Deploying Microsoft SharePoint with Cisco ACIand Citrix NetScalerDesign and Implementation Guide

March 26, 2015

Building Architectures to Solve Business Problems

CCDE, CCENT, CCSI, Cisco Eos, Cisco Explorer, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase,Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco TrustSec, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, FlipMino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work,Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; andAccess Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, theCisco Certified Internetwork Expert logo, Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity,Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, iLYNX, IOS, iPhone, IronPort, theIronPort logo, Laser Link, LightStream, Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY,PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo areregistered trademarks of Cisco and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1002R)

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler Design and Implementation Guide

Partner Access ONLY

Service Provider Segment© 2015 Cisco Systems, Inc. All rights reserved.

Design and Implementation Guide

C O N T E N T S

Preface 1

Navigator 1-1

Document Objective and Scope 1-1

Use Cases/Services/Deployment Models 1-1

C H A P T E R 1 Introduction 1-1

C H A P T E R 2 Use Cases 2-1

Business Use Case 2-1

Enabling an Efficient, Secure, and Reliable Architecture 2-2

Technology Use Cases 2-2

NetScaler Services 2-2

Optimizing Security, Performance, and Availability 2-3

Use Case—Securing SharePoint Traffic Delivery 2-3

Use Case—Optimizing Responsiveness and Performance 2-4

Use Case—Enabling Resiliency and Failover 2-4

C H A P T E R 3 Design Overview 3-1

Introduction to Cisco ACI 3-1

Cisco ACI Benefits 3-1

Citrix NetScaler SDX Overview 3-2

Cisco Intercloud DC ACI 1.0 Architecture 3-3

Cisco Intercloud DC ACI 1.0 Architecture with Silver Cloud Consumer Model 3-4

Silver Tenant Container 3-4

Silver Tenant Container Layout 3-4

Solution Topology and Design Principles 3-5

Physical Topology 3-5

Logical Topology 3-6

APIC Tenant Construction 3-7

User Roles and Security Domain 3-8

C H A P T E R 4 Configuration Details 4-1

Prerequisites and Initial Provisioning 4-1

Provisioning an ACI Silver Tenant Container 4-2

iDeploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Contents

Configuring L2 and L3 Settings on ACI for NetScaler SDX 4-2

Initial NetScaler SDX Appliance Installation and Setup 4-2

Structuring a Highly Available Deployment 4-2

Configuring NetScaler VPX Instances on NetScaler SDX Appliances 4-3

Configuring ACI and NetScaler for a SharePoint Deployment 4-6

Define Citrix NetScaler as L4-L7 Device: Importing NetScaler Device Package 4-8

Using the APIC GUI to Import the NetScaler Device Package 4-8

Using the APIC CLI to Import the NetScaler Device Package 4-9

Creating a Device Cluster 4-9

Using the APIC GUI to Create a NetScaler Device Cluster 4-9

Using XML to Create a NetScaler Device Cluster 4-11

Creating an Application Profile 4-12

Using the APIC GUI to Create an Application Profile and EPG 4-12

Using XML to Create an Application Profile and EPG 4-13

Creating APIC Service Graphs for NetScaler Services 4-13

Using the APIC GUI to Create Service Graphs 4-14

Using XML to Configure Service Graphs for Generic LB Traffic 4-16

Using XML to Create Service Graphs for SharePoint Traffic 4-17

Configuring Application Profile L4-L7 Service Parameters for NetScaler Instances 4-18

Using the APIC GUI to Configure L4-L7 Service Parameters for Generic LB Traffic 4-19

Using XML to Configure L4-L7 Service Parameters for Generic LB Traffic 4-21

Using the APIC GUI to Configure L4-L7 Service Parameters for SharePoint Traffic 4-22

Using XML to Configure L4-L7 Service Parameters for SharePoint Traffic 4-24

Configuring a Contract 4-25

Using the APIC GUI to Create a Contract 4-25

Using XML to Create a Contract 4-28

Deploying Service Graphs 4-29

Using the APIC GUI to Deploy Service Graphs 4-29

Using XML to Deploy Service Graphs 4-30

Viewing Service Graphs Deployed to NetScaler 4-31

C H A P T E R 5 Validating the Configuration 5-1

Verifying the Configuration 5-1

Validating Traffic Flows with NetScaler 5-2

Validating General Traffic Flows with NetScaler 5-2

Validating SharePoint Traffic Flows with NetScaler 5-2

Validating Microsoft SQL Server Flows with NetScaler 5-4

Validating AppFW Functionality with NetScaler 5-5

Validating Solution High Availability and Failover 5-5

iiDeploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Contents

NetScaler VPX Instance Failover 5-5

NetScaler SDX Appliance Failover 5-6

Fabric and APIC Failover Scenarios 5-6

Configuring NetScaler GSLB for Multiple data centers 5-6

A P P E N D I X A Product List A-1

A P P E N D I X B References B-1

Cisco ACI References B-1

Citrix Reference B-1

A P P E N D I X C Configurations C-1

NetScaler Instance Configuration Summary C-1

Automating APIC Configuration for SharePoint C-8

XML Files for Configuring NetScaler Instances C-9

XML Files for Configuring Basic Functions C-10

XML Files that Configure NetScaler Services for SharePoint C-41

XML for Content Switching C-42

XML for Database Content Switching C-49

XML for Application Firewall C-56

XML for Global Server Load Balancing (GSLB) C-65

iiiDeploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Contents

ivDeploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Preface

Cisco Application Centric Infrastructure (ACI) and Citrix® NetScaler® SDX appliances can deliver application and business agility.

Cisco ACI and Citrix NetScaler enable data center and cloud administrators to holistically control L2-L7 network services in a unified manner via seamless insertion and automation of NetScaler services in data centers built with ACI architectures. NetScaler leverages the Cisco APIC (Application Policy Infrastructure Controller) to automate provisioning based on application needs.

This document is based on the foundation of the Cisco Intercloud Data Center ACI 1.0 Implementation Guide.

Note This document is exclusive to Partners ONLY.

NavigatorThis Cisco Validated Design (system solution) documents the necessary topology, configuration steps, and reference materials needed to implement and integrate the Citrix NetScaler SDX appliance into the ACI fabric to support deployments of Microsoft® SharePoint Server® 2013.

Document Objective and ScopeThis document provides a comprehensive explanation of Cisco ACI and Citrix NetScaler integration and configuration, solution architecture, deployment model, and guidelines for implementation and configuration. The guide also recommends best practices and possible issues when deploying the reference architecture.

Use Cases/Services/Deployment ModelsIn support of Microsoft® SharePoint Server® 2013 deployments, this guide addresses the configuration of Citrix NetScaler® SDX appliances on a Cisco Application Centric Infrastructure (ACI) fabric.

1Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

PrefaceUse Cases/Services/Deployment Models

2Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Deploying MicrosDesign and Implementation Guide

C H A P T E R 1

Introduction

Microsoft® SharePoint Server® 2013 is an innovative way for employee teams to work together. It allows enterprises to create a secure mechanism for teams to store, organize, share, and access information. Documents can be downloaded, edited, and then re-uploaded for continued sharing. SharePoint simplifies how companies can manage information, project teams, and assignments across the organization.

For enterprise IT organizations, delivering Microsoft® SharePoint Server® 2013 via a cloud services deployment model can yield compelling business benefits: greater business agility, faster provisioning, and efficiencies that can reduce costs. To help IT organizations realize these goals, Cisco and Citrix offer leading-edge technologies and a validated reference architecture that can transform SharePoint implementations into secure, scalable, and dynamic cloud services.

Cisco Application Centric Infrastructure (ACI) is the industry's most comprehensive SDN solution built on an open, secure and flexible architecture. The Cisco ACI joint solution with Citrix NetScaler portfolio helps accelerate application deployment onto networks with scale, multi-tenancy, and security. Cisco ACI integrates with NetScaler through open APIs and scripts, providing consistent automation and orchestration of Application Delivery Controller (ADC) services required to deploy applications in a fast, highly secure, and reliable manner. The combination of these technologies yields an enterprise-ready cloud services model for resilient, secure, and responsive SharePoint collaborative services.

This system solution describes how to configure Citrix NetScaler within the ACI fabric in an optimized deployment for SharePoint Server 2013.

1-1oft SharePoint with Cisco ACI and Citrix NetScaler

Chapter 1 Introduction

1-2Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Deploying MicrosDesign and Implementation Guide

C H A P T E R 2

Use Cases

Two categorical use cases are presented in defining this system solution:

• Business Use Case, page 2-1

• Technology Use Cases, page 2-2

Business Use CaseThe joint solution delivered by Cisco ACI and Citrix NetScaler technologies is ideal for enterprise deployments of Microsoft SharePoint Server 2013. The solution allows IT administrators to configure efficient and agile application services for enterprise collaboration. Whether SharePoint is deployed within a private enterprise cloud or from a cloud service provider, Cisco ACI and Citrix NetScaler create an application-driven solution that fosters data security, responsive performance, and high service levels.

Cisco ACI enables a scalable, efficient cloud infrastructure that is application-centric. ACI technology combines the benefits of Software-Defined Networking with centralized policy control, allowing data centers to automate, virtualize, and pool infrastructure and network resources and provision them based on application requirements. Cisco ACI supplies the critical link between business-based requirements for application services and the enterprise infrastructure that delivers them. As a result, data centers gain speed and flexibility when deploying applications as well as the ability to consolidate resources, secure data, and reduce costs.

Citrix NetScaler intelligently directs application traffic between the Cisco ACI fabric and the available infrastructure. It is the only Application Delivery Controller that fully integrates into Cisco's unified ACI fabric. This integration reduces deployment complexity and aligns applications to infrastructure using automation, saving deployment time and increasing flexibility.

This joint solution enables enterprise IT organizations to simplify application-driven control of Layer 4 to Layer 7 network services. Cisco ACI is supported on Cisco Nexus 9000 series switches and is managed through a centralized policy controller, the Application Policy Infrastructure Controller (APIC). APIC automates network provisioning—including production-ready NetScaler configurations—based on application requirements and defined traffic management policies. APIC is a comprehensive and unified management framework that can orchestrate NetScaler instances based on APIC-configured service policies.

2-1oft SharePoint with Cisco ACI and Citrix NetScaler

Chapter 2 Use CasesTechnology Use Cases

Enabling an Efficient, Secure, and Reliable ArchitectureMuch of the potential promise of enterprise cloud architectures stems from cost savings and efficiencies that are gained through consolidation. Sharing infrastructure and networking components can yield management efficiencies as well as savings in CAPEX and OPEX. At the same time, cloud architectures require strict separation between shared resources including servers, enterprise networks, and data streams. Because SharePoint application services enable collaboration between different end-user and business entities (including suppliers, customers, and line-of-business organizations), secure multi-tenancy is an underlying requirement to isolate traffic and protect data.

For networking components (such as Application Delivery Controllers), supporting multi-tenancy has historically involved the ability to carve a single device into multiple logical partitions. This approach allows different sets of policies to be implemented for each tenant or application without the need for many separate devices. However, on some ADC devices, this approach is inadequate because the degree of isolation is limited.

The NetScaler SDX appliance—because it supports multiple, fully isolated virtualized instances—overcomes the challenge of enabling consolidation while providing strict isolation. Since the NetScaler SDX supports ADC instances that run as separate virtual machines, it enables tenant segregation for consolidated SharePoint workloads. Clustering NetScaler instances, along with best practices for designing a highly available SharePoint deployment, facilitates the high service levels and protection needed for strategic SharePoint services.

Technology Use CasesThis system solution constructs a fully functional Microsoft SharePoint farm on a Cisco ACI fabric. NetScaler instances on the fabric direct SharePoint client requests to physical and virtualized infrastructure resources, forwarding traffic to infrastructure servers. While doing so, it applies Layer 4 through Layer 7 services.

In addition to redundant SharePoint servers in the farm, this enterprise-ready deployment relies on Microsoft SQL Server 2012 clustering and failover for high availability. To optimize performance and availability, traffic is load-balanced across multiple SharePoint and SQL servers. NetScaler and the ACI fabric provide enterprise-grade security and data protection for SharePoint and SQL client requests as well as general web traffic.

NetScaler ServicesNetScaler instances in this system solution are specifically configured to perform these operations:

• Web traffic inspection, identifying destinations, ports, and protocols.

• Load balancing of web traffic using load-balancing virtual IPs (LB VIPs). NetScaler instances perform Layer 4 (TCP and UDP) through Layer 7 (FTP, HTTP, and HTTPS) traffic management and load balancing.

• SSL offloading using built-in NetScaler hardware acceleration. In this system solution, SSL offloading is performed for generic traffic as well as for SharePoint web traffic.

• Content (or Layer 7) switching for SharePoint web and Database traffic. Content switching provides fast packet switching based on application-specific information (such as a URL, a cookie, or an SSL session ID). In this deployment, content switching allows traffic to be directed to different

2-2Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 2 Use CasesTechnology Use Cases

SharePoint or SQL servers based on application layer criteria. The packet is forwarded from a Content Switching (CS) VIP to an LB VIP and in this way load-balanced across SharePoint or SQL servers in the farm.

• Layer 7 application firewall for SharePoint web traffic. This is in addition to the ACI fabric’s firewall capabilities—ACI acts inherently as a network firewall since it allows only configured traffic to pass between fabric endpoints. (By default, communication between endpoints is denied. ACI policies define the TCP/UDP ports that are opened to allow communication between endpoints.) NetScaler devices provide complementary firewall capabilities at the application layer.

• Global server load balancing (GSLB). GSLB extends the concept of load balancing across the end-to-end enterprise, distributing client requests across multiple data centers based on proximity, load, or availability. In this way, the NetScaler instances improve response time and support disaster recovery for SharePoint services.

• The Cisco Application Policy Infrastructure Controller (APIC) provides an intuitive and easy configuration process, allowing NetScaler functions to be intelligently chained together (such as the combination of content switching, SSL offloading, and load balancing for SharePoint client requests). APIC uses the concept of a service graph to represent the sequence of traffic management functions. As shown in later configuration procedures, service graphs (and associated Layer 4 to Layer 7 parameters) for NetScaler functions can be defined in APIC using the graphical user interface (GUI) or Python-interpreted XML files.

• APIC also supplies comprehensive management visibility into the fabric and NetScaler operations. It supplies a centralized view of configuration parameters as well as the ability to manage and observe traffic, events, and performance.

An overview describing the integration of Cisco ACI and Citrix NetScaler technologies is available in the architecture guide, “Implementing Cisco Application Centric Infrastructure with Citrix NetScaler Application Delivery Controllers.”

Optimizing Security, Performance, and AvailabilityThis system solution documents how Citrix NetScaler instances integrate with the fabric to meet enterprise-level architectural goals, including:

• Securing SharePoint application delivery for multiple tenants

• Optimizing SharePoint performance

• Enabling high availability and failover for SharePoint services and associated databases

Use Case—Securing SharePoint Traffic Delivery

SharePoint deployments control access to company and customer-sensitive data, so client requests on the fabric must be protected against data loss and compromise. This implementation of NetScaler provides critically important application security, network/infrastructure security, and identity and access management capabilities.

NetScaler provides robust multi-tenancy capabilities, running completely independent NetScaler instances with separate policies. Separate IP addressing simplifies deployment into the ACI fabric. NetScaler completely isolates traffic, helping to meet compliance requirements.

2-3Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 2 Use CasesTechnology Use Cases

NetScaler enables application-layer protections, including a full-featured application firewall, data loss protection, and countermeasures for thwarting denial-of-service (DoS) and other Layer 7 attacks. Layer 7 application firewall (AppFW) capabilities examine bi-directional traffic, including SSL-encrypted packets, to safeguard against a range of security threats. At the application layer NetScaler can also perform HTTP protocol validation to protect against DoS attacks.

NetScaler also incorporates several network and infrastructure-oriented security capabilities, including SSL-based encryption, DNS security, and Layer 4 attack protection. To protect against Layer 4 DoS attacks, NetScaler controls the allocation of back-end resources until it establishes a legitimate client connection and a valid request has been received.

For SharePoint traffic, SSL offloading can be applied pervasively beyond HTTPS. A simple SSL offloading scheme decrypts SSL records in HTTPS and then forwards HTTP traffic in clear text to back-end web servers. To safeguard against HTTP compromise, an end-to-end SSL offloading approach applies SSL offloading to re-encrypt the clear text for communications with the back-end web servers. To facilitate fast SSL operations, NetScaler supports both 2048 and 4096 bit keys in hardware.

In addition to load balancing internal DNS servers, NetScaler can also be configured to operate as an authoritative DNS (ADNS) server to directly handle name and IP resolution requests. This capability can be implemented in conjunction with GSLB to balance load across multiple data centers that support SharePoint Server 2013.

Use Case—Optimizing Responsiveness and Performance

For SharePoint workloads, NetScaler instances are used to load balance both edge and content servers. Intelligent load balancing distributes user requests for content across multiple SharePoint servers in the farm. Load balancing can be used to manage user requests, prevent poor performance and outages, and ensure that users can access protected applications. Load balancing—within a single data center as well as GSLB across multiple data centers—means that SharePoint services are continuously accessible and responsive.

NetScaler compression, caching and load balancing features also help to conserve bandwidth. ACI defines network Quality of Service (QoS) service classes for traffic, permitting bandwidth allocation based on tenant requirements. Since NetScaler offloads CPU-intensive tasks such as SSL processing, caching, and compression from SharePoint servers, these servers can process greater load and scale more efficiently. NetScaler also acts as a SQL proxy, offloading connection management from the SQL servers, and performs Database optimizations. This conserves SQL server resources, which helps to improve performance and scalability.

Use Case—Enabling Resiliency and Failover

This system solution defines a highly available architecture for deploying SharePoint. It leverages the Cisco Intercloud DC ACI 1.0 Architecture (the Silver Cloud Consumer Model) and includes redundant SharePoint servers and AlwaysOn Availability Groups in Microsoft SQL Server 2012. (Refer to Microsoft Tech Note: “Failover Clustering and AlwaysOn Availability Groups: SQL Server”.) NetScaler DataStream technology performs intelligent monitoring of Microsoft SQL Server, detecting which AlwaysOn node is the master so that NetScaler load-balancing services direct traffic appropriately.

To support NetScaler failover, NetScaler instances are configured as an Active/Standby pair. All instance configuration changes are synced from the Primary HA node (Active instance) to the Secondary HA node (Standby instance). A health check or “heartbeat” monitors the status of the primary node. During a failover, the Standby instance takes over as Active.

2-4Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 2 Use CasesTechnology Use Cases

NetScaler load balancing promotes high availability for on-demand SharePoint services. Within a single data center, if a SharePoint server in the farm or an SQL Server is unavailable, the NetScaler instance will direct application requests to the remaining servers. Across multiple enterprise data centers, NetScaler GSLB functionality can be configured to distribute SharePoint client requests across data centers. Various criteria for GSLB distribution can be used, such as least connection, static proximity, or dynamic proximity. If a link to a data center goes down, NetScaler can redirect traffic to an available data center.

This system solution includes configuration details deploying NetScalers in the ACI fabric to achieve a resilient SharePoint deployment. Later sections cover how to configure NetScaler instances from APIC to optimize application service levels and enable service failover.

2-5Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 2 Use CasesTechnology Use Cases

2-6Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Deploying MicrosDesign and Implementation Guide

C H A P T E R 3

Design Overview

The following sections emphasize system solution design considerations.

Introduction to Cisco ACICisco Application Centric Infrastructure (ACI) technology provides the capability to insert Layer 4 through Layer 7 (L4-L7) functions using an approach called service graph. The industry normally refers to the capability to add L4-L7 devices in the path between endpoints as “service insertion”. Cisco ACI service graph technology can be considered a superset of service insertion.

This document describes the service graph concept and how to design for service insertion with the service graph.

As Figure 3-1 shows, Layer 4 through Layer 7 services can be physically located anywhere in the fabric, and they can be running as physical appliances or as virtual appliances.

Figure 3-1 Cisco ACI Fabric with Layer 4Through Layer 7 Services

Cisco ACI BenefitsThe main purpose of a data center fabric is to move traffic from physical and virtualized servers and forward it to its destination, and while doing so apply meaningful Layer 4 through Layer 7 services such as: firewalls, load balancing, traffic inspection, SSL offloading, and application acceleration.

2987

95

Leaf Switches

Controllers

Layer 4 ThroughLayer 7 Services

Physical and VirtualizedServers

No Endpoints Attach Here

Spine Switches

3-1oft SharePoint with Cisco ACI and Citrix NetScaler

Chapter 3 Design OverviewCitrix NetScaler SDX Overview

The main benefits of using a Cisco ACI fabric to provision Layer 4 through Layer 7 services include:

• Single point of provisioning through the GUI, the Representational State Transfer (REST) API, or Python scripts

• Powerful scripting and programming environment with a Python software development kit (SDK)

• Capability to provision very complex topologies instantaneously

• Capability to add and remove workloads from the load balancers or firewall configurations without human intervention

• Capability to create a logical flow of functions instead of just a sequence of Layer 4 through Layer 7 devices

• Multitenancy (network slicing) on the fabric and on the service devices

• Capability to create portable configuration templates

• Intuitive and easy configuration process

One of Cisco ACI’s several innovations in the area of service insertion is that Cisco ACI allows you to concatenate functions offered by individual Layer 4 through Layer 7 devices instead of simply connecting discrete boxes in sequence.

Citrix NetScaler SDX OverviewThe Citrix® NetScaler® SDX platform optimizes delivery of applications over the Internet and private networks, combining application-level security, optimization, and traffic management into a single, integrated appliance. After installing NetScaler SDX appliances in a data center, all connections to managed servers can be routed through it to control incoming and outgoing network traffic.

The Citrix NetScaler SDX platform delivers fully isolated NetScaler instances hosted on a single physical appliance (Figure 3-2). Each instance is a full-blown NetScaler VPX environment that optimizes application delivery. Each NetScaler instance performs configured application-level security, optimization, and traffic management functions. For SharePoint environments, NetScaler instances provide application load balancing, SSL offloading of encryption/decryption operations to hardware, content switching, and database load balancing, application firewall, and Global Server Load Balancing (GSLB).

Figure 3-2 A Citrix NetScaler SDX Appliance Hosts Multiple Virtual NetScaler VPX Instances

Each NetScaler VPX instance runs as a separate virtual machine with its own dedicated NetScaler kernel, CPU resources, memory, address space, and bandwidth allocations. Network I/O is done in a way that not only maintains aggregate system performance but also enables complete segregation of each tenant's data and management-plane traffic.

2987

96

3-2Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 3 Design OverviewCisco Intercloud DC ACI 1.0 Architecture

NetScaler VPX features include Layer 4 through Layer 7 traffic management (L4 load balancing, L7 content switching, database load balancing), application acceleration, application security/firewall, and network integration.

The NetScaler SDX appliance is equipped with 10 Gbps Ethernet (10GE) and 1 Gbps Ethernet (1GE) ports—the type and number of ports varies according to the specific NetScaler SDX model. The connections can form an EtherChannel bundle that is desirable for an appliance-based service design in the Cisco InterCloud Data Center ACI architecture.

This system solution uses the NetScaler SDX 11542 that features eight 10GE ports and four 1GE ports (fiber or copper). This model has 16 SSL cores to accelerate SSL encryption and decryption offloading in hardware. The NetScaler SDX 11542 can support up to 20 NetScaler virtual instances. On this NetScaler SDX model, pay-as-you-grow licensing delivers from 15 Gbps at the entry level and up to 42 Gbps at the highest level for HTTP traffic with a single instance.

Cisco Intercloud DC ACI 1.0 ArchitectureThe Cisco Intercloud Data Center ACI 1.0 Implementation Guide describes the underlying Silver Tenant container, including the network fabric and infrastructure design, used for this system solution. This guide (available through your Cisco account team or partner) gives procedures to construct a Silver Tenant container.

Cisco Intercloud Fabric is a software solution that enables customers to manage and access their workloads across multiple public clouds in a heterogeneous environments, giving customers choice and flexibility to place their workloads where it benefits the most and according to a technical (capacity, security, etc.) or business (compliance, etc.) needs.

With Cisco Intercloud Fabric, customers can choose what networks can be securely extended to the public cloud, and consistent network configuration and security policies can be enforced throughout the hybrid cloud. Intercloud Fabric mechanism to enforce security goes beyond the secure tunnel between private and public clouds, and extends the security all the way to the Virtual Machines (VMs) running in the cloud, so the communication between these VMs in the cloud can be secured as well. This mechanism is explained later in this document.

Figure 3-3 shows the solution footprint for enterprise customers, where Cisco Intercloud Fabric for Business can be deployed in the private cloud in heterogeneous environments. This software solution gives IT an admin portal that allows management of workloads, security policies, and network extension to the cloud, and includes northbound API capabilities to allow integration with existing private cloud management solutions. IT customers, including enterprise lines of businesses, can take advantage of Intercloud Fabric for Business embedded self-service catalog to create new workloads in multiple clouds, and manage workload lifecycle and migration through its end-user portal.

Figure 3-3 Cisco Intercloud Fabric Solution

2987

97

Cisco IntercloudEcosystem

End User andIT Admin Portals

Secure CloudExtension

Network, Compute,and Storage

Cisco IntercloudFabric forProviders

Cisco IntercloudFabric for Business

Cisco IntercloudFabric forProviders

Azure APIs

EC2 APIs AmazonWeb Services

Microsoft Azure

Hyper-V

VMware

Data Center/Private Cloud Provider Clouds

KVM*

OpenStack Redhat

vSphere

Microsoft

Xen*

Citrix

Cisco Powered™

Services and CloudProviders

3-3Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 3 Design OverviewCisco Intercloud DC ACI 1.0 Architecture

Cisco Intercloud Fabric for Provider is a multi-tenant software appliance that is installed and managed by the cloud providers that are part of the Intercloud Fabric ecosystem. This virtual appliance creates Cloud API uniformity across different cloud providers and abstracts the complexity of supporting heterogeneous Cloud APIs. In the future Intercloud Fabric for Provider will help to build Cisco infrastructure-specific differentiation for all Cisco Powered Cloud Providers.

Cisco Intercloud Fabric gives customers multiple choices of cloud providers, including the ecosystem of Cisco Powered Cloud Providers and the hyper scale public clouds such as Amazon EC2 and Microsoft Azure. Cisco believes that business customers also want choices of hypervisors for their virtualized environment, so it is important for the solution that enables hybrid cloud to be hypervisor-agnostic. The scenario with multiple choices of hypervisors on premises and off premises can make workload mobility and portability difficult, but Cisco Intercloud Fabric resolves this problem and makes this transparent for customers, allowing workloads to be moved to multiple clouds and back to the enterprise.

In summary, Cisco Intercloud Fabric aims to provide greater agility in response to business needs and addresses many potential challenges for hybrid cloud deployments. Benefits include:

• Workload security throughout resulting hybrid clouds.

• Consistent operations and workload portability across clouds. Cisco Intercloud Fabric delivers unified hybrid cloud management for end users and IT administrators, enabling workload mobility to and from service provider clouds for physical and virtual workloads.

• To protect critical business assets and meet compliance requirements, Cisco Intercloud Fabric provides highly secure, scalable connectivity to extend private clouds to service provider clouds.

• Self-service consumption of hybrid resources with end-user and IT portals

• Workload provisioning and bidirectional migration

• End-to-end security with consistent policy enforcement

• A single point of management and control for physical and virtual workloads

• A choice of cloud providers and hypervisors

Cisco Intercloud DC ACI 1.0 Architecture with Silver Cloud Consumer ModelThe Cisco Intercloud DC ACI 1.0 architecture with the Silver cloud consumer model is defined by describing the container and its layout.

Silver Tenant Container

While providing Infrastructure as a Service (IaaS) solutions cloud providers look for a tiered model that can support a variety of applications. Based on customer requirements, services can be differentiated into a multi-tier infrastructure. Such a model provides flexibility in expanding services by adding resources. The Silver Tenant is one such container, which provides application availability with a dedicated load balancing service.

Silver Tenant Container Layout

As described in the Cisco Intercloud Data Center ACI 1.0 Implementation Guide, a Silver Tenant Container has the capability to provide various application services with Layer 3 (L3) support. It maintains a logical separation from other network containers in a shared infrastructure. Dedicating a unique VRF for each silver tenant helps to maintain the logical isolation. Figure 3-4 shows an overview of the Silver Tenant model.

3-4Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 3 Design OverviewSolution Topology and Design Principles

Figure 3-4 SilverTenant Model

Each tenant can host different applications based on customer requirements. This may require a number of application tiers of virtual machines (VMs) to be implemented such as web, application, and database. In the implementation guide, the Silver Tenant Container is defined with three application tiers. Each tier has a unique VLAN assigned and hosts web, application and database services. The Silver Tenant also provides load-balancing services for the application tiers using Citrix NetScaler SDX appliances. The SDX units are deployed in a physical 1-arm mode but in a logical 2-arm mode. This section covers the following topics:

• Physical Topology

• Logical Topology

• Tenant Construction

Solution Topology and Design PrinciplesAppliances don’t need to be placed in any particular place in the fabric. They can run as physical appliances connected to any leaf, or as virtual appliances running on any virtualized server.

Physical appliances can run with multiple virtual instances as well. Cisco ACI can model this concept in the construction of the policy.

Physical TopologyFigure 3-5 shows the Silver tenant physical topology. Tiers hosting applications are deployed on Cisco UCS B-Series Servers. NetScaler VPX instances are deployed on NetScaler SDX appliances. Cisco ASR 1000 Series Routers (specifically ASR 1004s) provide external connectivity to the applications.

2987

94

NetScalerHA-Pair

ASR 1000

Loopback Interface

Loopback InterfaceLoopback Interface

Internet

Database VMs

ACI Fabric

UCS Chassis

Border Leaf - 1 Border Leaf - 2

Access Leaf - 1 Access Leaf - 2

Database

APPOS

APPOS

SLB

Web and App VMs

APPOS

APPOS

Web and App

QFP QFP

VIP - WebVIP - App and DB

SNIP

3-5Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 3 Design OverviewSolution Topology and Design Principles

Figure 3-5 PhysicalTopology for an ACI SilverTenant

Logical TopologyIn this section, the physical topology is translated into a logical layout. Figure 3-6 shows how the Silver container is constructed logically. The logical topology can be divided into two sections: first, ACI Fabric to Application Servers; and second, ACI Fabric to the Internet.

UCS B-Series Blade Servers

ASR 1000 ASR 1000

Leaf1 Leaf2

Leaf3 Leaf4

2987

90

Spine1 Spine2

UCS-6296-FI-BUCS-6296-FI-A

APIC1

APIC2

APIC3

NetScaler SDX

NetappFAS3200

Series QFP QFP

NetScaler SDX

3-6Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 3 Design OverviewSolution Topology and Design Principles

Figure 3-6 LogicalTopology for an ACI SilverTenant

A unique VRF is assigned to each Silver Tenant which is defined in the access leafs in the fabric. Each of the application tier and load balancers is assigned a specific VLAN, which are a part of the VRF assigned to the Silver Tenant. The fabric serves as the default gateway for each of the tiers and the NetScalers. In this document, a single EPG is used to host a tier that serves web and database functionality.

With the ACI Fabric being the default gateway, it has the capability to route packets from one tier to another for both load balanced and non-load balanced flow. For external connectivity two leafs in the fabric are used as border leafs to connect to ASR 1000 routers using port channels. Switched virtual interfaces (SVI) are configured on the leaf switches and static routes help to route the packets to the edge router. Interior BGP (IBGP) is configured between the two devices to advertise the routes for traffic to reach the application tiers. Loopback interfaces are configured for the same.

APIC Tenant ConstructionThe previous section supplies details on how the Silver Tenant is constructed physically and logically. It can be mapped to a tenant in APIC by putting a number of pieces together. Figure 3-7 shows the different pieces put together to create a tenant through APIC.

2987

94

NetScalerHA-Pair

ASR 1000

Loopback Interface

Loopback InterfaceLoopback Interface

Internet

Database VMs

ACI Fabric

UCS Chassis

Border Leaf - 1 Border Leaf - 2

Access Leaf - 1 Access Leaf - 2

Database

APPOS

APPOS

SLB

Web and App VMs

APPOS

APPOS

Web and App

QFP QFP

VIP - WebVIP - App and DB

SNIP

3-7Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 3 Design OverviewSolution Topology and Design Principles

Figure 3-7 SilverTenant—APIC

User Roles and Security DomainAuthentication, Access and Accounting (AAA) functions for the ACI Fabric is managed by APIC policies. User privileges, roles and security domain put together provides this functionality. By assigning read/write access to users the administrator can restrict a tenant from seeing any other tenant details. This enables isolation among the tenants. A set of roles are defined in the ACI Fabric such as aaa, access-admin, fabric-admin, admin, tenant-admin, vmm-admin, and so on. These roles have no-access, read-only and read-write privileges associated with them. By assigning specific privileges to a user, access to functions in the system can be restricted. Security domain is a tag used in the ACI MIT object tree. A tenant can be linked to a security domain. Thus the access to a tenant object can be restricted to a particular security domain and thus to the users that are a part of the security domain. This can be configured in the GUI or the REST API as well.

ASR 1000 Port-channel

2987

93

Filters TCP eq {53, 80, 443, 1443, 3009, 8080}UDP eq {53}ICMP type {any}

Consumer Provider

External Routed Network:(outside_network)

VRF – net01

DNS

MEP

HTTP

HTTPS

ICMP

contract

contract contract

Bridge Domain:bd01 Bridge Domain:

slb_bd

Bridge Domain:bd02

EPG: epg02

ICMP

MSSQL

QFP

EPG: epg01

3-8Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Deploying MicrosDesign and Implementation Guide

C H A P T E R 4

Configuration Details

In the Cisco ACI policy model, administrators define service graphs for Layer 4 through Layer 7 networking functions such as traffic filtering, load balancing, and SSL offloading. ACI service graphs define which functions are performed on traffic between different endpoint groups (EPGs). The functions are independent of the underlying devices that perform the actual task. ACI renders the specified functions in the graph on available devices within the fabric—in this case on the NetScaler Application Delivery Controllers. In this way, ACI applies NetScaler resources to govern traffic as prescribed between one EPG and another.

This section describes prerequisites and configuration procedures necessary to optimize ACI-NetScaler deployments. It describes how to:

• Set up NetScaler SDX appliances and virtual instances

• Establish communication between the ACI fabric and the NetScalers

• Use APIC to configure NetScaler for SharePoint workloads.

The Cisco Application Policy Infrastructure Controller (APIC) is used to initialize and control NetScaler configurations—it pushes configuration settings to the NetScaler instances. Administrators can use the APIC graphical user interface (GUI) or XML files to define NetScaler configuration settings. The steps here show both APIC GUI screen captures as well as excerpts from relevant XML files. Appendix C, “Configurations” includes more complete XML listings used to configure this system solution environment.

Prerequisites and Initial ProvisioningThe procedures in this chapter assume that certain initial installation and provisioning steps have already been completed, including:

• Configuring an ACI Silver Tenant container

• Configuring L2-L3 settings on ACI

• Installation and cabling of NetScaler SDX appliances

• Configuring of NetScaler VPX instances in HA mode

The following sections describe these prerequisites in detail.

4-1oft SharePoint with Cisco ACI and Citrix NetScaler

Chapter 4 Configuration DetailsPrerequisites and Initial Provisioning

Provisioning an ACI Silver Tenant ContainerPrior to configuring NetScaler service graphs for SharePoint workloads, it is assumed that the Silver Tenant container configuration (discussed in the previous topology section) has already been deployed. The Cisco Intercloud Data Center ACI 1.0 Implementation Guide gives procedures to construct a Silver Tenant container.

Chapter 9 of the Cisco Intercloud Data Center ACI 1.0 Implementation Guide describes how to create a tenant, a private network, a bridge domain, subnets, and an application profile. The application profile acts as a logical container for the endpoint groups (EPGs). In the Implementation Guide, the Silver Tenant configuration has 3 EPGs defined by default, one each for web, application, and database server functions. This system solution focuses on configuration procedures for the web tier that supports Share-Point client requests and describes the application profile configuration for this tier (by design, a Share-Point deployment combines web and application tiers). This system solution also covers the configuration of traffic management for requests to the Microsoft SQL Server 2012 database cluster in the database tier.

During the setup of the Silver Tenant container, the administrator must define contracts for inter-EPG communication and filters that dictate what traffic can pass between the EPGs. The ACI fabric supports L2 and L3 connectivity between external public/private networks and the fabric. An L3 externally routed network is defined as a part of the Silver Tenant deployment.

Configuring L2 and L3 Settings on ACI for NetScaler SDXThe Cisco Intercloud Data Center ACI 1.0 Implementation Guide gives the procedures for using the APIC GUI or XML files to create a tenant, private network, bridge domain, and subnets for the imple-mentation. The only differences from the implementation guide in this system solution were the use of Cisco ASR 1000 Series routers (rather than ASR 9000s) and the use of a delay injector.

The delay injector works as L2 device and is configured for injecting network errors of type delay. The RTT for the delay was configured for 100ms.

Initial NetScaler SDX Appliance Installation and SetupWithin the ACI fabric, Citrix NetScaler appliances provide Layer 4 through Layer 7 services (such as application firewall, load balancing, SSL offloading, etc.). This system solution assumes that two physical NetScaler SDX appliances are deployed, and that these units are installed and cabled appropri-ately. Refer to the Citrix NetScaler SDX Hardware Installation documentation for more information.

Cisco ACI abstracts network services and applies the abstractions to application traffic on the data plane. All NetScaler devices support out-of-band management, which this system solution uses for ACI-NetS-caler configuration tasks. This allows management traffic to be separated from application traffic.

Structuring a Highly Available Deployment

To optimize a deployment for high availability, this system solution implements a Virtual PortChannel (vPC) topology that allows data traffic on the ACI fabric to continue even if one or more switch failures occur. The two NetScaler SDX appliances are provisioned to use four 10G links that are part of a single LACP port channel. The SDX units are deployed in a physical 1-arm mode but in a logical 2-arm mode, carrying the traffic for multiple VLANs through a single port channel. In this implementation, there are both private and public VLANs and NetScaler has a presence on both. The default gateway is on the public network.

4-2Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsPrerequisites and Initial Provisioning

From the standpoint of traffic flow, client requests destined for a web server in the server farm pass first to a virtual IP address (VIP) in a NetScaler VPX instance. After the NetScaler processes the request, it is forwarded through the same interface to the gateway on the private network. The ACI fabric then redirects the packet to the appropriate web server on one of the private VLANs. The return traffic from servers is routed back to NetScaler instances and from NetScaler instances to clients. The traffic is routed inside the data center using static routes.

Multiple virtual NetScaler VPX instances can be configured on each NetScaler SDX appliance. To support NetScaler failover within a data center, a VPX instance on two NetScaler SDX appliances is configured into High Availability (HA) Active/Standby mode. A heartbeat is used between the VPX instances to determine if a NetScaler instance failure occurs. To support Disaster Recovery scenarios, NetScaler GSLB capabilities also can be implemented across multiple data centers (Figure 4-1).

Figure 4-1 Logical View of the NetworkTopology for GSLB AcrossTwo Data Centers

Configuring NetScaler VPX Instances on NetScaler SDX Appliances

On a NetScaler SDX appliance, the administrator can provision one or more NetScaler VPX instances using the Management Service. Each VPX instance supports most features of a NetScaler MPX appliance. (Refer to Provisioning NetScaler Instances in the Citrix NetScaler documentation for the provisioning procedures.)

In this system solution environment, four pairs of NetScaler VPX instances were created: SDX-A_VPX-1 and SDX-B_VPX-1, SDX-A_VPX-2 and SDX-B_VPX-2, SDX-A_VPX-3 and SDX-B_VPX-3, and SDX-A_VPX-4 and SDX-B_VPX-4. A single ACI tenant can support multiple instances of NetScaler device clusters (physical or virtual appliances).

Figure 4-2 shows how the administrator uses the NetScaler Management Service graphical user interface to create four NetScaler VPX instances on one of the two NetScaler SDX appliances. The same process is used to create four corresponding VPX instances on the other SDX appliance.

DNSServer

v91

v1101,v101-v102

v1201,v121-v122

Data Center 2

v93

Client_1

FI SDX FISDX

2987

89

Silver TenantASR 1000

Silver TenantASR 1000

Catalyst 4948

v221-v223 (10.2.[1-3].0/24)

VLANs – ACI specified(v235-v237)

(10.1.[1-3].0/24)

Core Catalyst 6509Delay Injector

Data Center 1

Web

VM

App

VM

dB

VM

AD

VM

Web

VM

App

VM

dB

VM

AD

VM

ACIFabric

Internet

DNSServer

v92

v92

Client_2

4-3Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsPrerequisites and Initial Provisioning

Figure 4-2 Create NetScaler VPX Instances on NetScaler SDX Appliance

By editing each NetScaler VPX instance in the pane above, the administrator can configure VPX instances with the required L2-L3 network settings. Figure 4-3 shows the configuration settings for the first NetScaler VPX instance, SilverTenant1_SDX-A_VPX-1.

4-4Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsPrerequisites and Initial Provisioning

Figure 4-3 Configuration Settings for NetScaler VPX Instance

4-5Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsConfiguring ACI and NetScaler for a SharePoint Deployment

Configuring ACI and NetScaler for a SharePoint DeploymentThis chapter describes how to set up ACI-NetScaler communication, how to configure NetScaler in-stances, and how to configure NetScaler traffic management for the ACI fabric.

All network traffic on the data plane is processed by NetScaler instances according to the configured ACI settings for NetScaler instances. In this system solution, the settings fall into two different catego-ries: settings for managing non-SharePoint traffic and settings for managing SharePoint traffic. Several of the APIC configuration steps reflect this two-pronged approach:

• For general or non-SharePoint traffic, the NetScaler VPX instances are configured to perform Load Balancing and SSL Offloading. Third party traffic generators were used to simulate traffic on the fabric to represent an actual deployment.

• For SharePoint client requests, the NetScaler VPX instances support multiple network services: Content Switching with SSL offloading and Load Balancing for web traffic; Content Switching and Load Balancing for Database traffic (Microsoft SQL Server 2012); Application Firewall; and Global Server Load Balancing (GSLB). Real client Windows 7 machines were used to access the SharePoint Content Switching VIP. All servers in the SharePoint farm were configured with two sites: Engineering and Marketing.

The NetScaler instances process these two categories of traffic according to Layer 4 through Layer 7 parameters configured in APIC service graphs. When the service graphs are deployed from APIC, the NetScaler VPX instances are configured to apply the appropriate network services to ACI fabric traffic.

Table 4-1 summarizes many of the system solution implementation settings for configuring NetScaler in a SharePoint deployment. The configuration defines SNIP addresses (used as source NAT) for NetScaler to open new connections to the backend servers.

The settings below reflect the system solution implementation in one of two data centers (settings for the second data center would be similar).

Table 4-1 Summary of ACI-NetScaler Implementation Settings

Category Description Details

Device Package Supports ACI-NetScaler communication

NS Device Package, version 1.0, 10.5-54.2

Cluster Definition Concrete Device 1 192.168.114.111 (NSIP), SDX-A_VPX-1

Concrete Device 2 192.168.114.112 (NSIP), SDX-B_VPX-1

Device Cluster 192.168.114.110 (SNIP)

L2 Configuration Interfaces - 0/2 – out-of-band management

- LA/1 – data traffic; LACP channel with (4) 10G ports; 2 links are connected to each leaf (leaf#1 and leaf#2) in a vPC topology

VLANs 101, 102 – tagged

VLAN bindings - LA/1 – VLAN 101 – SNIP: 10.16.1.11/24

- LA/1 – VLAN 102 – SNIP: 101.16.1.11/24

4-6Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsConfiguring ACI and NetScaler for a SharePoint Deployment

Certain configuration procedures are required to apply NetScaler network services to SharePoint traffic on the ACI fabric. The remainder of this chapter describes the procedures used to create the ACI-NetScaler system solution environment:

• Define Citrix NetScaler as a L4-L7 device by importing the NetScaler Device Package

• Creating a device cluster

• Creating an application profile and endpoint group (EPG)

• Creating service graphs

• Configuring service graphs with L4-L7 service parameters for NetScaler instances

• Configuring a contract

• Deploying the service graphs by attaching them to the contract. This process pushes the defined APIC configurations to the NetScaler instances.

