Novell SecureLogin 7.0 SP3 User guide

Brand: Novell

Model: SecureLogin 7.0 SP3

Category: Software

Type: User guide

www.novell.com/documentation

Citrix and Terminal Services Guide

SecureLogin 7.0 SP3

April, 2012

Legal Notices

Novell,Inc.makesnorepresentationsorwarrantieswithrespecttothecontentsoruseofthisdocumentation,andspecifically

disclaimsanyexpressorimpliedwarrantiesofmerchantabilityorfitnessforanyparticularpurpose.Further,Novell,Inc.

reservestherighttorevisethispublicationandtomakechangestoitscontent,at

anytime,withoutobligationtonotifyany

personorentityofsuchrevisionsorchanges.

Further,Novell,Inc.makesnorepresentationsorwarrantieswithrespecttoanysoftware,andspecificallydisclaimsany

expressorimpliedwarrantiesofmerchantabilityorfitnessforanyparticularpurpose.Further,Novell,Inc.reservestheright

makechangestoanyandallpartsofNovellsoftware,atanytime,withoutanyobligationtonotifyanypersonorentityof

suchchanges.

AnyproductsortechnicalinformationprovidedunderthisAgreementmaybesubjecttoU.S.exportcontrolsandthetrade

lawsofothercountries.Youagreeto

complywithallexportcontrolregulationsandtoobtainanyrequiredlicensesor

classificationtoexport,re‐exportorimportdeliverables.Youagreenottoexportorre‐exporttoentitiesonthecurrentU.S.

exportexclusionlistsortoanyembargoedorterroristcountriesasspecifiedintheU.S.

exportlaws.Youagreetonotuse

deliverablesforprohibitednuclear,missile,orchemicalbiologicalweaponryenduses.SeetheNovellInternationalTrade

ServicesWebpage(http://www.novell.com/info/exports/)formoreinformationonexportingNovellsoftware.Novellassumes

noresponsibilityforyourfailuretoobtainanynecessaryexportapprovals.

Novell,Inc.Allrightsreserved.Nopartofthispublicationmaybereproduced,photocopied,storedon

aretrievalsystem,ortransmittedwithouttheexpresswrittenconsentofthepublisher.

Novell,Inc.hasintellectualpropertyrightsrelatingtotechnologyembodiedintheproductthatisdescribedinthisdocument.

Inparticular,and

withoutlimitation,theseintellectualpropertyrightsmayincludeoneormoreoftheU.S.patentslistedon

theNovellLegalPatentsWebpage(http://www.novell.com/company/legal/patents/)andoneormoreadditionalpatentsor

pendingpatentapplicationsintheU.S.andinothercountries.

Novell, Inc.

1800 South Novell Place

Provo, UT 84606

U.S.A.

www.novell.com

OnlineDocumentation:Toaccessthelatestonlinedocumentation

forthisandotherNovellproducts,seetheNovell

DocumentationWebpage(http://www.novell.com/documentation).

Novell Trademarks

ForNovelltrademarks,seetheNovellTrademarkandServiceMarklist(http://www.novell.com/company/legal/trademarks/

tmlist.html).

Third-Party Materials

Allthird‐partytrademarksarethepropertyoftheirrespectiveowners.

Contents 3

Contents

About This Guide 7

1 Getting Started 9

1.1 Support on Windows Microsoft Vista . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

1.2 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

1.2.1 Internet Explorer Enhanced Security Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

1.2.2 Disabling Internet Explorer Enhanced Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

1.3 Installation Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

1.4 Overview of Citrix Application Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

1.4.1 Application Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

1.4.2 Deploying in Corporate Directory Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

1.4.3 Deploying the Full Citrix Desktop. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

1.4.4 Deploying Published Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

1.4.5 Deploying Citrix Desktop and Published Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12

1.5 Novell SecureLogin Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12

2 Installing Novell SecureLogin on a Citrix Server 13

3 Deploying Citrix Applications 17

3.1 Launching an Application in a Citrix Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

3.2 Configuring Citrix Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

3.2.1 Creating a New Load Evaluator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

3.2.2 Loading New Load Evaluators to the Citrix Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18

3.2.3 Deploying Existing Citrix Published Applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

4 Using Connectors 21

4.1 Enabling an Application with Connectors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21

4.2 Deleting Connectors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22

5 Using NMAS, Secure Workstation, and pcProx with Citrix 23

5.1 Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23

5.2 Using NMAS with Citrix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23

5.3 Using pcProx with Citrix. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

5.4 Using Secure Workstation with Citrix. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

6 Setting Terminal Services 27

6.1 Integrating Microsoft Terminal Server and Citrix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

6.2 GINA Credential Pass-Through . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

6.2.1 What Happens when GINA Pass-Through is Working? . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

6.3 Integrating with Citrix Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

6.3.1 Windows GINA Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

6.3.2 Program Neighborhood . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

6.3.3 Using Desktop Shortcuts to Published Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

6.3.4 Handling Password Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31

6.4 Virtual Channel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31

4 Contents

6.4.1 Virtual Channel Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31

6.4.2 Auto-Detecting the Client Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32

6.5 Requirements for Terminal Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32

6.5.1 Server Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32

6.5.2 Workstation Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

6.6 Setting Up the Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

6.6.1 Setting the GINA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

6.6.2 Configuring OnDemand. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34

6.7 Setting Up Workstations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35

6.7.1 Novell Client (without the NMAS Client) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35

6.7.2 Novell Client (with the NMAS Client). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35

6.7.3 Microsoft Workstation with No Novell Client Installed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

6.8 Installing the Virtual Channel Driver. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36

6.8.1 Workstations with the Citrix Client (ICA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

6.8.2 Workstations with the Terminal Server Client (RDP). . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37

6.9 Installing the Terminal Server Web Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37

6.10 Integrating with Citrix Published Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37

6.10.1 Modifying the Command Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37

6.10.2 Using SLLauncher Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38

6.11 Registry Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

6.11.1 Auto-Detecting the Client Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39

6.11.2 Servers with a Novell Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39

6.11.3 Localized Machine. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39

6.11.4 Third-Party GINA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39

6.12 Debugging Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40

6.13 Files Installed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40

6.13.1 Citrix Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40

6.13.2 Terminal Services Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41

6.13.3 CitrixServer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41

6.13.4 Microsoft Terminal Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41

6.13.5 Citrix Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41

7 Upgrading 43

7.1 Issues with Upgrading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43

7.1.1 Changes With Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43

7.1.2 Issues In Reading Old Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43

7.1.3 Upgrading the Data Store . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44

7.1.4 Prompting for a Passphrase During an Upgrade. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44

7.1.5 About the New Protection Method. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44

7.1.6 Adding the New Encryption Algorithm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

7.2 Deployment Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45

7.2.1 Installation Options in a Citrix Environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45

7.2.2 Deploying Existing Citrix Published Applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45

7.2.3 Using the Installation Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46

7.2.4 Deploying in Citrix Desktop Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46

7.2.5 Deploying Existing Citrix Published Applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46

7.2.6 Citrix Published Applications and the Application Definition Wizard . . . . . . . . . . . . . . . . . .47

7.3 Upgrading from Earlier Versions to Novell SecureLogin 7.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47

7.3.1 Restriction on Upgrades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47

7.3.2 Upgrading to Novell SecureLogin 7.0 from Novell SecureLogin 3.5.x. . . . . . . . . . . . . . . . .47

7.4 Phased Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48

7.5 Hot Desk and Mobile Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48

7.6 Stopping Tree Walking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48

7.7 Changing the Directory Database Version. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49

7.8 Deployment Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49

7.9 Developing a Migration Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Contents 5

7.9.1 Example of a Migration Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50

8 Troubleshooting 53

6 Novell SecureLogin Citrix and Terminal Services Guide

About This Guide 7

About This Guide

Thisdocumentprovidesthefollowinginformation:

 Chapter 1,“GettingStarted,”onpage 9

 Chapter 2,“InstallingNovellSecureLoginonaCitrixServer,”onpage 13

 Chapter 3,“DeployingCitrixApplications,”onpage 17

 Chapter 4,“UsingConnectors,”onpage 21

 Chapter 5,“UsingNMAS,SecureWorkstation,andpcProxwithCitrix,”onpage 23

 Chapter 6,“SettingTerminalServices,”onpage 27

 Chapter 7,

“Upgrading,”onpage 43

Audience

Thisguideisintendedfor:

 NetworkAdministrators

 SystemsAdministrators

 ITSupportStaff

Feedback

Wewanttohearyourcommentsandsuggestionsaboutthismanualandtheotherdocumentation

includedwiththisproduct.PleaseusetheUserCommentsfeatureatthebottomofeachpageofthe

onlinedocumentation,orgototheNovellDocumentationFeedback(http:// www.novell.com/

documentation/feedback.html)andenteryourcommentsthere.

Documentation Updates

ForthemostrecentversionoftheNovellSecureLoginCitrixandTerminalServicesGuide,visittheNovell

DocumentationWebsite.(http://www.novell.com/documentation/securelogin70/index.html)

Additional Documentation

FordocumentationonotherNovellSecureLogindocumentation,seetheNovellSecureLogin

DocumentationWebsite(h ttp://www.novell.com/documentation/securelogin70).

TheotherdocumentsavailablewiththisreleaseofNovellSecureLoginare:

 GettingStarted

 NovellSecureLoginReleaseNotes7.0ServicePack3

 NovellSecureLoginQuickStartGuide

 NovellSecureLoginOverviewGuide

8 Novell SecureLogin Citrix and Terminal Services Guide

 Installation

 NovellSecureLoginInstallationGuide

 Administration

 NovellSecureLoginAdministrationGuide

 NovellSecureLoginApplicationDefinitionWizardAdministrationGuide

 pcProxGuide

 EndUser

 NovellSecureLoginUserGuide

 Reference

 NovellSecureLoginApplicationDefinitionGuide

Documentation Conventions

InNovelldocumentation,agreater‐thansymbol(>)isusedtoseparateactionswithinastepand

itemsinacross‐referencepath.

Getting Started 9

Getting Started

NovellSecureLoginintegratestightlywithCitrixandterminalservices,todeliveramoreefficient,

simple,andreliablesinglesign‐onsolution.

Thisdocumentprovidesinstructionsfordirectoryserversandterminalservers(theCitrixserver

environment).Forexample,aMicrosoftActiveDirectoryserverforuserprovisioningand

managementwiththeapplicationsdeployed

byusingaCitrixserver.

YoumustconfiguretheCitrixandterminalserveranduserworkstationspriortoinstallingNovell

SecureLogin.TheNovellSecureLogininstallationpackagenowdetectsCitrixandterminalserver

filesandinstallstherequiredsupportingfilesautomatically.InscenarioswhereCitrixorterminal

servicesaredeployedafteryour

NovellSecureLoginimplementation,youmustredeploytheNovell

SecureLogininstallationpackagetoinstalltherequiredNovellSecureLogincomponents.

Thissectioncontainsthefollowinginformation:

 Section 1.1,“SupportonWindowsMicrosoftVista,”onpage 9

 Section 1.2,“Prerequisites,”onpage 9

 Section 1.3,“InstallationOverview,”onpage 10

 Section 1.4,“OverviewofCitrixApplicationDeployment,”onpage 11

 Section 1.5,“Novell

SecureLoginAttributes,”onpage 12

1.1 Support on Windows Microsoft Vista

MicrosoftWindowsVistaisrecognizedasa Citrix andterminalservicesclient.TheInstallCitrixand

terminalservicessupportoptionisdisplayedwheninstallingNovellSecureLogin.

