Netscaler news and codename Tagma and Integration with Nexus Fabric

Today I got a news from a birdie about a new Netscaler release which is coming that has the codename Tagma. The new build which is coming that has loads of different new features and the Java GUI is almost dead.

The rumor is that Beta 1 of the release is coming soon… Im guessing Synergy release.

Another news is that Citrix and Cisco’s partnership has gone to the next level, with integration of the Netscaler in the Cisco Nexus Fabric. (This makes the CCNA Data Center certification even more relevant!)

The integration gives numerous benefits such as easier setup, reduced downtime because of dynamic route updates, and with the integration of RISE gives better visibility into the datacenter by elimnating the need to hide source IP addresses through full proxy ADC services.

You can read more about it here –>

and when I know more about the Tagma release I will let you know! Smilefjes

Automating Citrix Netscaler and PowerShell

This is something I have been wanting to do for some time now, and now that I am doing a lot of research for my upcoming book, this subject poped up in my head…. How can we automate setup on a Citrix Netscaler ?

Citrix Netscaler has a NITRO protocol which is in essence a REST interface, which means that we have an API to communicate with on the Netscaler. We can also make custom applications using C# and JAVA since within the NITRO SDK comes with common libraries for both.

You can download the Netscaler SDK for each build in
Link to the latest SDK –>

Extract the Csharp tar file and browse into the lib folder. Here we have to import the two library files.

$path1 = Resolve-Path Newtonsoft.Json.dll
$path = Resolve-Path nitro.dll

After we have imported the library files we can start a connection to Netscaler. First of we can either code the variables here NSIP, Username and password before or we can use read-host command. In this example the NSIP of the Netscaler is set to and the username and password is default nsroot Smilefjes As you can see security is my top priority Smilefjes

$nsip = «″
$user = «nsroot»
$pass = «nsroot»

$nitrosession = new-object com.citrix.netscaler.nitro.service.nitro_service($nsip,”http”)
$session = $nitrosession.login($user,$pass)

This COM object is the one that contains the common services against the Netscaler for instance

  • Login / Logout
  • Save Config
  • Restart
  • Enable / Disable features

If we wanted to for instance do a restart we would need to use the same object. For instance some examples to save config and restart.

$session = $nitrosession.save_config()

$session = $nitrosession.reboot($true)

Since the Com object is already loaded we can just run the commands directly. Just to name a few (refer to the SDK documentation for info about all the classes)
So what are some of the basic configurations that we need to do on a Netscaler? First of we need to change the default hostname for instance.

$hostname = New-Object com.citrix.netscaler.nitro.resource.config.ns.nshostname
$hostname.hostname = «NSpowershell»;

Next we should also add an DNS server to the Netscaler so It can do hostname lookups.

$dns = New-object com.citrix.netscaler.nitro.resource.config.dns.dnsnameserver
$dns.ip = «″;
$ret_value=[ com.citrix.netscaler.nitro.resource.config.dns.dnsnameserver]::add($nitrosession,$dns)

And then if we want it to do load-balancing we first need to add a server or two which we want it to load-balace.

$server1 = New-Object com.citrix.netscaler.nitro.resource.config.basic.server
$ = «Powershell»;
$server1.ipaddress = «″;  

Next we need to bind that server to a service.

$service1 = New-Object com.citrix.netscaler.nitro.resource.config.basic.service
$ = «IIS»;
$service1.servicetype = «HTTP»;
$service1.monitor_name_svc =»http»;

And lastly create a load balanced vServer and do a service to vServer binding.

$lbvserver1 = New-Object

$lb_to_service = New-object
$ = «lbvip_sample»;
$lb_to_service.servicename = «IIS»;

And of course lastly remember to save the config of the Netscaler

So there you have it, some example Netscaler/PowerShell commands! I just getting started here myself so I will return when I have some more usefull commands and im going to make a custom setup script as well Smilefjes

Netscaler, new java and new problems

So the latest Java update Version 7 Update 51 again contains new updates and again more security fixes. Alas it also stops Netscaler from working. Even thou Citrix released a new build today 123.81 it does not working with the latest version.


In order to fix the issue we need to add the netscaler URL to a JAVA exception, open the control panel applet.


And choose Edit Site list and add an exception.


After that, restart the browser and start again Smilefjes

Status update: Book and NIC2014

So been a few hetical weeks! (Or should I say months)

My book has been released to most of the major online book resellers, its called

Microsoft System Center Configuration Manager High-Availability and Performance tuning

You can see it from Amazon here –>

I am also in the process of writing another book regarding Citrix Netscaler which will most likely be finished in Q2 2014 so really exited about that since I see few Netscaler book out there and hopefully with the latest changes in Netscaler my book has a place in that major gap.

