Storefront Load balancing using NetScaler


It’s been a while since I wrote on my blog so let’s get straight into the post without much mucking around. This time we will discuss how to go about setting up Storefront load balancing using NetScalers. This can be configured on a standalone NetScaler or a NetScaler pair in HA. The recommendation is obviously to get this setup on a HA NetScaler pair so that NetScaler outage wouldn’t result in Storefront also being unavailable.

My Storefront version is 3.11 and have a cluster with 2 Storefront servers. NetScaler version is 11.1 but the NS version shouldn’t matter much as the steps would be more or less the same for other NetScaler firmware versions – newer or older. (unless you are too far behind)

Pre-Requisites

To configure Storefront load balancing we need the following –

  • 2 or more Storefront servers
  • an IP address for the virtual server that hosts the LB configuration
  • SSL certificate that points to the intended load balanced URL of Storefront – the certificate can be a wild card or a named certificate

First Things First

Logon to your NetScaler and navigate to System — Settings — Configure Basic Features. Ensure that Load Balancing is selected, if not select it and click OK

1

NetScaler Configuration

Create Servers

Now, navigate to Traffic Management — Load Balancing — Servers. Click Add

2

Give the Storefront server a name and enter the IP address of the server. Ensure that “Enable after creating” is selected. Click Create

Add the second Storefront server following the above steps. If you have more than 2  servers, add all of them.

3

Create Monitors

New NetScaler version come with a built-in Storefront monitor so we are going to make use of it here. Go to Traffic Management –Load Balancing — Monitors and click Add

Here I am only going to create a single monitor to probe all my Storefront servers. You can choose to create multiple monitors depending upon the number of Storefront servers that you have. In my case, i will create just one.

Give a name to the monitor and select the type as STOREFRONT

5

Now select Special Parameters tab and provide the name of the Store that you have created in Storefront. Check the 2 entries – Storefront Account Service and Check Back End Services. 

4

Click on the Standard Parameters tab. Ensure that Secure is selected as below. Click Create

6

Create Service Groups

Go to Traffic Management –Load Balancing — Service Groups

Give a name to the service group and select the protocol as SSL. Check the entries below

  • State
  • Health Monitoring
  • AppFlow Logging (only if you have NetScaler MAS in your environment)

Click OK

7

Under Service Group Members, add the server entities that we created earlier. Once done, they will look like the below

8

Under Settings, type the Header as X-Forwarded-For

9

Under Monitors, bind the monitor that we created before

10

Under SSL Parameters, setup the settings as below

11

Under Ciphers, setup the ciphers based on your company security policy.

12

Once done, Service Group for Storefront should look like this

13

Now, it’s time to create the Virtual Server

Virtual Server

As mentioned in the pre-requisites section , we need an IP address for this. If the NetScalers are sitting in the DMZ, a DMZ IP address is required. In my case, NetScalers are hosted internally so i will use an internal unused IP address.

We will also need the SSL certificate here.

Go to Traffic Management –Load Balancing — Virtual Servers

Click Add

Give a Name to the virtual server and select the protocol as SSL

Specify the IP address under IP Address field and specify the port # as 443

14

Click More and specify the settings as below (note, that AppFlow logging only needs to be enabled if you have a NetScaler MAS setup or other monitoring solutions that could make use of AppFlow logs)

15

 

Under Services and Service Groups, click on Load Balancing Virtual Server ServiceGroup Binding

Click Add Binding and select the Service Group that you created in the previous step. Click OK

Once completed, the page should look like the below. Click Close and click Done

16

It’s time to attach the certificate. Go to Traffic Management — SSL — Manage Certificates / Keys / CSRs

17

 

Click on Upload button and upload your certificate file to NetScaler

Go to Traffic Management — SSL — Certificates — Server certificates

Under Certificate, click on Server Certificate and then Install

Give a certificate key-pair name and choose the certificate that was just uploaded in the previous step. Click Install

Now, go back to Traffic Management –Load Balancing — Virtual Servers

Select the Virtual server created for Storefront and click Edit. Under Certificates, select Server Certificate and then Click Add Binding

Under SSL Ciphers, select the ciphers that you would like to be in place. I am going with the default one. This is not the most secure for a production setup so go with something that’s secure enough for your organization.

