78
Page 1 XenApp Fundamentals Deployment Guide XenApp 6 Fundamentals Edition

XAF6 Deployment Guide

Embed Size (px)

Citation preview

Page 1: XAF6 Deployment Guide

Page

1

XenApp Fundamentals Deployment Guide

XenApp 6 Fundamentals Edition

Page 2: XAF6 Deployment Guide

Page

2

XenApp Fundamentals Deployment Guide

Table of Contents 1.0 INTRODUCTION .................................................................................................................................... 3

2.0 OBTAINING INSTALLATION MEDIA AND LICENSES ..................................................................................... 4

2.1 Obtaining a Citrix license file for XenApp Fundamentals ............................................................. 6

3.0 Installing XenApp Fundamentals .................................................................................................... 10

4.0 Licensing XenApp Fundamentals .................................................................................................... 21

4.1 Citrix Licensing Setup .................................................................................................................. 21

4.2 Remote Desktop Licensing Activation ........................................................................................ 25

5.0 User Experience Configuration ....................................................................................................... 27

5.1 Publishing Applications ............................................................................................................... 28

5.2 Configuring Printer Access .......................................................................................................... 32

5.3 Configuring user profiles ............................................................................................................. 38

5.4 Testing your Deployment ............................................................................................................ 41

6.0 External Access Configuration ........................................................................................................ 43

6.1 Direct to Server deployment ....................................................................................................... 43

6.2 DMZ server deployment ............................................................................................................. 55

6.3 VPN deployment ......................................................................................................................... 73

7.0 Conclusion ....................................................................................................................................... 78

Page 3: XAF6 Deployment Guide

Page

3

XenApp Fundamentals Deployment Guide

1.0 INTRODUCTION Citrix XenApp 6 Fundamentals Edition is the new release specifically for the Windows Server 2008

R2 platform. This deployment guide is a step by step guide for how to install and configure a

XenApp 6 Fundamentals environment that can be used for proof of concepts, testing, and

production. View the CitrixTV video series, http://www.citrix.com/tv/#series/219, for additional

setup and configuration information. Many of the steps described in this guide are also applicable to

XenApp Fundamentals 3.0 on Windows Server 2008 and XenApp Fundamentals 2.0 on Windows

2003.

You will need the following in order to successfully deploy XenApp Fundamentals Edition:

A single-server deployment requires one server with Windows Server 2008 R2, Windows Server

2008 or Windows Server 2003. Select the appropriate version of XenApp Fundamentals that

matches the operating system deployed. This server can be in a workgroup or domain. If a

multi-server environment is planned, the servers must be part of the same domain.

A multi-server deployment requires at least 3 Windows servers in the same domain: one

Domain Controller, one master server, and at least one support server. Additional support

servers can be added as desired.

External access deployments will require a Fully Qualified Domain Name and a digital certificate

obtained from a Private or Public Certificate Authority.

If using a VPN to provide external users with access to the applications hosted on the XenApp

Fundamentals servers, you must have Access Gateway or another VPN solution in place.

If the automatic server failover feature will be configured, it will require 1 unused static IP

address that will automatically be assigned to a failover server.

Page 4: XAF6 Deployment Guide

Page

4

XenApp Fundamentals Deployment Guide

2.0 OBTAINING INSTALLATION MEDIA AND LICENSES XenApp Fundamentals is sold on the Citrix Online store, www.citrix.com/store . Once purchased,

the installation media and licenses for XenApp Fundamentals are obtained from

http://citrix.com/mycitrix. Use the following steps to download the XenApp Fundamentals

installation media and a Citrix license file.

1

To download the installation

media, go to

www.citrix.com/downloads

Log in with your mycitrix

credentials to see all available

downloads.

Note: Each user in the

company has credentials for

this site or can create one on

first use. If you have trouble

accessing this site contact

Citrix Customer Care at 1-800-

4-CITRIX.

Page 5: XAF6 Deployment Guide

Page

5

XenApp Fundamentals Deployment Guide

2

Using the drop down arrow

in the "Search Downloads by

Product" field, select Citrix

XenApp Fundamentals from

the list.

Then select your required

version of XenApp

Fundamentals.

Note: If you are a current

Citrix customer, your

Subscription Advantage

contract needs to be current in

order to see and download the

latest product editions.

3

Select the Download button

next to the appropriate edition

and download the .iso image

to a location of your choosing.

Note: You may be asked to

download an ActiveX plug-in

before the .iso image can be

downloaded.

Page 6: XAF6 Deployment Guide

Page

6

XenApp Fundamentals Deployment Guide

2.1 Obtaining a Citrix license file for XenApp Fundamentals Use these steps to obtain a Citrix license file for XenApp Fundamentals. The license file can be

obtained before or after the server installation.

1

Go to

http://citrix.com/mycitrix.

and log in with your mycitrix

credentials.

Note: Each user in the

company has credentials for

this site or can create one on

first use. If you have trouble

accessing this site contact

Citrix Customer Care at 1-

800-4-CITRIX.

Page 7: XAF6 Deployment Guide

Page

7

XenApp Fundamentals Deployment Guide

2

Click on the arrow next to

"Choose as Toolbox" and

select "Activation

System/Manage Licenses "

3

Select the drop down next to

Current Tool and select

Activate/Allocate.

Page 8: XAF6 Deployment Guide

Page

8

XenApp Fundamentals Deployment Guide

4

Once you receive your license

code in email or on this site

enter the code in the field

marked "Your license Code"

and click "Continue".

If you have not received your

license code select the link

"View Licenses" to retrieve

your license code.

Note: If you do not see

license codes contact Citrix at

1-800-4-citrix.

5

Enter the case-sensitive

hostname of the XenApp

Fundamentals “Master” server

or single server. For example

"SeRver1".

Enter how many licenses you

would like to allocate to this

license file.

Confirm your selection.

Page 9: XAF6 Deployment Guide

Page

9

XenApp Fundamentals Deployment Guide

6

On the next page,

"Download" and save the

license file to any location.

You will upload this license

file on the Master server or

single server in the steps

below.

Page 10: XAF6 Deployment Guide

Page

10

XenApp Fundamentals Deployment Guide

3.0 Installing XenApp Fundamentals This section details the installation of XenApp Fundamentals. After installation, there may be

additional setup steps required to configure Basic and Advanced mode if the server is detected to be

part of a domain. Basic mode allows you to run only a single server in a farm but to run multiple

servers you will select to run the servers in Advanced mode.

1

Browse the installation

media for "Autorun.exe"

and double click to launch.

Select "Install" from the

Welcome screen.

Page 11: XAF6 Deployment Guide

Page

11

XenApp Fundamentals Deployment Guide

2

Select “I accept the license

agreement and click Next.

Page 12: XAF6 Deployment Guide

Page

12

XenApp Fundamentals Deployment Guide

3

Select "Application

server" to install XenApp

Fundamentals and all its

default components

Note: The option for a

DMZ server is selected

only if you are deploying a

server in your DMZ for

secure external user

access. If this server is a

domain controller you will

not see this option

because that server can

only be an Application

server and not a DMZ

server.

Page 13: XAF6 Deployment Guide

Page

13

XenApp Fundamentals Deployment Guide

4

Do not disable shadowing

unless it is a requirement

for your environment.

Leave the box unchecked

and click Next.

Note: If shadowing is

disabled, you will have to

reinstall XenApp

Fundamentals to enable it.

Page 14: XAF6 Deployment Guide

Page

14

XenApp Fundamentals Deployment Guide

5

XenApp Fundamentals 6

farm and Server Group

information is kept in a

SQL Express database and

an Active Directory

Domain Organization

Unit. Enter an account

that has administrative

rights to the domain.

Page 15: XAF6 Deployment Guide

Page

15

XenApp Fundamentals Deployment Guide

6

Give the installation a few

minutes to complete. All

necessary prerequisites

and Windows roles such

as Remote Desktop

Services\Terminal

Services and IIS will be

installed automatically.

