An overview of IS&T's Citrix An overview of IS&T's Citrix Architecture and Applications Architecture and Applications Network & Infrastructure Services Team Network & Infrastructure Services Team Mark Silis and Richard Edelson Mark Silis and Richard Edelson

Why use Citrix? Applications that are not multiplatform Applications that are not multiplatform –Windows only applications Central Maintenance of front end apps Central Maintenance of front end apps –DB Front end apps require maintenance License pooling License pooling –Maintaining licenses just for concurrent use “Thin Client” – Bandwidth advantages “Thin Client” – Bandwidth advantages –DB Front end apps may require more bandwidth unavailable to remote users Easy availability for specialty applications Easy availability for specialty applications –Some apps do not need to be deployed to all desktops

Citrix MIT Running since 2003 Running since 2003 Currently 1100 registered MIT users Currently 1100 registered MIT users In use by both Administrative and Academic spaces In use by both Administrative and Academic spaces 32 Published applications in production 32 Published applications in production Production and Staging environments Production and Staging environments Supported by Computing Helpdesk Supported by Computing Helpdesk

Citrix Architecture The Web Front End ClientsSun/Apache Webservers Web Browser sends user’s MIT certificate Webserver sends content The certificate authenticates the user to the application chooser The user selects an application icon and the webserver sends an ICA file with the application

Web Back End Sun/Apache Webservers Citrix Server Farm - Windows Application icons And ICA settings The application icons and ICA setting files are published By the Citrix Server Farm and passed to the client by the front end webservers

The first logon screen, a user must activate their account for use with Citrix The user is authenticated to the application chooser via their certificate

ICA Client software If you have not installed the ICA client software you will need to do so at this point The Mac and Windows clients are available from the install Citrix link on the MIT Citrix logon page Clients for a number of operating systems are available as a free download from the Citrix website:

Application Chooser The user selects the icon for the application they wish to launch Then the ICA file is sent from the webserver to the client The Citrix servers check ACL’s for each application to control user access

The ICA file The Citrix ICA file is an ASCII file containing the connection parameters for a particular application The Citrix ICA file is an ASCII file containing the connection parameters for a particular application The file is downloaded by the browser from the webserver and when run it launches the Citrix client with it’s parameters The file is downloaded by the browser from the webserver and when run it launches the Citrix client with it’s parameters

Connecting to the Citrix Farm Citrix ICA Clients Citrix Server Farm ICA File Clients connect to the Server Farm and are presented with a Windows logon screen SSL Enabled 128-bit (RCS) Encryption required

Windows Authentication The MIT Citrix Farm is part of the MIT Central Windows domain win.mit.edu. The MIT Citrix Farm is part of the MIT Central Windows domain win.mit.edu. Trust of MIT Kerberos Realm by win.mit.edu allows single sign-on to multiple resources. Cross realm logon using Kerberos V5 takes place when the user authenticates. Trust of MIT Kerberos Realm by win.mit.edu allows single sign-on to multiple resources. Cross realm logon using Kerberos V5 takes place when the user authenticates. No need to create a separate user space for Citrix accounts users logon with their MIT Kerberos ID No need to create a separate user space for Citrix accounts users logon with their MIT Kerberos ID IS&T had to make custom modifications to the Citrix environment to support trusted Kerberos logons IS&T had to make custom modifications to the Citrix environment to support trusted Kerberos logons The domain uses roaming user profiles by default, this allows Citrix users to store data in home directories for later use The domain uses roaming user profiles by default, this allows Citrix users to store data in home directories for later use

WIN.MIT.EDU Architecture MIT Kerberos KDC’s WIN.MIT.EDU DC’s Data Warehouse Moira Populator MITnet DNS QueryData Feed

Roaming user profiles Win.mit.edu is migrating to native Windows storage Win.mit.edu is migrating to native Windows storage Citrix Farm \\win.mit.edu\dfs\profiles The user will see drive H: mapped to their home directory

