410 likes | 457 Vues
Explore the latest features and enhancements of the Citrix MetaFrame Presentation Server 3.0 "Hudson" release, including improved scalability, enhanced policies, and end-user access features. Learn about workspace control, secure gateway updates, and certification details.
E N D
Citrix MetaFrame Presentation Server 3.0 Codename – “Hudson” Release Date – April 27, 2004 Douglas A. Brown Senior Systems Engineer Citrix Systems, Inc.
New Features • Lots of new and useful features • Lots of new Presentation Server Features • Lots of new Web Interface Features • Lots of new Client Features • A few new Secure Gateway Features • A few new RM, IM, and NM Features • Not as big an architectural change as 1.8 -> XP • License Server is the only architectural change • Several architecture components have been enhanced
New Architecture / Administrative Features • Enhanced Farm Scalability • Access Suite Management Console • Enhanced Delegated Administration • Enhanced Policies • Zone Preference and Failover
Enhanced Farm Scalability • Validated up to 1000 servers in a farm • Zones of 1000+ servers (with dedicated ZDC)
Access Suite Management Console • Does not replace the existing Management Console • First Generation of Suite-wide management tool
Enhanced Policies • Can throttle any virtual channel bandwidth (not just printing) • Client Drives • Client Devices • Custom Virtual Channels (i.e. Tricerat Screwdrivers) • Network printer behavior • Client printer via ICA, or • Network printer via RPC • MetaFrame Password Manager settings • Disable Password Manager • Central Credential Store location
Enhanced Policies - Filtering • Additional filtering options: • Client IP Address • Client Name • Servers • Users
Enhanced Policies - Filtering • Can use wildcards in filters • i.e. Filter by Client Name: use WI_* as filter for users coming from Workspace Control-enabled WI site • Filter can allow or deny policy • Can mix allow and deny policies within same policy • i.e. disable client drive mapping for “domain users” and deny policies to specific users within the “domain users” group • Supports anonymous and/or explicit user filtering • IP Addresses evaluated is the actual client IP address • Not the Secure Gateway IP or NAT firewall IP
Zone Preference and Failover • Implemented as a Presentation Server policy • Good for distributed farms and ASPs • Forces users to preferred zone for applications • Lowest loaded server within that zone is used • Also useful for Disaster Recovery • Backup zones (up to 10) can be specified • Works for PN Agent and WI connections • Connections via PN and Conferencing Manager may be directed to other zones
MPS Certifications and Standards Microsoft Certifications • Certified for Microsoft Windows • Windows Server 2003 (Standard, Enterprise, and Datacenter) • Windows 2000 Server (Server, Advanced, and Datacenter) • Designed for Windows XP Gold • Windows XP, 2000, ME, 98, NT • Designed for Windows Mobile • Windows Pocket PC, Windows CE RSA Security Certifications • RSA SecurID Ready Industry Regulations • FIPS 140-1 • U.S. Rehabilitation Act Section 508 • HIPAA • Common Criteria EAL2 (MF XP FR3 submitted in security target)
Workspace Control Web Interface Enhancements RDP Support Enhanced PN Agent Enhanced Logon Feedback Bi-directional Audio SpeedScreen Improvements Session Reliability Enhanced Tablet PC Support Enhanced Java Client Secure Computing SafeWord Support Section 508 Conformance Secure Gateway and Port Address Translation New End User / Access Features
Workspace Control • “Follow me roaming” with WI or PN Agent • Requires latest versions of: • Presentation Server Client • Web Interface • Presentation Server • Reconnects printers and client drives from new client • Can reconnect to a session, even if screen resolution has changed • Greatly reduces need for custom solutions
Workspace Control • 1 • 2 • 3
Web Interface Improvements • Can install to Non-default web site • WI Ticketing done via IMA, not RPC/XML • Icons are generated on the fly, not stored on disk • Should alleviate missing icons syndrome • Able to Hide disabled applications • Asian Language Web Server Support • Unicode format of ICA files • Supported by 8.x clients only
Web Interface Improvements • More extensive browser support
RDP Client Support from WI • More limited features than ICA • May be useful as a “client of last resort” for Windows XP clients • Uses a Presentation Server License
Enhanced Logon Feedback • Better feedback to user on logon process • Steady stream of notification boxes
Bi-Directional Audio • Full stereo sound can travel from client to server • Support for: • Headset microphones • Philips SpeechMike (i.e. Medical Transcription) • Serial port and USB versions supported • Does not work with Workspace Control • Requires latest client and server • Recommended on LAN environments
SpeedScreen Improvements • SpeedScreen Flash Acceleration • Improves rendering of Macromedia Flash content on published browsers by setting player to “low quality” playback by default. • SpeedScreen Multimedia Acceleration • Streaming of video and audio data to the local device to leverage local content player resources. • SpeedScreen Image Acceleration • Allows tradeoff of image quality for lower bandwidth • Implemented via policy
SpeedScreen Multimedia Acceleration Requires media app on server, and proper CODEC on client. Tested with Windows 98/2000/XP.
Session Reliability • Allows sessions to remain viewable when network connectivity is interrupted • Seamless windows can be moved/resized • Uses a configurable TCP port • Noteworthy for some high-security networks • Requires latest version of • Client • Presentation Server
Enhanced Tablet PC Support • Can use “input panel” (soft keyboard) for input • Including login screen on ICA session • Voice input support • Support for display mode switching • Landscape, Portrait display modes
Printer auto detection Support for local root certificates Enhanced UI and seamless windows support New MPS feature support: universal printer driver(mono and 300dpi) SpeedScreen browser acceleration (MF XP FR3) SpeedScreen image and flash acceleration session reliability workspace control dynamic session reconfiguration auto-created printers Java Client 8.0
Secure Access Manager 2.2 Customer Enhancement Requests • Remote employees need offline access to email. • Need to support additional browser beyond Microsoft’s Internet Explorer. • Desire to secure existing Enterprise Information Portal (EIP) or other existing Web based infrastructure. • Challenges displaying Java based internal Web sites and applications. • Challenges accessing internal Web sites with unique verb sets, WebDAV enabled sites, etc…
MetaFrame Secure Access Manager 2.2 delivers… • Alternative User Interface: • Allows MetaFrame Secure Access Manager to direct users to different EIPs or Web based infrastructures (other than the Access Center) immediately after authentication. • New Advanced Gateway Client, providing support for: • Most common PC browsers (IE, Netscape, etc…) • Synchronization of Outlook 2000+ clients • Access to java based Web sites and applications • Access to sites incorporating unique verb sets such as WebDAV enabled sites, Outlook Web Access, etc… • All the capability of existing client
Conferencing Manager Evolution • Guest attendees • Users that are not MetaFrame users or are not employees • Overall enhanced usability • All users launching applications • Attendee moderated mouse and keyboard control • Request mouse/keyboard control • Application whiteboard
Guest Web Login • Friendly Name • Guest ID • unique for each • guest attendee • E.g. email address • Conference ID • conference unique
Adding attendees • Invite users from the domain, internal email or now external users
Usability Improvements • Set Mouse/KeyB Control • Pass Mouse/KeyB Control • Request Mouse/KeyB Control • Send Message to attendee
Sync Push Password Manager Architecture MetaFrame and/or Desktop Deployed Administration Console SSO Agent Directoryor File share
MetaFrame Password Manager 2.5New Features • Novell Authentication • Works with Novell’s version of the Windows GINA • Primary authentication against eDirectory (formerly NDS) • Support for Certificate-based (PKI) Smart Cards • Hot Desktop through compatibility with Workspace Roaming • No Primary Authentication logoff required • Works only with MetaFrame Presentation Server 3.0 • Workstation Lockout for Re-authentication • Inactivity timeout
MetaFrame Password Manager 2.5New Features • Localized Agent • German, French, Spanish and Japanese • Drop-down Logon Menu Support • Windows and Web based applications • E.g.: Domain Drop Downs • Manual Password Change Policy Enforcement • Now includes manual password changes