Citrix released the first public preview versions of MetaFrame Presentation Server 4.0 after their annual iForum show in October 2004. They then released an updated preview version at their Solution Summit show this past January. Since I spent quite of bit of time with the first preview, I wanted to see what the developers had done between these two releases. This article updates my previous findings. (Please read the WI 4.0 and CSG 3.0 if you haven’t done so yet.)
Web Interface 4.0 build 43524
Many of the bugs I noticed in the previous version have now been fixed and some additional enhancements have been added. It’s clear the developers are still moving file locations around, because the Web Interface has been broken into several small packages (wi.zip; pna.zip; mcm.zip; common.zip).
In addition to the previous Windows authentication support, Citrix added NIS (UNIX) authentication and is working on NDS (Novell) support with full context searching. Web Interface 3.0 was limited to twenty Novell context entries and no context search was available directly from Citrix. (Centralis had to release customizations for WI version 2.x and 3.0 to make searching the context tree possible. You can find this code on my site at http://www.citrix4ge.de/wim/wimncs.htm.)
This latest preview version of Web Interface has a lot of other little improvements, including a better display arrangement within the Access Suite Console, more descriptions on what effect every option has, and the ability to set the default ICA client or to only allow unicode clients (version 8+).
Web Interface Ticketing
WI ticketing requires at least MetaFrame 1.8 FR1. Previously you could only disable it by editing the template.ica file (see CTX103305), but now you can configure it all via the GUI. (Of course ticketing is an important component of your WI security and should not be disabled.)
Speaking of security, I still think the new GUI is missing the ability to automatically configure a robots.txt file to prevent search engine spiders from crawling and indexing your site. At the moment there are more than 300 WI login sites listed in the Google database. Read my advice that I posted to the Citrix Support Forum a long time ago about this. (http://ctxex10.citrix.com/forums/searchClick.jspa?messageID=174897&searchID=3313639)
Customization Points (CP’s)
To customize the web pages in previous versions of Web Interface, administrators had to pour through the source code to find the points that they think they might be able to change to affect a customization. There were no hints or comments of any kind.
Thankfully this is changing in WI 4.0. If you edit the source code you’ll find “Customization Points” (with easy-to-locate “CP CP CP CP CP” text borders). These CPs have full documentation and hints for what you should and shouldn’t do! (And since WI 4.0 is based on ASP.NET, the web pages’ source code is compiled at runtime so these extra words do not affect the performance or load times of the pages.)
These CPs gives me the hope that we might see an “Advanced Web Interface 4.0 Guide” and/or WING Guide for customizations.
Secure Gateway 3.0 Build 40369
The big news here is that Session Reliability is now fully supported through CSG as long as you have a Secure Ticket Authority version 4.0. The STA is now built-in to MPS 4.0’s Citrix XML Service.
To get Session Reliability working through a CSG, the CSG and WI will both have to point to a version 4 STA. If you want to use the CSG in “relay mode” (and option that was in CSG 1.x, removed for 2.x, and back in 4.0) you can’t use Session Reliability since relay mode doesn’t use a WI or STA.
You’ll also need to explicitly enable this option in WI 4.0. Enabling this option causes the rendered launch.ica file to get a new entry called “CGPSecurityTicket=On.” You’ll also need a Win32 ICA Client version 9.00.30589 or newer.
If the client doesn’t support CGP (which is what Session Reliability uses) then it falls back to SOCKS and connects through the CSG in the traditional way without Session Reliability enabled.
A quick look at a sniff of the XML stream (more on that here) shows that the “Allowed Ticket Type” is version 4 and that the address information is set for port 2598 (which is the CGP / Session Reliability port).
In the end I think that Citrix’s WI/CSG development teams have done a very good job with the upcoming Web Interface and Secure Gateway. Of course there is still room for improvements and enhancements to these secure access components, including solving the WI ClientName issue, the WI/CSG “real” client IP dilemma, CSG Access Suite Console integration, and Access Suite Console reports for the CSG/WI. I’m sure they will make it some day though…