Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Full Desktop vs Web Interface Publishing

Status
Not open for further replies.
KRPGroup

KRPGroup

MIS
Jun 22, 2005
317
CA
I would like to hear some opinions on Full Desktop vs Web Published apps.

We are currently running a PS4 Citrix Pilot with a Citrix Access Gateway.
We are just moving to Citrix and I will be setting up a production environment shortly. The first stage is to allow remote access to staff from home, then later we may move our internal computers to run as Citrix clients.

We don't require roaming profiles or folder redirection for any of our current desktop or laptops. I have been testing with the WI only and like the clean look and it seems to be less configuration on the backend?
Sorry, not sure if I have the proper terminology.
 
Sort by date Sort by votes
published give you control over who can run certain applications. If you convert your fatclient to thinclient then you have the benefit of not ever have to upgrades hardware or maintance because everything is run thru your citrix server.

 
Upvote 0 Downvote
Yes but I was hoping the hear what people think about WI vs Full Desktop publishing.
 
Upvote 0 Downvote
my bad i was think you're other way around. Full desktop is like terminal into an actual server which pretty much letting your user into the citrix server itself. So be sure to secure it down real good or you're asking for trouble.
 
Upvote 0 Downvote
Web published apps? or do you mean applications that are publihed separately through citrix which can then run seamlessly... eitherway

i hate full desktop because there is a number of things that the users can screw around with to change, etc, and a huge amount of group policies would need to be configured to lock this down. FUll desktop also means that all the application the user is connecting to need to be installed locally, OR a citrix session from this full desktop to the other load balanced applications is setup (through PN Agent or Neighborhood)


I have only ever published apps direct through management console and individually, however because the programs are then more likely to launch from any server the program launch time can be extended because of the "user settings application and server login" before launching the application, but this scenario it doesnt provide the user with any full desktop to start "exploring" :)

hope this helps?
SCANJAM
 
Upvote 0 Downvote
Hi-

We use at my company. Our user access is given using the WI. It has many advantages over the full desktop that I think you'll appreciate.

1. Users don't have the ability to mess around on the desktop (as mentioned above)

2. Using the desktop, or the program neighborhood limits some of your abilities as administrator. The biggest and most important is the ICA client. Using PN or publishing a desktop, you have to deploy the ICA client again and the users have to reinstall it for the changed settings to take effect. With the WI, the same client you have them install will get the updated information when they launch an app, b/c it downloads it every time they launch an app. Less headaches for you when you make changes, b/c you don't have to redeploy anything. You can put the link for the initial client installation on the WI page, so no problems there.

3. If the admins need access, just publish Remote Desktop as an app, give yourselves access to it. This allows you to remote in from home easily to work with all your tools on your actual computer from home.

4. Assuming you're using MF XPe, the load balancing is powerful and you can alter the triggers that distribute sesions, anything you want from a long list of monitors.

5. As far as launching from any server, you only need to publish the app on certain servers. We have 40 servers in our farm, Outlook runs on three of them, other apps have dedicated servers. This can be very tricky to get it right, predicting how often apps will be used and how many sessions at once, to assess how to distribute the apps across your farm.

We actually have one that runs nothing but remote desktop, pcanywhere, and regional specific desktops that only administrators have access to, so we always have access from any computer anywhere. Very helpful if I'm away from my laptop. Internet cafes will give you what you need (installing the client) if you really need it. I've actually had to do that twice this year to restart a hung IMA service.

For publishing apps, we have multiple security groups set up in AD for the sole purpose of citrix app publishing. It is much easier to add someone to the CitrixOutlook group in AD, rather than add the user to the list of users for that app. The change is not instant with this delivery, but the replication through AD doesn't take long. It also makes it easier to manage access, i.e. you don't have to duplicate work in Citrix when someone is hired or leaves the company. All your AD changes have the same effect in Citrix b/c the user lists are groups, rather than individuals.

I would definitely go the route of the WI, it is easy to setup (no coding involved), adaptable in appearance (company logo), easy to administer, more secure from the standpoint of renegade users, and requires 1 step for the users to complete to make it operable and that's it.

Also, if you're concerned about licenses, each user that's logged in consumes 1 license, even if he has 20 apps running, all launched from the WI. When he's done, the license goes back to the pool.

I hope this info helps. I highly recommend the WI. Much easier for you to setup and maintain. I would also recommend that you use a different port (default is 80) for your ICA protocols. Makes it easier to monitor network traffic caused by Citrix.
 
Upvote 0 Downvote
Sorry- forgot to mention. We use FR3, not PS4, but unless massive changes have been made, the same features should apply. Most of the advantages I noted will not be going away. The best solution might change b/c of added capabilities of desktop and PN improvements, but the WI will still have the same ease of delivery and protection from user tinkering.

Kevin
 
Upvote 0 Downvote
Just because you publish applications instead of the entire explorer.exe desktop, does not mean you have a more secure working environment, as there are a zillion ways to launch explorer.exe or iexplore.exe from most published applications, either by accident or on purpose. Publishing apps instead of desktops only obfuscates things, it does not make them inaccessible.

I lock terminal servers down the exact same way regardless of whether users are running desktops or seamless published applications.



Patrick Rouse
Microsoft MVP - Terminal Server
 
Upvote 0 Downvote
Some very go points made, thanks for the tips/hints/suggestions. This will help me move fwd, just needed to confirm my direction with some current MF admin.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

GeoffWilkins1962
  • Locked
  • Question
Desktop 5.6 and HP Protect
Replies
0
Views
71
GeoffWilkins1962
GeoffWilkins1962
johnsolo
  • Locked
  • Question
about xen desktop connection
Replies
0
Views
67
johnsolo
johnsolo
rojariggs
  • Locked
  • Question
Xenapp & Metaframe together on web interface
Replies
2
Views
82
rojariggs
rojariggs
ThomasBB
  • Locked
  • Question
Running the "Citrix Online Plug-in Web" in full screen?
Replies
0
Views
62
ThomasBB
ThomasBB
MattMalpica
  • Locked
  • Question
XenDesktop VS XenApp
Replies
2
Views
74
ChelseaGirl
ChelseaGirl

Part and Inventory Search

Sponsor

Back
Top