Citrix Meta Frame Presentation Server 3 0 Codename

Citrix Meta. Frame Presentation Server 3. 0 Codename – “Hudson” Release Date – April 27, 2004 Douglas A. Brown Senior Systems Engineer Citrix Systems, Inc.

New Features • Lots of new and useful features – – – Lots of new Presentation Server Features Lots of new Web Interface Features Lots of new Client Features A few new Secure Gateway Features A few new RM, IM, and NM Features • Not as big an architectural change as 1. 8 -> XP – License Server is the only architectural change – Several architecture components have been enhanced

Architecture and Administrative Features

New Architecture / Administrative Features • Enhanced Farm Scalability • Access Suite Management Console • Enhanced Delegated Administration • Enhanced Policies • Zone Preference and Failover

Enhanced Farm Scalability • Validated up to 1000 servers in a farm • Zones of 1000+ servers (with dedicated ZDC)

Access Suite Management Console • Does not replace the existing Management Console • First Generation of Suite-wide management tool

Enhanced Policies • Can throttle any virtual channel bandwidth (not just printing) – Client Drives – Client Devices – Custom Virtual Channels (i. e. Tricerat Screwdrivers) • Network printer behavior – Client printer via ICA, or – Network printer via RPC • Meta. Frame Password Manager settings – Disable Password Manager – Central Credential Store location

Enhanced Policies - Filtering • Additional filtering options: – – Client IP Address Client Name Servers Users

Enhanced Policies - Filtering • Can use wildcards in filters – i. e. Filter by Client Name: use WI_* as filter for users coming from Workspace Control-enabled WI site • Filter can allow or deny policy • Can mix allow and deny policies within same policy – i. e. disable client drive mapping for “domain users” and deny policies to specific users within the “domain users” group • Supports anonymous and/or explicit user filtering • IP Addresses evaluated is the actual client IP address – Not the Secure Gateway IP or NAT firewall IP

Zone Preference and Failover • Implemented as a Presentation Server policy • Good for distributed farms and ASPs – Forces users to preferred zone for applications – Lowest loaded server within that zone is used • Also useful for Disaster Recovery – Backup zones (up to 10) can be specified • Works for PN Agent and WI connections – Connections via PN and Conferencing Manager may be directed to other zones

MPS Certifications and Standards Microsoft Certifications q Certified for Microsoft Windows ü Windows Server 2003 (Standard, Enterprise, and Datacenter) ü Windows 2000 Server (Server, Advanced, and Datacenter) q Designed for Windows XP Gold ü Windows XP, 2000, ME, 98, NT q Designed for Windows Mobile ü Windows Pocket PC, Windows CE RSA Security Certifications q RSA Secur. ID Ready Industry Regulations q q FIPS 140 -1 U. S. Rehabilitation Act Section 508 HIPAA Common Criteria EAL 2 (MF XP FR 3 submitted in security target)

End User and Access Features

New End User / Access Features • Workspace Control • Session Reliability • Web Interface Enhancements • Enhanced Tablet PC Support • RDP Support • Enhanced Java Client • Enhanced PN Agent • Secure Computing Safe. Word Support • Enhanced Logon Feedback • Bi-directional Audio • Speed. Screen Improvements • Section 508 Conformance • Secure Gateway and Port Address Translation

Workspace Control • “Follow me roaming” with WI or PN Agent • Requires latest versions of: – Presentation Server Client – Web Interface – Presentation Server • Reconnects printers and client drives from new client • Can reconnect to a session, even if screen resolution has changed • Greatly reduces need for custom solutions

Workspace Control • 1 • 2 • 3

Workspace Control

Workspace Control – PN Agent

Web Interface Improvements • Can install to Non-default web site • WI Ticketing done via IMA, not RPC/XML • Icons are generated on the fly, not stored on disk – Should alleviate missing icons syndrome • Able to Hide disabled applications • Asian Language Web Server Support – Unicode format of ICA files – Supported by 8. x clients only

Web Interface Improvements • More extensive browser support

RDP Client Support from WI • More limited features than ICA • May be useful as a “client of last resort” for Windows XP clients • Uses a Presentation Server License

Enhanced Logon Feedback • Better feedback to user on logon process • Steady stream of notification boxes

Bi-Directional Audio • Full stereo sound can travel from client to server • Support for: – Headset microphones – Philips Speech. Mike (i. e. Medical Transcription) • Serial port and USB versions supported • Does not work with Workspace Control • Requires latest client and server • Recommended on LAN environments

Speed. Screen Improvements • Speed. Screen Flash Acceleration – Improves rendering of Macromedia Flash content on published browsers by setting player to “low quality” playback by default. • Speed. Screen Multimedia Acceleration – Streaming of video and audio data to the local device to leverage local content player resources. • Speed. Screen Image Acceleration – Allows tradeoff of image quality for lower bandwidth – Implemented via policy

Speed. Screen Multimedia Acceleration Media Type (encoding) DIVX Video XVID Video Microsoft Video 1 MPEG-1 Video MPEG-4 Video Interactive Video MPEG-1 Audio AC 3 Audio AVI MPEG MPG ASF Windows Media Player 6. 4/8. 0/9. 0 Real. Player 8+ X X File Format (. ext) X X X X Quick. Time X X X Embedded Direct. Show Based Players Requires media app on server, X and proper CODEC on client. X X Tested with Windows 98/2000/XP. Fraunhofer MPEG Layer-3 Codec MP 3 WMA * * WMV X X Real Media RM X X Quick Time MOV X X

Session Reliability • Allows sessions to remain viewable when network connectivity is interrupted – Seamless windows can be moved/resized • Uses a configurable TCP port – Noteworthy for some high-security networks • Requires latest version of – Client – Presentation Server

Enhanced Tablet PC Support • Can use “input panel” (soft keyboard) for input – Including login screen on ICA session • Voice input support • Support for display mode switching – Landscape, Portrait display modes

Java Client 8. 0 • Printer auto detection • Support for local root certificates • Enhanced UI and seamless windows support • New MPS feature support: auto-created printers – universal printer driver (mono and 300 dpi) – Speed. Screen browser acceleration (MF XP FR 3) – Speed. Screen image and flash acceleration – session reliability – workspace control – dynamic session reconfiguration

Licensing

Meta. Frame Secure Access Manager 2. 2

Secure Access Manager 2. 2 Customer Enhancement Requests • Remote employees need offline access to email. • Need to support additional browser beyond Microsoft’s Internet Explorer. • Desire to secure existing Enterprise Information Portal (EIP) or other existing Web based infrastructure. • Challenges displaying Java based internal Web sites and applications. • Challenges accessing internal Web sites with unique verb sets, Web. DAV enabled sites, etc…

Meta. Frame Secure Access Manager 2. 2 delivers… • Alternative User Interface: – Allows Meta. Frame Secure Access Manager to direct users to different EIPs or Web based infrastructures (other than the Access Center) immediately after authentication. • New Advanced Gateway Client, providing support for: – – Most common PC browsers (IE, Netscape, etc…) Synchronization of Outlook 2000+ clients Access to java based Web sites and applications Access to sites incorporating unique verb sets such as Web. DAV enabled sites, Outlook Web Access, etc… – All the capability of existing client

Meta. Frame Conferencing Manager 3. 0

Conferencing Manager Evolution • Guest attendees – Users that are not Meta. Frame users or are not employees • Overall enhanced usability – – All users launching applications Attendee moderated mouse and keyboard control Request mouse/keyboard control Application whiteboard

Guest Web Login • Friendly Name • Guest ID – unique for each – guest attendee – E. g. email address • Conference ID – conference unique

Adding attendees • Invite users from the domain, internal email or now external users

Usability Improvements • Set Mouse/Key. B Control • Pass Mouse/Key. B Control • Request Mouse/Key. B Control • Send Message to attendee

Meta. Frame Password Manager 2. 5

Password Manager Architecture Meta. Frame and/or Desktop Deployed Administration Console SSO Agent Push Sync Directory or File share

Meta. Frame Password Manager 2. 5 New Features • Novell Authentication – Works with Novell’s version of the Windows GINA – Primary authentication against e. Directory (formerly NDS) • Support for Certificate-based (PKI) Smart Cards • Hot Desktop through compatibility with Workspace Roaming – No Primary Authentication logoff required – Works only with Meta. Frame Presentation Server 3. 0 • Workstation Lockout for Re-authentication – Inactivity timeout

Meta. Frame Password Manager 2. 5 New Features • Localized Agent – German, French, Spanish and Japanese • Drop-down Logon Menu Support – Windows and Web based applications – E. g. : Domain Drop Downs • Manual Password Change Policy Enforcement – Now includes manual password changes