Solved

Citrix Remote Access

Posted on 2006-07-23
7
459 Views
Last Modified: 2013-11-21
Hi,

Have been looking through this site and others as to what Terminal Services solution to run with.

Background to ths situation is here http://www.experts-exchange.com/Networking/Q_21928425.html

But roughly,

Laptops currently connect over IPSec to VPN via Cisco 3030 conentrator which I beleive also supports SSL-VPN

This passes the user onto the central LAN where I want remote users to connect to a terminal services server.

There are maximum 100 users, each requiring access to Microsoft Office 2003 (Word, Excel, Access and Powerpoint), Internet Explorer, Adobe Acrobat and network share folders.

Each user has a PC/Laptop but many also have PDA's and tablet PC's.  Therefore, Citrix which supports these, I believe is the better option.

ICA protocol outperforms RDP, and because the settings are downloaded into a java applet each connection, Citrix has better management capability.

Also, I read Windows 2003 TS struggled over 70 users where Citrix would not.

I have left my details to be contacted by Citrix sales.
Before talking with their sales people, I would like to have an idea what I need and estimate cost rather than what they tell me I need and what it will cost.

What I would like to know is:

For between 70 and 100 users, say 50 concurrent at any one time which would be highly unlikely to get that high.

How many servers in the farm (Would two be enough)?
What spec (Duel Xeon with 4GB)?
Is one accessed more than others or would using round robin with one fqdn and multile ip addresses share the load?
Can I use the cisco 3030 SSL VPN or do I need citrix hardware to access (accelerate)?
I take it this is active directory integrated?

Thanks
Jess
0
Comment
Question by:jessmca
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 11

Accepted Solution

by:
bwalker1 earned 350 total points
ID: 17164773
I think you could safely run two servers in the farm with the specs you suggested.  (4g of RAM and a dual proc)  We have two Citrix servers which have a single xeon proc and 2G of RAM that handle 10 users a piece no problem.  You should be able to handle at least 25 connections on each server with the hardware we are discussing.

We use a 'Secure Gateway' server.  It is a web server that handles Citrix requests.  It will split the users among as many servers as you have.  So 1 IP is all you need.  The 'Secure Gateway' passes the requests internally to Citrix application servers.  Each server would have applications like Microsoft Office installed on them.

You wouldn't need a VPN because you would be connecting to the web server which is encrypted with a certificate. Also ICA and RDP are both encrypted protocols and only keystrokes are transmitted across the web.

It is active directory integrated.  Users use the same logins as they would in the office.
0
 
LVL 11

Expert Comment

by:bwalker1
ID: 17164780
I should add, keystrokes, mouse clicks, and screen shots are all that is transmitted over the web. :)
0
 
LVL 11

Expert Comment

by:bwalker1
ID: 17164795
According to this link from Cisco you can use the 3030 with Citrix.  I haven't used a concentrator with Citrix so I wouldn't be able to answer any details about implementation.  

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_data_sheet09186a00801d3b56.html
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 5

Expert Comment

by:shniz123
ID: 17164961
No doubt you'll want to use the Secure Gateway. It's ease of use and management will make your life better. My general rule of thumb for RAM is 1.5MB per user. Beyond that just about any new proc should run Citrix just fine. If you can I'd recommend something 64x or dual proc. I typically have 30-50 users connected per server. I manage a 15 server farm cluster on W2k3. During a past fail over I saw 80+ connections and they still hummed along. Get the beefiest boxes you can in your budget. If you had x8RAM and dual proc I think you could probably get away with 2 servers. Office requires more memory to run that IE for Sharepoint but with 8 you should have enough.

As for Citrix Hardware, I think the NetScaler is a good unit and provides good load balancing and compression. You don't 'have' to have one but at the edge of your network they are handy to have.

0
 
LVL 4

Assisted Solution

by:nexusds
nexusds earned 150 total points
ID: 17165121
regardless of citrix or windows rdp, you should run two servers with that number of users.. for window rdp, you will need the ent edition of windows 2003 and using a feature called session directory (included). each a dual xeon with 4GB or 8GB RAM (start with 4 and see how it goes, RAM gets cheaper later in life)

If you have another server, great - and use this for storing user profiles and other features - ensure these two new servers are strictly like workstations and with like installs (when you make a change to one, ensure it's done to the other)

Also regardless, I recommend any VPN solution for secuity - let them have web access to email if using exchange, etc.. but that's it.
0
 
LVL 8

Author Comment

by:jessmca
ID: 17170775
bwalker1

So a two serer farm with 20 users connected works fine with single xeon and 2GB ram.  
Excellent

So Dual Xeon with 4Gb should handle 50, 25 on each
I dount there will be more than 25 users connected ever at one time

nexusds

So you reckon using the existing IPSec VPN connection would be ok?

That would make life easier if it wouldnt effect performance any serious amount..

Thanks
Jess
0
 
LVL 4

Expert Comment

by:nexusds
ID: 17170927
a dual xeon (in either case with hyperthread enabled) is better.. the trick is if any one process uses up a lot of cpu time, you want something available for others.

existing IPSec is fine...
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question