34,79 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Fachliteratur
- Sprache: Englisch
Citrix NetScaler is one of the best Application Delivery Controller products in the world. The Application Delivery Controllers are commonly used for load balancing purposes, to optimize traffic, and to perform extra security settings.
This book will give you an insight into all the available features that the Citrix NetScaler appliance has to offer. The book will start with the commonly used NetScaler VPX features, such as load balancing and NetScaler Gateway functionality. Next, we cover features such as Responder, Rewrite, and the AppExpert templates, and how to configure these features.
After that, you will learn more about the other available Citrix technologies that can interact with Citrix NetScaler. We also cover troubleshooting, optimizing traffic, caching, performing protection using Application Firewall, and denying HTTP DDoS attacks for web services.
Finally, we will demonstrate the different configuration principles real-world Citrix NetScaler deployment scenarios.
Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:
Seitenzahl: 276
Veröffentlichungsjahr: 2015
Ähnliche
Table of Contents
Mastering NetScaler VPX™
Mastering NetScaler VPX™
Copyright © 2015 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: November 2015
Production reference: 1161115
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78528-173-0
www.packtpub.com
Notice
The statements made and opinions expressed herein belong exclusively to the author and reviewers of this publication, and are not shared by or represent the viewpoint of Citrix Systems®, Inc. This publication does not constitute an endorsement of any product, service, or point of view. Citrix® makes no representations, warranties or assurances of any kind, express or implied, as to the completeness, accuracy, reliability, suitability, availability, or currency of the content contained in this publication or any material related to this publication. Any reliance you place on such content is strictly at your own risk. In no event shall Citrix®, its agents, officers, employees, licensees, or affiliates be liable for any damages whatsoever (including, without limitation, damages for loss of profits, business information, or loss of information) arising out of the information or statements contained in the publication, even if Citrix® has been advised of the possibility of such loss or damages. Citrix®, XenApp®, XenDesktop®, CloudBridge™, StoreFront™, and NetScaler® are trademarks of Citrix Systems®, Inc. and/or one or more of its subsidiaries, and may be registered in the United States Patent and Trademark Office and in other countries. Some of the images in the chapters are taken from the Citrix® website and documentation.
Credits
Authors
Rick Roetenberg
Marius Sandbu
Reviewer
Yugandhar Ananda
Commissioning Editor
Dipika Gaonkar
Acquisition Editor
Harsha Bharwani
Content Development Editor
Sumeet Sawant
Technical Editor
Tanmayee Patil
Copy Editors
Stephen Copestake
Vikrant Phadke
Project Coordinator
Shweta H Birwatkar
Proofreader
Safis Editing
Indexer
Tejal Soni
Graphics
Jason Monteiro
Production Coordinator
Aparna Bhagat
Cover Work
Aparna Bhagat
About the Authors
Rick Roetenberg is a technical consultant at ITON ICT in the Netherlands. He has more than 5 years of experience in implementing products available from Citrix, especially networking products. He is also responsible for pre-sales with customers at ITON ICT. Recently, he succeeded the Citrix Networking for Datacenter Specialist Practicum. Rick has also presented at DuCUG, the Dutch Citrix User Community, where he explained that NetScaler is more than just an ICA proxy. He has always had a lot of interest in technology, and his current focus is on Citrix network products.
Rick posts blogs at www.rickroetenberg.com, where he shares more information about Citrix's products and all that is necessary in addition to these products. He can be contacted at <[email protected]>. His Twitter handle is @rroetenberg.
Marius Sandbu is a senior consultant from Norway. He has over 10 years of experience in IT. He has worked as an architect and instructor at Veeam, Microsoft, and Citrix. He has also presented at the NetScaler master class and been to local Citrix user groups' events. Marius is the author of other NetScaler books as well, including Implementing NetScaler VPX™, Packt Publishing.
He is also a Microsoft MVP, Veeam Vanguard, and PernixPro.
Marius posts blogs on https://msandbu.wordpress.com/, where he shares information from the software-defined space. He can be contacted at <[email protected]> or on Twitter at @msandbu.
About the Reviewer
Yugandhar Ananda works as a Citrix consultant. This has helped him get good exposure to Citrix technologies, real-time issues with production servers, XA/XD/PVS, and NetScaler.
He is a quick learner and can easily adopt new technologies, which is his strength. His hobbies are making new friends and reading new technical articles.
www.PacktPub.com
Support files, eBooks, discount offers, and more
For support files and downloads related to your book, please visit www.PacktPub.com.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at <[email protected]> for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
https://www2.packtpub.com/books/subscription/packtlib
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.
Why subscribe?
Free access for Packt account holders
If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view 9 entirely free books. Simply use your login credentials for immediate access.
Instant updates on new Packt books
Get notified! Find out when new books are published by following @PacktEnterprise on Twitter or the Packt Enterprise Facebook page.
Preface
NetScaler is becoming more and more essential in many environments and is often crucial for many of the services it offers. Mastering NetScaler VPX™ is a book that covers many advanced topics, such as optimizing traffic, setting up redundant web services, and integrating with other Citrix products, as well as many best practices.
This book starts out with an easy introduction to the product, what it can offer, and how to do an initial setup on an on-premise deployment.
Later, it goes into some of the more advanced features, such as remote access against Citrix, different VPN features, and optimizing network services.
It also covers features of high availability such as GSLB, redirecting traffic using content switching, and different real-life scenarios and deployments.
What this book covers
Chapter 1, Configuring the Standard Features of NetScaler®, covers the basic setup of NetScaler, load balancing, and integration with XenDesktop.
Chapter 2, Using the Features of NetScaler® AppExpert, explains many of the different features found within AppExpert such as deployments of different templates, HTTP callout, rate limiting, rewrites, and responder policies.
Chapter 3, Integration with Citrix® Components, covers different integration possibilities with products such as Insight Center, CloudBridge, and Command Center.
Chapter 4, Traffic Management, illustrates many traffic management features, such as compression/caching, how to use content switching, and setting up GSLB.
Chapter 5, Tuning and Monitoring NetScaler® Performances, teaches you how to perform network optimization using TCP and SSL. This chapter also dives into the use of different tools for monitoring performance.
Chapter 6, Security Features and Troubleshooting, teaches you how to set up AAA, the use of security features such as HTTP DDoS, application firewalls, admin partitions, and lastly how you can troubleshoot using built-in tools and Wireshark.
Chapter 7, Real-World Deployment Scenarios, covers many real-life scenarios and shows how we can use NetScaler to set up a solution such as NetScaler Gateway for a small VDI environment, large web services spanning globally, and more.
What you need for this book
You can download a trial of the NetScaler virtual appliance from Citrix here: https://secureportal.citrix.com/MyCitrix/login/EvalLand.aspx?downloadid=1857216&LandingFrom=1005.
You should also have a virtual environment running any one of VMware, Citrix XenServer, or Hyper-V. If you do not have a virtual environment, you can test it on a client hypervisor.
For instance, if you are using Windows 8.1/10, you can use Client Hyper-V, which is an add-on that needs to be added from Programs and features under Control Panel.
Alternatively, you can use VMware Player (https://my.vmware.com/web/vmware/free#desktop_end_user_computing/vmware_player/6_0).
Who this book is for
This book is intended for system administrators who work with either Citrix or networking and want to learn more advanced topics around Citrix NetScaler, such as integrating with other Citrix components or setting up advanced features such as GSLB and traffic optimization.
Conventions
In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "The expression will be SYS.HTTP_CALLOUT(NAMEOFTHECREATEDHTTPCALLOUT)."
A block of code is set as follows:
When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:
Any command-line input or output is written as follows:
New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "Go to AppExpert | HTTP Callouts and click on Add."
Note
Warnings or important notes appear in a box like this.
Tip
Tips and tricks appear like this.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.
To send us general feedback, simply send an e-mail to <[email protected]>, and mention the book title via the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Downloading the example code
You can download the example code files for all Packt books you have purchased from your account at http://www.packtpub.com. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.
Downloading the color images of this book
We also provide you a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from: https://www.packtpub.com/sites/default/files/downloads/B04217_1730EN_Graphics.pdf.
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the erratasubmissionform link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded on our website, or added to any list of existing errata, under the Errata section of that title. Any existing errata can be viewed by selecting your title from http://www.packtpub.com/support.
Piracy
Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors, and our ability to bring you valuable content.
Questions
You can contact us at <[email protected]> if you are having a problem with any aspect of the book, and we will do our best to address it.
Chapter 1. Configuring the Standard Features of NetScaler®
Welcome to the first chapter of this book. Throughout the course of this book, we will cover how to master Citrix NetScaler. This chapter will cover the most commonly used features of Citrix NetScaler.
