NetScaler 10 Learn to configure, and upskill in this latest feature packed release Self-paced exercise guide

Citrix Virtual Classroom Table of Contents

Overview............................................................................................................................................................. 3 How to log in to your lab ................................................................................................................................. 4 Exercise 1: Upgrade your NetScaler ............................................................................................................... 6 Exercise 2: Networking Network Profiles ................................................................................................. 8 Exercise 3: ICMP based on VServer Health ............................................................................................... 11 Exercise 4: DataStream Responder .............................................................................................................. 14 Exercise 5: DataStream Caching ................................................................................................................... 21 Exercise 6: Action Analytics .......................................................................................................................... 26 Exercise 7: DNS Response Rewriting .......................................................................................................... 30 Exercise 8: AutoScale Domain Based Service............................................................................................. 34

Page 2

Citrix Virtual Classroom Overview

Hands-on Training Module
This training module has the following details: Objective Provide hands on experience in the configuration and use of the NetScaler 10 features, with a focus on DataStream, Action Analytics, and various DNS enhancements. Primary: NetScaler administrators

Audience

Lab Environment Details

Below you can find the lab architecture. This is an isolated environment, so all attendees will use the same IP addresses in the Private Network (blue). The servers you will actually need for this lab are highlighted below.

Required Lab Credentials

Here are the login credentials required to connect to the lab environment. Machine XenServer Win7Client NetScalerVPX All Windows Servers MySQL Login Apache_MySQL Username root Training\administrator nsroot Training\administrator netscalersql root Password (Supplied) Citrix123 nsroot Citrix123 netscaler c!tr!x

Page 3

Citrix Classroom How to Virtual log into the lab environment

The self-paced lab environment is hosted on a cloud-based Citrix XenServer. Connecting to your server from the portal page is as easy as 1-2-3.

Step-by-step login instructions

Step 1. Action Once logged in at the self-paced portal, click the Start lab button to launch a connection to published XenCenter.

2.

When XenCenter loads, right-click the XenCenter node and select Add.

3.

On the Add New Server screen enter the XenServer IP address provided on the portal and in the Password field enter the password provided on the portal. The user name will always be root.

Page 4

Your lab desktop this is important!! If you dont follow the steps below, you may experience slow mouse movements, keystrokes, and screen updates.

When all the servers are started, you should select the Win7Client VM and click on the Console tab. Wait for approximately 30 seconds. It should automatically switch to Remote Desktop. If it says Switch to Default Desktop then it is already using Remote Desktop, and you can leave it as is. It will prompt you to log in once it switches to Remote Desktop. Please use training\administrator and Citrix123 to log in.

All of the lab exercises should be completed from within the Win7Client. You will get the best experience if you go to console-fullscreen in XenCenter on the Win7Client VM. You can toggle this by entering Ctrl+Alt on your keyboard when at the console. This is what it should look like:

If you see XenCenter prompting you to Switch to Remote Desktop it means you are using the default desktop access method, which we recommend against.

Lab walkthrough Only if you encounter issues.

Overview
If you are encountering problems in the lab, and are stuck at one particular point, you have the option of using our cheatsheet which is located in the root of the C:\ on the Win7Client Virtual machine.

Step by step guidance

Each lab is labeled in the text file. You need only open PuTTy (the SSH client), log in, and copy and paste the relevant lines from the textfile into the CLI. In order to find out where you went wrong, save the configuration. In PuTTY, type the command: clear conf full Now you can copy and paste all the commands (excluding the upgrade) up to the lab you encountered trouble. You should now see the correct functionality. Save the config. In the NetScaler GUI, you can click on System Diagnostics Configuration Difference

Now choose saved config as the second file, and ns.conf.0 as the first file like below. This will show you the configuration differences between the two files, and you will hopefully see where you went astray.

Page 6

Exercise 1: Upgrade your NetScaler

Overview
In this exercise you will perform a manual upgrade from NetScaler 9.3 to NetScaler 10 using the CLI.

Step by step guidance

Estimated time to complete this lab: 5 minutes. Step Action 1. Launch Putty.exe from the desktop and connect to the saved session NetScaler by double clicking it. 2. Login with the username \ password of nsroot \ nsroot. 3. Type show version to see the NetScaler version 4. Type shell and press enter. 5. Type cd /var/nsinstall/10/70.7/ and press enter. 6. Type tar xvzf build-10.0-70.7_nc.tgz and press enter. 7. Type ./installns and press enter 8. Press Y when it prompts you to reboot. 9. It should take approximately 3 minutes to complete the reboot. 10. Open Firefox, and login to Configuration Utility. Verify the version and build no.

Summary
Key Takeaways NOTES The key takeaways for this exercise are: Upgrading a NetScaler using the command line This upgrade required that the firmware was already loaded onto the appliance. You can download the latest firmware from the citrix.com site providing you have a valid support agreement. You can use SCP (or WinSCP) to load firmware onto the appliance. Always place it in the /var/nsinstall directory. Its a good practice to create a sub directory in /var/nsinstall with the version number, and within that, a further subdirectory with the build number, as shown on your appliance (e.g. /var/nsinstall/10/70.7/) You may also use the Upgrade Wizard available by clicking on the System node in the configuration utility. This can perform the upgrade from firmware located on the appliance, or your local computer or a remote FTP server.

Page 7

Exercise 2: Networking Network Profiles

Overview
In this exercise you will configure some network profiles and demonstrate this functionality by browsing different VServers, connected to the same back end server, and see different SNIPs being utilised. Usually, when using multiple SNIPs in the same subnet to talk to back end servers the appliance will round robin on SNIP choice so all the ports dont get exhausted on one SNIP when the others are not being used. However, sometimes a more granular control is required. Please see the powerpoint for use cases.

Step by step guidance

Estimated time to complete this lab: 10 minutes. Step Action 1. The system will have one SNIP pre-configured. This is 192.168.10.90. We should create a second SNIP on the appliance for this lab exercise. Navigate to the following node in the NetScaler configuration utility: Networks IP Add and enter 192.168.10.21 / 255.255.255.0 2. Click Create Close to add the SubNet IP. 3. Now click on Network Net Profiles Add, and create the first Network Profile. Give it a name of Subnet-90. 4. Choose the IP ending in 90 from the dropdown, and click Create.

Page 8

Step 5.

Action The profile will be created, but the window will remain open, ready to create additional Network Profiles. Change the name from Subnet-90 to Subnet-21 and choose the IP address ending in 21 from the dropdown.

6. 7. 8. 9.

Click Create, and then click Close. Right click on the yellow circle beside Load Balancing and right click to enable the feature. Navigate to Load Balancing Services and click Add Enter Web1 as the service name, 192.168.10.50 as the IP, and leave the protocol and port set to HTTP and port 80 respectively.

10. 11.

Click Create well let the service bind a default monitor for now. Navigate to Virtual Servers under the Load Balancing node and click Add. Give the Virtual server the name Vserver-25 and the IP address 192.168.10.25. Activate (bind) the configured service Web1. Do NOT click Create yet.

12.

Select the Profiles Tab, and choose Subnet-90 from the Net Profile drop down list.

13. 14.

Now click Create. The VServer entity will be created, but the window will remain open. Change the Net Profile value to Subnet-21 Change the VServer IP address to 192.168.10.26. Page 9

Step 15.

Action Change the Vserver name to Vserver-26.

16.

17.

18.

Click Create and then click Close. Open a new tab on your browser, and enter the following URL: http://192.168.10.25/show-ip.asp This page dynamically displays the IP address that the web server sees the request coming from. Confirm it displays the IP ending in 90. Enter the following URL: http://192.168.10.26/show-ip.asp Confirm it displays the IP ending in 21. Enter the following URL: http://192.168.10.50/show-ip.asp Confirm it displays the IP ending in 15. This is because you are connecting directly to the web server from your client, and bypassing the NetScaler. 192.168.10.15 is your client IP address.

Summary
Key Takeaways NOTES The key takeaways for this exercise are: Creating Network profiles and binding them to Vservers They can also be bound to a service, service group, and monitor too. The page used on the webserver is a simple page to display the incoming IP address. There is another page in the root of the webserver called /all-headers.asp. This does a complete dump of ALL headers and available server variables a useful diagnostic troubleshooting page when you want to see what the web server is receiving from the web server. There is also a page called /all-headers.php to display the same content. The source code of these files is located in the files folder on the Win7Client desktop, and is yours to take away and use.

Page 10

Exercise 3: ICMP based on VServer Health

Overview
In this exercise you will allow the VServer health to decide if the NetScaler responds to ICMP for a particular IP address.

Step by step guidance

Estimated time to complete this lab: 5 minutes. Step Action 1. Navigate to Network IPs and double click the IP 192.168.10.25 2. Choose ALL_VSERVERS from the ICMP Response drop-down. Click OK.

3. 4.

Open a command prompt by clicking Start, enter cmd in the searchbox and press return. Enter the command: ping t 192.168.10.25 and press enter.

5.

Navigate to Load Balancing Virtual Servers , click ONCE on Vserver-25, and click Add. (This is how we can add a new Virtual Server, using an existing entity as a template.)

Page 11

Step 6.

Action Change the name to VServer-25-8080, change the port to 8080, and make sure to activate the Service Web1. Click Create and then Close.

7. 8. 9.

You now have two VServers configured on 192.168.10.25 listening for HTTP traffic. Disable 1 VServer by right clicking it and selecting Disable and clicking Yes. Check your command prompt you should notice that the VServer is no longer responding to ICMP. This is because the IP address 192.168.10.25 has a DOWN VServer associated with it.

10. 11.

Return to the NetScaler configuration utility and expand Networking IPs Double click the IP 192.168.10.25 and choose ONE_VSERVER & Click OK.

Page 12

Step 12.

Action Return to the DOS command prompt, and you will see the appliance responding to ICMP again. This is because ICMP will now respond if at least ONE Vserver associated with the IP address is UP.

Summary
Key Takeaways The key takeaways for this exercise are: Controlling ICMP behavior based on the health of the VServer. Demonstrating the difference between ONE_VSERVER and ALL_VSERVER. When the same functionality is used for ARP what would be the impact of setting the ARP response to ONE_VSERVER if one of the VServers became unhealthy. Think in terms of existing traffic, and traffic in 10, 20 or 30 minutes time.

NOTES

Page 13

Exercise 4: DataStream Responder

Overview
In this exercise we will create a Responder message to respond with an error if someone attempts to send the drop command through a NetScaler MySQL VServer. You will need to create the MySQL monitor, MySQL Service, & LB VServer entities yourself. It is very important that you configure the MySQL ECV monitor correctly as the MySQL engine will start rejecting requests from a client who just performs the TCP handshake, like the TCP Monitor.

Step by step guidance

Estimated time to complete this lab: 15 minutes. Step Action 1. Firstly, we are going to add the database user to the NetScaler configuration. Expand the System node, and click on Database Users. Create a user called: netscalersql Use the password : netscaler for this user.

2. Navigate to Load Balancing Monitors and click Add. Choose MySQL-ECV as the type (NOT MySQL) and call the monitor MySQL-Custom-Monitor. Make sure to set the Network Profile on the Monitor. (Subnet-90) The MySQL DB server only allows connection from the netscalersql user to come from this IP address.

Page 14

Step Action 3. Click on Special Parameters and enter the following information: Database: imdb Query: select * from actors where actors.last_name = "Pacino"; Username: netscalersql Rule: MYSQL.RES.ATLEAST_ROWS_COUNT(1) Click Create. How does this monitor decide on the health of the service?

4. Navigate to Load Balancing Virtual Servers. Ensure that you have not clicked on any of the existing Virtual Servers. Click on Add. Choose MySQL as the protocol, enter 192.168.10.30 as the Virtual Server IP, 3306 for the port, and use the name MySQLVserver for the Vservername.

5. It is important that the MySQL database server receives requests over a specific IP address, as this is how security grants are administered. Click on the Profiles tab and choose the profile associated with the subnet IP address ending in 90.

Page 15

Step Action 6. Click the Services tab. Click on Add at the bottom of this window to create a MySQL Service on the fly. Choose MySQL as the protocol, enter 192.168.10.13 as the Server, 3306 as the port, and call it MySQL-Svc. Bind the monitor MySQL-Custom-Monitor to the service, and click Create.

7. The Service should now be visible and active in the Create VServer window, and the service should be up. If not, then move to step 9. Click Create and Close.

8. Navigate to the Services node beneath Load Balancing. Open the Service and click on the monitor to verify that it has a Success status.

If there is an error, you may need to wait a minute for the service to re-check the health and report the correct message as indicated above. Close the Service Window.

Page 16

Step Action 9. Enable the Responder Feature. (Right Click the yellow circle and choose Enable). Navigate to the Responder Feature Actions. Click on Add. Give it a name of No-Drop and choose Respond with SQL Error from the drop down. Enter some text into the Target window along the lines of: The Drop command is not allowed to be executed through the Load Balanced VServer e.g. (No quotation marks required) Click Create and Close.

10. Click on Policies under the Responder feature, and click add. 11. Enter MySQL-Pol-No-Drop as the Responder name. Choose No-Drop from the Action drop down list. 12. Click once in the expression field, hold down CTRL and press the space bar. Choose MySQL and double click.

Now press the full stop (period) and use the expression builder to create the following expression: MYSQL.REQ.QUERY.COMMAND.EQ("drop") 13. Click Create and Close. 14. Click on the Policy Manager button at the bottom of the window.

15. Choose MySQL from the drop down in the top left hand corner of the Policy Manager window.

Page 17

Step Action 16. Click on LB Virtual Server, and double click on MySQL-VServer so that the Insert Policy is activated, like below.

17. Click Insert Policy and choose the Responder policy you just created, MySQL-Pol-NoDrop. There should only be ONE entry in the bind responder policy window. If you added a second policy by mistake, ensure you remove it before clicking Apply Changes 18. Click Apply Changes and click Close. Choose Yes if prompted to save your changes.

19. The VServer is now ready to receive requests from any MySQL Client. 20. Were going to use a graphical client to connect to the LB VServer. Click on Start Programs and scroll up to click on HeidiSQL

Page 18

Step Action 21. The Connection settings should be pre-populated. Click on Open

22. You should see a list of available tables. Click on the Query tab:

If Heidi does not connect, then you can check the troubleshooting section at the end of this exercise. 23. Enter the following text into the text field, and click the blue Play symbol to the upper right: drop database test;

24. This sends the command to the database. The responder policy should pick this up, and you should see the response:

25. Click Ok and minimise the HeidiSQL Client, and return to the NetScaler configuration Utility.

Page 19

Summary
Key Takeaways The key takeaways for this exercise are: Using Responder, you can choose to send a response to any MySQL or MSSQL request. You simply need to choose what commands\ strings\ arguments trigger the Responder in the Responder policy

You can choose to respond with an Error or an OK message. Troubleshooting If you bind a TCP monitor to a MySQL service, there is a good chance that the NOTES MySQL server will blacklist that IP address. MySQL does not like receiving a TCP handshake, and then no data. So if the monitor on the service is not coming up, and you DID bind a TCP monitor by mistake, then you will need to reboot the MySQL server once the correct monitor is bound. There is a way to do this using the MySQL command prompt, but rebooting the MySQL1 server from XenCenter is by far the fastest way to reset it. (It should only take about 30-40 seconds). We have noticed that many people experienced issues with this lab because they chose MSSQL as the protocol in either the VServer, Service or Monitor. You must use MySQL. MSSQL is a totally different protocol, and they are not interchangeable. If you need to change a service or VServer protocol, you will have to remove the entity and add it again.

Page 20

Exercise 5: DataStream Caching

Overview
In this exercise you will configure a Cache Selector (mandatory for DataStream caching),a Cache Content Group, and a Cache Policy. There is a contrived query that we will run on the database which can take up to 1 minute to complete. Once we cache this response on the appliance, the time taken drops to less than 1 second. There is a web application designed to run this query against the database and display the results, along with the response time and the query used. You may use the HeidiSQL client as well if you want to by-pass the web application.

Step by step guidance

Estimated time to complete this lab: 10 minutes. Step Action 1. Firstly, open a new tab in the web browser and go to http://192.168.10.26/. Click on the MySQL lab link at the bottom of the page:

2.

3.

4.

You will see a page where you can submit an IP address. This is set to the MySQL VServer IP configured earlier by default. You can change the IP by entering a new one and clicking Submit but there is no need to do so if youve used the suggested IP addresses in previous labs. This IP address will be used as the Database Server IP address that the web application will send a MySQL query to. Once you are satisfied that your NetScaler MySQL VServer is up and listening for requests, click the link to execute the long query. If the page displays the message MySQL Server has gone away please hold down Shift and press F5. If it continues to display the error message, check the status of the monitor bound to the service and call over one of the facilitators. Look at the bottom of the browser to check if the page is loading. If you see: and then you know that the page is loading, please have patience! It will take approximately 1-2 minutes to run. You can continue with the lab while you are waiting (step 6), but check back after a minute to make sure there are no errors. Once the page has full loaded you will see the table, along with the query used, and the execution time. This value is taken using PHP which starts a counter before the query, and after the last byte of response is received from the MySQL VServer. Page 21

5.

Step 6. 7.

8.

Action Now we will set up the caching configuration. This is one of the few features we choose to leave DISabled while we configure it. (See why in the notes at the end of this lab.) Unlike HTTP a cache selector is mandatory for Database Response caching. In the NetScaler configuration, browse to Integrated Caching and drill down to Cache Selectors. Click Add. Give it a name of DB-Query, and choose the following expression:
MYSQL.REQ.QUERY.TEXT

Click Add and then click Create, and then click Close.

9. 10. 11.

Next we will create our Content Group. Expand "Content Groups and click Add. Choose MySQL as the type, and give it a name like MySQL-Cache. Choose Expire Content After - 500 seconds.

12.

Click on the Paramaterization tab and choose the Hit Selector you just created from the drop down.

Page 22

Step 13.

Action Click on the Memory tab and enter 2000 for the Do Not Cache if size Exceeds value.

14. 15.

Click Create and click Close. Click on Policies, and click on Add. Give it a name like : Cache-MySQL-Reqs, choose your newly created content group from the drop down, and enter the following expression: MYSQL.REQ.QUERY.COMMAND.CONTAINS("SELECT") Click Create and then click Close.

16.

Click once on the Integrated Cache feature on the left hand side. In the right hand pane, you should see the global settings for this feature. Click Change Cache Settings and set the Memory Usage Limit to 100. Click OK.

17.

Right click the yellow circle beside Integrated Cache and choose Enable Feature.

Page 23

Step 18.

Action Expand Load Balancing Virtual Servers and open the MySQL Virtual server by double clicking it. Click on the Policies tab, and choose Cache (Request). Click Insert Policy, and choose the MySQL Cache policy that you just created. Click Ok

19.

Now, return to your Web Application and refresh the page once. It should take approximately 1 minute again to retrieve the data. Now click Refresh once more, and the load time should reduce dramatically.

Page 24

Summary
Key Takeaways The key takeaways for this exercise are: Configuring Integrated Cache to cache database responses requires 4 main configuration points: 1. Cache Selector 2. Content Group 3. Policy 4. Policy Binding

NOTES

Global Cache settings (Cache Memory Allocation) must be set to a value otherwise the object will never enter then cache, but the cache policy will register a hit. Caching is configured with the feature disabled because objects may go into the cache while you are configuring the feature. You might add configuration to not cache those objects, and it will not retrospectively view objects in the cache. Results of this are not predictable the worst case scenario being that objects you dont want to cache DO get cached. When changing a cache configuration, it is recommended to disable the feature, make the change, flush all cache objects, and re-enable the feature again. Sometimes, when viewing Cache Objects in Firefox, the Firefox browser crashes. If this happens, please switch to Chrome, where the issue should not occur.

Page 25

Exercise 6: Action Analytics

Overview
In this exercise we will use real time streaming stats to impact the configuration on the appliance, allowing it to dynamically choose the most efficient configuration. We will use the Integrated Cache feature to demonstrate this. NetScaler 10 comes bundled with some sample analytics which we will use for this lab.

Step by step guidance

Estimated time to complete this lab: 10 minutes. Step Action 1. Click on App Expert Action Analytics Selectors We will use the Selector called Top_URL. 2. Click on Stream Identifiers below. We will use the Identifier Top_URL. 3. Navigate to Responder Policies and note the Top_URL policy. It has an action of : No Operation. 4. Browse to Integrated Cache and disable the feature. Click on Content Groups and click on Add. 5. Call it ActionAnalytics and set the Expire Content After value to 60 seconds. Click Create. (This is a HTTP Content Group.)

6. 7. 8. 9.

Click on Policies under Integrated Cache. Click on Add. Give it a name like AnalyticsCache-Pol. Choose the group you just created from the drop down. In the Expression window, enter the following expression: ANALYTICS.STREAM("Top_URL").IS_TOP(5) Click Create and then Close. Right click Integrated Cache and Enable the feature once more.

Page 26

Step 10.

Action Navigate to Load Balancing Virtual Servers. Open the HTTP LB Server that is UP and open it. Click on the policies tab:

11. 12. 13. 14.

Click on Cache (Request), choose Insert Policy and add the Analytics-Cache-Pol Click on Responder, choose Insert Policy, and add the Top_URL policy. Open a new tab on FireFox and enter the IP of the Vserver to which you bound the last two policies. E.g. http://192.168.10.26/ Click on Tools HttpFox Toggle HttpFox

15. 16.

Click on Start in this tool. Click on the following link at the bottom of the page: Click on the NetScaler 10 word until you reach Page 5, and stop.

Page 27

Step 17.

Action Now click on one of the rows in HttpFox, and look at the response headers:

18. 19. 20. 21. 22.

23. 24. 25. 26. 27. 28.

Note the Via Header inserted by the NetScaler as it serves the object from the cache. Click Stop in HttpFox and close the plugin by clicking the red X in the top right hand corner of the HttpFox window. Return to the NetScaler administration window, and Navigate to App Expert Action Analytics Stream Identifiers. Click on Top_URL and click on the button Stream Sessions at the bottom of the window to view the objects in graphical format. Navigate to Integrated Caching and click on Cache Objects. (It takes a second to load as this information is still accessed via java.) If the browser fails to display the content, you could try loading the NetScaler configuration utility in Chrome, and viewing it from there. Sometimes, when viewing Cache Objects in Firefox, the Firefox browser crashes. If this happens, please switch to Chrome, where the issue should not occur. Alternatively, see Step 27 for the CLI command to view the exact same data. From the NetScaler CLI, enter the following command: stat stream identifier Top_URL Now enter the command: clear stream session Top_URL Return to the page in your browser Citrix NetScaler 10 Page 5 and click the next 5 links. From the NetScaler CLI, enter the following command: stat stream identifier Top_URL Confirm that the new requests are in the cache by executing the following CLI command: show cache objects View the indepth details of the cache object by executing the following command: show cache show cache object locator xxxxxxxxxxxxxxxx Replace the xxxxxxxxs with the locator string shown in the output of show cache object. Pay special attention to the Expiry field. An example of the above command would be: show cache object -locator 0x0000000e4d2900000043

Page 28

Summary
Key Takeaways The key takeaways for this exercise are: How to invoke the built in Stream Selectors and Identifiers using a Responder policy with No-Op Action

NOTES

How to use Analytics in a NetScaler feature, e.g. Integrated Cache, and view the analytic results graphically in the NetScaler Configuration Utility. There are several CLI examples in this lab to demonstrate how to view additional information. It is sometimes easier to go to the CLI to view this information as we can grep the results.

Page 29

Exercise 7: DNS Response Rewriting

Overview
In this exercise we will examine how to load balance DNS servers, how to view the cached responses, and how to rewrite Non-Existent Domain responses. We will also learn how to demonstrate DNS functionality through a NetScaler appliance.

Step by step guidance

Estimated time to complete this lab: 10 minutes. Step Action 1. The first thing we need to do is configure the NetScaler so it can resolve DNS requests. This can be done in two ways quick and with a single point of failure, or redundant with health checks and logging. We will configure the latter. 2. Navigate to DNS and click on Name Servers. Click Add. Choose DNS Virtual Server and click the New button.

3. 4. 5. 6. 7. 8. 9. 10.

This opens a Create Virtual Server dialog box. Give it a name of DNS-LB-Vserver Use the IP address 192.168.10.30. The default port is pre-selected as 53. The Services tab is displayed by default, click Add. Enter DNS-SVC as the service name, and enter 192.168.10.11 into the server field. Do not choose the default DNS monitor type. Choose DNS from the protocol dropdown box, and click Create. The Add Service window should close and the DNS-SVC service should be activated in your Create Vserver dialog box. Click Create. This will close the window. You have now returned to the Create Name Server box, and your DNS LB VServer is in the drop down box. Click Create and click Close. Verify that your DNS LB Vserver is enabled and has an Effective State of Up.

Page 30

Step 11.

Action You can test your DNS LB Vserver by following these steps: a. Open a DOS Command prompt box. (Start Type cmd in the search box, and click the link cmd.exe.) b. Type nslookup and press enter c. Type server 192.168.10.30 and press enter d. Type www.citrix.com and press enter.

12.

13.

14. 15. 16. 17.

Return to the NetScaler configuration, and browse to DNS Records Click on Address Records and scroll down. You should see the www.gslb.citrix.com record cached on the appliance (this is different to Integrated Cache) with a TTL of 60 seconds. Now type www.netscaler10rocks.com into nslookup - you should receive a response saying: *** [192.168.10.30] can't find www.netscaler10rocks.com: Non-existent domain In the NetScaler configuration, navigate to: DNS Actions Click Add. Give the action a name, e.g. DNS-Replace-Response Choose Rewrite Response as the action type. Enter 40.30.20.10 in the IP Address field, and click Add

18. 19. 20.

Now click Create, and click Close. Click on DNS Policies and click Add. Ensure that your newly created action is selected. Call the Policy Always-respond-to-NetScaler-host

Page 31

Step 21.

Action In the Expression field, enter the following expression: DNS.RES.QUESTION.DOMAIN.CONTAINS("training.lab").NOT && DNS.RES.HEADER.RCODE.EQ(NXDOMAIN) && DNS.RES.QUESTION.DOMAIN.CONTAINS("netscaler")

22. 23. 24. 25.

Click Create and click Close. In the DNS Policies window, click Global Bindings. Click Insert Policy, choose your newly created DNS Policy, and click OK. Return to the DOS Prompt and NSLOOKUP again. Send the same DNS request www.netscaler10rocks.com and verify that you now get a positive response with an IP address.

Page 32

Summary
Key Takeaways The key takeaways for this exercise are: Creating a load balancing VServer for NetScaler based name resolution (i.e. so the NetScaler itself can resolve host records) Testing this configuration using nslookup and pointing it at the NetScaler LB Vserver, and viewing cached records on the appliance. Creating a granular (i.e. based on the hostname of the request) DNS rewrite action to replace negative responses with positive responses and an IP address.

NOTES

Q. Why do we have to include the expression DNS.RES.QUESTION.DOMAIN. CONTAINS("training.lab").NOT in the policy expression? A. Sometimes, depending on the client, it can include the local host prefix to DNS requests e.g. www.netscaler10rocks.com.training.lab. Only local client traces will reveal this client DNS behavior. This would not be an issue for requests coming from the internet, as the local DNS (LDNS) would respond to these accordingly, before going to the internet name servers to resolve www.netscaler10rocks.com. Now try typing www.netscaler.com . . . what is the result?

Page 33

Exercise 8: AutoScale Domain Based Service

Overview
In this exercise you will create a service group using a single hostname, which will auto-populate the servicegroup with members, based on the response to the hostname IP resolution.

Step by step guidance

Estimated time to complete this lab: 10 minutes. Step Action 1. Open a DOS command prompt box and type NSLOOKUP. 2. Enter the hostname dnsgroup and press enter. This list of IP addresses will be used by the NetScaler appliance to autoscale a service group. 3. In the NetScaler configuration utility, navigate to Load Balancing Servers (note: not services). 4. Click Add. Enter dbs in the Server Name field, and enter dnsgroup.training.lab in the Domain Name field. Click Create and click Close.

5. 6. 7. 8.

Click on Load Balancing Service Groups and click on Add. Enter DBS-autoscale for the service group name. Select the Server Based radio button in the Specify Members section. Click on dbs from the list, enter 80 in the port field, and leave the protocol on HTTP.

Page 34

Step 9.

Action Click on the Advanced tab, and in the bottom right, set the Auto Scale Mode to DNS. Click Create and then Close.

10.

The GUI will not display the service IPs immediately, as they are being resolved. The results, IP addresses, and state will be available in the CLI if you execute the command: sho servicegroup DBS-Autoscale where the service group name is DBS-Autoscale. Future builds should resolve this issue.

Summary
Key Takeaways The key takeaways for this exercise are: NOTES How to validate that the host record will result in an AutoScaled servicegroup. Configuring an AutoScaled Service group the AutoScale option is not available (greyed out) until you select a host based server object.

Page 35

Revision History
Revision 1.0 Change Description Original Version Updated By Rnn OBrien Date October 2012

About Citrix Citrix Systems, Inc. designs, develops and markets technology solutions that enable information technology (IT) services. The Enterprise division and the Online Services division constitute its two segments. Its revenues are derived from sales of Enterprise division products, which include its Desktop Solutions, Datacenter and Cloud Solutions, Cloud-based Data Solutions and related technical services and from its Online Services division's Web collaboration, remote access and support services. It markets and licenses its products directly to enterprise customers, over the Web, and through systems integrators (Sis) in addition to indirectly through value-added resellers (VARs), value-added distributors (VADs) and original equipment manufacturers (OEMs). In July 2012, the Company acquired Bytemobile, provider of data and video optimization solutions for mobile network operators. http://www.citrix.com

2012 Citrix Systems, Inc. All rights reserved.

Page 36