VPN Virtual Servers Test

A vserver is a named ADC entity that external clients can use to access applications hosted on the servers. It is represented by an alphanumeric name, virtual IP address (VIP), port, and protocol. When a client attempts to access applications on a server, it sends a request to the VIP instead of the IP address of the physical server. When the ADC receives a request on the VIP, it terminates the connection at the vserver and uses its own connection with the server on behalf of the client. The port and protocol settings of the vserver determine the applications that the vserver represents.

vservers can be grouped into various categories. One such vserver is the virtual private network (VPN) virtual server. This server decrypts tunneled traffic and sends it to intranet applications. To understand the workload of each of these VPN virtual servers and isolate overloaded servers, use the VPN Virtual Servers test.

Target of the test : An ADC VPX/MPX

Agent deploying the test : A remote agent

Outputs of the test : One set of results for each VPN virtual server.

Configurable parameters for the test
Parameter Description

Test Period

How often should the test be executed

Host

The IP address of the host for which the test is being configured.

NetScaler Username and NetScaler Password

To monitor a ADC device, the eG agent should be configured with the credentials of a user with read-only privileges to the target ADC device. Specify the credentials of such a user in the NetScaler Username and NetScaler Password text boxes.

Confirm Password

Confirm the ADC Password by retyping it here.

SSL

The eG agent collects performance metrics by invoking NITRO (ADC Interface Through Restful interfaces and Objects) APIs on the target ADC device. Typically, the NITRO APIs can be invoked through the HTTP or the HTTPS mode. By default, the eG agent invokes the NITRO APIs using the HTTPS mode. This is why, the SSL flag is set to Yes by default. If the target ADC device is not SSL-enabled, then the NITRO APIs can be accessed through the HTTP mode only. In this case, set the SSL flag to No.

Show Up Server Oly

The default setting of this flag is No; this indicates that this test, by default, monitors all the VPN virtual servers configured on the ADC appliance. If you want the test to monitor only those VPN virtual servers that are up and running currently, then set this value to Yes.

Exclude Servers

Provide a comma-separated list of VPN virtual server names or name patterns that need to be excluded from monitoring. By default, this is set to none, indicating that all VPN virtual servers are by default monitored.

Detailed Diagnosis

To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option.

The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:

  • The eG manager license should allow the detailed diagnosis capability
  • Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.
Measurements made by the test
Measurement Description Measurement Unit Interpretation

Server state

Indicates the current state of this virtual server.

 

If the virtual server is up, then the value of this measure is Up. If the virtual server is down, then the value of this measure is Down.

The numeric values that correspond to these measure values have been listed in the table below:

Numeric Value Measure Value
0 Up
1 Down
2 Out of service
3 Transition out of service
4 Down when going out of service
-1 Unknown

Note:

By default, this measure reports the above-mentioned Measure Values while indicating whether a virtual server is up/down. However, in the graph of this measure, the Measure Values will be represented using their corresponding numeric equivalents only.

Use the detailed diagnosis of this measure to determine the primary IP address, primary port, and protocol type of each VPN virtual server being monitored.

Request data received

Indicates the amount of request data received by this virtual server during the last measurement period.

MB

These are good measures of the request and response load on a virtual server. By comparing the value of each of these measures across virtual servers, you can instantly identify overloaded servers.

Response data received

Indicates the amount of response data received by this virtual server during the last measurement period.

MB

Requests received

Indicates the number of requests received by this virtual server during the last measurement period.

Number

Responses received

Indicates the number of responses received by this virtual server during the last measurement period.

Number

Currently AAA users logged in

Indicates the number of AAA users who are currently logged into this virtual server.

Number

A high value is indicative of high user load on the virtual server. By continuously tracking changes to this measure alongside the value of the Maximum users allowed to login measure, you can figure out when this upper threshold (i.e., Maximum users allowed to login measure) is likely to be reached/crossed.

Maximum users allowed to login

Indicates the number of concurrent users who are allowed to login to this virtual server. 

Number

 

Total users connected

Indicates the total number of users connected to this virtual server. 

Number

This measure is a good indicator of total workload on the virtual server. Compare the value of this measure across the virtual servers to know which virtual server is overloaded.

STA servers in UP state

Indicates the number of STA severs, which are bound to this virtual server, that are currently up and running.

Number

The Secure Ticket Authority (STA) is responsible for issuing session tickets in response to connection requests for published applications on XenApp and published desktops on XenDesktop. These session tickets form the basis of authentication and authorization for access to published resources. If users have valid STA tickets, the gateway assumes that they passed the authentication checks and should be permitted access.

A STA server can be bound globally or to virtual servers. You can also add multiple servers running the STA when a virtual server is configured.

The value of this measure is should be high. A low value for this measure may indicate that the most of the STA servers are not running which may lead to security issues while connecting to the ADC.

STA servers in Down state

Indicates the number of STA severs that are currently down.

Number

The value of this measure should be zero. A non-zero value for this measure is a cause for concern.

Percent STA servers in UP state

Indicates the percentage of STA severs that are currently up and running.

Percent