Citrix Blogs

Session Reliability, Frozen Screens and The Hourglass of Death

Introduction

I’ll start by saying I should have probably published this article a long time ago.  But I didn’t because I usually only get this question about twice a year…and it was easy enough to dig up the last email from my archives and send it to the person who was asking about Session Reliability this time.  But then just this past week, I got asked about it twice.  And that’s when I take my response “public” and write an article about it.  So here it is…the intent of this article is to talk about the Common Gateway Protocol (CGP aka Session Reliability), when it should be enabled, when it should be disabled and why you probably hate staring at hourglasses and frozen screens.

The History of CGP

I always like to understand the history of things in order to understand them better, so I thought a brief trip down memory lane was in order before we dive into CGP.  As Jeff Muir describes in his “Two Port ICA” article, we developed CGP over a decade ago when Citrix was originally looking at extending the ICA protocol.  Specifically, we needed a way to wrap ICA traffic and maintain the session if a network link fails. As it turns out, network speeds and connections were pretty crappy over 10 years ago and our customers were tired of constantly being disconnected from their session and having to reconnect whenever there was any type of network blip.  So we requested a port from IANA, they assigned us 2598, we wrote CGP (and Secure Gateway) and the rest is history.

How CGP Works

The intent of this article is not to explain how CGP or Session Reliability works – we do a pretty good job of explaining how it works in this technote that’s been around for 9 years.  So I’d review that article but I’ll also give you the quick version.  When the SR feature is enabled, the ICA Client or Receiver tunnels ICA traffic inside CGP via TCP 2598.  The infamous “Citrix XTE Service” is the server-side piece of code that acts as the relay, stripping away the CGP layer and then forwarding the ICA traffic to the ICA listener on 1494.  The XTE Service is responsible for “buffering” traffic if the network link between the client and XA or XD server is broken or momentarily interrupted.  And when the network link is down and we’re buffering traffic, we indicate this to the end-user by showing a SPINNING HOURGLASS or FROZEN SCREEN.  (That was probably a mistake on our part but we’re starting to change that now with the latest releases of Receiver by using informative pop-up messages or tooltips – more on that later.)  Finally, once the network connection is restored, we stop showing that wonderful “hourglass of death” (as I’ve lovingly called it for years), we flush the buffer and the end user can continue working as normal.  So we solve the problem of dropped sessions and having to constantly reconnect if there’s a network blip, but what did we do in the process by enabling CGP?  Should you always enable CGP since it’s a DEFAULT setting?  Or should it only be used sparingly when it makes sense?  What are those scenarios where it makes sense to enable?  These are the questions I get most often and what I really want to talk about in this article.

Drawbacks of CGP and Why You Might Disable the Feature

Don’t get me wrong – there is a time and place for SR and I’ll talk about those scenarios in a minute.  But I’ll also have you know that there are some (largely) undocumented downsides to using SR or enabling CGP.  And our Consulting team ends up disabling it (or recommending to disable it) from time to time.  Why?

So, in general, if a customer has a seemingly stable network and most users are on the LAN, it might be best to disable CGP.  And if you’re using an older version of XA and legacy ICA Clients (i.e. XA 4.5 with 10.x, etc.), I might also feel stronger about disabling it.  We’ve been doing this for years at some of our largest customers without issue.  But that doesn’t mean there aren’t scenarios where it’s beneficial or where we wouldn’t recommend enabling it.  What are some of those scenarios?

Benefits of CGP and the Specific Scenarios Where it Should be Enabled

So if you are in one of the above situations, then CGP does offer some value and you probably should keep it enabled (remember, it’s enabled by default on both XA and XD so you have to explicitly disable it!).  But if you don’t find yourself in one of those scenarios, it might be best to eliminate the “middleman…and go straight to the source” as Jeff Muir puts it, and disable CGP to save precious resources.

Conclusion / Wrap-Up

I hope this article helps clear up some of the confusion around Session Reliability.  I’m also (selfishly) glad I finally captured all this information on paper so I can simply point to a URL instead of digging through my email archives in the future.  But please let me be clear and allow me to make one final point – I am not recommending to disable CGP.  In fact, one of the other reasons I wanted to write this article was because I saw several of our field Consultants “blindly” recommending to disable CGP.  And I would always fire back at them and say that we should not be preaching that, especially without proper justification.  There is a time and place for CGP as I said earlier (and as many of you have already stated in the Comments section below).  And we have really improved CGP over the last year in particular.  So I hope this article creates some awareness and makes people THINK about whether CGP should be used or not.  I also hope this makes more of our customers TEST with and without CGP to see how it works and if it makes sense to enable in their particular environment.  That’s my dream anyway – a world where people think critically and test properly. 😉

Thanks for reading and stay tuned for a follow-up article where we dig into some traces with CGP enabled vs. disabled…I had originally planned to publish that information as part of this article, but after our first few traces, things have changed a bit and CGP looks a bit different than it did a couple years ago. Much of this has to do with the IMA-less XD architecture (5.x+) where we completely re-wrote the XTE service and supporting protocols.

Cheers, Nick

Nick Rintalan

Senior Architect, Citrix Consulting

Exit mobile version