Introduction
Citrix was founded in 1989 by former IBM developer Ed Iacobucci in Richardson, Texas with $3 million in funding. Iacobucci quickly moved the company to Coral Springs, Florida since he lived there when he had worked at IBM.
Citrix was originally named Citrus but changed its name after an existing company claimed trademark rights. The Citrix name is a portmanteau of Citrus and UNIX.
Many of the original founding members had participated in the IBM OS/2 project. Iacobucci's vision was to build OS/2 with multi-user support. IBM was not interested in this idea so Iacobucci left. Iacobucci was offered a job at Microsoft as chief technical officer of its networking group but turned it down to start his own company.
The company's first product was Citrix MULTIUSER, which was based on OS/2. Citrix licensed the OS/2 source code from Microsoft, bypassing IBM. Citrix hoped to capture part of the UNIX market by making it easy to deploy text-based OS/2 applications. The product failed to find a market. This was due in part to Microsoft declaring in 1991 that it was not going to support OS/2 anymore.
Roger Roberts was appointed the CEO of Citrix in 1990. Roberts, a Texan, came from Texas Instruments.
From 1989 to 1995, the company did not turn a profit. In 1989 and 1990 there was no income at all. Between 1991 and 1993, Citrix received funding from Intel and Microsoft as well as venture capitalists. Without the help of this funding, Citrix would not have survived.
In 1993, Citrix purchased the product "Netware Access Server" from Novell. It was a remote access application built on DOS and Quarterdeck Expanded Memory Manager. It provided desktop and applications from the server to multiple users in a similar way Terminal Servers still do. Citrix developed the product further and released it as WinView. It became Citrix's first successful product.
The company went public in December 1995.
The Citrix and Microsoft relationship is based upon a 20-year alliance, which began in 1989 when Citrix licensed the OS/2 source code.
Citrix obtained a source code license to Microsoft's Windows NT 3.51. In 1995, Citrix shipped a multiuser version of Windows NT with remote access, known as WinFrame. This product was a unique offering, targeting the needs of large enterprises.
During the development of WinFrame for Windows NT 4, Microsoft decided that it did not want to license Windows NT 4 source code to Citrix. Not only that, Microsoft threatened to build its own version of WinFrame. Citrix and Microsoft entered negotiations about how best to resolve this dilemma. After negotiations, Microsoft agreed to license Citrix technology for Windows NT Server 4.0, resulting in Windows Terminal Server Edition. Citrix agreed not to ship a competing product but retained the right to sell an extension to Microsoft's products, initially under the name MetaFrame. This relationship continued into the Windows 2000 Server and Windows Server 2003 eras, with Citrix offering MetaFrame XP and Presentation Server. On February 11, 2008, Citrix changed the name of its Presentation Server product line to XenApp.
The core technology that Microsoft did not buy was the ICA protocol. Microsoft derived the work for RDP (T.share) protocol from NetMeeting which was originally derived from a deal with PictureTel (now known as Polycom).
In January 2008, Citrix announced an expanded alliance with Microsoft to deliver a set of virtualization solutions to address the desktop and server virtualization markets to ensure broad interoperability between their technologies.
In February 2009, Citrix extended its collaboration with Microsoft in the server virtualization market with “Project Encore”. This was heralded by a new product, Citrix Essentials, that offers advanced management for Microsoft Windows Server 2008 Hyper-V. Joint marketing, training and channel activities were conducted with Microsoft.
In July 2009, Citrix and Microsoft announced joint plans to simplify desktop computing by extending their desktop virtualization partnership.
These plans included: Technology integration so enterprise IT organizations will be able to manage both distributed and centrally hosted applications using Citrix XenApp and Microsoft System Center Configuration Manager. Extension of XenApp support for Microsoft Application Virtualization (App-V) to enable self-service delivery of applications on any device using Citrix Receiver and Citrix Dazzle.
Citrix Infrastructure basics
What is a Data Store?
This is the place where all the static information is stored. The data store provides a repository of persistent information about the farm (Farm configuration information, Published Application configurations, Server configurations, Static policy configuration, XenApp administrator accounts, and Printer configurations) that all servers can refer.
The data store is the central repository where almost the entire Citrix implementation is invested. The Administrators of the farm, the license server to point to, the whole farm configuration, the published applications, all their properties, the security of who gets access to what, the custom load evaluators, custom policies, configured printers and print drivers, all this is stored in the central repository called the data store.
What is Zone Data Collector?
Data Collector stores all the dynamic information like session, load and published applications in the servers in their zones and communicates the zone information to the Data Collectors in other zones in the farm
Data collector is a Citrix Presentation Server whose IMA service takes on the additional role of tracking all of the dynamic information of other Presentation Servers. This information is stored in memory and called the “dynamic store”. The data store is a database on disk. The dynamic store is information stored in memory.
To look the contents of the in-memory dynamic store on the data collector, use “queryds” command. QueryDS can be found in the "support\debug" folder of your Presentation Server installation source files.
To determine which server is acting as the data collector in the zone run "query farm /zone" from the command line
what is a Farm?
A Farm is a group of Citrix servers which provides published applications to all users that can be managed as a unit, enabling the administrator to configure features and settings for the entire farm rather than configuring each server individually. All the servers in the farm share a single data store.
A server farm is a grouping of servers running Citrix Presentation Server that can be manage as a unit, similar in principle to a network domain. When designing server farms, keep in mind the goal of providing users with the fastest possible application access while achieving the degree of centralized administration and network security that you need.
What is LHC?
The IMA service running on each Presentation Server downloads the information it needs from the central data store into a local MDB database called the local host cache, or “LHC.” (The location of the local host cache is specified via a DSN referenced in the registry of the Presentation Server, at HKLM\SOFTWARE\Citrix\IMA\LHCDatasource\DataSourceName. By default this is a file called “Imalhc.dsn” and is stored in the same place as MF20.dsn.)
Each Presentation Server is smart enough to only download information from the data store that is relevant to it, meaning that the local host cache is unique for every server. Citrix created the local host cache for two reasons:
1. Permits a server to function in the absence of datastore connectivity.
2. Improves performance by caching information used by ICA Clients for enumeration and application resolution.
The LHC is an Access database (Imalhc.mdb) stored default in the path
This is the place where all the static information is stored. The data store provides a repository of persistent information about the farm (Farm configuration information, Published Application configurations, Server configurations, Static policy configuration, XenApp administrator accounts, and Printer configurations) that all servers can refer.
The data store is the central repository where almost the entire Citrix implementation is invested. The Administrators of the farm, the license server to point to, the whole farm configuration, the published applications, all their properties, the security of who gets access to what, the custom load evaluators, custom policies, configured printers and print drivers, all this is stored in the central repository called the data store.
What is Zone Data Collector?
Data Collector stores all the dynamic information like session, load and published applications in the servers in their zones and communicates the zone information to the Data Collectors in other zones in the farm
Data collector is a Citrix Presentation Server whose IMA service takes on the additional role of tracking all of the dynamic information of other Presentation Servers. This information is stored in memory and called the “dynamic store”. The data store is a database on disk. The dynamic store is information stored in memory.
To look the contents of the in-memory dynamic store on the data collector, use “queryds” command. QueryDS can be found in the "support\debug" folder of your Presentation Server installation source files.
To determine which server is acting as the data collector in the zone run "query farm /zone" from the command line
what is a Farm?
A Farm is a group of Citrix servers which provides published applications to all users that can be managed as a unit, enabling the administrator to configure features and settings for the entire farm rather than configuring each server individually. All the servers in the farm share a single data store.
A server farm is a grouping of servers running Citrix Presentation Server that can be manage as a unit, similar in principle to a network domain. When designing server farms, keep in mind the goal of providing users with the fastest possible application access while achieving the degree of centralized administration and network security that you need.
What is LHC?
The IMA service running on each Presentation Server downloads the information it needs from the central data store into a local MDB database called the local host cache, or “LHC.” (The location of the local host cache is specified via a DSN referenced in the registry of the Presentation Server, at HKLM\SOFTWARE\Citrix\IMA\LHCDatasource\DataSourceName. By default this is a file called “Imalhc.dsn” and is stored in the same place as MF20.dsn.)
Each Presentation Server is smart enough to only download information from the data store that is relevant to it, meaning that the local host cache is unique for every server. Citrix created the local host cache for two reasons:
1. Permits a server to function in the absence of datastore connectivity.
2. Improves performance by caching information used by ICA Clients for enumeration and application resolution.
The LHC is an Access database (Imalhc.mdb) stored default in the path
“<ProgramFiles>\Citrix\Independent Management Architecture" folder.
LHC contained the following information:
1. All servers in the farm, and their basic information.
2. All applications published within the farm and their properties.
3. All Windows network domain trust relationships within the farm.
4. All information specific to itself. (Product code, SNMP settings, licensing information)
The LHC is critical in a CPS environment. In fact, it's the exclusive interface of the data store to the local server. The local server's IMA service only interacts with the LHC. It never contacts the central data store except when it's updating the LHC. If the server loses its connection to the central data store, there's no limit to how long it will continue to function. (In MetaFrame XP, this is limited to 48 or 96 hours, but that was because the data store also store license information.) But today, the server can run forever from the LHC and won't even skip a beat if the central connection is lost. In fact now you can even reboot the server when the central data store is down, and the IMA service will start from the LHC without any problem. (Older versions of MetaFrame required a registry modification to start the IMA service from the LHC.)
The LHC file is always in use when IMA is running, so it's not possible to delete it or anything. In theory it's possible that this file could become corrupted, and if this happens I guess all sorts of weird things could happen to your server. If you think this is the case in your environment, you can stop the IMA service and run the command "dsmaint recreatelhc" to recreate the local host cache file, although honestly I don't think this fixes anything very often. Local Host Cache is synchronised with the Data Store by the Zone Data Collector for every 30 minutes and it can also be configured through registry
what is Zone?
Zone is subset of Farm. It is a grouping of Presentation Servers that shares the common Data Collector. Zones are very helpful in controlling traffics. It collects data from member servers and distributes changes to all servers in the farm. A zone in the Presentation Server farm elects a zone data collector for the zone and it is responsible to communicates between other ZDCs in the farm. It is used to redirect the users to least busy server. The ZDC maintains all load and session information for every server in the zone. ZDCs keep open connections to other ZDCs changes in the member servers of a zone and are immediately propagated to the other ZDCs in the farm. Zone has server members and one of them is ZDC (Zone Data Collectors) in each zone. These ZDCs communicate between zones. Zones are very help full in controlling traffic. We can move the servers among the zones and after moving the servers from one Zone to another the servers must be restarted to get settings and configurations from the Datastore
what is Printer terminology in Citrix?
An administrator can configure the following types of printers for use in an ICA session:
Client local printer
Network printer
Server Local printer
Client Printers: The definition of a client printer depends on the ICA Client platform. On DOS-based and WinCE client devices, a client printer is physically connected by a cable to a port on the client device. On 32-bit Windows platforms (Windows 9x, Windows NT, and Windows 2000), any printer that is set up in Windows (these printers appear in the Printers folder on the client device) is a client printer.
LHC contained the following information:
1. All servers in the farm, and their basic information.
2. All applications published within the farm and their properties.
3. All Windows network domain trust relationships within the farm.
4. All information specific to itself. (Product code, SNMP settings, licensing information)
The LHC is critical in a CPS environment. In fact, it's the exclusive interface of the data store to the local server. The local server's IMA service only interacts with the LHC. It never contacts the central data store except when it's updating the LHC. If the server loses its connection to the central data store, there's no limit to how long it will continue to function. (In MetaFrame XP, this is limited to 48 or 96 hours, but that was because the data store also store license information.) But today, the server can run forever from the LHC and won't even skip a beat if the central connection is lost. In fact now you can even reboot the server when the central data store is down, and the IMA service will start from the LHC without any problem. (Older versions of MetaFrame required a registry modification to start the IMA service from the LHC.)
The LHC file is always in use when IMA is running, so it's not possible to delete it or anything. In theory it's possible that this file could become corrupted, and if this happens I guess all sorts of weird things could happen to your server. If you think this is the case in your environment, you can stop the IMA service and run the command "dsmaint recreatelhc" to recreate the local host cache file, although honestly I don't think this fixes anything very often. Local Host Cache is synchronised with the Data Store by the Zone Data Collector for every 30 minutes and it can also be configured through registry
what is Zone?
Zone is subset of Farm. It is a grouping of Presentation Servers that shares the common Data Collector. Zones are very helpful in controlling traffics. It collects data from member servers and distributes changes to all servers in the farm. A zone in the Presentation Server farm elects a zone data collector for the zone and it is responsible to communicates between other ZDCs in the farm. It is used to redirect the users to least busy server. The ZDC maintains all load and session information for every server in the zone. ZDCs keep open connections to other ZDCs changes in the member servers of a zone and are immediately propagated to the other ZDCs in the farm. Zone has server members and one of them is ZDC (Zone Data Collectors) in each zone. These ZDCs communicate between zones. Zones are very help full in controlling traffic. We can move the servers among the zones and after moving the servers from one Zone to another the servers must be restarted to get settings and configurations from the Datastore
what is Printer terminology in Citrix?
An administrator can configure the following types of printers for use in an ICA session:
Client local printer
Network printer
Server Local printer
Client Printers: The definition of a client printer depends on the ICA Client platform. On DOS-based and WinCE client devices, a client printer is physically connected by a cable to a port on the client device. On 32-bit Windows platforms (Windows 9x, Windows NT, and Windows 2000), any printer that is set up in Windows (these printers appear in the Printers folder on the client device) is a client printer.
Network Printers: Printers that are connected to print servers and shared on a Windows network are referred to as network printers. In Windows network environments, users can set up a network printer on their computers if they have permission to connect to the print server. When a network printer is set up for use on an individual Windows computer, the printer is a client printer on the client device.
Local Printers: Printers that are connected directly to Citrix servers are local printers within a particular server farm. This definition includes a printer that is connected to the Citrix server that hosts a user’s ICA session, as well as printers that are connected to other Citrix servers in the same server farm. If a printer is connected to a Citrix server outside of a server farm (either the server is not a member of a server farm or is a member of a different server farm), the server farm considers the printer a network printer, not a local printer.
How to implement Policies in Citrix?
Presentation Server policies are created by adding policy rules. Policy rules are broken down into the following categories:
Bandwidth
Client Devices
Printing
Security
User Workspace
An administrator can apply policies by filtering:
Client IP address
Users and user groups
Client names
Servers
Access Control
once a policy is created it has to be prioritized for effective functioning. Following options are available for prioritizing a policy
Make Highest priority
Increase Priority
Decrease Priority
Make Lowest Priority
Citrix Policies can be configured from XenApp Advanced Configuration Console
if there are any policies which conflicts to each other; the resultant applied policies are the one with higher priority
Policies Override
1. Citrix Policy
2. Group Policy
3. ICA Session Setting
4. User Object setting
what is IMA?
Independent Management Architecture (IMA) provides the framework for server communications and is the management foundation for MetaFrame Presentation Server. IMA is a centralized management service comprised of a collection of core subsystems that define and control the execution of products in a server farm. IMA enables servers to be arbitrarily grouped into server farms that do not depend on the physical locations of the servers or whether the servers are on different network subnets.
IMA runs on all servers in the farm. IMA subsystems communicate through messages passed by the IMA Service through default TCP ports 2512 and 2513. The IMA Service starts automatically when a server is started. The IMA Service can be manually started or stopped through the operating system Services utility.
IMA can be defined as a SERVICE, PROTOCAL and as a DATASTORE.
IMA Service: IMA Service is the central nervous system of Presentation Servers. This service is responsible for just about everything server-related, including tracking users, sessions, applications, licenses, and server load.
IMA Data store: Which stores Presentation server configuration information, such as published applications, total licenses, load balancing configuration, security rights, Administrator Accounts, Printer configuration, etc?
IMA Protocol: Which is used for transferring the ever-changing background information between Presentation servers, including server load, current users and connections, and licenses in use.
Ports used by IMA:
2512: Used for Server to Server Communication
2513: Used for CMC to Data store Communication
“Independent Management Architecture” is a term Citrix uses to describe the various back-end components that make up a CPS environment. In the real world, IMA consists of three components that we actually care about.
It is a database (called the “IMA Data Store”) used for storing Citrix Presentation server configuration information, such as published applications, load balancing configuration, security rights, policies, printer configuration, etc.
A Windows service (called the “IMA Service”) that runs on every Presentation Server that handles things like server-to-server communication.
A protocol (called the “IMA Protocol”) for transferring the ever-changing background information between Presentation Servers, including server load, current users and connections, licenses in use, etc.
In Presentation Server, the IMA protocol does not replace the ICA protocol. The ICA protocol is still used for client-to-server user sessions. The IMA protocol is used for server-to-server communication in performing functions such as licensing and server load updates, all of which occur “behind the scenes.”
If we open IMA data store database with SQL Enterprise Manager, we'll see it has four tables:
DATATABLE
DELETETRACKER
INDEXTABLE
KEYTABLE
IMA data store is not a real relational database. It’s actually an LDAP database. IMA Data Store Size 1MB per server.
We can’t access the IMA data store directly through SQL Enterprise Manager. (Technically you can, but if you run a query you’ll get meaningless hex results.) If we try to edit any of the contents of the data store directly in the database, it will be definitely corrupt.
There’s a tool on the Presentation Server installation CD called “dsview.” There is another tool called “dsedit” a “write-enabled” version of dsview.
What is USRLOGON.cmd?
Whenever a user logs on to the Citrix server, the USRLOGON.CMD file runs. This file is located in %systemroot%/system32. It is configured to run automatically when each user logs in.
This file has two functions:
1. USRLOGON.CMD creates the ROOTDRIVE variable. This variable is used by the Logon Script to identify the user's home directory.
2. USRLOGON.CMD calls USRLOGN2.CMD. USRLOGN2.CMD runs the application scripts that fix user level problems with certain applications
what is ICA and what is the advantage of ICA?
The Independent Computing Architecture (ICA) is the communication protocol by which servers and client devices exchange data in a server environment. ICA is optimized to enhance the delivery and performance of this exchange, even on low-bandwidth connections.
The ICA protocol transports an application’s screens from the server it is running on to the user’s client device, and returns the user’s input to the application on the server. As an application runs on a server, MetaFrame Presentation Server intercepts the application’s display data and uses the ICA protocol to send this data (on standard network protocols) to the client software running on the user’s client device.
When the user types on the keyboard or moves and clicks the mouse, the client software sends this data to the application on the server. ICA requires minimal client workstation capabilities and includes error detection and recovery, encryption, and data compression.
Citrix ICA protocol is used for remote application sessions between users and Presentation servers. The ICA protocol supports TCP/IP, NetBIOS, or IPX/SPX. Citrix ICA protocol is responsible for transmitting background information between the ICA clients and the Presentation servers, including the port mappings, drive mappings, print jobs, and sound. Only Sends Screen Updates & Mouse/Key Board Strokes. Only 30 – 35 kb/sec (Printing and File Transfer increase this) Fat Apps VS Thin Apps
Ports used by ICA:
1494: ICA Protocol on TCP (TCP + HTTP) & 1604: ICA Protocol on UDP.
Describe ZDC Election Process in detail?
Incase ZDC is not be available; another server in the zone can take over that role. The process of taking the role is called ZDC election. Server Administrators should choose the Zone Data Collector strategy carefully during the farm design itself. When an election needs to occur in a zone, the winner of the election is determined by
1. Highest version of Presentation Server first
2. Highest rank (as configured in the Management Console)
3. Highest Host ID number (Every server has a unique ID called Host ID).
When the existing data collector for Zone failed unexpectedly or the communication between a member server and the Zone Data Collector for its zone failed or the communication between data collectors failed, then the election process begins in the Zone. If the server is shutdown properly, it triggers the election process before it goes down. The servers in the zone recognize the data collector has gone down and starts the election process. Then the ZDC is elected and the member servers send all of their information to the new ZDC for the zone. In turn the new data collector replicates this information to all other data collectors in the farm.
Note: The data collector election process is not dependent on the data store. If the data collector goes down, sessions connected to other servers in the farm are unaffected .The data collector election process is triggered automatically without administrative interference. Existing as well as incoming users are not affected by the election process, as a new data collector is elected almost instantaneously.
Local Printers: Printers that are connected directly to Citrix servers are local printers within a particular server farm. This definition includes a printer that is connected to the Citrix server that hosts a user’s ICA session, as well as printers that are connected to other Citrix servers in the same server farm. If a printer is connected to a Citrix server outside of a server farm (either the server is not a member of a server farm or is a member of a different server farm), the server farm considers the printer a network printer, not a local printer.
How to implement Policies in Citrix?
Presentation Server policies are created by adding policy rules. Policy rules are broken down into the following categories:
Bandwidth
Client Devices
Printing
Security
User Workspace
An administrator can apply policies by filtering:
Client IP address
Users and user groups
Client names
Servers
Access Control
once a policy is created it has to be prioritized for effective functioning. Following options are available for prioritizing a policy
Make Highest priority
Increase Priority
Decrease Priority
Make Lowest Priority
Citrix Policies can be configured from XenApp Advanced Configuration Console
if there are any policies which conflicts to each other; the resultant applied policies are the one with higher priority
Policies Override
1. Citrix Policy
2. Group Policy
3. ICA Session Setting
4. User Object setting
what is IMA?
Independent Management Architecture (IMA) provides the framework for server communications and is the management foundation for MetaFrame Presentation Server. IMA is a centralized management service comprised of a collection of core subsystems that define and control the execution of products in a server farm. IMA enables servers to be arbitrarily grouped into server farms that do not depend on the physical locations of the servers or whether the servers are on different network subnets.
IMA runs on all servers in the farm. IMA subsystems communicate through messages passed by the IMA Service through default TCP ports 2512 and 2513. The IMA Service starts automatically when a server is started. The IMA Service can be manually started or stopped through the operating system Services utility.
IMA can be defined as a SERVICE, PROTOCAL and as a DATASTORE.
IMA Service: IMA Service is the central nervous system of Presentation Servers. This service is responsible for just about everything server-related, including tracking users, sessions, applications, licenses, and server load.
IMA Data store: Which stores Presentation server configuration information, such as published applications, total licenses, load balancing configuration, security rights, Administrator Accounts, Printer configuration, etc?
IMA Protocol: Which is used for transferring the ever-changing background information between Presentation servers, including server load, current users and connections, and licenses in use.
Ports used by IMA:
2512: Used for Server to Server Communication
2513: Used for CMC to Data store Communication
“Independent Management Architecture” is a term Citrix uses to describe the various back-end components that make up a CPS environment. In the real world, IMA consists of three components that we actually care about.
It is a database (called the “IMA Data Store”) used for storing Citrix Presentation server configuration information, such as published applications, load balancing configuration, security rights, policies, printer configuration, etc.
A Windows service (called the “IMA Service”) that runs on every Presentation Server that handles things like server-to-server communication.
A protocol (called the “IMA Protocol”) for transferring the ever-changing background information between Presentation Servers, including server load, current users and connections, licenses in use, etc.
In Presentation Server, the IMA protocol does not replace the ICA protocol. The ICA protocol is still used for client-to-server user sessions. The IMA protocol is used for server-to-server communication in performing functions such as licensing and server load updates, all of which occur “behind the scenes.”
If we open IMA data store database with SQL Enterprise Manager, we'll see it has four tables:
DATATABLE
DELETETRACKER
INDEXTABLE
KEYTABLE
IMA data store is not a real relational database. It’s actually an LDAP database. IMA Data Store Size 1MB per server.
We can’t access the IMA data store directly through SQL Enterprise Manager. (Technically you can, but if you run a query you’ll get meaningless hex results.) If we try to edit any of the contents of the data store directly in the database, it will be definitely corrupt.
There’s a tool on the Presentation Server installation CD called “dsview.” There is another tool called “dsedit” a “write-enabled” version of dsview.
What is USRLOGON.cmd?
Whenever a user logs on to the Citrix server, the USRLOGON.CMD file runs. This file is located in %systemroot%/system32. It is configured to run automatically when each user logs in.
This file has two functions:
1. USRLOGON.CMD creates the ROOTDRIVE variable. This variable is used by the Logon Script to identify the user's home directory.
2. USRLOGON.CMD calls USRLOGN2.CMD. USRLOGN2.CMD runs the application scripts that fix user level problems with certain applications
what is ICA and what is the advantage of ICA?
The Independent Computing Architecture (ICA) is the communication protocol by which servers and client devices exchange data in a server environment. ICA is optimized to enhance the delivery and performance of this exchange, even on low-bandwidth connections.
The ICA protocol transports an application’s screens from the server it is running on to the user’s client device, and returns the user’s input to the application on the server. As an application runs on a server, MetaFrame Presentation Server intercepts the application’s display data and uses the ICA protocol to send this data (on standard network protocols) to the client software running on the user’s client device.
When the user types on the keyboard or moves and clicks the mouse, the client software sends this data to the application on the server. ICA requires minimal client workstation capabilities and includes error detection and recovery, encryption, and data compression.
Citrix ICA protocol is used for remote application sessions between users and Presentation servers. The ICA protocol supports TCP/IP, NetBIOS, or IPX/SPX. Citrix ICA protocol is responsible for transmitting background information between the ICA clients and the Presentation servers, including the port mappings, drive mappings, print jobs, and sound. Only Sends Screen Updates & Mouse/Key Board Strokes. Only 30 – 35 kb/sec (Printing and File Transfer increase this) Fat Apps VS Thin Apps
Ports used by ICA:
1494: ICA Protocol on TCP (TCP + HTTP) & 1604: ICA Protocol on UDP.
Describe ZDC Election Process in detail?
Incase ZDC is not be available; another server in the zone can take over that role. The process of taking the role is called ZDC election. Server Administrators should choose the Zone Data Collector strategy carefully during the farm design itself. When an election needs to occur in a zone, the winner of the election is determined by
1. Highest version of Presentation Server first
2. Highest rank (as configured in the Management Console)
3. Highest Host ID number (Every server has a unique ID called Host ID).
When the existing data collector for Zone failed unexpectedly or the communication between a member server and the Zone Data Collector for its zone failed or the communication between data collectors failed, then the election process begins in the Zone. If the server is shutdown properly, it triggers the election process before it goes down. The servers in the zone recognize the data collector has gone down and starts the election process. Then the ZDC is elected and the member servers send all of their information to the new ZDC for the zone. In turn the new data collector replicates this information to all other data collectors in the farm.
Note: The data collector election process is not dependent on the data store. If the data collector goes down, sessions connected to other servers in the farm are unaffected .The data collector election process is triggered automatically without administrative interference. Existing as well as incoming users are not affected by the election process, as a new data collector is elected almost instantaneously.
