CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions
The objective of Implementing Citrix NetScaler 10.5 for App and Desktop Solutions is to provide the foundational concepts and skills necessary to implement, configure, secure, and monitor a Citrix
NetScaler system with NetScaler Gateway in a desktop virtualization environment such as one containing Citrix XenDesktop 7.x or Citrix XenApp, while providing secure application and data access to users. This course is designed specifically for learners who have limited or no previous NetScaler experience. In order to successfully complete this course, learners will have access to hands-on exercises within a virtual lab environment. An optional module on NetScaler SDX appliances is included with reinforcement simulation exercises.
This course is based on the Citrix NetScaler 10.5 product, but the skills and fundamental concepts learned are common to earlier product versions.
Who should enroll in this course?
This course is recommended for learners who are:
New to the NetScaler platform
Interested in integrating NetScaler Gateway with Citrix XenDesktop or Citrix XenApp
Preparatory Recommendations
Before taking this course, Citrix recommends that learners have the following:
Familiarity with application delivery and cloud networking
Experience with Citrix desktop virtualization technologies, such as XenDesktop and XenApp
Familiarity with Microsoft Windows Server 2008 R2
Familiarity with Microsoft Windows Server 2012
Experience with Microsoft SQL Server or enterprise database servers
Experience with Active Directory and Group Policy
Basic understanding of Microsoft Remote Desktop Services
Basic understanding of Windows Server networking concepts, such as DNS, IIS®, and load balancing
Exposure to basic system administration concepts, including logging, software upgrade procedures, and high availability operations
Familiarity with server monitoring tools
Basic understanding of VPN concepts, including SSL encryption and certificates
Skills and Key Topics
Upon successful completion of this course, learners are able to:
Identify the capabilities and functionality of the NetScaler
Explain basic NetScaler network architecture
Obtain, install, and manage NetScaler licenses
Identify the capabilities and functionality of NetScaler Gateway
Explain how SSL is used to secure the NetScaler
Configure authentication for users on the NetScaler Gateway
Implement authorization to determine to which resources users have access
Configure the NetScaler for high availability
Integrate NetScaler Gateway with Storefront or Web Interface to provide remote access for Web, SaaS and mobile apps.
Implement load balancing and GSLB on the NetScaler system
Customize the NetScaler system for traffic flow and content-specific requirements
2
Enable access to applications and data for user connections
Demonstrate monitoring and reporting through native NetScaler logging tools
Configure NetScaler Insight Center to monitor a desktop virtualization environment
Employ recommended tools and techniques to troubleshoot common NetScaler network and connectivity issues
Identify the unique capabilities and functionality of the NetScaler SDX platform.
Identify the networking characteristics of the NetScaler SDX platform.
Explain the process of provisioning and administration of NetScaler VPX instances on a NetScaler SDX appliance.
Instructional Method
Instructor-led course, Self-paced online
Course Length
5 days
Lab Activities
ILT and vILT offer lab access only during the duration of the course.
Module Outline
Getting Started
Basic Networking
High Availability
Basic Load Balancing
Securing NetScaler
AppExpert Classic Policy Engine
Authentication and Authorization
Access Policies
End-User Access and Experience
Integrating NetScaler Gateway with XenApp and XenDesktop
AppExpert Default Policy Engine
Global Server Load Balancing
Monitoring and Management
Troubleshooting
NetScaler SDX Addendum
Topic Outline
Getting Started
o Getting Started
o Introduction to Citrix NetScaler o NetScaler Functionality o NetScaler Overview o Product Features o Hardware Platforms o Hardware Components
o nCore Configuration Architecture o Deployment Scenarios
o NetScaler Gateway Overview o NetScaler Gateway Platforms
3 o Initial NetScaler Access
o NetScaler Licenses
o NetScaler Gateway Licensing
o To Install the NetScaler Gateway License o NetScaler Gateway Pre-Installation Checklist o Replacing Securing Gateway
o Configuring NetScaler Gateway for First-time Use o Settings Configuration
o End-User Access with the FQDN o Configuration Testing
o Name Service Providers Configuration o Performing an Upgrade
o Save the Configuration
Basic Networking
o Basic Networking o OSI Networking Model
o NetScaler Architecture Overview o NetScaler-owned IP addresses o Network Topology
o NetScaler Gateway Deployment o NetScaler Network Interfaces
o Virtual Local Area Networks (VLANs) o IP Address Routing
o Mac-based Forwarding Mode o Determining the Source IP Address o Link Aggregation
High Availability
o High Availability
o High Availability Functionality o High Availability Node Configuration o Propagation and Synchronization o High Availability Management o Upgrading a High Availability Pair o High Availability Issues
o High Availability Pair in Different Subnets o Adding a Remote Node
o To Add a Remote Node for Independent Network Computing Mode
Basic Load Balancing
o Basic Load Balancing o Load Balancing Basics o Entity Management o Server Creation o Service Monitoring
o Services Configuration Overview o Virtual Server Creation
o Binding Services or Service Groups to a Virtual Server o Traffic Types
o Default Monitors o Built-In Monitors o Monitor Parameters o Creating Monitors o HTTP Monitoring
o Extended Application Verification (EAV) Monitoring o Extended Content Verification (ECV) Monitoring o HTTP-ECV and TCP-ECV Monitoring Process o Reverse Condition Monitoring
o Setting Monitor Thresholds o Custom Monitors
o XenDesktop Delivery Controller Monitoring
4 o StoreFront Store Monitoring
o TFTP Server Monitoring o Load Balancing Methods o Service Weights
o Persistence and Persistence Connections o Load Balancing Configuration Protection o Load Balancing Wizards
o Disabling Services
o Graceful Shutdown of Services o Removing Services
o Configuration Verification o The Load Balancing Visualizer
Securing NetScaler
o Securing NetScaler o SSL
o SSL Session Process o Features and Benefits o Offload Performance o Digital Certificates o SSL Administration o SSL Offload Overview o Deployment Scenarios
o Citrix Recommendations for SSL o SSL Renegotiation Attack o SSL Troubleshooting
o SSL Offload Troubleshooting
AppExpert Classic Policy Engine
o AppExpert Classic Policy Engine o Policies Overview
o Policies and Profile Configuration o Policies Creation
o Traffic Policies
Authentication and Authorization
o Authentication and Authorization o System and AAA User Groups o Local Accounts
o External Authentication
o External Authentication for System Users o NTLMV2 Authentication
o Configuration of Command Policies for Delegating Administrators o Custom Command Policy Configuration for Delegated Adminstrators o Authentication Configuration
o Authentication Types Supported on NetScaler o Default Global Authentication Types Configuration o Local Users Configuration
o Authentication Policies o LDAP Authentication Policies o RADIUS Authentication Policies
o Client Certificate Authentication Configuration o Smart Card Authentication Configuration o To Disable Authentication
o Authentication, Authorization, and Auditing (AAA) Issues
Access Policies
o Access Policies o Endpoint Analysis o Endpoint Policies
o Pre-Authentication Policies
o Pre-Authentication Policies and Profiles
o Security Pre-Authentication Expressions Configuration of End-User Devices
5 o Operating System Policies Configuration
o Antivirus, Firewall, Internet Security, or Anti-Spam Expressions Configuration o To Configure a Client Service Scan
o Security Checks Configuration o To Configure Process Policies o File Scan Policies Configuration
o To Configure a Session or Pre-Authentication Policy to Check for a File on the End User Device
o Registry Policies Configuration o To Configure a Registry Policy
o To Create a Sample Pre-Authentication Scan o Custom Expressions Configuration
o To Bind Pre-Authentication Policies o Post-Authentication Policies
o End-User Logon Options Evaluation o Quarantine Groups
o Endpoint Analysis Troubleshooting
End User Access and Experience
o End User Access and Experience o Connection Methods
o Secure Tunnel Establishment o Network Firewalls and Proxies o Secure Tunnel Termination
o NetScaler Gateway Plug-in Support o Software Firewalls
o NetScaler Gateway Plug-In Integration with Citrix Receiver o Citrix Receiver Home Page
o NetScaler Gateway Plug-In Selection for End-Users
o NetScaler Gateway Plug-In Deployment, Upgrading, and Removal from Active Directory o Client Ports
o NetScaler Gateway Plug-in Connection Configuration o End User Connections Proxy Support Enablement o Session Policies
o Credential Passing
o Configuring the Default Home Page for SSL VPN and Clientless VPN Connections o Timeout Settings
o Split Tunneling
o Timeout Settings Configuration o Client Cleanup
o Single Sign-on Configuration o Client Interception
o To Configure Name Service Resolution o Access Interface Configuration
o Clientless Access
o Domain Access Configuration for End Users o SharePoint Site
o Clientless Access Settings Using Web Interface o Client Choices Page Configuration
o Access Scenario Fallback Configuration o NetScaler Gateway Advanced Concepts
Integrating NetScaler Gateway with XenApp and XenDesktop
o Integrating NetScaler Gateway with XenApp and XenDesktop o NetScaler Gateway Prerequisites
o Firewall Rules
o StoreFront Services Deployment o Beacons
o Enabling Access Method Fallback with Policies o SSL Certificate Trust
o Session Policies
6 o Session Profile Creation
o Custom Clientless Access Policies Configuration for StoreFront Services o XenApp and XenDesktop Addition to a Single Site
o XenMobile Platform Overview
AppExpert Default Policy Engine o Understanding Policies
o Understanding Packet-Processing Flow o Policy Process Evaluation Flow
o Identifying Default Policy Expressions o Actions
o Configuring Policies and Actions o Understanding Bind Points o Understanding Policy Labels o Pattern Sets
o Typecasting
o Responder, Rewrite, and URL Transformation o Responder Policies
o Responder Actions o Respond With
o Responder HTML Page Imports o Rewrite Policies
o Configure a Rewrite Action o Binding Policies
Global Server Load Balancing
o Global Server Load Balancing o GSLB Deployment Methods o GSLB Concepts
o GSLB Entities o GSLB DNS Methods o Metric Exchange Protocol o Implementing GSLB
o Viewing and Configuring GSLB with the Visualizer o Configuration Site-to-Site Communication
o RPC Node Password
o Encryption of Site Metrics Exchange o Source IP Address for an RPC Node o GSLB Site Communication Example o Customizing the GSLB Configuration o Changing the GSLB Method
o GSLB Persistence
o Using Dynamic Weights for Services o Monitoring GSLB Services
o Binding Monitors to a GSLB Service o Monitoring GSLB Sites
o Protecting the GSLB Setup Against Failure
o Responding with an Empty Address Record When in the DOWN State o Backup IP Address Configuration for a GSLB Domain
o Implementing GSLB Failover for Disaster Recovery
Monitoring and Management
o Monitoring and Management o Monitoring Needs
o Monitoring Methods
o AppFlow on the NetScaler System o HDX Insight
o NetScaler Log Management o Troubleshooting Resources o Troubleshooting Tools
o Display NetScaler System Information
Troubleshooting
7
o Labs-only module covering 4 Troubleshooting Scenarios
Appendix A: NetScaler SDX Addendum
o Introduction to the NetScaler SDX Appliance o Product Benefits
o Hardware Platforms o Deployment Scenarios o Licensing
o Base Architecture o IO Virtualization o VLAN Filtering
o Restricting VLANs to Specific Virtual Interfaces o NetScaler SDX High Availability
o Service VM Overview o Device Management o Instance Management
o Provisioning a NetScaler VPX Instance on an SDX Appliance o NetScaler SDX Service VM Internals
o Simple Consolidation
o Data Plane Isolation with Shared Interfaces
o Simple Consolidation with Delegated Administration o Consolidation Across Security Zones
o SNMP
o SNMP Trap Destinations
o Adding an SNMP Manager Community
o Configuring the NetScaler for SNMPv3 Queries o SNMP Views
o SNMP Users o SNMP Alarms
o System Health Monitoring o Third-Party Virtual Machines
o Managing the NetScaler SDX Appliance
©2015 Citrix Systems, Inc. All rights reserved. Citrix® and NetScalerTM are trademark of Citrix Systems, Inc. in the United States and other countries. All other trademarks and registered trademarks are the property of their respective owners.