7

Select Yes to restart the

computer when prompted.

Note: This is not the end

of the product installation.

Once rebooted, the

installation needs to

continue.

Page 16: XAF6 Deployment Guide

Page

16

XenApp Fundamentals Deployment Guide

8

Once a restart is

successful, ensure that any

network drive where the

installation media is stored

has been restored post-

reboot. Select "Ok" to

continue the installation

once the location is

restored.

Note: If the installation

files are local, then this

error will not be received.

9

Once the installation is

complete, select to “Start

the Quick Start Tool”

when prompted.

Page 17: XAF6 Deployment Guide

Page

17

XenApp Fundamentals Deployment Guide

10

If the server is detected to

be part of a domain, the

following setup screens

are shown to configure the

server for either Basic or

Advanced mode. Select

Next to continue.

Note: If the server is in a

Workgroup, you will not

get these options because

it can only be run as a

single server in Basic

mode.

Page 18: XAF6 Deployment Guide

Page

18

XenApp Fundamentals Deployment Guide

11

If you select "New single

server (basic mode) there

will be nothing else to

configure.

If you select “New server

group" (Advanced

mode) select Next to

continue the

configuration.

Note: A server in basic

mode can be switched to

Advanced mode after

installation as long as that

server is part of a domain

and the server does not

serve as a domain

controller. This is done

using the Quick Start tool.

Page 19: XAF6 Deployment Guide

Page

19

XenApp Fundamentals Deployment Guide

12

Enter a name in the

"Server Group Name"

field. Click Next.

Note: A domain

Organizational Unit will

be automatically created in

Active Directory to match

the name chosen here. All

servers in the same Server

Group will be located in

this OU.

Page 20: XAF6 Deployment Guide

Page

20

XenApp Fundamentals Deployment Guide

13

Verify the information and

select Finish.

14 If you plan on deploying multiple servers in the environment, use the

previous steps to install XenApp Fundamentals on another server.

Place the server in the same Server Group selected above. Additional

servers will be Support servers.

Page 21: XAF6 Deployment Guide

Page

21

XenApp Fundamentals Deployment Guide

4.0 Licensing XenApp Fundamentals The XenApp Fundamentals deployment will require both Citrix licenses and Microsoft Remote

Desktop Server Client Access Licensing (formerly Terminal Server Client Access Licenses). The

product can be purchased with or without RDSCALs. If purchased without RDSCALs, it is

assumed that your company already has these licenses available. Microsoft requires that an RDS

license server be installed on at least one server in the environment. See Microsoft documentation

for specifics about RDS licensing: http://support.microsoft.com.

4.1 Citrix Licensing Setup Use the following steps to license your XenApp Fundamentals deployment.

1

On the Master Server,

open the Quick Start

tool and go to

Setup > Licensing

Note: License

administration must be

done on the Master

server or single server

because that server

contains the built-in

Citrix license server

software.

Note: See section 2.1

in this document for

Page 22: XAF6 Deployment Guide

Page

22

XenApp Fundamentals Deployment Guide

steps on obtaining your

Citrix license file.

2

Click Next.

Page 23: XAF6 Deployment Guide

Page

23

XenApp Fundamentals Deployment Guide

3

Select Browse and

point to the location of

the Citrix license file.

Then click Next.

Note: Your license file

has a .lic extension.

Page 24: XAF6 Deployment Guide

Page

24

XenApp Fundamentals Deployment Guide

4

Select Finish

uploading the license

file to the Master

server.

Notes: License files are

stored in

c:\program

files\citrix\licensing\

myfiles

5

The Licensing screen in

the Quick Start tool

should now reflect how

many Citrix licenses are

available.

Page 25: XAF6 Deployment Guide

Page

25

XenApp Fundamentals Deployment Guide

4.2 Remote Desktop Licensing Activation Follow these steps to Activate your Microsoft Remote Desktop licensing.

1

In the Quick Start

tool, select

Activate Remote

Desktop License

Server

Page 26: XAF6 Deployment Guide

Page

26

XenApp Fundamentals Deployment Guide

2

Click "Start the

Remote Desktop

Licensing tool" to

automatically

launch the

activation tool.

Point to your RDS

license server and

follow the

activation

instructions.

Note: If a

Remote Desktop

licensing server is

already activated in

your environment,

select “I have

activated the

Remote Desktop

License Server”.

Page 27: XAF6 Deployment Guide

Page

27

XenApp Fundamentals Deployment Guide

3

Once license

activation for both

Citrix and

Microsoft licenses

are complete, your

screen should

show green check

marks.

5.0 User Experience Configuration Once XenApp Fundamentals is installed, the next step is to provide users with access to the system.

This is done through application publishing and printer access.

Page 28: XAF6 Deployment Guide

Page

28

XenApp Fundamentals Deployment Guide

5.1 Publishing Applications Use the following steps to publish applications on the XenApp Fundamentals server.

1

In the Quick Start tool on the

Master server, go to Setup >

Applications and select “Publish

Application”.

Page 29: XAF6 Deployment Guide

Page

29

XenApp Fundamentals Deployment Guide

2

Select Next.

Page 30: XAF6 Deployment Guide

Page

30

XenApp Fundamentals Deployment Guide

3

Put a check mark next to all

applications that you would like

to make available to users. If

you do not see your application

in the list, select Add to locate

you application executable. Click

Next.

Note: These applications must

be installed and working on each

server in the Server Group prior

to running the application

publishing wizard.

4

Click Add and select the users

or groups to have access to this

published application. Click

Next.

Page 31: XAF6 Deployment Guide

Page

31

XenApp Fundamentals Deployment Guide

5

Verify and click Finish.

Page 32: XAF6 Deployment Guide

Page

32

XenApp Fundamentals Deployment Guide

5.2 Configuring Printer Access Use the steps below to configure printer access for users launching published applications. XenApp

Fundamentals can allow users to access client printers defined locally on their device or network

printers shared on a Windows print server. The network printers are referred to as Published

printers during configuration. You will need administrator rights to the printers on the printer server

for configuration and users will need print permission in order to utilize the printer. When using

Published printers, each network printer driver will need to be installed on the XenApp

Fundamentals Master server. The drivers will automatically be replicated to all servers in the Server

Group for Advanced deployments. If client printers will be utilized, the printer must be configured

and working on the client device for it to be accessible in a session. A printer driver will not need to

be installed on the XenApp Fundamentals server because the Citrix Universal Printer driver will

automatically be used.

1

In the Quick Start

tool on the Master

server, select Setup

> Printers and click

"Setup Printers"

Page 33: XAF6 Deployment Guide

Page

33

XenApp Fundamentals Deployment Guide

2

In the Setup Printer

wizard, select Next.

Page 34: XAF6 Deployment Guide

Page

34

XenApp Fundamentals Deployment Guide

3

For Printer options,

select both Client

and Published

printers and either

one in the drop

down list.

Note: Only select

“Windows managed

printers only” if

users will define the

printers in a session

or use printers

defined on the

XenApp

Fundamentals server.

Page 35: XAF6 Deployment Guide

Page

35

XenApp Fundamentals Deployment Guide

4

If Published printers

are selected you will

see the following

screen. Enter

credentials for the

account that has

administrator rights

to the network

printers on the print

server.

Note: If Client

printers are selected,

there are no

configurations

options.

Page 36: XAF6 Deployment Guide

Page

36

XenApp Fundamentals Deployment Guide

5

If the print server is

not found

automatically, click

on Add and enter

the name or IP of

the Print Server.

Select the network

printer and then

click on Select.

Click Next to

continue.

Page 37: XAF6 Deployment Guide

Page

37

XenApp Fundamentals Deployment Guide

6

Select the box next

to Set the default

printer and select a

printer in the drop

down list. Click

Next and then

Finish.

