Blogs

Installing Citrix NetScaler 11.0 & Configuring Unified Gateway

Citrix NetScaler 11.0 & Unified Gateway

Citrix released NetScaler 11.0 on 30th June 2015 in this blog i am installing the new NetScaler.

First step is to download the correct version from the Citrix Site… In my environment I am using MS Hyper-V

NSG_11_1

Installing NetScaler VPX

After downloading the and importing the Virtual Appliance in your Hypervisor you need to start this VM. Once the VM is started, connect to the console and begin with the initial config. At this point you need to give the NetScaler the correct IP settings within your environment.

NSG_11_2

Press 4 to save and quit.

NSG_11_3

At this point you can log in via your browser. Open a browser an connect to the NSIP address you entered in the initial setup configuration.

NSG_11_4

Log in with the default Username: nsroot and Password: nsroot (You should change this after the initial configuration)

After login you need to complete the wizard.

NSG_11_5

 

You need to fill in the Subnet IP Adress. A SNIP address is used in connection management and server monitoring. You can specify multiple SNIP addresses for each subnet. SNIP addresses can be bound to a VLAN.

NSG_11_6

Click on Done to continue…

Next step is to configure the Hostname, DNS and Time Zone….

NSG_11_7

 

NSG_11_8

At this point you will get a notification, that the config needs to be saved, and a reboot is needed. Select “yes” to continue

Next step is to add a license file to you’re NetScaler. You can do this by downloading this from the “MyCitrix” portal. And use the Host ID of the NetScaler

NSG_11_9

 

Select Browse and for the license file you have previously downloaded from “My Citrix”

NSG_11_10

Once the license file is uploaded to the NetScaler. You will receive a message that everything is successful.

NSG_11_11

Click Reboot to continue.

NSG_11_12

 

After reboot and login in again, you will get a list of the license available with the uploaded license file

NSG_11_13

First impression what is changed.

As we can see there is a new Integration Wizard. As we know from version 10.5 there was “XenMobile” and “XenApp and XenDesktop”.

NSG_11_14

So what is Unified Gateway. Citrix says it is “One” URL to provide consolidation of remote access. So NetScaler’s gateway functionality empowers users with choice of device and the ability to work from where they want. Users achieve remote access the same convenient way irrespective of where they are (at home, on the office LAN, in a hotel or mobile), the type of device they have (a smartphone, tablet, laptop or desktop) or the type of resource being accessed (web, SaaS, mobile, client-server or virtualized server-hosted applications) from “One” URL.

NSG_11_15

We are going to take a look at this in a later stadium.

At this point my NetScaler is configured with a License. So next step is to upload and create an SSL certificate.

Select Traffic Management –>  SSL –> Create RSA Key.

NSG_11_16

Fill in the appropriate names. And remember the password. Click on Create.

NSG_11_17

Next step we are going to create a CSR (Certificate Signing Request)

NSG_11_18

Fill in the correct information, browse to the location of the previously created key file, use the previously created password.

And fill in the rest of the information accordantly

NSG_11_19

Click on Create to continue

NSG_11_20

Click on “View Here”

NSG_11_21

On the next screen the Request file is presented.

NSG_11_22

Click on “Save text to a file” to use this with your SSL provider.

At this point you should contact the Certificate Authority and provide them the file.. Afterwards you will receive the certificate package from the SSL provider.

I am using SSLCertificaten.nl and using Comodo as a Certificate Authority.

Received the following files which I am going to upload to the NetScaler

NSG_11_23

 

Select Traffic Management –> SSL –> Certificates  and “Install”

NSG_11_24

Give the Certificate a name, select the file from you’re “Local drive”, select the previously generated “.Key” file from and use the previously entered password…. Click on “Install”NSG_11_25

Next click on Install again.

NSG_11_26

Browse to “Root Certificate File”, copy and paste the name in the “Certificate-Key Pair Name” field. Leave out “.crt” as shown in the example.

NSG_11_27

You don’t need to use a key file or password, just click install to continue.

NSG_11_28

Now do this for the both the intermediate certificates until all certificates are uploaded.

NSG_11_29

When completed, you should have 3 or 4 certificates in NetScaler.

At this point we need to link the certificates.

Click on you’re SSL certificate, and select “link”

NSG_11_30

Accept the intermediate certificate which is presented.

NSG_11_31

Link all of the certificates. After completion, check the certification links by selecting the following option

NSG_11_32

NSG_11_33

At this point we have a NetScaler deployment with all certificates installed.

Select “Unified Gateway” wizard.

NSG_11_34

NSG_11_35

At this point we have the options to choose between regular Netscaler Gateway or a Unified Gateway deployment.

NSG_11_36

Define the name of the Virtual Server that will be used as Unified Gateway vServer. Also give the vServer an ip address. Choose port 443 and press “continue”

NSG_11_37

Use the certificate we have previously installed.

NSG_11_38

As you can see all of the certificates are linked and chained

NSG_11_39

Next we need to add an authentication method such as LDAP

NSG_11_47

Click on Continue

Choose a “Portal Theme”. This is pretty nice option, so we can easily choose a custom template or the built-in templates

NSG_11_41

Click on Continue

At this point we need to add our applications.

NSG_11_42

Click on the + icon in the upper right corner.

NSG_11_43

We will choose for “XenApp &XenDesktop”, “StoreFront”.

We can also choose for Web Applications. In which we have 4 options….

 

  • Intranet Application ( Intranet applications can be any internal network resident, web-based application which needs to be made available to VPN users.To provide access to intranet resident applications through the Unified Gateway URL please check the option below. NetScaler creates a custom URL for HTTP transactions to switch VPN user site requests. To create this custom URL, an application’s root relative url and site strings must be provided. These strings are derived from the application’s real URL. NetScaler uses these strings to create specific Content Switching rules that filter the web requests for each application and direct the VPN user accordingly.)

 

  • Clientless Access (NetScaler with Unified Gateway supports clientless access to Outlook Web Access and SharePoint web sites. The full URL for these sites must be specified.

 

  • SaaS (Software as a Service) applications are usually externally hosted web based applications that require authentication. This might be a service such as ShareFile, SalesForce, SAP, or NetSuite. NetScaler with Unified Gateway supports access through the VPN for these applications and facilitates the user authentication process with single sign-on (SSO) through SAML where available. If the SAML SSO is required, a SAML profile must be configured.

 

  • Unified Gateway supports VPN access to applications already configured locally as a NetScaler load balancing virtual server. The application’s URL must be given, along with the virtual server configured with the application. The URL must resolve in DNS to the virtual server’s IP address. Note if you want this application to be configured with the NetScaler to provide single sign-on authentication, an appropriate authentication setting needs to be created on the virtual server.

 

We need to fill in the appropriate information appropriate to your environment.

NSG_11_45

 

At this point we don’t have a load balanced Storefront setup, so there is no need to check the Load Balancing option

NSG_11_46

Depending on you’re Farm configuration you need to select the best option. In this example I am using both.

NSG_11_47

Again we are not using Load Balancing for the Delivery Controllers. So no need to check that box.

NSG_11_48

Press “Done”

NSG_11_49

Press Continue and Done to continue

NSG_11_50

Now we need to configure StoreFront for remote access. In my environment I am using StoreFront 3.0

Open the StoreFront Console on your StoreFront server.

Browse to Authentication and click on Add/Remove Methods.

NSG_11_51

Make sure that “Pass-through from NetScaler Gateway” is selected.

Next step select the “NetScaler Gateway” node and add click on the upper right corner and select “Add NetScaler Gateway /Appliance”

Fill in correct information.

NSG_11_52

NSG_11_53

Click on Ok to continue

Next step is to choose “Stores” and select “Enable Remote Acces”

NSG_11_54

Select “No VPN tunnel” and click on OK

NSG_11_55

So at this point you should be ready to go…

NSG_11_56

After Login in the following is displayed.

NSG_11_57

And you can choose the function you want to use.

 

In a next blog I will try to go into customizing the interface….