Product Documentation

Plan for deploying the Services Manager platform

Jun 05, 2015
Updated: 2013-04-24
Before you deploy the Services Manager platform, create a deployment plan that includes the following information:
  • The composition of each server in your deployment. This includes the platform server role that will be hosted, the hardware configuration of the server, the software required to host the server role, and the configurations required for the server to function in the selected role.
  • The topology of the deployment including firewalls, required ports, and required protocols.
  • Deployment of Services Manager locations. A location is the main unit of isolation between tenants and usually corresponds to an Active Directory domain or forest. A Services Manager deployment includes at least one (primary) location. Based on your requirements, you should determine whether or not your deployment will include remote locations and, if so, the number of remote locations.
  • Whether server role installation and configuration will occur using the graphical user interface or the command line. Review the topics To configure server roles using the graphical interface and Configure server roles and locations from the command line, and document the information you will need to provide during configuration of each server role.

General platform installation guidelines

  • You can specify server addresses as an IP address, in the form server.domain.local, by environment variables, or by DNS alias. In the Services Manager Setup Tool, you can verify the required aliases are created by selecting the Check Environment Prerequisites task. If you use the command-line interface, verify the aliases before using them when installing Services Manager roles.
  • Role configuration includes specifying credentials for several Active Directory user accounts. In most cases, you can either specify the user name and password, or allow the Services Manager Configuration Tool to generate the credentials. For most user account specifications, the Configuration Tool includes the option to create the user account if the account does not already exist.
  • In the command line interface, enclose option values that contain spaces in quotation marks (for example, /LocationName:"Southeast Hub").

System databases, reporting, and the data warehouse

SQL Server 2008 R2 provides the database and reporting services required for running Services Manager. The main system database (OLM) stores configuration information for all provisioned services, as well as all customer and user details. The database also stores logging and auditing information for all provisioning transactions that are initiated. Additionally, the database acts as a caching mechanism for Active Directory, so customers experience better response times and slow directory queries are minimized.

The Reporting service for Services Manager delivers usage and billing reports to your customers and application vendors. It includes standard reports to support provisioned services and communicates directly with SQL Server Reporting Services. The Reporting service generates reports by accessing the data stored in the data warehouse.

The data warehouse stores historical provisioning data (OLMReporting) that is used for reporting. This history consists of snapshots of the provisioning data stored in the OLM database, which are created once per day and subsequently transferred to the data warehouse. The data warehouse is created when you install and configure the Reporting service. As well, the server connections required for both the Reporting service and the data warehouse are created.

The Report Mailer is a required role for sending notifications to administrators and end users, and license reporting information to Citrix. Typically, the Report Mailer role is installed on the same server as the Reporting service. The email server you specify for the Report Mailer can be specified for the Provisioning server, which also requires email capabilities. The Report Mailer role is installed and configured once for the entire Services Manager deployment, typically on a server in the primary location.

Depending on your needs, you can deploy the system databases, reporting, and data warehouse in one of the following ways:
  • A single SQL Server hosts the system databases, the Reporting service (SQL Reporting Services) and data warehouse. This is best for proof-of-concept deployments where server load is not a concern.
  • A SQL Server hosts the system databases while a separate SQL Server hosts the Reporting service and data warehouse. This avoids taxing the primary database with reporting and data storage loads.

If you are using clustered SQL servers in your Services Manager deployment, separating each server role is not required.

Reports are deployed by importing service packages. These services packages contain report definition files that are linked to the OLM and OLMReporting databases, and configuration files for the data transfer process and the data warehouse. You can deploy reports using the following methods:
  • During Report service configuration, use the Configuration Tool to import the reports from selected service packages.
  • Using the control panel, import the reports manually using the service import feature.

Service packages for all supported services are located in the Services folder on the Services Manager installation media.

Provisioning server

The Provisioning engine runs as a Windows service, monitoring queues for provisioning requests. When a request is received, it passes through a set of provisioning rules that determine which actions are required to complete the provisioning process. These rules are designed to be easily customized using the Provisioning Manager graphical interface (Start > All Programs > Citrix > Provisioning Engine > Provisioning Manager).

All provisioning processes in Services Manager are built using provisioning actions. This gives the service provider some visibility into the processes that are executed within the deployment. Examples of provisioning actions include:
  • Directory User Create: Creates an Active Directory user
  • Directory Group Create: Creates a security group in Active Directory
  • FileSystem Create Folder: Creates a folder in a file system
  • Exchange Address List Create: Creates an address list in Microsoft Exchange
  • Run Command: Runs an executable within a command shell
  • Run Script: Runs a Visual Basic script

Services Manager includes over 100 provisioning actions.

The Provisioning engine is installed on a separate server in your Services Manager deployment. Additionally, configuration of the Provisioning server includes specifying an email server for sending messages such as system updates to administrators, account notifications to end users, and usage reporting to Citrix. The email server you specify for the Provisioning server can be specified for the Report Mailer, which also requires email capabilities.

Directory web service

The Directory web service provides an interface to Active Directory. The Services Manager control panel uses this service to perform real time tasks such as user authentication and retrieving password expiration data.

In general, the Directory web service is installed on the same server that hosts the Provisioning engine. However, if you are installing the Directory web service on a domain controller, add the CortexWSUsers and Proxy USERS groups to the Allow log on locally security policy setting.
Important: For production environments, Citrix recommends installing the Directory web service on a server other than a domain controller.

When the Directory web service platform role is installed, the Citrix Csm Directory WS application pool is created as well as the CortexServices web site which hosts the Directory application. The files for the web site and applications are located at C:inetpubCortexServices.

Web server

Services Manager provides a web-based control panel for performing system administration tasks and delegating certain administration tasks to resellers and customers. The control panel is a web application (CortexWeb) that is hosted on a Web server, separate from the other servers in your deployment. The control panel interacts with other platform components as follows:
  • SQL databases: When the system is configured, customers and users are provisioned, or auditing and reporting performed, the control panel sends data to be stored in the system databases.
  • Web services: for real-time interaction with Active Directory and other hosted services.
  • Provisioning engine: When any provisioning transaction is performed, the control panel sends each request through MSMQ.

Because the control panel has no dependency on Active Directory, it can operate outside of the managed domain. The control panel's web site can be locked down and run with minimal administrative permissions without interfering with administration tasks.

When the Web server platform role is installed, the CortexMgmt application pool is created as well as the Cortex Management web site which hosts the CortexAPI and CortexDotNet applications. The files for the web site and applications are located at C:inetpubCortex Management.

Deployment summary for the primary location

The following list describes the required tasks for deploying the platform servers and creating the primary location. Depending on your requirements, your deployment might include additional tasks.
  1. Prepare the deployment environment. This includes the following tasks:
    • Provision the platform servers that will be designated as the domain controller, database server, reporting server, Provisioning server, and web server.
    • Extend the Active Directory schema using the Exchange installation media.
    • Create DNS aliases for the Provisioning, database, reporting, and web servers.
    • Open the required firewall ports on all platform servers.
    • Install .NET Framework on all platform servers. If this component is not present, the Setup Tool installs it automatically, prior to installing the server roles.
  2. Perform environment readiness checks. You can verify the extended Active Directory schema and DNS aliases. This procedure is available in the Setup Tool graphical interface; you can also perform the verifications manually. You can run this task from anywhere in the domain.
  3. Create system databases. Run this task on the server where Microsoft SQL Server is installed. In the Configuration Tool's graphical interface, you specify database information before you install the server roles. In the command line interface, you specify database information when you configure the server roles and location. All databases should be backed up and synchronized daily.
  4. Install and configure server roles. Using the Setup Tool, you install the platform server roles on the servers you designate. With the Configuration Tool, you specify the configuration settings for the installed roles.
  5. Create the primary location. Use the Configuration Tool to specify the settings for the primary location. You configure the location from the server hosting the Provisioning engine or the web server.

    An XML configuration file is used to maintain context across the Services Manager deployment. As you configure the server roles, information is read and written to the configuration file. For example, the Provisioning engine writes its own configuration information and reads where to reach the database. When you configure the primary location, the configuration file will already have information needed about the Provisioning server.

    There is one configuration file per location, although all locations can share a single database server. You configure the primary location first, then optionally, remote locations. For example, a new customer with an existing infrastructure and domain might be integrated as a remote location in the control panel. When you configure remote locations, you specify connection details, which are used to generate a new configuration file. After that, configuring a remote location is similar to configuring the primary location.

Deployment summary for remote locations

The following list describes the required tasks for deploying the platform servers that comprise a remote location.
  1. Prepare the deployment environment. This includes the following tasks:
    • Provision the servers that will be designated as the domain controller and Provisioning server. The remote location uses the web server and the database server in the primary location for control panel administration and reporting, respectively.
    • Extend the Active Directory schema using the Exchange installation media.
    • Create DNS aliases for the Provisioning, database, and web servers.
    • Open the required firewall ports on all servers to enable communication with the database server and web server in the primary location.
    • Install .NET Framework on the platform servers, to avoid interruption when installing server roles. The Setup Tool also installs this component automatically, if it is not present, when installing the server roles.
  2. Perform environment readiness checks. You can verify the extended Active Directory schema and DNS aliases. This procedure is available in the Setup Tool graphical interface; you can also perform the verifications manually. You can run this task from anywhere in the domain.
  3. Install and configure server roles. Using the Setup Tool, you select the server roles to be installed on each server. With the Configuration Tool, you specify the configuration settings for the installed roles. As with the primary location, you can install the Provisioning and Directory web service roles on the same server.
  4. Create the remote location. Use the Configuration Tool to specify the settings for the primary location. You configure the location from the server hosting the Provisioning engine or the web server. Afterward, continue configuring the remote location using the Services Manager control panel in the primary location.