Citrix NetScaler
1. What is a Citrix NetScaler?
The Citrix NetScaler product line optimizes the deliver of applications over the Internet and private networks, combining application-level security, optimizations and traffic managment into a single, integrated appliance.
The NetScaler features that enable and the policies you set are then applied to incoming and outgoing traffic.
The NetScaler system is an integrated web application delivery controller that slashed server and bandwidth requierments, cutting the costs of delivering enterprise application in half . The NetScaler system gives IT managers the ability to instantly tap unrealized efficiency gains across all phases of the application life cycle, without having to become application experts.
The NetScaler system functions as an application accelerator through caching and HTTP compression. It also provides advanced managment using layer-4 through layer-7 load balancing and content switching functions. The NetScaler system also includes application security using a web application firewall, including PCI-DSS security mandated protections and SSL VPN. The NetScaler system offloads application and web servers to ensure application availability, increased security through SSL and server consolidation. It reduces the total cost of ownership of web application delivery and optimizing the user experience.
2. Four NetScaler editions
a) NetScaler Gateway
-Replacement for Secure or Access gateway & express, platform and universal license
-three types of licenses
*express licence - which has allows five users for up to 12 months and normally you'd use that in a development or a lab scenario.
*platform licence you actually licence the divice itself and that allows unlimited
...
b) NetScaler Stnadard
-Load Balancing, Content Switching, High Availability, Database Load Balancing (SQL), NetScaler Gateway, Citrix ICA Proxy, SSL VPN (5 users by default) XenMobile NetScaler Connector, Network Optimization, HTTP/URL Rewrite, traffic Domains
c) NetScaler Enterprise
-Standard + GSLB, HTTP Compression, Surge protection, Front-end optimization and AAA Managment
d) NetScaler Plantinum
-Stnadard + Enterprise & CloudBridge, NetScaler Insight, Application Firewall, Advanced Security Features (DoS Shield, XML Security, Day Zero)
3. Four NetScaler appliance types:
a) VPX
-Virtual appliance, multi hypervisor, low cost solution. Where to use: Labs, Small Business
b) MPX
-Physical appliance, dedicated SSL chips. Where to use: Good all rounder
c) SDX
-hybrid appliance. Xenserver hypervisor, run multiple Platinum VPX instances, Where to use: Multitenancy, Hosting.
d) CPX
-For customisable container style deployments, Where to use: Cloud based applications.
4. Learning and Reading
- Citrix eDocs - htpps://docs.citrix.com/en-us/netscaler/11-1.html
- Citrix How To Guides - https://www.citrix.co.uk/community/citrix-developer/netscaler/howto-guides.html
-Partners and Citrix Employees - http://enablement.citrix.com
-Current CTP's - https://www.citrix.co.uk/community/ctp/awardees.html
5. IP addresses
A subnet IP addresess is used by the NetScaler to communicae with the backend servers NetScaler uses this subnet IP address as a source IP addresess to proxy the client connections as well as to send monitor probes to check the health of the backend servers.
Client - (Request 1)-> (VIP) - NetScaler - (SNIP) - (Request 2) -> Server
Client <- (Response 1)- (VIP) - NetScaler - (SNIP0 <- (Response 2) - Server
Request 1 - Client requests arrive at the VIP
Source IP = Client IP
Destinantion IP = VIP
Response 1 - NetScaler forwards the response to the client
Source IP = VIP
Destination IP = Client IP
Request 2 - NetScaler opens a connection and forwards the request to the server
Source IP = SNIP
Destination IP = Server IP
Response 2 - Server sends the response to NetScaler
Source IP = Server IP
Destination IP = SNIP
VIP = Virtual IP address
SNIP = Subnet IP address
NSIP = NetScaler IP Address which is the primary IP address for administring the NetScaler
6. Licesing
Configuration -> Licesing
7. Commands
Imutil Imhostid -ether /// command to obtain hostid
8. Authentication
a) Create an LDAP Authentication policy for NetScaler administrator
b) Bind the LDAP Authentication policy globally
c) Add Policies to Group
- System -> User Administration -> Groups -> Add
- Searching group cn in DNS server
dsquery group -name "domain admins"
-Add Command Policeies
d)
- System -> Authentication -> LDAP -> Servers
- check defined server and click "add", and retape password
-query for group in DNS server
- paste new group to new server
- System -> Authentication -> LDAP -> Policies
-Create new policy and bind it to new server for expression "ns_true"
-Save it
e) Generate an RSA Key on the NetScaler
- Traffic Managment -> SSL - > right click "Enable"
- Traffic Managment -> SSL -> SSL Files -> Keys -> Create RSA Key
The Citrix NetScaler product line optimizes the deliver of applications over the Internet and private networks, combining application-level security, optimizations and traffic managment into a single, integrated appliance.
The NetScaler features that enable and the policies you set are then applied to incoming and outgoing traffic.
The NetScaler system is an integrated web application delivery controller that slashed server and bandwidth requierments, cutting the costs of delivering enterprise application in half . The NetScaler system gives IT managers the ability to instantly tap unrealized efficiency gains across all phases of the application life cycle, without having to become application experts.
The NetScaler system functions as an application accelerator through caching and HTTP compression. It also provides advanced managment using layer-4 through layer-7 load balancing and content switching functions. The NetScaler system also includes application security using a web application firewall, including PCI-DSS security mandated protections and SSL VPN. The NetScaler system offloads application and web servers to ensure application availability, increased security through SSL and server consolidation. It reduces the total cost of ownership of web application delivery and optimizing the user experience.
2. Four NetScaler editions
a) NetScaler Gateway
-Replacement for Secure or Access gateway & express, platform and universal license
-three types of licenses
*express licence - which has allows five users for up to 12 months and normally you'd use that in a development or a lab scenario.
*platform licence you actually licence the divice itself and that allows unlimited
...
b) NetScaler Stnadard
-Load Balancing, Content Switching, High Availability, Database Load Balancing (SQL), NetScaler Gateway, Citrix ICA Proxy, SSL VPN (5 users by default) XenMobile NetScaler Connector, Network Optimization, HTTP/URL Rewrite, traffic Domains
c) NetScaler Enterprise
-Standard + GSLB, HTTP Compression, Surge protection, Front-end optimization and AAA Managment
d) NetScaler Plantinum
-Stnadard + Enterprise & CloudBridge, NetScaler Insight, Application Firewall, Advanced Security Features (DoS Shield, XML Security, Day Zero)
3. Four NetScaler appliance types:
a) VPX
-Virtual appliance, multi hypervisor, low cost solution. Where to use: Labs, Small Business
b) MPX
-Physical appliance, dedicated SSL chips. Where to use: Good all rounder
c) SDX
-hybrid appliance. Xenserver hypervisor, run multiple Platinum VPX instances, Where to use: Multitenancy, Hosting.
d) CPX
-For customisable container style deployments, Where to use: Cloud based applications.
4. Learning and Reading
- Citrix eDocs - htpps://docs.citrix.com/en-us/netscaler/11-1.html
- Citrix How To Guides - https://www.citrix.co.uk/community/citrix-developer/netscaler/howto-guides.html
-Partners and Citrix Employees - http://enablement.citrix.com
-Current CTP's - https://www.citrix.co.uk/community/ctp/awardees.html
5. IP addresses
A subnet IP addresess is used by the NetScaler to communicae with the backend servers NetScaler uses this subnet IP address as a source IP addresess to proxy the client connections as well as to send monitor probes to check the health of the backend servers.
Client - (Request 1)-> (VIP) - NetScaler - (SNIP) - (Request 2) -> Server
Client <- (Response 1)- (VIP) - NetScaler - (SNIP0 <- (Response 2) - Server
Request 1 - Client requests arrive at the VIP
Source IP = Client IP
Destinantion IP = VIP
Response 1 - NetScaler forwards the response to the client
Source IP = VIP
Destination IP = Client IP
Request 2 - NetScaler opens a connection and forwards the request to the server
Source IP = SNIP
Destination IP = Server IP
Response 2 - Server sends the response to NetScaler
Source IP = Server IP
Destination IP = SNIP
VIP = Virtual IP address
SNIP = Subnet IP address
NSIP = NetScaler IP Address which is the primary IP address for administring the NetScaler
6. Licesing
Configuration -> Licesing
7. Commands
Imutil Imhostid -ether /// command to obtain hostid
8. Authentication
a) Create an LDAP Authentication policy for NetScaler administrator
b) Bind the LDAP Authentication policy globally
c) Add Policies to Group
- System -> User Administration -> Groups -> Add
- Searching group cn in DNS server
dsquery group -name "domain admins"
-Add Command Policeies
d)
- System -> Authentication -> LDAP -> Servers
- check defined server and click "add", and retape password
-query for group in DNS server
- paste new group to new server
- System -> Authentication -> LDAP -> Policies
-Create new policy and bind it to new server for expression "ns_true"
-Save it
e) Generate an RSA Key on the NetScaler
- Traffic Managment -> SSL - > right click "Enable"
- Traffic Managment -> SSL -> SSL Files -> Keys -> Create RSA Key
Komentarze
Prześlij komentarz