CMC CitrixXenapp6

Basic Administration
for Citrix XenApp 6

Ajay Kumar
CCA , ITIL
Course Prerequisites
Prerequisites include knowledge of the following
topics:
Microsoft Windows Server 2008 with Terminal
Services or Microsoft Windows Server 2008
R2 with Remote Desktop Services
Basic knowledge of installing applications
Basic network security principles
Agenda for Day One

Agenda includes:
Module 1: Introductions and Course Overview
Module 2: Introducing XenApp
Module 3: Licensing XenApp

Module 4: Installing XenApp
Module 5: Configuring XenApp Administration
Agenda for Day Two

Agenda includes:
Module 6:Installing and Configuring Web
Interface
Module 7:Delivering Applications and Content
Module 8: Streaming Application
Agenda for Day Three

Agenda includes:
Module 9: Configuring Policies
Module 10:Configuring Load Management
Agenda for Day Four

Agenda includes:
Module 11: Optimizing the User Experience

Module 12: Configuring Self-Service
Applications
Module 13: Configuring Printing
Agenda for Day Five

Agenda Includes:
Module 14: Securing XenApp
Module 15: Monitoring XenApp
Module 16: Additional Components
Basic Administration for

Citrix XenApp 6
Introducing XenApp
Citrix Systems
Citrix Systems, Inc. is an American multinational software company founded

in 1989 that provides server, application and desktop virtualization,
networking, software-as-a-service (SaaS), and cloud computing technologies,
including Xen open-source products.
Citrix was founded in Richardson, Texas, in 1989 by former IBM developer Ed
Iacobucci
Citrix was originally named Citrus but changed its name after an existing
company claimed trademark rights
The company's first product was Citrix MULTIUSER, which was based on
OS/2.
Citrix obtained a source code license to Microsoft's Windows NT 3.51. In
1995, Citrix shipped a multiuser version of Windows NT with remote access
known as WinFrame.
History of Citrix XenApp

WinFrame
MetaFrame 1.8
MetaFrame XP
MetaFrame Presentation Server 3.0
Presentation Server 4.0
Presentation Server 4.5
XenApp 5
XenApp 6
XenApp 6.5
XenApp 7.0
XenApp 7.5
Most of the differences between all versions of MetaFrame,
Presentation Server and XenApp are:
OS version supported
Version of Terminal Services/Remote Desktop Service supported
Features
Functionality
Security
What is Citrix XenApp?

A server solution that uses Microsoft Terminal Services software to
deliver Windows applications to PCs, Apple Macintosh computers, X
terminals and UNIX workstations. This enables users of those
systems to access and use those programs which are available to
those using the Windows operating system.
One XenApp server can support many users, generally from 30 to 80
users, depending of the XenApp server hardware specs, application
requirements to run and user usage. A set of XenApp server
constitute into a Citrix XenApp Farm. A farm can have around 5000
XenApp servers, supporting thousands and thousands of users.
According Citrix, XenApp means:

Xen = Virtualization
App = Application
XenApp = Virtualized Applications
Why Citrix XenApp?
Citrix XenApp is an on-demand application delivery solution that

enables any Windows application to be virtualized, centralized, and
managed in the datacenter and instantly delivered as a service to
users anywhere on any device. In use by over 100 million users
worldwide, XenApp delivers on the promise of proven application
compatibility.
Compared to traditional application deployment technology, virtual
application delivery with XenApp enables organizations to improve
application management by:
Centralizing applications in the datacenter to reduce costs
Controlling and encrypting access to data and applications to improve
security
Delivering applications instantly to users anywhere
Application Delivery
In a classical computer architecture, we install and execute programs on our personal
computer.Today, with all the advantages of virtualization, we see a new wave of
centralization. With XenApp, programs, as Microsoft Office, a simple Notepad or Paint are
now away from the end user. He can access them from a thin client through a LAN or a
WAN.
Classical architecture
Application delivery
Simple XenApp environment might look like
End User connected to a farm

The main square is a farm. In this farm, we can see a Web interface, 2 zones (1
and 2), a datastore and a license server.
1 The web interface access the Local Host Cache and gets the list of
applications.
2 The end user will access the applications list through it.
3 & 4 The end user will directly access the apps by downloading an ICA file
from the Web Interface
Some XenApp terminology:

XenApp server farm is a logical collection or group of XenApp servers
that can be managed as a single entity.
XenApp server is the main software component of the Citrix application

delivery infrastructure. The objective of XenApp servers is to deliver
applications to user devices.
XenApp application servers are the farm servers that host published
applications. XenApp infrastructure servers are the farm servers that
host services such as a license server or web interface. Usually, they do
not host published applications.
Remote desktop services (RDS), formerly known as Terminal
Services, is one of the components of Microsoft Windows that allows a
user to access applications and data on a remote computer over a
network. We need to install this component (and appropriate licenses) to
setup and run XenApp servers. XenApp extends the functionality of
Microsoft Remote Desktop Services, adding flexibility, manageability,
security, and performance to RDS.
XenApp 6 Editions
XenApp 6 is available in the following editions:
Advanced
Enterprise
Platinum
XenApp feature overview

Access applications from any device, anytime, anywhere: We can
deliver any published Windows application to an extensive variety of user
devices and operating systems, including Windows, Mac, Linux, UNIX,
DOS, Java, and mobile devices like iPhone, iPad, Blackberry, and Android
devices.
CPU utilization management: This feature prevents users and their
processes from utilizing the CPU too much and guarantees a consistent
performance level for all users on the XenApp server.
Installation Manager: This feature allows us to remotely install
applications to multiple XenApp servers simultaneously.
Single Sign-On: This feature (formerly known as Password Manager)
provides single sign-on access to Windows, web, and terminal emulator
applications. The self-service password reset feature included in single
sign-on allows users to reset their domain password or unlock their
Windows account.
Network Management Console Integration: XenApp supports SNMP
monitoring and integration with third-party network management tools,
including Microsoft System Center Operations Manager (SCOM), Microsoft
Operations Manager (MOM), IBM Tivoli, HP OpenView, CAUnicenter.
XenApp feature overview contd.

Novell eDirectory and NDS Support: XenApp 6 provides support for
Novell eDirectory and Domain Services for Windows, allowing XenApp to
authenticate Novell users.
Application gateway: Citrix provides SSL-proxy, using both hardware
(Citrix NetScaler and Citrix Access Gateway) and software (Citrix Secure
Gateway) solutions, to allow remote users to access published applications
in XenApp, securely.
Power and capacity management: We can create system policies to
manage server power consumption. This feature can turn on/off XenApp
servers. As users log off and idle resources increase, idle servers are shut
down. When users arrive in the morning and they log on to the farm,
servers are powered up. Also, we can schedule time for powering on and
powering off servers.
Web interface: The web interface allows users access to published
applications and content on XenApp through a standard web browser or
Citrix Plug-in. Web interface provides built-in support for two-factor,
RADIUS, and Smart Card authentication, simple customization through the
management console and multilingual support, for the following languages:
English, German, Spanish, French, Japanese, Chinese (simplified and
traditional), and Korean.
XenApp Architecture
Primary XenApp architecture consists of:
XenApp servers
Web Interface servers
Data collector
Data Store database
License server
Worker groups
XenApp Architecture
Single and Multiple Farm Environments

In single farm environments:
All XenApp servers use the same data store
Servers can be grouped into a single zone or multiple zones
Applications can be load balanced across servers in farm
In multiple farm environments:
Each farm has its own data store
Applications can be load balanced across servers in farm,
but not across multiple farms
Data Store
The Data Store database maintains farm data, including:
Farm configuration information
Published application configurations
Server configurations
Farm management security
Printer configurations
License Server name and port
Data Store Updates and the Local Host

Cache
The Local Host Cache contains information about:
All the servers in the farm and their basic information
All applications published in the farm and their properties
All Windows network domain trust relationships within the
farm
Independent Management Architecture

(IMA)
The IMA service:
Provides a centralized framework used by administrative
tools for XenApp
Delivers subsystems that collectively provide functionality to
current and future Citrix products
Runs on all servers with XenApp installed and is enabled by
default during installation
Communicates through messages sent over TCP port 2512,
by default, for server-to-server communication
Data Collectors
Data Collector Election

The data collector maintains dynamic data for servers in the
zone. Therefore, each server must be able to contact the data
collector for the zone.
If the data collector is unavailable, an election occurs and
another server in the zone takes over the role of the data
collector.
Zones
A logical group of XenApp servers communicating with a
single data collector is called a zone. Zones are typically
based on subnets.
Sharing data across zones can cause an increase in
bandwidth consumption. As a best practice, keep the number
of zones to a practical minimum. One zone is optimal.
Additonal XenApp Components

XenApp contains additional components to enhance the
functionality of the solution, including the following:
Load Manager
Resource Manager (Powered by Citrix EdgeSight)
Access Gateway VPX
Citrix XenApp Provider
Delivery Services Console
License Administration Console
Citrix Plug-ins
Practice: XenApp Components
Practical Session
for Citrix XenApp 6
Licensing XenApp
Overview
At the end of this module, you will be able to:
Explain XenApp licensing communications and license
types
Configure License Administration Console ports and
administrators
Install the Citrix License Server and import license files into
the console
Explain how the license server can be made highly available
XenApp Licensing
Licensing Process Overview:
1) Install Licensing components
2) Obtain a license file from www.mycitrix.com website
3) Add the license file to the license server
Licensing Communication
An administrator must perform the following tasks for a
license server to accept connection and license requests:
Add a license file to the license server
Configure the farm to use a specific license server
License Communication Process

The following steps describe the licensing communication process for
checking out a license for a client device:
1. A user connects to Farm A.

2. A server in Farm A requests a license from License Server 1.
3. License Server 1 grants the requests and checks out a license for the
client device.
4. The same users connects to Farm B.

5. A server in Farm B requests a license from License Server 1.
6. License Server 1 grants the requests and uses the existing license for
the client device.
License Types
XenApp uses concurrent user licenses, which are licenses
that are not tied to specific users.
When a server requests a license, it is reserved for a specific
client device/user combination. When the user logs off from
the session, the license is returned to the license pool and
made available for another user. Users connecting from
multiple devices will consume multiple licenses.
Citrix License Server 11.6.1
Microsoft Remote Desktop Services

XenApp extends the functionality of Microsoft Remote
Desktop Services (formerly Terminal Services), which is a
presentation virtualization platform for Windows Server.
XenApp 6 leverages Windows Server 2008 R2 security
enhancements and Remote Desktop Services architecture to
add dimensions of flexibility, manageability, security and
Performance.
Remote Desktop Licensing

Administrators must configure a Remote Desktop Licensing
server in the environment to distribute Remote Desktop
licenses.
To avoid adding the Remote Desktop Licensing
server to each new Remote Desktop Services server that
joins the domain, administrators can configure an Active
Directory group policy to automatically assign the Remote
Desktop Licensing server to each new server that joins the
domain.
Additional Licensing Considerations

Include the following:
Different connections can consume multiple licenses.
Most application manufacturers require user licenses for
their products
License Administration Console

The License Administration Console is a required, web-based
interface that allows an administrator to maintain the license
server and manage license files for that license server.
The console can be used to perform the following actions:
Tracking license usage
Reporting on current license usage
Configuring license alerts
Configuring delegated administrators
Port Configuration
Delegated Administrators in the License

Administration Console
Installing Licensing
It is a best practice to install the license server first. If
licensing is installed after XenApp, a policy must be
configured to point to the license server.
Licensing can exist on a separate server or can share a
server with another component.
Manual Installation and Configuration
Uninstalling Licensing
An administrator may need to uninstall licensing for a variety
of reasons, including moving the component to another
system or renaming the system. Some of the files are not
deleted, such as the license file.
When the license file is moved to a server with a different
name from the current hostname, the license file must be
returned to Citrix and exchanged for a license file that
indicates the new server name.
License Server Considerations

Additional considerations include the following:
XenApp does not need to be on the same system as the
license server.
For fewer than 200 product servers, a shared license server
is recommended
License File Management

License files store the company license information in a plain
text format with authenticated content. Each license file can
store information for one or more licenses; a license server
can store one or more license files.
The license file is stored on a license server in the
%PROGRAMFILES%\CITRIX\LICENSING\MYFILES\
directory
Obtaining License Files

To obtain a license file, an administrator must log on to the
MyCitrix web site using personalized credentials. To create a
new account, simply click on the New User link and follow the
instructions.
Subscription Advantage
Citrix products include a one-year membership to Subscription
Advantage. This membership provides major releases minor
releases and product update downloads through the
MyCitrix web site.
The membership includes email notifications concerning the
account and new items available for members. Members can
view, update and obtain benefit information and privileges on
MyCitrix at any time.
High Availability Considerations

A duplicate license server is one option for creating a backup
license server. The backup license server must duplicate
such essential information as the hostname and the server IP
address. This is especially important if the farm or servers are
pointing to an IP address instead of the server name to
resolve to the license server.
Additional License Server Processes

Additional License Server processes include:
Enabling a replacement license server
Connecting to a different license server
Replacing the license server
License Server Clustering

Licensing provides administrators with a 30 day recovery
grace period. To ensure high availability of the license server
beyond the 30 day recovery grace period, licensing supports
Microsoft clustering. Clustering the license server
provides users with continuous access to applications in
failure situations.
For more information, see Citrix Knowledge Base article
CTX104878.
Review
In this module, you learned:
About XenApp license communications and license types
How to configure the License Administration Console with
ports and administrators
How to install the Citrix License Server and manage license
files
About how the license server can be made highly available
for Citrix XenApp 6
Installing XenApp
Overview
Identify the methods that can be used to install XenApp
Identify the XenApp hardware and software requirements
Make installation decisions appropriate for an environment
XenApp Server Role Manager
Unattended Installation and Configuration

Unattended installation can be performed using the following
files:
XENAPPSETUPCONSOLE.EXE
XENAPPCONFIGCONSOLE.EXE
Hardware Requirements
Hardware requirements include:
64-bit CPU
512MB RAM (minimum)
32GB disk space (minimum)
6MB to 120MB for Web Interface plus 3.5MB for each site
Software Requirements
XenApp must be installed on a Windows Server 2008 R2
operating system (64-bit)
XenApp components such as the Delivery Services Console
and Web Interface can be installed on additional operating
systems
Installation Decisions
Best practices for installation:
Review configuration options prior to installing the product
Ensure that the person installing XenApp is a member of
the Administrators group
Maintain proper licensing
XenApp Configuration Options

During XenApp configuration, administrators select options
for XenApp components and features
Which Farm or Zones Will Be Used in the

Environment?
A farm:
Can be managed as a single entity
Use a single data store database
Can balance load among server in the farm

Zones:
Are a logical grouping of servers within a farm
Are typically based on geographic location
Which License Server Will Be Used for the

Server Farm?
A License Server:
Can be installed before, during or after the XenApp
installation
Can be installed on a dedicated server or a server that

provides additional functionality
Which Database Engine Will Be Used for the

Data Store Database?
The following database software can be used for the XenApp
data store:
Microsoft SQL Server Express 2005
Microsoft SQL Server Express 2008
Microsoft SQL Server 2005
Microsoft SQL Server 2008
Oracle 11g R2
Will Shadowing Be Enabled?

Shadowing allows authorized users to view and interact with
user sessions
The default shadowing sessions are recommended for most
farms
If shadowing is prohibited during the XenApp installation, it
cannot be enabled without reinstalling XenApp
On Which Port Will the Citrix XML Service Run?

The Citrix XML Service:
Communicates the least busy server and names of
published resources
Uses port 80, by default
Can share port 80 with IIS

Can be set to use a port other than port 80
When Will Users Be Added to the Local Remote

Desktop Users Group?
Users can be added before or after XenApp installation.
Options include:
Add the authenticated users
Add the list of users from the Users group
Add anonymous users
Which Pass-through Client Will Be Used in the

Environment?
The pass-through client:
Gives users of older, less feature-rich clients access to the
features of the Citrix online plug-in
Allows users to access their published applications through

a XenApp Services site
Will Pass-through Authentication Be Used in

the Environment?
Pass-through authentication:
Authenticates a user to XenApp using the credentials used
to log on to Windows
Can be enabled during installation
Requires the plug-in to be reinstalled on a server, if passthrough authentication is enabled after the XenApp
installation
Will Information in the Data Store and

Configuration Logging Databases Be Protected
with IMA Encryption?
IMA encryption:
Can encrypt the credentials of the data store and
configuration logging databases
Must be enabled on all XenApp servers if it will be used

Can be enabled using the CTXKEYTOOL command
Web Interface Installation Decisions

Decisions include:
Where will the Web Interface components be installed?
Will the Citrix plug-ins be copied to the server?
Review
Complete the review questions and then go over the answers
as a class.
for Citrix XenApp 6
Configuring XenApp
Administration
Overview
By the end of this module, given an environment containing
XenApp, you will be able to:
Add and configure worker groups.
Add and configure administrative accounts and
permissions.
Identify the components required for configuration logging.
Log administrative changes made to a XenApp farm
environment.
Worker Groups
Publishing Applications to Worker Groups

Worker groups:
Can be used to identify the group of servers that will host an
application
Can ease the task of publishing resources
Prioritizing Worker Groups

Worker group preference lists:
Identify which worker group has priority
Are required in order for users to be redirected to servers in
a worker group
Filtering Policies to Worker Groups

Worker groups:
Can be used as a filter with Citrix policies
Ease the application of policies to specific servers
Administrator Privilege Levels

XenApp Administrators:
Require an account to administer XenApp
Are assigned a privilege level which determines their
permissions
Should each be provided with an individual administrator
account
Creating Administrator Accounts

Considerations include:
Administrators with restricted privileges cannot connect to
XenApp sessions unless the license server has a valid
XenApp license file
Groups and individual users can be granted administrator
permissions
An administrator whose account is disabled will still be able
to log on to the Delivery Services Console if a group to
which the administrator belongs is granted permissions to it
An administrator account can be deleted from the farm by
right-clicking the administrator name and clicking Delete
Administrator Account Selection
Adminstrator Account Creation Settings
Disabling an Administrator Account Example

Example:
A new junior administrator account is created and disabled
while the administrator is away for three weeks of training.
Configuring Administrator Permissions
Configuring Folder Permissions

Folders:
Can be created for applications and servers
Improve the organization and ease of finding objects
Improve browsing performance of the Delivery Services
Console
Allow a more granular administration configuration
Delegating Administration
Practice: Delegating Administration

Use your knowledge of folders and permissions to provide the
answers to the scenarios located in the book.
Configuration Logging
Configuration logging:
Allows administrators to track administrative changes
Determines who performed the change, when the change
was made and provides details about whether the change
was successful or not
Can provide configuration log reports
Creating the Configuration Logging Database

The Configuration Logging database:
Logs all changes made to the farm using the Delivery
Services Console, command line utilities and custom tools
Can use either a Microsoft SQL Server or Oracle database
Can be protected with IMA encryption
Configuration Logging Database Settings
Enabling Configuration Logging

Configuration Logging settings include:
Log administrative tasks to Configuration Logging database
Allow changes to the farm when logging database is
disconnected
Require administrators to enter database credentials before
clearing the log
Review
How to add and configure worker groups
How to add and configure administrative accounts and
permissions
About the components required for configuration logging
How to log administrative changes made to a XenApp farm
environment
for Citrix XenApp 6
Installing and Configuring the
Web Interface
Overview
Describe the Web Interface communication process
Install and configure the Web Interface
Create and configure XenApp Web and XenApp Services sites

Configure client delivery and customizations
Configure explicit, pass-through and smart card authentication
Configure secure access settings for the Web Interface
Configure the Web Interface to communicate with XenApp farms
Remove a Web Interface site
Web Interface Communications

The following ports are used for communication with the Web
Interface:
80: This port is used by plug-ins using the TCP+HTTP
protocol to communicate with servers. This port must be
opened on firewalls for inbound packets from plug-ins to
locate servers
443: This port is used by Citrix SSL Relay to secure
communications between the Web Interface web server and
the farm
Web Interface Communication Process
Web Interface Installation

For security and performance, the Web Interface should not
be installed on a XenApp server. Client devices accessing
XenApp Web sites must have a web browser and supported
plug-in to connect to the Web Interface sit
Installing Web Interface
Site Creation
Administrators can create two types of Web Interface sites:
XenApp Web site - allows users to access remote
applications, virtualized applications and content using a
web browser
XenApp Services site - allows users to access remote
applications,virtualized applications and content using a
Citrix online plug-in
Creating a Web Interface Site
Site Creation Considerations
XenApp Web Site Configuration Options

During the configuration of a XenApp Web site, the
administrator must specify:
The farm name, XML servers, XML service port and
transport type to use for the site
Authentication settings and domain restrictions, if any

The logon screen appearance
The published resource types to be provided by the site
XenApp Web Site Authentication Settings
Active Directory Federation Services

Users can also access published applications using Active
Directory Federation Services (ADFS). ADFS extends the
existing Active Directory infrastructure to provide access to
resources offered by trusted partners across the Internet.
Logon Screen Appearance

The administrators can set the logon screens to:
Minimal: displays only the logon fields
Full: displays the header area, navigation bar, logon fields,
along with the Preferences and Messages tabs
Published Resource Types
XenApp Services Site Configuration
CONFIG.XML File
An administrator can also configure a XenApp Web and
XenApp Services site by editing the CONFIG.XML file.
Web Interface Site Modification

Administrators can modify a Web Interface site by using one
of the following methods:
The Web Interface configuration file, which allows

administrators to modify the Web Interface parameters
directly in the WEBINTERFACE.CONF file stored on the
local web server
Citrix Web Interface Management console, which allows
administrators to modify the settings stored in the local
configuration file
Modifying the Web Interface Configuration File
Using the Web Interface Management Console
Specifying Citrix Plug-in Backup URLs
Site Appearance
Site Customization Options
Practice: Site Customization

Complete the practice and then review the answers as a
class.
Session Preferences
Administrators can configure many session
preferences, including the following:
Whether kiosk mode is enabled or disabled
Whether the Preferences button in the Web Interface site
is displayed to users
The length of time a user session can be inactive before
the session is logged off
Whether browser bookmarks can be used to access
resources
Configuring Session Preferences
Session Options
An administrator can configure the following session options
for a XenApp Services site:
Window size
Font smoothing
Color and sound quality
Key combinations
Special folder redirection
Workspace control
Configuring Session Options
User Options
Workspace Control
The workspace control feature allows users to disconnect and
reconnect to sessions as they move between different client
devices. For example, in a health care environment, as
doctors move around the hospital, they may require access to

the same sessions from different locations. Using workspace
control, the doctors are able to quickly reconnect to
application sessions.
Workspace Control Functionality

Workspace control:
Only reconnects users to existing sessions on XenApp
servers. If a session is logged off, workspace control cannot
reconnect to it
Cannot reconnect anonymous users to applications after
they disconnect
Prompts smart card users for their PINs for each
reconnected session if pass-through authentication with
smart cards is enabled
Requires that the Web Interface site be set to override the
client name setting in the Manage Session Preferences task
Workspace Control Configuration Options

Workspace Control configuration options include:
Automatically reconnect to sessions when users log in
Enable the Reconnect button
Logoff
Workspace Control User Customization
Configuring Workspace Control
Citrix Plug-ins and Web Interface

Access to resources through a Web Interface site requires
that a client device has a supported web browser and a
plug-in. A plug-in can be installed on the local client device or
embedded within the web browser used by the Web Interface

site.In addition,the Web Interface site can be used to deploy
the required plug-in.
Plug-in Deployment Options

The following plug-ins can be deployed to users from the
Web Interface site:
Native plug-in
Client for Java
Remote Desktop Connection
Automatically Detecting Plug-ins

If the plug-ins are copied to the server during the installation
of the Web Interface or later, then a Web Interface site on that
server can be configured to automatically detect and deploy
the native plug-in to users running a supported web browser
Client Detection
The Client Detection option can be configured to check client
devices during the logon to the XenApp Web site to
determine if an appropriate plug-in is installed.
If a plug-in is not detected or a more appropriate plug-in is
available, an installation caption can be displayed on the Web

Interface screen. The installation caption provides an easy
method for users to download and install the required plug-in
software.
Configuring Client Detection
Fallback Behavior
Citrix Offline Plug-in
Client for Java

The Client for Java is a cross-platform compatible applet and
can be deployed using a XenApp Web site and any Javacompatible web browser.
An administrator can choose to deploy the Client for Java in

low-bandwidth networks for greater security or in situations in
which the permanent installation of plug-in software is neither

desired nor permitted.
Additional Packages to Include with Client for

Java
Several packages can be included with the Client for Java.
the size of the Client for Java download to memory is
determined by the packages included in the download. The
fewer packages selected, the smaller the download.
Configuring the Client for Java
Authentication Configuration
Authentication Options
The following authentication options are available for XenApp
Web and XenApp Services sites:
Explicit
Pass-through
Pass-through with smart card
Smart card
Anonymous
Generic RADIUS Support

The Web Interface supports two-factor authentication using
Generic RADIUS
Explicit Authentication
When explicit authentication is implemented, users
authenticate by specifying a user name, password and
domain.
Domain Restriction Configuration
Windows or NIS (UNIX) Authentication

Configuration
Novell Directory Services Configuration
Two-Factor Authentication Configuration

The following two-factor authentication methods are available:
RSA SecurID
SafeWord
RADIUS
Password Settings Configuration
Account Self-Service Configuration
Citrix Confidential - Do Not Distribute
Configuring Explicit Authentication
Pass-through Authentication
Pass-through authentication allows users to authenticate to a
Web Interface site using the credentials provided during
logon to the client device. Users do not need to re-enter their
credentials in the Web Interface logon page; their application

set is automatically displayed.
Configuring Pass-through Authentication
Smart Card Authentication

Users can authenticate to the Web Interface by inserting a
smart card into a smart card reader attached to the client
device. Smart card authentication can be configured for use
in two ways: smart card only or pass-through with smart card.
Configuring Pass-through Authentication with

Smart Cards
An administrator can use the Group Policy Management
Console and the ICACLIENT.ADM file to configure plug-ins to
use pass-though or pass-through with smart card
authentication by configuring the Local user name and

password setting.
Citrix XML Service Trust Relationships

In order for the Web Interface to authenticate users, there
must be a trust relationship between the Web Interface server
and the XenApp servers. If pass-through or smart card
authentication methods are not used in the environment, a

Citrix XML Service trust relationship is not necessary.
Enabling Trust Relationships
Practice: Authentication Configuration

Complete the practice and review the answers as a class.
Secure Access Configuration

If a company is using Access Gateway or a firewall in a
deployment containing XenApp, an administrator can
configure a Web Interface site to include the appropriate
security settings.
Access Methods
Network Address Translation
Network Address Translation Access Types
Client-side Proxy Settings

Proxy servers are used to control access into and out of a
network and act as an intermediary between the client
devices and the XenApp servers. Web Interface sites allow
an administrator to configure whether or not users

communicate with XenApp servers through a client-side
proxy server.
Configuring Client-side Proxy Settings
Server Configuration
An administrator can configure XenApp Web and XenApp
Services sites to communicate with one or more farms. An
administrator can add and edit farm names, specify the order
in which the farms are used for load balancing, and configure
communication settings and ticketing settings
Configuring Multiple Server Farms
Adding Farms
Configuring Load Balancing
Enabling Fault Tolerance
Specifying the XML Communication Port

The Web Interface communicates with the Citrix XML
Service. The port number used by the Citrix XML Service is
specified during the installation of XenApp. By default, that
port number is TCP/IP port 80. If Citrix XML Service is

configured to port share with IIS,then the administrator must
ensure that all servers in the farm have the Citrix XML
Service configured to use the same port.
Ticket Expiration Settings
Web Interface Site Removal
Review
Complete the review questions and go over the answers as a
class.
for Citrix XenApp 6
Delivering Applications and
Content
Overview
Publish applications, content and server desktops for users
Identify the components of VM hosted apps
Identify advanced published resource settings
Organize published resources for users
Disable and hide published resources
Publishing Resources
The two phases of publishing resources are:
Basic
Name, type of resource, servers hosting, users who will access
Advanced
File type association, application limits, CPU priority, encryption
Users and Groups
VM Hosted Apps
VM hosted apps:
Use Citrix XenDesktop technology to deliver applications
Do not provide access to the desktops
Are hosted on a separate farm from XenApp
Can share a Web Interface site with XenApp
Components of VM Hosted Apps
Organizing Published Resources for Users
Advanced Published Resource Settings

During the Advanced phase of the resource publishing
process, the administrator can:
Allow published resource used with Citrix Access Gateway
Associate file types
Specify the application limits and CPU priority level
Control audio, encryption and printer initialization
Configure the published resource appearance
Client-to-Server Content Redirection
Server-to-Client Content Redirection
Published Resource Configuration

An administrator can use the Delivery Services Console to
view the following published resource-related information:
General information
Alerts
Servers
Configured users
Connected users
Settings
Disabling or Hiding a Published Resource
Troubleshooting Application Delivery

Issues
An administrator may encounter the following application
delivery issues:
Client-to-server content redirection opens the published
application but does not open the local content
File types for a published application do not appear in the
Users cannot find their application after it launches
The Delivery Services Console fails to enumerate users or
sessions when specific Mac clients connect to XenApp
Servers
Review
Publish applications, content and server desktops for users
Identify the components of VM hosted apps
Identify advanced published resource settings
Organize published resources for users
Disable and hide published resources

Citrix XenApp 6
Streaming Applications
Overview
At the end of this module, given an environment containing
Identify the components required for application streaming
Describe the communications that take place during application
streaming
Install the offline plug-in on a client device
Configure applications for streaming to servers and the desktops
of Windows client devices
Configure linked profiles for inter-isolation communication
Publish a streaming profile
Configure XenApp Web and XenApp Services sites to stream
applications
Configure offline access settings
Application Streaming
Application streaming includes the following capabilities:
Local system resource usage
Central application updates
Isolation environments
Windows Services isolation
Inter-Isolation communication
Application caching
Dual-mode streaming
Offline access
Support for Citrix Receiver
Extended App-V integration
Differential synchronization of updated profiles
HTTP and HTTPS protocol support
Backward compatibility
Application Streaming Components
Application Streaming Communication

Process
Application Streaming Communication

Process
Streaming App-V Packages

Administrators can manage and publish App-V applications
using the Delivery Services Console, allowing them to support
existing infrastructures based on App-V.
Therefore, applications already sequenced with App-V do not
need to be converted to or profiled as Citrix streaming profile
packages.
Citrix Offline Plug-in

To access a streamed application, one of the following
combinations must be available:
Citrix offline plug-in and Citrix online plug-in
Citrix offline plug-in with a web browser
Citrix Streaming Profiler

The Profiler is an independent application that allows an
administrator to prepare Windows applications, web
applications, browser plug-ins, files, folders and registry
settings for streaming.
The only software applications other than the Citrix Streaming
Profiler that should be installed on the Profiler system are the
operating system software and utilities.
Installing the Citrix Streaming Profiler

The profiling system run-time environment should be as close
to the environment of the client device as possible.
For example:
If applications are streamed to a XenApp server, the profiler
system should also be a XenApp server
If applications are streamed to both 32- and 64-bit
operating system client devices, there should be two
separate profiling systems
If standard programs, such as antivirus software, are part of
the company image, they should be installed on the profiling
system
Targets
Target Options
The target is selected from the profile based on a variety of
criteria:
Operating System
Service Pack Level
System Drive Letter
Operating System Language
Inter-Isolation Communication
Configuration
There are two types of inter-isolation communication
configurations:
Associated
Dependent
Profile Properties: Applications
Profile Properties: File Types
Known Limits for Profiling Applications

Some applications cannot be profiled, including:
Applications that contain drivers, such as Adobe Acrobat
Professional
Microsoft Internet Explorer
64-bit applications
Microsoft Data Access Components (MDAC)
.NET Framework
Upgrading an Application in a Target
Application Delivery Methods

The following delivery methods are available:
Accessed from a server
Streamed if possible, otherwise accessed from a server
Streamed to client
The Web Delivery Method

To use the web delivery method, an administrator must:
Profile the application and save it to a file share
Configure a virtual directory on the web server
Create a virtual web site that points to the file share
containing the profile
Publish the profiled application
Streaming to Servers
An administrator can stream an application to a server by
completing the following tasks:
Create an application profile on a Windows Server 2008 R2
operating system
Ensure that a XenApp Web or XenApp Services site is
configured (Online or Dual mode)
Ensure that the application is not installed on the XenApp
server
Publish the application to stream to a XenApp server
Specifying an Alternate Profile for a

Published Application
Enabling the Least-Privileged User

Account
Configuring Sites for Streaming

Applications
Offline Access Management
Offline Access Period
Application Caching
Troubleshooting Streaming Issues

