Friday, October 05, 2012

High Availability for Citrix and Terminal Server, RDS Licencing

 

I have been tasked to build a highly available Terminal Server / Remote Desktop Service (TS/RDS) / Citrix XenApp solution and a part of this I need a highly available TS/RDS and Citrix licence servers. As a part of solution money comes into the design so I have decided not to bother and here is why:

  1. Once the new TS/RDS licence server is active for some time it will have a valid licence for everyone who commonly uses the system (home computer, work computers, laptops etc)
  2. To build HA into the RDS/TS licence server I will need two with shared licences to load balance which is ok, but a bit brain dead
  3. To build HA into the Citrix licence host is a cluster (over a WAN which I dont have access to build here just yet)
  4. If there is an outage in the Citrix licence server service only needs to be restored within 30 days

One TS/RDS licence server, shared with a Citrix licence server will do me fine. I will just make sure a full image backup is run weekly and stored off site for restoration in the event the primary data centre burns down.

 

Support material below (edited and updated for clarity) but original links provided.

Failed Microsoft RDS/TS License server ramifications

http://social.technet.microsoft.com/Forums/en-ZA/winserverTS/thread/ebf3a271-4554-41b0-9345-38d74133eacc

If your TS/RDSH cannot contact the license server - the clients that are have valid license will start and continue to work without error. New clients that either have no license or have expired licenses, will not be able to connect.

There is no grace period provided for your client if your TS/RDS license server failed. For each permanent Per Device CAL that is issued, an expiration period is applied. This expiration period is a random number between 52 to 89 days after the license was issued. The terminal server always attempts to renew these CALs seven days before they expire.

 

Microsoft TS/RDS Licence server High Availability

http://www.microsoft.com/technet/community/en-us/terminal/terminal_faq.mspx

The recommended method to configure Terminal Services Licensing servers for high availability is to install at least two Terminal Services Licensing servers with available Terminal Services CALs. Each server will then advertise in Active Directory as enterprise license servers with regard to the following Lightweight Directory Access Protocol (LDAP):

Each Terminal Services Licensing server should contain 50% of your CALs for load balancing within your environment. If a Terminal Services Licensing server does not have valid CALs, then that Terminal Services Licensing server will attempt to refer to other Terminal Services Licensing servers with valid CALs for license issuance.

Each client will begin a license request and upgrade 7 days before the license expiration date.

 

Initial a New Microsoft License server setup

http://technet.microsoft.com/en-us/library/cc725933.aspx

To allow ample time for you to deploy a license server, RDS/TS provides a licensing grace period. During this grace period, a server will accept connections from unlicensed clients without contacting a license server. The grace period begins the first time the TS/RD Session Host server accepts a client connection. The grace period ends after whichever of the following occurs first:

1. A permanent RDS CAL is issued by a license server to a client connecting to the RD Session Host server.

2. The number of days in the grace period is exceeded.

3. The length of the grace period is based on the operating system running on the RD Session Host server.

The grace periods are:

Operating system running on the RD Session Host server

Grace period

Windows Server 2008 R2

120 days

Windows Server 2008

120 days

Windows Server 2003 R2

120 days

Windows Server 2003

120 days

 

Microsoft’s Per User and Per Device CALs

http://technet.microsoft.com/en-us/library/cc725890.aspx

You can install both Per User and Per Device CALs onto the same license server.

You can install RDS CALs for different product versions onto the same license server. EG, you can install both Windows Server 2003 TS per Device CALs and Windows Server 2008 TS Per User CALs onto a license server that is running Windows Server 2008 R2. This provides you the ability to have one license server provide RDS CALs to Remote Desktop Session Host (RD Session Host) servers running various versions of Windows Server.

 

Microsoft License Server Backup and Restore

http://www.virtualizationadmin.com/articles-tutorials/terminal-services/licensing/terminal-services-license-server-high-availability-recovery-part2.html

Regardless of the backup processes you use to back up a license server, the following components must be included in the backup process:

1. System State, which will capture the activation status and identity of the license server.

2. LServer directory (%SYSTEMROOT%\System32\LServer by default), to capture the actual licensing database.

3. Repair directory (optional - %SYSTEMROOT%\Repair)

Preferably, the entire server should be backed up, including the system drive and any pertinent data drives, but items one and two above represent the minimum.

Recovering a License Server: If the servers operating system is still intact, then the recovery process may simply be to recover the last known working backup of the System State and LServer backup, and restore that information to the license server.

If the operating system is corrupt or the failure requires a complete server rebuild, you may have more work ahead.

 

Overall Citrix Services Outage Tolerance

http://www.brianmadden.com/forums/t/12996.aspx

1. License server can be down for 30 days before the farm stops accepting connections.

2. Data-store can be down indefinitely without affecting users. Although administrators will not be able to use the management consoles.

3. Zone Data Collectors automatically fails over to another server.

Redundant Citrix Licence Server

http://www.virtualization.vanbragt.net/index.php?option=com_content&view=article&id=563:the-need-ands-how-to-create-a-redundant-citrix-license-server&catid=53:how-to-articles&Itemid=468

There are three possibilities:

1. Clustering using Windows Clustering

2. Cold Standby solution;

3. Transferring the license to another IIS server.

Citrix Licence Server Clustering

To accomplish is this configuration you need at least planned nodes

1. IIS must be installed and not manually configured as a cluster resource.

2. To build this on a cluster you also need a shared disk, two NICS (one for the heartbeat and one for the Public network), virtual server name, Cluster IP Address;

3. Install Java Runtime in the normal way on both physical nodes

4. Then the installation of the license server can be started on the virtual, cluster, server. This must be done using the command line parameters. The full command line is:

5. msiexec /i <INSTALLSOURCE>:\Licensing\ctx_licensing.msi CTX_CLUSTER_RESOURCE_DLL_PATH="C:\ctxlic" REGISTER_CTX_LS_CLUSTERING="No" /l*v "<SHAREDDISKDRIVE>:\install_firstnode.log"

6. Following the wizard the Citrix License server installation program but change the destination folder to <SHAREDDISKDRVE>:\Citrix. Also set the location of the license fill within this folder (default <SHAREDDISKDRIVE:\Citrix\Licensing\MyFiles. After the installation move the virtual node to the second physical server.

The command for the second (or the other following nodes, when using more than two physical nodes) is:

7. msiexec /i <INSTALLSOURCE>:\Licensing\ctx_licensing.msi CTX_CLUSTER_RESOURCE_DLL_PATH="C:\ctxlic" REGISTER_CTX_LS_CLUSTERING="Yes" /l*v "e:\install_secondnode.log"

 

Citrix License Server Cold Standby solution

The license file contains the host name of the server which hosts the License server. Therefore the cold standby must have exactly the same name as your default license server.

But no server with the same name can be created in the Active Directory. But because the License server is based on Internet Information Server this machine does not need to a member of a domain. The best way is to run the cold standby in workgroup mode and the installation is done on standalone base or a complete separated network. Install the server completely configured including the license file imported. When your default server fails just turn the cold standby on (connected to the production LAN). Because the hostname is the same no additional configuration is needed. If you are using a CNAME check if the DNS A records are changed to the right IP address of the cold standby servername. When the default license server is available again, just power down the cold standby again and put the default server back in production.

Transferring Citrix licenses to another IIS server

The license file cannot be used because of the included hostname. But within MyCitrix.com it is possible to return license for re-allocation. In this solution return your license first and after that you reallocate them using the hostname of the other IIS server. Citrix limit the times you can return and reallocate the licenses, so this option should only be carried out when no other solutions is available. Use a CNAME name for you license server, so the only change should be made with the DNS tool.

 

Citrix Licence Server FAQ

http://support.citrix.com/proddocs/topic/licensing-1110/lic-faq.html

Can I rename the license server? No, License files run only on the license server for which they were made via the hostname.

If I upgrade my license server will it affect my license files? No. The license server and all product licenses are fully backward compatible and will not introduce any issues into your environment.

Can a single license server supply licenses to users connecting from different servers using different product editions? Yes. One license server can contain licenses for multiple editions of a Citrix product. The type of license checked out corresponds to the edition that is configured on the product server. A product server is configured to consume an edition of a license and therefore will check out that edition of a license.

 

Say hello or complain to me here:

http://www.linkedin.com/pub/dave-colvin/5/403/641

https://www.facebook.com/dave.colvin 

https://twitter.com/DaveColvin

No comments:

Blog Archive