Also im speaking in January at NIC (Nordic Infrastructure Conference) which is one of the largest IT-conference in the nordics. It mostly focuses on Microsoft technology (System Center, Hyper-V, Collabaration etc)

I have a session on thursday regarding Cross-platform monitoring using System Center, which will mostly focus on how to monitor different platforms such as Citrix, Vmware, Azure, Amazon and what other possibilities we have with Operations Manager. So for those that are attending NIC please drop by! Smilefjes

Allow users to choose between Access Gateway and XenApp connection

I some cases you want users to have the option to choose between a regular VPN connection when connecting to your solution or they just want to access their applications and desktops using receiver, of course you can create multiple session policies for users or based on something else but there is also another option which displayes the different options in the web GUI.

If you have a Netscaler Gateway vServer setup with a session policy we can do a change here, open the session policy and go into “request policy” and choose modify –>

NOTE: This requires Smart Access Mode and Smart Access requires the use of Universal licenses

Under Client Experience choose Advanced –>


Here you have a setting called “Client Choices”


When users now login they will be presented with this screen
Which allows them to choose between Network Access, XenApp or Clientless Access.
If I disallowed Clientless Access here it would not appear on the menu.

ill come back in detail later on how to setup Access Gateway for users with plugin or java client.

NOTE: If Netscaler is unable to communicate with the Storefront or WebInterface the XenApp choice will not appear.

And there are three options regarding clientless access.

  • On. Enables clientless access. If client choices are disabled and the Web Interface is not configured or disabled, users log on using clientless access.
  • Allow. Clientless access is not enabled by default. If client choices are disabled, and the Web Interface is not configured or disabled, users log on using the Access Gateway Plug-in. If endpoint analysis fails when users log on, users receive the choices page with clientless access available.
  • Off. Clientless access is turned off. When this setting is selected, users cannot log on using clientless access and the icon for clientless access does not appear on the choices page.

Netscaler Insight and Integration with XenDesktop Director

This is another one of Citrix hidden gems, Netscaler Insight. This product has been available from Citrix some time now, but with the latest update in became alot more useful. Insight is an virtual applance from Citrix which gathers AppFlow data and statistics from Netscaler to show performance data, kinda like old Edgesight. (NOTE: In order to use this functionality against Netscaler it requires atleast Netscaler Enterprise or Platinum)

Insight has two specific functions, called Web Insight and HDX insight.
Web Insight shows traffic related to web-traffic, for instance how many users, what ip-adresses, what kind of content etc.
HDX Insight is related to Access Gateway functionality of Citrix to show for instance how many users have accessed the solution, what kind of applications have they used, what kind of latency did the clients have to the netscaler etc.

You can download this VPX from mycitrix under Netscaler downloads, important to note as of now it is only supported on Vmware and XenServer (They haven’t mentioned any support coming for Hyper-V but I’m guessing its coming.

The setup is pretty simple like a regular Netscaler we need to define an IP-address and subnet mask (Note that the VPX does not require an license since it will only gather data from Netscaler appliances that have a platform license and it does not work on regular Netscaler gateways)

After we have setup the Insight VPX we can access it via web-gui, the username and password here is the same as Netscaler nsroot & nsroot


After this is setup we need to enable the insight features, we can start by setting up HDX insight, here we need to define a expression that allows all Gateway traffic to be gathered.
Here we just need to enable VPN equals true. We can also add mulitple Netscalers here, if you have a cluster or HA setup we need to add both nodes.


After we have added the node, just choose configure on the node and choose VPN from the list and choose expression true.



Now for Web insight we need to define an expression for instnace I can use an hostname expression and define a website that I have using DNS. This will start gathering appflow data when clients are accessing websites having the hostname web in it.


After a while now we can see that info is starting to appear in Insight, we can “drill” down in the data to show different metrics.


I can go into a user and show his sessions


And I can show what kind of applications the user has been running


For web insight we can see what kind of URLs that are accessed


And I can see what clients have accessed the URL


Now that is the first part, the Insight will not just sit there and gather data. The next part is to integrate this with Director to allow helpdesk users to user this data together with the Edgesight feature which is now a part of XenDesktop 7.

To integrate this we need to install Director on a server, next we need to run a command C:\inetpub\wwwroot\Director\tools\DirectorConfig.exe  /confignetscaler


After this is done do an IIS reset and log into Director again.
We can now go into the Network pane and see the data that is collected.


Note: There are some requirements that need to be in place in order for it to function properly.

  • NetScaler HDX Insight must  be v10.1 or above.
  • XenDesktop VDA version 7.0 and above are supported by HDX Insight and NetScaler.
  • Storefront from the XenDesktop 7.0 installer or above versions can be used to launch the user sessions.
  • Receiver for Mac v11.8 and Windows Receiver 14.0 (4.0) and above are required for accurate ICA RTT metrics.

XenDesktop 7.1 TechPreview Service Template

Citrix released yesterday a tech preview of their Service Template for XenDesktop 7.1 for System Center Virtual Machine Manager.
This template allows for rapid and easy deployment of an entire XenDesktop 7 infrastructure, including setup of Director, License Server, Desktop Delivery Controller and Storefront.

It does not by default include Netscaler as part of the that template but that is something we can add to the “mix” later.
the Techpreview of the template can be downloaded from mycitrix here –> (This requires a valid mycitrix account) it has a template for XenDesktop and for PVS.

ill continue on with the XenDesktop template and show how it is deployed.
The template contains a bunch of PowerShell scripts, XenDesktop 7.1 ISO file and the template file itself, in order to fully setup the template it needs to VMM ISO file and a generalized 2012 VHD file.

After we have downloaded the template file open VMM –>
Then go into Library and Import Template –>


Then point to the extracted XenDesktop folder.
Then choose next, now we need to point the template to the different ISO files and generalized 2012 template.


After that is done and the mappings are correct we can contine on with the importing.


This will take some time since it needs to import the XenDesktop to the library. When we now go into Service Templates we can see XenDesktop listed as an option there. If we right click and choose “Open Designer” we can see how the layout will look like.


Now if we wanted to we could use the Netscaler integration as well to deploy multiple DCC and Storefronts and automatically setup a load balancing of these services as part of the deployment. Lets see how that can be done using the Service Template. (Note that this integration is still not support in 2012 R2) (UPDATED: IT WORKS) but for the purpose of demonstrating how it CAN be done ill show it anyways. So after we have installed the addon and created a VIP template for DCC and one for Storefront we can open the designer again.

Next we can connect the VIP profiles to the different components, one DCC VIP template for DCC and one for Storefront which has different load balancing mechanisms setup.


Now If I where to configure a deployment of this. I can configure the amount of each server I want in order to ensure scailability and redudancy.
When I start the deploy wizard I get a question to define what is my management network.


Here I can define what is the backend of the netscaler and what the VIP addres of the load balancing solution is going to be.


But since the integration between Netscaler and VMM is not functioning in R2 ill need to get back on that in a later post (UPDATE IT WORKS). But if I go into one of the servers I can see the application scripts that are run in order to setup a functional site.


If I for instance have ComTrade installed on Operations Manager in order to have monitoring of my Citrix enviroment I can add this as a Application Configuration in the last step to have a complete, XenDesktop 7 setup with load balanced Netscaler solution and have complete monitoring using Operations Manager.

This is the power of Citrix and Microsoft!

Netscaler tips and tricks

So the purpose of this post is to post different tips and tricks with Netscaler, so this is going to be updated from time to time. So it’s what I call a dynamic post Smilefjes
Now there are a tons of different areas to explore here, but im going to start easy.

1: Password reset Netscaler MPX / VPX
Now from time to time you might come by this, you have a customer which has a Netscaler setup and they have forgotten the password for the device. What do you do ?

If you have a MPX you need to connect to the device using a serial cable and use for instance Putty to connect to the serial port.  If you have an VPX you just need to open the console. Now when the device boots you need to press CTRL + C now on the VPX it is simple the boot menu appears


Then you just press 4 and go into single user mode. On the MPX we have to press CTRL + C simultaneously as well when the following appears in the console

Press [Ctrl-C] for command prompt, or any other key to boot immediately.
Booting [kernel] in 2 seconds…

Now to start the MPX in single-user mode you have to type either boot –s or reboot — -s to restart in single user mode. When you are in single user mode the console will look like this.


Next we have to mount the flash device since this is where the config file resides. Now on different devices this flash device has different names

For VPX this device is called /dev/ad0s1a
So first we have to check disk consistency first before we can mount the device.

fsck /dev/ad0s1a (This checks disk consistency)

mount/dev/ad0s1a/flash (This mounts the drive under the folder /flash )

df –l (List the devices and where they are mounted)

Next we need to change directory to the flash drive where the config file is located.
cd /flash/nsconfig from there


Next we use a grep command to create a new config file but without the line which contains the passoword string.
grep –v “set system user nsroot” ns.conf > new.conf

Next we need to rename the current config to another name
mv ns.conf old.ns.conf
mv new.conf ns.conf

After this is done we have a new config file without the password for nsroot and we can reboot.

