stnemgdelwonk We would like to acknowledge the following people for their kindness and support in making this book possible. Karen Cross, Lance Tilford, Meaghan Cunningham, Kim Wylie, Harry Kirchner, Kevin Votel, Kent Anderson, Frida ,araY Bill Getz, Jon Mayes, John Mesjak, Peg O'Donnell, Sandra Patterson, Betty Redmond, Roy Remer, P.on Shapiro, Patricia ,ylleK Andrea Tetrick, Jennifer Pascal, Doug ,lieKI and David Dahl of Publishers Group West for sharing their incredible marketing experience and expertise. Jacquie Shanahan, AnnHelen Lindeholm, David Burton, Febea Marinetti, and eisoK1 Moss of Elsevier Science for making certain that our vision remains worldwide in scope. Annabel Dent and Paul Barry of Elsevier Science/Harcourt Australia for lla their help. David Buckland, Wendi Wong, Marie Chieng, Lucy Chong, Leslie Lim, Audrey Gan, and Joseph Chan of Transquest Publishers for the enthusiasm with which they receive our books. Kwon Sung June at Acorn Publishing for sih support. Ethan Atkin at Cranbury International for sih help in expanding the Syngress program. Jackie Gross, Gayle ,yecyoV Alexia Penny, Anik Robitaille, Craig Siddall, Darlene Morrow, Iolanda Miller, Jane Mackay, and Marie Skelly at Jackie Gross Associates & for lla their help and enthusiasm representing our product in Canada. Lois Fraser, Connie McMenemy, Shannon Russell and the rest of the great folks ta Jaguar Book Group for their help with distribution of Syngress books in Canada. ntributors Ralph "JJ" Crump (CCNP/CCDP, Citrix CCEA, MCSE, MCNE, Cisco Security Specialist, and Compaq ASE) si a Senior Consulting Engineer for an advanced solutions consulting firm in Atlanta, GA. He provides senior design and technical guidance for major clients focusing on enterprise deployments of thin-client, network, and security solutions. He has worked extensively in enterprise organizations designing and building infrastructure services and spe- cializes in enterprise Citrix solutions, networking design and implementation, and security solutions. He has written several other books on similar topics including Microsoft Windows 2000, Network+, and Citrix CCA. Craig Luchtefeld (MCSE, MCP+I, CCEA, CCNA) si a Senior Network Engineer for STL Technology Partners, a leading information technology systems provider in the Central IUinois region. Craig provides STL clients with network infrastructure planning, implementation, support, and trou- bleshooting. He specializes in server-based computing implementations and has played a key role in several Fortune 500 companies in the Midwest. Craig also contributed to the book CCA Citrix MetaFrame XP for Windows Administrator Study Guide. Chris Broomes (MCSE, MCT, MCP+I, CCNA) si a Senior Network Analyst at Devon IT (www.devonitnet.com). Devon IT si a leading enterprise service provider specializing in voice and data network design, security, and VPN solutions based in King of Prussia, .AP Chris has worked in the IT industry for over nine years at large law firms, universities, and software manu- facturers. He has a wide range of technical experience supporting and designing networks including Novell, DEC Pathworks, and AppleTalk, sa well sa Citrix WinFrame/MetaFrame and Windows NT/2000. Chris si also the President of Infinite Solutions Group, an IT consulting firm specializing in network design, integration and support, and training located in Lansdowne, .AP Chris si currently pursuing a M.S. in Information Science at Penn State University, sa well sa the CCDA, CCNP, and CISSP certifications. He si a member of the International Engineering Consortium. Chris has contributed to several study guides on Windows 2000, sa well sa to the E-mail suriV iiV .. noitcetorP Handbook (Syngress Publishing, ISBN: 1-928994-23-7) and Hack gnifoorP ruoY beW snoitacilppA (Syngress Publishing, ISBN: 1-928994-31-8). Connie Wilson (CAN, MSCE, CCA) si a Senior Network Engineer with GE Capital in a designated "Center of ExceUence" technology site. Currently she has ultimate responsibility for design, implementation, and ongoing oversight of multiple Microsoft and MetaFrame servers supporting national and interna- tional GE divisions. Her specialties are troubleshooting, new product testing, thin client inter-company consulting, and systems optimization. Connie has a broad technology background with 51 years in progressively challenging IT work and a B.S. in Telecommunications. Before joining GE sa an employee, Connie was an IT Consultant for GE, contracted primarily to bring a chroni- yllaC problematic MetaFrame server farm to a high level of reliability. Elias N. Khnaser (CCEA, MCSE, CCNA, CCA, MCP + )I si currently the Citrix Network Engineer for General Growth Properties. General Growth Properties si headquartered in Chicago, IL and si the second largest shopping mall owner and operator in the world, counting over 160 malls worldwide and growing. Elias provides senior-level network design, implementation, and troubleshooting of Citrix and Microsoft technologies for the company. Elias si also a contributing author at Techrepublic.com. Prior to working for General Growth Properties, Elias was a Senior Network Engineer at Solus in Skokie, IL, consulting for companies like Motorola, Prime Group Realty Trust, Black Entertainment Television (BET), Dominick's Corporate, and Total Living Network (TLN Channel 38). Elias would like to acknowledge and thank the magnificent duo of Catherine Nolan and Kate Glennon of Syngress Publishing for their extraor- dinah patience and professionalism: thank you for making this a wonderful experience. Thanks also to Melissa Craft whose attention to the smallest detail was invaluable; to Steve Amidei and Chuck Tomczyk of General Growth Properties for their infinite support; to Stuart Gabel and Nial Keegan of Solus who opened the door of opportunity; to his friend Joseph K. Eshoo for lla his help and encouragement, and to John Sheesley of Techrepublic.com for helping him write better articles. To his friends and family worldwide, this si for you! Finally, Elias would like to dedicate this work to his parents, especially his mother, and to the person that means everything in his life, Nadine Sawaya "Didi", for loving and supporting him. viii !i .............. iiiiiiiiiiiii~ chnical Editor Melissa Craft Melissa Craft (CCNA, MCNE, MCSE, Network+, CNE-3, CNE-4, CNE-GW, CNE-5, CCA) si the Vice President and CIO for Dane Holdings, Inc., a financial services corporation in Phoenix, AZ, where she manages Web development, and the LAN and WAN for the company. During her career, Melissa has focused her expertise on developing enter- prise-wide technology solutions and methodologies focused on chent orga- nizations. These technology solutions touch every part of a system's lifecycle, from assessing the need, determining the return on investment, network design, testing, and implementation to operational management and strategic planning. In 1997, Melissa began writing magazine articles on networking and the information technology industry. In 1998, Syngress hired Melissa to con- tribute to an MCSE certification guide. Since then, Melissa has continued to write about various technology and certification subjects. She si the author of the best-selling Windows Configuring 2000 Active Directory (Syngress Publishing, ISBN: 1-928994-60-1), and Configuring Citrix MetaFramefor Windows 2000 Terminal secivreS (Syngress Pubhshing, ISBN: 1-928944-18-0). Melissa holds a bachelor's degree from the University of Michigan and si a member of the IEEE, the Society of Women Engineers, and American MENSA, Ltd. Melissa currently resides in Glendale, AZ with her family, Dan, Justine, and Taylor. ix chnical Reviewer Thomas Eek (MCSE+I, MCSD, MCDBA, CCA, ASE, CNA, GCA) si a Senior Specialist with Perot Systems Corporation's Financial Services Industry Group. Currently, he si using his diverse background in develop- ment and system administration to manage an engineering/development team at a major global investment bank in the New York metropolitan area. His team develops tools to streamline and automate the bank's administrative and business processes on several Microsoft product platforms, and maintains particular focus on enterprise security, enforcement of business rules within administrative processes, and creating tools to empower users to securely manage their environment without engaging support staff. Thomas has written several books on system administration and development (including a best-selling title on Active Directory Service Interfaces) and writes regularly for Windows & .NET Magazine's Solutions journals on the use of scripting for programmatic administration. ........ .: ::. :::: .. Whenever I browse the: computer:section ata bookstore; I S ~kO~l ~r! Ne SkOOb, ~ ''!iEl liiiii!iii with both the high-level- r~ews and: the: nit~egrit~ det~ ~b6u~ ~he te~hn6i6~ "i!: These types of books are rare:Usuafly ,a book ,deScribes~o~ , at,a ~e~i~, ~',~d~,b~t, li,'i,ii,'~,,; fails to help that newbie get to the next' level with the teehn,io~ O~ :a bo6E ~ b~ mired in q the one th; administer I've w( dialup usei bilities at lt the Citrix host of pro one busine solution, ~a XP si the t Mobili discovered. and a laptc People wri and the Inl Engineers, "in the fie] In man could be lc "touched" data electrc This ~is are very cc gathered :o xxviii Foreword increased the demand for back-end support technologies so that those mobile devices can run high-end applications. But the very thing that makes a mobile device so cheap~ the small size and capacity of the device itself~causes high-end applications to fail. Providing high-end applications to mobile devices si likely to be the next frontier for Citrix MetaFrame XP servers. For network engineers and administrators, being able to design, deploy, and manage a Citrix MetaFrame XP server farm si the realm of the specialist. The product si one that si geared for businesses (and likely will not port to homes unless pervasive computing starts putting toasters and refrigerators on a home network), so it si unusual to find someone who has learned about the technology without having ever worked on a network with it. In addition, Citrix MetaFrame XP servers are usually a small percentage of what you might find on a network, so people with Citrix know-how are sought out for their skills. For an engineer or administrator, Citrix si one of the top skills to have on your r6sum6. In fact, in 2002 CertCities.com rated the Citrix Certified Administrator (CCA) sa number 8 out of 10 hottest certifications to get (http://certcities.com/editorial/ features / st ory. asp E? dito rials ID = 37). A new type of service provider has appeared on the horizon~the application service provider (ASP). The jury si still out on whether ASPs will become major players in the IT industry. There si an argument for them, though. ASPs function somewhat like the power company. Instead of providing your own generator and managing it through all its problems, the power company puts the equipment at your home and sends that power to you sa you need it.You "rent" the power, depending on your usage. In the ASP scenario, the application si provided by a Citrix MetaFrame XP server (or UNIX, or Microsoft Windows 2000 Terminal Services server) and delivered over the Internet to the client device. ASPs either charge a subscription rate for the application or require you to buy the license and charge a management fee for their overhead support costs; a few charge rent for hard drive space. The pricing si not even across the board, and most ASP companies are so brand-new that they don't have a history that people can count on. Most ASPs will not provide you your home equipment, either. Since com- puters are continually falling in price, the cost of owning your own computer and installing applications boils down mostly to support. So the world has yet to see whether ASPs will be the next Internet power generators. Even ,os ASPs have boosted the status of Citrix MetaFrame XP on the market. The inclusion of Terminal Services with all Windows 2000 Server versions si further making remote control technology more common. Riding on the tails of every standard Windows 2000 server, Terminal Services can be installed for remote server management. It won't be long before more administrators become familiar with the possibilities that this technology offers. r .,q www.syngress.com Foreword xxix With Windows XP successfully making headway in the market (yes, Microsoft did meet its numbers!), more users at home and in the office will discover the Remote Desktop and Remote Assistance applications. Both Remote Desktop and Remote Assistance are based on the same protocol used for Terminal Services and provide similar remote control of Windows XP desktops. They even rely on the same Remote Desktop Protocol (tkDP).Who knows where the technology will lead sa people become more and more reliant on it. Citrix MetaFrame XP with Feature Release 1 boasts a few new features. Because it si based on Windows 2000, you can share the latest Windows applications. Not only that, but lla applications that you develop internally for the Windows 2000 platform can be shared to any type of client. This can significantly reduce business development costs, since an application needs to be developed for only one platform, even if multiple plat- forms are in use on the network. The biggest feature that Citrix MetaFrame XP offers si its superior server farm man- agement. A Citrix administrator can configure and manage servers, whether standalone or members of a server farm, from a console anywhere on the network. A bonus si that the Citrix management tools work with high-powered network management solutions, so you can truly manage the network from a single seat. Enhancements make Citrix even easier to integrate into a network. (cid:12)9 Administrators on Novell-centric networks can deliver applications to their clients via Citrix MetaFrame XP, using native NDS authentication and printers. (cid:12)9 For networks that use 32-bit Windows clients, administrators can push applica- tion icons directly to the workstation's Start menu through the Program Neighborhood Agent. (cid:12)9 A Web interface called the Citrix Web Console lets administrators manage Citrix MetaFrame XP servers via intranets or the Internet. (cid:12)9 Even the individual CPUs on a server can be reserved for an application so that mission-critical tasks are kept at the top of the server's priorities. Features like these, on top of the native ease of managing clients, make the latest ver- sion of Citrix MetaFrame XP an administrator's favorite tool. We approached this book with two goals in mind. Not only did we want to provide the information that a person would need to administer a Citrix MetaFrame XP server and server farm, but we also wanted to provide some real-world, function-oriented information. To that end, you will find that earlier chapters are geared toward design, installation, and management of a server and server farm, whereas the later chapters pro- vide the particulars surrounding specific solutions. www.syngress.com xxx Foreword Chapter 1 gives a foundational discussion of the history of Citrix MetaFrame XP, the company, and the technologies MetaFrame comprises. By way of introduction, this chapter shows how Citrix MetaFrame XP and Windows 2000 Server with Terminal Services evOlved sa a cohesive product set. The chapter also discusses businesses' strategies and goals for the technology. Chapter 2 explores the server farm management capabilities of Citrix MetaFrame XP. Not only si the concept of server farms introduced, but so are the methods for designing and managing them. This chapter initiates discussion of the Citrix Management Console (CMC), which si further described throughout the book.You'U find that the CMC si integral to all aspects of a Citrix MetaFrame XP server farm. One of the first uses of Citrix products was remote access. Chapter 3 furnishes in- depth information about designing routing and remote access services OKRAS)for Windows 2000 Servers. It further discusses how to integrate a Citrix MetaFrame XP server with an IKRAS installation. This chapter's material represents one of the essential skills for a Citrix administrator. Chapter 4 si lla about design. It can guide you through the complexities of sizing a server and making the decisions between scaling up a single server or scaling out into a server farm, It tells you where a Citrix MetaFrame XP server should be placed in relation to other servers and clients on the network sa well sa a variety of other design subjects. If you are just starting to put together a Citrix solution, this si where you should start. The processes of installing and migrating to Citrix MetaFrame XP are the topics within Chapter 5.You can find the information you need for any type of Citrix MetaFrame XP deployment project. Not only si a new installation of a server covered, but also a migration from Citrix MetaFrame 1.8. Making certain all your chents are hcensed and properly installed si crucial to a Citrix MetaFrame XP deployment. Chapter 6 goes through lla the essentials regarding licensing, the hardware and software requirements for the chents, installation proce- dures~even automation.You will learn how to deploy a thin client to multiple worksta- tions and ensure that they have identical configurations. Chapter 7 can get you to the point where the server si functional on the network. Simply installing a Citrix MetaFrame XP server will not immediately provide remote control sessions to your end users.You must also configure sessions so that chents can connect to the server. Configuring the server si a never-ending process because no net- work si ever static.You will always have new users or new ways to use the server and new applications that will force you to make some type of configuration change. Chapter 8 goes further into server management, exploring the CMC and its various components. This chapter focuses on the tools needed to manage a server farm. One highly useful section looks at the SpeedScreen Latency Reduction capabilities of Citrix Foreword ixxx MetaFrame XP. For networks with unpredictably slow links, being able to enhance per- formance for end users si a great achievement. For an application server, the main ingredient for success si definitely the applications you install. In Chapter 9, you will learn what types of applications you should select (and a few to avoid), how to install them (yes, there are some special instructions), and how to optimize them. In addition, this chapter will show you how to publish applications and use the Program Neighborhood. With a heightened focus on security in the IT industry, we've included a chapter for security strategies on Citrix MetaFrame XP. Not only does Chapter 10 cover some very sensible approaches to server and farm security, but it also discusses how to encrypt Independent Computing Architecture (ICA) traffic and use Secure Sockets Layer (SSL) when sharing applications across the Web to reduce the possibility of eavesdropping. The final chapters of this book are solution-oriented. Chapter 11 teaches how to design and deploy an application server that supplies applications across the Internet. Printing, which is a sore subject whenever it doesn't work, si fully discussed in Chapter 12. Although wireless protocols are still emerging, Chapter 13 si dedicated to designing a mobile solution using Citrix MetaFrame XP on the back end. Chapter 14 will teach you how to develop a portal solution using Citrix MetaFrame XP with NFuse 1.6, which si freely downloadable from Citrix's Web site at www.citrix.com/download/bin/license.asp?client=nfusereg. Finally, Chapter 15 wraps up the entire book with monitoring and maintenance of the server. I have found working with the authors on this book to be a delight. The authors each contributed his or her unique experiences with Citrix products to the chapters, ftUing the book with invaluable advice. I know from my own experience that the very thing that makes Citrix MetaFrame a great product~its flexibility sa a solution to many different types of problems~is the one thing that requires an administrator to push the limit on his or her skills. I expect you'll find this book to be one of your favorite refer- ences, never far from where your servers sit. ~Melissa ,tfarC lacinhceT Editor dna rotubirtnoC CCA, MCSE, MCNE, CCNA, Network+, CNE-5, CNE-4, CNE-3, CNE-GW CIO, Dane ,sgnidloH .cnI www.syngress.com