Creating a Bulletproof Citrix Licensing Server Infrastructure using NetScaler Global Server Load Balancing (GSLB) and CtxLicChk.ps1 PowerShell Scripts

Share Button

Click Accept to Download:

 I Accept the Terms and Conditions provided on the Copyright and Disclaimer page.

I was recently doing Citrix XenApp/XenDesktop design workshops with Nick Rintalan and Brendan Lin from Citrix Consulting Services (CCS), along with my colleague Victor DiMascio from Entisys. As we were discussing some of the intricate details of the architecture decisions, we touched on a topic that has stumped many a Citrix architect for the last several years (myself included).  The underlying question is, how do you provide a centralized Citrix licensing server without the inherit risk and single point of failure that it represents? How do you provide resiliency for this single point of failure while remaining compliant with license agreements?

In discussing, Nick and Brendan shared that they had some internal CCS documents with sample configurations using NetScaler Load Balancing and Global Server Load Balancing, but the story wasn’t quite complete. I decided to take on the task of fully documenting out a resilient solution I am calling the Bulletproof Citrix Licensing Server Infrastructure. The configuration involves using NetScaler Load Balancing and Global Server Load Balancing, along with a PowerShell Script I created called CtxLicChk.ps1. Big thanks to Nick, Brendan, and Vic, for brainstorming a couple ideas and providing the sample configurations. Accept the Terms and Conditions above to download the Configuration Guide, Visio, and CtxLicChk.ps1 PowerShell Script or continue reading to learn more!

Overview

In medium to large organizations, there are many business reasons why the Citrix Licensing server (‘license server’) component of a Citrix XenApp/XenDesktop infrastructure should be centralized. For example, when seasonal bursts exist within departments or geographic regions, a central license server offers manageability benefits as the segregated peaks become normalized across the various groups consuming licenses. When license servers are segregated (departmentalized, regionalized, or decentralized), peak usage can create additional Citrix Administrator operational overhead in allocating, revoking, reallocating, and managing the license files installed in various license servers and usage groups. License usage trending also becomes difficult in segregated environments as usage data must be aggregated and reported across groups or disparate license servers. For these reasons and others, organizations centralize the Citrix license server to avoid operational overhead, simplify compliance and usage reporting.

When the license server is centralized, a fairly obvious single point of failure risk exists. Citrix Licensing involves a grace period whereby clients/servers that lose communication with the license server are protected, allowing the clients/servers to continue operations as if they were still in communication with the license server. In practice, the grace period is a good feature, however there are instances when Citrix Licensing may cause service interruptions to occur. An example is a scenario known as the Citrix Licensing black hole, whereby the Citrix Licensing services and ports are up and responding to licensing requests, however no licenses are available to be issued or obtained.  This can occur if the administrator fails to load license files properly, or in more rare instances that are difficult to reproduce (Windows OS patches, antivirus definition updates or scans, etc.). For this reason, many organizations define process and policy for semi-automatic/manual license server recovery including: Clustering the licensing service, creating a cold standby with licenses preloaded, backing up license files, and performing virtual machine snapshots of the license server. These and other options are valid (and less complex), but offer a less resilient and robust option.

To help overcome this limitation and identify service interruptions before they occur, Citrix offers a Citrix Licensing server monitoring tool called the Citrix License Check Utility (CtxLicChk.exe) that can be obtained from the following support article: http://support.citrix.com/article/CTX123935.  This utility is intended to be used in conjunction with the Independent Management Architecture (IMA) based Health Monitoring and Recovery feature available with Citrix Presentation Server 4.x, XenApp 5.x, and XenApp 6.x. At the time of writing this guide, the Health Monitoring and Recovery feature is not yet available in the FlexCast Management Architecture (FMA) based Citrix XenApp/XenDesktop 7.x platform. However, using Microsoft Windows PowerShell, running this utility can be automated to provide additional resiliency to a Citrix Licensing server infrastructure. Accompanying this guide is CtxLicChk.ps1, a PowerShell script that can perform regular Citrix Licensing health checks using CtxLicChk.exe, report license allocation failures using SMTP e-mail alerts, and stop the Citrix Licensing service if license allocation fails.

When combined with Citrix NetScaler Load Balancing and Global Server Load Balancing (GSLB), a bulletproof Citrix Licensing server infrastructure can be achieved. When the Citrix Licensing service is stopped on the primary license server, NetScaler Load Balancing and GSLB can be used to fail over licensing communication to a warm standby backup license server. In the examples herein, two Data Centers (DC1 and DC2) are configured with local Citrix license servers, NetScaler Load Balancing, and NetScaler Global Server Load Balancing provided from each Data Center. Under normal conditions only the license server in Data Center 1 is active and primary. In the event of failures such as the primary license server, NetScaler Load Balancing Virtual Server IP (VIP), or Data Center connectivity, Citrix licensing traffic will be directed to the backup license server in Data Center 2.

Global Server Load Balancing is not a requirement if local resiliency within a single Data Center is sufficient. The examples below show NetScaler configurations for both local Load Balancing as well as GSLB. If GSLB is not a licensed feature or required for cross Data Center resiliency, local Load Balancing can be configured using the samples below. In this case, the second set of NetScaler pair configurations and GSLB specific sections can be dismissed.

Most importantly, if configured according to the examples provided in this guide, this bulletproof Citrix Licensing server infrastructure complies with Citrix’s product End User License Agreements (EULAs). According to the EULAs, multiple Citrix Licensing servers may exist and have allocated licenses installed, provided only one Citrix Licensing server is active and others are warm standby backup license servers. Compliance to this requirement is fairly simple to validate in the event of a licensing audit using the configuration provided in this guide.

Topology

The following is an example topology covered in more details throughout this guide. Click to enlarge:

Creating a Bulletproof Citrix Licensing Server Infrastructure1

In the full configuration guide, the following sections are covered (23 pages total):
Overview
Topology
Prerequisites
– Summary of Prerequisites
– NetScaler GSLB Introduction
Citrix Licensing Server Prerequisites
Citrix Licensing Server Configuration
– Disable Strict Name Checking
– Copy SSL Certificate and Key Files
– CtxLicChk.ps1 PowerShell Script Configuration
– CtxLicChk.ps1 PowerShell Script (Revision 1.0)
– Creating a Scheduled Task for CtxLicChk.ps1
Citrix NetScaler Configuration
– Configuration Overview and Key Configuration Details
– Enable the NetScaler Features in Both Data Centers
– Configure Authoritative DNS for NetScalers in Data Center 1
– Configure Authoritative DNS for NetScalers in Data Center 2
– Configure CTXLICDC1 Load Balancing vserver for NetScalers in Data Center 1
– Configure CTXLICDC2 Load Balancing vserver for NetScalers in Data Center 1
– Configure CTXLICDC1 Load Balancing vserver for NetScalers in Data Center 2
– Configure CTXLICDC12 Load Balancing vserver for NetScalers in Data Center 2
– Configure CTXLIC Global Server Load Balancing on NetScalers in Both Data Centers
Microsoft Domain Naming Service (DNS) Delegation Configuration
– Configure Microsoft DNS for delegated subdomain for Authoritative DNS
Configuring XenApp/XenDesktop 7.x
– Configure the XenApp/XenDesktop 7.x Site to use GSLB DNS record for Citrix Licensing
Configuration and Failover Validation
– Failure of the Citrix Licensing Service
– Failure to Obtain a Citrix License
– Failure of the NetScaler Load Balancing VIP
– Failure of a Data Center

Return to the top to Accept the Terms and Conditions and Download the Configuration Guide, Visio, and CtxLicChk.ps1 PowerShell Script.

If you have any questions, comments, or simply want to leave feedback, feel free to use the comments section below!
Thanks and enjoy,
@youngtech

Share Button
  1. Kelly KingKelly King02-12-2015

    Is the link still valid?

    • Dane YoungDane Young02-12-2015

      Yes, the link works. Click the Accept checkbox to have the link presented.

  2. SHEJOORSHEJOOR02-11-2015

    Great article, thanks a lot

  3. BmannBmann02-11-2015

    Great stuff as usual, thanks for throwing this out there!

  4. Nick RintalanNick Rintalan02-11-2015

    Nice work, Dane. So glad we finally got this all lab’ed up and documented. Great stuff.

    -Nick

1 2 3 5

Leave a Reply