Category Archives: NetScaler
First I want to say it’s been awhile since I wrote up an article back on NetScaler 9.3 Code, not much has changed but just enough I figured I would write up one for 10.5 Code.
First login to your NetScaler, Expand Traffic Management, Load Balancing, and Click on Servers. Click Add
In this example we will be using Domain Name, this Requires DNS to be configured prior to this step. Note the Server Name Field is just for Display proposes, and the Domain, is the FQDN of the Backend Server we are wanting to utilize.
Next we Need to Create a Service to Bind to the Backend Server, Click Services, And Click Add
The Service Name is just a Display Name, Select Existing Server, Select the Server you created in the Above Step, Select the Correct Protocol, And port number.
Click Virtual Servers, Click Add
Name is again just a Display Name, Select Protocol, and in this Example we are going to use Non Addressable for the Type
Click Continue, Click on the No LBVserver Binding
Click The Service we created earlier, Click Insert
Click the Plus Sign
Select Cache Policy, Leave Type as Request, Click Continue.
Select the No Cache Reset Policy, Click Insert
Now to change it up, Click On Content Switching, Click on Actions, Click Add
The Name Is just a display name, Select the vServer We created from the Dropdown List, Click Create
Click Policies, Click Add
The Name is yet again, just a display name, Select the Action we just created, now for the Magic, In the Expression field, HTTP.REQ.HOSTNAME.CONTAINS(“NameToFilterAgaist”), Click Create
Select Virtual Servers, Select HTTP, Click Edit
Click Content Switching Policies
Select The Policy we just created and Click Insert
That’s it, Now as long as your Domain Name and IP all match you should get to your Backend Site.
Thanks for reading
First you will need to download the latest VPX Appilance from http://www.citrix.com (a mycitrix is required)
You will also need to download the Web Interface components
You will need a VM with at least 4GB of RAM to support more than 3 Sites
Once you have imported the machine, Open the console to setup, you will prompt for the following:
Once you have configured the IP Address, enter that into a browser. (Java Required)
You will get a login page simply type nsroot and nsroot, username and password
It is highly recommended to change the Default password
Install Citrix License
You will need to find the Interface on the NetScaler with the lowest MAC Address
Under the Network Folder, > Interfaces
Copy the lowest MAC address
Now go back to your mycitrix account and allocate a NetScaler License
Note if you want to use an Express License
Click on NetScaler VPX Express
About half way through the page you should find a link to Get License
It should be right in-between the Appliances and the Builds/Upgrade packages.
Run through the Allocation Wizard and download the new License file.
Expand the System Folder, and then select Licenses
At the Bottom left of the Frame you should see Manage Licenses…
Click Add… Select the license file you just created and Downloaded, Click Select
The device will reboot for the license to take affect
Once it has rebooted, log back in
Expand System and Select Settings
Click on Configure modes
Make sure all the options from the above Screen shot are all checked.
Click Yes to the warning
Click Configure basic features
Make sure all the options from the above Screen shot are all checked.
Click Yes to the warning
Select Web Interface folder
Click On Web Interface
Click Install Web Interface
Click the Dropdown arrow to the right of “Browse (Appliance)” and select Local
Select nswi-1.3.tgz, and click Open
Select diablo-latte-freebsd6-amd64-1.6.0_07-b02.tar.bz2, and Click Open
(Note: if default to 25 sites you will have to have at least 4GB of RAM installed for the VPX otherwise this will error out.)
Web Interface Configuration
Login to the NetScaler and Expand the Web Interface Folder
Click Add.. at the bottom of the Frame
Enter the IP address of the Web Interface Server VIP. Check the Box Enable access through mobile receiver, Click Next
Enter in the XenApp servers here, Just the Data Collectors
Click next, after you have entered all the Data Collectors
Highlight the Web Interface Site you just created
Click on the WebInterface.conf… link at the bottom of the Frame
Remove the # from the beginning of the Line, and add your Domain Name removing everything else… Click Save
You will receive a warning, Click Yes
Click the Add Button at the Bottom of the Frame
Select XenApp Service Site, Click the Dropdown for Virtual Server, and Select the previously Created Server, Note should be listening on port 80, Click Next
Click the Add, and add all Data Collectors, Click Next
Select the PNA Site (XenApp Service Site)
Click the config.xml… Button at the bottom of the Frame
Change the <LogonMethod> from Prompt to Pass-Through, Click Save
Click Yes to the Warning Message
First log into your NetScaler, Navigate to your Session Profile you want to change the default Session Timeout. The below screen shot we are extended the Default 20 minute Timeout to 4 Hours (240 Minutes)
Once we change the value on the NetScaler we need to change the Timeout value on the Web Interface Server(s). Screen shot below shows the configuration Screen.
Also note if you are using a Load Balanced VIP for your Web Interface Servers (Highly Recommended if your not). You will want to change the Persistent cookie timeout value to match.
Thanks for reading hope this helps
So I have done some posts before on Content Filtering with the NetScaler this is just bringing it to the next level, and giving your VPN a little extra security and control.
First Start off by creating or using an existing Access Gateway Virtual Server. Now unlike most Virtual Servers we aren’t going to configure anything within the VS. Everything we do is going to be focused on Groups or Users.
Click Add under the Groups section
Type in a Group Name in this example I am using “TEST_LOCKDOWN” (note: this group should match an Active Directory Group)
We aren’t going to select any users.
Click the Authorization Tab
Click Insert Policy
Click New Policy…
Name it and select Deny, now click the Add… Button
Completed Policy… To Deny access to Site1.ntcrash.biz
Now to allow access to all other sites at ntcrash.biz
Click Insert Policy…
We followed the exaxt same steps as we did for the DENY rule but this time we just add the domain ntcrash.biz and select ALLOW
Also Notice Very Important Step We want the ALLOW Rule to be checked after the DENY Rule notice the Priority of the above Rules.
Click, now to add the Clientless access part. Select the Policy Tab, Click the Session Module
Click Insert Policy, We already had one, double click on Profile
So Notice in this example we are going to DENY access to the Web Interface Server… But allow the home page to come through.
You could be using Bookmarks or any other type of Clientless access methods but this will always DENY access to site1.ntcrash.biz
Thanks for reading, please comment or contact me if you have any questions.
SSH to the NetScaler run the following.
Both should be the same, but the rc.config is going to be the one that is used by the licensing service.
Ok so here is the first part with ALOT more to come after some fine tuning tomorrow…
Environment Run down:
XenApp 4.5, Web Interface 5.3, and NetScaler 9.2 this can be a VPX box.. Now for the fun stuff.
- First you will need to install IIS on a Win2k3 box yes this can be 64bit, that is what I have been using
- Change IIS port to match Current Farm’s XML Port, Restart IIS
- Now install XenApp 4.5, during the install select share XML port with IIS
- Now install Web Interface 5.3
- Create a site with the Access Gateway being the Authentication point (you will need at least a self-signed cert for this step for IIS)
- You will then want to select SmartCard, and SmartCard Pass-through (you will need to restart the server for this to take affect)
- Add the local machine as for the XML Service provider under the Site’s Farm Settings
- Add the local machine as the STA for Secure access
Now to the NetScaler
- Create an Authentication server using only Cert, then select Principal Name
- Create a virtual server
- Select the Server you create above as the authentication method
- Create a policy set it for ICA Proxy, then point to the Site you create above…
Things should now work
I will be posting a more detailed HOW-TO guide with a video for at least part if not all steps required.
Here are the steps involved in setting up URL Redirection…
1. One public IP and multiple services requiring the same port number
- http://www.domainname.com -> Web Server01 on port 80
- blog.domainname.com -> Web Server02 on port 80
As you can see in most case you would need to Public IP addresses to get this completed however using Content Switching on the NetScaler you can simply make this happen with One Public IP
What you will need to do is the following:
- Login to your NetScaler
- Click on Content Switching
- Create a Virtual Server (This is going to be your Public Server)
- Create a Policy with the following, -> Name = WWW or BLOG (this is just a friendly name), Domain = http://www.domainname.com, Rule = nstrue
- Repeat step 4 for as many URL Headers as you need redirected
- Now for the fun stuff…
- Click on Load Balance
- Create a Server, Service, and Virtual Server for the above backend servers
- Now back to Content Switching…
- Open the Virtual Server you created in Step 3
- Now add the policies you created in step 4
- Now for each Policy you add, add the Virtual Server(s) you created in step 8
- Before testing make sure your DNS entries are set correctly so http://www.domainname.com should point to the Virtual Servers IP you created in Step 3 or atleast the NAT’ed address.
- Now Time to Test launch a Web Browser and browse to http://www.domainname.com and blog.domainname.com
I will be adding a video about this configuration shortly, also I will be adding a blog about NAT’ing
Here is the link to the Interactive HOW-TO Video http://blog.ntcrash.biz/FlashVideos/NetScaler URL Redirect.htm