MetaFrame XP for Windows,
Feature Release 2
Technical Features Presentation
June 4th, 2002
Douglas A. Brown, Systems Engineer, Northern California
Copyright ©2002, Citrix
Reference Sites
• Good sites to check
•Citrix Developer Network
•http://www.citrix.com/cdn
•Yahoo Group
•http://groups.yahoo.com/group/citrixwest
•Doug’s Site
•http://www.dabcc.com
•Rick’s Site:
•http://www.tweakcitrix.com
Things To Know
• MF XP FR2 will support Windows 2000 Server,
Advanced Server, and Datacenter Server
• MF XP FR2 and future releases will not support
Windows NT 4.0 TSE.
Q:
A:
Q:
A:
What will our TSE users run?
They can still install up to MF 1.8 FR1 and MF XP FR1.
What about Service Pack 2 for TSE?
If needed we will release one separately later.
• MF XP FR2 will include:
 NFuse Classic 1.7
 Enterprise Services for NFuse 1.7 (XPe users only)
 Citrix Secure Gateway 1.1
• MF XP FR2 includes everything in FR1
What’s New in FR2?
Features at a Glance

















Enhanced CMC and CWC
Delegated Administration
User Policies
User-to-User Shadowing
Smart Card Support
Enhanced Content Publishing
Content Redirection
Enhanced System Monitoring & Analysis
Enhanced Application Packaging & Delivery
Username Session Reconnect
Enhanced Printer Support and Management
TLS Encryption
Enhanced Internet Proxy Support
Windows Installer Support
Microsoft Certifications
IBM DB2 Support
Enhanced MF and NFuse SDKs
Product Licensing
 FR2 licensing same as FR1 - all delivered via web
 Packaging only contains XP licenses
 New 2-user license developed - cannot add bumps delivery TBD
 Login popup for NFR connections
 Popup when XP migration licenses added warning of
need for XP base licenses
 Popup when FR licenses added warning of need for
XP base licenses
5
Product Packaging
 One CD Pack for all products SKUs
 Composed of three CDs
•
Windows 2000 “Server CD” for XP FR2


•
Windows TSE “Server CD” for XP FR1





•
Integrated XPs, XPa, and XPe Installation at FR2 Level, or
Applies FR2/SP2 to existing MF servers
XP
RM
IM
NM
FR1/SP1
“Components CD”




ICA Clients 6.30
NFuse Classic 1.7
Enterprise Services for NFuse
Citrix Secure Gateway 1.1
 EVAL and NFR
•
•
6
Contain two XP server/connection combo licenses in order to install two servers
FR1 and FR2 licenses obtained on-line just like retail product
Software Installation
 FR2/SP2 requires a min of SP1 on other servers in the farm
 Server Drive Re-mapping as separate auto-run utility before
install
 Added Installation Checklist to auto-run
 No licenses added during installation since licenses install to
farm
 Product Code set during installation since each server requires
one
 Upgrade/Add components via Windows Add/Remove Programs
 Demo of installation:
(Warning! Do not click Finish at end, but Cancel instead.)
7
Windows Installer Support
Description
Administrators can leverage the Microsoft Windows
Installer technology to automate the installation of
MetaFrame XP and related components:
 MetaFrame XP with FR2





Citrix Management Console
Citrix Web Console
Enterprise Services for NFuse 1.7
Citrix Secure Gateway 1.1
NFuse Classic 1.7
 Windows 32 ICA Client - both PN and PN Agent
(Previously released with FR1)
Note: MSI 2.0 is now required, and included on installation CDs
8
Enhanced CMC
Overview
Citrix Management Console has been enhanced to provide better
integration with Active Directory, pass-through authentication during
logon and ticketing to maintain confidentiality of authentication
credentials. User search and filtering functionality added.
Benefit
Citrix administrator credentials
are no longer passed over the
wire. Active Directory
structures such as Organization
Units are now represented in the
console tree, allowing for easier
administration and improving
object enumeration speed.
