Product Documentation

Install and Upgrade

May 09, 2015

The suggested installation order of Single Sign-on is:

  1. Create the central store.
  2. Install the Citrix AppCenter, which includes the Single Sign-on console component.
  3. Install the Single Sign-on Service if you want to use one or more of the following modules:
    • Key management
    • Self-service
    • Provisioning
    • Credential synchronization
    • Data integrity

      If you decide to install the Data Integrity Module later or after installing the Citrix AppCenter and the Single Sign-on Plug-in, you must digitally sign your existing central store data with the data signing tool CtxSignData.exe. (This tool is available after you install the Data Integrity Module.) Conversely, if you uninstall the Data Integrity Module, you must unsign your central store data.

  4. Install the Application Definition Tool on one or more computers in your environment when you need to create application definitions only. (When you install the XenApp server role with its default components, the Application Definition Tool is included.)
  5. Install the Single Sign-on Plug-in on each user computer and on the XenApp server.
Important: The server(s) that hosts the Single Sign-on Service and NTFS central store contains highly sensitive user-related information. Use a dedicated server in a physically secure location.

The following installations are not recommended and are not supported:

  • Do not install the service and the plug-in on the same computer.
  • Do not install the service and the XenApp server role on the same server.
  • Do not install Single Sign-on on a domain controller. Installation of the plug-in or service, console, or creation of an NTFS network share central store on a domain controller is not supported.

Upgrading to Single Sign-on 5.0

You can upgrade your entire environment to Single Sign-on version 5.0, or use a phased approach.

To upgrade your entire environment

  1. Although it is not required, Citrix recommends that you upgrade to the latest version of Licensing Server and add the required licenses before you upgrade Single Sign-on.
  2. If you are using any of the following modules, upgrade the Single Sign-on Service. You can also install additional modules at this time.
    • Key management
    • Self-service
    • Provisioning
    • Credential synchronization
    • Data integrity
    Note: If you decide to install the Data Integrity Module at a later date or after installing the Single Sign-on console component of the Citrix AppCenter and the Single Sign-on Plug-in, you must digitally sign your existing central store data by using the data signing tool CtxSignData.exe. (This tool is available after you install the Data Integrity Module.) Conversely, if you uninstall the Data Integrity Module, you must unsign your central store data.
  3. Upgrade the Single Sign-on console component of the Citrix AppCenter (formerly known as Delivery Services Console) on one or more computers in your environment.
    Note:
    • Citrix recommends using the Single Sign-on Service and console component at the same version level.
    • Upgrading the console component to version 5.0 also performs an upgrade at the Single Sign-on central store. After you upgrade one Single Sign-on 4.8 console to version 5.0, other version 4.8 consoles cannot make changes to the central store.
  4. If you need to create application definitions only, upgrade or install the Application Definition Tool on one or more computers in your environment. (When you install the XenApp server role with its default components, the Application Definition Tool is included.)
  5. Upgrade the Single Sign-on central store.
    • For NTFS network share-based central stores:
      • Back up the network share folder before upgrading the Single Sign-on central store.
      • Select the Single Sign-on node and run the Configure and run discovery wizard from the Citrix AppCenter to automatically upgrade the Single Sign-on central store.
      • In the wizard, specify the UNC path of your existing NTFS network share, typically \\servername\CITRIXSYNC$, where servername is the name of the server computer where you created your central store.
    • For Active Directory-based central stores, select the Single Sign-on node and run the Configure and run discovery wizard from the Citrix AppCenter to automatically upgrade the Single Sign-on central store.
    • If you are upgrading from a version of Citrix Password Manager that supported Novell shared folder (for example, version 4.6), you may need to back up the share and export and import administrative data to continue using settings configured in that central store type. Refer to the Password Manager 4.6 administration and installation documentation for information about moving central store data. Documentation is available at the Citrix Knowledge Center.
  6. After configuring Single Sign-on features in the Citrix AppCenter, upgrade or install the Single Sign-on Plug-in on each user device in your environment.

To upgrade in phases

  1. Start by adding user devices running the Single Sign-on 5.0 Plug-in into your existing (Single Sign-on 4.8) environment.
  2. When you're ready, upgrade both the Single Sign-on Service and the console to version 5.0.
  3. Roll out deployment of the Single Sign-on 5.0 Plug-in to the remainder of your user devices.