Citrix released MetaFrame Presentation Server 3.0 (usually referred to as "MPS 3") just over two months ago. The Citrix marketing literature mentions many new features. After using the product for a while, I decided to write this article that details how the new features really work.
This article is not based on any marketing literature. It’s based on my personal experience using MetaFrame Presentation Server 3.0, Web Interface 3.0, and ICA clients 8.0.
Let's run through what each of the new features actually means. In my mind, there are four major new features which I'll list first, but the rest of the features listed here are pretty much in random order.
Real delegated administration
With Feature Release 2 for MetaFrame XP, Citrix claimed “delegated administration” to be one of the features. However, this feature was seriously flawed and therefore not particularly useful in enterprise deployments. The main issue was that in MetaFrame XP, delegated administration meant that you could pick and choose what users could perform what TYPE of actions on servers in a server farm. However, you could not choose WHICH servers those users could affect. For example, you could say that John can administer printing and the Gabe can publish applications, but those rights would be valid for all servers in the farm. There was no way to configure someone to only be able to perform administrative actions on some servers.
Thankfully, Citrix has changed this for MetaFrame Presentation Server 3.0. In the new product you can configure permissions based on server or application folders. This enables you to take a large farm, divide the servers into folders, and configure different users to be administrators for different folders.
Server name, client name, and IP range policies
Citrix user policies, first introduced in MetaFrame XP FR2, have not been particularly useful thus far. However, this will all change with MetaFrame Presentation Server 3. While previous policies could only be applied to users or groups at logon time, MPS 3 policies can also be based on the server name, client name, or the client IP address. This means, for example, that you can make policies for users that vary depending on whether they’re connecting from inside or outside of the firewall. It also means that you can make policies that apply to specific groups of servers or client devices.
Like in MetaFrame XP, you can stack multiple policies on top of each other in Presentation Server 3 for the ultimate in security flexibility.
No zone-to-zone communication option
In MetaFrame XP, all zone data collectors (ZDCs) maintain open connections with each other. In doing so, all ZDCs know everything about every server in the entire farm, and the data collector’s dynamic stores are 100% identical across the farm. In MetaFrame Presentation Server 3, you have the option for ZDCs to behave exactly like they do in MetaFrame XP. However, you also have a second option too:
This second option disables all ZDC to ZDC communication. In doing so, each ZDC only maintains statistics about the servers in its own zone, as opposed to all servers in the farm. The advantage of this is that the server update information is not continually sent from ZDC to ZDC. The downside is that application launch times increase. This is due to the fact that each ZDC only contains server load information about servers in its own zone. Therefore, if a user launches an application that’s published on servers in multiple zones, the ZDC must contact the other ZDCs to get the load indexes for all their servers.
Disabling inter-zone communication is really meant to be used with another new MetaFrame Presentation Server 3 feature: preferred zone policies.
In Presentation Server 3, you can create a policy that specifies a preferred zone (and several backup zones). Remember that Citrix policies are stored in the data store and applied to users, groups, client IP ranges, client names, or server names. For example, you can create a policy that has a preferred zone of “Zone1” and a backup zone of “Zone2.” Then, you can apply this policy to the client IP subnet range that’s at the same location as Zone 1. When users connect, their IP address will be detected and the policy will be applied causing them to connect to a server from Zone 1. If for some reason Zone 1 is not available, the user will instead connect to Zone 2.
PNAgent supports multiple farms
In MetaFrame Presentation Server 3.0, the Web Interface enumerates applications from multiple farms for both web clients and PN Agent clients. The new enum.asp web script on the IIS Web Server enumerates applications from the same set of servers as the applist.asp Web Interface file. Therefore, if you configure Web Interface to aggregate applications from multiple farms, these combined application lists will also be made available to PN Agent clients.
Licenses may be shared across farms
In MetaFrame Presentation Server 3, all licensing components have been removed from the server farm’s IMA data store. In its place, Citrix opted for a central, farm-independent licensing service that can be installed on any server (that’s running IIS). In doing so, a user can simultaneously connect to servers belonging to different farms while only consuming a single connection license.
ICA Virtual Channel priority tagging
In MPS 3.0, you can edit the registry of a server and modify the default relative priorities of each particular ICA virtual channel. The out-of-the-box defaults specified by Citrix should be good for most scenarios, but there have been times in the past when I would’ve loved this feature.
Kerberos Login for 8.x clients
I wrote a fairly detailed article about this a few weeks ago, so I won’t go into details here. The 30-second overview is that when using an ICA client version 8 on a device running Windows 2000 or newer, you can authenticate to a MetaFrame Presentation Server 3.0 system via Kerberos rather than the antiquated second network provider method used in MetaFrame XP.
