Part 2 in a series
In the previous post in this series, I posed a problem that could be solved by using the Content Switching capability of the Citrix NetScaler VPX Express. This post focuses on the steps required to get started with the NetScaler virtual appliance; a certain amount of preparation is required before you ever start configuring for reverse proxy operations.
Get the Virtual Appliance
The virtual appliance is currently offered with a 56-week free license; at this point in time, the license can be renewed at no cost, too. You will need a Citrix Login, however: they want you in their marketing database! Luckily, there's a short link that will take you to a starting page; after you log in, you'll be presented with a long list of available versions for XenServer, Hyper-V and VMware. Don't let the "ESX" label fool you: it works just as well on ESXi as ESX.
I've always downloaded the latest/greatest version that is available for my platform:
After downloading, you can unzip the file and import the OVF. I recommend doing it once, converting it to a template, then deploying two VMs from the original.
Don't worry about the network adapter warning when you configure the import parameters: you'll only need one in the "proxy on a stick" configuration.
Before you convert the VM to a template, edit it and a) remove the second NIC and b) manually set the MAC Address:
The manual MAC is really important: The NetScaler license is tied to the address, and setting it ahead of time will make it easier to re-use a license if you have to re-install one of the two nodes; putting the manual MAC in the template will result in a manual MAC when you deploy a new VM from it.
This also allows you to go straight to the license portion without waiting for the environment to be loaded and partially-configured.
Licensing is available on the same page as the appliance
Unfortunately, Citrix's licensing process is a bit convoluted; it's also outside of the scope of this series. Once you have the license files in hand, however, you're good for a year...
After you deploy the VM, edit the MAC address (eg, 00:50:56:aa:bb:01) and power up your appliance. Open the console; the initial configuration happens using that interface.
Supply the NetScaler's individual address information, save and allow it to restart:
Feel free to "spin up" a second instance, modify its MAC and get it configured; we'll bind the two together into an HA pair in a minute...
Once the first NetScaler is up and initialized, point your favorite Java-enabled (v7b45 or earlier: the Java applets are not signed) browser. Log in using "nsroot" as the username and password; on v10 appliances, leave the deployment type as "NetScaler ADC."
In addition to the IP address you alread entered for management purposes, you must add an IP that it uses to interact with hosts on the subnet; we'll also upload that license file that we already retrieved because we knew the MAC address ahead of time. And although you'd be tempted to change the admin password from "nsroot" at this time, don't: I've run into issues getting the HA pair to work if the password is changed prior to pairing.
Continue and upload the license file:
If you matched the MAC addresses properly, you get the happy green bar! Continue/close until you get the prompt to restart the appliance, then reboot the NetScaler:
Repeat these same steps on your second NetScaler; when both appliances are licensed and you've logged back in, we can proceed with getting the devices paired.
Once you can log into both, pick one to be the Primary of the HA pair and select System->High Availability from the configuration menu:
Click [Add...] to start the wizard to add the other node (at this point, the first Java applet gets loaded on your browser, and you'll know fairly quickly if you'll be opening a different browser window to troubleshoot getting the damn thing to work correctly)
Enter the other node's IP address in the box, leave the checkboxes alone, and enter the default credentials even though they're the same as this node.
Assuming everything else is "happy" in the environment, you should get a confirmation that the HA pair is set up, and if you set the same Subnet IP on both nodes, it might even failover as part of the configuration being established.
You can feel free to browse around the NetScaler capabilities; set up NTP time, etc., as optional exercises. We'll pick up the configuration of a basic content switching configuration in the next part.
Parts in this series:
- Intro to using a reverse proxy
- Getting NetScaler VPX going in your lab (this post)
- Intro to Content Switching in the NetScaler
- Configure a basic content-switching application (HTTP)
- Configure an advanced content-switching application (SSL-SSL proxy)