Archive
#Netscaler Insight and Integration with #XenDesktop Director – via @msandbu
Great blog post by Marius! š
This is another one of Citrix hidden gems, Netscaler Insight. This product has been available from Citrix some time now, but with the latest update in became alot more useful. Insight is an virtual applance from Citrix which gathers AppFlow data and statistics from Netscaler to show performance data, kinda like old Edgesight. (NOTE: In order to use this functionality against Netscaler it requires atleast Netscaler Enterprise or Platinum)
Insight has two specific functions, called Web Insight and HDX insight.
Web Insight shows traffic related to web-traffic, for instance how many users, what ip-adresses, what kind of content etc.Ā
HDX Insight is related to Access Gateway functionality of Citrix to show for instance how many users have accessed the solution, what kind of applications have they used, what kind of latency did the clients have to the netscaler etc.
You can download this VPX from mycitrix under Netscaler downloads, important to note as of now it is only supported on Vmware and XenServer (They havenāt mentioned any support coming for Hyper-V but Iām guessing its coming.
The setup is pretty simple like a regular Netscaler we need to define an IP-address and subnet mask (Note that the VPX does not require an license since it will only gather data from Netscaler appliances that have a platform license and it does not work on regular Netscaler gateways)
After we have setup the Insight VPX we can access it via web-gui, the username and password here is the same as NetscalerĀ nsroot & nsroot
After this is setup we need to enable the insight features, we can start by setting up HDX insight, here we need to define a expression that allows all Gateway traffic to be gathered.Ā
Here we just need to enable VPN equals true. We can also add mulitple Netscalers here, if you have a cluster or HA setup we need to add both nodes.
After we have added the node, just choose configure on the node and choose VPN from the list and choose expression true.
#Citrix #NetScaler #SDX Installation Overview Video
This is a pretty good “quick” video of the SDX installation! Have a look at it, and remember not to use 1Gbps interfaces only if you want to run more than 7 VPX’s on the SDX! Then go for 10Gbps interfaces or many channels/interfaces of 1Gbps to not hit the SR-IOV limit of 7/1Gbps interface! š
Description
12:45 screen capture with PPT overview on IP Addressing, and walking through install, IP Change for SDX’s SVM and XS IPs, licenses, and then the install of a NetScaler instance with NSIP and SNIP. This is intended to be a quick overview before you set out on a first SDX install, and is in compliment with the SDX Quick Install Guide.
See the video here!
//Richard
New v3 #AWS CloudFormation Template for #XenApp with support for #NetScaler and #StoreFront
Great info and post from Peter Bats!
Since Paul Wilson and myself first introduced a CloudFormation template in the blogĀ āJumpstarting your XenDesktop Farm in AWS with a CloudFormation Template,ā weāve added support for multiple Regions and Availability Zones in a v2 version of this CloudFormation template in the blog āAnnouncing the Multi-Region AWS CloudFormation Template for XenDesktopā.
We are now announcing the third version of our AWS CloudFormation template which adds the new Asia Pacific Sydney region and support for StoreFront and NetScaler Access Gateway Enterprise. This release makes use of the NetScaler VPX instances available via AWS MarketPlace, and replaces Web Interface with StoreFront to be able to support all the advanced features of our latest Citrix Receivers.
Version 3 of the CloudFormation JSON template can be downloaded fromĀ here.
Weāve also made a video available for you that walks you through the whole process on Citrix TV. Check it outĀ here.
For detailed instructions on using the v3 CloudFormation template, download the setup guideĀ here.
Using this new template, in only a couple of hours youāve constructed a XenApp farm in your selected Region within the AWS cloud using Netscaler and StoreFront technology. You can use the farm for a number of purposes, including:
- Application Testing
- Business Continuity
- Proof-of-Concept
- Testing XenApp performance in the Ā Ā Ā Ā cloud
- Learning how to manage AWS resources
We welcome your…Ā
Continue reading here!
//Richard
How does #Citrix #NetScaler SDX isolate its instances?
Ok, I received this question the other day and this article is really spot on! Get a cup of coffee and enjoy! š
And remember this: YOU CAN ONLY HAVE 7 INSTANCES/1Gbps NIC!!!! So if you intend to host more than 7 VPX’s on your SDX then ensure that you plan your network design if you use 1Gbps otherwise go for the 10Gbps ports and SPFS.
NetScaler SDX Appliance with SR-IOV and Intel-VTd
This article contains information about the Single Root I/O Virtualization (SR-IOV) and Intel Virtualization Technology for Directed I/O (Intel-VTd) technology and how NetScaler appliance uses this technology to achieve fully isolated high performance NetScaler instances.
NetScaler SDX Appliance with SR-IOV and Intel-VTd
Server Virtualization presents both a tremendous opportunity and a major challenge for Enterprise Data Centers and Cloud Computing infrastructure. Current Hypervisors already facilitate the consolidation of many servers that are not utilized efficiently to a smaller number of physical servers delivering better space utilization, lower power consumption, and reduced overhead costs.
Virtualization architectures are built on a virtualization layer called a Virtual Machine Monitor or Domain 0 that becomes the primary interface between a virtual machine and the physical hardware. Even though virtualization allows multiple virtual machines to share the same hardware, it also creates additional overhead and can lower server performance as it becomes the bottleneck between a virtual machine and input/output (I/O) hardware as the number of virtual machines increase.
The NetScaler SDX appliance breaks through these performance bottlenecks by leveraging next generation of I/O virtualization technology called SR-IOV as defined by the PCI-Special Interest Group (SIG). SR-IOV enabled Intel chips along with Intel VT-d enable the NetScaler SDX appliance to significantly reduce virtualized network processing overheads, and provide more secure and predictable mechanisms for sharing I/O device among multiple virtual machines.
Intel Implementation of Single Root I/O Virtualization
Intel has worked with the PCI-SIG to define the SR-IOV specification. As shown in the following image, SR-IOV provides dedicated I/O to virtual machines bypassing the software virtual switch in the Virtual Machine Manager (VMM) completely, and Intel Ethernet Controllers improve data isolation among virtual machines. Another feature of SR-IOV is a feature called Virtual Functions. These are Lightweight PCIe functions that allow a single physical port to look like multiple ports. Therefore, multiple virtual machines can now have direct assignment on the same port. This increases the scalability of the number of virtual machines on the machine through more efficient I/O device sharing.
Intel VT-d Technology
Intel VT-d is a hardware enhancement for I/O virtualization that is implemented as part of core logic chipset. Intel VT-d defines an architecture for DMA remapping that improves system reliability, enhances security and…
Continue reading here!
//Richard
#Citrix #NetScaler VPX on the #Cisco 1110 Virtual Network Services platform – via @pigram86
Interesting!!! š
This week atĀ Cisco live! in London, Citrix is demonstrating theĀ Citrix NetScaler VPXĀ virtual application delivery controller (vADC) on theĀ Nexus 1110 Cloud Services PlatformĀ . NetScaler VPX is the industry-leading vADC and is further testimony to the expanding ecosystem for the CiscoĀ Nexus 1000VĀ virtual networking portfolio and theĀ Cloud Network ServicesĀ platform. The integrated Cisco-Citrix solution follows on the heels of last yearās agreement by the two companies that Cisco would reference sell the Citrix NetScaler portfolio, andĀ Ciscoās demonstration of its Nexus 1000V virtual networking portfolio on Citrix XenServer.
Ā
The Nexus 1110 is the latest generation of appliances that started with the Nexus 1010. The Nexus 1110 helps customers that are virtualizing more of their application and security services and want to run them on a dedicated platform. For example, virtual firewalls, like ourĀ Virtual Security Gateway (VSG),Ā complement physical firewall appliances to support virtual application deployments and VM mobility requirements. The Nexus 1110 appliance serves that need, running a range of virtual services on a platform that the networking and security teams can more directly control than the other application servers.
With Citrix NetScaler VPX integrated into the Nexus 1110 Cloud Services Platform, enterprise IT admins can scale-out deployments by enabling additional virtual NetScaler instances (VMās) directly from the Nexus 1110. NetScaler VPX also provides feature and management consistency across physical and virtual ADCās, as well as consistency across physical and virtual workloads that are being managed. The NetScaler…
Continue reading here!
