Citrix ICA q2: RFC program neigbourhood checking (Citrix Metaframe XP).

Stanley Hopcroft Stanley.Hopcroft at IPAustralia.Gov.AU
Thu Oct 21 08:49:23 CEST 2004

Previous message: Citrix ICA q1: does check_tcp -H metaframe -p 1494 -e 'ICA' work for anyone ?
Next message: Kyle Niederhauser is out of the office.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear Folks,

Is anyone checking or interested in checking Citrix Metaframe XP 
'Program Neigbourhood' ?

Foremerly, Metaframe clients would use a UDP based protocol 
(contrib/check_citrix) to locate ICA servers, but with Metaframe XP this 
has been replaced by the program neigbourhood.

The program neigbourhood (PN) is the Citrix Metaframe XP method of 
providing software Load Balancing for ICA clients.

PN clients exchange

1 ICA packets with one of the 'Server Farm' ICA servers to get a list of 
applications the client user is authorised to run.

2 HTTP packets with the Citrix XML service (on one of the 'farm' 
servers) to determine which of the ICA servers the client should use for 
an ICA session to run the selected application.

Like all things Citrix, the protocols are opaque and undocumented, but 
the HTTP exchange can be reverse engineered. This means that while the 
ICA dialogue can't be simulated (or decoded), the HTTP dialogue can.

Here's an example of a prototype plugin that checks the PN by 
interacting with the PN servers to get the ICA servers for a particular 
app. It returns CRITICAL if the PN server fails to supply one of the ICA 
server addresses given on the command line (if people have really big PN 
farms, the configuration of the plugin may have to be done by file).

tsitc> /usr/local/nagios/libexec/check_program_neigbourhood -h

Copyright (c) 2004 Karl DeBisschop/S Hopcroft

Check the Citrix Metaframe XP service by completing an HTTP dialogue 
with a Program Neigbourhood server (pn_server) that returns an ICA 
server in the 
named Server farm hosting the named application (in simple terms, an ICA 
server in a farm which runs some MS app).


check_program_neigbourhood [-P | --pn_server] The name or address of the 
Citrix Metaframe XP Program Neigbourhood server (required).
check_program_neigbourhood                    The PN server is a Farm 
server that is running the Citrix XML service.
check_program_neigbourhood [-A | --pub_app] The name of an application 
published by the server farm (default 'Word 2003').
check_program_neigbourhood [-F | --server_farm] The name of a Citrix 
Metaframe XP server farm. (required).
check_program_neigbourhood [-S | --app_server] The _IP addresses_ of 
_all of the Farms ICA servers that are expected to host the published 
application. Enter -S svr1 -S svr2 ...
check_program_neigbourhood                     Since the PN servers 
round-robin the app servers to the clients, __all__ the server farm 
addresses must be specified or 
check_program_neigbourhood                     the check will fail 
(required).
check_program_neigbourhood [-d | --debug]
check_program_neigbourhood [-h | --help]
check_program_neigbourhood [-x | --xml_debug]
check_program_neigbourhood [-V | --version]

tsitc> /usr/local/nagios/libexec/check_program_neigbourhood -P cbrmet01 
-S 10.1.2.224 -S 10.1.2.225 -d -F IPAFARM01

Seq: 0
POST http://cbrmet01/scripts/WPnBr.dll
Content-Type: text/xml

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE NFuseProtocol SYSTEM "NFuse.dtd"><NFuseProtocol version="1.1">
  <RequestProtocolInfo>
    <ServerAddress addresstype="dns-port" />
  </RequestProtocolInfo>
</NFuseProtocol>

Seq: 1
HTTP/1.1 200 OK
Date: Thu, 21 Oct 2004 06:35:04 GMT
Server: Citrix Web PN Server
Content-Length: 253
Content-Type: text/xml
Client-Date: Thu, 21 Oct 2004 06:35:04 GMT
Client-Peer: 10.1.2.224:80
Client-Response-Num: 1

<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE NFuseProtocol SYSTEM "NFuse.dtd">
<NFuseProtocol version="1.1">
    <ResponseProtocolInfo>
      <ServerAddress addresstype="no-change"></ServerAddress>
    </ResponseProtocolInfo>
</NFuseProtocol>

.. yada yada ...

Seq: 11
HTTP/1.1 200 OK
Date: Thu, 21 Oct 2004 06:35:06 GMT
Server: Citrix Web PN Server
Content-Length: 511
Content-Type: text/xml
Client-Date: Thu, 21 Oct 2004 06:35:06 GMT
Client-Peer: 10.1.2.224:80
Client-Response-Num: 1

<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE NFuseProtocol SYSTEM "NFuse.dtd">
<NFuseProtocol version="1.1">
    <ResponseAddress>
      <ServerAddress 
addresstype="dot-port">10.1.2.225:1494</ServerAddress>
      <ServerType>win32</ServerType>
      <ConnectionType>tcp</ConnectionType>
      <ClientType>ica30</ClientType>
      <TicketTag>10.1.2.225</TicketTag>
      <SSLRelayAddress 
</NFuseProtocol>

Citrix XML service Ok: App server "10.1.2.225" hosting "Word 2003".

If anyone would like to test this plugin, please write me privately.

Yours sincerely.

-- 
Stanley Hopcroft

Network specialist, IT Infrastructure
IP Australia
Ph: (02) 6283 3189  Fax: (02) 6281 1353
PO Box 200 Woden  ACT 2606
http://www.ipaustralia.gov.au
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: disclaimer.txt
URL: <https://www.monitoring-lists.org/archive/users/attachments/20041021/84b66382/attachment.txt>

Previous message: Citrix ICA q1: does check_tcp -H metaframe -p 1494 -e 'ICA' work for anyone ?
Next message: Kyle Niederhauser is out of the office.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list