Citrix ICA q2: RFC program neigbourhood checking (Citrix Metaframe XP).
Stanley Hopcroft
Stanley.Hopcroft at IPAustralia.Gov.AU
Thu Oct 21 08:49:23 CEST 2004
Dear Folks,
Is anyone checking or interested in checking Citrix Metaframe XP
'Program Neigbourhood' ?
Foremerly, Metaframe clients would use a UDP based protocol
(contrib/check_citrix) to locate ICA servers, but with Metaframe XP this
has been replaced by the program neigbourhood.
The program neigbourhood (PN) is the Citrix Metaframe XP method of
providing software Load Balancing for ICA clients.
PN clients exchange
1 ICA packets with one of the 'Server Farm' ICA servers to get a list of
applications the client user is authorised to run.
2 HTTP packets with the Citrix XML service (on one of the 'farm'
servers) to determine which of the ICA servers the client should use for
an ICA session to run the selected application.
Like all things Citrix, the protocols are opaque and undocumented, but
the HTTP exchange can be reverse engineered. This means that while the
ICA dialogue can't be simulated (or decoded), the HTTP dialogue can.
Here's an example of a prototype plugin that checks the PN by
interacting with the PN servers to get the ICA servers for a particular
app. It returns CRITICAL if the PN server fails to supply one of the ICA
server addresses given on the command line (if people have really big PN
farms, the configuration of the plugin may have to be done by file).
tsitc> /usr/local/nagios/libexec/check_program_neigbourhood -h
Copyright (c) 2004 Karl DeBisschop/S Hopcroft
Check the Citrix Metaframe XP service by completing an HTTP dialogue
with a Program Neigbourhood server (pn_server) that returns an ICA
server in the
named Server farm hosting the named application (in simple terms, an ICA
server in a farm which runs some MS app).
check_program_neigbourhood [-P | --pn_server] The name or address of the
Citrix Metaframe XP Program Neigbourhood server (required).
check_program_neigbourhood The PN server is a Farm
server that is running the Citrix XML service.
check_program_neigbourhood [-A | --pub_app] The name of an application
published by the server farm (default 'Word 2003').
check_program_neigbourhood [-F | --server_farm] The name of a Citrix
Metaframe XP server farm. (required).
check_program_neigbourhood [-S | --app_server] The _IP addresses_ of
_all of the Farms ICA servers that are expected to host the published
application. Enter -S svr1 -S svr2 ...
check_program_neigbourhood Since the PN servers
round-robin the app servers to the clients, __all__ the server farm
addresses must be specified or
check_program_neigbourhood the check will fail
(required).
check_program_neigbourhood [-d | --debug]
check_program_neigbourhood [-h | --help]
check_program_neigbourhood [-x | --xml_debug]
check_program_neigbourhood [-V | --version]
tsitc> /usr/local/nagios/libexec/check_program_neigbourhood -P cbrmet01
-S 10.1.2.224 -S 10.1.2.225 -d -F IPAFARM01
Seq: 0
POST http://cbrmet01/scripts/WPnBr.dll
Content-Type: text/xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE NFuseProtocol SYSTEM "NFuse.dtd"><NFuseProtocol version="1.1">
<RequestProtocolInfo>
<ServerAddress addresstype="dns-port" />
</RequestProtocolInfo>
</NFuseProtocol>
Seq: 1
HTTP/1.1 200 OK
Date: Thu, 21 Oct 2004 06:35:04 GMT
Server: Citrix Web PN Server
Content-Length: 253
Content-Type: text/xml
Client-Date: Thu, 21 Oct 2004 06:35:04 GMT
Client-Peer: 10.1.2.224:80
Client-Response-Num: 1
<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE NFuseProtocol SYSTEM "NFuse.dtd">
<NFuseProtocol version="1.1">
<ResponseProtocolInfo>
<ServerAddress addresstype="no-change"></ServerAddress>
</ResponseProtocolInfo>
</NFuseProtocol>
.. yada yada ...
Seq: 11
HTTP/1.1 200 OK
Date: Thu, 21 Oct 2004 06:35:06 GMT
Server: Citrix Web PN Server
Content-Length: 511
Content-Type: text/xml
Client-Date: Thu, 21 Oct 2004 06:35:06 GMT
Client-Peer: 10.1.2.224:80
Client-Response-Num: 1
<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE NFuseProtocol SYSTEM "NFuse.dtd">
<NFuseProtocol version="1.1">
<ResponseAddress>
<ServerAddress
addresstype="dot-port">10.1.2.225:1494</ServerAddress>
<ServerType>win32</ServerType>
<ConnectionType>tcp</ConnectionType>
<ClientType>ica30</ClientType>
<TicketTag>10.1.2.225</TicketTag>
<SSLRelayAddress
</NFuseProtocol>
Citrix XML service Ok: App server "10.1.2.225" hosting "Word 2003".
If anyone would like to test this plugin, please write me privately.
Yours sincerely.
--
Stanley Hopcroft
Network specialist, IT Infrastructure
IP Australia
Ph: (02) 6283 3189 Fax: (02) 6281 1353
PO Box 200 Woden ACT 2606
http://www.ipaustralia.gov.au
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: disclaimer.txt
URL: <https://www.monitoring-lists.org/archive/users/attachments/20041021/84b66382/attachment.txt>
More information about the Users
mailing list