Basic Administration for Citrix NetScaler 9.

2 Instructor Delivery Guide

Citrix Course CNS-203-3I

Basic Administration for Citrix NetScaler 9.2 Instructor Delivery Guide

Citrix Course CNS-203-3I July 2011 Version 3.0

Table of Contents
Module 1: Delivery Guide Overview ................................................................ 5
Delivery Guide Overview ......................................................................................................... 7 Module 1: Introductions and Courseware Overview ................................................................ 9 Module 2: Introducing and Deploying Citrix NetScaler .......................................................... 10 Module 3: Networking .......................................................................................................... 12 Module 4: Configuring High Availability ................................................................................. 14 Module 5: Securing the NetScaler System ............................................................................ 16 Module 6: Configuring Load Balancing ................................................................................. 17 Module 7: Configuring SSL Offload ....................................................................................... 19 Module 8: Configuring Global Server Load Balancing ........................................................... 20 Module 9: Using AppExpert Classic to Optimize Traffic ........................................................ 21 Module 10: Using AppExpert for Responder, Rewrite, and URL Transform .......................... 22 Module 11: Using AppExpert for Content Switching ............................................................. 24 Module 12: Using AppExpert Advance to Optimize Traffic .................................................... 26 Module 13: Management ...................................................................................................... 28 Citrix NetScaler 9.3 Features ................................................................................................ 29

Copyright 2011 Citrix Systems, Inc.

Release Notes: July 2011 Version 3.0

The 3.0 version of the CNS-203-3I course has had several improvements, including: Updates to the style in the student manual and lab guide. Clarifications and enhancements to the steps in the following labs: Configuring High Availability Securing the NetScaler System Configuring Load Balancing Configuring Global Server Load Balancing Configuring Rewrite, Responder, and URL Transformation Grammar and syntax corrections in both the student manual and lab guide.

Module 1

Delivery Guide Overview

Copyright 2011 Citrix Systems, Inc.

Delivery Guide Overview

Description
This delivery guide contains advice and suggestions for delivering CNS-203-2I Basic Administration for Citrix NetScaler 9.2. Included in the delivery guide are: Module Timings Suggestions for overcoming problems encountered in exercises

Definitions
Practices provide students with a chance to test their understanding of the information presented in the lesson. Additionally, practices allow students to break out of the listening mode, think critically and interact with fellow students.

Demonstrations

provide students with an opportunity to see how tasks are accomplished using the product.

Exercises

provide students with hands-on practice using the product. Each exercise includes a scenario and step-by-step instructions for completing the exercise. For the best learning experience, students should attempt to complete the exercises using the information in the scenario. Students should only use the step-by-step instructions is they need additional help.

Reviews

provide students with a chance to test their understanding of the information presented in the lesson. Reviews are at the end of each module to give the instructor a chance to reinforce the previously covered topics with the students.

Overview
It is strongly recommended that you place exercises and reviews in the proper perspective before students attempt them. Allow students to attempt the exercises on their own before relying on the step-by-step instructions.
Copyright 2011 Citrix Systems, Inc.

Module 1: Delivery Guide Overview

Set exercise expectations accordingly and watch for student errors. If several students are making the same mistakes, reinforce the correct concepts to the entire class. Reinforce the types of answers that you would like to receive for reviews, and guide the students in a collaborative effort to discuss the given answers as well as additional answers. Be watchful of timing to ensure that reviews do not take more than five minutes to complete.

New In This Course

Instructors should take note and familiarize themselves with the following new organization of content included in this course.

Instructor Slides
The instructor PowerPoint slides are available for download on MyCitrix.com. Review these notes prior to teaching the class.

Online Student Resources

Make sure students are aware of the Online Student Resources, and that they can access the resources by following the steps on the Citrix eLearning Voucher page, which is located on the last page of the courseware.

Module 1: Delivery Guide Overview

Copyright 2011 Citrix Systems, Inc.

Module 1: Introductions and Courseware Overview

Time to Teach
Module: 45 minutes Exercises: No exercises

Overview
This module provides students with background information about an environment containing Citrix NetScaler 9.2. Before proceeding with the topics in this module, make sure the students understand the objectives for Module 2.

Key Points
Do not spend too much time reviewing the components. Additional information will be presented for many components later in the course. Emphasize the references to materials outside the course as they are a good source of detailed information for the student.

Copyright 2011 Citrix Systems, Inc.

Module 1: Delivery Guide Overview

Module 2: Introducing and Deploying Citrix NetScaler

Time to Teach
Module: 1 hour minutes Exercises: 1 Total Time: 5 minutes

Overview
This module provides students with information about Citrix NetScaler 9.2. The module discusses how Citrix NetScaler optimizes the delivery of internal- and external-facing web applications, accelerating performance, improving availability and increasing security. This approach ensures the best total cost of ownership, security, availability and performance for web applications. Before proceeding with the topics in this module, make sure the students understand the objectives for Module 2.

Key Points
Introduce the Citrix NetScaler, including content switching and load-balancing. Identify network placement options for the NetScaler system when planning a deployment: one-arm, two-arm and in-line mode Discuss the deployment scenarios for deployment: Flex-tenancy, displacement and new technology. Describe the key feature sets of the NetScaler system: Lower cost of ownership Application acceleration Application security Application availability Simple manageability Web 2.0 Discuss NetScaler product editions, hardware platforms and hardware components. Reference the Instructor PowerPoint slides for hardware platform specifications. Discuss the NetScaler architecture. Reference the Instructor PowerPoint Slides for graphical representation of the NetScaler architecture.

10

Module 1: Delivery Guide Overview

Copyright 2011 Citrix Systems, Inc.

Exercise Notes
New in 9.2: removal of the license update exercise. For more information, see the Classroom Setup Guide

Copyright 2011 Citrix Systems, Inc.

Module 1: Delivery Guide Overview

11

Module 3: Networking
Time to Teach
Module: 2 hours minutes Exercises: 1 Total Time: 25 minutes

Overview
This module discusses how networking works on the NetScaler system, as well as how the NetScaler system is fundamentally different from other devices. Before proceeding with the topics in this module, make sure the students understand the objectives for Module 4.

Key Points
Introduce NetScaler networking including: Connection separation Basic NetScaler system networking rules Multiplexing Describe the difference between the following IP address types: NetScaler IP address Subnet IP address Mapped IP address Virtual IP address Discuss the different type of NetScaler modes and how to some of the different modes. Describe inbound network translation and reverse network address translation. Refer to the courseware manual and PowerPoint slides for an example RNAT example. Discuss virtual local area networks and tagging, the functionality of VLANs with NetScaler VPX and how to configure VLANs in the Configuration Utility and command-line interface. Discuss how to configure LACP manually, and how to configure Link aggregation with LACP Mention dynamic routing support and Route Health Injection (RHI) Explain internet control message protocol (ICMP) and PathMTU. Refer to the PowerPoint slide for an animation which provides an overview of PathMTU.

12

Module 1: Delivery Guide Overview

Copyright 2011 Citrix Systems, Inc.

Exercise Notes
The steps in this lab are required for the NetScaler system to reach any back-end resources. Misconfigurations here will naturally impact later labs. For more information, see the Classroom Setup Guide

Common Issues
Later exercises call for rebooting the NetScaler system. Doing so will reset the system to the last saved state. If the student did not save his or her configuration, the NetScaler system will be reset to the original state (prior to this lab) and will have lost basic connectivity to back-end resources. It is recommended to save the configuration after having successfully completed this lab.

Copyright 2011 Citrix Systems, Inc.

Module 1: Delivery Guide Overview

13

Module 4: Configuring High Availability

Time to Teach
Module: 1 hour and 30 minutes Exercises: 1 Total Time: 25 minutes

Overview
This module discusses the deployment of two NetScaler systems in an environment as a high availability pair. A high availability pair ensures that the NetScaler-provided services are always available even if one system fails. Before proceeding with the topics in this module, make sure the students understand the objectives for Module 5.

Key Points
Describe high availability functionality. Describe the process for configuring a high availability node: Pre-configuration checklist Virtual media access control address Primary and secondary nodes configuration procedure High availability status verification Master status verification on the NetScaler system Discuss propagation and synchronization including: Command propagation verification in the Configuration Utility and the command-line interface Command propagation disablement Automatic configuration synchronization Forced synchronization using the Configuration Utility and the command-line interface File synchronization Forced failover using the Configuration Utility and the command-line interface Describe how to enable management access in the command-line interface. Describe secure system communication Explain how to upgrade a high availability pair

14

Module 1: Delivery Guide Overview

Copyright 2011 Citrix Systems, Inc.

Exercise Notes
This exercise requires students to partner up. The configurations done during this exercises must be undone to proceed to later labs. For more information, see the Classroom Setup Guide

Common Issues
If students do not undo their HA configuration, they will proceed into later labs as a high availability pair and will likely encounter problems.

Copyright 2011 Citrix Systems, Inc.

