xenapp fundamentals step by step deployment...
TRANSCRIPT
XenApp Fundamentals Step by Step Deployment Guide
Step by Step Deployment Guide
2
Table of Contents 1.0 INTRODUCTION .................................................................................................................................... 3
2.0 OBTAINING INSTALLATION MEDIA AND LICENSES ..................................................................................... 3
2.1 Obtaining a Citrix license file for XenApp Fundamentals ............................................................. 5
3.0 Installing XenApp Fundamentals ...................................................................................................... 8
4.0 Licensing XenApp Fundamentals .................................................................................................... 14
4.1 Citrix Licensing Setup .................................................................................................................. 14
4.2 Terminal Server Licensing Setup ................................................................................................. 17
5.0 User Experience Configuration ....................................................................................................... 19
5.1 Publishing Applications ............................................................................................................... 19
5.2 Configuring Printer Access .......................................................................................................... 22
5.3 Configuring Profiles for users ...................................................................................................... 25
5.4 Testing your Deployment ............................................................................................................ 27
6.0 External Access Configuration ........................................................................................................ 28
6.1 Direct to Server deployment ....................................................................................................... 28
6.2 DMZ server deployment ............................................................................................................. 36
6.3 VPN deployment ......................................................................................................................... 46
7.0 Conclusion ....................................................................................................................................... 49
3
1.0 INTRODUCTION Citrix XenApp Fundamentals is the new name for Citrix Access Essentials. Some sections
of the user interface and as well as some product documentation may still refer to the
former name Citrix Access Essentials. This deployment guide is a step by step guide for
how to install and configure a XenApp Fundamentals environment that can be used for
proof of concepts, testing, or production purposes. This guide is applicable to XenApp
Fundamentals 3.0 on Windows Server 2008 and XenApp Fundamentals 2.0 on Windows
2003. You will need the following in order to successfully deploy XenApp Fundamentals:
A single-server deployment requires one server with Windows Server 2008 or
Windows Server 2003. This server can be in a workgroup or domain. XenApp
Fundamentals can be installed on the domain controller if there is no future
requirement to join a multi-server advanced mode deployment.
A multi-server deployment requires at least 3 Windows Server 2008 servers in
the same domain: 1 Domain Controller, 1 Master server, 1 Support Server.
External access deployments will require a Fully Qualified Domain Name and a
digital certificate obtained from a Public Certificate Authority or a Windows
Certificate authority.
If you are using a VPN to give external users access to the servers, you must
purchase or have a VPN solution already in place.
To configure server failover, you will require 1 unused static IP address.
2.0 OBTAINING INSTALLATION MEDIA
AND LICENSES The installation media and licenses for XenApp Fundamentals are obtained from
http://www.citrix.com. Use the following steps to download the XenApp Fundamentals
installation media and a product specific Citrix license file.
4
1
Go to www.citrix.com/downloads
Log in with your credentials to
see all available downloads.
2
Using the drop down arrow in
the "Search Downloads by
Product" field, select Citrix
XenApp Fundamentals from
the list.
Then select "Access Essentials
3.0 for Windows".
Note: Your Subscription
Advantage needs to be current
as of September 22, 2008 in
order to see XenApp
Fundamentals 3.0 as a product
option on this site.
5
3
Select the Download button
next to Access Essential 3.0 for
Windows Server 2008.
Note: This download contains
the installation for both XenApp
Fundamentals version 3.0 and
2.0. The correct version is
chosen automatically based on
the operating system detected
during installation.
4
Download the .iso image to a
location of your choosing.
Note: You may be asked to
download an ActiveX plug-in
before the .iso image can be
downloaded.
2.1 Obtaining a Citrix license file for XenApp Fundamentals Use these steps to obtain a Citrix license file for XenApp Fundamentals. The license file can be
obtained before or after the installation of the server.
6
1
Go to www.mycitrix.com and
log in with your credentials.
Note: Each user in the
company has credentials for
this site that is specific to the
individual and tied to the
company. If you having trouble
access this site or do not see
licenses available, contact Citrix
Customer Care at 1-800-4-
CITRIX.
2
Click on the arrow next to
"Choose as Toolbox" and select
"Activation System/Manage
Licenses "
3
Select the drop down next to
Current Tool and select
Activate/Allocate.
7
4
If you have already received
your license code in email, or
on the physical media package,
enter the code in the field
marked "Your license Code".
Once the code is entered select
"Continue".
If you have not received your
license code select the link
"View Licenses" to retrieve
your license code.
Note: If you do not see license
codes contact your reseller or
Citrix at 1-800-4-citrix.
5
a) Enter the case-sensitive
machine name of the
XenApp Fundamentals
“Master” server or single
server. For example
"SeRver1".
b) Enter how many licenses
you would like to allocate
to this license file.
c) Confirm your selection.
8
d) On the next page,
"Download" and save the
license file to any location.
You will upload this license
file on the Master server or
single server in the steps
below.
3.0 Installing XenApp Fundamentals This section details the installation of XenApp Fundamentals. After installation, there
may be additional setup steps required to configure Basic and Advanced mode if the
server is detected to be part of a domain.
9
1
Browse the installation
media for "Autorun.exe"
and double click to launch.
Select "Install" from the
Welcome screen.
2
Select “I accept the license
agreement and click Next.
10
3
Select "Application server"
to install XenApp
Fundamentals and all its
default components
Note: The option for a DMZ
server is selected only if you
are deploying a server in
your DMZ for secure
external access to the
server.
Note: If this server is a
domain controller you will
not see this option because
that server can only be an
Application server and not a
DMZ server.
4
Do not disable shadowing
unless it is a requirement for
your environment. Leave
the box unchecked and click
Next.
Note: If shadowing is
disabled, you will have to
reinstall XenApp
Fundamentals to enable it.
11
5
Give the installation a few
minutes to complete. All
necessary Windows
components such as
Terminal Services and IIS will
be installed automatically
along with XenApp
Fundamentals.
6
Select Yes to restart the
computer when prompted.
Note: This is not the end of
the product installation.
Once rebooted, the
installation needs to
continue.
7
Once a restart is successful,
ensure that any network
drive where the installation
media is stored has been
restored post-reboot. Select
"Ok" to continue the
installation once the
location is restored.
Note: If the installation files
are local, then this error will
not be received.
12
8
Once the installation is
complete, launch the Quick
Start Tool when prompted.
9
If the server is detected to
be part of a domain, the
following setup screens are
shown to configure the
server for either Basic or
Advanced mode. Select
Next to continue.
Note: If the server is in a
Workgroup, you will not get
these options.
13
10
If you select "New single
server (basic mode) there
will be nothing else to
configure.
If you select “New server
group" (Advanced mode)
select Next to continue the
configuration.
Note: A server in basic
mode can be switched to
Advanced mode after
installation as long as that
server is part of a domain
and the server does not
serve as a domain controller.
This is done using the Quick
Start tool.
11
Enter a name in the "Server
Group Name" field. Click
Next.
Note: A domain
Organizational Unit will
automatically be created in
Active Directory to match
the name chosen here. All
servers in the same Server
Group will be located in this
OU.
14
12
Verify the information and
select Finish.
13 If you plan on deploying multiple servers in the environment, use the
previous steps to install XenApp Fundamentals on another server. Place the
server in the same Server Group selected above. Additional servers will be
Support servers.
4.0 Licensing XenApp
Fundamentals The XenApp Fundamentals deployment will require both Citrix licenses and Terminal
Server Client Access Licenses (TSCALS). The product can be purchased with or without
TSCALs. If purchased without TSCALS, it is assumed that your company already has
available TSCALs in the environment. Follow the steps below to upload Citrix licenses on
the appropriate XenApp Fundamentals server and activate the Terminal Server licensing
server in the environment. Microsoft requires that Terminal Server licensing server be
installed on at least one server in a Workgroup or on a Domain controller if the server is
part of a domain. See Microsoft documentation for specifics about Terminal Server
CALs http://www.microsoft.com/windowsserver2008/en/us/licensing-terminal.aspx.
