Wilco van Bragt
Teknica Software’s “iShadow” provides a single-point of administration for both Citrix and Terminal Servers. It lets you provide a single tool that you can use to delegate control of day-to-day tasks to different people within your company. iShadow let’s you manage multiple Citrix farms and Windows Terminal Servers from one single console. It has several cool features, including:
- Multi-windowed shadowing
- Process monitoring
- Printer auditing
- Server and session management
The iShadow tool is built in a modular way, so you can configure different consoles for separate roles within the company.
The iShadow installation consists of just one executable. It’s preferable to install the application itself on your Citrix servers, because it makes use of MFCOM object (a Citrix API that "talks" to the data store and data collectors). You need to install the tool manually on one server, although it can then be automatically pushed out to other servers once it’s running. (You can also silently install it with a “/s” switch.) While iShadow does integrate with many Citrix features, it’s not completely dependent on them, so you can still use the program if some Citrix services fail on your server.
Configuring the iShadow environment
iShadow is a management console where the "almighty admin" decides which people or roles should get access to certain components. Configuring the console for specific people / roles is done via the iShadow Configuration tool.
The first step (other than adding licenses) is to discover Citrix and or Terminal Servers within the infrastructure. After adding the servers (from multiple domains or farms even) for administration and monitoring via iShadow, you need to add so-called “Impersonators.” This impersonator option is a very useful option that let’s you add many accounts to iShadow that all share one “real” account on a Citrix server. In this way you can allow non-administrators to have administrative-like access to your servers.
You can use the profiles tab to create profiles within iShadow that are linked to external domain users or groups. You then configure iShadow options for each profile. A nice “bonus” feature is that there’s an option to automatically publish the profile as a Citrix published application (with the standard roles applied) to the people who have rights to access that profile.
As you can imagine, in large environments not all users will need access to all servers that are shown within the iShadow tool. To ensure that people can only access the systems they are allowed to, filters can be setup to specify which servers over which kinds of connections (ICA or RDP) specific users or groups can administer.
The last step is to specify the users and/or groups which can use the iShadow console. When adding a user or group, all earlier settings are linked to that user or group. This means that you can specify the impersonator account on a per-user (or per-group) basis. You can also specify start and expiration dates for these groups.
Once all these options have been configured, you need to deploy these settings to other servers that have iShadow installed. This is done using the auto deployment option within the configuration tool. Deploying a change to your servers involves specifying the iShadow installation executable. The deployment tool checks to see if iShadow is already installed on the target server (or an earlier version is available). If It then installs the programs (if necessary) and adds the new configuration to the program.
Managing your SBC environment with iShadow
Once the configuration is complete then users can start to administer and monitor the servers controlled by iShadow.
Here’s a birds-eye view of what you can do with the iShadow console.
You can change several (but not all) farm-level settings for the farms available with iShadow. Settings like Speedscreen, Connection limits, Printer driver configuration, and ICA settings are available for configuration.
Within iShadow you can enable or disable logons, or reboot or shutdown your servers. You can also monitor services and processes and set alarms.
RDP and ICA sessions can be monitored from multiple Citrix farms and Windows Terminal servers. All standard options like logoff, disconnecting, and sending messages are available. But iShadow adds multiple Windows shadowing and extended session properties with lots of information about the session of the user. Lots of options can be applied to a selection of users.
Users can view which printers are created (network or auto-created client printers) on a per-session basis, including possible errors. You can also use iShadow to pause, restart, or delete printers, or to clear print jobs out of queue.
You can monitor server- or user-level processes. The process monitor shows lots of information like manufacturer name, date, file, size, and (one of the most useful) the complete path where the process is located. Of course CPU and memory usage is displayed and the process can be terminated using the iShadow console.
You can also use iShadow to create reports (in several formats) for any of the above options.
If your company has one of the scenarios as described above (a large IT-infrastructure or a company where key users needs some additional management tasks), iShadow can be very useful.
Because of the excellent filtering capabilities and the possibility to use an impersonation account which is used to perform the tasks, the iShadow administrator can setup a nice kind of delegation of control. Besides that, iShadow adds some nice features like multiple farm and multiple protocol support, printer audit, process monitoring and server management.
If you’re using iShadow for IT personnel in large infrastructures, it is a pity that iShadow cannot be used as a single point of administration since not all settings available in the standard tools are available within iShadow. To be fair, iShadow is not pretending to deliver all-inclusive administrator functionality, but it would be (in my opinion) wonderful if these options were available.
The product is especially powerful when used to give key end-users (non-IT personnel) the ability to carry out some day-to-day management tasks.
iShadow is available from Teknica Software at www.ishadow.com.
(Note: You must be logged in to post a comment.)
If you log in and nothing happens, delete your cookies from BrianMadden.com and try again. Sorry about that, but we had to make a one-time change to the cookie path when we migrated web servers.