TheMicrosoftWindowsVistaisnotsupportedasaCitrixoraterminalservicesserver.

1.2 Prerequisites

ThefollowingaretheprerequisitesforinstallingNovellSecureLoginonaCitrixandterminal

servicesserver:

 ExtendtherelevantenterpriseorcorporatedirectoryschemawiththeNovellSecureLoginsingle

sign‐onattributes.

 Makesureyouhaveadministrator‐levelaccesstotheCitrixorTerminalServicesserver.

 Ifsinglesign‐onis

requiredforJavaapplications,installSunJavaRuntimeEngine1.3orlater,

andOracleJInitiator1.3.1orlaterontheserverandworkstations.

 UninstallallversionsoftheNovellSecureLoginpriortoversion5.5.xupgrade.

10 Novell SecureLogin Citrix and Terminal Services Guide

1.2.1 Internet Explorer Enhanced Security Configuration

ThisinformationappliestotheconfigurationofaserverinaMicrosoftWindowsServer2003

operatingsystemenvironment.

Bydefault,theMicrosoftWindowsServer2003installsInternetExplorerEnhancedSecurity

Configurationdesignedtodecreasetheexposureofenterpriseserverstothepotentialattacksthat

mightoccurthroughWebcontentandapplication

scripts.Becauseofthis,someWebsitesmightnot

displayorperformasexpectedwiththeinstalledNovellSecureLogin.

Formoreinformationonenhancedsecurity,seetheMicrosoftSupportWebsite.(http://

support.microsoft.com/kb/81514/en‐us)

1.2.2 Disabling Internet Explorer Enhanced Security

Ifyouareexperiencingdifficultyaccessingsinglesign‐onenabledwebpagesfromaWindowsServer

2003server,dooneofthefollowing:

 InInternetExplorer,selectTools>InternetOptions>AdvancedtabandundertheBrowsingheading,

selectEnablethird‐partywebbrowserextensions.

‐or‐

 Usethe

WindowsAdd/RemoveWindowsComponentsontheControlPaneltodisableMicrosoft’s

InternetEnhancedSecurityConfiguration.

1.3 Installation Overview

Followingarethehigh‐leveltasksoftheCitrixandterminalservicesserverinstallation.

ThedocumentationforinstallingNovellSecureLoginonaCitrixorMicrosoftTerminalServices

coversthedefaultinstallationassumingthatNovellSecureLoginisinstalledonboth,theserverand

ontheworkstation.Ifyouhaveinstallingonlyon

theserverandnotontheworkstation,seeTID

7000523(http://www.novell.com/support/php/

search.do?cmd=displayKC&docType=kc&externalId=70 00523&sliceId=1&docTypeID=DT_T ID_1_ 1&

dialogID=115592134&stateId=00115588299)attheNovellSupportWebsite(http://www.novell.com/

support/microsites/microsite.do).

Inthedefaultinstall,

Slinas.dll

isinstalledontheserver.However,ifNovellSecureLoginisnot

installedontheworkstations,

SlinaC.dll

mustbeinstalledontheserver.

1 UninstallNovellSecureLoginversions5.5.andearlierbeforeupgradingtoNovellSecureLogin

7.0.

2 Extendthecorporatedirectoryschema.

IMPORTANT:Iftheschemawasextendeddu ringthedeploymentofNovellSecureLogin

version3.5orlater,youdonotneedtorepeattheprocess.

Refertotherelevantdirectoryinstallationanddeploymentguideforinstructions.

