| Configure the Web Interface 4.x |
|
|
| Written by Hans Straat, Wednesday, 30 August 2006 | |
IntroductionThis howto will show you how you can configure the Citrix Web Interface 4.x If you haven't created a webinterface yet for MPS4.0 we recommend you read this howto first and configure the web interface We used certain standards to implement it and you can offcourse implement your own standards. This howto is a guide, how you can configure the WI4.x through the gui of the access suite console. You can configure more options but that means another howto
After configuring the web interface for metaframe presentation server 4.0 you may start to wonder were the heck is the client authentication gone. Well it's all located in the Access Suite Console (ASC). Open your ASC and browse to your web site. (if you don't see it use Discover first!). Right click on WebSites and push Discover. Now the ASC will try to find your web interfaces. If you have multiple configured with a remote source they will show up. If they all are configured with a local source only the webinterface locally configured will show. You can configure following items
Manage Server Farms Here you can enter the farm name and add the server for the xml port. Also you can choose what type of transport you want to use for communication with the farm. Types to choose from
You can also mark or unmakr "Enable ICA authentication tickets" (STA Communication) Figure 1 shows the configured farm name, xml port , xml transport type etc. figure 1
At figure 2 you can see the farm name (1) the server for failover (2) the configured XML port (3) and the transport type used (4) Not numbered but also important the Ticketing! If you change the XML listening port on your farm to port 8080 you have also change it here! at (3) figure 2
Configure authentication methods Now the next step is to configure the way the user has to authenticate to the environment he or she wants to logon to. Push on "Configure authentication methods" and figure 3 will showup. figure 3
Available methods
Default Explicit logon is enabled. Expliciet method settings here you can enable 2-factor authentication using a RSA security ID or Safeword figure 4
When is a user to allowed to change his/her password, you can set it in this configure screen also. Default setting is "Never" I personally changed it to "At anytime" because a user sometimes has to change his/her password if it's exposed. figure 5
Next step is to let the authentication talk to Windows or NIS (Unix) or to NDS (Novell). Because I have a testserver that is Windows we use Windows authentication here. figure 6
At figure 7 you can set whether or not a user sees the domainname. If you have multiple domains you can fill them all in here. Simply by pressing the "Add" button see figure 8 and then press "ok". If you only have one domain you can choose the options "Hide Domain field during log in" and users cannot choose the domain name. You can also force the users to use the domain "Testserver" expliciet by editing the "Optionally, specify domains for" field see figure 9 figure 7
figure 8
figure 9
Now what if you want users from another domain on your domain. Well you cannot set the Enforcement option then but you can also instruct the users to use the UPN name the @company.name option see figure 10 you can set multiple UPN suffixes here. figure 10
Now all that rests is the summary and press "Finish" button for this part. Manage secure client access See for this part the howto Create and setup a Secure Gateway Only part were you have to pay attention to if you changed the XML listener port to 8080 is to edit the "edit the secure gateway settings" see figure 11 figure 11
Manage Client Deployment Next you can configure is how to manage client deployment. Default following items are marked
Default the "Let users select" is unmarked. If you want your users to choose mark it and press "Next" figure 12
The automaticly enrollment of client software is for you to decide if you want to use it. If users are not local administrators they can run into problems. Also if users used a msi package and you update it with cab files it will rollback the installation cause the msi package detects it has been changed and performa a rollback to it's original state. An important part to configure here is if you want older clients to connect to your environment. Mind that most features in Presentation Server 4.0 require ica client 8 or higher (prefered at the moment is 9.2) figure 13
You can update the client package and have to save it at inetpub\citrix\metaframe\ICAWEB. here it will look for your client packages. figure 14
At figure 15 you can configure what options the ica client should get. The less the better cause a client will consume less bandwith. figure 15
Edit client side proxy You can also configure what proxy a user has to use. Default it's on Auto detect but you can change it. You have following options
Most configurations will be set on auto or client defined but in some scenario's you could play with this option to force a proxy setting to your user. figure 16
Socks configuration figure 17
Secure (HTTPS) configuration figure 18
At figure 19 you can finetune the connection settings. Play a bit with these settings and see what you like. figure 19
At figure 20 you can set were a user can use the Windows Key combinations. figure 20
Manage Workspace Control At figure 21 you can configure what options a client connected to the citrixfarm over the WI has. An important one is "Log off all sessions when a user logs off from the webinterface" if you mark this all sessions will be logged off instead of staying active. This can however also be a pain in the bud if users have to refresh the WI in order to stay connected ;) figure 21
Load ballance sites If you have multiple Web Interfaces you can let them workballance. We have taken a screenshot from a production environment so urls will be wiped figure 22
Local Site Tasks Here you can configure following items
Manage configuration source points to the source were the config.xml is used to configure your web interface. Most of the time a local configuration file will be used but in larger environments a centralized configuration source will be used. This saves administrative tasks cause you change it at one point and all web interfaces will use it. Manage IIS hosting, here you can set the IIS site were to host the webinterface. Default it's the "Default Web Site" and default path is "/citrix/metaframe" If you mark the "This is default page for the IIS Site" then users connecting to http://servername will go automaticly to the citrix login page. Repair site is a tricky one specially if you used for instance the SPS2003 Look&Feel configuration of Jason Conger. After you did a Repair Site all your configuration is lost. You can prefend that by saving the citrix\metaframe directory to a different location, a simple copy is enough. Uninstall site, well it speaks for itself, it will uninstall your web interface. Import configuration When you already created a web interface and are very lasy you can export the configuration on the already configured web interface and import it on the newly to create interface. All settings will be the same. (I suggest a centralized configuration instead of import). You also can use it to backup your configuration.. Export configuration The opposite of the import :) Remove site configuration Never done this one :) but i think you can configure it all over again..so I won't burn my hands on that one. Modify Apply Changes URL This will write the current config into the config file
|
| < Prev | Next > |
|---|
|