Note: The user will

see this printer

marked as the

default printer in

their session.

Page 38: XAF6 Deployment Guide

Page

38

XenApp Fundamentals Deployment Guide

5.3 Configuring user profiles Use the steps below to configure the XenApp Fundamentals built-in Profile Management feature.

This feature is only available for multi-server deployments in Advanced mode. This will allow users

to have a consistent roaming profile no matter what XenApp Fundamentals server they connect to

when launching their published applications.

1

On the Master Server,

launch the Quick Start

tool and go to Setup

>Servers and select

“Configure Profile

Management” and click

Next on the Welcome

page.

Page 39: XAF6 Deployment Guide

Page

39

XenApp Fundamentals Deployment Guide

2

Log in as a user with

domain administrative

privileges to enumerate

all servers in the domain.

Note: This account

must have rights to

create and update file

shares on machines

within the domain.

3

Select the server in the

domain that will host the

User profiles. If you do

not see servers in the list

select "Add" and enter

the server name or IP.

Note: This server does

not need to be a

XenApp Fundamentals

server.

Page 40: XAF6 Deployment Guide

Page

40

XenApp Fundamentals Deployment Guide

4

Leave the default

location or enter an

alternate drive letter.

Click Next and Finish.

Note: Two shared

folders will be created on

this server. Select a drive

that has sufficient space

to store user profile data.

Note: Users must have

Read/Write access to the

file shares. The

appropriate permission

should be automatically

added.

Page 41: XAF6 Deployment Guide

Page

41

XenApp Fundamentals Deployment Guide

5.4 Testing your Deployment Use the steps below to test your XenApp Fundamentals deployment. It is best to test functionality

while connected to the LAN before configuring the server for external access. The XenApp 6

Fundamentals Edition release supports application access from a web browser or using the clients

native application access UI. To enable this functionality, both a XenApp Website and a XenApp

Services site is automatically configured on the Master server during installation. Using the Services

site mobile receivers and full client Receivers such as the Windows or Mac Receivers can access the

applications without a web browser. For example Windows clients will access the applications from

the Start Menu.

1

To access the applications

from a web browser, enter

http:\\MasterServerFQDN

To access the applications

using the Receiver, enter the

fully domain name of the

master server into the

Receiver.

Log in with a user account

that has rights to published

applications.

Page 42: XAF6 Deployment Guide

Page

42

XenApp Fundamentals Deployment Guide

2

Select the icon of a published

application to launch it.

3

To test the printing

functionality, in the published

application select File >Print

and send a page to the

appropriate printer.

Page 43: XAF6 Deployment Guide

Page

43

XenApp Fundamentals Deployment Guide

6.0 External Access Configuration To configure the XenApp Fundamentals server(s) to be accessible to users residing outside your

network, you have 3 deployment scenarios to choose from: Direct to Server, DMZ Server, and

VPN access deployments. The steps below will walk you through each deployment scenario. Select

the deployment scenario you wish to implement and see the appropriate section below for

configuration steps.

6.1 Direct to Server deployment The Direct to Server deployment method will allow the applications residing on a XenApp

Fundamentals Server to be accessible using the Secure Gateway located on the Master Server. This

Secure Gateway proxies communication from a client to the server and secures the communication

using SSL.

Before completing the steps below you must have a Fully Qualified Domain Name for the Master

server. You must also make a decision as to how you will obtain digital certificates. You can

purchase a certificate from a public certificate authority, build your own Windows certificate

authority, or use the 30-day temporary certificate that comes with XenApp Fundamentals. What

ever the certificate source, a matching root certificate must be obtained from the source and

distributed to the end users device for them to launch applications on the XenApp Fundamentals

server. If a public CA is chosen, the root certificate may already be built into the client’s browser.

Page 44: XAF6 Deployment Guide

Page

44

XenApp Fundamentals Deployment Guide

1

In the Quick Start tool

on the Master server, go

to Setup > External

Access and select

“Manage External

Access”. On the

Welcome screen click

Next.

2

Select Direct to server.

Click Next.

Page 45: XAF6 Deployment Guide

Page

45

XenApp Fundamentals Deployment Guide

3

The next 4 setup screens

are used for certificate

request information.

Enter the Fully

Qualified Domain

Name for the Master

server. For example:

server.domian.com and

Click Next.

Note: The server

certificate will be issued

to this name. If this

name changes a new

certificate will need to

be requested. Make sure

this name is resolvable

on the Internet.

Page 46: XAF6 Deployment Guide

Page

46

XenApp Fundamentals Deployment Guide

4

In the Organization

field, Enter the name of

the company and in the

Organizational unit

field enter the

department or division.

Click Next.

5

Enter the country, state,

and city of the company

and click Next.

Page 47: XAF6 Deployment Guide

Page

47

XenApp Fundamentals Deployment Guide

6a1

Depending on the

options selected here,

the set screens will be

different for each

option. Specify the

chosen Certificate

source.

Click Next.

Note: The temporary

certificate is only good

for 30-days.

Note: The option to

“Submit the certificate

to a local domain

based CA” is grayed

out if no domain based

CA is detected in your

environment. Install

Windows Certificate

Services on a machine in

the domain if you want

to use this option.

Page 48: XAF6 Deployment Guide

Page

48

XenApp Fundamentals Deployment Guide

6a2

You will only see this

window if you selected

"Manually submit the

certificate request to a

Certificate Authority".

Select the location to

save the certificate

request file or leave the

default location c:\.

Then click Next and

Finish.

Note: You will send

this file to your chosen

Certificate Authority

and they will send you a

digital certificate.

Page 49: XAF6 Deployment Guide

Page

49

XenApp Fundamentals Deployment Guide

6a3

To import the certificate

from your Public

Certificate Authority, go

to Quick Start > Setup

> External Access and

select “Manager

External Access” and

click Next.

Page 50: XAF6 Deployment Guide

Page

50

XenApp Fundamentals Deployment Guide

6a4

Select “Enable external

access and complete

pending certificate

request” and click Next.

Page 51: XAF6 Deployment Guide

Page

51

XenApp Fundamentals Deployment Guide

6a5

Point to the Certificate

file received from the

CA. Click Next and

Finish to import the

certificate.

Page 52: XAF6 Deployment Guide

Page

52

XenApp Fundamentals Deployment Guide

6b1

If you select to “Submit

the certificate request to

a local domain based

certificate authority”,

the certificate will be

automatically submitted

and a certificate will be

automatically obtained

on place on the server

after clicking Next.

Note: This option will

only be available if

Certificate Services is

installed on a machine

within you domain.

6b2

Click “Ok” on the

success pop up message

and click Finish.

Page 53: XAF6 Deployment Guide

Page

53

XenApp Fundamentals Deployment Guide

6c1

If you select “Generate

a temporary certificate”

and click Next.

Page 54: XAF6 Deployment Guide

Page

54

XenApp Fundamentals Deployment Guide

6c2

Save the root certificate

to the default location

c:\ and click Next.

Note: This root

certificate will need to

be distributed to all

client devices that will

connect and launch

applications from the

XenApp Fundamentals

Server.

Page 55: XAF6 Deployment Guide

Page

55

XenApp Fundamentals Deployment Guide

7

Select "Use the

standard HTTPS port

(443) for secure

remote connections"

unless port 443 is

already in use, then you

can select the second

option and choose

another port. Click

Next and then Finish.

Note: Certificates are only valid for a particular time period. If a certificate expires and needs to be

replaced, go back to the Quick Start tool to request and import a new certificate. Quick Start tool > Setup

> External Access

6.2 DMZ server deployment Complete the following steps below for setup. DMZ Deployment scenario: Before completing

these steps you must do the following:

You must have a DMZ already configured on your network.

Determine what Windows server will be placed in the DMZ and assign an FQDN name to

that server.

Determine what type of digital certificates will be used on the DMZ server.

