citrix mps 3.0 licensing douglas a. brown president [email protected]
TRANSCRIPT
RSA Security
Agenda Introduction to Citrix Licensing
About FlexLm licensing Components of a license server Daemons & Ports
License File Tools
RSA Security
What is FLEXlm Licensing
A license manager that manages floating software licenses
An SDK licensed from MacroVision and integrated into Presentation Server
Includes the following components: The License Server Libraries embedded in MPS Command Line Utilities
RSA Security
What is a License Server
Four Components: License Manager Daemon
(LMGRD.exe) Vendor Daemon (CITRIX.exe) License file Utilities
RSA Security
New Features of MPS Licensing
Enterprise, Advanced and Standard edition will replace product codes and XPs. XPa and XPe
Product edition changes on the Presentation Server will require a reboot to inform all the components of the new license status
RSA Security
Software Requirements Operating Systems
License server is only support on Windows 2000 and Windows 2003 servers
Unix Platforms will not be support until the next release of MFU
MPS 3.0 and Conferencing Manager 3.0 are the only Citrix products that support the new licensing model.
RSA Security
Software Prerequisites Prerequisites:
Microsoft .NET Framework Version 1.1 or later Java Runtime Environment (JRE) version 1.4.1_02
or later Visual Studios J# .NET Version 1.1 or later ASP.NET (A Windows component) Setup will automatically install any software
prerequisites Only is using Autorun installation
RSA Security
Impact on Hardware
CPU usage will increase with: Single treaded application so no need for multiple CPUs Large amounts of check in/outs (hundreds as second) Many products exchanging heartbeat messages with the license server
Hard Drive space will be affected: Depending on the size of the report log, more activity bigger the log
Network: Transactions use less than 1KB of bandwidth Memory usage increases: Depending on size of license file, options file, and concurrent users
RSA Security
MPS Initial Grace Period
96 hours If you run over this date then:
1 administator can connect 2 users can connect
Hotfix available to extend this limit to 60 days
RSA Security
License File Should be two *.lic files located in
“Program Files\Citrix\Licensing\MyFiles” Citrix_startup.lic ????.lic (licensing file downloaded from mycitrix.com
License File Contains Hostname of license server Vendor daemon name At least one line of INCREMENT or FEATURE data
Particular changes to the license file may corrupt the digital signature
Can change license port Can’t change hostname or anything else
RSA Security
Citrix_Startup.lic
Installed by default Dummy license file that services
the following purposes: Keeps the heartbeat alive between the MPS server and the license
server Show what MPS servers are connected to the license server Has out of the box grace period information
RSA Security
????.lic (License for mycitrix.com)
Obtained from mycitrix.com MPS acquires connection license from this
file when users connect One license per client License released after all client
connections to all MPS servers are closed Name of the file does not matter
RSA Security
How Does it Work? MPS licensing policy resides in the
wsxica.dll which is loaded by termsrv.exe Wsxica communicates with the license
server for license check in/out License check in/out occurs during log
in/out License server and MPS exchange a
heartbeat message every 120 second Citrix licensing is enforced on RDP
connections
RSA Security
License Sharing Across Servers
There can be more than one license server
MPS server makes requests to the license server for each unique client connection
All client connections from the same client id share a single product license
RSA Security
License Manager Daemon (LMGRD)
Handles the initial contact with the MetaFrame Access Suite product
Starts the Citrix vendor daemon and passes connections to it
Uses default TCP port 27000 The default port can be changed by
modifying the license file on the license server (CTX103008)
RSA Security
Citrix Vendor Daemon
Process is called Citrix.exe Job is to grant, deny, and keep track of
licenses for Access Suite products Writes to report log and the debug log Default TCP port is chosen by the operating
system when LS is rebooted or the CitrixLicensing service is restarted
Sites with firewalls that require a static IP Port can specify a hard coded port through CTX103356
RSA Security
Date Based Versioning
Increment or Permanent Licensing
SA date: “version” of license. 1 year from time the license file was created
Burn Date: Date product released If SA date is earlier the Burn date
product will not function
RSA Security
License Management Console Is optional but cannot be installed on a
separate server from the license server Functions:
Allows creation of reports logs the detail past license usage
Assign user permissions and roles for access to the LMC Display license inventory, current usage, set the
thresholds for warnings and alerts
RSA Security
ToolsVerify Check out Data: Lmstat –a to verify checkout data:
Shows the data the license server has recorded for each connection.
Also shows: The product that the user has check out a license for The client machine that check out the license The checkout data The version of the license License Server name and port Date license was checked out
RSA Security
More Command Line Tools Lmdiag –c “path to the license file”
Helps diagnose whether license can be checked out
Lmreread – c “path to the license file” Reloads the license file in the memory without restarting the service”
LmhostID –hostname Displays the host name of the license server
RSA Security
More Command Line Tools Netstat –a on the License server
Shows if the correct ports are listening (LMGRD) Shows all MPS server connected to a license Server
RSA Security
License Error Messages You can receive error messages for
licensing in the following places: Event Log of the MPS Server Pop-up messages on the license server Pop-up messages on the client device
Verify license is installed and services are running Restart IIS Restart all services Verify hostname to license file host name
RSA Security
Gotchas When a port is changed in the license file
all future license files will need to be modified to reflect the port number
User connecting to MPS server of different editions will take multiple license one for each edition
If clock on MPS or LS is modified 24 hours back licensing will not function and server will need to be rebuilt