ICA Client for Macintosh Client drive mappings Client drive mappings –Menu in the client shows which local resources are mapped to the windows environment, Floppy, CD-ROM, HD Windows UI for file transfer Windows UI for file transfer –In the Citrix session the explorer UI in the open and save boxes can be used to transfer files between client and server drives Printer mapping Printer mapping –Local printer is mapped for the user, other printers are also available

Client Drives The drive menu will display which local disk resources can be mapped remotely

Using the explorer UI Copy and Paste may be used within the Open and Save navigation windows Files can be moved between the Macintosh HD and the remote storage

Citrix Printing Client will default to mapped local printer, local KLPR print queues are available Client will default to mapped local printer, local KLPR print queues are available Future directions for Citrix printing – SAMBA will replace KLPR queues in win.mit.edu Future directions for Citrix printing – SAMBA will replace KLPR queues in win.mit.edu The next version of Citrix will have more advanced printer driver support The next version of Citrix will have more advanced printer driver support

Published Applications Adonis Adonis –A database application setup on the Citrix server at the request of Resource Development. Resource development is a primarily Mac environment and they depend upon the Citrix environment to allow them to use this application. Brio Query Brio Query –The Brio Query application is made available through citrix at the request of the MIT Data Warehouse team. Oracle failed to make available a viable Oracle client for Mac OSX and as a result IS&T was unable to have a viable Brio Query solution for the Macintosh. Making this application available via citrix allows Macintosh users on campus access to the Brio Query application from their Mac. Graduate Admissions Graduate Admissions –The Graduate Admissions application is a Windows only application that utilizes a custom solution for authenticating to the mainframe. The application is made available via citrix to support their Macintosh user community.

Published Applications (2) MDL Crossfire Commander V6 MDL Crossfire Commander V6 SciFinder SciFinder –These applications are made available through citrix at the request of the MIT Libraries. The applications require a fairly complex installation, and using Citrix allows their clients to access the services provided via these applications, without having to go through a complex an error prone software installation process.

Published Applications (3) MIT Coeus MIT Coeus MITID MITID –This application is made available via citrix at the request of the MITid team in order to support client access to the MITid service. The MITid service does have a web client, but the web client lacks the functionality offered by the Windows only desktop client. MITSIS via Host Explorer MITSIS via Host Explorer –This application is made available via citrix at the request of SSIT, in order to support their Macintosh user community. This application is used to connect to the mainframe securely, and there does not exist a suitable alternative application on the Macintosh.

Published Applications (4) Microsoft Project 2003 Microsoft Project 2003 Microsoft Visio 2003 Microsoft Visio 2003 –These applications are made available via citrix to support collaboration on large IS&T projects whose participants are using a diverse set of platforms. Roles Roles –This application is made available via citrix at the request of the roles maintainers in order to support their Macintosh client community. SumMIT SumMIT –This Windows only application is made available at the request of the Controllers Accounting Office in order to support their Macintosh clients.

Published Applications (5) ARCGIS ARCGIS –ArcCatalog –ArcMap –ArcToolbox ArcinfoWorkstation: ArcinfoWorkstation: –Arc –ArcEdit –ArcTools –ArcPlot –Formedit The GIS applications are made available in order to support incoming students off- campus completing GIS training workshops prior to their arrival on MIT's campus.

Published Applications (6) SAP SAP – SAP Production – SAP Production Batch – SAP Logon – SAP Development – SAP Education & Practice – SAP HR-Payroll Testing1 – SAP HR-Payroll Testing2 – SAP Pre-Staging – SAP Prototyping – SAP Staging – SAP Testing & QA – SAP Training The SAP application is made available at the request of the Controllers Accounting Office in order to support the IXOS application for viewing invoices on the Macintosh. Without support for the Macintosh CAO would not have been able to retire the previous process of using paper for these transactions.

Questions