The Web Interface for MetaFrame XP was developed by Citrix and was known until recently as NFuse Classic. It enables access to distributed information and applications provided by MetaFrame servers. Program Neighborhood, as described in Chapter 9, makes this function available on a conventional desktop, too. However, the Web Interface for MetaFrame XP extends the possibilities of the Program Neighborhood by providing application icons and information not through the desktop, but through a Web environment.
The Web Interface for MetaFrame XP creates dynamic HTML pages that display all the available resources of MetaFrame server farms in an individualized manner. It uses the Active Server Pages on Internet Information Services. When a user logs on to the Web Interface for MetaFrame XP from the start page, a new and dynamically generated Web page displays all applications and resources for which the user has rights. Using the Web Interface for MetaFrame XP thus allows a simple Web environment to be created for accessing the applications or forms the basis for the integration of published applications in a company’s portal.
The Web Interface for MetaFrame XP can be based on an unmodified installation of Windows Server 2003 Internet Information Services, although the Active Server Pages Web services extension must be permitted. The respective program code of the Active Server Pages cannot directly access the interface with the Java component required by the Web Interface for MetaFrame XP. That is why Citrix supplies a COM component with the installation package, which provides a kind of shell around the Java component. This shell is called a Java wrapper. As a result, the information is accessed from the Active Server Pages through COM requests that are transformed by the Java wrapper into requests to the Java component. The Java component requests the required information from the XML service of a MetaFrame server and obtains an answer. The Java component then passes the information on to the Java wrapper, which provides it to the program logic in the Active Server Pages. However, there are an increasing number of developers that program their Web applications on the basis of ASP.NET. If you want to use the Java component of the Web Interface for MetaFrame XP for this programming model, too, you will need to access the Java wrapper via a corresponding .NET Framework interface, which is not always easy in managed code. Alternatively, you have the option of writing a COM wrapper under the .NET Framework, which in turn incorporates the accesses from the .NET Framework programming logic into the Java wrapper. With ASP.NET, however, it is no longer possible to use the sample code from the Web Interface for MetaFrame XP—reprogramming is unavoidable.
To transmit all relevant information through a MetaFrame server farm, the Web Interface for MetaFrame XP contains a Java component that communicates with a selected MetaFrame server in the farm. This communication is comparable with that of a Program Neighborhood client and therefore usually occurs via port 80 and the Citrix XML service on the MetaFrame server side.
The Web Interface for MetaFrame XP installation file called NFuseClassic-IIS.msi is located in the NFuse folder on the component CD supplied with the Citrix MetaFrame XP Presentation Server. The software can be installed on Windows 2000 with Service Pack 3 or on Microsoft Windows Server 2003. Both operating systems need to include Internet Information Services (IIS), version 5.0 or 6.0. Web Interface for MetaFrame XP also requires a Java Virtual Machine (JVM) to execute the Web server extension. If the JVM is not present on the target platform, the installation wizard will automatically install it on the system. This ensures the operability of Web Interface for MetaFrame XP on Windows Server 2003 even without the installation of other components in addition to Internet Information Services.
Web Interface for MetaFrame XP is installed by using the installation wizard accomplished by using the NFuseClassic-IIs.msi file in the %ProgramFiles%\Citrix\NFuse folder. ICA Web clients are copied into the \Citrix\ICAWEB folder, which is created under the document root directory of the Web server. This is usually located in the c:\inetpub\wwwroot folder. On Windows Server 2003 with Internet Information Services 6.0, the Active Server Pages Web service extension permits the installation wizard logic, even if it was prohibited before.
Web Interface for MetaFrame XP is still based on conventional Active Server Pages and not on ASP.NET. This is why the .NET Framework runtime environment is not a prerequisite.
To identify all of the information required to construct the user interface, Web Interface for MetaFrame XP must communicate with the Citrix XML service on one of the MetaFrame servers in the farm. The selected server can be defined by its fully qualified name or by its IP address. The Web server and the MetaFrame server farm generally communicate through TCP port 80, although this can, if required, be changed on one or both sides. The MetaFrame server selected as the contact point is often called the NFuse gateway, even though the old name (NFuse) is no longer commonly used for Web Interface for MetaFrame XP. In the future, the name of the NFuse gateway will rather be Web Interface gateway. It is recommended that the NFuse gateway or Web Interface gateway also be the zone data collector in a zone within the MetaFrame server farm.
When you have installed all components on the server, you need to restart the system. After restarting, you can access the start page of the Web Interface for MetaFrame XP using the URL http://<Webserver>/Citrix/MetaFrameXP. Webserver should be replaced by the name of the Web server where the Web Interface for MetaFrame XP is located.
There are two ways of configuring the Web Interface for MetaFrame XP: by using a Web-based administration tool, or by using a configuration file. The administration tool is simply a graphical user interface that makes it easier to access the configuration file. All relevant parameters for the Web Interface for MetaFrame XP are therefore physically located in the configuration file %ProgramFiles%\Citrix\NFuse\conf\NFuse.conf.
Configuration using the Web-based administration tool is done via the special start page http://<Webserver>/Citrix/MetaFrameXP/WIAdmin. This page is established automatically when Web Interface for MetaFrame XP is installed on Windows Server 2003 with Internet Information Services. The start page can be accessed only from Internet Explorer version 5.0 or later.
When opening the start page for the Web-based administration tool, the user is asked to enter a user name and password. The user account must be an administrator’s account for the tool to be accessed successfully and for the overview page of the administration interface to open.
The administration tool allows access to various areas for configuration purposes:
Authentication Determines the authentication method used when a user logs on to the Web Interface for MetaFrame XP. The available options are smartcard, guest user with no user name or password, pass-through of desktop logon information, and explicit logon with user name and password. The latter also contains the option to require the use of RSA SecurID and to control the options available to a user to change the password.
Manage farms Several MetaFrame server farms can be listed and put in order of succession. This can be used for load sharing and for establishing error tolerances.
Citrix MetaFrame servers The administrator enters which MetaFrame servers are to be used as the NFuse gateway in what order, via which protocol, and through which port. The XML service on the servers listed here must be ready for communication through the port indicated.
Server-side firewall settings Settings for the use of the IP address, which might be defined as the default address, alternative address, network address translation (NAT), or by the Secure Gateway for MetaFrame.
Client-side firewall settings This is where the administrator configures if and how an existing proxy server is to be used for the communication between ICA client and MetaFrame server. The proxy server makes sure that system names used inside a firewall do not get outside of the firewall.
ICA client deployment Determines the deployment of the ICA clients via the Web Interface for MetaFrame XP. This includes the options for downloading the ICA clients, embedding applications in the window of the Web browser, and installing the Java client.
ICA customization Determines the settings that users can establish on their client. This includes window size, window color, and audio quality.
The settings must be saved when the configuration has been changed. The settings are entered in the NFuse.conf configuration file.
If the application icons for more than one server farm are displayed in Web Interface for MetaFrame XP, you need to install the Web Interface Extension for MetaFrame XP. However, this also changes the way various Web Interface for MetaFrame XP default options are handled. There is an exception to the need of installing the Web Interface Extension for MetaFrame XP if all the farms are in trusted domains.
The global configuration settings from the Web Interface for MetaFrame XP are saved in %ProgramFiles%\Citrix\NFuse\conf\NFuse.conf. All Web pages created by the Web Interface for MetaFrame XP use the values in this file. Changes to the values, therefore, affect all the corresponding Web pages in the first instance. It is possible, however, to overwrite some of the values in NFuse.conf for individual pages in the scripts handling the programming logic.
Changes in NFuse.conf become active only when Internet Information Services has been restarted. With Windows Server 2003 Internet Information Services, it is sufficient to restart the thread in which Web Interface for MetaFrame XP is executed.
Following installation, it is very easy to use Web Interface for MetaFrame XP without any further configuration. The start page located at http://<Webserver>/Citrix/MetaFrameXP contains a logon dialog and provides the opportunity to download the required ICA client, if necessary. The ICA client can be installed properly only if the user has the necessary permissions on the client platform.
For Web Interface for MetaFrame XP to work correctly with the end user devices, the following conditions relating to the Web browser and ICA clients must be met:
32-bit Windows ICA client, version 6.1.963 or later; Internet Explorer, version 5 or later; Netscape Communicator, version 4.7x or later; Netscape Navigator, version 6.21 or later
Macintosh ICA client, version 6.0.66 or above; Internet Explorer, version 5 or later; Netscape Communicator, version 4.7x or later; Netscape Navigator, version 6.21 or later
Unix for Solaris (SPARC) ICA client, version 6.0.915 or later, and Netscape Communicator, version 4.7x or later
Redhat Linux ICA client, version 6.3 or later, and Netscape Communicator, version 4.7x or later
The ICA Web client for 32-bit Windows includes a signed ActiveX control that allows access to the ICA client component and usually issues a warning message at the time of installation. It is therefore advisable for the ICA Web client to be installed in the corporate environment at the time the client environment is initially installed, or for the ActiveX control to be defined through Group Policy as a trusted component. However, it is also possible to use the full Program Neighborhood client or the Program Neighborhood Agent (see Chapter 9).
When the user successfully logs on using Web Interface for MetaFrame XP, an individualized Web page appears that displays the icons for all published applications the user is allowed to work with. This corresponds exactly with the functions available to the user through the conventional Program Neighborhood client or the Program Neighborhood Agent.
It is, of course, possible to adapt the programming logic and the appearance of the Web Interface for MetaFrame XP to company requirements. To do this, however, the corresponding server-side and client-side scripts in the c:\inetpub\wwwroot\citrix\MetaFrameXP\site folder need to be adjusted. This demands excellent knowledge of Internet Information Services, Active Server Pages, Jscript, and VBScript.
As described in Chapter 9, Web Interface for MetaFrame XP is also the preferred administration environment for the Program Neighborhood agents. The respective administration start page is located at http://<Webserver>/Citrix/PNAgentAdmin.
Until recently, the Secure Gateway was a separate Citrix product. It has now been added as an extension to the Citrix MetaFrame XP Presentation Server and to the Citrix Secure Access Manager (see Chapter 10 and later in this chapter). The Secure Gateway contains components that provide secure communication via secure socket layer (SSL) or transport level security (TLS) between ICA clients and the MetaFrame server. This allows a so-called secure tunnel between the MetaFrame servers and the ICA clients to be established. Web Interface for MetaFrame XP supports the Secure Gateway and facilitates the relevant configuration via the page for server-side firewall settings in the administration tool.
As a prerequisite to use the Secure Gateway in combination with Web Interface for MetaFrame XP, a Secure Ticket Authority must be installed in advance and a valid server certificate provided. The Secure Ticket Authority provides the Secure Gateway with the information that a user has already been authenticated and has permission to access the server farm. From a technical standpoint, the Secure Ticket Authority is based on an Internet Server Application Program Interface (ISAPI) DLL that can be used on a server with Internet Information Services, version 5.0 or later. From its location, the DLL issues session tickets and verifies them when a page is accessed again with an existing ticket.