Citrix CCA MetaFrame Presentation Server 3. 0 and 4. 0 Exam CramT (Exams 223 and 256)
The Components of MetaFrame Presentation Server 3.0, Enterprise Edition
Figure 1.1 shows the topmost view of the main components of the MPS 3.0 environment, each of which we introduce in this chapter. When discussing each of these components, we provide a reference to the specific chapter where you can find more detailed review information. Figure 1.1. Topmost component view of the MPS 3.0 environment.
MetaFrame Presentation Server Platform Solutions
Even though exam 223 focuses on the administration of the Enterprise Edition of MPS, you still need to understand and identify the components supported by the different MPS 3.0 platform solutions available from Citrix. As shown in Figure 1.1, three platform solutions are currently available:
As we discuss the details of the various components throughout this book, we note those features available only in certain platform solutions. Citrix provides a summary of the features by platform edition in a comparative matrix that is available on their MetaFrame Presentation Server home page. The direct URL is http://www.citrix.com/site/resources/dynamic/saledocs/CitrixPresentationServer40ComparativeMatrix04AUG2005.pdf You can also reach the MPS home page by selecting Citrix Presentation Server from the Products/Product QuickFinder menu on the Citrix home page (www.citrix.com). MetaFrame Access Suite Licensing
One significant change from earlier versions of MetaFrame is the new licensing infrastructure known as MetaFrame Access Suite Licensing (MASL). Citrix created MASL with the intention of using it as the new model for centralized licensing across the entire suite of applications that comprise the new 3.0 version of the MetaFrame Access Suite. MetaFrame Presentation Server 3.0 and MetaFrame Conferencing Manager (MCM) 3.0 are currently the only products supporting this licensing model. With the introduction of the MASL model, the licensing component of MetaFrame is no longer coupled with the core MetaFrame software, as was the case in previous MetaFrame versions. Management of the licensing is now completely separate from all other aspects of the MPS environment.
Alert The new MetaFrame Access Suite Licensing system is an essential part of the MetaFrame Presentation Server 3.0 environment and, as such, is also weighted rather heavily on the exam. Approximately 11% of the questions on the exam deal with MASL in one way or another, so understanding the material summarized here and presented in more detail in Chapter 4, "Installing and Managing MetaFrame Access Suite Licensing," is essential to being properly prepared for the exam.
As part of a MetaFrame implementation, a server in the environment is chosen to host the MASL software and, as a consequence, becomes responsible for storing and issuing licenses when requested by a supported access suite application. Figure 1.2 demonstrates a pair of MPS 3.0 server farms, each with multiple MetaFrame servers, connecting to a single, separate server designated as the MetaFrame Access Suite License server. When a MetaFrame server first starts up, it looks to the license server to "check out" a special startup license. If this checkout is successful, the MetaFrame server establishes a continuous connection with the license server. When the connection exists, the MetaFrame server can send license issuance and revocation requests to the license server. License issuance and revocation details are discussed in Chapter 4. Figure 1.2. An MPS 3.0 environment with a single standalone MetaFrame Access Suite License server.
The following points summarize the key components and features of MASL reviewed in detail in Chapter 4:
The specific commands will be discussed in Chapter 4.
Core MetaFrame Presentation Server Software
All platform versions of MetaFrame Presentation Server share the same core software set. This software is broken down into two categories: administrative tools and management consoles. Eight applications make up the administrative tools set and two management consoles. The administrative tools are as follows :
In addition to the eight administrative tools, the following two management consoles are available:
Note The Management Console is also referred to as the Presentation Server Console.
Using the properties of the parent server farm node, labeled as NRSC Farm in Figure 1.7, you can manage the farm-wide settings that affect all servers and users in the farm. For example, the license server for the farm is defined here as well as the current server farm zones and MetaFrame 1.8 interoperability settings. Many farm-wide properties can be overridden on a server-by-server basis. Farm and server settings are discussed in Chapter 6. In the Applications node, published applications and content are created and monitored. This is also the place where you can configure applications to be monitored by the Resource Manager to limit total concurrent instances. Application publishing is covered in Chapter 10, "Application Integration," while resource management is discussed in Chapter 15, "Managing and Monitoring Using Resource Manager." The delegation of administrative access to the MetaFrame farm via the Management Console is performed under the MetaFrame Administrators node. Access is broken down into different privilege levels for each of the nodes present. For example, you can define what access rights an individual administrator has on the Policies node. Access delegation is briefly reviewed in Chapter 6. From within the Installation Manager node, you manage the deployment of software packages to your MetaFrame servers. These packages can include full applications, service packs , hotfixes, or even individual files. The details of using Installation Manager are discussed in Chapter 11. Installation Manager is available only with the Enterprise Edition of MPS. The Load Evaluators node is the place where you create and modify the different load evaluators that can be utilized by the Load Manager. From this node, you can also access a usage report that tells you what servers or applications are associated with what load evaluator . The two standard evaluators, Advanced and Default, are read-only and cannot be modified or deleted. You can use copies of these evaluators when creating your own. Load evaluators for individual servers or applications can be modified from this screen. The Load Manager component is available with the Advanced and Enterprise Editions of MPS. Under the Policies node, you can manage the MPS 3.0 policies that you define for your farm. Much like the group policies for a Windows Active Directory domain, the MPS policies allow you to manage many of the client session and connection-specific settings of your farm. Instead of being forced to define the same settings for all users on a MetaFrame server, through policies you can control the behavior of certain settings based on any combination of
One powerful option managed through MPS policies is the Zone Preference and Failover setting. When a farm contains more than one zone, you can use this option to define which zone should be the preferred zone and which ones should be failover zones for specific groups of MPS clients. MPS policies are discussed in detail in Chapter 7, "MetaFrame Presentation Server Policy Management." The Printer Management node is the place where all the printer driver and autocreated network queue management is performed. If your task is somehow printer related , you are likely to find what you need within this node. The Import Network Print Server dialog box, shown in Figure 1.8, allows you to import the shared printers from a particular print server and then configure them to automatically map for users when they log on to a MetaFrame server in the farm. Chapter 12 discusses the relevant printing features that you need to understand for this exam. Figure 1.8. One feature of Printer Management allows you to import print queues from a print server and automatically have users connect to those printers based on their group membership.
Note Printing is one area that often is not implemented properly. To ensure that this is not the case, Citrix has dedicated 13% of the 223 exam to material on printing.
Under the Resource Manager node, you can find the suite of tools for configuring, logging, and reporting on the resources of one or more MetaFrame servers in your farm. The information collected is referred to as a metric , and a wide variety of system and network metrics are tracked, allowing an administrator to monitor and analyze all aspects of the environment. These tracked metrics not only can be valuable when resolving issues in the environment, but can also provide insight into areas of the infrastructure that should be targeted for future growth. The Resource Manager, which is available only with the Enterprise Edition of MPS, is discussed in Chapter 15. The final node in the Management Console is the Servers node, which as expected is the container for all server objects in the farm. Within this node, you can view a wide assortment of server-related information, as well as define numerous settings, many of which are inherited from the same settings defined at the farm level. Figure 1.9 shows the tabs present when selecting a MetaFrame server farm. Whereas some tabs such as Installed Packages, Load Manager Monitor, Printers, and Printer Drivers provide access to read-only information, other tabs such as Users or Resource Manager allow you to define settings and interact with the information displayed. The Users tab in the Servers node is often used to initiate a shadow session with a user when attempting to assist the user with an application or session-related problem. Most of the information pertaining to the Servers node is discussed in Chapter 6, although certain pieces, such as the Installed Packages and Resource Manager tabs, are covered in Chapters 11 and 15, respectively. Figure 1.9. Using the Servers node, you can view and configure information related to the MetaFrame servers in your farm.
The Web Interface for MetaFrame Presentation Server
The Web Interface for MPS is composed of a number of components that work together to provide users with access to their list of published applications either through a web browser, as shown in Figure 1.10, or in conjunction with the Program Neighborhood Agent (PNAgent). The PNAgent is a special MPS client discussed in Chapter 13. Figure 1.10. When explicit logons are required (not anonymous logons ), the main Web Interface page prompts the user to provide authentication information before published applications are displayed.
Figure 1.10 shows the main logon page for the Web Interface. After a user has been properly authenticated, he or she is presented with a new web page that contains links to the published applications to which he or she has been granted access (see Figure 1.11). Regardless of whether a user is going to be accessing a published application through the Web Interface or through any other MPS client, the applications are configured exactly the same way. That is, no special setup must be done on the MetaFrame server to make a published application accessible via the Web Interface. Chapter 14 discusses the configuration and use of the Web Interface, including the security concerns that need to be addressed before putting the Web Interface into production. Figure 1.11. After an application has been published in the farm, it is accessible to authorized users regardless of whether they're using a traditional client or the Web Interface.
Citrix Secure Gateway
Although the Web Interface provides a convenient and robust method for users to access their published applications, making such a configuration available via the Internet brings with it some serious security concerns. Figure 1.12 illustrates one possible Web Interface configuration accessible from the Internet. The server hosting the Web Interface is located in a demilitarized zone (DMZ), while the MetaFrame servers that will be accessed are located inside the internal network of the company. HTTPS has been implemented for connectivity to the Web Interface to ensure that user credentials are passed safely. SSL/TLS encryption is also used to secure communications between the Web Interface and the internal MetaFrame servers. This is configured using the SSL Relay Configuration tool discussed earlier in this chapter. Figure 1.12. The Web Interface on its own would require opening firewall ports directly through to the internal network.
Note The term DMZ (for demilitarized zone ) is used to describe a network typically located between a secure internal network and an unsecure external network (typically the Internet). Devices in a DMZ are configured with very restricted access into the internal network, limiting the internal network's vulnerability should the DMZ-based device's security become compromised.
Next to the two firewalls shown in Figure 1.12 are listed the port numbers that must be open for external users to be able to access their desired published applications. One point of concern is the fact that ports must be open, allowing direct access from the Internet through to the internal MetaFrame servers. This Web Interface configuration would allow an Internet user who knew an external IP address and the open port to pull up the Windows logon screen for one of these servers, bypassing completely the Web Interface. Citrix developed the Secure Gateway product to provide two main services:
Figure 1.13 shows the same Web Interface environment, this time with a Secure Gateway implementation. The only external port open is SSL/TLS port 443, and external clients no longer have direct access through to a specific MetaFrame server. Because the Secure Gateway brokers connectivity between the client and the MetaFrame server, direct communication from the client to the server is not possible without first going through the Secure Gateway. In Figure 1.13, the Web Interface and the Secure Gateway are configured on the same server. This is a fully supported and common deployment although these services can be deployed on separate servers if desired. Implementation of the Web Interface and Secure Gateway is discussed in Chapter 14. Figure 1.13. The Citrix Secure Gateway encapsulates all communications using the SSL or TLS security protocols and ensures that only clients properly authenticated can even access the MetaFrame servers on the secured network.
Citrix Load Manager
Included as part of the Advanced and Enterprise Editions of MPS, Citrix Load Manager comes preconfigured with basic settings that allow it to be used without the need for any special configuration by an administrator. The relative load of a MetaFrame server is calculated based on the settings of a load evaluator. As we mentioned briefly when discussing the settings in the Management Console, a load evaluator is simply an object with a particular set of defined criteria that dictate how MetaFrame should calculate the load of the server. Two evaluators are included with the Load Manager. The Default evaluator determines the load based solely on the number of users accessing a specific published application on the server. The server is determined to be fully loaded when the number of concurrent users reaches a predetermined number. The default number for reaching full load is 100. If you want to modify this value, you need to create a custom evaluator. You cannot modify either of the evaluators included with MPS. The Default evaluator is automatically assigned to a server when MPS 3.0 Advanced or Enterprise Edition is installed. The other evaluator included with MPS is the Advanced evaluator. It determines the load for an application based on the CPU utilization, memory usage, and page swaps. Each rule is evaluated to determine what the current load reported by the server should be. The cumulative results reported by all the listed evaluators are used to determine the load of the server. For example, the server reports full load only when all evaluators report full load. Figure 1.14 shows the properties for the Advanced evaluator. The rules that can be used are listed down the left side of the dialog box; each of these rules is discussed further in Chapter 8, "Citrix Load Management." Figure 1.14. A load evaluator for Citrix Load Manager includes a number of rules that you can use to best configure load balancing for the published applications in your environment.
When a client device attempts to connect to a published application, the server with the lowest reported load is automatically provided to the client device as the target server from which to access the published application. If all available servers publishing a particular application report 100% load, the client is unable to connect to the application.
Alert The new Citrix Load Manager in MPS 3.0 is not compatible with MetaFrame 1.8 servers when operating in a mixed mode environment. In a mixed mode environment, the only load balancing support available is through the Load Balancing Services included with MetaFrame 1.8.
Citrix Resource Manager
Citrix's Resource Manager component, available with the Enterprise Edition of MPS, allows an administrator to log and report on the resources of one or more MetaFrame servers in a server farm. The functionality of the Resource Manager can be broken down into three broad categories:
Information, whether it is being tracked in real-time or logged for historical or billing report generation, is known as a server metric. Metrics are fully customizable, allowing an administrator to tailor the Resource Manager configuration to suite his or her needs. When the Resource Manager is installed, it automatically defines a set of metrics used to track information. For each metric, a default limit is also configured; this limit is used to raise alarms to alert you when a potential problem is occurring. For each alarm that can be raised, customizable alerts can be created, allowing an administrator to be informed of an alarm regardless of where he or she may be. One way to view the list of metrics defined for a server is through the Management Console. This is achieved by highlighting a server and selecting the Resource Manager tab, as shown in Figure 1.15. The current status is listed beside each metric, and from here, you can view real-time graph information on a particular metric or view the configuration for the metric by right-clicking and selecting Properties. Each of these three main areas is discussed in Chapter 15. Figure 1.15. Metrics are tracked by the Resource Manager, and alarms can be generated based on threshold criteria defined for each metric.
Installation Manager
Citrix's Installation Manager centralizes the task of software deployment in a MetaFrame server farm, allowing you to rapidly and reliably push out a wide variety of software components (applications, software patches, service packs, and so on) without having to repeat the installation steps on each server in your farm. Software, regardless of the particular type, is bundled into what is known as a software package. This software package is then delivered to the target MetaFrame server, where it is extracted and installed. Citrix allows great flexibility in exactly how these packages are delivered and how a server processes a particular package it receives. The Installation Manager is composed of four components:
The configuration and use of each of these components of the Installation Manager are discussed in Chapter 11. Legacy MetaFrame 1.8 Server Farm Support
An important consideration for many MetaFrame administrators is the ability to slowly transition an existing MetaFrame 1.8 environment over to a new MPS 3.0 environment. To facilitate this migration process, Citrix allows an MPS 3.0 server farm to operate in one of two modes:
Note Citrix recommends that you upgrade all your MetaFrame 1.8 servers to the latest available service pack (Service Pack 4) prior to enabling interoperability mode.
Alert Implementing interoperability mode is not the only solution for migrating from a MetaFrame 1.8 environment to MPS 3.0. Citrix's recommended solution is to implement a new MPS 3.0 farm and then migrate servers from the 1.8 environment to this new farm. Details on both options are covered in Chapter 6.
Certain limitations do exist when MPS 3.0 servers are functioning in interoperability mode. These limitations are as follows:
Interoperability is a powerful tool that can assist in the migration of an existing MetaFrame 1.8 environment. It is intended to be used only as a migration mechanism and not as a permanent implementation method. |