SLAC Remote Access and Citrix XPe

1
SLAC Remote Access and Citrix XPe

• Brian Scott
• SLAC
• May 2004

2
Windows Remote Access Solutions

• Citrix
• Allows access to a full Windows desktop and/or
  various applications
• VPN/PPTP
• Provides encrypted tunnel between remote system
  and SLAC internal network
• Remote Desktop Protocol
• Unencrypted access to Windows XP system
• Requires use of VPN before using RDP

3
File Access

• Citrix provides access to all internal resources
  to which you have permissions
• VPN access available to central Windows file
  servers
• No longer allowing access to Windows file sharing
  to desktops via VPN

4
E-mail

• Microsoft Outlook access available via several
  mechanisms
• Citrix (full thick client access)
• Outlook Web Access (OWA), new version coming with
  Exchange 2003 migration this summer
• Old version https//www-mail.slac.stanford.edu
• New version coming soon
• VPN and use of Outlook thick client

5
Citrix XPe

• April 2004 - Finished rollout of Citrix XPe farm
• Farm running Windows 2000 with Citrix XPe
• Support for Windows Systems and Linux (private
  build to support Secure ICA over SSL)
• 900 accounts
• May 2004 - Shutdown Citrix Metraframe 1.8 farm
• Farm ran Windows NT TSE with Citrix Metaframe 1.8

6
Secured Communication Protocols

• 128-bit SSL encryption.
• Initial communication between Web Portal servers
  (Citrix MetaFrame NFuse) client.
• Subsequent communication between Application
  servers (Citrix MetaFrame Presentation server)
  client.
• Citrix SSL Relay Service.
• Server-to-server communication.
• Citrix Secure ICA - RSA RC5 128-bit encryption.
• ICA session between Application servers client.
• Enforceable to client as minimum requirement.

7
Redundancy within Citrix Servers

• 2 Citrix NFuse Web Portal servers.
• http//slaccitrix1.slac.stanford.edu
• http//slaccitrix2.slac.stanford.edu
• 2 Independent Management Architecture (IMA)
  Citrix Control servers.
• N2 Citrix Presentation servers in excess of peak
  capacity in Silo-1 (General Apps).
• N2 Citrix Presentation servers in excess of peak
  capacity in Silo-2 (Restricted Apps).

8
2 Silos

• Silo 1
• The purpose of the Silo1 servers is to provide
  access to the common set of applications to all
  SLAC Citrix users.
• Silo 2
• The purpose of Silo2 is to provide metered access
  to applications with certain licensing
  restrictions. For example Certain applications
  are only licensed to be run by members of certain
  SLAC departments. Other applications are only
  licensed to be executed by a limited number of
  concurrent users.

9
Server Configuration

• Web Portal Servers
• The Web servers host the Web Interface for Citrix
  MetaFrame XP. The Web interface consists of Java
  objects and Web server-side scripts that reside
  on the web servers.
• Citrix SSL Relay
• The Citrix SSL Relay is a service that runs on
  the MetaFrame XP servers and secures
  communications between the Web portal servers,
  the IMA servers, the MetaFrame XP application
  servers and ICA client PCs.
• IMA Servers (Data Collectors)
• The data collectors manage server farm dynamic
  data and client enumeration/resolution.
• MetaFrame XP server farm administrator
  permissions
• Citrix MetaFrame XP product licenses
• MetaFrame server configuration settings
• Published application configuration settings
• Application load balancing configuration settings
• Printer management information settings
• MetaFrame XP server farm policies
• MetaFrame Resource Manager configuration settings
• Citrix Installation Manager settings
• MS SQL Server
• Data store for IMA servers
• WTS Licensing Server
• The WTS Licensing service on the AD domain
  controllers is responsible for providing WTS
  licensing tokens for WTS clients (including ICA
  client PCs).

10
(No Transcript)
11
(No Transcript)
12
(No Transcript)
13

• CITRIX DEMO