优化Citrix_XenApp服务器集群.ppt

1、#403: Optimizing Citrix XenApp Farms and Enhancing System Health,Jo Harder, Citrix Systems,Agenda,Common Deviations from the Default Settings,Optimizations IMA, ICA, and Printing,System Health Tools,Citrix Internal Environment,During This Session . . .,References to: Citrix Presentation Server 4.5 a

2、nd Citrix XenApp Windows Server 2003 and Windows Server 2008 Windows XP and Windows Vista client operating systems Primary references based on Presentation Server 4.5 on Windows Server 2003; distinctions will be made where applicable,Presentation Server 4.5 for Windows Server 2003,XenApp for Windows

3、 Server 2008,Windows Vista,Windows XP,XenApp for Windows Server 2003,Best Practices,Best Practices are subjective What is optimal for one environment is not optimal for another Not a magic wand,Recommendations/Considerations,Common Deviations from the Default Settings,Key Areas to Consider for Modif

4、ication,Terminal Services Settings Installation Options Farm Settings Other Settings,Note: All screen shots show defaults unless otherwise stated,Terminal Services Settings,Terminal Services Profile Default is no Terminal Services profile Folder Redirection Default is no folder redirection,Terminal

5、Services Profiles,Why does this matter? Upon logon, the Terminal Services user profile is loaded onto the Terminal Server If no Terminal Services profile designated: The Windows profile for that user will be used If no Windows profile, the existing local Terminal Services profile for that user on th

6、at server will be used If no local profile, one will be created from local default user Local profile causes user settings to be housed only on that server Settings wont be available when user logs onto other servers Recommendation: Set a Terminal Services Profile, preferably in GPO If mandatory add

7、resses requirements, easiest to maintain More work initially because mandatory profile must be created Ascertain that user functionality and data can be addressed,Terminal Services User Profile,User Properties Supports mandatory or roaming,GPO if Windows 2003 AD Supports roaming only by default Mand

8、atory w/Microsoft 908011 or SP2 Similar setting in Windows 2008 AD,Recommended!,Folder Redirection,GPO included in AD 2000, 2003, and 2008 Can designate where that folder gets redirected Works with mandatory or roaming profiles AD 2008 includes additional folder options,Application Data folder Files

9、 that are included in the Application Data folder can be redirected If application pulls information from Application Data folder, data may be redirectedTEST!,Installation Options,Zone Name Default is Class C address of server Shadowing Default is allow shadowing,Zone Name,Servers cant be added from

10、 another subnet unless default is changed Recommendation: Change zone name during installation or afterward Within XenApp for Windows Server 2008, default zone name is Default zone,Shadowing,Due to government or industry regulations, shadowing may not be permissible or may require acceptance and/or

11、logging If shadowing is disabled during installation, cannot later be re-enabled Must re-install Recommendation: Appropriately disable or enable during installation,Farm Settings,Connection Access Controls Default is any connection Display Default is 5625 KB Memory/CPU Optimization Default is not en

12、abled SpeedScreen Browser Acceleration Default is enabled Health Monitoring and Recovery Default is 4 tests, mostly alert only,Connection Access Controls,Any connection allows access by Program Neighborhood Recommendation: Second or third option more secure But will also block admins from using Prog

13、ram Neighborhood! Access Control can also be set within published applications and policy filters,Display,Maximum GUI setting is 8192 Most client devices can easily support maximum If two monitors, maximum may be needed Recommendation: set to 8192 for 64-bit and if ample memory, 32-bit also If highe

14、r setting required, see CTX114497 XenApp for Windows Server 2008 default is 32,768,Memory/CPU Optimization,Can enable both, either, or neither Memory Optimization can improve app logon time Not compatible with all apps, which can be excluded CPU Utilization Management Can improve user experience Mor

15、e granular in new XenApp release Recommendation: Test! Implement as appropriate,SpeedScreen Browser Acceleration,Although enabled by default, can be optimized to reduce bandwidth requirements Slightly reduces image quality but users will likely not notice difference Recommendation: Compress JPEG ima

16、ges to improve bandwidth Variable image compression,Health Monitoring Load Throttling=High),Application Appearance,16-bit color slightly decreases bandwidth Minimum of 16-bit color required for SpeedScreen Browser Acceleration Recommendation: If bandwidth constrained, change color to 16-bit Also, ke

17、ep all apps with same color setting in order to ensure session sharing,Administration,Limit administrative privileges where feasible Custom or view only rights Custom does not function properly if environment has mixed versions of Presentation Server Recommendation: Designate admin rights based on r

18、equirements,Web Interface Load Balancing,Connection should be routed to primary Data Collector(s), otherwise re-routed to a Data Collector anyway If load balanced, may route to a server other than a primary Data Collector Recommendation: Disable Web Interface load balancing,Resource Manager,Default

19、metrics likely inadequate Will generate alerts that will thus be ignored Recommendation: Customize metrics and alerts properly or take advantage of EdgeSight for Presentation Server (Platinum edition) If customizing Resource Manager metrics, consider adding: WorkItem Queue Ready Count for Data Colle

20、ctors License Server Connection Failure Zone Elections Use application count metric only where needed Causes traffic every 30 seconds from the Data Collector to the Farm Metric Server, as well as CPU resources Set new metrics, including alerts and thresholds, so that they will not be ignored and nee

21、dlessly use bandwidth and processor resources,Load Evaluators,Default Load Evaluator rarely optimal Advanced may suffice, but page swaps may be too low Especially for x64 Recommendation: Configure custom Load Evaluator May be based on Advanced with elimination of page swaps and/or other changes,So,

22、Why Doesnt Citrix Change Defaults?,Occasionally, we do! Generally, defaults arent changed because that would make it necessary for admins to reconfirm all settings when upgrading,Configuration Options for IMA, ICA, and Printing,Independent Management Architecture (IMA),Underlying architecture used f

23、or configuration, monitoring, and operations Required for functionality Used for server-to-server communications via TCP 2512 Recommendation: Ensure IMA traffic is not blocked,IMA Encryption,Encrypts Configuration Logging database credentials that are stored in the Data Store Can be enabled during i

24、nstallation or later with CTXKEYTOOL Recommendation: When Configuration Logging is enabled, use when database security is a concern,ICA Traffic,TCP 1494 inbound to server Dynamically allocated port from server to client,Client Device with Citrix XenApp Plugin,XenApp,ICA Traffic Characteristics,Lots

25、of small packets Consolidating ICA packets can cause a negative user experience Users will wait longer for data traversal and screen refreshes Prioritizing ICA can enable a positive user experience ICA data traversal deemed more important,Prioritizing ICA Traffic,QoS becoming more prevalent If Sessi

26、on Reliability is used and all clients support it, prioritize TCP 2598 (Common Gateway Protocol) If all clients do not support Session Reliability, then both 1494 and 2598 must be prioritized Adjust if port numbers have been altered Recommendation: Prioritize inbound 1494/2598; outbound 1494/2598,TC

27、P 1494 and/or TCP 2598,Citrix XenApp,Securing ICA Traffic,SecureICA Ensures the confidentiality of session data but does not perform any authentication Optionally used for internal communications where additional security is required Enabled within Citrix policies SSL/TLS Ensures the confidentiality

28、, authentication, and integrity of session data Should be used for external communications, e.g., Access Gateway/Secure Gateway Requires a certificate,Citrix SSL Relay,SSL/TLS encryption between specific servers and clients Use cases: Secure communications with servers that host the Citrix XML Servi

29、ce Small number of servers to support (five or fewer) Do not need to secure access at a DMZ Do not need to hide server IP addresses or you are using Network Address Translation (NAT) Need end-to-end encryption of data between clients and servers,Recommendation: If you must secure traffic between Web

30、 Interface server(s) and Data Collector(s) hosting the Citrix XML Service, use Citrix SSL Relay,Using Citrix SSL Relay to Secure Citrix XML Traffic,Internally generated certificates can be used to save costs Detailed instructions in the Administrators Guide Recommendation: Where Web Interface server

31、(s) located in the DMZ, secure Citrix XML traffic by means of Citrix SSL Relay (or move Web Interface to the internal network!),Printing,Native Drivers Universal Printer Driver Auto-Created Printers Network Printing,Native Drivers,Default behavior is to install all native printer drivers By default,

32、 native drivers are used if present instead of Universal Printer Driver Default result is native drivers installed so UPD is not used Recommendation: Disable native printer driver installation in Citrix policies,Citrix Universal Printer Driver,May totally avoid the need for native printer drivers In

33、ternally, Citrix only uses Universal Printer Driver Recommendation: Consider whether UPD only is feasible,Default Printing Behavior,Network printer: Route directly from the XenApp Server to the printer (red) Auto-created printer: Route back through the client device (blue) Print jobs routed through

34、ICA protocol,Auto-Created Printers,Most commonly used Similar to client device printing capability If a network printer is pre-defined on the client device before ICA session logon, it is mapped as an auto-created printer If a multitude of printers, logon may take longer Determine whether default on

35、ly is suitable If network printers are designated via Session Printers policy, non-network printers should suffice Recommendation: Determine actual user printing requirements,Policy enabled to show options,Network Printer Assignment,True network printing involves importing network printer and assign

36、ing print devices by means of Session Printers policy Additional administrative effort Required for client devices that cannot configure their own printers, e.g., thin clients Recommendation: Where required, enable network printing by importing print servers and configure Session Printers policy,Rou

37、ting for Network Print Jobs,By default, network print jobs route from server print server printer Typically fine for LAN but not optimal for printing that occurs across a WAN Recommendation: Enable Print Job Routing policy so that network print jobs are compressed via ICA as they traverse the WAN,Sy

38、stem Health Tools,System Health Tools,EdgeSight for XenApp Health Monitoring and Recovery Resource Manager Microsoft Management Packs SNMP Plug-Ins Configuration Logging,Citrix XenApp,Health Monitoring and Recovery,10 Tests included with Presentation Server 4.5 Feature Pack 1 and later Alerts shown

39、in Access Management Console In new XenApp version, alerts shown in EdgeSight console Custom tests can be written with HMR SDK CTX112283,Resource Manager,Enables real-time and archival of system health data Starting with XenApp for Windows Server 2008, will be based on EdgeSight technology,Managemen

40、t Pack for Microsoft Operations Tools,Management Packs for Microsoft Operations Manager 2005 and Microsoft Systems Center Operations Manager 2007 Provides system administrators with real-time event and performance monitoring from the centralized console Includes licensing events Accessible from MyCi

41、trix,Network Manager SNMP Agent and Plug-In,Provides systems management capabilities through third-party SNMP management consoles Consists of the SNMP agent for Citrix Presentation Server and plug-ins for supported SNMP management consoles,Configuration Logging,Tracks administrative changes in a dat

42、abase Especially where multiple administrators exist, shows who changed what and when,EdgeSight for Presentation ServerApplication Performance Monitoring,Addressing Performance Complaints,Health and Availability Monitoring Proactively monitor user-experience and infrastructure Intelligent, early-war

43、nings to potential issues Visibility to granular, real-time data,Identifying Problem Source,Problem Diagnostics Comprehensive data-capture at process-level Historical and real-time data presentation Full visibility to application, network, system context,Optimizing the Infrastructure,Trending and An

44、alysis Comprehensive and continuous performance statistics Application and user-level utilization and resource consumption Group / Application / Time-based comparison reports,Citrix Internal Environment,Citrix Systems, Inc.,118 servers based on 5 large geographical zones Most of the optimizations presented are used, including Terminal Services profile Folder Redirection Display set to 8192 Memory/CPU Optimization SpeedScreen Browser Acceleration Delegated administration Custom load evaluator SpeedSc