Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint

Solutions Fast Track

Deployment Considerations

Planning the deployment of Citrix XenApp is a very in depth process. Since XenApp and the underlying Terminal Services platform will be required in many deployments to integrate into nearly every process an organization may have, careful consideration and forethought must be given as to how best to introduce the technology.

Citrix recommends the following for configuration of server farms with Active Directory:

All servers should reside in the same domain

A XenApp farm domain should have no trust relationships with non-Active Directory domains

Do not mix different release versions of Citrix Presentation Server with Citrix XenApp in the same XenApp farm

XenApp farms should be in a single Active Directory forest

Citrix defines trust-based routing as allowing servers to be members of a server farm even if the servers belong to domains that do not trust each other. Even though you cannot configure resources to be published to users that do not have permissions on servers where the application is published, it is still possible that a user could initiate a request that would require an authentication request by a server where the user has no access rights. Trust-based routing allows the user's authentication to be transparently passed to another XenApp server where the user does have access rights.

Maintaining Software Integrity

The integrity of the Citrix XenApp software executables and data files is crucial to the optimal and correct operation of all applications using XenApp. To protect the XenApp environment, you should ensure that the XenApp version is a Citrix Systems supported product version. Citrix Systems supported product versions are those that continue to receive security updates by Citrix in response to the discovery of vulnerabilities.

Service accounts defined for access to XenApp servers allow various interactions with associated applications, services, user sessions, and external supporting systems. These interactions can be relatively benign, such as access to availability information, or quite powerful, such as reconfiguration, redeployment of applications, or even the installation and deletion of user applications. All accounts, not just service accounts, must be carefully scrutinized to ensure that privileges assigned are those that are genuinely needed.

Since it is a best security practice to separate or partition services offered to different audiences, any XenApp server should be installed on a server dedicated to its support and offering as few services as possible to other clients.


You are currently reading a PREVIEW of this book.


Get instant access to over $1 million worth of books and videos.


Start a Free Trial

  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint