More Related Content Similar to Edgesight501 (20) Edgesight5014. What´s new ?
New Features of Edgesight 5.0.1
22.02.13 © visionapp 4
5. Citrix Edgesight 5.0.1 – What´s new ?
Edgesight 5.0.1 Service Pack 1
> Since December 12 EdgeSight 5.0.1 Service Pack 1 has been released
to web.
File: EdgeSight_5.0.1_647-2279.iso
The Device Summary report did not allow users to select a specific
device. The Device Summary report now has a device picker, allowing
users to display summary data for a specific endpoint device.
The Device CPU and Device Memory pie charts displayed inconsistent
device counts due to time zone offsets. The Device CPU and Device
Memory pie charts now display correct and consistent device counts.
Addressed an issue where XenDesktop printers could not be mapped
when the EdgeSight agent was running.
The shutdown of a Windows 2008 system with low memory caused a
system hang or critical system error when running the EdgeSight Agent.
The agent software has been changed avoid this issue.
22.02.13 © visionapp 5
6. Citrix Edgesight 5.0.1 – What´s new ?
Edgesight 5.0.1 – SP1 Continued
Addressed a problem where the following error is observed when
installing EdgeSight 5.0 using SQL Server 2000 (with SQL 2000
Reporting Services): Error publishing reports:
System.Web.Services.Protocols.SoapException: There is an error on Line
39 of custom code: [BC30451] Name 'amp' is not declared.
Microsoft.ReportingServices.ReportProcessing.ReportProcessingException
: There is an error on Line 39 of custom code: [BC30451] Name 'amp' is
not declared.
Known issues:
Conflicts Between Antivirus and Security Software and the
EdgeSight Agent
In some cases, antivirus and security software can interfere with the
normal operation of EdgeSight Agent software.
Symantec Enterprise Client Security, McAfee VirusScan 8 or 8i with Patch
10, McAfee Host Intrusion Protection (HIPS) V7.0
22.02.13 © visionapp 6
7. Citrix Edgesight 5.0.1 – What´s new ?
What´s new
> Search Capability for Reports.
> This version of EdgeSight Server is supported on Microsoft Windows
Server 2008, including Enterprise, Standard, and DataCenter editions.
> Windows Integrated Authentication for SQL Server Access – This
version of EdgeSight uses Windows Integrated Authentication for SQL
Server access as opposed to SQL authentication.
> Basic and Advanced XenApp Agents – Basic agents provide the
Resource Management capability that is included in XenApp-Enterprise
Edition and require only that you have a XenApp Enterprise license
available on your Citrix Licensing Server.
> Advanced agents provide the fully featured version of EdgeSight for
XenApp and require that you have either a XenApp-Platinum Edition
license or an EdgeSight for XenApp license available on your Citrix
Licensing Server.
22.02.13 © visionapp 7
8. Citrix Edgesight 5.0.1 – What´s new ?
What´s new continued
> Active Application Monitoring Alerts – The EdgeSight Server Console
displays alerts received from the Active Application Monitoring Agent.
> User Interface Enhancements – The EdgeSight Server console UI has
been redesigned to make it easier to find the information you want.
Tabs allow you to quickly move between real-time monitoring and the
display of historical reports.
> Farm Monitor – The Farm Monitor allows you to browse through a
XenApp Server Farm and display real time data about alerts for one or
more devices. The monitor provides detailed contextual data about
activity on the device at the time of a selected alert, including
performance counters, sessions, processes, and network usage.
> Ability to suppress alerts for devices or sources (Maintenance Mode)
Clear the suppression of alerts after a specific amount of time.
22.02.13 © visionapp 8
10. Citrix Edgesight 5.0.1 – What´s new ?
And … Finally SQL Windows Authentication
(Goodbye SPECTUser)
22.02.13 © visionapp 10
11. Citrix Edgesight 5.0.1 – What´s new ?
And … Active Directory User can be set up for
Database Connection
Local user is still supported
22.02.13 © visionapp 11
16. Citrix Edgesight 5.0.1 – What´s new ?
And … Realtime & Troubleshooting
(Adobe Flash and Active X Required)
22.02.13 © visionapp 16
18. Citrix Edgesight 5.0.1 – What´s new ?
And … Default Rules
Rules for Health Check Monitoring Service
22.02.13 © visionapp 18
19. Citrix Edgesight 5.0.1 – What´s new ?
And … Active Application Monitoring
Prerequisite: Visual J# 2.0
Communication Launcher <-> Controller via Port 18747
22.02.13 © visionapp 19
20. Citrix Edgesight 5.0.1 – What´s new ?
And …Update from 4.5 (SP4) is possible.
It works.
URL changes from Server/edgesight40 to Server/edgesight
22.02.13 © visionapp 20
21. Citrix Edgesight 5.0.1 – What´s new ?
Licensing
> Warning
> The Licenseserver supplied on the Edgesight 5.0.1 Media is
Licenseserver version 11.3
> Download and install Licenseserver version 11.5
> Update the main (Farm) Licenseserver as the agents will check-in and
check-out their Licenses from the Farm Licenseserver NOT from the
Edgesight Licenseserver
22.02.13 © visionapp 21
22. Citrix Edgesight 5.0.1 – What´s new ?
Licensing
EdgeSight Agent Functionality Level Cannot Be Chosen When Installing
on Presentation Server 4.0 System
When installing the EdgeSight for XenApp 5.0 agent on a system running
Presentation Server 4.0, you cannot choose the agent functionality level
(Basic or Advanced). The agent is installed with the Basic functionality
enabled by default.
Workaround: If you need to enable the Advanced agent functionality, and
you have either a XenApp-Platinum Edition license or an EdgeSight for
XenApp license available on your Citrix Licensing Server, open the Citrix
System Monitoring Agent and select the Advanced functionality setting.
22.02.13 © visionapp 22
23. Citrix Edgesight 5.0.1 – What´s new ?
Basic Mode on PS 4 - Work around (If Licensed)
Resource Manager functionality only
22.02.13 © visionapp 23
27. Citrix Edgesight 5.0.1 – What´s new ?
Advanced Mode on PS 4
Msiexec /i /q /norestart c:EdgeSightXAAgent.msi
SERVER_NAME=XXX COMPANY=XXX
REMOTE_SECURITY=0 FUNCTIONALITY_MODE=1
Documents and SettingsAll UsersApplication
DataCitrixSystem MonitoringDataEdgesight.ini
[Core]
Sinstance=xxxxx-xxxxx-xxxx-xxxxxx
DatabaseCompactInProgress=0
[Mode]
UpdateFuncMode=2 [Basic]
UpdateFuncMode=1 [Advanced]
Manual change can be restricted
HKLMSoftwareSystem MonitoringAgentCtrx4.00Control
PannelAllowFunctionalityMode = Dword 0 or 1 (1=restricted)
22.02.13 © visionapp 27
28. The good, the bad, the ugly
What has not changed and new (known) issues.
22.02.13 © visionapp 28
29. The good, the bad, the ugly
• NO Copy and Paste functionality in some fields of Rules
• NO Active Rollout of Agents, still Reboot required
• NO corresponding time field in some Reports (WHEN did
WHAT happen ?
• Input validation issues with rules may crash database
• DB automatic user change to Edgesight (should be master)
• Issue with Daylight Saving time – Has to be turned OFF to
work
• Only 8 configurable items in the Dashboard
• Ability to monitor ONLY XENAPP and Endpoint computers
• Phoning home ?
22.02.13 © visionapp 29
30. Citrix Edgesight 5.0.1 – The good, the bad, the ugly …
Agents – Reboot Required – No active Rollout
Caused due to “hooking” into system DLLs as e.g. winsock.dll.
22.02.13 © visionapp 30
31. Citrix Edgesight 5.0.1 –What´s new
Daylight saving ? – turn it off
If this is set to yes – set it to “No” or it will screw up the time
22.02.13 © visionapp 31
33. Citrix Edgesight 5.0.1 – The good, the bad, the ugly …
Use SSL/443 if possible (Endpoints)
22.02.13 © visionapp 33
34. Citrix Edgesight 5.0.1 – The good, the bad, the ugly …
Use URLSCAN 3.1 to avoid SQL-Injection
Download and Install URLSCAN 3.1 from:
http://iis.net/downloads/default.aspx?tabid=34&g=6&i=1697
Documentation can be found at:
http://learn.iis.net/page.aspx/476/common-urlscan-scenarios
Remove IIS Header [Banner]
Block SQL Injection Strings
22.02.13 © visionapp 34
35. Citrix Edgesight 5.0.1 – The good, the bad, the ugly …
Use URLSCAN 3.1 to avoid SQL-Injection
[options]
RemoveServerHeader=1
RuleList=SQL Injection,SQL Injection Headers
[SQL Injection]
AppliesTo=.asp,.aspx
DenyDataSection=SQL Injection Strings
ScanUrl=0
ScanAllRaw=0
ScanQueryString=1
ScanHeaders=
22.02.13 © visionapp 35
36. Citrix Edgesight 5.0.1 – The good, the bad, the ugly …
Use URLSCAN 3.1 to avoid SQL-Injection
[SQL Injection Strings]
--
%3b ; a semicolon
/*
@ ; also catches @@
char ; also catches nchar and varchar
alter
begin
cast
convert
cursor
declare
delete
drop
end
exec ; also catches execute
fetch
kill
open
select
sys ; also catches sysobjects and syscolumns
table
22.02.13 © visionapp 36
37. Citrix Edgesight 5.0.1 – The good, the bad, the ugly …
Use URLSCAN 3.1 to avoid SQL-Injection
[SQL Injection Headers]
AppliesTo=.asp,.aspx
DenyDataSection=SQL Injection Headers Strings
ScanUrl=0
ScanAllRaw=0
ScanQueryString=0
ScanHeaders=Cookie
22.02.13 © visionapp 37
38. Citrix Edgesight 5.0.1 – The good, the bad, the ugly …
Use URLSCAN 3.1 to avoid SQL-Injection
[SQL Injection Headers Strings]
--
@ ; also catches @@
alter
cast
convert
declare
delete
drop
exec ; also catches execute
fetch
insert
kill
select
22.02.13 © visionapp 38
39. Citrix Edgesight 5.0.1 – The good, the bad, the ugly …
Default Database change to EdgeSight
The Problem – If the Edgesight
Database is deleted no login to SQL
Server is possible for this user
Security by obscurity ? …
22.02.13 © visionapp 39
40. Citrix Edgesight 5.0.1 – The good, the bad, the ugly …
Dashboard – Only 8 Items allowed
22.02.13 © visionapp 40
41. Citrix Edgesight 5.0.1 – The good, the bad, the ugly …
Monitoring – only XENAPP and Endpoints
Edgesight is not designed to monitor
other infrastructure servers as
- Licenseserver
- Webinterface
- SQL Server
-(…)
22.02.13 © visionapp 41
42. Citrix Edgesight 5.0.1 – The good, the bad, the ugly …
Phoning home ?
Dbo.config
https://secureportal.citrix.com/Edgesight/V5/scrash/XSL
22.02.13 © visionapp 42
43. How does it work ?
Inside Edgesight 5.0.1
22.02.13 © visionapp 43
46. Edgesight 5.0.1 - How does it work ?
Agent – Local Firebird Instance
Firebird Firebird 2.0.0 (Win32 Build)
This DBMS is used as Local SQL Server.
Edgesight stores it´s payload in the DBMS.
The Payload is being uploaded as a delta by the worker threads
twice a day. This saves network bandwith.
The Database is located at
RSDatr = C:Documents and SettingsAll UsersApplication
DataCitrixSystem MonitoringDataRSDatr.fdb
22.02.13 © visionapp 46
47. Edgesight 5.0.1 - How does it work ?
Initial contact from agent to server
TCP/IP communication http port 80/443
GET edgesight/app/suser/cfgsync.aspx
Rzpd:/edgesight/app/suser/ZRemotelib.zpd ztconst.vbs
GET edgesight/app/suser/init.aspx
Rzpd:/edgesight/app/suser/ZRemoteLib.zpd#500!lsync.htm
POST /app/suser/autosync.aspx (payload upload)
Response http 901 Payload Processed
(907 = Exception)
Verisign certificate is exchanged between Agent and Server
Mail is sent (if this is a new device)
22.02.13 © visionapp 47
48. Edgesight 5.0.1 - How does it work ?
Wireshark – SYN/ACK (3-way handshake)
