Book Image

Instant Citrix Security How-to

By : Carmel Jacob
Book Image

Instant Citrix Security How-to

By: Carmel Jacob

Overview of this book

With the rise of cloud computing and virtualization comes a whole new threat to business security.  When dealing with highly confidential information you need your security to be bulletproof. This book will help you do that."Instant Citrix Security How-to" will allow you to achieve simplicity in security when dealing with real life examples. This guide will give your systems that extra layer of protection when they need it most. This book could be the difference between secure data and stolen data.Starting with how to deploy a Citrix Netscaler on DMZ this book presents you with options, their uses, and features that can be enabled. In order to ensure each recipe gives you the most benefit, case studies are included to show you real life implications of your decisions. This book will guide you through the world of load balancing using both content switching and redirection. We will also discuss load balancing based on geographical location and disaster recovery methods. The number of features within each module to reduce server load and CPU is astounding and will make your life, the end user, a walk in the park.
Table of Contents (7 chapters)


"My books are like water; those of the great geniuses are wine. (Fortunately) everybody drinks water."

—Mark Twain

The aim of this book is to comb through the many features of Citrix Application Delivery Controller, which is NetScaler, and give you insight into how to handle and tune them according to your requirements.

I have tried to whip up as many recipes as possible so that they would be easier for readers to choose from. In addition, there are certain important terms explained, which we usually come across while deploying Citrix NetScalers and Access Gateways, but don't think much about. By the end of this book, we hope to give readers a good practical knowledge of the working of an end-to-end Citrix solution. Though it is recommended you read it from start to finish, it is made flexible so that you can move between recipes and skip to recipes that intrigue you.

This book will also try to simplify any complexities involved and make the read an interesting one.

I would like to sign off with a quote from Bruce Lee (I'm a big fan!).

"Use only that which works, and take it from any place you can find it."

—Bruce Lee

What this book covers

Day one – deployment in a DMZ network (Must know) discusses the basic set up of NetScaler in DMZ and the server farm in internal zone, while keeping in mind what changes should be done to ensure connectivity between NetScaler and the backend servers.

Triple A (Must know) shows how to configure the AAA vserver and use it with CS/LB vserver. This recipe also shows the readers how to configure SSO functionality and gives the readers a detailed packet flow as well as a capture that shows a successful authentication using LDAP, which can be used to troubleshoot in readers' environments.

Controlling surge/burst (Must know) shows how to enable settings that turn on surge protection, along with the base threshold and throttling options. This recipe also explains how the protection works along with NetScaler's inherent connection multiplexing.

Content switching (Must know) discusses a simple but most commonly used procedure to redirect the HTTP traffic to secure HTTPS by using the responder policy bound to the CS level along with the configuration commands.

Zombie cleanup (Must know) discusses how to clean up idle connections that would take up space and memory at intervals that can be customized. This recipe also shows the levels at which the timeout can be set.

Disaster recovery (Should know) introduces a series of steps for setting up disaster recovery and later shows the ways to troubleshoot it as well. This recipe includes a discussion of dynamic proximity, which shows how the RTT calculation is done. This recipe also discusses the steps that are used to calculate as well as configure dynamic proximity.

DOS and attack prevention (Should know) covers default settings that provide protection along with the options that can be turned on to provide extra security. This recipe throws light on how to set up priority queuing for different types of traffic among other things. Rate limiting configuration is also included in the recipe.

Learning Application Firewall (Must know) guides the readers through the steps and shows snapshots of the defense mechanism with the help of logs and packet captures. It also speaks about role-based access control where you can restrict the management access of a user to the desired level. This recipe also includes tips to troubleshoot the App Firewall issue.

The Access Gateway integration for Citrix XenApp and XenDesktop (Become an expert) focuses on basic and smart access modes, explaining each of them briefly with the options each mode can provide to the users. There are a few knobs in Access Gateway, which are highlighted in this recipe. As with all the recipes, this one too has a troubleshooting section.

Network management (Must know) explains how a user can use the built-in reporting software and dashboard that Citrix NetScaler device provides. It also briefly speaks about the command center software.

What you need for this book

This book is mostly written with the help of Citrix NetScaler VPX with basic licenses. But as you know there are a few features (for example, GSLB and so on) that would need a full-fledged licensed appliance. So before you start, to make the best use of the appliance, make sure you have all the necessary licenses.

For more details on licenses, you can get in touch with customer care at

If the intention is to learn and perform non-production tests, you can proceed with the NetScaler VPX software that is freely available on the Citrix homepage (

Who this book is for

The target audience is mainly the networking professionals and more importantly ones who are planning to deploy a single device that takes care of load balancing/VPN/App Firewall. This also applies to users who already have an existing environment and are unsure of how to proceed.

This book serves as a manual as well as a reference with useful tips and tricks; it is meant to be as practical as possible, keeping in mind real-life scenarios.


In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.

Code words in text are shown as follows: "At this time, the <show lb server> output will show round robin as the current method."

A block of code is set as follows:

GET /Test.xml?<script>alert(hi)</script> HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/x-shockwave-flash, application/, application/, application/msword, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Cookie: citrix_ns_id=SQIoGifoC0oF+GaOVYl3cCJDKTQA000

HTTP/1.1 200 OK
Pragma: "no-cache"
Content-Length: 99
Connection: close

Any command-line input or output is written as follows:

add ns simpleacl  packtacl DENY -srcIP  -destPort 1494 –protocol TCP

New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "Go to Load Balancing | Virtual Servers."


Warnings or important notes appear in a box like this.


Tips and tricks appear like this.

Reader feedback

Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.

To send us general feedback, simply send an e-mail to , and mention the book title via the subject of your message.

If there is a book that you need and would like to see us publish, please send us a note in the SUGGEST A TITLE form on or e-mail .

If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on

Customer support

Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.


Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting, selecting your book, clicking on the errata submission form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded on our website, or added to any list of existing errata, under the Errata section of that title. Any existing errata can be viewed by selecting your title from


Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt Publishing, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.

Please contact us at with a link to the suspected pirated material.

We appreciate your help in protecting our authors, and our ability to bring you valuable content.


You can contact us at if you are having a problem with any aspect of the book, and we will do our best to address it.