Using One Citrix Web Interface Site with Multiple XenApp Farms

How Does Web Interface Work

source: Carl Webster The Accidental Citrix Admin

In a Microsoft Windows environment, Web Interface works with Internet Information Services (IIS) to provide users with access to published resources. Users will use a standards based Internet browser or the Citrix Receiver to access their resources.

A Web Interface (WI) server will have one or more XenApp Web sites or XenApp Services sites configured. Each site will be configured for one or more XenApp farms. Each XenApp farm will have one or more XML Brokers listed to handle user authentication and resource enumeration. Once a user has been authenticated and selects a published resource, the Zone Data Collector (DC) is contacted. The DC determine s if the user has an existing session on the server hosting the published resource and if a session exists, that session is reused (called Session Sharing). If the user does not have an existing session, a session is created and the published resource is started.

The XML Broker will also request a session ticket from the Secure Ticket Authority (STA). The STA is responsible for issuing session tickets in response to the request to connect to the published resources. These session tickets form the basis of authentication and authorization for access to the published resources.

A Web Interface server is normally placed in a DMZ; however, it may be placed inside the corporate network. Web Interface requires no XenApp components to be installed. A Web Interface server is not typically a member of a XenApp farm, nor is it typically a member of an Active Directory domain. However, in the smallest of networks, it is possible and common for Web Interface to be deployed on a XenApp farm member and/or on a member of an Active Directory domain.

First, let’s stop, take a step back and review some basics.

What is a XenApp farm? A XenApp farm is a group of XenApp servers that can be managed as a unit, enabling the administrator to configure features and settings for the entire XenApp farm rather than being required to configure each server individually. All the servers in a farm share a single data store.What is a data store? The data store provides a repository of persistent information about the farm that each server can reference, including the following:

  • Farm configuration information,
  • Published resource configurations,
  • Server configurations,
  • XenApp administrator accounts,
  • Printers,
  • Printer drivers,
  • Policies,
  • Load Evaluators, and
  • Folders.

What is a Zone? A Zone is a logical grouping of XenApp servers that share a common zone data collector. Zones allow the efficient collection of dynamic farm information. Each zone in a farm has exactly one data collector. All of the member servers in a particular zone communicate their dynamic information to the data collector for their zone.

What is a zone data collector? A zone data collector is a server that stores and manages dynamic information about the XenApp servers in a zone, including:

  • Published resource usage,
  • Server load,
  • User sessions,
  • Online servers,
  • Connected sessions,
  • Disconnected sessions, and
  • Load balancing information.

The data collector shares this information with all other data collectors in the XenApp farm.

All XenApp servers in the farm use the Independent Management Architecture (IMA) service and protocol in server-to-server communication. IMA also is used by the Access Management Console or the Delivery Services Console or AppCenter (depending on the version of XenApp used) to allow XenApp farm administrators to manage and configure various XenApp farm and server settings.

What is an XML Broker? The Citrix XML Broker functions as an intermediary between the XenApp servers in the XenApp farm and the Web Interface. When a user authenticates to the Web Interface, the XML Broker:

  • Receives the user’s credentials from the Web Interface and queries the XenApp farm for a list of published resources that the user has permission to access. The XML Broker retrieves this application set from the IMA system and returns it to the Web Interface.
  • Upon receiving the user’s request to launch a resource, the DC locates the servers in the farm that host this application and identifies which of these is the optimal server to service this connection based on several factors. The DC returns the address of this server to the Web Interface.

The XML Broker is a function of the Citrix XML Service. By default, the XML Service is installed on every server during the XenApp installation process. Multiple XenApp servers can have their XML Service specified in Web Interface to allow those servers to function as a XML Broker. The XML Service on the other farm servers still runs but is not used for servicing end-user connections.

The Secure Ticket Authority is also installed on every XenApp server.

For most small to medium sized XenApp farms, one XenApp server is dedicated to be the Zone Data Collector, XML Broker and STA server. In some large XenApp farms, it may be necessary to dedicate a XenApp server for each of the three roles.

Dedicating a XenApp server for each role is easy to do. You would have three XenApp servers with no end-user applications installed. In the Zone settings for the farm, you would configure one of the servers as the Most Preferred data collector and the other two as Preferred data collectors. The server to be dedicated as the XML Broker would only be used when an XML Broker needs to be entered. The server to be dedicated as the STA server would only be used when an STA server needs to be entered.

Figure 1 illustrates the interaction between Web Interface and other servers in a XenApp farm.

Figure 1

Figure 1

Figure 2 shows some of the steps involved in the Web Interface process.

Figure 2

Step Action Graphic
1 A user connects to a Web Interface server from any device that has Citrix client software installed.
2 The user enters their credentials on the login page.
3 The web server reads the user’s credentials and forwards the credentials to the Citrix XML Service on the servers listed in the server farms.
4 If the user’s credentials are not valid, return to Step 2. If the user’s credentials are valid, the Citrix XML Service retrieves a list of resources from the XenApp servers the user has permission to access. This list of resources is called the user’s resource set. The Citrix XML Services returns the resource list back to the Web Interface server.
5 The Web Interface server builds a custom HTML web page consisting of the resources the user has permissions to run.
6 The user clicks one of the published resource icons.
7 The Citrix XML Service locates a server in the required farm that has an existing session for the user and the settings for the resource being launched match the settings for the resources running in the existing session. If those conditions match, the Citrix XML Service requests a session ticket and returns the server’s IP address and session ticket to the Web Interface server. If those conditions are not met, the Citrix XML Service requests a session ticket from the least-busy server and returns the server’s IP address and session ticket to the Web Interface server.
8 Web Interface creates a custom launch.ica file and sends the file to the user’s Citrix client.
9 The Citrix client software receives the file and initiates a session with the server specified in the file.
10 The published resource runs on the XenApp server and is displayed on the end-user device.