Core Logic Final v9 - NetScaler Rocks! · Whitepaper - Core Logic - NetScaler Rocks Page 2 | 24...

SAM Office B.V.

Venrayseweg 16 5961 AG Horst

+31 77 398 22 88

www.samoffice.com

Whitepaper

NETSCALER ROCKS Core Logic

22-2-2016

Roel Schreibers, Jan Tytgat

[email protected]

Whitepaper-CoreLogic-NetScalerRocks

| 24

INTRODUCTION

Thisdocumentisintendedasawhitepaperandaguidewithin-depthinformationforallCitrixNetScalerenthusiastsoutthere.WhetheryouareaSAMOfficecustomerwhoalreadyhastheCore-Logicinstalled,orafellowCitrixNetScalercommunitymember,wehopethiswhitepaperwillprovideyouwithsomeinsightsandideas.

ThisdocumentshowstheCore-Logicasablackbox:

• HowtosetupCore-Logic• HowtoaddanewContentSwitchingVirtualServertotheNetScaler• HowtoaddanewApplicationtoaContentSwitchingVirtualServer• HowtomanagetheControlPlane

TheSAMOfficeChallenge:Basedonthisdocument,wechallengeyoutofigureoutthepolicyexpressionsandthelogicbehindtheCore-Logic.Letusknowwhatyouthink,orgiveusyourinputonhowwecanmakeitevenbetter!RatherstartworkingwiththeSAMOfficeCore-Logicimmediately?Noproblem,sendane-mailtoinfo@samoffice.comandwewillsendyouthefilesforfree.SAMOfficestartedwiththeCore-Logic,webelieveinit,let’smakeitevenbettertogether!

Needhelp?That’swhatweatSAMOfficedo!

Kindregards,

RoelSchreibers,JanTytgat.


| 24

CONTENT

Buildtomaintain 4History 4

Concept 4

Core-Logic 5Overview 5Expressions 5ControlPlane 5Advantages 6LookingForward 6

Implementation 7Requirements 7

Basicdesign 7

Installation 8Step-By-Step 8

ResponderHTMLpages 8Core-LogicModule 10

Post-Installation 11StringMaps 11PatternSets 11PolicyExpressions 12Responder 12LoadBalancing 13ContentSwitching 14

UserGuide 15In-housingaTenant 15

ContentSwitchingVirtualServers 15DeploymentScript 17

Deployingapplicationsforatenant 18WebApplicationX 18MicrosoftExchange2013 18

ControlPlane-Coding 20Keys 20Values 20

ControlPlane–Result 21

ControlPlane–ProcessingFlow 22

ControlPlane–CLIManagement 23

Conclusions 24


| 24

BUILD TO MAINTAIN HISTORY

It’snotclearwhenwestartedtothinkaboutacentralsteeringmechanismforcontentswitching,whicheventuallyledtothiswhitepaper.Somewherein2014,wefirstpublishedablogonNetScalerRocks.com1introducingtheideaofutilizingCitrixNetScaler’sstrengthofbuildingdynamicexpressionstosteerrequeststothecorrectLoadBalancingVirtualServer.Untilthen,eachrequestwassteeredusingindividualpolicies,causingconfigurationstobecomelargeandcomplex;andthereforehardtomaintain.

Thecomplexityanddiversityofmanyconfigurationswasverytime-consumingintermsoffiguringouthowthingswereactuallyprocessed,andwhatneededtobechangedinordertomaketherequestedchangeworkwithoutalteringordisruptingthewholeenvironment.

Version11ofCitrixNetScaleralsoemphasizedthepossibilitytousecontentswitchingincombinationwiththeauthenticationpossibilitiesoftheplatform.UsingUnifiedGatewayasaAAAserver,whilebeingintegratedintotheContentSwitchingVirtualServer,enablesustobeevenmoreflexibleindeployingapplications.Though,thisflexibilityalsoemphasizestheneedforaunifiedmethodtoconfigureandmaintainthegrowingcomplexityofaconfiguration.

CONCEPT The“BuildtoMaintain”conceptisolder,however.FindingamanageableandunifiedmethodtoconfigureandmaintaintheNetScalerConfigurationforacustomerisanon-goingquest:

• Firstofall,VisualizationoftheactualflowthroughdifferentNetScalercomponentshelpeduscommunicatingwiththecustomerandsupportengineers,asitisimperativethatbothpartiesunderstandwhatishappening.Atthesametime,ithelpeddefiningourintentstosolveagivenproblemwhilemakingiteasiertoacquireaquickinsightintowhatwashappeningatthecustomer.Eventoday,visualizationisamajorareaofinteresttousandwearestilllookingtoimproveoncommunicatingaboutthemechanicsofthegreyareabetweenNetworkingandApplication,calledApplicationDelivery.

• Second,besidesthefactthatMonitoringisalreadyoneoftheprimaryservicesCitrixNetScaleroffers,thecompleteServiceChainbecameanimportantpartoftheconcept.AlthoughtheNetScalerappliancemightberunningflawlessly,weshouldalsomonitortheservicesandapplicationswhicharebeingload-balancedfortheirhealth,throughput,etc.BridgingthegapbetweenNetworkingandApplicationsalsorequiresmonitoringtohappenthroughoutthewholeorganization.Assuch,aspecializedmonitoringsystemlikeCommandCenterdoesnotsuffice,asitisaccessiblebyNetScalerengineersonly.Itisimperativethecustomer’sITdepartmenttakesownershipofthe(SNMP)monitoringaswell,andCitrixNetScalercanbeofgreatassistinthisarea.Inresult,monitoringCitrixNetScalerhasbecomeanintricatepartofthe“Buildtomaintain”conceptandhasanimpactonhowanapplicationisload-balancedontheplatform.

1https://netscalerrocks.com/netscaler/contentswitching-quick-dirty/


| 24

• Third,standardizedimplementationmethodology,startingwithnamingconventions,simpleredirectstoHTTPS,rewritesetc.…Standardizationiskeytoamaintainableenvironment.

The“buildtomaintain”concept,combinedwithourideasaroundtheCore-LogicgaveusnewinsightsonhowtobuildamanageableandunifiedCitrixNetScalerconfigurationforacustomer,whilestartinganewqualitycycleinimprovingourservicesforourcustomers.

CORE-LOGIC

Overview Core-LogicdoesnotspecificallytargettheimplementationofasingleapplicationonaCitrixNetScaler.However,itisconsideredasanintegratedstrategytogetconsistencybetweendifferentapplicationsimplementedonaNetScalerplatform.

ThefocalpointoftheCore-LogicistocentralizeallapplicationsteeringacrossmultipleHTTP/HTTPSContentSwitchingVirtualServersbyusingasingleStringMap,whichwecalltheControlPlane.

Muchofthiswasinspiredbyhttps://www.citrix.com/blogs/2011/07/29/how-string-maps-help-simplify-and-reduce-configuration/(thankyouNeha).

Inshort,theCore-LogicisacollectionofAdvancedPolicyExpressionsandnon-addressableLoadBalancingVirtualServers.Thepolicyexpressionsarestaticandthereforeversionablewithinaconfiguration’slifecycle,sonewfeaturesshould/canbeimplementedinacontrolledmanner.

Expressions Currently,theCore-LogictakescareofthefollowingthingsonaHTTPand/orHTTPSContentSwitch:

• Selectthecorrect(non-addressable)LoadBalancingVirtualServer,basedon:o FQDNo FQDN+1stpathoftheURLo FQDNdomain(wildcard)

• Redirecttherequest:o FromHTTPtoHTTPSorviceversao 301/302Redirectbasedon:

§ FQDN§ FQDN+1stpathoftheURL§ FQDNdomain(wildcard)

• DroporResettherequest,basedon:o FQDNo FQDN+1stpathoftheURLo FQDNdomain(wildcard)

Inmostcases,reducingthenumberofcontentswitchingpoliciesboundtoaContentSwitchingVirtualServeralsoreducesthe“time-to-decision”onhowtoprocessarequest.

Control Plane TheControlPlaneisasingleStringMap,whichresultsinthefollowingpropertieswhenusedfortheCore-Logic:


| 24

• ProvideacentralizedconfigurationforspecificflowsthroughthedifferentContentSwitchingVirtualServers.

• MinimizechangestothecontentswitchingpoliciesbyusingtheCore-Logic.• Improveperformance,especiallyforlargeconfigurations,asstringmapsareindexedonCitrix

NetScaler.

Advantages WiththeCore-Logicimplemented,addinganewapplicationshouldonlyrequirethecreationofanon-addressableloadbalancingvirtualserverfortheapplicationandaddingacorrespondingentrytotheControlPlane.

Theadvantagesareclear:”

• Changeshavealowerimpactonthecurrentconfiguration.• Changesareeasiertoautomate.• Changestakelesstimetobeimplemented.• Lowertime-to-decision• Improvedperformance

Looking Forward Currently,Core-Logicisatversion9.Wecouldcontinueknockingourselvesoutinaddingnewfeaturesorfancierpossibilitiestothissinglestringmap.However,thisversiondeliversthenecessaryflexibilityformost(current)implementations.

Inthecomingperiod,wetendtospendmoretimeonautomationoftheentireprocess.


| 24

IMPLEMENTATION REQUIREMENTS

AtypicalimplementationofCitrixNetScalerisbasedonhavinganumberofapplicationsthatneedtobemadeaccessiblefromtheinternet.MicrosoftADFS,MicrosoftExchange,MicrosoftSharePoint,CitrixStorefront,etc.Needlesstosaythiscanbeanywebapplication.

Possibleextrarequirements:

• Someapplicationsrequiretwo-factorauthentication.• Someapplicationsshouldbeaccessibleanonymously.• Wereallywanttouseonly1IPaddressper“tenant”.

BASIC DESIGN

Adeploymentnormally/regularlyhasthefollowingbasicingredients:

• Alogonpoint(AAA/UniversalGateway)• AHTTPandaHTTPSversionofaContentSwitchingVirtualServer• AdefaultRedirecttoHTTPS• Redirectcapabilities(example:redirectanemptypathtosomesub-path)• ContentSwitchingPolicieswhichdefinethesteering.

Withtheexceptionofthelogonpoint,theCore-Logicwilltakecareofallbasicingredients.Thisleadstothefollowingtypicaldesign:

OtherfeatureslikeRewrites,ApplicationFirewall,Caching,etc.areapplicationspecificandmustbeconfiguredontheindividualLoadBalancingVirtualServersforanapplication.

UG_AAA LB_ADFS

ADFS

CS_Services1_HTTPS

LB_EX_OWA

Exchange

LB_SP

Sharepoint

LB_SF

Storefront

CS_Services1_HTTP

CoreLogic|Controlplane

NetScalerDefault:redirecttoHTTPS

Default:Blocktherequest

VIP1,tcp80 VIP1,tcp443


| 24

INSTALLATION TheinstallationoftheCore-Logiccodeisveryeasy,asoutlinedbelow.

STEP-BY-STEP

Responder HTML pages resppage_no_service Choose:AppExpert|Responder|HTMLPageImports,ClickAdd.

Makesuretheimportpageisnamed“resppage_no_service”,thecorelogicwillrefertothisnamelateron.

ClickContinue.

ThispagewillbeshowniftheCore-Logicdetectsaservicehasbeenconfigured,buttheactualvirtualserveriscurrentlynotavailable.

ClickDone.


| 24

<html>

<body>

<h1>OOPS!</h1>

<p>This page is shown because the requested service is currently unavailable.</p>

<p>Your IP Address: ${CLIENT.IP.SRC}</p>

<p>Requested: ${HTTP.REQ.URL}</p>

</body>

</html>

Note:Youmightwanttoadjustthisbasichtmlcodetoreflectstandardmessageswithinyourorganization.

resppage_blocked Choose:AppExpert|Responder|HTMLPageImports,ClickAdd.

Makesuretheimportpageisnamed“resppage_blocked”,thecorelogicwillrefertothisnamelateron.

ClickContinue.

ThispagewillbeshowniftheCore-Logicdetectsarequestforaservicewhichisnotconfigured.

ClickDone.


| 24

<html>

<body>

<h1>BLOCKED</h1>

<p>This page is shown because the requested service is unknown.</p>

<p>Your IP Address: ${CLIENT.IP.SRC}</p>

<p>Requested: ${HTTP.REQ.URL}</p>

</body>

</html>

Note:Youmightwanttoadjustthisbasichtmlcodetoreflectstandardmessageswithinyourorganization.

Core-Logic Module

ToinstalltheCore-Logic,deploythescriptsthroughthecommand-lineinterface:

• OpenanSSHshelltotheNetScalerappliance.• Copy/pastethecodeintotheCLI

o Note:Makesureyoupastethedifferentfilesinthecorrectorder!• Savetheconfiguration!!


| 24

POST-INSTALLATION

ThefollowingitemsshouldbevisibleintheGUIafterinstallingthecore-logicfiles:

String Maps

(filledwithsampledata)

Pattern Sets


| 24

Policy Expressions

Theseexpressionscanbeconsideredthe“core-logic”

Responder Responder Actions


| 24

Responder Policies

Load Balancing Virtual Servers

Service Groups

Servers


| 24

Content Switching Content Switching Actions

Content Switching Policies


| 24

USER GUIDE ThefollowingsectionwillprovideyouwithdetailedinstructionsonhowtousetheCore-Logic.

Firstofall,theactualnameofthecontentswitchisboundtothefollowinglimitations:

• TheHTTPversionofthecontentswitchshouldendwith_HTTP• TheHTTPSversionofthecontentswitchshouldendwith_HTTPS(or_SSL)• BothversionsoftheContentswitchneedtostartoffusingthesamename

Samples:

• AContentSwitchingVirtualServerforHTTP:o CS_Tenant1_HTTP

• AContentSwitchingVirtualServerforHTTPS:o CS_Tenant1_HTTPS

IN-HOUSING A TENANT

In-housinganewtenantequalsthecreationoftwonewContentSwitchingVirtualServersandbindingtheCore-Logicpolicieswiththeircorrectpriorities.

Content Switching Virtual Servers CS_Tenant1_HTTP

Policy Bindings

Note:MakesuretheContentSwitchingPolicybindingshavethecorrectpriority.

Default Load Balancing Virtual Server ThedefaultLoadBalancingVirtualServerforthisContentSwitchingVirtualServerisVS_REDIR_302_SWITCH,aswewishtoredirectalltrafficfromHTTPtoHTTPS.


| 24

TheVS_REDIR_302_SWITCHLoadBalancingVirtualServerredirectstheuserinthissituationtoHTTPS.

CS_Tenant1_HTTPS

Policy Bindings

Note:ThisContentSwitchingVirtualServerhasthesameContentSwitchingPolicybindings,usingthesamepriorities.

Default Load Balancing Virtual Server ThedefaultLoadBalancingVirtualServerforthisContentSwitchingVirtualServerisVS_NO_SERVICE

TheVS_NO_SERVICELoadBalancingVirtualServerinformstheuserthat:

• Therequestedapplicationiscurrentlyunavailable(down)• TherequestedapplicationisunknowntotheControlPlane


| 24

Extra Configuration AdditionalresourceswillbeboundtotheContentSwitchingVirtualServerCS_Tenant1_HTTPS:

• One,ormorevalidcertificates(usingWildcard/SANcertificates,optionallyusingSNI)• AnAAAorUniversalGatewayauthenticationvirtualserver.

Deployment Script Content Switching Virtual Server for HTTP add cs vserver CS_[TENANTNAME]_HTTP HTTP [VIP-Address] 80 -cltTimeout 180

bind cs vserver CS_[TENANTNAME]_HTTP -policyName CSP_FRST_PROTO -priority 101

bind cs vserver CS_[TENANTNAME]_HTTP -policyName CSP_FRST -priority 102

bind cs vserver CS_[TENANTNAME]_HTTP -policyName CSP_FQDN_PROTO -priority 111

bind cs vserver CS_[TENANTNAME]_HTTP -policyName CSP_FQDN -priority 112

bind cs vserver CS_[TENANTNAME]_HTTP -policyName CSP_WILD_PROTO -priority 121

bind cs vserver CS_[TENANTNAME]_HTTP -policyName CSP_WILD -priority 122

bind cs vserver CS_[TENANTNAME]_HTTP -lbvserver VS_REDIR_302_SWITCH

Content Switching Virtual Server for HTTPS add cs vserver CS_[TENANTNAME]_HTTPS SSL [VIP-Address] 443 -cltTimeout 180

bind cs vserver CS_[TENANTNAME]_HTTPS -policyName CSP_FRST_PROTO -priority 101

bind cs vserver CS_[TENANTNAME]_HTTPS -policyName CSP_FRST -priority 102

bind cs vserver CS_[TENANTNAME]_HTTPS -policyName CSP_FQDN_PROTO -priority 111

bind cs vserver CS_[TENANTNAME]_HTTPS -policyName CSP_FQDN -priority 112

bind cs vserver CS_[TENANTNAME]_HTTPS -policyName CSP_WILD_PROTO -priority 121

bind cs vserver CS_[TENANTNAME]_HTTPS -policyName CSP_WILD -priority 122

bind cs vserver CS_[TENANTNAME]_HTTPS -lbvserver VS_NO_SERVICE

Note:DonotforgettobindCertificatestothisContentSwitchingVirtualServer.


| 24

DEPLOYING APPLICATIONS FOR A TENANT Web Application X

WebapplicationXisconfiguredasanon-addressableLoadBalancingVirtualServer:VS_T1_Web

• ThebasicFQDNforthewebapplicationXis:www.tenant1.com• AllFQDNusingthetenant1.comdomainshouldberedirectedto“www.tenant1.com”

o Redirectusinga301,movedpermanently• Ifthepathisempty,weshouldredirecttheuserto/app1• TheapplicationshouldalwaysrunonHTTPS

WeaddtothestringmapSM_CS_CONTROL:

Key Value

cs_tenant1_https_www.tenant1.com vs=VS_T1_Web;cs_tenant1_tenant1.com vs=VS_REDIR_301;dst=https://www.tenant1.com;cs_tenant1_*.tenant1.com vs=VS_REDIR_301;dst=//www.tenant1.com;cs_tenant1_https_www.tenant1.com/ vs=VS_REDIR_302;dst=/app1;

Note:theredirecttoHTTPSisperformedbydefaultduetotheconfigurationofCS_Tenant1_HTTP.

Sub-path with different configuration: Ifthetenanthas/app2addedontheirwebserverinalaterstage,andshouldrunonHTTPonly,weaddthefollowingentriestothestringmapSM_CS_CONTROL:

Key Valuecs_tenant1_http_www.tenant1.com/app2 vs=VS_T1_Web;cs_tenant1_https_www.tenant1.com/app2 vs=VS_REDIR_302_SWITCH;

Microsoft Exchange 2013

UsingthedeploymentguideprovidedbyCitrix,followingLoadBalancingVirtualServersarecreated:

ApplicationComponent LoadBalancingVirtualServersOutlookwebaccess Vs_t1_ex_owaEcp Vs_t1_ex_ecpEws Vs_t1_ex_ewsEas Vs_t1_ex_easOab Vs_t1_ex_oabRPC Vs_t1_ex_rcpMapi Vs_t1_ex_mapiAutodiscover Vs_t1_ex_autod

Note:ThedeploymentguideforMicrosoftExchange2013canbefoundatthefollowingurl2.

2MicrosoftExchange2013–DeploymentGuide:https://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/microsoft-exchange-2013-citrix-netscaler-deployment-guide.pdf


| 24

AfterthecreationoftheLoadBalancingVirtualServersweonlyneedtoedittheControlPlane,byaddingthenecessaryentries:

Key Valuecs_tenant1_https_mail.tenant1.com/owa vs=Vs_t1_ex_owa;cs_tenant1_https_mail.tenant1.com/eas vs=Vs_t1_ex_eas;cs_tenant1_https_mail.tenant1.com/ews vs=Vs_t1_ex_ews;cs_tenant1_https_mail.tenant1.com/ecp vs=Vs_t1_ex_ecp;cs_tenant1_https_mail.tenant1.com/autodiscover vs=Vs_t1_ex_autod;cs_tenant1_autodiscover.tenant1.com vs=VS_REDIR_302;dst=https://mail.tenant1.co

m/AutoDiscover/AutoDiscover.xml;cs_tenant1_https_mail.tenant1.com/ vs=VS_REDIR_302;dst=/owa;cs_tenant1_http_mail.tenant1.com vs=VS_REDIR_SWITCH;info=3;

Note:therearemultiplewaystoimplement“autodiscover”foroutlook,dependingontheconfigurationofExchange2013.

3Thisoneisneededbecauseweredirectedthewildcard*.tenant1.comtowww.tenant.comearlier


| 24

CONTROL PLANE - CODING

TheSM_CS_CONTROLentriesaredesignedtobehuman-readable,evenwithoutadeeperunderstandingofNetScalerorCore-Logic.

Astringmapconsistskey-valuepairs,whicharebeingusedbytheCore-Logic.InorderfortheControl-Panetowork,somerulesmustbekeptinmindwheneditingthestringmap.

Keys

Thekeydescribeswhenthecorelogicshouldtakeaction:

• Thekeyisalwaysinlowercase!• Akeycannotbeusedtwice(itistheindexfortheStringMap)• Thekeyconsistsof2partsseparatedbyasingleunderscore(_):

• Thefullnameofthecontentswitchingvirtualserver(e.g.cs_tenant1_https)orthecommonpartofthenameforHTTP|HTTPScontentswitchingvirtualservers(e.g.cs_tenant1).

• Theurlwewanttotakeactionon:o FQDN(www.tenant1.com)o FQDN/1stpath(www.tenant1.com/app2)o WildcardDomain(*.tenant1.com)4

Values

Thevaluedescribeswhatactionshouldbetaken:

• vs=[aloadbalancingvirtualservername];o Mandatory!o Donotforgetthesemicolon“;”attheend!o SpecialVServers:

§ VS_REDIR_302_SWITCH(redirecthttp->httpsorhttps->http)§ VS_REDIR_301(redirect“301movedpermanently”tothedstvalue)§ VS_REDIR_302(redirect“302found”tothedstvalue)§ VS_DROP(dropstherequest)§ VS_RESET(resetstherequest)

• dst=[adestinationreference];o MandatoyforVS_REDIR_301andVS_REDIR_302!o Donotforgetthesemicolon“;”attheend!o BothVS_REDIR_301andVS_REDIR_302performrelativeredirectswhenusingthedst

entry.

• info=[someremarkontheentry];o Optionalo Donotforgetthesemicolon“;”attheend!

4Theentrytenant1.comreferstotheFQDN,*.tenant1.comreferstoallthesubdomains!!


| 24

CONTROL PLANE – RESULT TheControlPlaneforourtenant1wouldlooklikethis:

Bind stringmap SM_CS_CONTROL “cs_tenant1_https_www.tenant1.com” “vs=VS_T1_Web;”

Bind stringmap SM_CS_CONTROL “cs_tenant1_tenant1.com”

“vs=VS_REDIR_301;dst=https://www.tenant1.com;”

Bind stringmap SM_CS_CONTROL “cs_tenant1_*.tenant1.com”

“vs=VS_REDIR_301;dst=//www.tenant1.com;”

Bind stringmap SM_CS_CONTROL “cs_tenant1_https_www.tenant1.com/” “vs=VS_REDIR_302;dst=/app1;”

Bind stringmap SM_CS_CONTROL “cs_tenant1_http_www.tenant1.com/app2” “vs=VS_T1_Web;”

Bind stringmap SM_CS_CONTROL “cs_tenant1_https_www.tenant1.com/app2” “vs=VS_REDIR_302_SWITCH;”

Bind stringmap SM_CS_CONTROL “cs_tenant1_https_mail.tenant1.com/owa” “vs=Vs_t1_ex_owa;”

Bind stringmap SM_CS_CONTROL “cs_tenant1_https_mail.tenant1.com/eas” “vs=Vs_t1_ex_eas;”

Bind stringmap SM_CS_CONTROL “cs_tenant1_https_mail.tenant1.com/ews” “vs=Vs_t1_ex_ews;”

Bind stringmap SM_CS_CONTROL “cs_tenant1_https_mail.tenant1.com/ecp” “vs=Vs_t1_ex_ecp;”

Bind stringmap SM_CS_CONTROL “cs_tenant1_https_mail.tenant1.com/autodiscover”

“vs=Vs_t1_ex_autod;”

Bind stringmap SM_CS_CONTROL “cs_tenant1_autodiscover.tenant1.com”

“Vs=VS_REDIR_302;dst=https://mail.tenant1.com/AutoDiscover/AutoDiscover.xml;”

Bind stringmap SM_CS_CONTROL “cs_tenant1_https_mail.tenant1.com/” “Vs=VS_REDIR_302;dst= /owa;”

Bind stringmap SM_CS_CONTROL “cs_tenant1_http_mail.tenant1.com”

“Vs=VS_REDIR_SWITCH;info=*.tennant1.com goes to www.tenant1.com”;”


| 24

CONTROL PLANE – PROCESSING FLOW

SM_CS_CONTROL

CS_FULLNAMENameoftheContentswitchused

CS_NAMECS_FULLNAME-theending_HTTPor_HTTPS

FQDN_WILD"*."+HTTP.REQ.HOSTNAME.DOMAIN

HTTP.REQcomminginononeoftheContentswitches

CS_FULLNAME+HTTP.REQ.HOSTNAME+HTTP.REQ.URL.PATH.GET(1)

CS_NAME+HTTP.REQ.HOSTNAME+HTTP.REQ.URL.PATH.GET(1)

CS_FULLNAME+HTTP.REQ.HOSTNAME

CS_NAME+HTTP.REQ.HOSTNAME

CS_FULLNAME+FQDN_WILD

CS_NAME+FQDN_WILD

SelectVSERVERtouse

VS_REDIR_302_SWITCHVS_REDIR_301 VS_REDIR_302

SM_CS_CONTROL

VS_xxxxx

VS_yyyyyVS_zzzzz

SelectRedirect

RedirectSwitchhttp-->httpsandhttps-->

http

(CS=HTTPS)VS_NO_SERVICE(CS=HTTP)VS_REDIR_302_SWITCH


| 24

CONTROL PLANE – CLI MANAGEMENT

ThestringmapSM_CS_CONTROLcanbemanagedthroughtheGUI.Althoughwithabitofpractice,usingthecommandlineinterfaceisgenerallyeasierandfasterforlargerconfigurations.

Adding Entries ThebasiccommandtoaddanentrytotheSM_CS_CONTROLstringmap:

bind stringmap SM_CS_CONTROL [key] [value]

Tip:alwaysputthekeyandvaluebetween“[value]”

Deleting Entries ThebasiccommandtoremoveanentryfromtheSM_CS_CONTROLstringmap:

unbind stringmap SM_CS_CONTROL [key]

Showing Entries Thecommandtogetallentriesforcs_tennant1(httpandhttps):

show run | grep SM_CS_CONTROL | grep cs_tenant1


| 24

CONCLUSIONS TheCore-Logicisanattemptatcreatingaunifiedwaytointegrateapplicationsintooneormorecontentswitchingvirtualservers.TheCore-LogiclinkstheContentSwitchingVirtualServer(s)totheapplicationsusingtheControlPlane.

ItgeneralizesthemostcommentContentSwitchingPoliciesandResponderPoliciesintoasinglesetofcode.Inaddition,theCore-LogiccodeitselfisnotspecificforaContentSwitchingVirtualServer,aLoadBalancingVirtualServeroragivenredirect.

CreatinganewContentSwitchingVirtualServercaneasilybeautomated,sincethepoliciesboundtoaContentSwitchingVirtualServerarestatic.Anewtenantcanbedeployedbyhaving3parameters:

• [Name]• [VIP]• [Certificate]

ThesteeringisdonethroughasingleControlPlane,whichcanalsoeasilybeautomated.Changestothisstringmapcanbeconsideredalower-impactchangetotheconfiguration.

TheControlPlaneusesthe“morerestrictive”principaltodeterminetheflowoftherequests,resultinginthefollowinglistofkeysfromleastrestrictivetomostrestrictive:

• cs_tenant1_[wildcarddomain]• cs_tenant1_[protocol]_[wildcarddomain]• cs_tenant1_[fqdn]• cs_tenant1_[protocol]_[fqdn]• cs_tenant1_[fqdn+1stpath]• cs_tenant1_[protocol]_[fqdn+1stpath]

ForDTAP(development-test-acceptance-production)situationsthisunificationofcodeishelpful.

ForMulti-tenant/hostingprovidersitcanhelpkeepingcontrolofapplicationdeliveryfortheircustomersandaneasierdeploymentofnewtenantsand/orapplications.

Core Logic Final v9 - NetScaler Rocks! · Whitepaper - Core Logic - NetScaler Rocks Page 2 | 24...

Documents

Transcript of Core Logic Final v9 - NetScaler Rocks! · Whitepaper - Core Logic - NetScaler Rocks Page 2 | 24...