How does a Citrix Presentation Server know what licenses you have when it loses connectivity to the license server?
One of the features of Citrix Presentation Server licensing that just about everyone knows about is that an individual Presentation Server will continue to function for 30 days after it loses connectivity to a Citrix License Server. Citrix does this in order to provide quasi-enterprise scalability of the licensing component, in that Presentation Servers in a multi-site farm will work for 30 days if the WAN link to the license server goes down.
But after 30 days, no new connections will be accepted.
This is cool, but it leads to the question, “How does the server know how many licenses I have and what’s allowed if it can’t contact the license server?”
Most people I’ve met over the years have assumed this information was stored in the zone’s data collector (and therefore in the IMA local host cache on each server). However this is NOT correct. In fact in PS3 or newer farms (with no XP servers), the zone data collector / local host cache do not maintain ANY licensing information.
Instead, information about Citrix Presentation Server licenses is “cached” locally on each member server in a file called mps-wsxica_mps-wsxica.ini, stored in the \Program Files\Citrix folder.
The wsxica_mps-wsxica.ini file is a simple text file. It contains a snapshot of the number, types, and expiration dates of the various licenses maintained in the licensing database. Here’s an example (with the CRC values changed, rendering this file not valid for actual use):
[LSD]
Version=3
LicModel=1
LSName=edgelabdc
ProdName=MPS
ProdFeatName=ENT
CRC=3470353123
SubSectionCount=2
[PLD_POOL_NODE_0]
PLD=CITRIX
HasMaxLicenseCount=0
CRC=1453495123
SubSectionCount=1
[PLD_POOL_LIC_NODE_0_0]
NumLic=5000
ConnLimit=0
GracePeriod=96
LicExpTime=3281852161200000000
LeaseExpTime=0
VendorStr=;LT=SYS;GP=96;SA=0;DUP_GROUP=HV
SAExpDate=2002.0101
CRC=2113943123
[PLD_POOL_NODE_1]
PLD=MPS_ENT_CCU
HasMaxLicenseCount=0
CRC=2311356123
SubSectionCount=1
[PLD_POOL_LIC_NODE_1_0]
NumLic=1000
ConnLimit=0
GracePeriod=720
LicExpTime=128615905200000000
LeaseExpTime=0
VendorStr=;LT=Eval;GP=720;CL=ENT,ADV,STD,AST;SA=0;ODP=0;AP=ADMIN/LOGON/-84D:NONADMIN/LOGON/-28D
CompList=ENT,ADV,STD,AST
SAExpDate=2007.0726
CRC=2954033123
Anyone who’s ever looked through a .LIC license file from MyCitrix.com will notice some similarities to this INI file. The wsxica_mps-wsxica.ini file is created automatically on each Presentation Server the first time a server contacts the Citrix License Server, and it’s updated whenever any licenses are changed in the licensing database.
For the most part, knowing about this file and how it works is really anecdotal trivia. But there are a few important takeaways:
If you ever have a problem where users are not able to login (with a licensing error) while your Presentation Server is not connected to the licensing server, now you know where to look. (Is this file present? Is it corrupt? Etc.)
During a license server connectivity outage, yes, you can reboot your member Presentation Servers, and yes, you can reboot your data collectors. The mps-wsxica_mps-wsxica.ini file will stay put as long as you don’t actively delete it.
How do MetaFrame Access Suite version 3 and newer license files work?
By now most people are familiar with the basics of MetaFrame Access Suite version 3 licensing, the core tenet being that you download license files from Citrix and put them on your license servers. But what exactly are these license files and how do they work? Note: This article applies to the MetaFrame Access Suite components that are version 3 and newer. At the time of this writing, both Presentation Server and Conferencing Manager are at version 3. Password Manager and Secure Access Manager are still at version 2.x, so their licensing components are different. In the next version of the MetaFrame Access Suite (version 4), all components will use this licensing mechanism. License Files
As you know, all version 3 licensing is centered on the concept of the license file. A license file is just a regular text file with the extension “.LIC” that you place on your Citrix license server. The license server reads the licensing information contained in the license file and then hands out licenses to users as they connect via various MetaFrame servers.
These license files are only available from one source: Citrix’s web portal called “MyCitrix.” If you are a corporate customer, your licenses magically appear in the portal whenever you buy new products. If you are a smaller customer, you’ll get a license code with each copy of Citrix software you buy. Instead of entering that code into the product (like in the old days), you create a MyCitrix account (if you don’t already have one) and enter your license number into the web portal. This will associate those licenses with your account, just like enterprise customers.
To get a license file from Citrix, you login to MyCitrix, specify the quantity and type of licenses you want to bundle into the license file, specify the name of the server you want to use the file on, and click “download file.” A link is created to a .LIC file that contains all your information. Then you drop that file in a special directory on your license server and you’re all set!
Now that we’ve reviewed the basic license process, let’s take a deeper look at the license file itself. Each license file contains some important information:
The name of the server that it was generated for.
The product type and number of connections.
The date that your subscription advantage expires.
A digital signature that prevents you from changing any of these.
The TCP ports that the license server will use to communicate with other MetaFrame servers.
The name of the server that the license file was generated for
One of the biggest complaints that Citrix received about licensing before MPS3 related to license pack activation and how people were treated like criminals if they had to reactivate licenses. (Reactivating licenses was fairly common as migrations and consolidations took place or as farms were rebuilt.)
To address this, Access Suite 3 licenses come “pre-activated,” which means that once you download the license files from Citrix, you can use them again and again without having to activate them over and over. While this is a great thing for admins everywhere, it also means that there would be nothing stopping someone from downloading a license file and posting it to an underground website for all the world to use.
To combat this, the MyCitrix website asks you to enter the computername of your license server before you download a license file. When you do this, the downloaded license has that computername embedded into it, and it will only work on a license server whose name matches the embedded name. (Against all logic, this name is actually case sensitive, so make sure you use the Citrix-provided “lmhostid.exe” utility to get your license server’s hostname instead of using the built-in “hostname” command.)
The bottom line is that you can use a single license file again and again as long as you use it on a license server with the name that’s embedded into the file. This even applies if you rebuild the server or move domains (as long as the NetBIOS name does not change). Once that server name changes, however, you’ll have to go back to the MyCitrix portal and “return” your current license file and generate a new one. The Product Type and Number of Connections
The fundamental purpose of a license file is to specify how many connection licenses you have. Since Citrix now has several products in their Access Suite, the license file must also specific which of the products the various licenses correspond to.
One interesting thing about the license file is that it does NOT specify the version of the product along with the license information. Instead it specifies the type of product and the number of licenses.
For example, a license file will NOT specify that you have 100 connection licenses for MetaFrame Presentation Server 3.0. Instead it would only specify that you have 100 connection licenses for English MetaFrame Presentation Server Enterprise Edition or German MetaFrame Presentation Server Advanced Edition. The date your Subscription Advantage Expires
Citrix’s “Subscription Advantage” is just a fancy name for a software maintenance contract where you get to use the most recent version of a Citrix product as long as your Subscription Advantage is active. Every Citrix product comes with one year of Subscription Advantage, and you can buy additional years for about 20% of the initial product’s licensing price.
One thing that’s important to note about Subscription Advantage is that you don’t have to buy it in order to use a product indefinitely. If you buy a MetaFrame product today, that product is good forever regardless of when your Subscription Advantage runs out.
For example, if you buy MetaFrame Presentation Server in February 2005, your Subscription Advantage would last until February 2006. The current version of Presentation Server as of February 2005 is 3.0. If 4.0 comes out in May 2005, you’ll get that for free since your Subscription Advantage is active. If 4.1 comes out in December 2005 you’d also get that since your Subscription Advantage would still be active.
Whatever version of Presentation Server is released before your Subscription Advantage expires is the version that you’ll be allowed to use forever.
So what does this have to do with license files? Every single .LIC license file that you download from MyCitrix has the date that your Subscription Advantage expires embedded into it. This means that the license file “knows” the valid dates of products you’re allowed to use.
To make this work, every single product from Citrix has what they call a “burn in” date hard-coded into the product itself. For example, MetaFrame Presentation Server 3.0’s burn-in date is April 27, 2004. MetaFrame Presentation Server 4.0’s burn-in date might be something like May 10, 2005. These dates are built-in to each product and cannot be changed.
Then, when users connect to a MetaFrame server, the server simply looks for an appropriate connection license from a license file for the right type of product with a Subscription Advantage expiration date that’s later than or equal to its own burn-in date.
The brilliance of this design means that you can start using the newest products from Citrix without having to change or modify your license files. Of course the downside to this is that you’ll have to generate new .LIC license files whenever you renew your Subscription Advantage. The Digital Signature
If you open up a .LIC license file in notepad you’ll notice that everything we’ve talked about here is just sitting in the file in plain English. To prevent people from simply opening this file and adding licenses or changing the server name, Citrix license files also contain a 480-bit signature that corresponds to the specific settings of that file. If you change any of these parameters, the license file will stop working. TCP Communication Ports
The license files also let you specify which ports will be used as the license server communicates with the MetaFrame servers. Talking about port usage is kind of useless outside of the context of a larger discussion about license server architecture, so we’ll cover that in tomorrow’s article.
发表于 2008-7-27 10:03:53
楼主
