NetScaler Sessions Test

By tracking the user activity performed on the ADC appliance through different connections (such as ICA, DLTS ICA and VPN and AAA), administrators will be able to determine the session load imposed by such connections to the appliance at any given point in time. Moreover, by observing user logins through different connections over time, administrators will be able to easily figure out if user logins are happening consistently or sporadically. The latter could hint at a connection issue, requiring immediate attention. Also, when monitoring user sessions, administrators will also be able to capture unexpected logouts or abrupt session terminations and investigate the reason for the same. Such useful session-based insights are provided by the NetScaler Sessions test.

This test tracks user logins to the ADC appliance through different connections, and measures the current session load imposed by each connection to the appliance. For each connection, the test additionally reports the count and percentage of new logins, and also captures inexplicable session logouts. The detailed diagnostics provided by the test also point administrators to the users who logged in newly and the users whose sessions logged out.

Target of the test : An ADC VPX/MPX

Agent deploying the test : A remote agent

Outputs of the test : One set of results for each connection through which the sessions are established to the ADC appliance that is being monitored.

Configurable parameters for the test
Parameter Description

Test Period

How often should the test be executed.

Host

The IP address of the host for which the test is being configured.

NetScaler Username and NetScaler Password

To monitor a ADC device, the eG agent should be configured with the credentials of a user with read-only privileges to the target ADC device. Specify the credentials of such a user in the NetScaler Username and NetScaler Password text boxes.

Confirm Password

Confirm the ADC Password by retyping it here.

SSL

The eG agent collects performance metrics by invoking NITRO (ADC Interface Through Restful interfaces and Objects) APIs on the target ADC device. Typically, the NITRO APIs can be invoked through the HTTP or the HTTPS mode. By default, the eG agent invokes the NITRO APIs using the HTTPS mode. This is why, the SSL flag is set to Yes by default. If the target ADC device is not SSL-enabled, then the NITRO APIs can be accessed through the HTTP mode only. In this case, set the SSL flag to No.

Report IP Details to Manager

The eG agent that monitors a Citrix Virtual Apps Server/Desktop environment is capable of automatically discovering which users are accessing that environment , and from where - i.e., from which geographic location. To identify the location of a Citrix user, this eG agent requires the user name, the public IP address of the client from which the user is logging in, and the IP address of the Citrix server/ desktop that user is accessing. By default, this test collects the aforesaid information for each user who is connecting to the Citrix environment via NetScaler, and communicates the same to the eG manager. Each eG agent that monitors a Citrix Virtual Apps Server/Desktop then downloads the details from the manager and leverages the downloaded information to determine the location of every Citrix user. This is why, the REPORT IP DETAILS TO MANAGER flag is set to Yes by default.

If you do not want the location of Citrix users to be discovered, then set this flag to No.

Report Using Manager Time

By default, this flag is set to Yes. This indicates that, by default, the detailed diagnosis of this test will report time stamps in the manager’s time zone. If this flag is set to No, then these time stamps are shown in the DETAILED DIAGNOSIS page for this test to be based on the device’s local time.

Show All VPN Sessions

Typically, the Citrix ADC VPX/MPX appliance opens multiple connections to support a single user session. While the session will be eventually launched over one persistent connection, the other connections will automatically close within seconds from opening. By default, the detailed diagnostics of this test will report the details of the persistent connection only. This is why, this flag is set to No by default. If you want the details of the temporary connections too to be captured as part of detailed diagnostics, set this flag to Yes.

Show RDP Session

By default, this flag is set to No indicating that this test will not collect the statistics of the users logged into the target NetScaler appliance using RDP sessions. If you wish to track the information of the users who have logged in using RDP sessions, then, set this flag to Yes. Upon setting this flag to Yes, the eG agent will track the RDP connections made to the target NetScaler appliance and report RDP as a descriptor of the test.

Domain Alias

This parameter is applicable only if the REPORT IP DETAILS TO MANAGER parameter is set to 'Yes'.

Typically, to automatically determine the geographic location of users accessing the Citrix Virtual Apps/Desktops environment, eG Enterprise requires that the domain names of Citrix users do not change as they travel from the NetScaler into a Citrix Virtual Apps server / virtual desktop.

Sometimes however, a domain name can be mismatched across the board. For instance, a user's domain may be 'chn' when he/she accesses NetScaler; but, when the same user logins into a Citrix server / virtual desktop, his/her domain could be 'mas'. This can happen if an 'alias' and/or a NetBIOS name is configured for a domain in the Active Directory server that authenticates user logins to a Citrix Virtual Apps server / virtual desktop. An 'alias' is typically configured for a domain, if its original name is too long/complex for users to remember. A 'NetBIOS domain name' is the subdomain of the DNS domain name. For example, if the DNS domain name is contoso.com, the NetBIOS domain name is contoso.

If the domain name of a user does not stay the same through a user's journey across the Citrix infrastructure, then eG Enterprise will not be able to automatically determine the geographic location of that user. To avoid this, you need to do the following:

  • Check if the domain name has been configured with an alias and/or a NetBIOS domain name in AD;

  • If so, then you need to configure the eG agent monitoring NetScaler with the correct alias and/or NetBIOS name that maps to that domain name. This can be achieved using the DOMAIN ALIAS parameter.

To know how to configure this parameter, read on:

  1. Login to the system hosting the eG agent that monitors the Citrix Virtual Apps server / Citrix VDI in your environment.

  2. Open the browser on that system, connect to the eG monitoring console, and login to it.

  3. Navigate to the detailed diagnosis of the Current sessions measure of the NetScaler Sessions test.

  4. See the entries in the User name column of the detailed diagnostics. These entries will be of the format: <DomainName>\<UserName>. Make a note of the <DomainName>s here.

  5. Next, open the Powershell prompt on the same system, and go to the <EG_AGENT_INSTALL_DIR>\lib directory. From that directory, run the powershell script named DNSSuffixSearchList, by issuing the following command at the prompt. :

    .\DNSSuffixSearchList.ps1

  6. Make a note of the domain names listed in the output of the script.

  7. Then, in the eG monitoring console, navigate to a user-based test run on a managed Citrix Virtual Apps server/Citrix VDI in the environment. Make a note of the domain names in the descriptors of this test.

  8. For the same set of users, compare the domain names gathered from all the 3 sources, and isolate discrepancies (if any).

  9. If the domain name in the script output and in the descriptor of the user-based test is the same for a user, but the domain name displayed in the detailed diagnosis of the NetScaler Sessions test is different, then it is a clear indication that an 'alias' has been configured for that user. In this case, your DOMAIN ALIAS specification should be of the following format:

    <Domain_Name>:<Alias_Name>

    For instance, consider the following scenario:

    Domain name returned by script: mas.eginnovations.com

    Descriptor of user-based test: mas\john

    Value in DD: chn\john

    In this case, the domain name is chn and its alias is mas.eginnovations.com .

    The DOMAIN ALIAS specification for the above sample scenario will therefore be:

    chn:mas.eginnovations.com

  10. On the other hand, if the domain name in the detailed diagnosis (of this test) matches the domain name in the descriptor (of the user-based test), but does not match the domain names in the script output, it means that both an alias and a NetBIOS domain name have been configured. In this case, your DOMAIN ALIAS specification should be of the following format:

    <Domain_Name>:<Alias_Name>@<NetBIOS_Name>

    For instance, consider the following scenario:

    Domain name returned by script: mas.eginnovations.com

    Descriptor of user-based test: chn\john

    Value in detailed diagnosis: chn\john

    In this case, the domain name and NetBIOS name is chn and the domain alias is mas.eginnovations.com.

    The DOMAIN ALIAS specification for the above sample scenario will therefore be:

    chn:mas.eginnovations.com@chn

  11. Multiple domain-alias mappings can be provided as a comma-separated list. For example - egin:mas.eginnovations.cm, chn:chn.eginnovations.com@mas

These mappings help eG Enterprise maintain the same domain name throughout a Citrix user's logon process, thereby enabling accurate location identification for that user.

DD Frequency

Refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time this test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD Frequency.

Detailed Diagnosis

To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option.

The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:

  • The eG manager license should allow the detailed diagnosis capability
  • Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.
Measurements made by the test
Measurement Description Measurement Unit Interpretation

Current sessions

Indicates the current number of sessions established through this connection on the ADC appliance.

Number

This is a good indicator of the current session load on the appliance. Comparing the value of this measure across the connections will reveal the connetion through which maximum number sessions are established.

New logins

Indicates the number of new logins to the ADC through this connection in the last measurement period.

Number

A consistent zero value could indicate a connection issue.

You can use the detailed diagnosis of this test to know which users logged in recently.

Percent new logins

Indicates the percentage of current sessions that logged in through this connection during the last measurement period.

Percent

 

Sessions logging out

Indicates the number of sessions that logged out.

Percent

If all the current sessions suddenly log out, it indicates a problem condition that requires investigation.

The detailed diagnosis of this measure lists the sessions that logged out.