Citrix NetScaler ADC FAQ's
With over 3,500 features in Premium Edition appliances, we get lots of questions about the product formerly known as Citrix NetScaler. If you have a question, chances are we’ve probably been asked it before, so here’s our pick of the common Citrix ADC FAQ’s.
What does Citrix NetScaler ADC do?
Citrix NetScaler works as a very fast bidirectional proxy application delivery controller to provide secure, redundant, optimised web-application access, SSL Offload, GSLB, Application Firewall and SSL VPN. It operates at Layer 4-7 by terminating inbound client TCP connections on a virtual IP and establishing persistent back-end server connections via its own subnet IP to request content on behalf of the client using request switching and pipelining techniques. As an intermediary buffer between the client and server, the NetScaler can then inspect requests to prevent things like DDoS or Application attacks and provide web content and object Caching and Compression.
What is Citrix NetScaler VPX express?
Citrix NetScaler VPX Express is the free full Platinum virtual appliance available to download and use on an annual license basis, it is limited to One Mbps throughput so only suitable for very small test or learning environments.
What is Citrix NetScaler content switching?
Citrix NetScaler Content Switching functionality is L4-L7 load balancing this enables a Citrix NetScaler Content Switching vServer to make flexible load balancing decisions based on policies that can be triggered by specific client application requests, server responses or session specific variables like source IP and Cookie information.
What is a Citrix NetScaler ICA Proxy?
Citrix NetScaler and Citrix NetScaler Gateway provide full SSL VPN capabilities. Citrix NetScaler ICA Proxy mode is a specific mode of operation to support secure remote access to Citrix XenApp and Citrix XenDesktop only. All a client endpoint needs is the Citrix Receiver application installed. This mode of operation supports all endpoint types.
What is a Citrix NetScaler Load Balancer?
Citrix NetScaler is a feature rich load balancer that improves the availability, security, performance, scalabiltiy and efficiency of services.
What is Citrix NetScaler VPX?
Citrix NetScaler VPX is the virtual appliance form factor and can run on any Enterprise Hypervisor or Public / Private cloud (like Microsoft Azure or Amazon Web Services) (10-40G VPX models only run on specific Enterprise Hypervisors, please speak to a cDNA Technical specialist), VPX has full Citrix NetScaler Firmware functionality (based on normal licensed options) and can be upgraded as part of the Citrix “pay as you grow” license model, Citrix NetScaler VPX are available in 10,25,200 Mbps and 1, 3, 5,8,10,15,25,40 Gbps throughputs.
What is Citrix NetScaler ADC?
Citrix NetScaler Layer 4 – 7 Application Delivery Controller (ADC) with built in Server Load Balancing, SSL Offload, GSLB, Application Firewall and Content Switching functionality and much more.
What is Citrix NetScaler Gateway?
Citrix NetScaler Gateway can be purchased as a stand alone product or as functionality within a Citrix NetScaler ADC to provide full SSL VPN capabilities. Citrix NetScaler Gateway can secure remote access to any client server Enterprise, Citrix or Intranet Applications.
What is Citrix NetScaler AAA?
Citrix NetScaler’s Authentication, Authorisation and Auditing (AAA) feature allows the administrator to enhance any normal traffic management virtual server(TM). This allows policies to be configured that redirect incoming users to a AAA vserver to be pre-authenticated, authorised and audited prior to accessing any corporate web applications from the Internet.
What is a Citrix NetScaler Virtual Server?
A Citrix NetScaler virtual server (vserver) is an entity created on Citrix NetScaler to represent the application or service to the client. TCP and SSL connections are normally terminated on the vserver which normally has a routable IP address owned by the appliance.
What is Citrix NetScaler nCore?
Citrix NetScaler nCore technology relates to the Citrix NetScaler appliances operating system being multi core (cpu cores) aware. It allows the systems packet engines to leverage the high performance multi-core hardware and parallel processing architecture to efficiently scale to meet the requirements of the most demanding web applications.
