Goliath IT Analytics for Netscaler

Working with NetScaler an almost a daily basis I usually have a good idea when something it not working as it should or when something is plain out wrong.

Might also be that end-users are experiencing issues with a particular web service or that their Citrix connection stops working. All these problems needs to be addressed quickly and therefore we need a tool that gives us insight into this.

Now Citrix has their own product which is called NetScaler Insight, that is bundled with NetScaler and which pretty much gives us some capability. It has the options to give us Web Insight to see web traffic information and HDX insight which shows detailed information about the ICA sessions.

The problem with Insight is that it has licensing restrictions, which has stopped me from doing many implementations with it.

So depending on the NetScaler license you have, it affects how Insight behaves and how long data is stored in the database. For instance if you have a NetScaler standard you only get real time insight, and if you have Platinum license you can only store data for about 30 days. Also you need to have Platinum to get HDX insight as well.


5 min

1 hour

1 day

1 week

1 month



















Another thing to remember is the data it collects, for instance Web Insight does not report any HTTP errors codes (HTTP error codes 400, 500 and so on) so it can only give us statistics how our website is doing any how many users and so on. Since the NetScaler is often the bridge between the end-users and the services it delivers I would like to have an easy overview into all the different errors that are occurring on my infrastructure

So this is where Goliath IT analytics for NetScaler comes in. Like NetScaler insight, it also uses the standard the AppFlow protocol and acts like an AppFlow Collector to gathers data from the different NetScalers which is then stores in a MySQL database within the appliance. This also gives us a lot of flexibility since we can then do what we want with the data as long as we are a bit familiar with MySQL.


Goliath runs as a virtual appliance on any hypervisor (VMware, XenServer or Hyper-V) and one of the main features, it is that you can pretty much store data for as long as you want to. If we think about it this gives us the benefit to measure the results of optimization changes. For instance we can compare RTT and average latency of a NetScaler gateway session for the last 30 days and the compare from month to month after we have adjusted the TCP settings on the NetScalers.

From the main dashboard, I can also easily see which URL’s are often accessed. This view can also give me a good indication if something is trying to brute force login to a particular URL.


I can also get a quick overview on what kind of traffic is coming, in for instance see what the server activity is like and which NetScalers have active connections. I can also see the total concurrent transactions happening in real-time


Another important aspect of it is the ability to give us error alerts and reporting. Let us say that we host an e-commerce website which is published using NetScaler. If a customer is not able to purchase their items on our site because of an error or because of high response time, they will go ahead and buy it somewhere else. Therefore it is crucial that we can quickly get a hold of that information and fix the root cause behind it.

So if a user were to get a 404 error from a particular webserver, it will trigger an exception in AppFlow and be sent to the AppFlow Collector and the data will be seen in the main dashboard.


Now for instance I can see from the dashboard that a 404 error has been triggered


In order to find the root-cause to this error I can go into the reporting pane and choose the Web: Status Code Summary pane and from the click on the different error codes that have been gathered by AppFlow.


Now if we from there click on the (404 – Not found) error message we can get even more detailed information. From here I can get an detailed overview on which NetScaler this is regarding, what VIP (Virtual Server) that got the error message and which backend servers that was throwing out the 404 error.


If I scroll down I can also get more information in regards to which URL the end-users were trying to access when they got the 404, and from which IP address they were from.


Now that I have this information, I can easily share this information with my web developers so they can fix the issue quickly, which can be done using the share button which will generate a static URL which I can then forward.

From the reporting pane I also have access to more historical data, by default it is set to the last hour but I can go in a change it to a specific time range if I want to


which allows us also to have broader historical data, to see for instance trends on when and how and from where traffic is hitting our services. This gives us valuable insight if we a servicing an ecommerce website and allows for better planning. There is no limitation on time frame for reporting—you can go back a year or more.

Now the use of Goliath IT Analytics for NetScaler just makes sense if you are using NetScaler for web-services and you need to get a clear overview of your traffic with the benefit of error code tracking and longer retention time.

Some of the main issues are still that you require NetScaler platinum if you want to have HDX insight AppFlow for instance, maybe Citrix should consider bundling this with their platinum license like they did with Comtrade to make the license more worth for the customers?

#citrix-netscaler, #goliath-it-analytics

Netscaler and persistency groups

So you are trying to load balance a feature which requires a clients to be redirected to the same backend host using mulitple protocols. For instance an ecommerce site, might allow you to add stuff to the shopping cart using HTTP and then when you want to sign in order to purcahse you need to switch over to HTTPS. And during this process you want the persistency maintaned since data is then locally on the webserver.

Another things is RDP. Now even thou RDP works fine with just TCP 3389 it also uses UDP 3389 for delivering bitmap transports. Vmware View also uses TCP/UDP combination for such a thing with its PCoIP. Now in order to accomedate for this we have Persistency Groups in Azure. By default we can only load balance for a single port at a time.

Now in this scenario we have to LB VIP servers, 1 server which responds on port 80 and another on port 8080. (Which responds on two different VIPs) but underneath these are services hosted on the same server.



After I’ve created these I have to setup a persistency group. Which is under the same load balancing tab. Then I have to give it a name, choose persistency type (I have only two options here, either source IP or cookie insert) then I have to choose what kind of vServers are to be placed in the same group.


Now there aren’t many ways to show if a Persistency Group is actually working, but if you go to the traffic management pane and click on “virtual server persistence sessions” it will show what sessions is attached to the persistency group.


ecommerece is here not a virtual server but represents the persistency group I just created earlier.


Publishing vworkspace HTML 5 connector behind Citrix Netscaler

Since the release of vworkspace 8.5 I’ve been wanting to try out the HTML 5 connector properly! we have a lab enviroment where we have it deployed and it works amazingly fast inside the local network.

But… I also want it available from outside our local network, therefore I decided to publish it using our Netscaler. Now the HTML 5 connector from Dell is like the one on Storefront, it runs on top of the web access server and we can use that as an proxy to access applications and desktops.

Now initially I wanted to publish the connector using SSL offloading, meaning that users could access the HTML 5 connector on a SSL enabled vServer and that Netscaler would do the SSL processing and the web access server would get non encrypted traffic via port 80 but… when I got this up and running all I got was error messages.


Didn’t see alot of useful info in the logs as well which could lead me to the error.

2015-01-20 08:59:45.078 – 844 – RdpProxy – ERROR – Server exception.

System.Net.Sockets.SocketException (0x80004005): An existing connection was forcibly closed by the remote host

   at Freezer.Common.Utils.readAll(Socket socket, Byte[]& data) in d:\Build\349\vWorkspace\Elbling\Sources\SRC\Freezer\IIS\Freezer\Common\Utils.cs:line 121

   at Freezer.Common.SocketStateObject.handleSocket(Object o) in d:\Build\349\vWorkspace\Elbling\Sources\SRC\Freezer\IIS\Freezer\Common\RdpServer.cs:line 160

2015-01-20 08:59:45.078 – 4780 – UserStatecbf3bb31-bd6e-7cdf-5e50-f21fccda8e4 – DEBUG –

2015-01-20 08:59:45.078 – 1000 – UserStatecbf3bb31-bd6e-7cdf-5e50-f21fccda8e4 – DEBUG –

2015-01-20 08:59:45.078 – 1692 – UserState – DEBUG – RDP ProcessExited for: [id_1421740273901]

2015-01-20 08:59:45.078 – 1692 – UserState – DEBUG – RDP ProcessExited: Cleaning up for [id_1421740273901]

2015-01-20 09:00:14.828 – 144 – UserStatecbf3bb31-bd6e-7cdf-5e50-f21fccda8e4 – DEBUG – Message received: AS00000704:      handle_print_cache( 00DEE778 )

2015-01-20 09:00:14.828 – 144 – UserStatecbf3bb31-bd6e-7cdf-5e50-f21fccda8e4 – DEBUG – 00000704:     ignoring an UPDATE PRINTER event

What I did see on the other hand was that my browser which was running the JS did try to open a connection directly to 443

clientSide: wss://demossoproxy.dsg-iam.com/vWorkspace/Freezer/api/Image?sessionId=id_1421175921207 (wss is SSL based websocket connection)

but since my web accesss server was running only on port 80 it didn’t work well. Therefore I changed the setup a bit. Instead of SSL offloading I tried with SSL bridging, so I moved the encryption back to the web access server and just used SSL multiplexing, which actually worked!

I’m guessing that the websocket connection requires the same port externally and internally, since I didn’t troubleshoot it anymore. So here Is a little clip of how fast the HTML5 connector for Dell vWorkspace is.

#citrix-netscaler, #dell-vworkspace, #html5