Remote Access Using Citrix Presentation Server December 6, 2006 Matthew Granger IT665

Methods of Remote Access  Virtual Network Computing (VNC  Microsoft Terminal Services  Citrix Presentation Server

Virtual Network Computing  Open Source Desktop Sharing Solution  Uses RFB Protocol (Remote FrameBuffer)  Server side and Client Side Software  Software available for multiple OS platforms  Not a Secure Platform  Typically run on TCP ports 5900 to 5906

Microsoft Terminal Services  Remote Desktop Protocol (RDP)  Provides remote access to the full desktop only  Based on T.120 family of protocols T.120  As a server, can provide for single desktop or multi-session applications  Typically run on TCP port 3389

Microsoft Terminal Services (cont.)  Requires separate licensing  Integrated to all version of the Windows Server software  Client software shipped as component of all 32 bit Microsoft Desktop OS  Other OS client software available

Citrix History  Originally broke off from IBM and their OS/2 development in 1989  Partnered with Microsoft to create Microsoft Windows 3.51 Terminal Services Edition  With Microsoft Windows NT Server 4.0 split the product into its own third party entity  December 2003, aquired Expertcity (GoToMyPC)

Citrix Implementation  Requires Microsoft Terminal Services to be running and fully licensed  Software provides a timeshared multi-user environment for UNIX and Windows Servers  Operates it’s own proprietary protocol known as Independent Computing Architecture Protocol (ICA)  Recent versions operate on TCP port 2598 with “session reliability” (reconnects automatically after disconnect)

Citrix Implementation (cont.)  Requires little bandwidth (10 kb to 20 kb per session)  Client operates as a “Thin Client” to the Server. All processing takes place Server- side  Capable of operating over the Internet via “Citrix Secure Gateway”  Capable of utilizing Secure Socket Layer (SSL) communication

Citrix Secure Gateway

Citrix Secure Gateway (cont.)   Citrix MetaFrame Presentation Server Access:   1. The client utilizes the Web Interface for MetaFrame Presentation Server or the Citrix ICA client to initiate a launch of an Internet browser published application   2. The Secure Gateway for MetaFrame Presentation Server processes this request and establishes a connection to the MetaFrame Presentation Servers, both Unix and Windows supported. Please note that the ICA traffic back through the WAN is not illustrated separately. The Secure Gateway allows the user to connect securely using SSL or TSL.

Citrix Secure Gateway (cont.)   3. When the published browser makes a request of the browser application, this is routed through the internal network only, from the browser session running on the MetaFrame Presentation Servers to the internal (or external) web servers   4. When a server-side processing request is made, the web server may hand off the request the business application servers   5. The business application servers will access the database layer/servers as required   6. Internal clients, both terminals and workstations, can access applications seamlessly and quickly without the additional IT cost of deploying and maintaining applications to the local desktops

ICA is not HTTP (ICA/SSL is not HTTPS)

Benefits of Citrix over Terminal Services Alone  Ability to publish a single application instead of a full desktop  Lightweight protocol (very fast performance)  Wide variety of management tools  More robust printing facilities  Multi-Server Load balancing  Web Interface with SSL

Problems with Citrix  Very Expensive (additional cost over and above Terminal Server licensing)  New release of Windows will replace 90% of Citrix functionality (supposedly)  Best run on dedicated servers (additional hardware required)