White Paper - XenDesktop Implementation Guide - Pooled Desktop
June 28, 2016 | Author: kinan_kazuki104 | Category: N/A
Short Description
White Paper - XenDesktop Implementation Guide - Pooled Desktop...
Description
Consulting Solutions | WHITE PAPER | Citrix XenDesktop
XenDesktop Implementation Guide
Pooled Desktops (Local and Remote)
www.citrix.com
Contents Contents .............................................................................................................................................................. 2 Overview ............................................................................................................................................................. 4 Initial Architecture ............................................................................................................................................. 5 Installation Guide .............................................................................................................................................. 6 SQL Database..................................................................................................................................................... 7 Pre-requisites – SQL Database ..................................................................................................................................... 7
Citrix Licensing ................................................................................................................................................15 Pre-requisites ................................................................................................................................................................. 15 Installation - Citrix Licensing 11.9 ............................................................................................................................. 19 Configuration - Citrix Licensing 11.9 ........................................................................................................................ 21
Citrix XenDesktop Desktop Controller .......................................................................................................24 Pre-requisites – XenDesktop Controller................................................................................................................... 24 Installation – XenDesktop Controller ....................................................................................................................... 28 Configuration – Creating a XenDesktop Site .......................................................................................................... 33
Citrix Web Interface ........................................................................................................................................39 Pre-requisites ................................................................................................................................................................. 39 Installation – Citrix Web Interface ............................................................................................................................ 44 Configuration – Citrix Web Interface ....................................................................................................................... 47
Citrix Merchandising Server ...........................................................................................................................52 Pre-requisites ................................................................................................................................................................. 52 Installation – Merchandising Server .......................................................................................................................... 52 Configuration – Merchandising Server ..................................................................................................................... 59
Pooled Desktop Image....................................................................................................................................65 Creating a Pooled Desktop Image Virtual Machine ............................................................................................... 65
Citrix User Profile Manager............................................................................................................................71 Page 2
Citrix User Profile Manager - Client Side Installation ............................................................................................ 71 Citrix User Profile Manager - Server Side Configuration ....................................................................................... 74
Policies ...............................................................................................................................................................80 Configuration – Base Active Directory Policy ......................................................................................................... 80 Configuration – Optimized Desktop Policy ............................................................................................................ 90
Citrix Access Gateway Enterprise Edition ................................................................................................ 106 Importing NetScaler Appliance ................................................................................................................................ 106 Installation of Citrix Access Gateway Enterprise Edition ................................................................................... 108 Creating A Request, Key, and Certificate ............................................................................................................... 113 Configuring Citrix Access Gateway Enterprise Edition....................................................................................... 118 Creating a Web Interface Site for Access Gateway ............................................................................................... 125
Desktop Groups ........................................................................................................................................... 130 Configuration – Desktop Group Creation ............................................................................................................. 130 Configuration – Desktop Group Assignment ....................................................................................................... 134
Validation Scenarios ..................................................................................................................................... 137 Internal Access Scenario ............................................................................................................................................ 137 External Access Scenario........................................................................................................................................... 140
Product Versions........................................................................................................................................... 141 Revision History ............................................................................................................................................ 141
Page 3
Overview Citrix XenDesktop is an enterprise solution, which means it can solve almost any unique design requirement. Because of the flexibility, the implementation can involve significant amount of coordination across infrastructure teams. As such, this Deployment Guide can help accelerate the implementation of a fully functioning XenDesktop site providing for a common Enterprise scenario: local and remote access to pooled desktops supported on XenServer. While the steps in this guide can lead to a fully functioning XenDesktop environment, the installation of XenDesktop should not be performed in a production environment without adequate testing. It is recommended to install in a test lab and conduct thorough systems and user acceptance testing to determine the best configuration for the environment. Success Accelerator kits are available at http://www.citrix.com/successaccelerator/ to help.. This document provides the detailed steps on installing the required components for a fully functioning XenDesktop environment. This guide assumes that no Citrix products have been installed and will walk a System Administrator through the steps to bring many Microsoft and Citrix components online based on the Citrix Consulting recommended configurations. These products include Citrix XenDesktop 5, Citrix Web Interface, Citrix Access Gateway VPX, Citrix User Profile Manager, Citrix Licensing Server 11.9, Microsoft SQL Server 2008 R2, and Citrix Merchandising Server.
Page 4
Initial Architecture The architecture this deployment guide creates is shown in the following figure:
Figure 1: Architecture utilizing using Machine Creation Services
The environment consists of the following:
Remote access provided by Access Gateway VPX
Initial authentication and enumeration operations performed by Web Interface
License monitor and allocation via the Citrix License Server
Desktop management controlled by the redundant XenDesktop controllers
Overall system configuration tracking by SQL Server
Virtual desktop hosting provided by Citrix XenServer
Desktop image creation and delivery via Machine Creation Services.
Page 5
Installation Guide In this phase, various components needed to support and ensure a functioning XenDesktop environment will be configured. These components include:
Installing Microsoft SQL Server 2008 R2
Installing & configuring Citrix Licensing Server 11.9
Installation of Citrix XenDesktop Controllers & configuring a XenDesktop Site.
Installing & configuring Citrix Web Interface
Installing and configuring Citrix Merchandising Server
Creating a Pooled Desktop master image
Installing & configuring server side and client side components of Citrix User Profile Manager
Configuring Active Directory for Base and Optimized Desktop policies.
Installing & configuring Citrix Access Gateway
Creating Desktop Groups
Final validations
Page 6
SQL Database Pre-requisites – SQL Database SQL Server 2008 R2 Prerequisites for SQL Server 2008 R2: SQL Server 2008 R2 Enterprise can only be installed on the following Microsoft OS Version:
Windows Server 2003 SP2 64-bit x64 Datacenter
Windows Server 2003 SP2 64-bit x64 Enterprise
Windows Server 2003 SP2 64-bit x64 Standard
Windows Server 2003 R2 SP2 64-bit x64 Datacenter
Windows Server 2003 R2 SP2 64-bit x64 Enterprise
Windows Server 2003 R2 SP2 64-bit x64 Standard
Windows Server 2008 SP2 64-bit x64 Datacenter
Windows Server 2008 SP2 64-bit x64 Datacenter without Hyper-V
Windows Server 2008 SP2 64-bit x64 Enterprise,
Windows Server 2008 SP2 64-bit x64 Enterprise without Hyper-V
Windows Server 2008 SP2 64-bit x64 Standard
Windows Server 2008 SP2 64-bit x64 Standard without Hyper-V
Windows Server 2008 SP2 64-bit x64 Web
Windows 2008 R2 64-bit x64 Datacenter
Windows 2008 R2 64-bit x64 Enterprise
Windows 2008 R2 64-bit x64 Standard
Windows 2008 R2 64-bit x64 Web
Windows Server 2008 R2 x64 for Windows Essential Server Solutions
Additionally, SQL Server Setup installs the following software components required by the product::
.NET Framework 3.5 SP11
SQL Server Native Client
SQL Server Setup support files
For the purposes of this installation guide, it is assumed that Server 2008 R2 Enterprise will be the OS for the SQL 2008 R2 Database for XenDesktop Appropriate usernames and passwords required to run SQL Database services should be provisioned prior to SQL Server 2008 R2 installation.
Screenshot
Description
1
Connect and authenticate to the server selected to run SQL 2008 R2 for XenDesktop
**NOTE** If service accounts are being used to install SQL Server 2008 R2, ensure that this account possesses elevated privileges. Consult with Active Directory Administrators to ensure compliance with specific enterprise account standards.
Page 7
SQL Server 2008 R2 2
Navigate to the path where the installation media or files for Microsoft SQL Server 2008 R2 are located.
Launch the installer by double-clicking the setup file.
In SQL Server Installation Center, select the Installation option
Start SQL Server 2008 installation by clicking New Installation or add features to an existing installation
Review Support Rules for accuracy
Click OK to proceed with installation
3
4
Page 8
SQL Server 2008 R2 5
Select the radio button appropriate to this installation of SQL Server 2008.
Provide a valid Product Key in the appropriate field
Click Next to proceed with installation
Review the entire contents of the License Terms.
Select the checkbox marked I accept the license terms
Click Next to proceed with installation
Review the details of the Setup Support Files screen.
Click Install to proceed with installation
6
7
Page 9
SQL Server 2008 R2 8
Allow the installation of Support Files to proceed to completion.
Review the installation summary and validate that no errors have occurred during the installation of Support Roles.
Click Next to proceed with Role setup installation
Select the appropriate radio button for SQL Server Feature Installation.
Click Next to proceed with installation
9
10
Page 10
SQL Server 2008 R2 11
In the Feature Selection list, select the required features for this SQL Server 2008 installation by checking the boxes of the required items. Required minimum features that should be checked are: Database Engine Services
***NOTE*** Features installed will vary widely depending on the enterprise. Consult with a SQL Server Administrator to ensure that the appropriate selections are made for this specific installation.
Click Next to proceed with installation
Allow the feature installation to proceed to completion. A completion summary screen will be presented once installation is complete.
Review the installation summary for errors.
If there are no errors presented in the summary screen, click Next to proceed to Instance Configuration.
On the Instance Configuration screen, select the Default Instance for this installation of SQL Server 2008.
Click Next to continue
12
13
Page 11
SQL Server 2008 R2 14
Validate that the server SQL Server 2008 is being installed to will have enough disk space to complete the installation.
Click Next to continue
On the Server Configuration pane, provide appropriate usernames and password for the various SQL Server services.
15
***NOTE*** Service account names will vary widely depending on the enterprise. Consult with a SQL Server Administrator to ensure that the appropriate credentials are provided for this specific installation of SQL Server 2008
Click Next to continue
On the Database Engine Configuration pane, select the appropriate Authentication Mode for this SQL Server Installation. .
16
***NOTE*** Authentication Modes will vary depending on the enterprise. Consult with a SQL Server Administrator to ensure that the appropriate credentials are provided for this specific installation of SQL Server 2008
Click Next to continue
Page 12
SQL Server 2008 R2 17
Review the Error Reporting Pane summary and mark the check box to report errors to Microsoft if it complies with enterprise security policies.
Click Next to continue
Review the Installation Configuration file summary screen presented.
If no errors are presented, click Next to continue
Review the overall Installation Configuration summary.
Click Install to proceed with file installation.
18
19
Page 13
SQL Server 2008 R2 20
Allow the installation of all files by the setup wizard. Monitor for any errors that may be presented during the installation.
Review the completion screen for any warnings or errors.
If no warnings or errors are presented, click Close to exit from the SQL Server 2008 installation.
21
Page 14
Citrix Licensing Pre-requisites Citrix Licensing Prerequisites Prerequisites for Licensing Server 11.9: Software System Requirements Citrix License Server can be installed on servers running the following Microsoft operating systems. Citrix recommends that the latest Microsoft Service Pack and updates be installed. •Windows Server 2003 Family •Windows Server 2008 Family •Windows Server 2008 R2 Family •Windows 7, 32-bit and 64-bit editions
The License Administration Console manages the license server on the computer on which it is installed. It cannot manage remote license servers. License Administration Console requires a supported Web Browser and .NET Framework Supported Browsers: •Internet Explorer Version 6.0 through 8.0 •Mozilla Firefox Version 3.x Microsoft .NET Framework Requirements Microsoft .NET Framework 3.5 is required. For the purposes of this installation guide, it is assumed that Server 2008 R2 is the host for the Licensing Server and License Administrative console. The guide will include guidance on installing a compatible version of Microsoft .NET Framework.
Screenshot
Description
1
Connect and authenticate to the server selected to run Citrix Licensing Server.
**NOTE** If using a service account to install Citrix Licensing 11.9, ensure that the user account has elevated privileges. Consult with Active Directory Administrators to ensure compliance with specific enterprise account standards.
Page 15
Citrix Licensing Prerequisites 2
Launch Server Manager from the Start Menu. The path to Server Manager is Start > Administrative Tools > Server Manager
3
In the left hand navigation pane, select the Features node in the selection tree.
Click Add Features in the Features Summary area.
From the Features List, select .NET Framework 3.5.1 Features in order to begin the installation of pre-requisite features.
4
Page 16
Citrix Licensing Prerequisites 5
Agree to the prompt to add role services required for .NET Framework 3.5.1. Features by clicking Add Required Role Services
Hit Next to proceed with the installation
***NOTE*** The Web Server (IIS) Role will be installed as art of .NET Framework 3.5.1 feature installation. Consult with Web Administrator and Security teams to ensure compliance with enterprise requirements 6
Hit Next at the Web Server (IIS) information pane
Ensure that .NET Extensability & Request Filtering are selected in the Role Services selection tree.
Click Next to proceed with the Web Server (IIS) Role installation.
7
Page 17
Citrix Licensing Prerequisites 8
Review the installation summary screen for accuracy. Ensure that all values are correct for the installation being performed.
Confirm selections by clicking Install.
Allow the installation wizard to proceed to completion. Review for any errors that may be presented.
Once the installation wizard has completed, validate that the installation completed without errors.
If successful, click Close to complete the installation of .NET 3.5.1
Exit from Server Manager and return to the system. It is now possible to proceed with the installation of Citrix Licensing 11.9
9
10
Page 18
Installation - Citrix Licensing 11.9 Installing Citrix License Server 11.9 Screenshot
Description
1
Connect and authenticate to the server selected to run Citrix Licensing.
**NOTE** If using a service account to install Citrix Licensing Server 11.9, ensure that the user account has elevated privileges. Consult with Active Directory Administrators to ensure compliance with specific enterprise account standards.
2
Locate the Licensing Server 11.9 installation media and launch by selecting CTX_Licensing ***NOTE*** If the installation files cannot be located, Citrix Licensing can be obtained from http://download.citrix.com. Use MyCitrix credentials to log in and obtain the required software.
3
Read the Citrix Licensing License Agreement
Select the checkbox marked I accept the terms in the License Agreement
Click Next to continue
Page 19
Installing Citrix License Server 11.9 Screenshot
Description
4
Specify the path to install Citrix Licensing 11.9. ***NOTE*** The default installation path will be: C:\Program Files (x86)\Citrix\ This path should be used for the majority of installations. Change this value only if there is relevant reason to do so.
5
Allow the installation to proceed to completion
Once the installer has completed, click Finish to launch the License Server Configuration Tool
6
Page 20
Installing Citrix License Server 11.9 Screenshot
Description
7
In the License Server Configuration Tool, validate that the proper ports are specified for Citrix Licensing Server 11.9.
Set a password for the License Administration Console. Ensure that this password is secure and is known to Citrix Administrators responsible for licensing .
Click OK to complete License Server Configuration.
**NOTE** If Windows Firewall is enabled on this server, ensure that appropriate inbound rules are configured to allow communication on default Citrix Licensing Ports 27000, 7279, and 8082. If alternative ports are selected for either License Server, Vendor Daemon, or the Management Console, ensure that Windows Firewall allows for those ports instead.
Configuration - Citrix Licensing 11.9 Configuring Citrix License Server 11.9 Screenshot
Description
1
Connect and authenticate to the server selected to run Citrix Licensing Server 11.9
**NOTE** If using a service account to install Citrix Licensing 11.9, ensure that the account has elevated privileges. Consult with Active Directory Administrators to ensure compliance with specific enterprise account standards.
2
Launch the License Administration Console from the Start Menu. The default path should for License Administration Console will be: Start > All Programs > Citrix > Management Consoles > License Administration Console
Page 21
Configuring Citrix License Server 11.9 Screenshot
Description
3
Navigate to the Administration link on the topright corner of the License Administration Console.
Provide administrative credentials to authenticate. The default username will be admin and the password will be what was established in Installation – Citrix Licensing 11.9 Step 7
Once successfully authenticated, navigate to the Vendor Daemon Configuration tab on the left-hand side of the License Administration Console
Select Import License to being the process of importing the license file.
4
5
Page 22
Configuring Citrix License Server 11.9 Screenshot
Description
6
Click Browse and use the file browser to navigate to where license files are located.
Select the appropriate license file and click Open
Click Import License to begin the process of importing the license into the Licensing Server
If the license import is successful, a confirmation message will be presented..
Click OK to proceed. Configuration of Citrix Licensing Server 11.9 is now complete
Exit the License Administration Console by clicking the “X” in the upper right hand corner of the console window.
7
Page 23
Citrix XenDesktop Desktop Controller Pre-requisites – XenDesktop Controller Desktop Controller Pre-requisites The requirements for installing XenDesktop Controllers include the Controller software, a database, Desktop Studio, Desktop Director & Active Directory accounts. Active Directory & SQL Databse account validations have already been performed as part of Section 1 – Environment Validation. This section will focus on prerequisites for installing XenDesktop Controller software, Desktop Studio, and Desktop Director. XenDesktop Controllers must be installed on one of the following operating systems: •Microsoft Windows Server 2008, Standard or Enterprise Edition, with Service Pack 2 installed (32- and 64-bit) •Microsoft Windows Server 2008 R2, Standard or Enterprise Edition (64-bit only) Disk space requirements: •100 MB for the Controller and SDKs •50 MB for Desktop Studio •50 MB for Desktop Director This scenario will be performed on Windows Server 2008 R2 Enterprise with Controller & SDK installation, Desktop Studio on all Controllers, & Desktop Director installed on one Controller. Microsoft .NET Framework, Version 3.5, with Service Pack 1 is required to be installed on the operating system. If Microsoft .NET Framework Version 3.5 is not installed on this server, it is installed automatically by XenDesktop. The XenDesktop installation media will also contain this installer in the Support\DotNet35 folder. Microsoft Internet Information Services (IIS) and ASP.NET 2.0. IIS are required for Desktop Director. Therefore, it will only be installed on the first Controller in this scenario. •For Windows Server 2008, Microsoft IIS Version 7.0. •For Windows Server 2008 R2, Microsoft IIS Version 7.5. As Desktop Director will be installed on a Desktop Controller, this guide will be outlining the addition of IIS Version 7.5 with the appropriate roles. Other components may be required depending on variations to the enterprise system environment. Refer to Citrix eDocs for XenDesktop 5 Controllers to gather specifics on •Microsoft Visual J# 2.0 Redistributable Package, Second Edition. •Microsoft Visual C++ 2008 with Service Pack 1 Redistributable Package. •Microsoft Windows PowerShell version 2.0. •Internet Explorer 7.0 or later.
Screenshot 1
Description
Connect and authenticate to the server selected to run the Desktop Controller.
**NOTE** If using a service account to install the Desktop Controller, ensure that the user account has elevated privileges. Consult with Active Directory Administrators to ensure compliance with specific enterprise account standards.
Page 24
Desktop Controller Pre-requisites 2
Launch Server Manager from the Start Menu. The path to Server Manager is Start > Administrative Tools > Server Manager
3
Select the Roles tree node in the left hand navigation pane.
Click Add Role
Agree to the Introductory Screen for the Add Roles Wizard by clicking Next
Select Web Server role from the checkboxes available
4
Page 25
Desktop Controller Pre-requisites 5
Agree to the screen that introduces IIS by selecting Next
Ensure that all appropriate checkboxes are selected. Many of these will be selected by default. Checkboxes include:
6
Web Server > Common HTTP Features > > Static Content > Default Document > Directory Browsing > HTTP Errors Web Server > Application Development > > ASP.NET > .NET Extensibility > ISAPI Extensions > ISAPI Filterss Web Server > Health and Diagnostics > > HTTP Logging > .Request Monitor Web Server > IIS Management Console
7
Confirm installation selections by selecting Install at the prompt.
Page 26
Desktop Controller Pre-requisites 8
Allow the installation to proceed to completion
Validate that the installation completed
If successful, click Close to complete the installation the IIS Server Role.
Close out Server Manager and return the system. It is now possible to to the installation of Desktop Controller(s)
9
Page 27
Installation – XenDesktop Controller Installing a XenDesktop Controller Screenshot
Description
1
Staying on the server selected to be the Desktop Controller, navigate to the location of the XenDesktop Installer Media and launch via AutoPlay
Run AutoSelect.exe
Select Install XenDesktop
2
**NOTE** If using a service account to install the Desktop Controller, ensure that the user account has elevated privileges. Consult with Active Directory Administrators to ensure compliance with specific enterprise account standards.
3
Read the entire Licensing Agreement.
Select the checkbox for I accept the terms and conditions and select Next to continue.
Page 28
Installing a XenDesktop Controller Screenshot
Description
4
**NOTE** In this scenario for XenDesktop, web access will be provided via a Web Interface installed on separate server. Also, a separate SQL 2008 R2 database will be used. Lastly, a dedicated License Server has already been installed and will not be needed as part of the Controller installation.
Select the appropriate components for installation. This should include: > XenDesktop Controller > Desktop Studio > Desktop Director
Uncheck the selections for Web Access, License Server, and Install SQL Server Express. These components are installed separately.
Click Next to continue
Allow the installation summary to generate.
Validate that all appropriate components are included in the summary area and click Install.
Uncheck Configure XenDesktop after closing and click Close.
Close out the remote connection to the first XenDesktop Controller.
5
6
Page 29
Installing a XenDesktop Controller Screenshot
Description
7
Connect to the server that is designated as another XenDesktop controller.
Navigate to the location of the XenDesktop Installer Media and launch via AutoPlay
Run AutoSelect.exe
Select Install XenDesktop
8
9
**NOTE**
If using a service account to install the Desktop Controller, ensure that the user account has elevated privileges. Consult with Active Directory Administrator to ensure compliance with specific enterprise account standards.
Page 30
Installing a XenDesktop Controller Screenshot
Description
10
Read the entire Licensing Agreement.
Select the checkbox for I accept the terms and conditions and select Next to continue.
11 **NOTE** In this scenario for XenDesktop, web access will be provided via a Web Interface installed on separate server. Also, a separate SQL 2008 R2 database will be used. Lastly, a dedicated License Server has already been installed and will not be needed as part of the Controller installation. Furthemrore, Desktop Director will not be required as it is already available on the first Controller. Therefore, unselect it.
Select the appropriate components for installation. This should include: > XenDesktop Controller > Desktop Studio
Uncheck the selections for Web Access, Desktop Director, License Server, and Install SQL Server Express. These components are installed separately.
Click Next to continue
Page 31
Installing a XenDesktop Controller Screenshot
Description
12 **NOTE** As Desktop Director is not installed on the second Controller and the IIS role is not required, a firewall exception may be needed for Port 80 to accommodate incoming Broker requests. Coordinate with Network Security Administrators to ensure appropriate firewall considerations are taken into account for any specific enterprise configuration.
Check the box marked Enbale these ports to allow Port 80 to be used for Broker connections to this Controller.
Click Next to continue the installation
Allow the installation summary to generate.
Validate that all appropriate components are included in the summary area and click Install.
Allow the Setup Wizard to complete the installation. Once complete, a final summary will be presented.
Validate that all appropriate components were installed properly.
If proceeding directly to the next section (Configuration – Creating a XenDesktop Site), then click Close.
Otherwise, uncheck the box marked Configure XenDesktop after closing and click Close.
13
Page 32
Configuration – Creating a XenDesktop Site Creating a XenDesktop Site Screenshot
Description
1
Connect and authenticate to the server selected to run the Desktop Controller.
**NOTE** If using a service account to install the Desktop Controller, ensure that the user account has elevated privileges. Consult with Active Directory Administrators to ensure compliance with specific enterprise account standards.
2
Launch Desktop Studio from the Start Menu. Desktop Studio should appear under: Start > All Programs > Citrix > Desktop Studio
3
From Desktop Studio, select Desktop Deployment in the center pane of the Snap-In.
Page 33
Creating a XenDesktop Site Screenshot
Description
4
Name the XenDesktop Site per enterprise standards.
In Database Configuration, enter the name of the SQL 2008 server installed earlier.
Enter the name of the Database in the Database Name field. For the purposes of this scenario, leave in the prepopulated default Database name to have the wizard create the database. ***NOTE*** To validate connectivity to the SQL Server, use the Test Connection button. This test will likely generate an error as the Database for XenDesktop has not yet been created. However, connectivity to the SQL Database will be validated successfully. It is possible to create a Database prior to installing a XenDesktop site, however this step is beyond the scope of this Implementation Guide.
Click Next to continue
Provide Citrix License server information (installed earlier) and click Connect
The wizard will present the license types available on the licensing server. Select the appropriate one for this installation and click Next
5
Page 34
Creating a XenDesktop Site Screenshot
Description
6
Configure the Host hypervisor per specific enterprise standards.
Ensure that a Host Address preceeded by http, Username, & Password are provided.
Name the Host connection
Select Use XenDesktop to create virtual machines
Click Next to continue
Specify the resources that will be utilized by the Virtual Machines in this installation.
Click Add to configure where to store virtual machines.
Provide a Name for the storage details.
Select the storage type. For this scenario, an iSCSI mount will be utilized.
Select a guest network for the virtual machines.
Validate the settings for VM resources
Click Next to continue
7
8
Page 35
Creating a XenDesktop Site Screenshot
Description
9
Review the installation Summary for accuracy.
Click Finish to continue
Close out the remote connection to the first XenDesktop Controller.
Connect and authenticate to the server selected to be the second XenDesktop Controller.
10
**NOTE** If using a service account to install the Desktop Controller, ensure that the user account has elevated privileges. Consult with Active Directory Administrators to ensure compliance with specific enterprise account standards.
11
Launch Desktop Studio from the Start Menu. Desktop Studio should appear under: Start > All Programs > Citrix > Desktop Studio
Page 36
Creating a XenDesktop Site Screenshot
Description
12
From Desktop Studio, select Join existing deployment in the center pane of the Snap-In.
In the Select XenDesktop Site dialog box, specify the address of the first controller. Specify either an IP address or Fully Qualified Domain Name (FQDN).
Click Ok to continue
A pop-up asking whether to allow XenDeskto to update the database automatically will be presented.
Click Yes to continue
Allow XenDesktop to configure the Site and add the second controller. A progress bar will be presented until completion.
13
14
15
Page 37
Creating a XenDesktop Site Screenshot
Description
16
Upon successful completion of adding a second controller to the XenDesktop Site, Desktop Studio will return to the Site Dashboard. Settings and information regarding this XenDesktop site will be presented and available for Administration.
Configuring the XenDesktop site is now complete. Exit from Desktop Studio and logout from the second controller.
Page 38
Citrix Web Interface Pre-requisites Web Interface Pre-requisites Screenshot
Description
1
Connect and authenticate to the server selected to run Citrix Web Interface
**NOTE** If using a service account to install Citrix Web Interface, ensure that the user account has elevated privileges. Consult with Active Directory Administrator to ensure compliance with specific enterprise account standards.
2
Launch Server Manager from the Start Menu. The path to Server Manager is Start > Administrative Tools > Server Manager
3
Select the Roles tree node in the left hand navigation pane.
Click Add Role
Page 39
Web Interface Pre-requisites Screenshot
Description
4
Agree to the Introductory Screen for the Add Roles Wizard by clicking Next
Select Web Server role from the checkboxes available
Agree to the screen that introduces IIS by selecting Next
5
Page 40
Web Interface Pre-requisites Screenshot
Description
6
Ensure that all appropriate checkboxes are selected. Many of these will be selected by default. Checkboxes include: Web Server > Common HTTP Features > > Static Content > Default Document > Directory Browsing > HTTP Errors Web Server > Application Development > > ASP.NET > .NET Extensibility > ISAPI Extensions > ISAPI Filterss Web Server > Health and Diagnostics > > HTTP Logging > .Request Monitor Web Server > Management Tools > > IIS Management Console Web Server > Management Tools > IIS Management Compatibility > IIS 6 Metabase Compatibility
7
Confirm the installation selections by selecting Install at the prompt.
Page 41
Web Interface Pre-requisites Screenshot
Description
8
Allow the installation to proceed to completion
Validate that the installation completed
If successful, click Close to complete the installation the IIS Server Role.
Close out Server Manager and return to the system. It is now possible to proceed with the installation of secondary components required for Web Interface
Once Web Server role, navigate to the directory containing Microsoft Visual J# .NET 2.0. The installer is available in the Support folder of XenDesktop 5 media
Double click the installer file. For 64-bit systems, the installer will be vjredist64.exe
9
10
Page 42
Web Interface Pre-requisites Screenshot
Description
11
The installation wizard will launch.
Read the overview and click Next to continue
Read the entire End-User License Agreement
Check the box marked I accept the terms of the License Agreement
Click Install to proceed
Allow the wizard to install files related to the software
12
13
Page 43
Web Interface Pre-requisites Screenshot
Description
14
Once the installer is completed, a Setup Complete summary screen will be presented
Click Finish to complete the installation
Installation – Citrix Web Interface Citrix Web Interface Installation Screenshot
Description
1
Navigate to the path where the Web Interface software is available. The latest version of Web Interface is available on http://download.citrix.com
Double-click the installer package to begin the setup process
**NOTE** If using a service account to install Citrix Web Interface, ensure that the user account has elevated privileges. Consult with Active Directory Administrators to ensure compliance with specific enterprise account standards. 2
Select the language for the Web Interface installation.
For the purposes of this scenario, select English and click Ok
Page 44
Citrix Web Interface Installation Screenshot
Description
3
The installer will present a welcome screen. Read the entirey of the welcome screen text and click Next to continue
Read the entire Citrix License Agreement
Select the radio button marked I accept the license agreement and click Next
Choose the filesystem path to install Citrix Web Interface. The default installation path will be: C:\Program Files (x86)\Citrix\Web Interface
Once the installation path has been specified, click Next to continue
4
5
Page 45
Citrix Web Interface Installation Screenshot
Description
6
Decide whether Citrix Clients will be installed as part of Web Interface setup.
As this scenario will be utilizing Merchandising Server, select the radio button marked Skip this step and click Next to continue the installation
Read the summary screen and click Next to begin the setup file installation
The setup program will begin migrating files to the server. Allow the setup to complete.
7
8
Page 46
Citrix Web Interface Installation Screenshot
Description
9
Upon successful installation of Web Interface components, review the summary page.
Ensure that the checkbox marked Start creating sites now is checked.
Click Finish to complete the installation of Web Interface.
Configuration – Citrix Web Interface Citrix Web Interface Configuration Screenshot
Description
1
In the Web Interface Management Snap-In, right-click XenApp Web Site and select Create Site
***NOTE*** Web Interface Management can be found by navigating to: Start -> All Programs -> Citrix -> Citrix Web Interface Management
Page 47
Citrix Web Interface Configuration Screenshot
Description
2
In the Create Site dialog, specify information to label the site
For the purposes of this scenario, the site Path has been made to be /Citrix/XenDesktop and the Name to be XenDesktop ***NOTE*** Confer with the Web Administration team on whether the enterprise requires Web Interface to be the default IIS Site. If this is a shared web server, this may not be advisable.
Click Next to continue
Select the Point of Authentication.
For the purposes of this scenario, the Point of Authentication will be At Web Interface.
3
***NOTE*** Confer with the Web Administration and Security teams to determine this setting. Point of Authentication can vary widely based on enterprise security requirements
Click Next to continue
Review the installation summary for accuracy.
If all settings are validated click Next to begin configuration of this XenApp Web Site.
4
Page 48
Citrix Web Interface Configuration Screenshot
Description
5
Allow the setup wizard to complete installation of the Web Interface Web Site.
Once the setup wizard has completed, a site summary box will be presented.
Ensure that the checkbox marked Configure the site now is checked and click Next to continue
The Farm Setup dialog box will be launched. Specify a Farm Name
In the Servers area, click Add
Specify the XenDesktop Controller address in the field marked server name. Either the fully qualified domain name (FQDN) or the IP address of the Controller can be specified.
Click OK to add the Server to the Farm
Repeat this step for all of XenDesktop Controllers in the enterprise configuration.
Once all Servers in the XenDesktop Site have been added, click Next to continue
6
7
Page 49
Citrix Web Interface Configuration Screenshot
Description
8
Configure the Authentication Method appropriate for the enterprise. ***NOTE*** Authentication Methods vary widely depending on enterprise security needs. Consult with Security Administrators to choose the model most appropriate for this installation. For the purposes of this scenario, Explicit authentication should be chosen.
Click Next to continue
Configure the Domain Restrictions
9
***NOTE*** Domain Restriction settings depend on enterprise security needs. Consult with Security Administrators to choose the model most appropriate. For the purposes of this scenario, Allow any domains will be chosen.
Click Next to continue
Choose the most appropriate Logon Screen appearance. For the purposes of this scenario, choose Minimal
Click Next to continue
10
Page 50
Citrix Web Interface Configuration Screenshot
Description
11
Specify the Published Resource type. As the XenDesktop environment is Pooled Random, the most appropriate Resource Type will be Online.
Click Next to continue.
Review the Initial Configuration summary for accuracy.
Click Finish to complete the installation of XenDesktop Web Interface site.
Upon successful configuration, exit from Web Interface management Snap-In
12
Page 51
Citrix Merchandising Server Pre-requisites Merchandising Server Pre-requisites Screenshot
Description
Prerequisites Merchandising Server: Merchandising Server virtual appliance software. Download the Merchandising Server virtual appliance from the Citrix support site. It is one of the downloads available under the Citrix Receiver product group. Citrix XenServerTM 5.x with 8 GB of available disk space and 1 GB available RAM A Workstation running XenCenter in order to import the virtual image. Active Directory 2003 Service Pack 2 and above. The corporate directory must be accessible through Active Directory. One of the following browser versions is required to use the Citrix Merchandising Server Administrator Console: •Internet Explorer 7 •Internet Explorer 8 •Firefox version 3.x
Installation – Merchandising Server Merchandising Server Pre-requisites Screenshot
Description
1
Launch XenCenter and connect to an environment that Merchandising Server will be hosted.
Click File and then Import to begin the procedure to import the Merchandising Server 2.1 virtual appliance.
Page 52
Merchandising Server Pre-requisites Screenshot
Description
2
On the Import Source, navigate to where the Merchandising Server appliance file has been downloaded.
Select the file and click Open
Click Next to continue.
Select a server that will be the home server for the imported appliance.
Select a storage repository where the Merchandising Server virtual disk will be kept.
Once the storage repository has been selected, click Import to proceed.
3
4
Page 53
Merchandising Server Pre-requisites Screenshot
Description
5
Configure the virtual network interfaces for the new VM as required by the enterprise network topology.
Click Next to continue
On the Complete the import screen, ensure that Start VM after import is checked
Click Finish to begin the virtual appliance import process.
Monitor the progress of the VM import by click to the Logs tab in XenCenter
Once the import process has completed, exit from XenCenter
6
7
Page 54
Merchandising Server Pre-requisites Screenshot
Description
8
Once the import process has completed, navigate to the Console tab for the Merchandising Server VM in XenCenter.
Use text input to configure the Merchandising Server per enterprise requirements
Ensure that the network configuration (IP address, gateway, DNS) settings are correct
The Merchandising Server will reboot after configuration. It will also require a change to the default root password prior to reboot.
Allow the Merchandising Server to reboot fully
Using a web browser, navigate to the Merchandising Server configuration website. The URL should be as follows:
9
10
https://[server_IP_address]/appliance
Log in username set to root and password C1trix321
Page 55
Merchandising Server Pre-requisites Screenshot
Description
11
Upon successful login, the main setup screen will be presented.
Select Configure Active Directory to begin configuring Merchandising Server.
Enter the appropriate settings for Active Directory environment in the fields provided.
12
Source Name:
An identifier for this connection
Server Address:
Provide the IP address for the AD Domain Controller
Server Port:
Typically this is 389
BIND DN:
Provide the LDAP string for the account used to connect to Active Directory
Base DN:
Provide the LDAP string for the Domain
Server Sync
Select the timeframe for AD Synch
Schedule
Click Save and Synch to finalize settings for Active Directory integration with Merchandising Server.
Page 56
Merchandising Server Pre-requisites Screenshot
Description
13
Click the Permissions field to configure access rights to Merchandising Server
Enter an account that will have Administrative privileges in Merchandising Server in the search box.
Click Search to locate the account in Active Directory.
Once the account desired has been located, select the radio button and click Edit
Grant the appropriate role merchandising Server. In this scenario, grant Administrator
Once the account is configured, exit from the screen by clicking the x in the upper right corner of the window
14
15
Page 57
Merchandising Server Pre-requisites Screenshot
Description
16
Log off of the Merchandising Server by clicking Log off in the upper right hand corner of the window.
Enter the administrative account credentials are provided in the User Name and Password field. Validate that this account exists and is active in the Active Directory Domain prior to this stage.
Allow the Administrator Console in Merchandising Server to load.
Validate that all desired and required console functions are available.
Once validation is complete, proceed to configuring Merchandising Server.
17
18
Page 58
Configuration – Merchandising Server Configuring Merchandising Server Screenshot
Description
19
In the Administrator Console for Merchandising Server, click the Get New hyperlink under Plug-ins
Select the radio button of the Plug-in(s) appropriate for this installation of Merchandising Server and XenDesktop.
20
For the purposes of this Implementation Guide, the Citrix Online Plug-in and Citrix Receiver are to be selected.
Click Download to Server
***NOTE*** An active internet connection must be available and for Merchandising Server to be able to download and import the appropriate plug-ins.
Page 59
Configuring Merchandising Server Screenshot
Description
21
Acknowledge the warning regarding extended download times by clicking Confirm.
Allow the selected Plug-Ins to download to the Merchandising Server.
Once the requested Plug-Ins have downloaded, click Close to complete.
From the Merchandising Server Administration Console, navigate to:
22
23
Deliveries > Rules
Page 60
Configuring Merchandising Server Screenshot
Description
24
Populate the required data for the creation of a delivery rule. Provide a: Name Description Field (this is used as a criteria for enforcing a rule) Value (this is used as validation criteria for a rule)
Once all required fields have been populated, click Save
Validate that the delivery rule has been saved. If successfully saved, it will appear in the Rules Management screen pane with summary information presented.
From the Merchandising Server Administration Console, navigate to:
25
26
Deliveries > Create/Edit
Page 61
Configuring Merchandising Server Screenshot
Description
27
On the General tab, provide the following information for a Merchandising Server Delivery: Delivery name Evaluation Order Silent Install (Boolean value: yes/no) Check for updates (optional) Completion text (optional) Support email address (optional) Support phone number (optional) GoToAssist sever (optional)
28
On the Plug-Ins tab, Click Add
Select the radio buttons of the Plug-Ins to be included.
Once selections have been specified, click Add
29
Page 62
Configuring Merchandising Server Screenshot
Description
30
Click the Configuration tab
Ensure that there is a value provided in the field labeled: Address of the XenApp Server hosting the XenApp Services which will be the same as the Path value provided in Step 2 of Configuration – Citrix Web Interface
31
Click the Rules tab
To add a delivery rule, click Add
Select a delivery rule by clicking the radio buttom associated with the rule desired.
To add a delivery rule, click Add
32
Page 63
Configuring Merchandising Server Screenshot
Description
33
Validate the delivery rule has been selected. If successfully selected the desired rule will appear in the Rules pane in the Merchandising Server Administrator Console.
Click the Schedule tab.
Specify a schedule if one is desired.
Click Schedule to proceed.
Validate that the delivery has been entered into the Merchandising Server and scheduled.
If successful, the delivery will appear in the Deliveries pane with a green background.
34
35
Page 64
Configuring Merchandising Server Screenshot
Description
36
Upon successful validation of Delivery creation, log off of the Merchandising Server Administrator Console by Clicking the Log off link in the upper right hand corner of the browser window.
Pooled Desktop Image Creating a Pooled Desktop Image Virtual Machine Creating a Desktop Image VM Screenshot
Description
Prerequisites for a Desktop Image Virtual Machine suitable for XenDesktop Ensure that there is a XenServer host with sufficient memory and CPU resources available to host a Windows 7 Virtual Machine. Recommended configuration is: 2 Virtual CPUs and 2048 Mb. of Memory. A Workstation running XenCenter in order to manage the creation of the Virtual Machine.
1
From a management workstation, launch XenCenter and connect to an environment that the Pooled Desktop Virtual Machine will be hosted.
Page 65
Creating a Desktop Image VM Screenshot
Description
2
Select the XenServer host that will contain the Pooled image Virtual Machine.
Right click and select New VM…
On the Select a VM template screen, scroll through the selections and choose Windows 7 (64 bit)
3
***NOTE*** The selection in this step will vary on the desired OS for the Virtual Desktops required by the enterprise.
Click Next to continue. .
Page 66
Creating a Desktop Image VM Screenshot
Description
4
Provide a Name and Description for the Master Image virtual machine.
Click Next to continue.
Specify the Operating System media location.
For the purposes of this guide, select the radio button labeled Install from ISO library or DVD drive:
Specify the ISO or media file containing the OS installation files.
Click Next to continue
Mark the radio button labeled Pace the VM on this server.
Choose the XenServer that the VM will be hosted on.
Click Next to continue
5
6
Page 67
Creating a Desktop Image VM Screenshot
Description
7
Specify the desired vCPU and Memory resources to allocate to this virtual machine.
Click Next to continue
Select the desired storage location for this virtual machine.
Click Next to continue
Configure the Virtual Network Interfaces per specific enterprise standards.
Click Next to continue
8
9
Page 68
Creating a Desktop Image VM Screenshot
Description
10
Review the summary screen to ensure accuracy of all settings.
Ensure that the checkbox marked Start the new VM automatically is selected
Once all settings have been validated, click Finish to allow XenServer to create the virtual machine.
In XenCenter, select the XenServer machine specified to host the master image virtual machine.
Navigate to the Logs tab to monitor the progress of the virtual machine creation.
Ensure that the checkbox marked Start the new VM automatically is selected
11
Once all settings have been validated, click Finish to allow XenServer to create the virtual machine. 12
If no errors occur during virtual machine creation, the new virtual machine will be viewable in the navigation tree in XenCenter.
Page 69
Creating a Desktop Image VM Screenshot
Description
13
Select the new virtual machine and navigate to the Console tab.
Proceed with the installation of the OS and all required software before shutting down the virtual machine.
Page 70
Citrix User Profile Manager Citrix User Profile Manager - Client Side Installation Citrix User Profile Manager – Client Side Installation Screenshot
Description
1
Connect and authenticate to the machine that will be is the Master image.
**NOTE** If using a service account to install the Desktop Controller, ensure that the user account has elevated privileges. Consult with Active Directory Administrators to ensure compliance with specific enterprise account standards.
2
Navigate to the path where the installation files for Citrix User Profile Manager are located.
Launch the appropriate installer for the Windows OS type For the purposes of this scenario, a 64-bit version of Windows 7 has been selected as the Master Image. Therefore, right click profilemgt3.2.2_x64 and select Install
3
The Citrix Profile Management Setup screen will launch.
Proceed with the installation by clicking Next
Page 71
Citrix User Profile Manager – Client Side Installation Screenshot
Description
4
Read through the entire End-User License Agreement
Check the box marked I accept the terms in the License Agreement.
Click Next to continue.
Specify the path to install Citrix User Profile Manager.
