1U YYEAR TUPGRADE
B ER PRO ECTION PLAN
CONFIGURING
CITRIX METAFRAME FOR
WINDOWS 2000
TERMINAL SERVICES
“If you’re looking for ways to enable
enterprise-wide information access, look
no more! This book is perfect for any
administrator deploying Citrix MetaFrame
in a Windows 2000 environment.”
FREE Monthly
—Al Thomas, Technology Updates
Technical Consultant, Education Team,
IKON Technology Services
One-year Vendor
Product Upgrade
Paul Stansel, CCEA, MCSE, MCP+I, CNA, A+
Protection Plan
Travis Guinn, CCA, MCSE, CCSA, CCSE, A+
Kris Kistler, CCA, MCSE, MCP+I, GSEC, CCNA, CNA, A+ FREE Membership to
Technical Editor: Melissa Craft, CCA, MCSE, CCNA, Access.Globalknowledge
Network+, MCNE
Technical Review by: Allen V. Keele, CCEA, CCI, MCT, MCSE, MCP+I,
CCNA, CCDA, PSE
[email protected]
With over 1,500,000 copies of our MCSE, MCSD, CompTIA, and Cisco
study guides in print, we have come to know many of you personally. By
listening, we've learned what you like and dislike about typical computer
books. The most requested item has been for a web-based service that
keeps you current on the topic of the book and related technologies. In
response, we have created
[email protected], a service that
includes the following features:
s A one-year warranty against content obsolescence that occurs as
the result of vendor product upgrades. We will provide regular web
updates for affected chapters.
s Monthly mailings that respond to customer FAQs and provide
detailed explanations of the most difficult topics, written by content
experts exclusively for
[email protected].
s Regularly updated links to sites that our editors have determined
offer valuable additional information on key topics.
s Access to “Ask the Author”™ customer query forms that allow
readers to post questions to be addressed by our authors and
editors.
Once you've purchased this book, browse to
www.syngress.com/solutions.
To register, you will need to have the book handy to verify your purchase.
Thank you for giving us the opportunity to serve you.
Configuring
CITRIX METAFRAME
for WINDOWS 2000
TERMINAL SERVICES
Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or production
(collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the
Work.
There is no guarantee of any kind, expressed or implied, regarding the Work or its contents. The Work is sold
AS IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state to state.
In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other inci-
dental or consequential damages arising out from the Work or its contents. Because some states do not allow
the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not
apply to you.
You should always use reasonable case, including backup and other appropriate precautions, when working
with computers, networks, data, and files.
Syngress Media® and Syngress® are registered trademarks of Syngress Media, Inc. “Career Advancement Through
Skill Enhancement™,” “Ask the Author™,” “Ask the Author UPDATE™,” “Mission Critical™,” and “Hack
Proofing™” are trademarks of Syngress Publishing, Inc. Brands and product names mentioned in this book are
trademarks or service marks of their respective companies.
KEY SERIAL NUMBER
001 58PJUY7DSE
002 4RS36835HH
003 Q3NMCDE9V7
004 2C5C87BYMP
005 6AFLCA94DB
006 P636ALT7JA
007 MTPOKBB994
008 35DJKE3ZSV
009 G5EW2E9CFS
010 SM274PS25N
PUBLISHED BY
Syngress Publishing, Inc.
800 Hingham Street
Rockland, MA 02370
Configuring Citrix MetaFrame for Windows 2000 Terminal Services
Copyright © 2000 by Syngress Publishing, Inc. All rights reserved. Printed in the United States of America.
Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or dis-
tributed in any form or by any means, or stored in a database or retrieval system, without the prior written per-
mission of the publisher, with the exception that the program listings may be entered, stored, and executed in a
computer system, but they may not be reproduced for publication.
Printed in the United States of America
1 2 3 4 5 6 7 8 9 0
ISBN: 1-928994-18-0
Copy edit by: Jennifer R. Coker Proofreading by: Ben Chadwick
Technical edit by: Melissa Craft Page Layout and Art by: Shannon Tozier
Index by: Robert Saigh Co-Publisher: Richard Kristof
Project Editor: Mark A. Listewnik
Distributed by Publishers Group West
Acknowledgments
We would like to acknowledge the following people for their kindness and sup-
port in making this book possible.
Richard Kristof, Duncan Anderson, Jennifer Gould, Robert Woodruff, Kevin
Murray, Dale Leatherwood, Rhonda Harmon, and Robert Sanregret of Global
Knowledge, for their generous access to the IT industry’s best courses,
instructors and training facilities.
Ralph Troupe, Rhonda St. John, and the team at Callisma for their invaluable
insight into the challenges of designing, deploying and supporting world-class
enterprise networks.
Karen Cross, Lance Tilford, Meaghan Cunningham, Kim Wylie, Harry
Kirchner, John Hays, Bill Richter, Kevin Votel, Brittin Clark, and Sarah
MacLachlan of Publishers Group West for sharing their incredible marketing
experience and expertise.
Mary Ging, Caroline Hird, Caroline Wheeler, Victoria Fuller, Jonathan Bunkell,
Klaus Beran, and Simon Beale of Harcourt International for making certain
that our vision remains worldwide in scope.
Annabel Dent, Anneka Baeten, Clare MacKenzie, and Laurie Giles of Harcourt
Australia for all their help.
David Buckland, Wendi Wong, David Loh, Marie Chieng, Lucy Chong, Leslie
Lim, Audrey Gan, and Joseph Chan of Transquest Publishers for the enthu-
siasm with which they receive our books.
Kwon Sung June at Acorn Publishing for his support.
Ethan Atkin at Cranbury International for his help in expanding the Syngress
program.
Joe Pisco, Helen Moyer, and the great folks at InterCity Press for all their help.
Special thanks to the professionals at Osborne with whom we are proud to
publish the best-selling Global Knowledge Certification Press series.
v
From Global Knowledge
At Global Knowledge we strive to support the multiplicity of learning styles
required by our students to achieve success as technical professionals. As
the world's largest IT training company, Global Knowledge is uniquely
positioned to offer these books. The expertise gained each year from pro-
viding instructor-led training to hundreds of thousands of students world-
wide has been captured in book form to enhance your learning experience.
We hope that the quality of these books demonstrates our commitment to
your lifelong learning success. Whether you choose to learn through the
written word, computer based training, Web delivery, or instructor-led
training, Global Knowledge is committed to providing you with the very
best in each of these categories. For those of you who know Global
Knowledge, or those of you who have just found us for the first time, our
goal is to be your lifelong competency partner.
Thank your for the opportunity to serve you. We look forward to serving
your needs again in the future.
Warmest regards,
Duncan Anderson
President and Chief Executive Officer, Global Knowledge
vi
Contributors
Contributors
Paul Stansel (CCEA, MCSE, MCP+I, CNA, A+) works as a con-
sultant specializing in remote access and Citrix technologies in
Research Triangle Park, North Carolina, where he lives with his
wife, Rachel. Paul started working with computers when his
father got the family a TRS-80 and has never looked back. He
enjoys good science-fiction, computer games, and the football
season.
Travis Guinn (CCA, MCSE, CCSA, CCSE, A+) is from
Jacksonville, Texas and is currently the Senior Systems Engineer
with Data Transit International, a nationwide Citrix integrator
based in Atlanta, Georgia. Travis served four years in the U.S.
Navy in Advanced Electronics, then worked for a small computer
store installing networks. Travis then started an ISP in
Charleston, South Carolina, where he gained extensive experi-
ence in TCP/IP and large scale dial-in solutions from U.S.
Robotics.
Travis has worked for Data Transit for three years on projects
involving 3Com Total Control, Checkpoint Firewall-1, RSA
SecurID, and AVT RightFax. Travis is now working on an ASP
initiative for Data Transit.
vii
Kris Kistler (CCA, MCSE, MCP+I, GSEC, CCNA, CNA, A+) is a
Senior Network Engineer and Security Administrator for a large
International Health Care Organization based in St. Louis,
Missouri. He has been involved in computing for over 15 years
and has experience with many different operating systems and
various types of networking hardware. He currently specializes in
Internet connectivity, security, and remote access ASP solutions.
When not researching new projects, he enjoys spending time
with his family.
Mick Gunter (CCA, MCSE, CCNA, A+) is the Senior Manager of
Technical Services at Blue Rhino Corporation in Winston Salem,
North Carolina. After serving as an Artillery Officer in the Marine
Corps, Mick earned a Masters degree in Education from Wake
Forest University before entering the IT field. When not working,
Mick enjoys biking, playing golf, and spending time with his wife
Tanya and son Bailey.
Melissa Craft (CCA, MCSE, CCNA, Network+, CNE-5, CNE-3,
CNE-4, CNE-GW, MCNE, Citrix CCA) designs business com-
puting solutions using technology and business process reengi-
neering techniques to automate processes.
Currently, Melissa’s title is Director of e-Business Offering
Development for MicroAge Technology Services. MicroAge is a
global systems integrator headquartered in Tempe, Arizona.
MicroAge provides IT design, project management, and support
for distributed computing systems. These technology solutions
touch every part of a system’s lifecycle—from network design,
testing, and implementation to operational management and
strategic planning.
Melissa holds a bachelor’s degree from the University of
Michigan, and is a member of the IEEE, the Society of Women
Engineers, and American MENSA, Ltd. Melissa currently resides
in Glendale, Arizona with her family, Dan, Justine and Taylor.
viii
Douglas Laspe has over 25 years in the IT industry. His experi-
ence includes project management, process development and
implementation, asset management, software quality assurance,
and software configuration management. Doug’s technical expe-
rience includes working with various types of programming lan-
guages from assembly code to fourth generation languages and
robotics control code.
Doug has extensive experience in technical writing and pro-
fessional editing. He has worked in large and small organiza-
tions, in “.com” companies, with government contractors, and in
federal procurement. Doug and his wife, Carolyn have two chil-
dren, Eric and Laura, who also share an interest in information
technology.
Mary C. Zampino (CCA, MCSE) was born in Chicago and raised
mostly in Tallahassee, Florida. Mary graduated from Florida
State University with a B.S. degree in Information Science. Mary
quickly went on to earn her MCSE and CCA certifications, in
addition to authoring numerous technical documents. Mary
enjoys spending time with her family, including two wonderful
sisters. She also loves reading, writing, movies, and camping.
Chris Funderburg (CCEA, MCSE, MCP+I, CCNA) is an Associate
Network Engineer for Greenwich Technology Partners where his
duties include designing and implementing various network sys-
tems as well as troubleshooting and writing documentation.
Greenwich Technology Partners (GTP) is a leading network
infrastructure consulting and engineering company. The com-
pany designs, builds, and manages complex networks that utilize
advanced Internet protocol, electro/optical, and other sophisti-
cated technologies. Founded in 1997, the company has
employees in 19 locations in the U.S. and a location in London.
Using its proprietary GTP NetValueTM methodology, GTP provides
clients with the internetworking support necessary for e-busi-
ness success.
ix
Derrick Rountree (CCA, MSCE, MCT, CNE, ASE, CCNA, CCDA)
has a degree in Electrical Engineering from Florida State
University. Derrick has worked for Alltel Information Systems
and Prudential Health Care and is currently working for a sys-
tems integrator in South Florida. Derrick has also done work for
BOSON.COM testing software products. Derrick has contributed
to other Syngress and Osborne/McGraw-Hill publications
including the Compaq ASE Study Guide and the CCA Citrix
Certified Administrator for MetaFrame 1.8 Study Guide. He would
like to thank his mother, Claudine, and his wife, Michelle, for
their help and support.
Jerrod Couser (CCA, MCSE+I, MCP+I, A+) currently manages
the Technology Training Department of Review Technology
Group (RTG). RTG specializes in training and consulting.
Dean A. Jones III (MCSE) has over six years experience man-
aging national LAN/WAN administration services and has man-
aged his company’s migration to Windows 2000 and Citrix
MetaFrame environments. He has been a test manager in the
Unix, Windows, Solaris, DEC, DOS, and proprietary systems
environments. Dean is currently the Lead System Administrator
and Web Master for a major food producer headquartered in the
Midwest.
Technical Editor
Melissa Craft (CCA, MCSE, CCNA, Network+, CNE-5, CNE-3,
CNE-4, CNE-GW, MCNE, Citrix CCA) designs business com-
puting solutions using technology and business process reengi-
neering techniques to automate processes.
Currently, Melissa’s title is Director of e-Business Offering
Development for MicroAge Technology Services. MicroAge is a
x
global systems integrator headquartered in Tempe, Arizona.
MicroAge provides IT design, project management, and support
for distributed computing systems. These technology solutions
touch every part of a system’s lifecycle—from network design,
testing; and implementation to operational management and
strategic planning.
Melissa holds a bachelor’s degree from the University of
Michigan, and is a member of the IEEE, the Society of Women
Engineers; and American MENSA, Ltd. Melissa currently resides
in Glendale, Arizona with her family, Dan, Justine, and Taylor.
and her two Great Danes Marmaduke and Apollo and her Golden
Retriever Pooka. Melissa can be contacted via e-mail at
[email protected].
Technical Reviewer
Allen V. Keele (CCEA, CCI, MCT, MCSE, MCP+I, CCNA, CCDA,
PSE) is Vice President of Certified Tech Trainers, Inc. They are
an organization specializing in Citrix MetaFrame 1.8 and
advanced Citrix server implementation, Cisco training courses on
routing and switching (including CCNA and CCNP certification
tracks), as well as Windows 2000 training. As an active and
enthusiastic instructor, he personally provides training sessions
throughout the United States and Europe.
Following two years of overseas academic pursuits at a
German Gymnasium as a high school foreign exchange student,
he attended school at the Universität Mannheim as an under-
graduate. He is fluent in German and continues to enjoy contact
with his original host family to this day. He also holds a
Bachelor of Business Administration degree from the University
of Georgia.
xi
Contents
Introduction xxiii
Chapter 1: Challenges of the Virtual Environment 1
Introduction 2
What Defines a Mainframe? 2
Benefits of the Mainframe Model 3
History and Benefits of Distributed Computing 5
The Workstation 5
Enter Distributed Computing 6
Two-Tiered Computing 6
Three-Tiered Computing 6
Distributed Computing and the Internet 8
Benefits of Distributed Computing 9
Meeting the Business Requirements of Both Models 9
The Main Differences Between Remote Control
and Remote Node 11
Remote Control 11
Benefits of Remote Control 12
Downsides to Remote Control 12
Remote Node 14
Why Use Remote Access? 15
Drawbacks of Remote Node Computing 16
So How Do You Choose? 16
The Thin-Client Revolution 17
Key Concepts 18
The Beginning of Terminal Services and MetaFrame 19
Introduction of Terminal Services 20
Windows 2000 Terminal Services 21
What Exactly Is Terminal Services? 21
Install Mode 23
System Requirements for Terminal Services 23
Types of Terminal Services Installations 24
xiii
xiv Contents
Terminal Services Licensing 25
Terminal Services Tools 27
The Virtual Memory 30
Remote Desktop Protocol (RDP) 31
The Terminal Services Client 33
Local Drive Mapping 36
Network Load Balancing for Windows 2000 36
Citrix MetaFrame 37
The ICA Protocol 37
Application Publishing 41
The ICA Client 41
The MetaFrame Server 46
MetaFrame Server Tools 49
Citrix and the Internet 52
Choosing Terminal Services or MetaFrame 53
Bottom Line Value of Using Thin-Client Technology 54
Calculating Hard Costs 54
Calculating Soft Costs 55
Summary 57
FAQs 58
Chapter 2: Routing and Remote Access Services
for Windows 2000 61
Introduction 62
Designing and Placing RAS Servers on the Network 62
Sizing the Servers 62
RAM 63
Processors 64
Storage 64
Network Interfaces 68
Clusters 68
Modems 69
Placing the RAS Servers on the Internetwork 72
Remote Access Protocols 74
Dial-up Clients 75
PPP and SLIP 75
CHAP and PAP 75
VPN Clients 76
PPTP 78
L2TP 80
IPSec 81
Installing the Windows 2000 Remote Access Service 82
Contents xv
Dial-Up Configuration 82
Configuring Your RAS Server in Windows 2000 82
VPN Configuration 96
PPTP 99
IPSec 99
L2TP 100
RAS Upgrade Considerations 101
Upgrading from Windows NT 4.0 RAS 102
Upgrading from Windows NT 3.5x RAS 102
Migrating from a Third-Party Remote Access Service 103
Summary 103
FAQs 104
Chapter 3: Designing Terminal Services
for Windows 2000 105
Introduction 106
Designing and Placing Terminal Services on the Network 106
Sizing the Server—User and Application Analysis 107
Network Interfaces 110
Clusters 114
Modems 115
Impact from the Number of Users 115
Placing Terminal Services Servers on the Network 116
Implementing Terminal Services Protocols 121
RDP 121
Upgrading from RDP 4.0 to RDP 5.0 122
TCP/IP 123
Other Protocols 125
Analyzing the Environment 125
Network Requirements for New Installations 127
LAN 128
WAN 130
Internet Connectivity 130
Upgrade from Windows NT 4.0
Terminal Services Considerations 130
WinFrame, Any Version 132
Windows NT 4.0 Terminal Server Edition 132
MetaFrame 1.0 or 1.8 132
Windows NT 4.0 134
Integration with Citrix MetaFrame or WinFrame 134
Summary 134
FAQs 135
xvi Contents
Chapter 4: Designing a Citrix MetaFrame Internetwork 139
Introduction 140
Designing and Placing MetaFrame Servers on the Network 140
Sizing the Server 141
RAM 143
Processors 145
Storage 148
Network Interfaces 153
Modems 153
Placing the Server on the Network 156
Designing an Internetwork with Multiple
MetaFrame Servers 157
Placing Servers on the Network 158
Implementing Load Balancing Procedures 159
Utilizing License Pooling 161
Implementing MetaFrame-Supported Protocols 161
TCP/IP 162
IPX/SPX 162
NetBEUI 163
ICA 163
Analyzing the Environment 164
Designing the Internetwork 168
LAN 168
WAN 170
Internet 172
Upgrading to Citrix MetaFrame 1.8 for Windows 174
Summary 176
FAQs 176
Chapter 5: Deploying Terminal Services Clients 179
Introduction 180
Limitations of Terminal Services Clients 180
Licensing 180
Licensing a Terminal Services Client 183
Operating System Limitations 184
Protocol Limitations 184
Other Limitations 184
Client Considerations 185
Installing the Client Manually 186
32-bit Windows 186
16-bit Windows 189
Windows CE 191
Deploying the Client Using Automated Installation Methods 192
Contents xvii
32-bit Windows 192
Sample Automated Installation 193
Using the Client Software 193
Terminal Services Client 193
Client Connection Manager 195
Summary 201
FAQs 202
Chapter 6: Citrix MetaFrame Clients 205
