Hi All, I found very useful PVS traffic Flow Diagram From Citrix and thought worth to share it.
Monday, 12 September 2016
Sunday, 11 September 2016
Citrix Machine Catalog Upgrade(MCS)
It would be helpful article for guys who are new to citrix.There is no video tutorial available which explain how we can update Citrix MCS master image catalog so publishing this article after taking reference from Citrix. In PVS we have an easy way of upgrading golden image using Update Manager with Versions but if we are not using PVS here how we can use update machine catalog.
Summery:
- Open the image in VMware and make required changes.
- Shutdown the machine
- Take Snapshot
- Verify Snapshot is present
- Open DDC and select Catalog and right Click and select Update Machines
- Select Image snapshot and verify all you required environment settings
- Select time when you want to publish new updated desktop for end users.
- Click next and finish.
It will 30-60 minutes. You are done with image upgrade.
Descriptive Details:
LINK: https://rajatcitrix.blogspot.in/2016/09/citrix-machine-catalog-upgrademcs.html
- Open the image in VMWare and make any changes that are needed
- Shutdown the image
- Take a Snapshot of the Image in VMWare. Right click on the Virtual Machine, choose Snapshot and click Take Snapshot
- Verify the snapshot is there by right-clicking on the Virtual Machine, Choose Snapshot Manager
- Go to your Desktop Delivery Controller and open Citrix Studio
- Right-click on Machine Catalogs and then click Update Machines
- Verify data and click Next
- Select the Image and click Next
- Make the appropriate choices for you environment. This option allows you choose when your users will receive the updated virtual machine.
- Verify and click Next
- It will take some time for the update to complete, typically about 30-60 minutes.
- There you have it, your MCS image has been updated!
LINK: https://rajatcitrix.blogspot.in/2016/09/citrix-machine-catalog-upgrademcs.html
Wednesday, 7 September 2016
Netscaler As Gateway
Hi friends, In this post i am going to explain that how we can use Netscaler as a gateway. Now days Netscaler is not bounded with boundaries ans this became an power full device which can perform Load balancing, End point scanning, VPN, Gateway for email servers/websites and lot more. Most of the peoples have there different point of views regarding Netscaler. Some peoples think it's an load balancing box some think it's gateway box some thing it's VPN box and lot more. Here i want to tell that it's not doing single operation now days it perform all required operations which any corporate gateway should perform. In real word i seen network guys propose lot of new boxes in front of business for there own learning which put huge cost on project\companies and due to lack of technical knowledge PM get that approved from business as well even they already have gateway box in place which can perform same operation. If you guys using Netscaler i recommend you to explore more about Netscaler functions so that you can save overall project cost. Now coming back to topic how can configure Netscaler as Gateway box.
Earlier we use IPSEC for public devices to connect via internet to our internal network devices. Now we use SSL gateway for that purpose which do three major operations during VPN connection AAA,VPN, End point scanning. AAA represent Authentication,Allow,Accounting and auditing. Authentication verifies who is trying to access the resource then allow operation check the permission and allow access and Auditing record all operation performed by authenticated user. Next step is establishing SSL-VPN connection which also add-on to corporate security with the help of certificates before that connectivity completion End point scanning operation perform which check the end user device as per defined corporate policy for example user should have latest version of antivirus, machine local name should start with XXX, Some prerequisite process should be running so that end user will not face any issue while opening application. Incase any of the above prerequisite fail during end point scanning user VPN connection would not be establish and out corporate device would remain safe.
Before start on Netscaler check some basic feature should be enabled. To check that go to System tab the click on configure basic feature then select Netscaler Gateway. See screenshot for details,
After that Navigate to Netscaler Gateway and run the Netscaler gateway wizard which is easy way to start setting up netscaler as gateway. See screenshot for details,
On next screen select the certificate which we generated for that gateway and click continue. Here select the authentication method which you want to select for users. Incase want local users then select local as authenticated method and give user details.Click continue and you virtual server would be created. To check that you can navigate to Netscaler gateway then go to Virtual server and you can see that your created Gateway Virtual server is mentioned there,
Earlier we use IPSEC for public devices to connect via internet to our internal network devices. Now we use SSL gateway for that purpose which do three major operations during VPN connection AAA,VPN, End point scanning. AAA represent Authentication,Allow,Accounting and auditing. Authentication verifies who is trying to access the resource then allow operation check the permission and allow access and Auditing record all operation performed by authenticated user. Next step is establishing SSL-VPN connection which also add-on to corporate security with the help of certificates before that connectivity completion End point scanning operation perform which check the end user device as per defined corporate policy for example user should have latest version of antivirus, machine local name should start with XXX, Some prerequisite process should be running so that end user will not face any issue while opening application. Incase any of the above prerequisite fail during end point scanning user VPN connection would not be establish and out corporate device would remain safe.
