Presentation is loading. Please wait.

Presentation is loading. Please wait.

Florida Department of Transportation Citrix Implementation

Published byZoe Richards Modified over 9 years ago

Similar presentations

Presentation on theme: "Florida Department of Transportation Citrix Implementation"— Presentation transcript:

1 Florida Department of Transportation Citrix Implementation

2 Topics Our Challenge Citrix Overview FDOT Citrix Installation
Trns*port Implementation For More Information

3 Our Challenge

4 9 Districts of Distributed Users

5 FDOT Users 2,939 Distinct Userids with Access to Citrix Applications
Many External Firms & Users Many Different Desktop Configurations…. Many Different Locations

6 IT Challenge IT is under intense pressure to simplify the management of enterprise resources and make them more cost-effective to operate IT organizations are coping with these technical, economic and business challenges through consolidation We found Citrix to be an easy way to provide a single point of access to the on-demand enterprise from any location, for any number of people, using many devices, over any connection.

7 Benefits of the Citrix Deployment
Benefits for IT Centrally consolidate applications, reducing costs and complexity Increased productivity Resilience to business/technical disruptions An “observation dashboard” – where, how, when and by whom systems are accessed Software as a utility More Control Benefits for Users Just like the office – no compromise in experience, regardless of location Always on, always there – just connect & compute, over any network Dynamically follows you – any screen, any shape, with many devices

8 Citrix Overview

9 Citrix Metaframe Access Suite Products
Citrix MetaFrame XP Presentation Server: Centrally manage enterprise applications and access them from anywhere. Citrix MetaFrame Conferencing Manager: Work collaboratively on the same applications and documents. Citrix MetaFrame Password Manager: Single sign-on through Citrix MetaFrame Access Suite. Citrix MetaFrame Secure Access Manager: Provide secure, personalized access over the Web to applications & information.

10 MetaFrame XP Presentation Server Product Highlights
Access any application on most devices Web enable existing applications Securely access applications over the Internet Simplify applications deployment Easily manage server farms from a single interface Leverage and extend existing investments in hardware and software 3 Editions – Standard, Advanced, Enterprise

11 FDOT Citrix Implementation Overview

12 Applications Implemented on Citrix
Trns*port – BERC, Expedite, CES, PES, LAS, Sitemanager Pontis – Bridge Management HiRiide – Rail Road Crossing Management iLIMS – Lab Information Management System IE for Secure Remote Intranet Access

13 FDOT Citrix Implementation Environments
Unit Test IT Staff Testing No External Internet Access System Test User Testing External Internet Access User Training Production

14 FDOT Citrix Implementation Hardware
Network Load Balanced, Fail-over Servers & Function Citrix Secure Gateway - CSG (2) NFUSE (2) Secure Ticket Authority (STA) (2) Metaframe (6+4) Oracle Databases (Citrix Data Store, RMS) Citrix Independent Computing Architecture (ICA®) CSG - Secure Traffic to Client (SSL) Need digital Certificate Citrix Secure Gateway (Secure Gateway) is designed to secure all Citrix Independent Computing Architecture (ICA®) traffic traveling across the Internet between MetaFrame servers and Secure Sockets Layer (SSL)-enabled ICA Client workstations, making firewall traversal easier, providing heightened security with SSL encryption, simplifying deployment, and enabling tight integration with Citrix NFuse. application portal software. Overview Secure Gateway is a security solution with ICA specific gateway functions. It removes the need to publish the addresses of every Citrix server, simplifies server certificate management, and allows a single point of encryption and access into a Citrix server farm. It does this by providing a gateway that is separate from the MetaFrame servers and reduces the issues for firewall traversal to a widely accepted port for ICA traffic in and out of firewalls. The following benefits are achieved with Secure Gateway: . Strong encryption (SSL V3 128-bit). . Authentication (achieved through NFuse). . Internal network addresses of your Citrix servers are hidden. . Firewall traversal through a widely accepted port. . Single-point server certificates. . Large number of servers can be supported easily. . Does not need separate client software. Works with standard ICA Clients, Version 6.20 or higher. NFUSE - Authentication Secure Ticket Authority Metaframe Oracle ICA Client Databases can be SQL or Oracle Verisign Certificate Terminal Server Licenses In Citrix Secure Gateway (CSG) deployments, the gateway server does not perform authentication of incoming requests. Instead, the gateway server defers authentication to an application enumeration server and uses the STA to guarantee that each user is authenticated.

