Web Interface on NetScaler nCore–first impression

I have been waiting anxiously on this feature for a while since it has been delayed by Citrix a number of times, this feature was already announced at Citrix Synergy (SF 2010) back in May. And now I had the chance to install it at a customer which was also very interested in decommisioning his (Microsoft Windows) Citrix Web Interface servers and replacing it with Web Interface on Citrix NetScaler. For me it is the chance to find out what the pros and cons are about this feature.

Installation

Installation was ok, if it was up to me the Citrix Web Interface was just like other components such as Access Gateway just to be enabled within a build. Maybe can expect this in future releases. I installed the Web Interface on a more recent build of the nCore version (Build 98.6) so I had to downgrade to get this working. Good to know is that the Access Gateway customizations were retained which I was very happy about. Because you are downgrading Citrix NetScaler asks you if you would like to import a different nsconfig file.

Creating

There are very few settings possible when working within the NetScaler GUI. There is a wizard which let’s you create the websites.

Customization

I thought the documentation was not very complete, first thing you want to do is customize the Citrix Web Interface which you can find nothing about in de Admin Guide. The files you need to customize are in /var/wi/tomcat/webapps/Citrix/<web interface name>

You have to customize Citrix Web interface in the WebInterface.conf which is located in /var/wi/tomcat/webapps/Citrix/<web interface name>/WEB-INF/. This file is the same format as used in regular Citrix Web Interface servers installed on Windows.

Bugs

There is an issue when importing the certificate for Access Gateway Web Interface. The certificate used for Citrix Access Gateway needs to be imported in the Java Diablo Latte JRE Webserver. At first I got “Import SSL certificate failed. Following command execution failed: ./export_cert.sh /nsconfig/ssl/<certname.pem>”, so executed this command at the CLI and got the following output “keytool error: java.lang.Exception: Input not an X.509 certificate”. Opening up export_cert.sh seems to be a script built around the Java Keytool executable which doesn’t quite work just jet. I imported the original .pfx certificate in Windows and exported it as a X.509 certificate, uploaded it to the Citrix NetScaler en executed “keytool -import -trustcacerts -file /nsconfig/ssl/<certname.cer> –alias <alias>  -keystore $JAVA_HOME/jre/lib/security/cacerts” which succesfully imported the certificate in the JAVA keystore. It could be just coincedence that this happens when using Thawte certificates which I used in this environment, I googled more folks with this problem with Thawte certificates.

Performance

The Citrix Web Interface servers worked like a charm . I will update this post (or a new one) with results when it will be put into production.

Limitations

Many customers use a Citrix NetScaler MPX 5500 series, Citrix has limited the number of Web Interfaces on these particulair series to 3 which I think is too bad. Expecially because of the enormous gap with the MPX 7500 series which supports 25. In a standard Citrix infrastructure environment I would like at least 4 Web Interfaces to get everything going:
- Citrix Web Interface site / HTTP (inside);
- Citrix XenApp Services site / HTTP (inside);
- Citrix Web Interface for Access Gateway / SSL (outside);
- Citrix XenApp Services site for Citrix Receiver / SSL (outside).

The supported numbers by platform:

Another limitation is the fact that it can only be used on Citrix NetScaler, I would like to see this feature released on the Citrix Access Gateway Enterprise which makes it a more complete (Enterprise) product.

On top of the Web Interface on NetScaler nCore download page it states “The solution requires the use of NetScaler MPX or VPX models with nCore”. As you may or may not know there is no nCore version for the VPX platform (only Classic), but there will be an nCore version for the VPX platform released within the next 2 months. So as of then it will be possible to install Web Interface on the VPX platform and I for one will be very curious about the limitations that will be built in.

Citrix License Server Virtual Appliance for XenServer (Dutch)

Citrix heeft vorige week een Virtual Appliance uitgebracht tbv Citrix Licentie Services. Ik heb deze afgelopen week geinstalleerd en bevalt in eerste instantie prima. De Virtual Appliance gebruikt 1 vCPU, 128MB Geheugen, verder wordt er een Virtual Harddisk aangemaakt van 8 GB waarvan geinstalleerd zo’n 1 GB van gebruikt wordt. Citrix zal waarschijnlijk gedacht hebben liever teveel dan te weinig. Op dit moment is de Virtual Appliance alleen beschikbaar voor Citrix XenServer.

Installatie.

De installatie bestaat uit het downloaden van de .XVA file van www.citrix.com. Wanneer de Virtual Appliance geimporteerd worden binnen XenServer en gestart wordt moet er een kleine wizard doorlopen worden de appliance te configureren. Na de wizard doorlopen te hebben kun je de Citrix Licensing Management Console webbased benaderen.

Het is een Linux (CentOS) gebaseerde image met zoals gezegd een zeer kleine footprint. De licenties werken op dezelfde manier als de oude wat betekent dat de hostnames in de LIC files overeen moeten komen met die van de licentieserver.

Leuk is om te zien dat je de gehele configuratie kunt resetten door binnen een root shell “reset_licensing.sh” commando te geven. Hij zal hierna een verzoek tot reboot geven en de wizard weer starten nadat deze herstart is.

Ik hoef denk niet aan te geven hoe makkelijk en snel een dergelijke Virtual Appliances + licenties te herstellen is. Dit is echt tussen de 1 en 5 minuten werk. 5 als je het nog niet eerder gedaan hebt en 1 als je de gegevens bij de hand hebt zoals IP-adressering, hostnaam, licentiefiles, etc. Tov een Windows gebaseerde Citrix License Server heeft dit erg veel voordelen: geen Windows Licentie, beheer, Updates, Java, IIS, Hostname, Resources. Daarnaast zijn de restore tijden vele malen kleiner.

Performance.

Doorgaans is het vCPU verbruik te negeren, dit is minimaal tot niks:

Het memory verbruik van de Virtual Appliance blijft mooi hangen rond de 64MB, helaas is het met een CentOS gebaseerd Linux VM systeem niet mogelijk Memory terug te geven aan de Hypervisor welke dan weer gebruikt kunnen worden aan andere VM’s zoals met windows gebaseerde VM’s, aan de andere kant, 128MB.

Een screenshot van de Citrix Licensing Management Console Dashboard:

Hij is een beetje tricky te vinden binnen Citrix Downloads, ga naar Citrix XenServer en klap “XenServer Advanced Edition Components” open, daaronder bevindt zich de download.

http://support.citrix.com/article/CTX124501