DNS and XenApp Deployment - Case Study Example

DNS AND XenApp DEPLOYMENT Number One central park is facing the problem of unreliable DNS service due to security and management concerns. This has crippled the companys performance in terms of communication and business. As a result directors of the company has tasked me with accessing and recommending the potential benefits of implementing a DNS based infrastructure. This report will focus on Citrix XenApp 6.0 application, the step by step installation procedures, its benefits and anticipated shortfalls and implementation process that will provide quality and reliable service to both internal and external users. INTRODUCTION An IP address refers to a 32-bit group of numbers pointing to a particular location of a system in a network. These numbers are arranged in a group of four digits represented either by 1 or 0. In order for a host to connect to a certain system, it needs to recognize the IP address of that system. Transmission Control Protocol is a communication channel between two applications. An application seeking to communicate with another application initiate the process by sending a communication request (Azad, 2008). Once confirmed a full duplex communication is built between the two apps and remains so until one application decide to terminate it through a communication line. TCP and IP work together to enable full integration between the application softwares such as browsers and network softwares. While the TCP is responsible for fragmenting data into IP packets before they are sent, IP sents the data and is retrieved by the TCP at the destination end (Gollmann, 2011). The Domain Name System is the internet facility that resolves the IP network addresses to their subsequent physical computer systems. Abbreviated as DNS, it is responsible for resolving host names into Internet Protocol address for each computer system and therefore its security or lack of it poses serious challenges to the integrity of data in an organization (John E. Tucker, 2011). Having learned that the role of DNS is to resolve IP addresses the question arises as to the origin of these 32-digit numbers. Considering a company with a massive number of computers it would be naturally impractical to physically assign IP addresses to every system. The Dynamic Host Configuration Protocol is therefore the network protocol that allots IP addresses to each computer following a pre-defined range of numbers available for a certain network. The booting of a system automatically initiates DHCP to assign IP addresses to each computer system. This is achieved through a series of steps (Vacca, 2006) . A broadcast request known as DCHPDISCOVER is sent to locate a DCHP server and the router act as an intermediary to direct the request to the correct server. Upon receiving the request the server selects the appropriate address to allocate the client based on the server configuration. An acceptance order known as DCHPOFFER is then forwarded back to the client confirming the reservation of the indicated address followed by an acknowledgment by the server that a certain IP address has been allocated to a client for a certain period of time. DCHP allocation process occurs in three main ways including; dynamic, automatic and static. Dynamic IP allocation allows re-use of the address after a certain time frame. The address is assigned from a pool, used, returned to the pool and finally re-assigned again. In an automatic allocation the DCHP server allocates the address and reserves it for later use while the static allocation works by identifying all the client’s LAN MAC addresses and storing them in a database (Peltier, 2005). The IP address will only be assigned to those whose MAC addresses are on the server. In this way users are certain that they will always be assigned the same address. A combination of DCHP DNS server provides a synchronized service to automatically resolve DCHP allotted systems to serve internal and external hosts. DCHP is purposely used for automatic configuration of the users network protocols. A choice of DCHP option while configuring the system will identify a specific IP address from the DCHP server (Gollmann, 2011). In large organizations where change of IP address is a usual phenomenon, DCHP provides a framework for attaining the objectives without the need to reconfigure all the systems through a tedious process. Administrators need only to edit one DHP configuration file to effect the changes to other systems. In a scenario where the company decides to change the DNS servers provided by ISP’s, configurations are only changed on the DCHP server other than the clients. In addition, flexibility is attained while using the DCHP. Movable machines such as laptops can be moved from one workstation to the other without changing the configurations. These properties are useful in the OCP scenario where internal and external clients need to