A First Look at Citrix Web Interface 4.0

MetaFrame Presentation Server 4.0 (due out next year) will have a brand-new version of the Web Interface.

MetaFrame Presentation Server 4.0 (due out next year) will have a brand-new version of the Web Interface. Where is Citrix going with this version? What has changed, and what are the real goodies you’ll get?

A lot has changed, and many things that have been requested by the community are now included. Citrix is also moving towards their goal of creating a secure access infrastructure with “smart” clients (or “trusted” clients) playing a main role. Finally, Web Interface 4.0 continues Citrix’s push to centralize the administration of all their products through a centralized MMC snap-in called the Access Suite Console (“ASC”).

Web Interface and Secure Gateway are great products. Unfortunately, there’s one big drawback from Citrix’s point of view: They are free for the Customers! I think this is the reason why some features have been moved from Web Interface to MSAM. (For instance, Citrix did not develop Web Interface Extension 3.0. Your only choice to access multiple non-trusting domains is to use MSAM.) On the other hand, Citrix has added a lot of new features to the Web Interface since the release of MSAM.

In the new version of Web Interface, administrators can visually view their site’s configuration and can easily change its design without ever having to touch any source code. Administrators of multiple farms will be happy with the new configuration service, and global administrators will be happy that Citrix implemented Multilanguage support.

Administration Improvements

In previous versions of Web Interface, administration and configuration was done via the WIAdmin web pages, and site’s layout could only be changed by modifying source code files. All of this has now been moved to the central Access Suite Console (“ASC”) where the Web Interface is integrated as an MMC extension.

This change was made for two reasons. Besides the fact that Citrix wants to move everything to their central console, it also improves security. The current security wave has an impact on almost every software company, especially the one that wants to be THE Company for secure access solutions. The problem with the WIAdmin web pages was that they were exposed to the Internet and were the first point for a hacker’s attack. If someone got access to the WIAdmin, he could easily disable the RSA functionality or get knowledge about servers or domains. The complete remove of the WIAdmin Web page was reasonable.

Another great administrative change is great news for UNIX customers. In WI 4.0, you can also use the ASC to manage your Web Interface for UNIX Servers. This ends the manual editing of the configuration file.

The first part of the Web Interface 4.0 installation is the installation of the ASC.

This view shows all the information about the current configuration of the Web Interface. You can see that this current configuration has two access routes. The first one is a direct connection while the second is a direct Secure Gateway route. (Setting the default route in this preview realize requires using all zero values for the IP Address and the Mask (0.0.0.0). The final release will have a simple drop-down option for this.)

Layout Customization

Customizing Web Interface 4.0 to match a current corporate design is much easier than ever before. Since this task usually falls to a Citrix administrator, Citrix integrated it into the ASC MMC snap-in that provides a slick interface. You can now change the layout, welcome area, brandings and application layout within minutes (and know where you made the changes a few months later.) The only thing missing is the option to change the footer information, but this will hopefully be added in the final release. (If not, you’ll have to edit some source files again.)

Multiple Web Site Support

Even though it’s “technically” possible to rig a single web server so that it can support multiple Web Interface sites today, WI 4.0 is the first officially supported version with this functionality. It’s also the first version that does this process automatically and within the ASC.

In addition to just running multiple Web Interface sites, Citrix has also built a framework that allows you to manage multiple Web Interface sites. In previous versions this had to be done with scripts or whatever was available. WI 4.0 contains the Web Interface configuration service which is based on MetaFrame Presentation Server 4.0.

Configuration Service

As previously said, WI’s new configuration service requires MetaFrame Presentation Server 4.0. This is for two reasons. First, the new version of the Citrix XML Service is needed (which by the way also supports STA functionality). Secondly, MetaFrame’s IMA Data Store has new schema enhancements and is now responsible for storing configuration information for a single Web Interface site or complete groups of sites. You can also use the ASC to configure Load balancing across multiple Web Interface servers (as shown in the next picture). The Web Interface Servers don’t need to be in the same domain to work together.

The setup of a Load balanced WI is now really simple. Install the ACS and WI on your servers and point the configuration service to an MPS 4.0 Server. Repeat those steps with all your WI Servers. Then, use the ASC to create a new group and select the WI Servers that you want to group together. (Make sure you run an ASC discovery again if the sites don’t show up automatically.) Now you have a load balanced Web Interface servers group with a central place to change settings group-wide.

 

Error or diagnostic Logging

A new feature of Web Interface 4.0 is error logging to the server’s event log. The technical preview of WI 4.0 only has placeholder information for the event descriptions, but the final version will give more detailed information and probably link to their knowledge base.

This is a great feature—especially when maintaining multiple Web sites—that will hopefully help a lot of people.

Multilanguage Support

Again, this multilanguage support was possible with some of the previous versions of Web Interface, but it was not as advanced as it is in Web Interface 4.0.

The WI 4.0 installer has multilanguage support and detects the default language of the operating system during the installation. Other languages are installed in language packages so that future language packages can easily be added to an existing Web Interface.

Whenever a user visits the Web Interface logon page, the client language is detected by getting the language setting from the Internet Browser or the language that was set by the Administrator in the ASC. If no language has been set and the client language can not be detected, then WI falls back to the English language. However, the user still has the ability to set his preferred language manually.

Since WI 4.0 supports multiple languages, it needs to include the source files for the ICA client software for each platform in each language. Since a single server can also support multiple sites, this could waste a lot of space. Therefore, Citrix moved the ICAWEB folder to a central location that’s then mapped to each site. (The only client that is not localized is the Java client because version 9 of the ICA Java client is now in a multilanguage format.

 

RADIUS Support

At this point it’s still unclear whether RADIUS support will be integrated with Web Interface 4.0 The first time I found a note about RADIUS in WI 4.0 was after the installation of the LogonAgent, but the LogonAgent is normally only used with MSAM. Also, the LogonAgent is technically a part of the Secure Gateway—not Web Interface. At this point my guess is that RADIUS support will only be for MSAM. This will make MSAM a bit more attractive.

Citrix WING

What is that? Never heard of it? I also never heard of it before I dug into Web Interface 4.0. Under the hood, WI 4.0 uses an entirely new Software Development Kit (SDK). The old Java objects have been rewritten from the ground up to support a more powerful and extensible set of features. These new Java objects have nothing to do with the Java objects that are currently documented in Citrix’s "Customizing the Web Interface for MetaFrame Presentation Server 3.0 - CTX103931" article. This new SDK is internally called the Web Interface Next Generation (or “WING”) and is not backwards-compatible. This of course means that any custom scripts used with Web Interface 3.0 will have to be rewritten.

Miscellaneous Changes

There are several other random little changes that don’t really fit into the other categories.

  • UPN Suffix support. WI 4.0 supports Active Directory’s UPN Suffixes and UPN-style logons. You can also predefine this in the ASC.
  • Compact layout option for PDAs. This simplified set of pages only shows the logon fields and the application set.
  • Bandwidth selection (ConnSpeed) and Java Fallback are now fully integrated. These enhancements have been available for a long time as a “hack” modification, but they had to be manually with every new version. Now this support is fully integrated.
  • Secure Gateway 3.0 will support Session Reliability traffic over port 2598. This is an option that can be configured for the Web Interface via the ASC.

Join the conversation

33 comments

Send me notifications when other members comment.

Please create a username to comment.

This message was originally posted by Jeff Pitsch on November 4, 2004
You are correct. They did a 'demo' of what this will be like at iForum with trusted clients. Based on certain factors, you will be able to display or hide icons based on your factors. I did not get the feeling that this would be part of MPS4 though, it felt more like a 'this is the future' type of thing.
Cancel
This message was originally posted by an anonymous visitor on November 4, 2004
Lots of good information here and features that we could put to good use in our company.

Where can I get more details about smart or trusted clients... At the moment we have some comercially sensitvive applications that we would tie down so that users can logon only from certain PC's/Laptops designated by our CITRIX Administrators. Am I correct in saying that "smart or trusted clients" is what will help us achieve something like this?
Cancel
This message was originally posted by an anonymous visitor on November 4, 2004
wow this new version looks and sounds very promising. Looking forward to it.
Cancel
This message was originally posted by Thomas Kötzing on November 5, 2004
“Will the ability to hide certain icons be built in? This is a great feature
that really should be part of the WI anyways.”
No the ability will NOT be integrated with Web Interface 4.0 and it will never
be done by the WI.
All the custom scripts like “Hidden Application” or “bypass SecureID” that you
can find on my website will NOT be “built in” with Web Interface.

Why not? If you hide a file on your Server doesn’t mean a User can’t access the
file anymore. The same applies to hiding a Publish Application or Folder.
IP Addresses can be faked and hackers can suddenly bypass the 2-factor authentication.
This is the last thing Citrix wants. In the future they will integrate such
options with their vision of “smart clients”. The Application will than be
disabled and hidden for the specific User on demand and on a Farm level and
there is no way to access the Application for that User to that time. It’s all
about security.


“Am I correct in assuming that the load balancing portion is only covering the
configuration portion of the process”
Yes, you are right. This has nothing to do with NLB, it’s just a LB of the
configuration.


Additional Note:
When working with a technical preview you never know what will be changed to
the final version. I also know, that the Citrix developer are still working
hard on the WI code, especially to get the “Session Reliability” in place
and fixing all the bugs I found in the TP ;-)
Also at some point you can only guess, since there is no information about a
new feature but later on you get the information. Same applies to the RADIUS
part.

RADIUS Support
With RADIUS Citrix is extending the 2-factor authentication (RSA, SafeWord) to
the UNIX version of Web Interface 4.0. To achieve this, the JSP version of WI
will use RADIUS to communicate with the RSA or SafeWord servers and both can be
configured to present themselves as RADIUS servers. Only for the JSP sites, the
administrator will be able to list RADIUS servers and ports, load balance them,
etc.
Cancel
This message was originally posted by JSekel on November 4, 2004
Will the ability to hide certain icons be built in? This is a great feature that really should be part of the WI anyways.
Cancel
This message was originally posted by JSekel on November 4, 2004
Am I correct in assuming that the load balancing portion is only covering the configuration portion of the process. I would think that NLB or another technique will still be needed to get the users to differnet pages.
Cancel
This message was originally posted by Brian Madden on November 5, 2004
Based on the information Citrix provided at iForum, this functionality will be available in the Access Suite v4 release of the products. However, it will require MSAM in addition to Presentation Server.
Cancel
This message was originally posted by xs4citrix on November 5, 2004
In the official citrix forum we see a lot of people struggeling with the new software and features.
When starting with AND mps3 AND msam AND csg AND wi at the same time, then yes things get very complex. The time of Metaframe 1.8 and a simple PN client are long gone. Without training and/or extensive testing you are in for a treat.
(though i must say that the citrix technical documentation has always been very good to me. Big, but good.)

And i can tell you, that things will not get better with newer versions and more products.
I grew up with the simple MF stuff, but also have a hard time keeping up with all the new stuff. Time for me to accept that i can no longer be good at "citrix" but only specific sections of the citrix software.
Cancel
This message was originally posted by CMan on November 8, 2004
I can only assume you have an IQ less than 10. As XS says, the documentation is actually pretty good if you have even the slightest clue about what you are trying to achieve. It's probably best all round if your customer gave up, cos if he's got you to rely on then he probably had little chance of success. Go back to stacking shelves at your local Superstore, there is less pressure and you'll probably have a better chace of career development, who knows....in 10 years time you might even make 'checkout attendant'.
Cancel
This message was originally posted by Leo van der Mee on November 8, 2004
Based on what do you say that the documentation is actually pretty good? If you ever did something advanced like multiple web interfaces, connecting with more than 10 Farms, smartcard and otp security or even things like application hiding and so on that you know the the documentation is insufficient. It only describes the standard stuff. The under the hood details are not provided. There is no deep down security information. There is no overal design information. How are user credentials stored on the Web Server? How to deal with connecting to non-standard listener ports. How to do an unattended installation of WI/CSG or STA? You have to gather bits and peaces from her and there and lots of things you have to figure out and solve yourself. After the past months I collected 30+ different PDF's and even more CTX articles, with often outdated information. Often you have to go through the code and even the SDK to solve the problem.

Websites like those of Thomas are getting great attention for providing us with the information in a comprehensive way thats lacking. Something Citrix should have done itself.

So keep it shut until you are properly informed before you insult someone. You probably never did anything but standard install. One box WI/CSG solution with 15 users.
Cancel
This message was originally posted by Leo van der Mee on November 8, 2004
Sorry I forgot Thomas. Great job! Keep up the good work! Guys like you save us all a great deal of time/work. -> http://www.citrix4ge.de/
Cancel
This message was originally posted by CMan on November 9, 2004
And finally, this sounds like an ideal opportunity for a new book "Advanced Web Interface Customization and Troubleshooting"....co authors Brian Madden, Thomas Kotzing an Leo van den Meer. :-)
Cancel
This message was originally posted by CMan on November 9, 2004
Looking at the feedback here, we should campaign for an 'Advanced Concepts Guide' which encapsulated all of the key integration areas for SG, WI, MSAM and related technologies. There is bound to be enough knowledge collateral withing Citrix to provide this. Lets be more positive instea of rippign eachother apart :-)
Cancel
This message was originally posted by CMan on November 9, 2004
Leo, I take your point, but I have done plenty of customisation projects dating back to Nfuse 1.0 and Columbia with projects in excess of 10000 users. I just get really fed up when people start mouthing off about this stuff, as Citrix is no different to any other vendor out there. If you know what you are doing, as you obviously do, you will find the information you need and implement a good solution. If you have no clue, your customer will get frustrated at your inability to deliver, and ditch a technology which in all probability would have saved them time and money. These Forums sould be used for constructive criticism, not the kind of rubbish spouted by this obvious idiot.
Cancel
This message was originally posted by Brad Guss on November 8, 2004
Jay Tomlin? IMO, he is the brightest engineer Citrix has..

Cancel
This message was originally posted by xs4citrix on November 8, 2004
I have no vision of what the average login customer set's up as an environment.
I dare to say that with the citrix documentation, you can cover 90% of the setups, which are faily default. The other 10% will require additional tuning which is not covered by the manuals, and are indeed scavanged over the knowledgebase in a non easy retreivable form. Keep in mind that when you are always in that 10%, as the juniors do the default installations, then of course it will never be to your standards. During iforum we talked a lot to the citrix guys, and came to the conclusion that after the programmers are done, only 1 guy has all the WI/CSG hardcore knowledge in mind, that you are looking for. Untill they get a few more cracks like this guy, the situation is not likely to change.
Cancel
This message was originally posted by Leo van der Mee on November 8, 2004
@Goldrush
Is has nothing to do with intelectual properties. The information is there but its scathered over 100+ sources. I can email you my collection of pdf's and knowledgebase articles that I assembled to answer all the technical questions I had. There is very little 'under the hood' information in the Administrator guides.

This is not solely a Citrix problem. Microsoft has the same problem with Terminal Server documentation. Part of our job seems to be being able to to scavenge through the knowledge bases efficiently. And we all know how great the seach engine from the Citrix knowledge base is...

From a product I want complete and explicit documentation. What it can do and what it can't do.

Just to give you one example: WI2.x supports 16 farms, WI3 supports 512 farms (you can only find this information by studying the webinterface.conf table in the admin guide of WI3). However, the WI customization guide states that Citrix does not recommend connecting with more that 10 farms! duh...

This is just one example of many that I can give you.

The Citrix documentation looks fancy, nice layout, but its incomplete for large and complex implementations.
Cancel
This message was originally posted by Goldrush on November 8, 2004
@Leo, why should they provide you with information like that? It's their intelectual property.
Cancel
This message was originally posted by an anonymous citrite on November 9, 2004
If people have a specific request in terms of deploying WI and SG then please make them as part of this site, as proper support escalations, or even here on this thread. I can assure you that there are plenty of people who have hardcore WI and SG knowledge within Citrix - not just one! Getting the right sort of information to customers is tough - one must remember that 80% of customers will be satisfied and understand 80% of the features. Getting documentation and proper "hardcore" technical support to those who need it most is an important but tricky thing for any large software vendor.

Cancel
This message was originally posted by Leo van der Mee on November 12, 2004
If I only had the time...

But seriously: I found your idea of an Advanced Web Interface Customization and Troubleshooting very interesting. I guess this is really what is lacking for this product. In my company demand for secure access implementation is picking up substantially and with it more demand for the more "obscure solutions" grinnn...

Well the fish slapping turned actually into something fruitful! :-)
Cancel
This message was originally posted by an anonymous visitor on November 11, 2004
Citrix documentation is pap... these guys are making wedges of cash, manage to keep there certification programme up-to-date, but fail to provide any kind of helpful documentation.
Cancel
This message was originally posted by Brian Madden on November 13, 2004
We've talked a lot about making a WI book. The reason we haven't so far is that the products change too fast. Right now Citrix is on a 12-month rewrite cycle for WI, and that's too fast for a book. (I'm talking MAJOR Wi rewrites after 12 months.) So, instead, it's off to Thomas's website...
Cancel
This message was originally posted by Sam Jacobs on November 29, 2004
...and I'm just finishing the code updates for WI 3.0 ! :)
(see: RestrictedApplications - http://support.citrix.com/forums/thread.jspa?forumID=69&threadID=57938)
Cancel
New features and design concepts are great but REAL LIFE TESTING of at least the previous versions of Citrix would have saved me thousands of dollars in time and money.

Windows is the most unreliable platform for all of this so I would HOPE that Citrix would create workarounds and no put the blame back on Windows for reliablility.

I am so frustrated that I am to the point of finding a new career. I have to hire computer babysitters to manage software that is supposed to work when you buy it.

CAREFUL AND COMPLETE TESTING TAKES TIME
This is the problem. To make money and keep up with competition, products are release and fixed later. NOT FAIR to consumers.

I ONLY NEED CITRIX TO DO THE BASICS ( RUN A PROGRAM REMOTELY AND PRINT ). I can't even get that to be dependable. HOPEFULLY the BASICS ARE FIXED!!!

Cancel
Don't blame Citrix for inherit weaknesses in the Spooler service. Microsoft wrote it.

Besides, I've set this stuff up for thousands of users and it's not nearly as unmanagable as you make it out to be.
Cancel
Currently have web Interface version 4.2 and Presentation Server 3.0
Without disabling Workspace control can I shorten the client printer name as the Username only.
 
I know this can be done in web Interface 3.0
 
Help please
Cancel
How can I shorten client printer name in Web Interface 4.0 without disabling workspace control
Cancel
Depending on your circumstances, you can try the Win32 Client Name mod from Citrix.  Read more at Thomas Koetzing's site:

http://www.thomaskoetzing.de/index.php?option=com_content&task=view&id=63&Itemid=102

Shawn
Cancel
Shawn
 
have tried the W/I fix below with no success.  Am running Citrix Presentation Server 3 with Web interface 4.2
 
Can you email me if above combination is suitable for fix.  Even the domain username will be suitable as a client name
 
ORIGINAL: Shawn Bass

Depending on your circumstances, you can try the Win32 Client Name mod from Citrix.  Read more at Thomas Koetzing's site:

http://www.thomaskoetzing.de/index.php?option=com_content&task=view&id=63&Itemid=102

Shawn

Cancel
By the way my email is pipoloj@svhm.org.au
Cancel
ORIGINAL: Guest

Have tried the W/I fix below with no success.  Am running Citrix Presentation Server 3 with Web interface 4.2

Can you email me if above combination is suitable for fix.  Even the domain username will be suitable as a client name


I have not personally tested it with WI 4.2, but WI 4.0 and 4.2 are pretty similar code wise.  If you want anyone here to help you with it, you're going to need to post more details about what didn't work as opposed to "It didn't work".  Also, this mod is not an officially supported Citrix mod even through Citrix created it.  Therefore, you'll need to post on the Citrix support forums to try and get any assistance with it from Citrix.  Just to be sure, you are using this on an internal deployment right?

Shawn
Cancel
Cancel
I have two forest and can not get the one web interface to support it     How is this configruation done?
Cancel

-ADS BY GOOGLE

SearchVirtualDesktop

SearchEnterpriseDesktop

SearchServerVirtualization

SearchVMware

Close