//Richard
Why only Platinum version of NetScaler SDX VPX Package? – #NetScaler #SDX #Citrix
Why does Citrix only sell Platinum versions in bundles of 5 for the SDX platform? Wouldn’t it be great to be able to purchase for instance Enterprise or Standard for the VPX’s you want to setup for capabilities provided by the Enterprise version of NetScaler?
I’d like to buy that instead… what about you guys? Or does this model exist?
//Richard
Access Gateway Licensing Demystified
Ok, this is a good blog post from Prashant BatraĀ and touches an area that I get so many questions about!
Access Gateway Licensing Demystified
Access Gateway discussed in this blog is the Access Gateway based on NetScaler, which is popularly referred to as Access Gateway Enterprise. Citrix has recently announced End of Life for all non-NetScaler based Access Gateway platforms, which then makes Enterprise edition, the de-facto Access Gateway.
In this blog, we will discuss the two license types used on your Access Gateway appliance, the two kinds of vServers you can set up to leverage these licenses to provide standard / advanced functionalities, and an example scenario towards the end, to help illustrate these concepts in a real scenario.
License Types
Access Gateway is licensed at two levels:
- Platform License
- Universal License
Platform Licenses
Every Access Gateway (VPX/MPX) comes with a… Ā continue reading here!
//Richard
#NetScaler #SDX design and best practise
Ok, I understand that this is something that I’ve touched upon before as well and received some comments on (NetScaler MPX vs. SDXĀ dilemma). But I’ll still continue the reasoning behind why I think that the NetScaler SDX architecture is great, and that is needs to be offered on all the different platforms/appliance types/sizes!
To kick off the reasoning I recommend that you read this post;Ā #NetScaler #AAA on NS 10.00 Build 70.7 = watchĀ out!. When you’ve read both previous posts I hope that you see where I’m now going with all of this…
Just have a look at this picture where I’m trying to illustrate two design options for how you could build your NetScaler service for a tenant;
And if you then keep in mind about the AAA bug that caused the whole NetScaler engine to crash, what happens in the top scenario if this VPX had been affected? Think about if that NetScaler hosted network connectivity to you public cloud services with workloads, all SSL VPN users connected to the enterprise, all ICA/HDX proxy users into XenApp/XenDesktop, and also provided AAA features to the enterprise web apps used by customers and partners etc.? Wow, that would actually mean that one single 401 basic authentication could have taken down EVERYTHING!
But; if you would have separated your capabilities/features into separate VPX’s then you wouldn’t have had that issue. The “only” thing that would have happened if you ran into an issue that caused the NetScaler to crash then it would only affect that VPX (AAA VPX in the scenario above).
So my personal view is that it’s great that Citrix provides all the features on one appliance/instance. But it also adds quality and test efforts on Citrix to ensure that they perform testing of ALL features and functions before releasing a new build. And that may affect the lead-time to get fixes and new builds released and quality may also be impacted… and that’s what I’m afraid of is happening. So a little word of advice; separate workloads/features when you can and when you don’t want this big of a risk, and prey that Citrix soon delivers the SDX architecture on all appliances! And they would of course perhaps not just sell the larger boxes like they force us into today even if the bandwidth capabilities of that box isn’t required. But they would instead sell more VPX’ on top of the HW, that’s at least what I think.
Comments?
Cheers!
//Richard
NetScaler SDX – value add, #CitrixSynergy #NetScaler
Sitting here listening to the SDX model and its capabilities etc. And I must agree that the concept is great in terms of isolation, flexibility, density and other added values that the platform provides…
But I still see the need for the same SDX model on the smaller appliances where you may need the capabilities of feature isolation etc but where you don’t need the performance/throughput etc. of the larger appliances where the SDX model starts.
If you look at the NetScaler data sheet I can’t understand why you don’t get the SDX model option on for instance the 8200 box and why not down to the 5500?
More on my thoughts on this from my previous blog can be found here.
//Richard
Please contribute – What do we expect from Citrix? – Citrix community enhancement list
Ok, there are a lot of things that I think we all expect Citrix to deliver now in Barcelona when Synergy soon kicks off! But so far I’ve not seen someone that has been combining a community list yet…
And the most important part I feel is that I get more and more information from companies out there that have enhancement requests and issues that they have a hard time expressing and getting into Citrix. The larger enterprises can of course through their channels get more information and also make their voice heard, but the SMB’s have a hard time to do so!