Introduction 206
Selecting a Protocol 206
Installing MetaFrame Clients 212
DOS 212
Creating DOS ICA Client Installation Floppy Disks 214
Windows 16-Bit 215
Windows 32-Bit 215
Creating Windows 32-Bit Client Installation
Floppy Disks 216
Macintosh 218
OS/2 220
OS/2 Installation 220
Win-16 OS/2 Installation Procedure 221
DOS OS/2 Client Installation Procedure 222
UNIX 222
Steps to Perform a Text-Based UNIX (Linux)
Client Installation 224
Using the Red Hat Package Manager (RPM)
to Install the Client 225
Deploying MetaFrame Clients Using
Automated Installation 228
Steps to Create Preconfigured Client Install Disks 229
Creating a New Client Update Database 229
Configuring MetaFrame Clients 230
Configuring the UNIX Clients 232
Connection Tab 235
Window Tab 237
Application Tab 237
Preferences Tab 238
Server Location Tab 239
HotKeys Tab 239
Disk Cache Tab 240
Drive Mapping 241
Win32 Client Configuration Overview 242
Configuring the Win32 Clients 244
xviii Contents
ICA Settings 250
ICA Client Mappings 251
Mapping Win32 Client Audio 252
Troubleshooting Basic Client Connectivity. 252
Summary 254
FAQs 256
Chapter 7: Installing Terminal Services 259
Introduction 260
Gathering Business Goals and Objectives 260
Components of Windows 2000 Terminal Services 262
Windows 2000 Multiuser Kernel 263
Remote Desktop Protocol (RDP) 263
Terminal Services Client 264
Terminal Services Administration Tool 264
Terminal Services Encryption 264
Remote Administration Mode 265
Application Server Mode 268
Testing Configurations and Deploying a Pilot 271
Installation 271
Rolling Out the Final Configuration 277
Local Printer Support 277
Roaming Disconnect 277
Enhanced Performance 278
Multiple Login Support 278
Clipboard Redirection 278
Securing ClipBook Pages 279
Windows 2000 Server 280
Windows 2000 Advanced Server 280
Terminal Services Licensing 281
Installing the Terminal Services Licensing Component 282
Activating the Terminal Services License Server 282
Using the Training Tools 283
Administrators 284
Terminal Services Manager 284
Terminal Services Configuration 284
Terminal Services Client Creator 285
Terminal Services Licensing 285
End Users 285
Summary 286
Using Terminal Services to Provide Applications
over the Internet 287
FAQs 287
Contents xix
Chapter 8: Installing Citrix MetaFrame 289
Introduction 290
Business Drivers for Selection of Citrix MetaFrame 290
Installating MetaFrame 1.8 294
Integrating with the Active Directory 300
Mixed Mode 300
Native Mode 301
Installing NFuse 303
Feature Release 1 308
NFuse 1.5 308
RC5 Encryption 309
SSL Relay 309
TCP-Based Browsing 309
Web Install 309
SpeedScreen Latency Reduction 309
Testing Configurations and Deploying a MetaFrame Pilot 310
Application Launching and Embedding 312
Rolling Out MetaFrame to the Environment 312
Presenting Applications to Users 313
Defining the Environment 313
Installing the ICA Client 313
Citrix MetaFrame Licensing 314
Training 315
Administrators 315
End Users 315
Summary 316
FAQs 316
Chapter 9: Configuring the User Experience 319
Introduction 320
Configuring Parameters with Active Directory Utilities 320
Creating a Custom MMC Console 323
Configuring the User Properties 324
Using Citrix MetaFrame Utilities 334
Shadowing 334
Establishing a Shadow Session
Using the Shadow Taskbar 335
Establishing a Shadow Session Using
Citrix Server Administration 337
Applying Group Policy 339
Understanding Group Policy and Active Directory 341
Creating a Custom MMC Console for Group Policy 343