3 InstallNovellSecureLoginontheCitrixandterminalservicesserver.

Getting Started 11

1.4 Overview of Citrix Application Deployment

 Section 1.4.1,“ApplicationModes,”onpage 11

 Section 1.4.2,“DeployinginCorporateDirectoryEnvironments,”onpage 11

 Section 1.4.3,“DeployingtheFullCitrixDesktop,”onpage 11

 Section 1.4.4,“DeployingPublishedApplications,”onpage 11

 Section 1.4.5,“DeployingCitrixDesktopandPublishedApplications,”onpage 12

1.4.1 Application Modes

YoucandeploytheCitrixapplicationinthe followingmodes:

1.4.2 Deploying in Corporate Directory Environments

Inacorporatedirectoryenvironments,theNovellSecureLogindataisstoredonthedirectory.Thisis

donebyextendingthedirectoryschematoincludeNovellSecureLoginattributes.Forinformationon

extendingthedirectoryschemaforyourdirectory,refertotheNovellSecureLoginInstallationGuide.

NOTE:IfyouhaveinstalledNovellSecureLogin3.5.x,oralaterversion,therequiredSecureLogin

attributesarealreadyinstalled.

1.4.3 Deploying the Full Citrix Desktop

DeployingthefullCitrixDesktoprequiresNovellSecureLoginschemaextensionsonthenetwork

directoryserverandclientinstallationontheCitrixserver.

ThedataofusersoperatingtheNovellSecureLoginandusingtheCitrixserverremotelyisstoredon

theCitrixserverandthenetworkdirectory.

1.4.4 Deploying Published Applications

DeployingpublishedapplicationsrequiresNovellSecureLoginschemaextensionsonthenetwork

directoryserverwiththeclientinstallationontheCitrixserverandtheuserworkstation.

NovellSecureLoginexecutesfromtheworkstationtologintoapplicationspublishedontheCitrix

server.NovellSecureLoginuserdatamustbestoredontheuser’s

workstationforGINA‐to‐GINA

passthroughunlessNovellSecureLoginisneededforsinglesign‐onapplicationsthatarerunningon

thatworkstation.

Deployment Description

Deploying the Full Citrix Desktop In this mode of deployment, only the Citrix client runs on the desktop

and all other applications run on the Citrix server.

Deploying Published Applications In this mode of deployment, a combination of applications runs on the

desktop, and some are published by using the Citrix server.

Deploying Citrix Desktop and

Published Applications

Use this mode of deployment to run a full Citrix desktop, or a

combination of Citrix published applications and applications on the

workstation.

12 Novell SecureLogin Citrix and Terminal Services Guide

NOTE:TheSecureLoginApplicationDefinitionWizardcannotdetectCitrixpublishedapplications.

Youmustrunthe applicationonyourworkstationtocreateanapplicationdefinitionusingthe

wizard.

1.4.5 Deploying Citrix Desktop and Published Applications

CitrixDesktopandpublishedapplicationsrequire:

 NovellSecureLoginschemaextensiononthenetworkdirectoryserver.

 ACitrixserverandauserworkstation.

NovellSecureLoginexecutesfromtheworkstationortheCitrixserver,dependingonthemode

selectedbytheuser.TheNovellSecureLoginuserdataisstoredonthedirectoryserver,

theCitrix

server,andtheuserworkstation.

1.5 Novell SecureLogin Attributes

ExtendingthedirectoryschemaaddsthefollowingSecureLoginattributes:

 Protocom‐SSO‐Auth‐Data

 Protocom‐SSO‐Entries

 Protocom‐SSO‐SecurityPrefs

 Protocom‐SSO‐Profile

 Protocom‐SSO‐Entries‐Checksum

 Protocom‐SSO‐Security‐Prefs‐Checksum

NOTE:IfNovellSecureLogin3.5or3.5.xorlaterisinstalled,youneednotextendtheDirectory

schemabecausetheattributesarethesame.

However,anynewobjects,suchasorganizationalunits,stillrequireyoutoassignrights.

1 Logintotheserverasadministrator.

2 InserttheNovellSecureLoginproductinstallerpackage.Themainmenuisdisplayed.

3 ClickInstall/Upgradeandfollowtheon‐screeninstructionsforyourinstallationtype.

4 Double‐clickthe

ndsschema.exe

fileinthe

SecureLogin\Tools|Schema\NDS

folderofthe

installerpackage.TheSecureLogin‐Schemaextensiondialogboxisdisplayed.

5 Extendtheschema.

Installing Novell SecureLogin on a Citrix Server 13

Installing Novell SecureLogin on a Citrix

Server

Afteryouhavecompletedextendingtheschematotherequireddirectoryobjects,installNovell

SecureLoginsinglesign‐onapplicationsontheCitrixserver.

Forinformationonextendingtheschema,seeExtendingtheeDirectorySchema“Extendingthe

eDirectorySchema”intheNovellSecureLoginInstallationGuide.

NovellSecureLogincanbeinstalled,configured,and

featuresaddedandremovedbyusing

MicrosoftWindowsinstallercommandlineoptionsandparametersspecifiedinthecommandlineor

specifiedthroughabathfile.FordetailsonNovellSecureLogininstallation,refertotheNovell

SecureLoginInstallationGuide.

NovellSecureLoginrequiresMicrosoftWindowsinstaller3.0orlater,whichshipswithWindows

XP

ServicePack2(SP2)andisalsoavailableasaredistributablesystemcomponentforMicrosoft

WindowsServer2003(32‐bitsystemsonly).YoucandownloadthisfromtheMicrosoftDownload

Website(http://www.microsoft.com/downloads/Search.aspx?displaylang=en).

NOTE:Theproceduresforinstallingonadministratorworkstationsand userworkstationsarethe

same.

ThefollowingprocedureusestheMicrosoftWindowsVista64‐bitinstaller.

1 Logintotheworkstationasanadministra tor.

2 Double‐click

Novell SecureLogin.msi

locatedinthe

SecureLogin\Client\x64

directoryof

theNovellSecureLogininstallerpackage.TheWelcometotheInstallationWizardforNovell

SecureLoginisdisplayed.

14 Novell SecureLogin Citrix and Terminal Services Guide

3 ClickNext.TheLicenseAgreementpageisdisplayed.

4 Acceptthelicenseagreement,thenclickNext.

TheDestinationFolderpageisdisplayed.Bydefault,theprogramissavedin

C:\Program

Files\Novell\SecureLogin\

.Youcanacceptthedefaultfolderorchoosetochange.

Tochange,clickChangeandnavigatetoyourdesiredfolder.

Installing Novell SecureLogin on a Citrix Server 15

5 ClickNext.SelectaDatastoreforSecureLogin(thatis,theinstallationenvironment)pageis

displayed.

 IfyouselectNovelleDirectoryasthedatastore,see“Installing,Configuring,andDeploying

inaNovelleDirectoryEnvironment”intheNovellSecureLoginInstallationGuide.

16 Novell SecureLogin Citrix and Terminal Services Guide

 IfyouselectMicrosoftActiveDirectoryasthedatastore,see“Insta llingandConfiguringin

ActiveDirectoryEnvironment”intheNovellSecureLoginInstallationGuide.

 IfyouselectMicrosoftADAMasthedatastore,see“Configuring,Installing,andDeploying

InActiveDirectoryApplicationEnvironment”intheNovellSecureLoginInstallationGuide.

Deploying Citrix Applications 17

Deploying Citrix Applications

Thissectionhasinformationonthefollowing:

 Section 3.1,“LaunchinganApplicationinaCitrixEnvironment,”onpage 17

 Section 3.2,“ConfiguringCitrixLoadBalancing,”onpage 17

3.1 Launching an Application in a Citrix Environment

NovellSecureLoginintegrateswithCitrixandterminalservicesandsimplifiesthemethodinwhich

singlesign‐onsupportisprovidedforpublishedapplications.NovellSecureLogincanbelaunched

withoutmanuallypublishingtheCitrixapplications.NovellSecureLogincanbestartedorshut

downafterauserhasterminatedalltheapplications,which

deliversafarmoreefficient,simple,and

reliablesinglesign‐onsolutionforanyCitrixandterminalservicesenvironment.

