MetaFrame Access Suite License Architecture | Citrix CCA MetaFrame Presentation Server 3. 0 and 4. 0 Exam CramT (Exams 223 and 256)

MetaFrame Access Suite License Architecture

Unlike Microsoft Terminal Services licensing, which works on either a per-device or a per-user basis, Citrix employs true concurrent user licensing for its MetaFrame Presentation Server product. For example, if you have 600 employees in your company but only 200 are ever logged on to a MetaFrame environment at one time, you are required to have only 200 MetaFrame Client Access Licenses (CALs).

A MetaFrame Client Access License is not required to install the MPS client. The MetaFrame client could be installed on all 600 clients from the preceding example. The MetaFrame CAL requirement goes into effect only when a user actually attempts to log on to a MetaFrame Presentation Server. At that time, one of three things will occur:

If the client device has already been issued a license for a session that is currently active, no additional license is required. A license is consumed only when the first connection is made by a device. All subsequent connections will share that same license.

There is one caveat to this point. To consume only a single license when connecting to two or more servers, all the servers in question must be communicating with the same license server. If a user connects to a MetaFrame server that utilizes a different license server, an additional license is issued by that license server. Currently, Citrix does not support the pooling of licenses between different MASL servers.

Note

In addition to the requirement that MetaFrame servers reside within the same server farm, license sharing is supported only between servers running the same version of MetaFrame. A user who is simultaneously connected to both a MetaFrame 3.0 and a MetaFrame XP server will consume one license from each environment.
If the client device currently has no active sessions, the MetaFrame server to which the client is connecting queries the MASL server and requests a license on the client's behalf . A license is checked out from the license database and assigned to that client. When the last active session from that client is terminated , the license is checked back into the license database. At that time, it becomes available for use by another client.
If the MASL server has no free licenses available, the checkout attempt (along with the user's connection attempt) fails, and no additional user logons are accepted until an existing user session ends and a CAL becomes available.

Note

Unlike a Microsoft Terminal Services License server, which allocates temporary licenses to allow a user to log on, a MetaFrame Access Suite License server does not issue temporary licenses. With the exception of a limited number of licenses available during the installation grace period, if a CAL is not available when a user tries to log on, that user's connection attempt is simply refused .

Until a license file has been downloaded and applied to a license server, it operates in what is known as the startup grace period. During this grace period, the MASL server issues a maximum of two Client Access Licenses to nonadministrators. These licenses allow access to the MetaFrame server for a maximum of 96 hours (4 days). After that, the users cannot log on until a valid product license file is downloaded and installed on the license server. This 96- hour grace period does not apply to an administrator, who is granted access to the product indefinitely.

This startup grace period differs from the grace period that exists if a MetaFrame server loses connectivity to a license server due to a license server failure, network issues, or some other problem. In this configuration, the MetaFrame server immediately begins operating in a failover mode, which has a separate grace period of operation before the license server must once again be available. The time frame for the failover grace period was initially 96 hours when MASL was first released, but this has since been updated to 30 days. For the failover grace period to be valid, the license server must have a valid license file installed. A license server with no valid license file does not allow a MetaFrame server to function in failover mode.

Alert

Remember that this failover grace period has been increased since the original license server documentation was released. The existing documentation available with MPS 3.0 still states that the grace period is only 96 hours (4 days). If the license file was downloaded after August 19, 2004, it allows for the new 30-day grace period.

Also, remember that this grace period does not apply to the startup grace period. The startup grace period applies only when no license file has been downloaded and so still remains at 96 hours.

Two different grace periods exist for MASL:

Startup grace period96 hours (4 days)
Failover grace period30 days

MetaFrame Access Suite Licensing Overview

Figure 4.1 illustrates the components that make up a typical MetaFrame Presentation Server 3.0 environment with a MetaFrame Access Suite License server and multiple MPS clients. This figure also depicts the internal breakdown of the MASL server, illustrating the two internal services (daemons) that combine to deliver the license server's functionality. These services are called the License Manager Daemon ( LMGRD.EXE ) and the Citrix Vendor Daemon ( CITRIX.EXE ).

Figure 4.1. A typical MetaFrame Access Suite License server implementation.

Two distinct types of licensing activity take place in an MPS 3.0 environment:

Initial server connection phase Occurs when the MetaFrame Presentation Server initially boots up
Client Access License retrieval Occurs when a client device connects to a MetaFrame server

MetaFrame Server Initial Connection Phase

The first license activityserver connectiontakes place when an MPS 3.0 server boots up. In this situation, the MetaFrame server performs the following tasks :

1.	During bootup , MetaFrame retrieves the associated license server address from the Data Store.
2.	It then communicates with the License Manager daemon on the license server (see the Internal MASL Components in Figure 4.1) to retrieve the port on which the Citrix Vendor Daemon is running. The default listening port for the License Manager Daemon is 27000, whereas the default listening port for the Citrix Vendor Daemon is randomly selected during startup. The process for modifying these defaults is discussed in the "Modifying the Listening Ports for the MASL Server" section of this chapter.
3.	Using this information, the MetaFrame server opens a connection with the Citrix vendor daemon, a connection that remains open as long as the MetaFrame server is up. After this connection is established, the MetaFrame server checks out a startup license. This license is required for the server to be able to check out Client Access Licenses.
4.	The MetaFrame server is now fully operational and ready to accept client connections.

Note

During the initial connection to the license server, the MetaFrame server stores a replica of the license information locally. This information is then updated once every hour to reflect the current license availability. This replica is maintained in case connectivity with the license server is lost and the MetaFrame server must begin issuing licenses for the failover grace period of 30 days, which was discussed earlier.

Each MetaFrame server maintains its own personal copy of the license information from the license server and does not perform any kind of license pooling on its own. For example, if the license server had 75 licenses available for allocation before it crashed, and there were four MetaFrame servers, each MetaFrame server would be capable of issuing up to 75 CALs during the failover grace period.

Client Access License Retrieval

When an MPS client attempts to connect to a MetaFrame server, the following occurs:

The MetaFrame server communicates directly with the Citrix Vendor Daemon (see Figure 4.1) to determine whether licenses are available. If one exists, the vendor daemon checks out the license and allocates it to the requesting MetaFrame server.

If the license server is unavailable, the MetaFrame server allocates a license, if available from the replica information it has stored locally.
If a client access license is available, the MetaFrame server allows the client to connect; otherwise , access to the server is denied .

Figure 4.1 illustrates that each client device has been allocated a single MetaFrame CAL, regardless of how many server connections it actually has open.

Figure 4.2 expands on the previous figure, demonstrating a more complex MASL configuration. This time, it involves two distinct license servers and three separate Citrix server farms (Production, Acceptance Testing, and Engineering). Two of these farms (Production and Acceptance Testing) share the same license server, while Engineering communicates with its own.

Figure 4.2. Multiple farms can share the same license server.

This diagram also demonstrates the behavior of Client Access License allocation, depending on the server farm that a client is connecting to. You can see that Client 1 has a connection to both Production and Acceptance Testing, but consumes only one license because these farms both share the same license server.

Client 2, on the other hand, has a connection to Production and Engineering, but because two different license servers are involved, this client consumes two licenses.

Even though these examples depict only server farms assigned to different license servers, Citrix also allows you to perform a more granular assignment at the individual server level.

MetaFrame servers within the same server farm can be directed to different license servers. This is not the default behavior nor a typical deployment scenario, but if desired, it can be defined within the properties for an individual server.

Regardless of whether servers are in the same or different server farms, if they are directed to different license servers, a client connected to these servers consumes multiple Client Access Licenses.

Alert

It is important to understand under what conditions a new CAL is allocated, instead of an existing CAL being used.

License Management Console

The main management tasks for MASL are performed using the License Management Console (LMC), a web-based application that must be installed and run on the same server as the MASL component. Figure 4.3 shows the welcome screen that is visible when an authorized user connects to the main LMC web page.

Figure 4.3. The majority of the MASL management tasks are performed using the web-based License Management Console.

Through this web interface, licensing for your MetaFrame environment can be managed from any machine with a supported web browser. The only requirement for using the LMC is that the necessary web components must be installed on the same server as the MASL service. This means that you are also required to run Microsoft Internet Information Service on your MASL server. Details on the requirements for MetaFrame Access Suite Licensing are reviewed in the next section, with the actual management tasks that can be performed using MASL discussed later in this chapter.

MASL System Requirements

The system requirements for a MetaFrame Access Suite License server are summarized in Table 4.1.

Table 4.1. MASL System Requirements

System Component	Comments
Processor	The MetaFrame Access Suite Licensing application is a single-threaded application, and so cannot directly benefit from running on a multiprocessor server. If MASL is to be deployed on dedicated server hardware, choose a faster single-processor machine over multiple slower processors. If MASL is to be deployed on a server that will be tasked with additional roles such as a file/print server, Terminal Services Licensing server, or even a MetaFrame server, multiple processors allow other application threads to run simultaneously with MASL. The majority of the processor load is generated when running the License Management Console. A 1GHz Pentium III is the recommended minimum processor specification for running an MASL server.
Memory	Because each MetaFrame server maintains a constant connection with a license server, a small amount of memory is consumed on the license server for each active connection. In addition, memory usage can also be affected by the following: A large number of user logons and logoffs, which force the license server to process an equally large number of license checkin/checkout requests. Many concurrent user sessions. The license server has a large number of custom configuration options defined within the special configuration file. These custom configuration options are discussed in the "MASL Administration Commands" section of this chapter. The recommended amount of RAM for a server that will be running the MASL service is 512MB.
Hard disk space	MASL requires 30MB of disk space during the installation. It also requires disk space to accommodate the creation and updating of two different log files: Debug log fileThis file, which is enabled by default, logs status and error messages. This log, named lmgrd_debug.log, is located in the C:\Program Files\Citrix\Licensing\LS folder. The contents of this file are overwritten every time the licensing manager daemon service is stopped and restarted. Left in the default configuration, the debug log file consumes very little disk space. Usage logsThe usage logs are also created by default and, if left unattended, can grow quite large. The default configuration does not overwrite the usage log when the license server is restarted. Unlike the debug log, which is a human-readable plain-text file, the usage log, while stored in plain text, is not intended to be human-readable . It is for viewing only through the License Management Console. The rate and amount at which the usage log grows depend on the number of MetaFrame servers and concurrent user connections.
Network bandwidth	An MASL server utilizes only minimal network bandwidth. On average, this is around 1KB per transaction. A transaction is any checkin/checkout request from a MetaFrame server to the license server. Approximately 200 bytes of "heartbeat" data are transmitted every 2 minutes from each connected MetaFrame server to verify the availability of the license server.
Operating system	Windows 2000 Server, Windows 2000 Advanced Server, Windows 2000 Datacenter Server, all running a minimum of Service Pack 3. Windows Server 2003, Standard, Enterprise, or Datacenter Edition. The licensing server is not required to run on the same hardware as MetaFrame Presentation Server.

Caution

The Citrix document titled "MetaFrame Access Suite License Server Customizations" incorrectly states that the usage log is overwritten when the license server is restarted. This information is incorrect. By default, the usage log is not overwritten.

The License Management Console (LMC), which must also be run on the license server, has the following system requirements:

A web browser that supports HTML 3.2 or later The LMC has been verified to be accessible using Netscape 4.7 and 7.0 or higher. It is also accessible with Internet Explorer 5.0 and 6.0 or higher.
Microsoft Internet Information Services (IIS) 5.0 or higher IIS 5.0 comes with Windows 2000 Server, and 6.0 comes with Windows Server 2003. IIS must be installed on the same server as the MASL component. The LMC does not support the use of the Apache web server.

IIS must be installed before you install the License Management Console.
Tomcat 4.1.24 or higher servlet engine Tomcat, which is automatically installed along with MASL, is a web application container within which you run Java servlets and JavaServer Pages (JSP).

Note

Tomcat is an open source project, and although details on the technology are not part of the exam, if you're interested, you can find out more information on the project at http://jakarta.apache.org.
Sun Java Runtime Environment (JRE) 1.4.1 or higher Version 1.4.1 ships with MASL and is installed automatically if a version does not already exist on your server. You can find the latest version of JRE at http://www.java.com. The License Management Console does not run with JRE version 1.3.1.

Deployment Considerations

When planning the deployment of the licensing server, you should consider a couple of different configuration scenarios:

Implementing a dedicated or shared license server Although MASL can be deployed on the same server as MetaFrame, you may want to consider assigning it to a dedicated server depending on your production environment configuration.
Sharing licenses among multiple server farms A single license server can be used to pool the available licenses between two or more server farms.

Implementing a Dedicated or Shared License Server

For the most part, the decision whether to run MetaFrame Access Suite Licensing on a dedicated server or one that is also running MetaFrame depends on the size of the environment. Table 4.2 summarizes the guidelines to use when considering whether to use a dedicated or shared license server.

Table 4.2. MetaFrame Access Suite License Host Server Guidelines

Number of MetaFrame Servers	Comments
Fewer than 50	Shared server. Hosting MASL and MetaFrame Presentation Server together on the same machine is a suitable configuration when the environment has fewer than 50 MetaFrame servers. When running both applications on the same hardware, you need to be certain that the minimum server requirements are met for both packages. When the environment is running a large number of MetaFrame servers, additional load may be experienced on the MetaFrame server that is also running MASL. In a load-balanced environment, you may want to consider implementing a load evaluator that allocates fewer connections to this server than others in the farm.
Between 50 and 500 servers	Dedicated server. In an environment that has more than 50 and fewer than 500 MetaFrame servers, a single dedicated license server is the recommended configuration.
More than 500 servers	Multiple dedicated servers. When a single environment has more than 500 MetaFrame servers, Citrix recommends deploying multiple license servers and dividing up the MetaFrame servers so that they point at these different servers. Conceptually, this configuration would look similar to the multiple license servers displayed back in Figure 4.2. Remember, when multiple license servers are implemented, licenses do not pool between these servers, so a client consumes a separate license each time it connects to a MetaFrame server that uses a different license server. Theoretically, a single license server can support a maximum of 2,000 active MetaFrame server connections.

Number of MetaFrame Servers

Comments

Fewer than 50

Shared server. Hosting MASL and MetaFrame Presentation Server together on the same machine is a suitable configuration when the environment has fewer than 50 MetaFrame servers.

When running both applications on the same hardware, you need to be certain that the minimum server requirements are met for both packages.

When the environment is running a large number of MetaFrame servers, additional load may be experienced on the MetaFrame server that is also running MASL. In a load-balanced environment, you may want to consider implementing a load evaluator that allocates fewer connections to this server than others in the farm.

Between 50 and 500 servers

Dedicated server. In an environment that has more than 50 and fewer than 500 MetaFrame servers, a single dedicated license server is the recommended configuration.

More than 500 servers

Multiple dedicated servers. When a single environment has more than 500 MetaFrame servers, Citrix recommends deploying multiple license servers and dividing up the MetaFrame servers so that they point at these different servers.

Conceptually, this configuration would look similar to the multiple license servers displayed back in Figure 4.2. Remember, when multiple license servers are implemented, licenses do not pool between these servers, so a client consumes a separate license each time it connects to a MetaFrame server that uses a different license server.

Theoretically, a single license server can support a maximum of 2,000 active MetaFrame server connections.

Note

If you're implementing an environment that also contains MetaFrame Conferencing Manager (MCM) 3.0 and if you have MPS and MCM servers directed to the same license server, they both count toward the maximum number of supported servers.

In this configuration, it is recommended that each MPS and MCM server be directed to its own MASL servers. Licenses for one product cannot be used by another, so having them on a single license server is not necessary if there are concerns about the total server connections that may need to be supported.

Besides the total number of MetaFrame servers that will be hitting a license server, some additional criteria might dictate when one or more dedicated license servers may be necessary:

If you have MetaFrame servers spread across a large geographical area and wide area network connectivity is a concern. A lack of a secured connection between sites can also dictate the need for a separate license server at each location.
If administrative authority is segregated within a single product or across multiple products that utilize MASL. A simple example is the situation in which one set of administrators manages MetaFrame Conferencing Manager, while the others manage MetaFrame Presentation Server. Even if there are only a few servers, maintaining separate servers allows for the management of different security privileges for products that require MASL.

Citrix does not support running multiple instances of MASL on the same physical server. If you want to run multiple license servers, they must be deployed on separate hardware.

Tip

Although not directly related to the exam, one alternative to running separate hardware that you might be interested in is to implement multiple license servers running on separate virtual servers using software such as Microsoft's Virtual Server 2005 or VMWare's ESX or GSX Server. Note that this configuration is not supported by Citrix, so there are no guarantees that it will work properly in your environment.

License Sharing Among Multiple Server Farms

As was demonstrated in Figure 4.2, a single license server can be shared among multiple server farms, decreasing the cost of license duplication and increasing the effective use of the purchased licenses. In general, if the licensing requirements are not such that multiple license servers are necessary, sharing a single license server among multiple farms is the recommended deployment strategy.