null  null
Client for Java Administrator’s Guide
For other guides in this document set, go to the Document Center
MetaFrame® Presentation Server Client For Java, Version 9.x
Citrix® MetaFrame® Presentation Server 4.0
Citrix® MetaFrame® Access Suite
Use of the product documented in this guide is subject to your prior acceptance of the End User
License Agreement.A printable copy of the End User License Agreement is included on your
product CD-ROM.
Information in this document is subject to change without notice. Companies, names, and data used
in examples herein are fictitious unless otherwise noted. Other than printing one copy for personal
use, no part of this document may be reproduced or transmitted in any form or by any means,
electronic or mechanical, for any purpose, without the express written permission of Citrix Systems,
Inc.
© 1994-2005 Citrix Systems, Inc. All rights reserved.
Citrix, Independent Computing Architecture (ICA), and MetaFrame are registered trademarks and
SpeedScreen is a trademark of Citrix Systems, Inc. in the U.S.A. and other countries.
© 1997-1998 Sun Microsystems, Inc. All Rights Reserved.
Java and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. in the United
States and other countries.
Microsoft, MS, Windows, Windows 2000, Windows ME, Windows 98, Internet Explorer, Windows
NT, Windows XP, and Windows Sever 2003 are either registered trademarks or trademarks of
Microsoft Corporation in the United States and/or other countries.
UNIX is a registered trademark of The Open Group in the U.S.A. and other countries.
Linux is a registered trademark of Linus Torvalds.
Apple, Mac, Macintosh, Mac OS X, and MRJ are trademarks of Apple Computer, Inc., registered in
the U.S. and other countries.
Netscape is a registered trademark of Netscape Communications Corporation in the U.S. and other
countries.
SOCKS5 is a registered trademark of NEC Corporation.
Kerberos is a trademark of the Massachusetts Institute of Technology
Last updated: December 13, 2004 12:01 pm (ADM)
Go to Document Center
Contents 3
Contents
Chapter 1
Before You Begin
How to Use this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Accessing Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Chapter 2
Introduction to the Client for Java
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
New Features in this Release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Java 2 Standard Edition, Version 1.4.x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
SSL Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Kerberos Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
NTLM Proxy Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Session Reliability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Mac OS X Japanese Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
User Interface Improvements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
ICA Browsing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Introduction to the Client for Java . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Seamless Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Terminal Services Client Access License Improvements . . . . . . . . . . . . . . . . . 14
Client for Java Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Java Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Chapter 3
Deploying the Client for Java
Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Unpacking the Client for Java . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Getting Started with the Sample HTML Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Editing desktop.html. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Editing seamless1.html . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Using Signed Java Applets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Deployment Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
4
Client for Java Administrator’s Guide
Chapter 4
Go to Document Center
Configuring the Client for Java
Initial Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Starting the Client for Java in a Specific Language. . . . . . . . . . . . . . . . . . . . . . 29
Configuring Network Protocol and Server Location . . . . . . . . . . . . . . . . . . . . . 30
Changing the Client Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Passing Parameters to Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
User Interface Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Window Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Status Bar and Settings Button . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Session Reliability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Auto-Reconnect and Session Termination. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Keyboard and Mouse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Hotkeys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Client Device Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Client Drive Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Client Printer Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Auto-Detected Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Manually Configured Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Universal Print Driver Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Client Audio Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Integrating the Client with Security Solutions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Connecting Through a Proxy Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Integrating the Client with the Secure Gateway for MetaFrame Presentation
Server or SSL Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Using ICA Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Using Kerberos Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Advanced Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Precedence of Configuration Locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Copying Client Drive Mapping Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 65
Changing the List of Printer Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Files on the Client Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Go to Document Center
Chapter 5
Contents 5
Improving the Performance of the Client for Java
Session Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Data Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Bitmap Caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Queuing Mouse Movements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Using SpeedScreen Latency Reduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Using SpeedScreen Browser Acceleration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Improving Performance over a Low-Bandwidth Connection. . . . . . . . . . . . . . . . . 70
Chapter 6
Limitations of the Client for Java
Linux and Solaris . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Loss of Keyboard Focus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Clipboard Support on X11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Mac OS X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Windows. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Internet Explorer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Internet Explorer Security Settings on Windows Server 2003 . . . . . . . . . . . . . 75
Miscellaneous . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Client Drive Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Mouse Pointer Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
NTLM Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Seamless Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Server Names with non-ASCII Characters . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Universal Print Driver and PCL4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Japanese-Specific Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Typing Japanese Characters in Shadowing Sessions. . . . . . . . . . . . . . . . . . . . . 78
Typing the Long Vowel Sound Symbol (—) in Kana Input Mode. . . . . . . . . . 78
Typing Japanese Characters in Applications Using the Client IME . . . . . . . . . 78
Web Interface on Windows Unicode Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Client-Side IME Input Mode on Mac OS X . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
The IME Toolbar Is Inaccessible After Minimizing . . . . . . . . . . . . . . . . . . . . . 79
Typing Characters After Reconnecting Using the Client IME . . . . . . . . . . . . . 79
Hotkey Support for Japanese Keyboards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Reporting Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
6
Client for Java Administrator’s Guide
Appendix A
Go to Document Center
Parameters and File Descriptions for the Client for Java . . . . . . . . . . . .83
Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
General Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
User Interface Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Client Audio Mapping Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Client Printer Mapping Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Client Drive Mapping Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Performance Tuning Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Security Integration Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
ICAPrinterDrivers.txt File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Supported Keyboard Layouts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Go to Document Center
CHAPTER 1
Before You Begin
This guide is for system administrators responsible for installing, configuring, and
maintaining the MetaFrame Presentation Server Client for Java. This guide
assumes knowledge of:
•
The server to which the clients connect
•
The operating system on the client device
•
Java-enabled Web browsers, HTML, and JavaScript
•
Installation, operation, and maintenance of network and printing systems
•
Web server configuration
How to Use this Guide
To get the most out of this guide, review the table of contents to familiarize yourself
with the topics discussed:
Chapter
Contents
Chapter 2, “Introduction to the
Client for Java”
Gives a list of features and system requirements.
Chapter 3, “Deploying the Client for
Java”
Describes how to deploy the client.
Chapter 4, “Configuring the Client
for Java”
Describes how to start and configure connections to
servers.
Chapter 5, “Improving the
Performance of the Client for Java”
Provides advice about how to improve performance after
initial configuration.
Chapter 6, “Limitations of the Client
for Java”
Describes known issues with the client and how to work
around them.
Appendix A, “Client for Java
Parameters and File Descriptions”
Provides a complete listing of all the applet parameters as
well as details of other files referred to in the guide.
8
Client for Java Administrator’s Guide
Go to Document Center
The Client for Java readme file contains last minute updates, corrections to the
documentation, and known issues. The readme is included in the client package See
“Unpacking the Client for Java” on page 18.
Accessing Documentation
This administrator’s guide is part of the MetaFrame Presentation Server
documentation set. The documentation set includes online guides that correspond to
different features of MetaFrame Presentation Server. Online documentation is
provided as Adobe Portable Document Format (PDF) files.
Use the Document Center to access the complete set of online guides. The
Document Center provides a single point of access to the documentation that
enables you to go straight to the section of documentation that you need. The
Document Center includes:
•
A list of common tasks and a link to each item of documentation.
•
A search function that covers all the PDF guides. This is useful when you need
to consult a number of different guides.
•
Cross-references between documents. You can move between documents as
often as you need using the links to other guides and the links to the Document
Center.
Important To view, search, and print the PDF documentation, you need to have the
Adobe Acrobat Reader 5.0.5 with Search or a later version with Search. You can
download Adobe Acrobat Reader for free from Adobe Systems’ Web site at
http://www.adobe.com/.
If you prefer to access the guides without using the Document Center, navigate to
the component PDF files using Windows Explorer. If you prefer to use printed
documentation, print each guide from Adobe Acrobat Reader.
For more information about Citrix documentation, and details about how to obtain
additional information and support, see the guide Getting Started with MetaFrame
Presentation Server.
Go to Document Center
CHAPTER 2
Introduction to the Client for Java
Overview
The Client for Java is a Java applet that provides access to applications running on a
server farm from any computer device with a standard Web browser. The applet is a
download-and-run, zero-install client, optimized for use in Web environments
where it is not possible or desirable to install software on the client device.
New Features in this Release
The following list outlines all the new features in this release:
Java 2 Standard Edition, Version 1.4.x
The Client for Java requires Java 2 Standard Edition (J2SE), Version 1.4.x and
1.5.x.
The Microsoft Java Virtual Machine (JVM) is no longer supported. Note that within
a deployment comprising Web Interface, the Version 8 client is deployed for use
with the Microsoft JVM.
SSL Support
Secure Sockets Layer (SSL) support, provided by the Java Secure Socket Extension
(JSSE), is embedded in J2SE 1.4.x and 1.5.x. Therefore, fewer packages are
downloaded to the client device for SSL support. The cryptojN.jar library is no
longer required and the sslN.jar library is reduced from 187KB to 28KB.
CRL Checking. Certificate Revocation List (CRL) checking is supported. When
connecting to a server running MetaFrame Presentation Server using SSL or TLS,
and CRL checking is enabled, the client checks whether or not the server’s
certificate is revoked. This feature improves the cryptographic authentication and
overall security of the connection to the server running MetaFrame Presentation
Server.
10
Client for Java Administrator’s Guide
Go to Document Center
Kerberos Authentication
Kerberos authentication is supported when the client is running on Windows 2000
or Windows XP, with the necessary trust relationship between client and server
Active Directory domains.
MetaFrame Presentation Server extends the use of Kerberos. Users can log on to
the client device with any authentication method, for example, using a smart card,
and access published resources without further authentication. The user’s password
is not transmitted to MetaFrame Presentation Server—instead, authentication
tokens are exchanged.
This authentication exchange is performed within an ICA virtual channel and does
not require any additional protocols or ports.
You can configure Kerberos-enabled UNIX and Microsoft Windows domains to
allow users working on UNIX client devices to access MetaFrame Presentation
Server using their UNIX Kerberos credentials.
For further information, see “Using Kerberos Authentication” on page 61.
NTLM Proxy Authentication
Windows NT LAN Manager (NTLM) proxy authentication is supported when the
client is configured to access MetaFrame Presentation Server through a proxy
server. The client must be running on Windows and connecting through a proxy
server that supports NTLM (such as Microsoft Internet Security & Acceleration
Server).
Session Reliability
Session reliability enables sessions to remain open and on screen when network
connectivity is interrupted, therefore allowing client users to view the application
while the network connection is restored. This feature is useful for mobile users
with wireless connections. To enable session reliability, see “Session Reliability” on
page 35.
Mac OS X Japanese Support
The client is now supported on Japanese Mac OS X.
Go to Document Center
Chapter 2 Introduction to the Client for Java
11
User Interface Improvements
The user interface has been updated with the following improvements:
Connection Center. The Connection Center is more compact and includes a
notification area, similar to the notification area (also referred to as the system tray)
on computers running Windows. The Connections and Settings dialog boxes are
available from the Connection Center.
Look and feel. The user interface includes various enhancements such as status bar
updates to provide users with more information.
Performance
A number of performance enhancements are implemented in this release including:
•
Graphics, improved responsiveness
•
Audio improvements
•
Client drive mapping improvements
•
Line drawing improvements with MetaFrame Presentation Server for UNIX
ICA Browsing
ICA browsing is applicable when deploying the client without the Web Interface.
Support for ICA browsing is no longer provided in the core archive; it is provided
as a separate archive (JICA-browserN.jar).
12
Client for Java Administrator’s Guide
Go to Document Center
Introduction to the Client for Java
The Client for Java is a signed Java applet that allows users to connect to
MetaFrame Presentation Server computers.
The client has the following advantages:
•
No client installation. You do not need to install any software on any client
device. Users require only a Java-compatible Web browser. Setup is transparent
and automatic.
•
Minimal download size. At the most basic level of functionality, the applet is
approximately 517KB in size, providing a faster download than any other client.
•
Platform-independent. The Client for Java runs on any client device running a
Web browser with the J2SE environment 1.4.x or greater.
The applet resides on a Web server and is deployed using an HTML page with an
<applet> tag. Users run the client by opening the HTML page using a browser that
has Java support. When the page opens, the Java applet is automatically
downloaded to the client device. The applet then runs and connects to the server or
published application specified in the <applet> tag.
Unlike the ActiveX, Netscape plug-in, or Win32 Web Clients, which are
downloaded once and then saved for future use by client systems, the applet is not
stored permanently by the client system. However, Java environments provide a
separate cache for Java applets, which you configure in the plug-in control panel.
Seamless Support
Seamless support is provided as an option on the client. It has three main aspects:
•
Seamless windows
•
Session sharing
•
Connection Center, a tool that enables users to manipulate both seamless and
non-seamless ICA connections
To provide seamless support on the client, Citrix recommends deploying the client
through the Web Interface, because this provides the most effective interface for the
features provided. You can deploy the client using the sample HTML pages
provided with the client package, but this requires more work on your part.
Note Seamless desktops are not supported.
Go to Document Center
Chapter 2 Introduction to the Client for Java
13
Seamless Windows
Seamless windows means that each remote application appears in a separate
resizable window on the client desktop. Users can resize the application window,
minimize it, and copy and paste text between published applications and
applications running locally on the client device. Copy/paste also works for nontext objects when used between applications sharing an ICA session.
Note Seamless windows are supported on Mac OS X Version 10.3 (Panther).
However, if the Java Client is configured for seamless mode and run on earlier
versions of Mac OS X platforms, a non-seamless session is launched.
Dynamic Session Reconfiguration
For seamless windows, the client detects and requests the server to update the
underlying session size when the local desktop size changes. The client cannot
detect changes to the local color depth.
Session Sharing
Session sharing allows seamless application launches to share a single connection
rather than creating a new connection for each application. This reduces the system
overhead and therefore improves response times for users who have several
applications open at the same time. Applications launched in existing sessions also
launch more quickly, because a new connection and associated resources do not
need to be created.
Connection Center
The Connection Center includes a notification area and the Connections and
Settings options.
The notification area is similar to the notification area (also referred to as the system
tray) on computers running Windows. Notification icons appear in the notification
area for certain published applications. These icons provide information and access
to application settings.
The Connections and Settings options launch separate dialog boxes.
14
Client for Java Administrator’s Guide
Go to Document Center
The Connections dialog box allows users to:
•
Disconnect a session
•
Switch between full screen and seamless mode
•
View properties such as the ICA encryption setting and the user name
•
Log off a server session
•
Close a published application
The Settings dialog box allows users to:
•
Configure client settings such as general settings, printer and drive mapping,
firewall settings, bitmap cache options, and hotkey configuration
Terminal Services Client Access License Improvements
For Windows 2000 Server, Microsoft supports Terminal Services Client Access
License (TS CAL) equivalency. This means that connecting to a Windows 2000
Server from a Windows 2000 (or later) client platform should not consume a TS
CAL. This is now supported when the Client for Java runs on a Windows 2000 (or
later) client system connecting to MetaFrame Presentation Server.
TS CAL equivalency is not supported on Microsoft Windows Server 2003.
Note that Windows XP Home edition does consume a TS CAL.
Note TS CAL equivalency can cause Java problems on Microsoft Windows XP
client devices. The parameter ‘SupportTSEquivalencyOnWinXP’ specifies whether
or not TS CAL equivalency is used on Microsoft Windows XP client devices. The
parameter is set to off by default.
Go to Document Center
Chapter 2 Introduction to the Client for Java
15
Client for Java Requirements
To run the Client for Java, the client system must have the following:
•
A Web browser with Java 2, Standard Edition Version 1.4.x or 1.5.x, configured
to accept signed Java applets. For more information about signed applets, see
“Using Signed Java Applets” on page 25.
•
Network access to the Web server that stores the client files.
Java Environments
A large number of Java-enabled environments are available, and their functionality
varies from platform to platform. To validate proper functionality of the Client for
Java, Citrix selects a representative group of platforms for testing.
For English and other European languages, the client has been tested with:
•
Internet Explorer 6.x on Windows 98, Windows Me, Windows NT 4.0
Workstation, Windows 2000 Professional, Windows XP Professional and Home
editions, and Windows Server 2003, with the Sun JRE 1.4.x and 1.5.0
•
Safari 1.x with Apple JVM 1.4.1 and 1.4.2 on Mac OS X 10.x
•
Mozilla 1.x and Firefox 0.9x on Solaris SPARC 9
•
Mozilla 1.x and Firefox 0.9x on Suse Linux 9.x
For Japanese, the client has been tested with:
•
Internet Explorer 6.x on Japanese Windows NT 4.0, Windows 2000, and
Windows XP
•
Safari 1.x with Apple JVM 1.4.2 (software update 2) on Japanese
Mac OS X 10.3
•
Mozilla 1.x with Sun JVM 1.4.2_05 on Japanese Solaris SPARC 9
For details of any known limitations of particular platforms or browsers, see
Chapter 6, and consult the Readme file for any late-breaking issues.
16
Client for Java Administrator’s Guide
Go to Document Center
Go to Document Center
CHAPTER 3
Deploying the Client for Java
This chapter describes a basic deployment of the applet, followed by details of how
to customize the applet and how to specify parameters. A typical example of how
you might deploy the client is also provided.
Note If deploying the client using the Web Interface, you can configure the client
deployment options using the Access Suite Console.
Before You Begin
To deploy the client, you need:
•
A copy of the client package. You can download the package from the Citrix
Web site or copy it in decompressed form from the Components CD. Citrix
recommends that you obtain the latest version of the client from the Web site.
On the Web site, the client package is available in two formats:
•
.zip, primarily for Windows systems.
• .tar.gz, primarily for UNIX systems.
Both have identical contents.
•
A means of decompressing and unpacking the .zip or .tar.gz package, if you
download this from the Web site. If you are copying files from the Components
CD you do not need to decompress them.
•
Administrator access to a Web server.
18
Client for Java Administrator’s Guide
Go to Document Center
Unpacking the Client for Java
This section describes the contents of the client package.
To unpack the client
1. Copy the client package to a suitable location on the Web server. For Microsoft
IIS servers, copy the package to a folder in the Web root directory (typically
C:\inetpub\wwwroot). For UNIX systems, consult the Web server
documentation.
Note If you downloaded the compressed package from the Web site, extract
the program files from the .zip or .tar.gz package to the same folder, using a
suitable decompression utility.
A number of files are created on the Web server. The *N.jar files are signed Java
archives that make up the applet. They are compatible with:
•
Netscape 6.x/7.x, Mozilla 1.x, and other browsers using a J2SE environment
•
Internet Explorer on Windows platforms with Java plug-in 1.4.x or 1.5.x. The
Java plug-in is available from http://www.ava.com
There are a number of different components:
Essential
Use one of the following components.
Archive File
Approximate Size
Description
JICAEngN.jar
853KB
Complete archive. Contains the contents of all
of the other archives apart from cryptojN.jar and
sslN.jar, which must be included if required.
JICA-coreN.jar
518KB
Core archive. Provides only a basic connection.
You add functionality by using it in conjunction
with the other component archives described
below.
Go to Document Center
Chapter 3 Deploying the Client for Java
Security
Use these components in conjunction with JICAEngN.jar or JICA-coreN.jar, as
required.
Archive File
Approximate Size
Description
sslN.jar
28KB
SSL component. Adds SSL and TLS encryption
support.
cryptojN.jar
168KB
Encryption component required for ICA
encryption.
This is not needed for SSL and TLS encryption
support.
Optional
Use these components in conjunction with JICA-coreN.jar, as required. They are
included in JICAEngN.jar.
Archive File
Approximate Size
Description
JICA-audioN.jar
8KB
Audio component. Adds client audio mapping.
JICA-browseN.jar
26KB
ICA browsing component. Adds support for ICA
browsing and is applicable when deploying the
client without the Web Interface.
JICA-cdmN.jar
25KB
CDM component. Adds client drive mapping.
JICA-clipboardN.jar
10KB
Clipboard component. Adds client clipboard
mapping.
JICA-configN.jar
77KB
User configuration component. Adds support for
the status bar, buttons, and the ICA Settings
dialog box.
JICA-printerN.jar
70KB
Printer component. Adds client printer mapping.
JICA-seamlessN.jar
81KB
Seamless and Connection Center components.
Adds support for seamless windows and the
Connection Center.
JICA-sicaN.jar
17KB
ICA encryption component. Adds ICA
encryption support.
JICA-zlcN.jar
96KB
SpeedScreen latency reduction component.
Adds support for local text echo and mouse
feedback.
19
20
Client for Java Administrator’s Guide
Go to Document Center
Getting Started with the Sample HTML Files
This section describes how to use the sample HTML pages supplied in the package
to create an HTML page that specifies the correct archives for the user’s browser.
Each sample HTML page is described, together with instructions for customizing
the page. To use seamless windows and the Connection Center, read the
instructions about how to edit seamless1.html, but also keep the desktop.html
instructions close for reference. If you do not want to use this functionality, read the
instructions for editing desktop.html. For information about the benefits of seamless
support and the Connection Center, see “Seamless Support” on page 12.
To access the Connection Center, session sharing, and seamless windows
functionality, Citrix strongly recommends that you use the Web Interface, which
automates the steps that you otherwise need to implement yourself.
Seven sample HTML files are supplied in the client package (in the ‘examples’
directory):
•
index.html. This page contains links to and descriptions of the six launching
pages:
•
desktop.html, application.html, and autoproxy.html. If you do not want
to implement seamless windows and the Connection Center, use these
pages.
•
seamless1.html, seamless2.html, and seamless3.html. To implement
seamless windows and the Connection Center, use these pages.
•
desktop.html. This page launches a desktop session to a server. To make a
connection with this page, specify an address for the server.
•
application.html. This page launches a connection, with 128-bit ICA
encryption enabled, to a published application. Specify the name of the
published application and the name of a server to use for server location.
•
autoproxy.html. This page launches a connection to a published application
through a proxy server, using proxy auto detection. Specify the name of the
published application and the name of a server to use for the server location. For
more information about the server location, see “Configuring Network Protocol
and Server Location” on page 30.
•
seamless1.html, seamless2.html, and seamless3.html. These pages start
remote applications using the Connection Center and seamless windows. The
only difference between the three files is that they each start a different
application. The applications are launched using an existing ICA session when
possible. When session sharing is not possible, a new ICA session is created.
You specify the name of a published application and the name of a server to use
for the server location.
Go to Document Center
Chapter 3 Deploying the Client for Java
21
Editing desktop.html
Desktop.html contains the following <applet> tag:
<applet name="javaclient"
codebase="../"
code="com.citrix.JICA"
archive="JICA-coreN.jar,JICA-configN.jar"
width="640"
height="480">
<param name="Address" value="plateau">
<param name="End" value="end.html">
</applet>
The <applet> tag is used to configure the client. Some parameters are specified
inside the <applet> tag as follows:
•
Applet name. This is an optional, unique name for the applet. Use this name to
refer to the applet when writing scripts. In desktop.html, the applet name
javaclient is used by a script that displays a warning message if the user tries to
close the Web browser window when an ICA session is running. It is also
needed for proxy auto configuration (PAC) file support.
•
Codebase. The path from the HTML page to the client archives. Change this
path if it is not correct for your deployment.
•
Code. The name of the class file that is executed. For the client without the
Connection Center, this is always com.citrix.JICA.
•
Archive. Specify signed archives here. Separate multiple archives with
commas.
Note If you want users to be able to, for example, map drives and printers,
specify the necessary archives here.
•
Width. The width of the applet, in pixels.
•
Height. The height of the applet, in pixels.
All other parameters are specified using <param> tags, located between the
<applet> and </applet> tags. Use the <param> tags in the form:
<param name="parametername" value="valuename">
where parametername is the name of the parameter you are specifying and
valuename is the value you are defining.
22
Client for Java Administrator’s Guide
Go to Document Center
To customize and use desktop.html
1. Open desktop.html in a plain text editor and find the <applet> tag section:
<applet name="javaclient"
codebase="../"
code="com.citrix.JICA"
archive="JICA-coreN.jar,JICA-configN.jar"
width="640"
height="480">
<param name="Address" value="plateau">
<param name="End" value="end.html">
</applet>
This is the section that launches the client.
2. Change the Address value to the address of a server on your local network.
3. Change the relative path specified for the codebase if it is not correct for your
deployment.
4. Publish the sample HTML pages using your Web server. See the Web server
documentation for more information about how to do this.
5. On the client device, open a Web browser and open the URL for the sample
HTML pages. The index.html page opens.
6. Click the Minimal Desktop link. The applet appears.
7. To connect to the server, click Connect or Click to connect. To configure the
client using the ICA Settings dialog box, click Settings.
You can edit application.html and autoproxy.html in the same way. The additional
parameters used in these examples are described in Chapter 4.
To change the warning message displayed when a user tries to close an active
ICA session
If you try to close the Web browser window when using an ICA session created with
one of the example Web pages, a warning message appears. The message is defined
in this section of the HTML page:
function onBeforeUnload() {
var connected = document.javaclientname.isConnected();
if (connected) {
alerted = true;
return "Closing this window will disconnect your ICA session";
}
}
where javaclientname is the name of the applet.
To change the message displayed, edit the text in the HTML page.
Go to Document Center
Chapter 3 Deploying the Client for Java
23
Editing seamless1.html
Seamless1.html contains the following applet tag:
<applet name="javaclient"
code="com.citrix.ConnectionCenter"
codebase="../"
archive="JICA-coreN.jar,JICA-browseN.jar,JICA-configN.jar,
JICA-seamlessN.jar"
width="330"
height="140">
<param name="Address" value="Notepad">
<param name="InitialProgram" value="#Notepad">
<param name="HTTPBrowserAddress" value="plateau">
<param name="TWIMode" value="on">
</applet>
The applet tag is similar to that used in desktop.html (see “Editing desktop.html” on
page 21), with the following differences:
•
Code. The name of the class file that is executed. For the client with the
Connection Center, this is always com.citrix.ConnectionCenter.
•
Archive. The JICA-seamless archive is required for the Connection Center and
seamless windows.
•
Width and height. These are set to 330 and 140 pixels respectively, which are
appropriate dimensions for the Connection Center user interface.
•
TWIMode. This parameter enables seamless windows. Seamless windows are
required for session sharing. If you use the Connection Center without seamless
windows, there is no session sharing, in other words each application is
launched in a separate ICA connection and you gain no reduction in system
resource overhead.
You can customize the sample HTML files and specify additional HTML files to
launch your own published applications. If you have many applications, it may be
easier to provide users with HTML links that all reference a server-side script that
generates the <applet> tag as needed, based on the selected link.
24
Client for Java Administrator’s Guide
Go to Document Center
To customize and use seamless1.html
1. Open seamless1.html in a plain text editor and find the <applet> tag section:
<applet name="javaclient"
code="com.citrix.ConnectionCenter"
codebase="../"
archive="JICA-coreN.jar,JICA-browseN.jar,JICA-configN.jar,
JICA-seamlessN.jar"
width="330"
height="140">
<param name="Address" value="Notepad">
<param name="InitialProgram" value="#Notepad">
<param name="HTTPBrowserAddress" value="plateau">
<param name="TWIMode" value="on">
</applet>
This is the section that launches the client.
2. Change the value of the Address parameter to the name of the published
application to which you want to connect.
3. Change the value of the InitialProgram parameter to the application name
specified in Address, preceded by a # symbol. For example, if the published
application is called Word, use the following parameters:
<param name="Address" value="Word">
<param name="InitialProgram" value="#Word">
4. Change the relative path specified for the codebase if it is not correct for your
deployment.
5. Change the value of the HTTPBrowserAddress parameter to the address of the
server used for HTTP browsing.
6. Publish the sample HTML pages using your Web server. See your Web server
documentation for more information about how to do this.
7. On the client device, open a Web browser and open the URL for the sample
HTML pages. The index.html page opens.
8. Click the Launch seamless application 1 link. The first time in each Web
browser session that you select a seamless link, the Connection Center applet
starts up, launches an ICA connection to the specified application, and displays
it in a separate window.
9. If you select another seamless link while this session is open, the Connection
Center applet starts up again; however, this new applet is displayed as a
progress indicator rather than a duplicate Connection Center, and it closes itself
when the new application opens. In this way the launching and management of
all applications is centralized by the initial Connection Center instance, which
performs session sharing when possible.
Go to Document Center
Chapter 3 Deploying the Client for Java
25
Select Connections to view the Connections dialog box. Double-clicking a
window node on the Connections tree brings that window to the front. If the
window is minimized, double-clicking the node has no effect.
Right-clicking a window node displays the application’s System menu.
Closing the Connection Center window disconnects all connected sessions, after
prompting the user for confirmation.
Using Signed Java Applets
Due to security restrictions imposed by Java, many Java environments do not
permit users to connect to other computers on the network when using Java applets.
When a Java applet attempts to make a connection to the server specified in the
HTML page, the Java security manager detects the attempt to connect to another
computer and cancels the operation. The result of this security restriction is that,
under normal conditions, a client system can connect to a server only if the server is
also the same device as the Web server that contains the applet class files.
To overcome this restriction, the client uses signed archives. The signature confirms
that the files being downloaded came from Citrix and have not been altered since
the signature was applied. You must ensure that users’ Web browsers are
configured to accept signed Java applets.
When attempting a connection to the server, the user is prompted with the Citrix
signed certificate. When the user accepts the signature, the connection is permitted.
26
Client for Java Administrator’s Guide
Go to Document Center
Deployment Example
In the following example, you want to make the desktop for a server called buster
available to users. Buster is a server that runs Microsoft IIS and MetaFrame
Presentation Server. You want the users to be able to use the drives on their client
devices during ICA sessions, and to be able to print to local or network printers.
1. You go to the Citrix Web site and download JICAComponents.zip to
C:\inetpub\wwwroot on buster.
2. You extract the files to C:\inetpub\wwwroot.
3. You open desktop.html in the examples folder using Notepad, then make and
save the following changes:
•
To specify the correct server, you change the value of the Address parameter
as follows:
<param name="Address" value="buster">
•
To enable users to map client drives and printers, you add JICA-cdmN.jar
and JICA-printerN.jar to the Archive attribute, so that it reads as follows:
archive="JICA-coreN.jar,JICA-configN.jar,JICA-cdmN.jar,
JICA-printerN.jar"
4. You verify that the users’ Web browsers are configured to accept signed Java
applets.
5. You publish desktop.html using the IIS Manager tool, and tell the users the
URL of the page (http://buster/desktop.html).
Go to Document Center
CHAPTER 4
Configuring the Client for Java
The client can be configured using:
•
An HTML page, as described in this chapter.
•
The ICA Settings dialog box.
If a feature can be configured by the user through the ICA Settings dialog box,
this is made clear in the relevant section of this chapter. To display the ICA
Settings dialog box, click the Settings button. In seamless mode, the Settings
button is on the Connection Center. If the client is not in seamless mode, the
Settings button is on the status bar. To get help on the tasks you can carry out
using the dialog box, click Help.
You can prevent users from configuring their own settings by removing the
Settings button or the status bar, as described in “Status Bar and Settings
Button” on page 34.
•
The Web Interface.
The Web Interface automatically generates the necessary Web pages to launch
the client. See the Web Interface Administrator’s Guide for details about how to
use the Web Interface to configure the client.
Note You can only configure drive mapping through the ICA Settings dialog
box.You cannot configure client drive mapping on an HTML page or through the
Web Interface because this is a violation of the client’s security.
Topics covered in this chapter include:
•
Initial configuration
•
Specifying the language for the user interface
•
Configuring network protocol and the server location
•
Changing the client name
•
Passing parameters to published applications
28
Client for Java Administrator’s Guide
•
•
•
•
Go to Document Center
User interface configuration
•
Setting the number of colors used in the ICA session window
•
Showing or hiding the status bar and Settings button
•
Specifying whether or not to enable session reliability
•
Controlling client behavior at the start and end of sessions
•
Specifying what type of keyboard to use
•
Configuring hotkeys
Client device mapping
•
Client drive mapping
•
Client printer mapping
•
Client audio mapping
Integrating the client with security solutions
•
Proxy servers
•
The Secure Gateway for MetaFrame Presentation Server and SSL Relay
•
Firewalls
•
ICA encryption
•
Kerberos authentication
Advanced configuration options
Go to Document Center
Chapter 4 Configuring the Client for Java
29
Initial Configuration
Starting the Client for Java in a Specific Language
The client allows you to specify which language is used to display the user
interface. By default, a session uses the language specified for the client device to
display the user interface. If you specify a language code that is not recognized or
not supported, English is used.
To set the client language
Specify the following parameter in the HTML page:
<param name="Language" value="yourlanguage">
where yourlanguage is the two letter abbreviation for the language you want to use.
The standard two letter abbreviations are as follows:
English
en
French
fr
German
de
Spanish
es
Japanese
ja
For example, to use Japanese as the language on a non-Japanese device when
connecting to the server named CitrixServer, create an applet tag like the following:
<applet code="com.citrix.JICA"
archive="JICAEngN.jar"
width="1024" height="768">
<param name="Address" value="CitrixServer">
<param name="Language" value="ja">
</applet>
If you use languages other than English, ensure that your Web server sends HTML
files with the correct Content-Type and Charset to avoid possible corruption of the
applet parameter strings. Configuration details depend on the server software in use.
When troubleshooting suspected problems with parameter string encoding, it can
be useful to copy the strings outside the applet tag and check that they display
correctly in the Web browser.
30
Client for Java Administrator’s Guide
Go to Document Center
Configuring Network Protocol and Server Location
This section explains how to:
•
Set the network protocol used by the client
•
Control the way in which the client locates servers
•
Configure a list of servers for business recovery
Setting the Network Protocol
The network protocol setting allows you to control the way the client searches for
servers and how it communicates with them.
The protocols are:
•
TCP/IP + HTTP - The client uses the HTTP protocol to search for servers. The
client communicates with the server using ICA protocol over TCP/IP. This is
the default protocol.
•
SSL/TLS + HTTPS - The client uses the HTTPS protocol to search for a list of
servers. The client communicates with the server using the SSL or TLS
protocols. These protocols are described in detail in “Integrating the Client with
the Secure Gateway for MetaFrame Presentation Server or SSL Relay” on page
54.
To change the network protocol to SSL/TLS+HTTPS
Add the following parameter to the HTML page:
<param name= "SSLEnable" value="on">
Server Location
Server location (also called server browsing) is the mechanism by which a client
discovers an appropriate server to host a given application. Depending on the server
configuration, this can involve taking load balancing into account so that the user’s
application is run on the least loaded server.
The default browser server address is ica. You must set specific server addresses for
MetaFrame Presentation Server computers unless your networking environment is
configured with a DNS record for ica. The client uses the HTTP or HTTPS protocol
respectively to contact the servers.
Go to Document Center
Chapter 4 Configuring the Client for Java
31
Example
In the following example, the HTTPBrowserAddress parameter is specified to be
the server Wizard. This browser server is responsible for locating an appropriate
server to run the published application Notepad.
<html>
<body>
<applet code="com.citrix.JICA"
archive="JICAEngN.jar"
width="640" height="480">
<param name="HTTPBrowserAddress" value="Wizard">
<param name="Address" value="Notepad">
<param name="InitialProgram" value="#Notepad">
</applet>
</body>
</html>
Note If you are using the JICA-coreN.jar archive, you must specify the
JICA-browserN.jar archive to enable server browsing.
Business Recovery
Business recovery provides consistent connections to published applications in the
event of a browser server disruption. You can define up to three groups of servers to
which you want to connect: a primary and two backups. Each group can contain
from one to five servers.
To specify a business recovery server group
Use the following parameters to specify server groups:
•
HTTPBrowserAddress, HTTPBrowserAddress2 to
HTTPBrowserAddress5: Specify the primary group of servers
•
HTTPBrowserAddress6 to HTTPBrowserAddress10: Specify the first
backup group of servers
•
HTTPBrowserAddress11 to HTTPBrowserAddress15: Specify the second
backup group of servers
Fill in any unused server addresses with five dashes (-----). These dashes are
required to fill in any gaps in the list but are not required at the end of the list.
32
Client for Java Administrator’s Guide
Go to Document Center
Example
In the following example, the primary group of servers contains Arthur, Morgana,
and Merlin. The first backup group contains the servers Excalibur and Stone. There
is no secondary backup group.
<html>
<body>
<applet code="com.citrix.JICA"
archive="JICAEngN.jar"
width="640" height="480">
<param name="HTTPBrowserAddress" value="Arthur">
<param name="HTTPBrowserAddress2" value="Morgana">
<param name="HTTPBrowserAddress3" value="Merlin">
<param name="HTTPBrowserAddress4" value="-----">
<param name="HTTPBrowserAddress5" value="-----">
<param name="HTTPBrowserAddress6" value="Excalibur">
<param name="HTTPBrowserAddress7" value="Stone">
</applet>
</body>
</html>
Changing the Client Name
The client name is used to identify the client to the server, and is also used to name
printers. See “Client Printer Mapping” on page 44 for more information about
printers. You may need to change the client name if you are trying to access
resources shared with another client with the same name.
By default, the client uses the value for the client device’s host name (if it exists and
is not set to localhost) as the client name reported to the server. If the client cannot
use the client device’s host name, it uses AnonJava as the client name. The client
name sent to the server is always truncated to 20 characters.
You can change the client name on the HTML page or by using the ICA Settings
dialog box.
To change the client name
To change the client name, add two parameters on the HTML page:
<param name="client.wfclient.UseHostname" value="off">
<param name="client.wfclient.Clientname" value="yourclient">
where yourclient is the client name you want to use.
Go to Document Center
Chapter 4 Configuring the Client for Java
33
Passing Parameters to Applications
When connecting to a published application, you specify the application name
using the InitialProgram parameter on the HTML page. For example, to connect to
an application called Notepad, specify the following parameters:
<param name="Address" value="Notepad">
<param name="InitialProgram" value="#Notepad">
You can also specify a command-line parameter that the server will pass to a
published application when it runs that application. For example, if you provide a
file name parameter to Notepad, Notepad will start up with that file loaded.
The parameters that an application will honor are built into the application and do
not have to be file names.
To pass a parameter to an application
Specify the following parameters on the HTML page:
<param name="Address" value="application">
<param name="InitialProgram" value="#application">
<param name="Param" value="parameter">
where application is the name of the published application and parameter is the
parameter. You can specify a maximum value length of 256 characters for these
parameters. For example, to open a file called M:\new.txt in Notepad, specify the
following parameters:
<param name="Address" value="Notepad">
<param name="InitialProgram" value="#Notepad">
<param name="Param" value="M:\new.txt">
Note For parameter passing to work, you must configure the published
application to receive parameters by appending %* to the published application's
command line. For example:
notepad %*
Full details of how to publish applications and set up commands are in the
documentation included in the MetaFrame Presentation Server package.
File name parameters are interpreted by the remote application relative to the
server’s file system. If you want to pass a client-side file to a remote published
application, you must use client drive mapping (see “Client Drive Mapping” on
page 43).
34
Client for Java Administrator’s Guide
Go to Document Center
User Interface Configuration
Window Properties
You set the dimensions of the applet panel in which ICA sessions run using the
Width and Height attributes of the <applet> tag, as described in “Editing
desktop.html” on page 21. You can also specify the size of the remote session by
using the DesiredHRes and DesiredVRes parameters. If you do not specify these
last two parameters, the remote session fits into the applet area available when any
border and status bar are added.
The number of colors used in the session window is defined with a parameter on the
HTML page.
To set the number of colors used for the ICA session window
Specify the following parameter in the HTML page:
<param name="DesiredColor" value="2|4|8">
where 2 specifies 256 colors, 4 specifies thousands of colors, and 8 specifies
millions of colors. You cannot configure the client to use only 16 colors but it can
display applications published in 16 color mode; these are run in 256 colors.
Status Bar and Settings Button
The status bar displays status information about the client. When the user clicks the
Settings button, the ICA Settings dialog box appears.
You can display or hide the status bar and Settings button using parameters on the
HTML page. Both are displayed by default; however, if you do not want users to
make configuration changes, you may hide the Settings button. If you decide that
maximum screen real estate is a priority, you may hide the status bar.
When the client is in seamless mode, the status bar is not visible and the user
accesses the Settings dialog box from the Connection Center.
To hide the status bar
Specify the following parameter on the HTML page:
<param name="ShowStatusBar” value="no">
Go to Document Center
Chapter 4 Configuring the Client for Java
35
To hide the Settings button
Specify the following parameter on the HTML page:
<param name="ShowSettingsButton" value="no">
Note To display the Settings button and status bar when using the component
archives, you must include the JICA-config archive. This functionality is included
in the complete archive.
Session Reliability
Session Reliability enables sessions to remain open and on the screen when
network connectivity is interrupted, therefore allowing client users to view the
application until the network connection is restored. This feature is especially
useful for mobile users with wireless connections.
For session reliability and SSL support through Secure Gateway, Secure Gateway
Version 3 is required.
To enable session reliability
Specify the following parameter on the HTML page:
<param name="CGPAddress" value="hostname:port">
Rather than specifying the hostname, type an asterisk (*) to use the Address
parameter value as the host (session reliability server).
The port value is optional. If you do not specify a port value the default 2598 is
used. If a connection on port 2598 fails, the client tries to establish a standard (non
session reliability) connection on port 1494.
36
Client for Java Administrator’s Guide
Go to Document Center
Auto-Reconnect and Session Termination
Note The information in this section does not apply if you are using the
Connection Center. Sessions always start automatically and, if the network
connection is lost, an attempt is always made to reconnect.
You can control how the client behaves when starting or ending a session by
specifying parameters on the HTML page.
You can configure the client to connect when the user clicks the startup splash
screen, or to connect automatically, as the HTML page displays. You can also
change what happens when a session ends, either as a result of the user terminating
it or because there is a problem.
To change the client startup
Specify the following parameter on the HTML page:
<param name="Start" value="Manual|Auto">
If you set this parameter to Manual (the default), the user must click to connect to a
server. If you set it to Auto, the message Connecting to server appears as the
HTML page is displayed and the user is automatically connected to the server.
To change what happens when a session ends
Specify the following parameter on the HTML page:
<param name="End" value="Manual|Auto|Terminate|URL">
where:
•
Manual - displays the startup splash screen when the session ends, and the
message Click to reconnect. To reconnect, the user clicks anywhere on the
splash screen.
•
Auto - displays the Reconnecting dialog box when the session ends for any
reason. The number in the dialog box counts down to 0 and the client
reconnects.
•
Terminate - displays either Connection Terminated or Connection Error
when the session ends, depending on whether the user chose to end the session
or whether there is a problem that caused the session to end.
•
URL - displays the splash screen and redirects in two seconds to the specified
URL. You can specify the URL of any Web page.
The HTML examples supplied with the client include the End parameter. The value
specified is a URL to a page called end.html. The applet tag section of each of the
examples has this parameter:
<param name="End" value="end.html">
Go to Document Center
Chapter 4 Configuring the Client for Java
37
When you end the session, the client redirects to end.html, which contains a script
to close the browser window. You can edit end.html to display anything you want.
To change the time-out period for automatic reconnection
The default time-out period is five seconds. To change the period, specify the
following parameter in the HTML page:
<param name="ReconnectDelay" value="delay">
where delay is the delay in seconds. Specifying this parameter does not affect the
delay before connection to an HTML page if you specified a URL for the End
parameter.
Note If the Start and End parameters are both set to Auto, the startup splash screen
is displayed and you must click on it to connect.
Keyboard and Mouse
The client lets you specify what type of keyboard to use in ICA sessions. By
default, if you do not specify a keyboard preference, the session uses the default
keyboard for the user’s MetaFrame Presentation Server computer.
You can specify the keyboard type on the HTML page or the user can do it using
the ICA Settings dialog box.
The client supports the use of any keyboard supported by the server to which the
user is connecting.
To specify a keyboard other than the server’s default
Specify the following parameter on the HTML page:
<param name="user.wfclient.keyboardlayout" value="layout">
where layout is a value from the server’s list of supported keyboards. A list of the
supported keyboards is provided in “Supported Keyboard Layouts” on page 92.
For example, to specify a Danish keyboard, create an HTML page like the
following:
<html>
<body>
<applet code="com.citrix.JICA"
archive="JICAEngN.jar"
width="640" height="480">
<param name="Address" value="CitrixServer">
<param name="user.wfclient.keyboardlayout" value="Danish">
</applet>
</body>
</html>
38
Client for Java Administrator’s Guide
Go to Document Center
The client supports the following keyboard types to distinguish between subtypes
of the Japanese keyboard layout:
"(Default)"
"IBM PC/XT or compatible keyboard"
"101 Keyboard (Japanese)"
"106 Keyboard (Japanese)"
"NEC PC-9800 on PC98-NX (Japanese)"
"NEC PC-9800 on PC98-NX 2 (Japanese)"
"NEC PC-9800 Windows 95 and 98 (Japanese)"
"NEC PC-9800 Windows NT (Japanese)"
"Japanese Keyboard for 106 (Japanese)"
"DEC LK411-JJ Keyboard (Japanese)"
"DEC LK411-AJ Keyboard (Japanese)"
Note If you are using a 109 key Japanese keyboard, specify the keyboard type as
106 Keyboard (Japanese).
To specify a Japanese keyboard type
Specify the following parameter on the HTML page:
<param name="user.wfclient.keyboardtype"
value="101 Keyboard (Japanese) | 106 Keyboard (Japanese)">
For example, to specify a Japanese 106 key keyboard, create an HTML page like
the following:
<html>
<body>
<applet code="com.citrix.JICA"
archive="JICAEngN.jar"
width="640" height="480">
<param name="Address" value="CitrixServer">
<param name="user.wfclient.keyboardtype"
value="106 Keyboard (Japanese)">
</applet>
</body>
</html>
Go to Document Center
Chapter 4 Configuring the Client for Java
39
Japanese IME Support
The client provides a choice of options for using a Japanese Input Method Editor
(IME). Users can configure these options using the ICA Settings dialog box.
Alternatively, you can set the keyboard layout parameter in the applet tag: this
overrides the users’ settings.
You can choose between using a client-side IME or a server-side IME.
The benefit of using a client-side IME is that users can choose their preferred IME
that they have installed on the client device, and also that they do not have to deal
with one IME for local applications and another potentially different IME with a
different dictionary for server-side applications. When using a client-side IME, the
user does not compose the text in place (that is, at the insertion point where the user
types), but in a separate composition window.
The benefit of using a server-side IME is that the user composes the text in place.
To use a client-side IME for connections to servers running Windows Server
2003
Specify the following parameter on the HTML page:
<param name="user.wfclient.keyboardlayout"
value="Japanese (client IME only)">
To use a client-side IME for connections to servers running Windows 2000
Server
Note This section does not apply to servers running Windows 2000 with Service
Pack 4. If you have installed Service Pack 4, you can type Japanese characters into
the logon dialog box using a client-side IME.
When connecting to MetaFrame Presentation Server on Windows 2000 Server with
Service Pack 3 or earlier, users cannot use a client-side IME to type Japanese
characters into the session logon dialog box. If they want to use a client-side IME
but they also need to type Japanese characters in the logon dialog box, specify the
following parameter on the HTML page:
<param name="user.wfclient.keyboardlayout"
value="Japanese (client and server IME)">
This allows users to use the server-side IME to type credentials in the logon dialog
box. After they log on to the session, they should turn off the server-side IME and
use the client-side IME.
40
Client for Java Administrator’s Guide
Go to Document Center
When the server-side IME is used to type logon credentials with this keyboard
layout, if the server-side IME is in Kana mode, Shift+0 does not generate the “wo”
character. There are three workarounds for this problem:
•
Use the “Japanese (server IME only)” option as described in the following
section
•
Use Roman-input mode instead of Kana input mode
•
Enter the “wo” character using the drawing interface provided by the IME pad
When using the Web Interface, select between “Japanese (client IME only)” and
“Japanese (server IME only).” Do not select the keyboard layout “Japanese
(client and server IME),” because users provide credentials using the Web
Interface and do not need to manually log on to the session.
To use a server-side IME
Specify the following parameter on the HTML page:
<param name="user.wfclient.keyboardlayout"
value="Japanese (server IME only)">
Alternatively, select “(Server Default)” for the keyboard layout and connect to a
server with a Japanese keyboard layout with IME configured as the default
keyboard layout.
Using Applications that Require a 3-Button Mouse
In the Client for Java, the middle button of a 3-button mouse can be emulated by
clicking both buttons of a 2-button mouse at the same time.
Hotkeys
Hotkeys are used to control the behavior of the client and as substitutes for the
standard Windows hotkeys. For example, to display the Windows Security Desktop
on a Windows computer, press CTRL+ALT+DEL. If you are running the client on a
Windows computer and are working in a MetaFrame Presentation Server session,
this key combination opens the Security Desktop on the local device. Hotkey
functionality allows you to map common key combinations like CTRL+ALT+DEL
to a key combination such as CTRL+F1 that is ignored by your local operating
system. When you press this new combination, the client sends CTRL+ALT+DEL
to the server, displaying the Windows Security Desktop in your session.
You can specify hotkeys on the HTML page or the user can do it by using the ICA
Settings dialog box.
Go to Document Center
Chapter 4 Configuring the Client for Java
Client hotkeys use a pair of keys. The first is a modifier key and the second is a
character. The following hotkeys are available:
Hotkey
(Default
Mapping)
Description
Hotkey2
(Shift+F3)
Close Remote Application. The Close Remote Application hotkey disconnects
applications opened in an ICA session. If no programs are open, the session is
disconnected after the user is prompted for confirmation.
Hotkey3
(Shift+F2)
When the client is running in seamless mode, this hotkey toggles between
seamless mode and windowed mode. When the client is not in seamless
mode, this hotkey is used when a reconnected session is larger than the applet
panel; it toggles between embedding the session inside the applet panel with
scroll bars and displaying it in a separate window.
When the client is running in full screen mode, this hotkey toggles the title bar
on and off.
Hotkey4
(CTRL+F1)
Substitute for the standard Windows hotkey CTRL+ALT+DEL. The
CTRL+ALT+DEL hotkey displays the Windows Security Desktop in the ICA
session.
Hotkey5
(CTRL+F2)
Substitute for the standard Windows hotkey CTRL+ESC. On MetaFrame
Presentation Server computers, the remote Windows Start menu appears.
Hotkey6
(ALT+F2)
Substitute for the standard Windows hotkey ALT+ESC. This hotkey brings the
focus to maximized and minimized windows of programs that are open in an
ICA session, in the order that they were opened.
Hotkey7
(ALT+PLUS)
Substitute for the standard Windows hotkey ALT+TAB. This hotkey cycles
through applications that are open in the ICA session. A popup box appears
and displays the programs as you cycle through them. The chosen application
receives keyboard and mouse focus.
Hotkey8
(ALT+MINUS)
Substitute for the standard Windows hotkey ALT+Shift+TAB. Like the ALT+TAB
hotkey, this key sequence cycles through applications that are open in the ICA
session but in the opposite direction. The chosen application receives
keyboard and mouse focus.
Hotkey9
(CTRL+F3)
Substitute for the standard Windows hotkey CTRL+Shift+ESC. This hotkey
displays the Task Manager.
Hotkey10
(CTRL+F5)
Toggle SpeedScreen latency reduction. This hotkey toggles mouse click
feedback and local text echo on and off.
Hotkey 11
(ALT+*)
This hotkey displays the ICA Settings dialog box.
41
42
Client for Java Administrator’s Guide
Go to Document Center
To change the hotkey sequence from the default
For each hotkey, specify two parameters on the HTML page: one for the shift state
and a second for the character state, as follows:
<param name="user.wfclient.hotkey*shift" value="shiftstate">
<param name="user.wfclient.hotkey*char" value="character">
where star (*) is the hotkey number; shiftstate is ctrl, shift, alt, or (none); and
character can be any of the following:
F1 through F12, tab, star, plus, minus, escape, (none)
Specifying (none) for the character disables the hotkey.
The following example describes how to map the Close Remote Application hotkey
to the key sequence CTRL+F1 and the ALT+TAB hotkey key sequence to
Shift+TAB.
<html>
<body>
<applet code=com.citrix.JICA
archive="JICAEngN.jar"
width=640 height=480>
<param name="Address" value="CitrixServer">
<param name="user.wfclient.hotkey2shift" value="ctrl">
<param name="user.wfclient.hotkey2char" value="f1">
<param name="user.wfclient.hotkey7shift" value="shift">
<param name="user.wfclient.hotkey7char" value="tab">
</applet>
</body>
</html>
Note There may be conflicts between the default or user-defined client hotkeys
and those pre-configured on Mac OS X and UNIX platforms. See your platform
documentation for further information.
Go to Document Center
Chapter 4 Configuring the Client for Java
43
Client Device Mapping
The client supports client device mapping for connections to servers. Client device
mapping allows a remote application running on the server to access printers and
disk drives attached to the local client machine. The applications and system
resources appear to the user at the client machine as if they are running locally.
Ensure that client device mapping is supported on your server before using these
features.
This section includes more information about:
•
Client drive mapping
•
Client printer mapping
•
Client audio mapping
Client Drive Mapping
Client drive mapping can make any specified directory on the client machine,
including CD-ROMs, available to the user during ICA sessions. When a server is
configured to allow client drive mapping, users can access their locally stored files,
work with them during their ICA sessions, and then save them again either on a
local drive or on a drive on the server.
The user’s home directory is automatically mapped to drive H at the start of a
session. Users can configure drive mapping using the Settings dialog box Client
Drive Mapping tab.
When drive mapping is configured, the client attempts to use it for all connections.
If the server does not support drive mapping, or if the Java environment is
configured not to allow access to local drives, drive mapping is not available.
Note When drive mapping is enabled and the client first accesses a mapped drive,
a dialog box appears on the client device. The dialog box informs the user that the
client is attempting to access a mapped drive and the user must click Yes to allow
the client to access the drive. This message appears the first time the client attempts
to access a drive within a session.
Drive mapping can be configured only by the user through the ICA Settings dialog
box.You cannot configure client drive mapping on an HTML page or through the
Web Interface because this is a violation of the client’s security.
To make client drive mapping available to users when using the core archives, you
must include the JICA-cdm archive. If you do not, the Drive Mapping tab does not
appear in the ICA Settings dialog box.
44
Client for Java Administrator’s Guide
Go to Document Center
Configure client drive mapping by making the ICA Settings dialog box available to
users the first time they log on and instructing them to configure drive mapping.
The ICA Settings dialog box is described in the online help. See “Copying Client
Drive Mapping Configuration” on page 65 for information about how to copy client
drive mapping configuration to multiple users.
Using Mapped Drives
Once configured, mapped drives are transparent and appear the same as other
network drives on the server. However, due to the way Java accesses file systems,
mapped drives cannot:
•
Lock files. Applications sometimes lock the files that are in use to prevent other
applications from accessing them at the same time and possibly corrupting
them. However, the client cannot lock local files. To prevent file corruption,
warn users not to access the same file with two or more applications at the same
time.
•
Use file attributes. Attributes cannot be set on files on a mapped drive.
•
Set date and time. The date and time stamps are not set on files created or
edited on mapped drives.
•
Report drive capacity and usage. Users must use the operating system of their
local machine to determine the capacity of mapped drives.
Client Printer Mapping
Printers are auto-detected (see “Auto-Detected Printers” on page 45).
To make client printer mapping available to users, specify the JICA-printer archive
in the <applet > tag or use the full archive. If you do not, the Printer Mapping
functionality is not available and the relevant tab does not appear in the ICA
Settings dialog box.
Note Printers are not auto-detected on Mac OS X platforms. You can configure
printers manually using the ICA Settings dialog box (described in the online help).
This is the easiest way to do it. Alternatively, you can configure printers using:
•
The HTML page (described in “Manually Configured Printers” on page 45).
•
The Printer Management node on the Presentation Server Console. This tool is
described in the MetaFrame Presentation Server Administrator’s Guide.
Go to Document Center
Chapter 4 Configuring the Client for Java
45
Auto-Detected Printers
The client automatically detects all printers available to the client device, including
USB printers, and makes them available to the session.
Note Mac OS X provides a J2SE 1.4.x environment but does not provide the Java
Print Service API, so printers are not auto-detected.
For PostScript-capable printers, a generic Postscript driver is configured on the
server, and the resulting PostScript output is sent directly to the printer.
For non-PostScript printers, the Universal Print Driver (UPD) is configured which
encapsulates print jobs in Printer Control Language 4 (PCL4) format. A clientbased interpreter renders the print job using the client device’s local print driver and
printing services.
To modify printer settings, users select the Printer Mapping tab on the ICA
Settings dialog box. If a print job requires color or advanced printing options such
as duplex printing, users should configure an appropriate native driver. If they
configure both a native driver and a UPD driver, the server uses the native driver if
it is available; otherwise, it uses the UPD driver.
Users cannot delete auto-detected printers unless the Java environment detects that
they are no longer available.
Manually Configured Printers
When you configure printers manually, as described below, users find those printers
mapped to their sessions and ready for use when they log on. When they log off,
their printer mappings are deleted from the server. The printers are automatically
mapped again the next time they log on.
Note You cannot configure USB printers manually.
46
Client for Java Administrator’s Guide
Go to Document Center
To configure printers manually
Specify the printer name, the port name, and the driver, using the following
parameters in the HTML page:
<param name="user.localclientprinters" value="printername">
<param name="user.printername.port" value="portname">
<param name="user.printername.driver" value="drivername">
where:
•
printername - Can be any name by which you want to identify the printer.
•
portname - Specifies a file name, port name, or printer IP address (or network
name and print queue).
Note When mapping printers attached to a Macintosh you can specify only a
file name, not a port name or printer IP address.
When printing to a file, the output file is composed of printer machine code.
This file can be sent to a printer using a platform-specific utility. For example,
use a command prompt on Windows platforms to send the file to a printer by
copying the file to a printer port.
When printing to a port, specify the port. A typical port on Windows is LPT1.
On Linux or UNIX systems, the port is similar to /dev/lp0. Check your
operating system documentation for more information.
When printing to a network printer, specify the printer’s IP address or network
name and print queue (ipaddress:printqueuename or
networkname:printqueuename).
•
drivername - Specify the printer driver. This name is case-sensitive and must
exactly match the driver name on the server. To check the driver list on servers
running MetaFrame Presentation Server:
1. Double-click My Computer.
2. Double-click Printers, then double-click Add Printer.
3. In the Add Printer wizard, be sure My Computer is selected. Click Next.
4. Select a port, such as LPT1. Click Next.
The list under Printers contains the printer driver names.
Go to Document Center
Chapter 4 Configuring the Client for Java
47
You can also make a printer the default printer for a session by specifying the
following parameter:
<param name="user.printername.comment" value="WFCDefault">
where printername is the name of the printer. If the server is set to connect only to
the user’s default printer, this sets the manually configured printer to be the default
printer.
Note The server must have the correct printer driver installed, as specified either
in the ICA Settings dialog box or on the HTML page using the Driver parameter. If
the correct driver is not installed, the printer is not configured. In this case, you must
install the correct printer driver on the server.
You can change the list of drivers that appears in the ICA Settings dialog box by
editing the ICAPrinterDrivers.txt file. See “Changing the List of Printer Drivers” on
page 65.
Examples: Manually Configuring Individual Printers
The following example demonstrates configuring a printer by specifying
parameters on the HTML page. This HTML page is suitable for use only with a
Windows client system. In this example, the printer’s name is LocalPrinter1. It is
connected to the client’s LPT1 port and has a driver named HP LaserJet .
<html>
<body>
<applet code="com.citrix.JICA"
archive="JICAEngN.jar"
width="640" height="480">
<param name="Address" value="CitrixServer">
<param name="user.localclientprinters" value="LocalPrinter1">
<param name="user.LocalPrinter1.port" value="lpt1:">
<param name="user.LocalPrinter1.driver" value="HP LaserJet">
</applet>
</body>
</html>
In the following example, the printer’s name is NetPrinter1 and has a driver named
HP LaserJet. The printer is a network printer that exists on a network print server
with an IP address of 192.168.1.24 and a print queue named FLOOR2_LJ.
48
Client for Java Administrator’s Guide
Go to Document Center
The port name of a network printer can be either the printer’s IP address and print
queue, or its network name and print queue.
<html>
<body>
<applet code="com.citrix.JICA"
archive="JICAEngN.jar"
width="640" height="480">
<param name="Address" value="CitrixServer">
<param name="user.localclientprinters" value="NetPrinter1">
<param name="user.NetPrinter1.port" value="192.168.1.24:FLOOR2_LJ">
<param name="user.NetPrinter1.driver" value="HP LaserJet">
</applet>
</body>
</html>
Example: Manually Configuring Multiple Printers
The following example shows how you would configure both printers from the
previous two examples. Note how the two printer names, LocalPrinter1 and
NetPrinter1, are both specified in the user.localclientprinters parameter.
<html>
<body>
<applet code="com.citrix.JICA"
archive="JICAEngN.jar"
width="640" height="480">
<param name="Address" value="CitrixServer">
<param name="user.localclientprinters"
value="LocalPrinter1,NetPrinter1">
<param name="user.LocalPrinter1.port" value="lpt1:">
<param name="user.LocalPrinter1.driver" value="HP LaserJet">
<param name="user.NetPrinter1.port"
value="192.168.1.24:FLOOR2_LJ">
<param name="user.NetPrinter1.driver"
value="HP LaserJet 400 Series PS">
</applet>
</body>
</html>
Go to Document Center
Chapter 4 Configuring the Client for Java
49
Universal Print Driver Support
The Universal Print Driver (UPD) is a standard Windows print driver that
encapsulates print jobs in Printer Control Language 4 (PCL4) format. A clientbased interpreter renders the print job using the client device’s local print driver and
printing services. The UPD generates smaller print jobs, which can significantly
improve performance when printing over WAN or dial-up connections. Using UPD
also increases security on the server because the number of drivers used is
restricted.
The Client for Java supports only UPD1 (UPD2 and UPD3 support printing in color
and at higher resolutions).
