← Back to Projects

Azure Native Citrix Login Monitor

Architecture

The Azure Native Citrix Login Monitor system provides comprehensive monitoring and analysis capabilities for Citrix and Azure environments integrated with Azure Active Directory.

Key Components

  • Real-time login event capture engine
  • Session monitoring and health checking
  • Data export and reporting modules
  • Alert and notification system
  • Diagnostic and troubleshooting tools

Architecture Diagram

Enhanced Architecture Diagram

flowchart TD
    subgraph TRIGGER ["🕒 ORCHESTRATION LAYER"]
        A["⏰ <b>Azure Logic App</b><br/><i>Scheduled Trigger</i><br/><small>Recurrence: Every 5-15 min</small><br/><small>Status: Active</small>"]
    end
    
    subgraph AUTOMATION ["🤖 AUTOMATION LAYER"]
        B["🔧 <b>Azure Automation Account</b><br/><i>PowerShell Runbooks</i><br/><small>Managed Identity Auth</small><br/><small>Module Management</small>"]
    end
    
    subgraph ONPREM ["🏢 ON-PREMISES EXECUTION"]
        C["💻 <b>Hybrid Runbook Worker</b><br/><i>Windows Server Host</i><br/><small>Domain-Joined</small><br/><small>Citrix PowerShell SDK</small><br/><small>Secure Channel</small>"]
        E["🎯 <b>Citrix Delivery Controller</b><br/><i>Session Management</i><br/><small>Domain Authentication</small><br/><small>Real-time Session Data</small>"]
        F["⚡ <b>PowerShell SDK</b><br/><i>Get-BrokerSession</i><br/><small>Session Properties</small><br/><small>User Information</small>"]
    end
    
    subgraph CLOUD ["☁️ AZURE CLOUD EXECUTION"]
        D["🌥️ <b>Cloud Runbook</b><br/><i>Azure Sandbox</i><br/><small>Managed Identity</small><br/><small>Microsoft Graph SDK</small>"]
        G["🔐 <b>Microsoft Entra ID</b><br/><i>Sign-in Logs API</i><br/><small>Graph API Endpoint</small><br/><small>OAuth 2.0 Auth</small>"]
        H["📊 <b>Microsoft Graph SDK</b><br/><i>Get-MgAuditLogSignIn</i><br/><small>Risk Assessment</small><br/><small>Location Data</small>"]
    end
    
    subgraph DATAPROC ["📄 DATA PROCESSING"]
        I["📝 <b>JSON Output - Citrix</b><br/><i>Session Properties</i><br/><small>User & Machine Data</small><br/><small>Timestamp Information</small>"]
        J["📝 <b>JSON Output - Entra ID</b><br/><i>Sign-in Properties</i><br/><small>Risk & Location Data</small><br/><small>Device Information</small>"]
        K["🔄 <b>Logic App - Citrix Parser</b><br/><i>Data Transformation</i><br/><small>Schema Mapping</small><br/><small>Data Validation</small>"]
        L["🔄 <b>Logic App - Entra Parser</b><br/><i>Data Transformation</i><br/><small>Schema Mapping</small><br/><small>Data Validation</small>"]
    end
    
    subgraph DATABASE ["🗄️ DATA STORAGE"]
        M["💾 <b>Logic App - Citrix Insert</b><br/><i>CitrixSessions Table</i><br/><small>Session Duration</small><br/><small>NTFS Permissions</small>"]
        N["💾 <b>Logic App - Entra Insert</b><br/><i>EntraSignIns Table</i><br/><small>Risk Analysis</small><br/><small>Geo-location</small>"]
        O["🏛️ <b>Azure SQL Managed Instance</b><br/><i>Unified Login Database</i><br/><small>Cross-System Analytics</small><br/><small>TDE Encryption</small>"]
        P["👥 <b>UnifiedUsers Table</b><br/><i>User Correlation Engine</i><br/><small>Activity Tracking</small><br/><small>Behavior Analytics</small>"]
        Q["📊 <b>Reporting Views</b><br/><i>vw_CombinedLoginActivity</i><br/><small>vw_UserActivitySummary</small><br/><small>Query Optimization</small>"]
    end
    
    subgraph ANALYTICS ["📈 ANALYTICS & REPORTING"]
        R["📊 <b>Power BI Dashboards</b><br/><i>User Activity Analytics</i><br/><small>Security Risk Analysis</small><br/><small>Performance Metrics</small>"]
        S["🔍 <b>Azure Analytics Workspace</b><br/><i>Log Analytics</i><br/><small>Custom KQL Queries</small><br/><small>Alert Management</small>"]
        T["📋 <b>Compliance Reporting</b><br/><i>Audit Trail System</i><br/><small>Login Pattern Analysis</small><br/><small>Retention Policies</small>"]
    end
    
    A --> B
    B --> C
    B --> D
    C --> E
    C --> F
    D --> G
    D --> H
    F --> I
    H --> J
    I --> K
    J --> L
    K --> M
    L --> N
    M --> O
    N --> O
    O --> P
    O --> Q
    Q --> R
    Q --> S
    P --> T
    
    classDef triggerNode fill:#e3f2fd,stroke:#0078d4,stroke-width:3px,color:#000
    classDef automationNode fill:#e8f5e8,stroke:#107c10,stroke-width:3px,color:#000
    classDef hybridNode fill:#fff3e0,stroke:#ff9800,stroke-width:3px,color:#000
    classDef cloudNode fill:#e1f5fe,stroke:#00bcd4,stroke-width:3px,color:#000
    classDef apiNode fill:#f3e5f5,stroke:#9c27b0,stroke-width:3px,color:#000
    classDef dataNode fill:#f9f9f9,stroke:#666666,stroke-width:3px,color:#000
    classDef processNode fill:#e0f2f1,stroke:#009688,stroke-width:3px,color:#000
    classDef dbNode fill:#f1f8e9,stroke:#689f38,stroke-width:3px,color:#000
    classDef reportNode fill:#ffebee,stroke:#f44336,stroke-width:3px,color:#000
    
    class A triggerNode
    class B automationNode
    class C,E,F hybridNode
    class D,G,H cloudNode
    class I,J,K,L dataNode
    class M,N processNode
    class O,P,Q dbNode
    class R,S,T reportNode

Benefits

  • Proactive identification of authentication issues
  • Comprehensive audit trail for compliance
  • Improved user experience through faster issue resolution
  • Data-driven insights for infrastructure optimization