How to set up Landonline access in a Virtual Desktop (VDI) environment.

Landonline uses Citrix to communicate over the Internet between individual computers and the Landonline server. Some organisations have replaced individual computers with virtual desktop environments. The following illustrates additional considerations that are potentially required to set up virtual desktop environments to communicate with Landonline.

Note: this page has been written for system administrators

Purpose

Provide additional information for system administrators to advise on design considerations / requirements of the Landonline service in a Virtual Desktop Infrastructure (VDI) environment. 

Background

LINZ Customer Support receives enquiries from IT departments seeking to understand how they can integrate the Landonline service with a VDI solution.

The upward trend in the number of contacts of this nature recently indicates the larger law firms are actively migrating away from the more traditional desktop towards VDI, and their IT departments acknowledge the complexity of the Landonline service.  We expect there to be considerable interest from other small to medium sized firms over time.

Landonline architecture

Landonline is an application that is presented using a virtualised application technology called Citrix XenApp. 

Application binaries are executed on Landonline servers and a Citrix receiver client installed on the end-users machine, simply transfers keystrokes and screen updates between server and the users’ desktop.  The benefit of Citrix is that complex applications do not need to be installed on end-user devices. 

For our customers, this also means that the application does not have high CPU or RAM requirements making it an optimal application to run on virtualised desktops.

End user VDI architectures

There are a number of different virtualised desktops delivery methods that organisations can deploy. These include:

  • Hosted Shared Desktop, also known as Terminal Services, Remote Desktop Services or Citrix XenApp. In this scenario, the user logs onto a server and concurrently shares the server with other people connected to that server. Whilst each person works independently of the other, they share resources such as CPU and RAM. 
  • Virtual Desktop, also known as VDI, or XenDesktop. A dedicated desktop is provided to each user that contains the applications that they require to do the job. The CPU and Memory assigned to each user is dedicated to that user. There are variations on the virtual desktop theme where a user may be assigned a pooled or persistent image. 
    • A pooled image is where an organisation presents a collection of virtual desktops (machines) and the user is assigned the first freely available desktop in the group. Each virtual desktop is identical to the other (e.g. each machine has the same applications installed). 
    • A dedicated persistent image is where each user is allocated a virtual desktop. Each time the user logs onto the virtual desktop, they logon to the same allocated machine. In contrast to pooled images, users can customise explicitly their dedicated image.

The different VDI implementations described above are managed differently however in the context of using Landonline, the same considerations must be applied to each.

Pre-requisite software and requirements

Whether a user is connecting to Landonline from a traditional desktop or through VDI technology, the requirements and pre-requisite software must be installed in the user desktop environment. This includes:

  • Supported Operating System: Windows 7 or later desktop operating system. Windows 2003 or later server operating system. Internet Explorer 7 or later.
  • Citrix Receiver. An application that enables the user to connect to and use the Landonline Application.
  • Uniprint Client. An application that enables the end user to print titles and other documents
  • Landonline Font Library. To ensure title documents are correctly rendered when printed.
  • Digisign application. Required for users signing documents in Landonline.
  • Internet connection to access Landonline.
  • Digital certificate issued to an authorised user of Landonline.

See System Support for Landonline software and installation instructions. 

Considerations for using Landonline in VDI environments

 

In many cases, the use of VDI makes it easier to manage and maintain the system requirements for accessing Landonline. In many virtual environments, you can install and set up the solution once and the application is available to many. 

The following considerations should be made when setting up Landonline for operation in a VDI solution.

  • Digital Certificate Management. User Certificates are issued to Landonline users to authenticate and logon to Landonline. The certificate is also used in the process of signing transactions. 

The certificate must be imported into the user’s certificate store and must also be saved as a file to a protected repository for use in signing events (e.g. personal drive)

If the user is logging on to multiple physical desktops and/or virtual machine, roaming profiles present the best method of ensuring that each time the user logs on, they have access to the Landonline digital certificate for application logon. (The certificate is installed into the local registry which is copied at logon to each machine when roaming profiles are used).

For document signing, the physical certificate file is required for digitally signing. This file should be saved on a personal drive for access by the authorised user. The file should not be stored in a common file directory where everyone has access.

It should also be noted, that the passphrase issued for the assigned user certificate should only be known to the certificate holder. System administrators who may be setting environments up for users should not know what this password is.

See Security for more information about the security required for digital certificates, passwords and passphrases.  Breach of these requirements will result in the revocation of the user’s digital certificate.

  • Printing. The Uniprint client used for client side printer redirection by default spools files to c:\.  In VDI environments, the user may not have a C:\ folder or not have write access, or the same folder is shared with many users. If any these scenarios are met, the Uniprint client should have its spool directory updated to a unique directory for each user that will use Uniprint.
  • Uploading Files. Some authorised users need the ability to upload documents to Landonline. This is achieved using a feature of Citrix called client side drive mappings (the users local drives are made available to Landonline so the users can select the file to upload).  When a customer is also in a Citrix environment, a potential exists that client side mapping will fail. If problems occur, end-user organisations need to consider enabling “Legacy Client Drive Mapping”.  The reader is referred to How to Enable Legacy Client Drive Mapping Format on XenApp

LINZ IT support for  LOL VDI environments

 

LINZ is not in a position to offer any technical advice or guidance to any customer who contacts our Customer Support team.

Last Updated: 15 December 2015