MetaFrame XPe's Network Manager allows you to view various statistics of your MetaFrame XPe servers with third party SNMP management applications, including Tivoli NetView, HP OpenView, and if you have Feature Release 1, CA Unicenter. Citrix Network Manager also allows you to perform some limited management tasks from those management applications.
When considering the Citrix Network Manager, a lot of people ask one question: Is it worth the trouble?
Some feel that network manager is more trouble than its worth. Realistically, if you currently use NetView, OpenView, or Unicenter, the network manager may not be a bad idea. However, if you don't already use one of these products, Citrix Network Manager is not worth your time.
Network Manager Installation
To begin using MetaFrame XPe's Network Manager, install and configure the Microsoft SNMP service. Once you do that, you can set your SNMP options for network manager from within the CMC.
The Network Manager CD that ships with MetaFrame XPe only has plug-ins for the SNMP management tool consoles, and the related MIBs. The CD contains nothing that needs to be installed on your MetaFrame XPe servers.
Installing the CMC on the Management Console Computers
Some people choose to install the Citrix Management Console on the same workstation as their SNMP management console software. This allows the two management products to be integrated-the CMC can be launched right from the SNMP tool. Also, it is convenient because you can do more with the CMC than you can through your SNMP management tool and SNMP. The CMC is also more secure than SNMP tools.
However, remember that best practices dictate that you should install the CMC onto the zone data collectors, and use it remotely via ICA sessions. In the end, it's really up to you to determine whether the convenience of having the CMC installed locally on your SNMP management console computer is worth the performance lag of not having it installed on a zone data collector.
MetaFrame XPe's Network Manager only has a few requirements:
- You must have MetaFrame XPe.
- You must have the Microsoft SNMP service installed on the MetaFrame XPs server.
- If you are not using Feature Release 1, the SNMP management console must be Tivoli NetView 5.1.2 or HP OpenView 6.1 or newer.
- If you have Feature Release 1, you can also use CA Unicenter TNG 2.4 or later.
Network Manager Configuration
Once the Microsoft SNMP service is installed, all you need to do is to configure the traps that you want to send to the SNMP console. For those of you not familiar with the SNMP world, a "trap" is a condition or event that generates an alert. This alert is then sent to an SNMP management console that displays it, logs it, or performs some other action.
MetaFrame XPe's Network Manager can send traps for eleven different events, as outlined in Figure 16.3.
- Number: 1
- Name: trapSessionLogoff
- Description: Any logoff.
- Number: 2
- Name: trapSessionLogon
- Description: Any logon.
- Number: 3
- Name: trapSessionDisc
- Description: Any disconnect.
- Number: 4
- Name: trapSessionThreshold
- Description: Each time the number of sessions exceeds the limit as configured.
- Number: 5
- Name: trapLicLowThreshold
- Description: Number of available licenses has reached the warning threshold, as configured.
- Number: 6
- Name: trapLicOut
- Description: All pooled connection licenses have been used.
- Number: 7
- Name: trapLicDenied
- Description: Not used.
- Number: 8
- Name: trapMFAgentUp
- Description: The SNMP agent has successfully started.
- Number: 9
- Name: trapSessionThresholdNormal
- Description: Back to normal from event number 4.
- Number: 10
- Name: trapLicLowThresholdNormal
- Description: Back to normal from event number 5.
- Number: 11
- Name: trapLicOutNormal
- Description: Back to normal from event number 6.
Figure 16.3: Network Manager's available event traps
Using the CMC, you can configure which traps are sent to the SNMP console. Some of the traps are configured with thresholds that cause an alert to be sent. These include the session limit per server (default 100) and the license thresholds. For the license and session limit thresholds, if the value falls below a set percentage, then a notification is sent. When it climbs back above the reset percentage, notification is sent. The reset value must be higher or equal to the set value.
These settings are different from the Resource Manager settings and thresholds.
All of the license traps are farm wide settings (CMC | Farm | Properties | SNMP Tab). The rest can either be set farm-wide (CMC | Farm | Properties | SNMP Tab) or per-server (CMC | Server | Properties | SNMP Tab).
There are several potential security issues exposed if you choose to use the remote SNMP management tools.
First, if you decide to use the SNMP management consoles for monitoring only (and use the CMC for any actual management), then you want to ensure that the SNMP service on the MetaFrame XPe server is set to "Read Only."
On Windows NT 4.0 Terminal Edition servers, the SNMP service will need to be manually set to Read Only.
On Windows 2000 servers, all remote users of the SNMP service are limited to the "read_only" SNMP right by default. This is fine if you only want to view the status and traps of MetaFrame XP servers. If you want to actively manage them, then grant the "read_create" or "read_write" rights.
If you do decide to actively manage MetaFrame XPe servers with SNMP management consoles, configure the SNMP service on your servers to only accept packets from the specific IP addresses of the management consoles. Do this because the SNMP protocol is inherently not secure. You do need want anyone on the network to be able to send management commands to a MetaFrame XP server.
SNMP Clear text
If you have the CMC installed locally on the SNMP management console workstation, then your farm logins will be sent to the server in clear text. Alternately, you can connect to the CMC via a published application on one of the MetaFrame XP servers, and use MetaFrame's native security and encryption.
SNMP Uses in MetaFrame XPe Environments
Via the SNMP management console, the following administrative activities can be performed on MetaFrame XP servers:
- Logoff sessions.
- Disconnect sessions.
- Send messages.
- Terminate processes.