|Read more about this book|
(For more resources related to this subject, see here.)
Farm terminology and concepts
Now is the moment to define the terminology we are going to use. If you are new in the Citrix world, please pay attention to this section.
- Multi-user environment is when applications are published on servers running remote desktop services and/or XenApp accessed by multiple users simultaneously.
- XenApp server is the main software component of the Citrix application delivery infrastructure. The objective of XenApp servers is to deliver applications to user devices.
- XenApp application servers are the farm servers that host published applications.
- XenApp infrastructure servers are the farm servers that host services such as a license server or web interface. Usually, they do not host published applications.
- Remote desktop services (RDS), formerly known as Terminal Services, is one of the components of Microsoft Windows that allows a user to access applications and data on a remote computer over a network. We need to install this component (and appropriate licenses) to setup and run XenApp servers. XenApp extends the functionality of Microsoft Remote Desktop Services, adding flexibility, manageability, security, and performance to RDS.
Applications can be made available by installing in the server or streaming to the client. XenApp 6 supports only Windows 32-bit or Windows 64-bit applications. Running 16-bit applications is NOT supported.
XenApp offers three methods for delivering applications to user devices, servers, and virtual desktops:
- Server-side application virtualization: Applications run on the XenApp servers. XenApp shows the application interface on the user device or client, and transmits user actions from the device, such as keystrokes and mouse actions, back to the application.
- Client-side application virtualization: XenApp streams applications on demand to the user device from the XenApp farm and runs the application on the user device.
- VM hosted application virtualization: Challenging applications or those requiring specific operating systems run inside a desktop on the XenApp server. XenApp shows the application interface on the user device or client, and transmits user actions from the device, such as keystrokes and mouse actions, back to the application.
XenApp server farm is a logical collection or group of XenApp servers that can be managed as a single entity. Usually, Citrix define three types of farms:
- Design validation farm: Design validation farm is set up in a laboratory, typically as the design or blueprint for the production farm. Usually, the preferred method to build a design validation farm today is using virtual machines.
- Pilot farm: Pilot farm is a preproduction farm used to test a farm design and applications before deploying the farm across the company. The pilot must include users from the entire organization and role. These users should access the farm for their everyday needs.
- Production farm: Production farm is in regular use and accessed by all users in the organization.
Farm Architecture defines the plan for the design of the server farm and zones based on current requirements and future expansion plans. Farm architecture requires a strong understanding of the network topology, scalability, failover, and geographic location of the sites and users in the company.
- Zones: Zones are used to control the aggregation and replication of data in the farm. A farm should be divided into zones based upon the network topology, where major geographic regions are assigned to separate zones. Each zone elects a data collector, which aggregates dynamic data from the servers in its zone and replicates the data to the data collectors in the other zones.
- Worker group: A worker group is a new feature introduced on XenApp 6. It is a collection of XenApp servers in the same farm. Worker groups allow a set of similar servers to be grouped together and managed as one. Worker groups are closely related to the concept of application silos (silos usually are servers dedicated to run critical or resource-intensive applications). All servers in the worker group share the same list of published applications and identical XenApp server settings.
- Data collector: A collector stores information about servers and published applications inside a group and acts as a gateway between data collectors in other groups. In large XenApp server farm environments, it is a good idea to have a dedicated server and restrict it from delivering applications. A dedicated data collector improves load balancing decisions and reduces session logon time.
User device is where the client software is installed to access data anywhere:
- Citrix Receiver: Citrix Receiver is the first universal client for IT service delivery. Users can use any device—it runs on smartphones, laptops, desktops, and netbooks (PC or Mac). With Citrix Receiver installed on a device, IT can deliver applications and desktops as an on-demand service with no need to manage, own, or care about the physical device or its location. Citrix Receiver is a lightweight software client with an extensible browser-like “plugin” architecture that communicates with head-end infrastructure in the Citrix Delivery Center product family including XenApp and XenDesktop. Citrix Receiver was formerly known as Citrix ICA Client.
- Citrix Dazzle and the self-service storefront: Citrix Dazzle, the self-service enterprise application storefront, offers a personal and easy-to-use interface for subscribing to applications. Administrators can distribute the Dazzle plug-in using Citrix Receiver, and users can choose their published application subscriptions. Dazzle also downloads and pre-caches streamed applications. The self-service storefront is available for both Windows and Mac users.
- Merchandising Server provides easy management, setup, and distribution of Citrix Receiver and related plugins and updates. Users simply point any browser to the setup site included with Merchandising Server, and within two clicks, the setup process starts. Merchandising Server software is delivered as a virtual appliance for Citrix XenServer or VMware.
Infrastructure servers are farm servers that host services such as license server or web interface. Usually, they do not host published applications.
XenApp farms have two types of infrastructure servers:
- Virtualization infrastructure consists of the XenApp servers that deliver virtualized applications and VM hosted applications and roles that support sessions and administration, such as the data store, data collector, Citrix XML broker, Citrix License Server, configuration logging database (optional), load testing services database (optional), service monitoring agents, and so on.
- Access Infrastructure consists of roles such as the web interface, secure gateway (optional), and access gateway (optional) that provide access to users.
In small deployments, we can group one or more roles together. In large deployments, we provide services on one or multiple dedicated servers.
Virtualization infrastructure represents a series of servers that control and monitor application environments.
Now, we will see different types of infrastructure servers:
- Citrix licensing: A Citrix License Server is required for all XenApp deployments. Install the license server on either a shared or standalone server, depending on your farm’s size. After we install the license server, we need to download the appropriate license files from the MyCitrix.com website and install them in the license server. We can share a license server with multiple Citrix products.
- Data store database: Data store database is a repository of persistent farm information, including server’s information, published applications, administrators, printers, and so on. We can host the data store database on a SQL Server Express database running on one of our XenApp servers in a small farm, use a dedicated SQL Server, or an Oracle database server in medium to large farms.
- Citrix XML Broker acts as an intermediary between the web interface and other servers in the farm. When a user logs in to the web interface, the XML Broker receives the user’s credentials from the web interface and queries the server farm for a list of published applications that the user has permission to access. The XML Broker obtains this application set from the IMA (Independent Management Architecture) system and returns it to the web interface.
- Citrix XML Service: The XML Broker is a component of the Citrix XML Service. By default, the XML Service is installed on every server during XenApp setup. However, only the XML Service on the server specified in the web interface acts as the broker. In a small farm, the XML Broker runs on a server with multiple infrastructure functions. In a large farm, the XML Broker might be configured on one or more dedicated servers. Configuring a dedicated XML server is a simple task, we need to set up a dedicated XenApp server without any published applications.
- Single sign-on (optional): Single sign-on provides password management for published applications. Single sign-on can use Active Directory or a NTFS share to store password information. Single sign-on was formerly known as password manager and requires a Platinum license. Installation and configuration of single sign-on is out the scope of this article.
- Service monitoring (optional) is based on CitrixEdgesight and enables the administrator to collect, monitor, and report server resource metrics to estimate servers required to deploy a XenApp farm or to analyze the load of production servers. This feature requires a Platinum license. Installation and configuration of Edgesight is out the scope of this article.
- Provisioning Services (optional) assist administrators to manage the entire XenApp farm of application hosting servers, both physical and virtual, using one or multiple standardized server image. PVS can rollback to a previous working image in the time it takes to reboot. This feature requires a Platinum license. Installation and configuration of Provisioning Services is out the scope of this article.
- SmartAuditor (optional) allows an administrator to record the onscreen activity of any user’s session, over any type of connection, from any server running XenApp. SmartAuditor uses policies to record, catalog, and archive sessions for retrieval and playback. This feature requires a Platinum license. Installation and configuration of SmartAuditor is out the scope of this article.
- Power and Capacity Management (optional) enables administrators to reduce power consumption and manage server capacity by dynamically scaling the number of online servers or powering on/off servers based on specific times. This feature requires a Platinum license. Installation and configuration of Power and Capacity Management is out the scope of this article.
Access Infrastructure represents a series of servers deployed within the local network or the DMZ to provide access to different types of users (local or remote) to resources published on XenApp servers.
XenApp farms have three types of access infrastructure servers:
- Web interface provides users with access to resources published on one or multiple XenApp farms through a standard web browser or through the Citrix Online Plug-in.
- Access Gateway (optional) is a universal SSL VPN appliance that can be used to secure client connections to XenApp farms and provide secure access to other internal network resources. XenApp Platinum Edition licenses include a universal Access Gateway license, which can be used with any Access Gateway edition. The Access Gateway appliance, also known as Netscaler, must be purchased separately.
- Secure Gateway (optional) assists administrators to secure access to enterprise network computers running XenApp and provides a secure Internet gateway between XenApp farms and client devices. The Secure Gateway transparently encrypts and authenticates all user connections to help protect against data tampering and theft. All data traversing the Internet between a remote workstation and the Secure Gateway is encrypted using the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol. The Secure Gateway is an application that runs as a service on a server that is deployed in the demilitarized zone (DMZ).
Designing a basic XenApp architecture
Let’s take a look at the Brick Unit Constructions, a small construction company near Washington DC established in 1973 by John Charles Empire. The HQ of the company is located near Frederick in Maryland. The company had around 120 users working there. Currently, they have 17 sites under construction around the state located in a 150 miles radius from HQ. Each of these sites has 10 to 25 computers, accessing applications installed on the site server or in each user computer. So we have around 400 users between HQ and construction sites. Almost 20 percent of all these users utilize laptops, work on a few projects at the same time, and travel between sites. All these sites are connected in a MPLS network between HQ and sites using T1 links.
Managing the software installed on computers and other devices in the field is a nightmare for the small IT department of the company and their manager, William Empire, son of John Charles.
Usually, the projects are short-term, between 6 months to 2 years. When the project is completed, IT needs to take a full backup of every machine and the server and reassign them to a new project. None of these sites has its own IT personnel, so the management of these servers and computers (backups, installing new applications, printers, and so on) is centralized from HQ, making the administration very complicated.
Users with laptops are having issues with printers and access to files located on different servers. William wants to resolve this issue by moving all data in remote file servers to a centralized file server on a NAS (Network Attached Storage) device, and migrate all printer queues located on remote sites to a new printer server on HQ. The migration of printers will help him to clean up print server drivers and check the compatibility of the current printers with Citrix.
The other issue these users are having is related to an in-house developed financial application installed on construction sites servers. Users must have these applications installed multiple times (one per site).
The following diagram is the Brick Unit Construction’s current infrastructure:
William is concerned about the following:
- Deciding whether he would want to run XenApp on virtual machines or physical servers
- Budget: The cost of all Terminal Server and Citrix licenses will require a large expenditure
- Virtual machines will provide a lot of benefits, but will require a large investment in a SAN (Storage Area Network), the increase of memory RAM of existing servers, and the cost of the virtualization server software
William’s idea is to move all applications installed on a client’s machine or servers in remote sites to a XenApp farm, migrate all data in these sites to the HQ file, print servers, remove servers from field, and reuse them (these servers are pretty new) to build more XenApp servers or virtualization hosts to run XenApp on virtual machines.
Moving all applications to XenApp will help IT to reduce the license cost of applications and simplify the deployment of new versions.
Centralizing all data in a NAS file server will help to reduce backup costs (hardware and software) and simplify administration. Also, it will reduce the time to restore information.
Currently, the most popular option to implement XenApp 6 is using virtual machines and William decided to use it for the deployment of Brick Unit’s farm.