Connecting Thinstation Linux 5.1 Diskless Clients to a Citrix XenApp Farm
This material is designed to describe the sequence of actions for the transformation of obsolete computer equipment into full-fledged terminal diskless clients with network boot. Now there is enough similar information on the Internet, and although it is aimed at solving the same problem, still, basically, there is a description of Remote Desktop connections (RDP), less often VMWare View. Here, as the name suggests, everything that is needed to connect a diskless terminal client based on Thinstation Linux to the Citrix XenApp 6 server farm will be described. The article is not a step-by-step instruction and is not designed for beginners.
To download images over the network, DHCP and TFTP servers are required. The boot server can be deployed on Linux and on Windows, practically I used the Linux configuration, so here the emphasis will go precisely on this option, nevertheless, this can all be successfully configured on Windows. The process of installing and configuring DHCP and TFTP server is trivial, but we will need to specify additional parameters.
For dhcpd in dhcpd.conf you need to add the following lines:
')
For DHCP for Windows Server, you need to add options 067 and 066 with values ​​that were given above for dhcpd. As for the TFTP server, under Windows there is a tftpd32, it can work as a service, and has all the necessary functions. Under Linux xinetd is perfect, which is in many distributions.
Configuration file /etc/xinetd.d/tftp:
Installing and configuring a Citrix XenApp server farm is beyond the scope of this article, meaning that the farm is already up and running. In order for the citrix clients from Thinstation Linux to successfully connect to the farm, the following changes are required in the configuration:
In addition to the configuration changes, it would be helpful to consider the following:
Downloading the latest release of Thinstation Linux, and preparing to build. Commands are executed from root, it is assumed that the environment for building Thinstation Linux is loaded and will work in / thinstation:
Next, edit the build.conf and thinstation.conf.buildtime configuration files according to our requirements. In the future, you can fine-tune everything, make different configurations for different hardware, remove all unnecessary to minimize the size of the image, etc., but first it’s best to do everything as simple as possible to avoid errors due to additional complications. Therefore, I will mention only the important parameters that need to be uncommented in build.conf, modules can be ignored, since This is our first test build without optimizations, so we will build an image with all modules:
Packages:
Options:
thinstation.conf.buildtime, which comes by default in the Thinstation Linux distribution, is better to copy into a separate file, and create a new one as follows:
Download the file linuxx86_12.1.0.203066.tar.gz from here:
www.citrix.com/downloads/citrix-receiver/linux/receiver-for-linux-121.html
and put it in / thinstation / downloads. The build script of Thinstation Linux may even download what I need during the build, I just got used to using my distros.
Run the image build:
At the end of the build process, go to the / thinstation / build / packages / ica / opt / Citrix / ICAClient / config directory and fix the appsrv.ini.tpl file. By default, the citrix client installed in Thinstation Linux can only connect to the specified XenApp server, which does not meet our requirements. We need to connect to an application published on the XenApp server farm, thereby achieving greater reliability and fault tolerance of the solution. The client is not tied to a specific server, and when connected, the broker switches the client to the least loaded server in the farm. It goes without saying that in this case the servers should be identical in configuration and the users should have correctly configured relocatable profiles, but this is a separate topic.
Let's take appsrv.ini.tpl to the following form:
Run the image build again:
After the build is completed, the files we need will appear in the / thinstation / build / boot-images / pxe directory. Copy the contents of / thinstation / build / boot-images / pxe to / tftpboot.
Create the thinstation.conf.group-1280@60, thinstation.conf.group-desktop, thinstation.conf.group-mouse, thinstation.hosts configuration files in / tftpboot:
thinstation.conf.group-1280@60
thinstation.conf.group-mouse
thinstation.conf.group-desktop
thinstation.hosts
System requirements: network card with support for PXE LAN BOOTROM and RAM 512Mb. If you fine-tune the image for iron, eliminate all unnecessary, and if the computer has a motherboard with embedded video, then configure the BIOS to reserve RAM for smaller video memory (2-8MB), then you can shrink in 256MB, but I would recommend would be 320MB.
Of the settings, the main thing that is required is to enable network booting in the BIOS, and the BIOS must also have the correct time, otherwise there may be problems with the SSL connection (errors about the certificate validity period).
The goal was to make the diskless client work as similar as possible to the local computer, so there are no additional shells, the citrix client starts immediately and connects to the XenApp farm according to the configuration. After the download is complete, the user immediately sees the Windows login screen:
Thank you for attention.
Image and configuration download server
To download images over the network, DHCP and TFTP servers are required. The boot server can be deployed on Linux and on Windows, practically I used the Linux configuration, so here the emphasis will go precisely on this option, nevertheless, this can all be successfully configured on Windows. The process of installing and configuring DHCP and TFTP server is trivial, but we will need to specify additional parameters.
For dhcpd in dhcpd.conf you need to add the following lines:
filename "pxelinux.0"; next-server XXXX; ')
For DHCP for Windows Server, you need to add options 067 and 066 with values ​​that were given above for dhcpd. As for the TFTP server, under Windows there is a tftpd32, it can work as a service, and has all the necessary functions. Under Linux xinetd is perfect, which is in many distributions.
Configuration file /etc/xinetd.d/tftp:
# default: off # description: The tftp server serves files using the trivial file transfer \ # protocol. The tftp protocol is often used to boot diskless \ # workstations, download configuration files to network-aware printers, \ # and to start the installation process for some operating systems. service tftp { socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/in.tftpd server_args = -s /tftpboot disable = no per_source = 11 cps = 100 2 flags = IPv4 } As you can see from the above file, all Thinstation Linux images, available for download, and configuration files will be located in the / tftpboot directory.Preparing Citrix XenApp for connecting citrix clients under Linux
Installing and configuring a Citrix XenApp server farm is beyond the scope of this article, meaning that the farm is already up and running. In order for the citrix clients from Thinstation Linux to successfully connect to the farm, the following changes are required in the configuration:
- Publish the desktop as an application (let's call it Desktop) and add to it all the servers in the farm where you plan to allow users.
- Switch the custom Desktop Launches policy to the Allowed state. You can allow the Desktop Launches policy not globally to the entire farm, but only to those farm servers on which our Desktop application is published. To do this, on each such server, you need to open the local group policy editor (gpedit.msc) and then in the user configuration, enable the Desktop Launches policy in Citrix Policies.
In addition to the configuration changes, it would be helpful to consider the following:
- Citrix Web Interface, Citrix Secure Gateway (as well as Access Gateway, Netscaler, etc.) are not involved in connecting our diskless clients. Brokers for connection are the servers specified in the Thinstation Linux configuration (thinstation.conf.group-desktop). You can make all servers brokers, and you can assign this role to separate less loaded servers.
- The Citrix client for Linux does not support Session Reliability and is connected via standard XML (TCP / 80 or TCP / 8080 depending on the configuration) + ICA TCP / 1494, or via SSL Relay (TCP / 443 by default).
- The Citrix Linux client does not support connection priorities by worker-groups, i.e. no custom configured load balancing policies will work.
Build and configure a Thinstation Linux boot image
Downloading the latest release of Thinstation Linux, and preparing to build. Commands are executed from root, it is assumed that the environment for building Thinstation Linux is loaded and will work in / thinstation:
cd / git clone --depth 1 git://thinstation.git.sourceforge.net/gitroot/thinstation/thinstation cd thinstation ./setup-chroot q exit cd /thinstation/build Next, edit the build.conf and thinstation.conf.buildtime configuration files according to our requirements. In the future, you can fine-tune everything, make different configurations for different hardware, remove all unnecessary to minimize the size of the image, etc., but first it’s best to do everything as simple as possible to avoid errors due to additional complications. Therefore, I will mention only the important parameters that need to be uncommented in build.conf, modules can be ignored, since This is our first test build without optimizations, so we will build an image with all modules:
Packages:
package xorg7-vesa package ica package sshd Options:
param rootpasswd < > param basepath . param icaencryption true thinstation.conf.buildtime, which comes by default in the Thinstation Linux distribution, is better to copy into a separate file, and create a new one as follows:
KEYBOARD_MAP=en MOUSE_ACCELERATION=1 MOUSE_RESOLUTION=100 MOUSE_SENSITIVITY=1 X_MOUSE_PROTOCOL="IMPS/2" X_MOUSE_DEVICE=/dev/input/mice POWERBTN_ACTION=Off CUSTOM_CONFIG=Off DAILY_REBOOT=On SCREEN_BLANK_TIME=0 SCREEN_STANDBY_TIME=0 SCREEN_SUSPEND_TIME=0 SCREEN_OFF_TIME=0 DONT_VT_SWITCH_STATE=TRUE DONT_ZAP_STATE=TRUE NET_USE_DHCP=On NET_HOSTNAME=ts_* NET_FILE_ENABLED=On NET_TELNETD_ENABLED=Off RECONNECT_PROMPT=MENU TIME_ZONE=Europe/Moscow NET_TIME_SERVER=< NTP , FQDN- IP-> NET_REMOTE_ACCESS_FROM="0.0.0.0" XKEYBOARD="us,ru" XKBVARIANT=",winkeys" TFTP_BLOCKSIZE=1024 Do not forget to specify your NTP server.Download the file linuxx86_12.1.0.203066.tar.gz from here:
www.citrix.com/downloads/citrix-receiver/linux/receiver-for-linux-121.html
and put it in / thinstation / downloads. The build script of Thinstation Linux may even download what I need during the build, I just got used to using my distros.
Run the image build:
cd /thinstation ./setup-chroot q cd build ./build --allmodules The build process will begin installing the citrix client, which will ask questions, the answers to them will be given in the same place by the Thinstation Linux build script.At the end of the build process, go to the / thinstation / build / packages / ica / opt / Citrix / ICAClient / config directory and fix the appsrv.ini.tpl file. By default, the citrix client installed in Thinstation Linux can only connect to the specified XenApp server, which does not meet our requirements. We need to connect to an application published on the XenApp server farm, thereby achieving greater reliability and fault tolerance of the solution. The client is not tied to a specific server, and when connected, the broker switches the client to the least loaded server in the farm. It goes without saying that in this case the servers should be identical in configuration and the users should have correctly configured relocatable profiles, but this is a separate topic.
