Citrix NetScaler Getting Started Guide. Citrix NetScaler 9.0

(1)

Citrix® NetScaler® 9.0

Citrix NetScaler

(2)

TRANSFORMATION, OR ADAPTATION) WITHOUT THE EXPRESS WRITTEN PERMISSION OF CITRIX SYSTEMS, INC. ALTHOUGH THE MATERIAL PRESENTED IN THIS DOCUMENT IS BELIEVED TO BE ACCURATE, IT IS PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE ALL RESPONSIBILITY FOR THE USE OR APPLICATION OF THE PRODUCT(S) DESCRIBED IN THIS MANUAL.

CITRIX SYSTEMS, INC. OR ITS SUPPLIERS DO NOT ASSUME ANY LIABILITY THAT MAY OCCUR DUE TO THE USE OR APPLICATION OF THE PRODUCT(S) DESCRIBED IN THIS DOCUMENT. INFORMATION IN THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT NOTICE. COMPANIES, NAMES, AND DATA USED IN EXAMPLES ARE FICTITIOUS UNLESS OTHERWISE NOTED.

The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense.

Modifying the equipment without Citrix' written authorization may result in the equipment no longer complying with FCC requirements for Class A digital devices. In that event, your right to use the equipment may be limited by FCC regulations, and you may be required to correct any interference to radio or television communications at your own expense.

You can determine whether your equipment is causing interference by turning it off. If the interference stops, it was probably caused by the NetScaler Request Switch™ 9000 Series equipment. If the NetScaler equipment causes interference, try to correct the interference by using one or more of the following measures:

Move the NetScaler equipment to one side or the other of your equipment. Move the NetScaler equipment farther away from your equipment.

Plug the NetScaler equipment into an outlet on a different circuit from your equipment. (Make sure the NetScaler equipment and your equipment are on circuits controlled by different circuit breakers or fuses.)

Modifications to this product not authorized by Citrix Systems, Inc., could void the FCC approval and negate your authority to operate the product.

BroadCom is a registered trademark of BroadCom Corporation. Fast Ramp, NetScaler, WANScaler, Citrix XenApp, and NetScaler Request Switch are trademarks of Citrix Systems, Inc. Linux is a registered trademark of Linus Torvalds. Internet Explorer, Microsoft, PowerPoint, Windows and Windows product names such as Windows NT are trademarks or registered trademarks of the Microsoft Corporation. NetScape is a registered trademark of Netscape Communications Corporation. Red Hat is a trademark of Red Hat, Inc. Sun and Sun Microsystems are registered trademarks of Sun Microsystems, Inc. Other brand and product names may be registered trademarks or trademarks of their respective holders.

Software covered by the following third party copyrights may be included with this product and will also be subject to the software license agreement: Copyright 1998 © Carnegie Mellon University. All rights reserved. Copyright © David L. Mills 1993, 1994. Copyright © 1992, 1993, 1994, 1997 Henry Spencer. Copyright © Jean-loup Gailly and Mark Adler. Copyright © 1999, 2000 by Jef Poskanzer. All rights reserved. Copyright © Markus Friedl, Theo de Raadt, Niels Provos, Dug Song, Aaron Campbell, Damien Miller, Kevin Steves. All rights reserved. Copyright © 1982, 1985, 1986, 1988-1991, 1993 Regents of the University of California. All rights reserved. Copyright © 1995 Tatu Ylonen, Espoo, Finland. All rights reserved. Copyright © UNIX System Laboratories, Inc. Copyright © 2001 Mark R V Murray. Copyright 1995-1998 © Eric Young. Copyright © 1995,1996,1997,1998. Lars Fenneberg. Copyright © 1992. Livingston Enterprises, Inc. Copyright © 1992, 1993, 1994, 1995. The Regents of the University of Michigan and Merit Network, Inc. Copyright © 1991-2, RSA Data Security, Inc. Created 1991. Copyright © 1998 Juniper Networks, Inc. All rights reserved. Copyright © 2001, 2002 Networks Associates Technology, Inc. All rights reserved. Copyright (c) 2002 Networks Associates Technology, Inc. Copyright 1999-2001© The Open LDAP Foundation. All Rights Reserved. Copyright © 1999 Andrzej Bialecki. All rights reserved. Copyright © 2000 The Apache Software Foundation. All rights reserved. Copyright (C) 2001-2003 Robert A. van Engelen, Genivia inc. All Rights Reserved. Copyright (c) 1997-2004 University of Cambridge. All rights reserved. Copyright (c) 1995. David Greenman. Copyright (c) 2001 Jonathan Lemon. All rights reserved. Copyright (c) 1997, 1998, 1999. Bill Paul. All rights reserved. Copyright (c) 1994-1997 Matt Thomas. All rights reserved. Copyright © 2000 Jason L. Wright. Copyright © 2000 Theo de Raadt. Copyright © 2001 Patrik Lindergren. All rights reserved.

(3)

C

ONTENTS

Preface

About This Guide . . . vii

Audience . . . ix

Formatting Conventions . . . ix

Chapter 1 Understanding the Citrix NetScaler

What Is a Citrix NetScaler? . . . .1

Switching Features . . . .2

Security and Protection Features. . . .2

Optimization Features . . . .2

Where Does a Citrix NetScaler Fit in the Network? . . . .2

Physical Deployment Modes. . . .3

Citrix NetScaler as an L2 Device . . . .4

Citrix NetScaler as a Packet Forwarding Device . . . .4

How a Citrix NetScaler Communicates with Clients and Servers . . . .5

Understanding NetScaler-owned IP Addresses . . . .5

How Traffic Flows Are Managed . . . .6

Traffic Management Building Blocks . . . .7

A Simple Load Balancing Configuration . . . .8

Understanding Virtual Servers. . . .9

Understanding Services . . . .11

Understanding Policies and Expressions . . . .12

Processing Order of Features . . . .13

Chapter 2 Introduction to the Citrix NetScaler Product Line

Citrix NetScaler Editions . . . .15

Citrix NetScaler Hardware Platforms. . . .18

Chapter 3 Installing the Citrix NetScaler Hardware

Reviewing the Pre-Installation Checklist . . . .19

Rack Mounting a Citrix NetScaler . . . .20

Installing an SFP . . . .22

(4)

Connecting a Citrix NetScaler to the Network. . . .23

Connecting the Console Cable . . . .23

Connecting a Citrix NetScaler to the Power Source . . . .24

Chapter 4 Accessing and Configuring a Citrix NetScaler

Accessing a Citrix NetScaler . . . .27

Using the Command Line Interface . . . .28

Logging on to the Command Line Interface Using a Console Port . . . .28

Logging on to the Command Line Interface using SSH. . . .28

Using the Graphical User Interface. . . .29

Using the Configuration Utility . . . .30

Using the Statistical Utility . . . .31

Accessing and Configuring a Citrix NetScaler Using the XML API . . . .32

Configuring a Citrix NetScaler for the First Time . . . .32

Configuring a Citrix NetScaler Using the Command Line Interface. . . .32

Configuring a Citrix NetScaler Using the Configuration Utility . . . .34

Setting up a High Availability Pair. . . .35

Configuring a High Availability Pair for the First Time . . . .36

Adding a Node . . . .36

Disabling High Availability Monitoring for Unused Interfaces . . . .37

Chapter 5 Understanding Common Network Topologies

Setting up Common Two-Arm Topologies . . . .39

Setting up a Simple Two-Arm Multiple Subnet Topology . . . .39

Setting up a Simple Two-Arm Transparent Topology . . . .42

Setting up Common One-Arm Topologies . . . .43

Setting up a Simple One-Arm Single Subnet Topology . . . .44

Setting up a Simple One-Arm Multiple Subnet Topology. . . .46

Chapter 6 Configuring System Management Settings

Configuring Global Settings . . . .49

Configuring HTTP Traffic Ports . . . .49

Setting the Maximum Connections to Each Server . . . .50

Setting the Maximum Requests per Connection . . . .50

Configuring Client IP Address Insertion . . . .51

Setting HTTP Cookie Version. . . .51

Setting FTP Port Range . . . .52

Verifying the Configuration. . . .52

(5)

Contents v

Configuring Modes of Packet Forwarding. . . .55

Enabling and Disabling Layer 2 Mode . . . .56

Enabling and Disabling Layer 3 Mode . . . .57

Enabling and Disabling MAC-Based Forwarding Mode . . . .58

Configuring Network Interfaces. . . .60

Modifying Network Interfaces . . . .60

Configuring Virtual LANs . . . .62

Creating a VLAN . . . .63

Binding a Network Interface to a VLAN . . . .64

Configuring Link Aggregation . . . .65

Configuring Link Aggregation Manually . . . .65

Configuring Clock Synchronization. . . .68

Configuring DNS . . . .68

Adding a Name Server . . . .69

Verifying the Configuration . . . .70

Configuring SNMP . . . .70

Adding SNMP Managers . . . .72

Adding SNMP Traps . . . .72

Configuring SNMP Alarms . . . .73

Configuring Syslog . . . .74

Chapter 7 Load Balancing Traffic on a Citrix NetScaler

How Load Balancing Works . . . .75

Understanding Persistence . . . .78

Understanding Persistence Based on Cookies. . . .79

Understanding Persistence Based on Server IDs in URLs . . . .80

Understanding URL Redirection . . . .81

Understanding Backup Vservers. . . .81

Configuring Load Balancing . . . .82

Configuring Load Balancing Using the Configuration Utility. . . .83

Customizing a Load Balancing Setup Using Persistence . . . .85

Configuring URL Redirection . . . .86

Configuring Backup Vservers . . . .86

(6)

Chapter 8 Accelerating Load Balanced Traffic Using Compression

How Compression Works. . . .89

Configuring Compression. . . .92

Configuring Compression Using the Configuration Utility . . . .93

Enabling Compression Globally . . . .93

Enabling Compression on a Service . . . .94

Binding a Default Compression Policy to a Vserver . . . .94

Viewing the Statistics. . . .94

Configuring Compression Using the Citrix NetScaler Command Line . . . .95

Chapter 9 Securing Load Balanced Traffic Using SSL

How SSL Offloading Works . . . .97

Managing Certificates . . . .100

Supporting Outlook Web Access . . . .100

Configuring SSL Offloading . . . .100

Configuring SSL Offloading using the Configuration Utility . . . .101

Enabling SSL . . . .102

Creating HTTP-based Services . . . .102

Adding an SSL-Based Vserver . . . .103

Binding the HTTP Services to the Vserver . . . .103

Adding a Certificate Key Pair . . . .104

Binding an SSL Certificate Key Pair to the Vserver. . . .104

Configuring Support for Outlook Web Access . . . .106

Configuring SSL Offload Using the Citrix NetScaler Command Line . . . .108

Chapter 10 Features at a Glance

Application Switching and Traffic Management Features . . . .111

Application Acceleration Features . . . .113

Application Security and Firewall Features . . . .114

Application Visibility Features. . . .117

GlossaryGlossary 119

Index

. . . 127

(7)

P

REFACE

Preface

Before you begin to use the Citrix NetScaler 9.0 release, take a few minutes to review this chapter and learn about related documentation, other support options, and ways to send us feedback.

In This Preface About This Guide Audience

Formatting Conventions Related Documentation Getting Service and Support Documentation Feedback

About This Guide

This guide describes how to initially set up and configure a Citrix® NetScaler®. It begins with an overview of the core architecture, followed by details about the product line, installation and deployment instructions, and hands-on labs that cover commonly used features.

The contents of the guide have been arranged in a simple-to-complex manner. Most chapters begin with a conceptual introduction followed by practical examples. The examples, which include both GUI and CLI procedures, and topology diagrams, are use cases with sample values that you can use in your initial configuration. Diagrams illustrate and reinforce key concepts. A detailed glossary and an index are provided. References and cross-references throughout the guide enhance its usability.

This guide provides the following information:

• Chapter 1, “Understanding the Citrix NetScaler.” Describes the architecture of the Citrix NetScaler. Begins with a description of what a NetScaler is and where it fits in a network. This is followed by a description of vservers, services, and policies. The chapter concludes with a description of the order in which features are processed.

(8)

• Chapter 2, “Introduction to the Citrix NetScaler Product Line.” Provides a brief introduction to the software and hardware platforms. Also covers the feature groups.

• Chapter 3 “Installing the Citrix NetScaler Hardware.” Covers the steps to unpack and install the hardware. Includes instructions on rack mounting, connecting SFPs and XFPs, connecting the console cable, connecting to a power source, and connecting to a network.

• Chapter 4 “Accessing and Configuring a Citrix NetScaler.” Describes the various access mechanisms that you can use to configure and monitor a NetScaler. Includes both CLI and GUI mechanisms. This chapters also covers the steps to configure a NetScaler for the first time.

• Chapter 5 “Understanding Common Network Topologies.” Describes the four common deployment topologies: Arm Multiple Subnet, Two-Arm Transparent, One-Two-Arm Single Subnet, and One-Two-Arm Multiple Subnet. Topology diagrams, sample values, and references have been provided. • Chapter 6 “Configuring System Management Settings.” Covers steps to

configure basic system management settings such as VLANs, SNMP, DNS, etc.

• Chapter 7 “Load Balancing Traffic on a Citrix NetScaler.” Provides a basic introduction to the load balancing feature. Begins with a conceptual introduction to load balancing and includes common settings such as persistence, URL redirection, and backup vservers. This is followed by procedures to configure a basic load balancing setup to deliver a Web application. The chapter also covers procedures for configuring persistence, URL redirection, and backup vservers.

• Chapter 8 “Accelerating Load Balanced Traffic Using Compression.” Provides a basic introduction to the compression feature. Describes how a NetScaler compresses traffic. This is followed by procedures to configure a NetScaler to compress application traffic.

• Chapter 9 “Securing Load Balanced Traffic Using SSL.” Provides a basic introduction to the SSL offload feature. Describes how a NetScaler offloads SSL processing. This is followed by procedures to configure a NetScaler to secure application traffic using SSL.

• Chapter 10 “Features at a Glance.” Provides a brief description of all the features and links to appropriate chapters in the other guides.

(9)

Preface ix

Audience

This guide is intended for system and network administrators who install and configure complex networking equipment. While sales and marketing

professionals might find the conceptual information useful, they are advised to refer to the white papers, product brochures, and other literature on our Web site for more details.

Formatting Conventions

This documentation uses the following formatting conventions.

Formatting Conventions

Convention Meaning

Boldface Information that you type exactly as shown (user input); elements in the user interface.

Italics Placeholders for information or parameters that you provide. For example, FileName in a command means you type the actual name of a file. Also, new terms, and words referred to as words (which would otherwise be enclosed in quotation marks).

%SystemRoot% The Windows system directory, which can be WTSRV, WINNT, WINDOWS, or any other name you specify when you install Windows.

Monospace System output or characters in a command line. User input and placeholders also are formatted using monspace text. { braces } A series of items, one of which is required in command

statements. For example, { yes | no } means you must type

yes or no. Do not type the braces themselves.

[ brackets ] Optional items in command statements. For example, in the following command, [-range

positiveInteger] means that you have the option of entering a range, but it is not required:

add lb vserver name serviceType IPAddress port [-range positiveInteger]

(10)

Getting Service and Support

Citrix provides technical support primarily through the Citrix Solutions Network (CSN). Our CSN partners are trained and authorized to provide a high level of support to our customers. Contact your supplier for first-line support, or check for your nearest CSN partner at http://support.citrix.com/.

You can also get support from Citrix Customer Service at http://citrix.com/. On the Support menu, click Customer Service.

Knowledge Center

The Knowledge Center offers a variety of self-service, Web-based technical support tools at http://support.citrix.com/.

| (vertical bar) A separator between options in braces or brackets in command statements. For example, the following indicates that you choose one of the following load balancing methods:

SRCIPDESTIPHASH | LEASTBANDWIDTH |

… (ellipsis) You can repeat the previous item or items in command statements. For example, /route:DeviceName[,…] means you can type additional DeviceNames separated by commas.

Formatting Conventions

(11)

Preface xi

Knowledge Center features include:

• A knowledge base containing thousands of technical solutions to support your Citrix environment

• An online product documentation library

• Interactive support forums for every Citrix product • Access to the latest hotfixes and service packs

• Knowledge Center Alerts that notify you when a topic is updated

Note: To set up an alert, sign in at http://support.citrix.com/ and, under

Products, select a specific product. In the upper-right section of the screen,

under Tools, click Add to your Hotfix Alerts. To remove an alert, go to the Knowledge Center product and, under Tools, click Remove from your

Hotfix Alerts.

• Security bulletins

• Online problem reporting and tracking (for organizations with valid support contracts)

Education and Training

Citrix offers a variety of instructor-led and Web-based training solutions. Instructor-led courses are offered through Citrix Authorized Learning Centers (CALCs). CALCs provide high-quality classroom learning using professional courseware developed by Citrix. Many of these courses lead to certification. Web-based training courses are available through CALCs, resellers, and from the Citrix Web site.

Information about programs and courseware for Citrix training and certification is available at http://www.citrixtraining.com.

Documentation Feedback

You are encouraged to provide feedback and suggestions so that we can enhance the documentation. You can send email to the following alias or aliases, as appropriate. In the subject line, specify “Documentation Feedback.” Be sure to include the document name, page number, and product release version.

(12)

• For Command Center documentation, send email to

ccdocs_feedback@citrix.com.

• For Access Gateway documentation, send email to

agdocs_feedback@citrix.com.

You can also provide feedback from the Knowledge Center at http:// support.citrix.com/.

To provide feedback from the Knowledge Center home page

1. Go to the Knowledge Center home page at http://support.citrix.com/. 2. On the Knowledge Center home page, under Products, click NetScaler

Application Delivery, and click NetScaler Application Delivery Software 9.0.

3. On the Documentation tab, click the guide name, and then click Article

Feedback.

4. On the Documentation Feedback page, complete the form and click

(13)

C

HAPTER

1

Understanding the Citrix NetScaler

This chapter provides a conceptual overview of the NetScaler. The main objective is to explain what a NetScaler is and how it works, providing a conceptual basis for all the chapters that follow. The chapter can also be read as a general technical overview.

In This Chapter

What Is a Citrix NetScaler?

Where Does a Citrix NetScaler Fit in the Network?

How a Citrix NetScaler Communicates with Clients and Servers Understanding Policies and Expressions

Processing Order of Features

What Is a Citrix NetScaler?

A Citrix NetScaler is an application switch that intelligently distributes, optimizes, and secures Layer 4-Layer 7 (L4-L7) network traffic for Web

applications. Features include load balancing, compression, Secure Sockets Layer (SSL) offload, a built-in application firewall, and dynamic content caching. A NetScaler performs application-specific traffic analysis to provide a more effective implementation of the features. For example, a NetScaler makes load balancing decisions on individual HTTP requests rather than on the basis of long-lived TCP connections, so that the failure or slowdown of a server is managed much more quickly and with less disruption to clients. Other features can be used to reduce load and simplify server-farm management, and to accelerate end-user performance.

(14)

Switching Features

Its switching features enable a NetScaler to manage application traffic in an efficient manner. When deployed in front of application servers, a NetScaler ensures optimal distribution of traffic by the way in which it directs client requests. Administrators can segment application traffic according to information in the body of an HTTP or TCP request, and on the basis of L4-L7 header information such as URL, application data type, or cookie. Numerous load-balancing algorithms and extensive server health checks provide greater application availability by ensuring that client requests are directed to the appropriate servers.

Security and Protection Features

Security and protection features help block the theft and leakage of data by protecting Web applications from application-layer attacks. A NetScaler allows legitimate client requests and can block malicious requests. It provides built-in defenses against denial of service (DoS) attacks and supports features that protect the application against legitimate surges in application traffic that would

otherwise overwhelm the servers. An available built-in firewall protects Web applications from application-layer attacks, including buffer overflow exploits, SQL injection attempts, cross-site scripting attacks, and more. In addition, the firewall provides identity theft protection by securing confidential corporate information and sensitive customer data.

Optimization Features

Optimization features offload resource-intensive operations such as Secure Sockets Layer (SSL) processing, data compression, and the caching of static and dynamic content from servers. This improves the performance of the servers in the server farm and therefore speeds up applications. A NetScaler supports several transparent TCP optimizations, which mitigate problems caused by high latency and congested network links, accelerating the delivery of applications while requiring no configuration changes to clients or servers.

Where Does a Citrix NetScaler Fit in the Network?

A NetScaler resides between the clients and the servers, so that client requests and server responses pass through it. In a typical installation, virtual servers (vservers) configured on the NetScaler provide connection points that clients use to access the applications behind the NetScaler. In this case, the NetScaler owns public IP addresses that are associated with its vservers, while the real servers are isolated in a private network. It is also possible to operate the NetScaler in a transparent mode as an L2 bridge or L3 router, or even to combine aspects of these and other modes.

(15)

Chapter 1 Understanding the Citrix NetScaler 3

Physical Deployment Modes

A NetScaler logically residing between clients and servers can be deployed in either of two physical modes: inline and one-arm.

In the normal inline mode, multiple network interfaces are connected to different Ethernet segments and the NetScaler is placed between the clients and the servers. The NetScaler has a separate network interface to each client network and a separate network interface to each server network. The NetScaler and the servers can exist on different subnets in this configuration. It is possible for the servers to be in a public network and the clients to directly access the servers through the NetScaler, with the NetScaler transparently applying the L4-L7 features. Usually, vservers (described later) are configured to provide an abstraction of the real servers. The following diagram illustrates a typical inline deployment.

Inline Deployment

In a less common version of one-arm mode, only one network interface of the NetScaler is connected to an Ethernet segment. The NetScaler in this case does not isolate the client and server sides of the network, but provides access to applications through configured vservers. This version of one-arm mode can simplify network changes needed for NetScaler installation in some

(16)

Citrix NetScaler as an L2 Device

A NetScaler functioning as an L2 device is said to operate in L2 mode. In L2 mode, the NetScaler forwards packets between network interfaces when all of the following conditions are met:

• The packets are destined to another device's media access control (MAC) address.

• The destination MAC address is on a different network interface. • The network interface is a member of the same virtual LAN (VLAN). By default all network interfaces are members of a pre-defined VLAN, VLAN 1. Address Resolution Protocol (ARP) requests and responses are forwarded to all network interfaces that are members of the same VLAN. To avoid bridging loops, L2 mode must be disabled if another L2 device is working in parallel with the NetScaler.

Citrix NetScaler as a Packet Forwarding Device

A NetScaler can function as a packet forwarding device, and this mode of operation is called L3 mode. When a NetScaler in L3 mode receives, on its MAC address, unicast packets that are destined for an unknown IP address, it forwards them if there is a proper route to the destination. A NetScaler can also route packets between VLANs.

In both modes of operation, L2 and L3, a NetScaler generally drops packets that are in:

• Multicast frames

• Unknown protocol frames destined for a NetScaler's MAC address (non-IP and non-ARP)

(17)

How a Citrix NetScaler Communicates with Clients and

Servers

A NetScaler is usually deployed in front of a server farm and functions as a transparent TCP proxy between clients and servers, without requiring any client-side configuration. This basic mode of operation is called Request Switching

technology and is the core of NetScaler functionality. Request Switching enables

a NetScaler to multiplex and offload the TCP connections, maintain persistent connections, and manage traffic at the request (application layer) level. This is possible because the NetScaler can separate the HTTP request from the TCP connection on which the request is delivered.

Depending on the configuration, a NetScaler may process the traffic before forwarding the request to a server. For example, if the client attempts to access a secure application on the server, the NetScaler might perform the necessary SSL processing before sending traffic to the server. To facilitate efficient and secure access to server resources, a NetScaler uses a set of IP addresses collectively known as NetScaler-owned IP addresses.

Understanding NetScaler-owned IP Addresses

To function as a proxy, a NetScaler a uses a variety of IP addresses. The key NetScaler-owned IP addresses are:

• Mapped IP address (MIP). The MIP is used for server-side connections. It

is not the IP address of the NetScaler. In most cases, when the NetScaler receives a packet, it replaces the source IP address with the MIP before sending the packet to the server. With the servers abstracted from the clients, the NetScaler manages connections more efficiently.

• Virtual server IP address (VIP). A VIP is the IP address associated with a

vserver. It is the public IP address to which clients connect. A NetScaler managing a wide range of traffic may have many VIPs configured. • NetScaler IP address (NSIP). The NSIP is the IP address for general

system and management access to the NetScaler itself.

• Subnet IP address (SNIP). When the NetScaler is attached to multiple

subnets, SNIPs may be configured for use as MIPs providing access to those subnets.

(18)

How Traffic Flows Are Managed

Because a NetScaler functions as a TCP proxy, it translates IP addresses before sending packets to a server. When you configure a vserver, clients connect to a VIP on the NetScaler instead of directly connecting to a server. Based on the settings on the vserver, the NetScaler selects an appropriate server and sends the client's request to that server. By default, the NetScaler uses the MIP to establish connections with the server, as illustrated in the following diagram.

Vserver-based connections

In the absence of a vserver, when a NetScaler receives a request, it transparently forwards the request to the server. This is called the transparent mode of

operation. When operating in transparent mode, a NetScaler translates the source IP addresses of incoming client requests to the MIP but does not change the destination IP address. For this mode to work, L2 or L3 mode needs to be configured appropriately.

For cases in which the servers need the actual client IP address, the NetScaler can be configured to modify the HTTP header by inserting the client IP address as an additional field, or configured to use the client IP address instead of the MIP for connections to the servers.

(19)

Traffic Management Building Blocks

The configuration of a NetScaleris typically built up with a series of virtual entities that serve as building blocks for traffic management. The building block approach helps separate traffic flows. Virtual entities are abstractions, typically representing IP addresses, ports, and protocol handlers for processing traffic. Clients access applications and resources through these virtual entities. The most commonly used entities are vservers and services. Vservers represent groups of servers in a server farm or remote network, and services represent specific applications on each server.

Most features and traffic settings are enabled through virtual entities. For example, you can configure a NetScaler to compress all server responses to a client that is connected to the server farm through a particular vserver. To configure the NetScaler for a particular environment, you need to identify the appropriate features and then choose the right mix of virtual entities to deliver them. Most features are delivered through a cascade of virtual entities that are bound to each other. In this case, the virtual entities are like blocks being assembled into the final structure of a delivered application. You can add, remove, modify, bind, enable, and disable the virtual entities to configure the features.The following diagram illustrates the concepts covered in this section.

(20)

A Simple Load Balancing Configuration

In the example shown in the diagram, the NetScaler is configured to function as a load balancer. For this configuration, you need to configure virtual entities specific to load balancing and bind them in a specific order. As a load balancer, a NetScaler distributes client requests across several servers and thus optimizes the utilization of resources.

The basic building blocks of a typical load balancing configuration are services and load balancing vservers. The services represent the applications on the servers. The vservers abstract the servers by providing a single IP address to which the clients connect. To ensure that client requests are sent to a server, you need to bind each service to the vserver. That is, you must create services for every server and bind the services to the vserver. Clients use the VIP to connect to a NetScaler. When the NetScaler receives client requests on the VIP, it sends them to a server determined by the load balancing algorithm. Load balancing uses a virtual entity called a monitor to track whether a specific configured service (server plus application) is available to receive requests.

Load Balancing vserver, services, and monitor

In addition to configuring the load balancing algorithm, you can configure several parameters that affect the behavior and performance of the load balancing configuration. For example, you can configure the vserver to maintain persistence based on source IP address. The NetScaler then directs all requests from any specific client to the same server.

(21)

Understanding Virtual Servers

A vserver represents one or more applications in a server farm. The vserver is a named NetScaler entity that external clients can use to access applications hosted on the servers. It is represented by an alphanumeric name, virtual IP address (VIP), port, and protocol. The name of the vserver is only of local significance and is designed to make the vserver easier to identify. When a client attempts to access applications on a server, it sends a request to the VIP instead of the IP address of the physical server. When the NetScaler receives a request on the VIP, it terminates the connection at the vserver and uses its own connection with the server on behalf of the client. The port and protocol settings of the vserver determine the applications that the vserver represents. For example, a Web server can be represented by a vserver and a service whose port and protocol are set to 80 and HTTP, respectively. Multiple vservers can use the same VIP but different protocols and ports.

Vservers are points for delivering features. Most features, like compression, caching, and SSL offload, are normally enabled on a vserver. When the NetScaler receives a request on a VIP, it chooses the appropriate vserver by the port on which the request was received and its protocol. The NetScaler then processes the request as appropriate for the features configured on the vserver.

(22)

In most cases, vservers work in tandem with services. You can bind multiple services to a vserver. These services represent the applications running on physical servers in a server farm. After the NetScaler processes requests received on a VIP, it forwards them to the servers as determined by the load balancing algorithm configured on the vserver. The following diagram illustrates these concepts.

Multiple vservers on a single VIP

The preceding diagram illustrates a configuration consisting of two vservers with a common VIP but different ports and protocols. Each of these vservers has two services bound to it. The services s1 and s2 are bound to VS_HTTP and represent the HTTP applications on Server 1 and Server 2. The services s3 and s4 are bound to VS_SSL and represent the SSL applications on Server 2 and Server 3 (Server 2 provides both HTTP and SSL applications). When the NetScaler receives an HTTP request on the VIP, it processes the request based on the settings of VS_HTTP and sends it to either Server 1 or Server 2. Similarly, when the NetScaler receives an HTTPS request on the VIP, it processes it based on the settings of VS_SSL and it sends it to either Server 2 or Server 3.

Vservers are not always represented by specific IP address, port numbers, or protocols. They can be represented by wildcards, in which case they are known as wildcard vservers. For example, when you configure a vserver with a wildcard instead of a VIP, but with a specific port number, the NetScaler intercepts and processes all traffic conforming to that protocol and destined for the predefined port. For vservers with wildcards instead of VIPs and port numbers, the NetScaler intercepts and processes all traffic conforming to the protocol.

(23)

Vservers can be grouped into the following categories:

• Load balancing vserver. Receives and redirects requests to an appropriate

server. Choice of the appropriate server is based on which of various load balancing methods the user configures.

• Cache redirection virtual server. Redirects client requests for dynamic

content to origin servers and static content to cache servers. Cache redirection vservers often work in conjunction with load balancing vservers.

• Content switching virtual server. Directs traffic to a server on the basis of

the content that the client has requested. For example, you can create a content switching vserver that directs all client requests for images to a server that serves images only. Content switching vservers often work in conjunction with load balancing vservers.

• Virtual private network (VPN) virtual server. Decrypts tunneled traffic

and sends it to intranet applications.

Note: For more information about features, see the Citrix NetScaler Traffic

Management Guide.

Understanding Services

Services represent applications on a server. While services are normally combined with vservers, in the absence of a vserver, a service can still manage application-specific traffic. For example, you can create an HTTP service on a NetScaler to represent a Web server application. When the client attempts to access a Web site hosted on the Web server, the NetScaler intercepts the HTTP requests and creates a transparent connection with the Web server.

In service-only mode, a NetScaler functions as a transparent proxy. It terminates client connections, uses the MIP to establish a connection to the server, and translates incoming client requests to the MIP. Although the clients send requests directly to the IP address of the server, the server sees them as coming from the MIP. The NetScaler translates the IP addresses, port numbers, and sequence numbers.

A service is also a point for applying features. However, only a limited set of features can be configured in the service-only case. Consider the example of SSL acceleration. To use this feature, you must create an SSL service and bind an SSL certificate to the service. When the NetScaler receives an HTTPS request, it decrypts the traffic and sends it, in clear text, to the server.

(24)

Services use entities called monitors to track the health of applications. Every service has a default monitor, which is based on the service type, bound to it. As specified by the settings configured on the monitor, the NetScaler sends probes to the application at regular intervals to determine its state. If the probes fail, the NetScaler marks the service as down. In such cases, the NetScaler responds to client requests with an appropriate error message or re-routes the request as determined by the configured load balancing policies.

Understanding Policies and Expressions

A policy defines specific details of traffic filtering and management on a NetScaler. It consists of two parts: the expression and the action. The expression defines the types of requests that the policy matches. The action tells the

NetScaler what to do when a request matches the expression. As an example, the expression might be to match a specific URL pattern to a type of security attack, with the action being to drop or reset the connection. Each policy has a priority, and the priorities determine the order in which the policies are evaluated. When a NetScaler receives traffic to or from any server it manages, the

appropriate policy list determines how to process the traffic. Each policy on the list contains one or more expressions, which together define the criteria that a connection must meet to match the policy.

For all policy types except Rewrite policies, a NetScaler implements only the first policy that a request matches, not any additional policies that it might also match. For Rewrite policies, the NetScaler evaluates the policies in order and, in the case of multiple matches, performs the associated actions in that order. Policy priority is important for getting the results you want.

(25)

Processing Order of Features

Depending on requirements, you can choose to configure multiple features. For example, you might choose to configure both compression and SSL offload. As a result, an outgoing packet might be compressed and then encrypted before being sent to the client. The following figure shows the interaction and processing order of the NetScalerfeatures.

(26)

(27)

C

HAPTER

2

Introduction to the Citrix NetScaler

Product Line

The Citrix NetScaler product line optimizes delivery of applications over the Internet and private networks, combining application-level security, optimization, and traffic management into a single, integrated appliance. You install a Citrix NetScaler in your server room and route all connections to your managed servers through it. The NetScaler then applies the features you enable and the policies you set to incoming and outgoing traffic.

In This Chapter

Citrix NetScaler Editions

Citrix NetScaler Hardware Platforms

Citrix NetScaler Editions

Citrix NetScaler software consists of the following three editions: • Citrix NetScaler, Standard Edition. Provides small and medium

enterprises with comprehensive Layer 4- Layer 7 (L4-L7) traffic management, enabling increased Web application availability. • Citrix NetScaler, Enterprise Edition. Provides Web application

acceleration and advanced L4-L7 traffic management, enabling enterprises to increase Web application performance and availability and reduce data center costs.

• Citrix NetScaler, Platinum Edition. Provides a Web application delivery solution that reduces data center costs and accelerates application

performance, with end-to-end visibility of application performance, and provides advanced application security.

(28)

Note: These editions are controlled by licenses. For instructions on how to obtain and install licenses, refer to the Citrix Hardware Installation and Setup

Guide.

NetScaler functionality is available on the 7000, 9010, 10010, 12000, 15000, and 17000 hardware platforms.

(29)

Chapter 2 Introduction to the Citrix NetScaler Product Line 17

A NetScaler can be integrated into any network as a complement to existing load balancers, servers, caches, and firewalls. It requires no additional client or server side software, and can be configured using the NetScaler Web-based GUI and CLI configuration utilities. The following table summarizes the features supported by the Citrix NetScaler Application Delivery product line:

Citrix NetScaler Application Delivery Product Line Features

Key Features Platinum

Edition

Enterprise Edition

Standard Edition Application Acceleration Features

Citrix® AppCompress™ for HTTP Yes Yes Optional

Citrix® AppCache™ Yes Optional

Client and Server TCP Optimizations Yes Yes Yes

TCP Multiplexing Yes Yes Yes

TCP Buffering Yes Yes Yes

SSL Offload and Acceleration Yes Yes Yes

Application Security and Firewall Features

NetScaler Application Firewall Yes Optional

L4 DoS Defenses Yes Yes Yes

L7 Content Filtering Yes Yes Yes

L7 DoS Defenses Yes Yes

Surge Protection Yes Yes

Citrix Access Gateway™, Enterprise Edition Yes Yes

HTTP Rewrite Yes Yes Yes

Application Switching and Traffic Management Features

Layer 4 Load Balancing Yes Yes Yes

Layer 7 Content Switching Yes Yes Yes

Global Server Load Balancing (GSLB) Yes Yes Optional Dynamic Routing Protocols Yes Yes

Cache Redirection Yes Yes

Application Visibility Features

(30)

Note: While we have taken care to ensure absolute accuracy when compiling this information, it might change. We strongly recommend that you visit our Web site at http://www.citrix.com for the latest information.

Citrix NetScaler Hardware Platforms

A NetScaler is available on the following hardware platforms, each of which supports some combination of Fast Ethernet and Gigabit interfaces.

• Citrix NetScaler 7000 • Citrix NetScaler 9010 • Citrix NetScaler 10010 • Citrix NetScaler 12000 • Citrix NetScaler 15000 • Citrix NetScaler 17000

The following table lists different editions of the NetScaler and the hardware platforms on which they are available.

Product editions and hardware platforms

Note: For more information about the hardware platforms, see the “Introducing the Citrix NetScaler Hardware Platforms” chapter in Citrix Hardware Installation

and Setup Guide.

Hardware 17000 15000 12000 10010 9010 7000

Platinum Edition Yes Yes Yes Yes Yes Yes

Enterprise Edition Yes Yes Yes Yes Yes Yes

(31)

C

HAPTER

3

Installing the Citrix NetScaler

Hardware

This chapter describes how to install the Citrix NetScaler hardware and then connect it to a network and the power source.

In This Chapter

Reviewing the Pre-Installation Checklist Rack Mounting a Citrix NetScaler Installing an SFP

Installing an XFP

Connecting a Citrix NetScaler to the Network Connecting the Console Cable

Connecting a Citrix NetScaler to the Power Source

Reviewing the Pre-Installation Checklist

Before installing your NetScaler, you should prepare all equipment and materials required for installation. Completing this preparation in advance will help ensure a smooth installation, with minimal interruptions.

(32)

Review the following checklist to ensure that you have all the equipment required to complete the installation:

Rack Mounting a Citrix NetScaler

Most appliances can be installed in standard server racks. The appliances ship with a set of rails, which you must install before you mount the appliance. The only tool you will need to install an appliance is a Phillips screwdriver.

Caution: If you are installing the appliance as the only unit in the rack, mount it at the bottom. If the rack contains other units, make sure that the heaviest unit is at the bottom. If the rack has stabilizing devices available, install them before mounting the appliance.

The 7000 appliance requires one rack unit. The 9010, 10010, 12000, MPX 15000, and MPX 17000 appliances each require two rack units. Each of these units ships with a mounting rail kit that contains two rail assemblies, one for the left side and the other for the right side of the appliance, and screws to attach the rails. You must install the assemblies before mounting the appliance in the rack.

Hardware Requirements

Open the box that contains the NetScaler, and verify that it contains the following components and accessories:

• One NetScaler

• One RJ-45-to-RS-232 serial cable • One RJ-45-to-DB-9 adapter

• One (with 7000 system) or two (with 9010/10010/12000/15000/17000 system) AC power cables (Make sure a power outlet is available for each cable.)

• One mounting rail kit

In addition to the items listed above, the following items may also be required: • Ethernet cables

• Ethernet switch ports to connect to the NetScaler • Management workstation (PC or laptop)

(33)

Chapter 3 Installing the Citrix NetScaler Hardware 21 To rack mount a Citrix NetScaler

1. Install the rear inner rails just behind the preinstalled front inner rails. A. Starting with the right side of the chassis, align the two square holes

on the rail against the hooks.

B. Attach the rail to the chassis with screws.

C. Repeat steps A and B to install the left rear inner rail. 2. Install the rack rails.

A. Determine where you want to place a NetScaler in the rack. B. Position the chassis rail guides at the desired location in the rack,

keeping the sliding rail guide facing inward.

C. Screw the assembly to the rack using the brackets provided. D. Repeat steps B and C to attach the assembly to the other side of the

rack. Be sure that both the rack rails are at same height and that the rail guides are facing inward.

Note: Before installing a NetScaler in the rack, be sure that the rear inner rails and the rack rails have been fitted.

3. Install the NetScaler in the rack.

A. Line up the rear inner rails with the rack rails.

B. Slide the chassis rails into the rack rails, keeping the pressure even on both sides. You may need to depress the locking tabs when inserting the chassis.

C. When the NetScaler is pushed completely into the rack, the locking tabs should "click."

D. Insert and tighten the thumbscrews to secure the front of the chassis to the rack.

Installing an SFP

A Small Form Factor Pluggable (SFP) is a compact transceiver that can operate at speeds of up to 1 gigabit per second and is available in both copper and fiber types. Inserting an SFP copper transceiver converts the SFP port to a 1000BASE-T port. Inserting an SFP fiber transceiver converts the SFP port to a 1000BASE-X port. Auto-negotiation is enabled by default on the SFP port into which you insert your SFP transceiver. As soon as a link between the port and the network is established, the speed and mode are matched on both ends of the cable.

(34)

Caution! Only SFP transceivers provided by Citrix Systems are supported on NetScaler appliances. Attempting to install third-party SFP transceivers on your NetScaler appliance voids the warranty.

Insert SFP transceivers into the SFP ports on the front panel of the appliance. Removing an SFP transceiver does not affect the functioning of the appliance, except that the port is no longer available for traffic. However, frequent installation and removal of transceivers shortens their life span. Follow the removal procedure carefully to avoid damaging the SFP transceiver or the appliance.

Caution! Do not install the transceivers with the cables attached. Doing so can damage the cable, the connector, or the optical interface of the transceiver.

To install a copper SFP

1. Carefully remove a copper SFP module from the box.

2. Insert the copper SFP in the SFP slot, with the locking hinge in the DOWN position.

3. Push the copper SFP until it is in the locking position.

4. Move the locking hinge to the UP position and push the module into the slot.

To Install a fiber SFP

1. Carefully remove a fiber SFP module from the box.

2. Insert the fiber SFP in the SFP slot, with the locking hinge in the UP position.

3. Push the fiber SFP until it is in the locking position. 4. Move the locking hinge to the DOWN position. 5. Remove the fiber dust protector.

(35)

Chapter 3 Installing the Citrix NetScaler Hardware 23

Installing an XFP

Note: This section applies to the 12000 10G, MPX 15000, and MPX 17000 appliances.

A 10-Gigabit Small Form Factor Pluggable (XFP) is a compact optical transceiver that can operate at speeds of up to 10 gigabits per second. Auto-negotiation is enabled by default on the XFP ports into which you insert your XFP transceiver. As soon as a link between the port and the network is established, the speed and mode are matched on both ends of the cable.

Caution! Only XFP transceivers provided by Citrix Systems are supported on NetScaler appliances. Attempting to install third-party XFP transceivers on your NetScaler appliance voids the warranty.

Insert the XFP transceivers into the XFP ports on the front panel of the appliance. Removing an XFP transceiver does not affect the functioning of the appliance, except that the port is no longer available for traffic. However, frequent installation and removal of transceivers shortens their life span. Follow the removal procedure carefully to avoid damaging the transceiver or the appliance.

Caution! Do not install the transceivers with the cables attached. Doing so can damage the cable, the connector, or the optical interface of the transceiver.

To Install an XFP

1. Remove an XFP module carefully from the box.

2. Insert the XFP in the XFP slot, with the locking hinge in the UP position. 3. Push the XFP until it is in the locking position.

4. Move the locking hinge to the DOWN position. 5. Remove the fiber dust protector.

Connecting a Citrix NetScaler to the Network

Connect the ports on a NetScaler to the network ports on the appropriate switches using the Ethernet/Fiber optic cables.

(36)

Caution: Be careful not to create a network loop by connecting more than one port on the NetScaler to the same switch or VLAN.

If your configuration does not require all of the available ports, you can use any of the ports. However, disabling the unused ports is advisable, and is mandatory in an HA configuration.

By default a NetScaler is configured to use auto negotiation. For a first-time installation, you should configure your switch to use auto negotiation for those ports that are connected to the NetScaler. After initial login and configuration, you can disable auto negotiation.

Connecting the Console Cable

Use the provided console cable when connecting the NetScaler to a PC or terminal. The PC or terminal must support VT100 terminal emulation and must be configured for 9600 baud, 8 data bits, 1 stop bit, and no parity.

Note: For instructions on how to access and configure a NetScaler using a command line interface, refer to the Accessing and Configuring a Citrix NetScaler chapter.

Connecting a Citrix NetScaler to the Power Source

The 7000 system has one power supply. The 9010, 10010, 12010, 15000, and 17000 systems each have two power supplies but can operate with a single power supply. The extra power supply is a backup.

To connect the 7000 system to the power source

1. Plug the power cord into the inlet receptacle on the back of the chassis. 2. Plug the other end of the power cord into a standard 110V/220V power

outlet.

3. Turn the NetScaler on by pressing the ON/OFF switch on the back of the chassis. The LCD on the front should appear backlit once the NetScaler is operational.

To connect the 9010/10010/12000 system to the power source

(37)

Chapter 3 Installing the Citrix NetScaler Hardware 25

2. Plug the other end of the power cord into a standard 110V/220V power outlet.

3. Repeat steps 1 and 2 to connect the other power inlet to a standard 110V/ 220V power outlet using another power cord.

4. Turn the NetScaler on by pressing the ON/OFF switch on the back of the chassis. The green LED on the back begins to glow, indicating that the NetScaler is powered on. The LCD on the front appears backlit once the NetScaler is operational.

Caution: The flash disk and hard disk are not hot swappable components and can be removed only when the NetScaler is powered down. Also note that neither the flash disk nor the hard disk should ever be removed except by certified Citrix NetScaler technicians. Doing otherwise voids the warranty.

The 9010/10010/12000 systems emit a high pitched alert if one power supply fails or if you connect only one power cord to the chassis. To silence the alarm, press the small red button on the back of the chassis.

Note: You might need to upgrade the system software. For details, refer to the Citrix NetScaler Migration Guide.

(38)

(39)

C

HAPTER

4

Accessing and Configuring a Citrix

NetScaler

This chapter describes how to configure a NetScaler after installing the hardware.

In This Chapter

Accessing a Citrix NetScaler

Configuring a Citrix NetScaler for the First Time Setting up a High Availability Pair

Accessing

a Citrix NetScaler

You can access and configure a NetScaler using either the Command Line Interface (CLI) or the Graphical User Interface (GUI). All NetScaler units ship with the default NSIP address of 192.168.100.1 and default subnet mask of 255.255.0.0. Use the NSIP address to access your NetScaler. You can assign a new NSIP and an associated subnet mask during initial configuration.

If you encounter an IP address conflict when deploying multiple NetScaler units, check for the following possible causes:

• Did you select an NSIP that is an IP address already assigned to another device on your network?

• Did you assign the same NSIP to multiple NetScalers?

The NSIP is reachable on all physical ports. The ports on a NetScaler are host ports, not switch ports.

The following table summarizes the available access methods to a NetScaler:

Access Method Port Default IP Address Required? (Y/N)

CLI Console N

(40)

Using the Command Line Interface

You can access the CLI either by connecting a workstation to a console port on the NetScaler or by connecting through secure shell (SSH) from any workstation on the same network.

For general information about the features of the CLI, including SSH, see the

Citrix NetScaler Command Reference Guide.

Logging on to the Command Line Interface Using a

Console Port

Connect a NetScaler’s serial port to your PC serial port using a crossover cable, and start the Hyper Terminal program or any other terminal emulation program. If the logon prompt does not appear, you may need to press ENTER one or more times to display it. Enter your login credentials and press ENTER. The CLI prompt (>) is displayed on the workstation monitor.

Logging on to the Command Line Interface using SSH

The SSH protocol is the preferred remote access method for accessing a NetScaler remotely from any workstation on the same network. You can use either SSH version 1 (SSH1) or SSH version 2 (SSH2.)

If you do not have a working SSH client, you can download and install any of the following SSH client programs:

•

PuTTY-Open Source software supported on multiple platforms. Available at: http://www.chiark.greenend.org.uk/~sgtatham/putty/

• AttachmateWRQ Reflection for Secure

IT-Commercial software supported on the Windows platform. Available at: http://www.wrq.com/products/reflection/ssh/

• Vandyke Software

SecureCRT-Commercial software supported on the Windows platform. Available at: http://www.vandyke.com/products/securecrt/

All of these programs have been tested by the Citrix NetScaler team, which has verified that they work correctly with a NetScaler. Other programs may also work correctly, but have not been tested.

To verify that the SSH client is installed properly, use it to connect to any device on your network that accepts SSH connections.

(41)

Chapter 4 Accessing and Configuring a Citrix NetScaler 29 To log on to a NetScaler using an SSH client

1. On your workstation, run the SSH client.

2. Use the NSIP you assigned to your NetScaler during initial configuration, selecting either SSH1 or SSH2 as the protocol.

3. Log on as nsroot, using the administrative password you assigned during initial configuration.

The following output appears on the your SSH client screen: login as: nsroot

nsroot@10.102.29.60's password: Last login: Wed May 23 17:18:31 2007 Done

Using the Graphical User Interface

The Graphical User Interface has two main components: • Configuration Utility

• Statistical Utility

The system requirements for a workstation running the GUI are as follows: • For Windows-based workstations, a Pentium® 166 MHz or faster processor

with at least 48 MB of RAM is recommended for applets running in a browser using a Java plug-in product. You should have 40 MB free disk space before installing the plug-in.

• For Linux-based workstations, a Pentium platform running Linux kernel v2.2.12 or above, and glibc version 2.12-11 or later. A minimum of 32 MB RAM is required, and 48 MB RAM is recommended. The workstation should support 16-bit color mode, KDE and KWM window managers used in conjunction, with displays set to local hosts.

• For Solaris-based workstations, a Sun running either Solaris 2.6, Solaris 7, or Solaris 8, and the Java 2 Runtime Environment, Standard Edition, version 1.4.2_04 or later.

Your workstation must have a supported web browser and version 1.4.2_04 or above of the Java® applet plug-in installed to access the Configuration Utility and the Statistical Utility. The following Web browsers and platforms have been tested and can be used to access the GUI:

(42)

• Internet Explorer version 6 or 7 on Windows XP Home or Professional editions

• Netscape 4.51/4.61/4.72/4.75 on Windows 95/98/2000/NT • Netscape 4.51 on Solaris 5.6/5.7/5.8

• Netscape 4.61/4.72/4.75 on Red Hat Linux 6.2

• Netscape 4.77 on Windows 2000/NT, or on Windows XP Home or Professional editions

• Netscape 6.2 on Windows 98/2000/NT, or on Windows XP Home or Professional editions

Using the Configuration Utility

The Configuration Utility is a graphical interface program that helps you to configure a NetScaler

If your computer does not have a supported Java plug-in installed, the first time you log on to the NetScaler, the Configuration Utility will prompt you to download and install the plug-in.

Note: Prior to installing the Java 2 Runtime Environment, ensure that you have installed the full set of required operating system patches needed for the current Java release

To log on to the Configuration Utility

1. Open your Web browser and enter the NSIP as an HTTP address:

http://<NSIP>

The Citrix Logon page appears.

Caution: If you have two NetScaler units in a high availability setup, make sure that you do not access the GUI by entering the IP address of the secondary NetScaler. If you do so and use the GUI to configure the secondary NetScaler, your configuration changes will not be applied to the primary NetScaler.

2. In the Username text box, type nsroot.

3. In the Password text box, type the administrative password you assigned to the nsroot account during initial configuration.

4. In the Start in list, click Configuration and click Login. The Configuration Utility page appears.

(43)

Chapter 4 Accessing and Configuring a Citrix NetScaler 31

Note: If your workstation does not already have a supported version of the Java runtime plug-in installed, the NetScaler prompts you to download the Java Plug-in. After the download is complete, the Configuration Utility page appears.

Note: If you need to access the online help, select Help from the Help menu at the top right corner.

If automatic installation of the Java plug-in the previous procedure fails, you can install the plug-in separately before you attempt to log on to the Configuration Utility.

To install the Java Runtime Plug-In separately

1. In your web browser, enter the NSIP and port number of your NetScaler:

http://<NSIP>:80

The Java plug-in icon appears.

2. Click the Java in icon and follow the screen prompts to copy the plug-in plug-installer to your workstation hard disk. The Java plug-plug-in setup icon (for example, j2re-1.4.2_04 -win) appears on your computer at the location you specified.

3. Double click the plug-in setup icon, and follow the screen prompts to install the plug-in.

4. Return to your Web browser and click the Java plug-in icon a second time to display the GUI logon screen.

Using the Statistical Utility

The Statistical Utility is a browser-based application that displays charts and tables on which you can monitor the performance of a NetScaler.

To log on to the Statistical Utility

1. Open your Web browser and enter the NSIP as an HTTP address:

http://<NSIP>

The Citrix Logon page appears. 2. In the Username text box, type nsroot.

3. In the Password text box, type the administrative password you assigned to the nsroot account during initial configuration.

(44)

4. In the Start in list, click Dashboard and click Login.

Note: If your workstation does not already have a supported version of the Java runtime plug-in installed, the NetScaler prompts you to download the Java Plug-in. After the download is complete, the Statistical Utility page is displayed.

Accessing and Configuring a Citrix NetScaler

Using the XML API

The NetScaler can be configured using an external Application Programming Interface (API). The API allows you to create custom client applications to configure and monitor the state of the NetScaler. It is based on Simple Object Access Protocol (SOAP) over HTTP. You can download the API documentation from the Downloads page of the Configuration Utility.

Configuring

a Citrix NetScaler

for the First Time

This section describes how to configure a new NetScaler that still has the original configuration that it was shipped with. You can configure a NetScaler from the Command Line Interface or the Configuration Utility.

Configuring a Citrix NetScaler Using the

Command Line Interface

To set up a NetScaler using the CLI, connect the serial cable provided to the console port located at the right front of the unit, and connect the other end to a workstation. You access the CLI using a terminal emulator.

To configure a NetScaler from the CLI

1. Connect a workstation to the NetScaler.

A. Plug the supplied serial cable into the serial port.

B. Plug the other end of the serial cable into the workstation’s serial port.

C. Run the vt100 terminal emulation program of your choice. For example, Microsoft Windows users can use HyperTerminal, which is included with all modern versions of Windows.

(45)

Chapter 4 Accessing and Configuring a Citrix NetScaler 33

D. Connect to the NetScaler.

2. At the login prompt type the user name nsroot and the password nsroot, and then press ENTER.

3. Change the root password by typing the following command at the CLI, and then press ENTER.

set system user nsroot password

4. Add a MIP by typing the following command at the CLI, and then press ENTER.

add ns ip IPaddress netmask -type MIP

5. Set the default gateway by typing the following command at the CLI, and then press ENTER.

add route network netmask gateway

6. Set the NSIP by typing the following command at the CLI, and then press ENTER.

set ns config -IPAddress IPaddress -netmask netmask

7. Review your changes to make sure that they reflect your deployment goals. 8. Save your configuration by typing the following command at the CLI, and

then press ENTER. save ns config

9. Reboot the NetScaler by typing the following command at the CLI, and then press ENTER.

reboot

10. The NetScaler prompts you to confirm the reboot. Type Y and press ENTER to confirm the reboot.

Parameter Setting

Port The port to which you connected the serial cable, usually COM1

Bits Per Second (BPS) 9600

Data Bits 8

Parity N (none)

Stop Bits 1