4.1 Citrix Licensing Setup Use the following steps to license your XenApp Fundamentals deployment.
15
1
On the Master Server, open
the Quick Start tool and go to
Setup > Licensing
Note: License administration
must be done on the Master
server because that server
contains the built-in Citrix
license server software.
Note: Your Citrix license file
should have been obtained
from http://mycitrix.com. See
section 2.1 in this document for
steps to obtaining your Citrix
license file.
2
Click Next.
16
3
Select Browse and point to the
location of your *.lic Citrix
license file. Then click Next.
Note: Your license file name
does not matter as long as it
has a .lic extension.
Select Finish to upload the
license file to c:\program
files\citrix\licensing\myfiles on
the Master server.
The Licensing screen in the
Quick Start tool should now
reflect how many Citrix licenses
are available.
17
4.2 Terminal Server Licensing Setup Follow these steps to setup Microsoft Terminal Server licensing.
1
In the Quick Start tool, select
Activate Terminal Server
License Server
2
Click "Start the Terminal
Server Licensing tool"
Note: If a Terminal Server
licensing server is already
activated in your environment,
select “I have activated the
Terminal Server License
Server”.
18
3
Right click your Terminal Server
licensing server and select
"Activate" to start the Activate
Server wizard.
4
Select Next.
5
Select the Connection method
that you will use to connect to
the Microsoft clearing house
for license activation.
19
6
Once Terminal Server license
activation is complete, in the
Quick Start tool select "I have
activated the Terminal server
License Server".
7
Once license activation for both
Citrix and Microsoft licenses
are complete, your screen
should show green check
marks.
5.0 User Experience Configuration
5.1 Publishing Applications Use the following steps to publish applications on the XenApp Fundamentals server.
20
1
In the Quick Start tool on the
Master server, go to Setup >
Applications > “Publish
Application”.
2
Select Next.
21
3
Put a check mark next to all
applications that you would like
to make available to users. If you
do not see your application in the
list, select Add to locate you
application executable. Click
Next.
Note: These applications must be
installed and working on each
server in the Server Group prior
to running the application
publishing wizard.
4
Click Add and select the users or
groups that will have access to
this published application. Click
Next.
22
5
Verify and click Finish.
5.2 Configuring Printer Access Use the steps below to configure printer access for users launching published applications. You
will need a printer shared on a Windows print server to allow users to use the Published printers
option. You will also need administrator rights to the printers on the printer server in order to
complete the steps below. A driver will need to be installed on the XenApp Fundamentals
Master server and that driver will automatically be replicated to all servers in the Server Group
for Advanced deployments. If users will utilize client printers, the printers must be configured
and working on the client device for it to be accessible in a session. A printer driver will not
need to be installed on the XenApp Fundamentals servers, the Universal Printer driver will
automatically be used instead.
1
In the Quick Start tool on the
Master server, select Setup >
Printers > "Setup Printers"
23
2
In the Setup Printer wizard,
select Next.
3
For Printer options, select
both Client and Published
printers or either one in the
drop down list.
Note: Select “Windows
managed printers only” if
users will define printer when
they are in a session or use
printers defined on the
XENAPP FUNDAMENTALS
server.
24
4
Enter credentials for the
account that has
administrator rights to the
printers on the print server.
Note: This screen is seen only
when the Published printer
option is selected.
5
If the print server is not found
automatically, click on Add
and enter the name or IP of
the Print Server.
Select the network printer and
then click on Select.
Click Next to continue.
6
Select the box next to Set the
default printer and select the
print in the drop down list.
Click Next and then Finish.
Note: The client will see this
printer as the default printer
in their user session.
25
5.3 Configuring user profiles Use the steps below to configure the Profile Management feature. This feature is only available
for multi-server deployments in Advanced mode. This will allow users to have a consistent
roaming profile no matter what XenApp Fundamentals server they connect to when launching
their published applications.
1
On the Master Server, launch
the Quick Start tool and go
to Setup >Servers >
“Configure Profile
Management”.
2
Select Next.
26
3
Log in as a user with domain
administrative privileges to
enumerate all servers in the
domain.
Note: This account must
have rights to create and
update file shares on
machines within the domain.
4
Select the server in the
domain that will host the
User profiles. If you do not
see servers in the list select
"Add" and enter the print
server name or IP.
Note: Two shared folders
will be created on this server.
This server does not need to
be a XenApp Fundamentals
server.
27
5
Leave the default location or
enter an alternate drive
letter. Click Next and Finish.
Note: Select a drive that has
sufficient space to store user
profile data.
Note: Users must have
Read/Write access to the file
shares that will be created on
this server. The appropriate
permission should be
automatically.
5.4 Testing your Deployment Use the steps below to test your XenApp Fundamentals deployment. It is best to test
functionality while connected to the LAN before configuring the server to be accessible
externally.
1
In a web browser, go to
http:\\MasterServerFQDN
Log in with a test user account
that has rights to specific
published applications.
28
2
You should see a list of
available published resources.
Select the icon of a published
application to launch it.
3
To test the printing
functionality, in the published
application select File >Print
and send a page to the
appropriate printer.
6.0 External Access Configuration To configure the XenApp Fundamentals server(s) to be accessible externally for users
residing outside your network, you have 3 deployment scenarios to choose from: Direct
to Server, DMZ Server, and VPN access deployments. The steps below will walk you
through each deployment scenario. Select the deployment scenario you wish to
implement and see the appropriate section below for configuration steps.
6.1 Direct to Server deployment Direct to Server Deployment: Before completing these steps you must have a Fully Qualified
Domain Name for the Master server. You must also make a decision as to how you will obtain
digital certificates because it is required for this type of deployment. You can purchase a
29
certificate from a public certificate authority, build your own Windows certificate authority, or
use the 30-day temporary certificate that comes with XenApp Fundamentals. What ever the
certificate source, a matching root certificate must be obtained from the source and distributed
to the end users device for them to launch applications on the XenApp Fundamentals server. If
a public CA is chosen, the root certificate may already be built into the client’s browser.
1
In the Quick Start tool on
the Master server, go to
Setup > External Access
> “Manage External
Access”. On the
Welcome screen click
Next.
2
Select Direct to server.
Click Next.
30
3
The next 4 setup screens
are used for certificate
request information.
Enter the Fully Qualified
Domain Name for the
Master server. For
example:
server.domian.com and
Click Next.
Note: The server
certificate will be issued
to this name. If this
name changes a new
certificate will need to be
requested. Make sure
this name is resolvable
on the Internet.
4
In the Organization field,
Enter the name of the
company and in the
Organizational unit field
enter the department or
division. Click Next.
31
5
Enter the country, state,
and city of the company
and click Next.
6a1
Depending on the
options selected here,
the set screens will be
different for each option.
Specify the chosen
Certificate source.
Click Next.
Note: The temporary
certificate gives you a
certificate that is good
for 30-days. You can
choose to use this cert
until a permanent
solution is available.
Note: The option to
“Submit the certificate
to a local domain based
CA” is grayed out if no
domain based CA is
detected in your
environment. Install
Windows Certificate
32
Services on a machine in
the domain if you want
to use this option.
6a2
You will only see this
window if you selected
"Manually submit the
certificate request to a
Certificate Authority".
Select the location to
save the certificate
request file or leave the
default location c:\. Then
click Next and Finish.
