Learning the Basics of Citrix XenApp 5 for Windows Server 2008 (Part 6 of 7)
If you would like to read the other parts in this article series, please go to:
- Learning the Basics of XenApp 5 for Windows Server 2008 (Part 1)
- Learning the Basics of XenApp 5 for Windows Server 2008 (Part 2)
- Learning the Basics of XenApp 5 for Windows Server 2008 (Part 3)
- Learning the Basics of XenApp 5 for Windows Server 2008 (Part 4)
- Learning the Basics of XenApp 5 for Windows Server 2008 (Part 5)
- Learning the Basics of XenApp 5 for Windows Server 2008 (Part 7)
In Part 5 of this series, you learned how to find hotfixes and updates for XenApp 5 for Windows Server 2008 and tell if a hotfix applies to your farm.
In Part 6, you will learn to create a Web Interface site and do basic configuration of that site to allow users access.
At the end of Part 5, you were at the server’s desktop.
To start the Access Management Console (AMC), click Start -> All Programs -> Citrix -> Management Consoles -> Access Management Console.
The first time you start the Access Management Console, the Configure and Run Discovery process starts. This process discovers all the Citrix Products, Components, XenApp Servers and Web Interface sites that are installed on this server. Click Next.
In a Best Practice scenario, the Web Interface component would be installed on a separate server in the DMZ. In that case, on the XenApp server, you would uncheck to discover Web Interface sites. Then on the Web Interface server, you would uncheck discovering Presentation Servers. For this article series, you are not using Password Manager, so uncheck Password Manager. Click Next.
The Configuration Servers screen is used to discover Web Interface Configuration Servers. Configuration Servers are an attempt by Citrix to ease the deployment of multiple Web Interface servers so that all sites maintain the same configuration. This central Configuration Server, while a good idea, rarely worked and was hard for Citrix to support. In XenApp 5 for Windows Server 2008, and all future versions of XenApp, the Configuration Server has been removed. Since this article is using only one server, click Next to accept the default of Discover sites installed on this computer.
Click Add Local Computer.
For your production Farm, you would then click the Add button and add every server in your Farm you wanted to manage from this XenApp server.
You are now at the Citrix Access Management Console (AMC).
There are three ways to accomplish the same task in the AMC:
- Right-click an item and select an action
- Click the AMC Action menu and select an action
- Click an Action in the middle column of the AMC in either the Common Tasks or Other Tasks areas.
You will use the last of these methods in this article.
Click Web Interface in the left column under Citrix Resources -> Configuration Tools and then click Create site in the middle column under Common Tasks.
The Create Site wizard starts. Click Next to accept the default of XenApp Web.
The XenApp Services site is what is created to use the XenApp plugin (formerly known as the Program Neighborhood Agent client).
Click Next on the Specify IIS Location screen.
You can create separate IIS sites, for example, to have different sites for Internal and External users. With different sites you can configure different authentications methods. Users internal to your network can enter their username and password but you can require external users to use Smart Cards, Two Factor Authentication or one of several other authentication methods.
If you create separate IIS sites, you would enter their paths in the Path box.
In a Best Practice scenario where Web Interface is installed on a separate server, you would check the box for Set as the default page for the IIS site. Since you have both the License Management Console and Web Interface installed on the same server you must not check that box. Doing so will break the License Management Console.
Next is the Specify Point of Authentication. There are five options:
- At Web Interface
- At Microsoft AD FS account partner
- At Access Gateway
- At third party using Kerberos
- At Web server
The default is At Web Interface. The five screen shots explain the options better than I can. Click Next to accept the default of At Web Interface.
Click Next on the Confirm Settings screen.
Make sure Configure this site now is checked. Click Next.
Change the Farm name from Farm1 to Learning and then click the Add… button.
Enter CITRIXONE for the server name and click OK.
In Part 4, you selected to share the XML Service Port between IIS and the XML Service. If the port number had been changed during install, or from the command line after installation, you would enter the new port number here.
This information is taken from the Web Interface Administrator’s Guide for Web Interface 5.0.1 pages 63 and 64.
You can configure the following authentication methods for the Web Interface:
Explicit. Users are required to log on by supplying a user name and password. User principal names, Microsoft domain-based authentication and Novell Directory Service are available. For XenApp Web sites, RSA SecurID and SafeWord authentication are also available.
Pass-through. Users can authenticate using the credentials they provided when they logged on to their Windows desktop. Users do not need to reenter their credentials and their resource set appears automatically. Additionally, you can use Kerberos authentication to connect to servers. If you specify the Kerberos authentication option and Kerberos fails, pass-through authentication also fails and users cannot log on.
Pass-through with smartcard. Users can authenticate by inserting a smart card into a smart card reader attached to the client device. Citrix XenApp prompts users for their smart card PIN when they log on to the client device. After logging on, users can access their published applications and content without further logon prompts. Users connecting to XenApp Web sites are not prompted for a PIN.
Smart card. Users can authenticate using a smart card. The user is prompted for a PIN.
Anonymous. Anonymous users can log on without supplying a user name and password and access resources published for anonymous users on the server.
Click Next to accept the default of Explicit.
When users go to the Web Interface site, they will need to enter a user name, password and a domain name. You may not want your users having to know or remember the domain name. You can pre fill-in the domain name to keep users from having to know this information. For this article, you will enter the domain name, which is the server name, of CITRIXONE.
Click Restrict domains to the following click the Add button.
Enter CITRIXONE for the logon domain name and click OK.
With Web Interface 5.0.1, you have the option of using a Minimal or Full user interface. Click Full and then click Next.
For this article series, you are not using streamed applications. Click Next to accept the default of Remote.
Click Finish on the Confirm Settings screen.
You are now back at the AMC with your Web Interface site created. Click the “+” next to Web Interface.
You now see your Web Interface site. Since this is not the default site for IIS you, and your users, will have to enter the entire site URL of http://CitrixONE/Citrix/XenApp.
The Create Site wizard has completed the basic configuration. Now you need to test whether your site will load and display the log on page.
Start Internet Explorer and go to http://CitrixONE/Citrix/XenApp.
Enter your name and password.
At this point, there are no Published Applications to run. You have verified your site was created, loaded and logged into successfully.
This process took me 3 minutes and 43 seconds. With the times from Parts 2 through 5 the total time is 1 hour 21 minutes and 6 seconds.
You learned to create a Web Interface site and do basic configuration of that site to allow users access. In Part 7, you will create a test user account, learn to publish applications, test access to the published applications from the Web Interface site and to perform other basic XenApp server administrative tasks.