Under SSL Parameters, configure the settings as below. Click OK

18

Under Method, Select LEASTRESPONSETIME for the Load Balancing Method. Configure a Backup LB Method, I choose LEAST CONNECTION

You can read more about the LB Methods here

19

Click OK

Under Persistence, select COOKIEINSERT for Persistence with a time-out value of 0. You can also read why I selected the timeout value of 0 here

Under Backup persistence, select SOURCEIP with a timeout of 60. Fill in the Netmask as in the picture

20

Click OK and then Done

We have now completed almost 90% of the config. There are a couple of things left so hold on tight.

The configuration so far will ensure that load balancing will be performed between the Storefront servers ( I know, i know I haven’t setup the DNS entries for the load balanced VIP)

If someone type in the http URL of LB Storefront in their browser, it will not go anywhere. It will show them the IIS page instead. So how do we ensure that the users are redirected to the correct Storefront page (https version) every single time? We will setup another virtual server on port 80 with a redirect URL configured.

Let’s do that now.

Under Traffic Management –Load Balancing — Virtual Servers, Click Add

Under Basic Settings, give the virtual server a Name and select protocol as HTTP

Specify the same IP address as for the Storefront LB VIP and provide 80 for the Port #

Click OK/Create

Under Persistence, select SOURCEIP with a timeout of 2 mins

21

Click OK

Under Protection, type in the correct HTTPS URL that you would want the users to be redirected to under Redirect URL field

22

Click OK. Then click Done

You will notice that the virtual server will be marked as down

23

DNS Changes

Now head over to the DNS server and open the DNS Console

Create an A record pointing to the Storefront LB name with the IP address configured on the vServer for LB configuration.

Storefront Changes

This is the last step, I promise. Head over to the Storefront servers and it’s time now to run some Powershell commands

Now, the monitors that we created earlier will be marked as Down if we didn’t perform this step prior to creating them on the NetScaler. That’s because the monitor created was based on HTTPS and by default, Storefront monitoring is done on HTTP

To change this to HTTPS. We need to configure the monitor service to use HTTPS instead. On all the StoreFront 3.0 servers perform the following steps.

Run PowerShell as an administrator.

Navigate to the Scripts (C:\Program Files\Citrix\Receiver StoreFront\Scripts) folder via the Powershell on the Storefront server,

Run ImportModules.ps1

24

Run the below command

 Get-DSServiceMonitorFeature

25

Now, type the below to setup the Storefront Monitor on HTTPS

Set-DSServiceMonitorFeature -ServiceURL https://localhost:443/StoreFrontMonitor

 

Repeat the above steps on all the Storefront servers.

Now, head back to the NetScaler and you can see that the monitor will be in GREEN and showing a status of UP

That’s all we need to do to setup Storefront load balancing using NetScalers.

 

 

 

 

Advertisements

AUTOMATION OF A XENDESKTOP/XENAPP DEPLOYMENT – PART 3


This article will cover how to install the Citrix Studio component.  For those of you who are unfamiliar this will act as your centralized point of control for your Citrix environment.  You can also interact with it as you’ve seen in previous examples through command line operations as well.

In order to install the Studio for management the process is straight forward.  Run the executable with a few switches –

[C:\Downloads – “Your download location”]\x64\XenDesktop Setup\XenDesktopServerSetup.exe /PASSIVE /NOREBOOT /CONFIGURE_FIREWALL /COMPONENTS DESKTOPSTUDIO

Once your Studio component is installed, you can validate the installed components by reviewing their accessibility form your server where the command was executed.

Studio

Next up would be installing your StoreFront component.  This will provide front end access to your delivered applications and desktops.

StoreFront

The process is the same.  Utilizing your Citrix installed, you will call the following executable with the following switches:

[C:\Downloads – “Your download location”]\x64\StoreFront\CitrixStoreFront-x64.exe -silent -logfile “%am_logpath%\StoreFrontSetup.log”

For adding additional Storefront servers to a load balanced group, you can utilize a variety of different scripts to determine if the server is already part of a group, and if not join it.

Creates a script to review if the Citrix services are running on the server where the scripts are executing, and if so join the new StoreFront sever to a group. If not create a group of its own.

Set a conditional statement to evaluate the value of this being returned, and execute one of the following scripts.

For Creating:

Set-DSInitialConfiguration -hostBaseUrl [Hostname]-farmName [FarmName] -port [ListeningPort] -transportType [TransferType] -sslRelayPort [RelayPortforSSL] -servers [ServerToAdd] -loadBalance [LoadBalancer] -farmType [FarmType] -clusterId [ID]

 

Or, For Joining an Already Existing:

Obtain the passcode and store value –

Start-DSClusterJoinService

$Passcode = (Get-DSClusterJoinServicePasscode).Response.Passcode

and finally join,

Start-DSClusterJoinService

Start-DSClusterMemberJoin -authorizerHostName $ExistingNode -authorizerPasscode $JoinPass

 

The final portion would really only be interesting if you were automating the same process over and over again.  This is where a product like Login AM which organizes your scripts, and variables would become handy.  If you are interested in any information about Login AM or automation of Citrix Deployments please reach out and let me know or drop and comment I would like to have meaningful conversations about automation, and increase my understanding of the products as well.

Automation of a XenDesktop/XenApp deployment – Part 2


As I discussed during my previous blog there are many parts necessary for a fully functional Citrix XenDesktop / XenApp environment.  In this part of the series we are going to cover the Citrix Licensing server.

The blog will be shorter than the previous blog due to the fact that there is only one component to the Citrix Licensing server. However, we will also cover how to deal with a known issue during automation which is related to automation leaving the license location in the License server empty.

The command line switches for automation of the license component is again very straight forward.

XenDesktop/XenApp Licensing Server

Example – C:\{Location}\x64\XenDesktop Setup\XenDesktopServerSetup.exe /COMPONENTS LICENSESERVER /NOREBOOT /QUIET /CONFIGURE_FIREWALL

This will install the License Server portion of a XenDesktop/XenApp deployment silently and defer the reboot.  You can run this string as many times as you would like and the end result will be the same.

Based upon my experience with automation I have discovered a known issue which is that within the License Server configuration the location of the specified license file will be blank.  This can lead to issues with functionality.

Know Issue with unattended installation

We can automate address this issue through PowerShell.  Below I will outline how to do so.  The company that I work for make a software solution for managing your PowerShell solutions.  This will provide you with a centralized location for management of your scripts, and assist with WHEN the scripts will be executed.  Additionally, you can design your solution 1 time and utilizes the solution anywhere when deploying XenDesktop / XenApp.

  1. Stop the Citrix License Server service
    1. This is done through a net stop command
  2. Parse through the license server configuration xml file located at
    1. C:\Program Files (x86)\Citrix\Licensing\LS\conf\server.xml
    2. This can be done by piping the contents of the XML file into a variable
    3. $serverxml = [xml] (Get-Content -path “C:\Program Files (x86)\Citrix\Licensing\LS\conf\server.xml” )
    4. You have now captured the contents of the XML file
  3. Locate within the XML file where the license file is specified, under the following value and assign it to a variable
    1. $element = $serverxml.configuration.licenseServer.vendorDaemons.daemon
      1. Where-Object {$_.executable -eq “CITRIX”}
    2. Write the value of your licensing file into the XML file
      1. $element.license = “The location of your license file”
    3. Save the server.xml file
      1. $serverxml.Save
    4. Start the Citrix License Server service

 

Bonus points – You could also utilize this level of automation to quickly replace the licensing file within your deployment in an automated method vs. manually going through the License Server web interface.  IE – Whenever it would be time to change out your license file simply replace the file and run the script.

In my next article in the series we will be outlining the process for deployment of the Citrix Studio portion of your XenDesktop / XenApp.  If you have any tips or tricks that could be helpful.  Please share I would love to share ideas, and share any information you are aware with the rest of my readers.

Automation of a XenDesktop/XenApp deployment


There are many pieces involved in deploying Citrix XenDesktop/XenApp.  For simplification purposes while discussing automation, let’s focus on a single feature of a Citrix deployment- the Delivery Controller.

The Delivery Controller is responsible for delivery of either applications or desktops to end users.

The components of a Delivery Controller are:

  • Database – SQL – Pre-requisite
  • Application – Citrix Delivery Controller

Installing each of these components individually is straight forward.  The applications are packaged in such a way that you can utilize a few switches to install the software.

SQL

Example – C:\{Location}\setup.exe /QUIET /IACCEPTSQLSERVERLICENSETERMS /ACTION=install /FEATURES=SQL,Tools /INSTANCENAME=MSSQLSERVER /SQLSVCACCOUNT=”NT Authority\Network Service” /SQLSYSADMINACCOUNTS=domain.local\Administrator /AGTSVCACCOUNT=”NT Authority\Network Service”

This will install SQL on a Windows Server OS silently, and create a database named MSSQLSERVER.

The same can be done with the Delivery Controller.

XenDesktop/XenApp Delivery Controller

Example – C:\{Location}\x64\XenDesktop Setup\XenDesktopServerSetup.exe /PASSIVE /NOREBOOT /CONFIGURE_FIREWALL /COMPONENTS CONTROLLER /NOSQL

This will install the Delivery Controller portion of a XenDesktop/XenApp silently, deferring the reboot and not installing SQL. You can run this string as many times as you would like and the end result will be the same.

Now, let’s get fancy.

In order for the Delivery Controller to function a “Site” must be present.  A site contains all of the data necessary for a Delivery Controller to function, and is stored in your SQL database; this includes configuration and logging information.

A site is the first step necessary to deliver resources with Citrix for your end users.  With PowerShell you can configure this without user interaction, thus enabling you to automate the deployment process.

You will need 3 databases:

  • “Site”
  • “Configuration”
  • “Logging”

 

You can utilize PowerShell to create these with the “New-XDDatabase” command.  This is a function of the “Citrix.XenDesktop.Admin.V1” PowerShell snap-in.  This will enable you to create the three database necessary for a “Site” to function properly.  Once the databases are created, you can create your “Site”.

You can utilize PowerShell to create your “Site” with the “New-XDSite” command.  This is a function of the “Citrix.XenDesktop.Admin.V1” PowerShell snap-in as well.

XDDatabase

Combining packages from Microsoft, Citrix and PowerShell, you are able to automate the process of creating your first “Site” for a critical component of your Citrix deployment, the Delivery Controller.

There are many platforms for managing, and executing your collection of automation frameworks.  Some of the popular ones are Chef, Puppet and Login AM.  It creates a logical organization structure for doing so, variables necessary and provides an interface for management.

If you are interested in finding out more about this, please get in touch with me.

Also, if you have any neat tricks with PowerShell please share them in the comment section.  Happy automating.

I will be following this post up with articles about the remaining components of Citrix.

Article 2 in the series is now live! See it here – Automation of a XenDesktop/XenApp deployment – Part 2

Article 3 online – Automation of a XenDesktop / XenApp Deployment – Part 3

Stay-Tuned-button-1024x192

What happens when you reset Citrix Receiver?


Hello Folks,

Have you ever wondered what happens when Citrix Receiver is reset?  There are times when Receiver needs a bit of love and care from the Citrix admins. I came across an issue recently where I had to reset Receiver client and thought I should put this down on what gets removed and what gets retained for future reference.

Resetting Receiver to factory defaults removes the following items:

  • All accounts and stores.
  • All apps delivered by the Self-Service Plug-in, along with their icons and registry keys.
  • All file type associations created by the Self-Service Plug-in.
  • Cached files and saved passwords.
  • Per-user registry settings that are user preferences and, for per-machine installations, all user-specific registry settings.
  • NetScaler Gateway registry settings for Receiver.

 

Resetting Receiver does not impact the following items:

  • Receiver or Plug-in installation.
  • Per-machine ICA lockdown settings.
  • GPOs.

How do you reset Receiver?

CLI Method

You can also use the  command line interface to reset Receiver or try and create a script for the same:

"C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\CleanUp.exe" -cleanUser"

GUI Method

Right click the Receiver icon in the notification area and select Advanced Preferences

In the dialog, select Reset Receiver and click OK

receiver

Quick shout out to Trishanka Saikia from Citrix Technical Support for this info.