NetScaler Gateway Integration with...
Transcript of NetScaler Gateway Integration with...
NetScaler Gateway Integration with XenApp/XenDesktop
May 2017
citrix.com 2
Table of Contents
Table of Contents ......................................................................................................... 2
Training Overview ....................................................................................... 3
Training Overview ........................................................................................................ 4
Lab Environment Details .............................................................................................. 5
Lab Environment Overview ......................................................................... 7
Exercise 1: Connecting to XenServer........................................................................... 8
Module 1: Load Balancing XenDesktop Delivery Controllers .................... 11
Exercise 1: Server Instances ...................................................................................... 12
Exercise 2: Custom Load Balancing Monitor .............................................................. 17
Exercise 3: Load Balancing Services ......................................................................... 21
Exercise 4: Load Balancing Virtual Server ................................................................. 27
Exercise 5: Configuring StoreFront for Load Balanced Delivery Controllers .............. 32
Module 2: Load Balancing StoreFront ....................................................... 42
Exercise 1: Server Instances ...................................................................................... 43
Exercise 2: Custom Load Balancing Monitor .............................................................. 46
Exercise 3: Load Balancing Services ......................................................................... 49
Exercise 4: Load Balancing Virtual Server ................................................................. 56
Exercise 5: Configuring StoreFront for Load Balanced StoreFront Servers ............... 64
Module 3: Unified Gateway Configuration ................................................. 69
Exercise 1: Unified Gateway VPN Virtual Server ....................................................... 70
Exercise 2: Unified Gateway Content Switching Virtual Server .................................. 82
Exercise 3: Configuring Unified Gateway for XenDesktop/StoreFront........................ 93
Exercise 4: Configuring StoreFront for Unified Gateway Remote Access ................ 110
Module 4: Unified Gateway Monitoring with NetScaler MAS ................... 119
Exercise 1: MAS Setup and Monitoring .................................................................... 120
Lab Guide Appendix ............................................................................... 134
citrix.com 3
Training Overview
citrix.com 4
Training Overview
Objective
In this learning lab you will be integrating the NetScaler Unified Gateway 12.0 with XenDesktop 7.13 and StoreFront 3.9. You will be load-balancing the delivery controllers and the StoreFront servers as well. There are also exercises that cover the integration of Unified Gateway with legacy XenApp and Web Interface.
Required Prerequisites
None required.
Optional Prerequisites
Experience with XenApp/XenDesktop administration.
Audience
Target
Customers
Partners
Lab Guide Conventions
Indicator Purpose
This symbol indicates particular attention must be paid to this step
Special note to offer advice or background information
reboot Text the student enters or an item they select is printed like this
Start Bold text indicates reference to a button or object
Focuses attention on a particular part of the screen
Shows where to click or select an item on a screenshot
citrix.com 5
Lab Environment Details Here is a lab environment network diagram which shows how all the devices are connected to each other.
citrix.com 6
Virtual Machines
VM Name IP Address Description
AD.training.lab 192.168.10.11 Domain Controller, DNS, DHCP, Certificate Services
SQL Server 192.168.10.12 MS SQL Server 2012
XenDesktop 1 192.168.10.20 Windows Server 2012 R2 | XenDesktop 7.13 Delivery Controller
XenDesktop 2 192.168.10.25 Windows Server 2012 R2 | XenDesktop 7.13 Delivery Controller
StoreFront 1 192.168.10.30 Windows Server 2012 R2 | StoreFront 3.9
StoreFront 2 192.168.10.35 Windows Server 2012 R2 | StoreFront 3.9
VDA 1 192.168.10.60 Windows 8.1 Professional | XenDesktop 7.13 VDA
VDA2 192.168.10.65 Windows 8.1 Professional | XenDesktop 7.13 VDA
NetScaler 192.168.10.100 NetScaler 12.0 VPX
MAS 192.168.10.200 NetScaler MAS 12.0 VPX
Credentials
User Name Password Description
Training\Administrator Citrix123 Domain Administrator
Training\User1 Citrix123 Standard User
Training\User2 Citrix123 Standard User
nsroot nsroot NetScaler Login
citrix.com 7
Lab Environment Overview
citrix.com 8
Exercise 1: Connecting to XenServer
Overview
As outlined earlier in this guide, your lab environment exists on a standalone XenServer host.
To access the lab infrastructure, we must connect to the host using XenCenter. Some VMs will
be turned on for you, but others are left powered-off until the beginning of the exercises.
In this exercise you will:
Add the lab host to XenCenter
Power on the virtual machines used in the lab
Estimated time to complete this exercise: 5 Minutes
citrix.com 9
Step-by-Step Guidance
Step Action
1. Open XenCenter and click Add a Server.
2. At the prompt, enter your credentials and then click Add.
Server: 192.168.10.5
Username: admin NOTE: this will auto-fill to „root‟
Password: <provided on your lab login page>
citrix.com 10
Step Action
3. Right-click on and select Start for each of the following virtual machines:
StoreFront 1
StoreFront 2
VDA 1
VDA 2
XenDesktop 1
XenDesktop 2
Exercise Summary
In this exercise you added your lab environment to XenCenter and started the infrastructure servers and desktops.
citrix.com 11
Module 1: Load Balancing XenDesktop Delivery Controllers
citrix.com 12
Exercise 1: Server Instances
Overview
While the XenDesktop delivery controllers will load balance the VDA traffic between the
controllers, the NetScaler will load-balance the XML traffic from StoreFront to the delivery
controllers. Load balancing the XML traffic will help keep a single controller from being
overwhelmed with traffic, and can also help when a delivery controller needs to be taken out of
service for maintenance.
The delivery controllers (either installed on a physical or virtual server) require an “instance” of
the server to be added to the NetScaler.
In this exercise you will:
Create a server instance for each delivery controller on the NetScaler.
Estimated time to complete this exercise: 10 Minutes
Virtual Machines Required for This Exercise
NetScaler
citrix.com 13
Step-by-Step Guidance
Step Action
1. First, you are going to log on to the NetScaler administrator interface. From the student
desktop, open Mozilla Firefox.
2. In the browser window that opens, select the NetScaler link in the bookmark toolbar.
3. At the NetScaler log on page, type nsroot in the User Name field, and then type nsroot
in the Password field and then click the Login button.
citrix.com 14
Step Action
4. Now that you are logged-on to the NetScaler interface, you can start creating your load-
balancing configuration. The XenDesktop delivery controllers (either physical or virtual
servers) need to have “instances” of these servers added to the NetScaler so that the
appliance knows where the server is on the network.
Navigate to Traffic Management > Load Balancing > Servers and then click Add.
5. In the Create Server window, type xd1.training.lab in the Name field, then type
192.168.10.20 in the IP Address field and then click Create.
citrix.com 15
Step Action
6. You should see a result with the new server instance displayed and show an “Enabled”
state.
7. Repeat the same process and add another server instance called xd2.training.lab with
an IP address of 192.168.10.25.
You should see the following result:
citrix.com 16
Step Action
8. Next, after any major configuration change, you will want to save the NetScaler
configuration.
Click the disk icon in the upper-right corner of the user interface window to save the
configuration.
Click Yes to confirm that you want to save the configuration.
Exercise Summary
In this exercise, you created the server instances on the NetScaler that will be used in future exercises when creating the load-balancing services.
citrix.com 17
Exercise 2: Custom Load Balancing Monitor
Overview
Load balancing monitors provide the load balancing service with a consistent heartbeat of the
server that it is referencing. The monitor determines what type of check is completed, along with
what thresholds are calculated to determine if a server has gone into a “down” state. The
NetScaler has a series of built-in monitors for other Citrix products, including a monitor for
XenDesktop delivery controllers that will not only check the status of the server, but check a set
of credentials by logging on to the XenDesktop platform.
In this exercise you will:
Create a custom load balancing monitor for the XenDesktop delivery controller and set
the extended parameters.
Estimated time to complete this exercise: 10 Minutes
Virtual Machines Required for This Exercise
XenDesktop 1 XenDesktop 2 NetScaler
citrix.com 18
Step-by-Step Guidance
Step Action
1. While still logged on to the NetScaler interface, navigate to Traffic Management > Load
Balancing > Monitors and then click Add.
2. In the Create Monitor window, type xd_mon in the Name field, select CITRIX-XD-DDC
from the Type drop-down list box, and then select the Special Parameters tab.
citrix.com 19
Step Action
3. In the Special Parameters tab, check the box next to Validate Credentials, then type
user1 in the User Name field, type Citrix123 into the Password field and then type
TRAINING in the Domain field and click Create.
4. You should see the following result after creating the custom monitor:
citrix.com 20
Step Action
5. Next, after any major configuration change, you will want to save the NetScaler
configuration.
Click the disk icon in the upper-right corner of the user interface window to save the
configuration.
Click Yes to confirm that you want to save the configuration.
Exercise Summary
In this exercise you created a custom monitor that is specifically designed for the XenDesktop delivery controller server. You also set the special parameters to test a user in the XenDesktop platform.
citrix.com 21
Exercise 3: Load Balancing Services
Overview
Load balancing services are the object that the load-balancing virtual server interacts with.
Services then reference the attached server objects. Services are also where any monitors are
used to check service heartbeats with the server.
In this exercise you will:
Create two load balancing services for the XenDesktop delivery controllers.
Estimated time to complete this exercise: 10 Minutes
Virtual Machines Required for This Exercise
XenDesktop 1 XenDesktop 2 NetScaler
citrix.com 22
Step-by-Step Guidance
Step Action
1. While still logged on to the NetScaler interface, navigate to Traffic Management > Load
Balancing > Services and then click Add.
2. Type svc_xd1 into the Service Name field, then select the radio button next to Existing
Server, select xd1.training.lab from the Server drop-down list box, then select HTTP
from the Protocol drop-down list box, and then click OK.
3. In the Monitors pane, click 1 Service to Load Balancing Monitor Binding to access
the monitor selector.
citrix.com 23
Step Action
4. In the pane that appears, click Add Binding to add a monitor to the service.
5. Under Select Monitor, click Click to select.
Then, select the radio button next to xd_mon and then click Select.
citrix.com 24
Step Action
6. Click Bind to add the monitor to the load-balancing service.
Click Close to close the monitor pane.
7. Click Done to complete the creation of the new service.
citrix.com 25
Step Action
8. After successfully creating the new load-balancing service, you should see the following
result:
9. Repeat the same process to create another load-balancing service using the following
parameters:
Service Name: svc_xd2
Existing Server: xd2.training.lab
Protocol: HTTP
Monitor: mon_xd
10. After successfully creating the second load-balancing service, you should see the
following result:
11. Save the NetScaler configuration.
citrix.com 26
Exercise Summary
In this exercise you created two load-balancing services that are for each of the XenDesktop delivery controllers. The new services use the custom monitor that was created in the previous exercise to monitor the XML traffic on the delivery controller servers.
citrix.com 27
Exercise 4: Load Balancing Virtual Server
Overview
Load balancing virtual servers are the interaction point between the client and the backend
servers. Clients will be accessing the load-balancing virtual server instead of the backend
resources, reducing load and increasing efficiency.
In this exercise you will:
Create a load-balancing virtual server for the XenDesktop delivery controllers.
Estimated time to complete this exercise: 10 Minutes
Virtual Machines Required for This Exercise
XenDesktop 1 XenDesktop 2 NetScaler
citrix.com 28
Step-by-Step Guidance
Step Action
1. While still logged on to the NetScaler interface, navigate to Traffic Management > Load
Balancing > Virtual Servers and then click Add.
2. In the new pane that appears, type lb_vsrv_xd in the Name field, select HTTP from the
Protocol drop-down list box, type 192.168.10.125 in the IP Address field and then click
OK.
citrix.com 29
Step Action
3. Next, under Services and Service Groups, click No Load Balancing Virtual Server
Service Binding to add a new load-balancing service.
4. Under Select Service, click Click to select.
citrix.com 30
Step Action
5. In the Service pane, check the boxes next to both svc_xd1 and svc_xd2, and then click
Select.
Click Bind to add the services to the load-balancing virtual server.
6. Next, click Continue to move to the next step.
citrix.com 31
Step Action
7. Now that you have added the services, the load-balancing virtual server is complete.
Click the Done button at the bottom of the screen.
8. After successfully creating the load-balancing virtual server, click refresh and you
should see the following result:
9. Save the NetScaler configuration.
Exercise Summary
In this exercise you created a load-balancing virtual server for the XenDesktop delivery controllers. The StoreFront servers will be altered to point to the new load-balancing virtual server instead of the actual delivery controllers for XML traffic.
citrix.com 32
Exercise 5: Configuring StoreFront for Load Balanced Delivery Controllers
Overview
Now that the XenDesktop delivery controllers are being load-balanced by the NetScaler,
StoreFront needs to be configured to use the new virtual server.
In this exercise you will:
Configure the StoreFront servers to use the load-balanced XenDesktop delivery
controllers from the NetScaler.
Estimated time to complete this exercise: 10 Minutes
Virtual Machines Required for This Exercise
StoreFront 1 StoreFront 2
citrix.com 33
Step-by-Step Guidance
Step Action
1. On the Student Desktop, double-click the StoreFront 1 RDP shortcut to access the
StoreFront 1 server.
citrix.com 34
Step Action
2. In the warning box that appears, click Connect.
In the Windows Security window that appears, type Citrix123 into the Password field
and then click OK.
citrix.com 35
Step Action
3. Accept the RDP certificate by clicking Yes.
4. On the StoreFront 1 desktop, select the StoreFront shortcut in the taskbar to open
StoreFront.
5. Since you are just editing the delivery controllers for the store, there is only one setting
that needs to be adjusted. Select Stores from the left pane of the screen.
Then, in the right pane under Store, select Manage Delivery Controllers.
citrix.com 36
Step Action
6. In the Manage Delivery Controllers window that appears, click Edit.
7. In the Servers (load balanced) field, select xd2.training.lab and then click Remove.
citrix.com 37
Step Action
8. Next, select xd1.training.lab and then click Edit.
9. In the Edit Server window that appears, change the Server name to
xendesktop.training.lab and then click OK.
citrix.com 38
Step Action
10. Click OK in the Edit Delivery Controller window.
Click OK in the Manage Delivery Controller window.
citrix.com 39
Step Action
11. Now that these settings have been edited on StoreFront 1, they need to be propagated
over to StoreFront 2.
Select Server Group in the left pane.
12. Next, select Propagate Changes in the right pane.
13. In the window that appears, click Yes to confirm the request.
citrix.com 40
Step Action
14. When the propagation is complete, click OK.
You can close the RDP connection to the StoreFront 1 server.
15. Next, you can test the load balancing virtual server by logging on to the StoreFront site.
If the applications and desktops enumerate onto the StoreFront site, then the virtual
server is functioning properly.
Open a new Firefox tab and navigate to https://sf1.training.lab/citrix/storeweb.
16. Log on using the following credentials:
User name: TRAINING\user1
Password: Citrix123
citrix.com 41
Step Action
17. Once you are logged on, click the Apps button at the bottom of the screen to show the
available applications to this user.
18. After clicking the Apps button, you should be presented with four applications showing
the following result:
The applications are displaying via the load-balancing virtual server from the NetScaler
as opposed to directly addressing the delivery controller servers themselves.
Exercise Summary
In this exercise you edited the settings on the StoreFront servers to use the load-balancing virtual server as opposed to directly accessing the XenDesktop delivery controllers themselves.
citrix.com 42
Module 2: Load Balancing StoreFront
citrix.com 43
Exercise 1: Server Instances
Overview
The StoreFront servers are really nothing more than IIS web servers with XML functionality to
the XenDesktop delivery controllers. Just like the XenDesktop load balancing, you need to
create virtual instances of the servers on the NetScaler.
In this exercise you will:
Create a server instance for each StoreFront server on the NetScaler.
Estimated time to complete this exercise: 10 Minutes
Virtual Machines Required for This Exercise
NetScaler
citrix.com 44
Step-by-Step Guidance
Step Action
1. While still logged on to the NetScaler interface, navigate to Traffic Management > Load
Balancing > Servers and then click Add.
2. In the Create Server window, type sf1.training.lab in the Name field, then type
192.168.10.30 in the IP Address field and then click Create.
citrix.com 45
Step Action
3. You should see a result with the new server instance displayed and show an “Enabled”
state.
4. Repeat the same process and add another server instance called sf2.training.lab with
an IP address of 192.168.10.35.
You should see the following result:
5. Save the NetScaler configuration.
Exercise Summary
In this exercise, you created the server instances on the NetScaler that will be used in future exercises when creating the load-balancing services.
citrix.com 46
Exercise 2: Custom Load Balancing Monitor
Overview
The NetScaler has a custom monitor type that is included that will monitor the current state of
StoreFront servers.
In this exercise you will:
Create a custom load balancing monitor for the StoreFront servers and set the extended
parameters.
Estimated time to complete this exercise: 10 Minutes
Virtual Machines Required for This Exercise
StoreFront 1 StoreFront 2 NetScaler
citrix.com 47
Step-by-Step Guidance
Step Action
6. While still logged on to the NetScaler interface, navigate to Traffic Management > Load
Balancing > Monitors and then click Add.
7. In the Create Monitor window, type sf_mon in the Name field, select STOREFRONT from
the Type drop-down list box, and then scroll to the bottom of the screen and check the
box next to Secure.
citrix.com 48
Step Action
8. Scroll up to the top of the screen, and select the Special Parameters tab.
In the Special Parameters tab, type Store in the Store Name field and then click Create.
This monitor will verify that the StoreFront store called “Store” is responding to the
NetScaler.
9. You should see the following result after creating the custom monitor:
10. Save the NetScaler Configuration.
Exercise Summary
In this exercise you created a custom monitor that is specifically designed for the StoreFront servers. You also set the special parameters to verify that a store on the StoreFront server called “Store” exists and is responding.
citrix.com 49
Exercise 3: Load Balancing Services
Overview
Load balancing services are the object that the load-balancing virtual server interacts with.
Services then reference the attached server objects. Services are also where any monitors are
used to check service heartbeats with the server.
