Its Easy – NetScaler Basics for beginners
This post is purely to understand the Netscaler basics. I tried to make it simple in this post, as there are many confusions when we work on netscaler for the first time.
Netscaler is an Application delivery controller (ADC) having loads of other features like Netscaler gateway and Web application firewall. Features are available based on the licenses.
What is Netscaler IP (NSIP) used for ?
Management Access ( configuration Utility, SSH)
LDAP communication for authentication
Radius communication for authentication
Any Other authentication
What is Subnet IP (SNIP/MIP) ?
At least one Subnet IP is required in Netscaler
DNS and Wins communication
Any communication with backend servers/services
In general we will have SNIP form the Subnet Netscaler is directly connected to Router (this router will route traffic to internal servers)
If the backend servers are in same subnet of SNIP it will talk directly, If not traffic will go through router.
What is Virtual IP (VIP) ?
Users will connect to these IP’s for accessing the services.
Public IP’s will NAT to these VIP’s.
What is one arm and two arm?
If backend servers, NSIP, VIP and SNIP are in same subnet then it is One ARM, If not its two ARM. In general one arm deployments will have default route point to default gateway. Two arm mode your will have different network subnets configured on netscaler and multiple routes will be in place. (In reality it is very complicated to understand – refer to Netscaler physical deployment methods)
There are some exceptional deployments where we can do One arm with VIP in diff subnet. The no of cables hanging from netscalers doesn’t say which mode we are using. One arm also can have all 6 cables connected to switch.
What is reverse proxy or SSL proxy?
If Netscaler virtual server is configured as SSL and a server certificate is bound to it, Then NetScaler will offload the SSL encryption and decryption. This is called Reverse Proxy or SSL Proxy.
What is SSL Bridge ?
As the name says the virtual server in netscaler will not do SSL offload, It will pass the SSL traffic to backend servers.
What is Netscaler gateway ?
Netscaler gateway feature in netscaler is earlier called as access gateway. This is typically used for remote access like ICA Proxy, RDP Proxy and VPN solutions.
Do we need to do any hardware or firmware changes for license upgrade ?
NO need , download the new license and restart. everything will work. (standard -> Enterprise -> Platinum). your configuration will stay as is.
Do we need to do any hardware or firmware changes for appliance upgrade from MPX to SDX?
Yes, Most of the netscalers will support MPX to SDX upgrade. We need to change hard disk of netscaler for this. So reconfiguration is required.
But it is easy if Netscaler MPX are in HA pair.( one after another can be done to avoid downtime and reconfiguration)
How to change Netscaler IP after deploying?
Connect with putty or console cable.
-set ns config
or
-set ns config -ipaddress 192.168.20.30 -netmask 255.255.255.0
Hope this post is helpful. leave your comments and suggestions below.
WONDERFUL Post.thanks for share..more wait .. …
Excellent Article.
Thanks!
I have a question why netscaler why not vmware load balance product?
If customer has vmware NSX they will have load balancer. But in typical organizations we see either F5 or Netscaler as load balance’s due to their maturity and adaptability.
For internal services NSX edge load balancer is good. but for external use, WAF and global load balancer you need F5 or Netscaler.
1.Interviewer asked me that all the external users( logged in through Netscaler) are facing slowness issue in their VDI whereas internal users not facing any slowness in their VDI.
2.All the users can’t login to Netscaler post successfully l entering their credentials. It is stuck in Netscaler page itself and not get into the store front page, and user not getting any error msg simply the cursor moving. What would be the cause?
Please explain me.
this is most probably the throughput and capacity related issues. Sometimes after upgrading netscaler firmware also this happens