Citrix nfuse 不错的系列

ykwll

　　http://www.brianmadden.com/blogs/citrix_metaframe_xp_advanced_technical_design_guide_including_feature_release_2/pages/understanding-nfuse-classic.aspx
　　
　　In order to illustrate how NFuse works, lets deal separately with two crucial topics: the components that make up NFuse; and a descriptions of how these components work together, providing the NFuse experience.
NFuse Components
　　There are three primary components that exist in a MetaFrame XP NFuse-enabled environment:

• NFuse web server.
  
• MetaFrame XP server farm.
  
• Client devices.
  

NFuse Component 1. Web Server
　　The web server is the primary interface for users in NFuse environments. After all, the whole purpose of NFuse is to allow users to access their applications through the web, and this is done with the web server. NFuse works with just about any web server. Throughout this chapter, we'll refer to an "NFuse web server." An NFuse web server is a regular web server with the following three NFuse web server pieces installed:

• NFuse Java Objects. These are the actual web server executable files that interact with the MetaFrame XP servers. These Java Objects are what enable the web server to provide lists of applications and authenticate users. You can think of the NFuse Java Objects as the "NFuse executable code."
  
• NFuse Web Pages. NFuse installs web pages that the users access to connect to MetaFrame XP applications. These web pages serve many purposes, including accepting user credentials, showing lists of ICA applications, logging users out, detecting whether ICA clients are installed, and providing help to users. These web pages are just like any other web pages on any other web server. The content of these pages allows them to interact with the NFuse Java Objects.
  
• ICA Client Installation Source Files. NFuse 1.7 can detect whether a user's client device has the Citrix ICA client software installed. If no ICA client is installed, the web pages will detect which platform the client device is and direct the user to a page from which the ICA client software can be downloaded and installed. In order for users to be able to download and install ICA client software from the NFuse web server, all of the source files for the different ICA client platforms must be copied to the web server to be available for download.
  

NFuse Component 2. MetaFrame XP Server Farm
　　The NFuse web server obtains the list of published applications and content for users via a connection to a MetaFrame XP server farm. A MetaFrame XP server farm connected to an NFuse web server is identical to any other MetaFrame XP server farm. NFuse does not require that you make any customizations or modifications to the farm. In fact, MetaFrame XP server farms can be simultaneously accessed by users through NFuse and through traditional clients.
　　The NFuse web server communicates with a MetaFrame XP server farm in the same way that any client device communicates with a server farm-it uses the Citrix XML service. After a user connects to the NFuse web server, the NFuse web server contacts a MetaFrame XP server in order to authenticate the user and get the list of published applications for the user. The MetaFrame XP server uses its own Citrix XML service to send the application list back to the NFuse server.
　　If you're familiar with MetaFrame 1.8, you can think of the Citrix XML Service as nothing more than the ICA browser that uses the HTTP protocol to transfer information instead of UDP broadcasts. The Citrix XML service is installed by default with MetaFrame XP (or with Service Pack 2 for MetaFrame 1.8).
　　The MetaFrame XP servers play another role in NFuse environments. They host the users' ICA sessions after a user launches one via an NFuse web page. When a user clicks a link to launch an application via an NFuse web page, the user's session starts on a MetaFrame XP server, just like any other session. In fact, there is no difference in a user's session whether they launch it from NFuse or from a regular Citrix ICA client.
NFuse Component 3. Client Devices
　　The last major NFuse component is the client device. An NFuse client is composed of two parts: a web browser and the Citrix ICA client software. The web browser allows users to view the NFuse web pages, and the Citrix ICA client software allows users to run MetaFrame XP sessions. Just about any client device that can run a browser and ICA client software can access applications via an NFuse web portal.
Where to go for More Information on These NFuse Components
　　As you've just learned, there are three important components that make up an NFuse environment: the NFuse web server, the MetaFrame XP server farm, and client devices. Further, the NFuse web server has three of its own components: the NFuse Java Objects, NFuse web pages, and ICA client source files. These components are addressed in other places in this book, as follows:

• NFuse Web Server (covered in this chapter)
  
  
  
  • NFuse Java Objects ("NFuse Web Server Configuration" section of this chapter)
    
  • Web Pages ("Working with NFuse Web Pages" section of this chapter)
    
  • ICA Client Source Files ("NFuse Web Clients" section of this chapter)
    
  
  
• MetaFrame XP Server Farm (Chapters 2 and 3 of this book)
  
• Client Devices, web browser and ICA client (Chapters 9 and 10 of this book)
  

How NFuse Classic Works
　　Let's look now to how all of the components of an NFuse environment work together.
　　Figure 11.1 (next page) shows the NFuse components and the processes that take place in NFuse environments. Each circled number corresponds to a step in the description following the diagram. Read through the steps while referring to the diagram. Then, we'll analyze each of the fourteen steps.

Figure 11.1: How NFuse works

• A user with a web browser and an ICA client requests the NFuse portal web page by typing in a URL.
  
• The web server sends down the HTML login page via the HTTP protocol.
  
• The web user enters credentials and sends them back to the web server.
  
• The web server forwards the user's information to a MetaFrame XP server running the Citrix XML service.
  
• The MetaFrame XP server validates the credentials and retrieves the user's list of applications for the server farm.
  
• The MetaFrame XP server sends the application list to the NFuse web server.
  
• The NFuse web server builds a web page containing all of the user's application icons.
  
• Each icon is hyperlinked with its application properties.
  
• The user selects an application to run by clicking on an icon in the web browser.
  
• The web browser sends a request to the web server for the link that the user selected.
  
• The NFuse Java Objects on the web server retrieve an ICA file template. That template is modified with the application's and user's specific information. This creates a custom ICA file for the user.
  
• The custom-built ICA file is sent to web browser on the client device.
  
• The web browser receives the ICA file and passes it to the ICA client software loaded on the ICA client device.
  
• The user's local ICA client starts the MetaFrame XP session with the information contained in the custom ICA file.
  

　　Now that you've seen the overview of the steps, let's examine each step more closely. For each, we'll look at what happens and why.

• A user with a web browser and an ICA client requests the NFuse portal web page by typing in a URL.
  
• The web server receives the user's request and sends down the web page that allows the user to login to NFuse. This web page contains text fields that allow the user to enter her credentials. It is sent to the user via the HTTP protocol, just like any standard web page.
  
• The user enters her credentials and clicks the "submit" button. This action sends the credentials back to the web server. When this happens, scripting code in the web page creates a cookie that holds the user's credentials. This cookie is stored on the client device and it allows other web pages to request information about the current user. The password field is encrypted. Details of this encryption can be found in the "Security" chapter of this book, Chapter 15.
  
• The NFuse web server forwards the user's credentials to a MetaFrame XP server running the Citrix XML service. The web server can be on the same physical server as the MetaFrame XP server. In this case, the NFuse web server would forward the users credentials to itself. The actual server and port that the NFuse web server contacts is specified in the NFuse.conf file (detailed later in this chapter).
  
• The MetaFrame XP server validates the credentials and retrieves the user's list of applications for the server farm. The user's credentials are validated via the IMA service. A list of published applications and content is then provided based on the user's credentials. This list is created in the exact same way that it would be created if the user didn't use NFuse, as if they were getting a list of applications through Program Neighborhood with their regular ICA client software. If the user's credentials are not valid, the MetaFrame XP server notifies the NFuse server which delivers the "logon failed" message to the user.
  
• The MetaFrame XP server sends the application list to the NFuse web server. The NFuse Java Objects on the NFuse web server receive this list of applications.
  
• The NFuse web server builds a web page containing all of the user's application icons. That web page is sent down to the user's web browser.
  
• Each application icon is hyperlinked with its application properties. Each hyperlink points to a launch.asp file (or launch.jsp, depending on the web server platform).
  
• The user selects an application to run by clicking on an icon in the web browser.
  
• The web browser sends a request to the web server for the link that the user selected. The link contains information about which application the user clicked on.
  
• The link is to the launch.asp file which performs several actions. It contains code that causes the NFuse Java Objects on the web server to retrieve a generic ICA file template. This ICA file template is like a regular ICA file, except that not all of the information it in is complete. Some important information (like the username or application name) contains dummy "placeholder" information. The NFuse Java Objects scan through the ICA file and replace any of the dummy information with the real information of the current user and application. This has the effect of creating a custom ICA file just for that user.
  
• The custom-built ICA file is sent to web browser on the client device.
  
• The web browser receives the ICA file and passes it to the ICA client software loaded on the ICA client device. This transfer of the ICA file (from the web browser to the ICA client software) is completely transparent to the end user. It's similar to when you click on a file with a .DOC extension from your web browser, and your computer automatically opens it with Word.
  
• The user's local ICA client starts the MetaFrame XP session with the information contained in the custom ICA file. From this point on, the user has a regular ICA session established with the MetaFrame XP server. The web browser and the NFuse web server are totally out of the picture at this point. In fact, the NFuse web server could burst into flames and the user would never know it.