MetaFrame lets techs control networks remotely
MetaFrame lets techs control networks remotely
Installation is rough and you have to watch the settings, but this software can make sysadmins telecommutersBY CARLOS A. SOTO
| GCN STAFF
If an enterprise user can telecommute, why can't a network administrator?
With MetaFrame 1.8 server software from Citrix Systems Inc., the administrator can remotely oversee a network running Microsoft Windows NT Server 4.0 or Windows 2000 network.
I tested it on the GCN Lab's NT network, which comprises six servers, two hubs, two switches, nine workstations, three backup servers, one firewall, one network printer and several clients.
Citrix MetaFrame lets me remotely administer the entire network, and it also gives the lab reviewers a future platform for testing the latest in remote enterprise administration.
Here's how it works. During a remote log-in, a user is authenticated by the Security Account Manager database on the primary domain controller, just as if the log-in were to a local machine. MetaFrame acts as a portal to relay the user name and password to the SAM database and transmit acceptance or denial back to the remote user.
The $5,000 MetaFrame software works with the $100 Windows NT 4.0 Terminal Server, which embeds remote administration programs. Terminal Server has the same administrative tools found in the primary or backup domain controllers, such as User Manager for Domains. These tools plus MetaFrame make it possible to remotely manage the network through a browser.
For remote access to e-mail, you must install Microsoft Office 2000 or Office XP on the server that runs the Citrix software and configure Outlook to link to the mail server. Then link each remote user account to the corresponding mail server account.
It was easier to do than it sounds. In the lab, I put Outlook on the server running MetaFrame and connected it to Microsoft Exchange Server 5.5. I spent only 30 minutes configuring six mail accounts. That was the fastest and easiest part, however.Difficult to install
MetaFrame itself was complicated and time-consuming to install. I had to configure Windows Terminal Server properly, then install the MetaFrame software and assign its server a static IP address.
After the server was up and running, I went to www.citrix.com
to download the Citrix ICA 32-bit Windows client to a remote machine.
| BOX SCORE|
REMOTE NETWORK ADMINISTRATION SOFTWARE
Citrix Systems Inc.; Fort Lauderdale, Fla.;
Price: $5,000 for 15 concurrent users
|+||Powerful remote operation|
|+||Uses SAM database to authenticate|
|-||Difficult to set up and administer|
TCP/IP network under Win 2000 or NT 4.0; 300-MHz Pentium II or faster server with 256M of RAM, Windows Terminal Server 4.0 and 500M of free storage; CD-ROM drive; fast remote connection
From that point on, I had to tweak parameters. It was necessary to perform constant tests of the servers both within and outside the network plus reconfigure a few settings.
Before downloading the ICA 32-bit client, I had to assign the Citrix server a static IP address'which is important to memorize before trying to install the client from a remote machine.
After the client installation, an icon labeled Citrix Neighborhood automatically popped up on the screen. Double-clicking on Citrix Neighborhood and then on Add ICA Connection finished the installation.
The second window in the Add window asked me to name the icon that connects to the remote network and then supply the IP address.
I left the default settings at 'No' when asked whether to enable a local name and password from the client. If I had indicated 'Yes,' I wouldn't have been authenticated through the SAM database for remote log-ins. Instead, I would get immediate access and compromise security.
After that, it became a bit confusing. When connected to the network remotely, I saw a second desktop window on the screen. I had two of everything, including two Start buttons at the bottom left.
That's why I recommend setting up the ICA connection with a default window set at full-screen 1,024- by 768-pixel resolution, not at 640-by-480 resolution, but with the default 256 colors. Increasing to 16- or 32-bit color might slow connection speed.Don't forget firewall'ever
During the final steps of the ICA connection, I was offered the chance to enable encryption. That isn't a good idea for administrators who will work over a slow remote network. Everything will take twice as long.
Also, don't choose the encryption option for the ICA connection unless the server running Citrix at the office also supports it. If you do, the connection won't work.
In addition to a difficult installation, MetaFrame could present a security risk. A firewall becomes essential. Without one, you leave a portal open for any hacker to attack the SAM database and have full network rights.
And if a clever hacker were to get past the firewall? During installation, it's always a good idea to camouflage important hardware with a cautious naming policy. You can slow down a would-be hacker by making vital hardware look inconspicuous amid less important equipment.