
Queue Mouse Movements and Keystrokes If users complain that they are losing keystrokes or having to click twice to make actions happen within applications, you might try having them set this setting. However, the newer SpeedScreen Latency Reduction technology is generally a better choice for resolving these type of issues.
SpeedScreen Latency Reduction You can force SpeedScreen latency reduction to be on, off, or auto. The default is auto. For more information on this setting, see the section on SpeedScreen Latency Reduction in Chapter 21, "Performance Tuning and Resource Management."
Sound Quality You can disable sounds or override the server sound quality settings by changing this selection. Sound is generally easier to control at a connection level. You might want to do it at a user level window, however, if you have a few users who need sound and the rest do not.
Window Size You can control the screen size or use the server default using this setting.
These options are shown in Figure 12.5.
Setting Up an Application Set Connection
The following instructions cover setting up a connection to a published application set from your Citrix server farm. Users prefer this method over a custom ICA connection.
Open Citrix Program Neighborhood.
Double-click the Application Set Manager and then Find New Application Set.
Select WAN, LAN, or Dial-Up Networking from the Connection Method drop-down list and click Next.
Click the down arrow next to Browse for the Application Set to Add. At this point the client will send out a broadcast to attempt to find a list of server farms available on the local network. If no servers respond, you will need to click the Server Location button and enter an IP address for one of the servers in the farm.
On the next screen, select to enable sound, override the server default for the number of colors, and specify the window's size, if necessary, and then click Next and then Finish.
Figure 12.5 ICA options.
An icon for the application set you just created should now appear in the Citrix Program Neighborhood. Like with a custom ICA connection, you can right-click the application set, select Application Set Settings, and access several settings not available during the initial setup of the connections. The available settings are identical to those listed previously for custom ICA connection with the exception of the ability to control desktop integration.
Under the Options tab, you will find the additional option of turning off desktop integration. This can be handy for users or administrators who do not want shortcuts automatically created on their desktop or Start menu for published applications. When desktop integration is disabled, any icons that have been published to the desktop or Start menu will be removed and will appear only within the Citrix Program Neighborhood.
Changing ICA Settings
You will find that several different general settings can be modified for the Program Neighborhood by selecting ICA Settings under the Tools menu. The following sections cover the various settings available under each of the tabs within the ICA Settings window.
From the General tab under the ICA Settings window shown in Figure 12.6, you can change the following settings:
Client Name This is the client name reported to the Citrix server when the client logs on. This is the main identifier for the client when you use Citrix administrations tools, so you want to be sure that the client name used is consistent. If you need to remote control a client, for example, you will need to know their client name first. Generally set this for either the workstation name or username. By default, it gets set to the workstation name during client setup.
Serial Number Only necessary for licensing purposes, if you use a special version of the client from the Client PC Pack.
Keyboard Layout and Keyboard Type Enables you to change the keyboard settings from within the Citrix session. This is an important feature for international deployments of Citrix solutions.
Display Connect to Screen Before Making Dial-In Connections Enables you to verify connection settings before dialing in.
Display Terminal Window When Making Dial-In Connections Provides more information to the user on the status of the progress of the dial up. Normally used for troubleshooting dial-up connection problems.
Allow Automatic Client Updates Allows for the automatic download of client updates to the user during logon.
Pass-Through Authentication This is an important option to know about. If during the initial setup you selected to not enable the ability to use pass-through authentication, you can re-enable it here. Pass-through authentication allows a user's initial workstation logon credentials to be passed through to their Citrix logon seamlessly. In this way they do not have to enter their credentials twice, once at logon and once again when going into Citrix.
Use Local Username and Password for Logon Overrides the logon username and password specified for any connection by using the user's local username and password, unless the check box within the connection saying Don't Use Local Username And Password is checked. This is a good option to set for companies that want to enforce the use of single sign-ons. This also means that users do not have to bother with setting up logon credentials during the initial setup.
Figure 12.6 General tab.
The bitmap cache is used to cache commonly viewed screen bitmaps locally. Instead of sending the entire window across the line to the client, Citrix SpeedScreen technology will determine whether it can just send a reference to a portion of the screen that has already been cached in the client's bitmap cache. This technology is most beneficial over slow-speed connections, such as dial-up connections.
You can change the following three settings:
Amount of Disk Space to Use This is the percentage of the disk drive used for bitmap caching. By default, it is set for 1 percent of the user's drive space. With the size of modern hard drives, 1 percent of the drive space is normally plenty. If you want to adjust it, however, you can do it with this setting.
Bitmap Cache Directory By default, on Windows 2000, this is set for the Application Data folder under the user's profile folder. This is normally the best location.
Minimum Size of Bitmap to Cache This is the minimum size of a bitmap before SpeedScreen technology will consider it for caching. The size of 8K was determined through extensive testing and is optimal for most situations. If you find that your users are using applications that have a lot of repeated small graphics and these graphics are not being cached, however, you might want to decrease this setting to 6K or 4K.
Under the Event Logging tab, you can specify several options for creating an event log that logs user session information. The following settings are available:
Event Log File The folder and filename where the event log will be stored. By default, this is under the user's profile in the Application Data folder. You can set the log to overwrite every time or append to the log.
Connections/Disconnections Logs connection and disconnections from the Citrix servers.
Errors Logs any error messages that occur during logon or during the session.
Data Transmitted and Data Received Logs data packets transmitted or received.
Keyboard and Mouse Data Logs keyboard and mouse movements.
The last three settings can greatly slow down session performance and generate very cryptic entries in the log. These settings are generally not recommended unless you are requested to set them by Citrix to help resolve a problem.
On the other hand, logging the error messages can be very handy. If your users are having an intermittent problem logging on to Citrix, or random disconnects, you might try setting the log to be appended rather than overwritten and make sure that the Errors box is checked. After a couple of days, you can check the log to see whether you can gather any additional information on the problem.
The hotkeys or shortcut keys used in the Citrix ICA client are different from the keys used by the Terminal Server client. You can define the hotkeys used in a Citrix session within Citrix Program Neighborhood by selecting ICA Settings from the Tools menu and then clicking the Hotkeys tab. The hotkeys you can set under this tab are shown in Figure 12.7. As you can see, you can easily redefine the keys as you need them.
Figure 12.7 Hotkeys tab.
One of the most useful shortcuts to teach users is Ctrl+F1. This is equivalent to the Ctrl+Alt+End keystroke with Microsoft's client. Ctrl+F1 brings you to the Windows NT Security window, where you can change your password, log off, or disconnect.