Study Guide Microsoft
-
Upload
varun-girdhar -
Category
Documents
-
view
216 -
download
0
Transcript of Study Guide Microsoft
-
8/9/2019 Study Guide Microsoft
1/46
Citrixxperience.com
1Y0-259 Citrix Presentation Server 4.5:Administration
Study Guide
Version 1.0(September 4, 2008)
-
8/9/2019 Study Guide Microsoft
2/46
-
8/9/2019 Study Guide Microsoft
3/46
For more Citrix certification preparation products, visit Citrixxperience.com. iii
Table of Contents
Subject Page
Installing and Managing Citrix Presentation Server 1
Configuring Farm Settings 3
Configuring ICA Sessions 10
Configuring Policies 14
Publishing Applications and Content 20
Deploying Applications 25
Creating and Assigning Load Evaluators 28
Configuring Printing 31
Enabling Web Access to Published Applications and Content 36
Securing Access to Published Applications and Content 41
The most trusted web site for Citrix certification preparation products, Citrixxperience.com
-
8/9/2019 Study Guide Microsoft
4/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
1
1Y0259CitrixXenApp:AdministrationStudyGuide
InstallingandManagingCitrixPresentationServer
InstallPresentationServer4.5License
OpentheLicenseManagementConsole.
ClickConfigureLicenseServer>Step1:DownloadlicensefilefromMyCitrix.com.
LogintoMyCitrixandfromtheCurrentTooldropdownlistselectActivate/Allocate.
Downloadthelicensefile.
CopythelicensefiletoyourlicenseserverwiththeLicenseServerManagementConsole.
MakesurethedirectoryappearsintheUploadlicensepage,orbrowsetoitandclick
Upload.
OntheLicenseFilespage,clickUpdatelicensedata.
Thefilewillappearinthetableonthepage.
InstallingProgramNeighborhoodAgent
WhenusingtheProgramNeighborhoodAgent,ifyouwanttheuserstobepromptedfor
authenticationtoaCitrixPresentationServereverytime,selectNowhenconfiguringpass
throughauthentication
during
Program
Neighborhood
Agent
installation.
WhenconfiguringProgramNeighborhoodAgent:
TypethenameoftheserverhostingtheProgramNeighborhoodAgentServicessite.
Intheformatofhttp://servernameorhttps://servernameandthenclickNext.
ReplaceservernamewiththenameoftheWebInterfaceserver.
UpdatePresentation
Server
ToupdateaPresentationServer3.0or4.0serverfarmrunningonWindows2003youcantake
advantageoftheautomaticupgradepath.
OntheinitialAutorunscreenofSetup,selectInstallCitrixPresentationServer4.5andits
components.
-
8/9/2019 Study Guide Microsoft
5/46
-
8/9/2019 Study Guide Microsoft
6/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
3
SinglezonesworkbestwhenallPresentationServersarelocatedinthesamegeographical
locationwhilemultiplezonesworkbestwhenPresentationServersareseparated
geographically.
ConfiguringShadowingDuringInstallation
ShadowingrestrictionssetduringtheinstallationofPresentationServerarepermanent.
Ifshadowingwasdisabledorcapabilitiesrestrictedduringtheinstallation,neithershadowing
northerestrictedcapabilitiescanbeenabledaftertheinstallationiscompletewithout
reinstallingPresentationServer.
IMAEncryption
PresentationServercanbeconfiguredtoencrypttheIMAcommunicationsusedtosend
informationto
the
data
store
and
configuration
logging
databases.
Thisencryptioncanaddalayerofsecuritytothesensitivedatastoredinthedatabases.
UsersandGroupsConsiderationsatInstallation
DuringtheinstallationofPresentationServer,theexistingusersandgroupsandtheanonymous
useraccountscreatedbyPresentationServercanbeaddedtothelocalRemoteDesktopUsers
groupontheserver.
Only
users
and
groups
that
are
members
of
the
local
Remote
Desktop
Users
group
can
access
resourcesontheserverusingtheICAorRDPprotocol.
Iftheusersandgroupsdonotexistatthetimeoftheinstallationortheadministratorwantsto
manuallyaddtheusersandgroups,theadministratorcanusetheComputerManagement
utilityontheservertoperformthistaskaftertheinstallationcompletes.
ConfiguringFarmSettings
HealthMonitoring
and
Recovery
CitrixprovidesastandardsetofHealthMonitoringandRecoverytests.
CitrixIMAServicetest
CitrixXMLServicetest
-
8/9/2019 Study Guide Microsoft
7/46
-
8/9/2019 Study Guide Microsoft
8/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
5
Toconfigureaserverasthedatacollector,theadministratorshouldsettheserverselection
preferencetoMostPreferred.
Toconfigureaservertoneverbecomethedatacollector,theadministratorshouldsetthe
serverselectionpreferencetoNotPreferred.
Otherelectionpreferencesare:Preferred,whichisthebackupdatacollector,andDefault
Preference,whichallowstheservertobethedatacollectorifthemostpreferreddatacollector
andbackupdatacollectorarenotavailable.
Afterconfiguringtheelectionpreference,restarttheIMAServiceorreboottheserver.
ConfigurationLogging
Theconfigurationloggingfeatureallowsyoutokeeptrackofadministrativechangesmadeto
yourserverfarmandgeneratesreportsthatshowwhatchangesweremade,whentheywere
madeand
who
made
them.
Ahighlevelexplanationofconfiguringconfigurationlogging:
Createtheconfigurationloggingdatabase.
VerifytheconfigurationloggingdatabaseisspecifiedintheDatabasetypefield.
Configuretheconfigurationsettingsfortheserverfarm.
Whenneeded,theadministratorcanclearthedatastoredintheconfigurationloggingdatabase.
Tosetuploggingofadministrativetasks:
OpentheAccessManagementConsole.
RightclicktheserverfarmnodeandclickProperties.
ExpandtheFarmwidenodeandclickConfigurationLogging.
VerifythataconfigurationloggingdatabaseisspecifiedintheDatabasetypefield.
SelectLogadministrativetaskstotheloggingdatabase.
ClickOK.
VirtualIPAddressing
SomeapplicationsneedauniqueIPaddressforeachapplicationforlicensing,addressing,
identificationorotherpurposes.
-
8/9/2019 Study Guide Microsoft
9/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
6
WithvirtualIPaddressing,youcanassignastaticrangeofIPaddressestoaserverorservers
andhavetheseaddressesindividuallyallocatedtoeachsessionsothatconfiguredapplications
runningwithinthatsessionappeartohaveauniqueIPaddress.
ToconfigurevirtualIPaddressing:
OpentheAccessManagementConsoleselectafarm.
SelectAction>Modifyfarmproperties>ModifyvirtualIPproperties.
OpenAddressConfigurationfromtheVirtualIPpageinthefarmsPropertieslist.
UsetheAddressConfigurationdialogboxtoconfigurethevirtualIPaddressrangesand
assignthemtoservers.
ClickOKtorestarttheaffectedservers.
ThenumberofvirtualIPaddressesspecifiedforaservershouldbeequaltoorexceedthe
maximumnumberofconcurrentsessionstotheserver.
IfavirtualIPaddressisnotavailableatconnectiontime,anInsufficientvirtualIPaddressesare
notavailableerrormessageisdisplayedontheclient.Thesessionmayopen,butapplications
thatrequireanIPaddressmaynotworkcorrectly.
CitrixPorts
Port
2512
is
used
for
server
to
server
communication
using
the
IMA
Service.
TheAccessManagementConsoleusesport135.
CitrixSSLRelayusesport443.
ICAsessionsuseport1494.
ClienttoserverUDPsessionsuseport1604.
TheIMAServiceusesport2513forcommunicationbetweenthePresentationServer
ConsoleandPresentationServers.
Sessionreliabilityusesport2598.
TheLicenseManagementConsoleusesport8082.
Servertolicenseservercommunicationtakesplaceoverport27000.
-
8/9/2019 Study Guide Microsoft
10/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
7
VirtualLoopback
Virtualloopbackprovidespublishedapplicationswithloopbackaddressestouseinsessions.
Whenenabled,thevirtualloopbackfunctiondoesnotrequireanyadditionalconfigurationother
thanspecifyingwhichprocessesusethefeature.
Whenanapplicationusesthelocalhostaddress(127.0.0.1)inaWinsockcall,thevirtual
loopbackfeaturesimplyreplaces127.0.0.1with127.X.X.XwhereX.X.Xisarepresentationofthe
sessionID+1.
Forexample,asessionIDof7is127.0.0.8.
SessionReliability
Sessionreliabilitykeepssessionsactiveontheusersscreenwhennetworkconnectivityis
interrupted.
Userscontinuetoseetheapplicationtheyareusinguntilnetworkconnectivityresumes,butthe
displayfreezesandthecursorchangestoaspinninghourglass.
Theadvantageisthatwhennetworkconnectivityresumes,theydonthavetoreconnecttothe
application.
Toenablesessionreliability,chooseAllowuserstoviewsessionsduringbrokenconnectionin
thesessionreliabilitysettings.
AutoClientReconnect
AutoclientreconnectallowsClientsforWindows,JavaandWindowsCEtodetectbroken
connectionsandautomaticallyreconnectuserstodisconnectedsessions.
Whenaclientdetectsaninvoluntarydisconnectionofasession,itattemptstoreconnectthe
usertothesessionuntilthereisasuccessfulreconnectionortheusercancelsthereconnection
attempts.
Whenconfiguringsessionreliability:
Anadministrator
can
enable
it
by
selecting
Allow
users
to
view
sessions
during
abroken
connection.
DisableitbydeselectingAllowuserstoviewsessionsduringabrokenconnection.
ChangetheportnumberinthePortnumberfield.
-
8/9/2019 Study Guide Microsoft
11/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
8
ChangetheamountoftimesessionsremainactivewhenconnectivityislostintheSeconds
tokeepsessionsactivefield.
Ifanadministratorwantsuserstoreauthenticatebeforereconnectingtoactivesessions,auto
clientreconnectshouldbeenabled.
Whensessionreliabilityisenabled,KeepAlivesettingsarenotusedevenwhentheyare
configuredintheserverfarm.
VirtualMemoryManagement
Virtualmemorymanagementmonitorsandregulatesthe.DLLandvirtualmemoryutilizationso
memoryisusedmoreefficiently.
Schedulevirtualmemoryoptimizationatatimewhenyourservershavetheirlightestloads.
RebalancerService
TheRebalancerServiceisresponsibleforenhancingresourcemanagementonserverswith
multipleCPUs.
Theserviceissettostartmanuallybydefault.
Ifanenvironmentisrunningmanyshortlivedapplicationsandtheapplicationsappeartobe
runningonthesameCPU,theadministratorshouldsettheservicetostartautomatically.
If
this
service
is
not
started
on
servers
with
multiple
CPUs,
the
benefits
of
CPU
utilization
managementarelost.
CitrixAdministratorAccounts
WhencreatinganewCitrixadministratoraccountyoucanchooseViewOnly,Full
Administration,orCustompermissions.
AdministratorswithViewOnlyprivilegescanviewallareasofserverfarmmanagementbut
cannot modifythem.
Administratorswith
Full
Administration
privileges
can
view
and
modify
all
areas
of
server
farmmanagement.
OnlyadministratorswithFullAdministrationcancreateotheradministratorsandcreate
ordeleteserverandapplicationfolders.
Bydefault,administratorswithcustomaccountsarecreatedwiththeLogonto
ManagementConsolepermission.UsethePermissionsscreentoallowcustom
administratorstoperformadditionaltasks.
-
8/9/2019 Study Guide Microsoft
12/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
9
TomodifypermissionsforaCitrixadministratoraccount:
OpentheAccessManagementConsole.
Clicktheserverfarmnode.
DoubleclickAdministratorsinthedropdownlistdetailspane.
RightclicktheadministratoraccountorgroupinthedetailspaneandclickModify
administratorproperties.
ClickPermissionsintheleftpaneofthePropertiesscreen.
Clickafolderandthenselectthepermissionsintherightpanethattheselected
administratororgroupwillhaveforthatfolder.
Repeatthe
last
step
until
all
the
appropriate
permissions
are
set.
ClickOK.
ICAConnections
Whenauserstartsapublishedapplication,anICAconnectionismadetoaPresentationServer.
Iftheuserstartsapublishedapplicationonadifferentserver,anotherICAconnectionismade.
If
a
user
starts
a
published
application
on
a
server
that
the
user
already
has
an
ICA
connection
to,thesameICAconnectionwillbeused;anewICAconnectionwillnotbestarted.
ToconfigureICAconnections:
OpentheAccessManagementConsole.
RightclicktheserverfarmnodeandclickProperties.
ExpandtheFarmwidenodeandclickConnectionLimits.
ConfigurethenumberofICAconnectionsallowedperuser.
ConfigurethenumberofICAconnectionsallowedperadministrator.
ConfigureICAconnectionlimitlogging.
ClickOK.
-
8/9/2019 Study Guide Microsoft
13/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
10
ICAKeepAlive
ICAKeepAliveisasettingusedtomanagethestatesoftheICAsessionstoensurethattheyare
accuratelyreported.
WhenICAKeepAliveisconfigured,packetsaresenttoeachclientdevicetodeterminewhether
aconnectionstillexists.
Iftheclientdevicedoesnotrespond,thestateofthesessionusingtheconnectionischanged
fromactivetodisconnected.
ConfiguringICASessions
SpeedScreen
SpeedScreenLatency
Reduction
Manager
provides
mouse
click
feedback
and
local
text
echo
to
reducetheusersperceptionoflatencywhentypingandclicking.
SpeedScreenBrowserAccelerationoptimizestheresponsivenessofgraphicsrichHTMLpagesin
publishedversionsofMicrosoftOutlook,OutlookExpressandInternetExplorer.
SpeedScreenBrowserAccelerationmustbeenabledateitherthefarmlever(default)orthe
serverlevelandDeterminewhentocompressmustbeselected.
(Authorsnote:TheselectionmayalsobeAdjustcompressionlevelbasedonavailable
bandwidth).
TofurtheracceleratetheaccessibilityofWebpagesandemailusingSpeedScreenBrowser
Acceleration,JPEGcompressioncanbeenabled.
JPEGcompressionoffersatradeoffbetweenthequalityoftheJPEGimagesasthey
appearontheclientdevicesandtheamountofbandwidththefilesconsume
transferringfromservertoclient.
JPEGimageaccelerationresultsinslightlylowerimageresolutionandslightlyhigher
resourceconsumptiononbothserverandclient.
When
JPEG
image
acceleration
is
enabled,
select
the
Image
compression
level
based
on
availablebandwidth:Low,MediumorHigh.
SpeedScreenMultimediaAccelerationallowsyoutocontrolandoptimizethewayCitrix
PresentationServerpassesstreamingaudioandvideotousers.
SpeedScreenFlashAccelerationallowsyoutocontrolandoptimizethewayCitrixPresentation
ServerpassesMacromediaFlashanimationstousers.
-
8/9/2019 Study Guide Microsoft
14/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
11
SpeedScreenImageAccelerationoffersyouatradeoffbetweenthequalityofphotographic
imagefilesastheyappearonclientdevicesandtheamountofbandwidththefilesconsumeon
theirwayfromtheservertotheclient.
SpeedScreenProgressiveDisplayallowsyoutoimproveinteractivitywhendisplayinghighdetail
imagesbytemporarilyincreasingthelevelofcompression(decreasingthequality)ofsuchan
imagewhenitisfirsttransmittedoveralimitedbandwidthconnection,toprovideafast(but
lowquality)initialdisplay.
Iftheimageisnotimmediatelychangedoroverwrittenbytheapplication,itisthen
improvedinthebackgroundtoproducethenormalqualityimage,asdefinedbythenormal
lossycompressionlevel.
HeavyweightcompressionallowsyoutoincreasethecompressionoftheSpeedScreen
ImageAccelerationandSpeedScreenProgressiveDisplaywithoutimpactingimagequality.
Becauseheavyweight
compression
is
CPU
intensive
and
affects
server
scalability,
it
is
recommendedforuseonlywithlowbandwidthconnections.
ProgramNeighborhoodAgent
TheProgramNeighborhoodAgentallowsyouruserstoaccessalloftheirpublishedresourcesin
afamiliarWindowsdesktopenvironment.
Usersworkwithyourpublishedresourcesthesamewaytheyworkwithlocalapplications
andfiles.
Publishedresourcesarerepresentedthroughouttheclientdesktop,includingtheStart
MenuandWindowsnotificationarea,byiconsthatbehavejustlikelocalicons.
ProgramNeighborhoodAgentisconfiguredatasitecreatedintheAccessManagementConsole
andassociatedwiththesitefortheWebInterfaceserver.
WhenconfiguringProgramNeighborhoodAgent,theURLoftheappropriateWebInterface
servermustbeenteredintheformathttp://servernameorhttps://servername.
ProgramNeighborhoodAgentconnectstotheserveratstartuptogetthelatestconfiguration
informationincludingavailablepublishedresourcesandpermissionstochangelocalsettings.
WebClient
TheWebClientisasmallerclientthatcanbeinstalledfroma.CABfileorfromthemain.MSI
file.
TheWebClientsetupfilesaresignificantlysmallerthantheotherclients.
-
8/9/2019 Study Guide Microsoft
15/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
12
Thesmallsizeallowsuserstoquicklydownloadandinstalltheclientsoftware.
TheWebClientdoesnotrequireuserconfigurationanddoesnothaveauserinterface.
UsersaccessthepublishedresourcesbyclickingonlinksfromaWebpageorcorporateintranet.
ThefollowingbrowserswillworkwiththeClientforWeb:
InternetExplorer5.0through7.0
NetscapeNavigator4.78,and6.2through7.1
MozillaFirefox1.0through1.5
TousethebuiltinWebInterfaceclientinstallationfeature,youmustmakesuretheweb
servers\Clientsfoldercontainstheappropriateclientfiles.
ProgramNeighborhood
ProgramNeighborhoodsupportsthefullCitrixPresentationServerfeaturesetanditrequires
userconfigurationandmaintenance.
ChooseProgramNeighborhoodforthePresentationServerClientifyoudonotwanttopublish
yourresourcesusingWebInterface.
IfyouchoosetoimplementtheWebInterfaceatalatertime,ProgramNeighborhooduserscan
also
access
resources
published
through
Web
Interface.
ClientDeployment
BeforedeployingaclientpackageviaActiveDirectorytoanyclientsbeforeWindowsXP,
WindowsInstaller2.0mustbeinstalledontheclients.
AdministratorscanuseActiveDirectorytodeployclientsusingthe.MSIfileontheComponents
CDforPresentationServerorusingacustomclientfilepackagecreatedwithClientPackager.
ToassignaclientpackagetoanOrganizationalUnit(OU):
Createanetworkshareandcopythe.MSIfilecontainingtheclienttothenetworkshare
location.
InActiveDirectoryUsersandComputersrightclicktheappropriateOUandclick
Properties.
ClicktheGroupPolicytabandclickNewtocreateanewGroupPolicy.
-
8/9/2019 Study Guide Microsoft
16/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
13
TypethenamefortheGroupPolicyandpressEnter.
ClickEditandnavigatetoComputerConfiguration>SoftwareSettings>Software
Installation.
RightclicktheblankareaintherightpaneandclickNew>Package.
LocatetheclientpackageonthenetworkshareandclickOpen.
ClickAssignedintheDeploySoftwaredialogandclickOK.
Astheclientrestarts,ActiveDirectoryGroupPolicyautomaticallyinstallstheclientonthe
computer.
AfterdeployingaclientpackageviaActiveDirectoryandrestartingtheclientdevice,the
administratorshouldlogintotheclientdevicetoverifythattheclientisinstalled.
ClientPackager
WhencreatingapackagewiththeClientPackager,thedefaultclientnameoptionisUse
machinenameasclientname.
Bydefault,Citrixclientsgetthesamenameasthemachineatdeployment.
TheotherclientnameoptionisLetusersspecifyaclientname.
By
choosing
No
on
the
pass
through
authentication
screen,
the
administrator
would
make
sure
thattheusersmustentertheirusernameandpasswordtologontosessions.
EnableQuickLaunchBarandEnableCustomICAConnectionsarebothconfigurationchoices
forProgramNeighborhood.
WhilecreatingaProgramNeighborhoodpackage:
Tohelpensureduplicateclientnamesdonotexistonthenetwork,allowtheusertoname
theclientbychoosingLetuserspecifyaclientname.
Toletusersopensessionswithoutenteringtheirusernameandpassword,chooseUse
Kerberosonly
to
enable
pass
through
authentication.
ToallowuserstomakeserverconnectionswithoutusingtheICAConnectionWizard,choose
EnableQuickLaunchBar.
Toensureolderclientversionsareoverwrittenwithnewerclients,leaveAllowupgradeif
packageisnewerthanexistingclientversionchosen;thatisthedefaultclientreplacement
option.
-
8/9/2019 Study Guide Microsoft
17/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
14
ConfiguringPolicies
LimitConcurrentSessions
Toallowuserstohavemoresessionsrunningthantheserverfarmisconfiguredtoallow:
CreateanewpolicyinthePresentationServerConsole.
AddthepolicyruleLimittotalconcurrentsessions.
Configurethesessionstoasmanyasneededandapplythepolicytothedesiredusersor
groups.
PolicyFilters
Afterapolicyhasbeencreatedandconfigured,andadministratorcanfilterthepolicyusing:
Clientnames
Accesscontrol(connectionsmadethroughAccessGateway)
Usersandusergroups
Servers
ClientIPaddresses
Tofilter
apolicy
to
affect
only
acertain
range
of
IP
addresses:
ClickthePolicynodeinthePresentationServerConsole,rightclicktheappropriatepolicy
intherightpaneandselectApplythispolicyto.
ClickClientIPAddress.
ClickFilterbasedonclientIPaddress.
ClickAdd.
ClickIPRangeandclickOK.
ClickAllowandclickOK.
Shadowing
Tocreateanewshadowingpolicywheretheusersarenotifiedthattheyarebeingshadowed
andtheuserdoingtheshadowingcannotcontrolthekeyboardormouse:
-
8/9/2019 Study Guide Microsoft
18/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
15
CreateanewpolicyinthePresentationServerConsole.
InthepolicyspropertiesopentheShadowingfolderundertheUserWorkspacefolderin
theleftpane.
SelecttheConfigurationruleandenableit.
SelectAllowshadowing.
SelectProhibitbeingshadowedwithoutnotification.
SelectProhibitremoteinputwhenbeingshadowed.
SelecttherulenamedPermissionsintheleftpaneandenableit.
ClickConfiguretoselecttheuserswhowilldotheshadowing.
ClickOKwhendoneaddingtheusers.
ClickOKatthebottomofthepolicysproperties.
Applythepolicytotheuserswhowillbeshadowed.
ZonePreferenceandFailover
AZonePreferenceandFailoverpolicyisconfiguredintheUserWorkspacefolderinthe
properties
of
a
policy.
Theprimaryandbackupzonesareconfiguredandwhichzoneusersconnecttoisidentified.
ClientforWebandProgramNeighborhoodAgentsupportZonePreferenceandFailover.
InaZonePreferenceandFailoverpolicy,connectionscanbedirectedtoapreferredzoneand
failovertoabackupzone.
PrintJobRoutingPolicy
Printjob
routing
has
two
settings:
Connectdirectlytonetworkprintserverifpossible
Alwaysconnectindirectlyasaclientprinter
IftheconcernisbandwidthusageoveraWANconnection,Alwaysconnectindirectlyasaclient
printershouldbeused.
-
8/9/2019 Study Guide Microsoft
19/46
-
8/9/2019 Study Guide Microsoft
20/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
17
SpeedScreen
ImageAccelerationusinglossycompression
SessionLimits,including:
Audio
Clipboard
COMPorts
LPTPorts
Drives
OEMVirtual
Channels
OverallSession
Printing
TWAINRedirection
PDASynchronization
Toconfigure
PDA
synchronization
using
USB
tethering:
EnablethepolicyruleTurnonautomaticvirtualCOMportmapping.
ThisruleallowsUSBtovirtualCOMportemulationinclientsessions.
ThisruleisfoundinapolicyatClientDevices>Resources>PDADevices.
UserWorkspaceFolderinPolicies
Inthe
User
Workspace
folder
of
aPresentation
Server
policy,
an
administrator
can
configure:
Connections,including:
Limittotalconcurrentsessions
Zonepreferenceandfailover
-
8/9/2019 Study Guide Microsoft
21/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
18
Servertoclientcontentredirection
Shadowing
configurationandpermissions
TimeZones
Donotestimatelocaltimeforlegacyclients
DonotuseClientslocaltime
CitrixPasswordManager
CentralCredentialStore
DonotuseCitrixPasswordManager
StreamedApplication
Configuredeliveryprotocol
Specifiestheapplicationdeliverymethodusedtostreamapplicationstothedesktopsof
clientdevicesorservers.
ApplicationDeliveryMethod
Whenconfiguring
an
application
delivery
method
policy,
the
administrator
can
configure:
Forceserveraccess
Forcesstreamedapplicationstoalwayslaunchfromtheserver.
Forcestreameddelivery
Forcestheapplicationstoalwaysstreamtothedesktopsoftheclientdevices.
SecureICA
AnadministratorcanconfiguretherequiredSecureICAencryptionlevelpersessioninSecurity>
Encryption>SecureICAencryption.ThisistheonlypolicyruleavailableinaPresentationServer
policy.
ApplyPolicytoUsersandGroups
-
8/9/2019 Study Guide Microsoft
22/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
19
ToapplyaPresentationServerpolicytoauserorgroup:
InthePresentationServerConsole,clickthePolicynodeintheleftpane.
RightclicktheappropriatepolicyintherightpaneandclickApplythispolicyto.
ClickUsers.
ClickFilterbasedonusers.
Configuretheusersandgroupsfilteroptioninoneoffourways:
Applythepolicytoallexplicitusers(nonanonymous)
Applythepolicytoallanonymoususers
Applythe
policy
to
aspecific
user
account
or
user
group
Avoidapplyingthepolicytoaspecificuseraccountorusergroup
ClickOK.
PolicyPriority
Eachpolicyreceivesanumberuponcreation.Bydefault,anewpolicyhasthelowestpriorityof
allpolicies.Thenumberassignedisbasedonthenumberofpoliciesthatexistinaserverfarm.
Toprioritizeapolicy,inthePresentationServerConsole:
ClickthePoliciesnode.
RightclickthepolicyintherightpaneandclickPriority.
Ifyouwanttoassignthepolicythehighestpriority,clickMakeHighestPriority.
Ifyouwanttoassignthepolicythelowestpriority,clickMakeLowestPriority.
If
you
want
to
increase
the
priority
of
the
policy
one
level,
click
Increase
Priority.
Ifyouwanttodecreasethepriorityonelevel,clickDecreasePriority.
PolicySearchEngine
-
8/9/2019 Study Guide Microsoft
23/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
20
ThepolicysearchengineisafeatureofthePresentationServerConsolethatallowsan
administratortofindallpoliciesthatcanpotentiallyapplytoaspecificconnectionandconfirm
howfinalpolicyrulesaremergedforthatconnection,thusmakingsureitisappliedcorrectly.
Tousethepolicysearchengine:
RightclickonthePolicynodeinthePresentationServerConsoleandclickSearch.
Configurethesearchcriteria(IPAddress,ClientName,User,Server,AccessControl)and
clickSearch.
ClickYestosearchtheentireActiveDirectoryifdesired.
Optionally,doubleclickapolicyinthesearchresultstoviewthepolicypriorities.
ClickViewResultantPolicyandtheResultantPolicyPropertiesscreenlaunches.
Expandeach
node
to
view
individual
resultant
policy
rules.
ClickOKtoclosetheResultantPolicyPropertiesscreen.
ClickOKtoclosetheSearchscreen.
PublishingApplicationsandContent
PublishedApplications
Whenpublished,userscanaccessapplicationsinstalledonthePresentationServers.
Theapplicationsappeartorunlocallyontheclientdevices.
Publishedapplicationsprovidetheadministratorscontroloverwhatresourcesuserscanaccess
onaserver,unlikepublishedserverdesktops.
Publishedapplicationsprovideadministratorscontroloverwhatresourcesuserscanaccessona
server.
PublishedServerDesktops
Publishedserverdesktopsallowusersunlimitedaccesstotheresourcesonaserverwhichcan
resultinuserschangingconfigurationsandsettingsthatcancauseservervulnerabilities.
PublishedContent
-
8/9/2019 Study Guide Microsoft
24/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
21
Userscanopenpublishedcontentusingclienttoserverorservertoclientcontentredirection.
Whencontentispublished,itprovidesusersaccesstodatafiles,suchas:
Documents
Spreadsheets
MediafilesandotherdatathatareaccessiblebyusersusinganHTMLwebsite
Suchashttp://www.citrixxperience.com
Afileonawebsite
Suchashttp://www.citrixxperience.com/study/archive/exams/218.doc
AdirectoryonanFTPserver
Suchasftp://ftp.citrix.com/edu
AfileonanFTPserver
Suchasftp://ftp.citrix.com/edu/readme.txt
AUNCfilepath
Suchas\\servername\sharename\filename
AUNC
directory
path
Suchas\\servername\sharename
OrganizePublishedResources
Anadministratorcanorganizepublishedresourcesinanapplicationsetbyplacingthepublished
resourcesinfoldersduringtheresourcepublishingprocessorafterwards.
Bydefault,allresourcesarepublishedtotherootfolderoftheapplicationset.
Anadministratorcanorganizethepublishedresourcesintofolderstohelpusersquicklylocate
theapplicationstheyneed.
Forexample,ifmanyMicrosoftOfficeapplicationsarepublished,anadministratormight
decidetoplacetheMicrosoftOfficeapplicationsintoafoldercalledMicrosoftOfficemaking
iteasierforuserstolocatetheseapplications.
-
8/9/2019 Study Guide Microsoft
25/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
22
ClienttoServerContentRedirection
ClienttoservercontentredirectionallowsusersoftheProgramNeighborhoodAgenttousea
publishedapplicationtoaccessfilesresidingonthelocalclientdevice.
ClienttoservercontentredirectionthroughfiletypeassociationrequiresProgram
NeighborhoodAgentontheclientdevices.
Clientdrivemappingmustbeenabledsothatthelocalcontentcanbeaccessedbythe
applicationontheserver.
Ifdrivemappingisnotenabled,thepublishedapplicationopensanddisplaysanerror
becausetheapplicationisunabletoaccessthelocalcontentthatinitiallytriggeredthe
applicationtostart.
FileType
Association
IfyouinstallandpublishanapplicationafterinstallingPresentationServer,youmustupdatethe
filetypeassociationintheserversWindowsregistry.
Toupdatefiletypeassociations:
IntheAccessManagementConsole,selecttheserverwheretheapplicationispublished.
SelectAction>AllTasks>Updatefiletypesfromregistry.
ServertoClientContentRedirection
UsersmightfrequentlyaccesswebandmultimediaURLstheyencounterwhenrunninganemail
programpublishedonaserver.
Ifyoudonotenableservertoclientcontentredirection,usersopentheseURLswithweb
browsersormultimediaplayersonthePresentationServers.
Tofreeserversfromprocessingthesetypesofrequests,youcanredirectapplicationlaunching
forsupportedURLsfromtheservertothelocalclientdevice.
Thefollowing
URL
types
are
redirected:
HTTP
HTTPS
RTSP(RealPlayerandQuickTime)
-
8/9/2019 Study Guide Microsoft
26/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
23
RTSPU(RealPlayerandQuickTime)
PNM(LegacyRealPlayer)
MMS(MicrosoftsMediaFormat)
ApplicationIsolationEnvironment
Anapplicationisolationenvironmenthasthefollowingproperties:
Applications
Specifieswhichapplicationsareassociatedwithorinstalledinthisparticularisolation
environment.
Roots
Specifiesthedirectoriesandregistrylocationsinwhichfilesmodifiedbyusers(userprofile
root)andapplications(installationroot)reside.
Rules
Specifiespoliciesthatspecifyhowanisolatedapplicationaccessessystemresources,suchas
files,registryandnamedobjects.
Security
Specifies
the
security
policy
to
apply
to
the
isolation
environment,
which
can
either
be
enhancedorrelaxed.
Anapplicationisolationenvironmentcancontainassociated,installedorpublishedapplications.
Associatedapplicationsareinstalleddirectlyontotheoperatingsystemofoneormore
PresentationServersandareconfiguredtolaunchwithintheconfinesoftheisolation
environmentandcanbeaccessedfromoutsideoftheenvironment.
InstalledapplicationsareinstalledintoanisolationenvironmentusingtheAIESETUP
commandandmustbepublishedonaPresentationServerbeforetheycanbemade
availabletousers.
PublishedapplicationshavebeeninstalledintotheisolationenvironmentusingAIESETUP
andarepublishedforoneormoreuser.
Deletinganisolationenvironmenthasnoeffectonanapplication;however,userspecificfiles
createdwithintheisolationenvironmentaredeleted.
-
8/9/2019 Study Guide Microsoft
27/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
24
Inanapplicationisolationenvironment,theuserprofileroot(wherefilescreatedorsavedby
thecurrentuserarelocated)is:%APPDATA%\Citrix\AIE\AIE_name
Where%APPDATA%isaWindowsenvironmentvariableandisreplacedbytheapplication
datafolderforthecurrentuser.
TypicallyC:\DocumentsandSettings\%USERNAME%\ApplicationData.
AIE_nameisreplacedbythenameoftheapplicationisolationenvironment.
Installationrootspecifiestheperisolationenvironmentlocationofdirectoryorregistrykey
hierarchyforapplicationsinstalledintoanisolationenvironment.
Installationrootisuniqueforeachisolationenvironment.
Whenanapplicationisinstalledinanisolationenvironment,theinstallationrootislocatedat
C:\ProgramFiles\Citrix\AIE\AIE_name.
AIE_nameisthenameoftheapplicationisolationenvironment.
Thepathtotheactualfileisaddedontotheinstallationrootsoeachapplicationhasitsown
virtualcopyofthefilessotheydontconflictwitheachother.
TheAPPUTILcommandlineutilitycanbeusedtoinstallpackagedapplicationsintoanisolation
environment.
Applicationscanbeassociatedwithisolationenvironmentsduringtheapplicationpublishing
processusingthePublishApplicationWizard.
TheycanbeassociatedaftertheapplicationhasbeenpublishedinthePresentationServer
Console.
AIESETUPisusedtoinstallapplicationsintoisolationenvironments.
Afteranapplicationisinstalledinanisolationenvironment(usingAIESETUP)itcanonlybe
removedfromtheisolationenvironmentbyuninstallingtheapplication.
ConfigurePublishedResoures
Publishedresources
can
be
configured
to
control
the
following
options
for
the
client
device:
Legacyaudio
AllowssupportforapplicationstowhichSpeedScreenMultimediaAccelerationdoesnot
apply.
SSLandTLSprotocols
-
8/9/2019 Study Guide Microsoft
28/46
-
8/9/2019 Study Guide Microsoft
29/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
26
InstallationManagerDeploymentProcess
Theuserwhoinstallspackagestothetargetserversmusthavereadaccesstothenetworkshare
pointandadministrativeaccessonthetargetservers.
Beforeyoupublishapackagedapplication,makesurethepackagehasbeenaddedtothe
InstallationManagerdatabase.
ThefollowingprocessesareinvolvedindeployingapackageusingInstallationManager:
ApackageiscreatedusingthePackagerandtheADFfileisplacedonthefileserver.
ThepackageisaddedtotheInstallationManagerdatabaseusingthePresentationServer
Console,PackagerorAPPUTIL.
ThepackageisscheduledfordeploymentusingthePresentationServerConsoleor
APPUTIL.
ThepackageisdeployedtothetargetPresentationServers.
ThePresentationServerConsoleisupdatedtodisplayajobstatusofsuccessfulwhenthe
packagehasbeendeployedsuccessfully.
Packager
AfterusingthePackagertocreateapackagecontainingarecording,thePackagermustbe
returned
to
a
clean
state.
TherollbackfunctioninthePackagerreturnsthePackagertoacleanstatebyremovingallthe
changesmadetotheoperatingsystem,filesandregistryasaresultofpackaginganapplication.
ThePackagerdoesnotneedtoberolledbackaftercreatingapackagethatdoesnotincludea
recordingofanapplicationinstallation.
Todetermineifapackagemustberolledback,clickToolsandselectRollbackinthePackager.
IfmultiplepackagesarecreatedbeforethePackagerisrolledback,thepackagesmustberolled
backinreverseorder.
Forexample,ifPackage1wascreatedandthePackage2wascreatedwithoutrollingback
Package1,thenPackage2mustberolledbackbeforePackage1canberolledback.
Torollbackapackage:
OpenthePackagerandclickTools>Rollback.
-
8/9/2019 Study Guide Microsoft
30/46
-
8/9/2019 Study Guide Microsoft
31/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
28
Ifneeded,typethecommandlineparametersfortheinstallationprogramintheCommand
LineParametersfield.
Selectthepackagingoptions.Choosefrom:
Rebootafterprograminstallation
Runprogramfromsourcelocation
Copyprogramplusthefollowingfileslocallyandthenruntheprogram
SelectthefileorfolderoptionsifCopyprogramwaschosen.ClickNext.
ClickBrowse,navigatetothenetworksharepointonthefileserverwherethepackageis
storedandclickOK.ClickNext.
VerifytheinformationontheResultsscreenandclickFinish.
ClickProject>BuildPackage.
ClickFile>SaveProject.
Checkthenetworksharepointtoverifythatthepackageexists.
CreatingandAssigningLoadEvaluators
LoadEvaluators
Aloadevaluatorisasetofrulesthatcanbeusedtodeterminetheloadonaserverbasedon
systemresourcesandsystemresourceconsumption.
Loadevaluatorscanbeassignedtoserversandapplications.
Allserversmusthavealoadevaluatorappliedtothem.
Onlyoneloadevaluatorcanbeassignedtoeachserverandeachpublishedapplication.
Rules
ThedefaultfullloadfortheCPUUtilizationandMemoryUsagerulesis90%.Thedefaultno
loadforbothis10%.
TheContextSwitchesruledefinesthenumberoftimestheoperatingsystemswitchesfromone
processtoanother.
-
8/9/2019 Study Guide Microsoft
32/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
29
TheLoadThrottlingrulelimitsthenumberofconcurrentconnectionattemptsaserveris
expectedtohandleandcannotbeappliedtoanindividualapplication.
TheLoadThrottlingrulemustbeattachedtoaservertowork.
IftheLoadThrottlingruleisincludedinaloadevaluatorthatisattachedtoapublished
application,theruleisignored.
TheServerUserLoadrulelimitsthenumberofsessionsallowedtoconnecttoaselectedserver.
TheCPUUtilizationruledefinestherangeofprocessorutilizationforaselectedserver.
TheMemoryUsageruledefinestherangeofmemoryusageforaserver.
AdvancedLoadEvaluator
TheAdvancedloadevaluatorincludestherules:
CPUUtilization
LoadThrottling
MemoryUsage
PageSwaprules
DefaultLoadEvaluator
TheDefaultloadevaluatorincludestherules:
LoadThrottling
ServerUserLoadrules
BooleanRules
Booleanrules
are
based
on
conditions
being
true
or
false.
Booleanrulesmustbeusedinconjunctionwithatleastoneotherrulebecausetheydonot
returnactualloadvaluesforaserver.
ThetwoBooleanrulesare:
IPRange
-
8/9/2019 Study Guide Microsoft
33/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
30
DefinestherangeofallowedordeniedclientIPaddressesforapublishedapplication.
Scheduling
Schedulestheavailabilityofselectedpublishedapplications.
CustomLoadEvaluator
Tocreateacustomloadevaluator:
OpenthePresentationServerConsole.
RightclicktheLoadEvaluatorsnodeandclickNewLoadEvaluator.
TypethenameforthecustomloadevaluatorintheNamefield.
Typeadescriptioninthedescriptionfieldifdesired.
ClickaruleintheAvailableRuleslistandclickAdd.
ConfiguretheparametersfortheselectedruleandclickOK.
MaximumServerLoad
Whencreatingacustomloadevaluator,thefullloadthresholdvalueshouldbesetbelowthe
valuedetermined
as
the
maximum
sever
load.
Todeterminethemaximumserverload,anadministratormustfirstdeterminethebaselineand
peakvaluesforkeymetricsontheserver.
SharingInformationAcrossZones
Bydefault,adatacollectordoesnotcommunicatetheloadinformationtootherdatacollectors
intheserverfarm.
Iftheadministratorwantstoshareloadinformationacrosszones,theShareloadinformation
acrosszonesoptionmustbeselectedintheserverfarmpropertiesofthePresentationServerConsole.
-
8/9/2019 Study Guide Microsoft
34/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
31
ConfiguringPrinting
TypesofPrinting
Inclientlocalprinting,theprintjobspoolsfromthePresentationServertotheclientdeviceand
then
to
the
client
local
printer.
Inclientnetworkprinting,theprintjobspoolsfromthePresentationServertotheclientdevice
ornetworkprintserver,dependingonthepolicyconfiguration,tothenetworkprintserverand
thentothenetworkprinter.
Inservernetworkprinting,theprintjobspoolsfromthePresentationServertothenetwork
printserverandthentotheprinter.
Inserverlocalprinting,theprintjobspoolsfromthePresentationServertotheserverlocal
printer.
ImportPrintServer
Toimportaprintserver:
InthePresentationServerConsole,rightclickPrinterManagementandclickImport
NetworkPrintServer.
IntheNetworkPrintServerdialogbox:
TypethenameorIPaddressoftheprintserverintheServerfield.
Typeauseraccountnamethathasaccessrightstothespecifiedprinterinthe
ConnectedAsfield.
TypethepasswordfortheuseraccountinthePasswordfield.ClickOK.
PrinterPolicyRules
Autocreateallclientprintersautomaticallyconnectsalltheprintersonaclientdevice.
Always
connect
indirectly
as
a
client
printer
routes
print
jobs
through
the
client
device,
where
it
isredirectedtothenetworkprintserver.
DatasenttotheclientdeviceiscompressedusingtheICAprotocol;therefore,less
bandwidthisconsumedasthedatatravelsacrosstheWAN.
Applyingaprinterbandwidthpolicyallowstheadministratortocontroltheamountofmaximum
bandwidthinkilobytespersecondthatmaybeusedforprinting.
-
8/9/2019 Study Guide Microsoft
35/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
32
Thiswillfreeupsomebandwidthforotherresources,includingapplications,usingtheWAN
link.
BycreatingapolicywithAutocreateclientsdefaultprinteronly,logontimeswillbespedup
becausetheclientdeviceswillnolongertrytoconnecttoandautocreatenetworkprint
devices.
LegacyclientprintersenablestheuseofoldstyleclientprinternamesasusedbyTerminal
ServicesorPresentationServer3.0orearlier.
Autocreationenablestheuseofautocreationofall,local,defaultornoclientprinters.
Printerpropertiesretentioncontrolswhetherornotprinterpropertiesarestoredontheclient
deviceortheuserprofileontheserver.
PrintjobroutingcontrolswhetherornotnetworkprintjobsflowdirectlyfromPresentation
Serverto
the
print
server
or
take
an
extra
step
and
are
routed
back
through
the
client
device.
WhentheruleisconfiguredtoConnectdirectlytonetworkprintserverifpossible,the
printjobsarerouteddirectlyfromthePresentationServertothenetworkprintserver.
IfAlwaysconnectindirectlyasaclientprinterisconfigured,printjobsareroutedthrough
theclientdeviceviatheICAprotocolandredirectedtothenetworkprintserver.
Turnoffclientprintermappingdisablesthemappingofallclientprinters.
Sessionprintersallowsanadministratortocontroltheassignmentofnetworkprinters.
Administratorscanassignthedefaultprinteraswellasdesignatetheconnectiontonetwork
printersbasedonthedesiredpolicyfilter.
ThepolicycanbeconfiguredbyIPaddress.
Forexample:TheIPrangeofthecomputersoneachfloorofabuildingcanhavea
differentpolicysowhenauserisonthefifthfloortheywillhaveaccesstothefifthfloor
printersandwhentheyhavetomovetofloortwo,theywillhaveaccesstothesecond
floorprinters.
PrintDrivers
Beforeaprintercanbeused,aprintdrivermustbeinstalledonthePresentationServer.
Toadd,removeandreinstallprintdriversonaserver,andadministratorcanusetheDrivers
utilityonaWindowsServerbygoingtoPrintersandFaxes>File>ServerProperties>Drivers
Utility.
-
8/9/2019 Study Guide Microsoft
36/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
33
PrintDriverReplication
Inordertomaketheprintdriveravailableonotherserversintheserverfarmanadministrator
canleverageprintdriverreplicationtodeploytheprintdivertoallmemberservers.
Printdriverreplicationrequiresthatthedriverbeinstalledandavailableononeserverperbase
operatingsystem.
Thedriverreplicationprocesscantakeaconsiderableamountoftimeandrequiresasubstantial
amountofsystemresources.
Becauseoftheseresourcerequirements,thereplicationshouldbeperformedduringoffpeak
hourswhenhigherprioritytrafficisnotimpacted.
AnautoreplicationlistiscreatedusingthePresentationServerConsole.
Ifaserver
is
added
to
the
server
farm
that
does
not
have
the
print
driver
detected,
the
driver
is
installed.
Tocreateadriverautoreplicationlist:
ExpandthePrinterManagementnodeinthePresentationServerConsole.
RightclickDrivers.
SelectAutoreplication.
In
the
Auto
replication
dialog
box,
select
the
appropriate
operating
system
platform
from
theplatformdropdownlist.
ClickAddtoaddaprintdrivertoreplicatefortheselectedplatform.
SelecttheappropriatesourceserverintheServerdropdownlist.
Ifnospecificsourceisrequired,theAnyoptioncanbeusedtolistallprintdrivers
availableonallserversinthefarm.
SelectOverwriteexistingdriversifdesired.
ClickOK
in
the
confirmation
if
Any
was
chosen
as
the
source
server.
ClickOKintheAutoreplicationdialogbox.
ClickOKinthereplicationqueueconfirmationmessage.
UniversalPrintDriver
-
8/9/2019 Study Guide Microsoft
37/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
34
Benefitsoftheuniversalprintdriverinclude:
Theenhancedmetafileformatwhich:
Reducesthesizeofsomeprintjobs.
Allowsjobstoprintfaster.
Allowsuserstosetprinterpropertiesandpreviewdocumentsreadyforprinting.
Reducesloadontheserver.
BandwidthandCPUprocessingaresaved.
Reducesdelayswhenspoolingoverslowconnections.
Avoidsmore
problems
in
adiverse
environment.
Limitstheinstallationandduplicationofprintdriversonservers.
Ensuresthatclientprintersautocreateregardlessofprintdriveravailabilityontheserver.
Minimizeshelpdeskcalls.
Enablesuserstoprinttoalmostanyprinter.
Redirectsclientprintersonly.
ByenablingtheUniversaldriverruleUseonlyprintermodelspecificdrivers,theadministrator
makessurethatonlythemanufacturersdriversareused.
ByselectingtheUseuniversaldriveronlyiftherequesteddriverisunavailablerule,an
administratormakessurethatthereisalwaysadriveravailable,whetheritsthemanufacturers
driverortheuniversaldriverbyallowingtheprinterstofirsttrytousethemanufacturers
drivers,butiftheyarenotavailable,theuniversaldriverwillbeafallback.
NativeDrivers
Bynotallowingnativeprintdriverstoautomaticallybeinstalledfromautocreatedprinters,
administratorscanmakesurethatnoroguedriversmakeitintothefarm.
Byusingaprintdrivercompatibilitylist,administratorscancontrolwhichdriversareallowedin
thefarm.
-
8/9/2019 Study Guide Microsoft
38/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
35
Ifanadministratorknowsthedriversthatareallowed,butdoesntknowwhichdriversmighttry
toinstalllater,theadministratorcanselectAllowonlydriversinthelistandaddtheknown
acceptabledriverstothelist.
ThepolicyNativedriverautoinstallcanbesettotheruleInstallWindowsnativedriversas
needed.
Thatallowsthemanufacturersprintdriverstobeusedinthefarm.
PrinterMappings
PrintermappingscanbemanagedusingthePresentationServerConsoleorinaneditablefile
namedWTSUPRN.INF.
Note:TheWTSPRNT.INFfileliststheprintermappingsmadeusingthePresentationServer
Consoleandshouldnotbeedited.
PrinterCreation
Withsynchronousprintercreation,printerscreatebeforetheusershaveaccesstointeractwith
andusetheirsessions.
Shouldbeusedwhenapplicationsrequireallprinterstobecreatedfirstorwhen
applicationsrequireastableprintingenvironment.
Theusersmustwaitforallprinterstocreateinthebackgroundbeforetheycanperformany
activities.
Withasynchronousprintercreation,printerscreateinthebackgroundwhiletheusershave
controlofandareusingtheirsessions.
Thisminimizestheamountoftimeittakesfortheuserstobeginusingtheapplicationand
doesnotimpacttheusersbecausesomeapplicationactivityusuallyoccursbeforeprinting.
PrinterBandwidth
Printerbandwidthcanbelimitedonaperserverbasisthroughserverpropertiesorwithapolicy
rule.
PrinterAutoCreation
Insomeinstances,itmightbepreferabletonotautocreateclientprinters.Inthiscase,an
administratorcanusetheTurnoffclientprintermappingruletoautocreateonlynetwork
printersorprintersconnecteddirectlytotheserver.
-
8/9/2019 Study Guide Microsoft
39/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
36
ByusingtheruleAutocreatelocalclientprintersonly,onlytheprintersconnecteddirectlyto
theusersclientdevicethroughanLPTorotherlocalportwillbeautomaticallyconnected.
Enablingthissettingensuresanynetworkprintersdefinedontheclientdevicearenotauto
createdwithintheICAsessionandlogontimeswillbereducedforthosewhohaveseveral
networkprintersconfiguredontheirclientdevice.
SmoothRoaming
SmoothRoamingallowsausertodisconnectfromoneICAsessionandreconnectfromanother
devicetocontinuethatsamesession.
PrintDriverCompatibilityList
Theprint
driver
compatibility
list
allows
an
administrator
to
control
print
drivers
available
to
users.
Duringuserlogon,nativedriversarepermittedandtheautocreatedprintersarechecked
againstthelistofallowedordeniedprintdrivers.
Aprintdrivermappinglistresolvescompatibilityissuesbetweenprintdriversthathavedifferent
namesforthesameprinterondifferentserveroperatingsystems.
EnablingWeb
Access
to
Published
Applications
and
Content
WebInterfaceCommunication
WhenauserlogsintotheWebInterface,theWebInterfaceforwardsthelogoncredentialsto
theCitrixXMLServiceonthePresentationServer.
TheCitrixXMLServiceretrievesalistofapplications(theapplicationset)thattheusercan
accessbasedonthesuppliedcredentials.
WebInterfaceBrowsing
ThefollowingbrowserscanlogontotheWebInterface:InternetExplorer5.x,6.x,and7.0;
Safari2.0;Firefox1.x;Mozilla1.x;Netscape7.0.
ConfigureWebInterface
-
8/9/2019 Study Guide Microsoft
40/46
-
8/9/2019 Study Guide Microsoft
41/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
38
Tomakesureusershavetoentertheirusernameandpasswordeverytimetheyconnect,
Explicitmustbeselectedforauthentication.
TouseRSASecurID(orSafeWord),twofactorauthenticationmustbeconfigured.
WorkspaceControl
Inordertouseworkspacecontrol:
ClientdevicesmusthavetheClientforWindows8.xorlater.
PresentationServermustbeinstalledandconfigured.
WebInterfacemustbeinstalledandconfigured.
Thefollowingaresomeofthefunctionalityofworkspacecontrol:
CanonlyreconnecttoexistingsessionsonPresentationServers.
Cannotreconnectanonymoususerstoapplicationsaftertheydisconnect.
PromptssmartcardusersfortheirPINsforeachreconnectedsessionwhenpassthrough
authenticationwithsmartcardsisnotenabled.
RequiresthattheWebInterfacebesettooverridetheclientnamesettingintheManage
sessionpreferencestask.
Workspace
control
functions
are
disabled:
IftheWebInterfacedetectsthatitisbeingaccessedfromwithinaclientsession.
Ifpassthroughorsmartcardauthenticationmethodsareusedandnotrustrelationship
existsbetweentheWebInterfaceserverandthePresentationServers.
Anadministratorcanconfigureworkspacecontrol:
Toprovideautomaticreconnectionduringlogon.
Provideautomaticreconnectionafterlogon,logoffallsessionswhenauserlogsofffrom
theWeb
Interface
site.
AllowuserstocustomizetheWebInterfacesite.
Whenconfiguringworkspacecontrol,anadministratorcanchoose:
Automaticreconnecttosessionwhenuserlogsinprovidesautomaticreconnectionduring
logon.
-
8/9/2019 Study Guide Microsoft
42/46
-
8/9/2019 Study Guide Microsoft
43/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
40
IntheAccessManagementConsole,expandtheWebInterfacenode.
ClickthedesiredAccessPlatformSitenode.
ClicktheConfigureauthenticationmethodstask.
ClickProperties.
ClickDomainRestrictionintheleftpaneoftheAccessPlatformauthenticationmethods
properties.
ChooseRestrictdomainstothefollowingdomains.
Addthedomainsthatareallowedaccess.ClickOK.
CitrixPasswordManagerIntegration
TointegrateCitrixPasswordManagerintotheauthenticationoftheAccessPlatformsite:
IntheAccessManagementConsole,expandtheWebInterfacenode.
ClickthedesiredAccessPlatformSitenode.
ClicktheConfigureauthenticationmethodstask.
ClickProperties.
Click
Account
Self
Service
in
the
left
pane
of
the
Access
Platform
authentication
methods
properties.
IntheAccountSelfServicewindow,youcanchoosetoenablepasswordresetorallow
accountunlock.
Toonlyallowuserstochangetheirpasswordwhenitexpires,Allowuserstochange
passwordmustbeconfiguredforOnlywhenitexpiresinthePasswordSettings
window.
ClickOK.
DMZSettings
Directaccessistypicallyconfiguredinsituationswhereinternalusersconnectfromtrusted
environments,suchasacorporateintranet,andthereisnoneedtokeeptheaddressofthe
PresentationServerprivate.
-
8/9/2019 Study Guide Microsoft
44/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
41
AlternateaccessisconfiguredinsituationswheretheIPaddressofthePresentationServermust
bekeptprivatefromusers.
AnadministratormustconfigurePresentationServertouseanalternateaddressbyusing
theALTADDRcommand.
Ifmultipleserversarebeingusedtoprovideapplicationaccess,translatedaccesswouldbe
used.
TranslatedaccessisconfiguredinsituationswheretheIPaddressofthePresentationServer
mustbekeptprivatefromusersandmultipleserversintheserverfarmareusedtoprovide
applicationaccess.
Whenafirewallisused,WebInterfacemustbeconfiguredwiththeappropriateIPaddressin
theclientfiles.
SecuringAccesstoPublishedApplicationsandContent
SecuringCommunication
ICAencryptionguardsagainstthethreatofeavesdroppingbysecuringtheinformationsent
betweentheclientdeviceandPresentationServer.
AvailableinBasic,RC5(128bit)logononly,RC5(40bit),RC5(56bit)andRC5(128bit).
IsconfiguredinPresentationServerpoliciesorpublishedapplications.
CitrixSSLRelaycansecureendtoendcommunicationbetweenclientdevicesandPresentation
ServersusingencryptionandcommunicationswithserversthathosttheXMLServiceinsmall
environments.
CanbeusedtosecurecommunicationbetweentheWebInterfaceserverandPresentation
Server.
ProvidesendtoendencryptionofICAcommunicationsbetweenclientdevicesand
PresentationServerandXMLcommunicationsbetweenWebInterfaceandPresentation
Server.
WhenSSLRelayisused,anadministratorcanconfigurewhichciphersuiteswillbeused.
Aciphersuiteisanencryption/decryptionalgorithm.
PresentationServer,bydefault,providesCOMandGOVciphersuites.
ToconfigureSSLRelay:
-
8/9/2019 Study Guide Microsoft
45/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts.
ThemosttrustedwebsiteforCitrixcertificationpreparation,Citrixxperience.com
42
ObtainandinstallauniqueservercertificateoneachPresentationServer.
InstallarootcertificateoneachclientdeviceandWebInterfaceserver.
Configuretherelaycredentials,connectionsandciphersuitesusingtheSSLRelay
Configurationtool.
RestartthePresentationServers.
SecureGatewaycansecurelargeserverenvironmentsandprovideInternetaccesstoserversin
aserverfarmwithasinglepointofencryption,theinternalIPaddressesofservershiddenand
twofactorauthenticationsupportthroughWebInterface.
WebInterfaceandSecureGateway
Toconfigure
aWeb
Interface
site
to
work
with
Secure
Gateway:
IntheAccessManagementConsoleclicktheManagesecureaccesstaskandclickEdit
gatewaysettings.
TypetheFQDNoftheSecureGatewayserverintheAddress(FQDN)field.
Configuresessionreliability.
ConfiguretheSTAsettings.
Click
OK.
DMZSettings
InasinglehopDMZdeploymentofSecureGateway,aservercertificatemustbeinstalledon:
TheSecureGatewayServer
TheWebInterfaceServer
ThePresentationServer
Arootcertificatewillbeinstalledon:
SecureGateway
WebInterfaceServer
Clientdevice
-
8/9/2019 Study Guide Microsoft
46/46
VisitCitrixxperience.comformoreCitrixcertificationpreparationproducts. 43
GatewaydirectsendstheactualaddressofthePresentationServertotheSecureGateway.
GatewayalternatesendsthealternateaddressofthePresentationServertotheSecure
Gateway.
GatewaytranslatedusestheaddresstranslationmappingsintheWebInterfacetodetermine
whichaddressissenttotheSecureGatewayserver.
GatewaytranslatedusestheaddresstranslationmappingssetintheWebInterfaceto
determinewhichaddressissenttotheSecureGatewayserver.
ThissettingisusefulwhentheaddressandportofthePresentationServeraretranslatedat
theinternalfirewall.
ToconfigureGatewaytranslation:
Inthe
Access
Management
Console
click
the
Manage
secure
client
access
task
and
click
Edit
DMZsettings.
ConfiguretheclientroutebychoosingAddanewclientroute,Editanexistingclientroute
orRemoveanexistingclientroute.
SelectTranslatedastheaccessmethod.
ClickManagesecureclientaccessinthetaskpaneandclickEditaddresstranslations.
ClickAdd.
ConfiguretheinternalandexternalIPaddresstranslationmappingsbyselectingClientroute
translation,GatewayroutetranslationorClientandGatewayroutetranslation.
TypetheinternalIPaddressofaPresentationServerintotheInternalIPaddressfield.
TypetheinternalportnumberofaPresentationServerintotheInternalportfield.
Typethetranslated(external)IPaddressorhostnamethatclientdevicesmustuseto
connecttoaPresentationServerintotheExternaladdressfield.
TypetheexternalportnumberofaPresentationServerintotheExternalportfield.Click
OK.