Throughout this book, we will be focusing mostly on how to use the most common features of Citrix NetScaler. These features make Citrix NetScaler one of the best Application Delivery Controller (ADC). The features will be available depending on the installed license. So, to sum it up, here's what we will cover throughout this chapter:
The basic features
During the installation, it's required to install the purchased license. Then, depending on the installed license, you will get the purchased functionality. The load balancing functionality is one of the most commonly used features in Citrix NetScaler. This is because of support from third-party vendors, which provide support and specific templates for particular services. These templates will be explained in the next chapter of this book. Besides load balancing, Citrix NetScaler is also capable of monitoring the backend that will be used to connect to, so you only connect to the backend machine if the system is healthy. This monitoring functionality is integrated in the load balancing feature. There are some monitoring configurations that are preconfigured. These can be adjusted if necessary. Also, uploading your own monitoring script is a possibility. Furthermore, the NetScaler Gateway is one of the commonly used features on Citrix NetScaler VPX. The NetScaler Gateway will be used to allow access to the Citrix XenApp/XenDesktop environment using an ICA proxy.
To configure Citrix NetScaler, it's necessary to understand the traffic flow in it. Citrix NetScaler uses a few IP addresses to operate:
NSIP
The NetScaler IP address is the IP address for management purposes and is also used for authentication. So, it is used as the source IP against LDAP, RADIUS, WebForm, SAML, and so on. NSIP supports SSH, HTTP, and HTTPS by default. Disabling management is possible, if necessary.
MIP
The Mapped IP address is the IP address that is used for connectivity to the backend servers. This IP is still available but it's recommended to use the SNIP. The Subnet IP is preferred by Citrix because it allows you to have connectivity between different subnets. When receiving a packet, it replaces the source IP address with a MIP address before it sends the packet to the server. With the servers abstracted from the clients, the appliance manages connections more efficiently.
SNIP
The Subnet IP address is also an IP address that can be used for connectivity with the backend. A SNIP address is used in connection management and server monitoring. You can specify multiple SNIP addresses for each subnet. SNIP addresses can be bound to a VLAN. The latest firmware requires the use of SNIP during the installation wizard. Also, SNIP is used for DNS requires.
VIP
VIP is a Virtual IP address. This VIP address is used in every place where a client/server needs to communicate. The virtual IP is used in load balancing, AAA servers, access gateway virtual servers, and so on.
If you have multiple data centers that are geographically distributed, each data center can be identified by a unique GSLBIP.
Global Server Load Balancing Site IP Addresses (GSLBIPs) exist only on the NetScaler appliance.
IP set
An IP set is a set of IP addresses that are configured on the appliance as SNIP. An IP set is identified with a meaningful name that helps identify the usage of the IP addresses contained in it.
Net profile
A net profile (or network profile) contains an IP address or an IP set. A net profile can be bound to load balancing or content switching virtual servers, services, service groups, or monitors. During communication with physical servers or peers, the appliance uses the addresses specified in the profile as source IP addresses.
Load balancing
Load balancing is a feature that is implemented in most Citrix NetScaler environments. Load balancing allows you to load balance different backend servers with the same purpose, for example, a web shop. A large web shop requires more than one web server because of the heavy load from visiting users. With load balancing, Citrix NetScaler will load balance the traffic between the visiting servers and the several backend servers. Besides load balancing, Citrix NetScaler can also monitor the backend server if, for example, the web server responds with HTTP Error code 200.
In order to configure the load balancing service in Citrix NetScaler, you need the following:
The IP address and server name are 10.0.10.234 for webserver01 and 10.0.10.125 for webserver02.
Service/service group: The service or service group is what provides the information to the user. A service is a particular server and a service group is a part of servers that provide the same information. Also, we bind a monitor to the service or service group. It checks the backend based on the configured monitor:Tip
Backup persistence
If the primary persistence can't be set, the backup persistence will be used, if configured. Use logical names for load balancing backend servers, services, service groups, and load balancing virtual servers. I prefer this so that it's always recognizable what the purpose of the item is. Some examples are LB_VS_ServiceName or LB_S_WebServer for a service, LB_SG_WebServers for service groups, and LB_SRV_ServerName for a backend server name.
So, in the default configuration, the user only has a web browser session with Citrix NetScaler, and Citrix NetScaler proxies the request to the backend server. Therefore, if the backend servers and Citrix NetScaler are in a demilitarized zone, the only firewall port from other networks should be the listen port of the load balancing virtual server.
Tip
When Citrix NetScaler is in the demilitarized zone, make sure that the MIP or SNIP has access to the backend. This is the source IP address that Citrix NetScaler uses to connect to the backend.
Active/active load balancing
With active/active, you load balance at least two backend machines with the same functionality. To configure active/active load balancing, it's necessary to create services or service groups for all backend servers that will be used for load balancing. While configuring active/active with different weights, I recommend that you use services instead of service groups, because you need to adjust the weight per service. Configuring active/active load balancing requires at least two services or service groups. Adjusting the weight while configuring the load balancing will change the percentage of traffic that will be sent to the backend server. Services or service groups with higher values can handle more requests; services or service groups with lower values can handle fewer requests. Assigning weights to services or service groups allows the Citrix NetScaler appliance to determine how much traffic each load-balanced server can handle and, therefore, balance the load more effectively.
In order to use active/active load balancing, it's necessary to configure the right persistence based on the requirement. In the following table, you can find all the persistence types available in Citrix NetScaler. This table also shows which persistence type will be available for a certain protocol:
Persistence type
HTTP
HTTPS
TCP
UDP/IP
SSL_Bridge
SSL_TCP
RTSP
SIP_UDP
SOURCEIP
YES
YES
YES
YES
YES
YES
NO
NO
COOKIEINSERT
YES
YES
NO
NO
NO
NO
NO
NO
SSLSESSION
NO
YES
NO
NO
YES
YES
NO
NO
URLPASSIVE
YES
YES
NO
NO
NO
NO
NO
NO
CUSTOMSERVERID
YES
YES
NO
NO
NO
NO
NO
NO
RULE
YES
YES
YES
NO
NO
YES
NO
NO
SRCIPDESTIP
YES
YES
YES
YES
YES
YES
NO
NO
DESTIP
YES
YES
YES
YES
YES
YES
NO
NO
CALLID
NO
NO
NO
NO
NO
NO
NO
YES
RTSPID
NO
NO
NO
NO
NO
NO
YES
NO
Setting a SOURCEIP persistence type for the load balancing vserver LB_VS_WebServer through the command line can be done using this command:
In order to use the load balancing feature in a proper way, you should always select the right load balancing algorithms. Citrix NetScaler has a lot of built-in load balancing algorithms. These algorithms can be configured during the configuration of the load balancing virtual server and could be different from other load balancing virtual servers. The default load balancing algorithm is least connection. The different algorithms have been explained here:
So, after you have chosen the correct persistence type and algorithm, you can build the load balancing virtual server.
Active/passive load balancing
Citrix NetScaler also supports active/passive load balancing. This basically means that you have an active load balancing virtual server and another load balancing virtual server that will be used for passive load balancing. So, when all the services or service groups on the primary load balancing virtual server stop running, Citrix NetScaler will automatically will contact the backup load balancing virtual server. This functionality is widely used in environments with two different data centers, where one data center is passive. When the backend servers in the active load balancing virtual servers come back online, they will be the primary backend servers again instead the backend servers.
Load balancing StoreFront™
Citrix StoreFront is the replacement of Citrix Web Interface, which will end on June 30, 2018, if you have the software maintenance or subscription advantage. Otherwise, the end of life would be August 24, 2016. Besides, Citrix StoreFront allows you to work with the full-blown Citrix Receiver instead of only Receiver for Web. In order to load balance StoreFront, it is necessary that you install and configure Citrix StoreFront. To use the full-blown Citrix Receiver, it's necessary to configure Citrix StoreFront with an SSL certificate. This SSL certificate can be an internal certificate created by your own certificate authority, or it can be from a public certificate authority. When you are using your own certificate authority, for example, Microsoft, all clients will automatically trust the SSL certificate. Clients outside the Active Directory should install the root certificate to work with Citrix StoreFront and the full-blown Citrix Receiver.
In the following figure, you can find the most commonly used configuration for the load balancing of StoreFront:
Citrix NetScaler is a good load balancer for the Citrix StoreFront environment. It contains a monitor for checking whether the StoreFront store is running and fully functional. This monitor is way better than the regular HTTPS monitor, because Citrix NetScaler also verifies that StoreFront is healthy. A lot of other vendors / load balancers can't do this because they don't have the value that is needed. Also, make sure you use service groups instead of services. Because the StoreFront monitor isn't the default monitor, the first step in load balancing Citrix StoreFront is to create the monitor.
Go to Traffic Management | Load Balancing | Monitors, and click on Add. Select Type as STOREFRONT from the list, and go to the Special Parameters tab. Fill in the Store Name field, as shown in the following screenshot. The store name can be found in the StoreFront console under the Store menu. Also add the monitor name and click on Create, as shown here:
The monitor can also be created using a command-line interface. The command required would be as follows:
Tip
Downloading the example code
You can download the example code files from your account at http://www.packtpub.com for all the Packt Publishing books you have purchased. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.
The best way to create a load balancing environment is by starting from the bottom and going towards the top in the menu structure. In this way, you can create a decent name instead of the default names:
