One of the new features in Netscaler 10.5 is called Front-End optimization (which actually is part of Netscaler enterprise and +) which allows Netscaler to optimize the HTTP traffic which is headed back to the client. Now let us take a look at some of the different settings.
* Make Inline (This makes JS which are linked to a page to become inline instead, only affects JS which are less then 2 KB)
* Minify (Removes Whitespaces and comments from JS)
* Shrink to attributes (Shrinks an image to the specified size as the HTML tag
* Make inline (This makes Images which are linked to a page to become inline instead, only affects images which are less then 2 KB)
* Optimize (Removes non-image data from JPEGs, such as comments)
* Convert GIF to PNG (converts images from GIF to PNG)
* Lazy Load (Downloads images as a user scrolls down to them)
* Make Inline (This makes CSS files which are linked to a page to become inline instead, only affects CSS files which are less then 2 KB)
* Combine (Converts multiple CSS files into one)
* Move to head tag (Moves CSS defined in the body tag to the head tag)
* Image inline (Makes such as CSS backgrounds referenced in the CSS file as inline)
* Convert Imports to Links (Convert CSS import statements to HTML link tags)
* Minify (Removes Whitespaces and comments from JS)
* Remove Comments from HTML (Removes comments within the HTML files)
Extend Page Cache (
Enable Client side Measurements
Now you can take a look at how HTML will look after it is parsed trough this feature here –> http://support.citrix.com/proddocs/topic/ns-optimization-10-5-map/ns-feo-working-use-case.html
Now that you have some understanding on what it does, let’s go ahead and configure it. First we need to enable the feature and Integrated caching (since this is a prerequisite)
Enable both features
Now by default there are some premade actions, which define what options are enabled. For intance aggresive policy have most of the optimizations enabled.
Now for instance, lets say that we have a prefined load balanced server (which in my case is hosting a WordPress site) the vServer is called WEB-IIS in my case, go into Front-End Optimization –> Policy Manager –>
Here choose bind point, and virtual server
Next we need to bind a policy to the bind point. Remember that here we need to create a policy using an expression and attach it to the bind point.
I used HTTP.REQ.HOSTNAME expression here so in my case when a user accesses demo-webopt the user will be affected by the policy.
After you have added the policy, press OK then DONE and you are good to go.
So try to access the page and watch the statistics.
Now we can see that it has already managed to do some optimization after I tried to access the page a couple of times.
So with this feature it allows web-developers to be able to comment inline code without affecting the users, also being able to have a solid structure on CSS and JS without affecting the performance. Note that this feature is not suitable for all web applications, be sure to properly test the feature first.
Now since the release of 10.5 I have been able to test alot of the new features in the latest release. Citrix has also released new versions of Insight and Endpoint clients for Windows & Mac to match the new release.
The upgrades have so far for my part have been non-problematic (in case of a custom GUI you may need to recreate it) from 9.3 and even 10.1 builds. For those that are in a migration plan please refer to the migration document from Citrix http://support.citrix.com/proddocs/topic/ns-faq-map-10-5/ns-faq-migration.html
I have also seen a performance increase in some scenarioes.
There has also been an update on the clustering features, which didn’t caught my eye at first. http://support.citrix.com/proddocs/topic/ns-system-10-map/ns-cluster-feat-supp-ref.html Which allows us to have a Netscaler Gateway vServer running on a local Netscaler node.
Now the new build is 99% pure HTML which is great! there are still some features which still requires JRE, but this is going to be fixed in a future release.
The following features or nodes still require JRE:
- Upgrade Wizard
- User Administration
- Command Policies
- Command Policy RegEx Editor
- Network > Network Visualizer
- Network > TCP/IP connections
- Traffic Management > Load Balancing > Visualizer
- Traffic Management > Content Switching > Visualizer
- Traffic Management > GSLB > Visualizer
- Application Firewall
- Application Firewall wizard
- Add/ Edit/ Import profiles
- Update Version
- Auto Update Settings
- Application Firewall
Citrix has also made easier integrations for their own products such as XenDesktop/XenMobile/Sharefile and so on, which makes it easier for consultants to deploy Netscaler solution to provide availability for other products.
Now all of the new features are listed here –> http://support.citrix.com/proddocs/topic/ns-rn-main-release-10-5-map/netscaler-10-5-rn.html
One thing which I find is the most important featue in the latest build (besides the new GUI) is the front-end optimization feature which allows the Netscaler to reduce load and render times on web pages which are rendered on a client browser, after some intials tests with this feature I was able to save 60% of the load time. Since in most cases a web site is not optimized for speed, and therefore Netscaler might be an important piece there.
But to sum it up so far, I’m really impressed with the latest release and how Citrix has made Netscaler even more powerful with more then 100 more features, and makes it a more key component in most datacenters. Looking forward to the later releases to see what Citrix has up their sleeve!
Microsoft has recently released a document series which contain best practices for task sequences with Configuration Manager 2012 R2. This series goes trough a step-by-step in all the different steps in a task sequence.
For all IT-pros working with task sequences I suggest taking a look at the document series here –> http://www.microsoft.com/en-us/download/details.aspx?id=43412
In other related news, my fellow MVP Kent Agerlund has released a new book (updated) for Configuration Manager 2012 R2 master the fundamentals, which you also should take a look at if you want to learn more –> http://www.amazon.co.uk/System-Center-2012-Configuration-Manager/dp/9187445085/ref=sr_1_1?ie=UTF8&qid=1404503771&sr=8-1&keywords=kent+agerlund
A couple of days ago I was involved in a case where ICA sessions were suddenly disconnected and the users were unable to reconnect. The setup was a simple ICA-proxy access gateway using the latest build (126) and there were no error messages on the Storefront server.
After involving Citrix support they recommended that we disable AppFlow for the access gateway (since this deployment used Netscaler Insight to monitor ICA sessions) then suddenly things started to work again.
Now I knew that I’ve seen this issue before somewhere on twitter, a quick tweet discovered that someone else has seen the issue as well.
So apparently using Appflow with session reliability is a NO-GO!
If someone has managed to test this with 10.5 please give me some feedback if this has been fixed!
So there has been some fuzz regarding the latest release of Netscaler 10.5 (also codename Tagma) which should been the death of Java GUI within Netscaler. Not quite there yet..
So what has Citrix improved / added in this feature ? Well it is quite a lot. Citrix states that they have added over 100 new features in this release. Beta 1 has just been released to partners, and beta 2 is on its way which is coming mid may.
In the later betaes which are coming there are coming more templates to App and load balancing. But let us focus on the news that’s arrived now.
- HTML5 based GUI
- NITRO SDK for Python
- NITRO for File Operations
- NITRO for ZebOS system
- GSLB Static proximity sync
- SSL configuration Profiles
- CNAME record caching
- Multiple Port CS
- AAA Session Stickiness
- Kerberos Performance
- Jumbo Frames
- Link Redundancy
- TCP BIC and CUBIC
- SPDYv3 Gateway
- SDX Manageability
- Front End Optimization
- Insight Center Enhancements
First of is the GUI which is now mostly pure HTML 5 which makes it quite snappy! I would say that about 80% of the GUI is now HTML 5, some features such as running trace still uses Java (Im guessing this is something that is going to get fixed in a later release.
So what is new under licensing part ? We can see that there are some new features which appear here, such as Integrated Disk caching and RISE (Which is part of the Cisco platform)
There is also two new “features” within Traffic optimization
* Front End Optimization (Which converts data which is being sent back to the user, such as convert image files)
And we have content accelerator (Which is used for integration with Citrix ByteMobile)
Also setting up a new Netscaler Gateway is also alot easier since we don’t need the Java part anymore.
Also support for LLDP is here, which is a information exchange protocol kinda like CDP (from Cisco) So here is a comparison between the old GUI and the new GUI
There is also a list of new monitors which are built-in
Also support for LACP on interfaces which allows you to team NICs.
Citrix has also added some basic wizards which allow for easier setup against XenDesktop / Sharefile and such.
Also SSL profiles and DTLS profiles
We also have support for Jumbo Frames which allows for up to 9000 bytes of payload instead of 1500.
And one thing that is missing is Edgesight monitoring from Netscaler which looks like it has been removed for good. One thing which I didn’t find in the beta but is mentioned in the video is support for Oracle (which most likely coming in a later beta) o this is just my findings in the latest Beta. ill update when the next beta is coming! Looks like we have much to look forward to!
Well the title might be a bit misleading but its true! For those who haven’t seen the news yet, you can read about it here –> http://www.dell.com/learn/us/en/uscorp1/press-releases/2014-06-24-dell-software-defined-storage-portfolio
Now a little background story here, Nutanix has been in the market with its hardware based appliances in about a year/two years or so now. The appliances are running the Nutanix OS and where the magic happens. Now I’ve talked to some customers who swear to having hardware from the regular hardware provides since its familiar and you know how to handle the warranty/support/upgrades and so on, and therefore Nutanix might not be a good match for them.
Now as of today, Dell and Nutanix announced a strategic partnership which will allow Dell to ship their Dell XC Series of Web-scale Converged Appliances, which combine compute, storage and networking and with the Nutanix software on the top which allows for the best of both worlds.
For those that have read the Gartner report which was recently published “Magic Quadrant for Integrated Systems” both Dell and Nutanix are listed in the quadrant and have the focus areas and with this new partnership they will fullfill each other “weak” spots and both come out stronger from this.
So make sure to follow this space going forward!
So as of today, Azure Active Directory Premium is available in trial for all users. For those that aren’t aware of what Azure Active Directory Premium is in short Identity and Access Management for the cloud so its a extension of the previous features which include,
* custom domains
* users and groups
* directory integration with local Active Directory
* MFA (which I have blogged about previously http://bit.ly/1lkQ0NO)
The premium part allows for single-sign and multi-factor authentication to any cloud application. To show the entire functionality.
Active Directory Premium edition is a paid offering of Azure AD and includes the following features:
- Company branding – To make the end user experience even better, you can add your company logo and color schemes to your organization’s Sign In and Access Panel pages. Once you’ve added your logo, you also have the option to add localized versions of the logo for different languages and locales. For more information, see Add company branding to your Sign In and Access Panel pages.
- Group-based application access – Use groups to provision users and assign user access in bulk to over 1800 SaaS applications. These groups can either be created solely in the cloud or you can leverage existing groups that have been synced in from your on-premises Active Directory. For more information, see Assign access for a group to a SaaS application.
- Self-service password reset – Azure has always provided self-service password reset for directory administrators. With Azure AD Premium, you can now further reduce helpdesk calls whenever your users forget their password by giving all users in your directory the capability to reset their password using the same sign in experience they have for Office 365. For more information, seeSelf-service password reset for users.
- Self-service group management – Azure AD Premium simplifies day-to-day administration of groups by enabling users to create groups, request access to other groups, delegate group ownership so others can approve requests and maintain their group’s memberships. For more information, see Self-service group management for users.
- Advanced security reports and alerts – Monitor and protect access to your cloud applications by viewing detailed logs showing more advanced anomalies and inconsistent access pattern reports. Advanced reports are machine learning-based and can help you gain new insights to improve access security and respond to potential threats. For more information, see View your access and usage reports.
- Multi-Factor Authentication – Multi-Factor Authentication is now included with Premium and can help you to secure access to on-premises applications (VPN, RADIUS, etc.), Azure, Microsoft Online Services like Office 365 and Dynamics CRM Online, and over 1200 Non-MS Cloud services preintegrated with Azure AD. Simply enable Multi-Factor Authentication for Azure AD identities, and users will be prompted to set up additional verification the next time they sign in. For more information, see Adding Multi-Factor Authentication to Azure Active Directory.
- Forefront Identity Manager (FIM) – Premium comes with the option to grant rights to use a FIM server (and CALs) in your on-premises network to support any combination of Hybrid Identity solutions. This is a great option if you have a variation of on-premises directories and databases that you want to sync directly to Azure AD. There is no limit on the number of FIM servers you can use, however, FIM CALs are granted based on the allocation of an Azure AD premium user license. For more information, see Deploy FIM 2010 R2.
- Enterprise SLA of 99.9% – We guarantee at least 99.9% availability of the Azure Active Directory Premium service. For more information, see Active Directory Premium SLA
- More features coming soon – The following premium features are currently in public preview and will be added soon:
- Password reset with write-back to on-premises directories
- Azure AD Sync bi-directional synchronization
- Azure AD Application Proxy
Now in order to activate premium in your azure account you need to have an existing directory service in place, then you can go into the directory and then create a premium trial
Then you have to activate the trial.
After premium is enabled you have to license users to use the feature. In the trial we are given 100 licenses which we can use.
But note that now we have other panes here as well that we can use to configure the single-sign on experience. Now in an ideal scenario we would have a Active Directory catalog synced and with a public domain which is verified, i’m in vacation mode so therefore im going to show how to use a cloud only user and setup SSO to different cloud applications.
If we go into users we can see all the users which are located in the cloud directory, either they are synced from a local AD or they are a Microsoft account.
So we have some users in place, if we go into Configure pane we have the option to customize the access page which users are using to use SSO to web applications. We also have the option to enable users to do password reset (NOTE: that this requires that users have either a phone or alternative email adress defined) this can also me combined with password write back to on-premises AD. http://msdn.microsoft.com/en-us/library/azure/dn688249.aspx
Now we want to add some SaaS applications for the test, go into applications and choose add.
There are 3 ways to add an application. Either add a an regular web application or a native client application, choosing a application from the gallery (which atm consists of over 1000 different SaaS applications. Or if we want to publish an internal application outside of our network (this uses Microsoft Azure AD Application Proxy)
So in our case we are going to choose applicaiton from the gallery. Now I have already added some applications to the list here, and some appliactions have different capabilities then others. For instance Salesforce application has the capabilities for provisioning users automatically after a dirsync for instance, while twitter or Yammer do not have this capability.
There are also two types of SSO for each applications, we can either use ADFS (federation based SSO) or use Password based SSO.
Important to note that password based SSO is when a user click on a application from the access portal and has a plug-in installed which then populates the username and password field of the application when entering, it also has some requirements.
Configuring password-based single sign-on enables the users in your organization to be automatically signed in to a third-party SaaS application by Windows Azure AD using the user account information from the third-party SaaS application. When you enable this feature, Windows Azure AD collects and securely stores the user account information and the related password.
Password-based SSO relies on a browser extension to securely retrieve the application and user specific information from Windows Azure AD and apply it to the service. Most third-party SaaS applications that are supported by Windows Azure AD support this feature.
For password-based SSO, the end user’s browsers can be:
- IE 8, IE9 and IE10 on Windows 7 or later
- Chrome on Windows 7 or later or MacOS X or later
Now if I again go back to the application list and click on an application I have usually two options. Defining SSO options and choosing who has access.
NOTE: for salesforce I have the ability to configure automatic user provisioning as well.
Now go into assign users and choose an user in the directory. Now when using password based SSO you get the option of entereting the credentials on behaf of the users (now they are also able to enter this information on the access portal)
After this is done and you have assigned users to different applications they can open the access portal (which can be found here –> http://myapps.microsoft.com ) After I login here with my username I am able to SSO to the application I click on from the portal (NOTE that this requires a browser plug-in installed) Microsoft has also already created an wiki containing best-practices for accessing SSO applications.
And voila, I have my personal little password manager. From a user perspective I have the option to change credentials from this portal I can also change my password for my main user (which is a outlook user in this scenario) But this is a huge step in how to manage access to users and applications with a little touch of the cloud.
So its the time of year again and my summer holiday is starting, therefore there will be little news here for the next month. On the other hand, I received news yesterday that I passed my CCI networking assesment and am now able to do Netscaler training courses.
So on the next months ahead, my time is going to be spent training myself on data center networking, vmware (yeah really!) and IT-security.
So until next time!
So today Veeam announced their latest feature in version 8 which is something that i’ve been wanting for some time now, this feature is known as Cloud Connect –> http://go.veeam.com/v8-cloud-connect
The purpose of this feature is that it allows service providers to Office BaaS (Backup As a Service) to customers and allow them to integrate Veeam B&R to a Service Provider and allow them to use the service provider as a remote repostiory.
This requires that a service provider adds Cloud Gateway in their infrastructure and then customers can add them directly from the console in v8
And since this uses SSL it allows for true multi tenant without the use of VPN appliances between the provider and the customers.
Looking really forward to this feature! will be writing more about this when it releases.
In the many releases of Netscaler VPX (Starting with builds after 9.2) have had some minor issues with additional latency when running on VMware.
This has been a known issue for quite some time, and of course there has been a workaround available as well.
NetScaler VPX Appliance
- Issue ID 0326388: In sparse traffic conditions on a NetScaler VPX virtual appliance installed on VMware ESX, some latency might be observed in releases after 9.3 as compared to release 9.2. If this latency is not acceptable, you can change a setting on the appliance. At the shell prompt, type:
Perform a warm reboot for the above change to take effect. To have the new setting automatically applied every time the virtual appliance starts, add the following command to the /nsconfig/nsbefore.sh file:
But! I am happy to say that this has been fixed in the latest build (126.12) so we no longer require to run the commandline to fix the latency issue