Team LiB
Previous Section Next Section

List of Figures

Chapter 1: The Concept of Terminal Services

Figure 1-1: The terminal server multiple-user concept. A single server behaves like multiple Windows XP workstations whose output is redirected to multiple external devices.
Figure 1-2: Schematic representation of the transfer of screen content from a Windows Server 2003 terminal server to a thin client over the network.
Figure 1-3: Different client/server options.
Figure 1-4: The different computing concepts used in companies.
Figure 1-5: Ability to activate remote desktop connections via My Computer | Properties | Remote.
Figure 1-6: The operating system structure of the 32-bit version of Windows Server 2003.
Figure 1-7: The objects on a terminal server displayed by WinObj by Systems Internals. One console session (0) and two user sessions (2 and 3) are shown.
Figure 1-8: The achitecture of Terminal Server.
Figure 1-9: Basic priority levels of processes as shown in the Task Manager.
Figure 1-10: The Administration Tools in the Control Panel.
Figure 1-11: Display of services.
Figure 1-12: Device manager for non-PNP drivers.
Figure 1-13: Device Manager for system devices.
Figure 1-14: Device redirector properties in a terminal server.
Figure 1-15: Driver details on terminal server device redirector.

Chapter 2: Installation and Configuration

Figure 2-1: The startup screen for installing Windows Server 2003 on an existing 32-bit Windows operating system.
Figure 2-2: Selecting the installation option.
Figure 2-3: Welcome screen of the text-based installation phase.
Figure 2-4: Selecting the target volume for an installation.
Figure 2-5: Selecting regional and language options during the installation.
Figure 2-6: Selecting the licensing mode during the installation.
Figure 2-7: Installation of the terminal server function through the server wizard.
Figure 2-8: The licensing model for terminal servers under Windows Server 2003.
Figure 2-9: Later installation of Terminal Services licensing.
Figure 2-10: Determining the role of a license server.
Figure 2-11: Terminal server licensing right after installation and before activation.
Figure 2-12: Activation wizard for Windows Server 2003.
Figure 2-13: The Terminal Services configuration console.
Figure 2-14: Connection Wizard dialog box for Terminal Services to create a new connection. The parameters for remote control are set here.
Figure 2-15: Connection context menu, allowing the deactivation or renaming of the connection.
Figure 2-16: General settings of a connection protocol in the Terminal Services Configuration.
Figure 2-17: Connection protocol logon settings.
Figure 2-18: Configuring user session limits.
Figure 2-19: Configuring environment settings.
Figure 2-20: Configuration of remote control, where the user must give his or her permission, and the remote session can only be viewed.
Figure 2-21: Settings for the integration of client resources.
Figure 2-22: Selecting the bound network adapter and the maximum number of connections.
Figure 2-23: Setting permissions.
Figure 2-24: Terminal Services configuration server settings.

Chapter 3: Communication Protocols and Thin Clients

Figure 3-1: TCP/IP address configuration.
Figure 3-2: Name resolution through DNS.
Figure 3-3: Three routers separating four network segments. The routers filter the broadcasts.
Figure 3-4: RDP protocol integration under Windows Server 2003.
Figure 3-5: Result of a bandwidth test with several RDP sessions, all configured differently, on the system monitor. (See also Chapter 4.)
Figure 3-6: An RDP session with normal user actions is measured. The thick line represents the corresponding network bandwidth in Kbps; the thin line displays the processor load.
Figure 3-7: The network monitor logs the data traffic between a terminal server and an RDP client.
Figure 3-8: The network monitor analyzes an RDP data stream.
Figure 3-9: Remote desktop connection start window.
Figure 3-10: Initializing the remote desktop connection installation wizard.
Figure 3-11: The remote desktop connection General tab.
Figure 3-12: Display settings.
Figure 3-13: Local resources configuration.
Figure 3-14: Start options configuration of a selected program.
Figure 3-15: Configuring performance parameters.
Figure 3-16: Adding the Remote Desktop Snap-in to the Microsoft Management Console.
Figure 3-17: The Remote Desktop Snap-in with one connection configured and a new connection being added.
Figure 3-18: Existing connection to a server in the Remote Desktop Snap-in. The desktop size depends on the dimensions of the Result Pane on the right.
Figure 3-19: Later adjustment of general properties in Remote Desktop Snap-in.
Figure 3-20: Adapting the screen options under Remote Desktop Snap-in.
Figure 3-21: The Properties tab under Remote Desktop Snap-in.
Figure 3-22: Stand-alone terminal server with local printer and RDP clients on the network.
Figure 3-23: Clients with local printers that can be mapped to the corresponding user sessions on the terminal server.
Figure 3-24: Simple corporate network with two terminal servers and two domain controllers.
Figure 3-25: Terminal server in a consolidated environment.
Figure 3-26: A server farm in a corporate network.
Figure 3-27: A server farm and several back-end servers.
Figure 3-28: Terminal servers and Terminal Services clients in the local corporate network.
Figure 3-29: Corporate network with remote offices connected on a WAN.
Figure 3-30: Corporate network with terminal servers in the corporate headquarters and remote office 1.
Figure 3-31: The wrong configuration of a terminal server environment. The terminal servers are no longer located in the computing center of corporate headquarters, but in remote offices.
Figure 3-32: Integration of home offices or small remote offices.

Chapter 4: Administration and Operation

Figure 4-1: Terminal Services Manager.
Figure 4-2: Displaying all processes on a terminal server.
Figure 4-3: Five users on the TRITON-SRV2 terminal server and one connection request from a client (RDP-Tcp#5).
Figure 4-4: Displaying user session processes.
Figure 4-5: Information about a selected user session.
Figure 4-6: Sending a message to multiple users.
Figure 4-7: Invoking remote control in the Terminal Services Manager.
Figure 4-8: Accepting a remote desktop request.
Figure 4-9: The Task Manager Processes tab.
Figure 4-10: The Task Manager Users tab.
Figure 4-11: The System Monitor analyzing a user session.
Figure 4-12: The Event Viewer analyzes the system log. In this example, the warning message indicates that a printer was deleted in a user session.
Figure 4-13: Default values of the local security settings.
Figure 4-14: Control Panel tools displayed in the new style of Start menu and in Explorer.
Figure 4-15: The Advanced tab under the System tool of the Control Panel.
Figure 4-16: Setting visual effects under System Performance options.
Figure 4-17: Unmodified default setting for virtual memory under Performance Options.
Figure 4-18: The dialog box for modifying user profiles.
Figure 4-19: Startup and recovery options.
Figure 4-20: Modifying environment variables.
Figure 4-21: Configuring terminal server options.
Figure 4-22: Adding a new program using the tool Add or Remove Programs.
Figure 4-23: Computer administration with local user accounts.
Figure 4-24: Adding a user to the Remote Desktop Users group.
Figure 4-25: The Environment tab for user properties.
Figure 4-26: Configuring session parameters.
Figure 4-27: Remote desktop configuration.
Figure 4-28: Configuring a Terminal Services profile and a home folder.
Figure 4-29: Adding a terminal server to an existing domain.
Figure 4-30: Setting computer-specific Group Policies for Terminal Services.
Figure 4-31: Setting user-specific Group Policies for Terminal Services.
Figure 4-32: A Group Policy object of the organizational unit for terminal servers.
Figure 4-33: The basic architecture of a print server environment. The Windows print client runs on the terminal server.
Figure 4-34: List of redirected and automatically generated print queues on a terminal server.

Chapter 5: Integrating Applications

Figure 5-1: Changing a terminal server to installation mode and checking the mode from the command prompt.
Figure 5-2: Final dialog box after installing an application on a terminal server.
Figure 5-3: Windows Installer 2.0 Table Editor (Orca).
Figure 5-4: Microsoft Visual Studio .NET: creating an installation package.
Figure 5-5: Wise for Windows Installer analyzes an installation package.
Figure 5-6: Configuring the Internet Explorer using Group Policies.
Figure 5-7: The Windows Application Compatibility Toolkit Version 3.0 startup window.
Figure 5-8: Application Verifier examining Notepad.exe.
Figure 5-9: Test on a server platform with eight physical processors (Intel Pentium 4 XEON, 1.6 GHz clock speed, 1 MB second-level cache), 8 GB physical memory, and 132 open user sessions.

Chapter 6: Registry

Figure 6-1: Saving the current system status using the backup program.
Figure 6-2: Regedit, the registry editor.
Figure 6-3: Analyzing accesses to the registry using Terminal Services configuration in Microsoft Management Console.
Figure 6-4: Configuring a filter in Registry Monitor.
Figure 6-5: Registry values in the HKLM\SYSTEM\ControlSet001\Control\Terminal Server hive.
Figure 6-6: Drivers and services for terminal server functions.
Figure 6-7: Determining the response to system events.
Figure 6-8: Configuring the print environment.
Figure 6-9: User-specific terminal server settings for an administrator.
Figure 6-10: Microsoft Access compatibility flags.

Chapter 7: Scripting

Figure 7-1: Logical sequence of a compatibility script.
Figure 7-2: User logon script sequence.
Figure 7-3: The WMIC console.
Figure 7-4: WMI CIM Studio shows properties and methods of the Win32_TSGeneralSettings class.
Figure 7-5: Compilation and execution of the vbConsole .NET console application using the .NET Framework SDK 1.1.

Chapter 8: Security and Stability

Figure 8-1: Logon screen for logon to a terminal server from a Terminal Services client.
Figure 8-2: On a Terminal Services client, the secure path is available through a special option in the Start menu (bottom right). This entry is visible only on the client, not on the local console session.
Figure 8-3: The Windows security dialog box on a Terminal Services client. Depending on permissions, the user will or will not be able to shut down the computer.
Figure 8-4: Security settings through the Local Computer Policy.
Figure 8-5: Default audit policy settings.
Figure 8-6: Modifying the object access attempt policy.
Figure 8-7: Determining a monitoring entry for a directory. There is a choice of two options: successful and failed access attempts.
Figure 8-8: Assigning user permissions for logon using Terminal Services.
Figure 8-9: Security options for remote access to registry paths.
Figure 8-10: Limiting desktop objects through a local computer policy.
Figure 8-11: Software restriction policies before being defined.
Figure 8-12: Setting security levels.
Figure 8-13: Configuring the software files and the corresponding users to be monitored.
Figure 8-14: Setting a new hash rule.
Figure 8-15: Software restriction policies default message.
Figure 8-16: AppSense Application Manager message box.
Figure 8-17: The AppSense Deployment Manager with six terminal servers in one node.
Figure 8-18: The AppSense Application Manager.
Figure 8-19: Permissions at the file level. The grayed attributes point to the fact that they were inherited by a parent object.
Figure 8-20: File Monitor by SysInternals on a terminal server.

Chapter 9: Citrix MetaFrame XP Presentation Server

Figure 9-1: Citrix MetaFrame XP Presentation Server as an extension of Windows Server 2003 Terminal Services.
Figure 9-2: The basic architecture of a MetaFrame server.
Figure 9-3: ICA, IMA, and the associated communication protocols.
Figure 9-4: The start screen for the installation of Citrix MetaFrame XP Presentation Server.
Figure 9-5: Selection of components during the installation of Citrix MetaFrame XP Presentation Server, Enterprise Edition.
Figure 9-6: The Start menu of a terminal server with Citrix MetaFrame XP Presentation Server installed.
Figure 9-7: The options of mapping drive letters with Citrix MetaFrame XP Presentation Server.
Figure 9-8: Reassignment of server drives using DriveRemap.exe.
Figure 9-9: The concept is to integrate published applications into different desktops. These published applications can, of course, be used by multiple independent MetaFrame servers.
Figure 9-10: The main window of the Program Neighborhood client, which is almost empty after the initial installation.
Figure 9-11: Creation of a new connection to the desktop of a server.
Figure 9-12: Option to enter the file name of an application, if the configuration of a complete remote desktop is not required.
Figure 9-13: On the left side of the full Citrix Program Neighborhood main window is the symbol to find a new application set.
Figure 9-14: Changing the properties of a custom ICA connection.
Figure 9-15: Global default settings for the configuration of custom ICA connections.
Figure 9-16: Configuration of the ICA client hotkeys.
Figure 9-17: Remapped drives and devices in the Windows Explorer of an ICA session. You can see the remapping convention of Microsoft (\\Client\DevideName) and Citrix (renamed drive letter).
Figure 9-18: The Program Neighborhood Agent administration tool.
Figure 9-19: Setting the Program Neighborhood Agent properties on a client.
Figure 9-20: The Program Neighborhood Connection Center with one active MetaFrame desktop.

Chapter 10: Administration of Citrix MetaFrame Servers

Figure 10-1: Comparison of the main windows of Terminal Services Configuration (left) and Citrix Connection Configuration (right front).
Figure 10-2: The Citrix Connection Configuration start dialog for modifying the ICA protocol.
Figure 10-3: The respective dialog boxes for configuring client settings in Terminal Services Configuration (left back) and in Citrix Connection Configuration (right front). The check box By Default, Connect Only The Client’s Main Printer that is missing in the Terminal Services Configuration can be found there in the ICA Settings tab.
Figure 10-4: The audio quality settings for controlling the multimedia bandwidth. Highlighting the corresponding tabs in Terminal Services Configuration (left back) and the dialog field in Citrix Connection Configuration (right front).
Figure 10-5: The configuration of all major ICA parameters. In this example, many settings are already predetermined by the server administrator.
Figure 10-6: The logon dialog for launching the Management Console for MetaFrame XP. If the pass through authentication is selected when the Management Console is invoked the first time, next time the logon occurs automatically if the user is already working on the MetaFrame server console.
Figure 10-7: The Management Console for MetaFrame XP viewing the current sessions of a server within a farm.
Figure 10-8: Configuring a policy using the context menu.
Figure 10-9: Defining a rule within a policy.
Figure 10-10: Wizard dialog box for adding a new MetaFrame XP administrator.
Figure 10-11: The product licenses view.
Figure 10-12: Selecting a user session to shadow.
Figure 10-13: The option to terminate shadowing of a user session.
Figure 10-14: Parallel view of published applications in the Program Neighborhood (top) and in the Management Console for MetaFrame XP (bottom).
Figure 10-15: A dialog window for determining the object to be published in the corresponding wizard.
Figure 10-16: Configuring the behavior when creating client printers.
Figure 10-17: Managing the printer configuration.
Figure 10-18: Mapping a client driver to a server driver for printers.
Figure 10-19: Choosing when to use universal printer drivers.
Figure 10-20: ICA client printer configuration. Here it identifies different printers on the client and suggests them for integration in the user session.
Figure 10-21: The Citrix SSL Relay Configuration tool.
Figure 10-22: The Secure Gateway for Citrix MetaFrame XP Presentation Server.

Chapter 11: Resource Management in Server Farms

Figure 11-1: Communication channels for load balancing: (1) Terminal Services client connects with a terminal server to Network Load Balancing Service installed. (2) Network Load Balancing Service determines the terminal server that responds fastest. (3) The RDP connection is established with the selected terminal server.
Figure 11-2: Establishing a new Network Load Balancing Service cluster.
Figure 11-3: Configuring the Network Load Balancing Service using the properties of the LAN connection.
Figure 11-4: Communication pattern for reconnecting a user using the Session Directory: (1) User wants to establish a connection with a terminal server farm. (2) Terminal server asks the Session Directory server if it already has a session for this user. (3) Session Directory server searches its database. (4) User session is found and information is returned to the terminal server that made the request. (5) Terminal Services client receives the information. (6) Terminal Services client connects with the server holding the user session.
Figure 11-5: Session Directory Settings in Terminal Services Configuration.
Figure 11-6: Conducting the settings for the Session Directory using Group Policies.
Figure 11-7: The Management Console for MetaFrame XP with the context menu for load evaluators.
Figure 11-8: Adding a new load evaluator.
Figure 11-9: Installing the Windows System Resource Manager.
Figure 11-10: Configuring a resource allocation policy.
Figure 11-11: The main administration console window of AppSense Performance Manager.
Figure 11-12: Configuring the Intelligent Process Management: the maximum processor load is limited to 90 percent. Regular checks are performed to see if the limitation is still necessary.
Figure 11-13: Limiting the memory for different user groups. The highlighted user group is on a warning level of 50 MB and a blocking level of 60 MB per user session.
Figure 11-14: The AppSense Optimizer console window.
Figure 11-15: Predefined server counter objects representing metrics in the Citrix Resource Manager.
Figure 11-16: Dialog for configuring the server metric properties.
Figure 11-17: Setting a time zone redirection.
Figure 11-18: Test script execution options with RoboServer: two RoboClients with 10 user sessions each are connected with RoboServer.

Chapter 12: Web Access to Terminal Server Applications

Figure 12-1: Possible constellation with Web servers for HTML pages (1) and graphics (2) and for a terminal server (3) to generate a Web page with an embedded RDP session.
Figure 12-2: Hierarchy of dialog windows for installing Remote Desktop Web Connection.
Figure 12-3: Internet Information Services Manager after installing Internet Information Services and Remote Desktop Web Connection.
Figure 12-4: Log in using Remote Desktop Web Connection. Installing the signed ActiveX control element usually generates a security warning.
Figure 12-5: Executing an embedded user session in Internet Explorer.

Chapter 13: Application Access Portals

Figure 13-1: Outline of an environment with the Web Interface for MetaFrame XP.
Figure 13-2: The Internet Information Services Manager after the installation of Web Interface for MetaFrame XP.
Figure 13-3: Web Interface for MetaFrame XP administration environment.
Figure 13-4: Default Web Interface for MetaFrame XP logon page.
Figure 13-5: Warning during the installation of the signed Web Interface for MetaFrame XP ICA client.
Figure 13-6: Displaying two published applications in the Web Interface for MetaFrame XP.
Figure 13-7: Web Interface for MetaFrame XP in combination with the Secure Gateway.
Figure 13-8: The architecture of an environment with Secure Access Manager. In addition to the potential of linking up MetaFrame servers, further application servers can also be integrated.
Figure 13-9: A Citrix Secure Access Manager page. Each window corresponds to a content delivery agent (CDA).
Figure 13-10: Integrating Secure Gateway in Secure Access Manager.
Figure 13-11: The architecture of a Canaveral environment where all roles are assumed by dedicated servers. The combination of several server roles on one platform simplifies the architecture considerably.
Figure 13-12: New Moon Canaveral iQ installation wizard dialog box, checking whether all of the installation prerequisites have been met on the target platform.
Figure 13-13: Structure of the New Moon Canaveral iQ Web site in the Internet Information Services Manager.
Figure 13-14: The New Moon Canaveral iQ Management Console in the process of configuring published applications.
Figure 13-15: User view of the New Moon Canaveral iQ application access portal. The view shows the window with the list of all applications that have been published for the current user.
Figure 13-16: Displaying the connection to an RDP client in Canaveral iQ.

Team LiB
Previous Section Next Section