One of the new features in Netscaler 10.5 is called Front-End optimization (which actually is part of Netscaler enterprise and +) which allows Netscaler to optimize the HTTP traffic which is headed back to the client. Now let us take a look at some of the different settings.
* Make Inline (This makes JS which are linked to a page to become inline instead, only affects JS which are less then 2 KB)
* Minify (Removes Whitespaces and comments from JS)
* Shrink to attributes (Shrinks an image to the specified size as the HTML tag
* Make inline (This makes Images which are linked to a page to become inline instead, only affects images which are less then 2 KB)
* Optimize (Removes non-image data from JPEGs, such as comments)
* Convert GIF to PNG (converts images from GIF to PNG)
* Lazy Load (Downloads images as a user scrolls down to them)
* Make Inline (This makes CSS files which are linked to a page to become inline instead, only affects CSS files which are less then 2 KB)
* Combine (Converts multiple CSS files into one)
* Move to head tag (Moves CSS defined in the body tag to the head tag)
* Image inline (Makes such as CSS backgrounds referenced in the CSS file as inline)
* Convert Imports to Links (Convert CSS import statements to HTML link tags)
* Minify (Removes Whitespaces and comments from JS)
* Remove Comments from HTML (Removes comments within the HTML files)
Extend Page Cache (
Enable Client side Measurements
Now you can take a look at how HTML will look after it is parsed trough this feature here –> http://support.citrix.com/proddocs/topic/ns-optimization-10-5-map/ns-feo-working-use-case.html
Now that you have some understanding on what it does, let’s go ahead and configure it. First we need to enable the feature and Integrated caching (since this is a prerequisite)
Enable both features
Now by default there are some premade actions, which define what options are enabled. For intance aggresive policy have most of the optimizations enabled.
Now for instance, lets say that we have a prefined load balanced server (which in my case is hosting a WordPress site) the vServer is called WEB-IIS in my case, go into Front-End Optimization –> Policy Manager –>
Here choose bind point, and virtual server
Next we need to bind a policy to the bind point. Remember that here we need to create a policy using an expression and attach it to the bind point.
I used HTTP.REQ.HOSTNAME expression here so in my case when a user accesses demo-webopt the user will be affected by the policy.
After you have added the policy, press OK then DONE and you are good to go.
So try to access the page and watch the statistics.
Now we can see that it has already managed to do some optimization after I tried to access the page a couple of times.
So with this feature it allows web-developers to be able to comment inline code without affecting the users, also being able to have a solid structure on CSS and JS without affecting the performance. Note that this feature is not suitable for all web applications, be sure to properly test the feature first.
Now since the release of 10.5 I have been able to test alot of the new features in the latest release. Citrix has also released new versions of Insight and Endpoint clients for Windows & Mac to match the new release.
The upgrades have so far for my part have been non-problematic (in case of a custom GUI you may need to recreate it) from 9.3 and even 10.1 builds. For those that are in a migration plan please refer to the migration document from Citrix http://support.citrix.com/proddocs/topic/ns-faq-map-10-5/ns-faq-migration.html
I have also seen a performance increase in some scenarioes.
There has also been an update on the clustering features, which didn’t caught my eye at first. http://support.citrix.com/proddocs/topic/ns-system-10-map/ns-cluster-feat-supp-ref.html Which allows us to have a Netscaler Gateway vServer running on a local Netscaler node.
Now the new build is 99% pure HTML which is great! there are still some features which still requires JRE, but this is going to be fixed in a future release.
The following features or nodes still require JRE:
- Upgrade Wizard
- User Administration
- Command Policies
- Command Policy RegEx Editor
- Network > Network Visualizer
- Network > TCP/IP connections
- Traffic Management > Load Balancing > Visualizer
- Traffic Management > Content Switching > Visualizer
- Traffic Management > GSLB > Visualizer
- Application Firewall
- Application Firewall wizard
- Add/ Edit/ Import profiles
- Update Version
- Auto Update Settings
- Application Firewall
Citrix has also made easier integrations for their own products such as XenDesktop/XenMobile/Sharefile and so on, which makes it easier for consultants to deploy Netscaler solution to provide availability for other products.
Now all of the new features are listed here –> http://support.citrix.com/proddocs/topic/ns-rn-main-release-10-5-map/netscaler-10-5-rn.html
One thing which I find is the most important featue in the latest build (besides the new GUI) is the front-end optimization feature which allows the Netscaler to reduce load and render times on web pages which are rendered on a client browser, after some intials tests with this feature I was able to save 60% of the load time. Since in most cases a web site is not optimized for speed, and therefore Netscaler might be an important piece there.
But to sum it up so far, I’m really impressed with the latest release and how Citrix has made Netscaler even more powerful with more then 100 more features, and makes it a more key component in most datacenters. Looking forward to the later releases to see what Citrix has up their sleeve!
So as of today, Azure Active Directory Premium is available in trial for all users. For those that aren’t aware of what Azure Active Directory Premium is in short Identity and Access Management for the cloud so its a extension of the previous features which include,
* custom domains
* users and groups
* directory integration with local Active Directory
* MFA (which I have blogged about previously http://bit.ly/1lkQ0NO)
The premium part allows for single-sign and multi-factor authentication to any cloud application. To show the entire functionality.
Active Directory Premium edition is a paid offering of Azure AD and includes the following features:
- Company branding – To make the end user experience even better, you can add your company logo and color schemes to your organization’s Sign In and Access Panel pages. Once you’ve added your logo, you also have the option to add localized versions of the logo for different languages and locales. For more information, see Add company branding to your Sign In and Access Panel pages.
- Group-based application access – Use groups to provision users and assign user access in bulk to over 1800 SaaS applications. These groups can either be created solely in the cloud or you can leverage existing groups that have been synced in from your on-premises Active Directory. For more information, see Assign access for a group to a SaaS application.
- Self-service password reset – Azure has always provided self-service password reset for directory administrators. With Azure AD Premium, you can now further reduce helpdesk calls whenever your users forget their password by giving all users in your directory the capability to reset their password using the same sign in experience they have for Office 365. For more information, seeSelf-service password reset for users.
- Self-service group management – Azure AD Premium simplifies day-to-day administration of groups by enabling users to create groups, request access to other groups, delegate group ownership so others can approve requests and maintain their group’s memberships. For more information, see Self-service group management for users.
- Advanced security reports and alerts – Monitor and protect access to your cloud applications by viewing detailed logs showing more advanced anomalies and inconsistent access pattern reports. Advanced reports are machine learning-based and can help you gain new insights to improve access security and respond to potential threats. For more information, see View your access and usage reports.
- Multi-Factor Authentication – Multi-Factor Authentication is now included with Premium and can help you to secure access to on-premises applications (VPN, RADIUS, etc.), Azure, Microsoft Online Services like Office 365 and Dynamics CRM Online, and over 1200 Non-MS Cloud services preintegrated with Azure AD. Simply enable Multi-Factor Authentication for Azure AD identities, and users will be prompted to set up additional verification the next time they sign in. For more information, see Adding Multi-Factor Authentication to Azure Active Directory.
- Forefront Identity Manager (FIM) – Premium comes with the option to grant rights to use a FIM server (and CALs) in your on-premises network to support any combination of Hybrid Identity solutions. This is a great option if you have a variation of on-premises directories and databases that you want to sync directly to Azure AD. There is no limit on the number of FIM servers you can use, however, FIM CALs are granted based on the allocation of an Azure AD premium user license. For more information, see Deploy FIM 2010 R2.
- Enterprise SLA of 99.9% – We guarantee at least 99.9% availability of the Azure Active Directory Premium service. For more information, see Active Directory Premium SLA
- More features coming soon – The following premium features are currently in public preview and will be added soon:
- Password reset with write-back to on-premises directories
- Azure AD Sync bi-directional synchronization
- Azure AD Application Proxy
Now in order to activate premium in your azure account you need to have an existing directory service in place, then you can go into the directory and then create a premium trial
Then you have to activate the trial.
After premium is enabled you have to license users to use the feature. In the trial we are given 100 licenses which we can use.
But note that now we have other panes here as well that we can use to configure the single-sign on experience. Now in an ideal scenario we would have a Active Directory catalog synced and with a public domain which is verified, i’m in vacation mode so therefore im going to show how to use a cloud only user and setup SSO to different cloud applications.
If we go into users we can see all the users which are located in the cloud directory, either they are synced from a local AD or they are a Microsoft account.
So we have some users in place, if we go into Configure pane we have the option to customize the access page which users are using to use SSO to web applications. We also have the option to enable users to do password reset (NOTE: that this requires that users have either a phone or alternative email adress defined) this can also me combined with password write back to on-premises AD. http://msdn.microsoft.com/en-us/library/azure/dn688249.aspx
Now we want to add some SaaS applications for the test, go into applications and choose add.
There are 3 ways to add an application. Either add a an regular web application or a native client application, choosing a application from the gallery (which atm consists of over 1000 different SaaS applications. Or if we want to publish an internal application outside of our network (this uses Microsoft Azure AD Application Proxy)
So in our case we are going to choose applicaiton from the gallery. Now I have already added some applications to the list here, and some appliactions have different capabilities then others. For instance Salesforce application has the capabilities for provisioning users automatically after a dirsync for instance, while twitter or Yammer do not have this capability.
There are also two types of SSO for each applications, we can either use ADFS (federation based SSO) or use Password based SSO.
Important to note that password based SSO is when a user click on a application from the access portal and has a plug-in installed which then populates the username and password field of the application when entering, it also has some requirements.
Configuring password-based single sign-on enables the users in your organization to be automatically signed in to a third-party SaaS application by Windows Azure AD using the user account information from the third-party SaaS application. When you enable this feature, Windows Azure AD collects and securely stores the user account information and the related password.
Password-based SSO relies on a browser extension to securely retrieve the application and user specific information from Windows Azure AD and apply it to the service. Most third-party SaaS applications that are supported by Windows Azure AD support this feature.
For password-based SSO, the end user’s browsers can be:
- IE 8, IE9 and IE10 on Windows 7 or later
- Chrome on Windows 7 or later or MacOS X or later
Now if I again go back to the application list and click on an application I have usually two options. Defining SSO options and choosing who has access.
NOTE: for salesforce I have the ability to configure automatic user provisioning as well.
Now go into assign users and choose an user in the directory. Now when using password based SSO you get the option of entereting the credentials on behaf of the users (now they are also able to enter this information on the access portal)
After this is done and you have assigned users to different applications they can open the access portal (which can be found here –> http://myapps.microsoft.com ) After I login here with my username I am able to SSO to the application I click on from the portal (NOTE that this requires a browser plug-in installed) Microsoft has also already created an wiki containing best-practices for accessing SSO applications.
And voila, I have my personal little password manager. From a user perspective I have the option to change credentials from this portal I can also change my password for my main user (which is a outlook user in this scenario) But this is a huge step in how to manage access to users and applications with a little touch of the cloud.
This is something I have been wanting to do for some time now, and now that I am doing a lot of research for my upcoming book, this subject poped up in my head…. How can we automate setup on a Citrix Netscaler ?
Citrix Netscaler has a NITRO protocol which is in essence a REST interface, which means that we have an API to communicate with on the Netscaler. We can also make custom applications using C# and JAVA since within the NITRO SDK comes with common libraries for both.
You can download the Netscaler SDK for each build in mycitrix.com
Link to the latest SDK –> http://www.citrix.com/downloads/netscaler-adc/sdks/netscaler-sdk-release-101.html
Extract the Csharp tar file and browse into the lib folder. Here we have to import the two library files.
$path1 = Resolve-Path Newtonsoft.Json.dll
$path = Resolve-Path nitro.dll
After we have imported the library files we can start a connection to Netscaler. First of we can either code the variables here NSIP, Username and password before or we can use read-host command. In this example the NSIP of the Netscaler is set to 192.168.88.3 and the username and password is default nsroot As you can see security is my top priority
$nsip = «192.168.88.3″
$user = «nsroot»
$pass = «nsroot»
$nitrosession = new-object com.citrix.netscaler.nitro.service.nitro_service($nsip,”http”)
$session = $nitrosession.login($user,$pass)
This COM object is the one that contains the common services against the Netscaler for instance
- Login / Logout
- Save Config
- Enable / Disable features
If we wanted to for instance do a restart we would need to use the same object. For instance some examples to save config and restart.
$session = $nitrosession.save_config()
$session = $nitrosession.reboot($true)
Since the Com object is already loaded we can just run the commands directly. Just to name a few (refer to the SDK documentation for info about all the classes)
So what are some of the basic configurations that we need to do on a Netscaler? First of we need to change the default hostname for instance.
$hostname = New-Object com.citrix.netscaler.nitro.resource.config.ns.nshostname
$hostname.hostname = «NSpowershell»;
Next we should also add an DNS server to the Netscaler so It can do hostname lookups.
$dns = New-object com.citrix.netscaler.nitro.resource.config.dns.dnsnameserver
$dns.ip = «192.168.88.10″;
And then if we want it to do load-balancing we first need to add a server or two which we want it to load-balace.
$server1 = New-Object com.citrix.netscaler.nitro.resource.config.basic.server
$server1.name = «Powershell»;
$server1.ipaddress = «192.168.88.100″;
Next we need to bind that server to a service.
$service1 = New-Object com.citrix.netscaler.nitro.resource.config.basic.service
$service1.name = «IIS»;
$service1.servicetype = «HTTP»;
And lastly create a load balanced vServer and do a service to vServer binding.
$lbvserver1 = New-Object com.citrix.netscaler.nitro.resource.config.lb.lbvserver
$lb_to_service = New-object com.citrix.netscaler.nitro.resource.config.lb.lbvserver_service_binding
$lb_to_service.name = «lbvip_sample»;
$lb_to_service.servicename = «IIS»;
And of course lastly remember to save the config of the Netscaler
So there you have it, some example Netscaler/PowerShell commands! I just getting started here myself so I will return when I have some more usefull commands and im going to make a custom setup script as well
First of, this is a looong post
This is a subject that actually I presented at the NIC conferance in Norway in january.
How we can use Operations Manager to monitor other worksloads other then Microsoft / Windows. Since in most enterprises they have a lot of different platforms such as:
Linux, Vmware, Citrix, Cisco, Microsoft and of course many are looking at towards cloud solutions such as Amazon and Azure.
So im going to show short on each topic how we can use operations manager to monitor all of these solutions.
Now by itself Operations Manager has a good extensive list of monitoring options against Microsoft workloads such as
* System Center
* Active Directory
You can see here for a comprehensive list of Management Packs available for Operations Manager –> http://social.technet.microsoft.com/wiki/contents/articles/16174.microsoft-management-packs.aspx
And of course there is support for Network devices and some Unix/Linux distroes.
The list of supported Network Devices is here –> http://www.microsoft.com/en-us/download/details.aspx?id=26831 Note that operations manager uses SNMP and ICMP for monitoring Network devices.
For UNIX/LINUX based devices you have a newly added managmenet pack –> http://www.microsoft.com/en-us/download/details.aspx?id=29696
It supports CentOS, SUSE Linux, Red Hat, Solaris and Ubuntu and so on.
Now all of the options i’ve list so far is built-in capabilities. Operations Manager works with using agents (Except for Network devices) you have an agent installed, you import a management pack which contains the logic such as rules and alerts, views and reports and you start getting notifications.
So when monitoring for instance Hyper-V we need an agent installed on our Hyper-V agents and the Hyper-V management pack. There is also an VMM management pack which gives us a more detailed overovew of our Hyper-V / Cloud infrastructure
Monitoring Citrix Netscaler
For Network devices, we need to have the SNMP service installed on our management server. This can be done using Server Manager or the PowerShell command.
After that is done we define the service to allow SNMP packets from hosts.
After this is done we have to do some changes to the network device. If we for instance want to monitor Citrix Netscaler we first need to download Netscaler management pack from Citrix. If we have a Netscaler running in our enviroment we have a download pane in the GUI
And download the management pack
Then import the management pack to SCOM. Which can be done under administation –> management packs –> import.
Then we have to add some SNMP configuration to Netscaler to allow it to communicate with SCOM. This can be done using the CLI command
Community string is used for authentication against the SCOM server. Next we need to run a network discovery rule
Make sure that the default account here has the same credentials as the community string we entered on the Netscaler
Then under Devices, enter IP address and choose SNMP version 1 / 2 and bind the run account
After we ran the discovery we have the Netscaler device appear in our infrastructure under network devices.
Monitoring XenDesktop 7.x requires a Managment Pack from a Citrix partner called ComTrade. They make Management Packs for most of the Citrix products. The setup is pretty basic and install the agent that they come with on the XenDesktop Controller and on the Management Server and add an license
Import the management Packs for XenDesktop.We also have to define the agent installed on the XenDesktop Delivery Controller as an Proxy, this allows it to fetch data outside of its object.
And voila we have a custom view for XenDesktop which gives us a good overview of the Site and can also view how many sessions on the site.
As a part of the transition to the Cloud many are looking at a hybrid cloud solution where we have a combined on-premise and a public cloud provider, but one of the problems that appear is monitoring cloud services on the cloud provider.
Again, since this is a Citrix product it requires a management pack from ComTrade. XenServer is using a custom built FreeBSD so we cannot use the regular Unix/linux management pack to monitor it. On theo ther hand using the Management Pack from ComTrade gives us the total overview.
In order to monitor a XenServer we need a regular server running as an proxy agent. This server will be running as an Xenserver management proxy, so this will connect to the XenServer pool and gather data and report back to Management Server.
First we need again to enter a connection to the pool from the proxy agent
Then enter a license (or else the agent will not forward any information at all)
Monitoring services in Azure is not as easy as It seems, we can use S2S VPN and have an agent installed on all VMs running there, or setup a gateway server but this only covers the virtual machines and does not cover the other roles there.
Microsoft luckily created a managmenet pack that we can use to monitor Azure services directly from Operations Manager. You can find it here –> http://www.microsoft.com/en-us/download/details.aspx?id=38414
After importing the management pack we will get a new pane under Administration called Windows Azure, here we have to setup Operations Manager against an Azure account we wish to monitor.
Here we have to enter a subscription ID and a Management Certificate against our account
After we are done here, we acn go to authoring and setup Azure monitoring. Since it by default does not start to monitor objects in Azure, we have to define which objets it should monitor.
Here we can monitor our Cloud Services, Subscription, Virtual Machines and Storage Containers. So after we have configured what we want it to monitor it will start generating alerts.
Monitoring Amazon Web Services
Amazon has done a good job when creating its Management Pack for Web Services. (Which can be downloaded from here –> https://aws.amazon.com/windows/system-center/
It contains good information and gives a good overview of most of your infrastructure running in Amazon.
To setup monitoring, import the management pack. Go into Authoring pane and run the Amazon Web Services under Management Pack objects. Here we need to define a watcher node (which will be used to communicate with Amazon as define a run as account.
The run as account should be in form of an Access Key ID and the Secret Access ID using Basic Authentication.
After we have that setup it will start gathering info and start monitoring objects as they appear.
Monitoring Unix/Linux agents
Monitoring Unix/Linux requires that we import the management pack for monitoring Unix/Linux, which can be found here –> http://www.microsoft.com/en-us/download/details.aspx?id=29696
Now in my case I want to monitor ubuntu, then I need to use the Universal Linux MP. Since ubuntu does not have its own management pack. After I’ve imported that I have to setup two accounts under Adminsitration –> Unix/Linux accounts
ONe for agent maintance and one for monitoring. Both of these have to be bound to a profile. (You can see more about accounts which need to be defined here –> http://technet.microsoft.com/en-us/library/hh287150.aspx)
After that we have to setup a discovery (note the linux server needs to be entered with a DNS name)
Monitoring VMware from operations manager, requires an Management pack from Veeam.
The management pack requires that we have some extra components installed on a server which has an Operations manager agent installed. This server is used to communicate with vCenter and get info from the Vmware enviroment.
These components are web services which allow communication flow
•Veeam Vmware Collector
•Veeam Virtualization Extensions Services
•Veeam Virtualization Extensions UI
(These components can be installed on the same server)
After these components has been installed we have to setup connection to vCenter from the Extensions Services web gui.
After this is done we will start to get information into Operations Manager.
Now there are also some other Management Packs which are on Microsoft Pinpoint which shows other third party products which we can monitor from Operations Manager.
Many third party vendors do not have their management pack available on Pinpoint to contact your vendor in case you are unsure if they have a management pack. Important to note that this is just to show the possbilities we have with Operations Manager, important to many management packs will in many cases slow down your setup and requires alot of tuning before it works as you want it to
So after the public announcement Citrix made earlier today, it was clear that they are going to bring back XenApp to life more or less. You can see more about the product here –>
Not quite, even thou it is called XenApp it is still running the XenDesktop FMA architecture beneath. The reason why they are bringing the XenApp name ? because of the brand, since many people are very familiar with the name and the concept it brings. Since many think of XenDesktop as an VDI solution.
It will again be available as the same versions that it was before, Advanced, Enterprise and platinum. Thus meaning the end of XenDesktop app edition (Since this is actually the XenApp functionality) Customers that have XenDesktop App edition have the same functionality as XenApp Enterprise 7.5
So what does XenApp 7.5 bring to the playing field ?
Hybrid Cloud provisioning – To AWS and Cloudplatform (No Azure here! will come later) gives the ability to provision XenApp servers directly in to the cloud provider.
And for existing XenApp 6.5 customers you have more mobile HDX funcionality to provider an better application delivery to mobile devices.
So for those that were hoping for a full return of XenApp, well it just marketing group that is doing a name change to the existing productline to use its branding to its full potential
So the 7.5 product line is rumored to be released in the summer, is it going to be interesting to see what Project Merlin will bring besides the hybrid cloud provisioning
Also you can see what else is available here, it will be released in March
So the latest Java update Version 7 Update 51 again contains new updates and again more security fixes. Alas it also stops Netscaler from working. Even thou Citrix released a new build today 123.81 it does not working with the latest version.
In order to fix the issue we need to add the netscaler URL to a JAVA exception, open the control panel applet.
And choose Edit Site list and add an exception.
After that, restart the browser and start again
Citrix just recently released a XenMobile exam covering much from ZenPrice (MDM function) AppController, Storefront, Netscaler Gateway, Worxapps and such.
More about the exam can be found here, Study info –> http://training.citrix.com/resources/Exam%20Prep%20Guides/370/1Y0-370%20Designing%20Deploying%20and%20Managing%20Citrix%20XenMobile%20Solutions%20Preparation%20Guide.pdf
After taking this exam it will give you the title of Citrix Certified Professional – Mobility.
Now the following CTX articles might give you a pointer in the right direction regarding what’s covered in the exam
Configure Netscaler Gateway with AppController –> http://support.citrix.com/article/CTX139319
How to view patches installed on ZDM Server –>
Configure AppController to provide STA tickets for Worxmail –>
Deploying XenMobile Netscaler Connector –>
Install XenMobile Netscaler Connector –>
Manage XenMobile Netscaler Connector –>
Monitor XenMobile Netscaler Connector –>
Evaluating XenMobile Effects on Device Battery LIfe –>
Configure High-availability on Device Manager –> http://support.citrix.com/proddocs/topic/xmob-dm-85/xmob-dm-manage-ha-wrapper-con.html
Configure High-availability on AppController –>
Install Device Manager –>
Recovering a Primary StorageZones connector –>
Installing XenMobile mail manager –>
Configuring Location Services for Devices –>
Configuring Automated Actions –>
XenMobile Pre installation –>
Configuring MDX policies for iOS apps in AppController –>
Configuring enrollment modes –>
Configure GotoAssist with XenMobile –<
Addind Apps for Android –>
Adding Apps for iOS –>
And read the prep guide to make sure you understand all the Objectives that are covered further down in the list, this will make you better prepared for what questions might pop up.
You can read it here –> http://bit.ly/1cPanxu
This is another one of Citrix hidden gems, Netscaler Insight. This product has been available from Citrix some time now, but with the latest update in became alot more useful. Insight is an virtual applance from Citrix which gathers AppFlow data and statistics from Netscaler to show performance data, kinda like old Edgesight. (NOTE: In order to use this functionality against Netscaler it requires atleast Netscaler Enterprise or Platinum)
Insight has two specific functions, called Web Insight and HDX insight.
Web Insight shows traffic related to web-traffic, for instance how many users, what ip-adresses, what kind of content etc.
HDX Insight is related to Access Gateway functionality of Citrix to show for instance how many users have accessed the solution, what kind of applications have they used, what kind of latency did the clients have to the netscaler etc.
You can download this VPX from mycitrix under Netscaler downloads, important to note as of now it is only supported on Vmware and XenServer (They haven’t mentioned any support coming for Hyper-V but I’m guessing its coming.
The setup is pretty simple like a regular Netscaler we need to define an IP-address and subnet mask (Note that the VPX does not require an license since it will only gather data from Netscaler appliances that have a platform license and it does not work on regular Netscaler gateways)
After we have setup the Insight VPX we can access it via web-gui, the username and password here is the same as Netscaler nsroot & nsroot
After this is setup we need to enable the insight features, we can start by setting up HDX insight, here we need to define a expression that allows all Gateway traffic to be gathered.
Here we just need to enable VPN equals true. We can also add mulitple Netscalers here, if you have a cluster or HA setup we need to add both nodes.
After we have added the node, just choose configure on the node and choose VPN from the list and choose expression true.
Now for Web insight we need to define an expression for instnace I can use an hostname expression and define a website that I have using DNS. This will start gathering appflow data when clients are accessing websites having the hostname web in it.
After a while now we can see that info is starting to appear in Insight, we can “drill” down in the data to show different metrics.
I can go into a user and show his sessions
And I can show what kind of applications the user has been running
For web insight we can see what kind of URLs that are accessed
And I can see what clients have accessed the URL
Now that is the first part, the Insight will not just sit there and gather data. The next part is to integrate this with Director to allow helpdesk users to user this data together with the Edgesight feature which is now a part of XenDesktop 7.
To integrate this we need to install Director on a server, next we need to run a command C:\inetpub\wwwroot\Director\tools\DirectorConfig.exe /confignetscaler
After this is done do an IIS reset and log into Director again.
We can now go into the Network pane and see the data that is collected.
Note: There are some requirements that need to be in place in order for it to function properly.
- NetScaler HDX Insight must be v10.1 or above.
- XenDesktop VDA version 7.0 and above are supported by HDX Insight and NetScaler.
- Storefront from the XenDesktop 7.0 installer or above versions can be used to launch the user sessions.
- Receiver for Mac v11.8 and Windows Receiver 14.0 (4.0) and above are required for accurate ICA RTT metrics.
Citrix released yesterday a tech preview of their Service Template for XenDesktop 7.1 for System Center Virtual Machine Manager.
This template allows for rapid and easy deployment of an entire XenDesktop 7 infrastructure, including setup of Director, License Server, Desktop Delivery Controller and Storefront.
It does not by default include Netscaler as part of the that template but that is something we can add to the “mix” later.
the Techpreview of the template can be downloaded from mycitrix here –> https://www.citrix.com/downloads/xendesktop/betas-and-tech-previews/system-center-service-template-tech-preview.html (This requires a valid mycitrix account) it has a template for XenDesktop and for PVS.
ill continue on with the XenDesktop template and show how it is deployed.
The template contains a bunch of PowerShell scripts, XenDesktop 7.1 ISO file and the template file itself, in order to fully setup the template it needs to VMM ISO file and a generalized 2012 VHD file.
After we have downloaded the template file open VMM –>
Then go into Library and Import Template –>
Then point to the extracted XenDesktop folder.
Then choose next, now we need to point the template to the different ISO files and generalized 2012 template.
After that is done and the mappings are correct we can contine on with the importing.
This will take some time since it needs to import the XenDesktop to the library. When we now go into Service Templates we can see XenDesktop listed as an option there. If we right click and choose “Open Designer” we can see how the layout will look like.
Now if we wanted to we could use the Netscaler integration as well to deploy multiple DCC and Storefronts and automatically setup a load balancing of these services as part of the deployment. Lets see how that can be done using the Service Template. (Note that this integration is still not support in 2012 R2) (UPDATED: IT WORKS) but for the purpose of demonstrating how it CAN be done ill show it anyways. So after we have installed the addon and created a VIP template for DCC and one for Storefront we can open the designer again.
Next we can connect the VIP profiles to the different components, one DCC VIP template for DCC and one for Storefront which has different load balancing mechanisms setup.
Now If I where to configure a deployment of this. I can configure the amount of each server I want in order to ensure scailability and redudancy.
When I start the deploy wizard I get a question to define what is my management network.
Here I can define what is the backend of the netscaler and what the VIP addres of the load balancing solution is going to be.
But since the integration between Netscaler and VMM is not functioning in R2 ill need to get back on that in a later post (UPDATE IT WORKS). But if I go into one of the servers I can see the application scripts that are run in order to setup a functional site.
If I for instance have ComTrade installed on Operations Manager in order to have monitoring of my Citrix enviroment I can add this as a Application Configuration in the last step to have a complete, XenDesktop 7 setup with load balanced Netscaler solution and have complete monitoring using Operations Manager.
This is the power of Citrix and Microsoft!