9
Enhanced CMC
Single Sign-On
This feature provides a mechanism for Citrix Administrators to log in to a
MetaFrame farm with the CMC using the credentials of the local user. This
will improve the user experience by eliminating the need to enter credentials
before logging in to a Citrix farm. This feature also employs ticketing, hence
authentication credentials will not pass over the wire.
Methods to Enable:
10
1.
Upon first use of CMC via popup dialog.
2.
Already in CMC via user preferences.
3.
Command line argument:
ctxload /PTA: <servername>
This will let admins create desktop
shortcuts to multiple farms.
Enhanced CMC
Active Directory Integration
The “Add User” interface of the CMC now better reflects the hierarchical
relationships of the Active Directory OU structure. This allows for:
•
•
11
Improved usability by better user object organization.
Faster enumeration because all user objects are not
enumerated until their host container is expanded.
Enhanced CMC
Search & Filtering
In any user session list, the administrator
can filter by username or by application
name. This includes basic column sorting,
and more advanced “match” filtering.
Given a user name, the administrator can
search for printers, applications, and
policies that are assigned for that user.
12
Delegated Administration
Description
Create specialized Citrix
administrators to handle specific
areas of MetaFrame administration
such as managing printers,
published applications, or user
policies.
Benefit
Members of an IT staff can be
granted access to various
MetaFrame XP administrative tasks
without being granted permissions
to make non-authorized
configuration changes. Allows for
better modeling of Citrix admins to
the IT organization.
13
Delegated Administration
Configuration
1. Citrix admins may be specific
account authority users or
user groups.
2. Three type of admins: View
Only, Full Administrator, and
Custom.
3. The first CMC admin added
during installation is a “full”
admin. This user may then
create “custom” admins.
4. The “Select Tasks” window is
reached during new admin
creation or by viewing an
admin’s properties.
5. During creation or at any time
afterward, an admin’s account
may be enabled/disabled.
14
Delegated Administration
Managing Tasks
1. If given the proper view permissions, “custom” admins
may be configured such that they may not make any
edits, but may still view the tasks of other admins to
locate an admin who has authority over a particular task.
2. If a CMC Administrator changes the permissions of a user
who is currently logged in to the CMC, a dialog will inform
the user that their permissions have changed and they
will be logged out.
3. Using User Policies, admins may restrict which users can
log into to the CMC.
4. If a user is a member of two groups, and each group is
given a set of delegated administrative tasks, the
resultant set of administrative tasks for the user will be
the union of the sets given to both groups.
15
Delegated Administration
Licensing
• When a “FR2 CMC” connects to a farm that has at least one server
that is set to FR2 level, then all the new Delegated Admin
functionality will be enabled. If there is not at least one server that is
set to FR2, then the CMC will not display the new FR2 functionality.
Backwards Compatibility
• “FR2 CMC” to “FR2 Server” — All functions normally.
• “FR2 CMC” to “SP1 Server” — Full admins will function normally,
custom admins will be view-only (both at FR2 functionality).
• “FR2 CMC” to “XP 1.0 Server” — Full admins will function normally,
custom admins will be view-only. (both at XP 1.0 functionality)
• “Old CMC” to “FR2 Server” — The old CMC is not aware of “custom”
admins. “Custom” admins will not be able to log on. Additionally,
when “full” admins enumerate users in the CMC, “custom” admins
will be shown as “view only” admins.
• “Old CMC” to “Old Server” — When an old CMC connects to an old
server in a mixed farm with both new and old servers, “custom”
admins are treated as “view only” admins.
16
User Policies
Description
Apply MetaFrame XP settings to
users or user groups, rather than to
the farm, servers, or applications.
Benefit
Gain the flexibility to configure
MetaFrame XP settings, such as
drive mapping, time zone settings,
printing and shadowing, for specific
users and groups.
17
User Policies
Creating Policies
1. New “Policies” node added to CMC.
2. You may edit, rename, prioritize, enable/disable, and assign
users/groups to each policy.
18
User Policies
Assigning Users and Groups
3. The admin may allow any user/group in the configured list to
abide by, or be exempt from the particular policy they are
assigned to.
19
User Policies
Configuring Policy “Rules”
4. Note that when multiple policy rules apply to a user with
overlapping settings, the Priority dictates the results, but a
setting of “Not Configured” will not override a setting in a
lower priority policy.
20
User Policies
Overriding Settings
5. User Policy settings override all other Citrix and Terminal Services
settings, including those found in the ICA Client, Citrix Connection
Configuration, farm-wide CMC settings, User Manager, and Active
Directory policies. (This is not true for every setting, need to add
details.)
21
User Shadowing (Collaboration )
Description
One or many users may shadow a
single user. Shadowing is not just
for administrators any more.
Benefit
Saves time and money by allowing
users to view and modify the same
content from disparate locations.
Also provides for "teacher/student"
and "presenter/attendee"
functionality.
22
User Shadowing
Configuration
23
1.
This feature is based on Windows
security, so it will not work for NDS
users.
2.
User Shadowing is one of the property
settings of a User Policy.
3.
“Shadowers” are those who are given
permission to view the sessions of
“shadowees”.
4.
Those assigned to the policy are the
“shadowees”. Inside the policy,
“shadowers” are specified.
5.
Example: Create a policy called
“Shadow by Legal” and within its
properties specify the user group for
the Legal department. Users assigned
to this policy may then be shadowed by
the users in the Legal department.
6.
Note: Do not set server shadowing
settings during installation more
restrictive than this policy.
User Shadowing
Use Case
24
1.
Users may shadow one another by using the Shadow Taskbar. It is
recommended that the Shadow Taskbar (wshadow.exe) is published as a
seamless application for user access.
2.
Users will only be able to enumerate users to which they have permission to
shadow.
Smart Card Support
Description
Provide secure access to
applications and data using smart
card technologies. Smart cards
can also be used with NFuse and
the Program Neighborhood Agent.
Benefit
Simplifies the authentication
process while enhancing logon
security. Support for smart card
authentication to published
applications, as well as support for
"smart card enabled" applications
such as Microsoft Outlook.
25
Smart Card Support
Design
• An ICA Smart Card Virtual Channel has
been developed.
• All calls, either from WinLogon or
Applications to the PC/SC (more
specifically the winscard.dll) on the
server are redirected to the PC/SC on
the client device.
• PC/SC is provided by Microsoft with OS.
CSP and drivers provided by smart card
vendors.
• CSP is required on server and ICA Client
device. (the only scenario in which it is
not required on the ICA Client is when
PN is used without pass-through
authentication for 2000 and XP).
• Do not require hardware reader on
server during installation of CSP if you
omit the reader driver portion of the
installation.
SERVER
APP
CLIENT
WinLogon
CSP
PC/SC
APP
WinLogon
CSP
ICA VIRTUAL CHANNEL
PC/SC
DRIVER
READER
26
Smart Card Support
ICA Client Requirements
• Windows 32 (by default PC/SC code comes with Windows XP
and 2000 OS only, must obtain PC/SC for NT 4.0, ME, 98, and 95
from smart card vendor)
• Windows-based terminals only (which have a PC/SC available)
– Wyse has a solution available
• Linux ( PC/SC publicly available)
Smart Card Requirements
• PC/SC-based smart cards only are supported (95% of current
market). Java-based cards are not supported.
• MetaFrame intercepts calls to the PC/SC (Winscard) interface
only. Specifically, PKCS #11 is not supported (RSA’s smart
card std.)
• USB, COM, and PCMCIA smart card readers have been tested
• An OEM White Paper is available for smart card vendors to
develop their solutions for MetaFrame environments.
27
Smart Card Support
Configuration
Windows 2000 supports two policy settings for interactive logon to a session.
ICA sessions will utilize these policies:
• Require smart card for interactive session logon – This policy is a peruser policy that requires the user to use a smart card for authentication.
• Smart-card removal policy – This policy is a local-machine policy that has
three possible settings (these have no affect if regular credentials were used
for authentication):
• None (no affect)
• Lock Workstation (disconnects all MetaFrame sessions).
• Log-off Session (logoff all MetaFrame sessions).
By default MetaFrame XP FR2 installation will allow server logins to be
authenticated with smart cards (calls from WinLogon and LSASS are captured
and redirected).
In order to use smart cards within applications, you need to capture calls from
specific executables (e.g. OUTLOOK.EXE). This is accomplished with a new
smart card command-line utility (sccongif.exe).
28
Smart Card Support
Configuring a Certificate Authority
(1) Set up the certificate authority
Set up a Microsoft certificate authority. If more scalability is required, you may set up additional
certificate authorities.
Reference: "Step-by-Step Guide to Setting up a Certification Authority" at
http://www.microsoft.com/WINDOWS2000/library/planning/security/casetupsteps.asp
(2) Prepare certificate authority to issue smart card certificates
This step involves setting proper security permission on the Smart Card Logon and the Enrollment
Agent certificate templates on the certificate authority.
Reference: See Windows 2000 help that is installed as part of the OS, under the topic
\Welcome\Security\How to...\Authenticate with Smart Card\Administer Smart Cards
(3) Prepare smart card certificate enrollment station
In this step an Enrollment Agent certificate is obtained for the administrator who will be enrolling
smart cards on behalf of users.
Reference: "Step-by-Step Guide to Installing and Using a Smart Card Reader" at
http://www.microsoft.com/WINDOWS2000/library/planning/security/smartcard.asp
(4) Set up smart card for user
This step involves assigning a user certificate(s) to the smart card. The references above are good
sources on how to go about doing this. Also, perform a search for “smart card” on the
www.microsoft.com website.
29
Smart Card Support
Auto Client Reconnect
Auto client reconnect works with smart card credentials, just as it works
with username/password credentials. The user must have the same
smart card inserted into the reader as was used to login to the session
before the disconnect occurred.
Roaming User Reconnect
In general this feature is supported by the PN, PN Agent, and NFuse
clients interfaces. When smart cards are used, Roaming User
Reconnect only works with PN Agent and NFuse.
30
Enhanced Content Publishing
Description
Administrators may now configure
"Content Publishing" to open
published content with a serverbased application. (Originally
released in FR1 with ability to
launch only a local application.)
Benefits
• Content published by administrators may
now be opened with a published application.
• Applications do not need to be present on
the client device, and content does not need
to be downloaded to the client.
• Allows “browser only” devices that do not
have local applications to utilize "Content
Publishing".
31
Enhanced Content Publishing
Configuration
When MetaFrame publishes applications they will be associated with
a collection of file extensions and mime types. When any published
content of a type associated with a published application is launched
from NFuse, the published application will be launched with the
content.
There are no configuration file settings required for this feature.
There is no ability to prevent published content from being launched
on MetaFrame.
ICA Client Requirements:
• NFuse with any ICA Client
• PN Agent from the Windows 32 ICA Client
32
Content Redirection
Description
Open content, whether stored locally or remotely, with
either local or remote applications.
Benefits
• Administrators can specify whether local or remote
applications are used to open content.
• Allows for the appropriate application to be launched to
better meet the needs of the user.
• Provides flexibility when considering application
installation and content storage locations.
• Allows administrators to leverage local applications or
multimedia players to offload MetaFrame server resources.
Implementation
There are two flavors of Content Redirection:
• From Client to Server
• From Server to Client
33
Content Redirection
Content Redirect from Client to Server
When using a local application, accessed content may be opened using a
published application.
Published
Acrobat
Example:
A user is using a local
application (e.g. Outlook,
IE, Word, Explorer) and
Local Application
clicks on a PDF file to
(Outlook, Word, IE)
open it. But the client
SERVER
device does not have
Acrobat Reader, hence
normally an error would
occur. With this feature,
however, a published
Acrobat Reader
application will launch
and the PDF will open.
CLIENT
34
Acrobat content
located anywhere
Content Redirection
Content Redirect from Client to Server (cont.)
Administrator must publish the server application to the user and configure
the FTA screen that has been added to the Published Application Wizard.
A tab added to the CMC Farm node shows in a single location all of the file
types that published applications are associated with.
35
Content Redirection
Content Redirect from Client to Server (cont.)
For this feature to work, the client device must have the file type association
table downloaded to it from the servers in the farm. The only client interface
which supports this functionality is PN Agent. As PN Agent periodically
checks for new published applications, the FTA information for each
application is downloaded into the client OS registry.
ICA Client Requirements:
• PN Agent from the Windows 32 ICA Client
• Client Drive Mapping must be enabled on the client and server so that the
server may access the content.
36
Content Redirection
Content Redirect from Server to Client
When using a published application, Web and multimedia links may be
opened using a local application.
Published Application
(Outlook, Word)
with URL Link
Example:
A user is using a
published application
(e.g. Outlook, Word) and
clicks on a URL link to
Local
open the content. But
Application
SERVER
rather than opening the
(IE or Player)
link with IE on the server,
the local IE on the client
device launches and the
URL is opened.
CLIENT
37
Web Page
Content Redirection
Content Redirect from Server to Client (cont.)
The ability to intercept a URL link inside a MetaFrame session and play it in a local
player will be controlled on the server side via the CMC. It can be enabled on a
farm-wide basis, per-server basis, or per-user basis using User Policies.
Embedded URLs are intercepted on the server and sent via the ICA control virtual
channel to the client. The client will not be allowed to disable this feature. If the
client does not have an appropriate player or cannot directly access the content, the
server player will be used.
URLs Redirected by Default:
URLs Not Redirected:
http
https
rtsp
rtspu
pnm
mms
ftp
gopher
mailto
news
nntp
telnet
wais
file
prospero
Hypertext Transfer Protocol
Secure Hypertext Transfer Protocol
Real Player and QuickTime
Real Player and QuickTime
Older Real Players
Microsoft’s Media Format
File Transfer protocol
The Gopher protocol
Electronic mail address
USENET news
USENET news using NNTP access
Reference to interactive sessions
Wide Area Information Servers
Host-specific file names
Prospero Directory Service
Note: The above is all or nothing, hence once enabled, all redirected
URLs above will be redirected, as granular selection is not supported.
ICA Client Requirements: Windows 32 (PN and PN Agent) and Linux
ICA Clients
38
Enhanced System Monitoring & Analysis
Description
Collect performance, session, and
application data into a single centralized
database for the entire MetaFrame farm
while maintaining manageability, scalability,
reliability, and control. Reports may be
based on pre-defined Crystal report
templates.
Benefit
Collected data can be queried using built-in
reporting features to diagnose server issues
or application usage trends. Easily find
which applications are not being used and
thus no longer need to be maintained. Billing
reports based on configurable costs, such as
for CPU usage or connection time, may be
produced for individual users, departments
or domains.
39
Enhanced System Monitoring & Analysis
Server Environment
Resource
Manager
Servers (XPe)
IMA Event
Bus
DB Connection
Server (XPe)
Summary
Database
(SQL or Oracle)
40
Enhanced System Monitoring & Analysis
Summary DB Configuration
• Monitor health of Database Connection Server
• Schedule the transfer of daily data from MetaFrame servers to allow for
network traffic management
• Enable automated data purges after a user definable time or after billing has
occurred
41
Enhanced System Monitoring & Analysis
Select Data to Store
• Specify server metric to record in Summary DB on a per server basis.
• Audit users to track user activity including session statistics, favorite
applications, and server usage across the farm
42
Enhanced System Monitoring & Analysis
Billing
• Setup Cost Centers and Fee structures
• Generate reports, all from within the CMC
43
Enhanced System Monitoring & Analysis
Assign Fees
• Associate fees with specific usage, with localized monetary support
44
Enhanced System Monitoring & Analysis
Define Cost Centers
• Create one or many cost centers in order to generate reports for the
resources they utilize
45
Enhanced System Monitoring & Analysis
Define Bill Information
• Create billing reports to bill by domain or cost centers for session time,
CPU usage, memory usage, process loaded time or process active time
46
Enhanced System Monitoring & Analysis
Report Templates
• The HTML report template below is provided for report viewing
• A set of pre-defined Crystal templates is provided for use with a
customer’s own Crystal implementation
47
Enhanced Application
Packaging & Delivery
Description
Group packages and define
installation intervals for
MetaFrame XP server groups.
Configure multiple share points
for WAN package delivery. Add
Windows Installer patch files to
existing packages.
Benefit
Administrators can more
efficiently deploy packages to
servers, and to sites in different
geographic locations.
48
Enhanced Application
Packaging & Delivery
Improved Deployment Configuration
Enhanced Installation Scheduling
• Time interval during which installations can occur
• Run large jobs across different days until completed
Create “Package Groups”
• A package group may contain multiple packages
• Set sequence of installation for packages inside a package group
• Specify how current and new user connections should be handled during
installations
• Specify if a reboot should occur between individual package installs or
uninstalls or only when all packages have completed
• With FR1 one set of credentials was specific for all network share access,
now with FR2, each package group may be configured with its own set of
credentials to access its network share
• No nested package group support
49
Enhanced Application
Packaging & Delivery
50
Roaming User Reconnect
Description
Reconnect to MetaFrame
sessions by user name rather
than by client device ID.
Benefit
This will allow users to move
between different client devices
and still be able to reconnect to
their disconnected sessions when
load-balanced server farms are
utilized.
51
Roaming User Reconnect
Implementation
NFuse and PN Agent already have this feature that was released in
MetaFrame XP FR1. The FR2 release will add this support to the
Program Neighborhood client interface.
Does not work for:
• Smart card authentication via PN
• Custom Connections that do not have credentials associated with
them
52
Enhanced Printer Support and
Management
Description
Improved administrator and user
control of printer properties and
print queue purging, and
improvements to printer mapping
performance. Also, network printer
settings will be detected and used
rather than arbitrary "default"
printer settings.
Benefit
Enhanced printer management and
tuning, allowing for better printing
performance. Provides enhanced
usability when printing to network
printers.
53
Enhanced Printer Support and
Management
Issue
Before FR2
After FR2
Default settings
always used for
newly auto-created
network printers
The first time a network printer is autocreated on a client, it gets default
manufacturer properties, causing
problems like wrong paper size for A4
users.
We added a printing preferences dialog in the
CMC. Administrators set “auto-creation
default settings” for properties for Paper Size,
Copy Count, Resolution, and Orientation.
Changes to autocreated client
printer settings
inside ICA sessions
are not saved
If a user changes their printer settings
from with a published application, these
changes will be lost at next logon
Administrators can now elect whether or not
to refresh a user’s ICA session auto-created
client local printer settings at each logon from
the settings on their local printer.
Printing to network
printers that existed
before ICA
connection is slow
Although a “network printer”, ICA treats
these as auto-created client printers.
Hence print jobs are sent down to client
first, then back up to printer server.
Print jobs will now be sent directly from the
ICA session on the MetaFrame server to the
print server, without having to go down to the
client and back up again.
Print jobs to client
local printers
suspended during
logout
If a user starts a print job and then logs
out, the job is suspended, and only
restarted upon later login to the same
server with the same client device.
Administrators may now elect whether to
save or purge the print queue upon user
logout.
Printers are
created
synchronously
When a user connects to an
application, all auto-created printers are
created first, then the application is
launched.
Administrators may now elect to allow
asynchronous launching of applications and
creation of printers to speed up launch time.
Note that some applications don’t like this.
54
Enhanced Printer Support and
Management
Auto-Created Printer Settings
Published Application Properties
55
TLS Encryption
Description
Support for the latest cryptographic security protocol,
TLS (Transport Layer Security). This is the next
generation security protocol, a successor of SSL (Secure
Sockets Layer).
Benefit
Client/server connections now pass through the latest
connection security technology, and use encryption
modules certified with Federal Information Processing
Standard (FIPS) 140 requirements.
56
TLS Encryption
Implementation
TLS support has been added to the following components in FR2:
• SSL Relay (uses Microsoft SChannel)
• ICA Clients:
 Windows 32 (uses Microsoft SChannel)
 Windows CE
 Linux
 Java
• NFuse Classic 1.7
• Citrix Secure Gateway 1.1 (between CSG server and ICA Client
only)
FIPS 140
For compliance the following requirements must be met:
• End-to-end TLS encryption
• Use of an approved encryption protocol such as Microsoft
SChannel
For compliance the following components must be employed:
• Configure SSL Relay directly on every MetaFrame server
• Use only Windows 32 ICA Clients
57
Enhanced Internet Proxy Support
Description
ICA Clients may use local Web browser settings to configure
client proxy settings. Also added support for the Secure
Proxy protocol (also known as "SSL Tunneling" ) to allow ICA
to tunnel securely through firewalls using SSL. Much as
HTTP employs HTTPS for proxy support, ICA can be
configured to employ Secure Proxy.
