NetScaler is a high performance Application Delivery Controller (ADC). Making the most of it requires knowledge that straddles the application and networking worlds.
As an ADC owner, you will also likely be the first person to be solicited when your business applications fail. You will need to be quick in identifying whether the problem is with the Application, the Server, the network, or NetScaler itself.
This book provides you with the vital troubleshooting knowledge needed to act fast when issues happen. It gives you a thorough understanding of the NetScaler layout, how it integrates with the network and what issues to expect when working with the Traffic Management, Authentication, NetScaler Gateway and Application Firewall features. We will also look at what information to seek out in the logs, how to use tracing and explore utilities that exist on the NetScaler to help you root cause your issues.
Chapter 1, NetScaler Concepts at a Glance, provides a short review of NetScaler background concepts. NetScaler runs as a User Process on top of FreeBSD and therefore its layout will unsurprisingly be familiar to Unix and Linux Administrators. However, some folders are of particular importance to NetScaler and the chapter reviews these folders. We will also look at the different types of IP addresses that NetScaler administrators need to be aware of, as well as how the various modes offered impact NetScaler behavior.
Chapter 2, Traffic Management Features, explains the concept of Traffic Management, which is the umbrella term used to describe the traffic handling features of NetScaler. These are load balancing, SSL Offloading, Content Switching, and GSLB. In this chapter, we will look at how to troubleshoot uneven distribution when using load balancing. There are also several options here that need to be considered when they are enabled. We discuss these considerations before looking at some useful counters that help understand how NetScaler is load balancing requests in greater detail and finish the section with a step-by-step approach to troubleshoot page load failures when using load balancing. We then look at SSL Offloading, which adds security on top of normal load balancing. We look at the SSL Handshake and Certificate related failures when implementing SSL offloading and also how to decrypt an SSL trace so you can see the requests in clear text, which is something you will be doing very often when troubleshooting SSL issues. We conclude this section with some SSL Best Practices. We continue on to Content Switching to discuss how to resolve some of the common errors seen with this feature. Finally, we look at troubleshooting GSLB failures using counters, nslookup, and nsmap.
Chapter 3, Integrated Caching and Compression, explains Caching and Compression which are HTTP standards-based optimization features. They help conserve bandwidth and help pages load faster in the process.
In this chapter, we discuss Caching-related terminology and how the policy evaluation process happens. This knowledge is key to troubleshooting as it helps determine whether an object should or shouldn't have been cached. We then look at caching best practices before focusing on troubleshooting. We also look at a number of wireshark examples to highlight the necessary details.
We then look at Compression starting with some guidance on which kind of content should and shouldn't be compressed before looking at how Compression works at a header level. We then conclude the chapter by looking at troubleshooting for Compression.
Chapter 4, AAA for Traffic Management, covers AAA for Traffic Management that adds AAA (Authentication Authorization and Accounting) to the otherwise un-authenticated traffic and it does so using encryption so that the exchange is also secure. In this chapter, we focus on the various protocols that NetScaler supports for Authentication and there are a few of them. Using Wireshark we will examine LDAP, RADIUS, Client Certificate, Form Based, Kerberos, and SAML authentication mechanisms in good detail. The last of these two protocols are especially gaining importance recently in the NetScaler world. Each of these protocols also has their own set of troubleshooting techniques which we look at in tandem.
Chapter 5, High Availability and Networking Issues, explains NetScaler High availability, which is how nearly all NetScaler deployments are currently done. We look at how heartbeats work and the conditions that cause a failover, how to identify them going back in time and how to remedy them.
In the second half of this chapter, we look at how NetScaler handles packets at the NIC level. This serves to explain why NetScaler has picked up or dropped a packet. We then differentiate between normal and error conditions based on interface outputs before focusing on the wider Networking-related issues that are often seen in NetScaler deployments and discuss how to troubleshoot them.
Chapter 6, Application Firewall, describes Application Firewall as a Firewall for Web Applications. Instead of regular connections that focus on TCP connection state and connection rules, Application Firewalls use input validation at layer 7. This input validation is in part set up by the Administrator based on the understanding of security risks associated with the application, for example, potentially risky SQL commands if the Application is a database a pplication. In this chapter, we cover the essential background such as what those vulnerabilities are and how Application Firewall can protect against them. We also examine changes that Application Firewall makes to requests to offer that protection. We then look at the logging mechanisms available on NetScaler for this feature and how to use them to identify why the request is failing.
Chapter 7, NetScaler Gateway, explains that NetScaler Gateway is the remote access feature of NetScaler. Apart from being an SSL VPN solution, which works with and without a Client, it is also the preferred way to extend XenApp, XenDesktop, and XenMobile access across the Internet.
In this chapter, we examine using wireshark how each of the capabilities such as VPN, XenApp, XenDesktop, and XenMobile integration work. This will provide you with good baseline information that you can use as a comparison during troubleshooting. We then discuss the common issues in each of these areas and how to troubleshoot them using the logs available on NetScaler, Wireshark, and helpful error codes where available.
Chapter 8, System Level Issues, discusses the issues that can impact the NetScaler system as a whole. These vary from issues such as features being unavailable and software bugs such as crashes and hangs, performance issues such as CPU and Memory to hardware issues.
We conclude the chapter with a brief discussion of the various types of builds available for the NetScaler, which will hopefully help you when it comes to deciding on a build for your next upgrade or deployment.
Chapter 9, Troubleshooting Tools, introduces the tools available on NetScaler to aid with troubleshooting. While the information covered here is also laced throughout the book in examples, a quick read of this chapter upfront will prove very useful as it covers all of this information in one place. We cover tools such as tracing and nsconmsg available on NetScaler itself along with external tools. We also discuss some points to consider when troubleshooting the Command Center and Insight Center tools themselves.
NetScaler VPX Software—you can obtain a free trial on the Citrix Website
An ssh client such as Putty for CLI and Shell Access
A Standard Browser software for GUI Access
Wireshark for Analysis
A Text editor such as Textpad or Notepad++
An HTTP header tool such as Fiddler
This book is aimed at NetScaler Administrators who have a basic understanding of the product, but are looking for deeper exposure and guidance in identifying and fixing issues to keep their Application environment performing optimally.
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, User input, and Twitter handles are shown as follows: "Go to the page at https://<XenMobile_Server_IP>:4443/support.html."
A block of code is set as follows:
User level > Group level > VSERVER level > Global
Any command-line input or output is written as follows:
nsconmsg -K /var/nslog/newnslog -s ConLB=1 -d oldconmsg nsconmsg -K /var/nslog/newnslog -s ConCSW=1 -d oldconmsg
New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "Click on XenMobile and you will find a Test Connectivity button in the top right-hand corner."
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.
To send us general feedback, simply e-mail <[email protected]>, and mention the book's title in the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.
To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.
Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors and our ability to bring you valuable content.
If you have a problem with any aspect of this book, you can contact us at <[email protected]>, and we will do our best to address the problem.