Access Published Applications with RDC
In a move that seals Citrix’s admission that the RDP protocol is on par with the ICA protocol, you can now connect to Citrix-managed applications with RDP or ICA. Of course the downside of this is that you’ll also consume a Presentation Server connection license for each RDP session in addition to each ICA session.
Requires SP4 for Windows 2000
Hopefully you’re in the mood for hotfixes, because MetaFrame Presentation Server 3.0 requires Service Pack 4 when installed on Windows 2000-based Terminal Servers. (To be fair to Citrix, however, the post-SP4 hotfixes are only critically required when SP4 is installed after MetaFrame, so this shouldn’t technically be an issue for MPS 3.0 environments.)
Digital Dictation Support
When used with ICA version 8 client software, MetaFrame Presentation Server 3.0 supports digital dictation a.k.a. client-to-server audio redirection. This feature allows, for example, a microphone connected to a client device to record sound to an application running on a remote Presentation Server. (Citrix created a new virtual channel to enable this functionality.)
You’ll probably chuckle the first time you fire up a remote session with client audio enabled, because the system prompts you with a security warning box that says something to the effect of, “Warning. This application is turning on your microphone, and anything you say could potentially be recorded.” The user is given an opportunity to override that setting, similar to the client drive access security box that pops up when a user connects to a remote ICA application via a web link.
MMC-based Management Console
Citrix consolidated most of their various tools for the different Access Suite products into a single MMC-based management interface. Unfortunately, you can’t quite configure everything via the MMC, but you should be able to use it for most of your day-to-day tasks. It also has some cool features, like the ability to connect to and enumerate servers from multiple server farms.
One of my personal favorite features is the ability to create custom “views” of your environment consisting of little icons that represent your servers, farms, and zones. You can even specify a background image so that you can have a single-screen map of your building or the US or whatever, with each server placed in the proper location on the map. Then, you can tie these little icons to the actual performance of a server, with a little colored bar graph showing the status of various metrics. I know, I know... Unicenter, Tivoli, OpenView, and even What’s Up Gold have been doing this for years, but it’s still a cool feature.
SpeedScreen Multimedia/Flash/Image Acceleration
The "RAVE" technology that I wrote about several months ago made it into the final product more-or-less unchanged. In a nutshell, this technology allows certain types of multimedia streams to be played outside of ICA. Therefore, you can get 100% identical streaming media performance with or without Citrix. Of course if you do this, you'll have to have a client device with the proper codecs installed, and the connection between the client and the server could potentially consume much more than a pure ICA connection.
Continuous Logon Box
Another one of the nice little “rough around the edges” bits that Citrix cleaned up for MetaFrame Presentation Server 3 was the logon process. Prior to MPS 3, a user would see all sorts of different and random boxes during the logon process. (Citrix connection, usrlogon.cmd DOS box, logon credentials box, logon script, etc.)
A version 8 ICA client connecting to a version 3 MetaFrame server will only see a single box with a status indicator that lets them know where they are in the logon process.
One of the problems with MetaFrame XP was that whenever it was used on a jittery network connection, the client software would disconnect from the server. Microsoft addresses this problem in the newest version of the Remote Desktop Connection client by having the screen fade to grayscale while it tries to re-establish the connection with the server.
Citrix takes this a step farther in MetaFrame Presentation Server 3 with ICA clients version 8. Whenever the connection is interrupted, the client software automatically tries to reconnect. However (and here’s the real trick), it doesn’t indicate to the user that it’s trying to reconnect. By suppressing the reconnect attempt box, Citrix gets “credit” for a continuous connection even if it fails momentarily here and there. Overall, this makes for a more seamless experience for the user.
This is a fancy name for a new feature in the Web Interface. When logging in to a Web Interface 3.0 site, you can select an option that automatically reconnects you to all your disconnected sessions. The idea is that in doing so, you can connect back into your “workspace,” (which would be all of your applications).
Also, there are single button options on the web page that lists your applications that give you one-click access to log out of or disconnect from all of your applications.
Dynamic Session Reconfiguration means that you can reconnect to a disconnected application with different parameters than when the session started. For example, you can start a session from an 800x600 workstation with 256 colors and the reconnect into that session at a later time with 1024x768 resolution and 24-bit color. With the new products, a mini capabilities negotiation takes place whenever a client connects to a disconnected session. This ensures that the parameters of the newly-connected session match those of the client device.
The Win32 ICA Client Packager is a single MSI file that can be used to install the web, Program Neighborhood, and/or PNAgent client software on a single workstation. It simplifies the setup process by automating the installation of the clients. However, the ICA client package does not replace the standard client packages (CAB, EXE, and MSIs), each of which are included on the Presentation Server 3 CD.