Solved

Installing Citrix

Posted on 2009-05-06
12
4,010 Views
Last Modified: 2013-11-11
Hello - I have Citrix XenApp 5 and my goal is to install one app for our doctors to access from outside internet. I have already installed and tested, however I had to wipe and do a clean install of the os as I accadently installed 32bit os. I will have more then 4GB of RAM, so I had to install 64bit  Server 2008 STD. So I've completed the install of the OS and I have another server that I'd like to use as a Web Interface, however this server has Server 2003 STD and I'm not sure if i can use two differant NOS in a Citrix environment.

I'm utilizing www,dabcc.com Learning the basic of Citrix XenApp 5 for Windows Server 2008 as this proved to be very fruitful the first time I've installed Citrix. I installed all components on one server, but did'nt complete the Intergrating Web Interface 4.6, Citrix Secure Gateway 3.1 and a GoDaddy Wildcard SSL Certificate. I have two servers and I'm not sure what components I install on each server. I'd like to make sure that I'm installing correctly. I'd like to plan a successful install.

Server #1 Server 2008 Std 64bit
Not a DC, however in my domain (RAPA.local)
Server #2 Server 2003 Std 32bit
Not a DC, however in my domain (RAPA.local)

Both are behind a Sonicwall TZ190 Firewall and I'll be utilizing a T1 pipe out to the internet.

I appreciate all your help.

nimdatx
0
Comment
Question by:nimdatx
  • 8
  • 4
12 Comments
 
LVL 19

Expert Comment

by:BLipman
ID: 24316805
You will be fine, here is what I would do were I in your shoes:

Server 1: yes, 64-bit W2K8, load XenApp 5, make it the Data Collector (you don't have to do anything special, it will assume this role on its own), run your apps here

Server 2: 32-bit W2K3, load Citrix Web Interface and Citrix Secure Gateway

All traffic will go to Server 2 via port 443 and proxy to Server 1 so the only ports you need to open are 80 and 443 to Server 2; you can place this in a DMZ if you like.  The mixed OS is even less important since you aren't really joining Server 2 to the farm (per se), it is the agent that brings users to the farm.  
That said, I have a mixed farm, W2K8 with W2K3 and it works fine.  
0
 
LVL 1

Author Comment

by:nimdatx
ID: 24318019
Server #1 - Do I load all components from disk and load load Web interface and Citrix Secure Gateway?
0
 
LVL 1

Author Comment

by:nimdatx
ID: 24318634
On server 1 do I install:

Access Management Console
Web Interface
Xenapp
Passthrough Client
Citrix XenApp Plugin for Streamed Apps
XenApp Advance Configuration

Server 2 Install:

Licensing Server
Web Interface
Citrix Secure Gateway

Does it matter if I install web interface on both servers. Where can I find instructions on how to do this step-by-step?

I appreciate all your help.
0
 
LVL 19

Expert Comment

by:BLipman
ID: 24319032
On server 1 do I install:

Access Management Console
Web Interface<----------------------not needed on this server
Xenapp
Passthrough Client
Citrix XenApp Plugin for Streamed Apps
XenApp Advance Configuration

Server 2 Install:

Licensing Server
Web Interface
Citrix Secure Gateway

Installing WI on both boxes is not something I like to do...I keep IIS off of a server if I can do so.  More attack surface.  You can serve internal and external WI requests via server 2 just fine.  

Here is a great place to start for help: http://carlwebster.com/blogs/webster/archive/2009/01/03/Learning-the-Basics-of-XenApp-5-for-Windows-Server-2008-Part-1-of-7.aspx

Ben
0
 
LVL 1

Author Comment

by:nimdatx
ID: 24320183
How do you setup Server 1 to recognize server 2 web interface. you mentioned setting up a proxy and ports 80 - 443 to server 2, can you explain how to do this? Sorry if I don't make sense, but I'm trying to understand.
 
Do I uninstall IIS off server 1 if I do not use WI?

I agree that carlwebster is a great place to start, however I'm setting up on two servers, not one. I'd like to just make sure I do this correct.

Thanks,

nimdatx
0
 
LVL 19

Accepted Solution

by:
BLipman earned 500 total points
ID: 24320426
You will need to do a little bit of extrapolation to adapt the "all in one" instructions to a multi server environment but the fundamentals are the same.  Yes, if you already have IIS on the W2K8 server remove it.  

Don't get too wrapped up in my terminology regarding "proxy"; I mean that in a loose sense.  There is no proxy server in this scenario (and if you have one we may need to adjust things to get web traffic flowing through it properly).  The secure gateway, in combination with the Web Interface act as a "sort of" proxy for clients authenticating to the farm, finding apps, and running them.  

