A Detailed Look at the new features of Citrix MetaFrame Presentation Server 3.0

Citrix released MetaFrame Presentation Server 3.0 (usually referred to as "MPS 3") just over two months ago.

Citrix released MetaFrame Presentation Server 3.0 (usually referred to as "MPS 3") just over two months ago. The Citrix marketing literature mentions many new features. After using the product for a while, I decided to write this article that details how the new features really work.

This article is not based on any marketing literature. It’s based on my personal experience using MetaFrame Presentation Server 3.0, Web Interface 3.0, and ICA clients 8.0.

Let's run through what each of the new features actually means. In my mind, there are four major new features which I'll list first, but the rest of the features listed here are pretty much in random order.

Real delegated administration
With Feature Release 2 for MetaFrame XP, Citrix claimed “delegated administration” to be one of the features. However, this feature was seriously flawed and therefore not particularly useful in enterprise deployments. The main issue was that in MetaFrame XP, delegated administration meant that you could pick and choose what users could perform what TYPE of actions on servers in a server farm. However, you could not choose WHICH servers those users could affect. For example, you could say that John can administer printing and the Gabe can publish applications, but those rights would be valid for all servers in the farm. There was no way to configure someone to only be able to perform administrative actions on some servers.

Thankfully, Citrix has changed this for MetaFrame Presentation Server 3.0. In the new product you can configure permissions based on server or application folders. This enables you to take a large farm, divide the servers into folders, and configure different users to be administrators for different folders.

Server name, client name, and IP range policies
Citrix user policies, first introduced in MetaFrame XP FR2, have not been particularly useful thus far. However, this will all change with MetaFrame Presentation Server 3. While previous policies could only be applied to users or groups at logon time, MPS 3 policies can also be based on the server name, client name, or the client IP address. This means, for example, that you can make policies for users that vary depending on whether they’re connecting from inside or outside of the firewall. It also means that you can make policies that apply to specific groups of servers or client devices.

Like in MetaFrame XP, you can stack multiple policies on top of each other in Presentation Server 3 for the ultimate in security flexibility.

No zone-to-zone communication option
In MetaFrame XP, all zone data collectors (ZDCs) maintain open connections with each other. In doing so, all ZDCs know everything about every server in the entire farm, and the data collector’s dynamic stores are 100% identical across the farm. In MetaFrame Presentation Server 3, you have the option for ZDCs to behave exactly like they do in MetaFrame XP. However, you also have a second option too:

This second option disables all ZDC to ZDC communication. In doing so, each ZDC only maintains statistics about the servers in its own zone, as opposed to all servers in the farm. The advantage of this is that the server update information is not continually sent from ZDC to ZDC. The downside is that application launch times increase. This is due to the fact that each ZDC only contains server load information about servers in its own zone. Therefore, if a user launches an application that’s published on servers in multiple zones, the ZDC must contact the other ZDCs to get the load indexes for all their servers.

Disabling inter-zone communication is really meant to be used with another new MetaFrame Presentation Server 3 feature: preferred zone policies.

In Presentation Server 3, you can create a policy that specifies a preferred zone (and several backup zones). Remember that Citrix policies are stored in the data store and applied to users, groups, client IP ranges, client names, or server names. For example, you can create a policy that has a preferred zone of “Zone1” and a backup zone of “Zone2.” Then, you can apply this policy to the client IP subnet range that’s at the same location as Zone 1. When users connect, their IP address will be detected and the policy will be applied causing them to connect to a server from Zone 1. If for some reason Zone 1 is not available, the user will instead connect to Zone 2.

PNAgent supports multiple farms
In MetaFrame Presentation Server 3.0, the Web Interface enumerates applications from multiple farms for both web clients and PN Agent clients. The new enum.asp web script on the IIS Web Server enumerates applications from the same set of servers as the applist.asp Web Interface file. Therefore, if you configure Web Interface to aggregate applications from multiple farms, these combined application lists will also be made available to PN Agent clients.

Licenses may be shared across farms
In MetaFrame Presentation Server 3, all licensing components have been removed from the server farm’s IMA data store. In its place, Citrix opted for a central, farm-independent licensing service that can be installed on any server (that’s running IIS). In doing so, a user can simultaneously connect to servers belonging to different farms while only consuming a single connection license.

ICA Virtual Channel priority tagging
In MPS 3.0, you can edit the registry of a server and modify the default relative priorities of each particular ICA virtual channel. The out-of-the-box defaults specified by Citrix should be good for most scenarios, but there have been times in the past when I would’ve loved this feature.

Kerberos Login for 8.x clients
I wrote a fairly detailed article about this a few weeks ago, so I won’t go into details here. The 30-second overview is that when using an ICA client version 8 on a device running Windows 2000 or newer, you can authenticate to a MetaFrame Presentation Server 3.0 system via Kerberos rather than the antiquated second network provider method used in MetaFrame XP.