3.2 Configuring Citrix Load Balancing

Asinglesign‐onoperationimplementedformemoryoptimizationmightresultinclientconnection

dropouts.However,thisdoesnothaveanyadverseimpactonyourCitrixserver,andyoucanresolve

thisbyconfiguringCitrixLoadEvaluatorstoincreasethenumberofallowedpagefaults.

 Section 3.2.1,“CreatingaNewLoadEvaluator,”

onpage 17

 Section 3.2.2,“LoadingNewLoadEvaluatorstotheCitrixServer,”onpage 18

 Section 3.2.3,“DeployingExistingCitrixPublishedApplications,”onpage 20

3.2.1 Creating a New Load Evaluator

1 StarttheCitrixmanagementconsole,thenselectLoadEvaluators.

2 Right‐clickandselectNewLoadEvaluator.TheNewEvaluatordialogboxisdisplayed.

18 Novell SecureLogin Citrix and Terminal Services Guide

3 SpecifyanamefortheLoadEvaluator,andadescriptionforthenewevaluator.

4 FromtheAvailableRuleslist,selectPageFaultsandPageSwaps,thenclickAdd.

5 FromtheAssignedRuleslists,selectPageFaults.

Thepagedefaultsettingsareconfiguredintherulesettingsection,whichisdisplayedinthe

bottomhalfoftheNewEvaluatordialogbox.

6 SpecifyavalueintheReportfullloadfieldwhenthenumberofpagefaultspersecondisgreater

thanthisvaluefield.

7 SpecifyavalueintheReportfullloadfieldwhenthenumberofpagefaultspersecondiflessthan

orequaltothisvaluefield.

8 FromtheAssignedRuleslist,selectPageSwapstodisplaypageswapsettingsintherulesettings

section.

9 SpecifyavalueintheReportfullloadfieldwhenthenumberofpageswapspersecondisgreater

thanthisvaluefield.

10 SpecifyavalueintheReportfullloadfieldwhenthenumberofpageswapspersecondisless

thanorequaltothisvaluefield.

11 ClickOK.

TherequiredLoadEvaluatorsareconfiguredandareloadedtotheCitrixserveronwhich

NovellSecureLoginisinstalled.

3.2.2 Loading New Load Evaluators to the Citrix Server

1 FromtheCitrixmanagementconsole,selectServers>Citrixservers.

Deploying Citrix Applications 19

2 Right‐clicktherelevantCitrixservername,thenselectLoadManageServer.TheLoadManage

Server‐<servername>isdisplayed.

3 FromtheAvailableLoadEvaluatorslistbox,selectConfiguredLoadEvaluators.ClickOK.

ThenewLoadEvaluatorsareloadedtotheCitrixserver.

20 Novell SecureLogin Citrix and Terminal Services Guide

3.2.3 Deploying Existing Citrix Published Applications

IfyouareupgradingfromapreviousversionofNovellSecureLogin,youdonotneedtochangethe

SLLauncher.exe

shortcutspreviouslycreatedforpublishedCitrixapplications.NovellSecureLogin

modifiestheexisting

SLLauncher.exe

automaticallysothat

SLLauncher.exe

isashellthatrunsany

commandlinepassedtoit.

TheNovellSecureLogininstallernowautomaticallydetectsthat theinstallationisonaCitrixserver

andpromptsyoutoverifythenewCitrixcomponentstobeinstalled.

IMPORTANT:AfterinstallingSecureLogin,ifyouhavebothpublishedapplicationandpublished

desktopopen,thechangesmadetoSecureLoginonthedesktopisnotreflectedinthepublished

applicationsessionuntilSecureLoginisrestarted.

Page is loading ...

Novell SecureLogin 7.0 SP3 User guide

Brand: Novell

Model: SecureLogin 7.0 SP3

Category: Software

Type: User guide

Download PDF

report

Novell SecureLogin 7.0 SP3 User guide

Novell SecureLogin 7.0 SP3 User guide

Related papers

Other documents