Archive
#Citrix #StoreFront subscription database replication, #GSLB, #NetScaler
Ok, so we’ve all started to use StoreFront (or have U?) and find out that there are A LOT of things that you have to do in order to get it to work as you most probably want it to.
This post is more around how you ensure that the StoreFront architecture supports an enterprise with multiple sites while still having a concistent end-user experience.
Just imagine that you’ve built your architecture out in a true high availability manner with global server load balancing across all products used in the stack to deliver your Windows apps and desktops to your end-users. It may look something similar to this:
In this view you can see that we’ve setup GSLB to ensure that external (Internet) connected users and devices are being connected to a NetScaler Gateway vServer in either London or Miami, and from there the NetScaler and the session profile that communicates with StoreFront (SF1 and 2 in each site) is also load balanced using GSLB to ensure high availability. So everything seems good, right! But no… consider that you as an end-user is being connected to the Miami site and that StoreFront group that has a subscription database containing all the apps and desktops etc. that you have selected and added to your workspace. You will see all these icons by default now when you login to Miami, but you will not see them in the case Miami goes down for some reason or if you travel to London and then gets connected to that StoreFront group as I try to show by this picture:
#Citrix #GSLB blog post – GeoLite City as NetScaler location database
This was a good blog post! And I really like GSLB, of course there may be functionalities that you’d like to advance etc but it’s great! And this post addresses one topic of it;
You may know this problem: Your boss made you build several data centers around the globe with a bunch of NetScalers in the mix to load balance services across the various locations using GSLB (Global Server Load Balancing). But when it comes to configuring a static proximity geo IP database to help with that not too easy to understand dynamic proximity feature you notice most of these databases are commercial and you are out of budget. Luckily though, there are several free versions of geo IP databases out there, which reportedly work quite well. Before using one of those, you should carefully review the license terms. Some aren’t necessarily free for commercial use…
Moreover, these free versions are very popular, well maintained and were frequently updated (I say were because with the assignment of the last IP block by RIPE earlier in 2012 there shouldn’t be too many changes to the databases anymore) . So it’s fair to say that many of our clients who are using these databases are very satisfied with them.
Why is a database with IP addresses and address blocks necessary for such a setup? GSLB responds to DNS requests for a domain name with an IP address of a member service. Which service IP is returned is dependent on the load-balancing algorithm used, for example least connection, simple round robin or more commonly used, proximity to the client (or the clients local DNS to be precise). For proximity based GSLB, when a client sends a DNS request, the system determines the best suitable site…
Continue reading here!
//Richard
#NetScaler #SDX design and best practise
Ok, I understand that this is something that I’ve touched upon before as well and received some comments on (NetScaler MPX vs. SDX dilemma). But I’ll still continue the reasoning behind why I think that the NetScaler SDX architecture is great, and that is needs to be offered on all the different platforms/appliance types/sizes!
To kick off the reasoning I recommend that you read this post; #NetScaler #AAA on NS 10.00 Build 70.7 = watch out!. When you’ve read both previous posts I hope that you see where I’m now going with all of this…
Just have a look at this picture where I’m trying to illustrate two design options for how you could build your NetScaler service for a tenant;
And if you then keep in mind about the AAA bug that caused the whole NetScaler engine to crash, what happens in the top scenario if this VPX had been affected? Think about if that NetScaler hosted network connectivity to you public cloud services with workloads, all SSL VPN users connected to the enterprise, all ICA/HDX proxy users into XenApp/XenDesktop, and also provided AAA features to the enterprise web apps used by customers and partners etc.? Wow, that would actually mean that one single 401 basic authentication could have taken down EVERYTHING!
But; if you would have separated your capabilities/features into separate VPX’s then you wouldn’t have had that issue. The “only” thing that would have happened if you ran into an issue that caused the NetScaler to crash then it would only affect that VPX (AAA VPX in the scenario above).
So my personal view is that it’s great that Citrix provides all the features on one appliance/instance. But it also adds quality and test efforts on Citrix to ensure that they perform testing of ALL features and functions before releasing a new build. And that may affect the lead-time to get fixes and new builds released and quality may also be impacted… and that’s what I’m afraid of is happening. So a little word of advice; separate workloads/features when you can and when you don’t want this big of a risk, and prey that Citrix soon delivers the SDX architecture on all appliances! And they would of course perhaps not just sell the larger boxes like they force us into today even if the bandwidth capabilities of that box isn’t required. But they would instead sell more VPX’ on top of the HW, that’s at least what I think.
Comments?
Cheers!
//Richard
NetScaler MPX vs. SDX dilemma
Hi again!
Ok, I may be totally off and wrong here but I see a bit of a problem with the Citrix product packaging and offering around the whole NetScaler product.
I love the fact that the product is available as virtual appliances (VPX) and physical appliances (MPX) and the lovely “mix-product” which is the SDX platform. The SDX is a lovely addition and I see so many reasons for why you want to go towards that platform, so bear with me.
The NetScaler product itself is a great product and the feature set it rich! It’s definitely rich in terms of what features it offers from the same appliance! Some of the marketing of the product against competitors is that you can do it all (GSLB, LB, SSL offloading, SSL VPN, Application Firewall, ICA/HDX proxy etc.) on one appliance instead of purchasing several. Have a look at the editions of the product and the rich feature offering;
But I must challenge this whole idea of putting all features/capabilities on one appliance! What if you decide to build a service on the NetScaler product and decide to provide these capabilities;
- Access Gateway
- Network Connect (SSL VPN access)
- Network Proxy (ICA/HDX proxying)
- End-to-end Web Security (AAA etc.)
- Load Balancing (LB, GSLB)
So imagine that if for some reason you need a new version of the NetScaler appliance or if Citrix provides a fix for a bug/issue that is related to one of the capabilities. Then you have to stop your whole service delivery of all of them just to apply a patch/update targeted for one of them. Is that good from an incident, problem, change management point of view? I guess that’s why I like the SDX platform where I then can put the capabilities on different VPX instances on the same SDX HW platform.
This then also leads you to the whole cost of the service if you also like this idea of separation of duties, how much does the SDX cost and what does the VPX instances cost (they are purchased in bundles of 5 where 5 is included with the SDX purchase). And except for the cost of the HW, SW and SA you have the complexity that you have to select which of the SDX platforms to choose (see a more detailed NetScaler Datasheet here). And this is the biggest issue as I see it! I’d like to recommend the SDX platform to more customers than the enterprise segment. But then you have an issue, the SDX platforms starts on the 11 500 appliance.
Why doesn’t Citrix offer the SDX model on the smaller appliances?? I’d like to understand that because I think that most customers out there will not require that much throughput or CCU etc that the 11 500 delivers….
And there are more reasons to why you would like an SDX model other than separation of duties.. but more on that in another post.
Cheers!
//Richard
The IT Melting Pot! 