Edgesight501

Citrix Edgesight 5.0.1

Helmut Hauser

Consulting Enterprise Services

visionapp AG

Agenda

13.04.23 3© visionapp

What´s new ?

New Features of Edgesight 5.0.1

13.04.23 © visionapp 4

Citrix Edgesight 5.0.1 – What´s new ?

> Since December 12 EdgeSight 5.0.1 Service Pack 1 has been released to web.

File: EdgeSight_5.0.1_647-2279.iso

The Device Summary report did not allow users to select a specific device. The Device Summary report now has a device picker, allowing users to display summary data for a specific endpoint device.

The Device CPU and Device Memory pie charts displayed inconsistent device counts due to time zone offsets. The Device CPU and Device Memory pie charts now display correct and consistent device counts.

Addressed an issue where XenDesktop printers could not be mapped when the EdgeSight agent was running.

The shutdown of a Windows 2008 system with low memory caused a system hang or critical system error when running the EdgeSight Agent. The agent software has been changed avoid this issue.

Edgesight 5.0.1 Service Pack 1



Addressed a problem where the following error is observed when installing EdgeSight 5.0 using SQL Server 2000 (with SQL 2000 Reporting Services): Error publishing reports: System.Web.Services.Protocols.SoapException: There is an error on Line 39 of custom code: [BC30451] Name 'amp' is not declared.

Microsoft.ReportingServices.ReportProcessing.ReportProcessingException: There is an error on Line 39 of custom code: [BC30451] Name 'amp' is not declared.

Known issues:

Conflicts Between Antivirus and Security Software and the EdgeSight Agent

In some cases, antivirus and security software can interfere with the normal operation of EdgeSight Agent software.

Symantec Enterprise Client Security, McAfee VirusScan 8 or 8i with Patch 10, McAfee Host Intrusion Protection (HIPS) V7.0

Edgesight 5.0.1 – SP1 Continued



> Search Capability for Reports.

> This version of EdgeSight Server is supported on Microsoft Windows Server 2008, including Enterprise, Standard, and DataCenter editions.

> Windows Integrated Authentication for SQL Server Access – This version of EdgeSight uses Windows Integrated Authentication for SQL Server access as opposed to SQL authentication.

> Basic and Advanced XenApp Agents – Basic agents provide the Resource Management capability that is included in XenApp-Enterprise Edition and require only that you have a XenApp Enterprise license available on your Citrix Licensing Server.

> Advanced agents provide the fully featured version of EdgeSight for XenApp and require that you have either a XenApp-Platinum Edition license or an EdgeSight for XenApp license available on your Citrix Licensing Server.

What´s new



> Active Application Monitoring Alerts – The EdgeSight Server Console displays alerts received from the Active Application Monitoring Agent.

> User Interface Enhancements – The EdgeSight Server console UI has been redesigned to make it easier to find the information you want. Tabs allow you to quickly move between real-time monitoring and the display of historical reports.

> Farm Monitor – The Farm Monitor allows you to browse through a XenApp Server Farm and display real time data about alerts for one or more devices. The monitor provides detailed contextual data about activity on the device at the time of a selected alert, including performance counters, sessions, processes, and network usage.

> Ability to suppress alerts for devices or sources (Maintenance Mode) Clear the suppression of alerts after a specific amount of time.

What´s new continued



And … A (working) prerequisite check



And … Finally SQL Windows Authentication(Goodbye SPECTUser)



And … Active Directory User can be set up for Database Connection Local user is still supported



And … Web Interface 5 Style/Skin









And … Realtime & Troubleshooting(Adobe Flash and Active X Required)



And … Realtime Alerts



And … Default RulesRules for Health Check Monitoring Service



And … Active Application Monitoring


Prerequisite: Visual J# 2.0 Communication Launcher <-> Controller via Port 18747


And …Update from 4.5 (SP4) is possible.It works.


URL changes from Server/edgesight40 to Server/edgesight


>Warning

> The Licenseserver supplied on the Edgesight 5.0.1 Media is Licenseserver version 11.3

> Download and install Licenseserver version 11.5

> Update the main (Farm) Licenseserver as the agents will check-in and check-out their Licenses from the Farm Licenseserver NOT from the Edgesight Licenseserver



EdgeSight Agent Functionality Level Cannot Be Chosen When Installing on Presentation Server 4.0 System

When installing the EdgeSight for XenApp 5.0 agent on a system running Presentation Server 4.0, you cannot choose the agent functionality level (Basic or Advanced). The agent is installed with the Basic functionality enabled by default.

Workaround: If you need to enable the Advanced agent functionality, and you have either a XenApp-Platinum Edition license or an EdgeSight for XenApp license available on your Citrix Licensing Server, open the Citrix System Monitoring Agent and select the Advanced functionality setting.

Licensing




Basic Mode on PS 4 - Work around (If Licensed)

Resource Manager functionality only

Citrix Edgesight 5.0.1 – What´s new


Basic Mode on PS 4



Advanced Mode on PS 4







Msiexec /i /q /norestart c:\EdgeSightXAAgent.msiSERVER_NAME=XXX COMPANY=XXXREMOTE_SECURITY=0 FUNCTIONALITY_MODE=1

Documents and Settings\All Users\Application Data\Citrix\System Monitoring\Data\Edgesight.ini

[Core]Sinstance=xxxxx-xxxxx-xxxx-xxxxxxDatabaseCompactInProgress=0[Mode]UpdateFuncMode=2 [Basic]UpdateFuncMode=1 [Advanced]

Manual change can be restrictedHKLM\Software\System Monitoring\Agent\Ctrx\4.00\Control Pannel\AllowFunctionalityMode = Dword 0 or 1 (1=restricted)

The good, the bad, the ugly

What has not changed and new (known) issues.

13.04.23 © visionapp 28

The good, the bad, the ugly

• NO Copy and Paste functionality in some fields of Rules

• NO Active Rollout of Agents, still Reboot required

• NO corresponding time field in some Reports (WHEN did WHAT happen ?

• Input validation issues with rules may crash database

• DB automatic user change to Edgesight (should be master)

• Issue with Daylight Saving time – Has to be turned OFF to work

• Only 8 configurable items in the Dashboard

• Ability to monitor ONLY XENAPP and Endpoint computers

• Phoning home ?

13.04.23 © visionapp 29

Citrix Edgesight 5.0.1 – The good, the bad, the ugly …


Agents – Reboot Required – No active Rollout

Caused due to “hooking” into system DLLs as e.g. winsock.dll.

Citrix Edgesight 5.0.1 –What´s new


Daylight saving ? – turn it off

If this is set to yes – set it to “No” or it will screw up the time





Use SSL/443 if possible (Endpoints)



Use URLSCAN 3.1 to avoid SQL-Injection

Download and Install URLSCAN 3.1 from:http://iis.net/downloads/default.aspx?tabid=34&g=6&i=1697

Documentation can be found at:http://learn.iis.net/page.aspx/476/common-urlscan-scenarios

Remove IIS Header [Banner]Block SQL Injection Strings




[options]RemoveServerHeader=1

RuleList=SQL Injection,SQL Injection Headers

[SQL Injection]AppliesTo=.asp,.aspxDenyDataSection=SQL Injection StringsScanUrl=0ScanAllRaw=0ScanQueryString=1ScanHeaders=




[SQL Injection Strings]--%3b ; a semicolon/*@ ; also catches @@char ; also catches nchar and varcharalterbegincastconvertcursordeclaredeletedropendexec ; also catches executefetchkillopenselectsys ; also catches sysobjects and syscolumnstable




[SQL Injection Headers]AppliesTo=.asp,.aspxDenyDataSection=SQL Injection Headers StringsScanUrl=0ScanAllRaw=0ScanQueryString=0ScanHeaders=Cookie




[SQL Injection Headers Strings]--@ ; also catches @@altercastconvertdeclaredeletedropexec ; also catches executefetchinsertkillselect



Default Database change to EdgeSight

The Problem – If the Edgesight Database is deleted no login to SQL Server is possible for this user

Security by obscurity ? …



Dashboard – Only 8 Items allowed



Monitoring – only XENAPP and Endpoints

Edgesight is not designed to monitor other infrastructure servers as

- Licenseserver- Webinterface- SQL Server-(…)



Phoning home ?

Dbo.confighttps://secureportal.citrix.com/Edgesight/V5/scrash/XSL

How does it work ?

Inside Edgesight 5.0.1

13.04.23 © visionapp 43

Edgesight 5.0.1 - How does it work ?

The Architecture




Directory Structure



Agent – Local Firebird Instance

Firebird Firebird 2.0.0 (Win32 Build)

This DBMS is used as Local SQL Server.Edgesight stores it´s payload in the DBMS.The Payload is being uploaded as a delta by the worker threadstwice a day. This saves network bandwith.

The Database is located atRSDatr = C:\Documents and Settings\All Users\Application Data\Citrix\System Monitoring\Data\RSDatr.fdb



Initial contact from agent to server

TCP/IP communication http port 80/443

GET edgesight/app/suser/cfgsync.aspx

Rzpd:/edgesight/app/suser/ZRemotelib.zpd ztconst.vbs

GET edgesight/app/suser/init.aspx

Rzpd:/edgesight/app/suser/ZRemoteLib.zpd#500!lsync.htm

POST /app/suser/autosync.aspx (payload upload)

Response http 901 Payload Processed(907 = Exception)

Verisign certificate is exchanged between Agent and ServerMail is sent (if this is a new device)



Wireshark – SYN/ACK (3-way handshake)



Wireshark – GET configsync.aspx



Wireshark – Zremotelib.zpd



Wireshark – init.aspx



Wireshark – sync.htm



Wireshark – no config changes



Wireshark – sending payload (autosync.aspx)



Wireshark http 901 – Payload processed



Wireshark SMTP – New Agent



Done ! (Fin)

Troubleshooting

If it does not do what it is supposed to …

Prerequisites – Message Queuing, .Net Framework 2.0 SP1

SQL Server 2005 SP2 Reporting Services Configuration

Agent Logfiles, Antivirus Exclusions (Firebird DB)

Agent Install, Realtime-Access, Winsock Errorcodes

13.04.23 © visionapp 58

Citrix Edgesight 5.0.1 –Troubleshooting


Message Queuing – Use AD Account NOT local Account





Reporting Services (SQL 2005 SP2)



Reporting Services (SQL 2005 SP2)

Citrix Edgesight 5.0.1 – Troubleshooting

> C:\Program Files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportManager\RSWebApplication.config

<Configuration>

<UI>

<ReportServerUrl></ReportServerUrl>

<ReportServerVirtualDirectory></ReportServerVirtualDirectory>

<ReportBuilderTrustLevel>FullTrust</ReportBuilderTrustLevel>

</UI>

(…) something is missing here


Citrix Edgesight 5.0.1 – Troubleshooting

> C:\Program Files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportManager\RSWebApplication.config

FIXED Configuration

<Configuration>

<UI>

<ReportServerUrl></ReportServerUrl>

<ReportServerVirtualDirectory>ReportServer

</ReportServerVirtualDirectory>

<ReportBuilderTrustLevel>FullTrust</ReportBuilderTrustLevel>

</UI>

(…)




Reporting Services (SQL 2005 SP2) Rights



Reporting Services (SQL 2005) Encryption Keys



Autostart of SQL Agent Service



Autostart of SQL Agent Service



Agent Logfiles



Agent Logfiles



Antivirus Exclusions



Registry



Real-Time Agent AccessRemote Security

This is needed for automatic value updates e.g. Real Time Reports (Troubleshoot) or Dashboard (Monitor)

Edgesight has to log on to the target Device[Local Administrator rights required]A Group can be added at HKLM\SOFTWARE\CITRIX\System Monitoring\Agent\Core\4.00\RemoteSecurityGroup

Msiexec /i /q /norestart c:\EdgeSightEPAgent.msiSERVER_NAME=XXX COMPANY=XXXDEPARTMENT=Endpoint REMOTE_SECURITY=0


> http://msdn.microsoft.com/en-us/library/ms740668(VS.85,printer).aspx

10013 Permission denied. 10035 Resource temporarily unavailable.

10050 Network is down. 10051 Network is unreachable.

10052 Network dropped connection on reset. 10053 Software caused connection abort.

10054 Connection reset by peer. 10060 Connection timed out.

10061 Connection refused. 10064 Host is down.

10065 No route to host. 11001 No such host is known

Winsock Errorcodes


Additional information can be found at:

Thank you very much for your attention.

Do you have any questions?

http://www.visionapp.com

visionapp Ltd.

Office London

(United Kingdom)

107-111 Fleet Street

London EC4A 2AB

phone: +44-20-7936-9112

fax: +44-870-385-0936

Edgesight501

Technology

citrix edgesight

new features of edgesight

wheninstalling edgesight

version of edgesight

whats new search capability

citrix licensing server

device cpu

device picker