Avatar of Pau Lo
Pau Lo
 asked on

XenApp audits

Sorry to sound naive re citrix, but a few citrix/terminal services basics if I may:

1) When a user logs onto to a PC in the domain, once authenticated, they then (by double clicking a citrix shortcut) launch a citrix session which again prompts for username / password (what is that launcher/software called).

2) Also - if you have a busy network, am I right in thinking there will be a bunch of citrix servers to handle user demand? Is this called a farm?

3) What tool/feature in citrix determines which of the servers you will be logged into? And based on what parameters does it make that decision, i.e. this servers bust log the next lot of users on that server instead

4) By default out the box, do the citrix servers log which users logged on to which citrix servers and at what time? If so where would the logs be held?
Remote AccessCitrixWindows Server 2003

Avatar of undefined
Last Comment
Carl Webster

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Carl Webster

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Pau Lo

ASKER
Re 4 if you have 5 xenapp servers are yu going to have to check 5 security logs to see who logged in which when. Or does this load balancer have a log of who accessed which server when?
Carl Webster

You will need to check all 5.  XenApp does not provide and centralized logging of what users logged into what server or which users ran which applications from what server or at what time and for how long.
Pau Lo

ASKER
Ok one more quick question. Our setup is so you login to your pc via domain creds then you login to citrix creds. So you could access internet explorer via your desktop pc or via the citrix session. Is this type of setup called a specific name in the citrix world, as I assume you can configure the login process to log straight in to a citrix server bypassing the desktop? Do each type of configs have a specific label in the citrix world? And re the second type ie bypassing the desktop what mechanics log you straight into citrix are these scripts or some kind or another tool?
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Carl Webster

Sounds like you are using PNAgent without pass-through authentication.

I would suggest you start here:

http://support.citrix.com/proddocs/topic/web-interface-impington/wi-library-wrapper-impington.html
Pau Lo

ASKER
Thanks carl, re no pass through and pass through, in your experience can you think of any reason or technicla reason why an admin would opt for no pass through authentication as opposed to using pass through. Are there pros and cons to both or issues that may arise when using one or the other which would sway a design decision to use one or the other?
Carl Webster

security vs ease of use.  Always a tradeoff.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Pau Lo

ASKER
Which is least secure? And why...
Carl Webster

If my credentials are automatically passed through to the XenApp server, some would see that as a security risk.
Pau Lo

ASKER
As they aren't encrypted?
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Carl Webster

Unless you use IPSEC I believe they are not encrypted.  I am not 100% positive of that though.  That is why a lot of people require both internal and external users to go thru a Citrix Access Gateway or NetScaler so that everything is encrypted.
Pau Lo

ASKER
Ok thanks just to sweep up one final thing:

>.  Various names:  PNAgent, online client, online plugin or Receiver.

Can you tell just from the shortcut on the desktop which of these are being used? Are some of these clients based on where you are connecting from? Ie are some for internal users others external? Or why so many different clients? What do some do offer that others don't?
Carl Webster

Citrix is famous for changing names and functionality.  Answering your questions could take a very long time.  Citrix provides client software for all kinds of devices and operating systems.  I would suggest you take a look here:

http://support.citrix.com/proddocs/topic/receiver/rec-receiver-and-plugins.html
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.