Citrix NetScaler Tutorial

Welcome to Citrix NetScaler Tutorials. The objective of these tutorials is to provide in depth understand of Citrix NetScaler.

In addition to free Citrix NetScalerTutorials, we will cover common interview questions, issues and how to’s of Citrix NetScaler.

Introduction

Citrix NetScaler is a service and application delivery platform that optimizes, secures and controls the delivery of all enterprise and cloud services and maximizes the end user experience for all users including mobile clients. As a single, easy-to-use platform NetScaler provides 100 percent application availability, advanced load balancing and content switching, application and database server offload, application acceleration, advanced attack protection, application flow visibility and a powerful application firewall.

Citrix NetScaler refers to their Application Delivery Controller, or ADC, line of products, while the NetScaler Gateway, formerly know as the Citrix Access Gateway, or CAG, is primarily used for secure remote access. You basically buy a ‘normal’ NetScaler but with limited functionality due to the NetScaler Gateway License you upload. NetScaler ADC’s are capable of doing much more than ‘just’ remote access, they can be used for load balancing and HA, content switching, application (SSL) offloading, application firewalling, cloud connectivity, hybrid cloud solutions and (a lot) more.

 Citrix NetScaler Architecture

Configuring Citrix NetScaler for load balancing

Configuration of NetScaler load balancing can be done via two methods—from the Graphical User Interface (GUI) and from the Command Line Interface (CLI). Now if you have been in IT for a while, you know that GUI versus CLI is one of the most ancient debates of all times in both the Windows and the Linux world. Some people simply refuse to use GUIs because, as they say (and rightly so), the command line gives you a lot more control over the OS and filesystem and gives you the ability to script and automate tasks. Others stay as far away as possible from CLIs and prefer GUIs because of their visual presentation, which is generally more intuitive to new users. Throughout this article, we mostly use GUI, but if you want to take a deep dive into the various things that the NetScaler command shell can do for you, I suggest you take a look at Implementing NetScaler VPXTM, Marius Sandbu, Packt Publishing, which, in my personal opinion, is a great cookbook to get started with NetScaler. For the purpose of our deployment, we will take a step-by-step approach to check prerequisites and configure load balancing for our backend StoreFront servers.

In most enterprise implementations, IT is somewhat departmentalized, so there is a networking person who does routing and switching, a firewall admin who maintains all the firewall rules and intrusion prevention, a security specialist who takes care of antivirus, and the list goes on. Many times as a Citrix administrator or consultant, you will find yourself in a situation where you have to request changes from people on several different teams in order to get things working in your environment. A prime example of a potential situation like this is when you configure NetScaler to route traffic properly to your internal network. The following list of requirements will help you explain what needs to be in place for the right teams thereby avoiding fiery debates with your network folks:

-Subnet IP (SNIP): This requests an IP address on the same subnet as your StoreFront servers and adds it to the NetScaler IPs under System to create a direct route from the NetScaler to that subnet.

-Port 443: This requests that port 443 be opened from the DMZ, where the NetScaler Load Balancer service resides in the internal network where the StoreFront servers are located.

-Port 389: This requests that port 389 be opened from the NetScaler management IP (NSIP) to the LDAP server for NetScaler Gateway authentication. Alternatively, port 636 can be used for secure LDAP.

-Port 8080: This requests that STA port 8080 be opened from the NetScaler Gateway DMZ to the internal network, where your Delivery Controllers reside. This is an alternative port that we use intentionally to avoid any conflicts from sharing the default port 80 with IIS. For ease of deployment, you can use port 80, which would need to be allowed to the Delivery Controllers' subnet.

With these requirements in place, we should have no problem routing traffic from the NetScaler Gateway and Load Balancer to the internal networks where our Citrix infrastructure resides.

First, we need to ensure that load balancing is included in your license and that the actual feature is enabled on the NetScaler. To verify that, open the NetScaler web console by browsing to the NetScaler management IP and authenticating with either your root or Active Directory credentials. Once inside the console, go to the Configurationsection and expand the Settings node to find Licensing. Verify that there is green checkmark next to Load Balancing, as shown in the following screenshot. If the license file was correctly allocated and uploaded to the appliance and you are still not seeing that feature as licensed, be sure to consult Citrix or the vendor you purchased licenses from to obtain more information on the issue:

Now that we know our NetScaler is licensed and ready to be used for load balancing, we need to ensure the correct SSL certificates are in place. We deployed the Gateway feature of NetScaler, we created a Certificate Signing Request(CSR), which was sent to a Trusted Certificate Authority and a certificate bundle was received and bound to the Gateway virtual server so that users could navigate. Let's go ahead and use the same methodology to get an SSL certificate for the load balancing virtual server we are about to create. The only thing we need to change is the Common Name of the certificate to match a Fully Qualified Domain Name (FQDN) of your choice.

These core tutorials will help you to learn 
the fundamentals of Citrix NetScaler.
For an in-depth understanding and practical experience, 
explore Online Citrix NetScaler Training.

Advantages of Citrix NetScaler

Citrix NetScaler enables the datacenter to become an end-to-end service delivery fabric to optimise the delivery of all web applications, cloud-based services, virtual desktops, enterprise business applications, and mobile services. Available as a physical or virtual appliance, Citrix NetScaler is an application delivery controller that:

-Accelerates internal and external-facing applications up to five times.

-Optimises application availability through advanced Layer-4 through Layer-7 traffic management.

-Increases security with an integrated application firewall.

-Substantially lowers costs by increasing web server efficiency.

Citrix NetScaler is a comprehensive system deployed in front of application and database servers that combines high-speed load balancing and content switching with:

-Application acceleration

-Highly-efficient data compression

-Static and dynamic content caching

-SSL acceleration

-Network optimization

-Application performance monitoring

-Robust application security