The purpose of a terminal server is to provide centrally hosted Windows-based applications. The users of such a terminal server are able to make use of the RDP client Remote Desktop Connection to establish a user session over the network and to interact with their applications. Microsoft’s RDP client is available for Windows Server 2003, Windows XP, Windows 2000, Microsoft Windows NT, Windows 95/98/ME, Windows CE, and Apple Macintosh.
However, the Microsoft RDP does not offer a solution when the clients are not based on a Windows operating system or if there is a need for individual applications to be provided in a centralized manner instead of a complete desktop. In these cases, the extension of terminal servers through the Citrix MetaFrame product lines is an appropriate option. An important constituent of the major Citrix product is the ICA protocol, which allows an improved support of enterprise-wide application scenarios using server-based client computing.
About 14 years ago, Citrix began the development of the technology that is the foundation of today’s Windows Server 2003 Terminal Services. (See also Chapter 1.) This is the major reason why Citrix and Microsoft have been strategic partners since the beginning of the 1990s. Citrix develops its most important products for the Windows platform and has profound knowledge of Microsoft operating systems and application software. Today, Citrix is a Microsoft Global Gold Certified Partner, and Microsoft is a Premier Plus member of the Citrix Business Alliance Program.
In April 2003, when Windows Server 2003 was launched, Citrix introduced the newest version of their major products to the market: Citrix MetaFrame XP Presentation Server, Feature Release 3. This product extends the functionality of terminal servers and is certified for both Windows Server 2003 and Windows 2000 Server. The Citrix software complies with the strict requirement of the Microsoft program Certified for Windows and thus offers customers a high-quality product.
Until the market introduction of Feature Release 3, Citrix MetaFrame XP Presentation Server was known only as Citrix MetaFrame XP. Now Citrix uses the name MetaFrame as a branding for a complete line of products.
Citrix MetaFrame XP Presentation Server uses Windows Server 2003 as a basis and therefore profits from many of the new functionalities, such as Software Restriction Policies and improved scalability. MetaFrame XP Presentation Server enhances the Windows Server 2003 terminal server components in areas such as management, scalability, security, and flexibility. The extension of the basic terminal server functionalities results in the secure transfer of session data over the Internet, the access to applications and information from virtually every operating system, the management of distributed server groups from one central location, and the optimization of the terminal server scalability.
Citrix MetaFrame XP Presentation Server is available in three different versions, which address different customer needs:
Citrix MetaFrame XP Presentation Server, Standard Edition (XPs) This product is suitable for departments, work groups, or small organizations. It extends the functionalities of the Terminal Services in Windows Server 2003.
Citrix MetaFrame XP Presentation Server, Advanced Edition (XPa) This product is suitable for small to medium-sized organizations. Besides the features of the Standard Edition, it also contains load-balancing mechanisms.
Citrix MetaFrame XP Presentation Server, Enterprise Edition (XPe) This product addresses the needs of large server farms, large organizations, and multinational enterprises with extended requirements concerning management capabilities. Besides the features of the Advanced Edition, it contains additional tools for resource management, software installation, network management, integration into Microsoft Operations Manager (MOM), and extensions for the Web integration.
The components of the new integrated Citrix products named MetaFrame Access Suite offer additional value for MetaFrame installations on terminal servers. Citrix’s change in strategy is evidenced in this product suite. Citrix is now offering solutions that go well beyond the capabilities of MetaFrame XP Presentation Server.
Citrix MetaFrame Secure Access Manager This component provides Web-based user access to published applications and to any internal or external information sources, documents, or services. All these elements can be aggregated and made accessible in a structured and role-based manner using a Web browser interface. The Secure Socket Layer/Transport Layer Security (SSL/TLS) industry standard encryption provides secure ICA and HTTP/HTTPS data streams when used over the Internet. This solution allows secure Web access without the additional costs and implementation efforts of a conventional Virtual Private Network (VPN).
Citrix MetaFrame Conferencing Manager This is the teamwork component of the MetaFrame Access Suite. Geographically distributed users can work on shared applications and documents using the MetaFrame Conferencing Manager. Technically, the Conferencing Manager is based on the mirroring functionalities for user sessions within Citrix MetaFrame XP Presentation Server.
Citrix MetaFrame Password Manager This component provides a single sign-on for access to password-protected Windows-based applications and Web applications, as well as for access to proprietary or host-based applications. Passwords can be changed automatically, and the maintenance of the associated password list is completely invisible to the user.
Citrix MetaFrame Presentation Server for UNIX This component is used to centrally provide and manage UNIX-based and Java-based applications in enterprises to Windows clients. Thus it is possible to combine heterogeneous enterprise server environments with MetaFrame XP Presentation Server for Microsoft Windows. The advantage of such a solution compared to the UNIX standard X11 is that the required network bandwidth of the ICA protocol for presentation and transmission of desktop contents is substantially lower than with X11. This creates the possibility of using the ICA protocol for X11 applications in relatively slow wide-area networks.
