Integrating Thin-Client Servers with the Novell Suite of

Integrating Thin-Client Servers with the Novell Suite of
Integrating Thin-Client
Servers with the Novell
Suite of Products
1
INTEGRATING THIN-CLIENT SERVERS WITH THE NOVELL SUITE OF PRODUCTS
INTRODUCTION
INTEGRATION WITH WINFRAME
INTEGRATION WITH WINDOWS TERMINAL SERVER AND METAFRAME
INTEGRATION OF THE THIN-CLIENT SERVER WITH ZENWORKS
INSTALLING THE NOVELL CLIENT ON A THIN-CLIENT SERVER
INTEGRATION WITH NDS FOR NT
DEPLOYING THIN-CLIENT SERVER FARMS WITHOUT DOMAINS
EMBEDDING ZENWORKS INTO A WEB BROWSER
INTEGRATING THE THIN-CLIENT SERVERS WITH THE NETWARE 5 JVM
APPENDIX A – ICA AND HTML FILES
APPENDIX B – FREQUENTLY ASKED QUESTIONS
2
Introduction
IT professionals are being asked to do and more and more with the same limited resources. At the same
time, the people who are being supported are becoming more and more mobile. End-users expect IT to
deliver fast and simple access to network resources no matter how and where the end-users are working.
These end-users are demanding the same level of performance when they are on the corporate network and
in a hotel room dialing in with a 56.6kb modem.
Many IT organizations are turning to the thin-Client solutions delivered by Citrix and Microsoft in the
WinFrame, MetaFrame, and Windows Terminal Server products to meet these expectations. With these
products, users are able to connect to the thin-Client servers with virtually any computing device and run
applications with blazing speed even across the thinnest of connections. The applications are actually
running on the thin-Client server which is then simply sending screen updates to the device the end-users is
sitting in front of. Because only screen updates, keystrokes, and mouse clicks are transferred between the
workstation and thin-Client server, this solution offers virtually the same performance to a user on a
corporate network and a user at home dialing in through a modem.
The integration of Novell products such as NDS and ZENworks with the thin-Client servers satisfies the
desires of both network administrators and end-users. End-users get a consistent desktop wherever they are
and the performance they demand. Administrators have a single tool that can be used to administer both
standard desktops and thin-clients.
Integration with WinFrame
WinFrame is the thin-Client server that runs on Windows NT v3.51. At the writing of this document
(March 1999) the latest version of WinFrame available on the market was version 1.7. Version 1.8 was
available in beta testing. Although this document shows the integration of various Novell products with
WinFrame and MetaFrame v1.7, the concepts and integration with v1.8 are the same. Some of the
management utilities and interfaces in v1.8 may be different, but the points of integration are the same.
WinFrame users can benefit from access to Novell products and solutions by loading the Novell Client
v4.11b for Windows NT on the WinFrame servers. The Novell Client v4.11b for Windows NT can be
downloaded from www.novell.com\download. No software needs to be loaded on the thin-clients (the
devices from which the end-users are viewing the WinFrame session).
Novell discontinued support for Windows NT v3.51 in the Novell Clients that were released in 1998
(starting with the Novell Client v4.3 for Windows NT). However, wanting to provide organizations using
WinFrame with the benefits of products such as NetWare, NDS and ZENworks, Novell decided to release a
Client that supported WinFrame and therefore Windows NT 3.51. The Novell Client v4.11b for Windows
NT is an update to the Novell Client v4.11a for Windows NT. The 4.11b Client includes the work Novell
engineers performed to support WinFrame as well as any patches that were made to the 4.11a Client.
Novell only recommends using this Client on WinFrame servers or devices running Windows NT v3.51.
Using the 4.11b, Client users have full access to NetWare and NDS. The following components of
ZENworks function with the 4.11b Client and therefore WinFrame.
•
•
Application Management (Novell Application Launcher)
• Self-healing of applications if problem occur
• Schedule software updates
• Application fault tolerance and load balancing
• Customization of application to user as it is installed
• Software metering
Desktop Maintenance
• Remote Control
3
•
• Helpdesks application
Desktop Management
• Dynamic Local User
• Automatic Client Upgrade
• Management of path to roaming profile and system policies
Some of the functionality in the Desktop Management component of ZENworks (such as printer driver
management and hardware inventory) will only function if the Novell Client v4.5 for Windows NT or
higher is loaded on the thin-Client server. Since the later Novell Clients do not support Windows NT v3.51
this functionality is not supported on a WinFrame server.
When installing ZENworks on a WinFrame server, administrators should install the application
management and desktop maintenance components but not the desktop management component. The
desktop management components that are supported on Windows NT v3.51 will be installed by installing
the Novell Workstation Manager that is included with the 4.11b Client.
Using the Novell Client v4.11b on the WinFrame server, organizations will be able to take advantage of the
significant benefits delivered through ZENworks and NDS for NT. Using these products WinFrame
administrators will have a single point of administration for NetWare, Windows NT, and WinFrame user
accounts. These administrators will also be able to use a single tool (NDS) to manage application
deployment and management, roaming profiles, system policies and helpdesk access for both standard
desktop and thin-Client devices.
Integration with Windows Terminal Server and MetaFrame
Windows Terminal Server is the thin-client server that is provided by Microsoft and is based on NT 4.0.
Windows Terminal Server used the remote display protocol (RDP) which is a point-to-point protocol.
Most organizations will add the Citrix MetaFrame product to their implementation of Windows Terminal
Server to take advantage of the Independent Computing Architecture (ICA) protocol. The ICA protocol is
the technology that enables the load balancing and server farm solutions supplied by Citrix.
Users of Windows Terminal Server and MetaFrame have full access to all services and products provided
by Novell. The Novell Client v 4.5 for Windows NT was the first Client released by Novell that contained
the necessary components to fully integrate with Windows Terminal Server and MetaFrame. At the writing
of this document, the Novell Client v4.6 for Windows NT is the most recent release of Novell’s Client for
Windows NT. It is the preferred Client for integrating with Windows Terminal Server and MetaFrame. As
Novell releases new Clients in the future the newest Client will be the preferred Client for interoperability
with the thin-client servers.
Installing the Novell Client v4.50 for Windows NT (or later) on the Windows Terminal Server or
MetaFrame server will enable full access to all Novell products. In this configuration, end-users of the
thin-client servers will have the benefit of access to NetWare, NDS, BorderManager, and ZENworks.
Integration with NDS for NT will be covered later and does not require that the Novell Client for Windows
NT be installed on the thin-client server.
Integration of the Thin-Client Server with ZENworks
The product that provides the most immediate benefit to users of the thin-client server is ZENworks.
Access
The thin-client servers provide fast, efficient access to network resources to any user from virtually any
location.
Management
4
Novell solves the problem of administering the resources users are granted access to. Whether
administering the thin-client or the standard desktop, you use the same tool you are already accustomed to
using: NDS.
ZENworks is the first directory-enabled desktop management suite. ZENworks provides a complete
solution for administering every aspect of the working environment end-users see. The real value here to
organizations using the thin-client servers is that a single tool can be used to administer standard desktops
and thin-clients. The same policies that are created in ZENworks can be applied to both standard desktops
and thin-clients without a single modification.
This means that IT organizations only have to learn and deploy a single desktop management solution for
both worlds – which provides significant cost savings. End-users also benefit from the fact that a single
administrative tool is used for both worlds because they are presented with an identical working
environment whether they are working on a desktop or through a thin-client server. Since NDS is
managing both environments, the end-users’ desktop and view of the network is independent of the manner
in which the resources are being accessed.
ZENworks automates desktop management using the power of Novell Directory Services™ (NDS™) to
remotely provide application management, software distribution, desktop management, and workstation
maintenance. ZENworks minimizes the time users and network administrators must devote to workstation
management: administrators are free to concentrate on more critical issues, and end users can have
confidence in their workstation setup. ZENworks provides the following solutions:
•
•
•
•
•
•
•
•
•
•
Create and administer Windows NT and Windows 95/98 roaming profiles in NDS
Create and administer Windows NT and Windows 95/98 policies in NDS
Generate and store hardware inventories for Windows NT and Windows 95/98 workstations
in NDS
Configure printers, including the corresponding printer drivers, which are automatically
downloaded to Windows NT and Windows 95/98 workstations without any human
intervention from NDS
Configure the Novell Client installed on Windows NT and Windows 95/98 workstations in
NDS
Manage user accounts on NT workstations and servers from NDS
Provide remote help desk utilities for all Windows workstations
Provide secure remote control for all Windows workstations
Access and correct Year 2000 risks
Deploy and manage all aspects of applications on an Windows workstation including
• Self-healing of applications if problem occur
• Schedule software updates
• Application fault tolerance and load balancing
• Customization of application to user as it is installed
• Software metering
For more detailed information on ZENworks you should refer to the ZENworks home page at
http://www.novell.com/products/nds/zenworks/index.html. This document will provide a brief overview of
the benefits of ZENworks.
ZENworks separates the administration of the users’ working environment into two components – the
workstation configuration and the user configuration. There are configuration options that are workstation
specific and need to be set independent of the user that is using the workstation, and there are settings that
are user specific and should follow the user as they roam throughout the organization. This is especially
applicable in the thin-client server world where a user may be directed to use resources on any server in a
server farm through the ICA protocol.
5
ZENworks allows administrators to create objects in NDS that correspond to the workstation policies and
user policies they want applied. The following screen shot is of the Windows NT Workstation Policy
Package.
Most organizations will create ZENworks policy packages to coincide with tasks or roles that are
associated with groups of users as well as the physical location of the workstation. For example, an
organization may create user policy packages that contain the desktop configuration that is required by
administrative assistants or engineers then associate the policy packages with appropriate users, groups, or
organizational units in NDS. These administrators may also create a workstation policy package that
contains the configuration needed on a group of workstations in a physical location. A single policy
package could be created then associated with thousands of users or workstations.
Workstation policy packages contain policies that are created and configured by administrators to be
applied to the workstation independent of the user that uses the workstation. These policies contain the
configuration administrators want every user to have when working on a set of workstations.
Computer Printer Policy
This policy allows administrators to associate printers and the associated printer drivers with groups of
workstations. As users login to the workstations that are associated with this policy the printers are created
and the appropriate drivers are downloaded and installed (without having to give users administrative rights
on NT workstation/server). For example, the administrator could allow roaming users to always have
access to the printer closest to the workstation they are using. If an organization had multiple server farms
in different locations, this policy could be used to provide end-users with access to the printers in each
physical location.
Computer System Policy
This policy allows administrators to centrally manage, through NDS, the Windows system policies that
configure the workstation specific settings. By configuring the policy through NDS, administrators do not
have to hassle with creating and distributing *.pol files across the network. Administrators can create a
policy in NDS, and NDS will distribute the policy throughout the network. For example, administrators of
the thin-client servers can use the computer system policy to configure the server to not display the name of
the user that last logged-in.
6
Novell Client Configuration Policy
This policy allows administrators to centrally manage the Novell Client configuration centrally through
NDS. Settings such as the preferred tree, name context, and the advanced Client settings can be configured
once in NDS then automatically deployed to thousands of workstations. In the case of the thin-client
servers, administrators could create a single workstation policy package with the desired Novell Client
configuration then associate the policy with all the servers in a server farm. When modifications to the
Client configuration are necessary, a single change in NDS will be automatically deployed to all servers in
the farm.
NT RAS Configuration Policy
This policy allows administrators to centrally configure through NDS the list of dial-up numbers that need
to be distributed to end-users. For example, the network administrator could create a single list of dial-up
numbers in NDS and have that list automatically distributed to every workstation that is associated with the
policy. As updates to the dial-up list are needed, administrators make a single change in NDS and the
change is automatically distributed to the appropriate workstations.
Remote Control Policy
This policy allows administrators to centrally configure the remote control settings through NDS. Settings
such as the protocol, and the visual and audio alerts used during a remote control session are configured in
this policy. The workstation remote control policy is compared to the user remote control policy and the
most restrictive policy is implemented. For example, organizations may have workstations that they do not
want to be remotely controlled no matter who is using it.
Restrict Login Policy
This policy allows administrators to identify the users that are allowed or not allowed to use the
workstation.
Workstation Inventory Policy
The policy enables/disables hardware inventory. When hardware inventory is enabled, an inventory of the
hardware and configuration are stored in NDS. This information can be easily extracted from NDS when
needed. As changes in the hardware and configuration are made, the inventory in NDS is automatically
updated.
7
The following is a screen shot of the User Policy Package.
The ZENworks user policy package contains the configuration that administrators can define that follow
the user as they move around the network. The settings defined in the user policy package will be
implemented on any workstation the associated users authenticate from. These policies provide a solution
for administrators to manage mobile users since the configuration is maintained in a single location – NDS.
Dynamic Local User Policy
This policy allows administrators to centrally manage access to NT workstation and server resources. This
policy is used in the domain-less server farm solution which will be discussed later in this document.
Administrators of thin-client servers can use this policy to manage the user accounts on the thin-client
servers.
Help Desk Policy
This policy allows administrators to configure the help-desk application that is shipped with ZENworks.
Administrators can centrally configure the information end-users need to get help, such as telephone
numbers and e-mail addresses.
Desktop Preferences Policy
This policy allows administrators to centrally configure the user’s desktop. Settings such as the corporate
wallpaper and screen saver can be configured once in NDS then automatically distributed to any
workstation a user uses that has been associated with the policy package. Administrators can also centrally
configure the path to the roaming profile in this policy. Many customers using ZENworks in conjunction
with the thin-client servers use this policy to manage the roaming profiles rather than the setting in User
Manager.
User Printer Policy
This policy allows administrators to associate printers and the associated printer drivers with groups of
users. As users roam, the printers and associated printer drivers are created and automatically installed
(without having to give users administrative rights on NT workstation/server). Administrators of thin-client
8
servers can use this policy to associate users with the print resources they need access to. As users use
different servers in a server farm, the appropriate printer drivers are automatically downloaded and installed
as needed.
User Printer System Policy
This policy allows administrators to manage through NDS the Windows system policies that configure the
workstation specific settings. By configuring the policy through NDS, administrators do not have to hassle
with creating and distributing *.pol files across the network. Administrators can create a policy in NDS
and NDS will distribute the policy throughout the network. Administrators of thin-client servers can use
this policy to configure the thin-client servers so applications such as the run command or network
neighborhood are not displayed.
User Remote Control Policy
This policy allows administrators to centrally configure the remote control settings through NDS. Settings
such as the protocol, and the visual and audio alerts used during a remote control session, are configured in
this policy. The user remote control policy is compared to the workstation remote control policy and the
most restrictive policy is implemented. For example, organizations may have users (such as the CEO) that
they do not want to be remotely controlled.
Workstation Import Policy
This policy allows administrators to configure the location and naming of the workstation objects that are
created for each workstation in NDS.
Installing the Novell Client on a Thin-Client Server
Integrating the Novell products with the thin-client servers is very simple. The only requirement to get full
integration is to install the Novell Client for Windows NT at the thin-Client server. All the necessary
integration is contained within the Novell Client for Windows NT. Once the Novell Client is installed,
administrators and end-users can receive the full benefits of NetWare, NDS, ZENworks, and
BorderManager.
To install the Novell Client for Windows NT administrators should change to a command prompt and input
the following:
Change user/install
When the Client install is completed the server should not be immediately rebooted. Before rebooting the
server, the administrator should input the following at a command prompt:
Change user/execute
After the change user/execute has been performed, the thin-client server can be rebooted and the necessary
Novell/Citrix integration components are complete.
WinFrame v1.7 with Service Pack 5B and Hotfix SE17B058 are required. You can find the WinFrame
Service Pack and Hotfix at the following URL http://www.citrix.com/support/ftp_wf17.htm or FTP site
<ftp://ftp.citrix.com>. To avoid problems installing and configuring the 4.11b Client with WinFrame the
following order should be followed:
Install WinFrame v1.7
Install Service Pack 5b
Install hotfix SE17B058
9
Install Novell Client v4.11b for Windows NT
Integration with NDS for NT
One of the largest costs facing all organizations today is with respect to the number of databases and
directories in which user account information must be input and then managed. Recent studies point to the
fact that many organizations have more than 125 databases into which duplicate information is input
concerning employees. NDS for NT was developed with the goal of reducing the costs of administering
NT networks, especially when the NT networks are deployed alongside NetWare.