Access Published Applications with RDC
In a move that seals Citrix’s admission that the RDP protocol is on par with the ICA protocol, you can now connect to Citrix-managed applications with RDP or ICA. Of course the downside of this is that you’ll also consume a Presentation Server connection license for each RDP session in addition to each ICA session.

Requires SP4 for Windows 2000
Hopefully you’re in the mood for hotfixes, because MetaFrame Presentation Server 3.0 requires Service Pack 4 when installed on Windows 2000-based Terminal Servers. (To be fair to Citrix, however, the post-SP4 hotfixes are only critically required when SP4 is installed after MetaFrame, so this shouldn’t technically be an issue for MPS 3.0 environments.)

Digital Dictation Support
When used with ICA version 8 client software, MetaFrame Presentation Server 3.0 supports digital dictation a.k.a. client-to-server audio redirection. This feature allows, for example, a microphone connected to a client device to record sound to an application running on a remote Presentation Server. (Citrix created a new virtual channel to enable this functionality.)

You’ll probably chuckle the first time you fire up a remote session with client audio enabled, because the system prompts you with a security warning box that says something to the effect of, “Warning. This application is turning on your microphone, and anything you say could potentially be recorded.” The user is given an opportunity to override that setting, similar to the client drive access security box that pops up when a user connects to a remote ICA application via a web link.

MMC-based Management Console
Citrix consolidated most of their various tools for the different Access Suite products into a single MMC-based management interface. Unfortunately, you can’t quite configure everything via the MMC, but you should be able to use it for most of your day-to-day tasks. It also has some cool features, like the ability to connect to and enumerate servers from multiple server farms.

One of my personal favorite features is the ability to create custom “views” of your environment consisting of little icons that represent your servers, farms, and zones. You can even specify a background image so that you can have a single-screen map of your building or the US or whatever, with each server placed in the proper location on the map. Then, you can tie these little icons to the actual performance of a server, with a little colored bar graph showing the status of various metrics. I know, I know... Unicenter, Tivoli, OpenView, and even What’s Up Gold have been doing this for years, but it’s still a cool feature.

SpeedScreen Multimedia/Flash/Image Acceleration
The "RAVE" technology that I wrote about several months ago made it into the final product more-or-less unchanged. In a nutshell, this technology allows certain types of multimedia streams to be played outside of ICA. Therefore, you can get 100% identical streaming media performance with or without Citrix. Of course if you do this, you'll have to have a client device with the proper codecs installed, and the connection between the client and the server could potentially consume much more than a pure ICA connection.

Continuous Logon Box
Another one of the nice little “rough around the edges” bits that Citrix cleaned up for MetaFrame Presentation Server 3 was the logon process. Prior to MPS 3, a user would see all sorts of different and random boxes during the logon process. (Citrix connection, usrlogon.cmd DOS box, logon credentials box, logon script, etc.)

A version 8 ICA client connecting to a version 3 MetaFrame server will only see a single box with a status indicator that lets them know where they are in the logon process.

Session Reliability
One of the problems with MetaFrame XP was that whenever it was used on a jittery network connection, the client software would disconnect from the server. Microsoft addresses this problem in the newest version of the Remote Desktop Connection client by having the screen fade to grayscale while it tries to re-establish the connection with the server.

Citrix takes this a step farther in MetaFrame Presentation Server 3 with ICA clients version 8. Whenever the connection is interrupted, the client software automatically tries to reconnect. However (and here’s the real trick), it doesn’t indicate to the user that it’s trying to reconnect. By suppressing the reconnect attempt box, Citrix gets “credit” for a continuous connection even if it fails momentarily here and there. Overall, this makes for a more seamless experience for the user.

Workspace control
This is a fancy name for a new feature in the Web Interface. When logging in to a Web Interface 3.0 site, you can select an option that automatically reconnects you to all your disconnected sessions. The idea is that in doing so, you can connect back into your “workspace,” (which would be all of your applications).

Also, there are single button options on the web page that lists your applications that give you one-click access to log out of or disconnect from all of your applications.

Dynamic Session Reconfiguration means that you can reconnect to a disconnected application with different parameters than when the session started. For example, you can start a session from an 800x600 workstation with 256 colors and the reconnect into that session at a later time with 1024x768 resolution and 24-bit color. With the new products, a mini capabilities negotiation takes place whenever a client connects to a disconnected session. This ensures that the parameters of the newly-connected session match those of the client device.

