(1Y0-A36) Citrix Networking for Data Center Specialist Practicum – Passed

Passed the (1Y0-A36) Citrix Networking for Data Center Specialist Practicum exam which is needed for maintaining Citrix Partner Gold Status with the Citrix NetScaler for Datacenter specialization.

My experience from this practicum is already a lot better then the previous one I took (1Y0-A34), well organized and prepared by Citrix Education and Skytap. I would say this practicum is technically a little more challenging then the 1Y0-A34 is, but that could be a matter of opinion, depending on your field/level of expertise or experience.

image

Advertisements

Monitoring the VMware View VDI Hosts using Citrix NetScaler

Yesterday I was at a long time customer of mine which had implemented VMware Horizon View as a their VDI solution. This customer load balances everything through Citrix NetScaler, it’s pretty much company policy to load balance every infrastructure component unless. Good policy I think.

A little information on how VMware (Horizon) View works from an architectural point of view, (see image below). A VMware VDI connection dataflow is completely serial, it cannot switch connection over servers. You will also need to create a Persistency Group on the NetScaler to tie these protocols together so they stay in the same connection data flow. In the below scenario the environment consists of a single Horizon View deployment using two VMware Connection Servers and two VMware VDI Hosts.

VMware-View-LB-Architect
Image from http://vmfocus.com

Not about load balancing. This blog post will not go into detail of how to load balance VMware View (Connections Servers) but how to configure the monitor the VMware VDI Hosts behind the VMware Connection Servers. There are a numerous sites on the topic of load balancing, for instance:
http://vmfocus.com/2014/01/14/load-balancing-horizon-view-design/

Read more of this post

(1Y0-A34) Citrix Networking for Apps & Mobile Security Specialist Practicum – Passed

Passed the (1Y0-A34) Citrix Networking for Apps & Mobile Security Specialist Practicum exam which is needed for maintaining Citrix Partner Gold Status with the Citrix NetScaler for Networking for Apps & Mobile Security specialization.

Although taking the practicum was a little trial and error on it’s own (difficulties within the test lab, confusement on the time to start and how much you actually have for taking the practicum) I like the idea of the flexibility and creativeness of different ways a solution can be created within a Citrix NetScaler solution. I can imagine it can be challenging for the Citrix practicum evaluators to interpret the different approaches that can be taken when configuring Citrix NetScaler.

image

Choose your NetScaler … wisely

I spend a lot of my time breaking down the different models of Citrix NetScaler appliances and different Software Editions within the Citrix NetScaler portfolio.

I decided to set up a blog about this since the path is usually pretty much (lengthy but) the same. This does not mean the answer is always easy because there are a lot of questions that need to be answered.

The first thing I would like to get off my chest is the following: Stop seeing/selling the Citrix NetScaler as a replacement for Secure Gateway. It is so much more than that. I often have discussions with various engineers and consultants telling me that Citrix NetScaler is so expensive for a Remote Access solution because Secure Gateway always used to be free. No offense but a Citrix NetScaler solution belongs to the networking department, not the Citrix XenApp sys admin department. Or maybe limited.

Read more of this post

To EPA or not to EPA …

For anyone who has not worked with NetScaler Gateway Endpoint Protection Analysis before. It is pre-check before the user get to see the Gateway Logon page it has to comply certain rules that we have programmed the Gateway with. Sometimes I here people say that there is no future for EPA, but I would like to show a use-case which still is actively deployed using NetScaler Gateway and EPA’s.

This feature was already present with the Citrix Access Gateway Advanced using Citrix Advanced Access Control Option Server, yes did it! :-).

What it does is that upon client request it will launch a small piece of Citrix client software to check if the client meets our requirements for connecting. This is triggered by using an ActiveX component within Internet Explorer of Firefox. If the software is not installed it will prompt the user to do so.

Read more of this post

Performance degrades when enabling Citrix (Branch) Repeater Traffic Acceleration

An interesting problem where a customer has a PoC environment to see if Citrix Repeaters would add value to the Citrix XenApp/XenDesktop implementation over a WAN connection with the help of a Citrix Repeaters 8540 on each end.

Whenever the Traffic Acceleration mode was enabled performance of the XenApp/XenDesktop connection was worse then having Traffic Acceleration disabled. Movies would play frame by frame, it would take ages to move a AutoCAD object from A to B within a drawing.

The ‘receiving’ Citrix Repeater’s Log mentioned Fragmented IP Packets are being received.

Read more of this post

Contributing to Citrix Education

Last week I was off to Citrix Systems, Santa Clara for attending the next Citrix NetScaler-based CCA exams IDW (Item Development Workshop). An IDW is a workshop that lasts about a week in which you and others will create exam questions (or items) that will appear on the next (or revised) Citrix exam(s). In this particular IDW we are concentrating on the follow-up exams of the old Citrix NetScaler 1Y0-A11 and Citrix Access Gateway Enterprise 1Y0-A13 which are based on the Citrix NetScaler 9 software version.

Citrix NetScaler IDW 2012-01

Unfortunately we forgot to take a picture of all the participants together, so to name a few: from left to right: Lourdes Soler (Citrix), Henny Louwers, Stuart Souter, Alejandra Garcia (Citrix), Craig Pickford and Robert Zehnder.

Read more of this post

Citrix NetScaler with SSD (first impression)

The Citrix NetScaler MPX 5500-7500 and 9500 appliance models now ship with Solid State Drives and says (good?)bye to the platter disk for these particulair models. This was anounced by Citrix back in februari this year: http://blogs.citrix.com/2012/02/09/citrix-netscaler-moves-to-solid-state-drives-for-future-mpx-5500-7500-and-9500-shipments/

Citrix has been using Solid State Drives in the MPX 17500/19500/21500 platforms for a longer time but they are only used for mounting the /flash volume. In the MPX 5500/7500/9500 the /flash volume is mounted on a CompactFlash Card. The (platter) Hard Disk Drive which is now being replaced by an SSD is used for the /var volume, this is where all the data and logs files are kept.

I now have a set of Citrix NetScaler MPX 5500 series which has been delivered with such Solid State Drives. The SSD in question is a Samsung 2.5” 128GB SSD (SATA3.0Gbps) which is known as a Samsung 470 series. This particulair SSD can perform sequential reads up to 250 MB/sec and sequential writes at 220 MB/sec. In comparison to the latest releases of Solid State Drives those numbers are not amazing. More information of the SSD : http://www.samsung.com/us/computer/memory-storage/MZ-5PA128/US-specs

Read more of this post

[BUG] “Unexpected Response” Access Gateway Enterprise in NetScaler build 9.3-53.5

If you are using Citrix Receiver on iOS or Android to access pulished applications on Citrix Access Gateway Enterprise (NetScaler) do not upgrade to the latest firmware which is 9.3-53.5.

Users will get an “Unexpected Response” on an iOS device when they try to login to a Citrix Access Gateway environment. On Android the error statement is “The Citrix Access Gateway you are connecting to is not configured for this device. Please contact your administrator.”

Read more of this post

Publish RSA Self-Service Console through NetScaler

This week I was at a customer which would like to publish the RSA Self Service Console so that users can self-service their RSA tokens, passwords and accounts and create some sort of redundancy with multiple RSA Authentication Servers. RSA has limited documentation on publishing the RSA Self-Service Console using a reverse proxy, especially Citrix NetScaler.

First of all, what you need to be aware of is that the RSA Servers works in a Primary/Replica model in which only the Primary can be written to by users, all other RSA Servers are read-only replica’s. So you can not use the replica servers for changing tokens, resetting passwords or enabling accounts. Replica’s can only be used for authenticating purposes.

image

Read more of this post