15 SecureTicket Authority
NFUSE File Share DB CSG Metaframe

16

17 User Management Domain Groups
Within Citrix Metaframe we publish to domain groups (not individuals) Example: APP_CTX_Expedite Managed by each district who each have application security coordinators… Corresponding Lotus Notes Groups Challenge to keep up to date for external users Communication to users via Application Coordinators Problem Handling Users Call District Help Desk If District Can’t Resolve Goes to Central Office

18 System Usage Heaviest Usage Time: 10:00 am – 12:00 am
Heaviest Used Application: Sitemanager Typically 120 Concurrent Users - Have Gone to 175 RMS

19 # of Distinct Users by Application Per Day - August 2003

20 Total # of Distinct Users Per Day – August 2003

21 FDOT Citrix Implementation Things We Learned
Hardware Problem Handling Add Both Software Licenses & Hardware for New Applications & Growth Printers Patches Systest Usage Communication Central Information Website

22 Florida DOT Trns*port Specifics

23 Florida DOT Trns*port Specifics
Six Metaframe Servers in Production Farm Single Location for Terminal Service Profile Paths Single Location for User Application Data Batch Files Used to Start Applications With Six Metaframe Servers Florida DOT had to consider users settings across all six servers, by this I mean if a user logs on one server this time and another next time we had to attempt to make sure user specific settings carried over to the next server. We accomplish this in three ways. First we ensured that each user had a Terminal Service Profile Path setup to a cluster file share that was local to the Metaframe Farm. This allow register settings, and files changes located in the windows directory to automatically be user specific. Secondly, we created a file share which we maintain to handle other application specific changes not normally handled by windows such as SiteManager’s Local Database. Thirdly we launch most applications via a batch file. This complemented the other two by allowing us to customize the user’s environment with files from the two locations.

24 Trns*port General Issues
DPS Status Monitor. Port Usable by Only One Person. SiteManager Local Database. Different Database for each User the same across all servers in the Farm. SitePad. Allow users to sync locally with SiteManager running on Metaframe server. Overall Trnsport Applications respond well to a Multi-user environment such as Metaframe or Terminal Services. One major issue with the Trnsport suite and a Multi-user environment is the DPS Status Monitor. The problem with DPS is that it uses a port which is set in an ini file. This port is useable by only one user and each subsequent user that login’s fail to be able to see the status and sometimes could not submit jobs to the DPS Server. At Florida we have created a process that allows us to assign each user a port for use during there session. This port is assigned in tplc.ini file for CES\PES\LAS, and in the SMAPP.INI file For SiteManager. For CES\PES\LAS this resolves the issue because the tplc.ini file is located in the windows directory each user automatically gets their own copy of it, but in the case of SiteManager the SMAPP.INI file is located in the SiteManager Directory. For SiteManager we had to copy a copy of the SMAPP.INI file to each user individual application directory and change it there, and then launch SiteManager from the individual application data directory. All of this is accomplish in a batch file that starts SiteManager. SiteManager also has one other issue unique to a multi-user environment, and that being the Local Database. This problem was easy solved by copying a copy of the local database to the user’s application data directory, and then setting the DSN to point it. Sitepad in conjunction with Metaframe proved to be a little more difficult. The issue was to allow the user to seamlessly Sync there Palm with SiteManager running on the Metaframe. We accomplish this by installing Palm Desktop on the Metaframe and then pointing its registry setting to the local client’s Palm Desktop data location. With the additional step of monitoring the Metaframe’s Registry for changes that indicated the need for SitePad data to be synced and a small Notifier DLL for the local clients sync process we are able to now use SitePad with Metaframe.

25 Settings to Be Cautious About
Idle Time Outs Limiting Programs to Single Instances There is two specific setting in Metaframe that we seems to be good ideas on the surface but with experience proves to cause problems with the Trnsport Suite. The first one Idle Time Outs. Idle Time outs logs the user off after a specific amount of idle time.This does not do so cleanly with in PES\LAS where if a user has a contract open for update could end up leaving entities locks. These entities locks are saved to a particular Metaframe server and the user is not likely to ended up on the same Metaframe server again. The Second is allowing on one Instances of a program per user. The problem with this setting occurs when a user is using more than one Module in the Suite. If the user starts one of the modules that starts DPS Status Monitor and then logs on a second module that uses it two and then shuts down the first module they will not be able to enter the first module again until they logoff of all modules that uses the DPS Status Monitor. This is because the Metaframe considers the DPS Status Monitor to be part of the first Module. For example, if Sue logs into SiteManager, then logs into Pes and the Shuts down SiteManager she would not be able to log back into SiteManager until she exits Pes also.