With NDS for NT, organizations can deploy WinFrame, Windows Terminal Server, MetaFrame or any
other domain-aware application without incurring the high costs of deploying and administering domains.
Most customers that deploy the thin-client servers will need to deploy multiple servers. These
organizations will want to group the thin-Client servers in what Citrix has termed a “server farm.”
A group of WinFrame\MetaFrame servers can be logically pooled in a server farm. When a user launches a
published application that is configured for load balancing, the MetaFrame load balancing support routes
the application to the most lightly loaded server in the farm for execution. Today the thin-Client servers use
NT domain to centrally manage the user account information for users that will access the applications in
the server farm. As will be discussed next, customers can deploy server farms without having to deploy
domains by using a feature in ZENworks called Dynamic Local User.
NDS for NT allows the thin-Client administrators to use NDS to manage both NDS and domain user
account information. NDS for NT enables network administrators to deploy NT server and domains in the
manner that best suits their organization without having to concern themselves with the domain limitations
and hardships. NDS for NT eliminates the need to establish trust relationships. NDS for NT also allows
for the granular delegation of rights within the domain. No longer are organizations limited in granting
administrative rights to all objects in the domain.
10
NDS for NT does this by representing the domain with NDS (figure of domain within NDS).
As you can see, the New York domain can be administered through NDS. Through this NDS object,
administrators can manage all aspects of the NT domain – NDS for NT even includes the ability to manage
NT File Shares.
One of the biggest benefits of NDS for NT is that a single user object in NDS now represents both the NDS
and domain users. When an administrator wants to modify a setting such as the time when the user is
authorized to use the network, the setting only has to be entered once. When Novell refers to the network,
it refers to all devices on the network. Today NDS is available on the following platforms:
11
•
•
•
NetWare
NT
Solaris
This means that administrators can create a single user account in NDS and have that single user account
control access to NetWare, NT, and Solaris servers. Without this tool, in most organizations there are three
different teams that manage access to these network resources. There is tremendous overhead associated
with each new hire.
Before the new employee would be able to access the network resources, Team 1 would create the user
account in NDS and enter in the appropriate rights and restrictions. Team 2 would then create an account
(with the same name) in the domain then enter in the same rights and restrictions. Finally, Team 3 would
create an account (with the same name) for access to the Solaris server and yet again enter the same rights
and restrictions. Once the accounts have been created, everyone (including the end-user) hopes and prays
that all the passwords stay synchronized.
NDS reduces this complex set of processes to a single user account creation in NDS. The restrictions need
to be input a single time and will then be applied to all three server platforms. Maybe this is why the
industry analysts are recommending that customers deploy NDS throughout their organizations. Neil
MacDonald of the GartnerGroup states the following:
“All organizations using NDS and NT domains should consider NDS for NT v.2 -- it is a simple,
effective, low-risk and low-cost way to reduce duplicative costs. Organizations using NDS for NT
will reduce administration and management costs of a mixed NDS/NT domain environment by 40
percent ($35,000 per year for a 2,500 user organization) and up to an additional 10 percent if NDS
for NT v.2 is used to consolidate Exchange administration.”1
The GartnerGroup is not alone in its recommendation that organizations deploying NT server evaluate and
deploy NDS for NT. Robert J. Sakakeeny of the Aberdeen Group states the following:
“For those organizations managing multiple NT Server domains, especially those used as
application servers, NDS for NT is a life-saver…For those wanting to manage their heterogeneous
network environments, and for those who were awaiting the elusive Active Directory from
Microsoft, it’s time to consider the one directory service that will work in all those worlds.”2
Because the thin-Client servers depend on NT servers and domains for user account administration,
organizations deploying these products will significantly benefit from the use of NDS for NT. NDS for NT
offers a single point of administration for domain user account information while enabling organizations to
architect and deploy their domain according to their needs.
With NDS for NT v2.0 Novell does not support installing NDS for NT and the thin-Client servers on the
same box. Novell, like Microsoft and Citrix, recommend that the thin-Client server not be configured as
Primary Domain Controllers or Backup Domain Controllers. When NDS for NT v2.01 is released Novell
will support installing NDS for NT and Windows Terminal Server or MetaFrame on the same server.
Novell will not support installing NDS for NT and WinFrame on the same server.
Deploying thin-Client Server Farms without Domains
Knowing the costs and complexities of managing NT server and domains, many customers have asked
Novell for a solution that would facilitate the deployment of the thin-Client servers without domains. This
1 NDS for NT v.2: A Good Product Gets Better, Neil MacDonald, GartnerGroup. January 18, 1999
2 Novell Directory Services for NT Server, Robert J. Sakakeeny, AberdeenGroup, October 3, 1997
12
is possible through the use of ZENworks in conjunction with WinFrame or MetaFrame (Windows Terminal
Server does not offer load balancing in a server farm).
One of the solutions is ZENworks is called Dynamic Local User.
Dynamic Local User was created to fulfill the requests from customers to provide a solution that enabled
them to deploy NT Workstation without having to deploy domains. Since NT Workstation is a secure
operating system, users must have an account on the NT workstation in the Security Accounts Manager
(SAM) database and must authenticate through that account before they are given access to resources.
Administrators do not want to individually manage user accounts on hundreds or thousands of NT
workstations, so they have asked for a centralized solution, which ZENworks provides.
Using the Dynamic Local User solution in ZENworks, NDS is used to manage user accounts on both NT
Server and Workstation. Through this policy administrators can define the access rights that will be
granted to users of NT Workstation and Server through NDS. When using Dynamic Local User, end-users
are given access to NT resources as follows:
1
2
3
The end-user inputs <ctrl-alt-del> on the NT device to authenticate.
The end-user inputs their NDS username and password.
These credentials are verified with NDS and the user is authenticated to NDS.
At this point the user has not been authenticated to the NT workstation/server.
4
5
6
NDS next identifies any ZENworks policy packages that should be applied to the user. If the user
has been associated with a User Policy Package that has Dynamic Local User enabled, ZENworks
identifies the access rights the user has been granted.
ZENworks then queries the SAM database on the workstation or server from which the end-user is
authenticating to see if the user has an account.
If a valid account does not exist, ZENworks dynamically creates an account for the user in the
local SAM database according to the configuration created by the administrator in the ZENworks
Policy Package.
13
By default the account is created with the same credentials (username and password) as are defined in
NDS. ZENworks allows end-users to roam throughout the organization and guarantees they will have
access to any NT workstation or server to which they need to authenticate. The user accounts that are
created by ZENworks can be configured as volatile or non-volatile. Volatile user accounts are deleted from
the local SAM database when the user logs-out.
Combining the Dynamic Local User solution with a few registry settings on each WinFrame or MetaFrame
server enables the load balancing functionality in server farms to be deployed without domains. When
publishing an application that you want to load balance across multiple Citrix servers, the Citrix
Application Configuration utility presents you with the following dialog:
14
The Application Configuration utility for an NT domain and displays the Citrix servers that are members of
the domain in the available list. In the domain-less scenario, no servers will be displayed in the available
list since there is no domain. Simply click next and finish publishing the application.
15
Once you have finished publishing the application on the first server, launch REGEDT32 and open the
registry key that corresponds to the application you just published. In this example the published
application is ZENworks. You will notice that below the published application is the name of the
MetaFrame server you selected in the Application Configuration utility.
If the MetaFrame server is a member of a domain you will see the domain name and the group you selected
in the GroupList registry key.
If the MetaFrame server was not a member of a domain you will see the name of the MetaFrame server and
the appropriate group on the LocalGroupList registry key.
To configure the domain-less solution the following modifications need to be made on each MetaFrame
server that will publish the application and participate in the load balancing.
1) Null the GroupList registry setting if necessary (delete the value).
16
2) Input the name of the MetaFrame server on which you are making the modifications and the
appropriate group name as shown above.
