Xenapp 5.0 Vs Xenapp 6.0

Xenapp 5.0	Xenapp 6.0
Policies are created using Xenapp Advanced configuration console	Policies can be created and configured both using Group Policy Managed console and/or directly out of the Citrix Delivery Service Console. The policies are logically now divided in two parts: computer and user. Policies assigned to Server / Farm properties comes under Computer policies. Policies assigned to user sessions comes under User policies.
Available via Java console	XenApp tasks are now available within a MMC 3.0 based console, named Citrix Delivery Services Console single console for all tasks.
There is no concept of Worker groups	Worker groups can create a group of XenApp server (based on a OU, AD Group or XenApp Farm servers). This workgroup can be assigned to policies, Load Balancing Policies and published applications. When you add a new server and assigns this one to the worker group it automatically will be configured using the policies and host the published applications configured.
Load evaluators are assigned to servers & applications	Load Evaluators are no longer assigned to servers,  but to Worker Groups or OUs.
Not Applicable	With XenApp 6 it is also possible to stream App-V virtualized application to client running the Citrix Streaming Client/Receiver
HDX includes think of speedscreen, ICA compression and progressive display	HDX RealTime : Which improves audio quality to CD quality level, VOIP echo cancellation and support for Microsoft Office Communicator (LAN based only).
XenApp 5 allowed for USB-attached flash and disk drives to be linked to XenApp sessions.  Users should logoff and logon again to have USB devices detected	HDX dynamic USB plug and play support is added : This makes it possible to add USB devices (cameras (including Webcams), microphones, headsets) into the client, while the user has already a XenApp session running
Software need to be installed separately	Role based installation which enables easy and simple migration to the latest XenApp platform

Secure Gateway Vs Access Gateway

SSL RELAY:

The SSL VPN is a secure remote access solution that provides point-to-point

communication between remote users and an enterprise network. It does so by creating a

secure SSL-based tunnel between a user’s web browser and the citrix servers.

SSL VPN lets remote users

securely access a company’s networked enterprise resources, including:

i) Intranet or extranet websites

ii) Shared Windows file systems

iii) Native client/server applications (e.g., Outlook, Peoplesoft, and Oracle)

ICA ENCRYPTION:

The Citrix ICA protocol is used to transfer data between a client and the CPS

server. ICA has a mode called SecureICA that encrypts ICA traffic using RSA's

RC5 encryption. Since this level of encryption is not strong enough for

delivering data over the Internet, Citrix developed the Secure Gateway (SG).

SECURE GATEWAY:

The Secure Gateway (SG) is a software proxy server for securing CPS traffic. It

acts as an SSL gateway between ICA clients and the CPS server farm. Secure Gateway is limited to support Presentation Server traffic. In the "Double-Hop DMZ" setup the SG device in the first hop has access to the Web Interface and the authentication servers. Access to the Secure Ticketing Authority and CPS servers is through a proxy device occurs in the second hop.

ACCESS GATEWAY:

The Access Gateway is appliance based which includes support for additional applications

and protocols. The Access Gateway Enterprise Edition can handle all of your organization’s

remote access needs by securing traffic to applications hosted by Presentation

Server as well as access to corporate resources such as email, internal Web

applications, and network file shares. You can deploy the Access Gateway Enterprise Edition in a double-hop DMZ configuration to provide a single point-ofaccess to a server farm residing in an internal network. With this configuration, you must deploy two Access

Gateway appliances: one in the first hop of the DMZ and one in the second

hop of the DMZ. The Access Gateway in the second hop of the DMZ

operates as a proxy for ICA traffic traversing the second DMZ.

Configuration Details

You can set the system to run in the Secure Gateway mode using the set vpn

parameter -wiMode CSG command

> set vpn parameter -wiMode CSG

Note: By default, wiMode is set to NONE on the system.

Once the WI mode has been enabled, the set vpn parameter -homepage

command is used to configure the Web Interface homepage that the system

should redirect the user to. This is where the CPS applications are published

and can be accessed by the user.

To configure the WI homepage to http://wi.citrix.com/Metaframe, you can use

the command.

> set vpn parameter -homepage http://wi.citrix.com/Metaframe

The configured URL should contain the fully qualified domain name (FQDN) of

the WI server and the homepage.

Note: If the WI is a secure (HTTPS) server, the FQDN should be configured as https://

The VPN vserver can run in both the CSG and non-CSG (traditional VPN

functionality) modes at the same time, i.e., some user sessions can be in the

CSG mode and others in a non-CSG mode.

If CSG mode is enabled (on a session), on successful authentication, the VPN

plugin is not loaded; instead the browser is re-directed to the homepage

(which will be the WI homepage) and all HTTP requests are proxied to the WI.

Since the plugin is not running, none of the other backend resources (except

for CPS) is accessible.

However, If CSG mode is disabled, the VPN plugin gets loaded and the WI

becomes just another back-end service with it's traffic being intercepted.

Note: If the WI is in the SG mode pointing to the VPN vserver as the proxy, the VPN

vserver will automatically switch to CSG mode for the resulting ICA traffic.

Secure Ticketing Authority server configuration

Secure Ticketing Authority (STA) is a ticketing mechanism that issues SG

tickets for ICA connections. These tickets form the basis of authentication and

Access Gateway SSL VPN

Installation and Configuration Guide 6-97

authorization for ICA connections to a CPS server. It also stores the IP address

of the CPS server in the ticket and returns this address as part of the ticket

validation.

You can bind an STA server to the system either globally or to a particular VPN

vserver using the bind vpn global -staServer or the bind vpn vserver

-staServer commands.

bind vpn global -staServer <URL>

OR

bind vpn server -staServer <URL>

Note: STA servers will not be load balanced, since each STA server has a unique ID

and only the STA server that generated a ticket can validate it.

Configuring Double Hop

To configure double hop on the system, you can add a nextHopServer using

the add nextHopServer command.

You can configure a secure nextHopServer called nextHopServer1 with IP

address 192.168.12.15 using the command.

> add nextHopServer nextHopServer1 192.168.12.15 443

-secure ON

You can bind a nextHopServer to the system either globally or to a particular

VPN vserver using the bind vpn global -nextHopServer or the bind vpn

vserver -nextHopServer commands.

> bind vpn global -nextHopServer nextHopServer1.

Hints:

CSG: Citrix Secure Gateway

Your pictures can't be printed because this error occured:

Problem:

Memory error when trying to print pictures.

When right clicking an image and selecting Print from the context menu, a number of error messages appearing saying

“Your pictures can't be printed because this error occurred:

There isn't enough available memory to print your picutres. Close some open programs, and then try again”

Solution:

The problem may occur due to system file corruption.

Open command prompt and type (make sure you run as Administrator)

sfc /scannow

reboot and try printing the image again the problem should not occur.