Client Audio Mapping
Client audio mapping enables applications running on the server to play sounds
through a sound device installed on the client computer. To make client audio
mapping available to users, you must enable it using a parameter on the HTML
page.
Important Starting the client while an audio application is running on your
desktop can disable audio mapping. Do not run audio applications while starting the
client.
To make client audio mapping available to users, specify the JICA-audio archive in
the <applet > tag or use the full archive. If you do not, the Audio Mapping
functionality is not available.
To enable client audio mapping
Add the following parameter to the HTML page:
<param name="ClientAudio" value="on">
You control the amount of bandwidth used by client audio mapping by configuring
the ICA settings on the server, as described in Chapter 7 of the MetaFrame
Presentation Server Administrator’s Guide.
Note If the server is set to use Low quality audio, client audio mapping for the
client is disabled.
50
Client for Java Administrator’s Guide
Go to Document Center
Integrating the Client with Security Solutions
You can integrate the client with a range of security technologies, including proxy
servers, firewalls, and SSL/TLS based systems. This section describes:
•
Making a connection through a SOCKS proxy server or Secure proxy server
(also known as Security proxy server, HTTPS proxy server, or SSL tunneling
proxy server)
•
Integrating the client with the Secure Gateway for MetaFrame or SSL Relay
solutions with Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
protocols
•
Connecting to a server across a firewall using alternate addressing
•
Using ICA encryption to help protect data on local networks
For full details of the security technologies listed above and advice on security
planning, see the MetaFrame Presentation Server Administrator’s Guide.
Connecting Through a Proxy Server
Proxy servers are used to limit access into and out of your network, and to handle
connections between clients and servers. The Client for Java supports both SOCKS
and Secure proxy protocols.
Configure the client to work with a proxy server by specifying parameters on the
HTML page, through the ICA Settings dialog box, or through the Web Interface.
This section describes how to specify a proxy server on the HTML page.
Performing this task using the ICA Settings dialog box is described in the online
help. Configuring the client through the Web Interface is described in the Web
Interface Administrator’s Guide.
Some proxy servers require authentication when a connection is requested. Specify
a proxy logon name and password on the HTML page when configuring the client.
If authentication is required and you do not specify the details on the HTML page,
users are prompted to enter the proxy logon name and password when they open an
ICA connection.
Note The client supports Basic proxy authentication and NTLM proxy
authentication (see “NTLM Proxy Authentication” on page 51) when connecting to
a Secure proxy, and user name/password authentication when connecting to a
SOCKS proxy. Proxy authentication therefore does not work with proxy servers
configured to use other authentication schemes such as Kerberos and Digest.
Go to Document Center
Chapter 4 Configuring the Client for Java
51
Microsoft ISA Server
If your deployment includes a Microsoft ISA Server note that, by default, Microsoft
ISA Server forbids client connections to MetaFrame Presentation Server on ports
1494 and 2598. Modify the Microsoft ISA Server settings as detailed in the Citrix
Knowledge Base article: Configuring Microsoft ISA Server to Allow Outbound
ICA Connections (CTX104998).
NTLM Proxy Authentication
NTLM proxy authentication is supported when the client is configured to access
MetaFrame Presentation Server through a proxy server. The client must be running
on Windows, connecting through a proxy server that supports NTLM (such as
Microsoft Internet Security & Acceleration Server).
Configuring Proxy Authentication
You can configure the client to use a proxy server in any of the following three
ways:
•
Enabling proxy auto detection
•
Using a proxy auto configuration (PAC) file to automate proxy configuration
•
Manually specifying proxy server details
Enabling Proxy Auto Detection
If you are deploying the client in an organization with many proxy servers, consider
using proxy auto detection. Proxy auto detection obtains proxy details from the
local Web browser settings. It is also useful if you cannot determine which proxy
server will be used when you configure the client. Proxy auto detection can be used
with:
•
Internet Explorer 4.0 or later for Windows using the Sun plug-in
•
Netscape 6.x or later for Windows, UNIX, and Linux
•
Safari 1.x with Apple JVM 1.4.x/1.5x on Mac OS X
•
Other Web browsers that use the Sun plug-in; for example, Mozilla
To automatically detect the proxy server settings used by the Web browser
(proxy auto detection)
Specify the following parameter in the HTML file:
<param name="ProxyType" value="auto">
52
Client for Java Administrator’s Guide
Go to Document Center
Using a PAC File to Automate Proxy Configuration
You can also automate proxy configuration by using a PAC file. A PAC file is a
JavaScript file that is served from a local Web server and used to automatically
configure the proxy settings of Web browsers.
Note that you cannot specify this method of proxy configuration through the ICA
Settings dialog box.
To obtain the proxy server settings from a PAC file
Specify the following parameters in the HTML file:
<param name="ProxyType" value="script">
<param name="ProxyAutoConfigURL"
value="http://webserver.example.com/myproxies.pac">
where http://webserver.example.com/myproxies.pac is the URL for the PAC file.
Manually Specifying Proxy Server Details
If you are manually specifying the proxy server, you need to know its address. You
also need to know its port number if it is not set to 1080 for a SOCKS proxy server
or 8080 for a Secure proxy server.
To specify the proxy server details manually
Note If you are configuring the proxy manually, confirm these details with your
security administrator. ICA connections cannot be made if these details are
incorrect.
Specify the following details using parameters in the HTML file:
•
The address of the proxy server.
•
The port number of the proxy server (if not 1080 for SOCKS or 8080 for Secure
proxy).
•
The protocol of the proxy server: SOCKS proxy or Secure proxy.
•
In the case of a SOCKS proxy, the protocol version number. Alternatively, you
can omit the version number; the client will then try SOCKS Version 5 and fall
back to SOCKS Version 4 if necessary.
•
If the proxy requires authentication and you are supplying it through the HTML
page, the proxy logon name and password.
Go to Document Center
Chapter 4 Configuring the Client for Java
Parameter
Description
ProxyType=none | auto | socks |
socksv4 | socksv5 | secure | script
none - no proxy
auto - use the Web browser’s settings
socks - use SOCKS - automatically detect the version
socksv4 - use SOCKS Version 4
socksv5 - use SOCKS Version 5
secure - Use Secure proxy
script - use a PAC file (specified by
ProxyAutoConfigURL)
ProxyHost=address:port
Address and port (if required) of the proxy server
ProxyUsername
Proxy username
ProxyPassword
Proxy password
ProxyExcludeList=address1;
address2; etc...
A semicolon-separated list of addresses of servers that
the client must connect to directly—not through the
proxy server.
ProxyAutoConfigURL
The URL for the PAC file. Use with the parameter
ProxyType.
For example, to connect to a server named Norbert using a SOCKS proxy server,
Version 5, at the IP address 10.45.1.3 and port 1080, use an HTML page like the
following:
<html>
<body>
<applet code="com.citrix.JICA"
archive="JICAEngN.jar"
width="640" height="480">
<param name="Address" value="Norbert">
<param name="ProxyType" value="socksv5">
<param name="ProxyHost" value="10.45.1.3:1080">
<param name="ProxyUsername" value="dentres">
<param name="ProxyPassword" value="sangle">
</applet>
</body>
</html>
53
54
Client for Java Administrator’s Guide
Go to Document Center
Integrating the Client with the Secure Gateway for
MetaFrame Presentation Server or SSL Relay
You can integrate the client with the Secure Gateway or with an SSL relay service.
The client supports both SSL and TLS protocols:
•
SSL provides strong encryption to increase the privacy of your ICA connections
and certificate-based server authentication to ensure that the server you are
connecting to is a genuine server.
•
TLS is the latest, standardized version of the SSL protocol. The Internet
Engineering Taskforce (IETF) renamed it TLS when they took over
responsibility for the development of SSL as an open standard. TLS secures
data communications by providing server authentication, encryption of the data
stream, and message integrity checks. Because there are only minor technical
differences between SSL Version 3.0 and TLS Version 1.0, the certificates you
use for SSL in your MetaFrame installation also work with TLS. Some
organizations, including US government organizations, require the use of TLS
to secure data communications.
For more information about Secure Gateway, see the Secure Gateway
Administrator’s Guide.
Configuring and Enabling the Client for SSL and TLS
SSL and TLS are configured in the same way, use the same certificates, and are
enabled with the same parameter. You configure SSL and TLS using parameters on
the HTML page or with the Web Interface.
When SSL and TLS are enabled, each time you initiate a connection the client tries
to use TLS first, then tries SSL. If it cannot connect with SSL, the connection fails
and an error message appears. You can force clients to connect only with TLS. See
“To force TLS connections” on page 56.
The comprehensive set of root certificates stored in the Java plug-in keystore is
automatically used. Where the client device is running Microsoft Windows,
Microsoft Internet Explorer, and Java 1.5.x, the client also uses root certificates
stored in the Windows keystore. If your organization has a certification authority
and you need to specify your own root certificates, see “Configuring the Client for
Use with Your Security Solution” on page 55.
This section assumes the relevant server certificate is installed on computers
running MetaFrame Presentation Server or the Secure Gateway server, depending
on your deployment.
Go to Document Center
Chapter 4 Configuring the Client for Java
55
To enable SSL and TLS
1. If you have not already done so, include the sslN.jar archive in the archive
parameter in the applet tag on the HTML page. This archive is not included in
the complete JICAEng archive and you must include it before SSL or TLS
encryption can be used.
2. Configure the Web server so that the HTML page specifying the applet can be
delivered to the Web browser only through an SSL/TLS (https://) connection.
CAUTION Security is seriously compromised if this step is omitted.
3. Enable SSL by adding the following parameter to the HTML page:
<param name="SSLEnable" value="on">
Configuring the Client for Use with Your Security Solution
You must perform further configuration if:
•
You require clients to use TLS only.
•
You are using a Secure Gateway server that is configured to run in relay mode.
If you are not sure what this means, see the Secure Gateway Administrator’s
Guide or contact your security administrator for more information.
•
You are not using the default Cipher Suite. You may need to use the COM or
GOV cipher suites to comply with your organization’s security regulations. If
you are not sure, contact your security administrator.
•
Your organization has its own certification authority. You may need to import
alternative root certificates to comply with your organization’s security
regulations. If you are not sure, contact your security administrator. Before
importing a root certificate, it is important to verify the authenticity of the
certificate.Your organization should have a procedure in place for users to check
the root certificate as they import it.
•
Your organization uses root certificates stored in the Microsoft Windows
keystore. Where the client device is running Microsoft Windows, Microsoft
Internet Explorer, and Java 1.5.x., the client is able to use root certificates stored
in the Windows keystore (in addition to the root certificates in the Java
keystore). Java must be configured accordingly. See “To use your own root
certificates in the Windows Keystore” on page 57.
This section describes how to configure these solutions.
56
Client for Java Administrator’s Guide
Go to Document Center
To force TLS connections
To force clients to connect only with TLS, you must specify TLS on the Secure
Gateway server or SSL relay service. See the Secure Gateway Administrator’s
Guide or SSL relay service documentation for more information.
Specify the following parameter in the HTML page:
<param name="SecureChannelProtocol" value="TLS"
To specify a Secure Gateway server that is configured to run in Relay mode
Add the following parameter to the HTML page:
<param name="SSLProxyHost" value="address:port">
where address is the fully qualified domain name of the Secure Gateway server and
the same domain name specified in the server certificate. If the server port is not
443, specify the port.
To use a different Cipher Suite
Add the following parameter to the HTML page:
<param name="SSLCiphers" value="All|COM|GOV"
where:
Option
Description
All
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
Com
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
Gov
SSL_RSA_WITH_3DES_EDE_CBC_SHA
Using Your Own Root Certificates
In addition to the default root certificates provided by the JRE and/or the Windows
keystore, you can import your own root certificates.
Note To use root certificates stored in the Windows keystore, the client device
must be running Microsoft Windows, Microsoft Internet Explorer, and Java 1.5.x.
Go to Document Center
Chapter 4 Configuring the Client for Java
57
To import your own root certificates using Java Keytool
You can import your own root certificates using the Java keytool utility. The root
certificates you import are stored in the JRE keystore. Use the Java keytool utility to
import certificates for each client device. It is not possible to import certificates
using the Java Control Panel.
For information on how to use the Java keytool utility, refer to the Sun
documentation. Here is a sample command line showing how to use keytool to
import a root certificate:
keytool -import -trustcacerts -alias myrootcert
-file c:\bin\rootcert.cer -keystore
c:\Program Files\Java\j2re1.4.2_01\lib\security\cacerts
where ‘c:\Program Files\Java\j2re1.4.2_01\’ is the JRE directory
The keystore parameter is mandatory.
The default password for the Java keystore is “changeit”. Sun recommends you
change the password for increased security. You can change the password using the
command:
keytool -storepasswd -keystore c:\Program
Files\Java\j2rel.4.2_01\lib\security\cacerts
where ‘c:\Program Files\Java\j2rel.4.2_01\’ is the JRE directory
To use your own root certificates in the Windows Keystore
Where the client device is running Microsoft Windows, Microsoft Internet
Explorer, and Java 1.5.x, the client uses root certificates stored in the Windows
keystore. The client uses these root certificates in addition to root certificates in the
Java keystore.
To allow the client to use root certificates in the Windows keystore, you must
configure Java. Using the Java Control Panel, select the Advanced tab. Within the
Security settings, ensure Use certificates and keys in browser keystore is
selected.
To add your own root certificates to the Windows keystore, double-click the
required certificate file and follow the certificate installation instructions.
Note Root certificates in the Windows keystore are available for use by all
applications, not just the client. If this is not acceptable, disable the Java 'Use
certificates and keys in browser keystore' security option. This ensures the client
uses root certificates in the Java keystore only
58
Client for Java Administrator’s Guide
Go to Document Center
To use certificate key lengths greater than 2048 bits
By default, the maximum key length is limited to 2048 bits. If you require support
for key lengths up to 4096 bits, download the ‘Java Cryptography Extension (JCE)
Unlimited Strength Jurisdiction Policy File’ on each client device. The file can be
downloaded from the relevant site (for example, http://java.sun.com). Without this
file, the maximum key length is limited to 2048 bits.
Certificate Revocation List Checking
When connecting to a MetaFrame Presentation Server using SSL or TLS, with
certificate revocation list checking enabled, the client checks whether or not the
server’s certificate is revoked.
You can enable several levels of certificate revocation list checking using the
“SSLCertificateRevocationCheckPolicy” parameter values:
•
NoCheck - No certificate revocation checking is performed.
•
CheckWithNoNetworkAccess - The local CRL store is checked (default
option).
•
FullAccessCheck - The local CRL store and any CRLs available over a
network are checked.
•
FullAccessCheckAndCRLRequired - The local CRL store and any CRLs
available over a network are checked and verified. The connection fails if a
CRL cannot be found.
The location of the local CRL store is shown below.
Microsoft Windows: %USERPROFILE%\Citrix\crl
UNIX: $HOME/.Citrix/crl
Certificate Chains
The Sun JVM provides two certificate validation engines: SunX509 and SunPKIX.
You select the required validation engine in the java.security file (for example,
C:\Program Files\Java\j2re1.4.2_01\lib\security\java.security) using the
“ssl.TrustManagerFactory.algorithm” parameter:
ssl.TrustManagerFactory.algorithm=[SunX509|PKIX]
where ‘C:\Program Files\Java\j2rel.4.2_01\’ is the JRE directory
The validation engine selection determines the certificate chain length:
•
SunX509 allows certificate chains of up to three certificates
•
PKIX allows certificate chains of up to five certificates
Go to Document Center
Chapter 4 Configuring the Client for Java
59
PKIX is often the choice of validation engine within government deployments.
However, the choice of certificate validation engine is dependent on your
organization’s security policy.
Connecting to a Server Across a Firewall
Network firewalls can allow or block packets based on the destination address and
port. If you are using the client through a network firewall that employs IP address
translation, specify the following parameters:
•
UseAlternateAddress: Use an alternate address across a firewall (specified by
the parameter HTTPBrowserAddress). The values are 0 (default; actual address
is used) and 1 (alternate address is used). If this parameter is set to 1, the
parameter HTTPBrowserAddress must also be specified. Setting this parameter
to 0 is the same as not using the parameter.
You can also enable alternate addressing using the ICA Settings dialog box.
•
HTTPBrowserAddress: The external Internet address of a server.
Note All servers in the farm must be configured with their alternate (external)
address. See the MetaFrame Presentation Server Administrator’s Guide for more
information.
For example, to connect to a server across a firewall in applet mode and use an
alternate address for the server Fountain, create an HTML page like the following:
<html>
<body>
<applet code="com.citrix.JICA"
archive="JICAEngN.jar"
width="640" height="480">
<param name="Address" value="Fountain">
<param name="HTTPBrowserAddress" value="177.17.1.7">
<param name="user.wfclient.UseAlternateAddress" value="1">
</applet>
</body>
</html>
60
Client for Java Administrator’s Guide
Go to Document Center
Using ICA Encryption
The default level for ICA encryption is Basic. To enable ICA encryption levels
higher than Basic:
1. Ensure the server is configured to allow the selected encryption level or higher.
To enable encryption levels higher than Basic, the server must support RC5
encryption.
2. If you are using the core archive, include the cryptoj and JICA-sica archives in
the archive attributes on the HTML page. If you are using a complete JICAEng
archive, include the cryptoj archive.
3. Set the appropriate encryption level, as described below.
To specify ICA encryption
Use the following parameter on an HTML page:
<param name="EncryptionLevel" value="0|1|2|5">
The number you type corresponds to the encryption level required as follows:
Level
Description
0
No encryption (needs server setup; default is Basic).
1
Basic encryption. This is the default.
2
RC5 128-bit encryption during authentication. After the logon process is
successfully completed, the encryption level changes to Basic.
5
RC5 128-bit. This is intended for users who are dealing with sensitive data and
need a high level of privacy and integrity.
To create a connection to a server called CitrixServer using 128-bit ICA encryption,
create an HTML page like the following:
<html>
<body>
<applet code="com.citrix.JICA"
archive="JICA-coreN.jar,cryptojN.jar,JICA-sicaN.jar"
width="640" height="480">
<param name="Address" value="CitrixServer">
<param name="EncryptionLevel" value="5">
</applet>
</body>
</html>
Go to Document Center
Chapter 4 Configuring the Client for Java
61
Using Kerberos Authentication
Kerberos authentication is supported when the Client for Java is running on
Windows 2000 or Windows XP, with the necessary trust relationship between client
and Active Directory server domains.
MetaFrame Presentation Server extends the use of Kerberos. Users can log on to
the client device with any authentication method, for example using a smart card,
and access published resources without further authentication. The user’s password
is not transmitted to servers running MetaFrame Presentation Server — instead,
authentication tokens are exchanged.
This authentication exchange is performed within an ICA virtual channel and does
not require any additional protocols or ports.
System requirements. Kerberos logon requires MetaFrame Presentation Server 3.0
or 4.0, and works only between clients and servers that belong to the same or to
trusted Windows 2000 or Windows 2003 domains. Servers must also be trusted for
delegation, an option you configure through the Active Directory Users and
Computers management tool.
Kerberos authentication is not supported when the client is running on Mac OS X
client devices. For further information, see http://developer.apple.com
(Java: Java on Mac OS X 10.3 Release Notes: Java Security, article 3173133.)
Server requirements:
Important Kerberos support requires XML Service DNS address resolution to be
enabled for the server farm, or reverse DNS resolution to be enabled for the Active
Directory domain.
Kerberos logon is not available in the following circumstances:
•
Connections for which you select any of the following options in Terminal
Services Configuration:
•
On the General tab, the Use standard Windows authentication option
•
On the Logon Settings tab, the Always use the following logon
information option or the Always prompt for password option
•
Connections you route through the Secure Gateway for MetaFrame
Presentation Server
•
If the server running MetaFrame Presentation Server requires smart card logon
•
If the authenticated user account requires a smart card for interactive logon
62
Client for Java Administrator’s Guide
Go to Document Center
Client requirements:
Important The default security settings have changed on recent releases of the
Microsoft Windows operating system, including Windows Server 2003, Windows
2000 Server with Service Pack 4, and Windows XP with Service Pack 2. To ensure
Kerberos functions on these platforms, set the following registry setting on each
client device:
AllowTGTSessionKey = 0x01 (DWORD)
The location of the registry setting differs depending on the operating system. On
Windows XP with Service Pack 2, the setting is stored in:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos
Information is available at www.microsoft.com. For example, the following articles
discuss the AllowTGTSessionKey registry setting: ‘Kerberos protocol registry
entries and KDC configuration keys in Windows Server 2003’ and ‘Kerberos
Authentication Tools and Settings’.
For further information concerning Kerberos support and requirements, see the
MetaFrame Presentation Server Administrator’s Guide.
Configuring Kerberos Authentication
The client, by default, is not configured to use Kerberos authentication when
logging on to the server.
You can configure the client to use Kerberos. With this configuration the user logs
on using Kerberos authentication only. If Kerberos logon fails for any reason, the
user is prompted for credentials. Kerberos can fail due to a missing operating
system requirement, such as the requirement that the server be trusted for
delegation.
To configure the client for Kerberos logon
Use the following parameter to enable Kerberos logon:
<param name="UseLocalUserAndPassword" value="on">
Go to Document Center
Chapter 4 Configuring the Client for Java
63
UNIX Kerberos Authentication
It is possible to configure Kerberos-enabled UNIX and Microsoft Windows
domains to allow users working on UNIX client devices to access MetaFrame
Presentation Server using their UNIX Kerberos credentials.
The client must be configured for Kerberos as detailed above. There are no other
special requirements for the client; however, there are a number of related
prerequisites:
•
Your UNIX and Microsoft Windows domains must be configured to allow
Kerberos authentication across the domains. The requirements and process
differs depending on your UNIX Kerberos installation. See your UNIX
Kerberos documentation and your Windows Kerberos documentation for
information.
•
The following documents related to this topic are available on
www.microsoft.com:
•
The article titled ‘Kerberos Interoperability’
(TechNet: Interoperability and Migration: Kerberos Interoperability)
•
Windows 2000 Kerberos Interoperability white paper (kerbinterop.doc)
(Windows 2000: Technical Resources:
How It Works: Windows 2000 Kerberos Interoperability)
•
Step-by-Step Guide to Kerberos 5 (krb5 1.0) Interoperability
(Windows 2000: Technical Resources: Step-by-Step Guides:
Step-by-Step Guide to Kerberos 5 (krb5 1.0) Interoperability)
•
Within your UNIX Kerberos installation, you may need to specify the relevant
Windows domains (the domains in which the servers running MetaFrame
Presentation Server are located).
64
Client for Java Administrator’s Guide
Go to Document Center
Advanced Configuration
Precedence of Configuration Locations
This section describes the different places parameters can be specified and the
precedence of each place.
The client configuration is stored in three places:
•
The HTML page, stored on a Web server
•
The ICA file, served from a server running the Web Interface or from a standard
Web server
•
The appsrv.ini file, stored on the user’s local device
Most parameters specified on the HTML page take precedence over those specified
in the ICA file. Similarly, parameters specified in the ICA file take precedence over
those in the appsrv.ini file. Note that some parameters can be specified only in the
.ini file.
The location of the appsrv.ini configuration file depends on the client operating
system. The locations for some common operating system are as follows:
Windows:
%USERPROFILE%\Citrix
UNIX and Linux:
$HOME/.citrix
Mac OS X:
<User's home directory>/.citrix
Go to Document Center
Chapter 4 Configuring the Client for Java
65
Copying Client Drive Mapping Configuration
If you are deploying the client to multiple users, you typically use the Web
Interface.
Alternatively, you can configure common settings through the HTML page or the
ICA file. However, client drive mapping settings can be configured only through
the ICA Settings dialog box and are stored only in the appsrv.ini file. They cannot
be configured through the ICA file or the HTML page. You can deploy client drive
mapping settings by configuring client drive mapping on one device and copying
the appsrv.ini file to the correct location on the users’ devices.
Changing the List of Printer Drivers
When you configure printers using the ICA Settings dialog box, you set the driver
by choosing one from a list.
You can change the list of drivers to match the printer drivers that are available on
the server by editing the ICAPrinterDrivers.txt file. This plain text file is included in
the client package and is located in the same directory as the client archives. The
contents of the default file are listed in “ICAPrinterDrivers.txt File” on page 91.
Use a text editor such as Notepad to open the file. Add or remove driver names by
deleting or adding names to the file, one driver name per line. You can add the
driver names in any order.
66
Client for Java Administrator’s Guide
Go to Document Center
Files on the Client Device
Various files are stored on the client device. The files stored on the client device
vary depending on usage and settings but may include the following:
File
Description
appsrv.ini
Stores settings from the Settings user interface.
The exception is the client name. The client name is stored in the wfcname.ini
file.
The location of the appsrv.ini file depends on the client operating system and
Web browser. See “Precedence of Configuration Locations” on page 64.
wfcname.ini
Stores the client name. The file is stored in the same directory as appsrv.ini.
*.jfn
If local text echo is enabled, glyphs are cached in files with the .jfn suffix. These
files are stored in the same directory as appsrv.ini.
Graphical
objects
(Citrix
proprietary
format)
If bitmap caching is enabled, cached graphics are stored in the ‘Cache’
subdirectory (which appears in the directory in which the appsrv.ini file is stored).
*.crl
If certificate revocation checking (CRL) is enabled, CRL files are stored in ‘crl’ or
‘crl/cache’.
Users can place CRLs in the ‘crl’ directory. The client caches CRLs in the ‘crl/
cache’ directory.
CRLs are not deleted from the ‘crl’ directory (whereas CRLs may be deleted from
the ‘crl/cache’ directory when they expire).
The CRL directories appear in the directory in which the file appsrv.ini is stored.
CTX.DAT
The file contains data that is used to identify the client device for Terminal
Services licensing purposes. The client attempts to create the file in the following
locations, in the following order:
•
UNIX platforms only: ‘/usr/local’
•
Windows platforms only: ‘C:\’ through ‘Z:\’
•
All platforms: directory specified by the Java system property <java.home>
• All platforms: directory specified by the Java system property <user.home>
If the client is unable to create the file, the network IP address is used to identify
the client device. This may lead to the client consuming multiple client access
licenses (CALs) in a DHCP environment.
Go to Document Center
CHAPTER 5
Improving the Performance
of the Client for Java
This chapter describes how you can improve the performance of the client using:
•
Session sharing
•
Data compression
•
Data caching
•
Queuing mouse movements and keystrokes
•
SpeedScreen latency reduction
•
SpeedScreen browser acceleration
Advice is also provided on how to improve performance over a low-bandwidth
connection.
Session Sharing
If you are not using seamless windows, consider moving to this mode of working to
gain the performance benefits of session sharing. These include a reduction in
system overhead for both client and server and quicker application launching.
68
Client for Java Administrator’s Guide
Go to Document Center
Data Compression
Data compression reduces the amount of data that needs to be transferred over the
network. However, additional processor resources are required to compress and
decompress the data. If your connection is bandwidth-limited, enabling data
compression improves performance.
You can specify two levels of data compression, standard and maximum. Maximum
data compression uses more processor power and memory and may reduce
performance on slow devices. Data compression is enabled by default.
To enable maximum data compression
Specify the following parameters on the HTML page:
<param name="Compress" value="on">
<param name="MaximumCompression" value="on">
To disable data compression
Specify the following parameter on the HTML page:
<param name="Compress" value="off">
Bitmap Caching
Bitmap caching stores commonly used images on a local disk. If the connection is
bandwidth-limited, using bitmap caching increases performance. If the client is on a
high-speed LAN, you do not need bitmap caching.
You can configure bitmap caching using parameters on the HTML page or the user
can do it through the ICA Settings dialog box.
To enable bitmap caching for a connection
Specify the following parameter on the HTML page:
<param name="PersistentCacheEnabled" value="on">
The bitmap cache directory is stored in the directory specified by the standard Java
system property user.home. The location of the user.home directory depends on the
Java environment or Web browser you are using. If necessary, use the ICA Settings
dialog box to change the bitmap cache directory.
Go to Document Center
Chapter 5 Improving the Performance of the Client for Java
69
Queuing Mouse Movements
When queuing is enabled, the client sends mouse movement updates less frequently
to the server. This prevents the connection from becoming overburdened with
excessive mouse events, which would degrade performance. Disabling queuing
makes the ICA session more responsive to mouse movements. By default, mouse
queuing is disabled.
To change the update period for mouse movement queuing
Specify the following parameter on the HTML page:
<param name="MouseTimer" value="period">
where period is the update period you are using, in milliseconds. To disable
mouse movement queuing, set the period to zero.
Using SpeedScreen Latency Reduction
SpeedScreen latency reduction improves performance over high latency
connections by providing instant feedback to the user in response to typed data or
mouse clicks.
Note SpeedScreen latency reduction works only when it is enabled on the server
to which you are connecting. See the MetaFrame Presentation Server
documentation for more details.
SpeedScreen latency reduction is not available on the Japanese client.
To enable mouse click feedback
Add the following parameter to the HTML page:
<param name="ZLMouseMode" value="0|1|2">
where 0 is off, 1 is on, and 2 is automatic. When mouse click feedback is set to
automatic, the client enables it when required.
To enable local text echo
Add the following parameter to the HTML page:
<param name="ZLKeyboardMode" value="0|1|2">
where 0 is off, 1 is on, and 2 is automatic. When local text echo is set to automatic, the
client enables it when required.
70
Client for Java Administrator’s Guide
Go to Document Center
Using SpeedScreen Browser Acceleration
SpeedScreen browser acceleration provides major performance improvements for
users connecting to Internet Explorer published on a server. Users can interact with
the browser while graphically rich pages or large images are being downloaded.
Scrolling performance in Internet Explorer is also greatly improved on graphically
rich pages. This feature is available only when using Internet Explorer 5.5 or later
on the server.
Improving Performance over a Low-Bandwidth Connection
If you are using ICA over a low-bandwidth connection, such as a modem or cellular
telephone, you can make a number of changes to your client configuration and the
way you use the client that will improve performance:
•
Reduce the client download size. If you do not require the entire functionality
of the client, specify only the archives necessary to provide the functions you
require. Chapter 3 of this guide explains how to specify component archives.
Reducing the size of the applet can greatly reduce the download time.
•
Change the client configuration. On devices with limited processing power, or
where limited bandwidth is available, there is a trade-off between performance
and functionality. The client provides both the user and administrator with the
ability to choose an acceptable mixture of rich functionality and interactive
performance. Making one or more of the following changes can reduce the
bandwidth that the connection requires and improve performance:
•
Enable maximum data compression. Compression reduces the size of the
data that is transferred over the ICA connection (see “Data Compression” on
page 68).
•
Enable the bitmap cache. Bitmap caching stores commonly used images
locally on the client so that they do not have to be transferred over the ICA
connection every time they are needed (see “Bitmap Caching” on page 68).
•
Queue mouse movements. When queuing is enabled, the client sends
mouse updates to the server less frequently. Increasing the queuing period
may improve performance on a low-bandwidth connection (see “Queuing
Mouse Movements” on page 69).
•
Enable SpeedScreen latency reduction. SpeedScreen latency reduction
improves performance over high latency connections by providing instant
feedback to the user in response to typed data or mouse clicks (see “Using
SpeedScreen Latency Reduction” on page 69).
•
Reduce the window size. Change the window size to the minimum size
users can comfortably use (see “Editing desktop.html” on page 21).
Go to Document Center
Chapter 5 Improving the Performance of the Client for Java
•
•
71
•
Reduce the number of colors. Reduce the number of colors to 256 (see
“Window Properties” on page 34).
•
Disable client audio mapping. If users do not need sound, disable client
audio mapping (see “Client Audio Mapping” on page 49) or remove the
JICA-audio archive.
•
Disable clipboard mapping. If users do not need to copy and paste text, do
not include the JICA-clipboard archive.
•
Disable client drive mapping. If users do not need to map drives, do not
include the JICA-cdm archive.
•
Disable printing. If users do not need to map printers, do not include the
JICA-printer archive.
•
Disable server browsing. If providing connections to desktops only (not
published applications), do not include the JICA-browse archive.
Change the way you use the client. ICA technology is highly optimized and
typically does not have high CPU and bandwidth requirements. However, users
on a low-bandwidth connection should consider the following to preserve
performance:
•
Avoid accessing large files using client drive mapping. When you access
a large file with client drive mapping, the file is transferred over the ICA
connection. On slow connections, this may take a long time.
•
Avoid printing large documents on local client printers. When you print
a document on a local client printer, the print file is transferred over the ICA
connection. On slow connections, this may take a long time.
•
Avoid playing multimedia content. Playing multimedia content uses a lot
of bandwidth and can cause reduced performance.
Use the latest client and server software. Citrix is continually enhancing and
improving ICA performance with each release, and many performance features
require the latest client and server software in order to function. Citrix
recommends you use Version 9.x of the client together with MetaFrame
Presentation Server 4.0 for Windows, or MetaFrame Presentation Server 4.0 for
UNIX.
72
Client for Java Administrator’s Guide
Go to Document Center
Go to Document Center
CHAPTER 6
Limitations of the Client for Java
This chapter describes some known limitations of the client that you or your users
may encounter and suggests workarounds where applicable.
The sections are in alphabetical order of operating system, followed by a
Miscellaneous section and a section that deals with Japanese-specific issues. The
final section tells you how to report any further issues you may find with the client.
Linux and Solaris
Loss of Keyboard Focus
On Linux and Solaris platforms, the applet in embedded or non-seamless mode can
lose keyboard focus after opening a client dialog box. The keyboard focus is
successfully passed to the dialog box when the dialog box is opened, but it is lost
when the dialog box is closed.
For Solaris, the workaround is to give keyboard focus to another application’s
window, then give it back to the browser window containing the embedded client
applet. For Linux, click in the applet to restore keyboard focus.
74
Client for Java Administrator’s Guide
Go to Document Center
Clipboard Support on X11
•
Clipboard support on the Client for Java works only with applications that use
the X11 CLIPBOARD selection. Specifically, Motif and Gnome applications
are fine, but KDE applications do not work. Xterm can be configured with X11
resources to use the CLIPBOARD selection. For example:
XTerm*VT100.Translations: #override \n\
~Ctrl ~Meta <Btn2Up>:\
insert-selection(PRIMARY,CLIPBOARD,CUT_BUFFER0)\n\
<BtnUp>: select-end(PRIMARY,CLIPBOARD,CUT_BUFFER0)\n
GNU Emacs can also be configured to use CLIPBOARD with the following
Emacs lisp:
(setq x-select-enable-clipboard t)
•
The xclipboard utility (present on most X11 systems) may be of use in
transferring data between the PRIMARY and CLIPBOARD selections.
•
To right-click when connected to a MetaFrame Presentation Server computer with a
Mac OS X
Macintosh, hold down the command key and click the mouse button.
•
Characters generated using the Option keys on Macintosh may not be supported
by the current Windows font in your ICA session. If the character produced is
not the expected character, choose a Windows font in the ICA session that
supports the character. After producing the desired character, you can return to
the usual font.
•
The client cannot load when the Java archive files are hosted on a Web server
that requires cookies or authentication before serving the files. Ensure that the
Web server does not require authentication to serve these files.
This issue also affects the HTML help and .ica files.
In particular, asp or jsp applications that manage session state using cookies are
affected.
•
Arbitrary mouse pointers are not supported on Mac OS X.
Go to Document Center
Chapter 6 Limitations of the Client for Java
75
Windows
Internet Explorer
•
To display dead key characters, you must press the chosen dead key and then
press the space bar twice.
Internet Explorer Security Settings on Windows Server
2003
For Windows Server 2003, the default security settings when you log on with
administrator privileges are:
•
Internet = High
•
Local Intranet = Medium-Low
•
Trusted Sites = Medium
This means that if you log on as an administrator and try to use the client over the
Internet, by default it will not work because you cannot enable the use of Java
environments for the High security level through Internet Explorer’s Internet
Options.
There are two ways you can avoid this problem:
•
Follow the instructions given in Microsoft Knowledge Base article 182569.
•
Accept the Internet site that provides the Java applet as a trusted site. The
default security level for a trusted site is Medium, therefore the Java
environment is enabled and you can use the client.
If you log on to Windows Server 2003 as an ordinary user, as opposed to an
administrator, the default security level for the Internet is Medium; therefore, the
problem does not occur.
76
Client for Java Administrator’s Guide
Go to Document Center
Miscellaneous
Client Drive Mapping
A remote application generates an error message because it cannot lock a file.
Due to Java limitations, Java programs cannot lock files. This means that files
cannot be locked on mapped local drives.
To avoid generating error messages, disable the Safelock option on the HTML
page:
<param name="Safelock" value="off">
When Safelock is disabled, if a remote application attempts to lock a file on a
mapped drive, the client will report success. However, this does not mean that the
file is locked; you must take precautions to ensure that another application does not
write to or delete the same file, because this could result in data corruption.
Mouse Pointer Support
In shadowed sessions, the mouse pointer does not move when shadowing users
move their mouse pointer.
NTLM Authentication
If using J2SE 1.4.2_04 or earlier, and the codebase of the applet points to a Web site
that is protected by NTLM authentication, the client takes many minutes to start.
This issue has been reported to Sun. The workaround is to upgrade to a later version
J2SE (1.4.2_05 or later).
Seamless Windows
On some platforms, the outline drag-box that is displayed when you move or resize
seamless windows can cause unattractive repaint effects. If you experience this, you
can either specify a solid drag-box type or eliminate the drag-box entirely by setting
the parameter TWIDragBoxType to solid or none respectively.
Server Names with non-ASCII Characters
For client operating systems to contact servers, the host name and domain name
must be compliant with the Domain Naming System (DNS). That is, the names
must contain only upper- and lower-case ASCII a to z, digits 0 to 9, and dash (-).
This may not be necessary when client operating systems and the DNS server
support multinational characters.
Go to Document Center
Chapter 6 Limitations of the Client for Java
77
Published application names can comprise any characters because these are always
resolved by the ICA browser. Note that any ICA browser addresses have the same
DNS restrictions as the server names described above.
On some systems, you may not be able to connect to a server if its name does not
conform to this requirement (that is, a server with a Japanese name or a name
containing other non-ASCII characters).
To avoid this, either:
•
Conform to the DNS requirement and use only ASCII characters in server
names.
—Or—
•
Specify ICA browser addresses as IP addresses and do not enable DNS
resolution for the server. If you do both of these things, the servers can have
names that do not comply with the DNS requirement; however, SSL does not
work in this scenario because DNS names are required for certificate validation.
In addition, the Web Interface does not work because DNS is used to resolve the
hostname part of the Web Interface URL.
Universal Print Driver and PCL4
•
Horizontal lines in text and images sometimes appear jagged in landscape
mode
•
Print output near the page edge is sometimes clipped when you are using
small page margins
To avoid these problems, use the appropriate native printer driver instead of the
UPD. Configure the driver using the Settings dialog box and ensure that it is
available on the server.
78
Client for Java Administrator’s Guide
Go to Document Center
Japanese-Specific Issues
Typing Japanese Characters in Shadowing Sessions
If you shadow another session, use the server IME. By default, the server side IME
is used, but if you have been using the client IME, change your keyboard layout
setting. To change the setting, from the ICA Settings dialog box, choose the
General tab, followed by either (Server Default) or Japanese (server IME only)
from the Keyboard Layout options. Alternatively, you can choose Japanese (client
and server IME) and use the server IME during shadowing.
Typing the Long Vowel Sound Symbol (—) in Kana Input
Mode
When using the server IME to type Japanese characters in Kana input mode, press
the Shift key with the long vowel symbol key (—) to enter the long vowel symbol.
This is not necessary when using the client IME.
Typing Japanese Characters in Applications Using the
Client IME
If you use the client IME, displayed characters may be corrupted when you are
using certain applications. If this happens, use the server IME instead.
Web Interface on Windows Unicode Settings
If you are using the Web Interface for MetaFrame, installed on a Microsoft
Windows server, to deploy the Client for Java, Citrix recommends that you
configure the Web Interface to deploy Version 8 or later clients. This ensures all
ICA files are encoded in Unicode.
Configure this setting using the Access Suite Console (Web Interface: Manage
Client Deployment). When specifying the launch client settings, set the client
version support option to version 8 or later clients.
If this option is not selected, ICA files are encoded using Microsoft Windows
Codepage 932. Although this is acceptable in many circumstances, users will not be
able to launch published applications if the application name includes certain
characters, such as a long tilde.
Go to Document Center
Chapter 6 Limitations of the Client for Java
79
Client-Side IME Input Mode on Mac OS X
Changing the Input Mode
When using the client-side IME on Mac OS X, Citrix recommends that you use the
kana and eisu keys to switch the IME input mode. This is recommended because
key combinations using the Apple (Alt) key can switch focus to the application's
menu bar, which will result in the first character you type not being recognized.
Problems with the First Character Typed
When using the client-side IME on Mac OS X, if the first character typed is a fullwidth alpha (a-z) character, it is not displayed. There are two workarounds:
•
Use the server-side IME to input full-width alpha characters
•
Type one or more kana characters before typing a full-width alpha character
Using ATOK
When using the client on Japanese Mac OS X with the ATOK IME, use ATOK17.
The client is not supported with ATOK16. Alternatively, use the default Kotoeri
IME.
The IME Toolbar Is Inaccessible After Minimizing
When you use the server-side IME in a connection to Windows 2000 Server, you
cannot access the IME toolbar after you minimize it. This occurs with all seamless
sessions and non-seamless sessions to published applications, but is not a problem
for non-seamless desktop sessions. In the latter case, retrieve the IME toolbar from
the Windows System Tray. In the other cases, the System Tray is not available.
The workaround is to connect to a non-seamless desktop session and restore the
IME toolbar from the System Tray. This is not an issue when connecting to
Windows 2003 Server, as MetaFrame Presentation Server prevents the toolbar from
being minimized.
Typing Characters After Reconnecting Using the Client
IME
If you reconnect to a session from a different browser or with a different window
size setting from the original session, you may see a dialog box warning you that
the video mode for the existing session cannot change. You cannot input characters
using the client IME until you close the dialog box by clicking OK.
80
Client for Java Administrator’s Guide
Go to Document Center
Sometimes this dialog box is displayed behind the application window. If you
cannot type characters using the client IME after reconnecting, even if you do not
see a dialog box, try minimizing the application window in the browser window to
see whether the warning dialog box appears. Close the dialog box by clicking OK,
then restore the application window.
Hotkey Support for Japanese Keyboards
On certain hardware platforms, some Java environments may have problems with
the special Japanese modifier keys, such as Hankaku, Zenkaku, and Hiragana,
which are used to control the IME on the server.
If you experience this problem, first ensure that you have the latest version of a
J2SE environment for your platform. If the problem persists, you can interact with
the IME by clicking the IME buttons using your mouse.
Alternatively, define hotkeys to simulate the effect of the IME keys. For example,
you can define F1 as the Katakana key. This technique for mapping hotkeys is
similar to that used for defining special key combinations for the client, such as
using CTRL+F1 to send the key combination CTRL+ALT+DEL.
Define Japanese hotkeys in the same way as English hotkeys: either in the <applet>
tag or by using the ICA Settings dialog box, as described in “Hotkeys” on page 40.
The full set of possible Japanese hotkeys is:
HotkeyMuHenkanChar
HotkeyMuHenkanShift
HotkeyPrevKouhoChar
HotkeyPrevKouhoShift
HotkeyKatakanaChar
HotkeyKatakanaShift
HotkeyHankakuChar
HotkeyHankakuShift
HotkeyKanjiBangoChar
HotkeyKanjiBangoShift
HotkeyNextKouhoChar
HotkeyNextKouhoShift
HotkeyAllKouhoChar
HotkeyAllKouhoShift
HotkeyHiraganaChar
HotkeyHiraganaShift
Go to Document Center
Chapter 6 Limitations of the Client for Java
81
HotkeyRomajiChar
HotkeyRomajiShift
HotkeyEisuChar
HotkeyEisuShift
Reporting Issues
If you have any issues with the client that are not described in this chapter, please
perform the following steps:
1. Make sure you are running the latest version of the client.
2. Read the information in the Readme file.
3. Check the relevant section of this guide.
4. If the problem still persists, report the problem to your Citrix support
representative and provide all the following information:
•
The client operating system platform.
•
The Web browser and version number and the plug-in version number. Note
that you can view the Java plug-in version number by launching the Java
console.
•
The complete applet tag from the Web browser’s View Source (or
equivalent) menu. This shows the resulting HTML after any client- or
server-side scripting.
•
Any error messages displayed in the Java console.
•
If applicable, any Java stack trace that is displayed after clicking Details in
an error dialog box.
•
The MetaFrame Presentation Server platform and MetaFrame Presentation
Server version.
•
The Web Interface version number, if applicable.
•
Any relevant security information; for example, whether you are using ICA
encryption or SSL, and whether or not your deployment includes proxy
servers.
•
An explanation of how to reproduce the problem.
82
Client for Java Administrator’s Guide
Go to Document Center
Go to Document Center
APPENDIX A
Parameters and File Descriptions
for the Client for Java
Parameters
The following tables provides a complete list of the parameters that you can specify
to provide additional features and customization. The Address parameter is the only
required parameter; all other parameters in these lists are optional.
Most of the parameters are specified on the HTML page; however, the client drive
mapping parameters listed in this section are specified in the client-side appsrv.ini
file.
General Configuration
Parameter
Description
Address
The address of the server or the name of the published
application. If a published application is entered as an
address value, the InitialProgram parameter must also be
specified.
CGP Address
The address of the session reliability server:
“hostname:port”. Type an asterisk (*) to use the Address
parameter value as the session reliability server.
Clientname
The client name. Use in the form
client.wfclient.Clientname. Use with the parameter
client.wfclient.UseHostname=off.
CREnabled
Specifies whether or not content redirection is enabled.
Values are yes or no. The default value is yes.
Domain
The name of the domain for the user name.
84
Client for Java Administrator’s Guide
Go to Document Center
Parameter
Description
HTTPBrowserAddress
HTTPBrowserAddress2 to 15
The address of a browser server. This parameter is used
when TCP/IP+HTTP or SSL/TLS+HTTPS browsing has
been specified. This parameter is also used to
designate groups of primary and backup servers.
Note that when the XML Service on the server is not
configured to use the default port 80, you must append
:<port number> to this parameter, substituting <port
number> with the port number your server’s XML Service
is configured to use.
For HTTPBrowserAddress the default is ica. There is no
default for HTTPBrowserAddress 2 to 15.
Icafile
An ICA file for the client to use. The value entered must
be a valid URL. There is no default.