In this exercise you will:
Create two load balancing services for the StoreFront servers.
Estimated time to complete this exercise: 10 Minutes
Virtual Machines Required for This Exercise
StoreFront 1 StoreFront 2 NetScaler
citrix.com 50
Step-by-Step Guidance
Step Action
12. While still logged on to the NetScaler interface, navigate to Traffic Management > Load
Balancing > Services and then click Add.
13. Type svc_sf1 into the Service Name field, then select the radio button next to Existing
Server and then select sf1.training.lab from the Server drop-down list box, select SSL
from the Protocol drop-down list box, and then click OK.
citrix.com 51
Step Action
14. In the Monitors pane, click 1 Service to Load Balancing Monitor Binding to access
the monitor selector.
15. In the pane that appears, click Add Binding to add a monitor to the service.
citrix.com 52
Step Action
16. Under Select Monitor, click Click to select.
Scroll to the bottom of the page and click the right arrow to view the next page.
Select the radio button next to sf_mon and then click Select.
citrix.com 53
Step Action
17. Click Bind to add the monitor to the load-balancing service.
Click Close to close the monitor pane.
18. In the Settings pane, click the pencil icon to edit the settings.
citrix.com 54
Step Action
19. Check the box next to Insert Client IP Address, and then type X-Forwarded-For in the
Header field. Then click OK.
20. Click Done to complete the creation of the new service.
21. After successfully creating the new load-balancing service, you should see the following
result:
citrix.com 55
Step Action
22. Repeat the same process to create another load-balancing service using the following
parameters:
Service Name: svc_sf2
Existing Server: sf2.training.lab
Protocol: SSL
Monitor: sf_mon
Client Header: X-Forwarded-For
23. After successfully creating the second load-balancing service, you should see the
following result:
24. Save the NetScaler configuration.
Exercise Summary
In this exercise you created two load-balancing services that are for each of the StoreFront servers. The new services use the custom monitor that was created in the previous exercise to monitor the store on the StoreFront servers.
citrix.com 56
Exercise 4: Load Balancing Virtual Server
Overview
Load balancing virtual servers are the interaction point between the client and the backend
servers. Clients will be accessing the load-balancing virtual server instead of the backend
resources, reducing load and increasing efficiency.
In this exercise you will:
Create a load-balancing virtual server for the StoreFront servers.
Estimated time to complete this exercise: 10 Minutes
Virtual Machines Required for This Exercise
StoreFront 1 StoreFront 2 NetScaler
citrix.com 57
Step-by-Step Guidance
Step Action
1. While still logged on to the NetScaler interface, navigate to Traffic Management > Load
Balancing > Virtual Servers and then click Add.
2. In the new pane that appears, type lb_vsrv_sf in the Name field, select SSL from the
Protocol drop-down list box, type 192.168.10.120 in the IP Address field and then click
OK.
citrix.com 58
Step Action
3. Next, under Services and Service Groups, click No Load Balancing Virtual Server
Service Binding to add a new load-balancing service.
4. Under Select Service, click Click to select.
citrix.com 59
Step Action
5. In the Service pane, check the boxes next to both svc_sf1 and svc_sf2, and then click
Select.
Click Bind to add the services to the load-balancing virtual server.
6. Next, click Continue to move to the next step.
citrix.com 60
Step Action
7. Since we selected SSL in the first step of the load-balancing virtual server setup, you
need to add a server certificate. Under Certificates, click No Server Certificate.
8. Under Select Server Certificate, click to select.
9. In the SSL Certificates pane, select the radio button next to wildcard.training.lab and
then click Select.
Click Bind to complete the binding process.
citrix.com 61
Step Action
10. Click Continue to move to the next step of the virtual server process.
11. Next, there is one more setting that must be enabled for the StoreFront
server…persistence.
On the right side of the screen, under Advanced Settings, click the plus icon (+) next to
Persistence.
citrix.com 62
Step Action
12. In the new Persistence pane that appears, select COOKIEINSERT from the Persistence
drop-down list box. This will cause more options to appear. Then type 0 in the Time-out
(mins) field. Next, under Backup Persistence, select SOURCEIP from the Backup
Persistence drop-down list box and set the Backup Time-out to 15, then click OK.
13. Now that you have added the services, the SSL certificate, and set the persistence, the
load-balancing virtual server is complete. Click the Done button at the bottom of the
screen.
citrix.com 63
Step Action
14. After successfully creating the load-balancing virtual server, you should see the following
result:
15. Save the NetScaler configuration.
Exercise Summary
In this exercise you created a load-balancing virtual server for the StoreFront servers. In the next exercise, you will be changing the StoreFront servers to use the new FQDN of the StoreFront virtual server for load-balancing.
citrix.com 64
Exercise 5: Configuring StoreFront for Load Balanced StoreFront Servers
Overview
Now that the StoreFront servers are being load-balanced by the NetScaler, StoreFront needs to
be configured to use the new virtual server.
In this exercise you will:
Configure the StoreFront servers to use the load-balanced StoreFront servers from the
NetScaler.
Estimated time to complete this exercise: 10 Minutes
Virtual Machines Required for This Exercise
StoreFront 1 StoreFront 2
citrix.com 65
Step-by-Step Guidance
Step Action
1. On the Student Desktop, double-click the StoreFront 1 RDP shortcut to access the
StoreFront 1 server.
Accept any security and/or certificate alerts.
2. Log on using the following credentials:
User name: TRAINING\Administrator
Password: Citrix123
3. If the StoreFront dashboard was closed, launch it from the taskbar.
citrix.com 66
Step Action
4. First, you need to change the base URL that the StoreFront will be using to the FQDN of
the load-balancing virtual server on the NetScaler.
Select the Server Group node in the left pane, and then click Change Base URL under
Server Group in the right pane.
5. In the Change Base URL window, type https://storefront.training.lab in the Base URL
field and then click OK.
6. Next, you will need to propagate this change to the other StoreFront server.
While still in the Server Group node, click Propagate Changes in the left pane under
Server Group.
citrix.com 67
Step Action
7. In the window that appears, click Yes to confirm the request.
8. When the propagation is complete, click OK.
You can close the RDP connection to the StoreFront 1 server.
