Monitoring Netscaler with Operations Manager 2012

This guide has been written with Netscaler build 73 and Operations Manager 2012 SP1 (on WS2012) with the management pack from Citrix.

Operations Manager 2012 supports monitoring network devices either through SNMP (v1, 2 and 3) or through just basic ICMP.
Citrix has made a management pack solution, which you can use to enhance the monitoring capabilities in SCOM.
The pack also includes VMM PRO management pack (Which is not gone through in this guide, just the basic management pack)

The management pack can be downloaded from mycitrix (Requires login)
https://www.citrix.com/downloads/netscaler-adc/components/netscaler-management-pack-for-operations-manager-2012.html

(Just a side note: Comtrade is a Citrix Partner who is currently making a new management pack for Netscaler so stay tuned for the new release )

So when we have a functional Operations Manager server up and running we have to install the SNMP service on one of the servers.
This can be done via Server Manager.

After that is installed go into services.msc and choose “Accept SNMP packets from any host” or just enter the IP of the Netscaler server.
Make sure that firewall on the OpsMgr server allows for SNMP traffic in.

After that is done you can install and open the management pack folder.

You will see that it includes a Guide and MP folder (which contains the Management Packs)
Now open Operations Manager console and go to administration and choose Management Packs, right-click and choose import.

And from there browse to the directory and choose the regular NS MP (Not the PRO)

And choose Install.

After that is installed, go back to monitoring and you will see that a new folder has appeared under Citrix Netscaler

by default all Performance monitoring are mostly disabled so we have to enable these to actually get some data.
So go into Authoring -> Rules and scope it to Citrix Netscaler

First of we can enable Virtual Servers current up

So we create a override rule for Netscaler Devices

and choose Enabled and save it into a Management Pack where we save our overrides.
After that is done we alter the SNMP settings on the Netscaler devices, im going it in CLI

add snmp manager IP
add snmp community enternamehere ALL (The last one is used to define which rights this community string has)

Add the IP of the SCOM MS and add a community string (In my case I used “com”)

After that is done we have to add the network device into Operations Manager.
Open Administration -> Network Management -> Right Click and choose Discovery Wizard from the wizard choose Network Devices ->

From there specify a name and which MS and resource pool to manage the device

Click next -> choose Explicit

Click Next -> Here we add the community string which we will use to authenticate with the NS
We have to add a new run as account which includes the Community String

Next we add the device IP and choose what type of service it will use to communicate with the device

After the Device Discovery Wizard is done, go into Discovery Rule and choose Run.
After a while the Device will appear under Network Devices pane.

You can check the Application Log on the Operations Manager server for info and you can check the snmp stats option in Netscaler.
So after this is complete we can see the device health properties

We also have some Performance counters for CPU and Memory we can see.

After you have enabled other Performance Monitors they will appear here as well, this allows you to create a baseline for how connections should be on your box.
This also allows for Operations Manager to generate alarms in case of DDoS attacks.

Excalibur and Orchestrator Magic

When Citrix released Excalibur they also included a whole bunch of Powershell which allows you to run Powershell cmdlets to alter anything.
If you are inside the Studio console you can see that there is a PowerShell window there, which shows all of the cmdlets that you have run.

and how does this help ? With the combination of Orchestrator, we can add automation to the equation.
What if we could automate the assignment of application to users via Orchestrator? and we could also add an approval workflow if we used it with Service Manager.
If a new users want a set of 20 new desktop for his or hers company we could create a new workflow which would run a PowerShell script against MCS and do this automatically.
However, I’m not going to go ahead of myself here, this is a start post to show what we can do with the provided PowerShell modules.

First I’m going to show how to import the modules that Citrix provides in this release.
Head over to the Studio server and open Powershell ISE
From there you can run this import commands.

There are more modules but these cover most of the administrative tasks.
If you refresh the ISE modules list now, the Citrix components will show up.

If we created a simple “Publish Application task” We can use the New-BrokerApplication to publish notepad.

New-brokerApplication -CommandLineExecutable C:\windows\notepad -displayname notepad -Applicationtype HostedonDesktop

NOTE: A bit of advice if you are unsure of how the cmd should look like, create an application with the wizard and extract the info after using the get-brokerapplication cmdlet.
Now we have a functional PowerShell cmd to publish Notepad to the studio.

So we know now that we have to import the modules first, then we can run the command to publish notepad, but how do to this via Orchestrator?
First set set-executionpolicy unrestricted on the Studio server.

And your script should be saved.

Now we simplest way is to use the Run Command activity in Orchestrator

I saved the script file locally on the Studio server, and the script looks like the output from the PowerShell ISE above.
So when I run this runbook what happens ?

This just publishes the application in Desktop Studio, it still isn’t assigned a user yet, that requires a bit more in PowerShell ill come back to that later this is just to show the abilities you have with Excalibur and PowerShell

Excalibur and Configuration Manager

Now Citrix released a beta build of Excalibur a couple of months ago, which shows the next generation of XenDesktop and XenApp architecture. (Well actually just XenDestkop, since the XenApp architecture is disappearing)
In addition, with this release we have some fancy choices for how to manage the machines within XenDesktop.

Excalibur will add additional WMI classes to all its desktop.
Which are listed here à

http://support.citrix.com/proddocs/topic/xendesktop-ibi/cds-manage-sccm-ibi.html

This allows you to create collections based upon if it’s VDI or Session host based, and even if it is assigned to a user or not.
Now in order to make these attributes available in Configuration Manager we have to add some WMI classes.

Go into Client Settings -> and alter the clients policy -> Go into hardware inventory and choose add classes. And from the list choose Add Hardware inventory class. From there you can browse to a remote computer that is installed as a VDA and in the namespace you can type \root\citrix\desktopinformation

And choose “Citrix_VirtualDesktopInfo”
Then Press OK

This will give you some more attributes on that WMI class

Which you can again use to create collections based on the variables.

Since Excalibur does not have any direct integration with for instance App-V you can now create user-based assignments to delivery groups.
So the user has multiple options of application deliveries.

Either via Software Portal and Configuration or Storefront with Citrix.

Citrix and Microsoft cloud solutions

Now If people see any wrong facts here please leave a comment below, I can’t cover everything but this post is written purely based on my opinions and my own knowledge and not everything may be correct.
The purpose of this post is to show capabilities and features that Citrix and Microsoft’s cloud solutions possess and how they can benefit each other. Let’s face it, Microsoft or Citrix (which are huge huge huge! in the cloud market)  for that matter can’t do everything themselves, they both have a solid solution around cloud, but each solution has their strengths and their weaknesses.

Now Cloud is a term that consists in 3 shapes. Private, Public or Hybrid.
And there are some common terms that describe a Public cloud solution
* Self-Service
* Elasticity
* Scalable
* Pooling of resources
(Some Public Cloud solutions: Amazon, Windows Azure)
With Private Cloud you have more control of the resources and it is easier to do customization. More are thinking of going with the Hybrid solution which gives you the advantages that a private cloud brings and the benefits of the low cost with a Public cloud. Both Citrix and Microsoft have the ability to support a Hybrid cloud approach. Then again there are may ways to offer a cloud solution for a customer, either it is an application, infrastructure or a platform.

Now Microsoft’s cloud solution consists of the following core components

* System Center
* Windows Server
* Windows Azure (Public Cloud)

Now what do you get with System Center ?
A brief overview
App Controller ( Self-service of their services & virtual machines for system owners, with support for on-premise and public cloud)
Operations Manager ( Monitoring capabilities, SLA monitoring with support for on-premise and also allows for Azure monitoring)
Data Protection Manager ( Backup solution for Windows and Windows Applications ( Physical and Virtual)
Service Manager (IT Service Management, Helpdesk solution, self-service for the users )
Virtual Machine Manager (Manages your virtual infrastructure, network and storage. With support for Citrix, VMware and Hyper-V of course with most capabilities with Hyper-V allows for creating of 1, 2 and 3 tier templates)
Configuration Manager ( MDM, client/server management, antivirus, patch management, can integrate with Azure as well)
Orchestrator (Automation with runbooks across all kinds of different products)
And of course the corner stone of this is Windows Server.

Now a problem with Microsoft’s as of now is that System Center 2012 does not support Windows Server 2012 until Service Pack 1 is released, this will most likely be released Q1 2013, which will close the “gap” that many are waiting for.
Microsoft has acknowledged that everyone isn’t running just Microsoft and has added much more support and functionality for Unix/Linux based servers.

 
And Citrix’s cloud solution consists of the following core components

Much of Citrix strategy on Cloud is based upon Project Avalon which has the key components (Any Cloud, Any Hypervisor, Any Device)
Which comes in this nice wrapping.

Citrix is part owner of the OpenStack solution that Apache has, and has made some changes to it and have their own solution called CloudPlatform
Which is very similar to virtual machine manager. It has support for multiple hypervisors such as
* XenServer
* KVM
* VMware
But their solution has more benefits against XenServer.
It also supports storage solutions and network. So this is the main product for administrating your “cloud”.
Then we have the other products such as
* Cloudbridge (Allows you to “bridge” your private and public cloud” this is actually an add-on to Netscaler which uses IPSEC)
* Cloudgateway (Which is the gateway in for end-users (Which again consists of Netscaler and Storefront )
* Netscaler ( A Network appliance which provides for ADC (Application Delivery Controller) features
* CloudPortal (Which allows for provisioning of users and services, control panel solution)

So depending on what kind of cloud and service you wish to offer your users, both companies provide a solid cloud solution. With automation and multiple hypervisor support.
Microsoft has made a solid improvement to Hyper-V in the latest release so it provides with more advanced features then XenServer it also has support for larger workloads and scalability. So if you choose Hyper-V you need to have VMM, if you choose the latest XenServer you would need CloudStack (VMM has XenServer support but not for the latest release and not for the more advanced features)
Citrix is building much of their solutions based upon XenServer (and some VMware) for instance the AppController that is part of the CloudGateway will not function in Hyper-V

Microsoft also offers a more complete monitoring solution with System Center (You have the capability to monitor all of Microsoft’s products, Network devices, Citrix Products + inlcuding Netscaler (With ComTrade MP) and Unix/Linux services)
And I don’t have enough insight on the automation part of CloudStack go give it a good overview but Orchestrator has also the ability to run commands against SSH devices which allows for running commands against Network devices it also has a broad support of hardware and storage vendors. You can also use it to run PowerShell commands which allow for automation of Citrix installation. (And more and more vendors are implementing PowerShell cmdlets with their products, PowerShell 3 also supports CIM which many vendors support)

But what Microsoft is missing is the network component that Citrix provides with it’s Netscaler product.
* Advanced load-balancing features for all applications running on TCP with or without SSL (With hardware acceleration on the hardware appliance)
* Protection against DDoS attack (SYN flood, ICMP floods) and can also provide with defense against application level attack (XSS, HTTP DoS)
* URL responders, rewrite, filtering
* Intelligent SQL load balancing
* GSLB
* Caching and compression
You can also integrate it with System Center to provide automation of new solutions that should be load balanced. You can also use Orchestrator to automate other options with the SSH options.

When regarding device access Citrix has provides a better solution with support for all types of Mobile devices, which makes it possible for full BYOD. Microsoft on the other hand also promises that you can bring your own (as long as it is running Windows) This solution  requires that you can Citrix on your terminal servers. Citrix also has more MDM capabilities then System Center has (as of today), and with the coming of MDX technology, Citrix is going to gain more ground there.
Microsoft also offers a VPN solution with allows you to connect with your Azure cloud, but this does not provide the same throughput that a dedicated Netscaler with Cloudbridge would provide (Cloudbridge again has limited support against Azure )

And I forgot to mention that Citrix has also their own monitoring and helpdesk tools which are part of the GoTo package (GoToAssist and ) But I am unsure how they compete against Operations Manager which has been around for a long time and against Service Manager which is a core part of the Self-service solution to System Center.

System Center with SPF (Service Provider Foundation) provides the capabilities for hosting providers to create their own control panel solution to automate activities against Orchestrator and VMM) This is a feature that is still in the early stages with an open API. Citrix on the other hand has a more mature product with their CloudPortal solution which can provision users, set up full services on Lync, Exchange, SharePoint, CRM, XenApp and XenDesktop ++ for customers.
But the weakness is that it does not have any integration against System Center to complete the circle on management and monitoring ( and of course backup)
But again this feature is more suited for hosters, for enterprise businesses not so much.

So a little conclusion on my part. What do I think makes a good combination of what these two deliver. This solution will consist of a few products that are yet to be released (But are in beta)
1: Hyper-V 2012 as my main Hypervisor
2: System Center for infrastructure & cloud management and monitoring (SP1 with provides support for WS2012)
3: Project Excalibur next generation XenApp / XenDesktop which provides the best BYOD support (And Provides support for WS2012)
4: XenServer for components that need XenServer
4: Cloudgateway with Netscaler ADC

So it would look like something like this
(Just a glimpse)

And I would appreciate some feedback on your thoughts

Citrix Project Excalibur training

Citrix has released a number of training videos regarding Project Excalibur, you can find them in the links below.

Part 1, Excalibur introduction
http://bit.ly/PN7vHD

Part 2, Excalibur installation
http://bit.ly/Q5Cq3o

Part 3, Citrix Studio
http://bit.ly/ZnP5z1

Part 4, Master Image
http://bit.ly/Z847K3

Part 5, Citrix Storefront
http://bit.ly/UvDMFG

Part 6, Machine Catalog
http://bit.ly/Z83Oi5

Part 7, Deliver Groups
http://bit.ly/RQdI3K

Part 8, Delivering Applications
http://bit.ly/WT60vN

Part 9, Citrix Receiver
http://bit.ly/SUzWTz

Part 10, Citrix Director
http://bit.ly/W0bHlu

Cloud products from Citrix

The term Cloud is used A LOT these days, and I mean a lot! it comes in different shapes and sizes and much of the term is a lot of marketing gone wrong…
Citrix marketing team is also very happy in using that term on their products, therefore they have a huge line of software including the name “Cloud” therefore I decided to write a post about what all the Citrix cloud solutions actually do and what
they consist of. Might also mention that a lot of the products may also contain Netscaler name in front. Citrix has a lot to learn regarding naming and explaining what they actually do. But that is another post entirely

All these Cloud products are a key component to what Citrix calls “Project Avalon”
NOTE: And what you also can notice there on that picture is that XenApp is gone, with Project Excalibur XenApp and XenDesktop are merged together.

Their Cloud products are as following:
CloudPortal Service Manager
CloudPortal Business Manager
CloudBridge
CloudGateway
CloudPlatform (Powered by Apache Cloudstack)

Cloudportal Service Manager is an software only available to CSP (Citrix Service Providers) it provides hosting providers with a web control panel solution where they can provision services for their customers, ad users or Lync, XenApp, XenDesktop, Exchange, SharePoint ++ for customers. For those who have worked with HMC or ExtendASP it is very much like that. You can look more at the architecture here –> http://support.citrix.com/proddocs/topic/ccp-10/cloudportal-services-manager-10-architecture.png

CloudPortal Business Manager is an platform that enables service providers to get to market with an Infrastructure-as-a-Service (IaaS) cloud that has been built on the CloudStack platform. Mostly a billing and reporting solution.

CloudBridge is an extension to Netscaler, and what is does is bridge your “on-premise” cloud solution with your public cloud solution using an layer 2 VPN tunnel ( Which is using IPsec ) And you can see here that is only a part of Netscaler platinum license –> http://www.citrix.com/site/resources/dynamic/salesdocs/Netscaler_Datasheet_August_2012.pdf

CloudGateway is divided into two editions. Express and Enterprise the Enterprise edition, consists of the App Controller, Netscaler Access Gateway and Storefront Services (which is the new Web interface) so this is your ticket into your business . While the express edition does not include AppController. I will discuss in a later post what the AppController actually does.

CloudPlatform  is an open source software platform that pools computing resources to build public, private and hybrid Infrastructure-as-a-Service (IaaS) clouds. It is built upon the Apache Cloudstack solution and allows you to manage most of the virtualization hypervisors.
Oracle VM, KVM, vSphere™ and Citrix XenServer but not Hyper-V (It is much like Virtual Machine Manager from Microsoft)

So in short, much of the products from Citrix labeled with Cloud are actually other products “in disguise” and the term Project Merlin is actually going to be focused on CloudPlatform and will include features such as (Azure support) Merlin Tech Preview is set to Q1 2013.
Will update this post with some more info later on today….

Citrix Project Excalibur

For those that have been living under a rock for the last month or so (or hasn’t been to much involved in Citrix in a while) Citrix has just released a tech preview of their new solution (Which is at the
moment called Project Excalibur) Project Excalibur is the merging of XenDesktop and XenApp also with other components such as Storefront, the DDC and Citrix Studio(Desktop Studio)
And now with the merging of these products, the whole XenApp architecture is gone, there is no more IMA just FMA so no more Zones, Data Stores and so on.. It is much more reliant on the SQL database.

Now for those that aren’t so familiar with the Citrix terms and product names ill give a brief intro:

Receiver.
Receiver provides users with self-service access to resources published on
XenApp or XenDesktop servers. Receiver combines ease of deployment and use, and
offers quick, secure access to hosted applications, desktops, and data. Receiver also
provides on-demand access to Windows, Web, and Software as a Service (SaaS)
applications.

StoreFront.
StoreFront authenticates users to XenDesktop sites and manages stores
of desktops and applications that users access.

Studio.
Studio enables you to configure and manage your XenDesktop deployment.
Studio provides various wizards to guide you through the process of setting up your
environment, creating your desktops, and assigning desktops to users.

Delivery Controller.
The Delivery Controller is responsible for distributing
applications and desktops, managing user access, and optimizing connections to
applications. Each site has one or more delivery controllers.

Server OS Machines. (XenApp)
VMs or physical machines based on Windows Server operating
system used for delivering applications or hosted shared desktops to users.

Desktop OS Machines. (XenDesktop)
VMs or physical machines based on Windows Desktop
operating system used for delivering personalized desktops to users, or applications
from desktop operating systems.

This is a quick overview of how the topology is:

Also for those that are familiar with XenApp the term farm is now gone, it is now called a site
The Zone master function is also gone, in this release the function is distributed evenly across all controllers in a site.

Now lets take a walkthrough of the installation.
BTW: All of this was installed on one virtual server.

Now as you see there are basically two components here, Delivery Controller and you have the Deliver Agent.
The Studio can be installed as part of the delivery controller.

So since this is my first setup I’m going to install the Delivery Controller.With all the components!

This setup will also install a local SQL Express 2008 R2 if you choose it, (Which I only recommend for test / labs etc )

The Setup will also configure the firewall for incoming connections. After the setup is completed, you can have auto launch of the Studio where we can configure everything.

And now remember that farms are now switched out with Sites. So we are going to start with creating an empty site.

So here we just defined a name for the Site, and assigned a license to that site. After that is done we can start the “real” configuration.

Before we continue here I wish to explain what the different options here are –>

Search: says itself
Machine Catalog: A group of VMs or physical machines (For earlier XA people think of it as Worker Groups
Deliver Groups: This is where you assign applications and desktops to users.
Applications: This is where to publish applications you wish to use.
HDX policy: Old Group Policy management
Logging: Configuration logging.
Configuration
Administration: Here you set site administrator
Controllers: Here you have an overview of the site controllers
Hosting: Here you have the overview of what hosting environment you have, vSphere, SCVMM or XenServer.
Licensing: Overview of the license server.
Profile Management: Here you can define policy settings such as folder redirection etc (You can see how it is defined in the picture below)

Now Citrix has also implemented a lot of other nice to have features in the GUI for instance the PowerShell pane, shows all the commands that have been run as PowerShell commands.

And you also have a nice overview of the license usage.

Now part 1 of Excalibur post is complete, more will follow. Stay tuned
But for System Center people like me there are new possibilities to get here.
Citrix recently released Project Thor which allows for an integration for XenApp into Configuration Manager. I’m exited to see what kind of integrations you can get here.

So something missing here, session lingering and session prelaunch where did it go?!!?

Citrix Netscaler and SDN

There is a lot of talk now about SDN, so I would like clarify what is actually meant with SDN.
First of the name SDN is for Software Defined Networking, the concept Is actually pretty simple. It is built upon that a network administrator can share traffic from a single console Instead of having to configure each switch individually.
And for instance, it allows for an admin to allow SharePoint traffic but not regular HTTP traffic, it steps away from the regular ACL deny/grant and performs at a more granular level.
Hence the name, Software Defined

So you have to think that instead of configuring the switches, acls, router etc., an it-admin configures the software that goes trough the network(application control)
So there is a lot of speculation that this is going to be a Cisco killer or Cisco kill switch because this would allow for a multi vendor solution but still have that single control plane.

So again the network becomes app-driven

And back to the topic, Citrix has already laid plans for the future with its Netscaler product and SDN.
They have already established many partnerships with different vendor for this to happen.

Cisco has announced that they are going to discontinue their production of their ACE module, and has already gone into partnership with Citrix to work with SDN.
They have that that for instance Netscaler and their Cisco ASA (Their firewall product) will include integrations which are based upon SDN.

Citrix has also aligned themselves with a lot of other partners such as.

* Palo Alto
* Trend
* Aruba
* WebSense
* Bluecat
* RSA
* Splunk

You can read more about them here –>
http://www.citrix.com/products/netscaler-for-sdn/how-it-works/partners.html

And Citrix themselves has a lot they can offer with Netscaler
With for instance AppTemplates they have many finished templates a company can use (For instance SharePoint, Citrix has made their own template based on best practices which allow for the best kind of user experience )
a template can include (policies for caching, compression, rewrite and other NetScaler functionality used to optimize the application.) So instead of typing in all the information all the Netscaler needs is the IP of SharePoint and Netscaler will do the rest, pretty easy instead of writing ACLs, setup up the service adding load-balancing etc.
You can find them here –> http://community.citrix.com/display/ns/AppExpert+Templates

So it’s a step in the right direction
And with integration with System Center, an Netscaler deployment infront. a Netscaler can detect if there is need for more servers in the back and automatically deploy more.
But the conclusion is, SDN is become more and more popular subject so be ready for it

What was new at Citrix Synergy Barcelona

Wow! The last couple of days there has been a storm of Twitter activity around the Synergy conference in Barcelona (and for those that weren’t able to attend, including myself) There is a lot of new stuff happening around Citrix these days, so therefore I thought it would be a good idea to try to summarize what’s new on the Citrix front (Note that I can’t cover everything so if someone has more info regarding certain subjects or news that flew straight passed me, please send me some feedback either by adding a comment on the post or sending me an e-mail msandbu@gmail.com or pref twitter https//twitter.com/msandbu

Now I want to start first with (what I think is a huge deal)
Citrix and Cisco have now made an “alliance” what that means is still yet to come,  but you can read more about it at this news article here –> http://www.citrix.com/news/announcements/oct-2012/cisco-and-citrix-expand-partnership/_jcr_content.html
But there will be focused on integrating Netscaler and ASA appliances, V1000 coming to XenServer, integrating Cisco Jabber client with Receiver 
And since Cisco has stopped down further production of their load-balancing module ACE (Which will be EoL in 2015)Citrix has now announced a campaign to convert from ACE to Netscaler and get 20% of regular MPX prices –> http://blogs.citrix.com/2012/10/17/introducing_amp/ So this is indeed going to be interesting to see what happens further into the future.

Second thing is the Citrix and NetApp alliance, where NetApp is coming with own components which integrates with for instance XenServer.
You can read more about it here –> http://www.citrix.com/news/announcements/oct-2012/citrix-and-netapp-collaborate-to-simplify-cloud-storage/_jcr_content.html

And a couple of days before that, Citrix also announced a partnership with Palo Alto (Which is firewall provider) You can read more about it here –> http://researchcenter.paloaltonetworks.com/2012/10/perspective-on-the-citrix-and-palo-alto-networks-partnership/

So what is Citrix doing with all these partnerships?
Well what is Citrix good at? on the networking front they have one of the best load-balancing solution (Of course Netscaler can do more then just that) but by joining forces with Cisco and Palo Alto they can get the best of three worlds within Networking. And with the alliance with NetApp they have more storage integration. So with this they will cover all of the components within an infrastructure. 
Now with partners like Windows, Cisco, NetApp, Palo Alto it is indeed going to be interesting.

Windows 8 Welcome!
Citrix has embraced Windows 8 and will therefore come with support Windows 8 very soon.
http://blogs.citrix.com/2012/10/17/welcome-windows-8/

And there is already a Citrix Receiver client out in the Windows Store for Windows 8. But more will come later.and

New version of HDX Optimization pack for Microsoft Lync 1.1
This new feature includes featuring PBX/PSTN integration (Enterprise Voice), conformance to Microsoft Call Admission Control specifications, Enhanced Emergency Services support, and other valuable enhancements that truly round out this important new capability for customers planning to embrace Lync video chat at scale.
http://blogs.citrix.com/2012/09/18/hdx-seminar-to-reveal-a-lot-more-than-windows-8-support/

Desktop Virtualization
New VDI-IN-A-BOX 5.2 review will demonstrate optimizations for Microsoft Lync, support for the latest hypervisor technologies including Microsoft Windows 2012 HyperV, Citrix XenServer® 6.1 and VMware vSphere 5.1. The tech preview will support the Citrix Storefront for unified access to any Citrix CloudGateway delivered service.
http://blogs.citrix.com/2012/10/17/staying-current-with-latest-technologies-with-vdi-in-a-box-tech-preview/

Mobile Desktop Virtualization
Xenclient Enterprise 4.5 XenClient extends Citrix XenDesktop® FlexCast to include the management of physical PCs and secures mobile laptops for disconnected operation. The tech preview includes support for third-generation Intel® Core™ processors, Microsoft Windows 8, and ultrabooks. You can read more about it here –> http://www.citrix.com/news/announcements/oct-2012/citrix-extends-xenclient-to-windows-8-and-ultrabooks

Speeding Migration to Windows 7 and Beyond – Supporting the upcoming general availability of new Microsoft technologies, the next release of Citrix AppDNA application lifecycle management software includes early access features for application testing on Windows 8, Internet Explorer 10 and Windows Server 2012.http://blogs.citrix.com/2012/10/16/expanded-no-charge-application-compatibility-trial-for-application-migration-initiatives-even-windows-8/

GotoAssist to deliver “one-stop” shop for IT Support
This will provide the tools to monitor servers, and with helpdesk support tools that follows ITIL. (Much like SCOM and SCSM from MIcrosoft)
http://www.citrix.com/news/announcements/oct-2012/citrix-gotoassist-delivers-one-stop-shop-for-IT-support/_jcr_content.html

Sharefile
On-premise storage available! It allows you to make existing folders available for the users so you don’t have to create new folders for the users. There are also loads of more features available

• ShareFile with StorageZones – Organizations now have the flexibility to manage their data on-premises in customer-managed StorageZones or choose Citrix-managed StorageZones (secure cloud options available in seven locations around the world) or a mix of both. With customer-managed StorageZones, IT can place data in their organization’s own datacenter to help meet unique data sovereignty and compliance requirements while optimizing performance by storing data in close proximity to the user. By defining where data should be stored, IT is able to build the most cost-effective and customized solution for their organization. Customer-managed StorageZones can be easily integrated with an organization’s existing infrastructure as it is designed to support any Common Internet File System (CIFS)-based network share.
• ShareFile StorageZones MPX Appliance – To further simplify deployment of customer-managed StorageZones in a customer’s private datacenter, Citrix will deliver a new purpose-built StorageZones MPX appliance powered by Citrix NetScaler®. The device will add value to customer-managed StorageZones deployments by offering integrated security and optimizing networks and will work effortlessly with existing storage environments.
• StorageZone Connectors – The company’s follow-me data strategy now extends beyond the data stored in ShareFile. Working in conjunction with customer-managed StorageZones, StorageZone Connectors let IT create a secure connection between the ShareFile service and user data stored in existing network shares. This innovative capability makes it easy for end users to securely access their work documents on mobile devices through ShareFile apps for iPad and iPhone (support for other devices coming soon), regardless of where the data is actually stored. This approach extends all the simplicity and mobile access benefits of ShareFile to existing data storage platforms, without the need for data migration. Using the new ShareFile StorageZone Connectors, it is now possible to securely view and share documents from network file shares, which otherwise cannot be accessed outside of corporate networks or on mobile devices.
• On-demand Sync – The new on-demand sync capability of ShareFile for Windows is designed for pooled and hosted shared virtual desktop environments, including those powered by Citrix XenDesktop® and Citrix XenApp®. Typically in such environments, users sync all their data every time they log into their virtual desktops, putting substantial load on the network, bandwidth and storage. With on-demand sync, users will continue to view all their files and folders within their virtual desktop just like they do today. However, files download and sync only when the user views, edits, saves or shares, resulting in huge reductions in Input/Output Operations Per Second (IOPS) and slashing storage requirements.
• Windows 8 Compatibility – Citrix announced availability of compatible versions of ShareFile Sync for Windows and Microsoft Outlook Plug-in.
• ShareFile for Microsoft Azure – To provide more cloud storage options to customers, Citrix announced plans to deliver Citrix-managed StorageZones onMicrosoft Azure in 2013. This integration will allow ShareFile customers to leverage all the reliable and powerful capabilities of Microsoft Azure by letting them designate data across a seamless global network of Microsoft-managed datacenters. These additional locations will also allow IT to place data close to users to enhance performance.

Present content from the IPad with Citrix GoToMeeting

• Launch a meeting and invite attendees with just a few taps.
• Change presenter so another person can show their screen.
• Present your content by simply browsing to it or opening email attachments (iPad only).
• Easily share content from ShareFile or Dropbox during a meeting (iPad only).
• Brainstorm with the onscreen highlighter and whiteboard (iPad only).

http://www.citrix.com/news/announcements/oct-2012/mobile-online-meetings-just-keep-getting-better-with-new-ways-to-launch-and-present-content-from-the-ipad-with-citrix-gotomeeting/_jcr_content.html

Secure E-mail and Web on mobile with @WorkMail @WorkWeb apps
Which allows secure e-mail reading and surfing from iOS and Android.
http://www.citrix.com/news/announcements/oct-2012/citrix-boosts-its-enterprise-mobility-solution-with-new-workmail-and-workweb-apps/_jcr_content.html
http://www.citrix.com/products/cloudgateway/whats-new.html?ntref=hp_promo_CG-new

Excalibur and Merlin releases, which is the next release of Avalon
http://www.citrix.com/news/announcements/oct-2012/citrix-unveils-next-phase-of-project-avalon-at-synergy/_jcr_content.html

New GoToMyPc
Access to remote PC from Kindle Fire and Android Phones or Tablets.
http://www.citrix.com/news/announcements/oct-2012/citrix-gotomypc-offers-total-mobility-with-app-for-kindle-fire-and-android/_jcr_content.html

Netscaler 101

The last couple of days I’ve seen a lot of traffic on my blog regarding the posts on Netscaler ( And I don’t have so many of them!) And with the recent events regarding Cisco ACE and Microsoft Forefront TMG, I’m guessing that a lot of people are looking into the option to switch over to Citrix.
Cisco has always been huge in the networking market, but in the ADC (Application Delivery Controller) market they have never gotten the huge market share that they were hoping for, therefore a couple of weeks ago they decided to stop further development of their ACE product. And in similar events Microsoft decided to stop further development on their TMG product. TMG is not the same product like Netscaler/ACE/BIG-IP thou it has a lot of the same functions and features.

So back to Netscaler what can it offer:
* Advanced load balancing
* Content and app caching
* Database load balancing
* Application Firewall
* Secure Remote Access
* Advanced server offload
* Application acceleration
* Integration with Citrix
      * Access Gateway features
      * Web interface
* Scale up and Scale Out features

You can read more about the different features here –>
http://www.citrix.com/products/netscaler-application-delivery-controller/features.html

Now the Netscaler product comes in 3 Different versions.

MPX: Which is the hardware appliance, is again split up into different models,
http://www.citrix.com/products/netscaler-application-delivery-controller/features/platforms/mpx.html
As you can see most of the models here have a “pay-as-you-grow” options, so for instance if you buy a MPX 7500 and your company is growing and you need more throughput you can upgrade your 7500 to a 9500. So it’s the same hardware as before you just “unlock” more features.
You can see all the different models and features here –> http://www.citrix.com/content/dam/citrix/en_us/documents/products/netscalerdatasheetaugust2012.pdf

VPX: Is a software based virtual appliance, which is available for Hyper-V, VMware and XenServer.
http://www.citrix.com/products/netscaler-application-delivery-controller/features/platforms/vpx.html
Here as well you have a “pay-as-you-grow” solution so you can upgrade it if you need more throughput, the downside to using a VPX is that it does not have  hardware based SSL acceleration (which the MPX has), which allows for a lot less SSL connections.

SDX: Is the best of both worlds. It is a hardware appliance like the MPX but in also has capabilities of running VPX. So it’s a piece of hardware which basically runs a stripped down XenServer which allows to run multiple VPX inside. And since this piece of hardware has SSL acceleration capabilities it does not have downside of a regular VPX. It allows for up to 40 VPX’s and that will allow for true multi-tenancy.
You also have the “pay-as-you-grow” option here.
http://www.citrix.com/products/netscaler-application-delivery-controller/features/platforms/sdx.html

Also Netscaler comes in 3 Different editions (Like most of Citrix products)
You can see the different editions and their limitations in this datasheet
http://www.citrix.com/content/dam/citrix/en_us/documents/products/netscalerdatasheetaugust2012.pdf

A summary,
Standard = Use for Load-balancing (Web and DB) also has Citrix Web interface and TCP optimization
Enterprise = For more advanced features – cloud bridge, edgesight for netscaler, branch repeater client.
Platinum = Includes all the features.

So what do I need for my organization ?
Well first of you need to figure out what your needs are.
1: Do I need just the load balancing for my Web-servers?
2: SSL VPN solution and/or SSL offloading?
3: Advanced Web load-balancing and caching and optimization?
4: Multi-tenancy solution ?
5: DDos defenses ? Or do I have a firewall in front which is fully capable ?
6: Just for my Citrix pieces (Access Gateway and Web interface)?
7: SQL load-balancing?
8: How many users do I have?

You also need to calculate the bandwidth usage the service you are going to load-balance, most of the products (for instance Lync) has well documented traffic usage for each feature.
Let’s take an example if I am a small business that just needs to load-balance my 2 webservers for my internal users (and I have 100 of them) the smallest VPX would suffice.
If I am a enterprise service provider and I offer fully multitenancy solution where customers can setup LB for all their services I would recommend a SDX (The best solution regarding version is to start with the lowest system you think you need and upgrade when you need to grow)

So after you have chosen the model (remember that you always need two of them, since if you only have 1 you have a single point of failure). The next part is setting up the device.
Remember that a Netscaler operating system consists of two parts.
1: Part is FreeBSD (The Appliance uses this part for booting and for logging)
2: Part is the core os (NSOS NetscalerOS) Which controls the traffic in / out of the appliance.

When a appliance boots, it will get system image from the flash and decompress and put it into the ram. The config file is also fetched from the flash and put into the ram. (Which is know as the running-config)
(You can show the running-config from CLI by running the command, show ns runningconfig if you want to see the saved config you can run the command show ns.conf )
You can access it either via a console (serial cable or console via the hypervisor )

And remember that you can save at anytime by running the command save ns config, if you screwed up you can restart the Netscaler (if you didn’t save your config)

But when you start the NS appliance the first thing you see is that it asks for an IP (Which is known as the NSIP Netscaler IP) Which is used for management purposes and clustering. You also enter a subnet mask and a gateway.

After that you can save and quit the config menu and you can now access the appliance via a webconsole. You can also see more info regarding the interface by running the command show ns ip 10.0.0.2

As you can see here it says that “Management Access is enabled” and FTP, Telnet, SSH and GUI is enabled.
So we should disable the insecure access methods before we continue. By running the commands set ns ip 10.0.0.2 –telnet disabled and same for FTP

And there are other things we should configure as well, change the default password for the user “nsroot”
You can do this by running the command config system user nsroot PASSWORD (something very very safe)

Also you SHOULD enable NTP sync with a authorized ntp server.
add ntp server IP –minpool integer –maxpool integer
enable ntp sync

Now we can log onto the Web GUI.  (Im using version 10 of the Netscaler VPX you can get a free trial for your hypervisor from citrix.com and might add that the web gui is much improved in V10)

The default username and password for the local system user on a netscaler is nsroot and nsroot
So after you have logged in you will come to main menu.

Its split up into 3 panes (Dashboard, Configuration and Reporting) and what you see here is the configuration pane.
If I go to the Dashboard, you see a lot of read-time information regarding well.. everything you want to see
I can choose if I wish to view SSL connections, TCP handshakes, HTTP traffic etc..

The reporting pane is just that, you can create reports and there are a bunch out of the box that we can view as well.
But most of the time we are going to be in the configuration pane.
Now what other things do we need to do in order to load balance a service?
First of we have to design how the netscaler should be placed in our infrastructure, most of the designs are based on
one-arm-mode or two-armed-mode.

In one-arm-mode the netscaler has ONE interface, and on that interface external traffic comes in and the inside traffic out on the same interface (traffic is split by using VLAN’s)
In two-arm-mode the netscaler has TWO interfaces, 1 for external traffic comes in and comes out and 1 for internal traffic. So this is the much more common deployment.

Now in both scenarios the traffic to the back-end servers are flowing as the following.

Now when the client connects to the web service as the virtual IP (90.90.90.90) The Netscaler (depending on the LB rules) make a connection to one of the servers which are connected to that virtual service with the Netscaler SNIP(Subnet IP)
The Subnet IP is an address that connects the netscaler to the servers in the backend, so you should have an SNIP address for each subnet you want to have services in.
So SOURCE IP —> VIRTUAL IP (NS) SNIP —-> WEB SERVER 10.0.0.4 (BASED ON LB) so for the web servers it will appear that the connections come from the same IP. And the same will go back to the clients
WEB SERVER –> SNIP (NS) VIRTUAL IP —> SOURCE IP, so for the clients all they see is that one IP address which may house loads of web servers.

Now is there a problem with this ?
Well yeah.. if you have a web server you probably want to have logging in place for the IP address of the client,  now you have the Netscaler option which known as use “Source IP mode”(USIP) which will allow for clients to do a direct connection with the backend servers.  But what is the downfall of this ?
1: TCP Multiplexing which allows for the netscaler appliance to have one connection to the webserver will be disabled when you use Source IP mode.
2: When backend servers see the source IP they will look at their default routing table instead of returning the traffic to the netscaler, so therefore the servers with go with the local gateway instead of the netscaler. When the backend servers try to connect to a TCP connection with the client, the client will drop connection since it is awaiting its response from the Netscaler VIP.
So in the case you use Source IP mode you need to set the default GW on the backend servers to point to the NS.

You can set USIP mode in modes.

Configuration –> Settings –> Configure Modes –> Use Source IP

Alternative enable ns mode usip
In case of logging we have another choice(  inject HTTP header option which allows the Netscaler to inject the source IP header into the http request which again allows logs on the webserver to contain the IP-address of the client. )
But in general I would recommend that you don’t use USIP.

Now lets setup a load-balancing configuration.
Before we continue remember that you need to setup at least 3 addresses on the NetScaler
1: NSIP
2: VIP
3: SNIP or MIP

There are a few things we need to find out before we can setup LB, what kind of service to we need to load-balance and what servers are hosting this service. And we need to setup a monitor towards that service as well, this monitor check is the service in the backend is responding on that server, if one server is not responding for a particular service it is taken out of the LB queue. So we need.
1: Servers (The list of servers that have a particular service running
2: Service (What kind of service is it ? Webhosting port 80?
3: Monitors (Checks if the service on the server is responding if not it is taken out of the LB-queue until it start responding again)
4: Virtual IP (a virtual IP address which the Netscaler will respond to)
All this is added together and it creates a load balanced service on a virtual Ip address which consists of the servers in the server list.

So lets go ahead and create a LB service. First we add a VIP and a SNIP

Go to configuration pane –> IPs and add a IP address. Remember that a VIP is the ip address that the end users are going to connect to, the SNIP is a ip which the netscaler uses to connect to the servers in the backend.
After that go to the load-balancing pane further down below.
Go to servers and add the servers that has a service.
(Remember that this is just a list of servers, you don’t define the services here)

After that go to monitors –>
As you can see the HTTP monitor is enabled by default
This does a HTTP HEAD command, and if it is working as it should you should get a code 200 response.
You can see this by opening the http monitor

After that we add the service,
We add a service that runs on port 80 on one server and add the HTTP monitor. (Remember to add this for both servers) And have a very descript full name each service on each server.)

Now that we have both services on both servers it should look like this
(In my case I don’t have any hosts on these IP addresses yet so therefore they are stated as Down) because the monitor is trying to do http request on them.

Now at alas we will add the virtual server that will point to the http server on these 2 servers in the backend. Go to Load balancing and virtual server –>

Remember to add both of the services on those servers (If you wish to load balance differently for instance it you have a more power on one of the server you can alter the weight on that server to 2, then this server will take twice the load)
You can also go to method and persistence to change how the service is load balanced. By default it is set to “least connection” that server with least connections will get the next connection, this will happen until they are even. You can also specify persistence (This will define if a client should talk with the same server it spoke with earlier) the most typical choice here is cookie insert for web services. But we will leave it at the default.

Now I’ve added a HTTP server with actually responds to HTTP

You can see that is responds to http request if I open a browser to IP 10.0.0.26
And if you are like me and would like to do it via the CLI you can do this.
Run the command add service servername ip http portname

Next we need to add the services to a virtual IP. (that will do the load balancing )
first we do a add lb vs servicename http ip 80
then we bind the services to that virtual ip
bind lb vs servicename serviceserver

After that you can do a

sh lb vs v1 to show that if the load balancing is active

 

Phuh! long post, next one will be regarding setting up a cluster on Netscaler, since you would always need 2 x Netscalers so you don’t have a single point of failure. And we are going to integrate authentication with LDAP.
Now I would also recommend that some user look at the command reference sheet from Citrix eDocs
http://support.citrix.com/servlet/KbServlet/download/20679-102-665857/NS-CommandReference-Guide.pdf