| NFuse is the focal point to any MetaFrame installation and in return one of the most important. A good friend of mine taught me that perception is reality and NFuse is the first impression the users will have of their new Citrix environment. Keeping to this philosophy a custom branded NFuse 1.71 site accomplishes all of this while giving you simplified installation, configuration, and management. Not to mention it looks very professional. In order to implement a full featured NFuse web site, follow the following three steps. Install the NFuse 1.71 Web Extensions (standalone web server only) Configure NFuse 1.71 through the Citrix NFuse Classic Administration Web pages Brand your NFuse web portal. You will also want to make sure you follow the security recommendations for the particular Web Server that you are using. Note: NFuse Classic 1.71 is a security update to NFuse Classic 1.7. It can be downloaded from the http://www.mycitrix.com. Important: If you install NFuse 1.71 on MetaFrame XP Service Pack 2/Features Release 2 or earlier server with remapped server drive letters, change every instance of C:\ in the NFuse.properties file to the new %SystemRoot% drive letter. This operation is performed automatically if you are upgrading the server to Feature Release 2/Service Pack 2. Stop and restart the WWW Service for the changes to take effect. Note: NFuse Classic 1.71 gives you the ability to add considerable enhancements and integration in to your existing environments with experienced programmers and or professional services.
In order to run NFuse on a standalone web server you will be required to install the NFuse web extensions. By default, setup will install NFuse in to the C:\Program Files\Citrix\NFuse directory. Note: When using NFuse Classic 1.71 with ticketing you will want to make sure that all the MetaFrame servers are configured to use the same Citrix XML port number. Note: If you are going to be running NFuse from a MetaFrame server then you will want to skip this step) 1. Insert the MetaFrame XP Componects CD and when the followings pops up click the NFuse Classic button. 
2. Click Next to continue. 
3. Click the I accept the license agreement radio button and click Next to continue. 
4. Click the OK to restart IIS radio button and click Next 
5. Click Next to accept the default location for the NFuse files. Make note of this directory for this is the directory that NFUSE.TXT and NFUSE.CONF file resides. 
6. Enter the name of a MetaFrame server in your farm that is running the XML service and the port that the XML server is listening on and click Next Note: If you are unsure of the port XML is listening on, you will be able to obtain that information through servers properties - MetaFrame Settings tab in the CMC. 
7. The next screen asks you if you would like to install the latest ICA client CD to the ICAWEB directory for use in your NFuse portal. I highly recommend it! Enter the location of the ICAWEB folder and click Next Note: If you do not have access to the latest version (6.31) of the Citrix ICA Clients CD then you will need to download them from: www.citrix.com/dowloads. Click on Download NFuse 1.61 Click Yes to accept the license agreement click Generic Web-based ICA Client Install Package Once downloaded you will want to extract the ICAWEB620.EXE file to C:\ICACLIENT then click Browse and select C:\ICACLIENT\ICA620\ folder and click OK Click Next 
8. Click Next to continue. 
9. Click Finsh 
You have a successfully installed NFuse and are ready to proceed in configuring your NFuse Web site. First, you will want to test your NFuse installation. To do this you will need to open your web browser and in the address box type: http://nfuse_webserver/citrix/nfuse17 enter a username, password and domain and verify that you are able to launch a published application.
If you are currently running NFuse 1.61 or below and want to take advantage of the new features of NFuse Classic 1.71. The following details how to upgrade a stand along web server to the NFuse Classic 1.71 Web Extensions. 1. Insert the MetaFrame XP Components CD and when the followings pops up click the NFuse Classic button. 2. Click Next to start the installation. 3. Click the I accept the license agreement radio button and click Next. 4. Click to select the OK to restart IIS radio button and Click Next. 5. Click Next to accept the default location for the NFuse Classic 1.71 program files. 6. You are now prompted to select a location for setup to backup the previous NFuse version. Accept the default location and click Next to continue. 
7. Click Next to install the ICA Clients from the Components CD. 8. Click Next to install NFuse Classic 1.71 9. Click Finish You have now successfully upgraded your web server to NFuse Classic 1.71 and are ready to configure it for use. Important! Your previous NFuse web sites might now work correctly. You will find the new NFuse Classic 1.71 site located at http://nfuse_webserver/citrix/nfuse17.
23. 3. How to Configure NFuse 1.71 through the Web Administration Tool NFuse 1.71 introduces a new easy to use GUI administration tool to configure such items as the MetaFrame Servers, Authentication, Server-Side Firewall, Client side firewall, ICA Client Deployment and ICA Customization. The NFuse web admin tool is a GUI interface for making changes to the NFUSE.CONF file located in \Program Files\NFuse\Citrix\conf folder. After you have made changes using the Web Administration tool, you save and apply them so your configuration takes effect. The Web Admin tool is only for Windows/IIS machines, and requires Internet Explorer version 5.0 or later. You can browse to the NFuse Classic Administration tool via: http://nfuse_servername/citrix/nfuseadmin. 
In the MetaFrame Servers section of the NFuse Classic Web Administration tool you have the ability to configure how NFuse to deal with multiple MetaFrame servers and their XML services, what ports are the XML services listening on the desired SSL server port. 
Server List In this section, you will configure how NFuse will communicate with the MetaFrame XML service of every MetaFrame server. By doing this you will not only configure how NFuse will talk with the Farm but you can also accomplish a bit of load balancing to guarantee high availability and which goes to the goal of high user perception. Note: Currently NFuse 1.71 does not support aggregation of multiple farms in one application set. In order to accomplish that you will need to use Project Columbia with the NFuse 1.61 server extensions. As documented in Methodology in a Box 1.1. (http://www.dabcc.com/projectinabox/) The following defines how to configure how NFuse Classic will communicate with the MetaFrame farm. 1. Click MetaFrame Servers in the panel on the left of the page. 2. Under Serve List, you will need to type the name of a MetaFrame server that is running the XML service in the Server address text box and click Add to add it to the list of server addresses. Repeat for every MetaFrame server in the farm. The servers are processed from the first server in the list down. You will want to prioritize the MetaFrame server with the data collectors being at the top of the list and then to organize the rest if the order of most available server. 
3. Check the Use the server list for load balancing check box to enable load balancing of the MetaFrame server in the server addresses listbox. NFuse will start with the first server in the list and then move to the next until the end of the list and then back to the beginning. 
4. The Bypass any failed server for X minutes (applies to all servers in the list) setting lets you set the amount of time that a failed server is hidden from the list of available servers. When NFuse fails in connecting to a MetaFrame XML service of a server listed in the Server addresses listbox it will removes it from the list for X amount of minutes. When the specified time limit is meet then the Server in placed back in the list. 
5. In the XML service port text box you can specify the TCP/IP port used by the Citrix XML Service on the MetaFrame servers specified in the Server addresses list. By default, this is the value of the port number entered during NFuse Classic installation. This port number must match the port number used by the Citrix XML Service. 
6. In Transport type - you can specify the protocol used to transport NFuse Classic data between the Web server and MetaFrame server. 
q HTTP - Select this to send data over a standard HTTP connection. Use this option when you have made other provision for the security of this link. q HTTPS - Select this to send data over a secure HTTP connection using SSL. You must ensure that the Citrix XML Service is set to share its port with IIS, and that IIS has been configured to support HTTPS. q SSL Relay - Select this to send data over a secure connection that uses the Citrix SSL Relay running on the MetaFrame server to perform host authentication and data encryption. 7. If you are using SSL Relay, specify the TCP port of the SSL Relay in the SSL server port field (the default port is 443), and the directory containing the certificate authority root certificates in the SSL key store path field. NFuse Classic uses root certificates when authenticating a Citrix SSL Relay server. Ensure all the servers running Citrix SSL Relay are configured to listen on the same port number. 
8. Click Save. The Overview page appears. Click the Apply Changes link. The Apply Changes page appears click the Apply Changes button for the changes to take place.
In the Authentication section you can configure the ways in which users can authenticate to NFuse Classic and, subsequently, to MetaFrame. Authentication to NFuse Classic takes place when a user accesses NFuse Classic using the Login dialog page or via another authentication method. If authentication is successful, NFuse Classic returns the users application set. You can configure explicit authentication, guest logins, Desktop Credential Pass-Through (Single Sign On), and smart card authentication to NFuse Classic. Use the Methods for authenticating to NFuse Classic section to configure user authentication to NFuse Classic. You can also configure how users authenticate to MetaFrame. Authentication to MetaFrame takes place when a user clicks on a hyperlink in their application set to launch an application. If authentication is successful, an ICA session is initiated in which the application runs. You can configure pass-through authentication and smart card authentication to MetaFrame. Use the Authentication for launching applications section to configure authentication to MetaFrame 
Methods for Authenticating to NFuse Classic In this section, you will configure what methods of authentication NFuse Classic will use to login and authenticate users. Note: The type of authentication you specify does not affect the method used for ICA Program Neighborhood Agent Clients. You must edit the Config.xml file to change the authentication method used by the Program Neighborhood Agent Clients. For more information, please refer to the ICA Win32 Client Administrators Guide. I will be adding a How to Configure the Config.xml file in the next release of this document. You can specify the following methods of authentication: 
Smart card By selecting this checkbox, users can authenticate to NFuse Classic by inserting a smart card into a smart-card reader attached to the client device. The user is prompted for a PIN. Desktop Credential Pass-Through By selecting this checkbox, users can authenticate to NFuse Classic using the credentials they provided when they logged into their Windows desktop. Users do not need to re-enter their credentials at the NFuse Classic Login page and their application set is automatically displayed. By combining Desktop Credential Pass-Through with pass-through authentication, you provide users with single sign-on. Pass-through authentication is a feature provided by the Win32 ICA Client. Security Issue - If the pass-through authentication feature is enabled on the Win32 ICA Client, an attacker could send the user an ICA file that causes the users credentials to be misrouted to an unauthorized or counterfeit MetaFrame server. Therefore, I do not recommend you enable the pass-through authentication feature. Guest login By selecting this checkbox, you will enable Guest users access through NFuse Classic without supplying a username and password and launch applications published for anonymous use on the MetaFrame server. Explicit authentication By selecting this checkbox, users are required to log into NFuse Classic by supplying a username and password. Microsoft domain-based authentication and Novell Directory Service (NDS) authentication are available. 
The following defines how to configure explicit login: 1. Click Authentication in the panel on the left of the page 2. Click to select the Explicitly login check box. 3. Click to select Use NT authentication radio button to specify Microsoft domain-based authentication. To force users to log in to a specific domain, select the with force login domain check box and enter the name of the domain.
4. If the users will be logging in to a Novell Netware environment then select the Use NDS authentication radio button. Specify an NDS tree in the with tree name field and a context name in the Context name field and click Add. The context name is displayed in the Context list. If you specify more than one context name, highlight a context name in the list and use the Up and Down buttons to place these in the appropriate order. The order you specify determines the order that context names are displayed to users in the user Login dialog box. 
5. In the Allow |