NetScaler Basic Configuration

The NetScaler platform can be daunting, at first glance, with all of its options and product-specific terminology.  In this article, We'll clarify some of the terminology, talk about the default configuration of a NetScaler deployed on the SoftLayer platform, as well as discuss the configuration of some basic NetScaler features.

Terminology

The Citrix NetScaler platform has some product-specific terminology, as well as basic load balancer terminology and concepts, that is used throughout the technology industry's documentation, that an administrator should familiarize themselves with.  Below, you will find the most common examples of this terminology, as well as a brief description of each term.

NetScaler IP (NSIP)

The IP of the load balancer designated for management purposes.

SubNet IP (SNIP)

A SNIP is the source IP address of a packet used by the NetScaler every time it wants to communicate with a server (or object).  Servers also use the SubNet IP to respond to the NetScaler.

Virtual IP (VIP)

A VIP is an IP address to which a client sends requests.  The NetScaler terminated the client connection at the VIP and then initiates a connection with a server configured in the load balancing service.  This can be either a public IP address for public (internet) traffic, or a private IP address for private (intranet) traffic.

Virtual Server

A Virtual Server, in load balancing terms, refers to the combination of the IP address, port, and protocol to which an IP client connects and where traffic requests are sent for a particular application that is being load-balanced by the NetScaler.

Service

The combination of IP address, port, and protocol used to route requests to a specific server.  A Service, once configured, must later be associated to a Virtual Server.

Server Object

A virtual entity that enables you to assign a significant name to a physical server, rather than using its regular IP address.

Monitor

An element that allows you to track a service, assuring that it is operating correctly.  The monitor uses probes and heartbeat signals to keep track of the Service status.


Default NetScaler Deployment on the SoftLayer Platform

Ordering

When you first order a Citrix NetScaler on the SoftLayer platform in the Customer Portal, you are asked several questions.  You will first be asked for the data center location in which you would like the NetScaler deployed.  You will then be asked to select your license level and throughput needs. Unlike the other load balancing products offered on the SoftLayer platform, the NetScaler is priced according to these options, and not the number of connections that you are expecting.  The next question you are asked is how many IP addresses you would like.  These IP addresses are Static Public IP Addresses, and will be deployed as your NetScaler's VIPs.

Once those options are selected, and you click Continue, you will have to enter some information required by ARIN (or the equivalent organization in the region of deployment) to justify the IP addresses requested, as well as your current, valid contact information.  The next step is VLAN selection.  This is important, because you ideally want your NetScaler to reside on the same VLAN as the servers across which the traffic will be balanced.  This will help cut down on latency, and ensure optimized utilization of your network resources.  Once that is done, you can click Place Order, our provisioning system goes to work deploying the NetScaler with the chosen parameters, and within an abbreviated time-frame you will have your NetScaler available to you for configuration.

Default Deployment

When you view your NetScaler in the Customer Portal Device List, you will notice that it looks a little different than other servers.  Namely, no Public IP address is shown, but a Private IP address is shown.  The default deployment of a NetScaler at SoftLayer is designed to be as secure as possible, automatically assigning a Private IP address as the NSIP used for management purposes.  If you click the arrow to the left of the NetScaler, the line will expand to show you the default username (root) and the masked root user password.  Clicking on the NetScaler's name, itself, will take you to the Device Details page for the NetScaler, you will them be shown the VLAN on which your NetScaler was deployed, as well as your Public IP addresses for the NetScaler.  These IP addresses cannot be used for management, and are the NetScaler's default Public VIP addresses, which you will use to later associate to a Service for load balancing purposes.

To manage the NetScaler, you must be connected to the SoftLayer private network (either SoftLayer Management VPN, or performing management functions from a remote session on a server within the SoftLayer environment, etc.).  Once you are connected, you can click the Actions drop-down list in the top right corner of the Device Details, and choose Manage Device.  This will launch a new tab, or pop-up window, in your browser and route you to the NetScaler's NSIP (the Private IP address that we saw on the previous screen).  The page that is displayed will ask you for the root username and password for the device, and once entered, will take you to the NetScaler Management GUI.

The first screen you see will be the Configuration screen.  It will show you the System Information, such as NSIP, Netmask, Time Zone, and other important vitals of the machine.  All of the configuration options for the features are along the left-hand side of the screen, and there are tabs at the top, to navigate between the Dashboard, Configuration (current location), and Reporting screens.  At the top right of the screen, you will see a Documentation link and a Downloads link, as well as a gear icon button that will show you an at-a-glance view of the IP address, Host Name, DNS IP Address, Time Zone, and License statuses of the NetScaler.

By default, the NSIP (NetScaler IP Address) is the Private IP address assigned during provisioning, which is the IP address that you just used to connect to the NetScaler for management purposes.  The SNIPs (SubNet IP Addresses), by default, are assigned from the same Primary IP SubNets that are located on the VLANs that you chose during the ordering process.  Remember that I said the VLAN choice was important, as if you chose the same VLANs where your intended load-balanced servers reside, then no extra configuration of these SNIPs is necessary.  By default, the DNS is set to SoftLayer's name servers.  In a basic implementation, if SoftLayer hosts the DNS records for your servers, then no further configuration is necessary.

Click Continue to return to the previous configuration screen.

The default deployment at SoftLayer, in a lot of ways, is very similar to how you would deploy it in an on-premise environment; however, SoftLayer handles a lot of the headaches associated with trying to decide which IP addresses to use for which purposes by asking you which VLANs you would like to use for deployment upfront, and automating a lot of that configuration through scripts and API calls on the back-end.  Configuration such as assigning interfaces to separate public and private VLANs, and assigning the proper IP addresses to each interface, including the NSIP, VIPs, and SNIPs.

Basic Load Balancing Configuration

The Citrix NetScaler has some amazing features, such as Web Application Firewall, SSL Acceleration and Offloading, Global Server Load Balancing, etc.  The main, basic function, however, is Local Server Load Balancing, so let's dive into how this works.

Consider this Scenario: A company has a basic social community website where end-users can register for an account that requires no sensitive information, after which the user can log in, and post pictures of their pets.  You have three web/application servers, and one database server to back them up.  Your domain and DNS are hosted with SoftLayer, and because you have a small environment, your NetScaler and your web/app servers are all in the same VLANs.  This simplifies things, as no further configuration would need to be done to the NetScaler to set up a basic load balancing policy.  Here is oversimplified explanation of how the traffic flow would, in this instance, once you configured the NetScaler:

  1. A user enters your URL into their browser
  2. That URL's DNS record points to one of the Public VIPs on your NetScaler
  3. Your NetScaler receives the traffic on that VIP, makes note of the traffic's protocol being used (http port 80 traffic)
  4. The NetScaler then passes that traffic to one of the servers in your server pool, based on the balancing method defined for that pool (round robin, persistence IP, etc.)
  5. The server then accepts the traffic and your user logs in
  6. Your user is now connected and logged in and posting happy pictures of their puppies and kittens

In order to accomplish this, you would need to configure your NetScaler to handle this traffic.  Since the VIP, the DNS server's IP, and the SNIP are already configured, this simplifies the setup.  Here are the basic steps on how to do this:

In the NetScaler GUI, on the Configuration screen, find Traffic Management on the left-hand side, and expand it.  Expand the subsection titled Load Balancing.  The first thing you will want to do is tell the NetScaler what target servers will be included in the load balancing policy.

  1. Under Load Balancing, click on Servers
  2. Click the Add button
  3. Enter the Server Name of the server (i.e. Web1)
  4. Enter the IP address of the server
  5. Leave Traffic Domain blank, as we will only be concerned with using the default traffic domain in this scenario
  6. Enter any comments you would like about this server
  7. Click Create
  8. Repeat for all servers in the pool.  *TIP: To keep servers easily identifiable, use a similar naming convention for servers within the same pool, (i.e. Web1, Web2, Web3, etc.)

Next, you will want to create your Services.  You will be creating a Service for each Server that you just entered.  The Service is what configures the connection between the NetScaler and the servers in the pool.  Each service has a name and specifies an IP address, a port, and the type of data that is served.

  1. Click Traffic Management, Load Balancing, and Services
  2. Click the Add button
  3. Create a service for each Server you created earlier, utilizing the same information you did earlier

Next, you will want to create a Virtual Server.  The Virtual Server is a sort of virtual connection between the VIP that will be used for the load balanced Servers and Services you created earlier.

  1. Click Traffic Management, Load Balancing, Virtual Servers
  2. Click the Add button
  3. Name the Virtual Server something easily identifiable
  4. Designate the Protocol that you will be balancing (http)
  5. Leave IP Address Type as the default (IP Address)
  6. The IP address field is where you will enter the VIP that you will be using as the entry point for all of your users.
  7. Designate the port (default is port 80)
  8. Click OK

Now you will need to Bind the Services you created to the Virtual Server you created.

  1. On the Virtual Servers screen, click the link that says No Load Balancing Virtual Server Service Binding
  2. Bind each of the previously created Services to the Virtual Server
  3. Click Done
  4. Click the Refresh button, and the State and Effective State should show as up (green indicator)

That's it!  You've created your very first load balancing pool and policy for your website.

Advanced Features

As previously stated, there are many advanced functions that come with a NetScaler device.  To learn more about these, and how to configure them, visit the Citrix Documentation Page.  If you run into any issues, remember that SoftLayer's Support and Sales teams are available 24 hours a day, and are always willing to lend a helping hand.