Friday, March 25, 2016

NetScaler VPX - load balance Exchange - Part 1 (Installation and Configuration)

In this blog post (and the following), I would like to share my experiences with the Citrix Netscaler VPX, used as a load balancer for Microsoft Exchange 2010. The NetScaler can be deployed in several forms: as a "simple" physical appliance (MPX), as a virtual machine that we can host on common hypervisors (VPX), or as an appliance hosting XenServer with one or more virtual Netscaler VPX instances (SDX). I will use the VPX version as a guest in VMware Workstation.

In this scenario, our NetScaler VPX will load balance for a pair of Exchange 2010 (SP3) servers but the general concepts would apply to Exchange 2013 and 2016 as well. In fact, the Exchange servers themselves usually do not require additional configuration to interact with the VPX. Most often, it is simply a matter of designating them as "Servers" to which SMTP, RPC, SSL and possibly POP/IMAP traffic will be forwarded. "SSL Offloading" and work with SSL certificates in general are two examples where we might have to work on the Exchange servers themselves.

I will concentrate on the following aspects in this blog post and in following posts: installation and initial configuration of the NetScaler VPX, configuration of load balancing for various types of traffic (SMTP, RPC, SSL) and possibly some experiments with certificates.

At the end of this first blog post, I will provide a list of NetScaler VPX resources (see below).




Step 1: download and import VPX into the hypervisor

The first step is to download the "NetScaler VPX Express" virtual appliance package at this URL:

https://www.citrix.com/downloads/netscaler-adc/virtual-appliances/netscaler-vpx-express.html

Expand the version number and select the image compatible with your hypervisor (XenServer, ESX, HyperV, etc.). For VMware Workstation, we would use the ESX version.

I downloaded version 11.0-64.34 (for ESX):



Note: this is, of course, for a practice environment, the objective being to become better acquainted with the Citrix NetScaler. It is very unlikely that VMware Workstation would ever be used otherwise as a host for VPX.


I extract the content of the .zip file which leaves me with these three files:



If necessary, I copy these files to another location and then import the virtual machine from inside VMware Workstation: File | Open (browse to the .ovf file shown above).

We now have a NetScaler VPX virtual machine with the following configuration:



It is often recommended to remove the second network adapter since licensing is based on the MAC address and having two network adapters can apparently cause confusion. So I will remove the second NIC, at least for the time being.

Next, I click on the green arrow (see the screenshot above - "Power on this virtual machine") and wait for the NetScaler to start. I learned that the NetScaler OS is based on FreeBSD and we may see certain references to this effect in the verbose boot information that displays:



In my case, the system seemed to linger a moment at the "FreeBSD prompt" which is not a prompt at all (just wait for the boot process to continue). In fact, before we logon, we need to configure a first IP address (with mask and gateway) for the NetScaler. We will later use this IP address for management via a web interface. 



Only then can we logon, using the default username nsroot and password nsroot (yes, both username and password are nsroot):


Note: in a production environment, we would change the default password in accordance with the password policy of our organization.




Step 2: initial configuration (IP addresses, DNS, hostname, licensing)

Once logged on (above), we can further configure the NetScaler but only at the command line. If we prefer the GUI, we have to open a browser (I use Chrome here) and enter the IP address we assigned to the NetScaler earlier (10.0.0.32 for example):



After logon, the first thing we may see is a message about the "Citrix User Experience Improvement Program", which we can close.

We are then prompted to complete the initial configuration of the NetScaler: 2) at least one subnet IP address; 3) host name, DNS and time zone; 4) licensing (visible on a later screenshot):



We had already configured the "NetScaler IP Address" or "NSIP". We need to configure at least one "Subnet IP Address", also known as a "SNIP".

Unlike network nodes with a single address, the NetScaler usually has several: the NSIP, the SNIP (one or more) and also virtual IP addresses (VIP). For example, the VPX may load balance for Exchange, IIS, and other application servers. Each one of these services would be presented to clients as a separate and distinct IP address.

Essentially, managers access the NetScaler using the NSIP and the NetScaler communicates with backend servers using one or more SNIPs.

Note: the Netscaler VPX virtual image comes with two interfaces. I removed the second, as having two apparently complicates the installation of the license. After intial configuration, we can re-establish the second interface.

In my case, I will leave the NetScaler with a single interface, using what is known as a "one arm" configuration. In summary, this means that clients and servers are on the same subnet/VLAN. This article explains the concept further:


Otherwise, you can search for other articles explaining the differences between "one-arm" and "two-arm" load balancing. The general concepts apply to both Citrix and non-Citrix devices.

So, for the Subnet IP Address, or SNIP (we must have at least one SNIP), I click on the number 2 icon which causes the screen below to display. It explains the concept of a SNIP and allows us to configure the IP settings in the lower left-hand corner. I will use IP address 10.0.0.33 for the SNIP (the NSIP is 10.0.0.32):




Next, I'll assign a hostname, a local DNS server, and the time zone (UTC by default):




And now, it is time to license the NetScaler VPX.

I will use the free VPX Express license which activates many (but not all) NetScaler features for a duration of one year after which the license must be renewed.

Now, licensing the NetScaler is the most complicated part of the initial configuration tasks

Please take note of the value shown on the right-side of the screenshot below.

This is the MAC address of the (first) network interface of the NetScaler.

We must enter this value later when we request a VPX license from Citrix.

Note: yes, prudent or paranoid (?), I have partly concealed both my MAC addresses and license numbers.




We may see confusing references to the "hostname" or "hostid" but it is indeed the MAC address that we should use. I'll show you how we can find the hostname of the NetScaler, but also what happens if we attempt to license the NetScaler based on the hostname.


This is the URL where we can obtain a (free) VPX Express license:

https://www.citrix.com/downloads/netscaler-adc/virtual-appliances/netscaler-vpx-express.html

Click on Get License (you may have to scroll to the bottom of the page):


There is a serial number - click on it:




And now the confusion begins! If we noted the identifier above, we might have (correctly) concluded that we would use the MAC address of the NetScaler for licensing. But when we click on the serial number of the license, we obtain a warning about... the HOST NAME:


If we click on the "Determine License Server Name (host name) or Host Id", we read:



So I do this (type "hostname" at the command prompt which gives us NSVPX1):



Note: in the web interface, we can see the MAC Address under:

NetScaler > System > System Information


We then enter NSVPX1 in the Host ID field:



And obtain this result:




*** We need to use the MAC address - NOT the hostname ***


So copy the MAC address from the VPX configuration page above and enter it in the "Host ID" field instead of the host name (and click "Continue"):



This time the license was granted and we can download it to the computer from which we are managing the NetScaler (via the web interface).



Click on download...



Note: save the file to a location on the local computer (I will not demonstrate how to download a license file here). The license file should look something like this:





Returning to the NetScaler web interface, we click on the number 4 to the right of the licensing section (unfortunately cut off in my screenshot):




We click on "Add New License" and browse to the location of the license file. Once installed, we should see a screen similar to this:



We must reboot the NetScaler at this point, so click on the blue Reboot button and be sure to save your configuration:





***

Once the Netscaler reboots, we can log back in and configure load balancing (for example). I'll take a look at that in my next blog post.




NetScaler VPX resources


Citrix Documentation

We can access Citrix documentation at this URL (select the product and product version):

http://docs.citrix.com/

Here is the section for the NetScaler VPX:

http://docs.citrix.com/en-us/netscaler/11/getting-started-with-vpx.html



Citrix Education courses

I was fortunate enough to attend an official Citrix NetScaler training course (instructor led):

CNS-205 - Citrix NetScaler 11.0 Essentials and Networking

http://training.citrix.com/mod/ctxcatalog/course.php?id=497

I would recommend it for anyone responsible for managing NetScaler in a production environment.



Books

For those who prefer books (that may summarize essential points under a single cover), you might want to consider the following titles:

Implementing NetScaler VPX by Marius Sandbu

Mastering NetScaler VPX by Marius Sandbu

Note: perform a search at your preferred bookseller.


Video training (3rd party)

CBTNuggets offers a course which I found useful for my objectives:

https://www.cbtnuggets.com/it-training/citrix-netscaler

PluralSight also offers a NetScaler course (I have not viewed it myself but ratings seem to be favorable):

https://www.pluralsight.com/courses/citrix-netscaler-10-design-deployment



Citrix VPX Forum

http://discussions.citrix.com/forum/1337-netscaler-vpx/


Lastly, I am certainly not the first to blog about the Citrix NetScaler. There is an abundance of other blog posts and videos of varying quality available online.

No comments:

Post a Comment