(a nice but partly failed try) Complex web applications may lead to complex NetScaler configuration. And sometimes an administrator may get lost troubleshooting complex websites, especially sites using content switching. This is an example of a real world website: The portal page is assembled of several independent web applications. Each application is hosted on a specific group of load balanced...
Recently I found out: DNS is a big bandwidth waster on my internet connection. Strange, isn’t it? DNS? So I started a network trace on my firewall: someone is abusing one of my DNS servers. I guess it’s a kind of malware using my DNS server, but I am not really sure. The domain was X99MOYU.NET belonging to a Chinese company called ZhuHai NaiSiNiKe.. Content of the website is not...
Last update: July 12 2018 This blog is about NetScaler versions up to 12. Find later versions here January 2020: It’s pretty outdated by now, as some of the proposed encryption methods are outdated and there are serious concerns about TLS1.0 and TLS 1.1. Read Thomas’s blog from here. Citrix NetScaler load balancing and content switching servers will only score an C in quality labs SSL...
This is an updated blog entry. I first posted it on my old and discontinued blog at blog.com for Citrix NetScaler 10, this one is for Citrix NetScaler 11. We all know how to get a private Certificate for free: You just have to set up a Windows Server, add a role, select certificate authority. That’s it. However these Certificates are not trusted by any browser, even worse: they are not trusted by...
Last update: July 7th 2018 (FEO testpage does not exist any more, but I updated the download link) I played round on my Citrix NetScaler with Front End Optimization (FEO) in NetScaler 11 built 63.16 (October 2015). There are several requirements. First of all, FEO is a feature depending on an other feature: Integrated Caching. Integrated Caching has to be set up properly, I have written a blog...
Front End Optimization on a Citrix NetScaler will only work, if caching is set up correctly. This is especially true for image optimization. Usually it’s caching to blame for if image optimization does not work. So what to do? Citrix tells us (edocs.citrix.com): Front end optimization requires the NetScaler integrated caching feature to be enabled. Additionally, you must perform the...
As soon as our NetScaler Gateway is up and running we need to set up StoreFront to use it. It’s more a kind of introducing the NetScaler Gateway to StoreFront. Other than WebInterface StoreFront is designed to use a NetScaler Gateway, so it’s a rather easy thing to do. Enabling Pass-Through authentication from NetScaler Gateway We open up StoreFront management console and click...
last update February 7th 2017 There are never versions about SSL-settings We have previously created a NetScaler Gateway on our NetScaler 11. That’s great! Time to check if it’s secure. I usually use SSL labs SSL test, a widely used tool to test the security of a website. I have an other blog about NetScaler virtual servers (contentswitching and loadbalancing SSL offloading servers)...
It is quite easy to set up a NetScaler Gateway on NetScaler 11. It’s quite similar to NetScaler 10.5, but the wizard is much more powerful now! I’ll show you how to do it. Prerequisites I assume you have: a certificate in place. This certificate should be a valid certificate created by a trusted certificate authority. If you don’t know how to get or create a certificate: there...
last update: February 7th 2017 Similar but newer posts: Changing my Citrix NetScaler VPX based website from http to https and scoring an A+ in SSL labs test and Making a NetScaler Gateway on NetScaler 11 a bit more secure ECDHE Ciphers, this means, Elliptic curve Diffie–Hellman type of cyphers, add additional security to a NetScaler. If we want to use this kind of cyphers we need to create a DH...