Learning the Basics of Citrix XenApp 5 for Windows Server 2003 and XenServer 5.5 (Part 8 of 10)
In Part 7 of this 10-part series, you learned how to create a Web Interface site and do basic configuration of that site to allow users access. In Part 8, you will create a test user account, learn to publish applications, test access to the published applications from the Web Interface site and learn basic XenApp server administrative tasks.
When you completed Part 7, you were at the server’s desktop. The first thing you need to do is create a test user account. Click Start -> Run and type in net user Test P@$$w0rd /add and click OK (Figure 1).
This creates a standard user account named Test with a password of P@$$w0rd. Remember from Part 5 that any user account that needs access to any XenApp server must be a member of the Remote Desktop Users security group. Does that mean you need to add this new user account, Test, to the Remote Desktop Users security group? No, you do not. One of the decisions you made in Part 5 was to add the Authenticated Users to Remote Desktop Users. Any user account that successfully authenticates with Windows is automatically placed in Remote Desktop Users and has the necessary security privileges.
You will now learn to publish the Notepad text editor. First, the Delivery Services Console (DSC) needs to be started.
Click Start -> All Programs -> Citrix -> Management Consoles -> Delivery Services Console (Figure 2).
Click the “+” sign next to your farm name, Learning, which is in the left column of the DSC (Figure 3).
Click Applications (Figure 4).
Note: Applications is actually a folder and you can create sub-folders to segregate various applications. For example, you could have underneath Applications, folders for Payroll, Accounting, Graphics, Intranet, Microsoft Office, etc. Sub-folders can have sub-folders. How many sub-folder levels can you create? In my testing, I stopped once I reached a sub-folder depth of 16 levels.
There are three methods to accomplish the same task in the DSC:
1. Right-click an item and select an action
2. Click the DSC Action menu and select an action
3. Click an Action in the middle column of the DSC in either the Common Tasks or Other Tasks areas.
You will use the last of these methods in this article.
In the middle column, under Common Tasks, click New, then Publish application (Figure 5).
The Publish Application wizard starts. Click Next (Figure 6).
Enter Notepad for the display name then click Next (Figure 7).
Note: The Display name must be unique for all published application within an Application Folder.
Application description is optional and the wizard will make it the same as the display name if nothing is entered.
Note: If the same Display name is used in another folder then an alphanumeric suffix is added to the Application Description so that the Application Description is unique to the Farm. In my testing, I created two sub-folders, test1 and test2, under Applications. I published Notepad in each folder and then checked their Application Description setting. The original published Notepad in the Applications folder had an Application Description of “Notepad”. The one in the test1 sub-folder had an Application Description of “NotepadA2EA” and the one in the test2 folder was “Notepad102E”. Why is this important? If you publish three versions of Notepad and all three have the same display name, how does the server know which one to run when a user clicks the Notepad icon in the Web Interface? Simple, it browses on the Application Description – not the Display Name. The Display Name is the name displayed to the user and to you in the DSC. The internal processes of the Farm and Data Store use the Application Description.
There are three types of applications you can publish for your users:
1. The server’s desktop, so that users can access all of the resources available on the server. Citrix recommends that you not publish server desktops unless they are sufficiently locked down so that users cannot access sensitive areas of the operating system.
2. Content such as documents, spreadsheets, Web pages, media files and URLs.
3. Applications installed on XenApp servers or streamed from a file share or web server.
Click Next to accept the default of Application Accessed from a server (Figure 8).
When entering the command line for an application, you can either type in the full command line or browse to the executable. Click Browse (Figure 9).
Note: If the full path to the program executable contains spaces then you must put double quotes around the command line. For example, you want to publish the Access Management Console for your Farm Administrators. The command line would be “C:\Program Files\Common Files\Citrix\Access Management Console – Framework\CmiLaunch.exe”. The Working Directory does not need the double quotes.
Note: Isolate application has been removed in XenApp 5 for Server 2008. Citrix recommends that application streaming be used instead of Application Isolation Environments.
Double-click C: (Figure 10).
Double-click Windows (Figure 11).
Scroll down to and double-click System32 (Figure 12).