5
**NOTE** The default is C:\Program Files\Citrix\User Profile Manager and should be used for the majority of installations. Change this value only if relevant reason to do so exists.
6
Allow the Summary screen to appear.
Click Install to allow Citrix Profile Management to install
Page 72
Citrix User Profile Manager – Client Side Installation Screenshot
Description
7
The Citrix Profile Management setup will begin installing on the local filesystem. Allow it to proceed to completion.
Once installation to the filesystem has completed, a final acknowledgement screen will be presented.
Click Finish to complete the client installation
The installer will require a reboot of the Windows 7 Master Image.
Click Yes to allow the workstation to reboot.
8
9
***NOTE*** The Windows 7 workstation will automatically reboot upon clicking Yes. Ensure that any unsaved work is saved prior to executig this step.
Page 73
Citrix User Profile Manager - Server Side Configuration
Citrix User Profile Manager Server Side Configurations Screenshot
Description
Prerequisites for Citrix Profile Management Server Side Configuration Citrix User Profile Management software. Version 3.2.2 will be utilized for this scenario A network path to store user profiles Workstation or Server running Group Policy Management administrative console.
1
Connect and authenticate to the machine selected to house Group Policy Management console.
From the Start Menu, launch Group Policy Management. The full path will be:
2
Start > Administrative Tools > Group Policy Management
Page 74
Citrix User Profile Manager Server Side Configurations Screenshot
Description
3
Navigate to the Organizational Unit (OU) where Virtual Desktop accounts will be created. ***NOTE*** The location of Virtual Desktop Computer objects varies widely based on enterprise requirements. Work closely with Active Directory Administrators to determine the best location for this specific environment.
Right Click on the OU and select Create a GPO in this domain, and Link it here…
Specify a Name for this policy. It is not necessary to specify a Source Starter GPO.
4
Click OK to create the Group Policy Object that is linked to the OU containing the Virtual Desktop Computer objects.
5
Once the Group Policy Object has been created, right click the name of the object and select Edit ***NOTE*** If this is the first time that the Group Policy Object is selected for editing, an advisory message may be presented by Group Policy Management Console. This message states that the changes being madewill impact all objects that are linked to this Group Policy Object. Acknowledge this message by clicking OK.
Page 75
Citrix User Profile Manager Server Side Configurations Screenshot
Description
6
Expand the navigation tree in Group Policy Management Editor to the following path: Computer Configuration > Policies > Administrative Templates
Right click Administrative Templates and click Add/Remove Templates
Click Add in the Add/Remove Templates box
Navigate to the path where Citrix Profile Management installation files are located.
Open the folder where the ADM Templates are located. The typical path for ADM Templates is:
7
8
ProfileMgmt-3.2.2\ADM_Templates\en
Select the Citrix Profile Management ADM file. The filename will be ctxprofile3.2.0.adm
Click Open to import the ADM file into the Add/Remove Templates dialogue box.
Page 76
Citrix User Profile Manager Server Side Configurations Screenshot
Description
9
Click Close to import the Citrix Policy ADM template into Group Policy Management Editor. The ADM Template will now be imported
10
Navigate to the path of the Citrix Profile Management ADM Template. Default path is: Computer Configuration > Policies > Administrative Templates > Classic Administrative Templates > Citrix > Profile Management
Right click the setting for Enable Profile management and select Edit
Configure the policy setting by selecting the Enable radio button.
Click Apply to put the policy into effect
Click OK to accept the changes to policy and return to the Group Policy Management Editor.
11
Page 77
Citrix User Profile Manager Server Side Configurations Screenshot
Description
12
In the same path, right click the setting for Path to user store and select Edit
Configure the policy setting by selecting the Enable radio button.
In the Options area, provide an absolute path or path to the location where user profiles will be stored.
Click Apply to put the policy into effect
Click OK to accept the changes to policy and return to the Group Policy Management Editor.
Navigate to the path of the Citrix Profile Management ADM Template. Default path is:
13
14
Computer Configuration > Policies > Administrative Templates > Classic Administrative Templates > Citrix > Profile Management > Streamed user profiles
Right click the setting for Profile streaming and select Edit
Page 78
Citrix User Profile Manager Server Side Configurations Screenshot
Description
15
Configure the policy setting by selecting the Enable radio button.
Click Apply to put the policy into effect
Click OK to accept the changes to policy.
Close out the Group Policy Management Editor & exit from Group Policy Management.
Page 79
Policies Configuration – Base Active Directory Policy Windows 7 Desktop Optimizations Screenshot
Description ***CAUTION*** The following sub-section contains optimizations that may not be advisable for all enterprises. Review the contents of Citrix Knowledge Base article CTX127050 with the Enterprise IT team carefully before implementing changes. All registry setting changes present risk. Modifying the registry incorrectly can cause serious problems that may require reinstallation of the operating system. Ensure proper best practices are followed before making any changes, including but not limited to backing up the registry or disk image before making changes. Disabling services may alter behavior of certain windows features and installed software. Ensure thorough testing of all application features is performed prior to deploying to a Production environment.
1
Connect and authenticate to the machine on housing Group Policy Management console.
From the Start Menu, launch Group Policy Management. The full path will be:
2
Start > Administrative Tools > Group Policy Management
Page 80
Windows 7 Desktop Optimizations Screenshot
Description
3
Navigate to the Organizational Unit (OU) where Virtual Desktop accounts will be created. ***NOTE*** The location of Virtual Desktop Computer objects varies widely based on enterprise requirements. Work closely with Active Directory Administrators to determine the best location for this specific environment.
Right Click on the OU and select Create a GPO in this domain, and Link it here…
Specify a Name for the policy. It is not necessary to specify a Source Starter GPO.
Click OK to create the Group Policy Object that is linked to the OU containing the Virtual Desktop Computer objects.
Once the Group Policy Object has been created, right click the name of the object and select Edit
4
5
***NOTE*** If this is the first time selecting this Group Policy Object for editing, an advisory message may be presented by Group Policy Management Console. This message states that the changes being made will impact all objects that are linked to this Group Policy Object. Acknowledge this message by clicking OK.
Page 81
Windows 7 Desktop Optimizations Screenshot
Description
6
Expand the navigation tree in Group Policy Management Editor to the following path: Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Error Reporting
Right click the setting for Disable Windows Error Reporting and select Edit.
Configure the policy setting by selecting the Enable radio button.
Click Apply to put the policy into effect
Click OK to accept the changes to policy and return to the Group Policy Management Editor.
Expand the navigation tree in Group Policy Management Editor to the following path:
7
8
Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update
Right click the setting for Configure Automatic Updates and select Edit.
Page 82
Windows 7 Desktop Optimizations Screenshot
Description
9
Configure the policy setting by selecting the Disable radio button.
Click Apply to put the policy into effect
Click OK to accept the changes to policy and return to the Group Policy Management Editor.
Expand the navigation tree in Group Policy Management Editor to the following path:
10
Computer Configuration > Policies > Administrative Templates > System > System Restore
Right click the setting for Turn off System Restore and select Edit.
Configure the policy setting by selecting the Enable radio button.
Click Apply to put the policy into effect
Click OK to accept the changes to policy and return to the Group Policy Management Editor.
11
Page 83
Windows 7 Desktop Optimizations Screenshot
Description
12
Expand the navigation tree in Group Policy Management Editor to the following path: User Configuration > Policies > Administrative Templates > Control Panel > Personalization
Right click the setting for Enable Screen Saver and select Edit.
Configure the policy setting by selecting the Enable radio button.
Click Apply to put the policy into effect
Click OK to accept the changes to policy and return to the Group Policy Management Editor.
Repeat Step 12 and 13 for the following Group Policies under Personalization
13
14
Prevent changing screen saver: Enabled Password protect screen saver: Enabled Screen saver timeout: Enabled: 600 seconds Force specific screen saver: Enabled Configurating a specific screen saver: scrnsave.scr
Page 84
Windows 7 Desktop Optimizations Screenshot
Description
15
Expand the navigation tree in Group Policy Management Editor to the following path: Computer Configuration > Preferences > Windows Settings > Registry
Click the Add a new item icon to create a new entry.
Configure the New Registry Properties for Disable Last Access Timestamp as follows:
16
Action: Hive:
Update HKEY_LOCAL_MACHINE
17
Use the tree browser to navigate to the following Registry Key Path: SYSTEM > CurrentControlSet > Control > FileSystem > NtfsDisableLastAccessUpdate
Click Select to modify settings for this Registry Key
Page 85
Windows 7 Desktop Optimizations Screenshot
Description
18
Configure the New Registry Properties for Disable Last Access Timestamp as follows: Value Type: Value data: Base:
REG_DWORD 00000001 Hexadecimal
Click OK to save settings for this Registry Key
Expand the navigation tree in Group Policy Management Editor to the following path:
19
Computer Configuration > Preferences > Windows Settings > Registry
Click the Add a new item icon to create a new entry.
Configure the New Registry Properties for Disable Large Send Offload as follows:
20
Action: Hive:
Create HKEY_LOCAL_MACHINE
Page 86
Windows 7 Desktop Optimizations Screenshot
Description
21
Enter the following value in the Key Path: SYSTEM\CurrentControlSet\Services\BNNS\ Parameters
Configure the Properties as follows: Value Name: Value type: Value data: Base:
22
EnableOffload REG_DWORD 00000000 Hexadecimal
Click Apply and then OK to save settings for this Registry Key.
***NOTE*** As Windows 7 Installation methods and features for various enterprises can vary, the following step contains a list of Registry Key additions and updates that should be made to optimize the base image for XenDesktop. As such, System Administrators should validate whether the following keys exist or not in the base image using regedit, then use the procedure outlined in Steps 15 – 18 to add registry keys *OR* Steps 19 – 21 to update registry keys for the following entries:
Disable TCP/IP Offload
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ Parameters] "DisableTaskOffload"=dword:00000001
Increase Service Startup Timeout
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control] "ServicesPipeTimeout"=dword:0002bf20
Hide Hard Error Messages
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows] "ErrorMode"=dword:00000002
Disable CIFS Change Notifications
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Policies\Explorer]"NoRemoteRecursiveEvents"=dword:00000001
Disable Logon Screensaver
[HKEY_USERS\.DEFAULT\Control Panel\Desktop] "ScreenSaveActive"="0"
Disable Clear Page File at Shutdown
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management] "ClearPageFileAtShutdown"=dword:00000000
Page 87
Windows 7 Desktop Optimizations Screenshot 22
Description
(Step 22 Continued from prior page)
Disable Offline Files
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ NetCache] "Enabled"=dword:00000000
Disable Background Defragmentation
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction] "Enable"="N"
Disable Background Layout Service
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ OptimalLayout] "EnableAutoLayout"=dword:00000000
Disable Bug Check Memory Dump
[HKLM\SYSTEM\CurrentControlSet\Control\CrashControl] “CrashDumpEnabled"= dword:00000000 "LogEvent"=dword:00000000 "SendAlert"=dword:00000000
Disable Hibernation
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ Session Manager\Power] "Heuristics"=hex:05,00,00,00,00,01,00,00,00,00,00,00,00,00,00,00,3f,42,0f,00
Disable Memory Dumps
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl] "CrashDumpEnabled"=dword:00000000 "LogEvent"=dword:00000000 "SendAlert"=dword:00000000
Disable Mach. Acct. Password Changes
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\ Parameters] "DisablePasswordChange"=dword:00000001
Redirect Event Logs
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application] "File"="D:\EventLogs\Application.evtx" [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security] "File"="D:\EventLogs\Security.evtx" [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\System] "File"="D:\EventLogs\System.evtx"
Reduce Event Log Size to 64K
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application] "MaxSize"=dword:00010000 [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security] "MaxSize"=dword:00010000 [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\System] "MaxSize"=dword:00010000
Disable Move to Recycle Bin
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Explorer\BitBucket] "UseGlobalSettings"=dword:00000001 "NukeOnDelete"=dword:00000001
Force Offscreen Composition for Internet Explorer [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Force Offscreen Composition"=dword:00000001
Page 88
Windows 7 Desktop Optimizations Screenshot 22
Description
(Step 22 Continued from prior page)
Reduce Menu Show Delay
[HKEY_CURRENT_USER\Control Panel\Desktop] "MenuShowDelay"="150"
Disable all Visual Effects except "Use common tasks in folders" and "Use visual styles on windows and buttons" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Explorer\VisualEffects] "VisualFXSetting"=dword:00000003 [HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics] "MinAnimate"="0" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \Explorer\Advanced] "ListviewAlphaSelect"=dword:00000000 "TaskbarAnimations"=dword:00000000 "ListviewWatermark"=dword:00000000 "ListviewShadow"=dword:00000000 [HKEY_CURRENT_USER\Control Panel\Desktop] "DragFullWindows"="0" "FontSmoothing"="0" "UserPreferencesMask"=binary:90,12,01,80 ,10,00,00,00
Page 89
Configuration – Optimized Desktop Policy Windows 7 Desktop Optimizations Screenshot
Description
1 In XenCenter, select the Master Image VM
In the DVD Drive1 area for the VM, select xstools.iso to mount the XenServer Tools media.
Connect and authenticate to the machine that will be the Master image.
Open My Computer and navigate to the DVDRom
Right Click the XenServer Tools Media and select Open AutoPlay
Select Run xensetup.exe from the AutoPlay prompt
2
3
Page 90
Windows 7 Desktop Optimizations Screenshot
Description
4
Accept the term of the License Agreement by checking I accept the terms in the License Agreement and clicking Next
Select the path XenServer Tools will be installed to. The default will be C:\Program Files (x86)\Citrix\XenTools
After the install location has been specified, click Install to begin the process of installing XenServer Tools
Allow the installation program to proceed to completion.
5
6
Page 91
Windows 7 Desktop Optimizations Screenshot
Description
7
When the installation has completed, select Reboot now and click Finish. ***NOTE*** The Windows 7 workstation will automatically reboot upon clicking Finish. Ensure that any unsaved work is saved prior to completing this step.
8
Once the Client VM has fully rebooted, in XenCenter, select the Master Image VM
In the DVD Drive1, locate and specific the file containing XenDesktop 5 media.
Connect and authenticate to the machine that will be the Master image.
9
Page 92
Windows 7 Desktop Optimizations Screenshot
Description
10
Open My Computer and navigate to the DVDRom
Right Click the XenDesktop media select Open AutoPlay
Select Run AutoSelect.exe from the AutoPlay prompt
Select Install Virtual Desktop Agent
11
**NOTE**
Ensure that the user account being used to install the XenDesktop Virtual Desktop Agent has elevated privileges.
Select Advanced Install at the screen to select the type of installation.
12
Page 93
Windows 7 Desktop Optimizations Screenshot
Description
13
**NOTE** In this enterprise scenario, all applications will be installed locally. Therefore, XenApp Application Delivery plug-ins will not be required.
14
Uncheck the box marked Support for XenApp Application Delivery
Verify that the install location for the Virtual Desktop Agent is appropriate for the environment. The default will be C:\Program Files\Citrix
Once the installation location is verified, click Next to begin the Virtual Desktop Agent installation.
**NOTE** In this enterprise scenario, the Desktop Controllers will be configured into the Virtual Desktop Agent. This can be done at a later time by using Group Policy or the setup wizard.
Select the radio button labeled Manually enter controller location(s)
In the input box, specific the fully qualified domain name (e.g. controller1.domain.com) of the Desktop Controllers configured earlier in this guide. If there are multiple controllers, enter each controller’s fully qualified domain name separated by a space.
Click Check to allow the setup wizard to validate the network presence of the specified controllers. This check does not validate whether the FQDN provided is actually a Controller, so ensure that the actual Desktop Controllers is specified and not another server.
Once the Desktop Controllers are verified, click Next to proceed to the next step in the Virtual Desktop Agent installation.
Page 94
Windows 7 Desktop Optimizations Screenshot
Description
15
Validate all settings for the Virtual Desktop Agent Configuration. Default settings will have the following checked (enabled): XenDesktop Controller Communications Optimze XenDesktop Performance User Desktop Shadowing Real Time Monitoring
**NOTE** These settings will create various exceptions for ports in Windows Firewall. Consult with the Desktop Security team to ensure that settings comply with enterprise standards. Refer to the Citrix Knowledgebase article CTX126969 for more information regarding these settings.
Once all settings have been validated, click Next to proceed to installation Summary validation for the XenDesktop Virtual Desktop Agent.
Review the installation Summary for accuracy of Intstall Location and Components.
If the Summary is correct, click Install to proceed with the installation
16
Page 95
Windows 7 Desktop Optimizations Screenshot
Description
17
Allow the wizard to install components and perform post install validation.
Upon successful completion of the wizard, a screen will be presented showing which components were installed. Validate that the XenDesktop Virtual Desktop Agent is presented.
Ensure that the checkbox marked Restart Machine (required to complete install) is selected and click Close to end the installation of the XenDesktop Virtual Desktop Agent.
18
***NOTE*** The Windows 7 workstation will automatically restart upon clicking Close. Ensure that any unsaved work is saved prior to clicking Close.
Page 96
Windows 7 Desktop Optimizations Screenshot
Description ***CAUTION*** The following sub-section contains optimizations that may not be advisable for all enterprise environments. Review the contents of Citrix Knowledge Base article CTX127050 with the Enterprise IT team carefully before implementing changes. All registry setting changes present risk. Modifying the registry incorrectly can cause serious problems that may require reinstallation of the operating system. Ensure proper best practices are followed before making any changes, including but not limited to backing up the registry or disk image before making changes. Disabling services may alter behavior of certain windows features and installed software. Ensure thorough testing of all application features is performed prior to deploying to a Production environment.
19
Connect and authenticate to the machine that is the Master Image VM.
From the Start Menu, launch the Services MMC Snap-In by typing Services.msc from the Search Bar and hitting Enter
20
Page 97
Windows 7 Desktop Optimizations Screenshot
Description
21
From the Services MMC Snap-In, locate the Background Intelligent Transfer Service service and double-click it in the Name area.
Configure the service properties for Background Intelligent Transfer Service as follows: Startup type: Service status:
Disabled Stop Service
***NOTE*** The Service status may be grayed out if the service is not running. Simply ensure that the status is Stopped in this field.
Click Apply and then OK to save settings for this Service
From the Services MMC Snap-In, locate the Desktop Windows Manager Session Manager service and double-click it in the Name area.
Configure the service properties for Desktop Windows Manager Session Manager as follows:
22
Startup type: Service status:
Disabled Stop Service
***NOTE*** The Service status may be grayed out if the service is not running. Simply ensure that the status is Stopped in this field.
Click Apply and then OK to save settings for this Service
From the Services MMC Snap-In, locate the Function Discovery Resource Publication service and double-click it in the Name area.
Configure the service properties for Function Discovery Resource Publication as follows:
23
Startup type: Service status:
Disabled Stop Service
***NOTE*** The Service status may be grayed out if the service is not running. Simply ensure that the status is Stopped in this field.
Click Apply and then OK to save settings for this Service
Page 98
Windows 7 Desktop Optimizations Screenshot
Description
24
From the Services MMC Snap-In, locate the HomeGroup listener service and double-click it in the Name area.
Configure the service properties for HomeGroup listener as follows: Startup type: Service status:
Disabled Stop Service
***NOTE*** The Service status may be grayed out if the service is not running. Simply ensure that the status is Stopped in this field.
Click Apply and then OK to save settings for this Service
From the Services MMC Snap-In, locate the HomeGroup provider service and double-click it in the Name area.
Configure the service properties for HomeGroup provider as follows:
25
Startup type: Service status:
Disabled Stop Service
***NOTE*** The Service status may be grayed out if the service is not running. Simply ensure that the status is Stopped in this field.
Click Apply and then OK to save settings for this Service
From the Services MMC Snap-In, locate the Windows Search service and double-click it in the Name area.
Configure the service properties for Windows Search as follows:
26
Startup type: Service status:
Disabled Stop Service
***NOTE*** The Service status may be grayed out if the service is not running. Simply ensure that the status is Stopped in this field.
Click Apply and then OK to save settings for this Service
Page 99
Windows 7 Desktop Optimizations Screenshot
Description
27
From the Services MMC Snap-In, locate the Security Center service and double-click it in the Name area.
Configure the service properties for Security Center as follows: Startup type: Service status:
Disabled Stop Service
***NOTE*** The Service status may be grayed out if the service is not running. Simply ensure that the status is Stopped in this field.
Click Apply and then OK to save settings for this Service
From the Services MMC Snap-In, locate the SuperFetch service and double-click it in the Name area.
Configure the service properties for SuperFetch as follows:
28
Startup type: Service status:
Disabled Stop Service
***NOTE*** The Service status may be grayed out if the service is not running. Simply ensure that the status is Stopped in this field.
Click Apply and then OK to save settings for this Service
From the Services MMC Snap-In, locate the Themes service and double-click it in the Name area.
Configure the service properties for Themes as follows:
29
Startup type: Service status:
Disabled Stop Service
***NOTE*** The Service status may be grayed out if the service is not running. Simply ensure that the status is Stopped in this field.
Click Apply and then OK to save settings for this Service
Page 100
Windows 7 Desktop Optimizations Screenshot
Description
30
From the Services MMC Snap-In, locate the Windows Defender service and double-click it in the Name area.
Configure the service properties for Windows Defender as follows: Startup type: Service status:
Disabled Stop Service
***NOTE*** The Service status may be grayed out if the service is not running. Simply ensure that the status is Stopped in this field.
Click Apply and then OK to save settings for this Service
From the Services MMC Snap-In, locate the Windows Media Player Sharing Service service and double-click it in the Name area.
Configure the service properties for Windows Media Player Sharing Service as follows:
31
Startup type: Service status:
Disabled Stop Service
***NOTE*** The Service status may be grayed out if the service is not running. Simply ensure that the status is Stopped in this field.
Click Apply and then OK to save settings for this Service
From the Start Menu, launch the Command Line by typing CMD from the Search Bar and hitting Enter
32
**NOTE** Ensure that the user account being used to perform the following optimizations is entitled elevated privileges.
Page 101
Windows 7 Desktop Optimizations Screenshot
Description
33
At the Command Line prompt, type the following: bcdedit /set bootux disabled
Hit Enter to execute the command
If the operation is successful, close Command Line by clicking the “X” in the upper right corner of the window
Navigate to the Programs and Features from the Control Panel
Click Turn Windows features on or off
Ensure the following Windows Features are unchecked:
34
35
Media Features > Windows DVD Maker Media Features > Windows Media Center Tablet PC Components
Click OK to uninstall features. This may take time to execute and will require a restart of the workstation once complete. ***NOTE*** The Windows 7 workstation will automatically restart upon clicking Restart Now. Ensure that any unsaved work is saved prior to clicking Close.
Page 102
Windows 7 Desktop Optimizations Screenshot
Description
36
Connect and authenticate to the machine that will be the Master image.
**NOTE** Ensure that the user account being used login to perform the following optimizations has elevated privileges.
37
Navigate to System Properties by going to Control Panel > System > Advanced System Settings
**NOTE** Ensure that the user account being used login to perform the following optimizations has elevated privileges.
38
In the Performance area, click Settings
Navigate to the Advanced tab
Click Change in the Virtual Memory Settings area
Page 103
Windows 7 Desktop Optimizations Screenshot
Description
39
Uncheck Automatically manage paging file size for all drives
Select the radio button marked Custom Size
Click Change in the Virtual Memory Settings area and enter *THE EXACT SAME* value for Initial size and Maximum size. ***NOTE*** The hardcoded values for ther page file are determined by many factors including Memory Resources available to the vm and application profile that is run on the virtual desktop. This setting varies widely from customer to customer. Incorrectly determining this value can result in system instability. Consult with Desktop Administrators and thoroughly test this setting before determining and implementing in a production environment.
40
Click OK to allow the computer to reboot.
***NOTE*** The Windows 7 workstation will automatically restart upon clicking Restart Now. Ensure that any unsaved work is saved prior to clicking Close. 41
Connect and authenticate to the machine that will be the Master image.
**NOTE** Ensure that the user account being used login to perform the following optimizations has elevated privileges.
Page 104
Windows 7 Desktop Optimizations Screenshot
Description
42
Run the following Windows Tools in order to prepare the Master Image to join the domain. Windows Disk Cleanup Windows Disk Defragmenter
Optimize the Antivirus program to scan writes and disable the scheduled scans. The base image should be scanned before being deployed within production.
**NOTE** Ensure that the user account being used login to perform the following optimizations has elevated privileges.
43
Once all optimizations have been completed, join the Master Image to the Domain. The procedure to join a machine to the Domain varies by enterprise and can be done in multiple ways. Choose the procedure that is approved by the enterprise, ensuring that the Master Image Computer account in an OU that will have all appropriate Group Policy applied.
Page 105
Citrix Access Gateway Enterprise Edition Importing NetScaler Appliance Citrix Access Gateway Pre-requisites Screenshot
Description
1
Launch XenCenter and connect to an environment that Merchandising Server will be hosted.
Click File and then Import to begin the procedure to import the appliance
Click Browse to navigate to the location of the NetScaler Appliance location. Select the xva file and click Open
Returning to the Import screen, click Next to continue
Click Browse to navigate to the location of the NetScaler Appliance location. Select the xva file and click Open
Returning to the Import screen, click Next to continue
2
3
Page 106
Citrix Access Gateway Pre-requisites Screenshot
Description
4
Select the Storage Repository to be used for the NetScaler VPX VM.
Click Next to continue
Select the Network Interface for the NetScaler VPX VM.
Click Next to continue
Review the summary screen for accuracy
Ensure that the checkbox marked Start VM after Import is selected.
Click Finish to begin importing the VM.
Allow the VM to import completely
5
6
Page 107
Installation of Citrix Access Gateway Enterprise Edition Citrix Access Gateway Pre-requisites Screenshot
Description
7
Once the VM has imported, switch to the Console for the VM.
Begin following the onscreen instructions to perform basic configuration of the NetScaler VPX
Provide the following information to the VPX per on-screen instructions:
8
IPv4 Address Network Mask (Subnet Mask) Gateway Address (IPv4)
9
Once the last network setting has been provided, a summary screen will be presented. Review for accuracy
Press 4 to save settings on the NetScaler and reboot the device
Watch the console and await the VM state to be Up
Once the State is Up, launch a web browser
10
Page 108
Citrix Access Gateway Pre-requisites Screenshot
Description
11
In the URL area of the Web Browser, navigate to the IP address for the NetScaler VPX.
Authenticate using default credentials: User Name: Password:
nsroot nsroot
12
Upon authenticating to the VPX, a Setup Wizard will be launched validating and configuring the VM.
Click Next to continue
Confirm the networking addresses provided earlier.
Provide a Host Name
Ensure appropriate values are entered into the MIP/SNIP Configuration.
13
***NOTE*** The MIP/SNIP address will be what is used to communicate with XenDesktop Controllers. Ensure that routing and firewall configurations allow network communications to occur on this IP address.
Click Next to continue
Page 109
Citrix Access Gateway Pre-requisites Screenshot
Description
14
In the Chose Application, select the radio button marked Skip this Step
Click the hyperlink marked Manage Licenses
In the license dialog box, click Add to add the license file to the NetScaler device
Browse to the location of the license file.
Choose the license file and click Select to continue
15
16
Page 110
Citrix Access Gateway Pre-requisites Screenshot
Description
17
Importing the license fill will require the NetScaler device to reboot. Click Yes to allow the device to reboot
The Web Browser will need to be closed and restarted once the license file import reboot is processed. Close the Web Browser by clicking the X in the upper right corner
Return to XenCenter and find the NetScaler VM
Go to the Console tab to monitor the progress of the NetScaler reboot procedure
Await the NetScaler displaying its State as Up
Launch a Web Browser and return to the IP address of the NetScaler. Authenticate with nsroot / nsroot
The Setup Wizard will launch again at the starting point. Validate the settings and click Next on each screen to return to the point in the installation prior to the the reboot.
The screen after license import will be a Summary screen. Validate all settings at the Summary and click Exit to complete NetScaler setup
18
19
20
Page 111
Citrix Access Gateway Pre-requisites Screenshot
Description
21
In the Setup User Interface for NetScaler, navigate to NetScaler VPX {IP_ADDRESS} > System > Licenses
Validate that the Access Gateway displays the icon
22
In the Setup User Interface for NetScaler, navigate to: NetScaler VPX {IP_ADDRESS} > Access Gateway
Right-click Access Gateway and click Enable Access Gateway Feature
Page 112
Creating A Request, Key, and Certificate Creating A Request, Key, and Certificate Screenshot
Description
1
In the URL area of the Web Browser, navigate to the IP address for the NetScaler VPX.
Authenticate using default credentials: User Name: Password:
nsroot nsroot
2
In the Setup User Interface for NetScaler, navigate to NetScaler VPX {IP_ADDRESS} > SSL
Page 113
Creating A Request, Key, and Certificate Screenshot
Description
3
From the SSL Pane, click the link marked Create RSA Key
Populate the following required fields:
4
Key Filename – specify a file name Key Size - specify 1024 Public Exponent Value – select F4 Key Format – select PEM PEM Encoding Algorithm – select DES3 PEM Passphrase – specify a passphrase and verify
Once required fields have been populated, click Create.
Click Close to return to the SSL configuration pane.
From the SSL Pane, click the link marked Create CSR (Certifcate Signing Request)
5
Page 114
Creating A Request, Key, and Certificate Screenshot
Description
6
Provide the following items or required information: Request File Name
Click Browse in the Key File Name area. Using the file browser, select the key file created in Step 5
Provide the following items or required information: Key Format - select PEM PEM Passphrase – specify the passphrase created in Step 4 Distinguished Name Fields – specify all relevant fields
Leave the Attribute Fields blank.
Once all required fields have been populated, click Create.
Click Close to return to the SSL configuration pane.
Open a new Web Browser window
Navigate to the URL of the enterprise certificate authority.
Authenticate with domain credentials
7
Page 115
Creating A Request, Key, and Certificate Screenshot
Description
8
From the Microsoft Active Directory Certificate Services web page, click the hyperlink labeled Request A Certificate
From the Request A Certificate page, click the hyperlink labeled advanced certificate request
On the Advanced Certificate Request web page, select the hyperlink labeled Submit a certificate request by using base64-encoded CMC or PKCS #10 file, or submit a renewal rqust using a base-64encoded PKCS #7 file
9
10
Page 116
Creating A Request, Key, and Certificate Screenshot
Description
11
Using an FTP Program or Secure Shell (SSH) application, navigate to the path of the Certificate Request file that was submitted in Step 6.
Open or view in order to see the entire request string.
Copy the entire Certificate Request string to the clip-board, ensuring that the contents starting with: -----BEGIN NEW CERTIFICATE REQUEST---and -----END NEW CERTIFICATE REQUEST----are included in the string copied to the clipboard.
Return to the web browser with the Microsoft Active Directory Certificate Services page open.
Paste the entire string copied to the clipboard in Step 11 in the field labeled Base-64-encoded certificate request (CMC or PKCS#10 or PKCS #7)
In the field marked Certificate Template, select Web Server
Click Submit to proceed.
A new certificate will now be available to download.
Ensure that the Base 64 encoded radio button is selected.
Click the Download Certificate hyperlink
12
13
Page 117
Creating A Request, Key, and Certificate Screenshot
Description
14
Save the certificate to a known location on the filesystem and proceed to the section labeled Configuring Citrix Access Gateway Enterprise Edition
Configuring Citrix Access Gateway Enterprise Edition Configuring Citrix Access Gateway Enterprise Edition Screenshot
Description
1
In the URL area of the Web Browser, navigate to the IP address for the NetScaler VPX.
Authenticate using default credentials: User Name: Password:
nsroot nsroot
2
In the Setup User Interface for NetScaler, navigate to NetScaler VPX {IP_ADDRESS} > Access Gateway
Page 118
Configuring Citrix Access Gateway Enterprise Edition Screenshot
Description
3
In the Access Gateway pane, click the Access Gateway Wizard link
Review the Welcome Screen.
Click Next to continue
4
Page 119
Configuring Citrix Access Gateway Enterprise Edition Screenshot
Description
5
Select the radio button labeled New in order to create a new virtual server for Citrix Access Gateway Enterprise Edition.
Specify the following information for the virtual server: IP Address – specify an available static IP address Port – ensure that the value is 443 Virtual Server Name – provide a name ***NOTE*** Work with enterprise Network Administrators to ensure remote access to this IP address is possible. Configuring enterprise remote access is beyond the scope of this document
Once all required information has been provided, click Next to continue.
In the Certificate Options drop down of the Access Gateway Wizard, select the value marked Install a signed certificate and private key
Provide a value in the Certificate-Key Pair Name
In the field labeled Certificate File Name, click the Browse button and select Local
6
7
Page 120
Configuring Citrix Access Gateway Enterprise Edition Screenshot
Description
8
Using the directory browser, navigate to the local filesystem path where the certificate generated in Step 14 of Creating a Request, Key, and Certificate.
Select the certificate file and click Open
At the Access Gateway Wizard screen, locate the field area labeled Private Key File Name.
Click the Browse button and select Appliance
Using the directory browser, navigate to the local filesystem path where the key file generated in Step 4 of Creating a Request, Key, and Certificate.
Highlight the key file and click Select
9
10
Page 121
Configuring Citrix Access Gateway Enterprise Edition Screenshot
Description
11
At the Access Gateway Wizard screen, provide the key file password which was specified on Step 4 of Creating a Request, Key, and Certificate
Ensure that the radio button marked PEM is selected.
Click Next to continue
On the Name Service Providers screen, provide the IP address of a DNS server in the Configured DNS Server field
Select DNS in the Name Lookup Priority field.
Click Next to continue
In the Configure Authentication screen, select LDAP in the Select an authentication type
Specify the following information associated with Active Directory :
12
13
IP Address Port – typically 389 Base DN (i.e. CN=Users, dc=ABC, dc=LOCAL) Administrator Bind DN Administrator Password Confirm Administrator Password
Leave all settings unchanged
Click Next to continue
Page 122
Configuring Citrix Access Gateway Enterprise Edition Screenshot
Description
14
In the Configure Additional Settings screen, ensure that the Configure Authenticate radio button is set to Allow
In the Redirect Requests for Port 80 to a Secure Port area, ensure that the Web Address, specify the address of the Web Interface site for Citrix Access Gateway ***NOTE*** This Web Interface site has yet to be configured. Specify the full URL and reserve for upcoming steps.
Click Next to continue
On the Configure clientless access screen, select the mode of clientless access appropriate for this installation. For the purposes of this guide, select use the Access Gateway Plugin and allow access scenario fallback
Leave all other settings unchanged
Click Next to continue
Review all items on the Summary page.
Click Finish if all settings are appropriate
15
16
Page 123
Configuring Citrix Access Gateway Enterprise Edition Screenshot
Description
17
Allow the setup and configuration of Access Gateway. Once completed, a final summary screen will be presented.
If there are no errors, click Finish to exit from the configuration wizard.
Page 124
Creating a Web Interface Site for Access Gateway Web Interface for Access Gateway Enterprise Edition Screenshot
Description
1
Connect and authenticate to the server selected to run Citrix Web Interface
**NOTE** If using a service account to configure Citrix Web Interface, ensure that the account possesses elevated privileges. Consult with Active Directory Administrators to ensure compliance with specific enterprise account standards.
2
Launch the Web Interface Management console by navigating to: Start > All Programs > Citrix > Management Consoles > Citrix Web Interface Management
3
From the Web Interface Management Console, right click XenApp Web Site and click Create Site
Page 125
Web Interface for Access Gateway Enterprise Edition Screenshot
Description
4
In the Specify IIS Location screen, populate the required fields.
At the Specify Point of Authentication screen, select At Access Gateway in the drop-down.
Provide the Authentication Service URL for the Access Gateway in the required field.
Ensure that the Explicit is selected in the Authentication Options
5
6
Page 126
Web Interface for Access Gateway Enterprise Edition Screenshot
Description
7
Review the Summary screen for the Web Inteface site.
Click Next to continue.
Allow the installation wizard to create the Web Interface site.
Once the site has been created, a summary page will be presented.
Ensure the checkbox marked Configure this site now is selected
8
9
Page 127
Web Interface for Access Gateway Enterprise Edition Screenshot
Description
10
On the Specify Initial Configuration screen, provide a unique Farm Name
Click Add
Specify a server that will be in the farm for this Web Interface site
Click OK
Validate that a farm name has been provided and that a server is specified.
Click Next to continue
11
12
Page 128
Web Interface for Access Gateway Enterprise Edition Screenshot
Description
13
Choose a Logon Screen Appearance by selecting the appropriate radio button.
Click Next to continue
Select the appropriate radio button for the Published Resource Type.
Click Next to continue
Review the summary screen for accuracy.
Once all settings have been validated, click Finish.
14
15
Page 129
Web Interface for Access Gateway Enterprise Edition Screenshot
Description
16
Validate that the Web Interface site has been created by looking to see if it appears in the XenApp Web Sites area.
Once successful validation has occurred, exit from Web Interface Management Console and logoff the Web Interface server.
Desktop Groups Configuration – Desktop Group Creation XenDesktop Group Creation Screenshot
Description
1
Connect and authenticate to the server selected to run the Desktop Controller.
**NOTE** If using a service account to install the Desktop Controller, ensure that the user account has elevated privileges. Consult with Active Directory Administrators to ensure compliance with specific enterprise account standards.
2
Launch Desktop Studio from the Start Menu. Desktop Studio should appear under: Start > All Programs > Citrix > Desktop Studio
Page 130
XenDesktop Group Creation Screenshot
Description
3
From Desktop Studio , select Machine Creation setup.
Select Machine Creation the center pane of Desktop Studio
In Machine Type, select Pooled
For Machine Assignment, select Random
Select ther Master Image VM name expansion tree.
Click Next to continue
4
5
Page 131
XenDesktop Group Creation Screenshot
Description
6
Configure the Site settings as appropriate to this enterprise. Ensure that the correct numbers of VMs are selected and that sufficient resources are available on the XenServer Host to support the desired hardware specifications.
Click Next to continue
Select the Active Directory O-U from the expansion tree to create the Virtual Machine Computer accounts.
Use the naming masks to input a naming convention for the Virtual Machines.
Provide a description for this Desktop Catalog
Validate that the Administrators permitted to use this Catalog is correct
Click Next to continue
7
8
Page 132
XenDesktop Group Creation Screenshot
Description
9
View the Summary and verify all settings
Provide a Catalog name for this XenDesktop Catalog
Click Finish to allow the wizard to create VM account
Allow the Setup Wizard to Copy the master image and complete the installation process
Once the desktop group creation has completed, the wizard will return to Desktop Studio.
Page 133
Configuration – Desktop Group Assignment XenDesktop Group Assignment Screenshot
Description
1
Ensure that machine creation now states as complete in the center of the screen with the correct number of Virtual Desktops created.
In the User Assignment area of Desktop Studio, click Configure to begin the process of assigning users to desktops.
In the Create Desktop Group dialogue, select the Catalog from which to provision Virtual Desktops for Assignment.
Specify the number of machines by entering the value in Add machines textbox.
Click Next to continue
Enter the number of Desktops to be assigned per user and place it in the text box at the bottom of the screen. This setting is specific to this enterprise
Click Add to add users to this Desktop Group. This will bring up the Active Directory user selection screen
2
3
Page 134
XenDesktop Group Assignment Screenshot
Description
4
Select the appropriate groups and users from Active Directory.
Click OK when complete
Validate that the settings for users and number of desktop are correct
Click Next to proceed
Ensure delegation settings are set correctly for the administrator of this desktop group
Click Next to proceed
5
6
Page 135
XenDesktop Group Assignment Screenshot
Description
7
Provide a Display Name and Desktop Group Name for the Desktop Catalog
Click Finish to complete the Desktop Assignment
Validate that the User Assignment appears in Desktop Studio.
If successful, exit from Desktop Studio by clicking the X in the upper right corner of the Snap-In.
8
Page 136
Validation Scenarios Internal Access Scenario Internal Access Validation Screenshot
Description
1
From a workstation within the enterprise network, navigate to the Merchandising Server site.
From the Merchandising Server, ensure that the checkbox marked I agree to the Terms of Use is selected
Click the Download button
Execute the preconfigured Citrix Receiver to the local filesystem by selecting Run
2
3
***NOTE*** Consult with the enterprise Desktop team prior to installing any software on a Company workstation.
4
Once completed, a Citrix Receiver icon will appear in the system tray
Page 137
Internal Access Validation Screenshot
Description
5
Right click the Citrix Receiver icon and select Check for Updates
Provide the credentials associated with an account with access.
Allow Plug-Ins to install/update
A success prompt will be presented once completed.
Click OK to proceed
From a web browser, navigate to the Web Interface XenDesktop site.
If all installation and configuration steps have been performed successfully, a XenDesktop logon site should be presented.
Provide a username and password of an account with a Virtual Desktop provided by XenDesktop.
Click Log On to continue
6
7
8
Page 138
Internal Access Validation Screenshot
Description
9
Observe if any virtual desktops are available for end-user use.
Click the icon representing an assigned virtual desktop to initiate the connection.
Allow the virtual desktop to fully load.
A splash screen will be presented once the virtual desktop has fully loaded.
Proceed with general usage of this new virtual desktop.
10
11
Page 139
External Access Scenario External Access Validation Screenshot
Description
1
From a workstation outside of the enterprise network, launch a web browser and navigate to the Citrix Access Gateway virtual server IP address. ***NOTE*** The remote access workstation should already have Citrix Receiver installed as well as the Citrix Access Gateway and Citrix Online PlugIns.
2
Present the credentials that are enabled for remote access and click Log On.
Upon successful Log On, assigned virtual desktops will be presented.
Select an assigned virtual desktop and proceed to Steps 10 and Step 11 in Internal Access Scenario
3
Page 140
Product Versions Product XenDesktop XenApp
Version 4.0 / 5.0
Revision History Revision 1.0
Change Description Document Created
Updated By Adeel Arshed – Principal Consultant
Date 8/29/2011
About Citrix Citrix Systems, Inc. (NASDAQ:CTXS) is the leading provider of virtualization, networking and software as a service technologies for more than 230,000 organizations worldwide. Its Citrix Delivery Center, Citrix Cloud Center (C3) and Citrix Online Services product families radically simplify computing for millions of users, delivering applications as an on-demand service to any user, in any location on any device. Citrix customers include the world’s largest Internet companies, 99 percent of Fortune Global 500 enterprises, and hundreds of thousands of small businesses and prosumers worldwide. Citrix partners with over 10,000 companies worldwide in more than 100 countries. Founded in 1989, annual revenue in 2010 was $1.9 billion.
©2011 Citrix Systems, Inc. All rights reserved. Citrix®, Access Gateway™, Branch Repeater™, Citrix Repeater™, HDX™, XenServer™, XenApp™, XenDesktop™ and Citrix Delivery Center™ are trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the United States Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are property of their respective owners.
Page 141
View more...
Comments