Load balancing on Netscaler part 1: Citrix Web Interface

Those of you that follow me on LinkedIn or Twitter, may have seen my short updates concerning Netscaler and load balancing Web Interface and App-V. Here is the first article, outlining why you should use load balancing and how you configure this for Web interface.

The arrival of Storefront 2.0 heralds the retirement of Web Interface as the preferred web portal for making published applications available. Even so, many will still be using WI for years to coming for varying reasons.

In an enterprise environment, it makes sense to make sure that your resources are available close to 100% of the time, and that they are operating at peak performance all the time. Look no further than Netscaler to help you achieve this.
Anyone who uses XenApp or XenDesktop for allowing external access to  their environment should use Netscaler as the edge appliance to control access. Period. Citrix does not support using any other appliance for this, as far as I know.

Netscaler gives you a huge number of features and functions, depending on how you license it. One option is to run it as a pure Netscaler Gateway (formerly known as Access Gateway Enterprise Edition). I you choose to extend the license, you will also be able to take advantage of server load balancing, which I find is a rather neat feature for controlling access to resources and making sure they are available, always.

One of the simplest, but still among the most important, functions to apply load balancing to, is Web Interface (WI). You can have several Web Interface server running on your network, and channel the trafikk via a Virtup IP (VIP) on the Netscaler. Some companies also have business requirements that enforces the use of SSL for their WI deployments. In such a scenario, NS can be used for SSL offloading to ease the burden on the actual servers running WI.

WI load balancing is achieved this way:

  • In Traffic Management – Load Balancing – Servers, create a record for each of the actual WI servers that are to be accessed through the Netscaler.
  • In TM – LB – Services, create a Servicerecord for each protocol that is necessary for accessing WI. This means HTTP (i.e TCP 80) or SSL (TCP 443).  Connect the services to the server defined above,  You must define a Service for each protocol and server you want to use.
    • You may also use Service groups. In this particular case, this only makes a cosmetic difference, not functional. If you have many WI servers, making SGs may be faster than making a Service for each protocol and server, since you can define IP-ranges or multiple IP-adressers in in group for each protocol.
  • In TM – LB – Virtual Servers, create a virtual server with a suitable virtual IP (VIP). Connect the suitable Services (or Service Groups) as needed.
    • Note: You can only connect services that is the same as the protocol defined for the VIP.
    • The port number does not have to be the standard protocol port number (ie 80 for HTTP). This way you can use a non standard port number to access resources on servers that use standard portnumbers.
    • To use SSL, you will need to install a valid SSL certificate on the Netscaler before establising Load Balancing.
    • You can define a SSL VIP, but connect a HTTP service to the VIP. This will enable you to terminate the SSL session on the Netscaler for SSL offloading, and use HTTP on your backend servers. Please make sure that this doesn’t expose any sensitive data!
  • Create a record in your DNS that points your “official” FQDN for your WI to the VIP.
    • If you are using SSL, make sure that your SSl certificate matched the FQDN you are using. It is also recommended that you use a certificate from a public CA. Using a selfsigned certificate is possible of course, but is less secure and you must deploy a cusom root CA certficate to your clients to make it work.
    • Bonus tip: When using a WI this way, you can setup the same FQDn on your LAN as you use externally. This way you can use the same certificate for both access solutions, and the users will only have to remember (or bookmark) one address for login on to XenApp or XenDesktop.

This is part 1 of 2, covering basic Netscaler Load Balancing. Go to http://wp.me/s165D6-508 for the second part.

Advertisements

One thought on “Load balancing on Netscaler part 1: Citrix Web Interface

  1. تحميل اغانى

    Hi there,I read your blogs named “Load balancing on Netscaler part 1: Citrix Web Interface | A day in the life of a systems consultant” like every week.Your writing style is awesome, keep up the good work! And you can look our website about تحميل اغانى.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s