Book Image

Mastering NetScaler VPX

By : Marius Sandbu, Andy Paul
Book Image

Mastering NetScaler VPX

By: Marius Sandbu, Andy Paul

Overview of this book

Citrix NetScaler is one of the best Application Delivery Controller products in the world. The Application Delivery Controllers are commonly used for load balancing purposes, to optimize traffic, and to perform extra security settings. This book will give you an insight into all the available features that the Citrix NetScaler appliance has to offer. The book will start with the commonly used NetScaler VPX features, such as load balancing and NetScaler Gateway functionality. Next, we cover features such as Responder, Rewrite, and the AppExpert templates, and how to configure these features. After that, you will learn more about the other available Citrix technologies that can interact with Citrix NetScaler. We also cover troubleshooting, optimizing traffic, caching, performing protection using Application Firewall, and denying HTTP DDoS attacks for web services. Finally, we will demonstrate the different configuration principles real-world Citrix NetScaler deployment scenarios.

Related Content you might be interested in

Current Title:

Small book image
Mastering NetScaler VPX
Marius Sandbu | Andy Paul
Nov, 2015 | 218 pages
No titles found
Table of Contents (15 chapters)
Mastering NetScaler VPX™
Mastering NetScaler VPX™
Notice
Notice
Credits
Credits
About the Authors
About the Authors
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Configuring the Standard Features of NetScaler
Configuring the Standard Features of NetScaler
The basic features
Load balancing
Configuring authentication
Configuring NetScaler AAA
Citrix Receiver™ authentication
NetScaler Gateway™
Summary
2
Using the Features of NetScaler AppExpert
Using the Features of NetScaler AppExpert
AppExpert applications and templates
HTTP Callouts
Rate limiting
Policies and expressions
Rewrite
Responder
Rewrite versus responder
Summary
3
Integration with Citrix Components
Integration with Citrix Components
NetScaler Insight Center
Authentication
Troubleshooting
CloudBridge™
Installation
The Citrix Command Center
Summary
4
Traffic Management
Traffic Management
Content switching
DNS
Global Server Load Balancing
DataStream
AppQoE
Summary
5
Tuning and Monitoring NetScaler Performances
Tuning and Monitoring NetScaler Performances
Tuning the network and virtual environment
TCP and SSL profiles
HTTP/2 and SPDY
Monitoring network traffic
Analyzing network trace files using Wireshark
Analyzing network traffic using Citrix NetScaler Insight
Summary
6
Security Features and Troubleshooting
Security Features and Troubleshooting
Management best practices for security
Security features in NetScaler
HTTP DoS protection
Access-lists
SSL settings
Admin partitions
Analyzing issues using Citrix Insight Services
Setting up AAA – authentication and authorization
Summary
7
Real-World Deployment Scenarios
Real-World Deployment Scenarios
A small PoC VDI environment
An enterprise VDI multisite environment
An enterprise VDI active-passive environment
A global web services environment
An active-active data center for application hosting
An active-passive data center for disaster recovery
Reverse proxy
Summary
Index
Index

Configuring NetScaler® AAA

To allow extra security with authentication on the load balancing features, we should use the Citrix NetScaler AAA feature. With the following steps, we can secure a load balancing virtual server with two-factor authentication based on Web Form authentication:

  1. Go to Security | AAA - Application Traffic | Policies | Sessions | Session Profiles, and click on Add.

    Fill in the correct information based on the following explanation:

    • Name: Select a decent name that responds to the AAA Session Profile, for example, AAA-Pro-Session.

    • Session Time-out (mins): The timeout before Citrix NetScaler kills the session.

    • Default Authorization Action: This can be ALLOW or DENY. Select ALLOW.

    • Single Sign-on to Web Applications: Enable this if you want SSON in the backend.

    • Credential Index: Use the primary or secondary authentication policy for SSON.

    • Single Sign-on Domain: This will be the internal domain name from the AD or NDS.

    • HTTPOnly Cookie: Allow only an HTTP session cookie, in which case the cookie cannot be accessed by scripts.

    • Enable Persistent Cookie: You can enable or disable persistent SSO cookies for the traffic management (TM) session. A persistent cookie remains on the user device and is sent with each HTTP request.

    • Persistent Cookie Validity: This is an integer specifying the number of minutes for which the persistent cookie remains valid.

    • KCD Account: Kerberos constrains the delegation account name when using Kerberos authentication.

    • Home Page: This is the web address of the home page that a user is displayed when the authentication vserver is bookmarked and used to log in.

  2. Go to Security | AAA - Application Traffic | Policies | Sessions | Session Policies, and click on Add:

    • Name: Select a decent name that responds to the AAA Session Policy, for example, AAA-Pol-Session.

    • Request Profile: Select the profile created in step 1.

    • Expression: You can bind an expression. In this case, we use ns_true.

  3. Go to Security | AAA - Application Traffic | Virtual Servers, and click on Add. Fill in the correct information based on this explanation:

    • Name: Again, select a decent name that responds to the AAA virtual server, for example, AAA-Srv-TwoFactor.

    • IP Address Type: Select IP address, or non addressable if you want to use the content switching method.

    • Port: This is the AAA virtual server port. The default is 443.

    • Authentication Domain: This would be the domain from the public site, for example, contoso.com.

  4. Bind the certificate.

  5. Bind the session policy created in step 2.

  6. Bind the Basic Authentication Policies, Add LDAP as Primary, and add the RADIUS as Secondary. Click on Continue.

  7. Go to Security | AAA - Application Traffic | Authentication Profile, and click on Add. Fill in the correct information based on the explanations given here:

    • Name: Select a decent name that responds to the AAA virtual server, for example, AAA-AuthPol-TwoFactor

    • Authentication Host: This would be the FQDN where the NetScaler AAA virtual server would respond to, for example, twofactor.contoso.com.

    • Choose Authentication Virtual Server Type: Choose Authentication Virtual Server

    • Authentication Virtual Server: Select the Authentication Virtual Server created in step 3

    • Authentication Domain: This would be the domain from the public site, for example, contoso.com

    • Authentication Level: Fill in the value as 1 if you are using one authentication method, and 2 if you are using two-factor authentication

  8. Open the Load Balancing Virtual Server that you want to protect. Add the Authentication from the right-hand side of the page.

  9. Select Form Based Authentication or 401 Based Authentication. In this case, we're using Form Based Authentication. This is because we wish to use two-factor authentication:

  10. Authentication FQDN: This is the FQDN from the NetScaler AAA virtual server, for example, twofactor.contoso.com.

    • Choose Authentication Virtual Server Type: Choose Authentication Virtual Server

    • Authentication Virtual Server: Select the Authentication Virtual Server created in step 3

    • Authentication Profile: Select the Authentication Policy created in step 7

  11. Now your Load Balancing Virtual Server is protected with the NetScaler AAA security:

Previous Section
End of Section 5
Next Section