9. Now you can test the load-balancing virtual server from your student desktop.
Open a new Firefox browser tab and navigate to
https://storefront.training.lab/Citrix/StoreWeb.
10. Log on using the TRAINING\user1 and Citrix123 credentials.
citrix.com 68
Step Action
11. Once logged on, you can try to launch any of the applications or the desktop to show
that both of the load-balancing virtual servers are working normally.
12. Log off of the StoreFront site when done testing the applications and/or desktop.
Exercise Summary
In this exercise you configured StoreFront to use the load-balancing virtual server that was created for both of the StoreFront servers. You also tested the load-balancing configuration by launching an application and the published desktop.
citrix.com 69
Module 3: Unified Gateway Configuration
citrix.com 70
Exercise 1: Unified Gateway VPN Virtual Server
Overview
The NetScaler Unified Gateway has several components that provide the functionality and
flexibility. In this exercise, you will be creating the NetScaler Gateway virtual server and then
adding the necessary policies and actions for the base functionality.
In this exercise you will:
Create the session policy and action for the NetScaler Gateway VPN.
Create the NetScaler Gateway virtual server for the VPN.
Estimated time to complete this exercise: 15 Minutes
Virtual Machines Required for This Exercise
NetScaler
citrix.com 71
Step-by-Step Guidance
Step Action
1. The first step is to configure the NetScaler Gateway action, policies, and virtual server
for the VPN functionality.
Navigate to NetScaler Gateway > Policies > Session and then select the Session
Profiles tab, and then click Add.
2. Type ug_vpn_prof in the Name field, and then select the Security tab.
citrix.com 72
Step Action
3. On the Security tab, check the box to the right of Default Authorization Action and verify
that the drop-down list box has ALLOW selected.
4. Select the Client Experience tab and check the box next to Clientless Access and
select On from the drop-down list box.
citrix.com 73
Step Action
5. While still on the Client Experience tab, scroll down and check the box for Advanced
Settings, check the box to the right of Client Choices and then check the box to the left
of Client Choices; finally, click Create.
6. Next, you are going to create the session policy that will leverage the profile you created
in the last few steps.
Click the Session Policies tab and then click Add.
citrix.com 74
Step Action
7. Type ug_vpn_pol in the Name field, verify that ug_vpn_prof is selected in the Profile
drop-down list box, and then type ns_true in the Expression field, then click Create.
8. Next, you are going to create the NetScaler Gateway virtual server, which will be marked
as non-addressable for the Unified Gateway VPN. This demarks the virtual server as
only available via the content switching virtual server.
Navigate to NetScaler Gateway > Virtual Servers and then click Add.
citrix.com 75
Step Action
9. Type ug_vpn in the Name field, select Non Addressable from the IP Address Type drop-
down list box and then click OK.
10. On the VPN Virtual Server screen, in the Certificates pane, click No Server Certificate.
11. In the pane that appears, under Select Server Certificate, click on click to select.
citrix.com 76
Step Action
12. Select the radio button next to MCTWildcard and then click Select.
Click Bind.
13. Now that the Certificate has been selected, click Continue.
14. Next, you need to add the authentication policy to the virtual server. Click the + icon to
add a policy.
citrix.com 77
Step Action
15. On the Policies screen, select LDAP from the Choose Policy down-down list box and
click Continue.
16. In the Policy Binding pane, under Select Policy, click on Click to Select.
citrix.com 78
Step Action
17. In the LDAP policies pane, select the radio button next to training.lab_pol and then
click Select. Note, the LDAP policy has already been created for you.
Then click Bind.
18. Next, click Continue.
citrix.com 79
Step Action
19. Finally, you can bind the session policy to the NetScaler Gateway.
Scroll to the bottom of the screen, and click the + icon in the Policies pane to add a new
policy to the virtual server.
20. Verify that Session is displayed in the Choose Policy drop-down list box, and that
Request is displayed in the Choose Type drop-down list box and then click Continue.
21. Under Policy Binding, click on Click to Select.
citrix.com 80
Step Action
22. Select the radio button next to ug_vpn_pol and then click Select.
Click Bind.
23. There is one more setting to do before the virtual server is done, the portal theme.
On the right side of the screen, under Advanced Settings, click Portal Themes.
citrix.com 81
Step Action
24. In the Portal Themes pane that appears, select X1 from the drop-down list box and then
click OK.
25. Click Done to complete the creation of the NetScaler Gateway virtual server.
26. The result should display a NetScaler Gateway virtual server with an IP Address of
0.0.0.0 and a Port number of 0:
27. Save the NetScaler configuration.
Exercise Summary
In this exercise you configured the non-addressable NetScaler Gateway virtual server including the session profile and policy that are going to be used with the Unified Gateway.
citrix.com 82
Exercise 2: Unified Gateway Content Switching Virtual Server
Overview
The NetScaler Unified Gateway has several components that provide the functionality and
flexibility. In this exercise, you will be creating the content switching virtual server and then
adding the necessary policies and actions for the base functionality.
In this exercise you will:
Create the session policy and action for the content switching virtual server.
Create the content switching virtual server for the Unified Gateway.
Estimated time to complete this exercise: 15 Minutes
Virtual Machines Required for This Exercise
NetScaler
citrix.com 83
Step-by-Step Guidance
Step Action
1. While still logged on to the NetScaler administrative console, navigate to Traffic
Management > Content Switching > Actions, and then click Add.
2. Type ug_cs_act in the Name field, and then select NetScaler Gateway Virtual Server
from the Choose Virtual Server or Expression drop-down list box, and then click on
Click to select under Target Virtual Server.
3. Select the radio button next to ug_vpn and then click Select.
citrix.com 84
Step Action
4. Finally, click Create to finish the content switching action.
5. Now that the action has been created for the content switching virtual server, a policy
needs to be created so that the action can be utilized.
Navigate to Traffic Management > Content Switching > Policies and then click Add.
citrix.com 85
Step Action
6. Type ug_cs_pol in the Name field, and then select ug_cs_act from the Action drop-down
list box, type is_vpn_url in the Expression field, and then click Create.
7. Next, you are going to create the public-facing part of the Unified Gateway, the content
switching virtual server.
