NS VPXGettingStarted Guide

Citrix NetScaler VPX Getting StartedGuide

Citrix NetScaler VPX 10

Copyright and Trademark Notice CITRIX SYSTEMS, INC., 2012. ALL RIGHTS RESERVED. NO PART OF THIS DOCUMENT MAY BEREPRODUCED OR TRANSMITTED IN ANY FORM OR BY ANY MEANS OR USED TO MAKE DERIVATIVE WORK(SUCH AS TRANSLATION, TRANSFORMATION, OR ADAPTATION) WITHOUT THE EXPRESS WRITTENPERMISSION OF CITRIX SYSTEMS, INC.ALTHOUGH THE MATERIAL PRESENTED IN THIS DOCUMENT IS BELIEVED TO BE ACCURATE, IT ISPRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE ALLRESPONSIBILITY FOR THE USE OR APPLICATION OF THE PRODUCT(S) DESCRIBED IN THIS MANUAL.CITRIX SYSTEMS, INC. OR ITS SUPPLIERS DO NOT ASSUME ANY LIABILITY THAT MAY OCCUR DUE TO THEUSE OR APPLICATION OF THE PRODUCT(S) DESCRIBED IN THIS DOCUMENT. INFORMATION IN THISDOCUMENT IS SUBJECT TO CHANGE WITHOUT NOTICE. COMPANIES, NAMES, AND DATA USED INEXAMPLES ARE FICTITIOUS UNLESS OTHERWISE NOTED.The following information is for FCC compliance of Class A devices: This equipment has been tested and found tocomply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed toprovide reasonable protection against harmful interference when the equipment is operated in a commercialenvironment. This equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used inaccordance with the instruction manual, may cause harmful interference to radio communications. Operation of thisequipment in a residential area is likely to cause harmful interference, in which case users will be required to correct theinterference at their own expense.Modifying the equipment without Citrix' written authorization may result in the equipment no longer complying with FCCrequirements for Class A digital devices. In that event, your right to use the equipment may be limited by FCCregulations, and you may be required to correct any interference to radio or television communications at your ownexpense.You can determine whether your equipment is causing interference by turning it off. If the interference stops, it wasprobably caused by the NetScaler appliance. If the NetScaler equipment causes interference, try to correct theinterference by using one or more of the following measures:Move the NetScaler equipment to one side or the other of your equipment.Move the NetScaler equipment farther away from your equipment.Plug the NetScaler equipment into an outlet on a different circuit from your equipment. (Make sure the NetScalerequipment and your equipment are on circuits controlled by different circuit breakers or fuses.)Modifications to this product not authorized by Citrix Systems, Inc., could void the FCC approval and negate yourauthority to operate the product.BroadCom is a registered trademark of BroadCom Corporation. Fast Ramp, NetScaler, and NetScaler Request Switchare trademarks of Citrix Systems, Inc. Linux is a registered trademark of Linus Torvalds. Internet Explorer, Microsoft,PowerPoint, Windows and Windows product names such as Windows NT are trademarks or registered trademarks ofthe Microsoft Corporation. NetScape is a registered trademark of Netscape Communications Corporation. Red Hat is atrademark of Red Hat, Inc. Sun and Sun Microsystems are registered trademarks of Sun Microsystems, Inc. Otherbrand and product names may be registered trademarks or trademarks of their respective holders.Portions of this software may be redistributed under an open source license. Information about those portions of thesoftware, including a listing of all third party attribution notices and open source license agreements can be found at http://www.citrix.com/lang/English/lp/lp_2305124.asp.All rights reserved.Last Updated: March 2012

Document code: May 18 2012 03:01:29

Contents

Preface....................................................................................................9Formatting Conventions for NetScaler Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9Documentation Available on the NetScaler Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10Getting Service and Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11NetScaler Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

1 Citrix NetScaler VPX Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13NetScaler VPX Setup for the XenServer Platform. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

XenServer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14XenCenter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15Command Center. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

NetScaler VPX Setup for the VMware ESX Platform. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16NetScaler VPX Setup for the Microsoft Hyper-V Platform. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

2 Understanding the NetScaler. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17Switching Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18Security and Protection Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18Optimization Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18Where Does a NetScaler Fit in the Network?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18

Physical Deployment Modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19Citrix NetScaler as an L2 Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20Citrix NetScaler as a Packet Forwarding Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

How a NetScaler Communicates with Clients and Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20Understanding NetScaler-Owned IP Addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21How Traffic Flows Are Managed. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22Traffic Management Building Blocks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23A Simple Load Balancing Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23Understanding Virtual Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24Understanding Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

Understanding Policies and Expressions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27Processing Order of Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

iii

3 Installing NetScaler Virtual Appliances on XenServer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31Prerequisites for Installing NetScaler Virtual Appliances on XenServer. . . . . . . . . . . . . . . . . . . .32

XenServer Hardware Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32XenCenter System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

Installing NetScaler Virtual Appliances on XenServer by Using XenCenter. . . . . . . . . . . . . . . .34

4 Installing NetScaler Virtual Appliances on VMware ESX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37Prerequisites for Installing NetScaler VPX Virtual Appliances on VMware. . . . . . . . . . . . . . . . .38

VMware ESX Hardware Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38VMware vSphere Client 4.0 System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40OVF Tool 1.0 System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40Downloading the NetScaler VPX Setup Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41Labeling the Physical Network Ports of VMware ESX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41

Installing NetScaler Virtual Appliances on VMware ESX 4.0. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42To install NetScaler virtual appliances on VMware ESX 4.0 by using VMwarevSphere Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42

Installing NetScaler Virtual Appliances on VMware ESX 3.5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43To install NetScaler virtual appliances on VMware ESX 3.5 by using the VMwareOVF Tool. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43

5 Installing Citrix NetScaler Virtual Appliances on Microsoft Server 2008 R2. . . . . . . . . . . . . . . . . . .45Prerequisites for Installing NetScaler VPX on Microsoft Server 2008 R2. . . . . . . . . . . . . . . . . .46

Microsoft Server 2008 R2 Hardware Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46Downloading the NetScaler VPX Setup Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47

Installing NetScaler VPX on Microsoft Server 2008 R2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47To install NetScaler VPX on Microsoft Server 2008 R2 by using Hyper-V Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48To configure virtual NICs on the NetScaler VPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48To configure NetScaler VPX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49

6 Configuring the Basic System Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51Setting Up the Initial Configuration by Using the NetScaler VPX Console. . . . . . . . . . . . . . . . .52

To configure the initial settings on the virtual appliance through the VPX Consoleby using the management application. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52

Configuring NetScaler VPX by Using the Command-Line Interface. . . . . . . . . . . . . . . . . . . . . . . .53To complete initial configuration by using the NetScaler command line. . . . . . . . . . . . . . .53

Configuring NetScaler VPX by Using the Configuration Utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53

Contents

iv

To configure initial settings by using the configuration utility. . . . . . . . . . . . . . . . . . . . . . . . . . .54

7 Understanding Common Network Topologies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55Setting Up Common Two-Arm Topologies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56

Setting Up a Simple Two-Arm Multiple Subnet Topology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56Setting Up a Simple Two-Arm Transparent Topology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57

Setting Up Common One-Arm Topologies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58Setting Up a Simple One-Arm Single Subnet Topology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58Setting Up a Simple One-Arm Multiple Subnet Topology. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59

8 Configuring System Management Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61Configuring System Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62

To configure HTTP parameters by using the configuration utility. . . . . . . . . . . . . . . . . . . . . .64To set the FTP port range by using the configuration utility. . . . . . . . . . . . . . . . . . . . . . . . . . . .65

Configuring Modes of Packet Forwarding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65Enabling and Disabling Layer 2 Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66

To enable or disable Layer 2 mode by using the NetScaler command line. . . . . .67To enable or disable Layer 2 mode by using the configuration utility. . . . . . . . . . . . 67

Enabling and Disabling Layer 3 Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68To enable or disable Layer 3 mode by using the NetScaler command line. . . . . .68To enable or disable Layer 3 mode by using the configuration utility. . . . . . . . . . . . 69

Enabling and Disabling MAC-Based Forwarding Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69To enable or disable MAC-based forwarding by using the NetScaler commandline. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71To enable or disable MAC-based forwarding by using the configuration utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72

Configuring Network Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72Virtual LANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72Link Aggregate Channels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73Modifying Network Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73

To modify a network interface by using the NetScaler command line. . . . . . . . . . . .73To modify a network interface by using the configuration utility. . . . . . . . . . . . . . . . . . 74

Monitoring Network Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74To display the statistics of a network interface by using the NetScalercommand line. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74To display the statistics of a network interface by using the configuration utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76

Configuring a VLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76To configure a VLAN by using the NetScaler command line. . . . . . . . . . . . . . . . . . . . . 76

Citrix NetScaler VPX Getting Started Guide

v

To configure a VLAN by using the configuration utility. . . . . . . . . . . . . . . . . . . . . . . . . . . .77Viewing the Statistics of a VLAN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77

To view the statistics of a VLAN by using the NetScaler command line. . . . . . . . .77To view the statistics of a VLAN by using the configuration utility. . . . . . . . . . . . . . . .77

Configuring Link Aggregate Channels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78To configure a link aggregate channel by using the NetScaler command line. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78To configure a link aggregate channel by using the configuration utility. . . . . . . . .79

Configuring Clock Synchronization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79To configure clock synchronization on your NetScaler. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79

Configuring DNS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80To add a name server by using the NetScaler command line. . . . . . . . . . . . . . . . . . . . . . . . .81To add a name server by using the configuration utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81

Configuring SNMP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82Adding SNMP Managers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83

To add an SNMP manager by using the NetScaler command line. . . . . . . . . . . . . . .83To add an SNMP manager by using the configuration utility. . . . . . . . . . . . . . . . . . . . .83

Adding SNMP Traps Listeners. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84To add an SNMP trap listener by using the NetScaler command line. . . . . . . . . . . .84To add an SNMP trap listener by using the configuration utility. . . . . . . . . . . . . . . . . .84

Configuring SNMP Alarms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85To enable or disable an alarm by using the NetScaler command line. . . . . . . . . . .85To set the severity of the alarm by using the NetScaler command line. . . . . . . . . .85To configure alarms by using the configuration utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . .86

Configuring Syslog. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86Verifying the Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86

9 Load Balancing Traffic on a NetScaler. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91How Load Balancing Works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92Configuring Load Balancing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93

Enabling Load Balancing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95To enable load balancing by using the NetScaler command line. . . . . . . . . . . . . . . .95To enable load balancing by using the configuration utility. . . . . . . . . . . . . . . . . . . . . . .95

Configuring Services and a Vserver. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95To implement the initial load balancing configuration by using the NetScalercommand line. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96To implement the initial load balancing configuration by using theconfiguration utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96

Choosing and Configuring Persistence Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96

Contents

vi

Configuring Persistence Based on Cookies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98Configuring Persistence Based on Server IDs in URLs. . . . . . . . . . . . . . . . . . . . . . . . .100

Configuring Features to Protect the Load Balancing Configuration. . . . . . . . . . . . . . . . . .101Configuring URL Redirection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101Configuring Backup Vservers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102

A Typical Load Balancing Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104

10 Accelerating Load Balanced Traffic by Using Compression. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109Compression Configuration Task Sequence. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110Enabling Compression. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

To enable compression by using the NetScaler command line. . . . . . . . . . . . . . . . . . . . . . .111To enable compression by using the configuration utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . .111

Configuring Services to Compress Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111To enable compression on a service by using the NetScaler command line. . . . . . . . 112To enable compression on a service by using the configuration utility. . . . . . . . . . . . . . .113

Binding a Compression Policy to a Virtual Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113To bind or unbind a compression policy to a virtual server by using the NetScalercommand line. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113To bind or unbind a compression policy to a load balancing virtual server by usingthe configuration utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

11 Securing Load Balanced Traffic by Using SSL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115SSL Configuration Task Sequence. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116Enabling SSL Offload. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

To enable SSL by using the NetScaler command line. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118To enable SSL by using the configuration utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

Creating HTTP Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118To add an HTTP service by using the NetScaler command line. . . . . . . . . . . . . . . . . . . . . 119To add an HTTP service by using the configuration utility. . . . . . . . . . . . . . . . . . . . . . . . . . . .119

Adding an SSL-Based Vserver. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120To add an SSL-based vserver by using the NetScaler command line. . . . . . . . . . . . . . .120To add an SSL-based vserver by using the configuration utility. . . . . . . . . . . . . . . . . . . . . .121

Binding Services to the SSL Vserver. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121To bind a service to a vserver by using the NetScaler command line. . . . . . . . . . . . . . . .121To bind a service to a vserver by using the configuration utility. . . . . . . . . . . . . . . . . . . . . .122

Adding a Certificate Key Pair. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122To add a certificate key pair by using the NetScaler command line. . . . . . . . . . . . . . . . . .123To add a certificate key pair by using the configuration utility. . . . . . . . . . . . . . . . . . . . . . . .123

Binding an SSL Certificate Key Pair to the Vserver. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124


vii

To bind an SSL certificate key pair to a vserver by using the NetScaler commandline. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124To bind an SSL certificate key pair to a vserver by using the configuration utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

Configuring Support for Outlook Web Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125Creating an SSL Action to Enable OWA Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126

To create an SSL action to enable OWA support by using the NetScalercommand line. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126To create an SSL action to enable OWA support by using the configurationutility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126

Creating SSL Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126To create an SSL policy by using the NetScaler command line. . . . . . . . . . . . . . . . 126To create an SSL policy by using the configuration utility. . . . . . . . . . . . . . . . . . . . . . .127

Binding the SSL Policy to an SSL Vserver. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127To bind an SSL policy to an SSL vserver by using the NetScaler commandline. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127To bind an SSL policy to an SSL vserver by using the configuration utility. . . . .128

12 Features at a Glance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129Application Switching and Traffic Management Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130Application Acceleration Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133Application Security and Firewall Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134Application Visibility Feature. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .136

A Documentation Library. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139Release Notes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140Quick Start Guides. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140Configuration Guides. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141Reference Guides. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141

Contents

viii

PrefaceLearn about the Citrix NetScaler collection of documentation, including informationabout support options and ways to send us feedback.In This Preface:w Formatting Conventions for NetScaler Documentationw Documentation Available on the NetScaler Appliancew Getting Service and Supportw NetScaler Documentation Feedback

Formatting Conventions for NetScalerDocumentation

The NetScaler documentation uses the following formatting conventions.

Table 1. Formatting ConventionsConvention MeaningBoldface In text paragraphs or steps in a

procedure, information that you typeexactly as shown (user input), or anelement in the user interface.

Monospace Text that appears in a command-lineinterface. Used for examples ofcommand-line procedures. Also used todistinguish interface terms, such asnames of directories and files, fromordinary text.

A term enclosed in angle brackets is avariable placeholder, to be replaced withan appropriate value. Do not enter theangle brackets.

[ brackets ] Optional items in command statements.For example, in the following command,[ -range ] means thatyou have the option of entering a range,but it is not required:

9

Convention Meaningadd lb vserver [ -range]Do not type the brackets themselves.

| (vertical bar) A separator between options in braces orbrackets in command statements. Forexample, the following indicates thatyou choose one of the following loadbalancing methods: = ( ROUNDROBIN |LEASTCONNECTION |LEASTRESPONSETIME | URLHASH |DOMAINHASH | DESTINATIONIPHASH |SOURCEIPHASH | SRCIPDESTIPHASH |LEASTBANDWIDTH | LEASTPACKETS |TOKEN | SRCIPSRCPORTHASH | LRTM |CALLIDHASH | CUSTOMLOAD )

(ellipsis) You can repeat the previous item oritems in command statements. Forexample, /route:[ ,]means you can type additional separated by commas.

