2. Prepare the Network Environment The first thing you will need to accomplish to successfully implement Citrix MetaFrame XP is to prepare the network environment. This includes making any necessary changes to the existing network environment as documented in the Existing Infrastructure Modifications section of the design document as documented earlier in this document. Once completed with those modifications you will start in with building the required MetaFrame infrastructure which includes the following: Creating network shares Firewall modifications Throttling switch ports
2. 1. Create Required Network Shares You will now need to create the any network shares that were documented during the File Storage section of the Design phase. The following shares are required for a successful deployment. Terminal Services User Home Directory: A unique user home directory is required to store user specific data. ( \\servername\TSUsers$\%username% ) Terminal Services User Profiles share: A unique user profile share is required to store user specific data. ( \\servername\TSProfiles$\%username% ) ICA client update database: Required to give a central location for all the ICA clients that will be distributed through the ICA Client Update Configuration Utility. ( \\servername\ICAClientDB$ ) (required for installations with more than one server) Installation Manager Package share: In order to distribute IM packages to all MetaFrame servers in your environment you will need the packages to be centrally located and accessible to all servers. ( \\servername\IMApps$\ ) (required for installation that utilize Installation Manager) System Policies share: If you will be implementing MetaFrame servers in a Windows NT 4.0, workgroup and or Novell Netware environment then you will be required to create a network share to store the System Policy in.
2. 2. Firewall Modifications If end-users will be connecting to the MetaFrame farm via the Internet, firewall modification might be necessary. If Citrix Secure Gateway or Citrix SSL Relay service is used for ICA connections then TCP port 443 is the only port that needs to be open. The following is a list of Citrix-related TCP and UDP ports that may need to be opened on firewalls and routers: | Port | Description | | TCP - 1494 | Default ICA port, this can be changed if necessary | | TCP - 443 | Default port for Citrix Secure Gateway (CSG), SSL Relay Service, ICA connections using SSL+HTTPS browsing and secure connections to a NFuse web server) | | TCP - 80 | Default port for unsecured NFuse web servers and or TCP+HTTP browsing | | UDP - 1604 | This port is very rarely used today and only used if you will not be utilizing NFuse or TCP+HTTP browsing. (not recommended) | For more information regarding TCP/IP Port numbers, please refer to the Microsoft article Q174904.
2. 3. Throttling Port Speed and Duplex Settings When I was a little boy my Dad taught me that if I want something done right then do I should do it manually. With this in mind, another thing I have learned about building networks is something so inconspicuous that it is hardly ever thought of, but it has a direct impact of end-user perception in a way bigger than you would ever imagine. In fact, in doing an infrastructure assessment at a major corporation, I noticed the problem, scheduled to have it corrected and after the change, we received email after email wanting to know what we did you speed the network up. It made a huge difference. What am I talking about? Ethernet duplex mismatch. This problem affects all Ethernet based devices and therefore can be very widespread. To sum up the differences in full vs. half duplex; in full duplex both sides of the connection can send data at once where as in half duplex mode only one end of the connection can send data. If these rules are broken then you experience duplex mismatch. Basically what happens is that a device auto-detects or is hard-coded to connect at one speed (lets say 100Mbps/Full Duplex) and the other end of the connection is connected at a different speed (100Mbps/Half Duplex) then you experience duplex mismatch and a network collision occurs. In the event of a collision, all devices on an Ethernet network pause for a randomly determined period of time before attempting to send data again. This drastically affects network performance and can make or break your MetaFrame deployment. The solution to duplex mismatching is to always manually configure network devices for full or half duplex, not allowing for any type of auto-negotiation. From my experiences, auto-negotiation is not reliable enough to run in production. I highly recommend going through the entire environment and verify duplex settings and if needed, manually setting the duplex setting on every Ethernet device and switch port. You will even want to verify the Internet Service Providers duplex settings and set your routers appropriately. I can not stress this point enough, addressing duplex mismatch will cure huge performance problems and spending the time to configure both the connection speeds and duplex settings on both the device and switch will leave you and your end-users with optimum performance. |