The Win32 ICA Client Packager is a single MSI file that can be used to install the web, Program Neighborhood, and/or PNAgent client software on a single workstation. It simplifies the setup process by automating the installation of the clients. However, the ICA client package does not replace the standard client packages (CAB, EXE, and MSIs), each of which are included on the Presentation Server 3 CD.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

This message was originally posted by James Cabe on July 7, 2004
This is the critical reason we're moving to MPS 3.0. This allows us to load-balance each of our two hub sites in an N+1 fashion. Each n+1 blob will have a single app server in the opposite site that mirrors ALL of the functionality (since our two sites have different content due to business reasons).
This message was originally posted by brian lilley on July 12, 2004
a major bugbearin MPS3 is the fact that, for global enterprises, if one wishes to share the licences for all users, one is forced to use a single licence server! where is the use in that if you want your licences to 'follow the sun', or if you desire a resilient licence server infrastructure, i.e. multiple licence servers sharing licence packs...
This message was originally posted by Brian Madden on July 8, 2004
I mentioned it in the second to last paragraph, but you're right, Citrix's marketing department calls it "Smooth Roaming."
This message was originally posted by Mark Verhagen on July 8, 2004
Great article Brian - with the birth of 'Workspace Control' via WI3.0 and ICA8.0, CCS is now pointing out WI as the best practice method for application access over PNA. Any comments?
This message was originally posted by Rich Brumpton on July 12, 2004
If you have the 8.0 PNA installed when you log onto windows (assuming SSO is enabled) you get you applications back. I just experienced this this weekend when my power at home went out. I just got my laptop and 3G card and logged into windows and my apps re-appeared. Different resolution too! One thing that you do need to watch out for though is that sometimes when your session resizes MPS3 looses alot of it's graphics acceleration capabilities.

A couple other features that I have been mentioning to my clients (I'm an engineer at a VAR in the US) is that: 1) The repoting Center makes RM Usefull, especiall the "favorite apps" report. 2) The stupid "Disable Logons" box persists across reboots!!!

Overall I am quite enthused about MPS3. It deserves a new version number and I'm glad that went back to numbers where we are supposed to be... Even if my customers get FR3 and MPS3 confused and some wonder how we went from 1.0 to 3.0 (I know, but explaining it to them can be tough)
This message was originally posted by B-) on July 8, 2004
We have plenty of users who will beefit from Smooth Roaming
This message was originally posted by brian lilley on July 12, 2004
its also worth mentioning that, if you use session reliability, that the client needs to talk to port 2598 on the server instead of 1494..
This message was originally posted by brian lilley on July 12, 2004
something that I believe should be mentioned as a 'new feature', which is an important factor when designing mps3 farms...is...

as the licence info is no longer stored in the data store, there is 96 hour grace period when you loose the data store..the grace period now refers only to the licence server, thus, when design ps3 farms, the datastore is perhaps not as critical.. perhaps it is if you demand read/write datastores whilst in a DR scenario.
This message was originally posted by Brian Madden on July 15, 2004
WIE is still there for WPS3 (as part of the "enterprise" edition of MF). It's even been upgraded a bit. (Keep in mind, though, that you only need WIE to connect to multiple farms from different non-trusting domains. A regular WI can connect to and enumnerate applications from multiple farms no problem.
This message was originally posted by Brian Madden on July 13, 2004
Saying "RDC" is the same thing as saying "RDP Client." It's basically Microsoft's new name for it.
This message was originally posted by Frank Ebert on July 13, 2004
First I have a problem with the part in parantheses within "Requires SP4". I understand SP4 as a minimum reqirement for the new Version (always installed prior to MPS3), but how does this affect later hotfixes and the installation order?

Then there is a typo in the headline "Access Published Applications with RDC". I first misread this as "RPC" and started to panic what the hell is going on :-)
This message was originally posted by Andy Woodland on July 15, 2004
Does the Web Interface 3.0 include web extensions or is there another product??
This message was originally posted by an anonymous visitor on July 21, 2004
I'm Planning to upgrade W2ksp3 with MFXPFR3 to W2ksp4 with MPS3. Where can i find a list with the post sp4 hotfixes that i need to apply?
This message was originally posted by Vladimir Ignatov on September 3, 2004
When installing WI on a W2K SP4 server you'd get an error about MS VM version & it rolls back the installation- the only way around it is by removing SP4 if you can & run WI install again or reinstalling W2K without SP4 if you had your W2K CD w/SP4 on it. Too bad Citrix did not fix that or at least I did not find a simple fix for the issue.
This message was originally posted by Bob NY on September 26, 2004
I am looking for eval version to practice Citrix metaframe for couple of days. I had one and it disappeared from my desk!
This message was originally posted by an anonymous visitor on September 28, 2004
Great overall look at the new features winthin MPS3.0. My only queries are to do with the license server and the availability in a large enterprise environment. Is there are way to load balance/cluster of even set up a back LS at another site. Might be worth including this feature as a policy. Also i have heard (could just be a rumour) that citrix are expiring PN as they are moving to an XML based solution ie. WI, PNAgent. Has anyone else heard this ?
This message was originally posted by tikolpogi2003 on September 29, 2004
Great article from the Citrix Guru!!!!
This message was originally posted by an anonymous visitor on November 2, 2004
This is caused by the removal of the MS Java from SP4, after the spat that MS and Sun had. Since they have not kissed and made up (somewhat) you can request from MS the MS Java client, and install this after you install SP4.
This message was originally posted by an anonymous visitor on November 5, 2004
Because it does not now!!! And who cares about all those new fancy features if they don’t work. I spent three months struggling with Citrix MF Presentation Server 3.0 (evaluation copy) trying to make it work. With MASM, CSG and WI. No way! Even just to try. Tried to contact Citrix and the response was “Give us money first.” Thank God the customer seeing all this canceled his intentions to buy this crap.

The documentation is unbelievable crap cluttered with bunkum about how great Citrix is. Generously decorated with numerous spelling and grammar errors. Full of complete nonsense. There is very little useful technical information.

I spent lots of time browsing forums to just find out from others that it actually does not work. It works only in old simplest configuration.

Look at their website. Try to do a search. You will get results from Citrix search engine with highlighted “thes”, “ifs” and “ofs”. Isn’t it great! Those guys cannot produce a decent website.
So....... what did your customer use instead of Citrix??????????
We've been running an enterprise-scale Citrix environment for several years and I can tell you with confidence that yes, it does work and work very well. We took the step of engaging Citrix consulting services to assist with a pilot as well as the initial configuration of our farms and as well, ensured that all of our technical staff received training up front. Hundreds of 24 x 7 concurrent users over several years can't be wrong! ;-)
Can someone please tell me how the licensing works with MPS3? We are currently running MPS1 with FR3? Is it free to go to the new version providing we already have MPS1 licenses? Or do we need to purchase the new licenses? And at what cost?

As with any vendor, a new version requires new licensing. This is true whether you have to buy new or have Subscription Advantage. You'l lhave to contact your software vendor for pricing.

If you are currently on Subscription Advantage, you can move over to the new application without buying licenses. I checked with the Regional Citrix rep.

Steve B.
We are existing customers with a strategic reliance on our farm. (We also have MSAM and Password manager).
We are considering upgrading to MF 3.0.
At the iforum in Edinburgh last June I was surprised at how few customers were then actively considering the upgrade considering how attractive it seems on paper.
For other reasons we didnt get around to it last year and am now looking at it for this. Im wondering how substantial the effort involved is and whether your sense is that most enterprises are going along ?
So, what problems are you having? Don't rip something without being able to back it up. MFPS works just fine, an imporvement over XP FR3. Perhaps it's user error?
I am a Citrix Engineer, not affiliated to this at all, but working for a distributor in the UK. I have seen countless customers and resellers experiencing difficulties with Citrix, especially in the upgrade process.

BUT, most of the time this is due to poor installation of the original, or lack of support during the upgrade.

If you have a Reseller contact, use them, pester them, make their life a living hell, but make sure you get your moneys worth out of them. If they don't have the skills, they will get a Distributor with qualified engineers to come out and get it done for you. And remember, the Distributors have direct connections to Citrix, 24x7x365.

Patience is a virtue, Citrix is King.
Wow, this is almost like one of those "Windows suxors, Linux rules" threads I so often see in usenet. Get a grip man. There's hundreds of thousands of people that are using this stuff 24x7. Perhaps you've just got no skills.

</awaiting flame war>
This is a great feature but ultimately flawed for people who use DHCP and roaming users!

Microsoft have a 'Per Computer' licensing type for many of their apps, e.g. MS Office, Project, Visio, etc. 'We', the corporate IT dept, are required to ensure that only certain workstations are able to operate these applications. The crutial thing is that its "NOT per user" but "per computer" so normal Citrix pub apps are helpless. And Microsoft offer no simple facility to support their 'Per Computer' licensing type on thin client infrastructure. Which means either complex Group Policy, IP based Source load-evaluator or a third party solution such as AppSense.

This might not be a problem to large corporations but for small (e.g. <100 people) businesses with little or no IT departments this is debilitating. And makes software solutions for well-behaved third parties very expensive. Enter Joe the cowboy. Exit Microsoft licensing concerns. Thats a nice illegal system you got there Joe.
This article and the comments thereto provides a lot of VERY useful information. Thanks to the author and all those who contribute in sensible manner !
Not a useful contribution.  Perhaps look at changing your approach to the problem ?