For detailed information about ACI and NetScaler configuration procedures, refer to these documents:

• Cisco Intercloud Data Center ACI 1.0 Implementation Guide

• Cisco APIC Layer 4 to Layer 7 Services Deployment Guide

L3 Configuration SNIPs - Client side: 101.16.1.11/24

- Server side: 10.16.1.11/24

Static routes - 0.0.0.0/0 gw: 101.16.1.1

- 10.1.1.0/24 gw: 10.16.1.1

- 10.1.2.0/24 gw: 10.16.1.1

- 10.1.3.0/24 gw: 10.16.1.1

- 10.16.2.0/24 gw: 10.16.1.1

L4-L7 Configuration

NetScaler Load Balancing (LB) Virtual IPs (VIPs)

- (2) HTTP/TCP:80: 101.16.1.101 ; 101.16.1.102

- (2) SSL/TCP:443: 101.16.1.103 ; 101.16.1.104

- (2) TCP/TCP:8080: 101.16.1.105 ; 101.16.1.106

- (2) DNS/UDP:53: 101.16.1.107 ; 101.16.1.108

- (2) HTTP/TCP:80: 10.16.1.111 ; 10.16.1.112 (SharePoint LB VIP)

- (2) DB/TCP:1433: 10.16.1.151 ; 10.16.1.152 (MSSQL LB VIP)

NetScaler Content Switching (CS) Virtual IPs (VIPs)

- (1) SSL/TCP:443: 101.16.1.121 (SharePoint CS VIP)

- (1) DB/TCP:1433: 10.16.1.122 (MSSQL CS VIP)

Table 4-1 Summary of ACI-NetScaler Implementation Settings (continued)

Category Description Details

4-7Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsConfiguring ACI and NetScaler for a SharePoint Deployment

Define Citrix NetScaler as L4-L7 Device: Importing NetScaler Device PackageTo properly configure NetScaler instances, Cisco APIC needs to communicate to the instances via the appropriate NetScaler APIs. The NetScaler Device Package is a plugin that enables communication between Cisco APIC and NetScaler devices.

After the NetScaler device package is uploaded, APIC creates a namespace for it. The package is unzipped and copied to the namespace. APIC then parses the device specification XML, adding NetScaler managed objects to APIC's managed object tree.

Using the APIC GUI to Import the NetScaler Device Package

An administrator can use the APIC GUI and install the device package using the L4-L7 Services menu as follows.

Step 1 From L4-L7 Services, select the Packages option and click on L4-L7 Service Device Type. Click on Actions. Select the action to import a device package into one of the APIC cluster controllers.

Step 2 Specify the NetScaler Device Package to be imported. For this system solution, version 1.0 of the NetScaler Device Package (NetScaler Release 10.5-54.2) was installed.

The service functions enabled through the NetScaler Device Package are listed under L4-L7 Service Functions in the APIC GUI. The interface labels (e.g., “inside”, “mgmt”, and “outside”) are mapped to the physical interfaces on the NetScaler device.

4-8Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsConfiguring ACI and NetScaler for a SharePoint Deployment

Using the APIC CLI to Import the NetScaler Device Package

As an alternative to using the APIC GUI, the administrator can install the device package using the APIC command line interface by performing the following procedure.

Step 1 Download the NetScaler Device Package file from the Citrix web site to the local management machine.

Step 2 Transfer this file to one of the APIC controllers under the directory /home/admin.

Step 3 On APIC, execute the following command to install the NetScaler Device Package.admin@apic:~> services install DevicePackage-1.0-10.5-54.2.zip

Creating a Device ClusterACI abstracts actual NetScaler devices as concrete devices. Two concrete devices are set up in ac-tive-standby mode and form an HA device cluster. When concrete devices are added to a logical device cluster, the physical (concrete) interface is mapped to a logical interface.

The following procedures were performed out-of-band but can also be performed in in-band mode.

Using the APIC GUI to Create a NetScaler Device Cluster

Step 1 Navigate to the Tenant tab and select the appropriate tenant name. Navigate to the L4-L7 Services tab. Right click on L4-L7 Devices and select Create L4-L7 Devices.

Step 2 Under the General tab enter the name for the logical device.

a. Select the device package from the drop-down. Set the mode to HA Cluster.

b. In the Credentials section, enter the access credentials used by APIC to log into NetScaler device cluster (VPX instances).

c. For concrete device configuration, provide the Management IP Address and Management Port. Click VPC as the connection.

d. Under Physical Interfaces, click + to add the physical (concrete) device in each case. The data interface LA/1 is used for data plane communication. Since NetScaler physical deployment is in one-arm mode, the same interface is used as both provider and consumer.

4-9Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsConfiguring ACI and NetScaler for a SharePoint Deployment

Step 3 Select the Parameters tab. Configure the required NetScaler modes and features:

a. Enable modes FR, Edge, USNIP, and PMTUD, and disable modes L3.

b. Enable features WL, SP, LB, CS, SSL, GSLB, AppFw, and RESPONDER.

Other parameters can be configured at this point as appropriate for requirements. The captures below depict many of the configured parameters for this system solution.

4-10Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsConfiguring ACI and NetScaler for a SharePoint Deployment

Step 4 Review the configuration and click Submit.

Using XML to Create a NetScaler Device Cluster

An XML file can also be used to construct a NetScaler device cluster in APIC.<!-- CreateCDev_HA_.xml --><!-- Create NetScaler HA device cluster --><polUni>

<fvTenant name="silverTenant1"><vnsLDevVip name="silverTenant1_clus1">

<vnsCDev name="SDX-A_VPX-1" devCtxLbl="C1"><vnsCIf name="LA_1">

<vnsRsCIfPathAtt tDn="topology/pod-1/paths-101-102/pathep-[SDX-A_VPC-PG]"/>

</vnsCIf><vnsCMgmt name="devMgmt"host="192.168.114.111" port="80/><vnsCCred name="username" value="nsroot"/><vnsCCredSecret name="password" value="nsroot"/>

</vnsCDev><vnsCDev name="SDX-B_VPX-1" devCtxLbl="C1">

<vnsCIf name="LA_1"><vnsRsCIfPathAtt tDn="topology/pod-1/paths-101-102/

pathep-[SDX-B_VPC-PG]"/></vnsCIf><vnsCMgmt name="devMgmt" host="192.168.114.112" port="80"/><vnsCCred name="username" value="nsroot"/><vnsCCredSecret name="password" value="nsroot"/><vnsDevFolder key="HighAvailability" name="HA_1">

<vnsDevParam key="snip" name="snip_1"value="192.168.114.110"/>

<vnsDevParam key="netmask" name="nm_1"value="255.255.255.0"/>

</vnsDevFolder>

4-11Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsConfiguring ACI and NetScaler for a SharePoint Deployment

</vnsCDev></vnsLDevVip>

</fvTenant></polUni>

Creating an Application ProfileThe Cisco ACI fabric is designed around instantiating network connectivity by means of configuration profiles. These profiles, called Application Profiles, define the policies, services, and relationships between endpoints in an endpoint group (EPG). The following steps construct an application profile named Web1-AppProfile and an EPG named Web1-EPG. Subsequent procedures will set EPG L4-L7 Service Parameters for NetScaler services in the profile that will be applied to ACI traffic.

Using the APIC GUI to Create an Application Profile and EPG

Step 1 For the Silver Tenant, select Application Profiles from the Navigation Pane to begin profile configuration. Under Application Profiles, click right and choose Create Application Profile. Complete the fields in the dialog box to create the profile Web1-AppProfile.

Step 2 Under the profile Web1-AppProfile, select Application EPGs. Right click and choose Create Application EPGs. Complete the fields in the dialog box to define the EPG named Web1-EPG. Refer to the Cisco Intercloud Data Center ACI 1.0 Implementation Guide for APIC GUI specifics. The client endpoints for Web1-EPG are defined.

4-12Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsConfiguring ACI and NetScaler for a SharePoint Deployment

Using XML to Create an Application Profile and EPG

If configured manually via the APIC GUI, the entire process of defining an application profile, EPGs, service graphs, and L4-L7 parameters can be time-consuming. For this reason many administrators prefer to use XML files to automate the process. Appendix C, “Configurations” lists XML files that were used to create service graphs and configure L4-L7 service parameters for this system solution.

The following excerpt from the file CreateServiceGraph_lb_http.xml creates the profile Web1-AppPro-file and an EPG called Web1-EPG:

<!-- Application Profile --><fvAp dn="uni/tn-silverTenant1/ap-Web1-AppProfile" name="Web1-AppProfile"><!-- EPG 1 --><fvAEPg dn="uni/tn-silverTenant1/ap-Web1-AppProfile/epg-Web1-EPG"

name="Web1-EPG"><fvRsBd tnFvBDName="silverTenant1-BD1" /><fvRsProv tnVzBrCPName="webCtrct1"></fvRsProv>

. . .

Appendix C, “Configurations” lists the entire contents of this XML file.

