教程说明cc-p培训storefront

1、Document managementCategoryTracking InformationCompany:Citrix Systems, Inc.Author(s):Allen Furmanski / Elisabeth TeixeiraOwner(s): Worldwide ReadinessLast modified:May 16, 2013Version:Version 1.0Length:60 minutesMay 2013XenDesktop 7Project ExcaliburAllen Furmanski Worldwide ReadinessElisabeth Teixei

2、ra Worldwide ReadinessAgendaStoreFront OverviewStoreFront Deep DiveReceiver for Web Deep DiveStoreFront Smart Card ScenariosSmart Card Logon User ExperienceStoreFront OverviewWeb Interface is being phased out5StoreFront before ExcaliburDelivering the best user experience on all devicesConsistent Use

3、r Experience Unified Store Win Apps, Desktop, Web/SaaS, Data & MobileFollow-me Apps & SubscriptionsSimplified Provisioning & Upgrades VPN-less Remote AccessCentralized Management CustomizationStorefront ServicesAccess GatewayReceiverVDIAppsXenDesktopXenAppAppControllerWeb & SaaSDataMAMOne Store for

4、All ReceiversSite 3Site 2HA Pair or scale-out clusterNetScaler GatewayStorefront ServicesSite 1Scale-out cluster with web LBNative ReceiversBrowserAuthenticationReceiverforWebAggregationLaunchdesktopsappsSaaSdatamobileStoreFront servicesEnterprise TrendsIT RequirementsComparisonCustomer BenefitsStor

5、eFrontWeb InterfaceMobile workstyles; work-life balanceAccess to corporate applications and data from anywhereSelf-ServiceFollow-Me Apps, DataRoaming accessNO Self ServiceNO Follow-MeNO Roaming accessUser ChoiceIT ControlUse Any Device Any whereApplication ProliferationDeliver & Manage windows and n

6、on-windows appsWin Apps, Desktop, Web/SaaS, Native MobileWin Apps/Desktops onlyUnified User ExperienceUser experienceDeliver best user experience on any given deviceConsistency across ReceiversLimited to Web UIRemarkably improved UI on all devicesGrowing device diversityDevice management and control

7、One-Click setupNO built-in configurationUse Any DeviceCloud EraExtensible infrastructure with headroom for future needsModularExtensible to cloudMonolithicNO headroomHigher IT efficiencyFuture-proof Where does StoreFront go beyond WI today?StoreFront replacing Web InterfaceStoreFront 1.2 Standard fo

8、r XA 6.5XA and XD 5.0 and up, VDI-in-a-Box 5.2 Consistent User Experience across all devices Desktops, Thin Client, Mobile, and HTMLUnified Store Win Apps, Desktop, Web/SaaS, Data & Mobile (App Controller)Follow-me Apps & SubscriptionsCitrix Receiver updates and configurationVPN-less Remote AccessCe

9、ntralized Management Receiver for Web CustomizationStoreFront 2.0 Standard for XenDesktop.NextXA and XD 5.0 and up, VDI-in-a-Box 5.2 Enterprise MobilityEnterprise SecurityXenApp and XenDesktop Management Multi-Site XenDesktop ManagementWeb Interface supported with XenDesktop 5 thru June 17, 2015 . W

10、ith XenApp 6.5, thru Feb 24, 2016. StoreFront New in ExcaliburEnterprise Mobility - No external database, HTML5 Client, Desktop Appliance Site, Session pre-launch, International language support, IPV6 Enterprise Security - Integrated smart card authentication, Auth SDK, Smart Access across Receivers

11、, FIPS 140 Compliances, Fast connectXenApp and XenDesktop Management - Integrated with XenDesktop 7 Installer, Management from Desktop Studio, Windows Server 2012, Streamlined initial configurationMulti-Site XenDesktop Management - Home site management by user groups, Cross-farm aggregation, Geograp

12、hic Redundancy & Disaster Recovery, Optimal HDX Connection Routing, Multi-Tenant. Receiver for Web ExcaliburDesktop Appliance Site Elective password change Desktop Group Name SupportDomain dropdown on logon screenTighter integration with HTML5 engineSection 508 compliance Smartcard - non domain-join

13、ed desktop appliance (DAC)Improve Mac client detectionUPN Login Receiver install & update Separate desktop and application views Desktop restart Desktop auto launch Remote FXDesktop Lock SupportPersistent URL (App Shortcuts)Unbundle Mac /PC Receiver packagesReceiver.exe 4.0 - ExcaliburSCCM 2012 supp

14、ortNative Smart Card AuthenticationIPv6Local App AccessH264 (Decode) Prelaunch support (XenApp 6.5)No Docs TabHTML5 client roadmapVideo and Audio In-session keyboardVirtual ChannelTouch supportPointerResolution changes2 Factor Authentication MethodsXenDesktop direct access supportIPv6 supportWorkspa

15、ce ControlChrome OS : IE10/Chrome/Firefox on Windows(Desktops): FallBack Safari 6/ Chrome/Firefox on Mac OS : FallBackAndroid : Tablets Only, Chrome Browser and our Secure BrowseriOS: Tablets Only, Safari Browser and our Secure BrowserIE 10 WinRT (WindowsUI): Tablets and our Secure BrowserStoreFront

16、 2.0 New feature summaryGeneralReceiver for WebIPv6 SupportPrelaunchDesktop Appliance web siteWindows 2012 Server SupportUpgrade from StoreFront 1.2Persistent URL (App Shortcuts)Removal of databaseMulti-site support and failoverSection 508 compliance (RfWeb only)FIPS 140 ValidationFarm Based Optimal

17、 HDX RoutingUnbundle Mac and PC Receiver packagesWindows 2008 R2/Win 2012 Logo CertificationSupport elective password change (RfWeb only)Desktop groups - namingRemove legacy workflow APIAdmin Console & Symphony UI GuidelinesImprove Mac client detectionSmart Card AuthXenDesktop deployment integration

18、 (XD Admin Integration)Tighter integration with HTML5 engine (Storefront Services)Support AppC apps with workflowDevice EnrolmentSmartcard - non domain-joined desktop appliance (DAC)Enhancements to PNA shim to support Receiver Enterprise/Desktop LockStoreFront Configuration through RainMakerSupport

19、session reconnect in PNA shim for Tap and Go scenarioWI features not matched or bettered in ExcaliburADFS/Kerberos Constrained DelegationSSO to RfWebDelegated Kerberos AuthenticationCertain SDKsSmart card authentication via browser (Use native Receivers)Active Directory Federation Services (ADFS) in

20、tegrationSettings per location (IP Subnet)Domain pass through authentication via browserClient proxy settingsExplicit NDS passwordOffline Apps (RfWeb)Anonymous authenticationRfWeb on NetscalerCompact/Low graphics Mode and embeddingDeep portal integrations (SharePoint, customer portal)App Shortcut Pa

21、rameter PassingClient Name (for XA Policy control)Common CriteriaStoreFront Deep DiveGeneral ArchitectureMaintain LayerHardware (Physical) LayerDesktop LayerImagePersonalizationAppsExcalibur Deployment ponent Diagram w/Basic ConnectionsUser LayerAccess LayerEnd-point Device (external)NetScaler Gatew

22、ayFirewallFirewallStorefrontDirectorStudio3rd Party ConsolesPolicyVDAXenDesktop HostsEnd-point Device (internal)OSPolicyProfileUser Data(ShareFile)Universal AppsPersonal AppsDepartmental AppsControl LayerDesktop ControllersDeliveryControllerXenClient SynchronizerMCSPVSInfrastructure ControllersDatab

23、ase ServerLicenseServerNetworkActive DirectoryPrintingStorageXenDesktop HostsXenDesktop HostsControl HostsPVS ConsoleHypervisor ConsoleMerchandising ServerMac and WindowsStorefront Services TierStorefront Services ArchitectureXenApp FarmsInternalWeb AppsBrowserThin ClientsXML ServiceAdaptor?Receiver

24、 for WebFuture CitrixAdaptorsMobileDevicesSaaS AppsList All AppsLaunch App“Value Adds”List My AppsSubscribeStoreServicesAuthenticationServiceUpdate Service(Merchandising Server)3rd PartyAdaptors3rd Party PortalPasswordKerberosExtension.?3rd Party AppsSmartcardAppControllerNetscaler GatewayXenDesktop

25、 SitesOther ServicesPorts UsedComponentPortsStoreFront services (Authentication)Kerberos (88) / LDAP (389) / Kpasswd (464)StoreFront services (XML Communication)HTTP (80) / HTTPS (443)ICA 1494CGP Session Reliability2598Receiver for WindowsHTTP (80) / HTTPS (443)Receiver for WebHTTP (80) / HTTPS (443

26、)New Auth SystemAuth ServiceGive me a token for StoreCore User Directory“Do Something”Store ServicesSome otherService“who you are”“where you are”“what device”TrustDenied (talk to Auth)Denied ()Give me a token for AuthHow do you want to login?Login using Generic FormsFill in this formUsername= Passwo

27、rd=.Here is a Token for AuthGive me a token for StoreHere is a Token for Store“Do Something”“Do Something”NetScalerGatewayNew Auth System with Access GatewayAuth ServiceGive me a token for StoreCore User DirectoryPresent auth tokenStore ServicesEPA & AuthSSODetect call is via AG and offer AG SSO as

28、an auth method.Here is a Token for StoreDetect call is via AG and include as extra information in call context.Provisioning FilesStore = Gateway = , “US-East” Gateway = , “US-West” Gateway = , “EMEA” Default = Beacons Internal = External = External = ReceiverStoreFront26Account ServicesConfiguration

29、OfflineAGEE VPNShareFileReal-Time MediaAccess MethodsMulti SiteHomogenous Aggregated SitesBest site determined by a combination of Static preference ordering, group membership, site availability, session tracking.Heterogeneous Site AggregationPresent such equivalent apps to users as a single aggrega

30、ted app, handling launch and other operations depending on factors such as site availability, existing user ICA sessions, etc. Site Selection Using AD Group (Home Farm)Enables a users AD group membership to be used to filter the list of sites that are used for that user.Disaster Recovery SitesEnable

31、s sites for disaster recovery only.sitesUSDisaster RecoveryEUDR1sitesUS1US2EU1EU2sitesSFEUSFUSDevXD ControllerXD ControllerLB Storefront AccessXML ServiceXML ServiceExcalibur Site Scale outStoreFrontStoreFrontAggregation (desktop focus, esp. very large, 10-50K Desktop Deployments) XD Max 10K Size Si

32、teXD Max 10K Size SiteXD Max 10K Size SiteStoreFrontUsers span sites for scale and for robustness.Aggregation allow for farm differenceSession tracking across farms Home Farm optimisationHDX Optimized RoutingWithout OptimizationWith OptimizationStoreFrontMulti Tenant Citrix Studio IntegrationAllows

33、creation of groups of XenDesktop Controllers (Site) and group of Storefront servers (Cluster) using Citrix StudioLocal Storage Sizing Guidelines341 subscription = 1 user adding a single app1 subscription generates approximately 10KB of data1,000 users with an average of 100 subscriptions is approxim

34、ately 1GB of local data storage on each StoreFront serverReceiver for Web Deep DiveReceiver for Web - ExcaliburDesktop Appliance Site Elective password change Desktop Group Name SupportDomain dropdown on logon screenTighter integration with HTML5 engineSection 508 compliance Smartcard - non domain-j

35、oined desktop appliance (DAC)Improve Mac client detectionUPN Login Receiver install & update Separate desktop and application views Desktop restart Desktop auto launch Remote FXDesktop Lock SupportPersistent URL (App Shortcuts)Unbundle Mac /PC Receiver packagesDomain Joined Desktop ApplianceActive D

36、irectory ForestUserDomain DeviceReceiver (Enterprise) plus Desktop LockStoreFrontXenApp/ XenDesktopPNA Pass throughSIDsSmart cardStoreFrontXenAppIWASIDsXenApp Services URLWindows XP and 7 thin clients and repurposed PCs.App Short CutApp shortcuts load Receiver for Web and launch an app, whether logg

37、ed on to Receiver for Web or notApp launch can occur with native Receiver or the Receiver for HTML5Enabled via StoreFront admin consoleGenerate shortcuts through a special UI in Receiver for WebExample app shortcut URL: App Short CutLimitationCan not be generated by end usersShortcuts to multiple de

38、sktops in the same desktop groupPass-through authentication to Receiver for WebPassing command line parameters to appsStoreFront Smart Card ScenariosScenario 1: Domain-joined devicesActive Directory ForestUserDomain Joined DeviceReceiver for WindowsStoreFrontXenApp/ XenDesktopIWASmart cardSIDsSmart

39、cardStoreFrontXenAppIWASmart cardSIDsReceiver for Windows (Std) without browser involvementActive Directory forestUserDomain Joined DeviceReceiver for WindowsStoreFrontXenApp/ XenDesktopCitrixPassthruSmart cardSIDsSmart cardStoreFrontXenAppIWASmart cardSIDsNetScalerGatewaySmart cardScenario 2: Domai

40、n-joined Devices via GatewayReceiver for Windows (Std) without browser involvementOne Pin prompt for AGEE and another fore XA/XD. SSO support is deferred from Excalibur.Scenario 3: Non Domain-joined end pointsActive Directory ForestUserNon Domain DeviceReceiver for Windows and LinuxStoreFrontXenApp/

41、 XenDesktopSmart cardSIDsUsername+ PasswordStoreFrontXenAppIWASmart cardSIDsSmart cardReceiver for Windows (Std) and Linux without browserScenario 4: Non Domain-joined devices via Gateway Active Directory forestStoreFrontXenApp/ XenDesktopCitrixPassthruSmart cardSIDsStoreFrontXenAppIWASmart cardSIDs

42、NetScalerGatewayReceiver for Windows (Std) without browser involvementOne Pin prompt for AGEE and another fore XA/XD. SSO support is deferred from Excalibur.UserNon Domain DeviceReceiver for WindowsUsername+ PasswordSmart cardScenario 5: Non Domain-joined Desktop Appliance (Receiver for Web)Active D

43、irectory forestStoreFrontXenApp/ XenDesktopCitrixFederatedSmart cardSIDsStoreFrontXenAppIWASmart cardSIDsReceiver for WebUserNon Domain DeviceReceiver for Windows(Enterprise)Smart cardBrowserRestricted to Windows XP era devices. Win 7 support is deferred.Scenario 6: Domain-joined Desktop Appliance D

44、evices (Desktop Lock)Active Directory ForestUserDomain DeviceReceiver (Enterprise) plus Desktop LockStoreFrontXenApp/ XenDesktopPNA Pass throughSmart cardSIDsSmart cardStoreFrontXenAppIWASmart cardSIDsXenApp Services URLWindows XP and 7 thin clients and repurposed PCs.Key Limitations for Smart Card

45、UseReceiver for Web - Smart Card and Pass thru SSO are not supportedSmart Card Logon User ExperienceOne smart card reader attachedFlowCriteria for valid certificatesNot expiredCert has the right usageServer trusts the CAHas private key1. User clicks on app icon 2. Receiver reads the smart card and f

46、ilters out invalid certsUser setupSmart card reader attachedSmart card inserted, One cert in card3. Just one valid cert- Display the PIN promptUser setupSmart card reader attachedSmart card inserted, One cert in card1. User clicks on app icon 2. Prompt user to insert smart cardUser setupSmart card r

47、eader attachedSmart card not inserted, multi valid cert in cardUser setupSmart card reader attachedSmart card not inserted, multi valid cert in card3. Receiver reads smart card and filters cert4. Show a list of certificates from the smart cardUser setupSmart card reader attachedSmart card not insert

48、ed, multi cert in card5. After user has selected a cert- Display the PIN promptStoreFrontSubscriptions Store ServiceSubscriptions Store ServiceStore Service: Store1Subscriptions Store ServiceClientsPersistent DictionarySubscriptions Store Service: Store1Windows Service HostRemote Subscriptions Manag

49、erRemote Subscriptions ClientESENT:Store1Store APIISubscriptionsManagerIRemoteSubscriptionsManagerIReplicationServicePersistent DictionarySubscriptions Store Service: Store2ESENT:Store2IRemoteSubscriptionsManagerIReplicationServiceStore Service: Store2Remote Subscriptions ManagerRemote Subscriptions

50、 ClientStore APIISubscriptionsManagerSubscriptions Store Admin ServiceSubscriptions Store ServicePowershellSnap-inPersistent DictionarySubscriptions Store Service: Store1Windows Service HostESENT:Store1IRemoteSubscriptionsManagerIReplicationServicePersistent DictionarySubscriptions Store Service: St

51、ore2ESENT:Store2IRemoteSubscriptionsManagerIReplicationServiceSubscriptions Store AdministrationSubscriptions Store ServiceSubscriptions Store Service:Server1Persistent DictionarySubscriptions Store Service: Store1Windows Service HostESENT:Store1IRemoteSubscriptionsManagerIReplicationServicePersiste

52、nt DictionarySubscriptions Store Service: Store2ESENT:Store2IRemoteSubscriptionsManagerIReplicationServiceSubscriptions Store Service:Server2Persistent DictionarySubscriptions Store Service: Store1Windows Service HostESENT:Store1IRemoteSubscriptionsManagerIReplicationServicePersistent DictionarySubs

53、criptions Store Service: Store2ESENT:Store2IRemoteSubscriptionsManagerIReplicationServiceClustersCluster: 2Cluster: 1Subscriptions Store Service: 1Subscriptions Store Service: Store1Windows Service HostSubscriptions Store Service: Store2Subscriptions SynchroniserESENT:SyncDataISyncReplicationServiceISubscriptionsSynchroniseSubscriptions Store Service: 2Subscriptions Store Service: Store1Windows Service Ho