Advertisements

Category Archives: NetScaler

Updated NetScaler 10.5 Content Switching


First I want to say it’s been awhile since I wrote up an article back on NetScaler 9.3 Code, not much has changed but just enough I figured I would write up one for 10.5 Code.

 

First login to your NetScaler, Expand Traffic Management, Load Balancing, and Click on Servers. Click Add

In this example we will be using Domain Name, this Requires DNS to be configured prior to this step. Note the Server Name Field is just for Display proposes, and the Domain, is the FQDN of the Backend Server we are wanting to utilize.

Next we Need to Create a Service to Bind to the Backend Server, Click Services, And Click Add

The Service Name is just a Display Name, Select Existing Server, Select the Server you created in the Above Step, Select the Correct Protocol, And port number.

Click Continue

Click Done

Click Virtual Servers, Click Add

Name is again just a Display Name, Select Protocol, and in this Example we are going to use Non Addressable for the Type

Click Continue, Click on the No LBVserver Binding

Click Bind

Click The Service we created earlier, Click Insert

Click Save

Click Continue

Click Policies

Click the Plus Sign

Select Cache Policy, Leave Type as Request, Click Continue.

Click Bind

Select the No Cache Reset Policy, Click Insert

Click Ok

Click Done

Now to change it up, Click On Content Switching, Click on Actions, Click Add

The Name Is just a display name, Select the vServer We created from the Dropdown List, Click Create

Click Policies, Click Add

The Name is yet again, just a display name, Select the Action we just created, now for the Magic, In the Expression field, HTTP.REQ.HOSTNAME.CONTAINS(“NameToFilterAgaist”), Click Create

Select Virtual Servers, Select HTTP, Click Edit

Click Content Switching Policies

Click Bind

Select The Policy we just created and Click Insert

Click Ok

Click Done

That’s it, Now as long as your Domain Name and IP all match you should get to your Backend Site.

 

Thanks for reading

 

 

Advertisements

NetScaler Content Switching How-To Video


NetScaler VPX Install and Web Interface


VPX Install

First you will need to download the latest VPX Appilance from http://www.citrix.com (a mycitrix is required)



You will also need to download the Web Interface components

You will need a VM with at least 4GB of RAM to support more than 3 Sites

Once you have imported the machine, Open the console to setup, you will prompt for the following:

IP Address

Subnet

Default Gateway

Once you have configured the IP Address, enter that into a browser. (Java Required)

You will get a login page simply type nsroot and nsroot, username and password

It is highly recommended to change the Default password

Install Citrix License

You will need to find the Interface on the NetScaler with the lowest MAC Address

Under the Network Folder, > Interfaces


Copy the lowest MAC address

Now go back to your mycitrix account and allocate a NetScaler License

Note if you want to use an Express License


Click on NetScaler VPX Express

About half way through the page you should find a link to Get License


It should be right in-between the Appliances and the Builds/Upgrade packages.

Run through the Allocation Wizard and download the new License file.


Expand the System Folder, and then select Licenses

At the Bottom left of the Frame you should see Manage Licenses…

Click Add… Select the license file you just created and Downloaded, Click Select

Click OK

The device will reboot for the license to take affect

Once it has rebooted, log back in


Expand System and Select Settings


Click on Configure modes


Make sure all the options from the above Screen shot are all checked.


Click Yes to the warning

Click Configure basic features

Make sure all the options from the above Screen shot are all checked.

Click Yes to the warning

Select Web Interface folder

Click On Web Interface

Click Install Web Interface

Click the Dropdown arrow to the right of “Browse (Appliance)” and select Local


Select nswi-1.3.tgz, and click Open


Select diablo-latte-freebsd6-amd64-1.6.0_07-b02.tar.bz2, and Click Open


Click Install,

(Note: if default to 25 sites you will have to have at least 4GB of RAM installed for the VPX otherwise this will error out.)


Web Interface Configuration

Login to the NetScaler and Expand the Web Interface Folder


Select Sites


    Click Add.. at the bottom of the Frame


Click Next


Enter the IP address of the Web Interface Server VIP. Check the Box Enable access through mobile receiver, Click Next


Enter in the XenApp servers here, Just the Data Collectors


    Click next, after you have entered all the Data Collectors






    Highlight the Web Interface Site you just created


    Click on the WebInterface.conf… link at the bottom of the Frame


    Remove the # from the beginning of the Line, and add your Domain Name removing everything else… Click Save


    You will receive a warning, Click Yes


    Click the Add Button at the Bottom of the Frame


    Click Next


    Select XenApp Service Site, Click the Dropdown for Virtual Server, and Select the previously Created Server, Note should be listening on port 80, Click Next


    Click the Add, and add all Data Collectors, Click Next


    Click Finish


    Click Exit

Select the PNA Site (XenApp Service Site)


    Click the config.xml… Button at the bottom of the Frame


    Change the <LogonMethod> from Prompt to Pass-Through, Click Save


    Click Yes to the Warning Message


NetScaler Access Gateway Session Timeout


First log into your NetScaler, Navigate to your Session Profile you want to change the default Session Timeout.  The below screen shot we are extended the Default 20 minute Timeout to 4 Hours (240 Minutes)

Once we change the value on the NetScaler we need to change the Timeout value on the Web Interface Server(s).  Screen shot below shows the configuration Screen.

Also note if you are using a Load Balanced VIP for your Web Interface Servers (Highly Recommended if your not).  You will want to change the Persistent cookie timeout value to match.

 

Thanks for reading hope this helps

 

NetScaler Clientless Access Filtering


So I have done some posts before on Content Filtering with the NetScaler this is just bringing it to the next level, and giving your VPN a little extra security and control.

First Start off by creating or using an existing Access Gateway Virtual Server. Now unlike most Virtual Servers we aren’t going to configure anything within the VS. Everything we do is going to be focused on Groups or Users.

Click Add under the Groups section

Type in a Group Name in this example I am using “TEST_LOCKDOWN” (note: this group should match an Active Directory Group)

We aren’t going to select any users.

Click the Authorization Tab

Click Insert Policy

Click New Policy…

Name it and select Deny, now click the Add… Button

Completed Policy… To Deny access to Site1.ntcrash.biz

Now to allow access to all other sites at ntcrash.biz

Click Insert Policy…

We followed the exaxt same steps as we did for the DENY rule but this time we just add the domain ntcrash.biz and select ALLOW

Also Notice Very Important Step We want the ALLOW Rule to be checked after the DENY Rule notice the Priority of the above Rules.

Click, now to add the Clientless access part. Select the Policy Tab, Click the Session Module

Click Insert Policy, We already had one, double click on Profile

So Notice in this example we are going to DENY access to the Web Interface Server… But allow the home page to come through.

You could be using Bookmarks or any other type of Clientless access methods but this will always DENY access to site1.ntcrash.biz

Thanks for reading, please comment or contact me if you have any questions.

Citrix NetScaler and Universial Licenses


SSH to the NetScaler run the following.

Show hostname

Cd /nsconfig

Vi rc.config

Both should be the same, but the rc.config is going to be the one that is used by the licensing service.

 
 

Thanks

SmartCard Pass-Through via NetScaler 9.2 Access Gateway


Ok so here is the first part with ALOT more to come after some fine tuning tomorrow…

Environment Run down:
XenApp 4.5, Web Interface 5.3, and NetScaler 9.2 this can be a VPX box.. Now for the fun stuff.

  • First you will need to install IIS on a Win2k3 box yes this can be 64bit, that is what I have been using
  • Change IIS port to match Current Farm’s XML Port, Restart IIS
  • Now install XenApp 4.5, during the install select share XML port with IIS
  • Now install Web Interface 5.3
  • Create a site with the Access Gateway being the Authentication point (you will need at least a self-signed cert for this step for IIS)
  • You will then want to select SmartCard, and SmartCard Pass-through (you will need to restart the server for this to take affect)
  • Add the local machine as for the XML Service provider under the Site’s Farm Settings
  • Add the local machine as the STA for Secure access

Now to the NetScaler

  • Create an Authentication server using only Cert, then select Principal Name
  • Create a virtual server
  • Select the Server you create above as the authentication method
  • Create a policy set it for ICA Proxy, then point to the Site you create above…

Things should now work

I will be posting a more detailed HOW-TO guide with a video for at least part if not all steps required.

Setting up a NetScaler for URL Redirection


Here are the steps involved in setting up URL Redirection…

Usage cases:

1. One public IP and multiple services requiring the same port number

Example:

  1. http://www.domainname.com -> Web Server01 on port 80
  2. blog.domainname.com -> Web Server02 on port 80

As you can see in most case you would need to Public IP addresses to get this completed however using Content Switching on the NetScaler you can simply make this happen with One Public IP

What you will need to do is the following:

  1. Login to your NetScaler
  2. Click on Content Switching
  3. Create a Virtual Server (This is going to be your Public Server)
  4. Create a Policy with the following, -> Name = WWW or BLOG (this is just a friendly name), Domain = http://www.domainname.com, Rule = nstrue
  5. Repeat step 4 for as many URL Headers as you need redirected
  6. Now for the fun stuff…
  7. Click on Load Balance
  8. Create a Server, Service, and Virtual Server for the above backend servers
  9. Now back to Content Switching…
  10. Open the Virtual Server you created in Step 3
  11. Now add the policies you created in step 4
  12. Now for each Policy you add, add the Virtual Server(s) you created in step 8
  13. Before testing make sure your DNS entries are set correctly so http://www.domainname.com should point to the Virtual Servers IP you created in Step 3 or atleast the NAT’ed address.
  14. Now Time to Test launch a Web Browser and browse to http://www.domainname.com and blog.domainname.com

I will be adding a video about this configuration shortly, also I will be adding a blog about NAT’ing

Here is the link to the Interactive HOW-TO Video http://blog.ntcrash.biz/FlashVideos/NetScaler URL Redirect.htm

%d bloggers like this: