Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Exercise 1 - Citrix Synergy Labs Home Page

advertisement 
SYN 602: Storefront 2.5 Enterprise deployment
Hands-on Lab Exercise Guide
James Hsu
April 2014
Contents
Contents .................................................................................................................................... 1
Overview .................................................................................................................................... 2
Scenario..................................................................................................................................... 5
Exercise 1 .................................................................................................................................. 6
Configure Site2 Storefront server for NetScaler Gateway support .............................................. 6
Exercise 2 .................................................................................................................................20
Automate deployment of Citrix Receiver for domain member PCs and Test pass-through
authentication............................................................................................................................20
Exercise 3 .................................................................................................................................35
Configure Optimal routing for Storefront ....................................................................................35
Exercise 4 .................................................................................................................................41
Configure Failover for storefront Sites with user group site pining .............................................41
Exercise 5 .................................................................................................................................47
Application Filtering in Storefront ..............................................................................................47
Exercise 6 .................................................................................................................................52
Configure Locked down site ......................................................................................................52
Exercise 7 .................................................................................................................................55
Enable HTML5 client for Storefront ...........................................................................................55
| 1 |
Overview
Hands-on Training Module
Objective
This training will provide hands on experience of Storefront deployment inside of an enterprise
environment. This lab will cover how storefront can be used in the enterprise environment and how
to manage user work load distribution and fail over in XenDesktop environment.
Prerequisites
Active Directory, XenDesktop and XenApp administration and management.
Audience
Citrix Partners, Customers, Sales Engineers, Consultants, Technical Support
Lab Environment Details
The system diagram of the lab is shown below:
| 2 |
The Student Desktop is accessed remotely using Citrix Receiver running on your laptop. All
windows applications such as XenCenter, (the XenServer GUI management tool), are accessed
from the Student Desktop.
Lab Guide Conventions
This symbol indicates particular attention must be paid to this step
Special note to offer advice or background information
reboot
Text the student enters or an item they select is printed like this
VMDemo
Filename mentioned in text or lines added to files during editing
Start
Bold text indicates reference to a button or object
Focuses attention on a particular part of the screen (R:255 G:20 B:147)
Shows where to click or select an item on a screen shot (R:255 G:102 B:0)
List of Virtual Machines Used
VM Name
IP Address
Description / OS
AD.training.lab
Site1-CDC1.training.lab
NS.training.lab (MIP)
Student1-PC
Site1-XA1
AD2.remote.lab
Site2-CDC2.remote.lab
NS.remote.lab (MIP)
Student2-PC
Site2-XA2
192.168.10.11
192.168.10.20
192.168.10.60
192.168.10.100
192.168.10.21
192.168.20.11
192.168.20.20
192.168.10.60
192.168.20.60
192.168.10.21
DC/ DNS/ Software file share
Site2 Citrix Delivery Controller with Storefront
Management IP for NetScaler in Training lab
Domain Joined Student PC
XenApp 7.5 host for Site1
DC /DNS /Software file share
Site2 Citrix Delivery Controller with Storefront
Management IP for NetScaler in Remote.lab
Domain Joined Student PC
XenApp 7.5 host for Site2
Required Lab Credentials
The credentials required to connect to the environment and complete the lab exercises.
| 3 |
VM Name
User ID
Password
Description
*.Training.lab
*.Remote.lab
*.Training.lab
*.Remote.lab
NetScaler Admin
User1
User1
CitrixAdmin
CitrixAdmin
nsroot
Citrix123
Citrix456
Citrix123
Citrix123
nsroot
Training domain User1
Remote domain User1
Citrix XenDesktop Site and Domain Admin
Citrix XenDesktop Site and Domain Admin
Netscaler admin account
How to Log into the Lab Environment
Follow the directions below to access the lab environment.
STEP 1
Launch your web browser and go to the training portal URL address provided by your instructor (eg:
http://ILT.CitrixVirtualClassroom.com)
STEP 2
On the website, enter:
Session Code
Business Email Address
The Session code provided by your instructor
Your email address
Click Get Started.
STEP 3
You will see a welcome screen with XenServer credentials.
Example
You will use the credentials from your welcome screen to attach XenCenter to your XenServer host.
Click Start Lab to launch your lab session.
Wait for the application to launch and you will see your student desktop used to launch the various
applications needed during the lab.
| 4 |
Scenario
In this Lab the environment contains 2 enterprise domain forest joined through cross domain forest
trust. In each domain one XenDesktop 7.5 site were configured to allow user access to the
XenDesktop environment. In each desktop site there are one XenApp 7.5 server. Site1 delivers
office 2007 application and Site 2 delivers office 2010
In this lab student will configure the following items:
| 5 |

Basic NetScaler Gateway configuration.

Deploy receivers for windows to domain joined PC via startup scripts.

Configure and enable pass-through authentication on receiver for windows via GPO.

Enable Optimal routing on StoreFront store.

Configure user group Site Pining and Site failover.

Enable application filtering for storefront site, and configure keywords for mandatory
application

Configure Locked down Store for storefront.

HTML5 receiver deployment.
Exercise 1
Configure Site2 Storefront server for NetScaler
Gateway support
Overview
In this exercise we will be configuring Site2-CDC2.remote.lab to work with NetScaler Gateway
(192.168.20.60) and add external access to the Site2 Xen Desktop Site.
Step by step guidance
Estimated time to complete this lab: 30 minutes.
Step
1.
Action
On the landing student VM
Open up IE and go to ns.remote.lab and logon with UserID: nsroot Password: nsroot
2.
| 6 |
Go to System > Settings >Configure basic features Enable licensed Basic Features
3.
Configure SSL Certificates and install the certificates loaded on the VPX (to save time the
certificates and Keys are loaded in the NetScaler server already.)
Traffic Management > SSL > Certificates > Install
4.
Enter the following data to Install Certificate
Certificate-Key Pair Name: Wildcard-Remote
Certificate file Name*: /nsconfig/ssl/Wildcard-remote.cer
Key File Name: /nsconfig/ssl/Wildcard-remote.cer
Certificate Format: PEM
Password: Citrix123
Click on Create
Do not click on Close and install a second certificate
| 7 |
5.
Certificate-Key Pair Name: Wildcard-Mycitrixtraining
Certificate file Name*: /nsconfig/ssl/MCTWildcard.cer
Key File Name: /nsconfig/ssl/MyCitrixTraining.key
Certificate Format: PEM
Password: Citrix123
6.
Click on Create
Install Intermediate certificate for MyCitrixtraining.net
Certificate-Key Pair Name: Intermediate-MCT
Certificate file Name*: /nsconfig/ssl/MCTIntermediate.cer
Key File Name:
Click on Create then Click on Close
| 8 |
7.
Link the intermediate certificate to the Wildcard-mycitrixtraining certificate
Click on Certificates > Wildcard-mycitrixtraining > click on Action pull-down menu
Click on Link… in the menu
8.
| 9 |
Select Intermediate-MCT certificate then click OK
9.
Verify the certificate link for Wildcard-mycitrixtraining
Right Click on Wildcard-mycitrixtriaing certificate then click on Cert Links…
Verify the Intermediate-MCT certificate is linked. Then click on OK to exit the window
10. Configure Netscaler Gateway for external access
Click on NetScaler Gateway > Configure NetScaler Gateway for Enterprise Store
11.
| 10 |
12. Enter : SF2.mycitrixtraining.net IP: 192.168.20.13 then select Redirect requests from
port 80 to secure port set Gateway FQDN sf2.mycitrixtraining.net click on Continue
13.
Pick Wildcard-mycitrixtraining certificate click Continue
14. Configure LDAP server
Select Configure New configure
IPAddress*: 192.168.20.11
Base DN*: DC=Remote,DC=lab
Admin Base DN*: Citrixadmin@remote.lab (in production a LDAP query account should
be used)
Server Longon Name Attribute* sAMAccountName
Password* Citrix123 confirm Password* Citrix123
Click Continue
| 11 |
15. Set Enterprise Store for NetScaler Gateway
Select Deployment Type* StoreFront
StoreFront FQDN* Site2-CDC2.remote.lab
Use HTTPS is selected by default.
Receiver for Web Path* /Citrix/Store2Web
Single Sign-on Domain* Remote.lab
STA URL* https://Site2-CDC2.remote.lab
Click on Done
16. Create internal use Gateway Click on Create New NetScaler Gateway
17. Enter : NG.remote.lab IP: 192.168.20.12 then select Redirect requests from port 80 to
secure port set Gateway FQDN NG.remote.lab click on Continue
| 12 |
18. Select Wildcard-Remote Certificate then Continue
19. Select the LDAP Policy created before. (should be pre selected) click Continue
20. Set Enterprise Store for NetScaler Gateway
Select Deployment Type* StoreFront
StoreFront FQDN* Site2-CDC2.remote.lab
Use HTTPS is selected by default.
Receiver for Web Path* /Citrix/Store2Web
Single Sign-on Domain* Remote.lab
STA URL* https://Site2-CDC2.remote.lab
Click on Done
Close the Internet explorer
| 13 |
21. Change Access Gateway UI to Green Bubble
Got to NetScaler Gateway > Global Settings
Select Client Experience tab > goto UI Theme* Select “Green Bubble” click OK
22. Configure Storefront Site for Netscaler Gateway access
Logon to Site2-CDC2 with User ID: Remote.lab\Citrixadmin Password: Citrix123
Open Citrix Studio from the task bar.
| 14 |
23. Select Store2 click on Enable RemoteAccess select No VPN tunnel add NetScaler
Gateway appliances: Click on Add…
24. Enter Display name: SF2.MyCitrixtraining.net
NetScaler Gateway URL: https://SF2.Mycitrixtraining.net
Callback URL: https://SF2.MyCitrixtraining.net (This is used for StoreFront server to
communicate with the Netscaler Gateway to validated the authentication of the LDAP
services in Netscaler)
Click Next
*In this lab SF2.mycitrixtraining.net and SF1.mycitrixtraining.net are internal FQDN which
is defined via a host file in the lab VM.
| 15 |
25. Click Add...
Enter STA URL used on NetScaler Gateway (This must match with the entry on NetScaler
Gateway) STA URL: https://Site2-CDC2.remote.lab Click on Create
26. Add Second Netscaler Gateway
Enter Display name: NG.remote.lab
NetScaler Gateway URL: https://ng.remote.lab
Callback URL: https://ng.remote.lab (This is used for StoreFront server to communicate
with the Netscaler Gateway to validated the authentication of the LDAP services in
Netscaler)
Click Next
| 16 |
27. Click Add...
Enter STA URL used on NetScaler Gateway (This must match with the entry on NetScaler
Gateway) STA URL: https://Site2-CDC2.remote.lab Click on Create
28. Enable Remote Access and set the Default appliance: SF2.MyCitrixtraining.net Click OK
29. Add Domain pass-through to the Authentication Methods
Click on Authentication on the Actions panel click on Add/Remove Methods
Select Domain pass-trhtough to enable pass-through authentication then click OK
| 17 |
30. Enable Receiver for Web to accept Domain Pass-through.and repetet for Site2VDI
Receiver
Click on Receiver for Web, Select Store2 Receiver on the Actions panel click on
Choose Authentication Methods
Select Domain pass-trhtough to enable pass-through authentication then click OK
repetet for Site2VDI Receiver
31. Enable Trust XML Service Port is required for the pass-throught authentication to work
Open Windows PowerShell form task bar type in:
asnp Citrix*
set-brokerSite -TrustRequestsSentToTheXmlServicePort $True
The Store2 is now configured to work with Netscaler Gateway Site2VDI is an internal
network only store do not have Netscaler Gateway associated to it.
| 18 |
Exercise Summary
Configure multiple NetScaler Gateway for StoreFront Store and enable Trust XML Service Port to
allow Pass-through authentication.
The following are sample warning and info boxes.
This is a sample warning
of an important step.
| 19 |
Your physical XenServer
name will be different.
Exercise 2
Automate deployment of Citrix Receiver for domain
member PCs and Test pass-through authentication.
Overview
In this exercise you will be deploying Citrix Receiver to domain joined PC and enable pass-through
authentication using GPO
Step by step guidance
Estimated time to complete this lab: 30minutes.
