Citrix Remote Access

Hi,

Have been looking through this site and others as to what Terminal Services solution to run with.

Background to ths situation is here http://www.experts-exchange.com/Networking/Q_21928425.html

But roughly,

Laptops currently connect over IPSec to VPN via Cisco 3030 conentrator which I beleive also supports SSL-VPN

This passes the user onto the central LAN where I want remote users to connect to a terminal services server.

There are maximum 100 users, each requiring access to Microsoft Office 2003 (Word, Excel, Access and Powerpoint), Internet Explorer, Adobe Acrobat and network share folders.

Each user has a PC/Laptop but many also have PDA's and tablet PC's.  Therefore, Citrix which supports these, I believe is the better option.

ICA protocol outperforms RDP, and because the settings are downloaded into a java applet each connection, Citrix has better management capability.

Also, I read Windows 2003 TS struggled over 70 users where Citrix would not.

I have left my details to be contacted by Citrix sales.
Before talking with their sales people, I would like to have an idea what I need and estimate cost rather than what they tell me I need and what it will cost.

What I would like to know is:

For between 70 and 100 users, say 50 concurrent at any one time which would be highly unlikely to get that high.

How many servers in the farm (Would two be enough)?
What spec (Duel Xeon with 4GB)?
Is one accessed more than others or would using round robin with one fqdn and multile ip addresses share the load?
Can I use the cisco 3030 SSL VPN or do I need citrix hardware to access (accelerate)?
I take it this is active directory integrated?

Thanks
Jess
LVL 8
jessmcaAsked:
Who is Participating?
 
bwalker1Commented:
I think you could safely run two servers in the farm with the specs you suggested.  (4g of RAM and a dual proc)  We have two Citrix servers which have a single xeon proc and 2G of RAM that handle 10 users a piece no problem.  You should be able to handle at least 25 connections on each server with the hardware we are discussing.

We use a 'Secure Gateway' server.  It is a web server that handles Citrix requests.  It will split the users among as many servers as you have.  So 1 IP is all you need.  The 'Secure Gateway' passes the requests internally to Citrix application servers.  Each server would have applications like Microsoft Office installed on them.

You wouldn't need a VPN because you would be connecting to the web server which is encrypted with a certificate. Also ICA and RDP are both encrypted protocols and only keystrokes are transmitted across the web.

It is active directory integrated.  Users use the same logins as they would in the office.
0
 
bwalker1Commented:
I should add, keystrokes, mouse clicks, and screen shots are all that is transmitted over the web. :)
0
 
bwalker1Commented:
According to this link from Cisco you can use the 3030 with Citrix.  I haven't used a concentrator with Citrix so I wouldn't be able to answer any details about implementation.  

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_data_sheet09186a00801d3b56.html
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
shniz123Commented:
No doubt you'll want to use the Secure Gateway. It's ease of use and management will make your life better. My general rule of thumb for RAM is 1.5MB per user. Beyond that just about any new proc should run Citrix just fine. If you can I'd recommend something 64x or dual proc. I typically have 30-50 users connected per server. I manage a 15 server farm cluster on W2k3. During a past fail over I saw 80+ connections and they still hummed along. Get the beefiest boxes you can in your budget. If you had x8RAM and dual proc I think you could probably get away with 2 servers. Office requires more memory to run that IE for Sharepoint but with 8 you should have enough.

As for Citrix Hardware, I think the NetScaler is a good unit and provides good load balancing and compression. You don't 'have' to have one but at the edge of your network they are handy to have.

0
 
nexusdsCommented:
regardless of citrix or windows rdp, you should run two servers with that number of users.. for window rdp, you will need the ent edition of windows 2003 and using a feature called session directory (included). each a dual xeon with 4GB or 8GB RAM (start with 4 and see how it goes, RAM gets cheaper later in life)

If you have another server, great - and use this for storing user profiles and other features - ensure these two new servers are strictly like workstations and with like installs (when you make a change to one, ensure it's done to the other)

Also regardless, I recommend any VPN solution for secuity - let them have web access to email if using exchange, etc.. but that's it.
0
 
jessmcaAuthor Commented:
bwalker1

So a two serer farm with 20 users connected works fine with single xeon and 2GB ram.  
Excellent

So Dual Xeon with 4Gb should handle 50, 25 on each
I dount there will be more than 25 users connected ever at one time

nexusds

So you reckon using the existing IPSec VPN connection would be ok?

That would make life easier if it wouldnt effect performance any serious amount..

Thanks
Jess
0
 
nexusdsCommented:
a dual xeon (in either case with hyperthread enabled) is better.. the trick is if any one process uses up a lot of cpu time, you want something available for others.

existing IPSec is fine...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.