Book Image

Mastering NetScaler VPX

By : Marius Sandbu, Andy Paul
Book Image

Mastering NetScaler VPX

By: Marius Sandbu, Andy Paul

Overview of this book

Citrix NetScaler is one of the best Application Delivery Controller products in the world. The Application Delivery Controllers are commonly used for load balancing purposes, to optimize traffic, and to perform extra security settings. This book will give you an insight into all the available features that the Citrix NetScaler appliance has to offer. The book will start with the commonly used NetScaler VPX features, such as load balancing and NetScaler Gateway functionality. Next, we cover features such as Responder, Rewrite, and the AppExpert templates, and how to configure these features. After that, you will learn more about the other available Citrix technologies that can interact with Citrix NetScaler. We also cover troubleshooting, optimizing traffic, caching, performing protection using Application Firewall, and denying HTTP DDoS attacks for web services. Finally, we will demonstrate the different configuration principles real-world Citrix NetScaler deployment scenarios.

Related Content you might be interested in

Current Title:

Small book image
Mastering NetScaler VPX
Marius Sandbu | Andy Paul
Nov, 2015 | 218 pages
No titles found
Table of Contents (15 chapters)
Mastering NetScaler VPX™
Mastering NetScaler VPX™
Notice
Notice
Credits
Credits
About the Authors
About the Authors
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Configuring the Standard Features of NetScaler
Configuring the Standard Features of NetScaler
The basic features
Load balancing
Configuring authentication
Configuring NetScaler AAA
Citrix Receiver™ authentication
NetScaler Gateway™
Summary
2
Using the Features of NetScaler AppExpert
Using the Features of NetScaler AppExpert
AppExpert applications and templates
HTTP Callouts
Rate limiting
Policies and expressions
Rewrite
Responder
Rewrite versus responder
Summary
3
Integration with Citrix Components
Integration with Citrix Components
NetScaler Insight Center
Authentication
Troubleshooting
CloudBridge™
Installation
The Citrix Command Center
Summary
4
Traffic Management
Traffic Management
Content switching
DNS
Global Server Load Balancing
DataStream
AppQoE
Summary
5
Tuning and Monitoring NetScaler Performances
Tuning and Monitoring NetScaler Performances
Tuning the network and virtual environment
TCP and SSL profiles
HTTP/2 and SPDY
Monitoring network traffic
Analyzing network trace files using Wireshark
Analyzing network traffic using Citrix NetScaler Insight
Summary
6
Security Features and Troubleshooting
Security Features and Troubleshooting
Management best practices for security
Security features in NetScaler
HTTP DoS protection
Access-lists
SSL settings
Admin partitions
Analyzing issues using Citrix Insight Services
Setting up AAA – authentication and authorization
Summary
7
Real-World Deployment Scenarios
Real-World Deployment Scenarios
A small PoC VDI environment
An enterprise VDI multisite environment
An enterprise VDI active-passive environment
A global web services environment
An active-active data center for application hosting
An active-passive data center for disaster recovery
Reverse proxy
Summary
Index
Index

Management best practices for security

Before configuring NetScaler for any type of service, we should always ensure that NetScaler is locked down in way that management access can be brute-forced, MitM attacks for logging and so on. So as a best-practice we should:

  • Disable interfaces that are not used.

  • Do not start any features that we do not use.

  • Define a SNMP manager we can send alerts to. Prefer using SNMPv3, which allows for encrypted authentication and traffic.

  • Disable heartbeat monitoring on disabled interfaces in HA setup.

  • Change the nsroot password.

  • Set up external authentication access to NetScaler, which allows for AD group authentication to NetScaler and makes it easier to audit and control changes; it also restricts access. In order to set up this feature we can follow this Citrix article http://support.citrix.com/article/CTX123782. It is important to make sure that this feature is bound to a global level and that the nsroot account is marked as non-external authentication access...

Previous Section
End of Section 2
Next Section