Common streaming issues include:
Applications do not stream
Applications do not have full functionality
Applications do not automatically update from vendor web
sites
Streamed applications do not recognize each other
Applications are not available offline
Review
Complete the review questions and

discuss the answers as a class.
for Citrix XenApp 6
Configuring Policies
Overview
At the end of this module you will be able to:
Identify the types of Citrix policies that can be created
Identify the methods for creating policies
Create and configure policies
Apply policies using filters
Use policy modeling tools
Group Policy Integration

Citrix policies are:
Configured within Group Policy Objects (GPOs)
Linked to Active Directory domains, organizational units
(OUs) and sites
IMA-based Group Policies
Group Policy Extensions
Group Policy Architecture
Policy Evaluation
Policies are evaluated when one of the following occurs:
A user logs on
The server is rebooted
The policy refresh interval is reached
Apolicyupdateisforced
Policy Processing and Precendence
Policy Rules
Policy Rules: Computer Policies
Policy Rules: User Policies
Policy Filtering
Policies can be:
Unfiltered
Filtered
Worker Groups
User and user groups
Client device name
Client IP address range
Access control
Policy Modeling and Troubleshooting

The Citrix Group Policy Modeling wizard can simulate a user
connection in order to test the policy settings.
Administrators can specify conditions for the simulation, such
as:
Domain controller
Users
Citrix policy filters
Slow network connection
Review
Identify the types of Citrix policies that can be created
Identify the methods for creating policies
Create and configure policies
Apply policies using filters
Use policy modeling tools
for Citrix XenApp 6
Configuring Load Management
Overview
Describe the load balancing process
Identify load calculation rules
Create and assign custom load evaluators
Assign CPU resource preference to servers and users
Configure session connection failover by creating new load
balancing policies
Load Manager
Load Manager offers the following benefits to enterprises:
Maximizes system efficiency
Provides pre-defined load evaluators
Provides the ability to create custom load evaluators
Load Balancing
Load Manager balances server load across the farm by:
Using load evaluator rules to calculate server load
Identifying which server is least-loaded
Directing client connections to the least loaded server
Load Calculation
Load evaluators consist of rules that determine how load is
calculated.
Rules:
Can query specific conditions and performance metrics for
servers and published applications
Have a unique set of parameters for specifying thresholds
Can exist together in a single load evaluator
Load Calculations
Load evaluators can be classified in the following categories:
Moving average
Moving average compared to high threshold
Incremental
Boolean
Load Evaluator Configuration: Default

Load Evaluator
Load Evaluator Configuration: Advanced

Load Evaluator
Creating Custom Load Evaluators
Assigning Load Evaluators to Servers and

Applications
Load Balancing Policies

The decision behind which server is most appropriate is often
based on business needs or technical limitations, such as:
Directing users to a backup server
Directing specific users to dedicated servers
Reducing WAN traffic and improving user experience
Creating Load Balancing Policies
Force Application Streaming
Preferential Load Balancing
Troubleshooting Load Management Issues

Common self-service application issues include:
Load management is not working correctly
Load evaluator is showing full capacity, but server should
still be able to accept additional connections
Review
Describe the load balancing process
Identify load calculation rules
Create and assign custom load evaluators
Assign CPU resource preference to servers and users
Configure session connection failover by creating new load
balancing policies
for Citrix XenApp 6
Optimizing the User
Experience
Overview
Describe the different session optimization display settings
Describe the different XenApp HDX settings
Identify the Profile management components
Install and configure Profile management
Optimizing Session Performance

Session performance can be optimized by configuring:
Display settings
HDX technologies
Profile management
Enabling Display Settings
HDX Broadcast Session Reliability

HDX Broadcast Session Reliability allows a user to continue
to view, but not interact with, a published resource on the
screen of the client device when the connection to the server
is temporarily interrupted.
Enabling HDX Broadcast Session Reliability
HDX Broadcast Session Reliability

Considerations
Considerations include:
Keeping the time a session remains active to a minimum
while waiting for connectivity to resume
Optimizing port 2598 for ICA traffic
HDX RealTime
Enabling HDX RealTime
Understanding HDX RealTime Design

Considerations
Design considerations include:
Only one multimedia conferencing device is supported in a
XenApp session
OCS increases the CPU cycles on the XenApp server
Branch Repeater cannot be used to compress audio and
video traffic
ICA Pass-through connections are not supported
The Client audio redirection policy rule must be enabled to
allow for audio input through a microphone
HDX Plug-n-Play
Enabling HDX Plug-n-Play
Understanding HDX Plug-n-Play Design

Considerations
Design considerations include:
Many USB devices will not function properly in lowbandwidth or high-latency networks
ICA Pass-through connections are not supported
HDX MediaStream Multimedia Acceleration

HDX MediaStream Multimedia Acceleration optimizes
multimedia playback by delivering it to the client in a
compressed form, which reduces bandwidth consumption.

Benefits
Benefits include:
Multimedia playback in a XenApp session plays as
smoothly as a local playback
Minimized server CPU utilization
Decreased network bandwidth
Enabling HDX MediaStream Multimedia

Acceleration
HDX MediaStream for Flash

HDX MediaStream for Flash:
Optimizes the way a server renders and passes Adobe
Flash animations to client devices
Forces the Flash Player to start in a low-quality mode
Enabling HDX MediaStream for Flash
SpeedScreen Latency Reduction

SpeedScreen Latency Reduction optimizes the experience
for a user connecting over a high-latency network by:
Changing the appearance of the mouse pointer from idle to
busy after a user clicks a link
Allowing the plug-in to use fonts on the client device to
display text as the user types and the plug-in is awaiting the
redrawn screen from the server
Enabling SpeedScreen Latency Reduction
HDX 3D Image Acceleration

HDX 3D Image Acceleration uses a lossy compression
scheme to reduce the size of images by removing redundant
data, which reduces the amount of bandwidth needed to
transfer the file.
Enabling HDX 3D Image Acceleration
HDX 3D Progressive Display
Enabling HDX 3D Progressive Display
Practice: Determing the Session Optimization

Technology
Match the session optimization technology listed in the book
with the issue that each would best resolve.
User Profiles
A user profile consists of the following elements:
A registry hive
A set of profile folders stored in the file system
Differentiating User Profile Types

Profile types include:
Local user profiles
Roaming user profiles
Mandatory user profiles
Temporary user profiles
Redirecting User Data

Folder redirection:
Provides administrators the ability to modify the target
location of folders found within the user profile
Reduces the size of the user profile and decreases user
logon times
Is transparent to users
Managing User Profiles

Citrix Profile management:
Allows administrators to select specific parts of a profile to
be saved at logon and logoff
Provides a method of saving personalized user profile
settings while decreasing the size of user profiles
Enabling Profile Management
Understanding the Profile Management Logon

Process
Troubleshooting User Experience Issues

Users can experience the following issues during a session:
Users are unable to utilize a USB device during a session
Users are unable to utilize multimedia-rich applications
during a session
Users are unable to view Adobe Flash animations during a
session
Users are not assigned the proper profile after logging on to
the client device
Review
About the different session optimization display settings.
About the different XenApp HDX settings.
How to identify the Profile management components.
How to install and configure Profile management.
for Citrix XenApp 6
Configuring Self-Service
Applications
Overview
Explain the role of Citrix Receiver
Identify the plug-ins managed by Citrix Receiver
Install Citrix Receiver for Windows
Explain the role of Citrix Dazzle
Identify the components of Citrix Merchandising Server
Explain the Citrix online plug-in architecture and
communication
Citrix Receiver
Citrix Receiver for Windows

Citrix Receiver for Windows has the following system
requirements:
.NET Framework version 2.0 or later
Internet Explorer 7.x, Internet Explorer 8.x, Firefox version
2.x or 3.x
A compatible Windows operating system
Citrix Receiver for Macintosh

Citrix Receiver for Macintosh has the following system
requirements:
One of the following operating system versions:
Mac OSX 10.5, 32-bit or 64-bit (Intel only)
Mac OSX 10.6, 32-bit or 64-bit
Citrix Merchandising Server
Citrix Merchandising Server Architecture
Citrix Dazzle
Citrix Dazzle Communication Process
Plug-ins
Plug-in Delivery
Administrators can use one of the following options to deliver
plug-ins:
Citrix Receiver and Merchandising Server
Web Interface
Active Directory
Electronic Software Distribution

Manual Installation
Citrix Online Plug-in for Windows
System Requirements
The online plug-in can be installed on client devices that meet
the following requirements:
Operating System compatibility
Browser compatibility
VGA or SVGA video adapter with color monitor
Windows-compatible sound card for sound support
(optional)
A working network or Internet connection to servers
Installation Considerations
Types of online plug-ins include:
Citrix online plug-in
Filename: CITRIXONLINEPLUGINFULL.EXE
Citrix online plug-in Web

Filename: CITRIXONLINEPLUGINWEB.EXE
Citrix Online Plug-in for Mac

The Citrix online plug-in for Macintosh allows users to access
published resources from a familiar Macintosh desktop
environment.
System Requirements
Citrix online plug-in for Mac can be installed on client devices
that meet the following requirements:
Mac OS X, Version 10.4 and above
At least 256MB of RAM
29MB of free disk space
Citrix online plug-in for Mac installation packages:
CITRIX_ONLINE_PLUGIN.DMG
CITRIX_ONLINE_PLUGIN_WEB.DMG
Client for Java

The Client for Java is a Java applet that provides access to
applications running in a farm from any client device with a
standard web browser.
System Requirements
The Client for Java can run on client devices that meet the
following requirements:
A web browser with Java 2, Standard Edition Version 1.4.x
or 1.5.x, configured to accept signed Java applets
Network access to the web server that stores the client files
Deployment Considerations
The following resources are required to deploy the Client for
Java:
A copy of the client package
A means of decompressing and unpacking the .ZIP or
.TAR.GZ package
Administrator access to a web server
Citrix Receiver for Linux

The Citrix Receiver for Linux provides users with access to
resources published on XenApp servers.
System Requirements
Systems running the Receiver for Linux must meet the
following requirements:
Linux kernel version 2.6.18 or above, with glibc 2.3.4 or
above, libcap1 or libcap2 and udev support
OpenMotif 2.3.1 (optional)
6MB of free disk space for the installed client and up to
13MB if the installation package will be expanded on the
disk
256 color video display or higher
Administrators should consider the following points when
installing the Receiver for Linux:
USB support is enabled only if an administrator is logged on
as a privileged user when installing and configuring the
Receiver for Linux.
Installations performed by non-privileged users will enable
users to access published resources on the server using the
Web Interface through one of the supported browsers.
During installation, administrators will have the option of
specifying that GStreamer is enabled for multimedia
acceleration.
Troubleshooting Self-Service Application

Issues
The following issues can appear in a XenApp environment:
Merchandising Server cannot sync with Active Directory
Merchandising Server stops allowing connections to the
Merchandising Server Administrative Console
The Citrix Receiver icon does not appear in the notification
area after installation
Review
About the role of Citrix Receiver
How to identify the plug-ins managed by Citrix Receiver
How to install Citrix Receiver for Windows
About the role of Citrix Dazzle
How to identify the components of Citrix Merchandising
Server
About the Citrix online plug-in architecture and

communication
for Citrix XenApp 6
Configuring Printing
Overview
By the end of this module you will be able to:
Identify key printing concepts and terms
Identify the methods that can be used to provision printers
Identify the printing pathways and recognize when each
should be used
Recognize the different universal printing options available
Implement workspace control and proximity printing
Configure printing bandwidth restrictions
Printing Concepts
When a user clicks Print in a session, XenApp:
Determines which printers to provide to the user
Restores the user's printing preferences
Determines which printer is the default for the session
Printer Types
Demonstration: Local and Network

Printing
Watch as the instructor demonstrates how printing works
when print jobs are directed to a printer connected locally to a
client device or server and when printers are connected
across a network to a network print server.
Printing Security
To increase client printing security, access to the client
printers is restricted to:
The account that the Citrix Print Manager Service runs in
Processes running in the SYSTEM account
Processes running in the user's session
Default Printing Behavior

The default XenApp printing behavior includes:
All printers on the client device are created automatically
The client devices spool all print jobs queued to locallyattached printers
Processes running in the user's session
XenApp uses the native Windows version of the printer
driver
Printer Provisioning
User Self-Provisioning
Printer Auto-Creation
XenApp can auto-create:
Locally attached printers, including locally-defined network
printers
Network printers
Citrix Universal Printer
Controlling Client Printer Auto-Creation
Practice: Printing Definitions

Match the printing policy rules in the table to the correct
terms.
Printing Pathways
In XenApp, print jobs can take two different printing pathways:
Network printing pathway
Client printing pathway
Network Printing Pathway

The network printing pathway refers to print jobs that are
routed from the XenApp server hosting the user's session to a
print server and then spooled on a print server.
Server Local Printers
Configuring a Server Local Printer
Disabling the Network Printing Pathway
Client Printing Pathway

The client printing pathway refers to print jobs that are routed
over the ICA protocol through the client device to the printer
and spooled through the plug-in to the client device.
The printer must be connected directly to the client device

through either a UNC path or physically through cable.
Client Local Printers
Client Printers on the Network
Printing Pathway Demonstration

Watch as the instructor demonstrates how print jobs are
routed when a user prints from a published application to a
local printer and when a policy is used to direct a print job
from the published application to a network printer.
Printer Drivers
Printer drivers:
Enable the operating system and applications to create
device-ready print data streams for specific print devices
Vary among manufacturers and models
Vary in functionality in a multi-user environment
Printer Driver Types

XenApp supports the following types of printer drivers:
Native printer drivers
OEM printer drivers
Citrix Universal printer drivers
Automatic Installation: In-Box Printer

Drivers
Automatic Installation: Printer Driver

Mapping and Compatibility
Managing Printer Drivers
Practice: Printer Drivers

Provide the correct response for each question.
Citrix Universal Printing

There are several different universal printing solutions. An
administrator can configure a:
Citrix Universal Printer Driver (EMF-based)
Citrix XPS Universal Printer Driver
Citrix Universal Printer with a Citrix Universal Printer Driver
Enhanced MetaFile Format

The EMF format:
Reduces the size of some print jobs
Allows jobs to print faster
Allows users to set printer properties and preview
documents before printing
Reduces server load by saving bandwidth and CPU
processing
Print Preview
Print Preview: Navigation
Configuring Citrix Universal Printing:

Universal Driver Priority

Universal Printing

Universal Printing Preview Preference

Auto-Create Generic Universal Printer
Administrator-Assigned Network Printers

Factors for when and how to configure network printers
include:
User requirements
Client devices
Network printer availability
Adding a Network Printer
Editing Network Printer Settings
Specifying the Default Printer
Workspace Control and Proximity Printing
Configuring Proximity Printing
Printing Preferences
When users modify printing settings, the settings are stored in
the following locations:
On the client device
In a document
On the server
Printing Preference Hierarchy

XenApp searches for printing preferences in the following
order:
Retained settings (settings changed during the session)
Changes to the printer settings for the printers on the client
device
Printer settings stored on the server
Printing Properties
Printing properties are a combination of:
Printing preferences
Printing device settings
Configuring Printer Property Retention
Printing Bandwidth
Troubleshooting Printing Issues

An administrator may encounter the following printing issues:
Printers do not auto-create
Print jobs are garbled or fail to print
Network printers are not available in the session
Session appears to hang at startup when users are

disconnected from network
Review
By the end of this module you will be able to:
Identify key printing concepts and terms
Identify the methods that can be used to provision printers
Identify the printing pathways and recognize when each
should be used
Recognize the different universal printing options available
Implement workspace control and proximity printing
Configure printing bandwidth restrictions
for Citrix XenApp 6
Securing XenApp
Overview
By the end of this module, you will be able to:
Identify the components of a comprehensive XenApp
security solution
Describe the SSL Relay communication flow
Secure XenApp communications using SSL Relay
Describe the benefits of using Citrix Access Gateway in a
XenApp environment
Secure application access using Access Gateway
Avoid or resolve common security configuration missteps
with simple solutions
XenApp Security Solutions

Administrators can incorporate the following security
measures for XenApp servers:
SecureICA
SSL Relay
Citrix Access Gateway
SecureICA
Citrix SSL Relay

Citrix SSL Relay:
Encrypts traffic between Web Interface and the Citrix XML
Service
Encrypts traffic between client devices and XenApp servers
Authenticates XenApp servers
Requires SSL certificates on XenApp servers and client
devices
SSL Relay Communication
Configuring SSL Relay

An administrator can use the following procedure to configure
SSL Relay:
1. Install a unique server certificate for each XenApp server.
2. Install a root certificate on each client device and Web
Interface server.
3. Configure the relay credentials, connections and
ciphersuites.
4. Restart the XenApp servers.
5. Configure the web servers running the Web Interface .
6. Configure the client devices.
Access Gateway
Access Gateway provides the following benefits:
A secure and scalable device
SmartAccess technology, which allows administrators to
control access based on user and endpoint device
characteristics
Secure remote access to hosted applications and desktops
from the Internet
Access Gateway Deployment Scenarios

The two Access Gateway deployment scenarios are:
Access Gateway and the Web Interface in the DMZ
Access Gateway in the DMZ and Web Interface in the
internal network
Access Gateway Communications (1 of 2)
Access Gateway Communications (2 of 2)
Digital Certificates
Digital certificates:
SSL certificates verify the identity of systems in an SSL
connection
Certificate authorities (CAs) issue certificates
Server certificates confirm the identity of a server before a
client transmits data to it
Root certificates confirm the authenticity of the CA signature
on the server certificates
Access Gateway Certificate Requirements

Certificate requirements:
Web Interface - Root certificate
Citrix XML Service on XenApp servers - Server certificate
Access Gateway Certificate Requirements
Securing Access to Hosted Applications

ICA proxy allows Access Gateway to secure access to hosted
applications with the following benefits:
A hardened appliance in the DMZ
Browser-only access to published resources
Granular access control with secure application access
Traffic optimization, compression and SSL offload

Support for Citrix Receiver
Enabling ICA Proxy Mode

ICA proxy mode is enabled in the Access Gateway
Administration Tool.
SmartAccess
SmartAccess:
Enables access control to XenApp applications based on
Access Gateway policy expressions
Passes the Access Gateway policy name to XenApp
Lets XenApp determine the available applications based on
the policy settings
Practice: Security Solutions

Match the security solutions listed in the book with the
appropriate scenario in the table. Each solution is used at
least once.
Web Interface Configuration

To enable Web Interface to work with Access Gateway, Web
Interface needs to know:
The access method
The FQDN of the Access Gateway
The URLs of the Secure ticket Authority
Access Methods
Web Interface can be configured for the following access
methods:
Gateway direct
Gateway alternate
Gateway translated
Client Routes
A client route:
Specifies the access method to be used by client devices
Is distinct from IP routing
Allows control of access method for different types of
devices
Access Gateway Settings

The following Access Gateway settings can be configured:
FQDN
Port
Enable session reliability
Secure Ticket Authorities URLs
Load Balancing
Bypass failed servers for
Configuring Web Interface for Access Gateway

Connections
An administrator can configure Web Interface for Access
Gateway connections by:
Entering the IP address and netmask of the client network
Selecting an access method
Identifying the FQDN of the Access Gateway
Identifying the port number of the Access Gateway virtual
server
Adding the URLs of the Secure Ticket Authorities
Security Configuration Best Practices

Security configuration best practices include:
Always install the latest version of Citrix plug-ins.
Use IP addresses rather than FQDNs to connect to the
Secure Ticket Authority.
Secure connections between Access Gateway and other
services (such as LDAP and Web Interface) with SSL.
Deploy Access Gateway in the DMZ and Web Interface in
the secure network.
Ensure the management interface for Access Gateway and
XenApp are not routable from a public network and are
protected by host- and network-based firewalls.
Troubleshooting Access Gateway with XenApp

The following issues can appear in a XenApp environment
configured with Access Gateway:
The client cannot connect to Access Gateway
IPv6 connections fail
Access Gateway cannot connect to the Secure Ticket
Authority
Users are not able to log in to Access Gateway
A user is not able to log in to Access Gateway
User gets a "Resource no longer available" error
Review
How to identify the components of a comprehensive
XenApp security solution
About the SSL Relay communication flow
How to secure XenApp communications using SSL Relay
About the benefits of using Citrix Access Gateway in a
XenApp environment
How to secure application access using Access Gateway
How to avoid or resolve common security configuration
missteps with simple solutions

Citrix XenApp 6
Streaming Applications
Overview
Track the usage of XenApp licenses at a point in time and
over time.
Isolate ongoing issues in a XenApp environment to assist
with troubleshooting.
Track the history of issues in a XenApp environment.
Automate complex workflows.
Access XenApp information using PowerShell and other
command-line tools.
Health Monitoring and Recovery

Health monitoring and recovery:
Verifies specified XenApp services
Sends and alert or takes an action when the verification fails
Is implemented as XenApp policies
EdgeSight Monitoring
License usage
XenApp server performance and availability
Published application performance and availability
EdgeSight Components
A Citrix EdgeSight environment consists of the following
components:
EdgeSight web console
EdgeSight agents
EdgeSight server
Web Component
Microsoft SQL Server Database
Microsoft SQL Server Reporting Services
Citrix License Server

SMTP server
SNMP server
EdgeSight Communication
License Usage Monitoring

License usage is tracked by EdgeSight
Both current and historical information is available
Configuring License Alerts

1. Navigate to Configure > Company Configuration > Alerts >
Rules.
2. Create a new alert rule XenApp Error Alerts > License
Server Connection Failure.
3. Create an optional alert action.
Viewing current license usage information

1. Navigate to Track Usage > License Usage Summary tab
in the EdgeSight console.
2. Select a Product groups or Individual product and click
Go.
Viewing historical license information

1. Navigate to Track Usage > License Usage Trending in the
EdgeSight console.
2. Select Product groups or Individual product and click Go.
3. Select applicable timeframes using the Zoom button.
4. Click the magnifying glass icon to next to a product to
isolate trends.
Workflow Studio Overview

Workflow
Job
Activity Library
Workflow Studio Architecture

Management Console/Designer
Designer Runtime
Runtime Engine
Workflow Automation Use Cases

Power Management
User Provisioning
Dynamic Resource Allocation
Disaster Recovery
Product Automation
Scheduled Restarts
vDisk Image Updates
Fault Recovery
Accessing the Server Farm using

PowerShell
1. Open a PowerShell window from the Start menu.
2. Add the XenApp PowerShell snap-in:
3. Execute a XenApp PowerShell cmdlet.
Accessing the Server Farm using

Commands
altaddr
app
auditlog
change
ctxkeytool
ctxxmlss
dscheck
dsmaint
enablelb
icaport
imaport
query
Review
Complete the review questions and then go over them as a
class.
for Citrix XenApp 6
Additional Components
Overview
By the end of this module, you should be able to:
Identify the purpose and key components of SmartAuditor
Identify the purpose and key components of Single sign-on
Identify the purpose and key components of EasyCall voice
services
Identify the purpose and key components of Branch
optimization
Identify the purpose and key components of Provisioning
Services
Identify the purpose and key components of XenServer
SmartAuditor
SmartAuditor allows an organization to record the on-screen
activity of any user's session, over any type of connection,
from any server running XenApp.
SmartAuditor Components
The main components of SmartAuditor include:
SmartAuditor Database
SmartAuditor Server
SmartAuditor Policy Console
SmartAuditor Agent
SmartAuditor Player
Session Recording Process

The SmartAuditor recording process:
1. A user launches a published application running on
XenApp
2. The SmartAuditor Agent queries the SmartAuditor Server
3. The SmartAuditor Server tells the SmartAuditor Agent if
the user should be recorded
4. The SmartAuditor Agent records the session
5. The SmartAuditor Server stores the session metadata to
the database and the session recording to disk
Single Sign-on
Single sign-on provides password security and single sign-on
access to:
Windows, web, and terminal emulator applications running
in the XenApp environment
Applications running on the client device
Single Sign-on Components

The main components of Single sign-on include:
Central Store
Single sign-on plug-in
Single sign-on service (optional)
Single Sign-on Process

Single sign-on process:
The Single sign-on plug-in is installed on the client device
A users attempts to access an application that requires
authentication
The plug-in detects the application request for
authentication
The plug-in locates the correct credentials and submits
them to the application
The local and central stores are synchronized
EasyCall Voice Services

EasyCall voice services integrates with the existing telephone
system and corporate directory and enables a user to call any
phone number displayed in published, streamed, or installed
applications without dialing the number.
EasyCall Components
The main components of EasyCall include:
EasyCall Gateway
Communications plug-in
EasyCall Web Services APIs
EasyCall Process
EasyCall allows each user to create profiles for work, home
and mobile phones. These profiles are used by the EasyCall
Gateway to contact the user when a call is placed.
Branch Optimization
Citrix Branch Optimization is a WAN optimization solution that
provides a LAN-like desktop and application experience to
branch and mobile users.
Branch Repeater Components
Branch Optimization Process for the Plug-in

The Branch Optimization solution can be easily deployed
because it is transparent to both the application and the
network.
Provisioning Services
Provisioning Services Components
Power and Capacity Management

Power and Capacity Management:
Dynamically scales the number of online virtualized XenApp
servers
Records utilization and capacity levels
Power Management
Power Management controls the power on and power off
operations for the servers in a workload or farm.
Load Consolidation
Load consolidation saves power and reduces costs by
combining sessions onto fewer servers.
Power and Capacity Management Components

The main components of Power and Capacity Management
include:
Agent
Concentrator
Database
Reporting
Management Console
Power Setpoints
Setpoints are used to determine how many servers are online
at any given time by defining:
Target capacity levels
Target number of online servers
XenServer
XenServer is based on the open source Xen hypervisor and
delivers a secure server virtualization platform with near baremetal performance.
XenServer Components
XenServer consists of the following components:
XenServer host
XenCenter
Review
How to add and configure worker groups
How to add and configure administrative accounts and
permissions
About the components required for configuration loggin
How to log administrative changes made to a XenApp farm
environment
Appendix B
Practice Questions and

Answers
Module 2 Introducing XenApp: Practice

Answers
Match the components of XenApp in the following table with the description that best identifies
its function.
Issue
Resolution
c Worker groups
a. Stores dynamic farm information
d Resource Manager
b. Makes it possible for users to access published resources
f Load Manager
c. Allows multiple servers to be grouped together to ease

administration
g Web Interface
d. Provides the ability to monitor, report and collect server

resource metrics for all servers in a farm
a Data collector
e. Allows administrators to configure administrative

permissions and published resources
e Delivery Service Console f. Ensures that each user connects to the server most capable
of handling the connection
b Citrix Plug-ins
g. Provides users access to published resources in one or more

server farms through a web browser or the Citrix online plug-in
Module 5 Administrative Configuration:

Practice Answers
Use your knowledge of folders and permissions to provide the answers to the following
scenarios.
Scenario 1: An administrator with full administration privileges (full administrator) grants

an administrator with custom privileges (custom administrator) access to the Applications
node in the Delivery Services Console. The custom administrator is given full permissions to
the following:
Publish Applications and Edit Properties
All Application Sessions tasks
Six months later, the full administrator creates a folder within the Applications node of the
Delivery Services Console to better manage the published applications in the server farm.
When creating the new folder, the full administrator chooses to copy permissions from the
parent folder.
Which permissions does the custom administrator have to the new folder?
Answer: The same permissions as those of the parent folder.

Scenario 2: An administrator with full administration privileges (full administrator) grants
an administrator with custom privileges (custom administrator) access to the Applications
node in the Delivery Services Console. The custom administrator is given full permissions to
the following:
Publish Applications and Edit Properties
All Application Sessions tasks
Six months later, the full administrator creates a folder within the Applications node of the
Delivery Services Console to better manage the published applications in the server farm.
When creating the new folder, the full administrator chooses not to copy permissions from
the parent folder.
Which permissions does the custom administrator have to the new folder?
Answer: The custom administrator does not have permissions to the new folder.
Scenario 3: CompanyA has a server farm that consists of ten servers: five located in Quebec
and five located in Hong Kong. The administrators in each location must have permission to
manage only the servers in their geographic region. To accomplish this task, the full
What else must the full administrator do to ensure that administrators can only manage the
servers in their geographic region?
Answer: The full administrator must grant permissions for the new folders to the
appropriate regional custom administrators to ensure that the administrators in each
location can administer only the servers in their location.
Module 6 Installing Web Interface:

Practice Answers
Site Customization
Match the scenarios in the following table with the customization option used to address the
scenario.
Layout
Appearance
Content
Customization Option
Scenario
Layout
Change the number of tabs displayed in the site.
Content
Change the standard language of the site to Spanish for users

in Mexico.
Appearance
Add the company logo to the header area of the site.
Content
Add the "Welcome to the Marketing Department" welcome

message to the site.
Layout
Allow users to customize the screen layout on the client device.
Appearance
Add the company logo.
Authentication Configuration
Fill in the blanks to complete the following sentences.
1. A User Principal Name is a unique name in Windows Active Directory given to each user
as an identifier and consists of a principal name and a domain name or domain alias.
2. When pass-through authentication is implemented, users do not need to enter their
credentials to access their application set.
3. A smart card can be used to authenticate users to a Web Interface site.
4. An administrator can select Windows, NDS or NIS authentication for explicit logon to a
Web Interface site.
6. Both SafeWord and RSA SecurID two-factor authentication methods use a token and a
PIN number to create a passcode.
7. When Single sign-on is integrated with the Web Interface, the reset feature can be enabled
to allow users to reset their network password.
Module 7 Delivering Applications and

Content: Practice Answers
Publishing Resources
Identify which statements are true and which statements are false. Correct the false statements
to make them true.
1. F The display name for the published resource is auto-generated. The display name is
important because it is the name that the plug-in uses to identify the published resource.
The display name for the published resource is not auto-generated. The name is specified
by the administrator. It is important because it is the name that the users use to identify
the published resource.
2. T An administrator can stream an application to XenApp servers and to the desktops of
client devices using the application streaming feature in XenApp.
3. T After the basic settings have been configured for a published resource, an administrator
can publish the resource immediately without configuring the advanced settings.
4. F Installing an application on servers in a different directory on each server in the server
farm will make accessing published applications easier for the users.
The location of the published application on a server has no impact on users. Installing
an application in the same directory on all servers in the server farm will make publishing
an application easier for the administrator.
5. T The user profile information is persistent for configured user accounts.
Content Redirection
Match each scenario in the following table with the content redirection method that should
be implemented. Each method is used once.
Server-to-client content redirection
Client-to-server content redirection
Published content with client-to-server content redirection
Content Redirection Method
Scenario
Published content with

client-to-server content
redirection
Once a month, a published version of a listing of employee

events is made available to all employees. Because
employees have a range of client devices, HR wants
employees to view the document using a published
application.
Server-to-client content
redirection
Alisha wants to access a published version of a web-based

accounting tool using a web browser installed locally on
her client device.
Client-to-server content
redirection
The Operations team wants to view its weekly log reports

(.XLS files) using a published version of Excel.
Module 10 Configuring Load

Management: Practice Answers
Match the load evaluators listed below with the appropriate scenarios in the following table.
Each load evaluator will be used at least once.
Default
Advanced
Custom
Load Evaluator
Issue
Default
All servers in the server farm host the same applications and can
support 100 user sessions.
Custom
The administrator wants to remove one or more published

applications from the list of applications for a period of time.
Advanced, Custom
All servers in the server farm have different server hardware but
host the same published applications.
Custom
Some servers contain published applications that require significant

server resources.
Module 11 Optimizing the User

Experience: Practice Answers
Match the session optimization technology listed below with the issue that each would best
resolve.
1.
2.
3.
4.
5.
6.
HDX RealTime
HDX Plug-n-Play
HDX 3D Image Acceleration
HDX MediaStream for Flash
SpeedScreen Latency Reduction
Session Optimization
Technology
Scenario
3. HDX 3D Image Acceleration Graphic artists experience long load times when viewing
images with published photo imaging software.
5. SpeedScreen Latency
Reduction
Accounting users experience slow keyboard and mouse

response when using all published applications.
6. HDX MediaStream
Multimedia Acceleration
Users in Human Resources experience choppy playback

when viewing training videos using published Windows
Media Player.
1. HDX RealTime
Executives request the ability to use Microsoft Office

Communicator as a video conferencing tool.
2. HDX Plug-n-Play
Graphic artists request the ability to use 3D mice within

a published application.
4. HDX MediaStream for Flash Marketing users experience choppy playback of all Flash
media when using published Internet Explorer.
Module 13 Configuring Printing: Practice

Answers
Printer Drivers
Provide the correct response for each of the following questions.
1. In order to prevent printer drivers from being installed automatically, which policy rule
should be configured?
Native printer driver auto-install

