NetScaler BasicsPlatform: https://racks.uninets.comLab Name: NetScalerTopologyNetScaler BasicsTask Create virtual instances of the three colored web serversCreate load balancing services for each of the web serversCreate a load balancing virtual server and bind the three load balancing services tothat virtual serverTest the new load balancing configurationExplanationNSVPX01
Assign a NetScaler IP (NSIP) address as the management IP address(172.16.10.1/24) of your NetScaler appliance for configuration, monitoring, and othermanagement tasks.Assign a subnet IP (SNIP) address (10.1.1.1/24) for your NetScaler to communicatewith the backend servers.Specify a host name (nsvpx01) to identify your NetScalerAssign an IP address for a DNS server (126.96.36.199) to resolve domain names and thetime zone (None) in which your NetScaler is located.Install trial license on nsvpx01NSVPX02 Assign a NetScaler IP (NSIP) address as the management IP address(172.16.10.2/24) of your NetScaler appliance for configuration, monitoring, and othermanagement tasks.Assign a subnet IP (SNIP) address (10.1.1.1/24) for your NetScaler to communicatewith the backend servers.Specify a host name (nsvpx02) to identify your NetScalerAssign an IP address for a DNS server (188.8.131.52) to resolve domain names and thetime zone (None) in which your NetScaler is located.Install trial license on nsvpx02NetScaler was acquired by Citrix in 2005 and today is one of the bestselling products in theirportfolio today. Many of the big IT organizations, like Microsoft, Google, and eBay etc. areusing NetScaler for their websites and services to ensure availability.NetScaler can be defined as Application Delivery Controller as it supports multiple featuressuch as load balancing.NetScaler comes in different types of appliances. MPX: Hardware-based app delivery appliances, Performance: 500 Mbps–160 GbpsSDX: Hardware-based appliances with advanced virtualization to consolidate up to115 independently-managed NetScaler instances, Performance: Up to 160 Gbps,best for Supporting data centre consolidationVPX: Software-based virtual appliances that run on widely deployed hypervisors,Performance: 10 Mbps–40 Gbps, best for Architecting private/public cloudinfrastructures, Utilizing NetScaler within non-production environmentsCPX: Docker containerized load balancer that can be supported on-premise and inmulti-cloud environments, best for Supporting containerized applications and DevOpsteamsNetScaler also has different types of editions, depending on supporting features. Standard edition: It contains most of the basic features, such as load balancing,SQL load balancing, NetScaler Gateway, network optimization, HTTP/URL rewrite,and more.Enterprise edition:It gives us Global Server Load Balancing (GSLB), HTTPcompression, AAA management, and surge protection.
Platinum edition: It gives us Cloud Bridge, full NetScaler Insight Centrefunctionality, application firewall, and more.All the VPX appliances have Platinum edition features.There are three types of licenses for NetScaler: Platform license: This license is used for NetScaler features and defines thebandwidth.Universal license: This license is used for NetScaler Gateway features such as SSLVPN, CVPN, Smart Access, and Endpoint analysis.Feature license: This license is used for features such as clustering, caching, andso on.Licenses can be downloaded from www.mycitrix.com under Licensing by providing ourhardware information such as MAC address or Host ID. Licenses are bound to theappliance. You need to have a valid Citrix account to be given access to the licenses.Note: You can download trial license of the latest NetScaler VPX Platinum edition forUninets NetScaler labs learning purposes.To download a platform license for NetScaler from www.mycitrix.com, enter the MACaddress of the first NIC on your appliance in the Host ID field on the website.NetScaler Initial ConfigurationYou need to have console access to the appliance if you are configuring it for the first time.Click on nsvpx01 and you will get the console access of it. Default login: nsrootDefault Password: nsrootOnce login you will see prompt “ ” where you can take help using “?”. There are list of usefulcommands likeShow licenseIt shows the license status of each feature of NetScaler VPXYou can start initial configuration using commandConfignsThis will launch configuration parameters menu, here you can give NetScaler ManagementIP and subnet The initial setup needs to be done using the CLI to connect the virtualmachine console to the appliance console. The first thing we need to enter is the NetScalerIP Address (NSIP), which is used for management purposes, then a subnet mask, and finallya default gateway. Here we are configuring NSIP as 172.16.10.1 and subnet mask as255.255.255.0. You can restart the initial setup in the CLI by typing Consigns
Choose Item no. 1 for NetScaler IP address, this is the NSIP, gateway and otherconfiguration can be done from GUI.
Advance network configurations can also be done from this menu by pressing 3 else press 7to apply changes and exit. You need to reboot the system for these setting to take effect.Once this is done, we can then access the console using HTTP through the NSIP address172.16.10.1 that we entered earlier. The default username and password for the webadministration GUI is nsroot and nsroot.Note: Before continuing with more configuration using the web interface, we need to makesure that we have Java Runtime Engine (JRE) installed. This can be downloaded fromhttp://java.com/en/download/. Also make sure that our management station has firewallopened for TCP port 3010 and TCP port 3008 for a secure session because the webinterface uses these ports to parse commands via the Java applet to the NetScalerappliance.In our case we are accessing NetScaler via HTTP from the workstation directly connected toour switch and in the same subnet. Windows workstation is configured with IP address172.16.10.100 and subnet mask 255.255.255.0 on E0. Our switch is configured as default.
Try to ping NetScaler Management IP (NSIP) from CMD workstationNow use chrome or any other web browser to access GUI of the NetScaler usinghttp://172.16.10.1
Login to GUI usingUserName: nsrootPassword: nsrootNow, inside the main administration GUI, we are presented with three main panes: Dashboard Configuration ReportingDashboardThe Dashboard pane gives us an overview of what is happening in NetScaler, how muchCPU is used, how much memory is in use, what the throughput is, and so on. We can also
view how many active sessions are using our services such as loadbalanced web servicesor VPN connections.ReportingWe also have the Reporting pane, where we can run different built-in reports or create ourown reports based upon different criteria. There are more than 100 builtin reports that wecan use, for example, to see how many SSL connections have been used in the last day.We also have a link for documentation that redirects us to eDocs on Citrix, and a Downloadspane where we can download the SNMP MIB files, Nitro SDK, and some other files such asintegrations for System Center.
ConfigurationThe Configuration pane is where we do our configuration of services and also of NetScaler;this is where we will spend most of our time. NetScaler IP AddressSubnet IP AddressHostName, DNS AP Address, and Time ZoneNetScaler IP Address was configured via CLI in order to access it from GUI. Here you canchange the address if you want but you will lose the connectivity and need to login again.Configure a subnet IP address for communication with the backend servers. This is calledSNIP address. When setting up a NetScaler appliance, the start-up wizard requires you toenter an SNIP address. The SNIP address also creates a route entry with its address as thegateway to reach that particular network.The SNIP address is also used for proxy connections by users connecting to a service via aVIP address to a backend server.
Now, there are some basic features we should set up before deploying any services toNetScaler. DNS: This feature allows for name resolution.NTP: This feature allows for time synchronization.Syslog: This feature allows for central logging of states, auditing, and statusinformation.SNMP: This feature allows NetScaler to send alarms to a designated SNMP server.Syslog and SNMP features are not needed but should be evaluated in larger deployments,and for auditing and monitoring purposes.
It will ask for reboot for these setting to take effect.It takes around 30 seconds to reboot, click here to loginOnce logged in again, in the configuration section you need to install the license
To obtain NetScaler VPX 1000 Platinum Evaluation licenses. From the workstation usebrowser chrome and follow the steps below1. Go to Citrix.com2. Select NetScaler ADCunder products.3. Scroll down to Try NetScaler ADC and Click Try now.
4. Enter your email ID on which you want to receive License Key5. Here is your license key which will be used to activate your license in further steps. Itwill also be sent to your email. Go to step 2 “Find and activate your license”.6. Click on License Management for activating your license
7. This is the Licensing tool, here you have the license, select and click continue8. It will ask for the Host ID, this Host ID can be obtained from your NetScaler device.9. Here are the steps to get the Host ID from your NetScaler device
Log in to the NetScaler System CLI, usinglogin: nsrootpassword: nsrootSwitch to the FreeBSD shell by typing shellTo get the host ID of the NetScaler type lmutil lmhostidNow Host ID is 500000050000, this needs to be entered in the website for gettingplatform license for NetScaler.Check licenses status via cli10. Now enter the above Host ID on the “Host ID” field below and continue
11. Click confirm to proceed for downloadIt will ask for download the license file. Click “Ok” to download the file on the workstation.The file will get downloaded on the workstation as show belowNow browse the file form the license section under configuration tab.
