Learning the Basics of Citrix XenApp 5 Feature Pack 3 for Windows Server 2003 and XenServer 5.6 Part 7 of 12
In Part 6, you successfully:
- Extracted the Feature Pack 3 files,
- Upgraded the License Server to 11.6.1 build 10007,
- Updated the Java Runtime Environment,
- Backed up the data store,
- Installed the Microsoft Visual C++ 2005 SP1 Redistributable Package, and then
- Installed Hotfix Rollup Pack 6
In this Part, you will upgrade Web Interface, learn to create a Web Interface site and do basic configuration of that site to allow users access.
Upgrade Web Interface
At the end of Part 6, you were at the server’s desktop. Before creating a Web Interface site Web Interface needs to be upgraded. Web Interface 5.2 was installed with Feature Pack 2 and version 5.3 is available with Feature Pack 3.
Click Start -> Run, type in c:\fp3\Web Interface\WebInterface.exe and press Enter (Figure 7-1).
Select a language and click OK (Figure 7-2).
Click Next (Figure 7-3).
Select I accept the license agreement and click Next (Figure 7-4).
Accept the default destination folder for the Web Interface components. Click Next (Figure 7-5).
To update the client software with the Feature Pack 3 updated clients, select Copy the clients to this computer. Next, browse to c:\fp3\Citrix Receiver and Plug-ins\ and click Next (Figure 7-6).
Click Next to begin the installation (Figure 7-7).
Click Finish (Figure 7-8).
Note: It may take a minute or two before the post-installation process completes.
Create a Web Interface Site
To start Citrix Web Interface Management, click Start -> All Programs -> Citrix -> Management Consoles -> Citrix Web Interface Management (Figure 7-9).
You are now at the Citrix Web Interface Management Console (Figure 7-10).
There are three methods to accomplish the same task in the Console:
- Right-click an item and select an action.
- Click the Action menu and select an action.
- Click an Action in the right Actions column.
You will use the last of these methods in this Part.
Click XenApp Web Sites in the left column and click Create site in the Actions column (Figure 7-11).
The Create Site wizard starts. Check the box for Set as the default page for the IIS site and click Next (Figure 7-12).
You can create separate IIS sites, for example, to have different sites for Internal and External users. With different sites you can configure different authentications methods. Users internal to your network can enter their username and password but you can require external users to use Smart Cards, Two Factor Authentication or one of several other authentication methods.
If you create separate IIS sites, you would enter their paths in the Path box.
Point of Authentication
Next is the Specify Point of Authentication. There are five options:
- At Web Interface
- At Microsoft AD FS account partner
- At Access Gateway
- At third party using Kerberos
- At Web server
The default is At Web Interface. The five screen shots explain the five options better than I can (Figures 7-13, 7-14, 7-15, 7-16 and 7-17). Click Next to accept the default of At Web Interface (Figure 7-17).
Click Next on the Confirm Settings for New Site screen (Figure 7-18).
Make sure Configure this site now is checked and click Next (Figure 7-19).
Change the Farm name from Farm1 to Learning and click the Add… button (Figure 7-20).
Note: The Farm name entered here has no relation to the XenApp farm you created in Part 5. Anything can be entered here for the Farm name.
Enter citrixone for the server name and click OK (Figure 7-21).
Click Next (Figure 7-22).
Note: In Part 5, you selected to share the XML Service Port between IIS and the XML Service. If the port number had been changed during installation or from the command line after installation, you would enter the new port number here.
This information is taken from the Citrix online documentation for Web Interface 5.3:
Update February 28, 2015: Citrix has removed the documentation for Web Interface 5.3 from eDocs.
You can configure the following authentication methods for the Web Interface:
- Explicit (XenApp Web sites) or prompt (XenApp Services sites). Users are required to log on by supplying a user name and password. User principal name (UPN), Microsoft domain-based authentication, and Novell Directory Services (NDS) are available. For XenApp Web sites, RSA SecurID and SafeWord authentication are also available.
Note: Novell authentication is not available with Web Interface for Java Application Servers and is not supported by XenApp 6.0, XenApp 5.0 for Windows Server 2008, or XenDesktop. However, XenApp 6.0 is compatible with Novell Domain Services for Windows.
- Pass-through. Users can authenticate using the credentials they provided when they logged on to their physical Windows desktop. Users do not need to reenter their credentials and their resource set appears automatically. Additionally, you can use Kerberos integrated Windows authentication to connect to server farms. If you specify the Kerberos authentication option and Kerberos fails, pass-through authentication also fails and users cannot log on. For more information about Kerberos, see XenApp Administration.
- Pass-through with smart card. Users can authenticate by inserting a smart card in a smart card reader attached to the user device. If users have installed the Citrix online plug-in, they are prompted for their smart card PIN when they log on to the user device. After logging on, users can access their resources without further logon prompts. Users connecting to XenApp Web sites are not prompted for a PIN. If you are configuring a XenApp Services site, you can use Kerberos integrated Windows authentication to connect to the Web Interface, with smart cards used for authentication to the server farm. If you specify the Kerberos authentication option and Kerberos fails, pass-through authentication also fails and users cannot log on. For more information about Kerberos, see XenApp Administration.
Note: Because of the security enhancements introduced in Windows Vista, smart card users running Windows Vista or Windows 7 are required to provide their PINs when they access an application, even if you enable pass-through with smart card authentication.
- Smart card. Users can authenticate using a smart card. The user is prompted for the smart card PIN.
Note: Pass-through, pass-through with smart card, and smart card authentication are not available with Web Interface for Java Application Servers.
- Anonymous. Anonymous users can log on without supplying a user name and password, and access resources published for anonymous users.
Important: Anonymous users can obtain Secure Gateway tickets despite not being authenticated by the Web Interface. Because Secure Gateway relies on the Web Interface issuing tickets only to authenticated users, this compromises one of the security benefits of using Secure Gateway.
Note: XenDesktop does not support anonymous users.
Click Next to accept the default of Explicit (Figure 7-23).
When users go to the Web Interface site, they will need to enter a user name, password and a domain name. You may not want your users having to know or remember the domain name. You can pre fill-in the domain name to keep users from having to know this information. For this article, you will enter the domain name, which is the server name, of CITRIXONE.
Click Restrict domains to the following and click the Add button (Figure 7-24).
Enter citrixone for the Logon domain name and click OK (Figure 7-25).
Click Next (Figure 7-26).
Click Next to accept the default of Minimal for the Web Interface logon screen appearance (Figure 7-27).
Click Next to accept the default of Online (Figure 7-28).
Click Finish on the Confirm Settings screen (Figure 7-29).
You are now back at the management console with your Web Interface site created (Figure 7-30).
Note: This is an unsecure connection as SSL is not being used. For external access to your published applications, you need to use SSL. The needs and requirements of your organization will dictate whether SSL is used for internal access to published applications.
Test Web Interface Site
The Create Site wizard has completed the basic configuration. Now you need to test whether your site will load and display the logon page.
Start Internet Explorer and go to http://citrixone. Wait for the logon page to display (Figure 7-31).
Enter the Administrator’s name and password and click Log On (Figure 7-32).
Select the checkbox for Download Client and click the Download button (Figure 7-33).
Click Run to install the Citrix Online plug-in –web client (Figure 7-34).
Click Run (Figure 7-35).
Click OK to complete the plugin installation (Figure 7-36).
Click the yellow Information Bar and click Run Add-on (Figure 7-37).
Click Run (Figure 7-38).
The Web Interface Applications tab is displayed (Figure 7-39).
At this point, there are no Published Applications to run. You have verified your site was created, loaded and logged into successfully. Exit Internet Explorer and the Web Interface Management console.
Create Part 7 Snapshot
To create the Snapshot for this Part, right-click the VM and select Take Snapshot… (Figure 7-40).
- Enter a Name,
- Optionally enter a Description,
- Select Quiesce the VM before taking the snapshot, and then
- Click Take Snapshot (Figure 7-41).
Click on the Snapshots tab to see the Snapshot (Figure 7-42).
Click the Console tab to return to the Windows desktop.
Note: On my computer, there are video anomalies when switching from the Snapshot tab to the Console tab. The only way to resolve this issue is to reinstall XenTools after every snapshot is complete.
You learned to upgrade Web Interface, create a Web Interface site and do basic configuration of that site to allow users access. In Part 8, you will:
- Create a test user account,
- Learn to publish applications,
- Test access to the published applications from the Web Interface site, and
- To perform other basic XenApp server administrative tasks.