See correction to this article

Creating the Integrated Environment
The first step in creating an integrated environment entails making UNIX and Windows applications available to the same UI. If you already use MetaFrame for Windows and want to add MetaFrame for UNIX to the mix, you'll be glad to know that the ICA client that your users use to connect to MetaFrame for Windows servers will also let them connect to MetaFrame for UNIX servers. To publish an application from MetaFrame for UNIX, you must use the ctxappcfg command-line utility, not the Published Application Manager that you use for MetaFrame for Windows. Log on as superuser or as ctxsrvr, the designated Citrix administrator account, then walk through the following process (this sample exchange publishes xterm, a terminal command-line window, from a Hewlett-Packard HP-UX server running MetaFrame for UNIX):

# /opt/CTXSmf/sbin/ctxappcfg
App Config>  add
Name:  XTERM
Command line:  /usr/bin/X11/
  xterm
Working directory: 
Anonymous [yes|no]:  no
Successfully added configuration
  for "XTERM".
App Config>  exit

MetaFrame for Windows administrators working with MetaFrame for UNIX for the first time will notice some differences. First, although you can use the Administrator account to log on to MetaFrame for Windows, by default you can't use the root account to log on to a MetaFrame for UNIX session. (This limitation is a generally accepted security restriction in UNIX, which doesn't let you log on as root from anywhere but the console.) Second, you must apply Feature Release 1 (FR1) and any available patches to the UNIX servers before publishing applications. FR1 gives your terminal sessions higher color depth (up to True Color) and adds some other features, such as multiple-monitor support and application-specific fixes. Until I applied the patches to our Sun Microsystems Solaris server, applications that were supposed to appear in seamless windows came up with a small blank desktop window, which I had to close.

When the applications are available, Win32 clients can connect to both kinds of MetaFrame terminal servers from the same tool. From the Citrix Program Neighborhood (Start, Programs, Citrix ICA Client), click Application Set Manager, then choose Custom ICA Connections. When you start the wizard this way, you can browse for both Windows and UNIX servers, as Figure 1 shows. The list that appears displays the servers; select Published Application instead of Application Set Manager to see the applications published from both Windows and UNIX servers. When a user creates connections to any published application or server desktop, those connections will appear in the Custom ICA Connections group.

NFuse
MetaFrame has long supported a Program Neighborhood for Win32 clients. This feature lets you display icons for published applications in a dialog box on the desktop (or even pushed to a user's Start menu or Desktop). However, for a long time, this Program Neighborhood wasn't available to non-Win32 clients. Even on platforms that do support Program Neighborhood, you could create custom ICA connections or connect to one Citrix farm, but you couldn't browse across farms. In 2000, Citrix introduced NFuse, a Web-based Program Neighborhood that lets you see application icons from any farm in a Web browser and launch applications from those icons, assuming you have the appropriate permissions. To further streamline application connectivity, you sign on to this application Web page just once to access all applications from any farm.

To make application icons appear in Web browsers, Citrix relies on three technologies*MetaFrame, a Web server, and XML. The MetaFrame servers can be Windows- or UNIX-based, and the Web servers can be Microsoft IIS or Apache. The XML services, collectively called NFuse and available for free on the Citrix Web site, enable the MetaFrame servers and the Web servers to communicate.

To determine who can see which applications in MetaFrame for Windows, you use Published Application Manager. In MetaFrame for UNIX, you must publish the applications, then separately filter access to the published applications by user or group. (MetaFrame for UNIX filters apply only to applications that NFuse presents. The ICA client browser displays all published applications, regardless of the filters.) When a user loads the NFuse logon Web page, he or she must enter a username and password. If the user is authorized to log on, NFuse displays the suite of applications he or she is permitted to access.

When the user launches an application from the NFuse page, the local ICA client launches and accesses the MetaFrame server that publishes the application. Thereafter, all communication occurs between the ICA client and the MetaFrame server directly—the Web server is no longer involved; its role is simply to present the link to the application on the MetaFrame server.

If you want to publish both Windows and UNIX applications on one Web page, you might also want to let users log on once to gain access to both servers. The easiest way to configure NFuse for one logon is to give each user one username and password for both the Windows and UNIX terminal servers.

An alternative is to share the security databases so that you don't have to create special NFuse accounts to access both application types. To share the databases, you must employ some Windows-UNIX authentication integration tool—for example, Microsoft Services for UNIX (SFU).

How Licensing Works
When you're working with both MetaFrame for Windows and MetaFrame for UNIX, licensing can become tricky. MetaFrame for Windows requires both per-seat Terminal Server Client Access Licenses (TSCALs) because it runs on Windows 2000 Server Terminal Services and per-connection MetaFrame licenses. The per-seat licenses are in addition to the CALs required to connect to any Windows server. MetaFrame for UNIX, in contrast, requires only the same per-connection MetaFrame licenses that MetaFrame for Windows uses. In fact, Windows and UNIX terminal servers running MetaFrame 1.x can share the same license pool. UNIX doesn't require any client licenses for the OS.

The Windows Terminal Services underlying MetaFrame for Windows uses a per-seat TSCAL explicitly assigned to the client machine that accesses the terminal server. Therefore, you must configure published Windows applications to permit access to only the people who need the applications. Otherwise, you'll lose TSCALs to anyone who idly clicks the application links.

Some old UNIX hands are apt to scoff at MetaFrame for UNIX as a way to make UNIX do something that it does already, but adding ICA support to UNIX lets it do things that aren't possible with the X protocol. ICA support lets you enjoy low-bandwidth access to graphics-intensive UNIX applications, deliver UNIX applications to platforms that don't support X natively, provide one interface for UNIX and Windows applications (with optional access from a Web interface), use Session Shadowing, and disconnect and reconnect to desktop sessions or published applications at will. In short, ICA and X are different protocols with different applications. ICA gives you true interoperability, making Windows and UNIX applications available to any user with an ICA client. Using ICA with Windows and UNIX lets you run your applications where they belong, instead of trying to retrofit them for platforms for which they're not designed.

End of Article

Prev. page     1 [2]     next page -->
CORRECTIONS TO THIS ARTICLE:
We inadvertently omitted Stephen Greenberg's name as coauthor of "Windows and UNIX on the Desktop" (May 2003, http://www.winnetmag.com, InstantDoc ID 38495). Stephen Greenberg is the founder and president of Thin Client Computing in Scottsdale, Arizona. We regret any inconvenience this error might have caused.



You must log on before posting a comment.

If you don't have a username & password, please register now.

 
 

ADS BY GOOGLE