I recently was asked to teach Citrix SD-WAN. My first thought was: wtf? I asked Google, and Google, knowing everything, spoke to me in infinite wisdom: Citrix SD-WAN’s previous name is Branch Repeater. And Branch Repeater, I did already know this, once was the new name for WanScaler (a product I have been certified on, but never used in real life). Meanwhile the product got rebranded again and is...
last update: January 6 / 2021 It does work no more, at least since version 12.1. Or: The power of the ANY service type This is a workaround for a well-known problem in NetScaler: Binding NetScaler Gateways to content switching vServers. This solution does not follow Citrix best practices. Avoid using it, if you can! My solution will work with NetScaler 10 upward. I didn’t test with 9.x as...
(a nice but partly failed try) Complex web applications may lead to complex NetScaler configuration. And sometimes an administrator may get lost troubleshooting complex websites, especially sites using content switching. This is an example of a real world website: The portal page is assembled of several independent web applications. Each application is hosted on a specific group of load balanced...
Recently I found out: DNS is a big bandwidth waster on my internet connection. Strange, isn’t it? DNS? So I started a network trace on my firewall: someone is abusing one of my DNS servers. I guess it’s a kind of malware using my DNS server, but I am not really sure. The domain was X99MOYU.NET belonging to a Chinese company called ZhuHai NaiSiNiKe.. Content of the website is not...
Last update: July 12 2018 This blog is about NetScaler versions up to 12. Find later versions here January 2020: It’s pretty outdated by now, as some of the proposed encryption methods are outdated and there are serious concerns about TLS1.0 and TLS 1.1. Read Thomas’s blog from here. Citrix NetScaler load balancing and content switching servers will only score an C in quality labs SSL...
This is an updated blog entry. I first posted it on my old and discontinued blog at blog.com for Citrix NetScaler 10, this one is for Citrix NetScaler 11. We all know how to get a private Certificate for free: You just have to set up a Windows Server, add a role, select certificate authority. That’s it. However these Certificates are not trusted by any browser, even worse: they are not trusted by...
Last update: July 7th 2018 (FEO testpage does not exist any more, but I updated the download link) I played round on my Citrix NetScaler with Front End Optimization (FEO) in NetScaler 11 built 63.16 (October 2015). There are several requirements. First of all, FEO is a feature depending on an other feature: Integrated Caching. Integrated Caching has to be set up properly, I have written a blog...
Front End Optimization on a Citrix NetScaler will only work, if caching is set up correctly. This is especially true for image optimization. Usually it’s caching to blame for if image optimization does not work. So what to do? Citrix tells us (edocs.citrix.com): Front end optimization requires the NetScaler integrated caching feature to be enabled. Additionally, you must perform the...
As soon as our NetScaler Gateway is up and running we need to set up StoreFront to use it. It’s more a kind of introducing the NetScaler Gateway to StoreFront. Other than WebInterface StoreFront is designed to use a NetScaler Gateway, so it’s a rather easy thing to do. Enabling Pass-Through authentication from NetScaler Gateway We open up StoreFront management console and click...
last update February 7th 2017 There are never versions about SSL-settings We have previously created a NetScaler Gateway on our NetScaler 11. That’s great! Time to check if it’s secure. I usually use SSL labs SSL test, a widely used tool to test the security of a website. I have an other blog about NetScaler virtual servers (contentswitching and loadbalancing SSL offloading servers)...