Page 56: XAF6 Deployment Guide

Page

56

XenApp Fundamentals Deployment Guide

Ensure that port 1080 is open on the internal firewall so that the DMZ server can

communicate with the XenApp Fundamentals Master server.

1

On the Master Server,

open the Quick Start

tool and go to Setup >

External Access and

select Mange External

Access.

Click Next on the

Welcome screen.

Select “Using a DMZ

server” and click Next

and Finish.

Note: All other

configuration is done on

the server chosen to be

the DMZ Server

Page 57: XAF6 Deployment Guide

Page

57

XenApp Fundamentals Deployment Guide

2

On the server chosen to

be the DMZ server,

insert the XenApp

Fundamentals

installation media and

select Autorun.exe.

Choose Install on the

Welcome screen.

Page 58: XAF6 Deployment Guide

Page

58

XenApp Fundamentals Deployment Guide

3

Select "I accept the

license agreement" and

click Next.

Page 59: XAF6 Deployment Guide

Page

59

XenApp Fundamentals Deployment Guide

4

Select "Network

access (DMZ) server"

and click Next to begin

the installation.

Note: The DMZ server

installation should take a

few minutes.

Page 60: XAF6 Deployment Guide

Page

60

XenApp Fundamentals Deployment Guide

5

After the installation

completes, select Finish

and the Quick Start tool

will launch to being

configuration.

6

Select “External Access

> Mange external

Access and on the

Welcome screen click

Next.

Page 61: XAF6 Deployment Guide

Page

61

XenApp Fundamentals Deployment Guide

7

In the "Internal firewall

address" field, enter the

IP address of the Master

Server. Click “Test” to

verify that the DMZ

server can reach the

Master server.

Then click "Next"

Note: If the test fails

verify network

connectivity from your

DMZ Internal firewall to

the Master Server.

Ensure appropriate

ports are open. On the

Master server, you need

to create an inbound

rule on the Windows

Server 2008 firewall for

TCP port 1080.

Page 62: XAF6 Deployment Guide

Page

62

XenApp Fundamentals Deployment Guide

8

Enter the FQDN of the

DMZ server. This name

is used to request the

digital certificate.

Page 63: XAF6 Deployment Guide

Page

63

XenApp Fundamentals Deployment Guide

9

In the Organization

field, Enter the name of

the company and in the

Organizational unit

field enter the

department or division.

Click Next.

Page 64: XAF6 Deployment Guide

Page

64

XenApp Fundamentals Deployment Guide

10

Enter the country, state,

and city of the company

and click Next.

Page 65: XAF6 Deployment Guide

Page

65

XenApp Fundamentals Deployment Guide

11a1

Depending on the

options selected here,

the set screens will be

different for each

option. Specify the

chosen Certificate

source.

Click Next.

Note: The temporary

certificate gives you a

certificate that is good

for 30-days. You can

choose to use this cert

until a permanent

solution is available.

Note: The option to

“Submit the certificate

to a local domain

based CA” is grayed out

if no domain based CA

is detected in your

environment. Install

Windows Certificate

Services on a machine in

the domain if you want

to use this option.

Page 66: XAF6 Deployment Guide

Page

66

XenApp Fundamentals Deployment Guide

11a2

You will only see this

window if you selected

"Manually submit the

certificate request to a

Certificate Authority".

Select the location to

save the certificate

request file or leave the

default location c:\.

Then click Next and

Finish.

Note: You will send

this file to your chosen

Certificate Authority and

they will send you back a

digital certificate.

Page 67: XAF6 Deployment Guide

Page

67

XenApp Fundamentals Deployment Guide

11a3

To import the certificate

you have received from

your Public Certificate

Authority, go to Quick

Start > Setup >

External Access >

“Manager External

Access” and click Next.

Page 68: XAF6 Deployment Guide

Page

68

XenApp Fundamentals Deployment Guide

11a4

Select “Enable external

access and complete

pending certificate

request” and click Next.

Page 69: XAF6 Deployment Guide

Page

69

XenApp Fundamentals Deployment Guide

11a5

Point to the Certificate

file received from the

CA. Click Next and

Finish to import the

certificate.