Before start on Netscaler check some basic feature should be enabled. To check that go to System tab the click on configure basic feature then select Netscaler Gateway. See screenshot for details,
After that Navigate to Netscaler Gateway and run the Netscaler gateway wizard which is easy way to start setting up netscaler as gateway. See screenshot for details,
Before start configuration please make-sure that you have below prerequisites in hand,
- Public IP address
- Digitally signed server certificate(.PFX or PEM)
- Client Certificate LDAP/Radius.TACACS/SAML/Web authentication details
Click Next and put the public IP in console and give name of virtual gateway server and select port as 443. Here there is an check box which you can select if you want to redirect automatically all incoming request for port 80 to 443 on specific URL.
Our Netscaler is configured to start using as gateway. To start using that you can login and download the Client using gateway URL or you can use client less method as well. In further articles i will explain about how we can use Netscaler Gateway for different purposes and how the configuration would be done to perform different functions.
Thursday, 4 August 2016
How To Configure Application Load Balancing Through Netscaler
Load balancing is most useful part in netscaler, You believe or not in some organizations Netscaler is being used only as load balancer so hope this would great article for all.
Load balancing configuration is divided in to four parts first is Virtual Server object which is getting created on Netscaler and used as first point of contact for incoming traffic. Second is services object which is getting used for defining the nature of service like which type of service want to load balance example web services,tcp,ica etc. Third is Server object which is used as representation of hosted application server names where we can give IP or DNS name of back-end servers at which application resides. Fourth object is Monitor which is getting used for smart monitoring and make this Netscaler device as layer four device. Monitor basically do the pro active monitoring of all the load balancing members and help LB virtual server object to route traffic only towards live server objects incase any member server object became unresponsive then automatically traffic stop routing toward non responding object. which is very helpful for all the live infrastructure because there would be no end user downtime and at the same time it save lot of system admin efforts as well.
Let's start with the configuration part of load balancing,
(Don't forget to enable Load Balancing feature even if you have licence)
I am going to demonstrate this for new users so not using shortcuts and following bit lengthy way.At first navigate to Configuration then go to traffic management then go to load balancing and select server option,
On the right pane select the Add option. There would be new page open for filling details. Here give the name of server, Here one thing to be noted that this name is not real DNS name of server this would be used for admins understanding make it friendly. In next option give the IP of server or server DNS name and click on create button.
Following same create server objects for each application servers.
Now go to Services tab and from right pane select Add option. After that there would be new window comes asking for information Service Name this also for admins purpose so give friendly name and jump to other option here you select existing server option because we manually created server object just above. If we not created there we can select new server option for server object creation. Select protocol for which load balancing is required and mention port and select create. Please make sure we create one service object for each member server object,
After creation of each service one monitor also automatically created and bounded with the service object. To see that navigate to bottom of service object and there you can see that monitor object.
By default this monitor comes with tcp monitor only which verify only server ping status that it's responding or not. But to make it more efficient we can add other counter in this monitor which does protocol wise monitoring as well for ex. HTTP, ICA etc. To configure that click on forward button shown above and on popup window select Add Binding button. New popup window will appear where you can click on drop-down section if want to modify default TCP monitor and click on + symbol if want to add new monitor. Click on "Click to select" space and then list of all the available protocol will appear. Select which one you want and click on bind. That it your service object is fully configured. Repeat the same process for rest of the service object creation.
Now we been left only with last peace of cake which is Virtual server object creation so to do that go to Virtual Servers tab and on right pane select add button after that new window will open asking for Name/Protocol/IP Address type/IP Address port. Here we give the public IP we if are going to use it for public facing request or we give intranet IP if we user netscaler for intranet. Make sure to add destination SNIP if use for external IP's.(Check my other article describing about subnet IP and MIP. https://rajatcitrix.blogspot.in/2016/08/how-load-balancing-and-routing-works-in.html).
After clicking on ok our Virtual server object would be created but if you see in service section it must be giving and error that "No load balancing virtual server service binding". This comes because we not yet bounded the service object. To bind that click on the error and new popup window will appear for selecting the service objects select all the service object and click on bind. By default our load balancing methodology is selected as least connection which means request will route to server which have least connection threads. If you want to change that then select Virtual server object and click edit after that from right panel select method and there you have options for selecting load balancing mechanism.
That's it our first Load balancing configuration section is done.
Monday, 1 August 2016
How to configure Netscaler 10.5 - Initial Configuration
If we use Hardware box then we can directly jump into configuration part but if we use Virtual OVF templet them we need keep an eye during network card selection that which one we define for internal communication and which one we use for external.
Initial configuration is very Simple just start the Netscaler and it will prompt for NSIP which stands for Netscaler IP and press enter the give the Netmask IP press enter and then give Gateway IP and press enter and it will ask for press 4 to save and close the configuration part for NSIP.
Once done you can connect to netscaler using IP through console or web browser. In our case we connect via web browser and give ID\Password as "nsroot" (Default).
After successful login you need to complete basic configuration as shown below,
Here Netscaler IP will automatically show as ip we gave during NSIP configuration. Here Subnet IP is stand for IP which would be used for DMZ communication or you can say for internal infrastructure communication. After this Netmask would be already in place so give external DNS IP for example 8.8.8.8 and then select timezone. Select Change Administrative password option and click continue.
On next page you will see it is asking for licence file upload so upload the same and wait for successful confirmation message of licence upload.Click continue and then click on done. Netscaler will reboot and basic configuration is done.
<<For complete netscaler end to end knowledge follow blog "https://rajatcitrix.blogspot.in/p/citrix-netscaler-105-learn-in-one-day.html">>
<<For complete netscaler end to end knowledge follow blog "https://rajatcitrix.blogspot.in/p/citrix-netscaler-105-learn-in-one-day.html">>
How to Perform Netscaler Upgrade
Netscaler upgrade is an critical activity it's recommendation to always go through the release documents very thoroughly. Upgrade is basically an easy task but may cause major impact as well so be available with the back-out plan and always get the change approval adding back-out time as well. Netscaler upgrade is based upon java applet console so just check that before planning to upgrade if there is no appropriate version available then install correct version. I have some working Java configuration and version information which can be applied to your environment as well but i will share that if have some time left.
To upgrade follow below instructions,
Here may me some of you guys may have some doubts while navigation so i am adding real time screenshot of netscaler,
Configuring NTP server is also an important part of configuration which is useful for checking certification validity, Log analysis etc. To NTP information you need to navigate to configuration tab then go to settings then go to NTP server tab where you can put public or desired NTP server information. NTP server is configured but it does not mean it start working to make it functional you need to go at Action button and select NTP syncronisation which give enable selection box page to make this NTP setting functional.At the end don't forget to save all settings using Floppy button available at upper right corner. See below screenshot for reference,
<<For end to end netscaler knowledge please follow blog "https://rajatcitrix.blogspot.in/p/citrix-netscaler-105-learn-in-one-day.html">>
How Load balancing and Routing works in Netscaler
Load Balancing Work Flow
Load balancing traffic flow is an important information before start learning netscaler load balancing. So here i am going start with VIP which means virtual ip. This VIP represents the public IP which we assign within virtual server created under netscaler. We can create multiple virtual servers which represents multiple public IP's having there entry over public DNS so that user request can come to netscaler. Once request reach netscaler that route to SNIP(subnet ip), here SNIP represent to an network IP of same zone under which set of application server resides. there can be multiple SNIP's as well under netscaler. so how request flow is intially request comes from public user to VIP and then route to SNIP and after load calculation and monitor status as per assigned policy request reach to application server. For reverse response same mechanism getting followed.
How we can do Static Routing
SNIP: As we know that mostly net scaler resides in DMZ and used to forward traffic to multiple networks so we need to enable default routing on netscaler by adding USNIP (Use Subnet IP). For example there is one one request came and want to route toward 24 bit network 192.168.1.* then we add the SNIP on net scaler for the same. After adding that netscaler start packet forwarding towards 192.168.1.* subnet. To add that we need to go to NS then system then network then IP's then IPv4 and click on add button for adding subnet address.
After clicking give the Subnet IP address and select option of IP Type as subnetIP. Here we need to keep in mind that we should restrict some important options like telnet which send information in clear text and FTP which is not secure then click on create. That's it your routing is configured.
MIP(Mapped IP Adress): In some cases we can see that direct reachability to some network is not possible but there there is an internal router available using which traffic can route to that network. In that case we define static route which will forward traffic to that internal router which is allowed to route traffic towards directly restricted network from NS. For example we have some request which need to reach 23.3.3.X network segment but direct reachability from netscaler is restricted to that network but there is an internal router with IP 13.3.3.3 which is configured to route traffic to 23.3.3.X network. In this case we create MIP which will be used to route traffic to that network. Here one point need to be taken care that at least one SNIP of 13.3.3.X should be present so that NS traffic can reach to all devices to that network. Now NS can easily reach to internal router and use that as gateway for all traffic which need to route towards 23.3.3.X network.
To configure that go to Netscaler then System then Networks then Routs then Basic and after that click on add. New window for route creation will appear and fill the details as per example and click on create. You can use screenshot for reference,
Hurry!!!!!Now MIP is configured.
How to configure High availability in Netscaler 10.5
How to configure High availability
High availability is an key part for any infrastructure devices and for Net scaler it is more important because as a part of Network device it's playing major role within organization. Here i am going to explain about how to provide high availability for netscaler devices and what are the key points we need to keep in mind during HA configuration.
- First point we need to take complete backup of current configuration of running netscaler. (See above "How to take backup section for details").
- Change the configuration of both Netscaler and force fully define them as primary and secondary.
By doing those activities we prevent our-self in case some thing goes wrong during HA configuration. In live scenarios i seen some times peoples don't configure things in correct way due to which secondary netscaler configuration replicated with primary one and make that blank as well so to prevent our self in such situation i request to do preventive actions before start high availability configuration.
As a part of first preventive action of taking backup i already explained the process, For second preventive action of define priority manually navigate to System then High Availability then select Node and press right click and select edit,
On the new page set Hign availability option as "Stay Primary" and in same way on secondary netscaler node select option "Stay Secondary"
Now all set to start configuring netscaler high availability. To configure that open management console of primary NS and navigate to System then "High Availability" after that click on add button and give the information of secondary netscaler and click on ok.
After that you would be able to see both the net scalers are visible under high availability node section and at the same time you can see that secondary node replication is also in progress. Once replication would be completed it will strat prompting as success.
To verify we can check some of the entries in secondary node like SNIP's. Once we satisfied that replication has been successfully completed then on primary and secondary node we will again navigate to System then High Availability then select Node and press right click and select edit option and change set High availability option as "Enable (Active participant in HA)".
Hurry!!!!! our netscaler high availability configuration is done.
To test we can do manual failover as well. to do that Navigate to High Availability section and click on action tab and select option "Force Failover"
Hurry!!!!! our netscaler high availability configuration is done.
To test we can do manual failover as well. to do that Navigate to High Availability section and click on action tab and select option "Force Failover"
Citrix Xenapp 6.5 SOP
Purpose: This document will help admins to solve day to day issues Citrix issues.
Q1: Single user is unable to see some application?
Ans: You need to identify first for which application user is trying. Get the application name and check that in AppCentre located under administrative tools,
Goto Application Tab>> Locate your application
For example click on notepad. Goto tab configured users
.
Check users and groups showing there.
Using ARS find users group membership. To application user should be part of any one of listed group. If not ask user to get membership.
Ans: If user is already member of that group then check the location of application using below steps: <<Location showing in hierarchy in FARM may not correct representation>>
Goto application properties>> Goto Shortcut presentation>> Check location there
Q3: After clicking on application application is not opening giving option to save some ICA file?
Ans: It only happens when user don’t have Citrix Receiver Client installed on his machine. Ask user to contact local IT for the same or download from internet and install the same at desktop.
Q4: After clicking on Citrix application it start opening but stuck on progress bar?
Ans: It may happen due to many reasons but key points are. User is user profile got corrupted and stuck during logon. You need to rename user profile first and ask user to try again once user is login you can copy his data from his rename profile.
Incase user profile is roaming then you need to do same thing at remote profile repository.
This may happen due to existing stuck session of user at citrix. In that case you can logoff user from farm and ask user to try again.
Goto Application>> Goto connected user TAB >> Select existing user session>> Right Click and select logoff
Q5: How can we disable logon at any Citrix server to perform maintenance?
Ans: Sometime Admins need to perform urgent configuration\upgrade at Citrix servers to perform that we need to put server in to maintenance mode first. To do that follow below steps,
Open AppCentre>>Go to server tab >> Right Click and select Other task>>Goto Logon Control>> Select any one from the given option which suits you
Q6: How to disable application during upgrade?
And: To disable any application you need to open Appcentre and select the application and the right click and select disable application.
Above task will disable the application but if you want to hide the application then select application properties option from above shown tab >> Goto Name>> Select Disable Application and Hide Application both the tabs.
Q7: How can we find which server is playing data collector role in FARM?
And: Datacollector selection is random but the server which is holding datacollector role at present can be found from any Citrix server using below instructions,
Login to any Citrix Server>> Open command prompt>> Type qfarm
It will show the all list of xenapp servers in FARM and in front of data collector server you will see “D” as shown above.
Q8: How to check our Citrix server is responding ICA connections?
And: Citrix server normally accept ICA connection on below ports
ICA:1494
Session Reliability: 2598
- Best way is to test ICA connectivity is to open farm and go to server and connect using ica session,
Server ICA Session will prompt as below.
Q9: One citrix server stop responding to ICA session what can we do now?
Ans: Some times Citrix IMA service stop working or start behaving abnormally. In that case you need to restart the service to get the service back on track.
10: It’s rare but happens during IMA service restart it stop and not starting again, What can be done then?
Important! The data store server must be available, for dsmaint recreatelhc command to work. If the data store is not available, the IMA service cannot start.
Caution! Refer to the Note at the end of this article before using Registry Editor.
Complete the following steps to recreate LHC:
1. 1. Stop the IMA service on the XenApp server, if it is started. This can be done using the command net stop imaservice, or from services.
2. 2. Run dsmaint recreatelhc, which renames the existing LHC database, creates a new database, and modifies the following registry key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\IMA\Runtime\PSRequired key to 1.
Setting the value PSRequired to 1 forces the server to establish communication with the data store in order to populate the LHC database. When the IMA service is restarted, the LHC is recreated with the current data from the data store.
3. 3. Restart the IMA service. This can be done using the command net start imaservice, or from services.
Note: For XenApp 6 or later the registry key path is HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\IMA\ RUNTIME\PSRequired and change value to 1.
There is also a built-in utility to verify the LHC called LHCTestACLsUtil.exe file located in C:\Program Files (x86)\Citrix\System32 of the XenApp server. To run this utility, you must have local administrator privileges.
Q11: Group policy apply in which sequence in Citrix?
Ans: Policy getting applied in below sequence <<LXSDO>>,
- Local Policy
- XenApp Or XenDesktop Site GPO
- Site Level GPO
- Domain Level GPO
- Organizational Unit
----------------------------------------EOF-------------------------------
Please share if you like this post. Feel free to add your queries and some more SOP questions in comment section and i will add them in this post with solution and name of person.
XenDesktop 7.8 Architechture - Step by Step guide
Introduction:
Citrix App virtualization basically introduced by X IBM developer "Ed Lacobucci" on 1989 who initially want IBM to promote this solution but some how that was not done. He decided to develop and lauch this product as a separate Company named Citrus but some other company claim about it's trademark copyright so going forward it's been changed to Citrix. One interesting in inspirational thing about Citrix is that comany decided to close on 1991 but survived and today it's big player in field of virtualization.
Citrix 7.X:
XenDesktop 7.X is an revolution in the field of App\Desktop virtualization. I started with Citrix products around 10 years back and i seen it's growing day by day with instantaneous name changes in virtualization field. Now days Citrix deal with multiple flavors of virtualization like Desktop Virtualization, Networking, Application Virtualization , Server Virtualization etc. Let me start with Citrix 7.X related information here,
Technical Architecture
Citrix 7.X basically designed for desktop and Application delivery as a service but going forward it's been into Server virtualization as well due to deliver applications through Citrix. Citrix does not work as an hypervisor for those VM.s and Servers which been accessed via Citrix but it does work as mediator which have the running information about all connected hypervisors and physical machines which are part of Citrix environment.
There are three main components used for Management , Monitor and delivery of VDI environment to end users.
Citrix Reciever: It's an small client used by end user to connect with our Citrix environment. All communication between client and Citrix environment is done by receiver.
Delivery Controller: It's and important component of VDI infrastructure which paly major role from starting of accepting request till delivery of desktop application to end user. Controller get all the running information detail from database and accordingly calculate and deliver the information to Storefront so that storefront can generate ICA connection file for end user. It's closely bound with Broker service in VDI environment.
Citrix Studio: It's and GUI based tool which is basically getting used for making any change or modification in VDI environment. In the background it make all the changes using power-shell predefined command-lets which being installed as a part of citrix installation so in other words we don't need to install any separate module on delivery controller for running Citrix related power-shell command-lets.
Citrix Director: It's also a GUI based toll which is getting used for monitoring the overall VDI environment. We can use it's historic data for analytical purpose as well to make any predictions OR we can make changes in our existing environment based upon statistics. This also use set of power-shell command-lets for fetching data. Citrix recommends for admins to use power-shell instead of GUI because GUI indicate about the issue but not give the complete description about the issue. For example if we have any issue with one of the delivery controller FMA then it will show the red mark only in-front of delivery controller but if we run the powershell command to check the information like Get-BrokerServicevcStatus, Get-ConfigServiceStatus, Get-HypServicevcStatus, Get-AcctServicevcStatus, Get-ProvServicevcStatus etc. then we can get in-depth information about the issue.
Store front: It's a web based module designed for end users to connect and use published VDI and applications. Initial authentication is also done at this layer with the help of broker service which query credential validation.
FMA Services
There are 12 services in total and 10 important services responsible for VDI infrastructure to function as a part of FMA. introduced as a part of Citrix 7.8 release which does different roles as a part of citrix solution Flex cast Management architecture,
Let me give short description about each service one by one and i will try to describe as much as i can in SUMMERY section and hopefully all your doubts will be clear under "Application Delivery Flow" section.
Host Service: This service is responsible for communication with connected hypervisor VSphere,Xenserver,HyperV and connected physical desktop and servers. For physical desktop and servers PVS should be used in your environment as we can not do it through MCS.
Machine Creation Service: This service is used for creation of Virtual machines in VDI environment in case this is down no new virtual machines can be provisioned. Here is a short tip that for physical machine we should should have PVS in place because MCS can work for physical machines.
AD Identity Service: This service is used for physical identity creation in AD environment for newly provisioned VM's or physical machines.
Delegated Admin Service: This service is used for Site wide managing administrative privileges. If this service goes down no new admin accounts can be added to environment nor any permission modification is possible. Here is some thing to be noted that all existing admins would be able to function as usual but no modification would be possible.
Configuration logging Service: This service is responsible for recording all the administrative changes Site-wide. It's having it's own database merged with Site database but if required we can make separate database for this. If this service is down the no modification is possible within Site.
Monitor Service: This Service is used for monitoring overall FMA architecture services and generate alert in Studio and director if found something wrong. To deep dive into the issue it is always recommend to use power-shell which give more descriptive information about issue.
Environment Test Service: This service does all king of testing from studio. For example if you want to get your delivery group tested then this particular service is getting used.
Storefront Service: This service is used for storefront deployment within site.
Analytic Service: This service is used for sending analytical data to Citrix using which they can make improvements. By default this service is not started.
Broker Service: This is most important service and known for managing all direct traffic to Delivery Controller. It manages STA verification, session enumeration, resource enumeration. It handles disconnected sessions from VDA point of view.
There are two services lives at Desktop\Server as a part of FMA architecture one is "Desktop Service" and other is "Portica Service". portica designed and delever in two ways first for desktop OS using which only single coonection can be establised and for desktop os and another is designed for server os which support multiple connection to one machine and used basically for application virtualization.
Desktop Service: This service lives at the Desktop VM's and directly communicate with delivery controller for sharing status information updates and contact portica service for sharing pre authentication and verification information and pre authentication ticketing data with in VDI infrastructure.
PortICA Service: This service has been renamed to PICASVC32.exe and it is refereed as ICA service.This particular service accept initial connection and lock-down workstation so that no new connection would come. It is also used for changing display mode to remote ICA and this request will go through the thinwire driver to finally communicate with desktop driver.
Each FMA service is completly independent from each other because they have separate service point in central database. If you see the registory then you will fing seperate place for each service data which confirms that they all have separate connection string in central database . All of the FMA service running under "NT AUTHORITY\Network Service".
1. Enable WINRM2.0 if you want to use old version of VDA within your environmentr other wise there would not be any communication between VDA and Studio\Director.
2. After each DC reboot all FMA services re-register them self with Configuration Service.
3. There are 18 other internal sites services under Broker services which distributed among all running DC's and redistributed incase any DC fails.
4. Default Heartbeat test time between Studio and central site database is 20 second with 40 Second TTL. At studio last communication time should always show 0 otherwise there is some problem between DC and DB communication and need to get investigated.
5. Configuration service serve other dependent services with required information to complete there required task which meas each service contact Configuration service first.Ex: Broker service want to power manage some VM's but it's cant directly communicate to Host service because it does not have hypervisor connection configuration information so initially contact to configuration manager which provide related information and API's using which broker service will contact Host service with appropriate API.Default Configuration service provided information stay time within service is 5 minute.Which is again customizable.
Hope this Blog would be informative and helpful. Feel free to raise queries and questions.
Thanks!!!!
Citrix App virtualization basically introduced by X IBM developer "Ed Lacobucci" on 1989 who initially want IBM to promote this solution but some how that was not done. He decided to develop and lauch this product as a separate Company named Citrus but some other company claim about it's trademark copyright so going forward it's been changed to Citrix. One interesting in inspirational thing about Citrix is that comany decided to close on 1991 but survived and today it's big player in field of virtualization.
Citrix 7.X:
XenDesktop 7.X is an revolution in the field of App\Desktop virtualization. I started with Citrix products around 10 years back and i seen it's growing day by day with instantaneous name changes in virtualization field. Now days Citrix deal with multiple flavors of virtualization like Desktop Virtualization, Networking, Application Virtualization , Server Virtualization etc. Let me start with Citrix 7.X related information here,
Technical Architecture
Citrix 7.X basically designed for desktop and Application delivery as a service but going forward it's been into Server virtualization as well due to deliver applications through Citrix. Citrix does not work as an hypervisor for those VM.s and Servers which been accessed via Citrix but it does work as mediator which have the running information about all connected hypervisors and physical machines which are part of Citrix environment.
There are three main components used for Management , Monitor and delivery of VDI environment to end users.
Citrix Reciever: It's an small client used by end user to connect with our Citrix environment. All communication between client and Citrix environment is done by receiver.
Delivery Controller: It's and important component of VDI infrastructure which paly major role from starting of accepting request till delivery of desktop application to end user. Controller get all the running information detail from database and accordingly calculate and deliver the information to Storefront so that storefront can generate ICA connection file for end user. It's closely bound with Broker service in VDI environment.
Citrix Studio: It's and GUI based tool which is basically getting used for making any change or modification in VDI environment. In the background it make all the changes using power-shell predefined command-lets which being installed as a part of citrix installation so in other words we don't need to install any separate module on delivery controller for running Citrix related power-shell command-lets.
Citrix Director: It's also a GUI based toll which is getting used for monitoring the overall VDI environment. We can use it's historic data for analytical purpose as well to make any predictions OR we can make changes in our existing environment based upon statistics. This also use set of power-shell command-lets for fetching data. Citrix recommends for admins to use power-shell instead of GUI because GUI indicate about the issue but not give the complete description about the issue. For example if we have any issue with one of the delivery controller FMA then it will show the red mark only in-front of delivery controller but if we run the powershell command to check the information like Get-BrokerServicevcStatus, Get-ConfigServiceStatus, Get-HypServicevcStatus, Get-AcctServicevcStatus, Get-ProvServicevcStatus etc. then we can get in-depth information about the issue.
Store front: It's a web based module designed for end users to connect and use published VDI and applications. Initial authentication is also done at this layer with the help of broker service which query credential validation.