Here is an overview:
-client launches URL to your WI/CSG web site, they sign in and see a list of applications they have rights to see (based on what users you added when you published the apps)
--in the background, the CSG took the page request, contacted the WI, in this case on the same machine, passed it the credentials, the WI passes the logon request and application rights query to the STA.  The STA is, in this case, your W2K8/XenApp5 server.  The STA replies with the list of apps the user gets to see, the WI and CSG form a list, and present it to the user.  
--ok, at this point, you have just done what the Program Neighborhood does when a user launches it, signs in, and gets a list of apps.  All you have done is perform this, clientless, through a secure web site without actually having the PC talk to the Citrix server (the one running XenApp) so, in a sense, you have proxied the traffic to the farm.  Furthermore, with CSG, all of this takes place between the end user and the CSG over port 443-tcp; you never have traffic going from the Internet to the farm.  One port serves all servers.  One pinhole in the firewall.  

(back to the process)
-Now that the client has an app list, the click an app, it then forms a launch.ica file which the client opens (the file association belongs to the installed Citrix client or fails if you don't have one loaded).  The installed client, either Web Client or Program Neighborhood, opens the file, deletes it, and uses the settings embedded in it to request a launch of that app
-Same process pretty much here: local client, using the settings from the launch.ica file, contacts the CSG who contacts the WI who contacts the farm and the session is established THROUGH 443 THROUGH the CSG.  Yes, if your CSG server bounces then all sessions terminate...don't stop this service lightly in a production farm.  

There are some more complications with the Session Reliability feature but that is pretty much just using a different port.  There is a ton more to the process...in fact...I have an old graphic of the process...let me attach it for you and you will see why this is tricky to learn.  (mind you, this picture is just the logon process)
Citrix-Logon-Chart---300dpi.jpg
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 1

Author Comment

by:nimdatx
ID: 24320601
WOW VERY GOOD explaination. Let me sponge this information over the night and I will be back in the morning. I will be awarding points soon and I'd like your help once I move to the next steps. I need to get this project completed as the doctors are getting excited about accessing our EMR application from outside.
Can I email you any future questions Citrix, so you can earn more points?

I really appreciate all your help and support and I see that you passionatly enjoy your work.

nimdatx







I will
0
 
LVL 1

Author Comment

by:nimdatx
ID: 24320620
Any good books you recommend?

XenApp 5.0 - Server 2008
0
 
LVL 1

Author Comment

by:nimdatx
ID: 24320631
What do you think about these books?

The Real Citrix CCA Exam Preparation Kit: Prepare for XenApp 5.0 by Shawn Tooley

Citrix Presentation Server Platinum Edition Advanced Concepts: The Official Guide

0
 
LVL 19

Expert Comment

by:BLipman
ID: 24320823
Thanks for the kind words, I really do enjoy my job :-)  

I tend to read the Admin guides (http://support.citrix.com/article/CTX112223) and Advanced Concepts guides (http://support.citrix.com/article/CTX107059) that Citrix puts out.  

I also own the "XenApp Platinum Advanced Concepts, official guide" but haven't read it yet.  

I always liked Doug Brown's MIAB: http://www.dabcc.com/miab/

Mostly, you get a ton of knowledge just building and supporting these systems.  You can get Not for Resale licensing cheap from Citrix and have a nice little 5 user test farm to do your worst with.  Build it, break it, fix it, repeat.  I have installed somewhere along the lines of 100 small farms, never one over 10 servers though.  This gave me a pretty wide array of knowledge but I am lacking when it comes to things like CAG, app streaming, password manager, RSA security because my clients don't use those features.  

Of course, if you have issues, post them here, there is a great community of IT pros here just waiting to help!

Ben
0
 
LVL 1

Author Comment

by:nimdatx
ID: 24325801
What does STA stand for?

I've installed the Web Interface 4.6 on the 2003 server (2) and inthe process of installing CSG 3.1.

The server is installing ASP.NET page 7 of 44 of Integrating Web Interface, CSG 3.1.

I look to have this done today.

Thanks,
nimdatx
0
 
LVL 1

Author Comment

by:nimdatx
ID: 24327055
In my test environment I installed the license manager on 2008 machine and I've uninstalled/reinstalled without the licensing manager. How do I move them to 2003 server which has WI & CSG. I've logged onto mycitrix and I've noticed that host name is WIN08CITRIX which is the host name on 2008 server.

How do I move and setup on 2003 server?

I've completed the following;
Installed Xenapp on 2008 server and all prerequisites.
I did not install WI or License Manager console, I'd like to move to 2003 server.

Install Windows prerequisites for Web Interface  - DONE
Install Web Interface 4.6 - DONE
Install the update to Access Management Console  for Web Interface 4.6 - DONE
Create and configure a basic XenApp site  - DONE (https://ecwtraingingdb/Citrix/AccesPlatform) I'm using port 8080

Error message is attached.


Test unsecure access to published applications

Errror-Message.bmp
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

For Backups Guest OS files and indexing(and application awareness), Veeam needs Admin rights in Guest OS(Windows and Linux). In Windows a Domain Administrator account, and in Linux root access to perform this type of Backups and also Restore.
It Is not possible to enable LLDP in vSwitch(at least is not supported by VMware), so in this article we will enable this, and also go trough how to enabled CDP and how to get this information in vSwitches and also in vDS.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
In this video tutorial I show you the main steps to install and configure  a VMware ESXi6.0 server. The video has my comments as text on the screen and you can pause anytime when needed. Hope this will be helpful. Verify that your hardware and BIO…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now