2. What are four benefits of using the Universal printer driver?
1.
2.
3.
4.
It reduces the size of some print jobs.

It limits the need to install and replicate printer drivers.
It reduces the number of help desk calls.
It enables users to print to almost any modern printer.
Printing Definitions
Match the printing policy rules in the following table to the correct terms.
Term
e Auto-creation
Definition
a. A rule that enables the use of old-style printer names as
used by prior versions of XenApp
c Printer properties retention b. A rule that controls whether network printer jobs flow
directly from XenApp server to the print server or take an
extra step and are routed back through the client device
d Turn off client printer
mapping
c. A rule that controls whether printer properties are stored

on the client device or user profile
a Legacy client printers
d. A rule that disables the mapping of all client printers
b Print job routing
e. A rule that controls the auto-creation of all, local, default

or no client printers.
Module 14 Securing XenApp: Practice

Answers
Match the security solutions listed below with the appropriate scenario in the following table.
Each solution is used at least once.
SecureICA
SSL Relay
Access Gateway
Security Solution
Scenario
Access Gateway
Lydia is the administrator of a large server farm with users that access
the server farm resources through the Internet.
SecureICA
Jeremy is the administrator of a large server farm with users that

access the server farm resources internally through the LAN at the
company.
SSL Relay
Ben is the administrator of a small server farm and needs to provide

encryption of the communications being sent to the client devices
and the Web Interface.
Access Gateway
Adam is the administrator of a small server farm and needs to

provide two-factor authentication to users accessing server farm
resources through the Web Interface.
Appendix A
Review Questions and

Answers
Module 2 Introducing XenApp: Review

Answers
1. Which options are editions of XenApp?
a. Standard, Enterprise, Custom
b. Advanced, Essential, Platinum
c. Basic, Intermediate, Advanced
d. Advanced, Enterprise, Platinum
Answer: d
2. Which feature of XenApp delivers a high performance, high definition user experience
through virtualized applications from any device, on any network?
a. SSL Relay
b. SNMP Monitoring
c. Citrix HDX technology
d. Support for Microsoft App-V
Answer: c
3. Which component is not one of the primary architectural components of XenApp?
a. Data collector
b. License server
c. Data store database
d. Desktop Delivery Controller
Answer: d
4. Which statement about Independent Management Architecture is true?
a. Communicates with XenApp using TCP port 25000
b. Delivers crucial systems that collectively leverage additional Citrix products
c. Runs on designated XenApp servers and is enabled in the Delivery Services Console
d. Provides the framework for all server-to-server communication that occurs in a XenApp
farm
Answer: d
Module 3 Licensing XenApp: Review

Answers
1. After a license server is installed and licenses added, servers can lose contact with the license
server for up to how many days without the loss of functionality?
a. 5
b. 30
c. 90
d. 96
Answer: b
2. Which type of licensing manages the licenses that are required for each device or user to
connect to a Remote Desktop Session (RDS) Host server?
a. Citrix licensing
b. XenApp licensing
c. Microsoft plug-in licensing
d. Remote Desktop licensing
Answer: d
3. Complete the following sentence. When implementing XenApp, It is a best practice to
install the license server _______.
a. After installing XenApp
b. Before installing XenApp
c. On the same server as XenApp
d. On the same server as the Web Interface
Answer: b
4. What should an administrator do to obtain a license file?
a. Call Citrix Technical Support
b. Copy a file from a previous XenApp implementation
c. Log on to the MyCitrix web site using personalized credentials
d. Run the License Generation Wizard from the Delivery Services Console
Answer: c
Module 4 Installing XenApp: Review

Answers
1. True or False: An individual can elevate their privilege to local administrator through User
Account Control to gain membership to the local administrators group.
a. True
b. False
Answer: b
2. Which item is not available as a role in the XenApp Server Role Manager?
a. Data collector
b. XenApp server
c. Web Interface server
d. Provisioning services
Answer: a
3. Complete the following sentence. When configuring XenApp, to use an existing license
server, administrators enter the license server name or __________.
a. IP address
b. license key
c. MAC address
d. administrator credentials
Answer: a
4. Complete the following sentence. If pass-through authentication is not enabled during the
installation and is later desired on the server, the plug-in software __________.
a. cannot be configured to use pass-through authentication
b. automatically configures upon reboot for pass-through authentication
c. must be reinstalled on the server before pass-through authentication can be used
d. can be copied from another XenApp environment that contains pass-through
authentication
Answer: c
Module 5 Configuring XenApp

Administration: Review Answers
1. Which privileges can be granted to a XenApp administrator account?
a. Full, View Only, Guest
b. Read Only, Write Only, Add/Update
c. View Only, Full Administration, Custom
d. Create Accounts, Delete Accounts, Update Accounts
Answer: c
2. Which statement about folders in the Delivery Services Console is true?
a. All administrators can create folders.

b. Permissions can be assigned to individual applications in folders.
c. Folders can be used to delegate the administration of applications and servers.
d. Changes to permissions on a parent folder are automatically copied to all subfolders.
Answer: c
3. If IMA encryption is enabled, which effect will it have on the Configuration Logging
database?
a. All data in the Configuration Logging database will be backed up.
b. Credentials to the Configuration Logging database will be encrypted.
c. Only an Oracle database can be used for the Configuration Logging database.
d. Only a SQL Server database can be used for the Configuration Logging database.
Answer: b
4. Which statement about worker groups is true?
a. The first XenApp server moved into a worker group becomes the zone data collector.
b. Farm servers in a worker group with a priority setting of 3 are considered the highest
priority.
c. A farm server added to a worker group will automatically inherit the policy configurations
for the worker group.
d. A farm server added to a worker group does not need to have an application installed
locally to be able to inherit the published application configurations of the worker group
and host the application.
Module 6 Installing and Configuring Web

Interface: Review Answers
1. Which authentication method is not recommended in secure environments?
a. Smart card
b. Anonymous
c. Single sign-on
d. Novell Directory Services
Answer: b
2. Which feature allows users to disconnect and reconnect to ICA sessions as they move
between client devices?
a. Workspace control
b. Explicit authentication
c. Pass-through authentication
d. Pass-through with smart card authentication
Answer: a
3. Which two types of Web Interface sites can an administrator create? (Choose two.)
a. XenApp Web
b. XenApp Plug-in
c. XenApp Services
d. XenApp Advanced Configuration
Answer: a, c
4. Which three protocols can be used to transport Web Interface data between the web server
and XenApp servers? (Choose three.)
a. HTTP
b. HTTPS
c. IPX/SPX
d. SSL Relay
Answer: a, b, d
a. The alternate IP address of a XenApp server is included in the client files

b. The alternate IP address of a Secure Gateway server is included in client files.
c. The ALTADDR command is used to change the IP address of the Web Interface server.
d. The internal IP address of a XenApp server is mapped to the external IP address of the
Web Interface server.
Answer: a
6. The Client for Java should be used in which two situations? (Choose two.)
a. A web browser does not exist on the client device.
b. Permanent installation of plug-in software is desired.
c. Permanent installation of plug-in software is not permitted.

d. A Java-compatible web browser exists on the client device.
Answer: c, d
7. When the Citrix online plug-in is used to access published applications, which statement
is correct?
a. A XenApp Web site is required.
b. A XenApp Services site is required.
c. Pass-through authentication cannot be used.
d. A web browser is used to communicate with the Web Interface site.
Answer: a
Module 7 Delivering Applications and

Content: Review Answers
1. An administrator can manage published content using which node in the Delivery Services
Console?
a. Content
b. Applications
c. Published Resources
d. Installation Manager
Answer: b
2. When an application set contains a large number of published applications, server desktops
and content, how can an administrator effectively organize the resources for users?
a. Use load-managed groups.
b. Use the Resource Manager.
c. Create client application folders.
d. Create application folders in the console.
Answer: c
3. What are two types of content redirection? (Choose two.)
a. Client-to-server
b. Server-to-client
c. Client-to-content
d. Application-to-server
e. Content-to-application
Answer: a, b
4. An administrator can configure the importance level of a published application using which
option in the properties of the application?
a. Type
b. Limits
c. Client options
d. Access control
a. Published resource properties cannot be modified.

b. Published resource properties can be modified at any time.
c. Published resource properties can be modified only when the resource is disabled.
d. Published resource properties cannot be modified when users are using the resource.
Answer: b
6. Which two statements about session sharing are true? (Choose two.)
a. Session sharing does not take precedence over load balancing settings.
b. All applications in a shared session must be published with the same settings.
c. Session sharing is a mode in which more than one hosted application runs on a single
connection.
d. Session sharing is a mode in which more than one user can access the same hosted
application in a single session.
Answer: b, c
Module 8 Streaming Applications: Review

Answers
1. In addition to the standard server farm components of XenApp 6, which Citrix component
is needed for application streaming to a desktop?
a. Citrix Receiver
b. Citrix online plug-in
c. Citrix offline plug-in
d. Citrix Access Gateway
Answer: c
2. Which two statements regarding the Citrix offline plug-in are accurate? (Choose two.)
a. The offline plug-in is invisible to the user.
b. The offline plug-in runs as a service on the client device.
c. The offline plug-in determines the application delivery mode.
d. The offline plug-in is displayed in the Windows notification area.
e. The offline plug-in can be used in conjunction with a XenApp Web site to access
applications offline.
Answer: a, b
3. A profile creates a target based on which four criteria? (Choose four.)
a. Applications
b. Operating system
c. Service Pack level
d. System drive letter
e. Operating system language
f. Files, folders and registry settings
Answer: b, c, d, e
4. An administrator is creating a profile for an application and wants to include a specific
Internet Explorer plug-in. Which type of installation should the administrator use?
a. Quick
b. Default
Answer: d
5. An administrator must publish which file type to make a streaming application available
to users?
a. .EXE
b. .MSI
c. .RAD
d. .PROFILE
Answer: d
6. Which two application types can be configured in a Web Interface site so that applications
stream to the desktop of a client device? (Choose two.)
a. Online
b. Offline
c. Dual mode
d. Streamed to client
e. Streamed to server
Answer: b, c
7. An administrator wants users to be able to access applications installed on the XenApp
server through the online plug-in and access streaming applications when the users are
offline. What must the administrator configure?
a. One XenApp Web site
b. One XenApp Services site
c. One XenApp Web site and one XenApp Services site
d. Two XenApp Web sites and two XenApp Services sites
Answer: b
Module 9 Configuring Policies: Review