ICAPortNumber
The default ICA port number is 1494. You can specify a
different port number using this parameter or by
appending the port number to the address value; for
example, CitrixServer:1495.
InitialProgram
The name of the initial program to run after connecting to
the server. If you are connecting to a published
application, add a # symbol before the program name.
Language
Causes the client’s user interface components to appear
in a language other than the language of the client
device.
Param
Passes a parameter such as a file name to a published
application.
Password
The password of the user. The Password parameter
cannot be used to specify an encrypted password. To
specify an encrypted password, use an ICA file or .ini file
that contains an encrypted password.
SpeedScreenBA
Specifies whether or not SpeedScreen browser
acceleration is enabled. Values are yes or no. The
default value is yes.
SupportTSEquivalencyOnWinXP
Specifies whether or not Microsoft Terminal Services
Client Access License equivalency is used on Microsoft
Windows XP client devices. Values are on or off. The
default value is off.
Go to Document Center
Appendix A Parameters and File Descriptions for the Client for Java
Parameter
Description
TWIDisableSessionSharing
Specifies whether or not session sharing is disabled.
Used in conjunction with the Connection Center. The
default value is no.
TWIMode
Enables seamless windows. If you are using seamless
windows, set this parameter to on; otherwise, set it to off.
UseHostname
Specifies using the hostname as the client name. Use in
the form client.wfclient.UseHostname.
Username
The user name to use during logon.
WorkDirectory
The path of the working directory where the initial
program is run after the user connects to the server.
User Interface Parameters
Parameter
Description
Border
Turns the border around the ICA session in the browser window on
or off. Values for this parameter are on or off. The default value is
off.
BorderWidth
The border width in pixels. The default value is 6.
DesiredColor
The color depth of the ICA session windows. The values are 2 (256
colors), 4 (thousands of colors), and 8 (millions of
colors). The default value is 256 colors. 16 color mode is not
supported but the client can connect to applications published in 16
color mode, in which case 256 colors are used.
DesiredHRes
The height of the ICA session window, if you want the session size to
be different from the applet size. If this parameter is not specified,
the Height parameter is used and the session height is therefore the
same as the applet height. There is no default.
DesiredVRes
The width of the ICA session window, if you want the session size to
be different from the applet size. If this parameter is not specified,
the Width parameter is used and the session width is therefore the
same as the applet width. There is no default.
End
Controls the client’s behavior when you terminate a session. The
values are manual (default), auto, terminate, and URL.
Height
The height of the ICA session window. This parameter is specified as
an attribute in the <applet> tag.
85
86
Client for Java Administrator’s Guide
Go to Document Center
HotkeynShift
HotkeynChar
Sets hotkeys that can be used to control various client functions. Use
in the form user.wfclient.HotkeynShift or user.wfclient.HotkeynChar
where n is the number of the hotkey. n can be 2, 3, 4, 5, 6, 7, 8, 9, 10,
or 11. For information about how to set hotkeys, see “Hotkeys” on
page 40.
KeyboardLayout and
KeyboardType
The type of keyboard. Use in the form user.wfclient.KeyboardType
and user.wfclient.KeyboardLayout.
ShowSettingsButton
Specifies whether or not to show the Settings button. You must
include the complete JICAEng archive or the JICA-config archive to
display the Settings button. Values for this parameter are yes or no.
The default value is yes.
ShowStatusBar
Specifies whether or not to show the status bar. You must include the
complete JICAEng archive or the JICA-config archive to display the
status bar. Values for this parameter are yes or no. The default value
is yes.
Start
Controls the client’s behavior when you start a session. The values
are manual and auto. The default value is manual.
Width
The width of the ICA session window. This parameter is specified as
an attribute in the <applet> tag.
Client Audio Mapping Parameters
Parameter
Description
ClientAudio
Enables client audio. The values are on and off. The default is off.
Go to Document Center
Appendix A Parameters and File Descriptions for the Client for Java
Client Printer Mapping Parameters
Parameter
Description
Comment
Sets a default printer. Must be specified as
user.printername.Comment, where printername is the name
allocated with the parameter LocalClientPrinters.
Driver
The printer driver. Use in the form user.printername.Driver, where
printername is the name allocated with the parameter
LocalClientPrinters.
LocalClientPrinters
Used for passing information about client printers to the server. Must
be specified as <param name=”user.localclientprinters”
value=”printername”>. To specify more than one printer, separate
the printer names with commas.
Port
The printer port. Use in the form user.printername.Port, where
printername is the name allocated with the parameter
LocalClientPrinters.
Client Drive Mapping Parameters
Although the user specifies most client drive mapping parameters using the ICA
Settings dialog box, there are three parameters that you can specify only in the
client-side appsrv.ini file:
Parameter
Description
DriveRemovable<x>
Specifies whether or not drive x is removable, that is,
whether it is a floppy drive or a CD-ROM drive. Values for
this parameter are yes or no. The default is no.
DriveMappingHomeDrive
Specifies the drive letter to use for the home drive. The
value must be a single letter. The default is H.
DriveMappingAutoDetectHome
Specifies whether or not to auto-detect the user’s home
drive. Values for this parameter are yes or no. The default
is yes.
87
88
Client for Java Administrator’s Guide
Go to Document Center
Performance Tuning Parameters
Parameter
Description
Compress
Sets data compression. The values are on to enable data
compression and off to disable it. The default value is on.
MaximumCompression
Sets high level data compression. The values are on to enable
greater data compression and off to select normal data
compression. Requires the Compress parameter to be enabled.
The default value is off.
MouseTimer
The time (in milliseconds) between the mouse movement
updates that are sent to the server. Set to 0 to disable queuing.
The default value is 0.
PersistentCacheEnabled
Enables or disables bitmap caching. Must be specified as
“user.wfclient.PersistentCacheEnabled”. Values are on or off.
The default value is off.
PersistentCacheMinBitmap
The size of the smallest bitmap to cache, in KB.
The default value is 8.
PersistentCacheSize
The size of the bitmap cache in MB. The default value is 10.
ZLKeyboardMode
SpeedScreen latency reduction mode. The values are 0 (off), 1
(on), or 2 (auto). The default value is 0.
ZLMouseMode
SpeedScreen latency reduction mode. The values are 0 (off), 1
(on), or 2 (auto). The default value is 2.
Security Integration Parameters
Parameter
Description
EncryptionLevel
The level of ICA encryption to use for an ICA
connection. Values are as follows:
0 = No encryption, 1 = basic encryption, 2 = RC5
128-bit encryption during authentication only, 5 =
RC5 128-bit
The default value is 1.
PermitCGP
Specifies whether or not session reliability is
allowed on the client (client-side parameter). Values
are yes or no. The default value is yes.
PermitVirtualChannelSDK
Specifies whether or not the SDK virtual channel is
allowed on the client (client-side parameter). Values
are yes or no. The default value is no.
Go to Document Center
Appendix A Parameters and File Descriptions for the Client for Java
ProxyAutoConfigURL1
The location of a Proxy Auto Configuration (PAC)
file for automatic proxy configuration. There is no
default value.
ProxyDebug1
Specifies whether or not to enable proxy debugging
in the Java console for troubleshooting purposes.
Values are on or off. The default value is off.
ProxyExcludeList1
A semicolon- or comma-separated list of addresses
of servers that the client must connect to directly—
not through the proxy server. There is no default
value.
ProxyHost1
The location and port of the proxy server. There is
no default value.
ProxyType
The type of proxy server. Values are:
none = no proxy
auto = use the Web browser’s settings
socks = use SOCKS and automatically detect the
version socksv4 = use SOCKS Version 4
socksv5 = use SOCKS Version 5
secure = use Secure proxy
script = use a PAC file (specified by
ProxyAutoConfigURL)
There is no default value.
ProxyUsername1
ProxyPassword1
Proxy server logon credentials. There is no default
value.
SecureChannelProtocol
Specifies the SSL/TLS protocol version. Values are
SSL, TLS, or detect. If you specify detect, the client
connects using the protocol requested by the server.
The default value is detect.
SSLCertificateRevocationCheckPolicy
Specifies whether or not to use Certificate
Revocation Checking. Values are NoCheck,
CheckWithNoNetworkAccess, FullAccessCheck,
FullAccessCheckAndCRLRequired
The default value is
CheckWithNoNetworkAccess.
SSLCiphers
An alternative cipher suite. Values are Gov, Com, or
All.
The default value is All.
SSLEnable
Enables SSL and TLS encryption protocols. Used
with the BrowserProtocol parameter. Values are on
or off. The default value is off.
89
90
Client for Java Administrator’s Guide
Go to Document Center
SSLProxyHost
A Secure Gateway (relay mode) address. There is
no default value.
UseAlternateAddress
Specifies whether or not to use an alternate server
address across a firewall. Used in the form
user.wfclient.UseAlternateAddress.
Values are 0 (actual address is used) or 1 (alternate
address is used). The default value is 0.
UseLocalUserAndPassword
Specifies whether or not to configure the client for
Kerberos support. Values are yes or no. The default
value is no.
1
These parameters are meaningful only if you specify ProxyType.
Go to Document Center
Appendix A Parameters and File Descriptions for the Client for Java
ICAPrinterDrivers.txt File
The contents of the default ICAPrinterDrivers.txt file are as follows:
HP LaserJet
HP DeskJet
HP OfficeJet
HP LaserJet Series II
HP LaserJet III
HP LaserJet 4
HP LaserJet 5
HP LaserJet 4000 Series PCL
HP LaserJet 4000 Series PS
HP LaserJet 4050 Series PCL
HP LaserJet 4050 Series PS
HP LaserJet 5000 Series PCL
HP LaserJet 5000 Series PS
HP LaserJet 8000 Series PCL
HP LaserJet 8000 Series PS
HP LaserJet 8100 Series PCL
HP LaserJet 8100 Series PS
Canon Bubble-Jet BJC-70
Canon Bubble-Jet BJ-200ex
Canon Bubble-Jet BJC-600
Canon LBP-4
Canon LBP-8II
Canon LBP-8III
Epson Stylus Pro ESC/P 2
Epson Stylus COLOR ESC/P 2
Epson Stylus Photo ESC/P 2
Epson EPL-3000
Epson EPL-4000
Epson EPL-5000
Epson EPL-6000
Epson EPL-7000
Epson EPL-8000
Epson EPL-9000
Lexmark Optra
91
92
Client for Java Administrator’s Guide
Supported Keyboard Layouts
The supported keyboard layouts are:
"(Server Default)"
"Albanian"
"Belarusian"
"Belgian Dutch"
"Belgian French"
"Brazilian (ABNT)"
"British"
"Bulgarian (Latin)"
"Bulgarian"
"Canadian English (Multilingual)"
"Canadian French (Multilingual)"
"Canadian French"
"Croatian"
"Czech (QWERTY)"
"Czech"
"Danish"
"Dutch"
"Estonian"
"Finnish"
"French"
"German (IBM)"
"German"
"Greek (220) Latin"
"Greek (220)"
"Greek (319) Latin"
"Greek (319)"
"Greek Latin"
"Greek"
"Hungarian 101-Key"
"Hungarian"
"Icelandic"
"Irish"
"Italian (142)"
"Italian"
"Japanese (client and server IME)"
"Japanese (client IME only)"
"Japanese (server IME only)"
"Korean"
"Latin American"
"Latvian (QWERTY)"
"Latvian"
"Lithuanian"
"Norwegian"
"Polish (214)"
"Polish (Programmers)"
"Portuguese"
"Romanian"
"Russian (Typewriter)"
"Russian"
"Serbian (Cyrillic)"
Go to Document Center
Go to Document Center
Appendix A Parameters and File Descriptions for the Client for Java
"Serbian (Latin)"
"Slovak (QWERTY)"
"Slovak"
"Slovenian"
"Spanish Variation"
"Spanish”
"Swedish"
"Swiss French"
"Swiss German"
"Taiwan"
"Turkish (F)"
"Turkish (Q)"
"Ukrainian"
"United Kingdom"
"US"
"US-Dvorak for Right hand"
"US-Dvorak for left hand"
"US-Dvorak"
"US-International"
93
94
Client for Java Administrator’s Guide
Go to Document Center
Go to Document Center
95
Index
A
Acrobat Reader, requirements 8
alternate address translation 59
applet tag
editing 21, 23
applications, published
connecting to 33
archive attribute
definition 21
archive parameter
definition 23
ASCII characters, in server names 74
audio mapping 49
auto-detected printers 45
B
bitmap caching 68
business recovery 31
codebase parameter
definition 21
colors, number of
changing the window properties 34
configuring client settings using the ICA Settings dialog
box 27
connecting to sessions automatically 36
Connection Center
overview 13
D
data compression 68
deploying the client 20
DNS resolution 74
drag-box in seamless windows 76
drive mapping 43
dynamic session reconfiguration 13
E
C
encryption 54
certificates 56, 58
accepting when connecting 25
key length greater than 2046 58
specifying your own 56
chain length 58
Cipher Suite
client configuration 56
client audio mapping 49
client devices
mapping 43
client drive mapping 43
Client for Java
introduction 12
client name
setting 32
client package
contents 18
formats 17
client printer mapping 44
clipboard support 74
code parameter
definition 21, 23
F
firewalls
client configuration 59
using 59
H
hotkeys
configuring 40
Japanese 80
HTML page setup 20
I
ICA encryption
client configuration 60
ICA Settings dialog box 34
IME support 39
Integrating 50
Internet Explorer
limitations 75
96
Client for Java Administrator’s Guide
J
Japanese hotkeys 80
Japanese IME support 39
Japanese-specific limitations 78
K
Kerberos authentication 61
configuring 62
UNIX 63
keyboard types
specifying 37
L
language for user interface
specifying 29
limitations
Japanese-specific issues 78
limitations of Client for Java 73
Linux
limitations 73
local text echo 69
M
Mac OS X
limitations 73
manually configured printers 45
mapped drives
file locking 76
limitations 44
mapping
audio 49
client devices 43
client drives 43
printers 44
mouse movements
queuing 69
mouse pointer support 76
mouse-click feedback 69
P
parameter passing 33
parameters
complete list 83
parameters for applet tag
complete list 83
syntax 21
Go to Document Center
performance
improving over low-bandwidth connections 70
printer mapping 44
printers
auto-detected 45
manually configured 45
printing
auto-detected printers 45
manually configured printers 45
mapping client printers 44
MetaFrame Presentation Server for UNIX 49
proxy auto detection 51
proxy servers
client configuration 51
NTLM authentication 51
SOCKS 50
specifying 54
using 50
published applications
connecting to 33
Q
queuing mouse movements 69
R
reconnecting to sessions automatically 36
relay mode 55
reporting issues 81
S
seamless support
overview 12
seamless windows
limitations 76
Secure Gateway
client configuration 54
security
certificate revocation checking 58
firewalls 59
ICA encryption 60
integrating the client 50
proxy servers 50
Secure Gateway 54
SSL Relay 54
security settings
limitations 75
server location
configuring 30
Go to Document Center
server names, non-ASCII characters 74
session reliability 35
session sharing 13
sessions
connecting and reconnecting automatically 36
Settings button
displaying and hiding 34
signed Java applets 25
Solaris
limitations 73
specifying your own 56
SpeedScreen browser acceleration 70
SpeedScreen latency reduction 69, 88
SSL
configuring the client 54
status bar
displaying and hiding 34
system requirements 15
T
three-button mouse
support 40
time out period
changing 37
TLS 54
configuring the client 54
Transport Layer Security. See TLS
U
Universal Print Driver. See UPD
UPD 49
limitations 77
W
warning message for session close
changing 22
Windows Server 2003
limitations 75
Index
97
98
Client for Java Administrator’s Guide
Go to Document Center
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement