Avatar of Pau Lo
Pau Lo
 asked on

Citrix and audit logs

1) Does citrix have its own event log catalogue entry in computer management > system tools > event viewer > 

2) Or is a user logging in to that server via their citrix client on their desktop just logged in the normal windows logs, i.e. security? I.e. no special logs for cirtix, a login is classed the same regardless of remote/local/via citrix?

3) Is there a specific event ID for a login to a citrix server via whatever client they use?

4) Also I think we have 2 citrix environments based on departments, would these be 2 "farms", where can you see which servers are in which farm? I beleive the citrix servers run on top of server 2003 if that makes any difference.
CitrixRemote AccessMicrosoft Server OS

Avatar of undefined
Last Comment
Ayman Bakr

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Ayman Bakr

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Pau Lo

ASKER
Re 1/2, is this still dependant on what is set at domain/local level then regardling audit policies?

i.e. the options set at:

http://technet.microsoft.com/en-us/library/dd941595(v=ws.10).aspx

I.e. if they are set via local security policy or as part of a domain policy they will be captured, if not they wont be?

Is it resultant set of policy that considers whether the policy were set at either local or domain level, if at all?
SOLUTION
Venugopal N

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Pau Lo

ASKER
How could you see which user connects to which farm? I.e. if you just have a list of usernames, where would you begin to look to see which farm this user connects too?
Venugopal N

Yes the policy set at domain \local will be  apply for the citrix server too, ther is no specific policy for the citrix auditing.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
Venugopal N

Edgesight can be used for that, under plan and manage tab you can get the reports.

http://support.citrix.com/proddocs/topic/edgesight53/es-manage.html
Pau Lo

ASKER
Is edgesite a part of citrix installation, i.e. will every citrix admin have it?

If you have more than one citrix farm and edgesite can you show a sample report showing which users are permitted to access which farm
Pau Lo

ASKER
Is resource manager sort of a central tool which will show all farms in the environment, or is there a resource manager per farm?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Ayman Bakr

There is a resource manager per farm.

You are entitled for edgesight if you have the platinum edition. If not then you can purchase the Edgesight licenses separately.
Pau Lo

ASKER
How could one see from the outside how many farms there are in an environment? If you went in to a network how could you see that?
Pau Lo

ASKER
How many servers do you typically have in 1 farm?
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Ayman Bakr

You need to know the servers available for Citrix, either you know them by heart or looking for example at their naming conventions. If not then you will have to do an inventory to see which servers have the XenApp installed.

Knowing the servers then, as I told you previously with qFarm run in a command prompt, all the member servers of the farm will be listed. This list of servers will form one farm, implying that if you see certain servers not listed then they will be in another farm.

An alternative way is to check the Delivery Services console for each server (perhaps doing so is more tedious) where the farm will appear.

MF20.dsn is another indicator. within that file is the data store instance name. A different DB most probably means different farm (it can mean a different zone within the same farm)
Pau Lo

ASKER
Ok thanks, just as a crash course of the infrastructure/architecture of a citrix farm, what falls within that farm, i.e. what is it made up of, and is there a higher level than farm? Or is farm the top level and every falls within?
Pau Lo

ASKER
PS - are there any citrix management tools that can show which users are logged into which servers in your farm at any given time? numbers and names? What tool would be used for that, is this a feature in resource manager?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Ayman Bakr

A citrix Farm consists of the following:
1. One or more zones (can be, but not exactly, likened to a site in a microsoft environment)
2. One License server
3. One Database server (in some designs you can have one database for all your zones; in other designs you can have one database for each zone)
4. One Data Collector in each zone (Only one Data Collector can serve in a zone, and each zone has to have a data collector. You can though make a back up data collector in each zone)
5. XenApp servers (session hosts) hosting your applications
6. Web Interface server hosting your web sites and services sites.

With the above said, the farm is a management boundary for all your environment consisting of the above servers.

With Windows 2003 servers, then this means you have XenApp 5.0 Or Presentation Server 4.5 environments. You can find the users logged on which servers using the Citrix Delivery Services console. However, the console is limited in its view and reporting capability. Yes you can use the resource manager to draw more detailed reports (number of users, names of users, on what servers). A more sophisticated and thus much better tool to draw on reports and get trend results (using history details and frequency) is EdgeSight.
Pau Lo

ASKER
Thanks so much re zones why the need for multiple zones? Can you explain?
Pau Lo

ASKER
Re 1-6 could you give a one liner managers breif on what each actually do ? The names on some are self explanatory others not so.... Thank you!!
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Ayman Bakr

You create multiple zones if the following conditions apply:
1. You have two or more sites
2. The sites have same number of servers as in the main site
3. You have high-bandwidth site links

The rule of thumb is that you should have no more than 5 zones. The less the better.
Ayman Bakr

1. Zone: to manage sites and inter-site links

2. License Server: provides licenses for XenApp servers and user sessions. XenApp servers request and receive a startup license on start up. For each subsequent session the XenApp server requests a license from the license server on behalf of the client.

3. DataStore database contains all the farm data, configuration, worker groups, XenApp servers, admins, load evaluators, policies etc...

4. Data Collector manages dynamic updates in the farm including connected sessions, disconnected sessions, resolutions and server loads. Usually also configured as XML broker for the farm to handle authentication, application enumeration and finding least loaded session host.

5. XenApp (session host): host published applications and provide the session to the users.

6. Web Interface server: To provide the interface for the applications for your users.

This is all on the infrastructure part. Then there is the client side where each client needs to have the ICA client (plugin).