Navigate to Traffic Management > Content Switching > Virtual Servers and then
click Add.
citrix.com 86
Step Action
8. Type ug in the Name field, select SSL from the Protocol drop-down list box, type
192.168.10.110 in the IP Address field, and then click OK.
9. On the next screen, under Content Switching Policy Binding, click No Content
Switching Policy Bound.
10. In the Policy Binding pane, click the Click to select under Select Policy.
citrix.com 87
Step Action
11. Select the radio button next to ug_cs_pol and then click Select.
Click Bind.
12. Click OK to continue to the next section.
citrix.com 88
Step Action
13. On the right side of the screen, under Advanced Settings, select Certificates.
14. In the Certificates pane that appears, click No Server Certificate to add an SSL
certificate to the virtual server.
15. Under Select Server Certificate, click the Click to select option.
citrix.com 89
Step Action
16. Select the radio button next to MCTWildcard and then click Select.
Click Bind to add the certificate to the virtual server.
17. Next, click Continue under Certificates.
Then click Done to complete the content switching virtual server.
citrix.com 90
Step Action
18. You should see the following result:
19. Now that the framework of the Unified Gateway is complete, you can test the
connectivity and log on to see the base functionality.
First, locate the lab login webpage (from outside the lab session). At the bottom of the
page, there should be a Public IP #1 listing with an IP address and a FQDN:
Copy the FQDN and open a new browser window or tab.
Navigate to https://your-dashed-fqdn.mycitrixtraining.net, ensure that you use your
FQDN from the lab launch page along with an https://.
20. This web address should take you to YOUR Unified Gateway inside of your lab
environment. You should see the NetScaler Unified Gateway login page.
citrix.com 91
Step Action
21. Log on using the following credentials:
User name: user1
Password: Citrix123
22. The first screen you see when logging on to the Unified Gateway is the Client Choices
screen, where you can choose to have VPN network access, or clientless access. For
the purposes of this exercise, click Clientless Access to see the Unified Gateway
homepage.
citrix.com 92
Step Action
23. You should see the NetScaler with Unified Gateway homepage. There are no
applications or web sites added…yet!
24. Log off from the Unified Gateway and close the open tab or window.
Exercise Summary
In this exercise you configured the content-switching virtual server that is the public-facing component of the Unified Gateway platform. You also configured the action and policy for the content-switching virtual server for the VPN access. Finally, you tested the base configuration of the Unified Gateway from your local computer.
citrix.com 93
Exercise 3: Configuring Unified Gateway for XenDesktop/StoreFront
Overview
Adding XenDesktop/StoreFront to the Unified Gateway is as simple as adding actions and
policies to the Unified Gateway VPN virtual server that you created in exercise 1 of this module.
In this exercise you will:
Create the session policies and actions for XenDesktop and StoreFront.
Add the Secure Ticketing Authority (STA) servers to the VPN virtual server.
Estimated time to complete this exercise: 15 Minutes
Virtual Machines Required for This Exercise
NetScaler
citrix.com 94
Step-by-Step Guidance
Step Action
1. The first step is to edit the current content switching policy to include the StoreFront
Receiver for Web site.
While still logged on to the NetScaler console, navigate to Traffic Management >
Content Switching > Policies, select ug_cs_pol and then click Edit.
2. You are going to add some information to the Expression field as follows:
After is_vpn_url, TYPE THE FOLLOWING URL and then click OK:
|| HTTP.REQ.URL.PATH.SET_TEXT_MODE(IGNORECASE).STARTSWITH("/Citrix/Store")
See screenshot for reference:
citrix.com 95
Step Action
3. Next, you are going to create the actions for StoreFront.
Navigate to NetScaler Gateway > Policies > Session, select the Session Profiles tab
at the top and then click Add.
4. Type sf_prof_receiver in the Name field, and then select the Client Experience tab.
citrix.com 96
Step Action
5. Make the following configuration changes on the Client Experience tab:
Split Tunnel: Check the box and set to OFF
Clientless Access: Check the box and set to On
Plug-in Type: Check the box and set to Java
Single Sign-on to Web Applications: Check both boxes
Advanced Settings: Checked
Client Choices: Check the box on the right only.
6. Next, select the Security tab and check the box next to Default Authorization Action and
select ALLOW from the drop-down list box.
citrix.com 97
Step Action
7. Select the Published Applications tab, and then enter the following information, then
click Create:
ICA Proxy: Check the box and set to ON.
Web Interface Address: Check the box and type the following into the field:
https://192.168.10.120/Citrix/StoreWeb
Single Sign-on Domain: Check the box and type TRAINING in the field.
Account Services Address: Check the box and type
https://storefront.training.lab in the field.
8. Next, you need to create a similar profile for users that are not running Receiver.
Select the sf_prof_receiver and then click Add.
This will open the new policy pane with all of the settings of the selected existing profile.
citrix.com 98
Step Action
9. Type sf_prof_noreceiver in the Name field, and then select the Client Experience tab.
citrix.com 99
Step Action
10. In the Client Experience tab, enter the following information:
Split Tunnel: Uncheck the box.
Plug-in Type: Select Windows/MAC OS X from the drop-down list box.
Advanced Settings: Checked.
Client Choices: Check the box on the left.
citrix.com 100
Step Action
11. Select the Published Applications tab, delete the text in the Account Services Address
field, uncheck the box, and then click Create.
12. Next, you need to create the policies that will use the session profiles that you just
created.
Select the Session Policies tab, and then click Add.
citrix.com 101
Step Action
13. Type sf_pol_receiver in the Name field, select sf_prof_receiver from the Profile drop-
down list box, type the following expression into the Expression field and then click
Create:
REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver && REQ.HTTP.HEADER User-Agent NOTCONTAINS
CitrixVPN && REQ.HTTP.HEADER User-Agent NOTCONTAINS NSGiOSplugin
14. Next, create the session policy for users that are not using Citrix Receiver. Click Add.
citrix.com 102
Step Action
15. Type sf_pol_noreceiver in the Name field, select sf_prof_noreceiver from the Profile
drop-down list box, type the following expression into the Expression field and then click
Create:
REQ.HTTP.HEADER User-Agent NOTCONTAINS CitrixReceiver && REQ.HTTP.HEADER Referer
EXISTS
16. Now that the policies have been created, you can bind them to the NetScaler Gateway
VPN virtual server.
Navigate to NetScaler Gateway > Virtual Servers, select ug_vpn and then click Edit.
17. Scroll to the bottom of the pane, under Policies, click 1 Session Policy.
citrix.com 103
Step Action
18. In the VPN Virtual Server Session Policy Binding pane, click Add Binding.
Under Select Policy, click Click to select.
citrix.com 104
Step Action
19. Select the radio button next to sf_pol_receiver and then click Select.
Click Bind to complete the binding process.
citrix.com 105
Step Action
20. Since we are going to add another policy, click Add Binding again.
Under Select Policy, click Click to select.
citrix.com 106
Step Action
21. Select the radio button next to sf_pol_noreceiver and then click Select.
Change the Priority to 110, and then click Bind to complete the binding process.
citrix.com 107
Step Action
22. Click Close to close the VPN Virtual Server Session Policy Binding pane.
Then, click Done to commit the changes to the virtual server.
citrix.com 108
Step Action
23. There is one final step on the NetScaler, and that is to add the Secure Ticketing
Authority (STA) servers.
Navigate to NetScaler Gateway > Global Settings, and then click Bind/Unbind STA
Servers to be used by the Secure Ticket Authority under the Servers list.
24. In the Bind/Unbind STA Server window, click Add.
citrix.com 109
Step Action
25. In the Secure Ticket Authority Server field, type http://192.168.10.20 and then click
OK.
Repeat this same process and add a second STA server with a server address of
http://192.168.10.25.
The result should look like this:
26. Click Close and then save the NetScaler configuration.
Exercise Summary
In this exercise you configured the NetScaler-side of the XenDesktop/StoreFront configuration for Unified
Gateway integration. In the next exercise, you will enable remote access to the StoreFront server using the Unified Gateway as the access point.
citrix.com 110
Exercise 4: Configuring StoreFront for Unified Gateway Remote Access
Overview
The last part of the integration of XenDesktop and StoreFront with the Unified Gateway is to
enable remote access using the Unified Gateway as the access point.
In this exercise you will:
Enable remote access for StoreFront using Unified Gateway as the access point.
Test the Unified Gateway integration with StoreFront from your local computer.
Estimated time to complete this exercise: 15 Minutes
Virtual Machines Required for This Exercise
StoreFront 1 StoreFront 2
citrix.com 111
Step-by-Step Guidance
Step Action
1. From the Student Desktop, open the StoreFront 1.rdp shortcut and log on using the
TRAINING\Administrator, Citrix123 credentials.
2. Launch the StoreFront console from the taskbar if necessary.
Select the Authentication node in the left pane and then click Add/Remove Methods
in the right pane under Authentication.
3. In the Add/Remove Authentication Methods window, check the boxes next to Domain
pass-through and Pass-through from NetScaler Gateway and then click OK.
citrix.com 112
Step Action
4. Next, select the NetScaler Gateway node in the left pane and then click Add NetScaler
Gateway Appliance in the right pane under NetScaler Gateway.
5. Click Add.
citrix.com 113
Step Action
6. In the Add NetScaler Gateway Appliance window, enter the following information and
then click Next:
Name: Unified Gateway
NetScaler Gateway URL: https://your-dashed-fqdn.mycitrixtraining.net
Usage or role: Authentication and HDX Routing
The FQDN needed above is from the lab launch page on your local computer, and make
sure you use https://.
7. On the Secure Ticket Authority (STA) screen, click Add.
citrix.com 114
Step Action
8. In the STA URL field, type http://192.168.10.20 and then click OK.
Repeat this same process and add another STA server with a URL of
http://192.168.10.25.
9. After adding both STA servers to StoreFront, check the boxes for Load balance
multiple STA servers and Enable session reliability, then click Next.
citrix.com 115
Step Action
10. Click Create to continue.
NOTE: there is no configuration required on this page.
11. Click Finish to complete the Add NetScaler Gateway process
citrix.com 116
Step Action
12. Next, select the Stores node in the left pane and then click Configure Remote Access
Settings under Store in the right pane.
13. In the Configure Remote Access window that appears, check the box for Enable
Remote Access and the first radio button (for No VPN tunnel), and then check the box
next to Unified Gateway. Then click OK.
citrix.com 117
Step Action
14. Now that these settings have been enabled, you will need to propagate these changes
to the other StoreFront server.
Select the Server Group node in the left pane, and then click Propagate Changes in
the right pane under Server Group.
Click Yes to confirm the propagation, and then click OK when the propagation is
complete.
15. Now you can test your configuration for functionality.
Open a new browser window on your local computer and navigate to:
https://your-dahed-fqdn.mycitrixtraining.net
The FQDN needed above is from the lab launch page on your local computer, and make
sure you use https://.
16. Log on using the user1/Citrix123 credentials.
citrix.com 118
Step Action
17. You will now notice that your client choices screen has a new option for Virtual App and
Desktop Access.
Click the new Virtual App and Desktop Access button.
18. Upon logging on, you should see the XenDesktop available, and if you click the
Applications tab, you can see the four Windows applications.
Launch any of the apps or desktop as you wish to make sure they work properly.
Exercise Summary
In this exercise you configured the StoreFront-side of the XenDesktop/StoreFront configuration for Unified Gateway integration. You also tested the configuration from your local computer to verify functionality.
citrix.com 119
Module 4: Unified Gateway Monitoring with NetScaler MAS
citrix.com 120
Exercise 1: MAS Setup and Monitoring
Overview
NetScaler is a great appliance in its own right, but the functionality is only half of the battle.
NetScaler Management and Analytics System (NMAS) provides the deep-dive visibility into your
NetScaler-controlled networks and your HDX experience.
In this exercise you will:
Configure NetScaler MAS for HDX Insight.
Test the MAS configuration by creating some traffic through the Unified Gateway and
view the results.
Estimated time to complete this exercise: 10 Minutes
Virtual Machines Required for This Exercise
NetScaler MAS
citrix.com 121
Step-by-Step Guidance
Step Action
1. First, open XenCenter, and select MAS in the list of virtual machines, and then click
Start.
2. From the student desktop, open a new browser tab and then click the MAS bookmark in
the Firefox bookmark bar.
3. At the login page, type nsroot in the User Name field, type nsroot in the Password field
and then click Login.
Click Skip in the lower right corner of the Citrix User Experience Improvement Program
window.
citrix.com 122
Step Action
4. ] At the NetScaler MAS welcome screen, click Get Started.
5. Since we have only one, standalone MAS server in this environment, we‟re going to
select Single Server Deployment and click Next.
citrix.com 123
Step Action
6. To monitor and interact with NetScaler instances, we need to first add them to MAS.
We‟ll do this by clicking New.
7. Since our lab only has one NetScaler, we will only need to complete this once.
Enter the NetScaler IP address of 192.168.10.100 and then click OK.
citrix.com 124
Step Action
8. If the add process is successful, you‟ll see the instance count increment by 1 and the
NetScaler information populate the GUI.
Click Finish to exit the wizard.
citrix.com 125
Step Action
9. One of the core features of NetScaler MAS is its ability to do inventory management and
centralized configuration. We‟ll see that now.
First, select the three bars in the upper-left to open the menu.
Next, we‟ll navigate to Networks and then Instances > NetScaler VPX to view an
inventory of our managed NetScaler appliances.
citrix.com 126
Step Action
10. Next, we are going to start enabling Insight services on the load-balancing virtual
servers.
Hover over the row for the NetScaler and click the circle for the actions menu.
Midway down, click Enable/Disable Insight to open the wizard.
citrix.com 127
Step Action
11. Check the boxes for NetScaler Gateway and Enable Geo data collection for Web
and HDX Insight.
12. Select lb_vsrv_xd and then click Enable AppFlow.
citrix.com 128
Step Action
13. In the window that appears, select HTTP.REQ.LB_VSERVER.NAME.EQ("MyLB") from
the Select Expression drop-down list box, and then check the boxes for Web Insight
and HTML Injection. In the text field, edit the text inside of the quotations from MyLB to
lb_vsrv_xd and then click OK.
NOTE: It may take a moment for the service to enable.
14. We are going to repeat the same process for the StoreFront load balancer.
Select lb_vsrv_sf virtual server and click Enable AppFlow.
citrix.com 129
Step Action
15. In the window that appears, select HTTP.REQ.LB_VSERVER.NAME.EQ("MyLB") from
the Select Expression drop-down list box, and then check the boxes for Web Insight
and HTML Injection. In the text field, edit the text inside of the quotations from MyLB to
lb_vsrv_sf and then click OK.
16. Next, select Content Switching from the View drop down list box, select ug from the list
and click Enable AppFlow.
citrix.com 130
Step Action
17. In the window that appears, select HTTP.REQ.LB_VSERVER.NAME.EQ("MyCS") from
the Select Expression drop-down list box, and then check the boxes for Web Insight
and HTML Injection. In the text field, edit the text inside of the quotations from MyLB to
ug and then click OK.
18. Next, select VPN from the View drop down list box, select ug_vpn from the list and click
Enable AppFlow.
citrix.com 131
Step Action
19. In the window that appears, select true from the Select Expression drop-down list box,
check the box next to ICA, TCP, and HTTP, and then click OK.
20. Now that all of the virtual servers are enabled with AppFlow, we can generate some
traffic for them to use and then view it in the Dashboard.
Open a new browser window on your local computer and navigate to:
https://your-dashed-fqdn.mycitrixtraining.net
The FQDN needed above is from the lab launch page on your local computer, and make
sure you use https://.
21. Log on using the user1/Citrix123 credentials.
citrix.com 132
Step Action
22. Click the new Virtual App and Desktop Access button.
23. Open an application or desktop of your choice.
24. Switch back to the MAS console and then select the Applications > Dashboard tab at
the top-left of the screen.
25. On the Dashboard, you will be able to see the HDX data that is being pushed through
your VPX in your lab environment in the Application Overview.
citrix.com 133
Exercise Summary
In this exercise you configured the MAS appliance for your NetScaler in the lab environment
and then created traffic for the MAS to display.
citrix.com 134
Lab Guide Appendix
citrix.com 135
Authors
The following authors contributed to the creation of this deliverable.
Citrix
Christopher Rudolph
851 W. Cypress Creek Road Ft. Lauderdale, FL 33309
Gerald Cowen 5001 Lyndon B Johnson Fwy Ste 1015 Dallas, TX 75244 [email protected]
Revision History
Revision Change Description Updated By Date
1.0 Original Christopher Rudolph January 2015
1.1 Revisions for NetScaler v11.0
Gerald Cowen January 2017
2.0 Revisions for all product updates and NetScaler MAS
Gerald Cowen, Gary Pentecost May 2017
citrix.com 136
Corporate Headquarters
Fort Lauderdale, FL, USA
Silicon Valley Headquarters
Santa Clara, CA, USA
EMEA Headquarters
Schaffhausen, Switzerland
India Development Center
Bangalore, India
Online Division Headquarters
Santa Barbara, CA, USA
Pacific Headquarters
Hong Kong, China
Latin America Headquarters
Coral Gables, FL, USA
UK Development Center
Chalfont, United Kingdom
About Citrix
Citrix (NASDAQ:CTXS) is a leader in mobile workspaces, providing virtualization, mobility management, networking and cloud services to enable new
ways to work better. Citrix solutions power business mobility through secure, personal workspaces that provide people with instant access to apps,
desktops, data and communications on any device, over any network and cloud. This year Citrix is celebrating 25 years of innovation, making IT simpler
and people more productive. With annual revenue in 2013 of $2.9 billion, Citrix solutions are in use at more than 330,000 organizations and by over 100
million users globally. Learn more at www.citrix.com.
Copyright © 2014 Citrix Systems, Inc. All rights reserved. [list Citrix trademarks (without ® or ™ symbols!) in document] are trademarks of Citrix Systems, Inc.
and/or one of its subsidiaries, and may be registered in the U.S. and other countries. Other product and company names mentioned herein may be
trademarks of their respective companies.