Note: You will send this
file to your chosen
Certificate Authority and
they will send you back a
digital certificate.
6a3
To import the certificate
you have received from
your Public Certificate
Authority, go to Quick
Start > Setup > External
Access > “Manager
External Access” and
click Next.
33
6a4
Select “Enable external
access and complete
pending certificate
request” and click Next.
6a5
Point to the Certificate
file received from the CA.
Click Next and Finish to
import the certificate.
34
6b1
If you select to “Submit
the certificate request to
a local domain based
certificate authority”, the
certificate will be
automatically submitted
and a certificate will be
automatically obtained
on place on the server
after clicking Next.
Note: This option will
only be available if
Certificate Services is
installed on a machine
within you domain.
6b2
Click “Ok” on the success
pop up message and click
Finish.
35
6c1
If you select “Generate a
temporary certificate”
and click Next.
6c2
Save the root certificate
to the default location c:\
and click Next.
Note: This root
certificate will need to be
distributed to all client
devices that will connect
and launch applications
from the XenApp
Fundamentals Server.
36
7
Select "Use the standard
HTTPS port (443) for
secure remote
connections" unless port
443 is already in use,
then you can select the
second option and
choose another port.
Click Next and then
Finish.
8 Go to this site to you’re your deployment:
http://tools.citrixsmb.co.uk/conncheck/index.php
Use this site to test your
external access
configuration settings.
Obtain and distribute
root certificates to client
machines if necessary. A
valid root certificate is
required on the client to
allow them to connect
and launch applications.
Note: Certificates are only valid for a particular time period. If a certificate expires and needs to be replaced go
back to the Quick Start tool to request and import a new certificate. Quick Start tool > Setup > External Access
6.2 DMZ server deployment Complete the following steps below for setup. DMZ Deployment scenario: Before completing
these steps you must make a decision as to how you will obtain digital certificates because it is
required for this type of deployment. You must also have a DMZ already configured on your
network. Decide what Windows server will be placed in the DMZ. That server will need a FQDN.
You will need the XenApp Fundamentals installation media to install a DMZ specific component
on the chosen Windows server in your DMZ. This type of deployment requires port 1080 to be
open on the internal firewall to the XenApp Fundamentals Master server.
37
1
Using Quick Start tool on
the Master server, go to
Setup > External Access >
Mange External Access
and click Next on the
Welcome screen. Select
“Using a DMZ server”
and click Next and Finish.
Note: All other
configuration is done on
the server chosen to be
the DMZ Server
2
On the server chosen to
be the DMZ server, insert
the XenApp
Fundamentals
installation media and
select Autorun.exe.
Choose Install on the
Welcome screen.
38
3
Select "I accept the
license agreement" and
click Next.
4
Select "Network access
(DMZ) server" and click
Next to begin the
installation.
Note: The DMZ server
installation should take a
few minutes.
39
5
After the installation
completes, select Finish
and the Quick Start tool
will launch to being
configuration.
6
Select “External Access >
Mange external Access
and on the Welcome
screen click Next.
40
7
In the "Internal firewall
address" field, enter the
IP address of the Master
Server. Click “Test” to
verify that the DMZ
server can reach the
Master server.
Then click "Next"
Note: If the test fails
verify network
connectivity from your
DMZ Internal firewall to
the Master Server.
Ensure appropriate ports
are open. On the Master
server, you need to
create an inbound rule
on the Windows Server
2008 firewall for TCP port
1080.
8
Enter the FQDN of the
DMZ server. This name is
used to request the
digital certificate.
41
9
In the Organization field,
Enter the name of the
company and in the
Organizational unit field
enter the department or
division. Click Next.
10
Enter the country, state,
and city of the company
and click Next.
42
11a1
Depending on the
options selected here,
the set screens will be
different for each option.
Specify the chosen
Certificate source.
Click Next.
Note: The temporary
certificate gives you a
certificate that is good
for 30-days. You can
choose to use this cert
until a permanent
solution is available.
Note: The option to
“Submit the certificate
to a local domain based
CA” is grayed out if no
domain based CA is
detected in your
environment. Install
Windows Certificate
Services on a machine in
the domain if you want
to use this option.
43
11a2
You will only see this
window if you selected
"Manually submit the
certificate request to a
Certificate Authority".
Select the location to
save the certificate
request file or leave the
default location c:\. Then
click Next and Finish.
Note: You will send this
file to your chosen
Certificate Authority and
they will send you back a
digital certificate.
11a3
To import the certificate
you have received from
your Public Certificate
Authority, go to Quick
Start > Setup > External
Access > “Manager
External Access” and
click Next.
44
11a4
Select “Enable external
access and complete
pending certificate
request” and click Next.
11a5
Point to the Certificate
file received from the CA.
Click Next and Finish to
import the certificate.
45
11b1
If you select “Generate a
temporary certificate”
and click Next.
11b2
Save the root certificate
to the default location c:\
and click Next.
Note: This root
certificate will need to be
distributed to all client
devices that will connect
and launch applications
from the XenApp
Fundamentals Server.
46
12
Select "Use the standard
HTTPS port (443) for
secure remote
connections" unless port
443 is already in use,
then you can select the
second option and
choose another port.
Click Next and then
Finish.
6.3 VPN deployment Use the following directions to configure external access via a VPN connection if that is your chosen
method of granting external users access to the applications on XenApp Fundamentals.
1
On the Master server,
open the Quick Start
tool > Setup >External
Access > Manager
External Access. Select
"Using a VPN" and click
Next
47
2
Choose the option that
best matches your
network firewall
configuration. If you
select “Do not user
NAT” then click Finish to
close the wizard. If you
select “Use NAT” then
continue with the next
configuration steps.
3
You will only see this
screen if you selected to
"use NAT" on the
previous screen. Select
a server and then click
Modify.
4
Enter the NAT address
for that server and port
2598 for ICA. For RDP
enter NAT address and
port 3389 and click OK.
Note: Repeat this step
for each XenApp
Fundamentals Server in
the Server Group.
48
5
Verify the settings and
select Next.
6
Click Finish.
7 Test by logging in to your preconfigured VPN solution, and then going to the http://MasterServer:8080.
Note: You must append 8080 after the Master server name or IP to get to the site that is configured
for external access. You must use the External IP is the server is behind a firewall and NAT is in place or
the internal address if NAT is not being used.
49
7.0 Conclusion This concludes your configuration of XenApp Fundamentals. For additional information
not addressed in this deployment guide, see the Administrator's Guide CTX118414
located on the Citrix Knowledge Base: http://support.citrix.com/article/CTX118414.
50
Version History
Author Version Change Log Date
Stacy Scott 1.0 Created May 2009
©2009 Citrix Systems, Inc. All rights reserved. Citrix®, Citrix Delivery Center™, Citrix XenApp™, Citrix XenServer™, Citrix®
NetScaler®, Citrix XenDesktop™, Citrix Workflow Studio™, Citrix Access Gateway™, Citrix EdgeSight™, Citrix Password
Manager™, Citrix Provisioning Server™ and Citrix WANScaler™ are trademarks of Citrix Systems, Inc. and/or one or more of its
subsidiaries, and may be registered in the United States Patent and Trademark Office and in other countries. All other trademarks
and registered trademarks are property of their respective owners.
This document is provided “as is” without warranties of any kind, express or implied. Citrix systems, inc. (“citrix”), shall not be liable
for technical or editorial errors or omissions contained herein, nor for direct, incidental, consequential or any other damages resulting
from the furnishing, performance, or use of this information, even if citrix has been advised of the possibility of such damages in
advance.
The exclusive warranty for any Citrix products discussed in this publication, if any, is stated in the product documentation
accompanying such product. Citrix does not warrant products other than its own.