Citrix Presentation Server What s NEW in version 4.5

Citrix Presentation Server What s NEW in version 4.5 PowerPoint PPT Presentation


  • 372 Views
  • Uploaded on
  • Presentation posted in: General

Download Presentation

Citrix Presentation Server What s NEW in version 4.5

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


1. Citrix Presentation Server What’s NEW in version 4.5 Alexander Kroshkin Team Lead, Systems Engineering, Eastern Europe Citrix Systems

2. Six Keys to Successful Application Delivery

3. Agenda Introducing Citrix Presentation Server 4.5 New Features Demonstrations (hopefully ?)

4. Introducing Presentation Server 4.5 Application Delivery System for All Windows Apps Application Performance Monitoring for visibility into the access experience Application Streaming for instant delivery to servers and desktops SpeedScreen™ Progressive Display for faster graphics performance Automated Server Recovery for enhanced reliability Universal SSL VPN gateway (aka Access Gateway ?) for secure remote access Password Management for strongest application security

5. Presentation Server 4.0

6. Presentation Server 4.5

7. Presentation Server Add-ons

8. Agenda Introducing Citrix Presentation Server 4.5 New Features Demonstrations (hopefully ?)

9. Consistent, User-centric View

10. EdgeSight Provides Visibility

11. EdgeSight Architecture

12. Application Performance Monitoring Example Reports

13. Understanding Stability

14. Application Faults – Details For Your App Dev Teams

15. Application Streaming

16. What is Application Streaming? Application Delivery to the desktop or server without actual installation of the application Simplifies the management and delivery of applications Application runs inside an isolated environment Eliminates application conflicts

17. Streaming & Isolation Packaging

18. Existing Challenges Regression testing Customized packaging Distribution to appropriate clients Installation on client machine Maintenance Retirement Application compatibility Application certification Frequent application updates Cost of application deployment/change Efficient use of IT resources

19. Application Streaming Solution The best way to avoid application conflicts is to avoid installation Stream applications on-demand from a central location Run applications in a protected isolation environment Minimize all aspects of the Application Lifecycle: Testing Packaging Distribution Installation Maintenance Retirement

20. Single Image to Manage

21. Benefits of Streaming On-demand Latest version Apps work Local resources Apps “To Go” Test one environment Deploy & update centrally Reduce support calls Disaster recovery

22. Application Streaming Architecture

23. Streaming to Server - Deployment

24. Streaming to Desktop - Deployment

25. Dual-Mode Streaming

26. Streaming Offline vs. Online Online streaming - the client machine is connected to the network Uses standard CCU license Offline streaming - the client machine is not connected to the network Checks out a license from the CCU pool as named user license Only available with desktop streaming

27. End user launches app from WI or PN Agent RAD file is downloaded RAD file launches client Application Isolation Environment (AIE) RAD file instructs streaming client to download: Manifest file AIE rules Application executable Pre and post execution scripts Streaming client launches executable according to instructions in manifest file and AIE rules including pre and post execution scripts and registers with the ctxsbx.sys (redirector) Application is available to user Streaming Client requests additional files as required, checking first in the client cache, then if necessary, downloading additional files from the file server What happens on the client side?

28. Virtualization & Streaming Presentation Server 4.5 Provides both : Virtualization is best for all client / server apps, especially if: App requires network connection to function App requires authentication App delivers sensitive information Streaming is best for delivering most desktop apps: Not for remote connectivity solutions Not with limited bandwidth to stream app to client Best when application needs to be used offline Useful to maximize usage of PC computing power

29. AIE Limitations Some compatibility issues that isolation environments do not resolve: Device or Kernel drivers Windows Services Window Class Names or Window Names

30. Demo Time Citrix Presentation Server Application Streaming

31. SpeedScreen Progressive Display for Faster Graphics Performance Extends benefits of Presentation Server to Graphics Applications Picture Archiving and Communication Systems (PACS) Graphical Information Systems (GIS) BI graphics (SAS) 2D image editing Dramatically reduces cost of delivering graphic-intensive apps Lower-bandwidth requirements Deliver to any client device

32. Progressive Display Overview Applications that benefit: CAD / CAM (ex.: AutoCAD) OpenGL based apps (ex.: Catia) OpenGL: API used for 2D and 3D programming Applications that move / manipulate images NOT for static images and multimedia How it was achieved: Changes made to ThinWire (better queuing and tossing, frame based) Adding new policies to increase compression during movement

33. New Policies

34. New Policies SpeedScreen Progressive Display: Enhances interactivity of dynamic images Looses quality during movement, but regains it after movement stops Improves initial download (image regains detail after fully downloaded) Heavyweight compression: Reduces bandwidth without loosing quality Different compression algorithm (more CPU) Only improves Windows clients

35. Demo Time Citrix Presentation Server SpeedScreen Progressive Display

36. Health Monitoring & Recovery for Enhanced Reliability Continuously checks server health and initiates automatic server recovery operations Citrix XML and IMA Services, Logon monitor, Terminal Services Failure triggers prescriptive action Alert Only (Default) Remove Server From Load Balance Tables Shutdown IMA service Restart IMA Service Reboot Server

37. Farm Properties

38. Server Properties

39. Issues NOT addressed SSL Relay bad certificate test SG authentication test Queued ASP Requests on the IIS WI server AAC Authentication test IMA slowness to enumerate user permissions End user client cannot obtain a valid Citrix license No ICA listener test

40. Load Throttling for Higher Availability Relieves new-connection bottlenecks and improves user logon experience Automatic, no configuration How it works Biases server load on first logon Other logons biased but less than previous When logons complete load normalizes

41. Configuration Logging for Availability and Simplified Administration Provides an audit trail of all administrators making changes to your deployment All administrative changes logged in centralized database (user, date, item, operation) Sources include: Access Management Console Presentation Server Console Command-line utilities Tools custom built with MFCOM

42. Report Sample

43. Logged Information Logon / Logoff from the Management Consoles Application Publishing Tasks Policy Tasks Printer and Printer Driver Mgmt Tasks Server / Farm Property Configuration Tasks CPS Administrator Configuration Tasks LM, IM, and RM Tasks Server Install, Uninstall and Chfarm operations

44. Backwards Compatibility Only supported in a full CPS 4.5 farm Farm-wide setting Not supported in mixed farms No IMA Encryption Security issue Reports can only be generated with new 4.5 AMC

45. Microsoft Management Console Support` Plug-in to the MMC Was: Access Suite Console Now: Access Management Console Most settings now in Access Management Console Still configured in CMC: Printing Policies Load Manager Installation Manager

46. Still in Presentation Server Console Management of zones in a farm Management server farm using: Resource Manager (including creating of reports with RM) Installation Manager Load Manager Network Manager Creation and modification of Isolation Environments Creation of Load Evaluators Creation of Policies for users’ connections Setup and Management of Printers

47. Access Management Console Integration Moved to Access Management Console: Most Farm and Server settings, e.g.: Memory/CPU Optimization VIP Connection settings SpeedScreen Content Redirection Session Reliability Application Publishing Assigning Load Evaluators Resource Management Server Metrics

48. Server Screens ported to the Access Management Console Set Presentation Server edition / version Update file types from registry Launch ICA Session Remove server from farm Modify server properties

49. Exporting Application Settings to a File

50. Exporting a Batch of Applications

51. Importing Application Settings from a File

52. Web Interface Support for ADFS Expands Security and Control ADFS support for Windows Server 2003 R2 Active Directory Federation Services (ADFS) Enables application delivery to partners Extends Active Directory to internet-facing Web apps

53. ADFS Support for Web Interface (cont’d) When creating Web Interface site, ADFS integration can be configured

54. Typical Citrix Federation Deployment Citrix Web Interface ties to the federation server Federation token converted to Kerberos ticket in web agent

55. Windows 10.x Clients New Features New OS support Enhanced proxy detection support PN Agent backup URL support Non-administrator client installation Trusted server configuration AES for TLS 32-bit color icon support

56. New OS Support The clients for Windows now also support the following operating systems: Windows XP (x64 edition) Windows XP Embedded Windows Fundamentals for Legacy PCs (Eiger) Windows Vista (CTX112067) Non supported OS for 10.X clients (still supported with 9.x) Windows 9.x Windows ME

57. Enhanced Proxy Support Automatically find a proxy server No need to manually specify as in previous versions

58. Enhanced Proxy Support Uses Web Proxy Auto Detection (WPAD) If proxy and direct connections available Behaves same way as IE First tries proxy, then direct connection

59. PNAgent Backup URL List of back up addresses added in WI Sent to client in config.xml every time successfully connects

60. ICA Client Lock Down Citrix Provided Template “icaclient.adm” Located in \Program Files\Citrix\Ica client\configuration Located in an extracted “icaweb.cab” file Includes >20 Citrix specific Group Policy rules Configuration in the WIN32 client is now maintained in the registry (and not just .INI files such as apprsv.ini., module.ini etc..) HKLM or HKCU\ SOFTWARE\ Citrix\ ICA Client\ Engine\ Configuration\ Advanced\

61. ICA Client Lock Down If YOU want to create YOUR own GPO Template: CTX107102 (INI reference guide) Direct registry manipulation not supported

62. Group Policy Rules GPO settings work with ICA Client 10.x Any version of Presentation Server Instead of changing .ini files, a change can be implemented using GPO

63. Group Policy Rules ICA Client Administrator’s Guide Explains only how to add the GPO template Additional Information located in the “Explain” section of each rule

64. Trusted Server Configuration GPO setting used to prevent the ICA Client from making connections to servers that are not in the Trusted sites list All servers must be “Trusted” in order for the ICA Client to connect

65. Trusted Server Configuration Allows connections to Presentation Servers listed in the Windows “Intranet” or “Trusted sites” zones only Need to add the names of every Presentation Server that the user will need to access Web Interface customers would specify the FQDN of the Secure Gateway server or Access Gateway appliance Version of Presentation Server does not matter ICA Client 10.x and above

66. Trusted Server Configuration “Trusted sites” can be preconfigured using GPO rule or in IE properties CPS, AG, or SG cannot connect unless part of the Trusted sites list http(s)://<ServerNameToTrust>

67. If CPS server is not listed, when a connection is attempted the following error is received: Server needs to be added to Trusted sites list to resolve error Check the “Explain” tab of rule for further troubleshooting information Trusted Server Configuration

68. Non-Administrator Client Install for Higher Availability from Any Device Users can access applications using any device including Kiosks and locked-down PCs IT can deliver applications without compromising PC security and control

69. Non-admin Install Users without admin rights can install client If no administrator rights installer will install Non-admin version Installs only Web Client No Single sign on Each user must install own copy

70. Non-admin Install

71. Non-admin Install Installed on: %USERPROFILE%\Application Data\ Registry: HKEY_CURRENT_USER\Software\Citrix DisableUserInstalls in group policy must be set to 0 No option to create package with just Non admin client Must use ica32pkg.msi and let it detect

72. Advanced Encryption Standard (AES) Support Support for latest encryption standard by adding AES ciphersuites to OpenSSL SDK (AES-128 and AES-256) New OpenSSL SDK will replace existing SSL SDKs currently in the relevant Citrix products Win32 Client Linux Client SSL Relay JAVA Client (not through new SDK) Support only available in Access Gateway (no support for Secure Gateway)

73. Maximize Return on IT Investments by Leveraging the 64-bit Platform

74. Universal SSL VPN Gateway for Secure Remote Access The only purpose-built secure remote access solution for Presentation Server Enables full VPN access to specified users Quick and easy to deploy – configure as an “integrated secure gateway” Transparent to users – no client updates, same logon

75. Universal SSL VPN with SmartAccess™ for Expanded Security and Control Set policy-based access to published applications, virtual channels, and documents Sense and respond to user access scenarios based on IT-configured policies

76. Universal SSL VPN Gateway Pick your appliance

77. Password Management for Strongest Application Security Improve application security Isolated authentication minimizes risk of password theft Automated password changes avoid password loss Password policy controls maintain password strength Authentication events logging improves visibility Simplify application access One logon reduces complexity Self-service reset and unlock reduces help-desk calls

78. Thank YOU for attention! [email protected]

  • Login