XenApp audits

pma111
pma111 used Ask the Experts™
on
Sorry to sound naive re citrix, but a few citrix/terminal services basics if I may:

1) When a user logs onto to a PC in the domain, once authenticated, they then (by double clicking a citrix shortcut) launch a citrix session which again prompts for username / password (what is that launcher/software called).

2) Also - if you have a busy network, am I right in thinking there will be a bunch of citrix servers to handle user demand? Is this called a farm?

3) What tool/feature in citrix determines which of the servers you will be logged into? And based on what parameters does it make that decision, i.e. this servers bust log the next lot of users on that server instead

4) By default out the box, do the citrix servers log which users logged on to which citrix servers and at what time? If so where would the logs be held?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Citrix Technology Professional - Fellow
Top Expert 2010
Commented:
1.  Various names:  PNAgent, online client, online plugin or Receiver.

2.  Yes, Farm is used to describe a collection of XenApp servers that share a common data store database.

3.  Load balancing.  XenApp uses a variety of metrics determined by a Load Evaluator.

4. That will be in the standard Security event log.

Author

Commented:
Re 4 if you have 5 xenapp servers are yu going to have to check 5 security logs to see who logged in which when. Or does this load balancer have a log of who accessed which server when?
Carl WebsterCitrix Technology Professional - Fellow
Top Expert 2010

Commented:
You will need to check all 5.  XenApp does not provide and centralized logging of what users logged into what server or which users ran which applications from what server or at what time and for how long.
Acronis in Gartner 2019 MQ for datacenter backup

It is an honor to be featured in Gartner 2019 Magic Quadrant for Datacenter Backup and Recovery Solutions. Gartner’s MQ sets a high standard and earning a place on their grid is a great affirmation that Acronis is delivering on our mission to protect all data, apps, and systems.

Author

Commented:
Ok one more quick question. Our setup is so you login to your pc via domain creds then you login to citrix creds. So you could access internet explorer via your desktop pc or via the citrix session. Is this type of setup called a specific name in the citrix world, as I assume you can configure the login process to log straight in to a citrix server bypassing the desktop? Do each type of configs have a specific label in the citrix world? And re the second type ie bypassing the desktop what mechanics log you straight into citrix are these scripts or some kind or another tool?
Carl WebsterCitrix Technology Professional - Fellow
Top Expert 2010

Commented:
Sounds like you are using PNAgent without pass-through authentication.

I would suggest you start here:

http://support.citrix.com/proddocs/topic/web-interface-impington/wi-library-wrapper-impington.html

Author

Commented:
Thanks carl, re no pass through and pass through, in your experience can you think of any reason or technicla reason why an admin would opt for no pass through authentication as opposed to using pass through. Are there pros and cons to both or issues that may arise when using one or the other which would sway a design decision to use one or the other?
Carl WebsterCitrix Technology Professional - Fellow
Top Expert 2010

Commented:
security vs ease of use.  Always a tradeoff.

Author

Commented:
Which is least secure? And why...
Carl WebsterCitrix Technology Professional - Fellow
Top Expert 2010

Commented:
If my credentials are automatically passed through to the XenApp server, some would see that as a security risk.

Author

Commented:
As they aren't encrypted?
Carl WebsterCitrix Technology Professional - Fellow
Top Expert 2010

Commented:
Unless you use IPSEC I believe they are not encrypted.  I am not 100% positive of that though.  That is why a lot of people require both internal and external users to go thru a Citrix Access Gateway or NetScaler so that everything is encrypted.

Author

Commented:
Ok thanks just to sweep up one final thing:

>.  Various names:  PNAgent, online client, online plugin or Receiver.

Can you tell just from the shortcut on the desktop which of these are being used? Are some of these clients based on where you are connecting from? Ie are some for internal users others external? Or why so many different clients? What do some do offer that others don't?
Carl WebsterCitrix Technology Professional - Fellow
Top Expert 2010

Commented:
Citrix is famous for changing names and functionality.  Answering your questions could take a very long time.  Citrix provides client software for all kinds of devices and operating systems.  I would suggest you take a look here:

http://support.citrix.com/proddocs/topic/receiver/rec-receiver-and-plugins.html

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial