Feb 19 2009

Getting the Most From XenApp, Part 2

Here are five more ways to improve use of Citrix's thin Windows deployment tool.

With XenApp 5.0 for Windows Server 2008, Citrix weaves in remote-management abilities that take advantage of the Microsoft operating system.

Here are a few ways that you can take advantage of the suite’s functionality:

1) Make Printing Universal

Citrix XenApp has improved printing dramatically over the years. For remote access purposes, you should have ThinPrint, UniPrint or other print driver software sitting between XenApp and the user’s desktop. XenApp’s technology sits on Microsoft’s Terminal Services and Windows Server 2008. Server 2008 has incorporated many printer drivers already. For instance, if your users work with an HP Laserjet, a driver is probably already available and users can print when they log in. For other printers, you may need to manually install a driver on the server. In my experience, printing can be frustrating because many home printers such as ink-jets don’t have drivers preloaded in 2008. Third-party printing software eliminates this frustration.

ThinPrint, for example, offers an ICA printing medium that translates print requests to the local printer driver on the remote PC. This eliminates the need to install any print drivers on the server because the driver on the server is not the driver being used. This means that Citrix users will have to install two plug-ins to use XenApp properly, but that’s a small price to pay for the flexibility of universal printing.

2) Do the Bandwidth Math

Plan to assign 64 kilobits per user when assessing your bandwidth needs for a Citrix deployment. Heavy printing and power-hungry applications such as graphic design and computer-aided design programs may require more bandwidth. Because it takes time to add bandwidth, it is important to address this need quickly. If possible, scale bandwidth into your Citrix deployment and use a bandwidth analyzer to see how much average daily bandwidth your users need. Bandwidth should be an issue only if you are working in a WAN environment with multiple locations or if you have heavy remote usage. In a locally switched environment, the bandwidth needs are hardly noticeable.

In terms of processing power, modern processors can handle more than 15 users apiece. Be prepared to load-balance large numbers of users across multiple servers or blades, and be ready for heavy disk writes and reads that may come if you are using a SAN to store your Citrix images.

3) Deliver Integrated Applications

The best thing about Citrix is that it allows you to decide what you want to deliver to the user. You can give them access to specific applications or to an entire desktop, fully configured with essential applications integrated. It is important to test all integration pieces before deploying to the users. Many integrations work without a hitch, but others can contain serious bugs and require workarounds or alternative deployment strategies.

4) Scale Your Deployment for the Web

Citrix has entered the WAN Optimization market in a big way. It offers Citrix Branch Repeater and Citrix WANScaler appliances, which provide WAN optimization, increased performance and maximized WAN capacity. These two devices work well in data centers and can eliminate the need for additional servers in branch offices. Branch Repeater can keep file, print and other services available to branch users even during a WAN outage. WANScaler reduces bottlenecks in the pipe and helps traffic flow to the most critical applications.

Not all solutions can be resolved with an appliance. If your WAN load is growing, consider larger data pipes to prevent the additional load from XenApp users from creating latency to other users across the WAN.

5) Secure Your Gateway

It is important to protect the Server 2008 operating system and make sure all patches are up to date. Make sure the appropriate permissions are assigned to administrators, power users and regular users. You will likely want to install the User Profile Hive Cleanup Service to completely terminate user accounts when a user logs off. By enabling Roaming Terminal Service Profiles you have the power to clean up profiles, cache and even temporary Internet files upon log-off.

Citrix XenApp can be deployed over a Secure Sockets Layer virtual private network and enabled with high encryption. But the best defense is a good offense: a password policy that is difficult to crack and requires regular changes. Citrix Password Manager 4 is an add-on product that makes it easy to synchronize a mass change of user passwords. Users can be forced to change their passwords themselves, saving the administrator’s time. A loophole remains when users log in using a kiosk that may have tracking worms and keylogger software. For these users, it is advisable to add an additional layer of security. Choose a Citrix Partner that allows the user to log in with an electronically generated, unique password key. This random number will change every few seconds and eliminates entirely the threat of compromised passwords. The key is a small wand, no bigger than a thumb drive, and generates a numerical sequence that the server can use to authenticate a genuine user.

For more XenApp tips, click here.


Chris Cardillo is director of technology for Kozyak Tropin and Throckmorton, a law firm in Miami.

CDW Price: Call for pricing