License will be updated successfully and you need to reboot the system to take effect.After login again, this license window will appear. Which shows the license type and all otherfeature activated on the system
Now initialize the basic configuration on nsvpx02You need to have console access to the appliance if you are configuring it for the first time.Click on nsvpx02 and you will get the console access of it. Default login: nsrootDefault Password: nsrootGo to CLI, using configns configuring NSIP as 172.16.10.2 and subnet mask as255.255.255.0, save the configuration and reboot to take effect.
Once system is rebooted login via CLI again and configure HostName, DNS Address, and NTPChange the root passwordCheck licenseGo to the workstation and check the connectivity to 172.16.10.2 (nsvpx02)Now use chrome or any other web browser to access GUI of the NetScaler usinghttp://172.16.10.2
After successfully login, go to the license section under configuration and click hereFirst identify the host ID of this system which will be required to generate a license file. Thislicense file will be uploaded above.Login via console or SSH to 172.16.10.2 from your workstation
You can download the license file from the Citrix licensing tool by providing Host ID of thissystem. This is exactly the same which was done previously for nxvpx01.Now browse this license file from the license section, alternatively you can also upload thisfile via cli [email protected]# mkdir /nsconfig/[email protected]# cd /nsconfig/licenseNote: You can use filezilla in order to upload the license file in the above folder. However it iseasier to upload the license file via GUI as belowLicense file is uploaded successfully and you can also check it via cli, it automatically afolder and uploaded the license file in it.
It requires a soft reboot, once done the system will have licensed enable with all features.Configuring High Availability Create an HA pair of NetScaler VPX appliances nspvx01 and nsvpx02, configurethem in Active/Passive mode.Create a network fault that will cause the HA pair to failover.Repair the network fault and complete a force failover to return HA pair to originalstate.OverviewA high availability (HA) deployment of two Citrix NetScaler appliances can provideuninterrupted operation in any transaction. With one appliance configured as the primarynode and the other as the secondary node, the primary node accepts connections andmanages servers while the secondary node monitors the primary. If, for any reason, theprimary node is unable to accept connections, the secondary node takes over.The secondary node monitors the primary by sending periodic messages (often calledheartbeat messages or health checks) to determine whether the primary node is acceptingconnections. If a health check fails, the secondary node retries the connection for a specifiedperiod, after which it determines that the primary node is not functioning normally. Thesecondary node then takes over for the primary (a process called failover).After a failover, all clients must re-establish their connections to the managed servers, butthe session persistence rules are maintained as they were before the failover.
With Web server logging persistence enabled, no log data is lost due to the failover. Forlogging persistence to be enabled, the log server configuration must carry entries for bothsystems in the log.conf file.In the Create HA Node screen, type 172.16.10.2 in the Remote Node IP Address field.Leave all other settings at their default values. Under Remote System Login Credential, typensroot in the User Name field and then type nsroot in the Password field. Click Create.Click the refresh icon in the upper-right corner of the GUI to update the screen to show thecurrent state of the HA Pair.After clicking the refresh button, you will see that the HA Pair has been created, and thatboth nodes are showing as Up. The node Synchronization process is also showing as INPROGRESS or SUCCESS.
Click the Save icon in the upper-right corner of the GUI. Then click Yes to confirm saving theconfiguration.Now that the HA pair has been set up, we can test the failover functionality.Load BalancingOverviewThe load balancing feature distributes user requests for web pages and other protectedapplications across multiple servers that all host (or mirror) the same content. You use loadbalancing primarily to manage user requests to heavily used applications, preventing poorperformance and outages and ensuring that users can access your protected applications.Load balancing also provides fault tolerance; when one server that hosts a protectedapplication becomes unavailable, the feature distributes user requests to the other serversthat host the same application.You can configure the load balancing feature to:Distribute all requests for a specific protected website, application, or resource between twoor more identically configured servers.Use any of several different algorithms to determine which server should receive eachincoming user request, basing the decision on different factors, such as which server has thefewest current user connections or which server has the lightest load.The load balancing feature is a core feature of the NetScaler appliance. Most users first setup a working basic configuration and then customize various settings, including persistencefor connections. In addition, you can configure features for protecting the configurationagainst failure, managing client traffic, managing and monitoring servers, and managing alarge scale deployment.