| The first thing you will need to accomplish to successfully implement Citrix MetaFrame XP is to prepare the network environment. This includes making any necessary changes to the existing network environment as documented in the Existing Infrastructure Modifications section of the design document as documented earlier in this document. Once completed with those modifications you will start in with building the required MetaFrame infrastructure that includes the following: Create required network shares Firewall modifications Throttling Port Speed and Duplex Settings Add Users to a Terminal Services Environment q Configuring Terminal Server Home Directory q Configuring Terminal Server Profile Path Create required Citrix Specific User Groups
You will now need to create the any network shares that were documented during the File Storage section of the Design phase. The following shares are required for a successful deployment. Terminal Services User Home Directory: A unique user home directory is required to store user specific data. ( \\servername\TSUsers$\%username% ) Terminal Services User Profiles share: A unique user profile share is required to store user specific data. ( \\servername\TSProfiles$\%username% ) ICA client update database: Required to give a central location for all the ICA clients that will be distributed through the ICA Client Update Configuration Utility. ( \\servername\ICAClientDB$ ) (required for installations with more than one server) Installation Manager Package share: In order to distribute IM packages to all MetaFrame servers in your environment you will need the packages to be centrally located and accessible to all servers. ( \\servername\IMApps$\ ) (required for installation that utilize Installation Manager) System Policies share: If you will be implementing MetaFrame servers in a Windows NT 4.0, workgroup and or Novell Netware environment then you will be required to create a network share to store the System Policy.
If end-users will be connecting to the MetaFrame farm via the Internet, firewall modification might be necessary. If Citrix Secure Gateway or Citrix SSL Relay service is used for ICA connections then TCP port 443 is the only port that needs to be open. If during the Design Phase you documented someone other than yourself with the responsibility for firewall modifications then you will need to get with the appropriate party. When you need to set a time for completion and the other party will be required to supply documentation on any changes made that affect the MetaFrame deployment. The following is a list of Citrix-related TCP and UDP ports that may need to be opened on firewalls and routers: | Port | Description | | TCP - 1494 | Default ICA port, this can be changed if necessary | | TCP - 443 | Default port for Citrix Secure Gateway (CSG), SSL Relay Service, ICA connections using SSL+HTTPS browsing and secure connections to a NFuse web server) | | TCP - 80 | Default port for unsecured NFuse web servers and or TCP+HTTP browsing | | UDP - 1604 | This port is very rarely used today and only used if you will not be utilizing NFuse or TCP+HTTP browsing. (not recommended) | For more information regarding TCP/IP Port numbers, please refer to the Microsoft article Q174904.
When I was a little boy my Dad taught me that if I want something done right then do I should do it manually. With this in mind, another thing I have learned about building networks is something so inconspicuous that it is hardly ever thought of, but it has a direct impact on end-user perception in a way bigger than you would ever imagine. In fact, in doing an infrastructure assessment at a major corporation, I noticed the problem, scheduled to have it corrected and after the change, we received email after email wanting to know what we did to speed up the network. It made a huge difference! What am I talking about? Ethernet duplex mismatch. This problem affects all Ethernet based devices and therefore can be very widespread. Duplex mismatch is caused by having different duplex settings on each side of a connection. To sum up the differences in full vs. half duplex; in full duplex both sides of the connection can send data at once whereas in half duplex mode only one end of the connection can send data. If these rules are broken then you experience duplex mismatch. Basically what happens is that a device auto-detects or is hard-coded to connect at one speed (lets say 100Mbps/Full Duplex) and the other end of the connection is connected at a different speed (100Mbps/Half Duplex) then you experience duplex mismatch and a network collision occurs. In the event of a collision, all devices on an Ethernet network pause for a randomly determined period before attempting to send data again. This drastically affects network performance and can make or break your MetaFrame deployment. The solution to duplex mismatching is to always manually configure network devices for full or half duplex, not allowing for any type of auto-negotiation. From my experiences, auto-negotiation is not reliable enough to run in production. I highly recommend going through the entire environment and verify duplex settings and if needed, manually setting the duplex setting on every Ethernet device and switch port. You will even want to verify the Internet Service Providers duplex settings and set your routers appropriately. I cannot stress this point enough, addressing duplex mismatch will cure huge performance problems and spending the time to configure both the connection speeds and duplex settings on both the device and switch will leave you and your end-users with optimum performance.
Now that you have created the necessary user profile and home directory shares, you will need to set up new and existing users to take advantage of profiles that roam from server to server and a terminal specific user home directory. If you are going to be deploying more than one server, you will need to make User Property changes to configure the user for Terminal Services environments. Note: In order to test your MetaFrame XP installation you will need to create a test user for every security group. Because MetaFrame XP supports multiple simultaneous users, a separate copy of the application-specific .INI files is maintained for each user. Any .INI files associated with Windows applications are searched for in the user-specific home directory. If a user installs a Windows application, .INI files are created or modified in that directory. If you want multiple users to use the same Windows application, you must use the change user /install command to install all application .INI and .DLL files into the MetaFrame XP system directories during software installation, or manually copy and merge the appropriate information into each user's .INI files in their respective home directories. As described in the Install Application section of this document. Citrix MetaFrame requires a user to have a home directory to store application settings informational files. When adding a user to the MetaFrame farm you must add a Terminal Server Home Directory, which is located by clicking the profile button in the users properties box. Click the Connect radio button and select the drive letter you assigned for exclusive use for the users Citrix home directory and then type \\servername\ts users home directory\%username% in the Terminal Services Home Directory text box. The following is a screen shot of the users Terminal Services Profile tab in Windows 2000s Users and Computers utility: 
Important! You will want to hide this drive from the users view, as described in Implement Windows System Polices section of this document. It does not need to be seen by the end-user and only causes support calls.
A Microsoft Windows NT 4.0 User Profile describes the Windows NT configuration for a specific user, including the users environment and preference settings. For example, those settings and configuration options specific to the usersuch as installed applications, desktop icons, color options, and so forthare contained in a User Profile. Profile settings are applied to the user during logon and updated each time a user logs off properly. A word to the wise, you need to keep your eye on the size of the profile folder. This can be done in multiple ways; you can set disk quotas via group policies and I recommend excluding the Internet Temporary Files from the user profile via group policies. I will discuss policies in more detail later on in the document. A profile path is used to store the look and feel of your workspace environment. When adding a user to the MetaFrame farm, you must add a Terminal Server Profile Path located by clicking the profile button in the users properties box Type: \\servername\profiles share\%username% in the Terminal Server Profile Path text box as show below. The following is a screen shot of the users terminal services profile tab in Windows 2000s Users and Computers utility. 
You will now need to create any user groups that were defined in the design section. I recommend that at minimum you create the following user groups for use in a MetaFrame XP farm. | User / Group Name | Purpose | | CTX Admin | MetaFrame Full task administrators | | CTX Admin (Read-Only) | MetaFrame view-only administrators | | CTX Users | All MetaFrame Users | | CTX Outlook Users | MetaFrame Outlook Users | | Disable Client Drive Mapping | Used to enable autocreation of local client drives | | Disable Client Printing | Used to enable autocreation of local client printers | | Enable Server to Client Redirection | Server to Client Content Redirection Users Group | | CTX IM | Installation Manager Service Account |
|