Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Citrix Remote Access

Posted on 2006-07-23
7
458 Views
Last Modified: 2013-11-21
Hi,

Have been looking through this site and others as to what Terminal Services solution to run with.

Background to ths situation is here http://www.experts-exchange.com/Networking/Q_21928425.html

But roughly,

Laptops currently connect over IPSec to VPN via Cisco 3030 conentrator which I beleive also supports SSL-VPN

This passes the user onto the central LAN where I want remote users to connect to a terminal services server.

There are maximum 100 users, each requiring access to Microsoft Office 2003 (Word, Excel, Access and Powerpoint), Internet Explorer, Adobe Acrobat and network share folders.

Each user has a PC/Laptop but many also have PDA's and tablet PC's.  Therefore, Citrix which supports these, I believe is the better option.

ICA protocol outperforms RDP, and because the settings are downloaded into a java applet each connection, Citrix has better management capability.

Also, I read Windows 2003 TS struggled over 70 users where Citrix would not.

I have left my details to be contacted by Citrix sales.
Before talking with their sales people, I would like to have an idea what I need and estimate cost rather than what they tell me I need and what it will cost.

What I would like to know is:

For between 70 and 100 users, say 50 concurrent at any one time which would be highly unlikely to get that high.

How many servers in the farm (Would two be enough)?
What spec (Duel Xeon with 4GB)?
Is one accessed more than others or would using round robin with one fqdn and multile ip addresses share the load?
Can I use the cisco 3030 SSL VPN or do I need citrix hardware to access (accelerate)?
I take it this is active directory integrated?

Thanks
Jess
0
Comment
Question by:jessmca
7 Comments
 
LVL 11

Accepted Solution

by:
bwalker1 earned 350 total points
ID: 17164773
I think you could safely run two servers in the farm with the specs you suggested.  (4g of RAM and a dual proc)  We have two Citrix servers which have a single xeon proc and 2G of RAM that handle 10 users a piece no problem.  You should be able to handle at least 25 connections on each server with the hardware we are discussing.

We use a 'Secure Gateway' server.  It is a web server that handles Citrix requests.  It will split the users among as many servers as you have.  So 1 IP is all you need.  The 'Secure Gateway' passes the requests internally to Citrix application servers.  Each server would have applications like Microsoft Office installed on them.

You wouldn't need a VPN because you would be connecting to the web server which is encrypted with a certificate. Also ICA and RDP are both encrypted protocols and only keystrokes are transmitted across the web.

It is active directory integrated.  Users use the same logins as they would in the office.
0
 
LVL 11

Expert Comment

by:bwalker1
ID: 17164780
I should add, keystrokes, mouse clicks, and screen shots are all that is transmitted over the web. :)
0
 
LVL 11

Expert Comment

by:bwalker1
ID: 17164795
According to this link from Cisco you can use the 3030 with Citrix.  I haven't used a concentrator with Citrix so I wouldn't be able to answer any details about implementation.  

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_data_sheet09186a00801d3b56.html
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 5

Expert Comment

by:shniz123
ID: 17164961
No doubt you'll want to use the Secure Gateway. It's ease of use and management will make your life better. My general rule of thumb for RAM is 1.5MB per user. Beyond that just about any new proc should run Citrix just fine. If you can I'd recommend something 64x or dual proc. I typically have 30-50 users connected per server. I manage a 15 server farm cluster on W2k3. During a past fail over I saw 80+ connections and they still hummed along. Get the beefiest boxes you can in your budget. If you had x8RAM and dual proc I think you could probably get away with 2 servers. Office requires more memory to run that IE for Sharepoint but with 8 you should have enough.

As for Citrix Hardware, I think the NetScaler is a good unit and provides good load balancing and compression. You don't 'have' to have one but at the edge of your network they are handy to have.

0
 
LVL 4

Assisted Solution

by:nexusds
nexusds earned 150 total points
ID: 17165121
regardless of citrix or windows rdp, you should run two servers with that number of users.. for window rdp, you will need the ent edition of windows 2003 and using a feature called session directory (included). each a dual xeon with 4GB or 8GB RAM (start with 4 and see how it goes, RAM gets cheaper later in life)

If you have another server, great - and use this for storing user profiles and other features - ensure these two new servers are strictly like workstations and with like installs (when you make a change to one, ensure it's done to the other)

Also regardless, I recommend any VPN solution for secuity - let them have web access to email if using exchange, etc.. but that's it.
0
 
LVL 8

Author Comment

by:jessmca
ID: 17170775
bwalker1

So a two serer farm with 20 users connected works fine with single xeon and 2GB ram.  
Excellent

So Dual Xeon with 4Gb should handle 50, 25 on each
I dount there will be more than 25 users connected ever at one time

nexusds

So you reckon using the existing IPSec VPN connection would be ok?

That would make life easier if it wouldnt effect performance any serious amount..

Thanks
Jess
0
 
LVL 4

Expert Comment

by:nexusds
ID: 17170927
a dual xeon (in either case with hyperthread enabled) is better.. the trick is if any one process uses up a lot of cpu time, you want something available for others.

existing IPSec is fine...
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question