Benefit
Users can now easily and securely connect to applications
deployed across the Internet. Administrators can centrally
configure proxy server information for the ICA Clients of all
users by using global management of Web browser settings.
Proxy
58
Enhanced Internet Proxy Support
New Features
• HTTP/SSL Tunnel Proxy Support - Support for HTTP Connect method tunnel
proxy, also known as ‘‘Secure Proxy”. This common type of proxy is an
alternative to the SOCKS proxy that is currently supported.
• Proxy Authentication - Support for proxy authentication with both SOCKS
and HTTP/SSL Tunnel proxies.
• Proxy Auto-Detection - Support for automatic detection of proxy
configuration by querying proxy configuration information managed by
either Internet Explorer or the Netscape browser.
• Proxy Auto-Configuration Script Interpreter - Support for interpreting a
proxy auto-configuration (.PAC) JavaScript and for the Windows 32 ICA
Client we also support .INS files
59
Enhanced CWC
Description
Citrix Web Console usability has been enhanced:
• New look and feel
• Search and filtering
• Better layout
• Static button bar
Note:
No smart card
support for CWC
authentication
60
Microsoft Certifications
Description
Microsoft certification for:
• Windows 2000 Server
• Windows 2000 Advanced Server
• Windows 2000 Datacenter Server
• Windows XP
• Windows 2000 Professional
Benefit
Solidifies Citrix's compatibility with
Microsoft server and desktop
platforms.
61
Improved ICA Performance
Description
Improve overall performance of ICA
Client to MetaFrame server
communication. Transfer files to
and from a MetaFrame XP server
more quickly than ever.
Benefit
Saves considerable time when
transferring data to and from the
MetaFrame XP server farm.
62
Improved ICA Performance
Minutes
3MB File Download
45
40
35
30
25
20
15
10
5
0
XP FR1
XP FR2
Large Print Job
Modem 33.6KB
~250ms Latency
WAN 1.54MB
~150ms Latency
Satellite 512KB
~1.5s Latency
Minutes
Connection Type
Minutes
ThinWire Benchmark
XP FR1
XP FR2
Modem 33.6KB
~250ms Latency
45
40
35
30
25
20
15
10
5
0
WAN 1.54MB
~150ms Latency
Connection Type
XP FR1
XP FR2
Modem 33.6KB
~250ms Latency
WAN 1.54MB
~150ms Latency
Connection Type
63
16
14
12
10
8
6
4
2
0
Satellite 512KB
~1.5s Latency
Satellite 512KB
~1.5s Latency
Database Support
For hosting the MetaFrame XP data store, support has
been added for IBM DB2 Universal Database Enterprise
Edition v7.2 (with FixPack5) for Windows 2000.
MetaFrame
Data Store
MS Access
RM
Summary
Database
ESN
Database
No
NO
YES
NO
YES
YES
NO
NO
(v9, v10)
Oracle
(v7, v8i, and v9i)
SQL
(v7 and v2000)
IBM DB2 7.2 (FP5)
64
Novell Integration
• No longer require ZenWorks on MF server
• Still need Novell client on each MF server
• We have tested Novell 4.x and 5.x
• Able to view NDS OU structure in CMC (FR1)
• No smart card support for NDS users
• No shadowing support for NDS users
• No single sign-on support for NDS users (CMC,
NFuse, PN and PN Agent)
65
Server Farm Reliability
DSMaint
• Use to rebuild LHC
• Use to change ODBC data source target
DS Connectivity Failure
• Event Log entries added upon failure
• New Performance Monitor to track minutes
since failure
• Added to default RM Set with Alerts
Licensing
Server login rejection timeout extended from
48 hours to 96 hours when connectivity to
data store fails.
66
Enhanced MetaFrame SDK
Description
All Feature Release 2 functionality
and all printer management
functionality since the release of
MetaFrame XP are now included in
the MetaFrame SDK.
Benefit
More MetaFrame functionality for
third-party and ISV developers
using our SDK.
67