Documentation Available on the NetScalerAppliance

A complete set of Citrix NetScaler documentation is available on the Documentationtab of your NetScaler appliance and at http://support.citrix.com/ (PDF version), and at http://edocs.citrix.com (HTML version). (The PDF version of the documents requireAdobe Reader, available at http://adobe.com/.)To view the documentation1. From a Web browser, log on to the NetScaler Appliance.2. Click the Documentation tab.3. To view a short description of each document, hover the mouse pointer over the

title. To open a document, click the title.

Preface

10

Getting Service and SupportCitrix offers a variety of resources for support with your Citrix environment, includingthe following:w The Knowledge Center is a self-service, Web-based technical support database that

contains thousands of technical solutions, including access to the latest hotfixes,service packs, and security bulletins.

w Technical Support Programs for both software support and appliance maintenanceare available at a variety of support levels.

w The Subscription Advantage program is a one-year membership that gives you aneasy way to stay current with the latest product version upgrades and enhancements.

w Citrix Education provides official training and certification programs on virtually allCitrix products and technologies.

For more information about Citrix services and support, see the Citrix Systems SupportWeb site at http://www.citrix.com/lang/English/support.asp.You can also participate in and follow technical discussions offered by the experts onvarious Citrix products at the following sites:w http://community.citrix.comw http://twitter.com/citrixsupportw http://forums.citrix.com/support

NetScaler Documentation FeedbackYou are encouraged to provide feedback and suggestions so that we can enhance thedocumentation. You can send an email to [email protected]. In the subjectline, specify "Documentation Feedback." Please include the title of the guide and thepage number in the email message.You can also provide feedback through the Knowledge Center at http://support.citrix.com/.To provide feedback at the Knowledge Center home page1. Go to the Knowledge Center home page at http://support.citrix.com/.2. On the Knowledge Center home page, under Products, expand NetScaler, and then

click the NetScaler release for which you want to provide feedback.3. On the Documentation tab, click the guide name, and then click Article Feedback.4. On the Documentation Feedback page, complete the form, and then click Submit.


11

Preface

12

Chapter 1

Citrix NetScaler VPX OverviewTopics: NetScaler VPX Setup for the

XenServer Platform NetScaler VPX Setup for the

VMware ESX Platform NetScaler VPX Setup for the

Microsoft Hyper-V Platform

The Citrix NetScaler VPX product is a virtual NetScalerappliance that can be hosted on Citrix XenServer andVMware ESX or ESXi, and Microsoft Hyper-V virtualizationplatforms.A NetScaler virtual appliance supports all the features of aphysical NetScaler, except virtual MAC (vMAC) addresses,Layer 2 (L2) mode, and link aggregation control protocol(LACP). VLAN tagging is supported on the NetScaler VPXvirtual appliances hosted on the XenServer and on VMware ESXplatforms.For the VLAN tagging feature to work, do one of the following:w On the Citrix XenServer, configure tagged VLANs on a port

on the switch but do NOT configure any VLANs on theXenServer interface attached to that port. The VLAN tagsare passed through to the virtual appliance and you canuse the tagged VLAN configuration on the virtual appliance.

w On the VMware ESX, set the port groups VLAN ID to 4095on the VSwitch of VMware ESX server. For more informationabout setting a VLAN ID on the VSwitch of VMware ESXserver, see http://www.vmware.com/pdf/esx3_vlan_wp.pdf.

This overview covers only aspects that are unique to NetScalerVPX. For an overview of NetScaler VPX functionality, see Understanding the NetScaler on page 17.

Note: The terms NetScaler, NetScaler appliance, andappliance are used interchangeably with NetScaler virtualappliance unless stated otherwise.

13

NetScaler VPX Setup for the XenServer PlatformWhen you set up NetScaler VPX on XenServer, you must use the XenCenter clientto install the first NetScaler virtual appliance. Subsequent virtual appliances can beadded by using either the XenCenter client or Citrix Command Center.

XenServerThe XenServer product is a server virtualization platform that offers near bare-metalvirtualization performance for virtualized server and client operating systems.XenServer uses the Xen hypervisor to virtualize each server on which it is installed,enabling each server to host multiple virtual machines simultaneously.The following figure shows the bare-metal solution architecture of NetScaler VPX onXenServer.Figure 1-1. NetScaler VPX on XenServer

The bare-metal solution architecture has the following components:Hardware or physical layer:

Physical hardware components including memory, CPU, network cards, and disk drives.Xen hypervisor:

Thin layer of software that runs on top of the hardware. The Xen hypervisor giveseach virtual machine a dedicated view of the hardware.

Virtual machine:Operating system hosted on the hypervisor and appearing to the user as a separatephysical computer. However, the machine shares physical resources with other virtualmachines, and it is portable because the virtual machine is abstracted from physicalhardware.

A NetScaler VPX virtual machine, or virtual appliance, is installed on the Xenhypervisor and uses paravirtualized drivers to access storage and network resources. It

Chapter 1 Citrix NetScaler VPX Overview

14

appears to the users as an independent NetScaler appliance with its own networkidentity, user authorization and authentication capabilities, configuration, applications,and data. The paravirtualization technique enables the virtual machines and thehypervisor to work together to achieve high performance for I/O and for CPU andmemory virtualization.For more information about XenServer, see the XenServer documentation at http://support.citrix.com/product/xens/.

XenCenterXenCenter is a graphical virtualization-management interface for XenServer,enabling you to manage servers, resource pools, and shared storage, and to deploy,manage, and monitor virtual machines from your Windows desktop machine.Use XenCenter to install NetScaler VPX on XenServer.For more information about XenCenter, see the XenServer documentation at http://support.citrix.com/product/xens/.

Command CenterCommand Center is a management and monitoring solution for Citrix applicationnetworking products that include NetScaler, NetScaler VPX, Citrix Access GatewayEnterprise Edition, Citrix Branch Repeater, Branch Repeater VPX, and CitrixRepeater. Command Center enables network administrators and operations teams tomanage, monitor, and troubleshoot the entire global application delivery infrastructurefrom a single, unified console.This centralized management solution simplifies operations by providing administratorswith enterprise-wide visibility and automating management tasks that need to beexecuted across multiple devices.Command Center is available with Citrix NetScaler Enterprise and Platinum editions.You can use Command Center to provision NetScaler VPX on XenServer, and then youcan manage and monitor the virtual appliances from Command Center.

Note: You must use the XenCenter client to manage XenServer. You cannot manageXenServer from Command Center.

For more information about Command Center, see the Command Center documentationat http://edocs.citrix.com.


15

NetScaler VPX Setup for the VMware ESXPlatform

The NetScaler VPX setup for the VMware ESX platform requires a VMware ESX or ESXiserver and the vSphere client.VMware ESX and ESXi are virtualization products based on bare-metal architecture,offered by VMware, Inc. Citrix NetScaler VPX can be hosted on a VMware ESX or ESXiserver.For more information about VMware ESX, see http://www.vmware.com/.The vSphere client is a graphical interface for managing virtual machines on VMwareESX servers. You use the vSphere client to allocate resources on the ESX server tovirtual appliances installed on the server or to deallocate resources. For example, youcan allocate virtual network ports to a virtual appliance.For more information about VMware vSphere client, see http://www.vmware.com/.

NetScaler VPX Setup for the Microsoft Hyper-VPlatform

Note: This feature is only available in releases 9.3.e and 10.

The NetScaler VPX setup for the Microsoft Hyper-V platform requires WindowsServer 2008 R2 with the Hyper-V role installed. Like all virtualization systems, Hyper-Venables you to create a virtualized computing environment that results in betterutilization of your hardware resources.Hyper-V is a type 1 hypervisor that comes preinstalled with Windows Server 2008 R2. Itneeds to be enabled as a role on the Windows Server.For more information about Hyper-V, see http://technet.microsoft.com/en-us/library/cc816638(WS.10).aspx.

Chapter 1 Citrix NetScaler VPX Overview

16

Chapter 2

Understanding the NetScalerTopics: Switching Features Security and Protection

Features Optimization Features Where Does a NetScaler Fit

in the Network? How a NetScaler

Communicates with Clientsand Servers

Understanding Policies andExpressions

Processing Order of Features

The Citrix NetScaler product is an application switch thatperforms application-specific traffic analysis to intelligentlydistribute, optimize, and secure Layer 4-Layer 7 (L4-L7)network traffic for web applications. For example, aNetScaler makes load balancing decisions on individual HTTPrequests rather than on the basis of long-lived TCPconnections, so that the failure or slowdown of a server ismanaged much more quickly and with less disruption toclients. The NetScaler feature set can be broadly categorizedas consisting of switching features, security and protectionfeatures, and server-farm optimization features.

17

Switching FeaturesWhen deployed in front of application servers, a NetScaler ensures optimal distributionof traffic by the way in which it directs client requests. Administrators can segmentapplication traffic according to information in the body of an HTTP or TCP request, andon the basis of L4-L7 header information such as URL, application data type, or cookie.Numerous load balancing algorithms and extensive server health checks improveapplication availability by ensuring that client requests are directed to the appropriateservers.

Security and Protection FeaturesNetScaler security and protection features protect web applications from application-layer attacks. A NetScaler allows legitimate client requests and can block maliciousrequests. It provides built-in defenses against denial-of-service (DoS) attacks andsupports features that protect applications against legitimate surges in applicationtraffic that would otherwise overwhelm the servers. An available built-in firewallprotects web applications from application-layer attacks, including buffer overflowexploits, SQL injection attempts, cross-site scripting attacks, and more. In addition,the firewall provides identity theft protection by securing confidential corporateinformation and sensitive customer data.

Optimization FeaturesOptimization features offload resource-intensive operations such as Secure SocketsLayer (SSL) processing, data compression, client keep-alive, TCP buffering, and thecaching of static and dynamic content from servers. This improves the performance ofthe servers in the server farm and therefore speeds up applications. A NetScalersupports several transparent TCP optimizations, which mitigate problems caused byhigh latency and congested network links, accelerating the delivery of applicationswhile requiring no configuration changes to clients or servers.

Where Does a NetScaler Fit in the Network?A NetScaler resides between the clients and the servers, so that client requests andserver responses pass through it. In a typical installation, virtual servers (vservers)configured on the NetScaler provide connection points that clients use to access theapplications behind the NetScaler. In this case, the NetScaler owns public IP addressesthat are associated with its vservers, while the real servers are isolated in a privatenetwork. It is also possible to operate the NetScaler in a transparent mode as an L2bridge or L3 router, or even to combine aspects of these and other modes.

Chapter 2 Understanding the NetScaler

18

Physical Deployment ModesA NetScaler logically residing between clients and servers can be deployed in either oftwo physical modes: inline and one-arm. In inline mode, multiple network interfacesare connected to different Ethernet segments, and the NetScaler is placed between theclients and the servers. The NetScaler has a separate network interface to each clientnetwork and a separate network interface to each server network. The NetScaler andthe servers can exist on different subnets in this configuration. It is possible for theservers to be in a public network and the clients to directly access the servers throughthe NetScaler, with the NetScaler transparently applying the L4-L7 features. Usually,vservers (described later) are configured to provide an abstraction of the real servers.The following figure shows a typical inline deployment.

Figure 2-1. Inline Deployment

In one-arm mode, only one network interface of the NetScaler is connected to anEthernet segment. The NetScaler in this case does not isolate the client and serversides of the network, but provides access to applications through configured vservers.One-arm mode can simplify network changes needed for NetScaler installation in someenvironments.For examples of inline (two-arm) and one-arm deployment, see Understanding CommonNetwork Topologies on page 55.


19

Citrix NetScaler as an L2 DeviceA NetScaler functioning as an L2 device is said to operate in L2 mode. In L2 mode, theNetScaler forwards packets between network interfaces when all of the followingconditions are met:w The packets are destined to another device's media access control (MAC) address.w The destination MAC address is on a different network interface.w The network interface is a member of the same virtual LAN (VLAN).By default, all network interfaces are members of a pre-defined VLAN, VLAN 1. AddressResolution Protocol (ARP) requests and responses are forwarded to all networkinterfaces that are members of the same VLAN. To avoid bridging loops, L2 mode mustbe disabled if another L2 device is working in parallel with the NetScaler.For information about how the L2 and L3 modes interact, see Configuring Modes ofPacket Forwarding on page 65.For information about configuring L2 mode, see Enabling and Disabling Layer 2 Mode onpage 66.

Citrix NetScaler as a Packet Forwarding DeviceA NetScaler can function as a packet forwarding device, and this mode of operation iscalled L3 mode. With L3 mode enabled, the NetScaler forwards any received unicastpackets that are destined for an IP address that it does not have internally configured,if there is a route to the destination. A NetScaler can also route packets between VLANs.In both modes of operation, L2 and L3, a NetScaler generally drops packets that are in:w Multicast framesw Unknown protocol frames destined for a NetScaler's MAC address (non-IP and non-ARP)w Spanning Tree protocol (unless BridgeBPDUs is ON)For information about how the L2 and L3 modes interact, see Configuring Modes ofPacket Forwarding on page 65.For information about configuring the L3 mode, see Enabling and Disabling Layer 3Mode on page 68.

How a NetScaler Communicates with Clientsand Servers

A NetScaler is usually deployed in front of a server farm and functions as a transparentTCP proxy between clients and servers, without requiring any client-side configuration.This basic mode of operation is called Request Switching technology and is the core ofNetScaler functionality. Request Switching enables a NetScaler to multiplex and offload


20

the TCP connections, maintain persistent connections, and manage traffic at therequest (application layer) level. This is possible because the NetScaler can separatethe HTTP request from the TCP connection on which the request is delivered.Depending on the configuration, a NetScaler may process the traffic before forwardingthe request to a server. For example, if the client attempts to access a secureapplication on the server, the NetScaler might perform the necessary SSL processingbefore sending traffic to the server.To facilitate efficient and secure access to server resources, a NetScaler uses a set of IPaddresses collectively known as NetScaler-owned IP addresses. To manage your networktraffic, you assign NetScaler-owned IP addresses to virtual entities that become thebuilding blocks of your configuration. For example, to configure load balancing, youcreate virtual servers (vservers) to receive client requests and distribute them toservices, which are entities representing the applications on your servers.

Understanding NetScaler-Owned IP AddressesTo function as a proxy, a NetScaler uses a variety of IP addresses. The key NetScaler-owned IP addresses are:NetScaler IP address (NSIP)

The NSIP is the IP address for management and general system access to theNetScaler itself, and for HA communication.

Mapped IP address (MIP)A MIP is used for server-side connections. It is not the IP address of the NetScaler. Inmost cases, when the NetScaler receives a packet, it replaces the source IP addresswith a MIP before sending the packet to the server. With the servers abstracted fromthe clients, the NetScaler manages connections more efficiently.

Virtual server IP address (VIP)A VIP is the IP address associated with a vserver. It is the public IP address to whichclients connect. A NetScaler managing a wide range of traffic may have many VIPsconfigured.

Subnet IP address (SNIP)When the NetScaler is attached to multiple subnets, SNIPs can be configured for useas MIPs providing access to those subnets. SNIPs may be bound to specific VLANs andinterfaces.

