Solved

Citrix Remote Access

Posted on 2006-07-23
7
455 Views
Last Modified: 2013-11-21
Hi,

Have been looking through this site and others as to what Terminal Services solution to run with.

Background to ths situation is here http://www.experts-exchange.com/Networking/Q_21928425.html

But roughly,

Laptops currently connect over IPSec to VPN via Cisco 3030 conentrator which I beleive also supports SSL-VPN

This passes the user onto the central LAN where I want remote users to connect to a terminal services server.

There are maximum 100 users, each requiring access to Microsoft Office 2003 (Word, Excel, Access and Powerpoint), Internet Explorer, Adobe Acrobat and network share folders.

Each user has a PC/Laptop but many also have PDA's and tablet PC's.  Therefore, Citrix which supports these, I believe is the better option.

ICA protocol outperforms RDP, and because the settings are downloaded into a java applet each connection, Citrix has better management capability.

Also, I read Windows 2003 TS struggled over 70 users where Citrix would not.

I have left my details to be contacted by Citrix sales.
Before talking with their sales people, I would like to have an idea what I need and estimate cost rather than what they tell me I need and what it will cost.

What I would like to know is:

For between 70 and 100 users, say 50 concurrent at any one time which would be highly unlikely to get that high.

How many servers in the farm (Would two be enough)?
What spec (Duel Xeon with 4GB)?
Is one accessed more than others or would using round robin with one fqdn and multile ip addresses share the load?
Can I use the cisco 3030 SSL VPN or do I need citrix hardware to access (accelerate)?
I take it this is active directory integrated?

Thanks
Jess
0
Comment
Question by:jessmca
7 Comments
 
LVL 11

Accepted Solution

by:
bwalker1 earned 350 total points
ID: 17164773
I think you could safely run two servers in the farm with the specs you suggested.  (4g of RAM and a dual proc)  We have two Citrix servers which have a single xeon proc and 2G of RAM that handle 10 users a piece no problem.  You should be able to handle at least 25 connections on each server with the hardware we are discussing.

We use a 'Secure Gateway' server.  It is a web server that handles Citrix requests.  It will split the users among as many servers as you have.  So 1 IP is all you need.  The 'Secure Gateway' passes the requests internally to Citrix application servers.  Each server would have applications like Microsoft Office installed on them.

You wouldn't need a VPN because you would be connecting to the web server which is encrypted with a certificate. Also ICA and RDP are both encrypted protocols and only keystrokes are transmitted across the web.

It is active directory integrated.  Users use the same logins as they would in the office.
0
 
LVL 11

Expert Comment

by:bwalker1
ID: 17164780
I should add, keystrokes, mouse clicks, and screen shots are all that is transmitted over the web. :)
0
 
LVL 11

Expert Comment

by:bwalker1
ID: 17164795
According to this link from Cisco you can use the 3030 with Citrix.  I haven't used a concentrator with Citrix so I wouldn't be able to answer any details about implementation.  

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_data_sheet09186a00801d3b56.html
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 5

Expert Comment

by:shniz123
ID: 17164961
No doubt you'll want to use the Secure Gateway. It's ease of use and management will make your life better. My general rule of thumb for RAM is 1.5MB per user. Beyond that just about any new proc should run Citrix just fine. If you can I'd recommend something 64x or dual proc. I typically have 30-50 users connected per server. I manage a 15 server farm cluster on W2k3. During a past fail over I saw 80+ connections and they still hummed along. Get the beefiest boxes you can in your budget. If you had x8RAM and dual proc I think you could probably get away with 2 servers. Office requires more memory to run that IE for Sharepoint but with 8 you should have enough.

As for Citrix Hardware, I think the NetScaler is a good unit and provides good load balancing and compression. You don't 'have' to have one but at the edge of your network they are handy to have.

0
 
LVL 4

Assisted Solution

by:nexusds
nexusds earned 150 total points
ID: 17165121
regardless of citrix or windows rdp, you should run two servers with that number of users.. for window rdp, you will need the ent edition of windows 2003 and using a feature called session directory (included). each a dual xeon with 4GB or 8GB RAM (start with 4 and see how it goes, RAM gets cheaper later in life)

If you have another server, great - and use this for storing user profiles and other features - ensure these two new servers are strictly like workstations and with like installs (when you make a change to one, ensure it's done to the other)

Also regardless, I recommend any VPN solution for secuity - let them have web access to email if using exchange, etc.. but that's it.
0
 
LVL 8

Author Comment

by:jessmca
ID: 17170775
bwalker1

So a two serer farm with 20 users connected works fine with single xeon and 2GB ram.  
Excellent

So Dual Xeon with 4Gb should handle 50, 25 on each
I dount there will be more than 25 users connected ever at one time

nexusds

So you reckon using the existing IPSec VPN connection would be ok?

That would make life easier if it wouldnt effect performance any serious amount..

Thanks
Jess
0
 
LVL 4

Expert Comment

by:nexusds
ID: 17170927
a dual xeon (in either case with hyperthread enabled) is better.. the trick is if any one process uses up a lot of cpu time, you want something available for others.

existing IPSec is fine...
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now