Monday, April 30, 2012

Citrix Health Monitoring Tests


Health monitoring tests

Citrix IMA Service test
This test queries the service to ensure that it is running by enumerating the applications available on the server.


Logon monitor test
This test monitors session logon/logoff cycles to determine whether or not there is a problem with session initialization or possibly an application failure. If there are numerous logon/logoff cycles within a short time period, the threshold for the session is exceeded and a failure occurs. The session time, interval, and threshold can be configured by modifying the parameters in the Test file field. These parameters are listed and described in the following table.
Logon monitor test parameter
Description
SessionTime
Defines the maximum session time for a short logon/logoff cycle. Default is five seconds.
SessionInterval
The time period designated to monitor logon/logoff cycles. Default is 600 seconds.
SessionThreshold
The number of logon/logoff cycles that must occur within the session interval for the test to fail. Default is 50 cycles.
Remote Desktop Services test
This test enumerates the list of sessions running on the server and the session user information, such as user name.
XML Service test
This test requests a ticket from the XML service running on the server and prints the ticket.
Check DNS test
This test performs a forward DNS lookup using the local host name to query the local DNS server in the computer’s environment for the computer’s IP address. A failure occurs if the returned IP address does not match the IP address that is registered locally. To perform reverse DNS lookups in addition to forward DNS lookups, use the flag /rl when running this test.
Check Local Host Cache test
Citrix does not recommend running this test unless you have problems with corrupted local host caches. This test ensures the data stored in the XenApp server’s local host cache is not corrupted and that there are no duplicate entries. Because this test can be CPU-intensive, use a 24-hour test interval (86,400 seconds) and keep the default test threshold and time-out values.
Before running this test, ensure the permissions of the files and registry keys that the test accesses are set properly. To do this, run the LHCTestACLsUtil.exe file located in C:\Program Files (x86)\Citrix\System32 of the XenApp server. To run this utility, you must have local administrator privileges.
Check XML Threads test
This test inspects the threshold of the current number of worker threads running in the Citrix XML Service. When running this test, use a single integer parameter to set the maximum allowable threshold value. The test compares the current value on the XenApp server with the input value. A failure occurs if the current value is greater than the input value.
Citrix Print Manager Service test
This test enumerates session printers to determine the health of the Citrix Print Manager service. A failure occurs if the test cannot enumerate session printers.
Microsoft Print Spooler Service test
This test enumerates printer drivers, printer processors, and printers to determine whether or not the Print Spooler Service in Windows Server 2008 is healthy and ready for use
ICA Listener test
This test determines whether or not the XenApp server is able to accept ICA connections. The test detects the default ICA port of the server, connects to the port, and sends test data in anticipation of a response. The test is successful when the server responds to the test with the correct data.

Sunday, April 8, 2012

NETSCALER Communication Flow

Environment: NETSCALER is in the DMZ & Web Interface, Xenapp farm is behind the Firewall i.e (secure  N/W).

1.) MIP: Mapped IP address is the interface which communicated with STA: 80 /443 so these ports need to be opened from the NS in the DMZ all the way to STA server. Also Ports ICA:1494 & CGP:2598 need to be opened from NS in the DMZ to the Xenapp /Xendesktop farm
2.) From secure N/w to connect to Netscaler ports 80,22,3010 need to be opened.
3.) NSIP : Netscaler IP address From Netscaler to secure N/W you need to open following ports if you are configuring LDAP, LDAPS, RADIUS, RSA etc..
                   LDAP: TCP 389
                   LDAPS: TCP 636
                   RADIUS : UDP 1812


4.) The Access Gateway IP address is the NAT ed IP address.
5.) The users hit the Access Gateway with External  IP address (Eg: 209.12...). This IP address does a
      NAT ing to Virtual server Access Gateway Enterprise N/W. 
6.)  From External N/W to AG : Port 80 & 443 needs to be opened
      From Netscaler to Xenapp Farm : It happens through the MIP Port 80 & 443, 1494, 2598 needs to
      be opened.         
      If you need Authentication to be happens at Netscaler : Port TCP 389, 636 & UDP 1812 needs 
      to be opened.     
7.)  Vserver - Virtual Server actually refer to Netscaler AG Enterprise edition.
      Access Gateway is nothing more than a Vserver that lives on  Netscaler
      Netscaler is a Load Balancing device. So instead of being a Load Balancer, Application Firewall, Citrix 
      have added a Vserver(AG)  that you can load on a netscaler and makes it a NS AGEE ( NetScaler 
      Access Gateway Enterprise Edition )