Contributing to Citrix Education

Last week I was off to Citrix Systems, Santa Clara for attending the next Citrix NetScaler-based CCA exams IDW (Item Development Workshop). An IDW is a workshop that lasts about a week in which you and others will create exam questions (or items) that will appear on the next (or revised) Citrix exam(s). In this particular IDW we are concentrating on the follow-up exams of the old Citrix NetScaler 1Y0-A11 and Citrix Access Gateway Enterprise 1Y0-A13 which are based on the Citrix NetScaler 9 software version.

Unfortunately we forgot to take a picture of all the participants together, so to name a few: from left to right: Lourdes Soler (Citrix), Henny Louwers, Stuart Souter, Alejandra Garcia (Citrix), Craig Pickford and Robert Zehnder.

Read more of this post

Citrix NetScaler with SSD (first impression)

The Citrix NetScaler MPX 5500-7500 and 9500 appliance models now ship with Solid State Drives and says (good?)bye to the platter disk for these particulair models. This was anounced by Citrix back in februari this year: http://blogs.citrix.com/2012/02/09/citrix-netscaler-moves-to-solid-state-drives-for-future-mpx-5500-7500-and-9500-shipments/

Citrix has been using Solid State Drives in the MPX 17500/19500/21500 platforms for a longer time but they are only used for mounting the /flash volume. In the MPX 5500/7500/9500 the /flash volume is mounted on a CompactFlash Card. The (platter) Hard Disk Drive which is now being replaced by an SSD is used for the /var volume, this is where all the data and logs files are kept.

I now have a set of Citrix NetScaler MPX 5500 series which has been delivered with such Solid State Drives. The SSD in question is a Samsung 2.5” 128GB SSD (SATA3.0Gbps) which is known as a Samsung 470 series. This particulair SSD can perform sequential reads up to 250 MB/sec and sequential writes at 220 MB/sec. In comparison to the latest releases of Solid State Drives those numbers are not amazing. More information of the SSD : http://www.samsung.com/us/computer/memory-storage/MZ-5PA128/US-specs

Read more of this post

Copy webcontent to Citrix NS/AG from FTP site through a Cron job

I have a customer who would like the Citrix NetScaler (Access Gateway and AAA website) website to dynamically retrieve files to show customized content without web developers entering the Citrix NetScaler on a frequent basis.

One thing you do have to remember is that over-customizing the Citrix Access Gateway portal page is in fact not supported by Citrix. I do not think there are a lot of people out there who actually know this. Now, they will not act very difficult if you alter a picture here or there or customize a little text, but be aware of over-customizing. Next to support issues, you can run into trouble when new Citrix NetScaler updates come out that are not going to be aware of your customizations.

Now, this particulair customer over-customizes a lot! What they wanted is to have an iFrame in the Access Gateway (and AAA) page which showed visitors updated news, links, RSS Feeds etc. This iFrame showed the content of a Microsoft Sharepoint environment (please, don’t ask why). We tried publishing this iFrame through Citrix Netcaler but did not work (long story short, it was because of Microsoft Sharepoint). So now we came up with the idea to copy this content periodially to the Citrix NetScaler through the use of a Cron job and FTP. (See image below).

Read more of this post

[BUG] “Unexpected Response” Access Gateway Enterprise in NetScaler build 9.3-53.5

If you are using Citrix Receiver on iOS or Android to access pulished applications on Citrix Access Gateway Enterprise (NetScaler) do not upgrade to the latest firmware which is 9.3-53.5.

Users will get an “Unexpected Response” on an iOS device when they try to login to a Citrix Access Gateway environment. On Android the error statement is “The Citrix Access Gateway you are connecting to is not configured for this device. Please contact your administrator.”

Read more of this post

Configure RSA RADIUS monitoring on NetScaler

Ok, so this one is pretty easy and speaks for itself for the most part but can have some pitfalls while configuring.

In this example we are going to assume that the RSA backend is already in place and functioning properly.

Why

A good question is why would you want to. When you leave the monitoring to default which would be tcp-default it marks the server up as it response to a tcp connection. That would simply not be enough, we need to make sure that the RSA RADIUS Service is actually up and ready to accept connections.

Prerequisites

Make sure you have an account configured in RSA Authentication Manager that is authorized to send the response that you want to retrieve from the RSA Radius service. More on the RADIUS Response codes later on and why you would like to use a valid account.

Next to the account we are assuming that authentication is working properly and the Citrix NetScaler IP is added in RSA as a host that is allowed the use RSA Radius Authentication.

Read more of this post

Publish RSA Self-Service Console through NetScaler

This week I was at a customer which would like to publish the RSA Self Service Console so that users can self-service their RSA tokens, passwords and accounts and create some sort of redundancy with multiple RSA Authentication Servers. RSA has limited documentation on publishing the RSA Self-Service Console using a reverse proxy, especially Citrix NetScaler.

First of all, what you need to be aware of is that the RSA Servers works in a Primary/Replica model in which only the Primary can be written to by users, all other RSA Servers are read-only replica’s. So you can not use the replica servers for changing tokens, resetting passwords or enabling accounts. Replica’s can only be used for authenticating purposes.

Read more of this post

Web Interface for Citrix NetScaler – Error “Service exists with the same port and service type”

If you have created a Citrix Web Interface on NetScaler and try to add a second Web Interface on a different IP-address you might get the following error: “Service exists with the same port and service type”.

What the Citrix Web Interface for NetScaler tries to do is create the same Service (127.0.0.1:8080) which it did for the first Citrix Web Interface page.

So, all you have to do is bind the newly created Citrix Web interface Virtual Server to the already created Service which points to 127.0.0.1:8080.

Redirect Web Interface on Citrix NetScaler with Rewrite function

When you install and configure Web Interface on Citrix NetScaler nCore you probably notice that there is no option to automatically go to the default Citrix XenApp page as you were used to in a Microsoft IIS install of the Citrix Web Interface. Once you have set up Citrix Web Interface and you add the newly created address in the browser you will get an “Invalid Path” notice. This would mean you (or your users) always would have to fill in the subdirs also.

Off course this can be nicely resolved with a Rewrite function within the Citrix NetScaler and here I will show you how to.

Read more of this post

Retain Customization after applying White Theme on Citrix Access Gateway Enterprise

There is a Citrix knowledge base article on how to apply the White Theme on a Citrix Access Gateway Enterprise Edition, right here: http://support.citrix.com/article/CTX123607

There is a Citrix knowledge base article on how to retain Custom Settings on a Citrix Access Gateway Enterprise webpage, right here: http://support.citrix.com/article/CTX123780

But the problem is when you do both (Apply White Theme and wish to retain your customization) there is none.

Problem is that both actions copy the content to /netscaler/ns_gui/vpn directory where the White Theme is copied last.

What you basically can do is edit the file /nsconfig/rc.netscaler to add the following rule: cp -r /var/vpn/vpn/* /netscaler/ns_gui/vpn. Make sure your customized content is copied to the /var/vpn/vpn directory.

So if you apply the White Theme and wish to retain the white settings the content of your /nsconfig/rc.netscaler should look like this:

tar -zxvf /var/white.gz -C /netscaler/ns_gui/vpn/images
cp -r /var/vpn/vpn/* /netscaler/ns_gui/vpn

Citrix Web Interface on NetScaler nCore

Just got confirmation that Web Interface on NetScaler will be generally available as of the second week of september. For this release it will only support Citrix NetScaler and more specifically only the nCore version.

For those of you that don’t know, this solution let’s you add a Citrix Web Interface module within the Citrix NetScaler. With this solution you will not need a seperate redundant Citrix Web interface solution anymore in the backend. With the implementation of a Highly Available Citrix NetScaler pair you’ll have a fully redundant Citrix infrastructure with less components.

I think this will also be a great solution for Citrix Access Gateway Enterprise, it’s too bad that this will not be supported at the GA release. I hope there will be support for the Citrix Access Gateway Enterprise soon.

You can download the “Web Interface on NetScaler 9.1.e nCore” Tech Preview Release on the Citrix Download site but you will have to install a specific NetScaler build (Build 99.8005.e) to support it. Citrix does not recommend installing this into a production environment!