26 Helpful Changes to Trns*port Suite
User Settings in KEY_CURRENT_USER Registry Hive INI Files Migrated to Window’s Directory Dynamic Ports for DPS Status Monitor

27 FDOT Citrix Metaframe/Trns*port
Successfully Implemented Even with the Issues that Florida Dot has had with the Trnsport Suite and Metaframe it has had a positive effect on both maintainability, scalability, and overall user satisfaction. Were in times past the client took the most time to roll out. We can now ensure all of our clients receive an updated client in minutes whether that user is in the central office in Tallahassee, Fl or in the Outback of Australia, all that is required is a dial-up connection. And to top that it does not matter whether the user is running a 486 or Pentium 4 they will get the same great performance as any other user.

28 For More Information

29 Where to Get More Information
FDOT Presentation, Scripts, Etc. Amy Price Citrix Contact: Bert Wakeley

30 More Suggested Citrix Resources
Introduction to the Citrix Secure Gateway Document: Best Practices for Securing a Citrix Secure Gateway Deployment Citrix Supported Clients Download Tweak Citrix – for Citrix Technologists Doug Brown’s Site

31 Demo Signing in Via Citrix

Download ppt "Florida Department of Transportation Citrix Implementation"

Similar presentations

SLAC Remote Access and Citrix XPe Brian Scott SLAC May 2004.

SLAC Remote Access and Citrix XPe Brian Scott SLAC May 2004.
Microsoft and Community Tour 2011 – Infrastrutture in evoluzione Application Virtualization: Package and Deploy Virtual Applications Level 300 - Advanced.

Microsoft and Community Tour 2011 – Infrastrutture in evoluzione Application Virtualization: Package and Deploy Virtual Applications Level Advanced.
Citrix Secure Gateway v1.1 Technical Presentation August 2002 Technical Presentation August 2002.

Citrix Secure Gateway v1.1 Technical Presentation August 2002 Technical Presentation August 2002.
TERMINAL SERVER DEPLOYMENT PLAN. STEP 1: PREPARATION  UTILIZE THE CURRENT SERVER FOR: ACTIVE DIRECTORY (AD) ACTIVE DIRECTORY (AD) NEEDED FOR STORAGE.

TERMINAL SERVER DEPLOYMENT PLAN. STEP 1: PREPARATION  UTILIZE THE CURRENT SERVER FOR: ACTIVE DIRECTORY (AD) ACTIVE DIRECTORY (AD) NEEDED FOR STORAGE.
Which server is right for you? Get in Contact with us 021- 671 2170

Which server is right for you? Get in Contact with us
MUNIS Platform Migration Project WELCOME. Agenda Introductions Tyler Cloud Overview Munis New Features Questions.

MUNIS Platform Migration Project WELCOME. Agenda Introductions Tyler Cloud Overview Munis New Features Questions.
FDOT Implementation of Bid Express Leila T. Griffin October 14, 2004.

FDOT Implementation of Bid Express Leila T. Griffin October 14, 2004.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Copyright 2002: LIIF Technology Architecture Review Database Application Architecture Database Application Architecture Collaborative Workgroup Architecture.

Copyright 2002: LIIF Technology Architecture Review Database Application Architecture Database Application Architecture Collaborative Workgroup Architecture.
Network+ Guide to Networks, Fourth Edition

Network+ Guide to Networks, Fourth Edition
Jeff Patton & Doug Whiteley It Service Group IT Roundtable July 15 th, 2009 Thin Clients & Terminal Services.

Jeff Patton & Doug Whiteley It Service Group IT Roundtable July 15 th, 2009 Thin Clients & Terminal Services.
Understand Virtualized Clients 10753 Windows Operating System Fundamentals LESSON 2.4.

Understand Virtualized Clients Windows Operating System Fundamentals LESSON 2.4.
Citrix ® Secure Gateway Phil Montgomery Senior Product Manager Citrix Products and Services October 2001.

Citrix ® Secure Gateway Phil Montgomery Senior Product Manager Citrix Products and Services October 2001.
ManageEngine TM Applications Manager 8 Monitoring Custom Applications.

ManageEngine TM Applications Manager 8 Monitoring Custom Applications.
Understanding Active Directory

Understanding Active Directory
Overview of Centra 7. Centra 7 Highlights A real-time collaboration and communication platform Security, Scalability, Flexibility Supports all the critical.

Overview of Centra 7. Centra 7 Highlights A real-time collaboration and communication platform Security, Scalability, Flexibility Supports all the critical.
ArcGIS for Server Reference Implementations An ArcGIS Server’s architecture tour.

ArcGIS for Server Reference Implementations An ArcGIS Server’s architecture tour.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.

11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.

Similar presentations

Ads by Google