What is a Citrix NetScaler MIP?
A Citrix NetScaler Mapped IP (MIP) is an IP Address used by the appliance to communicate with back-end application servers, routers or firewalls on a single subnet.
What is a Citrix NetScaler Subnet?
A Citrix NetScaler Subnet IP (SNIP) is an IP Address used by the Appliance to communicate with back-end application servers, routers or firewalls on a single subnet. An appliance can have multiple subnet IP’s defined.
When to use a Citrix NetScaler SNIP?
A Citrix NetScaler Subnet IP (SNIP) is an IP Address used by the Appliance to communicate with back-end application servers, routers or firewalls on a single subnet. An appliance can have multiple subnet IP’s defined.
Why choose Citrix NetScaler?
Citrix NetScaler is a best in class, award winning Layer 4 – 7 Application Delivery Controller (ADC). It’s software based approach offers many benefits to organisations and enterprise including:
1. Address surges in traffic quickly and cost-effectively with on-demand elasticity (Citrix NetScaler “Pay-as-you-grow” licensing).
2. Reduce TCO within the data centre through ADC consolidation (Citrix NetScaler SDX)
3. Enable network application-awareness through unique third-party integrations (Citrix NetScaler SDX with Citrix Ready Partner virtual Appliances).
4. Expand hardware seamlessly without downtime (Citrix NetScaler Pay-as-you-grow” licensing).
5. Cloud-enable your data centre for greater agility, elasticity and cost efficiency (Citrix NetScaler VPX for Azure, AWS and Softlayer).
6. Drastically increase application performance in real-world environments (with Citrix NetScaler Request Switching, Integrated Caching and Compression functionality).
7. Focus on application delivery—not programming (Citrix NetScaler Web Application Templates or Citrix NetScaler MAS 11.1 for End-to-end network and application management, visibility, and automation).
8. Combine strong security with high performance (Advanced hardware / software based SSL Offload and PCI compliant Application Firewall functionality)
9. Achieve the visibility to deliver an outstanding user experience (Citrix NetScaler MAS 11.1 or Citrix Insight Centre Web)
Why Citrix NetScaler SDX?
Citrix NetScaler SDX is an advanced Hybrid ADC platform aimed at Enterprise and Service Providers who need high performance hardware and level multi-tenancy and single point of management. Citrix NetScaler SDX uses its built in Citrix XenServer Hypervisor to allow multiple virtual Citrix NetScaler VPX’s and supported 3rd party virtual appliances (virtual Palo Alto Firewall, MacAfee IPS, Bluecat IPAM etc.) to run on the same hardware platform side by side (number / type of virtual appliances is controlled by license). Citrix NetScaler SDX also uses SRIOV drivers to enable the Citrix NetScaler VPX’s running on it to access to dedicated Network Interface Cards, CPU and SSL chips thus boosting the performance over a generic hypervisor based VPX solution.
How does Citrix NetScaler work?
In a basic load balancing setup, clients send their requests to the IP address of a virtual server configured on the Citrix NetScaler appliance. The virtual server distributes the requests to the load-balanced application servers according to a preset pattern, called the load balancing algorithm. Citrix NetScaler monitors the health of all available services to ensure it connects users to the best possible resource at any given time. In addition, Citrix NetScaler has a wide range of features to further enhance the user experience and reduce operating costs.
Why Citrix NetScaler Gateway?
Citrix NetScaler Gateway is a secure application, desktop and data access solution that provides administrators granular application and device-level control while enabling user access from anywhere using Smart Access, Smart Control and the Citrix XenMobile Micro VPN. It is a virtual appliance running on Citrix XenServer, Hyper-V or VMware ESX/ESXi that offers a single point of management and tools to ensure the highest levels of information security across and outside the enterprise. At the same time, it empowers users with a single point of access-optimised for roles, devices, and networks-to the enterprise applications and data they need. This unique combination of capabilities helps maximize the productivity of today’s mobile workforce.