With its products, Citrix supports the Microsoft .NET strategy. MetaFrame XP Presentation Server can be used to centrally manage Windows-based applications, built on the .NET Framework, and deploy them on platforms in which the .NET Framework is not supported. The Citrix MetaFrame Access Suite and Windows Server 2003 complement each other in the implementation and management of .NET XML Web Services. In addition, the Citrix technology offers extended security features to users of browser-based Microsoft ASP.NET Web Form applications and .NET Framework Windows Forms applications because user data is not required to be transmitted to the client.
In the following chapters, Windows Server 2003 with installed Citrix MetaFrame XP Presentation Server will be referred to as MetaFrame server.
Similar to Windows Server 2003 Terminal Services, an environment based on Citrix MetaFrame servers consist of several components that can be organized into clients, communication protocol, and server areas. All three areas will be described in this and in the next chapter.
As a starting point, the following are some basic concepts that have a general significance for all three areas:
Published applications Applications that are installed on one or multiple MetaFrame servers. These applications are then made available for clients using a dedicated name. An ICA client can access any of these published applications after they have been configured properly on the server. Only published applications can take advantage of the load-balancing functionalities of a server farm.
Application groups The user’s view on a group of applications that are published in a commonly managed farm of MetaFrame servers. The user must have the appropriate authorization to access all individual applications.
Server farm A group of MetaFrame servers that are defined and managed as one entity. Large server farms might be subdivided into multiple zones to achieve better scalability.
Load-balancing group Multiple closely associated MetaFrame servers that are grouped so that they can provide common applications. If a user wants to launch one of the common applications, the server with the smallest workload is detected by a load-balancer instance. According to the server selected by the load-balancer instance, the connection between client and server is established.
Seamless windows One or more published applications can be launched on a client without the surrounding server desktop. As a result, the application looks as if it were executed locally on the client. If certain parameters (such as encryption, bitmap cache, compression, mouse and keyboard buffer size, audio settings, and number of used colors) stay the same, authentication is needed only when the user launches the first application in a seamless window. Using seamless windows is sensible only if the client has its own fully functioning desktop including proper window management.
How do all these concepts fit together? This is best answered by presenting possible client scenarios of a MetaFrame environment.
The scenario of direct access to the MetaFrame server desktop is equivalent to the connection of an RDP client with an unmodified terminal server. If a user wants to display a remote desktop on the client, he or she selects the IP address or the logical name of the corresponding server. The appropriately authorized user can then launch and use all the installed applications on that desktop.
This access approach can also be used on simple clients that have no desktop or on client desktops with reduced functionalities (such as the Windows CE desktop). However, this approach is not well suited for a group of load-balanced servers because the user must specify a named server connection.
If all of a user’s required applications are not installed on the same terminal server, that user will then create user sessions for each required application that exists on a different terminal server. This is supported by RDP or ICA clients allowing multiple parallel user sessions. For most users, the effect of accessing applications through multiple concurrent desktops is confusing, which often leads to increased support costs.
If terminal servers are used, configuration options in Group Policies, connection type, user account, and MetaFrame server client allow the selection of an application that can be started automatically when a user logs on. After the logon, this application will provide the complete area of the server desktop that is displayed on the client. Configuration of this option is available to either a user on the client side, an administrator who is responsible for the user accounts or the terminal servers administrator. Administrators could simply predefine which application a user is allowed to use by setting up this configuration option in the Active Directory settings, the Group Policy Object Editor, the Terminal Services Manager, the Computer Management, or the MetaFrame server client.
Even if the desktop is not directly visible when the automatic program start option is used, the desktop functionalities are still available, which becomes obvious when the application is minimized to an icon. This approach is still very good for clients with limited local desktop functionalities. However, the restrictions concerning access to desktop elements stay exactly the same as if the user were accessing the desktop directly.
The scenario of a published application is only available in MetaFrame environments and resolves the requirement that the terminal server desktop should not be displayed on the client when a remote application is started. Publishing a MetaFrame server hosted application to a desktop also requires the remote access software to supplement or replace the window manager components providing presentation of desktop elements. This allows the applications published by a Citrix server to be displayed in an individual window on the client desktop. This supplements the concept of seamless windows introduced earlier.
An application can be published from a server or a server farm by assigning a logical network name to the application. This allows the names of the individual servers hosting the terminal server application to lose their significance. Instead of trying to connect to a specific, named server for the application, the client will look for a network service that provides access to the desired application.
This concept of application access abstraction through a logical application namespace is perfectly suited for use on a load-balanced terminal server farm. Consequently, this approach represents a primary benefit for the extension of Windows Server 2003 with Citrix MetaFrame XP Presentation Server.
The scenario of published desktops basically corresponds to published applications, with the difference that a published desktop contains a complete desktop from the terminal server. The primary reason for using a published desktop, instead of direct access to a desktop at a named server, is the requirement to abstract the access method. Again, this approach is very well-suited for load-balanced server farms because the published desktop is accessed by using a logical name and not by using the name of a physical server. As with Citrix application publishing, if a server farm is used, a mechanism is required to provide load-balancing access to the server farm.
The Program Neighborhood is a concept that allows for the automatic provisioning of published applications and published desktops to clients. When the corresponding client software is launched, it provides a complete list of applications and desktops the user is allowed to access. This includes the presentation of the icons of applications installed on the servers without any manual modification of the client desktop settings. Specifically, when using published applications, a user can hardly tell whether an application is installed locally or if it is launched on a remote server. The integration of remote applications into high-end client desktops (such as Windows 2000 Professional or Windows XP) is very close to perfect. All these concepts of Program Neighborhood, published applications, server farms, and seamless windows introduced here will be highlighted from different viewpoint in both this chapter and in Chapter 10.
Other than the concepts introduced earlier in this chapter, the installation of Citrix MetaFrame XP Presentation Server adds a number of specific features to Windows Server 2003. However, these features must be considered separately from the features that are included in an unmodified terminal server, as described in the earlier chapters of this book.
Session shadowing This feature can be compared to the mirroring functionality using the remote control feature in Windows Server 2003. However, session shadowing is based on the mechanisms provided by Citrix MetaFrame XP Presentation Server. If shadowing is required, users who do not belong to the administrators group can initiate the shadowing. This scenario is often used when multiple users are supposed to cooperate in one session.
Encryption All data streams to and from a MetaFrame server can be encrypted using different encryption algorithms compared to the Remote Desktop Protocol. This includes a key length of up to 128 bits and therefore allows secure communication.
Color depth and screen resolution Sessions on a MetaFrame server support a color depth of up to 24 bits and a screen resolution of up to 64,000 by 64,000 pixels.
Support of multiple monitors As an enhancement of the multi-monitor support of Windows 98, Windows 2000, and Windows XP, the ICA Win32 client allows the concurrent use of multiple monitors. This functionality is often needed for computer-based workplaces—for example, in finance or in energy provider network environments.
Panning and scaling If the required resolution of a user session is larger than the physical resolution of a client’s desktop, you can pan the session window around the client desktop. Additionally, shrinking the perceived size can scale a user session with a high resolution.
Content redirection This functionality defines whether a local or a remote application is to be started when files or links are opened. This content redirection makes it possible for an application that is available only on a MetaFrame server farm to open locally stored documents. MetaFrame servers allow the central management of content redirection in the same way as published applications are managed.
Mapping of local resources Citrix MetaFrame XP Presentation Server allows the redirection of local disk drives, ports, printers, and the clipboard to the remote user session. However, this feature is not very different from the corresponding mechanisms on an unmodified terminal server.
Centralized printer management Printer drivers and printer configurations can be replicated from one MetaFrame server to another MetaFrame server. Additionally, it is possible to “import” existing Windows print servers into MetaFrame servers.
Pass-through authentication The credentials of users who are already logged on to clients in the corporate network can also be reused for the automatic authentication on a MetaFrame server.
Automatic reconnection Selecting the appropriate server configuration allows the automatic reconnection of a user session when the client was disconnected unintentionally from a MetaFrame server. The underlying algorithm and the corresponding dialog boxes are different from those on an unmodified terminal server.
Administration delegation Any users can be assigned to a role where they are allowed to perform a subset of administrative tasks. This functionality is of great importance for larger environments.
Smart card support Supporting smart card readers on the client platforms allows the pass-through of logon credentials to the MetaFrame server using the ICA protocol and, thus, allowing access to published applications.
Microsoft Windows Installer support All software components coming with Citrix MetaFrame XP Presentation Server are delivered as .msi files.
Citrix MetaFrame XP Presentation Server is not an operating system; it is just a system extension. This extension consists of a number of Windows services and additional system tools. This is why Windows Server 2003 with Terminal Services activated in application server mode must be implemented on a server before the installation of Citrix MetaFrame XP Presentation Server is possible.
All functionalities of an unmodified terminal server as they were described earlier in this book will still be available after the installation of Citrix MetaFrame XP Presentation Server.
Citrix MetaFrame XP Presentation Server was developed to support multiple users logged on concurrently on Windows Server 2003. The prerequisites for MetaFrame server hardware is identical to what was already described in Chapter 1 for unmodified terminal servers. The quality of processors, hard drives, and memory is primarily responsible for the performance of a MetaFrame server.
The system architecture of a MetaFrame server is not very different from an unmodified terminal server. The main difference is the ICA communication protocol that is established in addition to RDP.