3) Double click on the ServerList key and input the name of each of the MetaFrame servers that will
participate in the server farm followed by a return.
4) Create new registry keys under the published application for each server that will participate in the
server farm. Initially, the server you are working on appears under the application as can be seen
above. After creating a key for each server that will participate in the server farm, add two values
under each key: InitialProgram and WorkDirectory. The string associated with each value will be
blank.
17
5) The registry hive for the published application, in this example ZENworks, now needs to be exported
to a file, then imported on each server in the server farm. When the hive is imported to the other
servers in the farm one registry string must be modified on each server. The value of the
LocalGroupList under the published application must be modified to contain the name of the server on
which the hive is being imported.
Making these changes directs the thin-Client servers to look at the local Users group on each server rather
than looking at the Users group in the domain. These registry changes need to be made on all WinFrame
and MetaFrame servers in the server farm. This does not modify the ICA functionality in any way so the
server farm continues to function as it always has. Now the server farm will authenticate against the local
SAM database on each NT server, which is now being managed through NDS and ZENworks rather than
requiring an NT domain.
The domain-less solution will be used by those customers that want to deploy the thin-client server but do
not want to incur the costs associated with creating and maintaining NT domains. It is important to note
that customers deploying the domain-less solution will not be able to use some of the new functionality that
is included in WinFrame and MetaFrame v1.8. One of the new solutions included in the 1.8 product is
named Program Neighborhood. Program Neighborhood is an application distribution and management
solution for the thin-client servers. Customers wanting to deploy Program Neighborhood should not use
the domain-less solution because Program Neighborhood requires a domain.
ZENworks offers customers a directory-enabled application distribution and management solution that can
be applied to uses of standard desktops and thin-client servers.
18
Granting Access to thin-client server services
There are multiple ways in which users can be given access to thin-client resources. The quickest and
easiest method is to use the Remote Application Manager utility that is installed on each workstation where
the ICA Client is installed. From the Start menu launch the Remote Application Manager.
Click on New from the Entry menu.
Define the connection type that will be used for the remote application entry. In this example we will
select Network.
19
Give the entry a name, in this example On the Road. Define the network protocol that will be used and
specify if you will be connecting to a server or a published application. For this example we will select
server then input the name of the MetaFrame server we will be connecting to, Meta. Click Next to
continue.
Select the option that best describes the network connection that will be used. Click Next to continue.
20
If you want to require end-users to enter the appropriate username and password leave these fields blank.
You can configure the ICA session so that the end-users are not prompted for a username and password by
inputting the username and password. Click Next to continue.
Next you are asked to input the sound and display configuration that will be used in the ICA session.
If you want end-users to have access to the entire NT desktop during the ICA session leave the fields blank
in this menu. If you only want end-users to see a specific application, enter the appropriate information. In
this example we will display the enter Windows NT desktop to the end-users. Click Next to continue.
21
You can define the icon and program group that are associated with the remote application session.
Click Finish to complete the creation of the remote application.
22
To initiate a remote application, double-click on the appropriate entry. For this example, double click the
On the Road entry you just created.
The thin-client session will be initiated.
23
End-users will first be prompted to authenticate to NDS, which could be running on NetWare, Windows
NT or Solaris servers. Once the correct username and password have been entered, the end-user will be
presented the Windows NT desktop, which is being managed through NDS and ZENworks.
24
Embedding ZENworks into a Web Browser
Application definitions can also be used to create ICA files. ICA files are text files with an .ICA extension
that contain a series of command tags. ICA files are used by the Citrix ICA Clients to launch applications
on a Citrix server. The command tags define the attributes of the session to be launched on the Citrix
server, including:
•
•
•
•
•
•
The address of the Citrix server or the name of a published application
The user name, password, and domain name to use when connecting to the Citrix server
The height and width of the application ICA Client window
The number of colors (16 or 256) to use when connecting to the Citrix server
The encryption level to use when connecting to the Citrix server
The name of the application definition
An ICA file can be downloaded by a Citrix ICA Client and used to connect to a published application or
server. Links to ICA files can be placed in Web pages and ICA files can be used to embed applications
inside Web pages using the Citrix ICA ActiveX, Netscape plug-in, or Java clients.
ICA files can be generated on the Citrix server using the Write ICA File wizard in the Application
Configuration utility or with the ICA File Editor on Windows Terminal Server, Windows 95, or Windows
NT Version 4.0 or greater.
To start the Application Configuration utility click on Start – Programs – MetaFrame Tools – Application
Configuration. The Application Configuration utility is started.
Create a new application by clicking on New on the Application Menu.
25
Input the name of the application you wish to publish. In this case we are going to publish the software
management component of ZENworks so we are going to call the application ZENworks. The application
name cannot be the same as the thin-Client server on the network or an existing published application.
Click Next.
You must choose if the application is going to be configured as explicit or anonymous. An anonymous user
is a type of user unique to Citrix application publishing. By default, anonymous users have guest privileges
and belong to the Anonymous group. If an application published on the Citrix server can be accessed by
guest-level users, the application can be configured to allow access by anonymous users. When a user
launches an anonymous application, the Citrix server does not require an explicit user name and password,
but selects an anonymous user from a pool of anonymous users who are not currently logged on. During
setup, an Anonymous user group is created and a number of anonymous users are created equal to the
MetaFrame user license count. Additional anonymous users must be created manually if additional user
licenses are added.
26
Anonymous users are given minimal permissions. They have the following user configuration restrictions:
•
•
•
•
Ten minute idle (no user activity) timeout
Logged off on broken connection or timeout
No password is required
User cannot change password
These values can be manually changed using User Manager for Domains.
An explicit user is a conventional user who usually must supply an explicit user name and password. In
this example we want to require end-users to authenticate and enforce security so select Explicit then click
Next to continue.
For this first example we are going to launch an ICA session from the browser that will display the entire
desktop to the end-users. To display the entire desktop leave these parameters blank.
27
The Application Configuration Utility now asks if you want the application title bar to be displayed when it
is published and if you want the application maximized at startup. Leave the options at the default and
click Next to continue.
The domain name or server name and a list of user groups are displayed. The Available list displays the
complete list of user groups and users. The Configured list displays the users and user groups allowed to
launch the published application.
28
If you have installed Load Balancing Services, you can specify multiple servers to run the application. ICA
client connections are balanced among the configured servers. If Load Balancing Services are not installed,
only the current server is displayed in the Configured list and the Add button is unavailable. If you are
working with a server farm the command line and working directory will need to be set correctly for each
server. To do this, highlight the server then click on Edit Configuration. To use Load Balancing Services
without a domain refer to the previous section entitled: Deploying thin-Client Server Farms without
Domains.
Click Finish to complete application configuration. Use the Write HTML File wizard to automatically
create HTML page templates with launched or embedded applications. The HTML page needs a link to an
ICA file that the Web browser passes to the Citrix ICA Web Client. We will now use the Write ICA File
wizard and the Write HTML File wizard to create the necessary ICA and HTML files. From the
Application menu in the Application Configuration utility select Write ICA File.
29
If you are a newcomer to the Citrix utilities select the option “A lot! Please explain everything.”
Specify the window size and color depth. The Citrix ICA Client uses the specified size and color attributes
when connecting to the application specified in the ICA file. If the application is embedded in a Web page,
the maximum size of the application is specified in the HTML page.
If the resolution and color depth exceed the capabilities of the client hardware, the maximum size and color
depth supported by the client is used instead.
30
Select the level of encryption for the ICA connection. The default level is Basic. Strong encryption using
the RC5 algorithm is available with Citrix SecureICA Services. SecureICA Services enables RSA RC5
encryption with 40-, 56-, or 128-bit session keys. The Citrix server must be configured to allow the selected
encryption level or greater. For example, if the Citrix server is configured to allow RC5 56-bit connections,
the Citrix ICA client can connect with RC5 56- or 128-bit encryption. Click Next.
Specify the path and filename for the ICA file, including the .ica extension. By default, the file is saved in
%systemroot%\System32. In this example we are going to call the file zenworks.ica. Click Next to
continue. The Write an HTML file dialog box appears:
31
Click Finish to save the new ICA file. To create an HTML file to use this application from a Web browser,
click Yes and then click Next.