IP SetAn IP set is a set of IP addresses, which are configured on the NetScaler appliance asSNIPs or MIPs. An IP set is identified with a meaningful name that helps in identifyingthe usage of the IP addresses contained in it.

Net ProfileA net profile (or network profile) contains an IP address or an IP set. A net profilecan be bound to load balancing or content switching virtual servers, services, servicegroups, or monitors. During communication with physical servers or peers, theNetScaler appliance uses the addresses specified in the profile as the source IP address.


21

How Traffic Flows Are ManagedBecause a NetScaler functions as a TCP proxy, it translates IP addresses before sendingpackets to a server. When you configure a vserver, clients connect to a VIP on theNetScaler instead of directly connecting to a server. Based on the settings on thevserver, the NetScaler selects an appropriate server and sends the client's request tothat server. By default, the NetScaler uses a MIP or SNIP to establish connections withthe server, as shown in the following figure.

Figure 2-2. Vserver-Based Connections

Note: You can use SNIP instead of MIP in the preceding figure.

In the absence of a vserver, when a NetScaler receives a request, it transparentlyforwards the request to the server. This is called the transparent mode of operation.When operating in transparent mode, a NetScaler translates the source IP addresses ofincoming client requests to the MIP or SNIP but does not change the destination IPaddress. For this mode to work, L2 or L3 mode needs to be configured appropriately.For cases in which the servers need the actual client IP address, the NetScaler can beconfigured to modify the HTTP header by inserting the client IP address as anadditional field, or configured to use the client IP address instead of the MIP or SNIP forconnections to the servers.


22

Traffic Management Building BlocksThe configuration of a NetScaler is typically built up with a series of virtual entitiesthat serve as building blocks for traffic management. The building block approach helpsseparate traffic flows. Virtual entities are abstractions, typically representing IPaddresses, ports, and protocol handlers for processing traffic. Clients accessapplications and resources through these virtual entities. The most commonly usedentities are vservers and services. Vservers represent groups of servers in a server farmor remote network, and services represent specific applications on each server.Most features and traffic settings are enabled through virtual entities. For example,you can configure a NetScaler to compress all server responses to a client that isconnected to the server farm through a particular vserver. To configure the NetScalerfor a particular environment, you need to identify the appropriate features and thenchoose the right mix of virtual entities to deliver them. Most features are deliveredthrough a cascade of virtual entities that are bound to each other. In this case, thevirtual entities are like blocks being assembled into the final structure of a deliveredapplication. You can add, remove, modify, bind, enable, and disable the virtual entitiesto configure the features. The following figure shows the concepts covered in this section.

Figure 2-3. How Traffic Management Building Blocks Work

A Simple Load Balancing ConfigurationIn the example shown in the following figure, the NetScaler is configured to function asa load balancer. For this configuration, you need to configure virtual entities specific toload balancing and bind them in a specific order. As a load balancer, a NetScaler


23

distributes client requests across several servers and thus optimizes the utilization ofresources.The basic building blocks of a typical load balancing configuration are services and loadbalancing vservers. The services represent the applications on the servers. The vserversabstract the servers by providing a single IP address to which the clients connect. Toensure that client requests are sent to a server, you need to bind each service to avserver. That is, you must create services for every server and bind the services to avserver. Clients use the VIP to connect to a NetScaler. When the NetScaler receivesclient requests on the VIP, it sends them to a server determined by the load balancingalgorithm. Load balancing uses a virtual entity called a monitor to track whether aspecific configured service (server plus application) is available to receive requests.Figure 2-4. Load Balancing Virtual Server, Services, and Monitors

In addition to configuring the load balancing algorithm, you can configure severalparameters that affect the behavior and performance of the load balancingconfiguration. For example, you can configure the vserver to maintain persistencebased on source IP address. The NetScaler then directs all requests from any specific IPaddress to the same server.

Understanding Virtual ServersA vserver is a named NetScaler entity that external clients can use to accessapplications hosted on the servers. It is represented by an alphanumeric name, virtualIP address (VIP), port, and protocol. The name of the vserver is only of localsignificance and is designed to make the vserver easier to identify. When a client


24

attempts to access applications on a server, it sends a request to the VIP instead of theIP address of the physical server. When the NetScaler receives a request on the VIP, itterminates the connection at the vserver and uses its own connection with the serveron behalf of the client. The port and protocol settings of the vserver determine theapplications that the vserver represents. For example, a web server can be representedby a vserver and a service whose port and protocol are set to 80 and HTTP,respectively. Multiple vservers can use the same VIP but different protocols and ports.Vservers are points for delivering features. Most features, like compression, caching,and SSL offload, are normally enabled on a vserver. When the NetScaler receives arequest on a VIP, it chooses the appropriate vserver by the port on which the requestwas received and its protocol. The NetScaler then processes the request as appropriatefor the features configured on the vserver.In most cases, vservers work in tandem with services. You can bind multiple services toa vserver. These services represent the applications running on physical servers in aserver farm. After the NetScaler processes requests received on a VIP, it forwards themto the servers as determined by the load balancing algorithm configured on the vserver.The following figure shows these concepts.

Figure 2-5. Multiple Virtual Servers on a Single VIP

The preceding figure shows a configuration consisting of two vservers with a commonVIP but different ports and protocols. Each of these vservers has two services bound toit. The services s1 and s2 are bound to VS_HTTP and represent the HTTP applicationson Server 1 and Server 2. The services s3 and s4 are bound to VS_SSL and represent theSSL applications on Server 2 and Server 3 (Server 2 provides both HTTP and SSL


25

applications). When the NetScaler receives an HTTP request on the VIP, it processes therequest based on the settings of VS_HTTP and sends it to either Server 1 or Server 2.Similarly, when the NetScaler receives an HTTPS request on the VIP, it processes itbased on the settings of VS_SSL and it sends it to either Server 2 or Server 3.Vservers are not always represented by specific IP address, port numbers, or protocols.They can be represented by wildcards, in which case they are known as wildcardvservers. For example, when you configure a vserver with a wildcard instead of a VIP,but with a specific port number, the NetScaler intercepts and processes all trafficconforming to that protocol and destined for the predefined port. For vservers withwildcards instead of VIPs and port numbers, the NetScaler intercepts and processes alltraffic conforming to the protocol.Vservers can be grouped into the following categories:Load balancing virtual server

Receives and redirects requests to an appropriate server. Choice of the appropriateserver is based on which of the various load balancing methods the user configures.

Cache redirection virtual serverRedirects client requests for dynamic content to origin servers and static content tocache servers. Cache redirection vservers often work in conjunction with loadbalancing vservers.

Content switching virtual serverDirects traffic to a server on the basis of the content that the client has requested.For example, you can create a content switching vserver that directs all clientrequests for images to a server that serves images only. Content switching vserversoften work in conjunction with load balancing vservers.

Virtual private network (VPN) virtual serverDecrypts tunneled traffic and sends it to intranet applications.

SSL virtual serverReceives and decrypts SSL traffic, and then redirects to an appropriate server.Choosing the appropriate server is similar to choosing a load balancing virtual server.

Understanding ServicesServices represent applications on a server. While services are normally combined withvservers, in the absence of a vserver, a service can still manage application-specifictraffic. For example, you can create an HTTP service on a NetScaler to represent a webserver application. When the client attempts to access a web site hosted on the webserver, the NetScaler intercepts the HTTP requests and creates a transparentconnection with the web server.In service-only mode, a NetScaler functions as a proxy. It terminates clientconnections, uses a SNIP or MIP to establish a connection to the server, and translatesincoming client requests to the SNIP or MIP. Although the clients send requests directlyto the IP address of the server, the server sees them as coming from the SNIP or MIP.The NetScaler translates the IP addresses, port numbers, and sequence numbers.


26

A service is also a point for applying features. Consider the example of SSLacceleration. To use this feature, you must create an SSL service and bind an SSLcertificate to the service. When the NetScaler receives an HTTPS request, it decryptsthe traffic and sends it, in clear text, to the server. Only a limited set of features canbe configured in the service-only case.Services use entities called monitors to track the health of applications. Every servicehas a default monitor, which is based on the service type, bound to it. As specified bythe settings configured on the monitor, the NetScaler sends probes to the application atregular intervals to determine its state. If the probes fail, the NetScaler marks theservice as down. In such cases, the NetScaler responds to client requests with anappropriate error message or re-routes the request as determined by the configuredload balancing policies.

Understanding Policies and ExpressionsA policy defines specific details of traffic filtering and management on a NetScaler. Itconsists of two parts: the expression and the action. The expression defines the typesof requests that the policy matches. The action tells the NetScaler what to do when arequest matches the expression. As an example, the expression might be to match aspecific URL pattern to a type of security attack, with the action being to drop or resetthe connection. Each policy has a priority, and the priorities determine the order inwhich the policies are evaluated.When a NetScaler receives traffic, the appropriate policy list determines how toprocess the traffic. Each policy on the list contains one or more expressions, whichtogether define the criteria that a connection must meet to match the policy.For all policy types except Rewrite policies, a NetScaler implements only the firstpolicy that a request matches, not any additional policies that it might also match. ForRewrite policies, the NetScaler evaluates the policies in order and, in the case ofmultiple matches, performs the associated actions in that order. Policy priority isimportant for getting the results you want.

Processing Order of FeaturesDepending on requirements, you can choose to configure multiple features. Forexample, you might choose to configure both compression and SSL offload. As a result,an outgoing packet might be compressed and then encrypted before being sent to theclient.The following figure shows the L7 packet flow in the NetScaler.


27

Figure 2-6. L7 Packet Flow Diagram

The following figure shows the DataStream packet flow in the NetScaler. DataStream issupported only for MySQL databases. For information about the DataStream feature,see the "DataStream" chapter in the Traffic Management Guide. For a link to the guide,see the Documentation Library on page 139.


28

Figure 2-7. DataStream Packet Flow Diagram


29


30

Chapter 3

Installing NetScaler Virtual Appliances onXenServerTopics: Prerequisites for Installing

NetScaler Virtual Applianceson XenServer

Installing NetScaler VirtualAppliances on XenServer byUsing XenCenter

To install Citrix NetScaler virtual appliances on CitrixXenServer, you must first install XenServer on a machinewith adequate system resources. To perform the NetScalerVPX installation, you use Citrix XenCenter, which must beinstalled on a remote machine that can connect to theXenServer host through the network.

Note: After the initial configuration of the NetScalerappliance, if you want to upgrade the appliance to the latestsoftware release, see the Citrix NetScaler Migration Guide at http://support.citrix.com/article/ctx132364.

31

Prerequisites for Installing NetScaler VirtualAppliances on XenServer

Before you begin installing a virtual appliance, do the following:w Install XenServer version 5.6 or later on hardware that meets the minimum

requirements.w Install XenCenter on a management workstation that meets the minimum system

requirements.w Obtain VPX license files. For more information about VPX licenses, see the NetScaler

VPX Licensing Guide at http://support.citrix.com/article/ctx122426.

XenServer Hardware RequirementsThe following table describes the minimum hardware requirements for a XenServerplatform running NetScaler nCore VPX .

Table 3-1. Minimum System Requirements for XenServer Running NetScaler nCore VPXComponent Requirement

CPU 2 or more 64-bit x86 CPUs with virtualizationassist (Intel-VT or AMD-V) enabled

Note: To run NetScaler VPX, hardwaresupport for virtualization must be enabled onthe XenServer host. Make sure that the BIOSoption for virtualization support is notdisabled. Consult your BIOS documentationfor more details.

RAM 3 gigabytes (GB)

Disk space Locally attached storage (PATA, SATA, SCSI) with40 GB of disk space

Note: XenServer installation creates a 4 GBpartition for the XenServer host controldomain; the remaining space is available forNetScaler VPX and other virtual machines.

Network Interface Card (NIC) 1 one gigabits per second (Gbps) NIC

Chapter 3 Installing NetScaler Virtual Appliances on XenServer

32

Component Requirement

Recommended: Two 1 Gbps NICs

For information about installing XenServer, see the XenServer documentation at http://support.citrix.com/product/xens/.The following table lists the virtual computing resources that XenServer must providefor each NetScaler nCore VPX .

Table 3-2. Minimum Virtual Computing Resources Required for Running NetScalernCore VPX

Component RequirementMemory 2 GB

Virtual CPU (VCPU) 2

Virtual network interfaces 2

Note: For production use of NetScaler VPX, it is recommended that CPU priority (invirtual machine properties) be set to the highest level in order to improve schedulingbehavior and network latency.

XenCenter System RequirementsXenCenter is a Windows client application. It cannot run on the same machine as theXenServer host. The following table describes the minimum system requirements.

Table 3-3. Minimum System Requirements for XenCenter InstallationComponent Requirement

Operating system Windows 7, Windows XP, Windows Server2003, or Windows Vista

.NET framework Version 2.0 or later

CPU 750 megahertz (MHz)Recommended: 1 gigahertz (GHz) orfaster


33


RAM 1 GBRecommended: 2 GB

Network Interface Card (NIC) 100 megabits per second (Mbps) or fasterNIC

For information about installing XenCenter, see the XenServer documentation at http://support.citrix.com/product/xens/.

Installing NetScaler Virtual Appliances onXenServer by Using XenCenter

After you have installed and configured XenServer and XenCenter, you can useXenCenter to install virtual appliances on XenServer. The number of virtual appliancesthat you can install depends on the amount of memory available on the hardware thatis running XenServer.After you have used XenCenter to install the initial NetScaler virtual appliance (.xvaimage) on XenServer, you have the option to use Command Center to provisionNetScaler VPX. For more information, see the Command Center documentation at http://edocs.citrix.com/.To install NetScaler virtual appliances on XenServer by using XenCenter1. Start XenCenter on your workstation.2. On the Server menu, click Add.3. In the Add New Server dialog box, in the Hostname text box, type the IP address

or DNS name of the XenServer that you want to connect to.4. In the User Name and Password text boxes, type the administrator credentials,

and then click Connect.The XenServer name appears in the navigation pane with a green circle, whichindicates that the XenServer is connected.

5. In the navigation pane, click the name of the XenServer on which you want toinstall NetScaler VPX.

6. On the VM menu, click Import.7. In the Import dialog box, in Import file name, browse to the location at which you

saved the NetScaler VPX .xva image file. Make sure that the Exported VM option isselected, and then click Next.

8. Select the XenServer on which you want to install the virtual appliance, and thenclick Next.


34

9. Select the local storage repository in which to store the virtual appliance, and thenclick Import to begin the import process.

10. You can add, modify, or delete virtual network interfaces as required. Whenfinished, click Next.

11. Click Finish to complete the import process.

Note: To view the status of the import process, click the Log tab.

12. If you want to install another virtual appliance, repeat steps 5 through 11.


35


36

Chapter 4

Installing NetScaler Virtual Appliances onVMware ESXTopics: Prerequisites for Installing

NetScaler VPX VirtualAppliances on VMware

Installing NetScaler VirtualAppliances on VMware ESX4.0

Installing NetScaler VirtualAppliances on VMware ESX3.5

Before installing Citrix NetScaler virtual appliances onVMware ESX, make sure that VMware ESX server is installed ona machine with adequate system resources. To install virtualappliances on VMware ESX version 4.0, you use VMwarevSphere client. On VMware ESX version 3.5, you use theVMware Open Virtualization Format (OVF) tool. The client ortool must be installed on a remote machine that can connectto VMware ESX through the network.After the installation, you can use vSphere client 4.0 tomanage virtual appliances on VMware ESX 4.0, or you can useVMware Infrastructure (VI) client 2.5 to manage virtualappliances on VMware ESX 3.5.

Note:The VMware vSphere client shows the guest operatingsystem as "Sun Solaris 10" for NetScaler VPX. This is bydesign because VMware ESX 3.5 does not recognize FreeBSD.After the initial configuration of the NetScaler appliance, ifyou want to upgrade the appliance to the latest softwarerelease, see the Citrix NetScaler Migration Guide at http://support.citrix.com/article/ctx132364.

37

Prerequisites for Installing NetScaler VPXVirtual Appliances on VMware

Before you begin installing a virtual appliance, do the following:w Install VMware ESX version 3.5 or later on hardware that meets the minimum

requirements.w Install VMware Client on a management workstation that meets the minimum

system requirements.w Install VMware OVF Tool (required for VMware ESX version 3.5) on a management

workstation that meets the minimum system requirements.w Download the NetScaler VPX setup files.w Label the physical network ports of VMware ESX.w Obtain NetScaler VPX license files. For more information about NetScaler VPX

licenses, see the NetScaler VPX Licensing Guide at http://support.citrix.com/article/ctx122426.

VMware ESX Hardware RequirementsThe following table describes the minimum system requirements for VMware EXSservers running NetScaler nCore VPX.

Table 4-1. Minimum System Requirements for VMware ESX Servers RunningNetScaler nCore VPX

Component RequirementCPU 2 or more 64-bit x86 CPUs with

virtualization assist (Intel-VT or AMD-V)enabled

Note: To run NetScaler VPX,hardware support for virtualizationmust be enabled on the VMware ESXhost. Make sure that the BIOS optionfor virtualization support is notdisabled. For more information, seeyour BIOS documentation.

RAM 3 GB

Chapter 4 Installing NetScaler Virtual Appliances on VMware ESX

38

Component RequirementDisk space Locally attached storage (PATA, SATA,

SCSI) with 40 GB of disk space available

Network One 1 Gbps NIC; Two 1 Gbps NICsrecommended (The network interfacesshould be E1000.)

For information about installing VMware ESX, see http://www.vmware.com/.The following table lists the virtual computing resources that the VMware ESX servermust provide for each NetScaler nCore VPX.


Component RequirementMemory 2 GB

Virtual CPU (VCPU) 2

Virtual network interfaces 1

Note: If the virtual appliance isinstalled on ESX 3.5 or ESXi 3.5, youcan install a maximum of 4 virtualnetwork interfaces. If the virtualappliance is installed on ESX 4.0, themaximum is 10.

Disk space 20 GB

Note: This is in addition to any diskrequirements for the hypervisor.

Note: For production use of NetScaler VPX, the full memory allocation must bereserved. CPU cycles (in MHz) equal to at least the speed of one CPU core of theESX should also be reserved.


39

VMware vSphere Client 4.0 System RequirementsVMware vSphere is a client application that can run on Windows and Linux operatingsystems. It cannot run on the same machine as the VMware ESX server. The followingtable describes the minimum system requirements.

Table 4-3. Minimum System Requirements for VMware vSphere Client InstallationComponent RequirementOperating system For detailed requirements from VMware,

search for the "vSphere CompatibilityMatrixes" PDF file at http://kb.vmware.com/.

CPU 750 megahertz (MHz); 1 gigahertz (GHz)or faster recommended

RAM 1 GB; 2 GB recommended

Network Interface Card (NIC) 100 Mbps or faster NIC

For information about installing vSphere client 4.0, see http://www.vmware.com/.

Note: When you connect the vSphere client 4.0 to ESX 3.5, the vSphere clientdowngrades to VMware Infrastructure (VI) client version 2.5, which is the only versionthat is compatible with ESX 3.5.

OVF Tool 1.0 System RequirementsOVF Tool is a client application that can run on Windows and Linux systems. It cannotrun on the same machine as the VMware ESX server. You need to use VMware OVF Toolversion 1.0 for installing virtual appliances on ESX 3.5. The following table describesthe minimum system requirements.

Table 4-4. Minimum System Requirements for OVF Tool InstallationComponent RequirementOperating system For detailed requirements from VMware,

search for the "OVF Tool User Guide" PDFfile at http://kb.vmware.com/.

CPU 750 MHz minimum, 1 GHz or fasterrecommended.


40

Component RequirementRAM 1 GB Minimum, 2 GB recommended.

Network Interface Card (NIC) 100 Mbps or faster NIC

For information about installing OVF, search for the "OVF Tool User Guide" PDF file at http://kb.vmware.com/.

Downloading the NetScaler VPX Setup FilesThe NetScaler VPX setup package for VMware ESX follows the Open Virtual Machine(OVF) format standard. You can download the files from MyCitrix.com. You need a MyCitrix account to log on. If you do not have a My Citrix account, access the home pageat http://www.mycitrix.com, click the New Users link, and follow the instructions tocreate a new My Citrix account.Once logged on, navigate the following path from the My Citrix home page:MyCitrix.com > Downloads > NetScaler > Virtual Appliances.Copy the following files to a workstation on the same network as the ESX server. Copyall three files into the same folder.w NSVPX-ESX---disk1.vmdk (for example, NSVPX-

ESX-9.3-39.8-disk1.vmdk)w NSVPX-ESX--.ovf (for example, NSVPX-

ESX-9.3-39.8.ovf)w NSVPX-ESX--.mf (for example, NSVPX-

ESX-9.3-39.8.mf )

Labeling the Physical Network Ports of VMware ESXBefore installing a NetScaler VPX virtual appliance, label of all the interfaces that youplan to assign to VPX virtual appliances, in a unique format. Citrix recommends thefollowing format: NS_NIC_1_1, NS_NIC_1_2, and so on. In large deployments, labelingin a unique format helps in quickly identifying the interfaces that are allocated to theNetScaler VPX virtual appliance among other interfaces used by other virtual machines,such as Windows and Linux. Such labeling is especially important when different typesof virtual machines share the same interfaces.To label the physical network ports of VMware ESX server1. Log on to the VMware ESX server by using the vSphere client.2. On the vSphere client, select the Configuration tab, and then click Networking.3. At the top-right corner, click Add Networking.


41

4. In the Add Network Wizard, for Connection Type, select Virtual Machine, andthen click Next.

5. Scroll through the list of vSwitch physical adapters, and choose the physical portthat will map to interface 1/1 on the virtual appliances.

6. Enter NS_NIC_1_1 as the name of the vSwitch that will be associated withinterface 1/1 of the virtual appliances.

7. Click Next to finish the vSwitch creation. Repeat the procedure, beginning withstep 2, to add any additional interfaces to be used by your virtual appliances.Label the interfaces sequentially, in the correct format (for example, NS_NIC_1_2).

Installing NetScaler Virtual Appliances onVMware ESX 4.0

After you have installed and configured VMware ESX 4.0, you can use VMware vSphereclient to install virtual appliances on the VMware ESX. The number of virtual appliancesthat you can install depends on the amount of memory available on the hardware thatis running VMware ESX.

To install NetScaler virtual appliances on VMwareESX 4.0 by using VMware vSphere Client

1. Start the VMware vSphere client on your workstation.2. In the IP address / Name text box, type the IP address of the VMware ESX server

that you want to connect to.3. In the User Name and Password text boxes, type the administrator credentials,

and then click Login.4. On the File menu, click Deploy OVF Template.5. In the Deploy OVF Template dialog box, in Deploy from file, browse to the

location at which you saved the NetScaler VPX setup files, select the .ovf file, andclick Next.

6. Map the networks shown in the VPX OVF template to the networks that youconfigured on the ESX host. Click Next to start installing VPX on VMware ESX. Wheninstallation is complete, a pop-up window informs you of the successful installation.

7. You are now ready to start the NetScaler VPX. In the navigation pane, select theNetScaler VPX that you have just installed and, from the right-click menu, selectPower On. Click the Console tab to emulate a console port.

8. If you want to install another virtual appliance, repeat steps 4 through 6.


42

Installing NetScaler Virtual Appliances onVMware ESX 3.5

To install virtual appliances on ESX 3.5, you need to use the VMware OVF tool, version1.0. The number of virtual appliances that you can install depends on the amount ofmemory available on the hardware that is running VMware ESX. After installation, youcan use the VMware Infrastructure (VI) client 2.5 to manage the virtual appliances onVMware ESX version 3.5.

Note: You cannot use version 4.0 of the vSphere client for installing virtual applianceson ESX 3.5. If you connect the vSphere 4.0 client to ESX 3.5, the vSphere clientdowngrades to VI client version 2.5, which supports only the OVF 0.9 standard. TheNetScaler VPX installation package is based on the OVF 1.0.

To install NetScaler virtual appliances on VMwareESX 3.5 by using the VMware OVF Tool

1. On your workstation, open the command-line interface and execute the followingcommand:ovftool vi://:@

For example, in Windows command shell, type:ovftool c:/NetScalerVPX vi://root:free@

2. When the OVF tool has installed the virtual appliances on the ESX server, use the VIclient to log on to the VMware ESX server on which you performed the installation.

3. In the navigation pane, right-click a virtual appliance that you want to enable, andthen click Power On. Repeat this for each virtual appliance you want to enable.

4. Click the Console tab to emulate a console port.


43


44

Chapter 5

Installing Citrix NetScaler VirtualAppliances on Microsoft Server 2008 R2Topics: Prerequisites for Installing

NetScaler VPX on MicrosoftServer 2008 R2

Installing NetScaler VPX onMicrosoft Server 2008 R2

Note: This functionality is only available in releases 9.3.eand 10.

To install Citrix NetScaler virtual appliances on MicrosoftWindows Server 2008 R2, you must first install Windows Server2008 R2, with the Hyper-V role enabled, on a machine withadequate system resources. While installing the Hyper-V role,make sure you specify the network interface cards (NICs) onthe server that Hyper-V will use to create the virtualnetworks. You can reserve some NICs for the host. Use Hyper-V Manager to perform the NetScaler VPX installation.NetScaler VPX for Hyper-V is delivered in virtual hard disk(VHD) format. It includes the default configuration forelements such as CPU, network interfaces, and hard-disk sizeand format. After you install NetScaler VPX, you can configurethe network adapters on VPX, add virtual NICs, and thenassign the NetScaler IP address, subnet mask, and gateway,and complete the basic configuration of the virtual appliance.

Note:NetScaler VPX for Hyper-V does not support L2 mode.After the initial configuration of the NetScaler appliance, ifyou want to upgrade the appliance to the latest softwarerelease, see the Citrix NetScaler Migration Guide at http://support.citrix.com/article/ctx132364.

45

Prerequisites for Installing NetScaler VPX onMicrosoft Server 2008 R2

Before you begin installing a virtual appliance, do the following:w Enable the Hyper-V role on Windows Server 2008 R2. For more information, see http://

technet.microsoft.com/en-us/library/ee344837(WS.10).aspx.w Download the VPX setup files.w Obtain NetScaler VPX license files. For more information about NetScaler VPX

licenses, see the NetScaler VPX Licensing Guide at http://support.citrix.com/article/ctx122426.

Microsoft Server 2008 R2 Hardware RequirementsThe following table describes the minimum system requirements for Microsoft Server2008 R2.

Table 5-1. Minimum System Requirements for Microsoft Server 2008 R2Component Requirement

CPU 1.4 GHz 64-bit processor

RAM 3 GB

Disk Space 32 GB or greater

For more information about Windows Server 2008 R2 system requirements, see http://www.microsoft.com/windowsserver2008/en/us/system-requirements.aspx.For information about installing Microsoft Server 2008 R2, see http://technet.microsoft.com/en-us/library/dd379511(WS.10).aspx.The following table lists the virtual computing resources for each NetScaler nCore VPX.



RAM 2 GB

Virtual CPU 2

Chapter 5 Installing Citrix NetScaler Virtual Appliances on Microsoft Server 2008 R2

46


Disk Space 20 GB

Virtual Network Interfaces 1

Downloading the NetScaler VPX Setup FilesNetScaler VPX for Hyper-V is delivered in virtual hard disk (VHD) format. You candownload the files from MyCitrix.com. You will need a My Citrix account to log on. Ifyou do not have a My Citrix account, access the home page at http://www.mycitrix.com, click the New Users link, and follow the instructions to create anew My Citrix account.To download the NetScaler VPX setup files1. In a Web browser, go to http://www.citrix.com/ and click My Citrix.2. Type your user name and password.3. Click Downloads.4. In Search Downloads by Product, select NetScaler.5. Under Virtual Appliances, click NetScaler VPX.6. Copy the compressed file to your server.

Installing NetScaler VPX on Microsoft Server2008 R2

After you have enabled the Hyper-V role on Microsoft Server 2008 R2 and extracted theVPX files, you can use Hyper-V Manager to install NetScaler VPX. After you import thevirtual machine, you need to configure the virtual NICs by associating them to thevirtual networks created by Hyper-V.You can configure a maximum of eight virtual NICs. Even if the physical NIC is DOWN,the virtual appliance assumes that the virtual NIC is UP, because it can stillcommunicate with the other virtual appliances on the same host (server).

Note: You cannot change any settings while the virtual appliance is running. Shutdown the virtual appliance and then make changes.


47

To install NetScaler VPX on Microsoft Server 2008R2 by using Hyper-V Manager

1. To start Hyper-V Manager, click Start, point to Administrative Tools, and then clickHyper-V Manager.

2. In the navigation pane, under Hyper-V Manager, select the server on which youwant to install NetScaler VPX.

3. On the Action menu, click Import Virtual Machine.4. In the Import Virtual Machine dialog box, in Location, specify the path of the

folder that contains the NetScaler VPX software files, and then select Copy thevirtual machine (create a new unique ID). This folder is the parent folder thatcontains the Snapshots, Virtual Hard Disks, and Virtual Machines folders.

Note: If you received a compressed file, make sure that you extract the files intoa folder before you specify the path to the folder.

5. Click Import.6. Verify that the virtual appliance that you imported is listed under Virtual

Machines.7. To install another virtual appliance, repeat steps 2 through 6.

Important: Make sure that you extract the files to a different folder in step 4.

To configure virtual NICs on the NetScaler VPX1. Select the virtual appliance that you imported, and then on the Action menu,

select Settings.2. In the Settings for dialog box, click Add Hardware in the

left pane.3. In the right pane, from the list of devices, select Network Adapter.4. Click Add.5. Verify that Network Adapter (not connected) appears in the left pane.6. Select the network adapter in the left pane.7. In the right pane, from the Network drop-down list, select the virtual network to

connect the adapter to.8. To select the virtual network for additional network adapters that you want to use,

repeat steps 6 and 7.9. Click Apply, and then click OK.


48

To configure NetScaler VPX1. Right-click the virtual appliance that you previously installed, and then select

Start.2. Access the console by double-clicking the virtual appliance.3. Type the NetScaler IP address, subnet mask, and gateway for your virtual appliance.

You have completed the basic configuration of your virtual appliance. Type the IPaddress in a Web browser to access the virtual appliance.


49


50

Chapter 6

Configuring the Basic System SettingsTopics: Setting Up the Initial

Configuration by Using theNetScaler VPX Console

Configuring NetScaler VPXby Using the Command-LineInterface

Configuring NetScaler VPXby Using the ConfigurationUtility

After installing a Citrix NetScaler VPX virtual appliance, youneed to access it to configure the basic settings. Initially

Documents

NS VPXGettingStarted Guide