Opsætning af ny Citrix XenApp farm

Denne blog-post er mit bud på hvordan du opsætter en ny Citrix XenApp farm (tidligere Citrix Presentation Server).
Som udgangspunkt vælger jeg altid at opsætte en ny farm, frem for at opgradere.
Det betyder at man kører med to farme parallelt med hinanden og migrere brugerne over stepvis i den nye farm.
Jeg vælger ligeledes altid at opsætte følgende enheder i den nye farm.

Active Directory – Citrix Admin brugere/grupper:
Opret her en bruger som du feks. kalder CTX_Sql, som anvendes til at connecte til data storen.
Opret her en bruger som du feks. kalder CTX_Admin, som anvendes til at logge på citrix serverne.

Active Directory – Citrix Group Policies – Deny til Domain Admins:
CTX_Profiles – http://www.msterminalservices.org/articles/Managing-Terminal-Services-Group-Policy.html
CTX_Lockdown – http://support.microsoft.com/kb/278295
CTX_Office2007 – http://www.microsoft.com/downloads/details.aspx?FamilyId=92D8519A-E143-4AEE-8F7A-E4BBAEBA13E7&displaylang=en
CTX_IE7 – http://jravn.dk/?p=51

Microsoft SQL Server 2005 (hvis ikke der er en eksisterende. Små installationer kan nøjes med Express udgaven).
Første server i farmen (Data Collector – Hoster ikke applikationer).
Applikations Servere + Virtual test server + Evt. Silo server.
2 x Interne Web Interfaces i et NLB setup med et SSL certifikat. (jeg vælger kun at benytte WI og PNA klinter for at opretholde en central styring af klienterne i citrix miljøet).
2x Eksterne Web Interfaces i et NLB setup med Secure Gateway + SSL certifikat og 2 faktor validering som feks SMSpasscode – Safeword – RSA.

Microsoft SQL Server 2005 + SP2:
Citrix Presentation Server and Microsoft SQL 2005 Configuration
http://support.citrix.com/article/CTX112524

Første server i farmen:
Denne afvikles på en Virtual server med følgende roller:
Windows 2003 + SP2 + Fuld Windows Security Update + .NET framework 2.0.
Member server i det eksisterende domæne. Denne server hoster ingen applikationer.
IIS 6.0.
Terminal Server + MS Terminal License Server.
Citrix License server (typisk laver man her fulfillment via mycitrix.com og samler alle sine licenser en licensfil og angiver det nye hostnavn).
XenApp server + Data Collector + nyeste Citrix hotfixes.
Konfigurering af flere Citrix Policies – Turn off Visual effects – Turn off Audio og COM ports – Drive – Printers – Shadow – Encryption.

Note til flytning af eksisternede MS Terminal License Server (Windows 2003):
In order to move or replace an existing license server, perform the following tasks:
Install and activate a license server on the new computer.
Install the number and type of TS CAL tokens, equal to the number and type installed on the original license server that is being replaced.
You might use any of the three available connections methods available.
Depending on how you purchased your TS CALs, it might be necessary to phone a Microsoft Customer Service Representative if both the Automatic and Web methods fail.
Ensure that the new license server is discoverable by your terminal servers. For example, if you previously configured your terminal servers to request tokens from the old license server, you need to modify them
to request tokens from the new license server.
Uninstall or deactivate the old license server if you are replacing an active license server.
Clients that were issued tokens by the retired license server will continue to use those tokens until they expire. As tokens expire, clients will be assigned new tokens from the new license server.

Konfigurering Applikations Servere:
Disk opsætning = RAID1 + Single Partition (C:).
Installer Windows 2003 + SP2 + Fuld Windows Security Update.
Member server I domænet.
Installer Terminal Services: Full Security – Angiv IP nummer på den nye TS License server – Per user.
Stop følgende services:
Automatic Updates(D) – Computer Browser(M) – Error Reporting Service (M) – Help and Support(D) – Windows Audio(D) – Wireless Configuration(D).
Tilret herefter følgende, som vist på nedenstående billeder:

RDP-TCP properties:

Performance Options:

File and Printer Sharing:

Print Server Properties:

Kør RunOncEx.cmd, som efter genstart installere følgende applikationer:
Java – Adobe Flash Player – Adobe Shockwave – Adobe reader – UPHClean – ThreadMaster – Office 2007 + SaveAsPDFandXPS + Office 2007 SP1

Genstart serveren og installer herefter Citrix XenApp server.

Installer Antivirus og exclude i henhold til nedenstående.
Antivirus Software Configuration Guidelines for Presentation Server:
http://support.citrix.com/article/CTX114522

Kør RunOncEx _Cleanup.cmd, som sletter uønsket foldere og genvejs ikoner i All og Default User Profile. Endvidere bliver der også tilrettet en række registry settings.
For mere info omkring RunOnceX.cmd og RunOncEx _Cleanup.cmd, se nedenstående link:
http://jravn.dk/?p=55
http://jravn.dk/?p=56

Genstart serveren og login, så RunOncEx _Cleanup.cmd bliver afviklet.
Sæt herefter en Schedule på nedenstående Reboot Script.

@ECHO OFF
net stop spooler /y
del /f/q C:windowssystem32spoolprinters*.*
del /f/q/s C:windowstemp*.*
shutdown.exe /r /t 20 /f

Opsætning af Citrix Web Interface 4.6:

How To: Install and Configure Citrix Web Interface 4.6 and Citrix Secure Gateway.
http://www.msterminalservices.org/articles/Install-Configure-Citrix-Web-Interface-Secure-Gateway-Part1.html
http://www.msterminalservices.org/articles/Install-Configure-Citrix-Web-Interface-Secure-Gateway-Part2.html

WI og pass-through.
http://support.citrix.com/article/CTX113004

Deploy ICAweb.
http://support.citrix.com/article/CTX114097

NLB with Layer 2 and 3 Switches.
Q. How Do I Configure NLB with Layer 2 Switches?
A. If you are connecting NLB hosts to a switch rather than a hub, you need to make sure that the switch does not associate the cluster MAC address with a particular switch port.
Knowledge Base article Configuration Options for WLBS Hosts Connected to a Layer 2 Switches (http://go.microsoft.com/fwlink/?LinkId=18367) explains how to configure NLB with Layer 2 switches.

Q. How Do I Configure NLB with Layer 3 Switches?
A. Layer 3 switches need to be specially configured to work with NLB. A VLAN must be established for the hosts in the cluster, and this VLAN must be configured to operate in Layer 2 mode.
All Layer 3 switches may not support this capability, and when they do, the mechanism to setup the Layer-2 VLAN is specific to the particular make and model.
Consult the documentation for the switch before attempting to configure such a system.

Comments are closed.