Setup scenarios
When thinking about the deployment of NetScaler, a couple of things need to be taken into consideration:
- How is the network layout between the users and the service?
- What kind of network security is in place?
- Is the business using Network Address Translation (NAT) or any other kind of firewall that requires configuration to allow traffic?
- What service or application is going to be published?
A common scenario is load balancing some sort of a web service to external users. In such a scenario, a business might have a demilitarized zone and an intranet zone. One topology that can be used here is that NetScaler can be placed with one interface in the demilitarized zone and one interface in the intranet zone. This is also known as a two-armed setup. It is important to note that a two-armed setup is not necessarily two NICs connected to different networks; it may also be multiple VLANs trunked to the same NIC. This is practical for load balancing internal resources, as well because the traffic does not need to flow back and forth through the firewall multiple times.
In some cases, because of business requirements, you might have NetScaler attached to only one interface or only one VLAN that resides in the same zone. This is known as a one-armed setup. Here, NetScaler is placed, for example, in only the DMZ zone, and routing tables are in place to allow NetScaler to access the backend services. This type of topology emphasizes security. We will cover a sample scenario later in this chapter.
Now that we have gone through the different editions, features, and licensing, let us begin with the initial setup of NetScaler.