Setting up NMAS with remote Docker integration with Ubuntu docker hosts

I’ve previosly blogged about setting up NMAS and setting up Netscaler CPX

CPX here –>

Now with the upcoming features in NMAS one of the cool stuff is being able to manage and deploy CPX instances directly fron NMAS. All we need to do is configure the dockers hosts properly with remote Docker API. (Which means that we do not need to install the CPX on the docker host manually) Remember that CPX is only supported on Ubuntu!

It’s been tricky to find the correct setup for the remote API, since this is the API that NMAS uses to configure the CPX instances.  So here are the steps that needs to be done on the docker host before we can manage it using NMAS

Edit the file /lib/systemd/system/docker.service using for instance VI

sudo vi /lib/systemd/system/docker.service

Edit the ExecStart line so it looks like this.

ExecStart=/usr/bin/docker daemon -H fd:// -H tcp://

After this change has been made save the file, which is typically done using ZZ Then run the systemctl daemon-reload command and then restart the docker service

sudo service docker restart

Then last but not least, use curl to see if it is communicating properly using the default remote API port 4232.

curl http://localhost:4243/version


and voila! all the configuration is done on the ubuntu host and can now be added into NMAS. Now go into the NMAS console. Go into Infrastructure –> Instances –> NetScaler CPX –> Docker hosts and click Add (Enter the IP address of the ubuntu hosts.


and voila!


So now I can go and provision CPX’s instances based upon the image I have


After the instance has been added, I can get a dashboard view of the CPX instance running in NMAS


So now I can get started with setting up services and provision other instances, learn more on our upcoming webinar on July 13 –>

NetScaler 11.1 what’s new?

NOTE: More detailes to come during the day! Smilefjes

So for some time now I have been part of the NetScaler 11.1 Beta, and as part of that I’ve been able to dig deep into the new features which are part of the GA release which came out earlier today.

So what’s new? There are some LARGE features which I have been looking forward to, and there are also some minor changes which are very welcome to the release! I can also take note that the upgrade from 11.0 to 11.1 in the beta firmware worked flawless.

New slick and improved interface, which is blaazing fast! I’m not kidding it is alot faster then the older 11.0 HTML 5 based web UI.


Even though you might think that there wasn’t much to be done there, but the interface is extremly fast now! and makes it a snap to do things in the UI.

It also includes Google like search to make it easier to navigate and locate different objects and policies.


and of course the simplest things are often the best, the save icon will now notify if there are unsaved changes on the appliance.


Simpler redirect of ports and HTTP to HTTPS from within the load balancing settings of a virtual server. This is only available on regular Load balancing virtual server.


New Theme portal which incorperates Unified Gateway look and feel. SO now the Unified Experience theme from Storefront is not included in NetScaler Gateway as its own theme. Bye bye old file share UI.


Which can now be configured from within the Virtual server


Now the coolest feature with 11.1 is the NetScaler Gateway feature and Always On! Which is an alternative to Direct Access and allows for the VPN client to start at boot-time and establish a connection with the NetScaler Gateway vServer at login.

This setting can be configured from within the session policy (Always ON = EaseofUse means that the client will try to connect automatically) and client control specifies if the user is allowed to disconnect the session or not.


But note that this feature like other VPN features requires a universal license for the enduser. Now as part of that the endpoint client also gotten a fresh new UI


With some better looking options pane as well,


HTTP/2 support for HTTP profiles for VPX! (This makes implementing HTTP/2 even easier! from a Microsoft point of view you need IIS 2016 to get HTTP/2 support, but if you are fronting a webpage with Netscaler you can just active this in HTTP profile! (Most web sites use HTTP/2 today so its a simple as a check box)


Easier managment of SSL (Certs, Keys and so on)! Doing certificate managmenet on a NetScaler hasn’t always been the easiest thing to do, sure it has gotten alot better! and with the 11.1 release its even easier, with an own menu option to list out the different stuff. We can also see that files are sorted based upon if they are keys /CSRs or certs.


VLAN to VXLAN bridge (This is more for MPX support but it allows us to map an VNI to a VLAN on the physical network, which allows to do ( clearlyhardware vTEP) support which is great!


Generate SAML Metadata to For instance Microsoft Azure or import the metadata into ADFS makes it even easier to set it up.


Configure HA heartbeat monitor on each Interface on NetScaler yay!


ICA latency profiles! Which can be bound to an ICA policy, which can be instance be used to determine if Drive mapping should be allowed if latency is above <40 MS latency for instance. ICA latency profiles is attached with an ICA policy and action. Which can then be sorted based upon different expressions as well.


Now at the end there are only two things that I need to know more about which is (Pooled licensing and delta compression) Which I would love to know more about but I haven’t been able to get alot of information about it yet.


Also some other mentions about new features that are included.