Module 1: Delivery Guide Overview

15

Module 5: Securing the NetScaler System

Time to Teach
Module: 1 hour and 30 minutes Exercises: 1 Total Time: 15 minutes

Overview
This module provides students with background information about Securing NetScaler communications with ACLs. Before proceeding with the topics in this module, make sure the students understand the objectives for Module 5.

Key Points
Do not spend too much time reviewing the components. Additional information will be presented for many components later in the course. Emphasize the references to materials outside the course as they are a good source of detailed information for the student.

Exercise Notes
The exercise for this module covers external authentication to the NetScaler. Not ACLs. This exercise may be treated as optional. For more information, see the Classroom Setup Guide

Common Issues
Students sometimes encounter problems with the LDAP configuration. All required information is provided for them in the Before You Begin section of the exercise workbook.

16

Module 1: Delivery Guide Overview

Copyright 2011 Citrix Systems, Inc.

Module 6: Configuring Load Balancing

Time to Teach
Module: 2 hours and 15 minutes Exercises: 4 Total Time: 45 minutes

Overview
This module provides students with information on how load balancing allows the NetScacler system to distribute client requests across multiple servers to optimize resource utilization. Load balancing improves server fault tolerance and user response times.

Key Points
Describe the following entities and how to add each in the Configuration Utility and command-line interface: Servers Services Virtual servers monitors Discuss load-balancing traffic types Describe service monitoring Point out the type of monitors Describe default monitors Describe the PING-default monitor Identify service dependency monitors Identify monitor parameters Describe the HTTP monitoring process and monitor parameters Describe the load balancing process Explain how to configure service weights in the Configuration Utility and command-line interface Describe the different types of session persistence Describe load balancing options: spillover, connection-based and bandwidth-based, dynamic spillover

Copyright 2011 Citrix Systems, Inc.

Module 1: Delivery Guide Overview

17

Explain how to configure load balancing options in the Configuration Utility and the command-line interface Discuss link load balancing Discuss service and virtual server management

Exercise Notes
New to 9.2: Exercise 6-3 (RADIUS Load Balancing). Exercise 6-4 (RTSP Load Balancing) is optional. For more information, see the Classroom Setup Guide

Common Issues
Exercise 6-3 uses various similar credentials that may confuse students. RadLogin.exe Client Username: student, Password: Password1

RADIUS Server

Username: any, Password: Password1

Authentication to the RADIUS server is based on request IP and pass phrase. In this case, the IP is the SNIP assigned to the student (the request originates from the front-end workstation, but is proxied through the NetScaler system. The RADIUS server sees the connection coming from the NetScaler's back-end IP). Therefore, the username used in the request is irrelevant to the RADIUS server. In fact, the username is only used by the NetScaler system for determining Load Balancing persistence.

18

Module 1: Delivery Guide Overview

Copyright 2011 Citrix Systems, Inc.

Module 7: Configuring SSL Offload

Time to Teach
Module: 1 hour Exercises: 1 Total Time: 20 minutes

Overview
This module contains information about how the SSL Offload feature of the NetScaler system transparently handles the CPU-intensive SSL encryption and decryption process, allowing the web servers to dedicate more processing power to content requests. The SSL Offload feature increases the performance of web sites that carry out SSL transactions. Before proceeding with the topics in this module, make sure the students understand the objectives for Module 7.

Key Points
Describe SSL and important SSL concepts Describe SSL Offload and how it is configured Describe the SSL session process Describe SSL keys, certificate signing requests, certificates Explain how to create a certkey pair on the NetScaler system Define SSL deployment scenarios Explain how to configure SSL Offload

Exercise Notes
For more information, see the Classroom Setup Guide

Copyright 2011 Citrix Systems, Inc.

Module 1: Delivery Guide Overview

19

Module 8: Configuring Global Server Load Balancing

Time to Teach
Module: 2 hours Exercises: 1 Total Time: 50 minutes

Overview
This module discusses how the Global Server Load Balancing feature ensures that client requests are directed to the best performing site available in a global enterprise or Internet environment. GSLB enables the NetScaler system to make intelligent traffic decisions based on server availability, and prevents client requests from being directed to sites which are not available. Before proceeding with the topics in this module, make sure the students understand the objectives for Module 8.