Why Citrix NetScaler for Citrix XenApp?
Citrix NetScaler and NetScaler Gateway with nFactor, Smart Control and Smart Access Provide secure access and delivery of all Citrix applications and virtualised desktops. In addition, NetScaler Global Server Load Balancing (GSLB) can be used to add redundant remote access data centre sites to support globally distributed DR scenarios. Citrix NetScaler provides Specific set-up wizards for common Citrix XenApp / Desktop / StoreFront deployments and the deepest level of insight into HDX traffic which allows Citrix Administrators a single point of end user experience monitoring and reporting for all remote users into the corporate Citrix Environment.
Where are Citrix NetScaler back ups stored?
Citrix NetScaler automatically saves the ns.conf configuration file 5 steps back in /flash/nsconfig. Additionally if a manual system back-up is performed using the #create system backup -level basic|full, the resulting zip file is stored in the /var/ns_sys_backup directory .
Where are Citrix NetScaler logs stored?
Citrix NetScaler system logs are stored in /var/nslog
Why use Citrix NetScaler with XenApp?
Citrix NetScaler and Citrix NetScaler Gateway with nFactor, Smart Control and Smart Access Provide secure access and delivery of all Citrix XenApp 7.5 applications and virtualised desktops as well as data, additionally Citrix NetScaler Global Server Load Balancing (GSLB) can be used to add redundant remote access data centre sites to support globally distributed DR scenarios, as Citrix NetScaler is Citrix integrated product it also provides Specific set-up wizards for common Citrix XenApp / Citrix Desktop / Citrix StoreFront deployments and the deepest level of insight into HDX traffic out of the box (AppFlow feature in Enterprise Edition) so when combined with Citrix HDX Insight allows Citrix Administrators a single point of end user experience monitoring and reporting for all remote users into the corporate Citrix Environment.
Why use Citrix NetScaler with Citrix Sharefile?
Citrix NetScaler ADC can be used to provide Load Balanced access and authentication to Citrix Sharefile’s StorageZones Controller up to the current 4.0 version. Assuming a minimum version 10.1 build 120.1316.e or above, this then provides a StorageZone Controller Wizard to complete the set-up configuration.
Why use Citrix NetScaler with Citrix SharePoint?
Citrix NetScaler ADC can be configured to support Microsoft SharePoint 2013. Using AppExpert Templates, a complete configuration can be set-up and customised to suit your requirements. Features specifically used in this configuration to enhance the performance and security of the SharePoint 2013 deployment include Integrated Caching, Compression, Load Balancing, Responder, Rewrite, Content Switching, SSL Offload, AAA-TM and Application Firewall (Citrix NetScaler Platinum recommended).
What is Citrix NetScaler A record?
As Citrix NetScaler can operate as full authoritative DNS name server it can be configured with all the common DNS records including ‘A’ records at the command line for example type #Add dns address www.clouddnagroup.com 123.456.789.111 -ttl 10
Citrix NetScaler a+ rating
Organisations that use Citrix NetScaler to protect and load balance their web application or service can utilise the Citrix NetScaler SSL Offload functionality to achieve the Qualys SSLlabs.com A+, further to that Citrix NetScaler 11.1 improves SSL management for multiple web services and sites with its advanced SSL Profile functionality.
How to upgrade a Citrix NetScaler HA pair?
To upgrade a Citrix NetScaler HA pair follow the same process as for a standalone appliance, but update the “Secondary” appliance first and reboot, then after checking the upgrade has been a success upgrade the “Primary” appliance. Need help? Talk to one of our Citrix NetScaler specialists.
How to back up a Citrix NetScaler?
To backup a Citrix NetScaler, first use the “save ns config” command, then you can use the #create system backup <-level basic | full> to create the zipped backup file in /var/ns_sys_backup/ directory. Basic backs up all configuration files except SSL and License. Full backup includes these additional files. Due to space limitations Citrix NetScaler will only store 50 backup files, but these can be removed using the rm command. Need help? Talk to one of our Citrix NetScaler specialists.
How to configure a Citrix NetScaler?
Initial configuration of your Citrix NetScaler appliance can be achieved by using a laptop and network cable into any available interface and either Browser + GUI or SSH client eg PuTTY and Command line. Connect to the default NSIP management IP 192.168.100.1 via your browser or ssh client (don’t forget to ensure your laptop is in the correct subnet 192.168.100.xyz) where you will see the login screen. Use nsroot as the username and nsroot as the password after initial GUI logon and you will see the “First-time use” wizard (you will need your new Citrix NetScaler network details and license key as a bare minimum). If you use the CLI then type the #config ns command and input your network details. Need help? Talk to one of our technical team.
How to upgrade a Citrix NetScaler?
Upgrading a Citrix NetScaler Appliance can sometimes lead to configuration loss so make sure you back-up the running configuration first (nsconfig directory or ns.conf file depending in the situation). Full instructions on the upgrade steps can be found in the Citrix eDocs for the build you are upgrading to. Need help? Talk to one of our technical specialists.
How Citrix NetScaler works?
In a basic load balancing setup, clients send their requests to the IP address of a virtual server configured on the Citrix NetScaler appliance. The virtual server distributes the requests to the load-balanced application servers according to a preset pattern, called the load balancing algorithm. Citrix NetScaler monitors the health of all available services to ensure it connects users to the best possible resource at any given time. In addition, Citrix NetScaler has a wide range of features to further enhance the user experience and reduce operating costs.
How to reboot a Citrix NetScaler?
To reboot a Citrix NetScaler appliance from the command line use #reboot you can use the -warm argument to perform a warm reboot. Need help? Speak to one of our technical team.
How to downgrade a Citrix NetScaler?
Downgrading a Citrix NetScaler Appliance can sometimes lead to configuration loss so make sure you back-up the running configuration first (nsconfig directory or ns.conf file depending in the situation). Full instructions on the downgrade steps can be found in the Citrix eDocs for the build you are downgrading from. In summary, back-up the ns.conf, rename ns.conf.NS<currentbuildnumber> to ns.conf this will be the pre upgrade configuration from the previous upgrade. If you have the build you want to roll back to already uploaded and unzipped in /var/nsinstall/ then re-run ./installns script in the old build folder to re-install the old firmware and reboot. Need help? Give us a call!
How to create a Citrix NetScaler service?
After the initial management network configuration (NSIP, Subnet mask, Default route), the remaining configuration of a Citrix NetScaler appliance can be done via the Browser and GUI (http://NSIP) or Command line via an SSH client like PuTTY (a browser that supports html5 like Firefox will help). Once you have logged on with the nsroot username and password, you can enable Load Balancing, add servers, services and vserver under the Traffic Management > Load Balancing > section in the GUI or add a service from the command line.
How to secure a Citrix NetScaler?
Citrix NetScaler deployed in the DMZ can be secured and hardened. There are multiple mechanisms around systems management, authentication, monitoring and logging that can be utilised depending on your specific security requirements. The systems can utilise independent management networks to isolate the admin traffic. Role based access can also be configured and combined with external authentication services like Microsoft Active Directory or TACACS+. Additionally, if a single management pane of glass is required for multiple Citrix NetScaler Appliances (VPX, MPX, SDX , CPX as well as Citrix NetScaler SD-WAN) then Citrix NetScaler MAS can be deployed to centrally managed the Citrix networking estate.
What is a Citrix NetScaler device?
Citrix NetScaler is a feature rich Layer 4 – 7 Application Delivery Controller (ADC) that support features like Server Load Balancing, SSL offload, GSLB, SSLVPN & Application Firewall. It is available in multiple form factors including virtual (VPX), Physical (MPX) , Hybrid (SDX) and Containerised (CPX).
Is Citrix NetScaler a firewall?
Citrix NetScaler complements existing network firewall’s by operating a Layer 4-7 to inspect web content requests and responses with its Application Firewall module to prevent Application layer attacks. Citrix NetScaler can can provide PCI DSS compliance reports for audit purposes and both simple and extended ACLs where required.
What is a Citrix NetScaler SNIP?
A Citrix NetScaler Subnet IP or SNIP is an IP address owned by the Citrix NetScaler appliance and used for communications with Firewall’s , Routers or Back-end Application Servers (required in most load balancing deployments). A SNIP is commonly used instead of the older MIP (mapped IP) as an appliance can operate with multiple Subnets / VLANS.
What is a Citrix NetScaler VIP?
A Citrix NetScaler virtual IP or VIP is an IP address owned by the appliance and normally associated with a virtual server entity (common in load balancing deployments). The VIP can be any public or private address.
How to use a Citrix NetScaler as a Reverse Proxy?
By default all inbound load balanced web applications via Citrix NetScaler are reverse proxied with a separate TCP connection for client and server side (use subnet IP mode), Citrix NetScaler can also be used to provide a redundant outbound forward proxy with link or firewall load balancing configurations.
Using Citrix NetScaler as a Proxy?
By default all inbound load balanced web applications via Citrix NetScaler are reverse proxied with a separate TCP connection for client and server side (use subnet IP mode). Citrix NetScaler can also be used to provide a redundant outbound forward proxy with link or firewall load balancing configurations.
Using Citrix NetScaler as a router?
Citrix NetScaler has full static and dynamic routing capabilities built in. As part of a Dynamic routing environment, it can support BGP, OSPF and RIP routing protocols and can use Route Health Injection (RHI) functionality to add or remove routes to a web app’s load balanced vservers upstream border routers.
Using Citrix NetScaler as a firewall?
Citrix NetScaler complements existing network firewall’s by operating a Layer 4-7 to inspect web content requests and responses with its Application Firewall module to prevent Application layer attacks. Citrix NetScaler can also provide PCI DSS compliance reports for audit purposes.
Using Citrix NetScaler as a TMG replacement
Citrix NetScaler’s advanced application protection and AAA TM features can be deployed in front of Microsoft enterprise application suite including OWA, SharePoint and Lync to provide Secure Authenticated access to these critical business applications.
Is Citrix NetScaler a load balancer?
Yes, Citrix NetScaler is a feature rich Layer 4 – 7 Application Delivery Controller (ADC) with built in Server Load Balancing.
Citrix NetScaler as a service
Citrix NetScaler’s ADC functionality can be deployed all physical and virtual form factors including the CPX appliance (in a Docker container) or as an SDN service as part of a Cisco, VMWare or OpenStack SDN deployment. To further enhance these deployments, full Citrix NetScaler application automation can be achieved by additionally deploying the new Citrix NetScaler 11.1 NMAS (NetScaler Management and Analytics Service) appliance.
Citrix NetScaler at a glance
Citrix NetScaler is a feature rich Layer 4 – 7 Application Delivery Controller (ADC) with built in Server Load Balancing , SSL Offload, Global Server Load Balancing, Application Firewall and SSL VPN, along with many other web application optimisation and protection features such as caching and compression.
Using Citrix NetScaler as a DNS server
Citrix NetScaler has a built in Domain Name Server (DNS) functionality to support GSLB (ADNS) as well as DNS security and proxy capabilities.
Using Citrix NetScaler for SSL a+
Organisations that use Citrix NetScaler to protect and load balance their web application or service can utilise the NetScaler SSL Offload functionality to achieve the Qualys SSLlabs.com A+, further to that Citrix NetScaler 11.1 improves SSL management for multiple web services and sites with its advanced SSL Profile functionality.