Netscaler Gateway X1 theme 46 Comments

What I like when I access my virtual desktops and applications is consistency thought different systems, front web and UI... Citrix have try with the green bubble theme to bring this but that wasn't really a success due to this "not very good looking" theme :)

Load Balancing TFTP with Netscaler 10.5 30 Comments

Implementing Citrix Provisioning Services (PVS) is very common nowaday when it's about deploying Shared Desktops (XenApp) or Pooled, Private or Personal Desktops (XenDesktop). If there are still some debate around about using TFTP+PXE vs using BDM (Boot Device Manager) I still observe a large number of deployment made using TFTP+PXE rather than BDM. Both of these two solution have Pro and Cons (Check Wilco's website here) and this is an architectural choice you need to plan ahead the project. Using TFTP and PXE bring several spof along the line and need to be consider and design as the most resilient as the high availability require. TFTP is not redundant by design, using the DHCP 66 options (Boot Server Host Name) allow the use of only one IP address. and there is no redundance behind that. With Citrix Netscaler, Citrix gave us the ability to bring high availability to this spof and address this issue. With Netscaler previous version (prior 10.x) that wasn't that easy to setup and the understanding of Netscaler feature like Layer 2 Mode, DSR etc... And if you didn't understand exactly everything what you were doing, all the PVS traffic was going through the Netscaler and believe me, that was really pain in the ass... I saw that kind of mistake a number of time... With Netscaler 10.1 then 10.5 things are a lot more easy... So I just jump on the occasion I had at one customer's place to load balance 4 Citrix PVS servers (TFTP + PVS) to deliver this simple and fast how to. Information you need to gather : IP Adresses and name of all PVS servers (with TFTP) One IP Adress for the Virtual Server (VIP) One or more Netscaler 10.5 (I made this configuration with 10.5.51.10.nc) Here is a basic architecture overview of component we are impacting : Netscaler #1 and #2 : This is were the configuration will take place PVS Servers #1, #2, #3 and #4 : All the PVS / PXE / TFTP servers we will use in this example DHCP Servers #1 and #2 : This is where we will configure the 66 option by using the Load Balanced IP Address (VIP) VMs : All these Virtual Machines will use PXE to boot get the Load Balanced TFTP address to launch the ARDBP32.bin file.   Let's got for the Netscaler configuration, first you need to login, if you're using a multi Netscaler architecture you…

Netscaler 10.5 and Storefront 2.5.2 Configuration 13 Comments

Citrix Netscaler 10.5 is out since a couple of weeks now, and if you want to read what's new about this new release just click on the [link] because there are so many things I won't list everything here. I will use this blog to refresh the "how to" I already did about Netscaler and I will go through the basic setup, certificate request, import and Access Gateway configuration to plug my XenDesktop 7.5 lab. First, you need to download your Netscaler (download if you're using a VPX appliance). You can find the appliance corresponding to your hypervizor : vmware ESX Microsoft Hyper-V Citrix XenServer KVM You can download it here : [link] - myCitrix account is required One you boot up the appliance, after give the basic information like IP address, subnet and getway, you can fireup the GUI through your favorite browser. You need to logon and follow the step by step screenshots : The basic configuration is done. now time to add a certificate for the Access Gateway, creating a private key, a CSR and finally importing the pem certificate.   Don't forget to change the nsroot password. Now the certificate part is done (thanks to Digicert for my lab) you can go ahead to the next step and configure your Strorefront server to create a new store ready to connect with the Netscaler Access Gateway. Storefront part is easy and quick to do, you can now continue by creating the Access Gateway using the new wizard and following these steps : Here you go, just a reboot to have the Access Gateway up and running. I had few issue in the end with Application Firewall with Google Chrome and Safari from a Mac OSx computer, you need to enable the learning mode to check what need to be change in Application Firewall rules and allow connexion to you Access Gateway. You can customize the Netscaler Access Gateway logon page and your Storefront very easily, Eric one of my CTP friends did a very short and nice blog about that [link] and a very detailed blog written by Feng Huang Citrite here [link] This blog will give you a good overview on what needs to be done to set up an Access Gateway with Storefront, for those who don't have time to make test, now you know !

Cloudify my lab with Windows Azure 13 Comments

As I got an unlimited access to Windows Azure I wanted to check out how I could extend my lab into it and use it to store VMs workload (at first). Here what you need : Citrix NetScaler VPX (tested with NS10.1: Build 122.17.nc & NS10.1: Build 123.9.nc) Windows Azure Access Homelab (running on vSphere 5.5) Of course, you need licence for everything... Considerations : Before configuring a CloudBridge tunnel between a CloudBridge appliance in datacenter and  Microsoft Azure, consider the following points: The CloudBridge appliance must have a public facing IPv4 address (type SNIP) to use as a tunnel end-point address for the CloudBridge tunnel. Also, the CloudBridge appliance should not be behind a NAT device. (or you'll have to setup a route for your LAN computers, I'm explaining how to at the end of this blog) Azure supports the following IPSec settings for a CloudBridge tunnel. Therefore, you must specify the same IPSec settings while configuring the CloudBridge appliance for the CloudBridge tunnel. IKE version = v1 Encryption algorithm = AES Hash algorithm = HMAC SHA1  You must configure the firewall in the datacenter edge to allow the following. Any UDP packets for port 500 Any UDP packets for port 4500 Any ESP (IP protocol number 50) packets IKE re-keying, which is renegotiation of new cryptographic keys between the CloudBridge tunnel end points to establish new SAs, is not supported. When the Security Associations  (SAs) expire, the tunnel goes into the DOWN state. Therefore, you must set a very large value for the lifetimes of SAs. You must configure Microsoft Azure before specifying the tunnel configuration on the CloudBridge appliance, because the public IP address of the Azure end (gateway) of the tunnel, and the PSK, are automatically generated when you set up the tunnel configuration in Azure. You need this information for specifying the tunnel configuration on the CloudBridge appliance. First thing first, you need to use your Windows Azure account and follow the next step to begin to configure the IPSec tunnel by creating a local network In the left pane, click NETWORKS. In the lower left-hand corner of the screen, click + NEW. In the NEW navigation pane, click NETWORK, then click VIRTUAL NETWORK, and then click ADD LOCAL NETWORK. In the ADD A LOCAL NETWORK wizard, in the specify your local network details screen, set the following parameters: NAME  VPN DEVICE IP ADDRESS In the lower right corner of the screen,…

This is a new step in application and desktop delivery access point process but Citrix again made it very messy to understand (at least for me...) This is very important to know and understand every component of this new products, but between, Receiver Storefront, CloudGateway Express, CloudGateway Enterprise, AppController and all the past names, some of us can be lost, and our customer are even more lost... (nFuse, Web Interface  2 3 4 5 etc... and Receiver Storefront) If I remember well, at Synergy in Barcelona last October, CloudGateway had been introduce by Citrix CEO with this slide : Now when I read documentation about CloudGateway Express and Enterprise release, I think we lost something : The data "square" (ShareFile & RingCube (?)) is gone for now... Anyway, with the previous picture you can have a clear view about each component present in Citrix CloudGateway. First let's check what is the difference between CloudGateway Express and CloudGateway Enterprise : The difference is mostly around features, but what's not shown in Citrix edition and features matrix is a row with the price. CloudGateway Express is free because this product is here to replace the actual Web Interface and Program Neighborhood to give access to Windows App and Desktops. The enterprise edition is here to centralize access between Desktops, Windows Apps, SaaS and web applications. The upgrade from Express edition to Enterprise edition should be simple and painless, just need to try it out to check how simple it is :) Regarding the architecture, the big picture is simple, we had Web Interface, now we have Receiver Storefront and it should be it... But that's not :) To simplify user's life and give a centralized access to apps, again we need to build an architecture more complex than our good old Web Interface. In the previous image above, there is not that much difference if we consider Storefront is here to replace Web Interface and AppController as a new component to build a bridge between Desktops / Windows Apps and SaaS / Web Apps. The external access is still secured using an Access Gateway, I mean NetScaler Access Gateway (same product, new name), but if we look further, it more complicated than that : Same as Web Interface, high availability is possible with an external load balancing mechanism (ie NetScaler or MS NLB) Now an external database is required to host users…

Part 1/3 Synergy Barcelona 2011 – Personal Cloud 1/3 Part 2/3 Synergy Barcelona 2011 – Private Cloud 2/3 Part 3/3 Synergy Barcelona 2011 – Public Cloud 3/3 Public Cloud The last cloud of 3 (Personal Cloud, Private Cloud and Public Cloud) has been announced to be used in a very easy way, the same way as the creation of a GMail or a Hotmail email account. The way to make this easy connection available is Citrix CloudBridge, this product allow you to connect your datacenter to any cloud with full transparency, security and performance. Citrix CloudBridge will run on network layer 2 and 3 to provide fast and secure IP transaction. The beta version will arrive soon, no more information for now. And then another new product (maybe more like a new NetScaler feature) Citrix NetScaler CloudConnectors will secure the connection all the way down to the client devices has been announced but no release date yet. About what we need to build a cloud, Mark Templeton underline we will soon need to all being ready to build, connect Cloud Infrastructures and Cloud Providers. Most of the enterprise are doing server virtualization ++ built for traditional enterprise apps & client-server compute including a traditional management, then enterprises will need to move on cloud platforms designed around big data, massive scale & next-gen cloud apps with an autonomic management and an open, value added stack. This is where Citrix CloudPortal will enter the game, a layer on to of CloudStack. Citrix vision for the future is 3 clouds, Personal Cloud to empower people, Private Cloud to aggregate and deliver apps and data, Public Cloud to build and connect infrastructures. The 3 PCs. Citrix clearly claims to be the number one partner you need to think when you want to cloudify you network, application, data and devices. And want to lead the new IT to impact the business needs. This is it, I had to live my Synergy remotely from Paris, and this are all the information I could get from Synergy Live and Twitter. Next step will be to digest, analyze and put everything together. I think we have enough new material to play until next Synergy. Part 1/3 Synergy Barcelona 2011 – Personal Cloud 1/3 Part 2/3 Synergy Barcelona 2011 – Private Cloud 2/3 Part 3/3 Synergy Barcelona 2011 – Public Cloud 3/3