Answers
1. Citrix policies can be created using which three management tools? (Choose three.)
a. Delivery Services Console
b. Terminal Services Manager
c. Advanced Configuration Console
d. Advanced Group Policy Manager
e. Group Policy Management Console
Answer: a, d, e
2. When an existing Citrix user policy is changed, how long does the previous policy remain
in effect?
a. For the length of the session
b. Until the user profile is changed
c. Until the user disables the policy
d. Until the user is moved to another group
Answer: a
3. Which filter is not valid for use with policies in XenApp?
a. Servers
b. Worker groups
c. Client device name
d. User and user groups
Answer: a
4. Which two events do not trigger a policy update evaluation? (Choose two.)
a. A user logs on
b. The server is rebooted
c. An OU trust is created
d. A policy update is forced
e. A print server is imported
f. The policy refresh interval is reached
5. Select the correct order in which policies are processed and applied.
a. Domain GPOs, Local GPOs, IMA-based policies, OU GPOs, Site GPOs

b. IMA-based policies, OU GPOs, Local GPOs, Site GPOs, Domain GPOs
c. Local GPOs, IMA-based policies, Site GPOs, Domain GPOs, OU GPOs
d. OU GPOs, Local GPOs, IMA-based policies, Site GPOs, Domain GPOs
e. Site GPOs, Domain GPOs, Local GPOs, OU GPOs, IMA-based policies
Answer: c
Module 10 Configuring Load

Management: Review Answers
1. An administrator can attach load evaluators to which two components in a server farm?
(Choose two.)
a. Users
b. Servers
c. Groups
d. Published applications
Answer: b, d
2. The Default load evaluator is based on which rules?
a. Page Faults, Load Throttling
b. Context Switch, Load Throttling
c. Disk Operations, Load Throttling
d. Server User Load, Load Throttling
Answer: d
3. The Advanced load evaluator is based on which rules?
a. CPU Utilization, Load Throttling, Memory Usage and Page Swap
b. Load Throttling, Memory Usage, Page Swap and Server User Load
c. CPU Utilization, Load Throttling, Page Swap and Server User Load
d. CPU Utilization, Load Throttling, Memory Usage and Server User Load
Answer: a
4. A server to which the Advanced load evaluator is assigned is dropped from the internal list
of available servers when which event occurs?
a. When all the rules in the Advanced load evaluator meet their set thresholds
b. When one of the rules in the Advanced load evaluator meets its set threshold
c. When all the rules in the Advanced load evaluator exceed their set thresholds
d. When one of the rules in the Advanced load evaluator exceeds its set threshold
Answer: b
a. By using the Load Manager Monitor

b. By duplicating an existing load evaluator
c. By using the New > Add Load Evaluator menu option
d. By altering the rules in either the Default or Advanced load evaluator
Answer: b
6. An administrator can adjust load evaluator properties ____________. (Fill in the blank
with the correct answer.)
a. At any time
b. At the time of creation only
c. For the Advanced load evaluator only

d. Only when the load evaluator is not being used
Answer: a
Module 11 Optimizing the User

Experience: Review Answers
1. If a client device is connected to XenApp server over a slow connection and the user is
experiencing delayed mouse clicks and keyboard response, which type of session
optimization technology should be implemented to address this issue?
a. HDX RealTime
b. HDX MediaStream for Flash
c. SpeedScreen Latency Reduction
d. HDX MediaStream Multimedia Acceleration
Answer: c
2. An administrator should publish __________ and enable __________ for users who need
to watch videos and require high quality.
a. Firefox, HDX 3D Image Acceleration
b. QuickTime, HDX MediaStream for Flash
c. Outlook, SpeedScreen Latency Reduction
d. RealOne Player, HDX MediaStream Multimedia Acceleration
Answer: d
3. Which three statements about HDX 3D Image Acceleration are correct? (Choose three.)
a. HDX 3D Image Acceleration works best with medical imaging.
b. HDX 3D Image Acceleration can be enabled using a Citrix policy.
c. HDX 3D Image Acceleration removes redundant data from an image file.
d. HDX 3D Progressive Display works in conjunction with HDX 3D Image Acceleration.
e. HDX 3D Image Acceleration provides a high image quality when the compression level
is set to high compression.
Answer: b, c, d
4. Which statement about HDX MediaStream for Flash is true?
a. It auto-creates printers after the Flash Player launches.
b. It auto-creates printers before the Flash Player launches.
c. It forces the Flash Player to start in a high-quality mode instead of the default low-quality
mode.
Answer: d
5. Which three statements are true concerning Session Reliability? (Choose three.)
a. HDX Broadcast Session Reliability reconnects the user without the loss of data.
b. HDX Broadcast Session Reliability resets the user connection upon session interruption.
c. HDX Broadcast Session Reliability reconnects the user without requiring
re-authentication.
d. HDX Broadcast Session Reliability tunnels the ICA traffic through the Common Gateway
Protocol (CGP) on port 1494.
e. HDX Broadcast Session Reliability tunnels the ICA traffic through the Common Gateway
Protocol (CGP) on port 2598.
Answer: a, c, e
Module 12 Configuring Self-Service

Applications: Review Answers
1. Which plug-in provides a self-service storefront for enterprise resources to users?
a. Dazzle
b. Online plug-in
c. Offline plug-in
d. Communications plug-in
Answer: a
2. From which component does the Merchandising Server obtain new plug-ins to distribute
to client devices?
a. XenApp farm
b. Citrix Receiver
c. The Web Interface
d. Citrix Update Service
Answer: d
3. Which component manages plug-ins on a client device, allowing IT to deliver applications
and desktops as an on-demand service?
a. Dazzle
b. Citrix Receiver
c. Web Interface
d. Merchandising Server
Answer: b
Module 13 Configuring Printing: Review

Answers
1. Which type of printer is accessed as a shared resource and connected to the network by
means of a print server?
a. Network printer
b. Client local printer
c. Server local printer
d. Client network printer
Answer: a
2. Which statement concerning printing in a XenApp environment is true?
a. Auto-created network printers are identified only by their printer name.
b. Printer properties can be stored on the client device or in the user profile.
c. Auto-created client local printers are identified only by their printer name.
d. By default, only the default client printer is automatically created during logon.
Answer: b
3. Which statement is NOT a benefit of implementing the Universal printing policy rule?
a. It limits which printers users can access.
b. It reduces printer driver maintenance issues.
c. It ensures that client printers are auto-created regardless of printer driver availability
on the server.
d. It reduces the size of some print jobs and reduces delays when print jobs are spooled
over slow connections.
Answer: a
4. Which printer drivers are installed by default on a XenApp server?
a. No printer drivers
b. HP printer drivers
c. Universal printer drivers
d. Those designated during installation
Answer: c
a. Worker group properties

b. Published application properties
c. Policies in the Delivery Services Console
d. Citrix Policies in Group Policy Management Console
Answer: d
Module 14 Securing XenApp: Review

Answers
1. Which component is not required for Access Gateway integration with Web Interface?
a. A failover virtual server
b. A FQDN that Web Interface can resolve
c. An SSL certificate that Web Interface trusts
d. An Access Gateway server that Web Interface can access
Answer: a
2. Which two critical security capabilities is SecureICA not designed to do? (Choose two.)
a. It does not authenticate the XenApp server that the client accesses with SSL certificates.
b. It does not encrypt session data sent between the client and the XenApp server.
c. It does not authenticate the user that is requesting access to the XenApp server.
d. It does not encrypt user authentication credentials sent between the client and the
XenApp server.
Answer: a, d
3. Which two deployment scenarios are valid for Access Gateway and XenApp? (Choose two.)
a. Access Gateway in the DMZ, Web Interface in the DMZ
b. Access Gateway in the DMZ, Secure Ticket Authority in the DMZ
c. Access Gateway in the DMZ, Web Interface in the internal network
d. Access Gateway in the secure network, Web Interface in the DMZ
e. Access Gateway in the secure network, Secure Ticket Authority in the DMZ
Answer: a, c
Module 15 Monitoring: Review Answers

1. At which interval is data collected and stored in the local Firebird database on a XenApp
EdgeSight agent?
a. 1 hour
b. 5 minutes
c. 5 seconds
d. 20 minutes
e. 15 seconds
Answer: e
2. When health monitoring and recovery is configured for a server, which three actions can
be configured to take place automatically? (Choose three.)
a. Restart the Citrix IMA Service.
b. Restart the Citrix XML Service.
c. Shut down the Citrix IMA Service.
d. Send alerts to the Event Log of the server.
e. Send a message to the data store database.
Answer: a, c, e
Module 16 Additional Components:

Review Answers
1. Which three components are included in XenApp? (Choose three.)
a. EdgeSight
b. NetScaler
c. XenDesktop
d. SmartAuditor
e. Single sign-on
2. Which statement about EasyCall voice services is true?
a. It is a virtual appliance that allows users to access applications using any phone
b. It is a virtual appliance that enables users to place calls from business applications
c. It is a virtual appliance that verifies the password of a user accessing a business application
d. It is a virtual appliance that speeds up communication channels and replaces the PBX
in an organization
Answer: b
3. What are two benefits of SmartAuditor? (Choose two.)
a. Administrators can monitor sessions to aid in the compliance of regulatory policies.
b. Administrators can configure a Security Module to protect the data store database.
c. Administrators can configure policies to control which applications client devices can
access.
d. Administrators can specify recording options based on the user, application or the
XenApp server that is accessed.
Answer: b, d
4. For which purpose can Provisioning Services be used?
a. Secure ICA traffic
b. Host virtual machines

c. Provision physical and virtual desktops
d. Automate business and IT processes
Answer: c

CMC CitrixXenapp6

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

CMC CitrixXenapp6

Hochgeladen von

Copyright:

Verfügbare Formate

Basic Administration

for Citrix XenApp 6

Agenda for Day One

Module 3: Licensing XenApp

Agenda for Day Two

Agenda for Day Three

Agenda for Day Four

Module 11: Optimizing the User Experience

Agenda for Day Five

Basic Administration for

Citrix Systems, Inc. is an American multinational software company founded

History of Citrix XenApp

What is Citrix XenApp?

According Citrix, XenApp means:

Why Citrix XenApp?

Citrix XenApp is an on-demand application delivery solution that

Simple XenApp environment might look like

End User connected to a farm

Some XenApp terminology:

XenApp server is the main software component of the Citrix application

XenApp feature overview

XenApp feature overview contd.

Single and Multiple Farm Environments

Data Store Updates and the Local Host

Independent Management Architecture

Data Collector Election

Additonal XenApp Components

Delivery Services Console

Practice: XenApp Components

License Communication Process

1. A user connects to Farm A.

4. The same users connects to Farm B.

Citrix License Server 11.6.1

Microsoft Remote Desktop Services

Remote Desktop Licensing

Additional Licensing Considerations

License Administration Console

Delegated Administrators in the License

Manual Installation and Configuration

License Server Considerations

License File Management

Obtaining License Files

High Availability Considerations

Additional License Server Processes

License Server Clustering

XenApp Server Role Manager

Unattended Installation and Configuration

Maintain proper licensing

XenApp Configuration Options

Which Farm or Zones Will Be Used in the

Can balance load among server in the farm

Which License Server Will Be Used for the

Can be installed on a dedicated server or a server that

Which Database Engine Will Be Used for the

Will Shadowing Be Enabled?

On Which Port Will the Citrix XML Service Run?

Can share port 80 with IIS

When Will Users Be Added to the Local Remote

Which Pass-through Client Will Be Used in the

Allows users to access their published applications through

Will Pass-through Authentication Be Used in

Will Information in the Data Store and