be served. However incorrect configurations would not allow communication (Mark Minasi, 2010). An integration of DCHP and DNS into the OPK systems mainly serves two functions; it allows reliability through load sharing of split address pools. Server reply only to a configured hash. It also facilitates DCHP fail over where two or more servers can utilize the same address pools and if one fails the other will take over thereby preventing total disruption of an organizations systems. This mechanism takes place through a series of coordinated steps between the primary and secondary DCHP servers. (John E. Tucker, 2011) All DCHP requests are fed to all servers, the primary and the backup. The primary server periodically updates the backup server with lease information which is kept at standby mode to immediately take over in case of a failure using a dedicated pool of addresses. The operation is shifted to the primary server upon recovery. With correct configuration of the system, DCHP server would not be compromised in case of a disaster. FEATURES OF DNS SERVICE IN WINDOWS 2008 IN SERVER As briefly described earlier, DNS is a database that translates and domain names to their corresponding IP addresses (Peltier, 2005). Thus it acts as a database and the protocol to access it. Its distinctive features include the following; Managed zone database DNSSEC Look up query design Content replication. Diagram 1. The need for a managed zone database arise from the voluminous files on the DNS server that need to be created, updated, maintained and secured. These files are grouped into smaller segments called zones (Vacca, 2006). Depending on the design functionality of each zone, three distinct types can be attained. The forward Lookup zone database is created to resolve domain names to IP addresses. The reverse lookup zone performs the opposite of the forward lookup zone while the stub zone resolves the names of other authoritative DNS servers. This last type of DNS servers aid client in finding appropriate internal servers. Observed DNS security weakness evident in OCP can be solved through the DNSSEC. This is a collection of extensions introduced in the Windows server 2008 R2 to improve DNS security infrastructure. It supports the intranet and the internet to secure the DNS environment (Gollmann, 2011). DNSSEC permits all the records in the database to be digitally signed. A user requesting a server through a query is responded by digital signatures which allows decryption of the hashed values and validation of the response. A user should have a key of the CA in order to decrypt the signature. The DNS client permits the server to conduct validation on its behalf and since windows 2008 R2 is configured as a non-validating and security-aware with stub revolvers, the DNS client permits DNSSEC feedback from the DNSSEC enabled DNS server. NRPT policy determines the client-server interaction (Dr. Rand Morimoto, 2008). DNS query diagram 2. For instance, if NRPT prompts OCP to secure its connection with the server, then the query application is given an authentication. If not then it shows security negotiation issues and the query attempt will fail. In order to attain secure connection DNSSEC employ SSL and IPsec to determine the identity of the server the client wishes to connect to. The DCP and UDP ports 53 should be exempted from these policies to avoid certificate validation failure. CITRIXX XenApp 6.0 INSTALLTION IT departments in many organizations such as OCP are constantly exploring ways of improving resource utilization, increasing security and gaining more control of business procedures conducted over the internet (Azad, 2008). Through Virtualization and selection of the best business solutions this dream can be realised. Citrix XenApp 6.0 will provide end-to-end Virtualization as well as improved failover and redundancy. Hardware maintenance would also be minimal if not zero and there would be improved server performance. STREAMED AND PUBLISHED APPLICATIONS Installed application on the Citrix XenApp server is referred to as published apps. These applications run on the server and utilize server resources. (Inc, 2008) Keyboard and mouse commands are transferred from the server to the client. For an application to be published it should have little resource requirements as well as retain its execution in the data center. On the contrary applications that are utilized when XenApp servers cannot be reached are called streamed apps (James, 2010). These applications consume desktop resources rather than the limited server resources. It is more efficient to stream apps into the XenApp servers because they provide few management challenges. Installing and uninstalling the apps becomes simplified as it requires few modifications at the console. XenApp 6.0 features important softwares that make integration with other servers easy. Applications can be streamed to user desktops whenever necessary, deployment and reconfiguring servers to deliver clients demands becomes much more easy (Musumeci, 2011). Despite the fact that streaming apps to client desktops seem to have more positive features, there are some issues arising from the Citrix Web Client. External users supported by WAN such as in OCP cannot work with published desktops because WAN links are not able to handle streaming to multiple desktops at the same time. LAN users are not affected as they experienced no major issues other than Microsoft Office Excel frequent lockups. Office 2010 fonts were found not to load upon launching the apps (John E. Tucker, 2011). XenApp servers respond slowly to multiple users making repeated connections time and again. Also Adobe flash player works poorly over slow WANs when server-side content fetching is used. In deploying proper XenApp servers the design of the farm determines the performance and scalability. OCP intention to deploy XenApp 6.0 will significantly reduce the costs of applications and management because of its broad user security. In order to benefit from Citrix deployment it is important to have sufficient knowledge of various design architectures. Depending on the number of users connections and the servers to be set up an appropriate farm choice is made (Mark Minasi, 2010). The correct design of the farm based on leverage session-only mode will eliminate SQL replication at each site through improved bandwidth and performance. The SQL data center will only be installed at OCP center and external sites would be connected through WAN. Diagram 3. XenApp farm configuration. The farm architecture may contain the following rules (Musumeci, 2011); Web Client interface-this is an application that runs in the browser and avails required datasets in selected dataset series. OpenLayers is used to show a WMS display. License server- this is the place where all the licenses are stored centrally. The stored licenses are accessible via the network. The most prevalent license server is PlexNet Licensing framework. It is used license high-value applications and CAD packages in business corporate environment. XenApp server- According to (Peltier, 2005), one beneficial feature of the XenApp in the farm configuration is its ability to install without configuring it. It thus simplifies the installation rules, configuration of these roles is done after the installation. Citrix administrators faced with console management issues are now able to configure their systems without much complications. The introduction of single management console in XenApp 6 solves this problem. Creating policies, managing user groups and publishing policies have been made easy with one console. Application Silos in the Citrix farm would also improve the management of file servers located within different locations in the OCP environment (Vacca, 2006). Segregated Contractor DMZ , Production environments and Test centers are examples of these application silos. CONCLUSION On the OCP environment a DNS based infrastructure and Virtualization would be the ultimate strategy to solve its management issues. XenApp 6 will address internal and external connectivity issues, deployment of apps, DNS security as well as e-business continuity. Citrix XenApp 6 is the most reliable, high performing and scalable platform for deploying many servers. With the deployment of DNS and XeNapp system the organization will guarantee the security of its information. This will solve the security problem is always a barrier to the companys performance in terms of communication and business. As a result directors of the company has tasked me with accessing and recommending the potential benefits of implementing a DNS based infrastructure. The paper deliberated on Citrix XenApp 6.0 application and its different features such as its benefits and anticipated shortfalls and implementation process that will provide quality and reliable service to both internal and external users. Reference Azad, T., 2008. Securing citrix presentation server in the enterprise. s.l.:Syngress. Dr. Rand Morimoto, M. N. O. D. R. M. C. A., 2008. windows server 2008: Unleashed. s.l.:Sams Publishing. Gollmann, D., 2011. Computer security. s.l.:Computer Security. Inc, C. S., 2008. Citrix XenApp™ platinum edition advanced concepts: The official guide. s.l.:McGraw Hill Professional. James, G. R., 2010. Citrix XenDesktop implementation: A practical guide for it professionals. s.l.:Elsevier. John E. Tucker, D. N. G. T. M. T. J. H., 2011. Hands on microsoft windows server 2008. s.l.:Cengage Learning. Mark Minasi, D. G. A. F. W. H. B. H., 2010. Mastering microsoft windows server 2008 R2. s.l.:John Wiley & Sons. Musumeci, G., 2011. Getting started with Citrix XenApp 6. s.l.:Packt Publishing Ltd,. Peltier, T. R., 2005. Information security policies and procedures:. s.l.:Taylor & Francis Group. Vacca, J. R., 2006. Practical internet security. s.l.:Springer,. Read More