C:\ QueryHR.exe
------ Showing Hosts for "10.22.44.0" ------
Host 1:
-----------------------------
Zone Name: 10.22.44.0
Host Name: TEDDYCTX02
Admin Port: 2513
IMA Port: 2512
Host ID: 4022
Master Ranking: 1
Master Version: 1
---------------------------------
------ Show Host Records Completed -------
To see the Host ID number and its version, run queryhr.exe utility (with no parameters).
Each server in the zone has a rank assigned to it. The administrator can configure such that the servers in a zone can be ranked to make the server as the most desired to serve as the zone master or ZDC. The ties between servers with the same administrative ranking are broken by using the HOST IDs assigned to the servers.
When a Presentation Server starts or when the IMA service starts, the IMA service starts trying to contact other servers via the IMA protocol on port 2512 until it finds one that’s online. When it finds, it queries it to find out which server is acting as the data collector. The winner of this Zone Data Collector election is determined by the newest version of the IMA service. We can control which server will act as data collector by keeping that server the most up-to-date.
Data Collection Election Priority
whichever server has the most recent version of the IMA Service running. (This may include hot fixes) and the server with the highest preference set in the data store
basically data collectors and data store are not really related. The data store holds permanent farm configuration information in a database, and the data collector tracks dynamic session information in its RAM.
In addition to their primary role to provide dynamic farm information for admin consoles or for incoming connection requests, data collectors also take part in the distribution of configuration changes to Presentation Servers in the farm. When we make a changes in a presentation server that change is written to the local host cache of whichever server we connected to, and then immediately replicated to the data store. Presentation Server only looks for changes in the central data store every 30 minutes. Whenever a change is made to the data store that change is sent to the data collector for the zone.
The data collector then distributes that change (via IMA port 2512) to all of the servers in its zone, allowing each server to update its own local host cache accordingly. Furthermore, if we have more than one zone, the initial data collector contacts the data collectors in the other zones. It sends its change to them, and in turn those data collectors forward the change to all of the servers in their zones.
Coolest part is if the change is larger than 64k, the data collectors don't send the actual change out to its zone. Instead they send out a notification which causes the servers in the zone to perform”on demand" sync with the central data store. However it's rare for a single change to be more than 64k in size.
------ Showing Hosts for "10.22.44.0" ------
Host 1:
-----------------------------
Zone Name: 10.22.44.0
Host Name: TEDDYCTX02
Admin Port: 2513
IMA Port: 2512
Host ID: 4022
Master Ranking: 1
Master Version: 1
---------------------------------
------ Show Host Records Completed -------
To see the Host ID number and its version, run queryhr.exe utility (with no parameters).
Each server in the zone has a rank assigned to it. The administrator can configure such that the servers in a zone can be ranked to make the server as the most desired to serve as the zone master or ZDC. The ties between servers with the same administrative ranking are broken by using the HOST IDs assigned to the servers.
When a Presentation Server starts or when the IMA service starts, the IMA service starts trying to contact other servers via the IMA protocol on port 2512 until it finds one that’s online. When it finds, it queries it to find out which server is acting as the data collector. The winner of this Zone Data Collector election is determined by the newest version of the IMA service. We can control which server will act as data collector by keeping that server the most up-to-date.
Data Collection Election Priority
whichever server has the most recent version of the IMA Service running. (This may include hot fixes) and the server with the highest preference set in the data store
basically data collectors and data store are not really related. The data store holds permanent farm configuration information in a database, and the data collector tracks dynamic session information in its RAM.
In addition to their primary role to provide dynamic farm information for admin consoles or for incoming connection requests, data collectors also take part in the distribution of configuration changes to Presentation Servers in the farm. When we make a changes in a presentation server that change is written to the local host cache of whichever server we connected to, and then immediately replicated to the data store. Presentation Server only looks for changes in the central data store every 30 minutes. Whenever a change is made to the data store that change is sent to the data collector for the zone.
The data collector then distributes that change (via IMA port 2512) to all of the servers in its zone, allowing each server to update its own local host cache accordingly. Furthermore, if we have more than one zone, the initial data collector contacts the data collectors in the other zones. It sends its change to them, and in turn those data collectors forward the change to all of the servers in their zones.
Coolest part is if the change is larger than 64k, the data collectors don't send the actual change out to its zone. Instead they send out a notification which causes the servers in the zone to perform”on demand" sync with the central data store. However it's rare for a single change to be more than 64k in size.
The data collector election priority settings in the management console
Presentation Server Java Management Console > Right-click on farm name >Properties > Zones > highlight server > “Set Election Preference”
Presentation Server Java Management Console > Right-click on farm name >Properties > Zones > highlight server > “Set Election Preference”
We can totally control which server is our data collector by manually setting the preferences in the Java console. We can manually configure four levels of Zone's Data Collector election preference options
most preferred
Preferred
Default Preferred
not preferred
the important thing to remember is that these preferences will be ignored if a newer server is up for election.
How Load Evaluator works?
QFARM /LOAD command executed in a Presentation Server farm will display all servers in the farm along with each server’s respective load value. Each and every Presentation Server generates its own “score” and sends this information to the data collector in the respective zone. This score will be a decimal number between 0 and 10,000, with zero representing a “no load” situation, and 10,000 indicating the particular server is fully loaded and is not accepting any more connections. Citrix Load Management is handled by load evaluator and it’s simply a set of rules that determine a particular server’s “score”, or current load value. It is the “score” that determine the decisions that distribute loads within the server farm. Load evaluators can be applied to servers and/or published applications. If any servers in the Zone go down then Load Evaluators are used to overcome the situation. In default XenApp installation there are Advanced and Default Load Evaluators are there’d
Default Load Evaluator includes only two rules, Load Throttling and Server User Load.
Advanced Load Evaluator includes four rules, CPU Utilization, Load Throttling, Memory Usual and Page Swaps.
How Zone Preference and failover configured?
Zone preference and failover can be configured from Policies. It is located in User Workspace > Connections in Citrix Policy. You can select the server group in which order the connections are preferred. This is useful when an entire zone goes down
what is Preferred Load Balancing?
Preferred Load balancing is the feature in XenApp Platinum edition, which allows you to configure preference for the particular users to access the applications in the XenApp farm.
We can see this in Server properties in Advanced Management Console. In Memory/CPU > CPU Utilization Management, there will be the third option called "CPU sharing based on Resource Allotments"
To give more resources to particular application in the server, we can configure in Application properties > Advanced > Limits and Application important in Access Management Console. So if you set the Application importance to High, then when those applications is used by the users will get more CPU cycles than the users accessing other applications
To give more resources to the users, we can configure it in Citrix Policies in XenApp Advanced Configuration. To enable it go to the policy properties > Service Level > Session Importance > enable, and assign preferred Importance Level (High, Medium, Low).
Application Importance + Session Importance = Resource Allotment.
What are the different Types of Citrix Load Evaluators?
1. CPU Utilization
2. Memory Utilization
3. Page Swap
4. Application User Load
5. Context Switches
6. Disk Data I/O
7. Disk Operations
8. IP Range
9. Page Faults
10. Scheduling
11. Server User Load
How to recover from IMA failing?
There are many reasons that the IMA Service doesn't start
1. IMA Service load time
2. IMA Service subsystem
3. Missing Temp directory
4. Print spooler service
5. ODBC configuration
6. Roaming Profile
Check the Windows Registry setting: HKEY_LOCAL_MACHINESOFTWARECitrixIMARuntimeCurrentlyLoadingPlugin
If there is no value specified in the CurrentlyLoadingPlugin portion of the above Windows Registry entry then the IMA Service could not connect to the data store or the local host cache is missing or corrupt.
If a CurrentlyLoadingPlugin value is specified the IMA Service made a connection to the data store and the value displayed is the name of the IMA Service subsystem that failed to load.
If administrators see an "IMA Service Failed" error message with an error code of 2147483649 when starting the Presentation Server the local system account might be missing a Temp directory which is required for the IMA Service to run.
Change the IMA Service startup account to the local administrator and restart the server. If the IMA Service is successful in starting under the local administrator account then it is likely that a missing Temp directory for the local system account is causing the problem.
If the Temp directory is not present then manually create one as >Temp. For example: C:\Windows\Temp
also verifies that the TMP and TEMP system environment variables point to the temporary directory. Restart the server to restart the IMA Service
what is Special Folder Redirection?
Special Folder Redirection (SFR) allows for the automatic redirection of server-side Special Folders to their client-side equivalents. When a user clicks on the Documents folder in their XenApp 5 session, the folder that opens will actually be the local Documents folder. When SFR is used, all file operations will take place in the client-side folder. SFR is only available when XenApp 5 is installed on Windows Server 2008 and also requires XenApp Plug-in version 11 (client).
What is Citrix Resource Manager?
Citrix Resource Manager (RM) is a tool that is used to manage resources on single or multiple MetaFrame servers. RM enables the ability to collect, display, store, and analyze data about system performance, application or process use, and user activity. RM provides real-time system monitoring, reporting of system activity, and billing reports to charge users for use of resources using a summary database.
In XenApp5 Resource Manager is moved to Edge Sight. We cannot connect to RMSummaryreport database from XenApp5. But still we can see some of the reports from Report Center in Access Management Console. One of the important reports is Policy Report.
What are the Citrix commands commonly used?
dsmaint
dsmaint config [/user:username] [/pwd:password] [/dsn:filename]
dsmaint backup destination_path
dsmaint failover direct_server
dsmaint compactdb [/ds] [/lhc]
dsmaint migrate [{ /srcdsn:dsn1 /srcuser:user1 /srcpwd:pwd1}] [{/dstdsn:dsn2 /dstuser:user2 /dstpwd:pwd2}]
dsmaint publishsqlds {/user:username /pwd:password}
dsmaint recover
dsmaint recreatelhc
dsmaint verifylhc
-----------------------------------------------------------------------------------------------------------------------------------
driveremap
driveremap /drive:M
driveremap /u
driveremap /noreboot
driveremap /IME
-----------------------------------------------------------------------------------------------------------------------------------
dscheck
dscheck [Options] [ /full | /clean]
[ Servers | Apps | Printers | Groups | MSLicense | Folders | Licenses ]
dscheck /full Servers [Options] Verify/Clean or Delete the server. May be left blank. Defaults to all servers.
/Clean - Modify the data store to correct the errors.
/DeleteAll - Delete the server entries from the data store.
/DeleteMF - Delete the MetaFrame Server entry from the data store.
/DeleteComSrv - Delete the Common Server entry from the data store.
dscheck /full Apps [Options]
< AppName> - Verify/Clean or Delete the application. May be left blank. Defaults to all applications.
/Clean - Modify the data store to correct the errors.
/ServerCheck - Verify that all applications are hosted by valid servers.
/DeleteMF - Delete the MetaFrame Application entry from the data store.
/DeleteComApp - Delete the Common Application entry from the data store.
dscheck /full Printers [Options]
/purge_replications - Removes all printer replications from the data store.
/purge_client_printers - Removes all Client Auto-Create printers pending deletion from the data store.
/purge_drivers - Removes all drivers that are not associated with any servers from the data store.
dscheck /full Groups [Options]
/Clean - Removes the group object. GroupName is the relative DN from the Context.
/Clean -Removes the group from the parent group.
Use the output of DSCHECK.exe GROUPS /verify" for both ParentGroupName and GroupName.
dscheck /full MSLicense [Options]
/purge_licenses - Removes all Microsoft Licenses from the data store.
/list - Lists all Microsoft Licenses in the data store.
dscheck /full Folders /clean - Collapse orphaned folders in the data store.
dscheck /full Licenses /clean - Removes all corrupt licenses from the data store.
-----------------------------------------------------------------------------------------------------------------------------------
altaddr
altaddr [/server:servername] [/set alternateaddress ] [/v]
altaddr [/server:servername] [/set adapteraddress alternateaddress] [/v]
altaddr [/server:servername] [/delete] [/v]
altaddr [/server:servername] [/delete adapteraddress] [/v]
-----------------------------------------------------------------------------------------------------------------------------------
query
query view information about server farms, processes, servers, ICA sessions and users
query farm shows the servername, protocol and ip address
query farm /app shows the published applications
query farm /disc shows the disconnected session data for the server farm
query farm /load displays server load information
query user displays the current connections
queryhr is used to display info about the member servers in the farm. Executing queryhr with no parameters lists all servers in the farm.
-----------------------------------------------------------------------------------------------------------------------------------
chfarm is used to change the farm membership of a Citrix server
icaport is used to query or change the TCP/IP port number used by the ICA protocol
imaport is used to change the IMA port used by the server
ctxxmlss is used to change the XML service port
enablelb is used to re-enable the server back to load balancing after it fails
twconfig confgure ICA display settings
auditlog is used to view the report of users logoff and logon activity. With auditlog /time we can get time the users spent in the servers
What is licenses auto-activation?
License auto-activation is a benefit offered to customers purchasing MetaFrame XP product through an electronic licensing program with Citrix. License auto-activation removes the need to activate MetaFrame product licenses via the Citrix Activation System. With license auto-activation, MetaFrame XP product licenses purchased through an electronic licensing program are automatically activated when they are installed on the MetaFrame XP server.
How to Refresh the Local Host Cache?
If the IMA service is currently running but published applications do not appear correctly in ICA Client application browsing, force a manual refresh of the local host cache by executing dsmaint refreshlhc from a command prompt on the affected server. This action forces the local host cache to read all changes immediately from the data store.
A discrepancy in the local host cache occurs only if the IMA service on a server misses a change event and is not synchronized correctly with the data store.
How to Recreate the Local Host Cache?
If the IMA service does not start, the cause may be a corrupt LHC. Verify the data store is available before beginning this procedure. If the data store is not available, the IMA service fails to start until the data store is available.