Page 70: XAF6 Deployment Guide

Page

70

XenApp Fundamentals Deployment Guide

11b1

If you select “Generate a

temporary certificate”

and click Next.

Page 71: XAF6 Deployment Guide

Page

71

XenApp Fundamentals Deployment Guide

11b2

Save the root certificate

to the default location

c:\ and click Next.

Note: This root

certificate will need to be

distributed to all client

devices that will connect

and launch applications

from the XenApp

Fundamentals Server.

Page 72: XAF6 Deployment Guide

Page

72

XenApp Fundamentals Deployment Guide

12

Select "Use the

standard HTTPS port

(443) for secure

remote connections"

unless port 443 is

already in use, then you

can select the second

option and choose

another port. Click

Next and then Finish.

Page 73: XAF6 Deployment Guide

Page

73

XenApp Fundamentals Deployment Guide

6.3 VPN deployment Use the following directions to configure external access via a VPN connection if that is your chosen

method of granting external users access to the applications on XenApp Fundamentals.

1

On the Master server,

open the Quick Start

tool > Setup >External

Access > Manager

External Access. Select

"Using a VPN" and

click Next

Page 74: XAF6 Deployment Guide

Page

74

XenApp Fundamentals Deployment Guide

2

Choose the option that

best matches your

network firewall

configuration. If you

select “Do not user

NAT” then click Finish

to close the wizard. If

you select “Use NAT”

then continue with the

next configuration

steps.

Page 75: XAF6 Deployment Guide

Page

75

XenApp Fundamentals Deployment Guide

3

You will only see this

screen if you selected to

"use NAT" on the

previous screen. Select

a server and then click

Modify.

4

Enter the NAT address

for that server and port

2598 for ICA. For

RDP enter NAT

address and port 3389

and click OK.

Note: Repeat this step

for each XenApp

Fundamentals Server in

the Server Group.

Page 76: XAF6 Deployment Guide

Page

76

XenApp Fundamentals Deployment Guide

5

Verify the settings and

select Next.

Page 77: XAF6 Deployment Guide

Page

77

XenApp Fundamentals Deployment Guide

6

Click Finish.

7 Test by logging in to your preconfigured VPN solution, and then going to the

http://MasterServer:8080.

Note: You must append 8080 after the Master server name or IP to get to the site that is

configured for external access. You must use an External IP if the server is behind a firewall and

NAT is in place.

Page 78: XAF6 Deployment Guide

Page

78

XenApp Fundamentals Deployment Guide

7.0 Conclusion This concludes your configuration of XenApp Fundamentals. For additional information not

addressed in this deployment guide, see the XenApp Fundamentals Administrator's Guide located

on the Citrix Knowledge Base: http://support.citrix.com.

Version History

Author Version Change Log Date

Stacy Scott 1.0 Created November 2010

©2010 Citrix Systems, Inc. All rights reserved. Citrix®, Citrix Delivery Center™, Citrix XenApp™, Citrix XenServer™,

Citrix® NetScaler®, Citrix XenDesktop™, Citrix Workflow Studio™, Citrix Access Gateway™, Citrix EdgeSight™,

Citrix Password Manager™, Citrix Provisioning Server™ and Citrix Branch Repeater™ are trademarks of Citrix Systems,

Inc. and/or one or more of its subsidiaries, and may be registered in the United States Patent and Trademark Office and

in other countries. All other trademarks and registered trademarks are property of their respective owners.

This document is provided “as is” without warranties of any kind, express or implied. Citrix systems, inc. (“citrix”), shall

not be liable for technical or editorial errors or omissions contained herein, nor for direct, incidental, consequential or any

other damages resulting from the furnishing, performance, or use of this information, even if citrix has been advised of

the possibility of such damages in advance.

The exclusive warranty for any Citrix products discussed in this publication, if any, is stated in the product documentation

accompanying such product. Citrix does not warrant products other than its own.