Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207
Course Summary
Description
The objective of this course is to provide the foundational concepts and teach the skills necessary to implement, configure, secure and monitor a Citrix NetScaler system with NetScaler Gateway in a desktop virtualization environment.
This course has been updated based on the latest release of the NetScaler product (NetScaler version 11). As a part of this update, the content has been more heavily focused on the NetScaler Gateway functionality than ever before, and covers significant features introduced in NetScaler version 11.
This course is designed specifically for students who have limited or no previous NetScaler experience. Students will have access to hands-on exercises within a virtual lab environment. This course is based on the Citrix NetScaler 11 product, but the skills and fundamental concepts learned are common to earlier product versions. Objectives
At the end of this course, students will be able to understand:
High Availability and Load Balancing
AppExpert Classic Policy Engine
Authentication and Authorization
Access Policies
End User Access and Experience
Integrating NetScaler Gateway with XenApp and XenDesktop
Integrating NetScaler Gateway with other resources (Unified Gateway)
Remote Desktop Proxy
Gateway with WebFront
Multi-tenancy
Portal Page Customization
Monitoring and Management
Troubleshooting
Topics
Getting Started
Basic Networking
High Availability
Basic Load Balancing
Securing NetScaler
AppExpert Classic Policy Engine
Authentication and Authorization
Access Policies
End-User Access and Experience
Integrating NetScaler Gateway with XenApp and XenDesktop
AppExpert Default Policy Engine
Global Server Load Balancing
Monitoring and Management
Troubleshooting
Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207
Course Summary
(cont’d)
Audience
This course is designed for students who have limited or no previous NetScaler experience and are interested in learning how to integrate NetScaler Gateway with Citrix XenDesktop or Citrix XenApp.
Prerequisites
Before taking this course, Citrix recommends that students have the following:
Understanding of basic networking concepts (routing, switching, VLAN, firewall functionality)
Familiarity with application delivery and cloud networking
Experience with Citrix virtualization technologies, such as XenDesktop and XenApp
Familiarity with Microsoft Windows Server
Experience with Microsoft SQL Server or enterprise database servers
Experience with Active Directory and Group Policy
Basic understanding of Microsoft Remote Desktop Services
Basic understanding of Windows Server networking concepts, such as DNS, IIS®, and load balancing
Exposure to basic system administration concepts, including logging, software upgrade procedures, and high availability operations
Familiarity with server monitoring tools
Basic understanding of VPN concepts, including SSL encryption and certificates
Duration
Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207
Course Outline
I. Getting Started
A. Getting Started
B. Introduction to Citrix NetScaler C. NetScaler Functionality D. NetScaler Overview E. Product Features F. Hardware Platforms G. Hardware Components
H. nCore Configuration Architecture I. Deployment Scenarios
J. NetScaler Gateway Overview K. NetScaler Gateway Platforms L. Initial NetScaler Access M. NetScaler Licenses
N. NetScaler Gateway Licensing
O. To Install the NetScaler Gateway License P. NetScaler Gateway Pre-Installation Checklist Q. Replacing Securing Gateway
R. Configuring NetScaler Gateway for First-time Use
S. Settings Configuration
T. End-User Access with the FQDN U. Configuration Testing
V. Name Service Providers Configuration W. Performing an Upgrade
X. Save the Configuration
II. Basic Networking
A. Basic Networking B. OSI Networking Model
C. NetScaler Architecture Overview D. NetScaler-owned IP addresses E. Network Topology
F. NetScaler Gateway Deployment G. NetScaler Network Interfaces H. Virtual Local Area Networks (VLANs) I. IP Address Routing
J. Mac-based Forwarding Mode K. Determining the Source IP Address L. Link Aggregation
III. High Availability
A. High Availability
B. High Availability Functionality C. High Availability Node Configuration D. Propagation and Synchronization E. High Availability Management F. Upgrading a High Availability Pair G. High Availability Issues
H. High Availability Pair in Different Subnets I. Adding a Remote Node
J. To Add a Remote Node for Independent Network Computing Mode
IV. Basic Load Balancing
A. Basic Load Balancing B. Load Balancing Basics C. Entity Management D. Server Creation E. Service Monitoring
F. Services Configuration Overview G. Virtual Server Creation
H. Binding Services or Service Groups to a Virtual Server
I. Traffic Types J. Default Monitors K. Built-In Monitors L. Monitor Parameters M. Creating Monitors N. HTTP Monitoring
O. Extended Application Verification (EAV) Monitoring
P. Extended Content Verification (ECV) Monitoring
Q. HTTP-ECV and TCP-ECV Monitoring Process R. Reverse Condition Monitoring
S. Setting Monitor Thresholds T. Custom Monitors
U. XenDesktop Delivery Controller Monitoring V. StoreFront Store Monitoring
W. TFTP Server Monitoring X. Load Balancing Methods Y. Service Weights
Z. Persistence and Persistence Connections AA. Load Balancing Configuration Protection BB. Load Balancing Wizards
CC. Disabling Services
DD. Graceful Shutdown of Services EE. Removing Services
FF. Configuration Verification GG. The Load Balancing Visualizer
Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207
Course Outline
(cont’d)
V. Securing NetScaler
A. Securing NetScaler B. SSL
C. SSL Session Process D. Features and Benefits E. Offload Performance F. Digital Certificates G. SSL Administration H. SSL Offload Overview I. Deployment Scenarios
J. Citrix Recommendations for SSL K. SSL Renegotiation Attack L. SSL Troubleshooting M. SSL Offload Troubleshooting
VI. AppExpert Classic Policy Engine
A. AppExpert Classic Policy Engine B. Policies Overview
C. Policies and Profile Configuration D. Policies Creation
E. Traffic Policies
VII. Authentication and Authorization
A. Authentication and Authorization B. System and AAA User Groups C. Local Accounts
D. External Authentication
E. External Authentication for System Users F. NTLMV2 Authentication
G. Configuration of Command Policies for Delegating Administrators
H. Custom Command Policy Configuration for Delegated Adminstrators
I. Authentication Configuration
J. Authentication Types Supported on NetScaler K. Default Global Authentication Types
Configuration
L. Local Users Configuration M. Authentication Policies N. LDAP Authentication Policies O. RADIUS Authentication Policies
P. Client Certificate Authentication Configuration Q. Smart Card Authentication Configuration R. To Disable Authentication
S. Authentication, Authorization, and Auditing (AAA) Issues
VIII. Access Policies
A. Access Policies
B. Endpoint Analysis C. Endpoint Policies
D. Pre-Authentication Policies
E. Pre-Authentication Policies and Profiles F. Security Pre-Authentication Expressions
Configuration of End-User Devices G. Operating System Policies Configuration H. Antivirus, Firewall, Internet Security, or
Anti-Spam Expressions Configuration I. To Configure a Client Service Scan J. Security Checks Configuration K. To Configure Process Policies L. File Scan Policies Configuration
M. To Configure a Session or Pre-Authentication Policy to Check for a File on the End User Device
N. Registry Policies Configuration O. To Configure a Registry Policy
P. To Create a Sample Pre-Authentication Scan Q. Custom Expressions Configuration
R. To Bind Pre-Authentication Policies S. Post-Authentication Policies T. End-User Logon Options Evaluation U. Quarantine Groups
V. Endpoint Analysis Troubleshooting
IX. End User Access and Experience
A. End User Access and Experience B. Connection Methods
C. Secure Tunnel Establishment D. Network Firewalls and Proxies E. Secure Tunnel Termination
F. NetScaler Gateway Plug-in Support G. Software Firewalls
H. NetScaler Gateway Plug-In Integration with Citrix Receiver
I. Citrix Receiver Home Page