2: Use of profiles
A feature that I don’t see so commonly used and I think that is because of its not a obvious known feature, so let’s change that. When setting up virtual services you have the option to define a network profile attached to this service.

For instance the netscaler has many built-in TCP profiles which can help with improving the perfomane on a service either over LAN or WAN. These profiles tune different settings on the TCP stack and a desricption for each TCP profile can be found here –>

For instance on virtual services you have an profile pane where we can define which Profile to use.


If for instance you are using this only in a LAN you should use the nstcp_lan_profile. By changing this you will note the performance increase it has.

3: Change GUI on Gateway portal

Now in many cases you want to customize the GUI of the default Netscaler Gateway Vserver.

Now this is possible but not as easy as with Storefront… Smilefjes
First of we need to do some changes within the Netscaler Gateway GUI.

Change setting to Green Bubble under global settings on a Access Gateway vServer (if you want to use it as an template)



Then we can make customizations, we can do this by opening for instance a FTP connection to the netscaler (with for instance winSCP) The gui is located under /netsacler/ns_gui
Changes which are done here can be viewed in real-time.

For instance if we wish to change the background image we can add a new image to the folder /var/netscaler/gui/vpn/media by added a new image by the name bg_bubbles.jpg to replace the old background. (Now I’ve changed it with a picture from the familiy album.


If we wish to change the text that appears in the portal we can change this under /vpn/resources/en.xml (This file contains most of the text that appears in the portal.
So after a few changes here we can get this.


Now if we want to same this custom theme, we first need to create a folder called ns_gui_custom under the /var/ folder.

This can in shell by writing  mkdir /var/ns_gui_custom

Next change directory to /netscaler by typing: cd /netscaler

Now we to archive the ns_gui folder: tar -cvzf /var/ns_gui_custom/customtheme.tar.gz ns_gui/* This is because when the netscaler boots it exports the tar file to the nsgui folder.
After this is done we need to change the vServer global settings to custom theme and reboot to make sure it applies properly Smilefjes

4: Trouble with VIP in a DMZ site

So you have a two armed Netscaler solution where you have a SNIP, NSIP in the LAN network which talk to your backend servers and AD and DNS as such, and then you setup a VIP in the DMZ sone where you host your Access Gateway vServer, you reckon it should work.
But you are unable to ping the VIP address and you are uanble to open the vServer HTTPS.

You can see that the Default Gateway is going trough the LAN interface and when you want to change the gateway you get this error

The solution you need to have a SNIP address in the DMZ sone with the VIP address, this is because a VIP address is not “fully” features network IP unless it has a SNIP on the same network.

Trouble with Netscaler Java GUI with the latest update

So something happend with the latest Netscaler GUI after the last Java Updates. When we tried to open any config changes in the GUI the java applet just wouldn’t load.

Then I discovered that something has changed in the java version, since it containes new parameters. In order to allow the netscaler to load the applet from the browser we have to do some changes to the java gui applet in the control panel.

So we have to remove the keep temporary files on my computer and then restart the browser and voila! Smilefjes


Netscaler releases!

So alot is happening on the Netscaler front from Citrix this day!
Citrix just released a new build version for all of their platforms.

The latest build is 120.13
Which can be downloaded from here –> (Requires mycitrix)
This includes some new features in the wizard for XenDesktop and the setup wizard and alot of bug fixes.

Citrix also released a new version of Insight Center (Still not for hyper-v) but this comes in version 120.13 as well (so it looks like Citrix is releasing Insight at the same time a new build for Netscaler is released)

But Citrix hasen’t released the release notes for 120.13 yet so hard to know what is new Smilefjes
There is some of the new features in the download page.

With this release we extend the Insight visibility offering from Web traffic (Web Insight) to HDX traffic (HDX Insight) analytics.

It will now collect ICA AppFlow records generated by NetScaler ADC appliances and populate analytical graphs over Layer 3 to Layer 7 statistics. The HDX Insightwill provide in-depth analysis over real time and historical data across last 5min (real time) and last one hour, one day, one week, one month as historic data.

You can download it here –>

Citrix as well! released a new management pack for Netscaler 10.1 which also supports 2012 SP1 but they haven’t released a new documentation for it but still it offers a lot of new options.  You can download it here –>

Anyways interesting times ahead! still waiting for Insight center to be released for hyper-V ! Smilefjes

Følg med

Få nye innlegg levert til din innboks.

Bli med 32 andre følgere