So this is my attempt to start a dialogue with all of U out there on what we expect to see from Citrix in the future! I think it would be interesting to see if the items I’m waiting for a change on is aligned with the rest of the community!
So why don’t we all contribute to a list that we all can share and prioritise over time? I can for a start moderate this list if you comment or send me items that you think should be on the list and then I’ll try to make sure that people within Citrix get the items and I’ll try to follow up! Of course we need help from the CTP’s (just to be clear; I’m not a CTP so don’t get me wrong here) and others as well to put pressure and assist in the governance of this activity.
So this is my first list of items that I think that we can build upon… It’s a first draft and far from the total number of items are there so bear with me! š
Please comment below to have your item(s) added to the list and let’s make a change!
| ID | Product/Area | Enhancement request/Issue | Status |
| 1 | Licensing | Ensure that all products supports the license server (NetScaler etc.) | Not fullfilled |
| 2 | Monitoring & Reporting | Ensure that you can get historical concurrent user reports that spans across ALL products (NetScaler/AG, XenApp, XenDesktop etc.) | Not fullfilled |
| 3 | Monitoring & Reporting | Ensure that Citrix provides an end-2-end monitoring and reporting service for the whole Citrix stack. This to ensure that delivery organizations can deliver reports like “Service Availability in %” over time that includes all service components (NetScaler AGEE VIP, StoreFront/WI, PVS/MSC, XenServer, XenApp/VDA, Profile Server, etc. If Citrix isn’t going to do this; then please point on a product that does the job. | Not fullfilled |
| 4 | Monitoring & Reporting | Provide a monitoring solution to ensure health and best practise configurations of all products involved in a traditional “XenDesktop” stacked service. | Not fullfilled |
| 5 | Cross-product | Improve your testing!! There have been to many issues with updates to products in the “Citrix stack” that has caused issues in others, like update to XenServer that caused PVS issues, or updates to a specific NetScaler feature that caused others to fail. | Not fullfilled |
| 6 | Cross-product | Create an central update service for all products that can inform the admin about updates not applied or if components aren’t in synch in terms of SW versions etc. | Not fullfilled |
| 7 | Cross-product | Ensure that the end-user look & feel are the same across the products used in the stack (NetScaler AGEE login page, Web Interface/StoreFront, Receiver etc..). This should not require admins to do and should be a design principle. | Not fullfilled |
| 8 | Cross-product | Come on, simplify the administration of the products in the stack = reduce the number of consoles! | Not fullfilled |
| 9 | AppController | Multi-domain support | Not fullfilled |
| 10 | AppController | Support for multiple setups that can synch the DB. This to ensure that you can have an HA pair setup for instance in EuropƩ and one in the North Americas and have the end-user be logged in against both and have their subscriptions etc follow them (as well as of course reporting, monitoring etc. etc.) | Not fullfilled |
| 11 | AppController | Support for really large AD domains with LARGE # of AD users and AD groups | Not fullfilled |
| 12 | AppController | Support for AD domain structure where the BASE DN is different to where AD users and the AD security groups you want to use for roles | Not fullfilled |
| 13 | EdgeSight | Ensure that EdgeSight or equivalent end-user monitoring and reporting is integrated and that works on both XenApp and XenDesktop VDA’s and that doesn’t increase the IOPS with rediciolous numbersā¦ | Not fullfilled |
| 14 | NetScaler | Create SDX platform to run on all MPX appliances, for more info why see; NetScaler MPX vs. SDX dilemma; https://richardegenas.com/2012/10/03/netscaler-mpx-vs-sdx-dilemma/ | Not fullfilled |
| 15 | NetScaler | Provide out of the box integration with the Single Sign-On product (former CPM) so that Account Self-Service can be made directly from AGEE VIP login page. | Not fullfilled |
| 16 | NetScaler | Add support for AG session policies so that ICA proxy can be turned on for specific published apps and desktops and not per session. This for situations where you might have one app or desktop that sits behind an AGEE and others don’t. | Not fullfilled |
| 17 | NetScaler | The NetScaler/Access Gateway HTML/GUI pages used shall be able to be customized per AGEE/AAA Virtual Server. Today they are global pages so that specific modifications/customizations cannot be made and you have to buy an additional NetScaler unless major customizations are done and then life-cycle management becomes an issue. | Not fullfilled |
| 18 | NetScaler | Change so that you can specify different Authentication policies and requirements mapped to Session policies instead of to a Virtual Server, AAA group etc. This could then provide a way so that you could offer ICA proxy mode with single auth and two-factor if you launch/select to open an SSL VPN tunnel | Not fullfilled |
| 19 | NetScaler | It would be good if you on the Receiver could select what authentication you want to perform upon login and not just at setup of the Account. That would mean that you could pass that info the the NS VS and then in AGEE handle that to the authentcaiton policies and session policies. Then a user that has forgotten a hardtoken could still get access but only in ICA proxy mode and have all virtual channels disabled without having to have multiple accounts in the Receiver and admin doesn’t need multiple NS AGEE VS. | Not fullfilled |
| 20 | Merchandising Server | Ensure that it supports larger AD environments and multi-domain support | Not fullfilled |
| 21 | Merchandising Server | Create a central DB for config etc or ensure that MS is migrated into SF asap. | Not fullfilled |
| 22 | Provisioning Services | Improved/simplified support/update functionality for when you use KMS licensing | Not fullfilled |
| 23 | Provisioning Services | Create REAL update msp or msi files for updates, you can’t require admins to go in and replace DLL-files etc in 2012 | Not fullfilled |
| 24 | Provisioning Services | Implement replication of vDisk files (diff-files) etc so that it’s automated within the PVS solution so that you don’t have to rely on DFS-R etc. | Not fullfilled |
| 25 | ShareFile | Ensure that encryption on local devices are available for all device types and OS’s (iOS, Android, Windows Phone, Win XP/7/8, Linux, OS X) | Not fullfilled |
| 26 | ShareFile | Design the product so that you could leverage public storage providers for your storage but encrypt it using your own PKI service and proxy traffic to it through the Storage Center server(s) without having to invest in in-house storage solutions and reduce CAPEX. | Not fullfilled |
| 27 | ShareFile | Design the solution so that you can configure the plygin/Receiver functionality when it comes to StoreFront on groups/roles instead of just for the whole account. | Not fullfilled |
| 28 | Storefront | Support for multiple setups that can synch the DB. This to ensure that you can have an HA pair setup for instance in EuropƩ and one in the North Americas and have the end-user be logged in against both and have their subscriptions etc follow them (as well as of course reporting, monitoring etc. etc.) | Not fullfilled |
| 29 | Storefront | Simplify configuration and branding of the StoreFront for Web sites like most other providers have and they had in Web Interface | Not fullfilled |
| 30 | Storefront | Add all features that where available in Web Interface | Not fullfilled |
| 31 | StoreFront | Design the product to allow the user to select whether he/she can group apps and desktops into folders or tabs in StoreFront for Web | Not fullfilled |
| 32 | Receiver | Ensure that email-enrollment to StoreFront stores can somehow support multidomain support (like if you have multiple users having the same email-address; name@company.com can be linked to different AD domains | Not fullfilled |
| 33 | Receiver | Corporate branding for the Receiver, logo, text etc. | Not fullfilled |
| 34 | Receiver | Ensure that all Receivers have the same look & feel and functionality. Like the secondary and primary password field names should be the same on a Mac and a Windows client, as well as other features. | Not fullfilled |
| 35 | Receiver | Add so that Receiver passes DOMAINNAME to NetScaler/AG VS so that it can be used to determine which AD domain to authenticate with. In todays version you have to either make one VS per domain or cascade through multiple domains on the same VS. And cascading is available as a workaround but triggers failed logins against AD and is not that nice and security/AD teams are not that happy… | Not fullfilled |
| 36 | XenDesktop | Support for Linux VDA’s (Ubuntu for example) | Not fullfilled |
| 37 | XenApp | Support for Linux Terminal Servers (Ubuntu for example) | Not fullfilled |
I’ll post an excel-spreadsheet as well for download soon, and then let’s see if there is an interest or not! š
Cheers!
//Richard
The IT Melting Pot! 