Step
Action
1.
Logon to AD2.remote.lab as Administrator and Password:Citrix123
2.
Open folder c:\Software\Receiver\Startup_Logon_Scripts\
Make a backup copy of
CheckAndDeployCitrixReceiverPerMachineStartupScript.bat then rename it to
CheckAndDeployCitrixReceiver4PerMachineStartupScript.bat ( or any name you
can identify)
Right click and Edit the
CheckAndDeployCitrixReceiver4PerMachineStartupScript.bat file.
*The Scripts used in this lab is copied from the XenDesktop ISO media. Under the
receiver for Windows folder. There are also uninstall scripts in the folder but we will not
cover in this lab.
| 20 |
3.
In Notepad
Click on Edit > Go to… enter Line number 47 click on Go To
Edit the following items
set DesiredVersion=14.1
set DeployDirectory=\\AD2.remote.lab\Software\Receiver
set logshare=\\AD2.remote.lab\software\log
set CommandLineOptions=/includeSSON /Silent
Go to Line 110 add /includeSSON to the line after CitrixReceiver.exe (in the lab this step
should already be executed)
Save the file
| 21 |
| 22 |
4.
Open Group Policy Management on Ad2.remote.lab
5.
Create a new GPO called Receiver Deployment
6.
Right Click on the “Receiver Deployment” GPO click on Edit
7.
Configure Startup Script
Click on Policies> Windows Settings >Scripts (Startup/Shutdown) > Click on
Startup
8.
| 23 |
Add startup script in the GPO store, click on Show Files… to open the AD sysvol store
9.
Copy CheckAndDeployCitrixReceiver4PerMachineStartupScript.bat from
C:\Software\Receiver\Startup_Logon_Scripts folder to the AD sysvol store
Clos the explorer window.
10.
On the Startup Properties windows Click on Add.. Click on Browse.. select the script
“CheckAndDeployCitrixReceiver4PerMachineStartupScript.bat” click Open then Click
OK
Now the Startup script is configured for the Receiver Deployment policy.
| 24 |
11.
Click OK to close the properties
Then clos the Group Policy Editor
12.
Create pass-through Authentication policy name the policy Receiver pass-through
enabled
Click on Group Policy Objects >( Right Click) > New
Type: Receiver pass-through enabled
| 25 |
13.
Add ICACleint.ADM template to configure ICA client for pass-through authentication
requirement.
Policies > Administrative Templates (Right Click)> Add/Remote Templates
To add ICAClient.ADM template
14.
Open c:\software\Receiver\
Select icaclient.adm
Click Open
| 26 |
15.
Click Close
16.
Configure Storefront Account List
Open Classic Administrative Templates (ADM) >Citrix Components > Citrix
Receiver > Storefront Click on Setting Storefront Accounts List
| 27 |
17.
1. Click on Enabled
2. Click on Show…
3. Type in :
Store2;https://site2-cdc2.remote.lab/Citrix/Store2/discovery;on;Site 2 Store
Click OK and OK to close the window.
18.
Enable user Account pass-through from receiver
Click on User authentication> Local user name and password > select Enabled
Check Options: Enable pass-through authentication , Allow pass-through
authentication for all ICA connections
| 28 |
19.
Configure Zone Assignment List to allow pass-through authentication for domain joined
PC. Storefront URL needs to be in the trusted intranet zone, if not the pass-through
option will fail and fall back to form based user authentication.
Open Site to Zone Assignment List via Administrative Template > Windows
Components/Internet Explorer/Internet Control Panel/Security Page > Site to Zone
assignment List
Set to Enabled and Enter *://*.training.lab and set value 1 and *://*.remote.lab and set
Value 1 (this makes the training.lab and remote.lab URL trusted as Intranet site.) This is
required for Receiver for Web to allow pass-through and we have multiple domain so we
are adding both domain to allow user to access storefront sites in both domain.
Close Group Policy Management Console.
| 29 |
20.
Create an OU for Client Desktop which will be used to link to Receiver Deployment GPO
Open Active Directory User and computers:
Click on Action > New > Organizational Unit
Type in Client Desktop in the Name field and then click OK
21.
| 30 |
Verify the Client Desktop OU is created
22.