If you want to have the desktop appear within the browser Windows click embedded. In this example we
want the ICA session to be displayed as a separate application so click on Launched (embedding
ZENworks will be covered shortly).
32
Specify the Web client type for the embedded application. The HTML page uses the specified Web client
type to display the application.
Specify the size of the application window in the HTML page.
33
Select the Verbose page check box to include additional comments in the HTML file that describe each
HTML file option.
Specify the filename for the HTML page. Use the .htm or .html extension depending on your Web server.
By default, the file is saved in %systemroot%\System32. Click Finish. The HTML and ICA files will have
to be copied to the appropriate location depending upon the web server you are using. For use with
Microsoft’s Internet Information Server copy the HTML file to the inetpub\wwwroot directory and copy to
the ICA file to inetpub\wwwroot\samples\ICA (a directory you will create).
With a little HTML work the ICA and HTML file that was just created will be displayed to end users as
follows (the ICA and HTML files used in this example are included in Appendix A):
34
When the end-user click on Go ZENworks an ICA session will be launched.
35
End-users will see the same interface in the ICA session that is seen in the office. Since the application was
configured as explicit the end-user will be asked to authenticate to NDS.
36
Once the end-user has entered the appropriate username and password the configured desktop will be
displayed for use. There is tremendous value here for both administrators and end-users. The end-users are
presented with identical working environments when working on a standard desktop or when working
through a thin-client session. By presenting end-users with identical working environments in both
scenarios they do not have to be retrained or educated on a new working environment, their comfort level is
high because they are seeing a familiar interface and therefore and more productive.
The administrators benefit because they are able to use a single tool to configure and manage the desktop
and working environment for their users, independent of the manner in which the end-user is accessing the
resources. Since administrators do not have to create a working configuration for desktop users, then create
a separate working configuration for users of the thin-client servers they have more time to work on other
issues. As previously stated, the thin-client servers resolve the access problems and give end-users efficient
access to the necessary resources from any location. Novell decreases the costs of deploying thin-client
servers by solving the administration problems.
37
Now we will create the necessary ICA and HTML files to publish only the application management
component of ZENworks. To publish a new application click New on the Application menu of the
Application Configuration utility.
In this example we are going to name the application we are going to publish nalshell, referring to the
Novell Application Launcher (NAL) window. In this example, users launching this embedded application
will not have access to the entire desktop. Users will only be given the interface through which they can
launch and install applications. Click Next to continue.
We will configure the application as explicit as in the previous example. This will require users accessing
the embedded application to enter in their NDS username and password before they will be given access to
the applications.
38
Since we do not want to publish the entire desktop to the end-users in this example we will enter in the
appropriate path and NAL executable. When ZENworks is installed, the application management
components are automatically copied to the public directory of the NetWare server. This example assumes
that the Z drive letter is mapped during login to the sys:public directory of a server on which ZENworks
has been installed. Click Next to continue.
As in the previous example you are asked about the application tool bar and if you want the application
maximized at startup. Leave the option at the default and click Next to continue. The Application
Configuration utility will lead you through the same configuration options as in the previous example.
When asked for the name of the application, name it nalshell.ica.
39
Click Next to continue. When you are prompted to define how the application will be used configure it as
embedded. This will display the application, in this case the NAL window, within the browser.
Click Next to continue. You will be guided through completing the creation of the HTML file. Configure
the options as detailed in the previous example. When prompted for the name of the HTML file enter
nalshell.html.
40
The HTML and ICA files will have to be copied to the appropriate location depending upon the web server
you are using. For use with Microsoft’s Internet Information Server copy the HTML file to the
inetpub\wwwroot directory and copy to the ICA file to inetpub\wwwroot\samples\ICA (a directory you will
create).
With a little HTML work the ICA and HTML file that was just created will be displayed to end users as
follows (the ICA and HTML files used in this example are included in Appendix A): The embedded NAL
application will be displayed to the end-users within the browser. The end-users will first see the Novell
GUI login within the browser since they first have to authenticate to NDS (NDS could be running on
NetWare, Windows NT Server, or Solaris).
41
Once the end-user has entered the correct credentials they are displayed the NAL windows within the
browser.
From the NAL Windows end-users can launch, and install if necessary, any application that has been
associated with their user account in NDS. The beauty of this solution is that end-users are displayed all
the applications they need, because of their digital persona within NDS, yet they are not given access to the
entire desktop.
42
Integrating the Thin-Client Servers with the NetWare 5 JVM
Integrating the thin-client servers with the Novell JVM has significant value for NetWare administrators.
With this integration, NetWare administrators can use the NetWare console as if it were a Windows
workstation . Until now, administrators could not execute Windows programs from a NetWare server.
When there was a need to use a Windows application, such as NWAdmin, NetWare administrators had to
have a separate Windows workstation. Now, using the Citrix Java ICA Client, Administrators can have use
the full benefits of a Windows workstation on a NetWare server.
Using the Citrix Java ICA Client in the NetWare 5 JVM demonstrates how powerful the NetWare JVM is.
You will be very surprised and pleased with the performance when working through an ICA session in the
NetWare 5 JVM.
To obtain the Citrix Java ICA Client connect to http://download.citrix.com/download.asp?client=java_11 to
get the Citrix JAVA Client. This will download a file named SETUP.CLASS.
Create a directory on the server named sys:\java\citrix
Copy SETUP.CLASS to server\sys:java\citrix
Confirm that JAVA.NLM is loaded. This can be done by either typing modules at the server prompt and
looking for the JAVA.NLM to be listed, or by typing java at the server prompt.
At the server console enter the following: envset CWD=SYS:\java\citrix.
At the server console load the java setup by entering the following: java setup.
You will see a series of screens as you are lead through the setup of the Citrix Java ICA Client.
Click Next.
43
After reading the license agreement click on Accept all terms of the license and then click Next.
44
You are now asked to enter the directory where the Citrix Java Client files will be installed. Enter
\java\citrix
The Citrix Java Client setup will now copy files to a directory structure under \java\citrix .
45
While the files are being extracted you will receive some messages that batch files could not be created
such as the dialog below.
Do not worry about these messages and proceed. Now you may expand the Jar files. However this is not a
requirement. If you do not expand the Jar files you will need to add the following add the following line to
your sys:etc\java.cfg "CLASSPATH=$CLASSPATH;$OSA_HOME\citrix\location of
JICAEngJ.jar\JICAEngJ.jar"
To expand the Jar files enter the following at the server console jar -xvf jicaengj.jar The jicaengj.jar file is
stored in the sys:\java\citrix directory. This will start unzipping the files into sys:\java\citrix\ directory.
*Note: You will only need to expand the JICAEngJ.jar (this is the JAVA version of the client versus
JICAEngN.jar, which is the Netscape Applet version). So if you do expand both you will just be
overwriting what was expanded first.
Now that the installation is complete you are ready to initiate a thin-client sessions from the NetWare 5
JVM. On server console enter the following to initiate an ICA session:
java com.citrix.JICA -address:xx.xx.xx.xx -width:1024 -height:760
where address = the address of your MetaFrame server
where width = your desired width of the client window on your Java GUI. 1024 will fill most of your
displays completely.
where height = your desired height of the client window on your Java GUI. 760 will fill most of your
displays completely.
Once you have entered the command the Citrix Java Client will connect to the specified MetaFrame server
Most customers will not want to manually enter the java com.citrix.JICA -address:xx.xx.xx.xx -width:1024
-height:760 command every time they desire to initiate a Java session. The following instructions will add
an entry on the Novell JVM Start Menu for simplified access.
