Citrix NetScaler 11.0 & Unified Gateway
Citrix released NetScaler 11.0 on 30th June 2015 in this blog i am installing the new NetScaler.
First step is to download the correct version from the Citrix Site… In my environment I am using MS Hyper-V
Installing NetScaler VPX
After downloading the and importing the Virtual Appliance in your Hypervisor you need to start this VM. Once the VM is started, connect to the console and begin with the initial config. At this point you need to give the NetScaler the correct IP settings within your environment.
Press 4 to save and quit.
At this point you can log in via your browser. Open a browser an connect to the NSIP address you entered in the initial setup configuration.
Log in with the default Username: nsroot and Password: nsroot (You should change this after the initial configuration)
After login you need to complete the wizard.
You need to fill in the Subnet IP Adress. A SNIP address is used in connection management and server monitoring. You can specify multiple SNIP addresses for each subnet. SNIP addresses can be bound to a VLAN.
Click on Done to continue…
Next step is to configure the Hostname, DNS and Time Zone….
At this point you will get a notification, that the config needs to be saved, and a reboot is needed. Select “yes” to continue
Next step is to add a license file to you’re NetScaler. You can do this by downloading this from the “MyCitrix” portal. And use the Host ID of the NetScaler
Select Browse and for the license file you have previously downloaded from “My Citrix”
Once the license file is uploaded to the NetScaler. You will receive a message that everything is successful.
Click Reboot to continue.
After reboot and login in again, you will get a list of the license available with the uploaded license file
First impression what is changed.
As we can see there is a new Integration Wizard. As we know from version 10.5 there was “XenMobile” and “XenApp and XenDesktop”.
So what is Unified Gateway. Citrix says it is “One” URL to provide consolidation of remote access. So NetScaler’s gateway functionality empowers users with choice of device and the ability to work from where they want. Users achieve remote access the same convenient way irrespective of where they are (at home, on the office LAN, in a hotel or mobile), the type of device they have (a smartphone, tablet, laptop or desktop) or the type of resource being accessed (web, SaaS, mobile, client-server or virtualized server-hosted applications) from “One” URL.
We are going to take a look at this in a later stadium.
At this point my NetScaler is configured with a License. So next step is to upload and create an SSL certificate.
Select Traffic Management –> SSL –> Create RSA Key.
Fill in the appropriate names. And remember the password. Click on Create.
Next step we are going to create a CSR (Certificate Signing Request)
Fill in the correct information, browse to the location of the previously created key file, use the previously created password.
And fill in the rest of the information accordantly
Click on Create to continue
Click on “View Here”
On the next screen the Request file is presented.
Click on “Save text to a file” to use this with your SSL provider.
At this point you should contact the Certificate Authority and provide them the file.. Afterwards you will receive the certificate package from the SSL provider.
I am using SSLCertificaten.nl and using Comodo as a Certificate Authority.
Received the following files which I am going to upload to the NetScaler
Select Traffic Management –> SSL –> Certificates and “Install”
Next click on Install again.
Browse to “Root Certificate File”, copy and paste the name in the “Certificate-Key Pair Name” field. Leave out “.crt” as shown in the example.
You don’t need to use a key file or password, just click install to continue.
Now do this for the both the intermediate certificates until all certificates are uploaded.
When completed, you should have 3 or 4 certificates in NetScaler.
At this point we need to link the certificates.
Click on you’re SSL certificate, and select “link”
Accept the intermediate certificate which is presented.
Link all of the certificates. After completion, check the certification links by selecting the following option
At this point we have a NetScaler deployment with all certificates installed.
Select “Unified Gateway” wizard.
At this point we have the options to choose between regular Netscaler Gateway or a Unified Gateway deployment.
Define the name of the Virtual Server that will be used as Unified Gateway vServer. Also give the vServer an ip address. Choose port 443 and press “continue”
Use the certificate we have previously installed.
As you can see all of the certificates are linked and chained
Next we need to add an authentication method such as LDAP
Click on Continue
Choose a “Portal Theme”. This is pretty nice option, so we can easily choose a custom template or the built-in templates
Click on Continue
At this point we need to add our applications.
Click on the + icon in the upper right corner.
We will choose for “XenApp &XenDesktop”, “StoreFront”.
We can also choose for Web Applications. In which we have 4 options….
- Intranet Application ( Intranet applications can be any internal network resident, web-based application which needs to be made available to VPN users.To provide access to intranet resident applications through the Unified Gateway URL please check the option below. NetScaler creates a custom URL for HTTP transactions to switch VPN user site requests. To create this custom URL, an application’s root relative url and site strings must be provided. These strings are derived from the application’s real URL. NetScaler uses these strings to create specific Content Switching rules that filter the web requests for each application and direct the VPN user accordingly.)
- Clientless Access (NetScaler with Unified Gateway supports clientless access to Outlook Web Access and SharePoint web sites. The full URL for these sites must be specified.
- SaaS (Software as a Service) applications are usually externally hosted web based applications that require authentication. This might be a service such as ShareFile, SalesForce, SAP, or NetSuite. NetScaler with Unified Gateway supports access through the VPN for these applications and facilitates the user authentication process with single sign-on (SSO) through SAML where available. If the SAML SSO is required, a SAML profile must be configured.
- Unified Gateway supports VPN access to applications already configured locally as a NetScaler load balancing virtual server. The application’s URL must be given, along with the virtual server configured with the application. The URL must resolve in DNS to the virtual server’s IP address. Note if you want this application to be configured with the NetScaler to provide single sign-on authentication, an appropriate authentication setting needs to be created on the virtual server.
We need to fill in the appropriate information appropriate to your environment.
At this point we don’t have a load balanced Storefront setup, so there is no need to check the Load Balancing option
Depending on you’re Farm configuration you need to select the best option. In this example I am using both.
Again we are not using Load Balancing for the Delivery Controllers. So no need to check that box.
Press Continue and Done to continue
Now we need to configure StoreFront for remote access. In my environment I am using StoreFront 3.0
Open the StoreFront Console on your StoreFront server.
Browse to Authentication and click on Add/Remove Methods.
Make sure that “Pass-through from NetScaler Gateway” is selected.
Next step select the “NetScaler Gateway” node and add click on the upper right corner and select “Add NetScaler Gateway /Appliance”
Fill in correct information.
Click on Ok to continue
Next step is to choose “Stores” and select “Enable Remote Acces”
Select “No VPN tunnel” and click on OK
So at this point you should be ready to go…
After Login in the following is displayed.
And you can choose the function you want to use.
In a next blog I will try to go into customizing the interface….