Let's take appsrv.ini.tpl to the following form:
Description=$ICAX_TITLE WinStationDriver=ICA 3.0 TransportDriver=TCP/IP DoNotUseDefaultCSL=Off EncryptionLevelSession=$ICAX_ENCRYPTION Compress=$ICAX_COMPRESS AudioBandwidthLimit=$ICAX_AUDIO_QUALITY ClientAudio=$ICAX_AUDIO UseDefaultSettingForColormap=Yes ZLMouseMode=2 ZLKeyboardMode=2 NoWindowManager=True UseFullScreen=Yes Address=$ICAX_TITLE TWIMode=$ICAX_SEAMLESS_WINDOW DisableCtrlAltDel=$ICAX_DISABLECTRLALTDEL If SSL Relay is configured on your XenApp farm and you want to protect your connections with SSL, copy the root certificate file from your CA to / thinstation / build / packages / ica / opt / Citrix / ICAClient / keystore / cacerts. The certificate file must be in the pem format, I immediately earned it in this format, maybe another one will work, I have not tried it.Run the image build again:
cd /thinstation ./setup-chroot q cd build ./build --allmodules After the build is completed, the files we need will appear in the / thinstation / build / boot-images / pxe directory. Copy the contents of / thinstation / build / boot-images / pxe to / tftpboot.
Create the thinstation.conf.group-1280@60, thinstation.conf.group-desktop, thinstation.conf.group-mouse, thinstation.hosts configuration files in / tftpboot:
thinstation.conf.group-1280@60
SCREEN_RESOLUTION="1280x1024" SCREEN_HORIZSYNC="30-65" SCREEN_VERTREFRESH="60" thinstation.conf.group-mouse
MOUSE_RESOLUTION=100 MOUSE_ACCELERATION=1 thinstation.conf.group-desktop
SESSION_0_TITLE="Desktop" SESSION_0_TYPE=ica SESSION_0_AUTOSTART=On SESSION_0_ICA_SERVER=Desktop SESSION_0_ICA_ENCRYPTION="Basic" SESSION_0_ICA_COMPRESS=Off SESSION_0_ICA_AUDIO_QUALITY=High SESSION_0_ICA_AUDIO=On SESSION_0_ICA_SEAMLESS_WINDOW=Off SESSION_0_ICA_SMARTCARD=Off SESSION_0_ICA_DISABLECTRLALTDEL=On ICA_BROWSER_PROTOCOL=HTTPonTCP ICA_WFCLIENT_HttpBrowserAddress=<FQDN XenApp>:8080 ICA_WFCLIENT_HttpBrowserAddress2=<FQDN XenApp>:8080 ICA_WFCLIENT_HttpBrowserAddress3=<FQDN n- XenApp>:8080 ICA_WFCLIENT_InitialProgram=#Desktop Be sure to include the full FQDN of the XenApp farm brokers. You can specify many such servers by increasing the number at the end of the HttpBrowserAddress X parameter. The real maximum is unknown to me, it works exactly with ten. It also means that the XML service is configured on port 8080, correct this parameter if you have a different port. If SSL Relay is configured on your XenApp farm, and you want to protect your connections using SSL, set the ICA_BROWSER_PROTOCOL = HTTPSonSSL parameter.thinstation.hosts
# Hostname MAC Resolution Mouse_settings Session thinstation1 001122334455 1280@60 mouse desktop The records “thinstation1”, “001122334455”, “1280 @ 60”, “mouse”, “desktop” indicate that the host with the mac address 001122334455 needs to be named thinstation1 and apply the settings specified in the thinstation.conf.group- files 1280 @ 60, thinstation.conf.group-mouse and thinstation.conf.group-desktop respectively. In the same way, you can make different settings files with different resolutions, sensitivity settings of the mouse and connections to different resources.Diskless client preparation
System requirements: network card with support for PXE LAN BOOTROM and RAM 512Mb. If you fine-tune the image for iron, eliminate all unnecessary, and if the computer has a motherboard with embedded video, then configure the BIOS to reserve RAM for smaller video memory (2-8MB), then you can shrink in 256MB, but I would recommend would be 320MB.
Of the settings, the main thing that is required is to enable network booting in the BIOS, and the BIOS must also have the correct time, otherwise there may be problems with the SSL connection (errors about the certificate validity period).
What happens in the end and how it looks
The goal was to make the diskless client work as similar as possible to the local computer, so there are no additional shells, the citrix client starts immediately and connects to the XenApp farm according to the configuration. After the download is complete, the user immediately sees the Windows login screen:
Thank you for attention.
Source: https://habr.com/ru/post/198894/
All Articles