Key Points
Describe GSLB architecture and explain the GSLB conversation process. Describe Metric Exchange Protocol (MEP) and how to disable it from the command-line interface. Discuss GSLB monitoring Describe how the NetScaler system can be configured to respond to DNS queries Discuss DNS proxy configuration Discuss GSLB DNS methods Describe GSLB configurations: Traditional GSLB and Proximity-based GSLB Describe how to implement GSLB failover for disaster recovery Describe the GSLB entity relationship

Exercise Notes
This exercise requires students to partner up. The configurations done during this exercises must be undone to proceed to later labs. For more information, see the Classroom Setup Guide

20

Module 1: Delivery Guide Overview

Copyright 2011 Citrix Systems, Inc.

Module 9: Using AppExpert Classic to Optimize Traffic

Time to Teach
Module: 1 hour and 30 minutes Exercises: 2 Total Time: 30 minutes

Overview
This module provides an overview of the classic policy expression engine and syntax, as well as how to configure classic policy expressions for content filtering and compression. Before proceeding with the topics in this module, make sure the students understand the objectives for Module 9.

Key Points
Describe classic policies Identify basic policy components Discuss policy bindings and policy priorities Describe HTTP request and response headers Define expressions, and explain how to view expressions in the Configuration Utility and in the command-line interface Identify and define available qualifiers for HTTP and non-HTTP traffic Identify and define available operators Define a simple and compound expression Go over examples of simple and compound expressions Describe content filtering actions and rules Define compressions Discuss the compression process and considerations Discuss compression responses, parameters, policies and actions

Exercise Notes
For more information, see the Classroom Setup Guide Module 1: Delivery Guide Overview 21

Copyright 2011 Citrix Systems, Inc.

Module 10: Using AppExpert for Responder, Rewrite, and URL Transform
Time to Teach
Module: 2 hours Exercises: 6 Total Time: 75 minutes

Overview
This module discusses how the Rewrite feature, often called URL rewrite, modifies the header section of an HTTP request or response. The responder feature, which is used to generate responses from the NetScaler system to the client, eliminates the need to send some responses to the server for processing. the URL Transformation feature identifies URL patterns in HTML pages and modifies them to a different form by translating URLs from their external appearance to an internal resource. Before proceeding with the topics in this module, make sure the students understand the objectives for Module 10.

Key Points
Describe rewrite, responder and URL transformation Describe the processes for rewrite, responder and URL transformation Explain how to configure and write rewrite and responder policies Explain how to: Insert and replace HTTP headers Delete HTTP headers Delete request content Replace response content Explain how to add a rewrite policy, and how to bind the policy in the Configuration Utility and command-line interface Identify arguments when adding a responder action Describe responder redirect action Explain how to add a responder action Describe RespondWith and how to add this responder in the command-line interface Describe built in responder actions Module 1: Delivery Guide Overview
Copyright 2011 Citrix Systems, Inc.

22

Explain how to add a responder policy, and bind the policy in the Configuration Utility and command-line interface Describe URL Transformation feature, and how to configure this feature

Exercise Notes
There are many exercices in this module. You may want to break up the module lecture with exercises. For more information, see the Classroom Setup Guide

Copyright 2011 Citrix Systems, Inc.

Module 1: Delivery Guide Overview

23

Module 11: Using AppExpert for Content Switching

Time to Teach
Module: 1 hour Exercises: 1 Total Time: 20 minutes

Overview
This module discusses how content switching provides the ability to direct traffic. This module discusses how content switching provides the ability to direct traffic and client requests to back-end services based on an aspect of the request beyond the IP/port pair. Content switching allows the design of a complex internal system to appear to the public behind a single IP address. As clients connect to and request data from a single address, the NetScaler system examines the type of connection and sends it to the appropriate back-end service. The NetScaler system diverts the application requests transparently to the client and the application, allowing the application to be managed separately from the hosting site. Content switching allows the NetScaler system to direct traffic to servers on the basis of the content that the user is attempting to access. Content switching involves configuring load-balancing servers, services, virtual servers and content-switching policies. Before proceeding with the topics in this module, make sure students understand the objectives for Module 10.

Key Points
Describe content switching. Explain how to configure content switching Describe content-switching virtual servers Explain how to configure content-switching virtual servers in the Configuration Utility and in the command-line interface. Walk through rule-based policy examples Describe unmatched traffic handling

24

Module 1: Delivery Guide Overview

Copyright 2011 Citrix Systems, Inc.

Exercise Notes
For more information, see the Classroom Setup Guide

Copyright 2011 Citrix Systems, Inc.

Module 1: Delivery Guide Overview

25

Module 12: Using AppExpert Advance to Optimize Traffic

Time to Teach
Module: 1 hour Exercises: 1 Total Time: 20 minutes

Overview
This module discusses how the Integrated Caching feature of the NetScaler system helps optimize the delivery of web content and application, as well as how the NetScaler compression feature provides a transparent way to increase the performance of web sites with compressible content. By default, integrated caching is HTTP/1.1 and HTTP/1.0 compliant. It can store a variety of static and dynamic content and serve content instantly to a large number of users. Caching of content reduces the number of web server transactions. Caching of dynamic content reduces the latency and the computation cost associated with the dynamic page generation process. In addition, caching at the edge of a network deployment results in the significant reduction of page download time and bandwidth usage. The NetScaler system compresses HTTP responses for browsers that are compression aware, thus improving the performance of web sites with compressible content. By implementing lossless compression, the NetScaler system reduces the number of packets of data transmitted, thus reducing both download time and bandwidth usage for users. In lossless compression, the exact original data is reconstructed from the compressed data. Before proceeding with the topics in this module, make sure the students understand the objectives for Module 12.

Key Points
26 Define compression policies Identify and define compression actions. Enable compression and add a compression policy Go over the offerings of integrated caching Describe a reverse proxy cache configuration Describe content groups and cache selectors Describe static and dynamic content Module 1: Delivery Guide Overview
Copyright 2011 Citrix Systems, Inc.

Discuss the process flow from the request side, and from the response side Discuss cache policies and cache expressions Explain how to add user-defined policies in the command-line interface Identify and define the options for binding cache policies Describe built-in policies Explain how to implement graceful changes to the integrated cache Describe the DEFAULT and ALL content groups Explain how to change an existing content group and how to configure the expiry method in the command-line interface Describe FlashCache and how to enable FlashCache in the command-line interface Explain how to configure, remove and view a cache policy Configure cache expiration and cache flush Describe the application pane, and point out application units. Explain the methodology behind deploying a NetScaler configuration for an application Go over AppExpert template deployment guides and deployment examples Import an AppExpert template Create an application and application units Discuss policy-based parameters and configuration

Exercise Notes
For more information, see the Classroom Setup Guide

Copyright 2011 Citrix Systems, Inc.

Module 1: Delivery Guide Overview

27

Module 13: Management

Time to Teach
Module: 1 hour Exercises: 2 Total Time: 30 minutes

Overview
This module discusses how the NetScaler system can be monitored with Simple Network Management Protocol (SNMP), the Dashboard and the Monitoring tool, and how the NetScaler system supports syslog and nslog auditing, log access and management. Before proceeding with the topics in this module, make sure the students understand the objectives for Module 13.

Key Points
Review Simple Network Management Protocol (SNMP) Describe the following SNMPv1 and SNMPv2 components Explain the SNMPv1 and SNMPv2 communication process Explain how to configure SNMP component Discuss the dashboard, and its components and features Explain how to navigate the dashboard Explain how to display a built-in report and custom report Describe the syslog and nslog logging formats Explain how to add and configure an auditing server in the Configuration Utility and in the command-line interface Explain how to bind and unbind an auditing policy globally in the Configuration Utility and in the command-line interface Explain how to replace a high availability node and perform and upgrade Discuss how to capture network traffic using NSTCPDUMP and NSTRACE

Exercise Notes
For more information, see the Classroom Setup Guide

28

Module 1: Delivery Guide Overview

Copyright 2011 Citrix Systems, Inc.

Citrix NetScaler 9.3 Features

Time to Teach
Slide Deck: 35 minutes

Overview
This slide deck discusses the new NetScaler 9.3 features.

Key Points
Describe XenApp and XenDesktop enhancements. Describe the NetScaler SDX platforms. Explain how AppFlow provides visibility to application behavior, performance, and security. Describe how to load balance Branch Repeaters, RDP connections, and SQL services. Explain how OpenCloud Bridge mitigates risk by having an application appear as part of an enterprise network at the packet level. Discuss OpenCloud Access as a single sign-on solution. Describe the security enhancements for Citrix Application Firewall and DNS Security Extensions. Mention that more information on the NetScaler 9.3 features and simulations on three of the features (Branch Repeater load balancing, RDP load balancing, and Database load balancing) can be found in the CNS-101-1W Citrix NetScaler Overview course.

Copyright 2011 Citrix Systems, Inc.

Module 1: Delivery Guide Overview

29

30

Copyright 2011 Citrix Systems, Inc.

851 West Cypress Creek Road Fort Lauderdale, FL 33309 USA (954) 267 3000 www.citrix.com Rheinweg 9 8200 Schaffhausen Switzerland +41 (0) 52 63577 00 www.citrix.com Copyright 2011 Citrix Systems, Inc. All rights reserved.