Learning the Basics of Citrix XenApp 5 for Windows Server 2003 (Part 7 of 7)
This article was updated January 9, 2009.
If you would like to read the other parts in this article series, please go to:
- Learning the Basics of XenApp 5 (Part 1)
- Learning the Basics of XenApp 5 (Part 2)
- Learning the Basics of XenApp 5 (Part 3)
- Learning the Basics of XenApp 5 (Part 4)
- Learning the Basics of XenApp 5 (Part 5)
- Learning the Basics of XenApp 5 (Part 6)
In Part 6 of this 7-part article, you learned how to create a Web Interface site and do basic configuration of that site to allow users access. In Part 7, you will create a test user account, learn to publish applications, test access to the published applications from the Web Interface site and learn basic XenApp server administrative tasks.
When you completed Part 6, you were in the Access Management Console (AMC). The first thing you need to do is create a test user account. Click Start -> Run and type in net user Test P@$$w0rd /add and click OK. This creates a standard user account named Test with a password of P@$$w0rd. Remember from Part 4 that any user account that needs access to any XenApp server must be a member of the Remote Desktop Users security group. Does that mean you need to add this new user account, Test, to the Remote Desktop Users security group? No, you do not. One of the decisions you made in Part 4 was to add the Authenticated Users to Remote Desktop Users. Any user account that successfully authenticates with Windows is automatically placed in Remote Desktop Users and has the necessary security privileges.
You will now learn to publish the Notepad text editor. Click the “+” sign next to your farm name, Learning, which is in the left column of the AMC.
Note: Applications is actually a folder and you can create sub-folders to segregate various applications. For example, you could have underneath Applications, folders for Payroll, Accounting, Graphics, Intranet, Microsoft Office, etc. Sub-folders can have sub-folders. How many sub-folder levels can you create? In my testing, I stopped once I reached a sub-folder depth of 16 levels.
In the middle column, under Common Tasks, click New, then Publish application.
The Publish Application wizard starts. Click Next.
Enter Notepad for the display name then click Next.
Note: The Display name must be unique to an Application Folder.
Application description is optional and the wizard will make it the same as the display name if nothing is entered.
Note: If the same Display name is used in another folder then an alphanumeric suffix is added to the Application Description so that the Application Description is unique to the Farm. In my testing, I created two sub-folders, test1 and test2, under Applications. I published Notepad in each folder and then checked their Application Description setting. The original published Notepad in the Applications folder had an Application Description of “Notepad”. The one in the test1 sub-folder had an Application Description of “NotepadA2EA” and the one in the test2 folder was “Notepad102E”. Why is this important? If you publish three versions of Notepad and all three have the same display name, how does the server know which one to run when a user clicks the Notepad icon in the Web Interface? Simple, it browses on the Application Description – not the Display Name. The Display Name is the name displayed to the user and to you in the AMC. The internal processes of the Farm and Data Store use the Application Description.
There are three types of applications you can publish for your users:
- The server’s desktop, so that users can access all of the resources available on the server. Citrix recommends that you not publish server desktops unless they are sufficiently locked down so that users cannot access sensitive areas of the operating system.
- Content such as documents, spreadsheets, Web pages, media files and URLs.
- Applications installed on XenApp servers.
Click Next to accept the default of Application Accessed from a server.
When entering the command line for an application, you can either type in the full command line or browse to the executable. Click Browse.
Note: If the full path to the program executable contains spaces then you must put double quotes around the command line. For example, you want to publish the Access Management Console for your Farm Administrators. The command line would be “C:\Program Files\Common Files\Citrix\Access Management Console – Framework\CmiLaunch.exe”. The Working Directory does not need the double quotes.
Note: Isolate application has been removed in XenApp 5 for Server 2008. Citrix recommends that application streaming be used instead of Application Isolation Environments.
Scroll down to and double-click System32.
Scroll down to and double-click notepad.exe and click OK.
The Servers screen allows you to select which XenApp server(s) will serve this Published Application.
One common misconception an Accidental Citrix Admin may have is to believe that every XenApp server must have the same applications installed. It is possible to have five XenApp servers each with one installed application. Citrix terms this an Application Silo. This may be necessary for a processor or graphics intensive application or a badly written application that is business critical. One example of a badly written application is one that requires a specific version of a DLL and crashes if another version exists on the server. Microsoft calls this DLL Hell.
You may also decide to not add a server at this time. Doing so marks this application as disabled. This prevents users from seeing it on the Web Interface.
You can also Import a list of servers from an XML file with a “.asl” file extension. You will learn about that type of file later in this article.
Click the Add button.
Select Servers will show you all the XenApp servers in your Farm. You use the standard Windows selection process to select your server(s).
Double-click CITRIXONE and click OK.
Citrix Best Practice is to control access to Published Applications with Security Groups and not individual users. For this article, our users are in the Users group. Click the Add button.
Note: If you have a large Directory structure, you can click the Add List of Names button and enter a semicolon separated list of names in the format domain\username. To manually enter your Users security group, you would click the Add List of Names button and type in CitrixONE\Users.
Scroll down and double-click Users.
On the Shortcut Presentation dialog, you can change the application’s icon and select a location where to place a shortcut to the application.
There is one annoying default setting you need to change. By default every application will play the Windows startup sound when it is launched. I recommend disabling this “feature”.
Check Configure advanced application settings now and click Next.
Advanced Access Control is beyond the scope of this article.
For this article, you are not using a XenApp Services site or the Program Neighborhood Agent. Content redirection from client to server is available only for users connecting with the Program Neighborhood Agent. When a file type is selected here, the registry on the client’s device gets updated so that the Published Application is run. If you select the “.txt” file type, then on the client, any file with the extension “.txt” is opened with this Published Application and not an application on the client’s device.
You can use the Limits dialog to help enforce license restrictions and how many copies of a Published Application a user may run at one time. For example, you have a license for five copies of Photoshop. You could check to Limit instances allowed to run in server farm and change the number to 5. XenApp will now only allow five instances of Photoshop to run on all XenApp servers in the farm. Even if you had Photoshop installed on ten XenApp servers, the sixth user who attempted to launch Photoshop would be denied.
It is also possible that one user could launch five instances of Photoshop. To prevent this, you can limit how many instances of an application a user can launch.
Note: Enabling either or both of these options can have a negative impact on application performance. As an extreme example, say you had 50 XenApp servers in your farm and were serving 100 users per server. That would give you 5,000 users in your environment. Every time a user attempted to launch Photoshop, the Data Collector would have to collect data on all 50 servers and 5,000 users to determine how many instances of Photoshop were running in the farm and if the user exceeded their instance allowance. Imagine the network and application performance impact this would have if everyone attempted to log in to the Web Interface and launch Photoshop between 8AM and 8:15AM!
CPU priority level is used for the new Preferential Load Balancing which is available only on XenApp 5 for Server 2008 – Platinum Edition. This allows for preferential treatment for users and applications. In our Microsoft Word example, you could make sure the company executives could use Microsoft Word without performance worries. You would create this Published Application and only allow the Executive security group access, set the CPU priority level to high and set the corresponding Citrix Policy so the Executive security group was also a high priority. Once both items have been set, your Executives would never have to worry about the performance of Microsoft Word.
Uncheck the box Enable legacy audio to remove all Windows sounds from this Published Application and click Next.
What if you need audio for the application but don’t want the Windows startup sound? The sounds the user receives are the sounds set on each XenApp server. You would need to go to Control Panel -> Sounds and Audio Devices -> Sounds and select Start Windows in Program Events and change the sound to “none”. This would need to be done on every XenApp server hosting the application.
You can also set encryption levels. For this instance of Notepad you can keep the default encryption level of Basic. For a Payroll or HR application you may want to set the encryption level to 128-Bit (RC-5).
If the application needs printers prior to starting, uncheck the box. Otherwise, leave this box checked to speedup application launching.
You can set the windows size of the application, its color depth, hide the title bar and maximize the application when it starts.
Click Finish to accept all the defaults.
You are back at the AMC. Click the “+” next to Applications.
You see your new Notepad published application.
Now that you have been taught how to publish an application, it is your exercise to publish Microsoft Paint. The executable is MSPaint.exe located in the same folder as that of notepad.exe. Use a Display Name of Paint, all other settings will be the same as what you just learned with Notepad.
