Quantcast
Channel: Carl Stalhood
Viewing all articles
Browse latest Browse all 594

Web Interface Load Balancing – NetScaler 11

July 8, 2015, 4:44 pm
$
0
0

Navigation

This procedure is only needed if you are running Web Interface instead of StoreFront.

Monitor

  1. On the left, expand Traffic Management, expand Load Balancing, and click Monitors.
  2. On the right, click Add.
  3. Name it Web Interface or similar.
  4. Change the Type drop-down to CITRIX-WEB-INTERFACE.
  5. If you will use SSL to communicate with the Web Interface servers, then scroll down and check the box next to Secure.
  6. Switch to the Special Parameters tab.
  7. In the Site Path field, enter the path of a XenApp Web site (e.g. /Citrix/XenApp/).
    • Make sure you include the slash (/) on the end of the path or else the monitor won’t work.
    • The site path is also case sensitive.
  8. Click Create.

Servers

  1. On the left, expand Traffic Management, expand Load Balancing, and click Servers.
  2. On the right, click Add.
  3. Enter a descriptive server name, usually it matches the actual server name.
  4. Enter the IP address of the server.
  5. Enter comments to describe the server. Click Create.
  6. Continue adding Web Interface servers.

Service Group

  1. On the left, expand Traffic Management, expand Load Balancing, and click Service Groups.

  2. On the right, click Add.
  3. Give the Service Group a descriptive name (e.g. svcgrp-WI-SSL).
  4. Change the Protocol to HTTP or SSL. If the protocol is SSL, ensure the Web Interface Monitor has Secure enabled.
  5. Scroll down and click OK.
  6. Click where it says No Service Group Member.
  7. If you did not create server objects then enter the IP address of a Web Interface Server. If you previously created a server object then change the selection to Server Based and select the server object.
  8. Enter 80 or 443 as the port. Then click Create.

  9. To add more members, click where it says 1 Service Group Member and then click Add. Click Close when done.

  10. On the right, under Advanced Settings, click Monitors.
  11. On the left, in the Monitors section, click where it says No Service Group to Monitor Binding.
  12. Click the arrow next to Click to select.
  13. Select the Web Interface monitor and click Select.
  14. Then click Bind.
  15. To verify if the monitor is working or not, on the left, in the Service Group Members section, click the Service Group Members line.

  16. Highlight a member and click Monitor Details.
  17. The Last Response should indicate that Set-Cookie header was found. Click Close twice when done.
  18. Then click Done.

Load Balancing Virtual Server

  1. Create or install a certificate that will be used by the SSL Virtual Server. This certificate must match the DNS name for the load balanced Web Interface servers.
  2. On the left, under Traffic Management > Load Balancing, click Virtual Servers.

  3. On the right click Add.
  4. Name it Web Interface-SSL-LB or similar.
  5. Change the Protocol to SSL.
  6. Specify a new internal VIP.
  7. Enter 443 as the Port.
  8. Click OK.
  9. On the left, in the Services and Service Groups section, click where it says No Load Balancing Virtual Server ServiceGroup Binding.
  10. Click the arrow next to Click to select.
  11. Select your Web Interface Service Group and click Select.
  12. Click Bind.
  13. Click Continue.
  14. Click where it says No Server Certificate.
  15. Click the arrow next to Click to select.
  16. Select the certificate for this Web Interface Load Balancing Virtual Server and click Select.
  17. Click Bind.
  18. Click Continue.
  19. On the right, in the Advanced Settings column, click Persistence.
  20. Select SOURCEIP persistence. Note: COOKIEINSERT also works with Web Interface. However, it doesn’t work with StoreFront.
  21. Set the timeout to match the timeout of Web Interface.
  22. The IPv4 Netmask should default to 32 bits.
  23. Click OK.
  24. On the left, in the SSL Parameters section, click the pencil icon.
  25. If the NetScaler communicates with the Web Interface servers using HTTP (aka SSL Offload), at the top right, check the box next to SSL Redirect. Otherwise the Web Interface page will never display.
  26. Uncheck the box next to SSLv3. This removes a security vulnerability.
  27. NetScaler VPX 10.5 build 57 and newer lets you enable TLSv11 and TLSv12. See Citrix Blog – Scoring an A+ at SSLlabs.com with Citrix NetScaler. Click OK.
  28. On the right, in the Advanced Settings column, click SSL Ciphers.
  29. On the left, in the SSL Ciphers section, select the Cipher Group that has all RC4 ciphers removed and click OK. See Anton van Pelt Make your NetScaler SSL VIPs more secure (Updated) for recommended ciphers.
  30. If you see a warning about No usable ciphers, click OK and ignore it.
  31. Then click Done.
  32. Consider enabling Strict Transport Security by creating a rewrite policy and binding it to this SSL Virtual Server. See Anton van Pelt Make your NetScaler SSL VIPs more secure (Updated).

SSL Redirect – Down vServer Method

If you created an SSL Virtual Server that only listens on SSL 443, users must enter https:// when navigating to the website. To make it easier for the users, create another load balancing Virtual Server on the same VIP that listens on HTTP 80 and then redirects the user’s browser to reconnect on SSL 443. This section details the Down vServer method. Alternatively you can configure the Responder method.

  1. On the left, under Traffic Management > Load Balancing, click Virtual Servers.

  2. On the right, find the SSL Virtual Server you’ve already created, right-click it and click Add. Doing it this way copies some of the data from the already created Virtual Server.
  3. Change the name to indicate that this new Virtual Server is an SSL Redirect.
  4. Change the Protocol to HTTP on Port 80.
  5. The IP Address should already be filled in. It must match the original SSL Virtual Server. Click OK.
  6. Don’t select any services. This vServer must intentionally be marked down so the redirect will take effect. Click Continue.
  7. On the right, in the Advanced Settings column, click Protection.
  8. In the Redirect URL field, enter the full URL including https://. For example: https://citrix.company.com/Citrix/XenApp. Click OK.
  9. Click Done.
  10. When you view the SSL redirect Virtual Server in the list, it will have a state of DOWN. That’s OK. The Port 80 Virtual Server must be DOWN for the redirect to work.
Search
Viewing all articles
Browse latest Browse all 594

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

September 22, 2019, 11:40 pm

Kandukur Mandal Sarpanch Upa-Sarpanch Mobile Numbers List RangaReddy District...

May 29, 2017, 1:00 am

Gabriela Bee & Powfu – Blue – Single [iTunes Plus M4A]

May 31, 2024, 2:34 pm

Trailer Park Boys Jail S01-S02 1080p NF WEB-DL H264-FLUX

June 18, 2025, 4:41 pm

99 Rain Status for Whatsapp - Best Rain Dp Collection

June 15, 2016, 7:54 pm

Best Suvichar in Hindi |बेस्ट सुविचार |शुभ विचार हिंदी में

March 7, 2020, 11:19 pm

In the context of Data Services an unknown internal server error occured

June 14, 2016, 4:52 am

SMOKO ROBERT T. AGE 62, OF FAR...

March 29, 2014, 2:00 pm

گزارش کار اموزي بيسکويت و آدامس(شرکت پارس مينو)

September 30, 2018, 9:10 pm

Lily Phillips makes sick boast about ‘taking man’s virginity’ as he hides his...

March 31, 2025, 5:14 am

The 10 Tennessee Cities With The Largest Black Population For 2021

December 21, 2020, 10:12 am

Bureau of Internal Revenue: Regional Offices (Directory)

January 9, 2014, 11:06 pm

ZARIA CUMMINGS

February 20, 2017, 7:44 pm

Mp3 Download: Mdu - Mazola

December 7, 2017, 8:15 am

[Download MP3] Iyzeal Feat. Okpo Records –“Ekaette Ibak”

August 14, 2017, 7:27 pm

Woman's body found on Lincolnshire beach

September 16, 2014, 1:48 am

Kfar Chabad Alert – Chaim Gajer –חיים גייר

June 22, 2017, 10:03 am

Black Angus Grilled Artichokes

July 16, 2016, 4:37 pm

Killer Peter Stark granted pass to leave prison

July 23, 2013, 10:51 pm

ATTACHED: Here Is The Confession From Jacob Juma’s Alleged Assasin

December 1, 2016, 3:51 am
Search