VirtualDutch.com

Access Gateway VPX is a virtual Access Gateway appliance that is hosted on a Citrix XenServer system and managed by Citrix XenCenter. It supports all the features of a physical Access Gateway.

Access Gateway VPX is a secure application access solution that provides administrators granular application-level control while empowering users with access from anywhere. It gives IT administrators a single point of control to manage access and actions based on both the user and the endpoint device, providing better risk, security and compliance management.

Access Gateway VPX installs into your network and functions just as if you installed the physical appliance. The Access Gateway VPX is a virtual machine image that can be installed and run on any hardware device that supports Citrix XenServer 5.5 or later. This allows you to install Access Gateway Standard Edition software on standard x86 hardware.

The Access Gateway runs on a server virtualization platform that offers the same functionality as the physical appliance.

The following diagram depicts the architecture of Access Gateway VPX on a hypervisor:

The solution architecture has the following components:

Hardware or physical layer:

Physical hardware components including memory, CPU, network cards, and disk drives.

Hypervisor:

Thin layer of software that runs on top of the hardware. The Xen hypervisor gives each virtual machine a dedicated view of the hardware.

Virtual machine:

Operating system hosted on the hypervisor and appearing to the user as a separate physical computer. However, the machine shares physical resources with other virtual machines, and it is portable because the virtual machine is abstracted from the physical hardware.

For example, an Access Gateway VPX virtual appliance is installed on the hypervisor and uses drivers to access storage and network resources. It appears to the users as an independent Access Gateway appliance with its own network identity, user authorization and authentication capabilities, configuration, and data. The paravirtualization technique enables the virtual machines and the hypervisor to work together to achieve high performance for I/O and for CPU and memory virtualization.

After you install the Access Gateway virtualized image, you can open the Administration Portal and download the Administration Tool.

For more information about XenServer, see the XenServer documentation on the Citrix Support Web site.

Citrix XenCenter

XenCenter is a graphical virtualization-management interface for Citrix XenServer, that enables you to manage servers, resource pools, and shared storage, and to deploy, manage, and monitor virtual machines from your Windows desktop machine.

Use XenCenter to install Access Gateway VPX on XenServer.

For more information about XenCenter, see the XenServer documentation at Citrix Support Web site.

Example of an Access Gateway VPX Setup

An Access Gateway VPX setup provides secure remote access to applications and data.

The following diagram shows how Access Gateway VPX can be used to deliver secure application access.

As shown in the figure, Access Gateway VPX, when deployed in front of application servers, acts as a secure entry point in the internal network for authenticated users.

 

Regards,

 

Timco Hazelaar

1. Download XenServer (1 ISO for installer + 1 ISO for XenServer linux-cd)
2. Download http://unetbootin.sourceforge.net/
3. Format a USB stick as FAT
3. Run uNetBootIn and select the XenServer Installer OS.iso and point it at the USB Stick and press OK

4. Open the Linux CD with something like PowerIso and copy the following directories to the USB stick:
a. client_install
b. packages.linux
Doing this will allow you to have both the Installer + the Linux CD on 1 USB Stick
5. Renaming Some Files on the USB stick (otherwise you’ll get an additional boot menu):
Rename \syslinux.cfg to syslinux_cfg.old
Rename \boot\isolinux to syslinux
Rename \boot\syslinux\isolinux.cfg to syslinux.cfg
6. At this point you’re done – stick the USB stick into the Server where you’d like to install XenServer
7. Go Into the BIOS setup and make sure to select USB as the first boot from device.

 

Regards,

 

Timco Hazelaar

The NetScaler VPX virtual appliance has some decisive differences from its MPX hardware counterparts. While the performance differences are well documented, some of the finer networking related points are a bit obscure and not readily discoverable. While none of them are likely to be show stoppers, it’s important to be familiar with the limitations.

Here’s a short table I’ve assembled describing the impact of the hypervisor on the NetScaler virtual appliance as compared to the network stack of the MPX:

MPX	VPX
Native 802.1q VLAN Tagging	Tagging is defined on the hypervisor. XenServer is limited to 7 tagged networks and 16 on VMware.
Native 802.3ad Link Aggregation	802.3ad is not supported by XenServer. Source Level Balancing (SLB) NIC bonding is the closest parallel and offers NIC redundancy with great performance. But not all switches work well with SLB so be sure to test under load, plug both links into a single switch, or skip SLB entirely in favor of native NetScaler device failover.
Device Fail-over	Failover is supported between VPX devices through NetScaler’s native redundancy mechanism. So there’s no need for XenMotion or VMotion support with the VPX.
Dedicated SSL Chipset	No SSL chipsets are available to the VPX, but none the less, it is capable of 300 3DES and 1000 RC4 sessions. At double the VPN capacity, VPX makes a great upgrade path from Secure Gateway by providing a full SSL-VPN, Smart Access, and improved security.

Licensing Changes in VPX 9.1 Build 100.3:
For VPX appliances only, the 9.1_100.3 license software will check the MAC address of the FIRST INTERFACE listed. In previous builds, the license software checked the MAC address of the NEWEST INTERFACE. For VPX customers who upgrade to 9.1_100.3, this change will invalidate licenses on VMs which had more than one interface. They will need to revisit MyCitrix.com licensing portal to re-host their license. CTX122426 – NetScaler VPX Licensing Guide has been updated with the rehosting instructions.

VPX owners are allowed to relicense their VPX system up to 3 times.

References: XenServer Administrator’s Guide: Chapter 4, Networking

 

thnx to Richard Davis for this blog !

 

Regards,

 

Timco Hazelaar

I  had some strange behavior on my last netscaler project. I had 2 netscaler setup as a HA pair, and started configuring them. Creating servers, profiles, policies, etc. So far so good.

 

Both netscaler where in sync, so I thought no problem here, but when I tried to do a “force failover” all hell broke lose

 

After some troubleshooting I found out that on the switches which where connected to the Netscaler some form of spanning tree was active.

 

Some might think, so what !

 

Well the netscaler appliance configured as a HA pair will not work with spanning tree.

 

There’s a Citrix document about it : http://support.citrix.com/article/CTX112341

 

Spanning tree protocol :

 

The Spanning Tree Protocol (STP) is a link layer network protocol that ensures a loop-free topology for any bridged LAN. It is based on an algorithm invented by Radia Perlman while working for Digital Equipment Corporation.^[1][2] In the OSI model for computer networking, STP falls under the OSI layer-2. Spanning tree allows a network design to include spare (redundant) links to provide automatic backup paths if an active link fails, without the danger of bridge loops, or the need for manual enabling/disabling of these backup links. Bridge loops must be avoided because they result in flooding the network.

The Spanning Tree Protocol (STP) is defined in the IEEE Standard 802.1D. As the name suggests, it creates a spanning tree within a mesh network of connected layer-2 bridges (typically Ethernet switches), and disables those links that are not part of the tree, leaving a single active path between any two network nodes

 

So my advise about STP is : disable it !! or create a filter on the switchports which allows Bridge Protocol Data Unit (BPDU) packets.

 

Regards,

 

Timco

Netscaler implementations are always cool projects for me .

 

But there can be a small downside ! During my projects I often use a tool called Putty.

 

Putty is a SSH tool to remotely connect to the Netscaler command  prompt.

 

Like this.

But you can get confused when you have two or more putty-sessions on your desktop.

 

So here the trick, you can change the prompt of each netscaler by using the following command:

 

set prompt <your own text>

 

So now you keep up with all those putty sessions on your desktop.\

 

Regards,

 

Timco

Citrix® NetScaler® 9.1 Classic and nCore
Citrix® NetScaler® nCore™ technology is a high performance, parallel-processing architecture that efficiently leverages multi-core technology to scale to meet the requirements of the most demanding Web applications.

The performance and scalability benefits enabled by nCore technology have significance for both current and future Web application delivery requirements. nCore technology provides:

• Better performance for Web 2.0 and rich Internet applications
• Improved ability to handle large traffic spikes
• Expanded capacity to support more users and more applications
• An all-in-one platform for Web application delivery requirements: L4-7 load balancing, caching, GSLB, compression, SSL VPN, SSL offload, application security, performance monitoring and more

For complex layer 7 workloads that tend to be more CPU intensive, nCore technology provides up to a sixfold improvement. Applications needing to support many concurrent users will benefit from a sevenfold improvement in concurrent connections.

 

Regards,

 

Timco

 

When you are trying to install a Windows 7 guest on XenServer it will fail. You will not get beyond the “starting windows” screen.

The solution is :

1. Get the vmuid by running “xe vm-list” at the console

2. Run “xe vm-param-set uuid=<vmuuid> platform:viridian=false”

3. Restart your Windows 7 guest installation.

NB. Don’t use XenServer tools on Windows 7, it will cause a blue screen.

Regards,

Timco

 

Citrix also released a 90 day trail of the platinum version of its Netscaler VPX, but there’s one catch.

After installing Netscaler VPX platinum EVAL on my XenServer I noticed that default it had only 1 network card configured, so I added another NIC. Bad idea, cause the license file is getting confused. Probably about the 2 or more MAC-addresses. After removing the second NIC it was working fine again.

Download it here : https://www.citrix.com/English/ss/downloads/details.asp?downloadId=1857217

 

Regards,

Timco

 

Citrix released a free version of its Netscaler VPX, this is wonderful news. You now can test-drive or demo the Netscaler VPX without the hassle of temporary licenses etc.

There are some limitations:

When you access the management GUI, you will get the screen above, as you might notice there are some components missing, which are there with the full version of Netscaler VPX.

Stuff like: Compression, Integrated Caching, HTML injection, AAA traffic management, Cache redirection, Global Service Load Balancing and Application Firewall are missing.

But with this which is left over, you can build a pretty cool demo of test environment.

Download Netscaler VPX Express : https://www.citrix.com/English/ss/downloads/details.asp?downloadId=1857216

 

Note:  You have to get the license file from Citrix and upload to your VPX, it unlock’s the Access Gateway virtual servers.

Regards,

Timco Hazelaar

 

The XenApp Publishing Extension allows you to easily publish apps to your XenApp farm from a single right-click.

System Requirements

The XenApp Publishing Extension is supported on the following operating systems:
• 32-bit/64-bit Windows Server 2003
• 32-bit/64-bit Windows Server 2008

Also, the following software must be installed on your system before the extension can be installed:
• .NET Framework 3.5 SP1
• XenApp 4.5 or 5.0

Watch the online video : http://goview.com/goldwyn/spring/play?method=playRecording&recordingId=4f66ffd0-12db-412e-8f0f-e18012a2b407

Download : CitrixXenAppPe.zip

Regards,

 

Timco