Open Group Policy Management:
Right Click on Client Desktop OU click on Link an Existing GPO…
23.
Select the two GPO created in the previous lab steps.
Receiver Deployment and Receiver Pass-through enabled
Then click OK
24.
Power on Student2-PC(listed as Site2-Student2-PC on XenCenter ) from XenCenter (if
Student2-PC is not already started)
Logon to Student2-PC using user account Remote.lab\User1 Password Citrix456
Verify there are no ICA client installed. (got to Start menu > Control Panel > uninstall
a program and verify no Receiver installed ) Shutdown the Student2-PC
At this time the Student2-PC is only a domain member PC in the computers OU
| 31 |
25.
| 32 |
Logon to AD2.remote.lab and open Active Directory User and Computers management
console Move Student2-PC to Client Desktop OU by dragging the computer object in
to Client Desktop OU container then Click Yes
26.
Power On Site2- Student2-PC
Logon as userID Remmote.lab\user1 Password: Citrix456
Open Citrix Receiver Start > Citrix Receiver
Verify the user pass-through works. If the pass-through did not execute then reboot the
Site2-Student2-PC one more time.
Notice the Microsoft Excel 2010 is added to the Start menu also
If pass-through do not work verify step 16-18 the storefront site requires Local Intranet
security Zone rights.
| 33 |
27.
Open up IE browser and logon to storefront use
URL https:\\site2-cdc2.remote.lab\Citrix\Store2web
Click Log on
Verify the pass-through works.
Exercise Summary
Configured Receiver for windows deployment using GPO. Configure pass-through authentication
requirement and configure store for Citrix Receiver for Windows via GPO. Validated the deployment
and pass-through authentication works.
| 34 |
Exercise 3
Configure Optimal routing for Storefront
Overview
In this exercise we will be demonstrate Optimal routing configuration to route all Site1 and Site2
connection through two independent gateways.
Step by step guidance
Estimated time to complete this lab: 15 minutes.
Step
Action
1. Configure Optimal routing for Store2 to route Site 1 traffic through
SF1.mycitrixtraining.net and also force the Site2 traffic through internal ng.remote.lab
gateway. (this is an example use case to demonstrate how optimal gateway routing can
be used)
Why do we want to route the all ICA traffic through NetScaler Gateway?
1. This force all connections to be protected via SSL.
2. Routing ICA traffic through NetScaler helps HDX insight to collect NetFlow data.
| 35 |
2. Add training Site1 external NetScaler Gateway in to the Site 2 Storefront server store
Remote access. (This is optional but it helps administrator to identify and document the
NetScaler Gateway being used in the store.)
Open Citrix Studio > Citrix StoreFront > Stores > Select Store2 > Click on Enable
Remote Access in the Actions panel
Click on Add in the Enable Remote Access window.
Add SF1.Mycitrixtraining.net to Netscaler Gateway appliance to the NetScaler Gateway
appliances list. Using the following info.
Display name: SF1.Mucitrixtraining.net
NetScaler Gateway URL: https://SF1.mycitrixtraining.net
Callbackurl: https://SF1.mycitrixtraining.net
Click Next
Set the STA server for the NetScaler Gateway
Click on Add…
Add STA URL: https://site1-cdc1.training.lab click OK
Click on Create
Then click OK to save the configuration.
| 36 |
3. Open PowerShell in admin mode (right click on PowerShell icon > Run as
Administrator) click Yes on User Access Control
First we need to Backup Web.config file for Storefront Store2
In the PowerShell prompt type:
Copy c:\inetpub\wwwroot\citrix\store2\web.config
c:\inetpub\wwwroot\citrix\store2\web.config.backup
Launch notepad in admin mode by typing notepad.exe in the Admin mode PowerShell
Type: Notepad.exe
| 37 |
4.
Important Notification before editing the web.config file:
In multiple server deployments, use only one server at a time to make changes to
the configuration of the server group. Ensure that the Citrix StoreFront
management console is not running on any of the other servers in the
deployment. Once complete, propagate your configuration changes to the server
group so that the other servers in the deployment are updated.
| 38 |
5.
Open c:\inetpub\wwwroot\citrix\store2\web.config with notepad
Click on Edit > GoTo … Line 261 find <optimalGatewayForFarmsCollection />
Open a second notepad then open \\AD2\Software\Lab files\Optimal Gateway.txt click
on Edit > Select All > Copy
Replace <optimalGatewayForFarmsCollection />
With the following contents. Found in \\AD2\Software\Lab files\Optimal Gateway.txt
Verify <optimalGatewayForFarmsCollection /> cannot be found in the web.config file
then save the web.config file
To force the web.config file to apply run IISreset in the admin PowerShell
Notes:
| 39 |

enabledOnDirectAccess=”true” is the setting that overwrites internal Direct
Access traffic to route through NetScaler Gateway. Customer can use this setting
to force all ICA traffic go through NetScaler Gateway.

One of the use case of this is to route all HDX traffic through NetScaler Gateway
to allow NetScaler HDX Insight to collect NetFlow data on HDX

In this lab Site 2 is using an internal only gateway on for lab demo use case only
so we can identify the connection via IP in netstat in production we should use
external and internal accessible gateway.
6. Logon to Student2-PC and test lunch Excel 2010 (running from Site2) and Excel 2007
(running from Site11)
Run netstat –n in command prompt (Start> Run> cmd.exe)
Verify the network connection is going to 192.168.20.12 (ng.remote.lab) and
192.168.10.13 sf1.mycitrixtraining.net
Exercise Summary
In this lab we demonstrated the configuration of optimal routing and how optimal routing over writes
the Remote Access configuration.
| 40 |
Exercise 4
Configure Failover for storefront Sites with user group
site pining
Overview
In this exercise we are going to configure 2 user groups for user site pining and in each group we
will configure fail over order for redundancy. In this lab we are also going to leverage the domain
local group to manually fail over users from one site to another.
Step by step guidance
Estimated time to complete this lab: 30 minutes.
Step
1.
Action
Logon to Site2-CDC2.remote.lab as CitrixAdmin
Open Administrator Powershell console in Administrator mode.
2.
| 41 |
Type notepad to launch notepad with Administrator rights.
| 42 |
3.
Open Web.config file using Notepad (in Admin mode)
4.
Find <reourceswingconfigurations> section in Web.config file
5.
Replace <resourceswingconfigurations> section with the text file in the folder
“\\AD2\software\labfile\Site2 Storefront failover Sample.txt”
Open the Site2 Storefront failover Sample.txt file with notepad and select all and copy.
Select the following texts and right click and past the text from the sample file. The
original text should be replaced.
(In this configuration the Group SID is required we can use PSGetSID.exe tool from
Microsoft to get the required SID) the PSGetSID tool is installed on AD2 and Site2CDC2 servers.
<resourcesWingConfigurations>
<resourcesWingConfiguration name="Default" wingName="Default">
<userFarmMappings>
<clear />
<userFarmMapping name="user_mapping_Site2_Store2_Site1Primary">
<groups>
<group name="Remote\Site1Users" sid="S-1-5-21-3712741401-4088014674-31693845402103" />
</groups>
<equivalentFarmSets>
<equivalentFarmSet name="Site1" loadBalanceMode="Failover"
aggregationGroup="Site1_Site2_Aggregate_Failover">
<primaryFarmRefs>
<farm name="Site1" />
</primaryFarmRefs>
<backupFarmRefs>
<farm name="Site2" />
</backupFarmRefs>
</equivalentFarmSet>
</equivalentFarmSets>
</userFarmMapping>
<userFarmMapping name="user_mapping_Site2_Store2_Site2Primary">
<groups>
<group name="Remote\Site2Users" sid="S-1-5-21-3712741401-4088014674-31693845402102" />
</groups>
<equivalentFarmSets>
| 43 |
<equivalentFarmSet name="Site1" loadBalanceMode="Failover"
aggregationGroup="Site2_Site1_Aggregate_Failover">
<primaryFarmRefs>
<farm name="Site2" />
</primaryFarmRefs>
<backupFarmRefs>
<farm name="Site1" />
</backupFarmRefs>
</equivalentFarmSet>
</equivalentFarmSets>
</userFarmMapping>
</userFarmMappings>
</resourcesWingConfiguration>
</resourcesWingConfigurations>
| 44 |
6.
Configure the AD domain local group
Logon to AD2.remote.lab as remote.lab\administrator
Open Server Manager > Tools > Active Directory Users and Computers
Click on Users locate Site1 Users Domain local group and add Site1Primary user
group as Member
Add Site2Primary group to Site2Users
| 45 |
7.
Logon to Student2 PC as remote\user1
Open Receiver and see only office 2007 application is shown on the application list
(Site1 only)
Logoff User1 then logon Remote\User2
Open receiver and see only Office 2010 application from Site 2
Logoff User 2
Logon as remote\CitrixAdmin
Open receiver and see no application in the list. This is due to the CitrixAdmin is not
listed in any of the group defined in the site configuration. Administrator can use group
site pining feature to also filter remote access user assignment adding additional layer of
access control.
*The Delivery group on Site1 and Site2 are assigned to Remote.lab\Domain Users and
Training.lab\Domain Users but the Storefront server is filtering the access based on
defined group in the Web,config for the store.
8.
Fail over user from Site1 assignment to Site2 by adding the user group Site1Primary to
Site2Users and remove Site1Primary from Site1Users group (This helps administrator
to migrate large amount of users from one Site to another with just moving a user group)
9.
Test logon with Remote\User1 and see the server assignment changed to the Site2
(seeing Office 2010)
Exercise Summary
In this exercise we configured storefront user group based site pining, and within each site pining
group we configured a primary site and a backup site. We also tested the fail over of user site
pining in case an administrator want to move all Site1 user to Site2 without modify the Storefront
server configuration.
| 46 |
Exercise 5
Application Filtering in Storefront
Overview
In this exercise we are going to enable Application Filtering feature on Storefront.
Step by step guidance
Estimated time to complete this lab: 20 minutes.
Step
1.
Action
Logon to Site2-CDC2.remote.lab with Remote\citrixadmin
Open powershell with Admin access
| 47 |
2.
Load PowerShell plugins.
Copy text from “\\AD2\software\lab files\Hide Application by Type.txt”
Select all and past in the PowerShell as the following text:
$dsInstallProp = Get-ItemProperty ‘
-Path HKLM:\SOFTWARE\Citrix\DeliveryServicesManagement -Name InstallDir
$dsInstallDir = $dsInstallProp.InstallDir
& $dsInstallDir\..\Scripts\ImportModules.ps1
Set-DSResourceFilterType -SiteId 1 -VirtualPath "/Citrix/Site2VDI" -IncludeTypes
@("Applications")
Hit enter to execute
Notes: “ -SiteId 1” is the IIS site ID indicates the location of the site in IIS
-VirtualPath “/Citrix/Site2VDI” is the store we are configuring for filtering.
Do not close this PowerShell windows we will use it later in Step 4
| 48 |
3.
Log on to a virtual desktop hosted on Site2
Open Citrix receiver seeing only apps without desktop,
4.
Enable filter by Keyword
Set-DSResourceFilterkeyword –SiteId 1 –VirtualPath “/Citrix/Site2VDI” –ExcludeKeywords
@(“HideFromVDI”)
This will filter any Keyword, in this case we are hiding applications with “HideFromVDI” in
the keyword
| 49 |
5.
Logon to Site1-CDC1 as training\Citrixadmin password Citrix123
Open Citrix studio > Delivery Groups select Inkscape click on Properties in the
Actions panel add Keyword to the Inkscape application ”HideFromVDI” with a “space”
between Featured then click on OK
Select Microsoft Office OneNote 2007 click on Properties in the Actions panel add
keywords to the Microsoft Office OneNote 2007 application in Description and
keywords: field “ KEYWORDS: mandatory”
| 50 |
6.
Logon to Student2-PC with Remote\User2 password Citrix456
Start Hosted Desktops
Start Receiver and logon as Remote\User2
Verify the application list. (Site1 and Site2 content were merged and no Desktop and no
Inkscape app.) And OneNote 2007 is displayed on the application page and cannot be
permanently removed.
Exercise Summary
In this lab we enabled the application filtering feature to filter out the application presented to the
user for only user accessing internal Site2VDI store.
| 51 |
Exercise 6
Configure Locked down site
Overview
In this exercise … << Each exercise needs an overview about what will be accomplished and why.
Do not be afraid to add additional diagrams in the exercise overview if they will aid in
understanding. >>
Step by step guidance
Estimated time to complete this lab: <<??>> minutes.
Step
1.
Action
Logon on to Site1-CDC1.training.lab using Training\CitrixAdmin Password: Citrix123
Run PowerShell as Administrator
Launch Notepad.EXE from the Admin PowerShell
Use Notepad open “C:\inetpub\wwwroot\Citrix\Store1\web.config”
Find “StoreLockedDown” change StoreLockedDown=”true” and save the web.config
| 52 |
2.
From the landing desktop Open IE or Chrome browser.
Go to https://sf1.mycitrixtraining.net
Logon as user1 and password Citrix123 (note this is user1 in Training domain
password is different from Remote domain.) all applications shows up on the Receiver
for Web.
3.
Activate the Citrix Receiver subscription:
In the storefront Web click on User One drop down menu and click on Activate..
4.
| 53 |
Download receiverconfig.cr click on Open
5.
Click on Add
6.
Logon to Citrix Receiver with Training.lab\User1 Password: Citrix123
7.
All application should be added in the Receiver windows and user should get an
Updates message indicating the GoToMeeting plugin needs to be downloaded.
Download will start in the background
Exercise Summary
Enable StoreLockedDown feature to force all applications are listed for the user. And also test the
user self-service store activation process.
| 54 |
Exercise 7
Enable HTML5 client for Storefront
Overview
In this exercise we will enable HTML5 Client access for Storefront and setup the required policy in
Citrix studio
Step by step guidance
Estimated time to complete this lab: 20 minutes.
Step
1.
Action
Lon on to Site1-CDC1.training.lab as Training\CitrixAdmin
Open Citrix Studio
Click on Policies node
Click on Create policy
| 55 |
2.
Enable WebSockets to support HTML5 client.
On the search windows type Websockets
Click on Select WebSockets connections Edit Setting select Allowed then click OK
Then Click Next
Select Delivery Group click on Assign
| 56 |
3.
Assign to XenApp Hosted Desktop Delivery Group click on OK
Verify the policy Click Next
4.
| 57 |
Click Finish
5.
Goto Receiver for Web in Citrix Storefront node select Store1 Receiver2 click on
Deploy Citrix Receiver
6.
Select Always use Receiver for HTML5
Notice HTML 5 client version on the Store1 Receiver page
| 58 |
7.
On the landing desktop open up Chrome browser.
Go to sf1.mycitrixtraining.net logon as User1 password: Citrix123
Click on Inkscape application
Notice a new Tab opened
Exercise Summary
In this lab we configured HTML5 receiver and enabled the required Websockets policy
| 59 |
About Citrix
Citrix Systems, Inc. designs, develops and markets technology solutions that enable information
technology (IT) services. The Enterprise division and the Online Services division constitute its two
segments. Its revenues are derived from sales of Enterprise division products, which include its
Desktop Solutions, Datacenter and Cloud Solutions, Cloud-based Data Solutions and related
technical services and from its Online Services division's Web collaboration, remote access and
support services. It markets and licenses its products directly to enterprise customers, over the
Web, and through systems integrators (Sis) in addition to indirectly through value-added resellers
(VARs), value-added distributors (VADs) and original equipment manufacturers (OEMs). In July
2012, the Company acquired Bytemobile, provider of data and video optimization solutions for
mobile network operators.
http://www.citrix.com
| 60 |
Related documents
NetScaler
NetScaler
Gerneral PPT presentation
Gerneral PPT presentation
Receiver Feature Matrix
Receiver Feature Matrix
District Print Center Digital Storefront Ordering System
District Print Center Digital Storefront Ordering System
SharePoint Administrator
SharePoint Administrator
Citrix Server Reboot Schedule
Citrix Server Reboot Schedule
Download
advertisement