FMA Services
There are 12 services in total and 10 important services responsible for VDI infrastructure to function as a part of FMA. introduced as a part of Citrix 7.8 release which does different roles as a part of citrix solution Flex cast Management architecture,
Let me give short description about each service one by one and i will try to describe as much as i can in SUMMERY section and hopefully all your doubts will be clear under "Application Delivery Flow" section.
Host Service: This service is responsible for communication with connected hypervisor VSphere,Xenserver,HyperV and connected physical desktop and servers. For physical desktop and servers PVS should be used in your environment as we can not do it through MCS.
Machine Creation Service: This service is used for creation of Virtual machines in VDI environment in case this is down no new virtual machines can be provisioned. Here is a short tip that for physical machine we should should have PVS in place because MCS can work for physical machines.
AD Identity Service: This service is used for physical identity creation in AD environment for newly provisioned VM's or physical machines.
Delegated Admin Service: This service is used for Site wide managing administrative privileges. If this service goes down no new admin accounts can be added to environment nor any permission modification is possible. Here is some thing to be noted that all existing admins would be able to function as usual but no modification would be possible.
Configuration logging Service: This service is responsible for recording all the administrative changes Site-wide. It's having it's own database merged with Site database but if required we can make separate database for this. If this service is down the no modification is possible within Site.
Monitor Service: This Service is used for monitoring overall FMA architecture services and generate alert in Studio and director if found something wrong. To deep dive into the issue it is always recommend to use power-shell which give more descriptive information about issue.
Environment Test Service: This service does all king of testing from studio. For example if you want to get your delivery group tested then this particular service is getting used.
Storefront Service: This service is used for storefront deployment within site.
Analytic Service: This service is used for sending analytical data to Citrix using which they can make improvements. By default this service is not started.
Broker Service: This is most important service and known for managing all direct traffic to Delivery Controller. It manages STA verification, session enumeration, resource enumeration. It handles disconnected sessions from VDA point of view.
There are two services lives at Desktop\Server as a part of FMA architecture one is "Desktop Service" and other is "Portica Service". portica designed and delever in two ways first for desktop OS using which only single coonection can be establised and for desktop os and another is designed for server os which support multiple connection to one machine and used basically for application virtualization.
Desktop Service: This service lives at the Desktop VM's and directly communicate with delivery controller for sharing status information updates and contact portica service for sharing pre authentication and verification information and pre authentication ticketing data with in VDI infrastructure.
PortICA Service: This service has been renamed to PICASVC32.exe and it is refereed as ICA service.This particular service accept initial connection and lock-down workstation so that no new connection would come. It is also used for changing display mode to remote ICA and this request will go through the thinwire driver to finally communicate with desktop driver.
Each FMA service is completly independent from each other because they have separate service point in central database. If you see the registory then you will fing seperate place for each service data which confirms that they all have separate connection string in central database . All of the FMA service running under "NT AUTHORITY\Network Service".
BONUS Information
2. After each DC reboot all FMA services re-register them self with Configuration Service.
3. There are 18 other internal sites services under Broker services which distributed among all running DC's and redistributed incase any DC fails.
4. Default Heartbeat test time between Studio and central site database is 20 second with 40 Second TTL. At studio last communication time should always show 0 otherwise there is some problem between DC and DB communication and need to get investigated.
5. Configuration service serve other dependent services with required information to complete there required task which meas each service contact Configuration service first.Ex: Broker service want to power manage some VM's but it's cant directly communicate to Host service because it does not have hypervisor connection configuration information so initially contact to configuration manager which provide related information and API's using which broker service will contact Host service with appropriate API.Default Configuration service provided information stay time within service is 5 minute.Which is again customizable.
Hope this Blog would be informative and helpful. Feel free to raise queries and questions.
Thanks!!!!
Subscribe to:
Posts (Atom)
How To Build IT Operations Future Ready
IT Operations is most critical piece in every organization. Without appropriate mindset, tools and policy it's a nightmare for any org...
-
With the release of XenDesktop 7.12 Citrix has introduced into FMA world Local Host Cache functionality. Since 2013 when XenDesktop 7.0 ...
-
Hi All, I found very useful PVS traffic Flow Diagram From Citrix and thought worth to share it. -
It would be helpful article for guys who are new to citrix.There is no video tutorial available which explain how we can update Citrix MCS ...