  • SNI support for backend resources
  • Support for TCP fast open in TCP Profiles
  • TCP Hystart is disabled in the TCP profile ( this gives you better throughput in high-speed networks with high packet loss)
  • New API called Install which can be used to update/downgrade appliances
  • You can use a bulk GET API to fetch bindings of all the entities of a given entity type.
  • The «start nstrace» command has a new parameter, -capsslkeys, with which you can capture the SSL master keys for all SSL sessions. If the capsslkeys option is enabled, a file named nstrace.sslkeys is generated along with the packet trace and imported into Wireshark to decrypt the SSL traffic in the trace file.

Think that is most of the updates from 11.1 stay tuned for our upcoming webinar from the MYCUGC Networking SIG to a little bit more deep dive on the 11.1 release, more information here –>

#236, #nufc

New whitepaper–Comparison between Liquidware Labs FlexApp and Vmware AppVolumes

So I’ve been working for this for some time after I had a presentation about Application layering a couple on months back at NIC conference and on Citrix User Group here in Norway. There are alot of products/vendors in this space, so this time I decided to focus on VMware and Liquidware Labs and more detailed on their application layering technology describing their architecture, strenghts / weaknesses and a feature comparison and my initial conclusion from each product.

So to go get the whitepaper, you can get it here –>

If you have ANY feedback or if you find spelling errors, wrong information, feedback please let me know at

Is Windows Server 2016 the last version of Windows Server?

Having been on vacation the last week, I get a lot of time to think among all the kids and theme parks we visit… It truly makes we belive that we guys are capable of multi tasking… Well enough of that. back to the point!

Thinking back about the development that has been done on Microsoft Azure the last couple of years is truly astonishing, going from a  PaaS solution to integrating IaaS features and now having a large Container ecosystem, load balancing, firewalls, a large third party ecosystem, identity management and much more… Just over a couple of years . While on the other hand we have Windows Server, which has a predetermined release cycle, with updates coming with each release, where it seems to be like there is less development done then being on the Azure side of things.

Now in Windows Server 2016, we see that much of the new stuff which is coming is Nework virtualized functions, Enhancements to Storage (Software-defined), enhancements to Hyper-V, DDA, Identity and so on.. Alot of these features are also the same as their counter-parts in Azure. For instance DDA is a new feature which came because of the need of N-series in Azure (or the other way around) but more features are added to remove the dependency on hardware.

Now many conclude with the same fact that most larger organizations will have some form of hybrid IT now or in the future. Because many services are cost-effective and of course the addition that new services are constantly being added that can make buisnesses more agile and effective. While on the same time having their on-premises solutions where they have controll of data and the custom solutions that needs to run locally.

When looking back at the development being done in Windows Server with 2016 it seems like the feature set is mostly ported from Azure. Also with the release coming from Microsoft around Azure Stack it seems to me like they want to have Windows Server look and feel more like Azure as well. Having that consistent platform vision that Microsoft has been speaking so much about over the last couple of years. The only problem with that vision is the feature gap between Windows Server + Azure Stack and Microsoft Azure by alot! and that is not going to change with the development cycle that is being made to Windows Server.

Should Microsoft move away from Windows Server and make their server operatingsystem a portable Azure hypervisor core where their additional services are just addons that can be added on the top?

When Microsoft released Windows 10 they envisioned a common code platform across different devices (Mobile and Desktop) What if Microsoft did the same with Windows Server?

Having the same code base between the infrastructure running on Azure and the same as on-premises, and when the Azure team releases an addon, being able to use it cross cloud from Microsoft and implementing in locally. That would be pure Hybrid Cloud…


Well this was just some random thoughts, it is not  something that is easily done because of the way Microsoft is structured and how they have done development so far. They state that Azure runs on Hyper-V but its a long way to go to having that consistent platform vision that they want to have.

Webinar on the future of NetScaler!

So as part of the admin group of the Networking SIG (Special Interest Group) on MYCUGC I try to get stuff out to the members, now is has only been a couple of months since we launched the group, but with the amount of updates happening in the NetScaler space the last couple of months and what is about to happen, we decided to arrange a webinar.

So we have an webinar (our first!) on the 13th July! Hopefully we can see alot of people there!

The agenda for the webinar is

  • Quick introduction to the SIG from the SIG leaders.
  • Recap of Networking news from Synergy
  • What’s coming in NetScaler 11.1
  • Deep-dive on Netscaler Management and Analytics
  • Overview of Microservices, containers and NetScaler CPX

So there is alot of stuff we need to cover in one hour, but since this is our first attempt we are allowed to adjust-as-we-go Smilefjes

If it sounds interesting for you, sign up here –>
If not, let us know if there are any particular subjects or features you would like to be discussed, also if you don’t have time to look at the webinar it will be recorded and uploaded somewhere.

CUGC User Share: This webinar will focus on the latest Citrix NetScaler 11.1 release, CPX, Management and Analytics and the latest NetScaler announcements from Citrix Synergy.

Who: CTP Jason Samuel, Dave Brett, and Marius Sandbu; all CUGC Members and Networking SIG Leaders, as well as active bloggers and «NetScaler Enthusiasts»

What: With Citrix Synergy out of the way and the release of NetScaler 11.1, CPX and NetScaler Management and Analytics System we will give you a high level look at what NetScaler CPX is and what it can mean for you, how NetScaler Management and Analytics System will change your management and visibility plus get all the latest NetScaler announcements from Citrix Synergy!  This will be a jam packed hour with Overviews, technical information and demos of the latest NetScaler release. Presentation will include participant Q&A.

What’s coming from Nutanix? Announcements from .Next

So even though I am on vacation, I needed to take a glimpse of what’s happening on Nutanix the upcoming months. Like other companies they save the good stuff for that time each year that they have their big conferences, and even if this is the second year they are hosting .Next they have about 2500 attendees, which is pretty good. So anyhow… back to the technical stuff of what’s new! sorry about the messy layout but Its gathering info from twitter and other sources.

Nutanix Community Edition test-drive

If you want to test out Nutanix but don’t have the lab or enviroment. you now have the option to do a 2 hour test-drive on a Nutanix public cloud. (This is coming soon!)

ABS ( Acropolis Block Storage) which allows us to present block storage using iSCSI to bare metal solutions, for instance like Oracle or SQL Server. (I’m guessing this is a minor extension of Volume Groups which also use iSCSI to present itself to virtual machines.)


Acropolis Container Service
Since everyone else is moving into Microservices and containers, Nutanix wants part of it. therefore they are coming with Docker support for containers on AHV.

Included in the 4.7 release will be the following:

  • DSF and Docker Machine that uses the native Docker API and tooling
  • Easy Install and Support: The DSF Docker Volume Plug-in and the Docker Machine Driver work right out of the box and are fully supported by Nutanix.

ACS is scheduled to be available with the 4.7 release, and natively managing containers using Nutanix Prism is expected to be available in a subsequent release. You can look at a demo for the container service here –>

Nutanix Self-service Portal

Quote Nutanix

One of the core capabilities that developers and business users love in the public cloud is the ability to provision applications and virtual machines without the intervention of IT. Nutanix Self-Service is designed to bring this simplicity to enterprise clouds, so that users can deploy applications at any point in time based on policies set by IT administrators.

Admins can create a catalog of projects and assign users (through AD/LDAP integration) and resources (storage, compute, and network) to these projects. Line-of-business users/developers can then login with their credentials, and based on what they have access to, will see these projects and resources. This will radically simplify application development and delivery, as well as bring a lot of automation to the process. The screenshot below from the user view of the portal shows the VM images that the admin has given access to for a specific user. The user can pick one of these images and can deploy it anytime.

Admin Portal capabilities

  • SelfCreate/Manage Projects
  • Create/Add users and groups
  • Assign Resources
  • Assign Actions
  • Run Show-back reports

Tenant Portal capabilities

  • Deploy Applications from a Catalog (VM Template, vDisk, Images from Docker Hub, App Templates)
  • Monitor Applications
  • Monitor Resource Usage

VMware ESXi Management from Nutanix Prism: The one-click simplicity of Prism will be extended to ESXi as well, and customers will be able to perform common VM operations on ESXi VMs from Nutanix Prism. While this doesn’t obviate the need for vCenter, it eliminates the need to go back and forth for frequent VM CRUD operations. This capability is expected to be available in a subsequent release.

PRISM integration Network configuration for AHV (

Acropolis X-fit (

Enhanced Compression (

Metro availability Witness (

Self-service restore (

Any node can be a storage node (

Also took note that for those attending .Next in Europe there is a HUGE ANNOUCEMENT coming there as well! Might be this little teaser from earlier on the Keynote.

New eBook in the making – Securing web applications with Citrix NetScaler

As Ive mentioned before I always have a longer project in the making which was to create a large free eBook on NetScaler, and to make that more achiveable I needed to split it out into multiple projects. So far I’ve created an ebook on Optimization and one book on NetScaler Gateway. This time I wanted to focus on Security, since that is always something that I’ve had a particular interest in. Below is the topics that I’ve had in mind for this eBook. First discuss the security landscape and what kind of different solutions we have and where the fit into the datacenter. Next go into the NetScaler how it can help and the move into different subjects and things to think about.

The security landscape.
How NetScaler can help web applications.
NetScaler basics.
Feature Processing.
NetScaler and traffic flow..
TCP Profiles.
Hardening the NetScaler.
Load balancing basics.
SSL Basics.
SSL Policies in NetScaler.
Troubleshooting SSL configuration.
Working with Certificates.
SNI, SAN & Wildcard certificates.
Limiting reconnaissance information.
Handling L7 attacks.
HTTP QoS with AppQoE.
Handling L4 attacks.
Rate limiting.
Access lists.
Combining ACLs with IP reputation.
Geo based ACLs.
Enhanced authentication feedback.
Authentication levels.
SAML & Oauth Authentication.
Application Firewall
NetScaler Security Insight

If you think I’ve missing something obvious from this eBook let me know!