When you are done, your AMC should look like:
You are now ready to test accessing these two applications with a standard user account. Start Internet Explorer and go to http://CitrixONE/Citrix/XenApp.
Log in using user Test with password P@$$w0rd and click the Log In button.
Your Test user now has access to the two Published Applications.
Click the Notepad icon to launch Notepad.
The Client File Security popup appears. For a full explanation of Client File Security, please see this article.
Click Full Access and Never ask me again and then click OK.
Move Notepad to where you can see the Paint icon and click the Paint icon. The Paint application will now appear.
Both Paint and Notepad are successfully running.
You have successfully tested two Published Applications with a standard Windows user.
Exit Paint and Notepad and click Log Off and exit Internet Explorer.
There are a few basic Farm administrative tasks that The Accidental Citrix Admin needs to do to ease Farm maintenance and to aid for when disaster strikes.
- Backup IIS
- Backup your Data Store
- Backup your Web Interface sites
- Backup your Published Applications
First you need to create a folder to contain all the files you need to backup.
Click Start -> Run, type in CMD and click OK.
Type in md c:\ctxbackup and press Enter. This will make a folder to contain the files we need to backup.
Type in cd c:\ctxbackup and press Enter.
You command prompt should say c:\ctxbackup>
To backup IIS:
Type in cscript //h:cscript and press Enter. This sets the default script host for VBScript files to cscript.exe.
Type in iisback /backup and press Enter. This will back up the IIS Metabase and Schema to c:\windows\system32\inetsrv\metaback.
Type in copy c:\windows\system32\inetsrv\metaback and press Enter. This copies the iisback backup files to the c:\ctxbackup folder.
To backup the Data Store:
Type in dsmaint backup c:\ctxbackup and press Enter. This backs up the Access Data Store only.
Minimize the command Window.
To backup the Web Interface site:
In the AMC, click your Web Interface site, http://CitrixONE/Citrix/XenApp, in the left column and then click Export configuration in the middle column in the Other Tasks area.
Save the file to the c:\ctxbackup folder and click Save.
Note: If you have multiple Web Interface sites, you will need to Export each site.
Note: If you have multiple Web Interface sites, you can change the name of the file. If you have two sites named Internal and External, you can, for example, name the files Internal.conf and External.conf.
To backup Published Applications:
Click a Published Application in the left column, then in the middle column in the Other Tasks section, click Export Application settings to a file and then click Entire Application. Save the file to the c:\ctxbackup folder and click Save.
You will need to repeat this for every Published Application.
You will notice that one of the options for the Export is “Server List Only”. This will generate the XML file with the “.asl” extension you can use to import a list of servers when publishing an application.
Hint: You can back all your applications to one file. Click Applications in the left column, then in the right column, in the Application area, you can use the Windows selection methods to select applications to include in the backup file. Once your applications are selected, right-click one of the applications, click All Tasks, click Export application settings to a file and then click Entire Application. The default filename is the name of the first selected application in the list of applications. Be sure to change the name to one that makes sense for your backup scheme.
Restore your command window, type dir and press Enter. You should see all the files you need to include in your backup procedures.
In this section, you have created a test user account, learned to publish applications, tested access to the published applications from the Web Interface site and learned to perform basic XenApp server administrative tasks. This process took me 10 minutes and 25 seconds. The total time for Parts 2 through 7 is 2 hours 2 minutes and 17 seconds. So roughly 2 hours to go from creating a Virtual Machine to testing access to Published Applications and learning a few basic Farm Administrative tasks.
You have now learned how to complete all the goals set out for you in this 7-part series. You have:
- Created your MyCitrix.com account
- Requested your evaluation license code
- Downloaded your product license file
- Downloaded XenApp 5 for Server 2003 and the XenApp 5 Components
- Learned to install Windows Server 2003 R2 x86
- Installed the prerequisites for XenApp 5 for Server 2003, Web Interface and the Citrix License Management Console
- Updated Windows Server 2003 R2 x86
- Learned to install XenApp 5 for Server 2003
- Learned how to update XenApp 5 for Server 2003
- Learned how to create a Web Interface site and set basic configuration settings
- Created a test user account
- Learned how to publish applications
- Tested access to the published applications
- Learned basic XenApp farm maintenance procedures
If there is anything else you would like covered please send an e-mail to firstname.lastname@example.org