Wilco van Bragt - LinkeIn Wilco van Bragt - Twitter rssa 

iShadow 2.0

Working in large infrastructures with more Citrix Farms and/or lots of Terminal Servers, you would like to have some kind of delegation of control to the different IT roles within the department, preferably to give these roles one tool, where they can do al their day by day tasks.

Or you working in a environment with just a few administrators and you are getting nuts of the day by day tasks. You would like to give some key-users some options to do those tasks for you, but do not want to give them additional permissions on your system.

Within above described scenario's the standard tools could me limit the administration and manageability of the environment. Teknica Software developed iShadow to get rid of the limitations of the standard tooling.

With iShadow you can manage multiple Citrix farms and Windows Terminal Servers from one single console. The best options within iShadow are:
-
Multi-Windowed shadowing
- Process monitoring
- Reporting
- Printer Audit
- Server and Session Management
Also iShadow is build up modular, so you can configure a dedicated  specific console for separate roles within the company.

Installing iShadow

IShadow installation just exists of one executable. It preferable to install the program on your Citrix servers, because it is also using MFCom object (a Citrix tool to "talk" to the datastore) sometimes. You need to install the tool manual on one server. Within the installation you can not choose where to install the product, is just install within the Program Files folder. It is possible to install iShadow silently using the /s parameter. It is also possible to deploy the iShadow program to other servers via the configuration console of iShadow. iShadow is not completely dependent from ICA services and MFCom, so if  the IMA service fails the program still works.

Configuring the iShadow environment

As mentioned before iShadow is a management console where the "almighty admin"  decides which persons or roles are getting access to which components. To configurations for the console for this persons/roles need to be done via iShadow Configuration tool.

Image

The first step (except adding licenses) is to discover Citrix and or Terminal Servers within the infrastructure. It is possible to add server from several domains or workgroups. After adding the servers for administrator and monitoring via iShadow you need to add so called Impersonators. This impersonator option is very useful. In this option you can add several accounts, which will be used by the users using the console to do the actions. In this way the accounts of the iShadow users does not to have administrative rights to do the actions, because the actions are done via the selected impersonator account.

Within the profiles tab as many profiles as needed can be created. This profile will, just like the impersonator options, be linked to a user or user group. All options available in the console can be add or removed from the profile. Nice options within the profile tab is to automatically publish the profile as published application and standard roles to apply to the profile.

In big environments you can imagine that not all users may access all servers, within the iShadow infrastructure. To ensure that persons only can access the systems they are allowed, filters can be setup to allow access to which server and what kind of connections (ICA or RDP) and which users(groups) the iShadow user can administrator from the console.




The last step is to add users and/or usergroups which can use the iShadow console. When adding a user or group all earlier settings are linked to that user or group. So per user(group) you specify which impersonator account should be used, which profile will be linked and additional a filter can be configured. Also an start date and/or a expiration date can be set to the user(group).

After configuring all above mentioned settings and linked these to your user and/or groups, these settings need to be deployed to your server management by iShadow. This will be done using the auto deployment option within the configuration tool. Deploying a change to your servers involves specifying the iShadow installation executable. The deployment tool checks if iShadow is already installed on the target server (or an earlier version is available), installs the programs if necessary and add the new configuration to the program. 

Managing your SBC environment with iShadow

After all configuration task the IT employees can use iShadow to administrator and monitor the by iShadow controlled.  Depending of the applied profile and filter the employee will be supplied with a console for doing his day by day tasks.

Image

In a bird's-eye view I will show you most possibilities within the console.
Farm Management
For all farms available within iShadow several (but not all) settings can be changed on Farm level. Settings like Speedscreen, Connection limits, Printerdriver configuration and ICA settings are available for configuration.
Server Management
Within iShadow you can enable/disable logons, reboot or shutdown your server out of the tool. Also server monitoring is available to monitor services and processes with alarm function.

Session Management
RDP and ICA sessions can be monitored from multiple Citrix farms and Windows Terminal servers. All standard options like log-off, disconnecting and sending a message are available. But iShadow adds multiple Windows shadowing and extended session properties with lots of information about the session of the user. Lots of options can be appliedto a selection of users.
Printer Management
Per session or the IT employee can view which printers are created (network or auto created client printer) including possible errors. Out of the tool the printer can be paused, restarted or deleted. Print jobs can also be cleared out of queue.
Process Monitoring
On server or user level processes can be monitored. The process monitor shows lots of information like manufacture name, date file, size icons and one of the most useful the complete path where the process is located. Off course CPU and memory usage is displayed and the process can be terminated using the iShadow console.
Reporting
For all above mentioned options a simple report can be made in several formats.

Conclusion

If your company has one of the scenario's as described above (a large IT-infrastructure or a company where key users needs some additional management tasks) iShadow can be very useful.

Because of the excellent filtering capabilities and the possibility to use another account which is used to perform the tasks, the iShadow administrator can setup a nice kind of Delegation of Control. Besides that iShadow adds some nice features like multiple Farm and multiple protocol support Printer Audit, Process Monitoring and Server Management.

If you are using iShadow for IT personal in large infrastructures it is a pity that iShadow can not be used as a single point of administration. Not all settings available in the standard tools are available within iShadow so some IT employees need to have access to these tools. iShadow is not pretending to deliver all-inclusive administrator functionality, but it would be (in my opinion) wonderful if these options were available.

The product is especially build for giving key end-users (no IT personal) possibilities to carry out some day by day IT tasks. Considering these tasks the product leans on two thought, because some advanced administration tools like rebooting a server or changing Metaframe settings normally are not tasks you want to delegate to normal end users.

Advantages
- Multiple Farm and RDP support Multiple Window shadowing
- Printer Audit and Process Monitoring
- Delegation of Control without adding permissions to the user account

Disadvantages
- No single point of administration for all tasks (reminder: the product is not developed with this view)
- No option to change the installation path
- Product leans on two thoughts

IShadow