Scroll down to and double-click notepad.exe and click OK (Figure 13).
Click Next (Figure 14).
The Servers screen allows you to select which XenApp server(s) will serve this Published Application.
One common misconception an Accidental Citrix Admin may have is to believe that every XenApp server must have the same applications installed. It is possible to have five XenApp servers each with one installed application. Citrix terms this an Application Silo. This may be necessary for a processor or graphics intensive application or a badly written application that is business critical. One example of a badly written application is one that requires a specific version of a DLL and crashes if another version exists on the server. Microsoft calls this DLL Hell.
You may also decide to not add a server at this time. Doing so marks this application as disabled. This prevents users from seeing it on the Web Interface.
You can also Import a list of servers from an XML file with a “.asl” file extension. You will learn about that type of file later in this article.
Click the Add button (Figure 15).
Select Servers will show you all the XenApp servers in your Farm. You use the standard Windows selection process to select your server(s).
Double-click CITRIXONE and click OK (Figure 16).
Click Next (Figure 17).
Citrix Best Practice is to control access to Published Applications with Security Groups and not individual users. For this article, our users are in the Users group. Click the Add button (Figure 18).
Double-click CITRIXONE (Figure 19).
Note: If you have a large Directory structure, you can click the Add List of Names button and enter a semicolon separated list of names in the format domain\username. To manually enter your Users security group, you would click the Add List of Names button and type in CitrixONE\Users.
Scroll down and double-click Users (Figure 20).
Click OK (Figure 21).
Click Next (Figure 22).
On the Shortcut Presentation dialog, you can change the application’s icon and select a location where to place a shortcut to the application.
Click Next (Figure 23).
There is one annoying default setting you need to change. By default every application will play the Windows startup sound when it is launched. I recommend disabling this “feature”.
Check Configure advanced application settings now and click Next (Figure 24).
Advanced Access Control is beyond the scope of this article.
Click Next (Figure 25).
For this article, you are not using a XenApp Services site. Content redirection from client to server is available only for users connecting with the Citrix online or offline plug-ins. When a file type is selected here, the registry on the client’s device gets updated so that the Published Application is run. If you select the “.txt” file type, then on the client, any file with the extension “.txt” is opened with this Published Application and not an application on the client’s device.
Click Next (Figure 26).
You can use the Limits dialog to help enforce license restrictions and how many copies of a Published Application a user may run at one time. For example, you have a license for five copies of Photoshop. You could check to Limit instances allowed to run in server farm and change the number to 5. XenApp will now only allow five instances of Photoshop to run on all XenApp servers in the farm. Even if you had Photoshop installed on ten XenApp servers, the sixth user who attempted to launch Photoshop would be denied.
It is also possible that one user could launch five instances of Photoshop. To prevent this, you can limit how many instances of an application a user can launch.
Note: Enabling either or both of these options can have a negative impact on application performance. As an extreme example, say you had 50 XenApp servers in your farm and were serving 100 users per server. That would give you 5,000 users in your environment. Every time a user attempted to launch Photoshop, the Data Collector would have to collect data on all 50 servers and 5,000 users to determine how many instances of Photoshop were running in the farm and if the user exceeded their instance allowance. Imagine the network and application performance impact this would have if everyone attempted to log in to the Web Interface and launch Photoshop between 8AM and 8:15AM!
CPU priority level is used for the new Preferential Load Balancing which is available only on XenApp 5 for Server 2008 – Platinum Edition. This allows for preferential treatment for users and applications. In our Microsoft Word example, you could make sure the company executives could use Microsoft Word without performance worries. You would create this Published Application and only allow the Executive security group access, set the CPU priority level to high and set the corresponding Citrix Policy so the Executive security group was also a high priority. Once both items have been set, your Executives would never have to worry about the performance of Microsoft Word.
Click Next (Figure 27).
Uncheck the box Enable legacy audio to remove all Windows sounds from this Published Application and click Next (Figure 28).
What if you need audio for the application but don’t want the Windows startup sound? The sounds the user receives are the sounds set on each XenApp server. You would need to go to Control Panel -> Sounds and Audio Devices -> Sounds and select Start Windows in Program Events and change the sound to “none”. This would need to be done on every XenApp server hosting the application.
You can also set encryption levels. For this instance of Notepad you can keep the default encryption level of Basic. For a Payroll or HR application you may want to set the encryption level to 128-Bit (RC-5).
If the application needs printers prior to starting, uncheck the box. Otherwise, leave this box checked to speedup application launching.
You can set the windows size of the application, its color depth, hide the title bar and maximize the application when it starts.
Click Finish to accept all the defaults (Figure 29).
You are back at the DSMC. Click the “+” next to Applications (Figure 30).
You see your new Notepad published application (Figure 31).
Now that you have been taught how to publish an application, it is your exercise to publish Microsoft Paint. The executable is MSPaint.exe located in the same folder as that of notepad.exe. Use a Display Name of Paint, all other settings will be the same as what you just learned with Notepad.
When you are done, your DSC should look like Figure 32.
You are now ready to test accessing these two applications with a standard user account. Start Internet Explorer and go to http://Citrixone/Citrix/XenApp.
Log in using user Test with password P@$$w0rd and click the Log On button (Figure 33).
Your Test user now has access to the two Published Applications (Figure 34).
Click the Notepad icon to launch Notepad.
The Client File Security popup appears. For a full explanation of Client File Security, please see this article.
Click Full Access and Never ask me again and then click OK (Figure 35).
Notepad appears (Figure 36).
Move Notepad to where you can see the Paint icon and click the Paint icon. The Paint application will now appear. Both Paint and Notepad are successfully running (Figure 37).
You have successfully tested two Published Applications with a standard Windows user.
Exit Paint and Notepad and click Log Off and exit Internet Explorer.
There are a few basic Farm administrative tasks that The Accidental Citrix Admin needs to do to ease Farm maintenance and to aid for when disaster strikes.
– Backup IIS
– Backup your Data Store
– Backup your Web Interface sites
– Backup your Published Applications
First you need to create a folder to contain all the files you need to backup.
Click Start -> Run, type in CMD and click OK.
Type in md c:\ctxbackup and press Enter. This will make a folder to contain the files we need to backup.
Type in cd c:\ctxbackup and press Enter.
You command prompt should say c:\ctxbackup>
To backup IIS:
Type in cscript //h:cscript and press Enter. This sets the default script host for VBScript files to cscript.exe.
Type in iisback /backup and press Enter. This will back up the IIS Metabase and Schema to c:\windows\system32\inetsrv\metaback.
Type in copy c:\windows\system32\inetsrv\metaback and press Enter. This copies the iisback backup files to the c:\ctxbackup folder.
To backup the Data Store:
Type in dsmaint backup c:\ctxbackup and press Enter. This backs up the Access Data Store only.
To backup the Web Interface site:
Type in copy c:\inetpub\wwwroot\citrix\xenapp\conf\webinterface.conf and press Enter.
Minimize the command prompt window.
To backup Published Applications:
Click a Published Application in the left column, then in the middle column in the Other Tasks section, click Export Application settings to a file and then click Entire Application (Figure 38).
Save the file to the c:\ctxbackup folder and click Save (Figure 39).
You will need to repeat this for every Published Application.
You will notice that one of the options for the Export is “Server List Only”. This will generate the XML file with the “.asl” extension you can use to import a list of servers when publishing an application.
Hint: You can back all your applications to one file. Click Applications in the left column, then in the right column, in the Application area, you can use the Windows selection methods to select applications to include in the backup file. Once your applications are selected, right-click one of the applications, click All Tasks, click Export application settings to a file and then click Entire Application (Figure 40). The default filename is the name of the first selected application in the list of applications. Be sure to change the name to one that makes sense for your backup scheme.
Restore your command window, type dir and press Enter. You should see all the files you need to include in your backup procedures (Figure 41).
Type exit and press enter to close the command prompt window and also exit the Citrix Delivery Services Console.
In this Part, you have created a test user account, learned to publish applications, tested access to the published applications from the Web Interface site and learned to perform basic XenApp server administrative tasks.
In Part 9 you will learn one way to allow external access to the published applications.