Create the file Citrix.ncf in the sys:system directory. In the Citrix.ncf file add the following two lines:
46
envset CWD=SYS:\java\citrix
java com.citrix.JICA -address:xx.xx.xx.xx -width:1024 -height:760
You will then need to edit a text file located in the SYS:JAVA\NWGFX\FVWM2 directory. For NetWare 4
servers use fvwm2rc4xx and for NetWare 5 servers use fvwm2rc5xx
Under TaskBar Start Menu add in :
+ "MetaFrame" Exec sys:\system\citrixm
+
Nop
Under Utilities Menu add in :
+ "MetaFrame" Exec sys:system\citrixm
+
Nop
This ncf will work for either WinFrame v1.7 or the Windows Terminal Server/MetaFrame combination. In
this example we create two ncf files, one for MetaFrame and one for WinFrame. One you have created the
ncf files you will need to stop and start the java.nlm. This is done by entering java –exit to stop the NLM,
then entering java to start it again. Once the JVM has been restarted the Start Menu will appear as follows:
.
47
48
Appendix A – ICA and HTML Files
NALSHELL.ICA
[WFClient]
Version=2
TcpBrowserAddress=137.65.215.112
[ApplicationServers]
nalshell=
[nalshell]
Address=nalshell
InitialProgram=#nalshell
DesiredHRES=640
DesiredVRES=480
DesiredColor=2
TransportDriver=TCP/IP
WinStationDriver=ICA 3.0
ZENWORKS.ICA
[WFClient]
Version=2
TcpBrowserAddress=137.65.215.112
[ApplicationServers]
Meta=
[Meta]
Address=Meta
InitialProgram=
DesiredHRES=800
DesiredVRES=600
DesiredColor=2
TransportDriver=TCP/IP
WinStationDriver=ICA 3.0
ZENWORKS.HTML
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="METAMARKER" content="null">
<title>Demo Application Page</title>
<script language="VBScript">
<!-option explicit
dim majorver
dim ua
dim ie3
dim ie4
dim aol
49
dim minorver4
dim update
dim winplat
dim nav
dim intButton
set nav = navigator
ua = "Mozilla/2.0 (compatible; MSIE 3.02; Windows NT)"
minorver4 = ""
if len(ua) >=1 then 'nav object is supported
winplat = mid(ua,instr(ua,"Windows") + 8, 2)
majorver = mid(ua,instr(ua,"MSIE") + 5, 1)
ie3 = majorver = 3 and (winplat = "NT" or winplat = "95" or winplat = "32")
ie4 = majorver = 4 and (winplat = "NT" or winplat = "95" or winplat = "32")
update = instr(ua,"Update a")
aol = instr(ua,"AOL")
if ie4 then minorver4 = mid(ua,instr(ua,"MSIE") + 7, 3)
end if
-->
</script>
</head>
<! -------------------------------------------------------- >
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="GENERATOR" CONTENT="Mozilla/4.05 [en] (WinNT; U) [Netscape]">
<TITLE>ZENWorks / Citrix Demo</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="backgrnd.gif">
&nbsp;
<CENTER><FONT SIZE=+3>Demonstrating the Power of NDS &amp; Citrix</FONT></CENTER>
<FONT SIZE=+3>A Web Enabled&nbsp;<IMG SRC="samples\images\front-pic.jpg"
ALT="Demontrating the Power of NDS & Citrix" HSPACE=25 VSPACE=15 BORDER=0 HEIGHT=254
WIDTH=131 ALIGN=ABSCENTER>
ZEN/Citrix session</FONT>
<CENTER>&nbsp;</CENTER>
<CENTER><B><FONT SIZE=+2>Lets check it out <A HREF="/samples/ica/zenworks.ica" IMG
SRC="/samples/images/intra.gif">Go
ZENWorks</A> The key to Peace of MIND</FONT></B></CENTER>
<CENTER><B><FONT SIZE=+2></FONT></B>&nbsp;</CENTER>
<! ------------------------------------------------------------>
<!
<! <body bgcolor=#FFFFFF link=#CC0000 vlink=#660099.
<! topmargin=0 leftmargin=0>.
<! <table border=0 cellpadding=4 cellspacing=0>
<!
<tr>
<!
<td bgcolor="#FF9900" width=110>&nbsp;</td> <!-- Delete this line to remove the orange
band!! -->
<!
<td valign=top bgcolor=#FFFFFF>
<! You can easily use this template for other.
50
<! applications. The source for this page is well documented and easily customizable.
<! Please take a look at it.<p>
<! <FONT color=#ffffff>
<! >
<!-- DIRECT.EXE EMBED -->
<script language="JavaScript">
<!-// YOU SHOULD ONLY NEED TO CHANGE THE VARIABLES BELOW.
//
// icaFile: location of the .ICA file for both the OBJECT and EMBED.
var icaFile = "/samples/ica/nalshell.ica";
// width and height: pixel-size of the embedded application.
var width = 750;
var height = 550;
// start attribute: if Auto, app fires up upon pageload. If Manual, app waits to be clicked by user.
var start = "Auto";
// border attribute: On/Off, to specify border around app window.
var border = "On";
// Want vertical/horizontal space around the app? Set these just like for the <IMG> tag.
var hspace = 2;
var vspace = 2;
// Where is the ActiveX CAB file located? It's probably best to leave this set to Citrix:
var cabLoc = "http://www.citrix.com/bin/cab/wfica.cab#Version=4,2,274,317";
// Where is the Plugins Reference page located? It's probably best to leave this set to Citrix:
var plugRefLoc = "http://www.citrix.com/demoroom/plugin.htm";
// END OF CHANGES. DO NOT CHANGE THE VARIABLES BELOW.
//
// The following is the ActiveX tag:
var activeXHTML = '<CENTER><OBJECT classid="clsid:238f6f83-b8b4-11cf-8771-00a024541ee3"
data="' + icaFile + '" CODEBASE="' + cabLoc + '" width=' + width + ' height=' + height + ' hspace=' +
hspace + ' vspace=' + vspace + '> <param name="Start" value="' + start + '"><param name="Border"
value="' + border + '"></OBJECT></CENTER>';
// And the Plugin tag:
var plugInHTML = '<CENTER><EMBED SRC="' + icaFile + '" pluginspage="' + plugRefLoc + '"
width=' + width + ' height=' + height + ' start=' + start + ' border=' + border + ' hspace=' + hspace + '
vspace=' + vspace + '></CENTER>';
var userAgent = navigator.userAgent;
if (userAgent.indexOf("Mozilla") != -1) {
if (userAgent.indexOf("MSIE") != -1) {
if (userAgent.indexOf("Windows 3") > 0)
{ document.write(plugInHTML); }
else
{ document.write(activeXHTML); }
}
else
{ if (userAgent.indexOf("Win16") > 0) { document.write(plugInHTML); }
else { document.write(plugInHTML); }
}
}
//-->
</script>
51
<noscript>
<a href="nalshell.ica">
Your browser does not support JavaScript! You'll have to click here to launch the application.
</a>
</noscript>
</FONT>
<br>
<font size=2 face="Arial,Helvetica,sans-serif"><br>
The client works with web sites that
have a link to a Citrix multi-user application
server. Users must have an active TCP/IP
connection to an Internet or Intranet Web server
to use the Citrix ICA Web Client. <br>
<br>
<strong>How do I get the client? </strong><br>
If you're using a browser that supports ActiveX,
such as Internet Explorer 3.0/4.0, the ICA Web ActiveX
Control download will initialize<br>
after loading this page. <br>
<br>
If you're using Netscape Navigator&#174;/Communicator&#174;, you'll have
to download the ICA Web Plug-in -- we have a
16-bit (Windows 3.x, Windows for<br>
Workgroups) version, and a 32-bit (Windows 95,
Windows NT&#174;) version. <br>
</font><a
href="http://www.citrix.com/demoroom/plugin.htm"><font
size=2 face="Arial,Helvetica,sans-serif">Click
here to get the Netscape Plug-ins.</font></a> <br>
<font size=2 face="Arial,Helvetica,sans-serif">
<br>
<br>
Be sure to check out our ICA Java Applet client. Just click on
the 'Java Embed' entries in the left-hand sidebar under Excel,
Powerpoint or Taxi. The ICA Java Applet will load automatically to your system.
</font><a href="/java/default.asp">
<font size="2" face="Arial,Helvetica,sans-serif"><br>Click
here to get the full-featured Java ICA Client.</font></a>
<br>
<strong>Handling Different Browsers</strong><br></font>
<font
size=2 face="Arial,Helvetica,sans-serif">
These embedded applications are now presented in
the preferred manner to your Web browser through
the use of JavaScript.<br>
<a href="http://www.citrix.com/demoroom/switchscript.htm">
Go here to see how it's done.</font></a>
<br><br>
<strong>Problems?</strong><br></font>
<font
size=2 face="Arial,Helvetica,sans-serif">
Contact our Demo Room Support at <a href="mailto:[email protected]">
[email protected]</a> for assistance with demonstration problems.
</font>
<hr size=1 noshade>
<p><br>
52
</p>
</td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>
NALSHELL.ICA
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="METAMARKER" content="null">
<title>Demo Application Page</title>
<script language="VBScript">
<!-option explicit
dim majorver
dim ua
dim ie3
dim ie4
dim aol
dim minorver4
dim update
dim winplat
dim nav
dim intButton
set nav = navigator
ua = "Mozilla/2.0 (compatible; MSIE 3.02; Windows NT)"
minorver4 = ""
if len(ua) >=1 then 'nav object is supported
winplat = mid(ua,instr(ua,"Windows") + 8, 2)
majorver = mid(ua,instr(ua,"MSIE") + 5, 1)
ie3 = majorver = 3 and (winplat = "NT" or winplat = "95" or winplat = "32")
ie4 = majorver = 4 and (winplat = "NT" or winplat = "95" or winplat = "32")
update = instr(ua,"Update a")
aol = instr(ua,"AOL")
if ie4 then minorver4 = mid(ua,instr(ua,"MSIE") + 7, 3)
end if
-->
</script>
</head>
<body bgcolor=#FFFFFF link=#CC0000 vlink=#660099
topmargin=0 leftmargin=0>
<table border=0 cellpadding=4 cellspacing=0>
<tr>
53
<td bgcolor="#FF9900" width=110>&nbsp;</td> <!-- Delete this line to remove the
orange band!! -->
<td valign=top bgcolor=#FFFFFF>
You can easily use this template for other
applications. The source for this page is well documented and easily customizable.
Please take a look at it.<p>
<FONT color=#ffffff>
<!-- DIRECT.EXE EMBED -->
<script language="JavaScript">
<!-// YOU SHOULD ONLY NEED TO CHANGE THE VARIABLES BELOW.
//
// icaFile: location of the .ICA file for both the OBJECT and EMBED.
var icaFile = "naltest.ica";
// width and height: pixel-size of the embedded application.
var width = 500;
var height = 300;
// start attribute: if Auto, app fires up upon pageload. If Manual, app waits to be clicked by user.
var start = "Auto";
// border attribute: On/Off, to specify border around app window.
var border = "On";
// Want vertical/horizontal space around the app? Set these just like for the <IMG> tag.
var hspace = 2;
var vspace = 2;
// Where is the ActiveX CAB file located? It's probably best to leave this set to Citrix:
var cabLoc = "http://www.citrix.com/bin/cab/wfica.cab#Version=4,2,274,317";
// Where is the Plugins Reference page located? It's probably best to leave this set to Citrix:
var plugRefLoc = "http://www.citrix.com/demoroom/plugin.htm";
// END OF CHANGES. DO NOT CHANGE THE VARIABLES BELOW.
//
// The following is the ActiveX tag:
var activeXHTML = '<CENTER><OBJECT classid="clsid:238f6f83-b8b4-11cf-8771-00a024541ee3"
data="' + icaFile + '" CODEBASE="' + cabLoc + '" width=' + width + ' height=' + height + ' hspace=' +
hspace + ' vspace=' + vspace + '> <param name="Start" value="' + start + '"><param name="Border"
value="' + border + '"></OBJECT></CENTER>';
// And the Plugin tag:
var plugInHTML = '<CENTER><EMBED SRC="' + icaFile + '" pluginspage="' + plugRefLoc + '"
width=' + width + ' height=' + height + ' start=' + start + ' border=' + border + ' hspace=' + hspace + '
vspace=' + vspace + '></CENTER>';
var userAgent = navigator.userAgent;
if (userAgent.indexOf("Mozilla") != -1) {
if (userAgent.indexOf("MSIE") != -1) {
if (userAgent.indexOf("Windows 3") > 0)
{ document.write(plugInHTML); }
else
{ document.write(activeXHTML); }
}
else
{ if (userAgent.indexOf("Win16") > 0) { document.write(plugInHTML); }
else { document.write(plugInHTML); }
}
54
}
//-->
</script>
<noscript>
<a href="naltest.ica">
Your browser does not support JavaScript! You'll have to click here to launch the application.
</a>
</noscript>
</FONT>
<br>
<font size=2 face="Arial,Helvetica,sans-serif"><br>
The client works with web sites that
have a link to a Citrix multi-user application
server. Users must have an active TCP/IP
connection to an Internet or Intranet Web server
to use the Citrix ICA Web Client. <br>
<br>
<strong>How do I get the client? </strong><br>
If you're using a browser that supports ActiveX,
such as Internet Explorer 3.0/4.0, the ICA Web ActiveX
Control download will initialize<br>
after loading this page. <br>
<br>
If you're using Netscape Navigator&#174;/Communicator&#174;, you'll have
to download the ICA Web Plug-in -- we have a
16-bit (Windows 3.x, Windows for<br>
Workgroups) version, and a 32-bit (Windows 95,
Windows NT&#174;) version. <br>
</font><a
href="http://www.citrix.com/demoroom/plugin.htm"><font
size=2 face="Arial,Helvetica,sans-serif">Click
here to get the Netscape Plug-ins.</font></a> <br>
<font size=2 face="Arial,Helvetica,sans-serif">
<br>
<br>
Be sure to check out our ICA Java Applet client. Just click on
the 'Java Embed' entries in the left-hand sidebar under Excel,
Powerpoint or Taxi. The ICA Java Applet will load automatically to your system.
</font><a href="/java/default.asp">
<font size="2" face="Arial,Helvetica,sans-serif"><br>Click
here to get the full-featured Java ICA Client.</font></a>
<br>
<strong>Handling Different Browsers</strong><br></font>
<font
size=2 face="Arial,Helvetica,sans-serif">
These embedded applications are now presented in
the preferred manner to your Web browser through
the use of JavaScript.<br>
<a href="http://www.citrix.com/demoroom/switchscript.htm">
Go here to see how it's done.</font></a>
<br><br>
<strong>Problems?</strong><br></font>
<font
size=2 face="Arial,Helvetica,sans-serif">
Contact our Demo Room Support at <a href="mailto:[email protected]">
[email protected]</a> for assistance with demonstration problems.
55
</font>
<hr size=1 noshade>
<p><br>
</p>
</td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>
56
Appendix B – Frequently Asked Questions
Q: Will Microsoft Support customers using NDS for NT?
A: Yes. Microsoft states the following on their web site “Any customer that uses NDS for NT can
expect full support for Window NT Server code from Microsoft.”
(www.microsoft.com/ntserver/basics/interop/nds.asp)
Q:
Does every PC have to be updated to use NDS for NT?
A: No. NDS for NT only requires modifications to be made at the NT servers that are defined as
domain controllers Primary Domain Controller/Backup Domain Controller (PDC/BDC).
Q: Is Microsoft going to break NDS for NT with a service pack?
A: Novell participates in the beta program for NT service packs. This means that Novell is able to get
early looks at the code and test NDS for NT and other products for compatibility before the service pack is
released. If compatibility problems are found Novell provides the necessary information to Microsoft and
works with Microsoft to get the problems corrected. From conversations Novell has had with Microsoft,
Novell is confident that Microsoft will not intentionally break the solutions provided by NDS for NT.
Q: What is new in NDS for NT v2.0 compared to 1.0?
A: NDS replicas can be installed on the NT server.
• Single sign-on for user accessing NT/NetWare (password synchronization).
• NT share management through NDS. Scalability—65,000 users in a single domain with NetWare
5; 20,000 users in a single domain with NetWare 4.11 (DS 5.99a).
• Performance—reduced traffic generated by NDS for NT by 95% and short-term cache on NT
server.
Q: What is NDS for NT?
A: NDS for NT enhances NT Domains and makes them enterprise class by making them manageable
objects within NDS. This allows a single user object to represent all the resource needs of users in mixed
NT and NetWare environments.
Q: Does NDS for NT eliminate the need for NT domain trust relationships?
A: Yes. Since NT domains become NDS objects with NDS for NT, they are replicated and partitioned
using the highly efficient scheme of NDS instead of complex trust relationships. NDS for NT also means
that users can be moved from one part of the directory to another without being deleted and recreated as is
the case with domains without NDS.
Q: Does NDS for NT eliminate NT domains?
A: The domain concept is still intact with NDS for NT (this insures 100% application compatibility), but
more importantly, all of the domain issues that cause users so much grief are eliminated.
Q: Does NDS for NT require NT administrators to be retrained?
A: No. Since NDS for NT simply enhances NT server domains, it allows the NT administrator to use all of
the same familiar NT tools such as user manager to manage the NT environment
57
Appendix C – Known Problem and Workaround for WinFrame Integration
With WinFrame it is possible to set up a "WinFrame Profile Path" via User Manager. The Novell Client has
been unable to support these setting in the past because the APIs were not available in the Windows
Terminal Server and MetaFrame products to retrieve the information. Novell has received the updated
SDK with the necessary APIs to support this setting and is working on a patch to the Novell Client v4.5 for
Windows NT to expose this functionality. Novell is targeting an April 1999 update to include this support.
There are multiple workarounds to manage the path to the roaming profile:
1) The preferred solution is to use ZENworks to configure and manage the path to the roaming
profile.
2) The path to the roaming profile can be configured on the "Advanced Login" properties tab of
the Novell Client for Windows NT on the MetaFrame server. This is accessed through the
Control Panel Network icon. The profile is stored on a NetWare Server and can be set to the
user's home directory or to central location.
With WinFrame it is possible to set up a “Home directory” via User Manager. The Novell Client has been
unable to support these setting in the past because the APIs were not available in the Windows Terminal
Server and MetaFrame products to retrieve the information. Novell has received the updated SDK with the
necessary APIs to support this setting and is working on a patch to the Novell Client v4.5 for Windows NT
to expose this functionality. Novell is targeting an April 1999 update to include this support.
The simple work around is to create the DOS environment variables that would be created through home
directory setting in the Novell login script. This can be done using login script variables so a single login
script can be used for all users and the environment variables will be customized for each user as they
login.
Citrix Specific NWGINA Settings with v4.11b IntranetWare Client:
Functionality of Login when not using the Citrix AutoLogon features (ie Using
the NWGINA to login)
1. On a Citrix WinFrame Server the NWGINA login defaults to NetWare Login. The "Login Local" box
will be unchecked by default.
Create the the following registry key to change the default to local login.
HKEY_LOCAL
SOFTWARE\\Novell\\NWGINA\\Login Screen
Value:LoginLocal
Data: 1 or 0 REG_DWORD
Set this to 1 to always have the login local box checked.
Default: Set to 0 or not set will always have the login local box unchecked.
2. On a Citrix WinFrame Server the NWGINA login screen defaults to not display
the last username. (That is, the Username will always be blank.)
Use the follow registry key to change this default:
HKEY_LOCAL
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogin
Value:DontDisplayLastUserName
Data: 1 or 0 REG_SZ
Set this to 0 to display the last username who logged in.
Default: Set to 1 This will blank out the username.
58
3. On a Citrix WinFrame Server the NWGINA Context will always be blank. The first time a user logs in
they will have to enter their context. The user name and context will be saved to the registry. The next time
the user logs in to NetWare, the context will still be blank but the user can use the context pull-down menu
to select a context. If the user does not select a context, the login will attempt to use the first context saved
in the registry from the list of Contexts for the user saved in the following registry key.
This Key is created and used by NWGINA.
HKEY_LOCAL
SOFTWARE\\Novell\\NWGINA\\Login Screen\\Users
Value:Username
Data: Context (List of contexts) REG_MULTI_SZ
Note: Since this is an HKEY_LOCAL_MACHINE registry setting these username/contexts are
WinServer centric. (That is, if you have multiple WinServers set up for load balancing, the context will
only be saved to the server that the user logs in to).
Functionality of Login when using the Citrix AutoLogon features (The NWGIN is not used to log in but
parameters are set up via ICA Client or Winstation configuration)
1. On a Citrix WinFrame Server when using AutoLogon the default context can be set using the following
registry key:
HKEY_LOCAL
SOFTWARE\\Novell\\NWGINA\\Login Screen
Value:DefaultCtxAutoLogonContext
Data:Context (ie nts.prv.novell) REG_SZ
If a value is set this will be the NDS context that is used instead of the
SOFTWARE\\Novell\\NWGINA\\Login Screen\\Users context.
2. On a Citrix WinFrame Server when using Citrix AutoLogon the default tree can be set using the
following registry key:
HKEY_LOCAL
SOFTWARE\\Novell\\NWGINA\\Login Screen
Value:DefaultCtxAutoLogonTree
Data:Treename (ie Novell_Inc) REG_SZ
If a value is set this will be the NDS tree that is used instead of the last used or default tree.
Note: If the Citrix "AutoLogon" username is a NDS DN (Distinguished Name ) the client will ignore used
the DefaultCtxAutoLogonContext and parse the name as follows:
mhaste.nts.provo.novell
NetWare username=mhaste
NT username=mhaste
NetWare NDS context = nts.provo.novell
Note: It is not always possible to use a full NDS DN name because the ICA Client and WinStation
configuration tools limits the length of the username field. The Distinguished Name may exceed this
length.
Anonymous User Applications:
59
Anonymous applications can be set up through Citrix "Application Configuration" When an anonymous
user or a user who is a member of the anonymous group is encountered the IntranetWare v4.11b Client will
perform an NT workstation-only logon, not a NetWare Login.
Explicit User Applications:
Explicit applications can be set up through Citrix "Application Configuration" When an explicit application
is launched the IntranetWare v4.11b Client will perform both NT workstation-only logon and a NetWare
Login.
60
Appendix D - Known Problem and Workaround for WinFrame Integration
With WinFrame it is possible to set up a "WinFrame Profile Path" via User Manager. The Novell Client
has been unable to support these setting in the past because the APIs were not available in the Windows
Terminal Server and MetaFrame products to retrieve the information. Novell has received the updated
SDK with the necessary APIs to support this setting and is working on a patch to the Novell Client v4.5 for
Windows NT to expose this functionality. Novell is targeting an April 1999 update to include this support.
There are multiple workarounds to manage the path to the roaming profile:
3) The preferred solution is to use ZENworks to configure and manage the path to the roaming
profile.
4) The path to the roaming profile can be configured on the "Advanced Login" properties tab of
the Novell Client for Windows NT on the MetaFrame server. This is accessed through the
Control Panel Network icon. The profile is stored on a NetWare Server and can be set to the
user's home directory or to central location.
With WinFrame it is possible to set up a “Home directory” via User Manager. The Novell Client has been
unable to support these setting in the past because the APIs were not available in the Windows Terminal
Server and MetaFrame products to retrieve the information. Novell has received the updated SDK with the
necessary APIs to support this setting and is working on a patch to the Novell Client v4.5 for Windows NT
to expose this functionality. Novell is targeting an April 1999 update to include this support.
The simple work around is to create the DOS environment variables that would be created through home
directory setting in the Novell login script. This can be done using login script variables so a single login
script can be used for all users and the environment variables will be customized for each user as they
login.
Novell has made modifications to the Novell Client v4.11b for Windows NT to support some of the Citrix
functionality such as the anonymous users for WinFrame users. These modifications have not yet been
made to later Clients. Novell major significant modifications to the NWGINA interface starting with he
Novell Client v4.3 for Window NT so the changes that were made in the 4.11b Client could not simply be
carried into the updated Client. Novell is working on a number of changes on the current Clients to support
all the Citrix functionality. The Novell Client v4.7 for Windows NT will be released in the summer of
1999 and will include all these enhancements. Novell intends to release a patch in April 1999 that will
update the Novell Client v4.6 for Windows NT to include the following Citrix integration.
MetaFrame roaming profile
MetaFrame home directory
Anonymous users
61
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement