Transcript
Step by Step Deployment Guide
XenApp Fundamentals Step by Step Deployment Guide
2
Table of Contents 1.0
INTRODUCTION .................................................................................................................................... 3
2.0
OBTAINING INSTALLATION MEDIA AND LICENSES ..................................................................................... 3
2.1
Obtaining a Citrix license file for XenApp Fundamentals ............................................................. 5
3.0
Installing XenApp Fundamentals ...................................................................................................... 8
4.0
Licensing XenApp Fundamentals .................................................................................................... 14 4.1
Citrix Licensing Setup .................................................................................................................. 14
4.2
Terminal Server Licensing Setup ................................................................................................. 17
5.0
User Experience Configuration ....................................................................................................... 19 5.1
Publishing Applications ............................................................................................................... 19
5.2
Configuring Printer Access .......................................................................................................... 22
5.3
Configuring Profiles for users ...................................................................................................... 25
5.4
Testing your Deployment ............................................................................................................ 27
6.0
7.0
External Access Configuration ........................................................................................................ 28 6.1
Direct to Server deployment....................................................................................................... 28
6.2
DMZ server deployment ............................................................................................................. 36
6.3
VPN deployment ......................................................................................................................... 46 Conclusion ....................................................................................................................................... 49
3
1.0
INTRODUCTION Citrix XenApp Fundamentals is the new name for Citrix Access Essentials. Some sections of the user interface and as well as some product documentation may still refer to the former name Citrix Access Essentials. This deployment guide is a step by step guide for how to install and configure a XenApp Fundamentals environment that can be used for proof of concepts, testing, or production purposes. This guide is applicable to XenApp Fundamentals 3.0 on Windows Server 2008 and XenApp Fundamentals 2.0 on Windows 2003. You will need the following in order to successfully deploy XenApp Fundamentals: A single-server deployment requires one server with Windows Server 2008 or Windows Server 2003. This server can be in a workgroup or domain. XenApp Fundamentals can be installed on the domain controller if there is no future requirement to join a multi-server advanced mode deployment. A multi-server deployment requires at least 3 Windows Server 2008 servers in the same domain: 1 Domain Controller, 1 Master server, 1 Support Server. External access deployments will require a Fully Qualified Domain Name and a digital certificate obtained from a Public Certificate Authority or a Windows Certificate authority. If you are using a VPN to give external users access to the servers, you must purchase or have a VPN solution already in place. To configure server failover, you will require 1 unused static IP address.
2.0
OBTAINING INSTALLATION MEDIA AND LICENSES The installation media and licenses for XenApp Fundamentals are obtained from http://www.citrix.com. Use the following steps to download the XenApp Fundamentals installation media and a product specific Citrix license file.
4 1
Go to www.citrix.com/downloads Log in with your credentials to see all available downloads.
2
Using the drop down arrow in the "Search Downloads by Product" field, select Citrix XenApp Fundamentals from the list. Then select "Access Essentials 3.0 for Windows".
Note: Your Subscription Advantage needs to be current as of September 22, 2008 in order to see XenApp Fundamentals 3.0 as a product option on this site.
5 Select the Download button next to Access Essential 3.0 for Windows Server 2008.
3
Note: This download contains the installation for both XenApp Fundamentals version 3.0 and 2.0. The correct version is chosen automatically based on the operating system detected during installation. Download the .iso image to a location of your choosing.
4
Note: You may be asked to download an ActiveX plug-in before the .iso image can be downloaded.
2.1
Obtaining a Citrix license file for XenApp Fundamentals Use these steps to obtain a Citrix license file for XenApp Fundamentals. The license file can be obtained before or after the installation of the server.
6 1
Go to www.mycitrix.com and log in with your credentials.
Note: Each user in the company has credentials for this site that is specific to the individual and tied to the company. If you having trouble access this site or do not see licenses available, contact Citrix Customer Care at 1-800-4CITRIX. 2
Click on the arrow next to "Choose as Toolbox" and select "Activation System/Manage Licenses "
3
Select the drop down next to Current Tool and select Activate/Allocate.
7 4
If you have already received your license code in email, or on the physical media package, enter the code in the field marked "Your license Code". Once the code is entered select "Continue".
If you have not received your license code select the link "View Licenses" to retrieve your license code.
Note: If you do not see license codes contact your reseller or Citrix at 1-800-4-citrix.
5
a) Enter the case-sensitive machine name of the XenApp Fundamentals “Master” server or single server. For example "SeRver1". b) Enter how many licenses you would like to allocate to this license file. c) Confirm your selection.
8 d) On the next page, "Download" and save the license file to any location. You will upload this license file on the Master server or single server in the steps below.
3.0
Installing XenApp Fundamentals This section details the installation of XenApp Fundamentals. After installation, there may be additional setup steps required to configure Basic and Advanced mode if the server is detected to be part of a domain.
9 1
Browse the installation media for "Autorun.exe" and double click to launch. Select "Install" from the Welcome screen.
2
Select “I accept the license agreement and click Next.
10 3
Select "Application server" to install XenApp Fundamentals and all its default components
Note: The option for a DMZ server is selected only if you are deploying a server in your DMZ for secure external access to the server. Note: If this server is a domain controller you will not see this option because that server can only be an Application server and not a DMZ server. 4
Do not disable shadowing unless it is a requirement for your environment. Leave the box unchecked and click Next.
Note: If shadowing is disabled, you will have to reinstall XenApp Fundamentals to enable it.
11 5
Give the installation a few minutes to complete. All necessary Windows components such as Terminal Services and IIS will be installed automatically along with XenApp Fundamentals.
6
Select Yes to restart the computer when prompted.
Note: This is not the end of the product installation. Once rebooted, the installation needs to continue. 7
Once a restart is successful, ensure that any network drive where the installation media is stored has been restored post-reboot. Select "Ok" to continue the installation once the location is restored.
Note: If the installation files are local, then this error will not be received.
12 8
Once the installation is complete, launch the Quick Start Tool when prompted.
9
If the server is detected to be part of a domain, the following setup screens are shown to configure the server for either Basic or Advanced mode. Select Next to continue.
Note: If the server is in a Workgroup, you will not get these options.
13 10
If you select "New single server (basic mode) there will be nothing else to configure.
If you select “New server group" (Advanced mode) select Next to continue the configuration.
Note: A server in basic mode can be switched to Advanced mode after installation as long as that server is part of a domain and the server does not serve as a domain controller. This is done using the Quick Start tool. 11
Enter a name in the "Server Group Name" field. Click Next.
Note: A domain Organizational Unit will automatically be created in Active Directory to match the name chosen here. All servers in the same Server Group will be located in this OU.
14 Verify the information and select Finish.
12
13
If you plan on deploying multiple servers in the environment, use the previous steps to install XenApp Fundamentals on another server. Place the server in the same Server Group selected above. Additional servers will be Support servers.
4.0 Licensing XenApp Fundamentals The XenApp Fundamentals deployment will require both Citrix licenses and Terminal Server Client Access Licenses (TSCALS). The product can be purchased with or without TSCALs. If purchased without TSCALS, it is assumed that your company already has available TSCALs in the environment. Follow the steps below to upload Citrix licenses on the appropriate XenApp Fundamentals server and activate the Terminal Server licensing server in the environment. Microsoft requires that Terminal Server licensing server be installed on at least one server in a Workgroup or on a Domain controller if the server is part of a domain. See Microsoft documentation for specifics about Terminal Server CALs http://www.microsoft.com/windowsserver2008/en/us/licensing-terminal.aspx.
4.1
Citrix Licensing Setup Use the following steps to license your XenApp Fundamentals deployment.
15 1
On the Master Server, open the Quick Start tool and go to Setup > Licensing
Note: License administration must be done on the Master server because that server contains the built-in Citrix license server software.
Note: Your Citrix license file should have been obtained from http://mycitrix.com. See section 2.1 in this document for steps to obtaining your Citrix license file. 2
Click Next.
16 3
Select Browse and point to the location of your *.lic Citrix license file. Then click Next.
Note: Your license file name does not matter as long as it has a .lic extension.
Select Finish to upload the license file to c:\program files\citrix\licensing\myfiles on the Master server.
The Licensing screen in the Quick Start tool should now reflect how many Citrix licenses are available.
17
4.2
Terminal Server Licensing Setup Follow these steps to setup Microsoft Terminal Server licensing.
1
In the Quick Start tool, select Activate Terminal Server License Server
2
Click "Start the Terminal Server Licensing tool"
Note: If a Terminal Server licensing server is already activated in your environment, select “I have activated the Terminal Server License Server”.
18 3
Right click your Terminal Server licensing server and select "Activate" to start the Activate Server wizard.
4
Select Next.
5
Select the Connection method that you will use to connect to the Microsoft clearing house for license activation.
19 6
Once Terminal Server license activation is complete, in the Quick Start tool select "I have activated the Terminal server License Server".
7
Once license activation for both Citrix and Microsoft licenses are complete, your screen should show green check marks.
5.0 5.1
User Experience Configuration
Publishing Applications Use the following steps to publish applications on the XenApp Fundamentals server.
20 1
In the Quick Start tool on the Master server, go to Setup > Applications > “Publish Application”.
2
Select Next.
21 3
Put a check mark next to all applications that you would like to make available to users. If you do not see your application in the list, select Add to locate you application executable. Click Next.
Note: These applications must be installed and working on each server in the Server Group prior to running the application publishing wizard.
4
Click Add and select the users or groups that will have access to this published application. Click Next.
22 5
5.2
Verify and click Finish.
Configuring Printer Access Use the steps below to configure printer access for users launching published applications. You will need a printer shared on a Windows print server to allow users to use the Published printers option. You will also need administrator rights to the printers on the printer server in order to complete the steps below. A driver will need to be installed on the XenApp Fundamentals Master server and that driver will automatically be replicated to all servers in the Server Group for Advanced deployments. If users will utilize client printers, the printers must be configured and working on the client device for it to be accessible in a session. A printer driver will not need to be installed on the XenApp Fundamentals servers, the Universal Printer driver will automatically be used instead.
1
In the Quick Start tool on the Master server, select Setup > Printers > "Setup Printers"
23 2
In the Setup Printer wizard, select Next.
3
For Printer options, select both Client and Published printers or either one in the drop down list.
Note: Select “Windows managed printers only” if users will define printer when they are in a session or use printers defined on the XENAPP FUNDAMENTALS server.
24 4
Enter credentials for the account that has administrator rights to the printers on the print server.
Note: This screen is seen only when the Published printer option is selected.
5
If the print server is not found automatically, click on Add and enter the name or IP of the Print Server.
Select the network printer and then click on Select.
Click Next to continue.
6
Select the box next to Set the default printer and select the print in the drop down list. Click Next and then Finish.
Note: The client will see this printer as the default printer in their user session.
25
5.3
Configuring user profiles Use the steps below to configure the Profile Management feature. This feature is only available for multi-server deployments in Advanced mode. This will allow users to have a consistent roaming profile no matter what XenApp Fundamentals server they connect to when launching their published applications.
1
On the Master Server, launch the Quick Start tool and go to Setup >Servers > “Configure Profile Management”.
2
Select Next.
26 3
Log in as a user with domain administrative privileges to enumerate all servers in the domain.
Note: This account must have rights to create and update file shares on machines within the domain.
4
Select the server in the domain that will host the User profiles. If you do not see servers in the list select "Add" and enter the print server name or IP.
Note: Two shared folders will be created on this server. This server does not need to be a XenApp Fundamentals server.
27 Leave the default location or enter an alternate drive letter. Click Next and Finish.
5
Note: Select a drive that has sufficient space to store user profile data.
Note: Users must have Read/Write access to the file shares that will be created on this server. The appropriate permission should be automatically.
5.4
Testing your Deployment Use the steps below to test your XenApp Fundamentals deployment. It is best to test functionality while connected to the LAN before configuring the server to be accessible externally.
1
In a web browser, go to http:\\MasterServerFQDN
Log in with a test user account that has rights to specific published applications.
28 2
You should see a list of available published resources. Select the icon of a published application to launch it.
3
To test the printing functionality, in the published application select File >Print and send a page to the appropriate printer.
6.0
External Access Configuration To configure the XenApp Fundamentals server(s) to be accessible externally for users residing outside your network, you have 3 deployment scenarios to choose from: Direct to Server, DMZ Server, and VPN access deployments. The steps below will walk you through each deployment scenario. Select the deployment scenario you wish to implement and see the appropriate section below for configuration steps.
6.1
Direct to Server deployment Direct to Server Deployment: Before completing these steps you must have a Fully Qualified Domain Name for the Master server. You must also make a decision as to how you will obtain digital certificates because it is required for this type of deployment. You can purchase a
29 certificate from a public certificate authority, build your own Windows certificate authority, or use the 30-day temporary certificate that comes with XenApp Fundamentals. What ever the certificate source, a matching root certificate must be obtained from the source and distributed to the end users device for them to launch applications on the XenApp Fundamentals server. If a public CA is chosen, the root certificate may already be built into the client’s browser. 1
In the Quick Start tool on the Master server, go to Setup > External Access > “Manage External Access”. On the Welcome screen click Next.
2
Select Direct to server. Click Next.
30 3
The next 4 setup screens are used for certificate request information. Enter the Fully Qualified Domain Name for the Master server. For example: server.domian.com and Click Next.
Note: The server certificate will be issued to this name. If this name changes a new certificate will need to be requested. Make sure this name is resolvable on the Internet. 4
In the Organization field, Enter the name of the company and in the Organizational unit field enter the department or division. Click Next.
31 5
Enter the country, state, and city of the company and click Next.
6a1
Depending on the options selected here, the set screens will be different for each option. Specify the chosen Certificate source. Click Next.
Note: The temporary certificate gives you a certificate that is good for 30-days. You can choose to use this cert until a permanent solution is available. Note: The option to “Submit the certificate to a local domain based CA” is grayed out if no domain based CA is detected in your environment. Install Windows Certificate
32 Services on a machine in the domain if you want to use this option. 6a2
You will only see this window if you selected "Manually submit the certificate request to a Certificate Authority". Select the location to save the certificate request file or leave the default location c:\. Then click Next and Finish.
Note: You will send this file to your chosen Certificate Authority and they will send you back a digital certificate. 6a3
To import the certificate you have received from your Public Certificate Authority, go to Quick Start > Setup > External Access > “Manager External Access” and click Next.
33 6a4
Select “Enable external access and complete pending certificate request” and click Next.
6a5
Point to the Certificate file received from the CA. Click Next and Finish to import the certificate.
34 6b1
If you select to “Submit the certificate request to a local domain based certificate authority”, the certificate will be automatically submitted and a certificate will be automatically obtained on place on the server after clicking Next.
Note: This option will only be available if Certificate Services is installed on a machine within you domain. 6b2
Click “Ok” on the success pop up message and click Finish.
35 6c1
If you select “Generate a temporary certificate” and click Next.
6c2
Save the root certificate to the default location c:\ and click Next.
Note: This root certificate will need to be distributed to all client devices that will connect and launch applications from the XenApp Fundamentals Server.
36 Select "Use the standard HTTPS port (443) for secure remote connections" unless port 443 is already in use, then you can select the second option and choose another port. Click Next and then Finish.
7
8
Go to this site to you’re your deployment: http://tools.citrixsmb.co.uk/conncheck/index.php
Use this site to test your external access configuration settings. Obtain and distribute root certificates to client machines if necessary. A valid root certificate is required on the client to allow them to connect and launch applications.
Note: Certificates are only valid for a particular time period. If a certificate expires and needs to be replaced go back to the Quick Start tool to request and import a new certificate. Quick Start tool > Setup > External Access
6.2
DMZ server deployment Complete the following steps below for setup. DMZ Deployment scenario: Before completing these steps you must make a decision as to how you will obtain digital certificates because it is required for this type of deployment. You must also have a DMZ already configured on your network. Decide what Windows server will be placed in the DMZ. That server will need a FQDN. You will need the XenApp Fundamentals installation media to install a DMZ specific component on the chosen Windows server in your DMZ. This type of deployment requires port 1080 to be open on the internal firewall to the XenApp Fundamentals Master server.
37 1
Using Quick Start tool on the Master server, go to Setup > External Access > Mange External Access and click Next on the Welcome screen. Select “Using a DMZ server” and click Next and Finish. Note: All other configuration is done on the server chosen to be the DMZ Server
2
On the server chosen to be the DMZ server, insert the XenApp Fundamentals installation media and select Autorun.exe.
Choose Install on the Welcome screen.
38 3
Select "I accept the license agreement" and click Next.
4
Select "Network access (DMZ) server" and click Next to begin the installation.
Note: The DMZ server installation should take a few minutes.
39 5
After the installation completes, select Finish and the Quick Start tool will launch to being configuration.
6
Select “External Access > Mange external Access and on the Welcome screen click Next.
40 7
In the "Internal firewall address" field, enter the IP address of the Master Server. Click “Test” to verify that the DMZ server can reach the Master server. Then click "Next"
Note: If the test fails verify network connectivity from your DMZ Internal firewall to the Master Server. Ensure appropriate ports are open. On the Master server, you need to create an inbound rule on the Windows Server 2008 firewall for TCP port 1080. 8
Enter the FQDN of the DMZ server. This name is used to request the digital certificate.
41 9
In the Organization field, Enter the name of the company and in the Organizational unit field enter the department or division. Click Next.
10
Enter the country, state, and city of the company and click Next.
42 11a1
Depending on the options selected here, the set screens will be different for each option. Specify the chosen Certificate source. Click Next.
Note: The temporary certificate gives you a certificate that is good for 30-days. You can choose to use this cert until a permanent solution is available. Note: The option to “Submit the certificate to a local domain based CA” is grayed out if no domain based CA is detected in your environment. Install Windows Certificate Services on a machine in the domain if you want to use this option.
43 11a2
You will only see this window if you selected "Manually submit the certificate request to a Certificate Authority". Select the location to save the certificate request file or leave the default location c:\. Then click Next and Finish.
Note: You will send this file to your chosen Certificate Authority and they will send you back a digital certificate. 11a3
To import the certificate you have received from your Public Certificate Authority, go to Quick Start > Setup > External Access > “Manager External Access” and click Next.
44 11a4
Select “Enable external access and complete pending certificate request” and click Next.
11a5
Point to the Certificate file received from the CA. Click Next and Finish to import the certificate.
45 11b1
If you select “Generate a temporary certificate” and click Next.
11b2
Save the root certificate to the default location c:\ and click Next.
Note: This root certificate will need to be distributed to all client devices that will connect and launch applications from the XenApp Fundamentals Server.
46 Select "Use the standard HTTPS port (443) for secure remote connections" unless port 443 is already in use, then you can select the second option and choose another port. Click Next and then Finish.
12
6.3
VPN deployment
Use the following directions to configure external access via a VPN connection if that is your chosen method of granting external users access to the applications on XenApp Fundamentals. 1
On the Master server, open the Quick Start tool > Setup >External Access > Manager External Access. Select "Using a VPN" and click Next
47 2
Choose the option that best matches your network firewall configuration. If you select “Do not user NAT” then click Finish to close the wizard. If you select “Use NAT” then continue with the next configuration steps.
3
You will only see this screen if you selected to "use NAT" on the previous screen. Select a server and then click Modify.
4
Enter the NAT address for that server and port 2598 for ICA. For RDP enter NAT address and port 3389 and click OK.
Note: Repeat this step for each XenApp Fundamentals Server in the Server Group.
48 5
Verify the settings and select Next.
6
Click Finish.
7
Test by logging in to your preconfigured VPN solution, and then going to the http://MasterServer:8080. Note: You must append 8080 after the Master server name or IP to get to the site that is configured for external access. You must use the External IP is the server is behind a firewall and NAT is in place or the internal address if NAT is not being used.
49
7.0
Conclusion This concludes your configuration of XenApp Fundamentals. For additional information not addressed in this deployment guide, see the Administrator's Guide CTX118414 located on the Citrix Knowledge Base: http://support.citrix.com/article/CTX118414.
50
Version History Author
Version
Change Log
Date
Stacy Scott
1.0
Created
May 2009
©2009 Citrix Systems, Inc. All rights reserved. Citrix®, Citrix Delivery Center™, Citrix XenApp™, Citrix XenServer™, Citrix® NetScaler®, Citrix XenDesktop™, Citrix Workflow Studio™, Citrix Access Gateway™, Citrix EdgeSight™, Citrix Password Manager™, Citrix Provisioning Server™ and Citrix WANScaler™ are trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the United States Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are property of their respective owners.
This document is provided “as is” without warranties of any kind, express or implied. Citrix systems, inc. (“citrix”), shall not be liable for technical or editorial errors or omissions contained herein, nor for direct, incidental, consequential or any other damages resulting from the furnishing, performance, or use of this information, even if citrix has been advised of the possibility of such damages in advance.
The exclusive warranty for any Citrix products discussed in this publication, if any, is stated in the product documentation accompanying such product. Citrix does not warrant products other than its own.