Product Documentation

Infrastructure services

Jun 28, 2017

There is currently one infrastructure service:

Norskale Infrastructure Service (NT SERVICE\Norskale Infrastructure Service) : Manages WEM Infrastructure services. Account: LocalSystem or specified user account.

Install the infrastructure services

Important

Workspace Environment Management infrastructure services cannot be installed on a domain controller. Kerberos authentication issues prevent the infrastructure service from working in this scenario.

To Install the infrastructure services, run Citrix Workspace Environment Management Infrastructure Services v4.03.00.00 Setup.exe on your infrastucture server. The infrastructure services install into the following default directory: C:\Program Files (x86)\Norskale\Norskale Infrastructure Services.

You can customize your installation using the following arguments:

AgentPort: The infrastructure services setup runs a script that opens firewall ports locally, to ensure that the agent network traffic is not blocked. The AgentPort argument allows you to configure which port is opened. The default port is 8286. Any valid port is an accepted value.

AgentSyncPort: The infrastructure services setup runs a script that opens firewall ports locally, to ensure that the agent network traffic is not blocked. The AgentSyncPort argument allows you to configure which port is opened. The default port is 8285. Any valid port is an accepted value.

AdminPort: The infrastructure services setup program runs a script that opens firewall ports locally, to ensure that the agent network traffic is not blocked. The AdminPort argument allows you to configure which port is opened. The default port is 8284. Any valid port is an accepted value.

The syntax for these install arguments is:

"path:\to\Citrix Workspace Environment Management Infrastructure
Services v4.03.00.00 Setup" /v"argument1=\"value1\" argument2=\"value2\""

Create SPNs

Note

When you are using load balancing, all instances of the infrastructure services must be installed and configured using the same service account name.

After the installer is finished, create a Service Principal Name (SPN) for the infrastructure service. Use the command that is applicable to your environment:

  • You do not use Windows authentication or load balancing:

setspn -C -S Norskale/BrokerService [hostname]

where [hostname] is the name of the infrastructure server.

  • You use Windows authentication or you use load balancing (which requires Windows authentication):

setspn -U -S Norskale/BrokerService [accountname]

where [accountname] is the name of the service account that is being used for Windows authentication.

SPNs are case-sensitive.

Configure load balancing

To configure Workspace Environment Management with a load balancing service:

  1. Create a Windows infrastructure service account for the Workspace Environment Management infrastructure service to connect to the Workspace Environment Management database.
  2. When you create the Workspace Environment Management database, select the option Use Windows authentication for infrastructure service database connection and specify the infrastructure service account name. [See Create a Workspace Environment Management Database.]
  3. Configure each infrastructure service to connect to the SQL database using Windows authentication instead of SQL authentication: select the option Enable Windows account impersonation and provide the infrastructure service account credentials. [See Configure the Citrix Workspace Environment Management Infrastructure Services.]
  4. Configure the Service Principal Names (SPNs) for the Workspace Environment Management infrastructure services to use the infrastructure service account name. [See Create SPNs.]
  5. Create a virtual IP address (VIP) that covers the number of infrastructure servers you want to put behind a VIP. All the infrastructure servers covered by a VIP are eligible when agents connect to the VIP.
  6. When you configure the Agent Host Configuration GPO, set the infrastructure server setting to the VIP instead of the address for any individual infrastructure server. [See Configure the Agent.]
  7. Session persistence is required for the connection between administration consoles and the infrastructure service. (Session persistence between the agent and the infrastructure service is not required.) Citrix recommends that you directly connect each administration console to an infrastructure service server, rather than using the VIP.

Create a Workspace Environment Management database

Use the Norskale Database Management Utility to create the database. This is installed during the infrastructure services installation process, and it starts immediately afterwards.

Note: If you are using Windows authentication for your SQL Server, run the database creation utility under an identity that has sysadmin permissions.

1. If the Database Management Utility is not already open, from the Start menu select Citrix>Workspace Environment Management>Database Management>Database Management Utility.

localized image

2. Click Create Database.

localized image

3. Type the following Database Information, then click Next:

Server and instance name. Address of the SQL Server on which the database will be hosted. This address must be reachable exactly as typed from the infrastructure server. Type server and instance name as the machine name, fully qualified domain name, or IP address. Specify a full instance address as serveraddress,port\instancename. If port is unspecified the default SQL port number (1433) is used.

Database name. Name of the SQL database to create.

Data file: path to the .mdf file location on the SQL Server.

Log file: path to the .ldf file location on the SQL Server.

Note. The database management utility cannot query your SQL Server for the default location of the data and log files. They default to the default values for a default installation of MS SQL Server. Make sure that the values in these two fields are correct for your MS SQL Server installation or the database creation process will fail.

localized image

4. Provide Database Server Credentials which the wizard can use to create the database, then click Next. These credentials are independent from the credentials the infrastructure service uses to connect to the database after it is created. They are not stored.

The option Use integrated connection is selected by default. It allows the wizard to use the Windows account of the identity it is running under to connect to SQL and create the database. If this Windows account does not have sufficient permissions to create the database, you can either run the database management utility as a Windows account with sufficient privileges, or you can clear this option and provide an SQL account with sufficient privileges instead.

localized image

5. Enter VUEM Administrators and Database Security details, then click Next. The credentials you provide here are used by the infrastructure service to connect to the database after it is created. They are stored in the database.

Initial administrator group. This user group is pre-configured as Full Access administrators for the Administration Console. Only users configured as Workspace Environment Management administrators are allowed to use the administration console. Specify a valid user group or you will not be able to use the administration console yourself.

Use Windows authentication for infrastructure service database connection. When this option is cleared (the default) the database expects the infrastructure service to connect to it using the vuemUser SQL user account. The vuemUser SQL user account is created by the installation process. This requires Mixed-Mode Authentication to be enabled for the SQL instance.

When this option is selected, the database expects the infrastructure service to connect to it using a Windows account. In this case the Windows account you select must not already have a login on the SQL instance. In other words, you cannot use the same Windows account to run the infrastructure service as you used to create the database.

Set vuemUser SQL user account password. By default, the vuemUser SQL account is created with an 8-character password which uses upper and lower case letters, digits, and punctuation. Select this option if you want to enter your own vuemUser SQL account password (for example, if your SQL policy requires a more complex password).

Important: If you set your own password here, remember to specify the same password when you configure the infrastructure service.

localized image

6. Review the settings you have selected, and when you are satisfied click Create Database.

7. When you are notified that the database creation has completed successfully, click Finish to exit the wizard.

If there is an error during the database creation, check the log file "Citrix WEM Database Management Utility Debug Log.log" in the infrastructure services installation directory.

Configure the infrastructure service

Before the infrastructure service runs, you must configure it using the Infrastructure Service Configuration utility.

1. From the Start menu select Citrix>Workspace Environment Management>Broker Service Configuration.

localized image

2. In the Database Settings tab enter the following details:

Database server and instance. Address of the SQL Server instance on which the Workspace Environment Management database is hosted. This must be reachable exactly as typed from the infrastructure server. Specify a full instance address as "serveraddress,port\instancename". If port is unspecified the default SQL port number (1433) is used.

Database failover server and instance. If you are using database mirroring, specify the failover server address here.

Database name. Name of the Workspace Environment Management database on the SQL instance.

localized image

3. In the Network Settings tab type the ports the infrastructure service uses:

Administration port. This port is used by the administration console to connect to the infrastructure service.

Agent service port. This port is used by your agent hosts to connect to the infrastructure service.

Cache synchronization port. This port is used by the agent service to synchronize its cache with the infrastructure service.

WEM monitoring port. [Not currently used.]

localized image

4. In the Advanced Settings tab, enter impersonation and automatic refresh settings.

Enable Windows account impersonation. By default, this option is cleared and the infrastructure service uses mixed-mode authentication to connect to the database (using the SQL account vuemUser created during database creation). If you instead selected a Windows infrastructure service account during database creation, you must select this option and specify the same Windows account for the infrastructure service to impersonate during connection. The account you select must be a local administrator on the infrastructure server.

Set vuemUser SQL user account password. Allows you to inform the infrastructure service of a custom password configured for the vuemUser SQL user during database creation. Only enable this option if you provided your own password during database creation.

Infrastructure service cache refresh delay. Time (in minutes) before the infrastructure service refreshes its cache. The cache is used if the infrastructure service is unable to connect to SQL.

Infrastructure service SQL state monitor delay. Time (in seconds) between each infrastructure service attempt to poll the SQL server.

Enable debug mode. If enabled, the infrastructure service is set to verbose logging mode.

Use cache even if online. If enabled, the infrastructure service always reads site settings from its cache.

localized image

5. You can use the Database Maintenance tab to configure database maintenance.

Enable scheduled database maintenance. If enabled, this setting deletes old statistics records from the database at periodic intervals.

Statistics retention period. Determines how long user and agent statistics are retained.

System monitoring retention period. Determines how long system optimization statistics are retained.

Execution time. Determines the time at which the database maintenance action is performed.

localized image

6. You can optionally use the Licensing tab here to specify a Citrix License Server during infrastructure service configuration. If you do not, when an administration console connects to a new Workspace Environment Management database for the first time, you will need to enter the Citrix License Server credentials in the About tab of the administration console
ribbon. The Citrix License Server information is stored in the same location in the database in both cases.

Global license server override. Enable this option to enter the credentials of the Citrix License Server used by Workspace Environment Management. Information you enter here will override any Citrix License Server information already in the Workspace Environment Management database.

After the infrastructure services are configured to your satisfaction, click Save Configuration to save these settings and then exit the Infrastructure Services Configuration utility.