J. NetScaler Gateway Plug-In Selection for End-Users
K. NetScaler Gateway Plug-In Deployment, Upgrading, and Removal from Active Directory L. Client Ports
M. NetScaler Gateway Plug-in Connection Configuration
N. End User Connections Proxy Support Enablement
O. Session Policies P. Credential Passing
Q. Configuring the Default Home Page for SSL VPN and Clientless VPN Connections
Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207
Course Outline
(cont’d)
R. Timeout Settings S. Split Tunneling
T. Timeout Settings Configuration U. Client Cleanup
V. Single Sign-on Configuration W. Client Interception
X. To Configure Name Service Resolution Y. Access Interface Configuration
Z. Clientless Access
AA. Domain Access Configuration for End Users BB. SharePoint Site
CC. Clientless Access Settings Using Web Interface
DD. Client Choices Page Configuration EE. Access Scenario Fallback Configuration FF. NetScaler Gateway Advanced Concepts
X. Integrating NetScaler Gateway with XenApp and XenDesktop
A. Integrating NetScaler Gateway with XenApp and XenDesktop
B. NetScaler Gateway Prerequisites C. Firewall Rules
D. StoreFront Services Deployment E. Beacons
F. Enabling Access Method Fallback with Policies G. SSL Certificate Trust
H. Session Policies I. Session Profile Creation
J. Custom Clientless Access Policies Configuration for StoreFront Services K. XenApp and XenDesktop Addition to a Single
Site
L. XenMobile Platform Overview
XI. AppExpert Default Policy Engine
A. Understanding Policies
B. Understanding Packet-Processing Flow C. Policy Process Evaluation Flow
D. Identifying Default Policy Expressions E. Actions
F. Configuring Policies and Actions G. Understanding Bind Points H. Understanding Policy Labels I. Pattern Sets
J. Typecasting
K. Responder, Rewrite, and URL Transformation L. Responder Policies
M. Responder Actions
N. Respond With
O. Responder HTML Page Imports P. Rewrite Policies
Q. Configure a Rewrite Action R. Binding Policies
XII. Global Server Load Balancing
A. Global Server Load Balancing B. GSLB Deployment Methods C. GSLB Concepts
D. GSLB Entities E. GSLB DNS Methods F. Metric Exchange Protocol G. Implementing GSLB
H. Viewing and Configuring GSLB with the Visualizer
I. Configuration Site-to-Site Communication J. RPC Node Password
K. Encryption of Site Metrics Exchange L. Source IP Address for an RPC Node M. GSLB Site Communication Example N. Customizing the GSLB Configuration O. Changing the GSLB Method
P. GSLB Persistence
Q. Using Dynamic Weights for Services R. Monitoring GSLB Services
S. Binding Monitors to a GSLB Service T. Monitoring GSLB Sites
U. Protecting the GSLB Setup Against Failure V. Responding with an Empty Address Record
When in the DOWN State
W. Backup IP Address Configuration for a GSLB Domain
X. Implementing GSLB Failover for Disaster Recovery
XIII. Monitoring and Management
A. Monitoring and Management B. Monitoring Needs
C. Monitoring Methods
D. AppFlow on the NetScaler System E. HDX Insight
F. NetScaler Log Management G. Troubleshooting Resources H. Troubleshooting Tools
Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207
Course Outline
(cont’d)
XIV.Troubleshooting
A. Labs-only module covering 4 Troubleshooting Scenarios
XV. Appendix A: NetScaler SDX Addendum
A. Introduction to the NetScaler SDX Appliance B. Product Benefits
C. Hardware Platforms D. Deployment Scenarios E. Licensing
F. Base Architecture G. IO Virtualization H. VLAN Filtering
I. Restricting VLANs to Specific Virtual Interfaces J. NetScaler SDX High Availability
K. Service VM Overview L. Device Management M. Instance Management
N. Provisioning a NetScaler VPX Instance on an SDX Appliance
O. NetScaler SDX Service VM Internals P. Simple Consolidation
Q. Data Plane Isolation with Shared Interfaces R. Simple Consolidation with Delegated
Administration
S. Consolidation Across Security Zones T. SNMP
U. SNMP Trap Destinations
V. Adding an SNMP Manager Community W. Configuring the NetScaler for SNMPv3
Queries X. SNMP Views Y. SNMP Users Z. SNMP Alarms
AA. System Health Monitoring BB. Third-Party Virtual Machines
