Additionally, Citrix strongly recommends using SSL with the Encryption Service. Because the traffic to and from the service contains sensitive data, using SSL ensures this traffic is encrypted appropriately.
When you install Services Manager components or services, the Configuration Tool attempts to discover the Encryption Service's encrypted key. For successful discovery, the Encryption Service must be correctly configured and you must be a member of the Domain Admins group or the CortexWSUsers group. If you do not belong to these groups, discovery fails and the Configuration Tool prompts you to import the key manually. To create a key file, you must be a member of the Domain Admins or CortexWSUsers group. For more information about creating a key file, see Generate and export keyfiles for the Encryption Service.
Microsoft SQL Server provides the database and reporting services required for running Services Manager. The main system database (OLM) stores configuration information for all provisioned services, as well as all customer and user details. The database also stores logging and auditing information for all provisioning transactions that are initiated. Additionally, the database acts as a caching mechanism for Active Directory, so customers experience better response times and slow directory queries are minimized.
The Reporting service for Services Manager delivers usage and billing reports to your customers and application vendors. It includes standard reports to support provisioned services and communicates directly with SQL Server Reporting Services. The Reporting service generates reports by accessing the data stored in the data warehouse.
The data warehouse stores historical provisioning data (OLMReporting) that is used for reporting. This history consists of snapshots of the provisioning data stored in the OLM database, which are created once per day and subsequently transferred to the data warehouse. The data warehouse is created when you install and configure the Reporting service. As well, the server connections required for both the Reporting service and the data warehouse are created.
The Report Mailer is a required role for sending notifications to administrators and end users, and license reporting information to Citrix. Typically, the Report Mailer role is installed on the same server as the Reporting service. The email server you specify for the Report Mailer can be specified for the Provisioning server, which also requires email capabilities. The Report Mailer role is installed and configured once for the entire Services Manager deployment, typically on a server in the primary location.
If you are using clustered SQL servers in your Services Manager deployment, separating each server role is not required.
Service packages for all supported services are located in the Services folder on the Services Manager installation media.
The Provisioning engine runs as a Windows service, monitoring queues for provisioning requests. When a request is received, it passes through a set of provisioning rules that determine which actions are required to complete the provisioning process. These rules are designed to be easily customized using the Provisioning Manager graphical interface (Start > All Programs > Citrix > Provisioning Engine > Provisioning Manager).
Services Manager includes over 100 provisioning actions.
The Provisioning engine is installed on a separate server in your Services Manager deployment. Additionally, configuration of the Provisioning server includes specifying an email server for sending messages such as system updates to administrators, account notifications to end users, and usage reporting to Citrix. The email server you specify for the Provisioning server can be specified for the Report Mailer, which also requires email capabilities.
The Directory web service provides an interface to Active Directory. The Services Manager control panel uses this service to perform real time tasks such as user authentication and retrieving password expiration data.
When the Directory web service platform role is installed, the Citrix Csm Directory WS application pool is created as well as the CortexServices web site which hosts the Directory application. The files for the web site and applications are located at C:inetpubCortexServices.
Because the control panel has no dependency on Active Directory, it can operate outside of the managed domain. The control panel's web site can be locked down and run with minimal administrative permissions without interfering with administration tasks.
When the Web server platform role is installed, the CortexMgmt application pool is created as well as the Cortex Management web site which hosts the CortexAPI and CortexDotNet applications. The files for the web site and applications are located at C:inetpubCortex Management.
The eCommerce SDK consists of two web services that expose APIs for configuration and querying usage. The Configuration API enables you to perform tasks such as creating new customers or suspending a customer account. The Usage API enables you to view historical usage data.
Install the eCommerce SDK after you have installed all other platform server roles. As with the other server roles, you install the SDK using the Setup Tool and Configuration Tool.
By default, the eCommerce SDK files are located in the C:Program Files (x86)CitrixCortexeCommerceSDK directory. The installation includes the eCommerce SDK User Guide, which provides an API reference, sample reports, code samples, and troubleshooting guidance.
An XML configuration file is used to maintain context across the Services Manager deployment. As you configure the server roles, information is read and written to the configuration file. For example, the Provisioning engine writes its own configuration information and reads where to reach the database. When you configure the primary location, the configuration file will already have information needed about the Provisioning server.
There is one configuration file per location, although all locations can share a single database server. You configure the primary location first, then optionally, remote locations. For example, a new customer with an existing infrastructure and domain might be integrated as a remote location in the control panel. When you configure remote locations, you specify connection details, which are used to generate a new configuration file. After that, configuring a remote location is similar to configuring the primary location.