Pau Lo
asked on
Citrix and audit logs
1) Does citrix have its own event log catalogue entry in computer management > system tools > event viewer >
2) Or is a user logging in to that server via their citrix client on their desktop just logged in the normal windows logs, i.e. security? I.e. no special logs for cirtix, a login is classed the same regardless of remote/local/via citrix?
3) Is there a specific event ID for a login to a citrix server via whatever client they use?
4) Also I think we have 2 citrix environments based on departments, would these be 2 "farms", where can you see which servers are in which farm? I beleive the citrix servers run on top of server 2003 if that makes any difference.
2) Or is a user logging in to that server via their citrix client on their desktop just logged in the normal windows logs, i.e. security? I.e. no special logs for cirtix, a login is classed the same regardless of remote/local/via citrix?
3) Is there a specific event ID for a login to a citrix server via whatever client they use?
4) Also I think we have 2 citrix environments based on departments, would these be 2 "farms", where can you see which servers are in which farm? I beleive the citrix servers run on top of server 2003 if that makes any difference.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
How could you see which user connects to which farm? I.e. if you just have a list of usernames, where would you begin to look to see which farm this user connects too?
Yes the policy set at domain \local will be apply for the citrix server too, ther is no specific policy for the citrix auditing.
Edgesight can be used for that, under plan and manage tab you can get the reports.
http://support.citrix.com/proddocs/topic/edgesight53/es-manage.html
http://support.citrix.com/proddocs/topic/edgesight53/es-manage.html
ASKER
Is edgesite a part of citrix installation, i.e. will every citrix admin have it?
If you have more than one citrix farm and edgesite can you show a sample report showing which users are permitted to access which farm
If you have more than one citrix farm and edgesite can you show a sample report showing which users are permitted to access which farm
ASKER
Is resource manager sort of a central tool which will show all farms in the environment, or is there a resource manager per farm?
There is a resource manager per farm.
You are entitled for edgesight if you have the platinum edition. If not then you can purchase the Edgesight licenses separately.
You are entitled for edgesight if you have the platinum edition. If not then you can purchase the Edgesight licenses separately.
ASKER
How could one see from the outside how many farms there are in an environment? If you went in to a network how could you see that?
ASKER
How many servers do you typically have in 1 farm?
You need to know the servers available for Citrix, either you know them by heart or looking for example at their naming conventions. If not then you will have to do an inventory to see which servers have the XenApp installed.
Knowing the servers then, as I told you previously with qFarm run in a command prompt, all the member servers of the farm will be listed. This list of servers will form one farm, implying that if you see certain servers not listed then they will be in another farm.
An alternative way is to check the Delivery Services console for each server (perhaps doing so is more tedious) where the farm will appear.
MF20.dsn is another indicator. within that file is the data store instance name. A different DB most probably means different farm (it can mean a different zone within the same farm)
Knowing the servers then, as I told you previously with qFarm run in a command prompt, all the member servers of the farm will be listed. This list of servers will form one farm, implying that if you see certain servers not listed then they will be in another farm.
An alternative way is to check the Delivery Services console for each server (perhaps doing so is more tedious) where the farm will appear.
MF20.dsn is another indicator. within that file is the data store instance name. A different DB most probably means different farm (it can mean a different zone within the same farm)
ASKER
Ok thanks, just as a crash course of the infrastructure/architectur e of a citrix farm, what falls within that farm, i.e. what is it made up of, and is there a higher level than farm? Or is farm the top level and every falls within?
ASKER
PS - are there any citrix management tools that can show which users are logged into which servers in your farm at any given time? numbers and names? What tool would be used for that, is this a feature in resource manager?
A citrix Farm consists of the following:
1. One or more zones (can be, but not exactly, likened to a site in a microsoft environment)
2. One License server
3. One Database server (in some designs you can have one database for all your zones; in other designs you can have one database for each zone)
4. One Data Collector in each zone (Only one Data Collector can serve in a zone, and each zone has to have a data collector. You can though make a back up data collector in each zone)
5. XenApp servers (session hosts) hosting your applications
6. Web Interface server hosting your web sites and services sites.
With the above said, the farm is a management boundary for all your environment consisting of the above servers.
