Citrix do love inventing new products! Even if they then replace ones that work just fine. Anyway, get used to the fact that Web Interface is going to be retired, because that is the way we’re now going. Web Interface will not have any new versions – the future is StoreFront! Or Cloud Gateway Express, I’m a little unclear – to be honest the terms seem to be used interchangeably.
StoreFront is all new and exciting – and oddly old fashioned. To be honest it looks oddly like Program Neighborhood! One word of warning – it does not work at all with Citrix Presentation Server v4.0 because there is no way of disabling launch references, which were only introduced in Presentation Server 4.5. Just an aside – this test system will be with XenApp 6.0
To be honest, Web Interface is working fine for now, except for the Chromebooks. Chromebooks do not like Web Interface, they just claim (rightly) they have no Citrix client installed and give you the chance to download an ICA file, which (again rightly) you are informed cannot be opened in Google Docs. You need StoreFront, and you also need to download the Receiver plug-in from the Google WebStore on your Chromebook.
So this is a quick guide to installing a standalone StoreFront server (just internal in this case, and without any 2 factor authentication) to allow a Chromebook to launch Citrix applications from XenApp. I should really point out here that should should be just a proof of concept – any serious implementation will have at least two servers and a shared database. I’m also going to use SQL Express which I would not recommend for live systems if you have full SQL Server available.
Preparation
Login to My Citrix and click Downloads
Choose CloudGateway from the big drop down list.
Select CloudGateway Express from the list. The other download is the full appliance, and if you have bought that you hopefully know what you are doing!
Choose StoreFront 1.2…
Now you have your installers, prepare the target server:
Install Windows Server 2008 R2 with SP1 – I’ve not tested this on Windows Server 2012. You might want to save time by installing the Web Server role with the IIS6 management options and ASP.NET as well.
Installing IIS and a secure web site
You can skip this if you wish and go straight to SQL installation, but at this point I am going to get IIS ready. I’ve set up a CNAME record on my internal DNS server called “storefront”, pointing to the server name of this new server. This means I’ll can now use the URL http://storefront, where I see a big graphic saying IIS and wishing me welcome.
But I want SSL too – StoreFront will have usernames and passwords going through it and really should be secure. I have a Windows Certificate Authority already set up (whose certificates will be trusted by my PCs) so this bit is easy for me. If you don’t have that (and don’t want to put it in place), you could buy a commercial SSL certificate or use a self signed one and make it trusted with Group Policy. But I would consider using SSL somehow.
In my case, I launch “Internet Information Services (IIS) Manager”, then select the server on the left, then SSL Certificates. I created a certificate request (2048-bit), generated a certificate for it on my certificate server, completed the request back on my Storefront box, then added a binding on the default website for https and using my new Certificate. Phew. Now the secure URL https://storefront gives me the nice IIS welcome screen, but with that reassuring “https” in the address bar.
:-)
Installing SQL Server Express
Unlike the nice simple Web Interface which ran on text files, StoreFront needs a SQL database to work. Since we are going to install in Standalone mode, the server needs to have an instance of SQL Server on it. SQL Express 2008 R2 is fine, though SQL Server 2012 is supported as well now. I’m running SQL Server 2008 R2 Express since I had the installer handy. Download it (with SP1) and run. Select “New installation…” to start.
Agree to the License terms when they come up.
On the feature Selection screen, you don’t need the Replication or SDK options.
Leave it on Named Instance, that should work fine.
Windows Authentication should be okay when it asks about that. Click the Data Directories tab and make them sensible. Personally I don’t like the DB files hidden somewhere in Program Files, so I make them like this (but choose whatever you want, this really is about personal preference):
Click Next, Next, Next until it actually installs.
Installing StoreFront 1.2
Extract the installer you downloaded onto your server and run CitrixReceiverStorefront-x64.exe
Agree to .net install if needed
.
Agree to the EULA
And agree to install windows roles if you did not do this earlier and begin the installation
The product should now install ok.
Click Start > Citrix > Citrix Receiver StoreFront
Select Deploy a Single Server. Note this is greyed out if you don’t have SQL Server running locally.
I put in the URL I previously got working – there, it was worth all the effort after all!
You then get three options: Authentication, Stores, and Receiver for Web.
The only button you can click is Create Service (for authentication), so click it. You then get three options – here are the explanations from the Citrix Edocs site:
- User name and password : This is explicit authentication. Users enter their credentials when they access their stores.
- Domain pass-through : This enables pass-through of domain credentials from users' devices. Users authenticate to their domain-joined Windows computers and are automatically logged on when they access their stores. In order to use this option, pass-through authentication must be enabled when Receiver for Windows is installed on users' devices.
- Pass-through from Citrix Access Gateway : With this, users authenticate to Access Gateway and are automatically logged on when they access their stores.
In my case I don’t have an Access Gateway at the moment (though as far as I can tell I am going to need one if I want to use two-factor authentication) and don’t want to use pass-through authentication, so I select User Name and Password to do simple authentication against AD. You might have different needs of course. It then takes a while creating the service and dumps you back on the first options. Click Create Store to… well, create the Store. When prompted, give the store a name:
In this test, I have linked to XenApp, entering a server name and HTTP since this test farm is not using HTTPS. As it notes, passwords will be send unencrypted. I have a feeling the security guys are going to encourage me to use HTTPS.
Time to create a site to log into. Click Create Site…
Lots of stuff appears under the Default Web Site in IIS and I can now go to this URL to access my store:
https://storefront/citrix/StoreWeb/
The first time you go to this it will take an age, though it does speed up.
Very nice. You seem to get these green bubbles no matter what client you want to use. I can see a request coming down to customise them at some point though.
Final configuration of StoreFront
Go back to your server and go into Citrix Receiver StoreFront from the Start Menu again. You should now see all the options, so clicking Authentication shows you the method you selected. Feel free to change this if you have changed your mind, or to customise it (by restricting the domains for instance).
Note the option to manage Merchandising Server. If you have a Merchandising server installed, you can enter its URL here. If you have no idea what this is, its a virtual appliance (Citrix are obsessed with these at the moment – basically a XenServer or VMware image of a pre-configured Linux VM running an application) which can distribute and update pre-configured clients. Its a good way to get the new Receiver client out there, which is incidentally a requirement to actually use this on a PC.
Click Stores on the left to look at the Store you created earlier. The main thing here you might want to do is to configure the server farms which the store will connect to, by selecting Store and clicking Manage Server Farms. I suppose if you have multiple farms (say, for testing), you might create multiple Store URLs, so the test farms were not connected to the URL your users were logging into. Note the other options here – an option for configuring Legacy support, so old Agent style clients can connect through the StoreFront system. You can also connect to Citrix Online and set up Remote Access, which are way beyond this little proof of concept.
Click Receiver for Web and you should see your website. You probably only need one of these.
Troubleshooting
Just a note in case you are not getting any connections through this, look in the Event Viewer. Under Applications and Services Logs, then Citrix Delivery Services. If there is lots of errors, panic.
Customising the graphics
You know management will ask about this.
The jolly green bubbles graphic is here:
c:\inetpub\wwwroot\Citrix\StoreWeb\media\bg_bubbles.jpg
(obviously the path will change depending on the store name and where you based your IIS site, but something like this at least, and there will be one per store).
Feel free to either replace this entirely or to just edit it. Here, I think this looks perfect…
1 comments:
Thanks for posting the detailed instructions. Installing the Storefront to allow access from Chromebooks is on our todo list! :)
Post a Comment