22.02.13 © visionapp 48
49. Edgesight 5.0.1 - How does it work ?
Wireshark – GET configsync.aspx
22.02.13 © visionapp 49
50. Edgesight 5.0.1 - How does it work ?
Wireshark – Zremotelib.zpd
22.02.13 © visionapp 50
51. Edgesight 5.0.1 - How does it work ?
Wireshark – init.aspx
22.02.13 © visionapp 51
52. Edgesight 5.0.1 - How does it work ?
Wireshark – sync.htm
22.02.13 © visionapp 52
53. Edgesight 5.0.1 - How does it work ?
Wireshark – no config changes
22.02.13 © visionapp 53
54. Edgesight 5.0.1 - How does it work ?
Wireshark – sending payload (autosync.aspx)
22.02.13 © visionapp 54
55. Edgesight 5.0.1 - How does it work ?
Wireshark http 901 – Payload processed
22.02.13 © visionapp 55
56. Edgesight 5.0.1 - How does it work ?
Wireshark SMTP – New Agent
22.02.13 © visionapp 56
58. Troubleshooting
If it does not do what it is supposed to …
Prerequisites – Message Queuing, .Net Framework 2.0 SP1
SQL Server 2005 SP2 Reporting Services Configuration
Agent Logfiles, Antivirus Exclusions (Firebird DB)
Agent Install, Realtime-Access, Winsock Errorcodes
22.02.13 © visionapp 58
59. Citrix Edgesight 5.0.1 –Troubleshooting
Message Queuing
– Use AD Account NOT local Account
22.02.13 © visionapp 59
60. Citrix Edgesight 5.0.1 –Troubleshooting
IIS
.Net Framework 2.0
SP1
Bind ASP.net 2.0
to default Homepage
22.02.13 © visionapp 60
63. Citrix Edgesight 5.0.1 – Troubleshooting
Reporting Services (SQL 2005 SP2)
> C:Program FilesMicrosoft SQL ServerMSSQL.2Reporting
ServicesReportManagerRSWebApplication.config
<Configuration>
<UI>
<ReportServerUrl></ReportServerUrl>
<ReportServerVirtualDirectory></ReportServerVirtualDirectory>
<ReportBuilderTrustLevel>FullTrust</ReportBuilderTrustLevel>
</UI>
(…) something is missing here
22.02.13 © visionapp 63
64. Citrix Edgesight 5.0.1 – Troubleshooting
Reporting Services (SQL 2005 SP2)
> C:Program FilesMicrosoft SQL ServerMSSQL.2Reporting
ServicesReportManagerRSWebApplication.config
FIXED Configuration
<Configuration>
<UI>
<ReportServerUrl></ReportServerUrl>
<ReportServerVirtualDirectory>ReportServer
</ReportServerVirtualDirectory>
<ReportBuilderTrustLevel>FullTrust</ReportBuilderTrustLevel>
</UI>
(…)
22.02.13 © visionapp 64
66. Citrix Edgesight 5.0.1 –Troubleshooting
Reporting Services (SQL 2005) Encryption Keys
22.02.13 © visionapp 66
73. Citrix Edgesight 5.0.1 –Troubleshooting
Real-Time Agent Access
Remote Security
This is needed for automatic value updates e.g.
Real Time Reports (Troubleshoot) or
Dashboard (Monitor)
Edgesight has to log on to the target Device
[Local Administrator rights required]
A Group can be added at
HKLMSOFTWARECITRIXSystem
MonitoringAgentCore4.00RemoteSecurityGroup
Msiexec /i /q /norestart c:EdgeSightEPAgent.msi
SERVER_NAME=XXX COMPANY=XXX
DEPARTMENT=Endpoint
REMOTE_SECURITY=0
22.02.13 © visionapp 73
74. Citrix Edgesight 5.0.1 –Troubleshooting
Winsock Errorcodes
> http://msdn.microsoft.com/en-us/library/ms740668(VS.85,printer).aspx
10013 Permission denied. 10035 Resource temporarily
unavailable.
10050 Network is down. 10051 Network is unreachable.
10052 Network dropped connection on reset. 10053 Software caused
connection abort.
10054 Connection reset by peer. 10060 Connection timed out.
10061 Connection refused. 10064 Host is down.
10065 No route to host. 11001 No such host is known
22.02.13 © visionapp 74
75. Thank you very much for your attention.
Do you have any questions?
Additional information can be found at:
visionapp Ltd.
Office London
http://www.visionapp.com (United Kingdom)
107-111 Fleet Street
London EC4A 2AB
phone: +44-20-7936-9112
fax: +44-870-385-0936
Editor's Notes 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13 22.02.13