With Windows 2003 servers, then this means you have XenApp 5.0 Or Presentation Server 4.5 environments. You can find the users logged on which servers using the Citrix Delivery Services console. However, the console is limited in its view and reporting capability. Yes you can use the resource manager to draw more detailed reports (number of users, names of users, on what servers). A more sophisticated and thus much better tool to draw on reports and get trend results (using history details and frequency) is EdgeSight.
1. One or more zones (can be, but not exactly, likened to a site in a microsoft environment)
2. One License server
3. One Database server (in some designs you can have one database for all your zones; in other designs you can have one database for each zone)
4. One Data Collector in each zone (Only one Data Collector can serve in a zone, and each zone has to have a data collector. You can though make a back up data collector in each zone)
5. XenApp servers (session hosts) hosting your applications
6. Web Interface server hosting your web sites and services sites.
With the above said, the farm is a management boundary for all your environment consisting of the above servers.
With Windows 2003 servers, then this means you have XenApp 5.0 Or Presentation Server 4.5 environments. You can find the users logged on which servers using the Citrix Delivery Services console. However, the console is limited in its view and reporting capability. Yes you can use the resource manager to draw more detailed reports (number of users, names of users, on what servers). A more sophisticated and thus much better tool to draw on reports and get trend results (using history details and frequency) is EdgeSight.
ASKER
Thanks so much re zones why the need for multiple zones? Can you explain?
ASKER
Re 1-6 could you give a one liner managers breif on what each actually do ? The names on some are self explanatory others not so.... Thank you!!
You create multiple zones if the following conditions apply:
1. You have two or more sites
2. The sites have same number of servers as in the main site
3. You have high-bandwidth site links
The rule of thumb is that you should have no more than 5 zones. The less the better.
1. You have two or more sites
2. The sites have same number of servers as in the main site
3. You have high-bandwidth site links
The rule of thumb is that you should have no more than 5 zones. The less the better.
1. Zone: to manage sites and inter-site links
2. License Server: provides licenses for XenApp servers and user sessions. XenApp servers request and receive a startup license on start up. For each subsequent session the XenApp server requests a license from the license server on behalf of the client.
3. DataStore database contains all the farm data, configuration, worker groups, XenApp servers, admins, load evaluators, policies etc...
4. Data Collector manages dynamic updates in the farm including connected sessions, disconnected sessions, resolutions and server loads. Usually also configured as XML broker for the farm to handle authentication, application enumeration and finding least loaded session host.
5. XenApp (session host): host published applications and provide the session to the users.
6. Web Interface server: To provide the interface for the applications for your users.
This is all on the infrastructure part. Then there is the client side where each client needs to have the ICA client (plugin).
2. License Server: provides licenses for XenApp servers and user sessions. XenApp servers request and receive a startup license on start up. For each subsequent session the XenApp server requests a license from the license server on behalf of the client.
3. DataStore database contains all the farm data, configuration, worker groups, XenApp servers, admins, load evaluators, policies etc...
4. Data Collector manages dynamic updates in the farm including connected sessions, disconnected sessions, resolutions and server loads. Usually also configured as XML broker for the farm to handle authentication, application enumeration and finding least loaded session host.
5. XenApp (session host): host published applications and provide the session to the users.
6. Web Interface server: To provide the interface for the applications for your users.
This is all on the infrastructure part. Then there is the client side where each client needs to have the ICA client (plugin).
ASKER
i.e. the options set at:
http://technet.microsoft.com/en-us/library/dd941595(v=ws.10).aspx
I.e. if they are set via local security policy or as part of a domain policy they will be captured, if not they wont be?
Is it resultant set of policy that considers whether the policy were set at either local or domain level, if at all?