Recreating the Local Host Cache after a minimum of SP1 has been installed
1. Stop the IMA service. This can be done via the command line, net stop imaservice or from services.
2. from the command line run: dsmaint recreatelhc which renames the existing LHC database, creates a new database and modifies the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\IMA\Runtime\PSRequired key to 1. Setting the value PSRequired to 1 forces the server to establish communication with the datastore in order to populate the Local Host Cache database. When the IMA service is restarted, the LHC is recreated with the current data from the data store.
3. Restart the IMA service. This can be done via the command line, net start imaservice, or from services.
Recreating the LHC database on servers that do not have a minimum of SP1 installed
1. Stop the IMA service, if it is started. This can be done via the command line, net stop imaservice, or from services.
2. Go to %ProgramFiles%\Citrix\Independent Management Architecture and rename the imalhc.mdb to imlhc.mdb.bak
3 Launch the ODBC Data Source Administrator:
• On Windows Server, choose Control Panel > Administrative Tools > Data Sources (ODBC).
4. Select the File DSN tab and browse to %ProgramFiles%\Citrix\Independent Management Architecture.
5. Select the imalhc.dsn file and click Configure.
6. In the Database area, click Create. The New Database dialog box appears.
7. In the Database Name box, type the name imalhc.mdb for the new local host cache database.
8. Click OK to create the database, and then click OK to close the ODBC Data Source Administrator.
9. Open regedt32 and navigate to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\IMA\RUNTIME and modify the value of PSRequired (REG_DWORD): 0x1
10. Restart the IMA service. This can be done via the command line, net start imaservice, or from services.
How to disable print drivers from automatically updating the DataStore?
When a new printer or printer driver was installed on a MetaFrame server, a substantial amount of traffic (in the order of 8 to 10MB per second) occurred between the IMA Service and the data store the IMA Service was using. This occurred because the IMA Service needed to update the Management Console for MetaFrame XP with the information about the new printer or printer driver, which caused the huge amount of network traffic.
To resolve this problem, navigate to the following registry key and change the value of fDisablePrinterWorkerThread to 1:
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\IMAPrinter
Type: REG_DWORD
Value: fDisablePrinterWorkerThread = 1
After making this change to the registry, restart the IMA Service for the change to take effect.
When the registry switch is set to 1, the IMA Service does not automatically update printer or printer driver information to the Management Console. You need to update this information manually. To do this, click Printer Management in the left panel of the Management Console and then double-click Update Printer and Driver.
Note: Ensure the latest MfPrintSs.dll is installed on the server.
How do I disable the Citrix Management Console splash screen?
There are two ways to disable the Citrix Management Console splash screen:
• Add -nologo to the Ctxload.exe command line. For example, if you publish ctxload as a published application, edit the published application and add -nologo to the end of the command line.
• If you run the Citrix Management Console from the toolbar, open the Program Files\Citrix\Administration folder. Create a shortcut to ctxload. Open the properties of that shortcut and add -nologo to the end of the target box. Click OK. Add the shortcut to the toolbar.
How to install XenApp client in command prompt and apply policies?
Run the XenAppHosted.msi in command prompt
"c:\>msiexec /a xenapphosted.msi"
This will launch "Client Packager Installation". We can create a pre-configured client package with the answer file for the questions asked by the installer, so that we can have silent installation of the client in various systems in the environment.
There is another way to create client installation package.
Type the command "msiexec.exe /I path/XenAppHosted.msi [Options]"
To add Group Policy to manage the client we need to add the .ADM by Citrix to the existing Administrative Template of the Group Policy Management. This is available where Citrix Clients have been already installed. It is located in "c:\program files\Citrix\ICA Client\Configuration\icaclient.adm"
We can manage Citrix Client connectivity by the Windows Group Policy
most preferred
Preferred
Default Preferred
not preferred
the important thing to remember is that these preferences will be ignored if a newer server is up for election.
How Load Evaluator works?
QFARM /LOAD command executed in a Presentation Server farm will display all servers in the farm along with each server’s respective load value. Each and every Presentation Server generates its own “score” and sends this information to the data collector in the respective zone. This score will be a decimal number between 0 and 10,000, with zero representing a “no load” situation, and 10,000 indicating the particular server is fully loaded and is not accepting any more connections. Citrix Load Management is handled by load evaluator and it’s simply a set of rules that determine a particular server’s “score”, or current load value. It is the “score” that determine the decisions that distribute loads within the server farm. Load evaluators can be applied to servers and/or published applications. If any servers in the Zone go down then Load Evaluators are used to overcome the situation. In default XenApp installation there are Advanced and Default Load Evaluators are there’d
Default Load Evaluator includes only two rules, Load Throttling and Server User Load.
Advanced Load Evaluator includes four rules, CPU Utilization, Load Throttling, Memory Usual and Page Swaps.
How Zone Preference and failover configured?
Zone preference and failover can be configured from Policies. It is located in User Workspace > Connections in Citrix Policy. You can select the server group in which order the connections are preferred. This is useful when an entire zone goes down
what is Preferred Load Balancing?
Preferred Load balancing is the feature in XenApp Platinum edition, which allows you to configure preference for the particular users to access the applications in the XenApp farm.
We can see this in Server properties in Advanced Management Console. In Memory/CPU > CPU Utilization Management, there will be the third option called "CPU sharing based on Resource Allotments"
To give more resources to particular application in the server, we can configure in Application properties > Advanced > Limits and Application important in Access Management Console. So if you set the Application importance to High, then when those applications is used by the users will get more CPU cycles than the users accessing other applications
To give more resources to the users, we can configure it in Citrix Policies in XenApp Advanced Configuration. To enable it go to the policy properties > Service Level > Session Importance > enable, and assign preferred Importance Level (High, Medium, Low).
Application Importance + Session Importance = Resource Allotment.
What are the different Types of Citrix Load Evaluators?
1. CPU Utilization
2. Memory Utilization
3. Page Swap
4. Application User Load
5. Context Switches
6. Disk Data I/O
7. Disk Operations
8. IP Range
9. Page Faults
10. Scheduling
11. Server User Load
How to recover from IMA failing?
There are many reasons that the IMA Service doesn't start
1. IMA Service load time
2. IMA Service subsystem
3. Missing Temp directory
4. Print spooler service
5. ODBC configuration
6. Roaming Profile
Check the Windows Registry setting: HKEY_LOCAL_MACHINESOFTWARECitrixIMARuntimeCurrentlyLoadingPlugin
If there is no value specified in the CurrentlyLoadingPlugin portion of the above Windows Registry entry then the IMA Service could not connect to the data store or the local host cache is missing or corrupt.
If a CurrentlyLoadingPlugin value is specified the IMA Service made a connection to the data store and the value displayed is the name of the IMA Service subsystem that failed to load.
If administrators see an "IMA Service Failed" error message with an error code of 2147483649 when starting the Presentation Server the local system account might be missing a Temp directory which is required for the IMA Service to run.
Change the IMA Service startup account to the local administrator and restart the server. If the IMA Service is successful in starting under the local administrator account then it is likely that a missing Temp directory for the local system account is causing the problem.
If the Temp directory is not present then manually create one as >Temp. For example: C:\Windows\Temp
also verifies that the TMP and TEMP system environment variables point to the temporary directory. Restart the server to restart the IMA Service
what is Special Folder Redirection?
Special Folder Redirection (SFR) allows for the automatic redirection of server-side Special Folders to their client-side equivalents. When a user clicks on the Documents folder in their XenApp 5 session, the folder that opens will actually be the local Documents folder. When SFR is used, all file operations will take place in the client-side folder. SFR is only available when XenApp 5 is installed on Windows Server 2008 and also requires XenApp Plug-in version 11 (client).
What is Citrix Resource Manager?
Citrix Resource Manager (RM) is a tool that is used to manage resources on single or multiple MetaFrame servers. RM enables the ability to collect, display, store, and analyze data about system performance, application or process use, and user activity. RM provides real-time system monitoring, reporting of system activity, and billing reports to charge users for use of resources using a summary database.
In XenApp5 Resource Manager is moved to Edge Sight. We cannot connect to RMSummaryreport database from XenApp5. But still we can see some of the reports from Report Center in Access Management Console. One of the important reports is Policy Report.
What are the Citrix commands commonly used?
dsmaint
dsmaint config [/user:username] [/pwd:password] [/dsn:filename]
dsmaint backup destination_path
dsmaint failover direct_server
dsmaint compactdb [/ds] [/lhc]
dsmaint migrate [{ /srcdsn:dsn1 /srcuser:user1 /srcpwd:pwd1}] [{/dstdsn:dsn2 /dstuser:user2 /dstpwd:pwd2}]
dsmaint publishsqlds {/user:username /pwd:password}
dsmaint recover
dsmaint recreatelhc
dsmaint verifylhc
-----------------------------------------------------------------------------------------------------------------------------------
driveremap
driveremap /drive:M
driveremap /u
driveremap /noreboot
driveremap /IME
-----------------------------------------------------------------------------------------------------------------------------------
dscheck
dscheck [Options] [ /full | /clean]
[ Servers | Apps | Printers | Groups | MSLicense | Folders | Licenses ]
dscheck /full Servers [Options] Verify/Clean or Delete the server. May be left blank. Defaults to all servers.
/Clean - Modify the data store to correct the errors.
/DeleteAll - Delete the server entries from the data store.
/DeleteMF - Delete the MetaFrame Server entry from the data store.
/DeleteComSrv - Delete the Common Server entry from the data store.
dscheck /full Apps [Options]
< AppName> - Verify/Clean or Delete the application. May be left blank. Defaults to all applications.
/Clean - Modify the data store to correct the errors.
/ServerCheck - Verify that all applications are hosted by valid servers.
/DeleteMF - Delete the MetaFrame Application entry from the data store.
/DeleteComApp - Delete the Common Application entry from the data store.
dscheck /full Printers [Options]
/purge_replications - Removes all printer replications from the data store.
/purge_client_printers - Removes all Client Auto-Create printers pending deletion from the data store.
/purge_drivers - Removes all drivers that are not associated with any servers from the data store.
dscheck /full Groups [Options]
/Clean - Removes the group object. GroupName is the relative DN from the Context.
/Clean -Removes the group from the parent group.
Use the output of DSCHECK.exe GROUPS /verify" for both ParentGroupName and GroupName.
dscheck /full MSLicense [Options]
/purge_licenses - Removes all Microsoft Licenses from the data store.
/list - Lists all Microsoft Licenses in the data store.
dscheck /full Folders /clean - Collapse orphaned folders in the data store.
dscheck /full Licenses /clean - Removes all corrupt licenses from the data store.
-----------------------------------------------------------------------------------------------------------------------------------
altaddr
altaddr [/server:servername] [/set alternateaddress ] [/v]
altaddr [/server:servername] [/set adapteraddress alternateaddress] [/v]
altaddr [/server:servername] [/delete] [/v]
altaddr [/server:servername] [/delete adapteraddress] [/v]
-----------------------------------------------------------------------------------------------------------------------------------
query
query view information about server farms, processes, servers, ICA sessions and users
query farm shows the servername, protocol and ip address
query farm /app shows the published applications
query farm /disc shows the disconnected session data for the server farm
query farm /load displays server load information
query user displays the current connections
queryhr is used to display info about the member servers in the farm. Executing queryhr with no parameters lists all servers in the farm.
-----------------------------------------------------------------------------------------------------------------------------------
chfarm is used to change the farm membership of a Citrix server
icaport is used to query or change the TCP/IP port number used by the ICA protocol
imaport is used to change the IMA port used by the server
ctxxmlss is used to change the XML service port
enablelb is used to re-enable the server back to load balancing after it fails
twconfig confgure ICA display settings
auditlog is used to view the report of users logoff and logon activity. With auditlog /time we can get time the users spent in the servers
What is licenses auto-activation?
License auto-activation is a benefit offered to customers purchasing MetaFrame XP product through an electronic licensing program with Citrix. License auto-activation removes the need to activate MetaFrame product licenses via the Citrix Activation System. With license auto-activation, MetaFrame XP product licenses purchased through an electronic licensing program are automatically activated when they are installed on the MetaFrame XP server.
How to Refresh the Local Host Cache?
If the IMA service is currently running but published applications do not appear correctly in ICA Client application browsing, force a manual refresh of the local host cache by executing dsmaint refreshlhc from a command prompt on the affected server. This action forces the local host cache to read all changes immediately from the data store.
A discrepancy in the local host cache occurs only if the IMA service on a server misses a change event and is not synchronized correctly with the data store.
How to Recreate the Local Host Cache?
If the IMA service does not start, the cause may be a corrupt LHC. Verify the data store is available before beginning this procedure. If the data store is not available, the IMA service fails to start until the data store is available.
Recreating the Local Host Cache after a minimum of SP1 has been installed
1. Stop the IMA service. This can be done via the command line, net stop imaservice or from services.
2. from the command line run: dsmaint recreatelhc which renames the existing LHC database, creates a new database and modifies the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\IMA\Runtime\PSRequired key to 1. Setting the value PSRequired to 1 forces the server to establish communication with the datastore in order to populate the Local Host Cache database. When the IMA service is restarted, the LHC is recreated with the current data from the data store.
3. Restart the IMA service. This can be done via the command line, net start imaservice, or from services.
Recreating the LHC database on servers that do not have a minimum of SP1 installed
1. Stop the IMA service, if it is started. This can be done via the command line, net stop imaservice, or from services.
2. Go to %ProgramFiles%\Citrix\Independent Management Architecture and rename the imalhc.mdb to imlhc.mdb.bak
3 Launch the ODBC Data Source Administrator:
• On Windows Server, choose Control Panel > Administrative Tools > Data Sources (ODBC).
4. Select the File DSN tab and browse to %ProgramFiles%\Citrix\Independent Management Architecture.
5. Select the imalhc.dsn file and click Configure.
6. In the Database area, click Create. The New Database dialog box appears.
7. In the Database Name box, type the name imalhc.mdb for the new local host cache database.
8. Click OK to create the database, and then click OK to close the ODBC Data Source Administrator.
9. Open regedt32 and navigate to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\IMA\RUNTIME and modify the value of PSRequired (REG_DWORD): 0x1
10. Restart the IMA service. This can be done via the command line, net start imaservice, or from services.
How to disable print drivers from automatically updating the DataStore?
When a new printer or printer driver was installed on a MetaFrame server, a substantial amount of traffic (in the order of 8 to 10MB per second) occurred between the IMA Service and the data store the IMA Service was using. This occurred because the IMA Service needed to update the Management Console for MetaFrame XP with the information about the new printer or printer driver, which caused the huge amount of network traffic.
To resolve this problem, navigate to the following registry key and change the value of fDisablePrinterWorkerThread to 1:
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\IMAPrinter
Type: REG_DWORD
Value: fDisablePrinterWorkerThread = 1
After making this change to the registry, restart the IMA Service for the change to take effect.
When the registry switch is set to 1, the IMA Service does not automatically update printer or printer driver information to the Management Console. You need to update this information manually. To do this, click Printer Management in the left panel of the Management Console and then double-click Update Printer and Driver.
Note: Ensure the latest MfPrintSs.dll is installed on the server.
How do I disable the Citrix Management Console splash screen?
There are two ways to disable the Citrix Management Console splash screen:
• Add -nologo to the Ctxload.exe command line. For example, if you publish ctxload as a published application, edit the published application and add -nologo to the end of the command line.
• If you run the Citrix Management Console from the toolbar, open the Program Files\Citrix\Administration folder. Create a shortcut to ctxload. Open the properties of that shortcut and add -nologo to the end of the target box. Click OK. Add the shortcut to the toolbar.
How to install XenApp client in command prompt and apply policies?
Run the XenAppHosted.msi in command prompt
"c:\>msiexec /a xenapphosted.msi"
This will launch "Client Packager Installation". We can create a pre-configured client package with the answer file for the questions asked by the installer, so that we can have silent installation of the client in various systems in the environment.
There is another way to create client installation package.
Type the command "msiexec.exe /I path/XenAppHosted.msi [Options]"
To add Group Policy to manage the client we need to add the .ADM by Citrix to the existing Administrative Template of the Group Policy Management. This is available where Citrix Clients have been already installed. It is located in "c:\program files\Citrix\ICA Client\Configuration\icaclient.adm"
We can manage Citrix Client connectivity by the Windows Group Policy
How to change the Citrix XML Service Port on Metaframe Servers?
Un-registering the XML Service
1. Open a Command Prompt window and run ‘ctxxmlss /u’ (This command will un-register the Citrix XML service and mark it for deletion)
2. Reboot the server
registering the XML on a port other than sharing with IIS
1. Un-register the service using the instructions above.
2. Open a ‘Command Prompt’ window and run ctxxmlss /r[Port Number] (Notice that there is no space between the switch “/r” and the port number.
3. Reboot the server or open the service control manager and manually start the Citrix XML Service
Registering the XML Service to share the port with IIS on Windows Server 2003 running IIS 6.0
By default when installing IIS 6.0, the virtual Scripts Folder is not created
1. Un-register the service using the instructions above.
2. Navigate to the ‘\Inetpub’ folder and create a new folder with the name of ‘Scripts’
3. Open the IIS Manager MMC Snap-in
4. Right click on the ‘Default Web Site’ and select New | Virtual Directory…
5. Click Next
6. Under Alias: type the name ‘Scripts’ and click Next
7. Under Path: type C:\Inetpub\Scripts and click Next
8. Under Allow the following permissions: make sure that the following are selected
a. Read
b. Run Scripts (such as ASP)
c. Execute (such as ISAPI applications or CGI)
9. Click Next and click Finish
10. Right click on the Scripts virtual directory and go to Properties
11. Under the Virtual Directory tab make sure that the Execute Permissions: field is set to Scripts and Executables
12. Under the Directory Security tab click on Edit… under Authentication and Access Control and make sure that the Enable anonymous access check box is checked
13. Now copy the files ctxxmlss.txt, clm.dll, wpnbr.dll to the newly create Scripts folder under the Inetpub folder.
Note: The file ‘ctxxmlss.txt’ is located in the ‘Program Files\Citrix\System32’ folder and the files ‘clm.dll’ and 'wpnbr.dll' are located in the ‘%SYSTEMROOT%\System32’ folder
If Microsoft IIS is installed, the administrator of the MetaFrame XP installation is given the option to install the Citrix XML Service and share a port with IIS.
In fact, no separate XML service is running. IIS serves the XML data using an ISAPI filter named Wpnbr.dll located in the \Inetpub\Scripts folder. To remove the Citrix XML Service functionality from your MetaFrame server, simply rename or delete the Wpnbr.dll file.
Once the XML Service port is changed on the Metaframe Servers you will need to change NFuse or WI to point to the new port.
Un-registering the XML Service
1. Open a Command Prompt window and run ‘ctxxmlss /u’ (This command will un-register the Citrix XML service and mark it for deletion)
2. Reboot the server
registering the XML on a port other than sharing with IIS
1. Un-register the service using the instructions above.
2. Open a ‘Command Prompt’ window and run ctxxmlss /r[Port Number] (Notice that there is no space between the switch “/r” and the port number.
3. Reboot the server or open the service control manager and manually start the Citrix XML Service
Registering the XML Service to share the port with IIS on Windows Server 2003 running IIS 6.0
By default when installing IIS 6.0, the virtual Scripts Folder is not created
1. Un-register the service using the instructions above.
2. Navigate to the ‘\Inetpub’ folder and create a new folder with the name of ‘Scripts’
3. Open the IIS Manager MMC Snap-in
4. Right click on the ‘Default Web Site’ and select New | Virtual Directory…
5. Click Next
6. Under Alias: type the name ‘Scripts’ and click Next
7. Under Path: type C:\Inetpub\Scripts and click Next
8. Under Allow the following permissions: make sure that the following are selected
a. Read
b. Run Scripts (such as ASP)
c. Execute (such as ISAPI applications or CGI)
9. Click Next and click Finish
10. Right click on the Scripts virtual directory and go to Properties
11. Under the Virtual Directory tab make sure that the Execute Permissions: field is set to Scripts and Executables
12. Under the Directory Security tab click on Edit… under Authentication and Access Control and make sure that the Enable anonymous access check box is checked
13. Now copy the files ctxxmlss.txt, clm.dll, wpnbr.dll to the newly create Scripts folder under the Inetpub folder.
Note: The file ‘ctxxmlss.txt’ is located in the ‘Program Files\Citrix\System32’ folder and the files ‘clm.dll’ and 'wpnbr.dll' are located in the ‘%SYSTEMROOT%\System32’ folder
If Microsoft IIS is installed, the administrator of the MetaFrame XP installation is given the option to install the Citrix XML Service and share a port with IIS.
In fact, no separate XML service is running. IIS serves the XML data using an ISAPI filter named Wpnbr.dll located in the \Inetpub\Scripts folder. To remove the Citrix XML Service functionality from your MetaFrame server, simply rename or delete the Wpnbr.dll file.
Once the XML Service port is changed on the Metaframe Servers you will need to change NFuse or WI to point to the new port.
What are the default tests available in Health Monitoring & Recovery Tool?
XenApp Health Monitoring and Recovery Tool have the following default tests.
1. Citrix IMA Service test
2. Logon Monitor test
3. Terminal Service test
4. XML Service test
Health Monitoring & Recovery in the farm-wide configuration allows us to select the maximum percentage of servers that HMR can exclude from load balancing. The default value is 10% of server.
What is Hotfix Management and how to configure Server Restart Schedule?
Hotfix Management in Access Management Console allows us to check the Hotfixes installed in the particular server as well as compare the Hotfixes with the scope of server. But this tool will not automatically intimate or download available Hotfixes from the Citrix website. We can configure server restarting schedule for the servers in the XenApp farm. Right-Click the server and go to All Task.Go to Set restart options and Set restart schedule.
What is the session reliability service in Windows services?
Citrix XTE Server is the Windows service for session reliability.
What is Installation Manager?
Installation Manager will not be in the part of Citrix installation setup. It should be downloaded from the Citrix website and installed separately. We need to have PowerShell already installed in the server. Install the IM component in the workstation/system you want to manage from and the IM utility in the XenApp servers. After installing the we can access it through the Windows management console. We can select the shared msi file path from where the application to be deployed and the server and the time of installation. We can also schedule command-line task to install exe files or to run some commands or queries in the servers.
What is Configuration logging?
Administrative Configuration Logging is the new feature in XenApp 5.0 and it can be configured in farm-wide properties. We can store all the administrative changes in the farm. We can see the log from the Report Center. We can clear log from the farm properties. We can configure to have credential to clear the log.
How to configure SecureICA and SSL/TSL connection in XenApp?
To configure SecureICA, Go to Access Management Console and right click the application and go to the properties. In the Client option select the Encryption level. This should be configured both in client and server side. If we use XenApp client it will automatically select the Encryption type. If we use Program Neighbourhood we have to select the proper Encryption type in the client side. We can enforce these properties in the Group Policies or in Citrix policy in XenApp Advanced Configuration. We can Enable the SecureICA encryption and select the Encryption Level. If we enable SSL/TSL connection, we should have installed Citrix SSL Relay and Server Certificate installed in the server. We can configure this in Citrix SSL Relay Configuration Tool in Citrix Administration.
How to recover Citrix License Server?
The Citrix servers can function without contacting the license server and it is 30-days fault tolerant, and in Enterprise version an alert can be set with Resource Manager to send an email in case of License Server Connection Failure. If the license server reconnects at any time in the thirty days the problem resolves itself. If the server is not going to come back up, then the license file, digitally signed with the case-sensitive hostname of the old license server, is the critical component. The license file, a *.lic file, can be backed up to a thumb drive separately, and restored to a new server with the same name of the old license server, and the Citrix License server software installed.
What is "Citrix Startup License" in Citrix presentation server license management console?
The Startup license does not affect the license count. It is used to allow Citrix products to communicate with the license server using a continuous open connection. Every five minutes the license server and the products send a heartbeat message to each other to verify that they are mutually communicating.
How to restore the data source to the new server?
To restore the data store to a different server, or just to move it to a more convenient place on the network, the procedure is as follows:
1. Place the mf20.mdb that was backed up in the proper directory: C:\ProgramFiles\Citrix\Independent Management Architecture;
2. Create a file dsn to the new data store;
3. Run dsmaint config /user:user /pwd:password /dsn:path to dsn on the new data store server and restart IMA;
4. Run dsmaint failover newdatastoreservername on all the other servers in the farm and restart IMA
To create a dsn file, go to the control panel, administrative tools, of the Citrix server that holds the new data store, and go to “Data Sources (ODBC)”. On the tab marked “file dsn”, create a new file, with Access 4.0 drivers, that is in the same directory as the mdb file is, and can be named anything, but for convention should be mf20.dsn. on the final screen, the actual database that the dsn file is supposed to point to must be selected. Under the select button, highlight the proper database, (not the imalhc.mdb but the mf20.mdb) and close the utility.
XenApp Health Monitoring and Recovery Tool have the following default tests.
1. Citrix IMA Service test
2. Logon Monitor test
3. Terminal Service test
4. XML Service test
Health Monitoring & Recovery in the farm-wide configuration allows us to select the maximum percentage of servers that HMR can exclude from load balancing. The default value is 10% of server.
What is Hotfix Management and how to configure Server Restart Schedule?
Hotfix Management in Access Management Console allows us to check the Hotfixes installed in the particular server as well as compare the Hotfixes with the scope of server. But this tool will not automatically intimate or download available Hotfixes from the Citrix website. We can configure server restarting schedule for the servers in the XenApp farm. Right-Click the server and go to All Task.Go to Set restart options and Set restart schedule.
What is the session reliability service in Windows services?
Citrix XTE Server is the Windows service for session reliability.
What is Installation Manager?
Installation Manager will not be in the part of Citrix installation setup. It should be downloaded from the Citrix website and installed separately. We need to have PowerShell already installed in the server. Install the IM component in the workstation/system you want to manage from and the IM utility in the XenApp servers. After installing the we can access it through the Windows management console. We can select the shared msi file path from where the application to be deployed and the server and the time of installation. We can also schedule command-line task to install exe files or to run some commands or queries in the servers.
What is Configuration logging?
Administrative Configuration Logging is the new feature in XenApp 5.0 and it can be configured in farm-wide properties. We can store all the administrative changes in the farm. We can see the log from the Report Center. We can clear log from the farm properties. We can configure to have credential to clear the log.
How to configure SecureICA and SSL/TSL connection in XenApp?
To configure SecureICA, Go to Access Management Console and right click the application and go to the properties. In the Client option select the Encryption level. This should be configured both in client and server side. If we use XenApp client it will automatically select the Encryption type. If we use Program Neighbourhood we have to select the proper Encryption type in the client side. We can enforce these properties in the Group Policies or in Citrix policy in XenApp Advanced Configuration. We can Enable the SecureICA encryption and select the Encryption Level. If we enable SSL/TSL connection, we should have installed Citrix SSL Relay and Server Certificate installed in the server. We can configure this in Citrix SSL Relay Configuration Tool in Citrix Administration.
How to recover Citrix License Server?
The Citrix servers can function without contacting the license server and it is 30-days fault tolerant, and in Enterprise version an alert can be set with Resource Manager to send an email in case of License Server Connection Failure. If the license server reconnects at any time in the thirty days the problem resolves itself. If the server is not going to come back up, then the license file, digitally signed with the case-sensitive hostname of the old license server, is the critical component. The license file, a *.lic file, can be backed up to a thumb drive separately, and restored to a new server with the same name of the old license server, and the Citrix License server software installed.
What is "Citrix Startup License" in Citrix presentation server license management console?
The Startup license does not affect the license count. It is used to allow Citrix products to communicate with the license server using a continuous open connection. Every five minutes the license server and the products send a heartbeat message to each other to verify that they are mutually communicating.
How to restore the data source to the new server?
To restore the data store to a different server, or just to move it to a more convenient place on the network, the procedure is as follows:
1. Place the mf20.mdb that was backed up in the proper directory: C:\ProgramFiles\Citrix\Independent Management Architecture;
2. Create a file dsn to the new data store;
3. Run dsmaint config /user:user /pwd:password /dsn:path to dsn on the new data store server and restart IMA;
4. Run dsmaint failover newdatastoreservername on all the other servers in the farm and restart IMA
To create a dsn file, go to the control panel, administrative tools, of the Citrix server that holds the new data store, and go to “Data Sources (ODBC)”. On the tab marked “file dsn”, create a new file, with Access 4.0 drivers, that is in the same directory as the mdb file is, and can be named anything, but for convention should be mf20.dsn. on the final screen, the actual database that the dsn file is supposed to point to must be selected. Under the select button, highlight the proper database, (not the imalhc.mdb but the mf20.mdb) and close the utility.
Name chances in XenApp 5.0
Old Name New Name
Presentation Server XenApp
Presentation Server Console XenApp Advanced Configuration Tool
Citrix Management Console Access Management Console
Presentation Server Client Citrix XenApp Plug-in for Hosted Apps
PNA Citrix XenApp
Web Client Citrix XenApp Web Plug-in
WMI Provider Citrix XenApp Provider
PNA Site XenApp Services Site
Web Interface Site XenApp Web
Prerequisites for XenApp Installation?
Application Server Role
Terminal Services Role
Web Server Role
DB Server
JRE 1.6.5
DotNet Framework 3.5
VC++ 2005 SP1
VJ# .Net 2.0
ASP.Net
Microsoft KB958652
Install Microsoft KB949914 for using older version of clients to communicate with the Xenapp5.0. We will get an error while installing the server. Missing update "mstlsapi.dll". It is negotiable
what is new in Citrix Presentation Server 4.5?
1. Health Monitoring and Recovery
HMR performs two functions:
a. It conducts tests against the servers in your farms.
b. If a particular test fails, it performs some action.
PS 4.5 has some preconfigured tests. You can use the SDK to write our own tests. It can perform tests such as performing a sample logon, making a request to the IMA service, requesting a Citrix XML ticket, or enumerating a list of terminal services sessions. You can configure these tests to run as often as you want. If any test fails, the system can perform a certain action. This action might be as simple as writing an item to the event log. You can also configure actions that restart the Citrix IMA service, remove the server from load-balancing, or even reboot a server.
One of the cool things is that while you configure multiple tests on individual or groups of servers in your farm, you can also set a farm-wide "safety net" that specifies a certain maximum percentage of servers that can be automatically taken offline by HMR. (By default this is 10 %.) This prevents one poorly-written test from accidentally taken your entire farm offline.
2. Administrator Configuring Logging
You can configure a separate, stand-alone database that logs every single change that's made to the data store by an administrator. This database hooks in at the IMA service level, so it picks up all changes—regardless of whether they were invoked via the Java console, the MMC, a CPSCOM (previously MFCOM) script, or a command-line tool. The reports will be in basic HTML form accessible via the MMC reports centre.
3. Application Isolation Environment engine
Citrix first introduced Application Isolation Environments (AIEs) in PS 4. This technology lets us to install multiple applications on a single server that ordinarily conflict with each other. In PS 4, the overhead of using AIE was huge, and it really slowed things down when it was in use. AIE technology in PS 4.5 has been majorly overhauled
4. Application Streaming
A PS 4.5 server can also be a Citrix Streaming Server, meaning it can stream applications down to non-Presentation Server Windows workstations. A PS 4.5 server can be a Citrix Streaming Server client, meaning you can use another Citrix Streaming Server to stream applications to the Presentation Server instead of manually installing the applications or using IM.
5. ICA Display Enhancements
PS4.5 has a couple of features that should make ICA perform a bit better in certain situations.
SpeedScreen Progressive Display: A sixth technology was added to the Speed Screen line-up for PS 4.5 called Progressive Display. When enabled, highly-complex graphical items in motion can temporarily be sent to the client at a lower resolution so that they can be displayed in real time. Once the motion stops, the image will "snap" back up to the full resolution. This means that the user can get a good interactive experience while scrolling or moving an on-screen object.
Improved Tossing and Queuing Algorithm: In some situations, there would be more screen updates going from a Presentation Server to a client than the network could handle. In this case, the ICA protocol driver on the server would send as many packets as it could to the client, but when it got behind, it would randomly drop bits of the screen as it tried to keep up. The result was that screen motions looked choppy and weird. In PS 4.5, the ICA protocol driver on the server has an improved technique for deciding which graphical elements can be discarded (tossed) and which should be held and sent together to the client (queuing).
Presentation Server XenApp
Presentation Server Console XenApp Advanced Configuration Tool
Citrix Management Console Access Management Console
Presentation Server Client Citrix XenApp Plug-in for Hosted Apps
PNA Citrix XenApp
Web Client Citrix XenApp Web Plug-in
WMI Provider Citrix XenApp Provider
PNA Site XenApp Services Site
Web Interface Site XenApp Web
Prerequisites for XenApp Installation?
Application Server Role
Terminal Services Role
Web Server Role
DB Server
JRE 1.6.5
DotNet Framework 3.5
VC++ 2005 SP1
VJ# .Net 2.0
ASP.Net
Microsoft KB958652
Install Microsoft KB949914 for using older version of clients to communicate with the Xenapp5.0. We will get an error while installing the server. Missing update "mstlsapi.dll". It is negotiable
what is new in Citrix Presentation Server 4.5?
1. Health Monitoring and Recovery
HMR performs two functions:
a. It conducts tests against the servers in your farms.
b. If a particular test fails, it performs some action.
PS 4.5 has some preconfigured tests. You can use the SDK to write our own tests. It can perform tests such as performing a sample logon, making a request to the IMA service, requesting a Citrix XML ticket, or enumerating a list of terminal services sessions. You can configure these tests to run as often as you want. If any test fails, the system can perform a certain action. This action might be as simple as writing an item to the event log. You can also configure actions that restart the Citrix IMA service, remove the server from load-balancing, or even reboot a server.
One of the cool things is that while you configure multiple tests on individual or groups of servers in your farm, you can also set a farm-wide "safety net" that specifies a certain maximum percentage of servers that can be automatically taken offline by HMR. (By default this is 10 %.) This prevents one poorly-written test from accidentally taken your entire farm offline.
2. Administrator Configuring Logging
You can configure a separate, stand-alone database that logs every single change that's made to the data store by an administrator. This database hooks in at the IMA service level, so it picks up all changes—regardless of whether they were invoked via the Java console, the MMC, a CPSCOM (previously MFCOM) script, or a command-line tool. The reports will be in basic HTML form accessible via the MMC reports centre.
3. Application Isolation Environment engine
Citrix first introduced Application Isolation Environments (AIEs) in PS 4. This technology lets us to install multiple applications on a single server that ordinarily conflict with each other. In PS 4, the overhead of using AIE was huge, and it really slowed things down when it was in use. AIE technology in PS 4.5 has been majorly overhauled
4. Application Streaming
A PS 4.5 server can also be a Citrix Streaming Server, meaning it can stream applications down to non-Presentation Server Windows workstations. A PS 4.5 server can be a Citrix Streaming Server client, meaning you can use another Citrix Streaming Server to stream applications to the Presentation Server instead of manually installing the applications or using IM.
5. ICA Display Enhancements
PS4.5 has a couple of features that should make ICA perform a bit better in certain situations.
SpeedScreen Progressive Display: A sixth technology was added to the Speed Screen line-up for PS 4.5 called Progressive Display. When enabled, highly-complex graphical items in motion can temporarily be sent to the client at a lower resolution so that they can be displayed in real time. Once the motion stops, the image will "snap" back up to the full resolution. This means that the user can get a good interactive experience while scrolling or moving an on-screen object.
Improved Tossing and Queuing Algorithm: In some situations, there would be more screen updates going from a Presentation Server to a client than the network could handle. In this case, the ICA protocol driver on the server would send as many packets as it could to the client, but when it got behind, it would randomly drop bits of the screen as it tried to keep up. The result was that screen motions looked choppy and weird. In PS 4.5, the ICA protocol driver on the server has an improved technique for deciding which graphical elements can be discarded (tossed) and which should be held and sent together to the client (queuing).
6. Logon Throttling
The logon process has always been very resource intensive for a Citrix Presentation Server. The server can hang just by more than a few users logging in at the exact same time. The new load evaluator rule in PS 4.5 lets us to specify the "resource cost" of a user logon. You can use this rule to temporarily show a server as "full" whenever the logon rate exceeds a set level.
7. Component Updates
Along with PS4.5, Citrix is updating Web Interface to 4.5 and ICA clients to Version 10.
What didn't change?
Printing (Same engine as PS 4, but of course with all the hotfixes "built in.)
Licensing.
Policies (Several new policy items, but everything else is the same.)
Resource Manager (You can apply templates to servers to make them easier to configure.)
Installation Manager (You can install applications into Isolation Environments with IM.)
What are the Ports does Citrix commonly use?
License Manager Daemon TCP 27000 handles initial point of contact for license requests
License Management Console TCP 8082 Web-based administration console
Citrix Receiver TCP 80/443 Communication with Merchandising Server
ICA TCP 1494 Access to applications and virtual desktops
ICA with Session reliability TCP/2598
IMA TCP 2512 Independent Management Architecture (IMA)
Management Console TCP 2513 Citrix Management/XenApp Advance Consoles
Application / Desktop Request TCP 80/8080/443 XML Service
Database TCP 1433 Microsoft SQL Server
DNS TCP/UDP 53
TFTP UDP 69 Trivial File Transfer
How to identify Citrix License been consumed by a Device?
LMSTAT command shows a Client Hardware ID, a license has been assigned to that device.
Lmstat is the license administration command shows what licenses are assigned to which client or server. This utility is run on a license server from a command prompt by browsing to \Program files\Citrix\Licensing\LS. The *.lic must be present in the \Program Files\Citrix\Licensing\MyFiles directory that excludes the built-in citrix_startup.lic file. Lmstat prints information that it receives from the license server but does not contact the product server.
Syntax
lmstat [-a] [-A] [-c “license_file”]
Open the command prompt and change the directory to \Program Files\Citrix\Licensing\LS
Type: lmstat –a
Example output of an lmstat -a command indicating two user machines accessing the farm and consuming two user license assignments.
A Client with Hardware ID that consumed a Citrix license is shown in hexadecimal number like below
Hardware ID for Session 1 6f78c1bd
Hardware ID for Session 2 3a7379f6
The logon process has always been very resource intensive for a Citrix Presentation Server. The server can hang just by more than a few users logging in at the exact same time. The new load evaluator rule in PS 4.5 lets us to specify the "resource cost" of a user logon. You can use this rule to temporarily show a server as "full" whenever the logon rate exceeds a set level.
7. Component Updates
Along with PS4.5, Citrix is updating Web Interface to 4.5 and ICA clients to Version 10.
What didn't change?
Printing (Same engine as PS 4, but of course with all the hotfixes "built in.)
Licensing.
Policies (Several new policy items, but everything else is the same.)
Resource Manager (You can apply templates to servers to make them easier to configure.)
Installation Manager (You can install applications into Isolation Environments with IM.)
What are the Ports does Citrix commonly use?
License Manager Daemon TCP 27000 handles initial point of contact for license requests
License Management Console TCP 8082 Web-based administration console
Citrix Receiver TCP 80/443 Communication with Merchandising Server
ICA TCP 1494 Access to applications and virtual desktops
ICA with Session reliability TCP/2598
IMA TCP 2512 Independent Management Architecture (IMA)
Management Console TCP 2513 Citrix Management/XenApp Advance Consoles
Application / Desktop Request TCP 80/8080/443 XML Service
Database TCP 1433 Microsoft SQL Server
DNS TCP/UDP 53
TFTP UDP 69 Trivial File Transfer
How to identify Citrix License been consumed by a Device?
LMSTAT command shows a Client Hardware ID, a license has been assigned to that device.
Lmstat is the license administration command shows what licenses are assigned to which client or server. This utility is run on a license server from a command prompt by browsing to \Program files\Citrix\Licensing\LS. The *.lic must be present in the \Program Files\Citrix\Licensing\MyFiles directory that excludes the built-in citrix_startup.lic file. Lmstat prints information that it receives from the license server but does not contact the product server.
Syntax
lmstat [-a] [-A] [-c “license_file”]
Open the command prompt and change the directory to \Program Files\Citrix\Licensing\LS
Type: lmstat –a
Example output of an lmstat -a command indicating two user machines accessing the farm and consuming two user license assignments.
A Client with Hardware ID that consumed a Citrix license is shown in hexadecimal number like below
Hardware ID for Session 1 6f78c1bd
Hardware ID for Session 2 3a7379f6
How to Configure the Citrix Program Neighbourhood Agent?
Citrix Program Neighbourhood Agent is the client tool for LAN Connected infrastructure, and provides the most features and centralized management.
Citrix Program Neighbourhood Agent (PNA) consists of a server and client component. It is integrated in the Citrix Web Interface setup. The PNA Client is a part of the Citrix Presentation Server Client Packager.
The PNA client provides centralized management of the client settings via the Access Management Console and Published Application settings. PNA also offers pass-through authentication, automatic desktop and start menu integration, as well as client to server content redirection. It will not be configured in the Citrix Server by default. We need to configure to get the config.xml file installed and copied into IIS.
After installing Web Interface, launch the Access Management Console (AMC). The Configure and run discovery invoke at the first time to identify the components.
1. Select the option, “Contact the following servers running the configuration service” and add the server running Web Interface.
2. After the discovery process completes, right click on the Web Interface node on the left pane of the AMC -> Select “Create Site”.
3. Select “Program Neighborhood Agent Services site”.
4. Select the default options for the remaining process of the Create Site Wizard.
5. Right click on the site and select “Manage server farms”.
6. On this screen, the default farm will be displayed. Enter at least one of the Citrix servers from the Citrix Farm with which the Program Neighborhood Agent Services site will communicate. The site communicates with the XML Service on the configured Citrix Server via the Farm XML Port (80 is the default). Best practice would be to enter at least two XML Servers for redundancy in case of failure
In the AM Console, right click config.xml, select “Configure authentication methods”.
7. Deselect “Prompt” and select “Pass-through. That means the credentials used on the local system will be used to logon to the Citrix Farm.
8. In the Change Session Options screen, one may customize the Client Session Sizes, Client Resources (color depth, Windows Keyboard Settings and Audio Settings), and Workspace Control Options.
9. In the Manage Server Settings screen, we can configure the automatic refresh frequency, Backup URLs, and Site Redirection, where an administrator can redirect users to an alternate site.
10. For a centrally managed installation, on the Start Menu Shortcuts, and Desktop Shortcuts screens, select “Use Server Farm Settings (defined in published application)”. This means that the location of the application shortcuts will be determined by Citrix Published Application, not by settings in the PNA Services Site.
11. On the Notification Area screen, the administrator can configure display of applications as a menu in the Citrix Program Neighborhood Connection Center and can control user enabling or disabling the Applications Menu display in the Citrix Program Neighborhood Connection Center.
12. On the Shortcut Removal Screen, the administrator can configure when a user’s Citrix Published Application Shortcuts are removed from the desktop and start menu.
Right click on the config.xml go to All Tasks, Manage Application Refresh. We can control more over when and how often a user’s application set is refreshed.
In a domain the PNA Client automatically passes-through the local credentials, so users can access Citrix Published Applications as if they were installed locally.
Published Application Configuration
Published applications have the following settings related to the Program Neighbourhood Client.
Shortcut Presentation -> Application Shortcut Placement:
• Add to the Client’s Start Menu.
• Place under the Program Folder.
• Start Menu Folder
• Add shortcut to the client’s desktop.
Content Redirection allows a local client files to launch Citrix Published Applications installed in the Citrix server.
ICA vs. RDP?
Independent Computing Architecture vs. Remote Desktop Protocol
RDP's most obvious limitation is its short client list, which covers the 32-bit Windows family and 16-bit Windows 3.11. RDP only works with the TCP/IP network protocol, where ICA has additionally capabilities with IPX, SPX, NetBEUI and Direct Asynch
other features of ICA:
1. Support for Windows audio (.wav files)
2. Access to local printers
3. Access to local serial ports
4. Administrative remapping of local drives
5. Cut and paste between sessions
6. Session shadowing or "remote control"
7. Direct dial-up connections
Server load balancing for each protocol can be accomplished with additional software, and ICA allows administrators to create preconfigured clients with applications, IP addresses, server names and connection options.
There is one function where RDP has an edge: It supports multiple-level encryption of client connections natively. An ICA system can encrypt client/server communications, but it requires the addition of Citrix SecureICA Services,
What is SMB?
SMB (Server Message Block) is a protocol used in Citrix Server while mapping drive / file sharing in network)
Application Installation procedure in XenApp or Terminal Server?
Before installation change the server mode to install. c:\>change user /install
after installation change the server mode to execute. c:\>change user /execute
While restarting the server reboots in execute mode. So if the application reboots in the middle of the process (Mid-Install process) then we have to plan according to that.
The application writes in Run or Run Once in Machine or User registry keys. So remove the keys from the registry before restarting. After booting the server continue the installation after changing the terminal server to install mode.
TS Application Analyser Microsoft tool used to analyse the application whether it is compatible with the Terminal Server.
It checks Device Redirection, Performance Issues, Concurrent Resource Use, Installation Issues etc.
Citrix Program Neighbourhood Agent is the client tool for LAN Connected infrastructure, and provides the most features and centralized management.
Citrix Program Neighbourhood Agent (PNA) consists of a server and client component. It is integrated in the Citrix Web Interface setup. The PNA Client is a part of the Citrix Presentation Server Client Packager.
The PNA client provides centralized management of the client settings via the Access Management Console and Published Application settings. PNA also offers pass-through authentication, automatic desktop and start menu integration, as well as client to server content redirection. It will not be configured in the Citrix Server by default. We need to configure to get the config.xml file installed and copied into IIS.
After installing Web Interface, launch the Access Management Console (AMC). The Configure and run discovery invoke at the first time to identify the components.
1. Select the option, “Contact the following servers running the configuration service” and add the server running Web Interface.
2. After the discovery process completes, right click on the Web Interface node on the left pane of the AMC -> Select “Create Site”.
3. Select “Program Neighborhood Agent Services site”.
4. Select the default options for the remaining process of the Create Site Wizard.
5. Right click on the site and select “Manage server farms”.
6. On this screen, the default farm will be displayed. Enter at least one of the Citrix servers from the Citrix Farm with which the Program Neighborhood Agent Services site will communicate. The site communicates with the XML Service on the configured Citrix Server via the Farm XML Port (80 is the default). Best practice would be to enter at least two XML Servers for redundancy in case of failure
In the AM Console, right click config.xml, select “Configure authentication methods”.
7. Deselect “Prompt” and select “Pass-through. That means the credentials used on the local system will be used to logon to the Citrix Farm.
8. In the Change Session Options screen, one may customize the Client Session Sizes, Client Resources (color depth, Windows Keyboard Settings and Audio Settings), and Workspace Control Options.
9. In the Manage Server Settings screen, we can configure the automatic refresh frequency, Backup URLs, and Site Redirection, where an administrator can redirect users to an alternate site.
10. For a centrally managed installation, on the Start Menu Shortcuts, and Desktop Shortcuts screens, select “Use Server Farm Settings (defined in published application)”. This means that the location of the application shortcuts will be determined by Citrix Published Application, not by settings in the PNA Services Site.
11. On the Notification Area screen, the administrator can configure display of applications as a menu in the Citrix Program Neighborhood Connection Center and can control user enabling or disabling the Applications Menu display in the Citrix Program Neighborhood Connection Center.
12. On the Shortcut Removal Screen, the administrator can configure when a user’s Citrix Published Application Shortcuts are removed from the desktop and start menu.
Right click on the config.xml go to All Tasks, Manage Application Refresh. We can control more over when and how often a user’s application set is refreshed.
In a domain the PNA Client automatically passes-through the local credentials, so users can access Citrix Published Applications as if they were installed locally.
Published Application Configuration
Published applications have the following settings related to the Program Neighbourhood Client.
Shortcut Presentation -> Application Shortcut Placement:
• Add to the Client’s Start Menu.
• Place under the Program Folder.
• Start Menu Folder
• Add shortcut to the client’s desktop.
Content Redirection allows a local client files to launch Citrix Published Applications installed in the Citrix server.
ICA vs. RDP?
Independent Computing Architecture vs. Remote Desktop Protocol
RDP's most obvious limitation is its short client list, which covers the 32-bit Windows family and 16-bit Windows 3.11. RDP only works with the TCP/IP network protocol, where ICA has additionally capabilities with IPX, SPX, NetBEUI and Direct Asynch
other features of ICA:
1. Support for Windows audio (.wav files)
2. Access to local printers
3. Access to local serial ports
4. Administrative remapping of local drives
5. Cut and paste between sessions
6. Session shadowing or "remote control"
7. Direct dial-up connections
Server load balancing for each protocol can be accomplished with additional software, and ICA allows administrators to create preconfigured clients with applications, IP addresses, server names and connection options.
There is one function where RDP has an edge: It supports multiple-level encryption of client connections natively. An ICA system can encrypt client/server communications, but it requires the addition of Citrix SecureICA Services,
What is SMB?
SMB (Server Message Block) is a protocol used in Citrix Server while mapping drive / file sharing in network)
Application Installation procedure in XenApp or Terminal Server?
Before installation change the server mode to install. c:\>change user /install
after installation change the server mode to execute. c:\>change user /execute
While restarting the server reboots in execute mode. So if the application reboots in the middle of the process (Mid-Install process) then we have to plan according to that.
The application writes in Run or Run Once in Machine or User registry keys. So remove the keys from the registry before restarting. After booting the server continue the installation after changing the terminal server to install mode.
TS Application Analyser Microsoft tool used to analyse the application whether it is compatible with the Terminal Server.
It checks Device Redirection, Performance Issues, Concurrent Resource Use, Installation Issues etc.
How the Citrix Web Interface Works
1. Client device users utilize a Web browser to view the Log in page and enter their user credentials.
2. The Web server reads users’ information and uses the Web Interface’s classes to forward the information to the Citrix XML Service on servers in the server farms. The designated server acts as a broker between the Web server and servers.
3. The Citrix XML Service on the designated server then retrieves a list of applications from the servers that users can access. These applications comprise the user’s application set. The Citrix XML Service retrieves the application set from the Independent Management Architecture (IMA) system and Program Neighborhood Service, respectively.
In a MetaFrame Presentation Server for UNIX farm, the Citrix XML Service on the designated server uses information gathered from the ICA browser and the local Web Interface configuration file to determine which applications the user can access.
The Citrix XML Service then returns the user’s application set information to the Web Interface’s classes running on the server.
In a MetaFrame Presentation Server for UNIX farm, the Citrix XML Service on the designated server uses information gathered from the ICA browser and the local Web Interface configuration file to determine which applications the user can access.
The Citrix XML Service then returns the user’s application set information to the Web Interface’s classes running on the server.
4. The user initiates the next step by clicking one of the hyperlinks in the HTML page.
5. The Citrix XML Service is contacted to locate the server in the farm that is the least busy. The XML Service requests a ticket from the least busy server corresponding to the user’s credentials. The XML Service returns the least-busy server’s address and ticket to Web Interface.
6. The classes finish parsing the template file and send a customized file to the Web browser.
7. The Web browser receives the file and passes it to the client device.
8. The client receives the file and initiates a client session with a server according to the file’s connection information.
How Citrix Secure Gateway works
The following diagram illustrates the process by which Web Interface produces an ICA
File intended for use with Secure Gateway:
1. Having authenticated to Web Interface, the user clicks an application icon.
2. Web Interface contacts the XML broker to determine the address of the target
MetaFrame server.
3. The XML broker locates the least-busy server for the chosen application and
requests a MetaFrame logon ticket for that server.
4. The address of the target MetaFrame server and a corresponding MetaFrame
logon ticket are returned to Web Interface.
5. Web Interface sends the target server address, user name, domain name and
published application name (collectively referred to as “the data”) to the STA
and gets a gateway traversal ticket in return.
6. Web Interface renders an ICA file for the user containing the gateway traversal
ticket in the Address field. Also included in the ICA file are the following lines
that instruct the client to connect to a gateway:
SSLEnable=On
SSLProxyHost=csg.company.com:443
The fully-qualified domain name of the Secure Gateway server is drawn from the
CSG_Server value in WebInterface.conf.
7. The client makes an ICA-in-SSL connection (not HTTPS!) to the gateway server on
port 443 and performs an SSL handshake. The gateway server sends its server
certificate chain to the client; the client must have the appropriate CA root
certificate in order for the SSL handshake to succeed.
8. The gateway server extracts the gateway traversal ticket from the user’s ICA file
and sends it to the STA for redemption. The gateway receives the data from the
STA corresponding to the current ticket. The ticket is then purged from the
STA’s memory immediately.
9. Having validated the user’s ticket, the gateway opens a TCP connection to the
MetaFrame server’s ICA port and forwards decrypted ICA traffic to the server. A
relay is established with the gateway providing encryption/decryption service
between the client and the target MetaFrame server. The MetaFrame logon
ticket is supplied to initiate the ICA session without re-authentication.
As with non-gateway connections, the role of Web Interface is only to foster the ICA
connection. Once an ICA session is established, Web Interface is no longer plays an active
role in maintaining the user’s ICA session.
Session Reliability through Secure Gateway
Session reliability cannot be used when connecting through Secure Gateway 2.0 or
earlier. Secure Gateway 3.0 introduces the ability to use the session reliability (but not
auto client reconnect) through the gateway. The following diagram illustrates the
Procedure for establishing a Common Gateway Protocol tunnel through the gateway with
Web Interface 4.0 and how the tunnel is restored after a network interruption. The
protocol used in each step appears in [square brackets] after the description. Note that
all HTTP or XML connections may optionally be secured using SSL.
1. User clicks an icon to launch an application. [HTTP]
2. Web Interface determines the address of the least-busy MetaFrame Presentation
server and requests a MetaFrame logon ticket. [XML]
3. XML broker requests a MetaFrame logon ticket from the target MetaFrame server.
[IMA]
4. MetaFrame logon ticket is delivered to Web Interface by the XML broker. [XML]
5. Web Interface sends target server address and other data to STA, receives a V4
Connection Ticket in response. [XML]
6. A rendered ICA file is sent to the user containing the MetaFrame logon ticket and
the STA connection ticket. [HTTP]
7. The ICA Client is invoked and connects to Secure Gateway, presenting the STA
connection ticket [ICA+CGP+SSL]
8. Secure Gateway validates the connection ticket presented by the client.
Immediately after validation, the gateway requests a V4 Refreshable Reconnect
ticket from the STA to be used in case the SSL connection is severed. This reconnect
ticket is periodically refreshed while the user’s session is active. [XML]
25
9. Secure Gateway tunnels the Common Gateway Protocol connection to MetaFrame
Presentation Server. The Citrix XTE Service generates a Common Gateway Protocol
token to be used for reconnection in case the Common Gateway Protocol link is
severed. [CGP]
10. The Common Gateway Protocol token from step 9 and the reconnect ticket obtained
in step 8 are sent to the client and stored in memory. Connection to MetaFrame
Presentation Server application is now established. [ICA+CGP+SSL]
--- Network connection is temporarily severed ---
11. After a network interruption, the client initiates a new SSL connection to the
gateway and presents the STA reconnect ticket obtained in step 8. [ICA+CGP+SSL]
12. The gateway validates the reconnect ticket to allow a new TCP session to the
MetaFrame server. Immediately after validation, the gateway requests a new V4
Refreshable Reconnect ticket from the STA to be used in case the SSL connection is
severed again. This reconnect ticket is periodically refreshed while the user’s
session is active. [XML]
13. Secure Gateway makes a new connection to the Citrix XTE Service and presents the
Common Gateway Protocol token obtained in step 9. The XTE Service associates the
token with the user’s disconnected Common Gateway Protocol session and restores
the Common Gateway Protocol tunnel. [CGP]
IMA and Zone Data Collector Communication
The following information addresses questions about IMA basics.
How does IMA traffic get sent and processed amongst Citrix servers?
Most customers understand that IMA traffic goes over port 2512, but very few, like Miami Inc, understood how the traffic is attached to machines for processing by IMA.
Due to the stringent security requirements Miami Inc has around data traversal amongst networks, they need to understand how data is transported amongst servers in a zone.
Citrix has what we call a transport “function” that is responsible for getting packets of information from one host to another. The transport component is relatively small and does not actually care about the data it is transporting. This is a small set of functions for setting up bindings to host and subsequently sending packets to those hosts.
How does IMA know who the hosts in a farm are to ensure communication requests are from approved sources?
A set of functions that we refer to as the Host Resolver component are responsible for providing information about all of the hosts in the farm. It provides APIs for enumerating hosts, setting/getting a host’s zone, and mapping between some of the various ways used to refer to a remote host. Hosts may be identified by name (a simple UNICODE string), by HOSTID (a unique integer representing a host), or by host binding (HBINDING).
While this is good information, Miami Inc needs this put into greater detail for its internal security review so below we will explain more on how the actual connections are made.
Various parts of the IMA system use different specify to refer to remote hosts. These types of specifies include:
Host Names – Used by user interface components to refer to hosts. A host name is used in conjunction with a port specified (typically the default IMA port, 2512) in order to create a binding with the Transport component detailed above. Every host has a definitive name that it determines itself when joining the farm.
Host ID – This is an integer used mostly be subsystems to refer to hosts.
As mentioned above, any time a message is sent to a remote host, it needs to have a host binding for that host.
The host resolver maintains two mapping hash tables for quick translations.
The host resolver’s main data structure is the HOST_RECORD, which contains a host’s name, zone name, IMA port, Management Console port, host ID, version, and ranking information. The ranking information is used by the Zone Manager, which is described below, when electing a zone master.
Connection State Information
A binding attempt is always in one of three states:
• Connecting
• Active
• Closing
When an outgoing connection is created, it is first placed in the state CONNECTING. This is a temporary state that quickly is changed to WAIT_BIND_REQUEST as the connection waits for a bind request to come back from the remote host. Once a BIND_REQUEST is received, the original host sends a BIND_RESPONSE packet and moves into the WAIT_BIND_COMMIT state. Once the BIND_COMMIT packet is received from the remote host, the connection is fully initialized and moves into the ACTIVE state.
The case of handling an incoming connection is similar. The connection is first placed into CONNECTING temporarily. A BIND_REQUEST packet is sent to the connecting client, and the local host moves to WAIT_BIND_RESPONSE. Once the BIND_RESPONSE comes back from the other host, the local host sends a BIND_COMMIT and moves into the ACTIVE state.
How many connections to servers in the farm can IMA process/keep at one time?
While there is no finite answer to this, there is a registry setting that limits the Host Resolver to keeping only 512 open connections to hosts. This is very important in large farm design, and it can be manipulated.
The connections to hosts in a zone by a ZDC do not last forever, and can be torn down and re-established. It is important to farm performance that steps are taken in the zone to limit this teardown/setup process from occurring, and bumping up the registry setting alleviates this in zones with more than 512 hosts. The registry setting is:
HKEY_LOCAL_MACHINE\Software\Citrix\IMA\Runtime\ MaxHostAddressCacheEntries
When Miami Inc designs their global farm, the ZDC setup is of the utmost importance as the number of servers in each zone will grow over time to very high levels. A thorough understanding of this setting and the following information is critical.
What is the function of a zone?
Zones perform two functions:
• Collecting data from member servers in the zone
• Distributing changes in the zone to other servers in the farm
What is a Zone Data Collector (ZDC)?
Each zone in a Presentation Server farm has its own “traffic cop” or ZDC. A ZDC may also at times be referred to as the Zone Manager. The ZDC maintains all load and session information for every server in the zone. ZDCs keep open connections to other farm ZDCs for zone communication needs. Changes to/from member servers of a ZDCs zone are immediately propagated to the other ZDCs in the farm.
How does the ZDC keep track of all of the hosts in the farm to make sure they are live?
If ZDC does not receive an update within the configured amount of time from a member server (default 1 minute) in its zone, it sends a ping (IMAPing) to the member server in question. This timeframe can be configured in:
HKEY_LOCAL_MACHINE\Software\Citrix\IMA\Runtime\KeepAliveInterval
If ZDC does not receive an update within the configured amount of time from a peer ZDC server, it does not continually ping the “lost” ZDC. It waits a default of 5 minutes, which is configurable in: HKEY_LOCAL_MACHINE\Software\Citrix\IMA\Runtime\GatewayValidationInterval
How does the ZDC ensure servers communicating with are in the farm and authorized to trade information?
There are several layers of security used in this process, including those that exist in the Transport and Host Resolver functions. One of the most important checks a ZDC does to allow a server to communicate within the farm is called a magic number check. Magic Numbers are set the first time a server in a farm is joined into a farm.
If a server in the farm has a different magic number than the ZDC expects, it can cause the server to believe that it is in its own farm and declare itself a data collector, thus causing two data collectors to exist in a single zone and causing further zone elections.
Is there a setting for when the member servers in a zone update the Data Collector?
All updates a member server has are sent to the ZDC as soon as they are generated. Below is a graphical image of how both inter and intra zone IMA communications occur in an idle farm.
Most IMA traffic is a result of the generation of events. When a client connects, disconnects, logs off, and so on, the member server must update its load, license count, and so on to the data collector in its zone. The data collector in turn must replicate this information to all the other data collectors in the farm.
The client requests the data collector to resolve the published application to the IP address of the least loaded servers in the farm.
The client then connects to the least loaded server returned by the data collector.
The member server then updates its load, licensing, and connected session information to the data collector for its zone.
The data collector then forwards this information to all the other data collectors in the farm.
Important: Notice in the communication diagram there is no communication to the data store. Connections are independent of the data store and can occur when the data store is not available. Connection performance is not affected by a busy data store.
What is meant by a Zone Data Collector election?
Should for any reason this ZDC not be available, another server in the zone can take over this role in its place. The process of taking this role is known as an election. The setup of how these elections take place is very important in a Presentation Server farm design, especially in large environments like Miami Inc’s. Miami Inc has a global distributed Citrix environment, where farm communication is heavily reliant on zone setup.
What server is the “boss,” and how is that determined?
Server Administrators must choose the Zone Data Collector strategy carefully during farm design. There are many variables associated with this process that are outside the scope of this document. When an election needs to occur in a zone, the winner of the election is determined using the following criteria:
• Highest Presentation Server version first (should always be 1)
• Highest rank (as configured in the Management Console)
• Highest Host ID number (a Host ID is just a number – every server has a unique ID)
If you want to see the HostID number and its version, you can run the queryhr.exe utility (with no parameters). You’ll get something that looks like this:
C:\>QueryHR.exe
---- Showing Hosts for "10.8.4.0" ----
Host 1:
-----------------------------
Zone Name: 10.8.4.0
Host Name: FTLDTERRYDU02
Admin Port: 2513
Ima Port: 2512
Host ID: 8022
Master Ranking: 1
Master Version: 1
-----------------------------
--- Show Host Records Completed ---
---- Showing Hosts for "10.8.4.0" ----
Host 1:
-----------------------------
Zone Name: 10.8.4.0
Host Name: FTLDTERRYDU02
Admin Port: 2513
Ima Port: 2512
Host ID: 8022
Master Ranking: 1
Master Version: 1
-----------------------------
--- Show Host Records Completed ---
When a communication failure occurs between a member server and the data collector for its zone or between data collectors, the election process begins in the zone. Here are some examples of how ZDC elections can be triggered and a high level of summary of the election process. A detailed description of this process and the associated functions used is further below in this document.
1. The existing data collector for Zone 1 has an unplanned failure for some reason, that is, a RAID controller fails causing the server to blue screen. If the server is shutdown gracefully, it triggers the election process before going down.
2. The servers in the zone recognize the data collector has gone down and starts the election process.
3. The member servers in the zone then send all of their information to the new data collector for the zone. This is a function of the number each server has of sessions, disconnected session and applications.
4. In turn the new data collector replicates this information to all other data collectors in the farm.
Important: The data collector election process is not dependent on the data store.
Note: If the data collector goes down, sessions connected to other servers in the farm are unaffected.
Misconception: “If a data collector goes down, there is a single point of failure.”
Actual: The data collector election process is triggered automatically without administrative intervention. Existing as well as incoming users are not affected by the election process, as a new data collector is elected almost instantaneously. Data collector elections are not dependent on the data store.
Detailed Election Process:
As we know, each server in the zone has a ranking that is assigned to it. This ranking is configurable such that the servers in a zone can be ranked by an administrator in terms of which server is most desired to serve as the zone master. “Ties” between servers with the same administrative ranking are broken by using the HOST IDs assigned to the servers; the higher the host ID, the higher-ranked the host.
The process that occurs when an election situation begins is as follows:
1. When a server comes on-line, or fails to contact the previously-elected zone master, it starts an election by sending an ELECT_MASTER message to each of the hosts in the zone that are ranked higher than it.
2. When a server receives an ELECT_MASTER message, it replies to the sender with an ELECT_MASTER_ACK message. This ACK informs the sender that the receiving host will take over the responsibility of electing a new master. If the receiving host is not already in an election, it will continue the election by sending an ELECT_MASTER message to all of the hosts that are ranked higher than it.
3. If a server does not receive any ELECT_MASTER_ACK messages from the higher-ranked hosts to which it sent ELECT_MASTER, it will assume that it is the highest ranked host that is alive, and will then send a DECLARE_MASTER message to all other hosts in the zone.
4. When a server that has previously sent an ELECT_MASTER message to the higher-ranked host(s) in the zone receives an ELECT_MASTER_ACK from at least one of those hosts, it enters a wait state, waiting for the receipt of a DECLARE_MASTER from another host. If a configurable timeout expires before this DECLARE_MASTER is received, the host will increase its timeout and begin the election again.
At the conclusion of the election, each host will have received a DECLARE_MASTER message from the new zone master.
What happens if a server incorrectly believes a new ZDC has won (false winner)?
Once the two ZDCs “fix” themselves through ZDC to ZDC communications establishing who the proper ZDC is, a direct communication to the member server(s) is sent notifying it of the correct ZDC for member servers to use.
Supporting data:
• Any state change on server (logon/logoff, disconnect/reconnect, load change) triggers a dynamic data update.
• Member server notifies its DC of the change, and in turn….
• The member server’s DC notifies ALL other DCs of the change.
Communication Events:
• Member server to zone DC heartbeat check.
• Key: HKEY_LOCAL_MACHINE\Software\Citrix\IMA\Runtime\KeepAliveInterval
• Default value: 60000 milliseconds REG_DWORD: 0xEA60
What happens if a server believes it is the new ZDC but the PZDC is still alive and has not resigned?
There are two ZDCs for a finite amount of time, however our code ensures that the ZDCs communicate to each other and communicate the true ZDC to all member servers in the farm once the election process has run its course. Presuming that the original server does not have a lower preference level than the “new” ZDC, it will close to always remain the ZDC, and in turn broadcast its status to all servers in the farm.
No comments:
Post a Comment