Creating APIC Service Graphs for NetScaler ServicesService graphs in APIC represent the network services that NetScaler instances apply to traffic on the ACI fabric. As shown in Figure 4-4, single service graph can combine multiple function nodes to compose a network service. Application requirements (in this case SharePoint requirements) dictate what NetScaler function nodes the service graphs should contain.

4-13Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsConfiguring ACI and NetScaler for a SharePoint Deployment

Figure 4-4 Service Graphs Contain Function Nodes Representing Network Services

The procedures in this section define service graphs that are applied to general load-balanced traffic on the ACI fabric as well as service graphs that are applied to SharePoint traffic. Service graphs for general traffic include network services for Load Balancing (LB1) and SSL Offloading (SSL1). These service graphs configure NetScaler instances to process non-SharePoint traffic on the fabric.

Additional service graphs support application requirements specific to SharePoint: Content Switching and SSL Offloading for SharePoint web traffic, Content Switching for database traffic, Application Firewall, and Global Server Load Balancing.

Procedures for creating service graphs are documented in the Cisco Intercloud Data Center ACI 1.0 Implementation Guide, Chapter 9 (“Service Graph Configuration”). There are multiple ways to build out service graphs. In this system solution, the administrator used the following approaches:

• Create a service graph template, which creates a service graph, and then later on set L4-L7 service parameters for the graph.

• Create the service graph template, specifying parameters during the creation process. It’s possible to edit L4-L7 service parameters in the process of creating the template.

For most of the NetScaler network services defined for this system solution, the first approach— the two-step process of building the graph from a template and subsequently setting parameters—was the technique used. Some of the XML files for this system solution create a service graph and set parameters at the same time.

Using the APIC GUI to Create Service Graphs

The following procedure creates service graphs.

Step 1 On the navigation pane, click on L4-L7 Services > Service Graph Templates. Click right and select Create L4-L7 Service Graph Template. A dialog box appears to create the template. (Refer to the video Cisco APIC—Creating an L4-L7 Service Graph Template and the Cisco APIC Layer 4 to Layer 7 Services Deployment Guide.)

Step 2 Complete the dialog to define the template. Enter the template name (WebGraph) and the type (e.g., Single Node—ADC in Two-Arm Mode) from the drop-down list. In the ADC window, select the device function Citrix-NetScaler-1.0\LoadBalancing from the drop-down list. (APIC knows about NetScaler devices and device functions from the device package that was previously imported.) Choose the function profile from the drop-down list and click Submit. Below, the created template WebGraph (in Web1-EPG) defines a load balancer in two-arm mode configured between a Provider and Consumer.

2987

98

Function Node –Content Switching

Function Node –Load BalancerConsumer Provider

Function Node –Load BalanceConsumer Provider

4-14Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsConfiguring ACI and NetScaler for a SharePoint Deployment

Step 3 Creating the template also creates a corresponding service graph. The topology graph for Load Balancing is shown below.

Step 4 Repeat Steps 1 to 3 to create templates and service graphs for other NetScaler services. This system solution constructed the following templates and service graphs, as shown:

• SSL Offloading (WebGraph_ssl)

• Content Switching (WebGraph_cs_ssl and WebGraph_cs_ssl_2)

• Database Content Switching (WebGraph_CS_DB and WebGraph_ CS_DB _2)

4-15Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsConfiguring ACI and NetScaler for a SharePoint Deployment

• Application Firewall Switching (WebGraph_CS_AppFW_1)

• Global Server Load Balancing (WebGraph_ CS_GSLB_ 1 and WebGraph_ CS_GSLB_ ADNS)

Using XML to Configure Service Graphs for Generic LB Traffic

XML files can be used to create service graphs in a similar fashion. As an example, the following XML file creates an instance of the service graph WebGraph that performs load balancing for generic traffic on the ACI fabric.

<!— CreateServiceGraph_lb_http.xml --><!— Configures a Service Graph for LoadBalancing of fabric traffic --><polUni>

<fvTenant name="silverTenant1"><vnsAbsGraph name="WebGraph">

<vnsAbsTermNodeProv name="Input1"><vnsAbsTermConn name="C1"></vnsAbsTermConn>

</vnsAbsTermNodeProv>

<!-- LB1 Provides LoadBalancing functionality --><vnsAbsNode name="LB1" funcType="GoTo">

<vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraph-WebGraph/AbsTermNodeProv-Input1/outtmnl"/>

<vnsAbsFuncConn name="outside" attNotify="true"><vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-LoadBalancing/mConn-external" />

</vnsAbsFuncConn><vnsAbsFuncConn name="inside" attNotify="true">

<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-LoadBalancing/mConn-internal" />

</vnsAbsFuncConn><vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-

LoadBalancing" />

4-16Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsConfiguring ACI and NetScaler for a SharePoint Deployment

</vnsAbsNode><vnsAbsTermNodeCon name="Output1">

<vnsAbsTermConn name="C6"></vnsAbsTermConn>

</vnsAbsTermNodeCon><vnsAbsConnection name="CON1" adjType="L3">

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph/AbsTermNodeCon-Output1/AbsTConn"/>

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph/AbsNode-LB1/AbsFConn-outside"/>

</vnsAbsConnection><vnsAbsConnection name="CON2">

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph/AbsNode-LB1/AbsFConn-inside"/>

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph/AbsTermNodeProv-Input1/AbsTConn"/>

</vnsAbsConnection></vnsAbsGraph>

</fvTenant></polUni>

Appendix C, “Configurations” contains the XML file CreateServiceGraph_lb_ssl.xml that creates an instance of the service graph WebGraph_ssl for SSL Offloading of traffic on the ACI fabric.

Using XML to Create Service Graphs for SharePoint Traffic

NetScaler uses Content Switching to apply network services to SharePoint traffic on the ACI fabric. The XML file CreateServiceGraph_SP_cs_ssl_1.xml, for example, configures a service graph for Content Switching of SharePoint web traffic.

<!— CreateServiceGraph_SP_cs_ssl_1.xml --><!— Configures Service Graph for CS and SSL of SharePoint web traffic --><polUni>

<fvTenant name="silverTenant1"><vnsAbsGraph name="WebGraph_cs_ssl">

<vnsAbsTermNodeProv name="Input1"><vnsAbsTermConn name="C1"></vnsAbsTermConn>

</vnsAbsTermNodeProv>

<!-- CS_SSL_1 Provides CS and SSL Offload functionality --><vnsAbsNode name="CS_SSL_1" funcType="GoTo">

<vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_cs_ssl/AbsTermNodeProv-Input1/outtmnl"/>

<vnsAbsFuncConn name="outside" attNotify="true">

<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-ContentSwitching/mConn-external" />

</vnsAbsFuncConn><vnsAbsFuncConn name="inside" attNotify="true">

<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-ContentSwitching/mConn-internal" />

</vnsAbsFuncConn><vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-

1.0/mFunc-ContentSwitching"/></vnsAbsNode><vnsAbsTermNodeCon name="Output1">

<vnsAbsTermConn name="C6"></vnsAbsTermConn>

</vnsAbsTermNodeCon><vnsAbsConnection name="CON1" adjType="L3">

4-17Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsConfiguring ACI and NetScaler for a SharePoint Deployment

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_cs_ssl/AbsTermNodeCon-Output1/AbsTConn"/>

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_cs_ssl/AbsNode-CS_SSL_1/AbsFConn-outside"/>

</vnsAbsConnection><vnsAbsConnection name="CON2">

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_cs_ssl/AbsNode-CS_SSL_1/AbsFConn-inside"/>

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_cs_ssl/AbsTermNodeProv-Input1/AbsTConn"/>

</vnsAbsConnection></vnsAbsGraph>

</fvTenant></polUni>

Appendix C, “Configurations” contains additional XML files that configure NetScaler service graphs for SharePoint traffic.

• CreateServiceGraph_SP_cs_ssl_2.xml—Creates a service graph WebGraph_cs_ssl_2 for Content Switching and SSL Offloading of SharePoint traffic

• CreateServiceGraphWithParams_SP_cs_DB_1.xml and CreateServiceGraphWithParams_SP_cs_DB_2.xml—These files create service graphs (WebGraph_CS_DB and WebGraph_CS_DB_2) as well as configure L4-L7 service parameters for Content Switching for Database (Microsoft SQL Server 2012). Configuring Content Switching for Database is a two-step process that requires two files. The second file configures additional settings (such as defining a user) for Database processing.

• CreateServiceGraphWithParams_AppFW.xml—Creates a service graph WebGraph_CS_AppFW_1 for application firewall. In addition, this file configures L4-L7 service parameters for application firewall.

• CreateServiceGraphWithParams_SP_GSLB_1.xml and CreateServiceGraphWithParams_SP_GSLB_2.xml—These files create service graphs (WebGraph_CS_GSLB_1) and set L4-L7 parameters for Global Server Load Balancing. Configuring GSLB is a two-step process that requires two files. The second file configures additional settings for GSLB.

Note Some NetScaler service functions above (such as Content Switching with SSL Offloading, Database, and GSLB) require multiple XML files to configure the service. This is sometimes necessary so that APIC can properly sequence certain parameter settings or operations.

Configuring Application Profile L4-L7 Service Parameters for NetScalerInstances

The following procedure configures L4-L7 service parameters for the service graphs previously created. The service parameters are specified in service graphs that will eventually be deployed to the NetScaler instances to configure them to manage ACI traffic.

APIC uses L4-L7 service parameters to configure the NetScaler instances accordingly. Note that APIC permits the configuration of L4-L7 service parameters at multiple levels, (Figure 4-5). For the NetScaler service graphs, parameters are set at the EPG level for the application profile.

4-18Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsConfiguring ACI and NetScaler for a SharePoint Deployment

Figure 4-5 L4-L7 Service Parameters Set at EPG Level for NetScaler Service Graphs

Using the APIC GUI to Configure L4-L7 Service Parameters for Generic LB Traffic

Step 1 In the navigation pane under the application profile, press + to expand the EPG Web1-EPG and select L4-L7 Service Parameters. Right click and choose Create L4-L7 Service Parameters. Click on the edit icon to configure the L4-L7 service parameters. Specify the service graph to be created and the function node name (e.g., Load Balancing). Specify parameters under Config Device and Config Function. (Refer to the Cisco Intercloud Data Center ACI 1.0 Implementation Guide for APIC GUI specifics and detailed instructions.) For generic load balancing (HTTP, TCP, and DNS), L4-L7 service parameters are configured for the service graph WebGraph.

4-19Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsConfiguring ACI and NetScaler for a SharePoint Deployment

Step 2 Repeat the process to configure L4-L7 service parameters for generic SSL offloading. The configured parameters for the service graph WebGraph_ssl are shown.

4-20Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsConfiguring ACI and NetScaler for a SharePoint Deployment

Using XML to Configure L4-L7 Service Parameters for Generic LB Traffic

An administrator can also configure application profile L4-L7 service parameters using XML. As an example, the file CreateServiceGraph_lb_http.xml creates a service graph WebGraph and configures L4-L7 service parameters in the graph. As the following excerpts show, the file specifies parameters for load balancing of HTTP, SSL, TCP, and DNS traffic:

<!-- excerpts from CreateServiceGraph_lb_http.xml --><fvAp dn="uni/tn-silverTenant1/ap-Web1-AppProfile" name="Web1-AppProfile"><!-- EPG 1 --><fvAEPg dn="uni/tn-silverTenant1/ap-Web1-AppProfile/epg-Web1-EPG"

name="Web1-EPG"><fvRsBd tnFvBDName="silverTenant1-BD1" /><fvRsProv tnVzBrCPName="webCtrct1"></fvRsProv>

. . .<!—this section gives settings for LB --><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver" name="vip-tg-101"><vnsParamInst name="name" key="name" value="vip-tg-101"/><vnsParamInst name="ipv46" key="ipv46" value="101.16.1.101"/><vnsParamInst name="servicetype" key="servicetype" value="HTTP"/><vnsParamInst name="port" key="port" value="80"/><vnsParamInst name="clttimeout" key="clttimeout" value="200"/><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"nodeNameOrLbl="LB1" key="lbvserver_service_binding" name="service-tg-01"><vnsCfgRelInst key="servicename" name="service-tg-01"

targetName="service-tg-01"/></vnsFolderInst>

. . .</vnsFolderInst>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"nodeNameOrLbl="LB1" key="lbvserver" name="vip-tg-103">

<vnsParamInst name="name" key="name" value="vip-tg-103"/><vnsParamInst name="ipv46" key="ipv46" value="101.16.1.103"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/><vnsParamInst name="clttimeout" key="clttimeout" value="200"/><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"nodeNameOrLbl="LB1" key="lbvserver_service_binding" name="service-tg-21">

<vnsCfgRelInst key="servicename" name="service-tg-21" targetName="service-tg-21"/>

</vnsFolderInst>. . .

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"nodeNameOrLbl="LB1" key="lbvserver" name="vip-tg-105">

<vnsParamInst name="name" key="name" value="vip-tg-105"/><vnsParamInst name="ipv46" key="ipv46" value="101.16.1.105"/><vnsParamInst name="servicetype" key="servicetype" value="TCP"/><vnsParamInst name="port" key="port" value="8080"/><vnsParamInst name="clttimeout" key="clttimeout" value="200"/><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"nodeNameOrLbl="LB1" key="lbvserver_service_binding" name="service-tg-41">

<vnsCfgRelInst key="servicename" name="service-tg-41" targetName="service-tg-41"/>

</vnsFolderInst>. . .</vnsFolderInst>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"nodeNameOrLbl="LB1" key="lbvserver" name="vip-tg-107">

<vnsParamInst name="name" key="name" value="vip-tg-107"/><vnsParamInst name="ipv46" key="ipv46" value="101.16.1.107"/><vnsParamInst name="servicetype" key="servicetype" value="DNS"/>

4-21Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsConfiguring ACI and NetScaler for a SharePoint Deployment

<vnsParamInst name="port" key="port" value="53"/><vnsParamInst name="clttimeout" key="clttimeout" value="200"/><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"nodeNameOrLbl="LB1" key="lbvserver_service_binding" name="service-tg-61">

<vnsCfgRelInst key="servicename" name="service-tg-61" targetName="service-tg-61"/>

</vnsFolderInst>. . .

Appendix C, “Configurations” contains the complete XML listing. It also includes the XML file Create-ServiceGraph_lb_ssl.xml. This file creates the service graph WebGraph_ssl and configures L4-L7 service parameters for the graph. In the following excerpt, the service graph is configured to apply SSL Offloading to web traffic:

<!-- excerpt from CreateServiceGraph_lb_ssl.xml --><fvAp dn="uni/tn-silverTenant1/ap-Web1-AppProfile" name="Web1-AppProfile">

<!-- EPG 1 --><fvAEPg dn="uni/tn-silverTenant1/ap-Web1-AppProfile/epg-Web1-EPG"

name="Web1-EPG"><fvRsBd tnFvBDName="silverTenant1-BD1" /><fvRsProv tnVzBrCPName="webCtrct1"></fvRsProv>

. . .<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="lbvserver" name="vip-tg-104_lb"><vnsParamInst name="name" key="name" value="vip-tg-104"/><vnsParamInst name="ipv46" key="ipv46" value="101.16.1.104"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"nodeNameOrLbl="SSL1" key="lbvserver_service_binding" name="service-tg-31">

<vnsCfgRelInst key="servicename" name="service-tg-31"targetName="service-tg-31"/></vnsFolderInst>

. . .

Using the APIC GUI to Configure L4-L7 Service Parameters for SharePoint Traffic

Perform the following procedure to configure L4-L7 service parameters for SharePoint traffic.

Step 1 Repeat the APIC GUI steps to configure the profile and EPG L4-L7 service parameters for graphs that will be applied to SharePoint traffic. In the navigation pane, press + to expand EPG Web1-EPG and select L4-L7 Service Parameters. Right click and choose Create L4-L7 Service Parameters.

Step 2 Click on the edit icon to configure the L4-L7 service parameters and create the service graph WebGraph_cs_ssl for Content Switching.

4-22Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsConfiguring ACI and NetScaler for a SharePoint Deployment

Step 3 Repeat the steps to configure L4-L7 service parameters and create the service graph WebGraph_cs_ssl_2 for the combination of Content Switching with SSL Offloading. Configuring Content Switching with SSL Offloading is a two-step process.

Step 4 Click on the edit icon to configure the L4-L7 service parameters and create the service graph WebGraph_CS_DB for Database Content Switching. Repeat the process to create the service graph WebGraph_CS_DB_2 for Database Content Switching, Configuring Database Content Switching is a two-step process.

4-23Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsConfiguring ACI and NetScaler for a SharePoint Deployment

Step 5 Before configuring and applying L4-L7 parameters to NetScaler instances to provide Application Firewall (AppFW) protection against known SharePoint attack vectors, it is necessary to configure NetScaler instances out-of-band with a SharePoint signature file. Using a Citrix account, obtain the signature file for the NetScaler 10.5 release (sig-r10.5b0v8s5.xml) from the site: https://www.citrix.com/downloads/netscaler-adc/components/application-signature-protection-for-application-firewall.html. (For this system solution, the file was customized and renamed mssharepoint.xml.)

Step 6 Use the NetScaler command line interface on the management plane to import the mssharepoint.xml signature file from a web server:

import appfw signatures http://10.1.1.101/mssharepoint/mssharepoint.xmlmssharepoint

Step 7 After the signature file has been imported out-of-band, configure L4-L7 service parameters for a service graph that applies AppFW services to SharePoint traffic. Click on the edit icon to configure the L4-L7 service parameters and create the service graph WebGraph_CS_AppFW_1 for Application Firewall.

Step 8 Under L4-L7 Service Parameters, right click and choose Create L4-L7 Service Parameters. Click on the edit icon to configure L4-L7 service parameters for GSLB and GSLB_ADNS. Create the service graphs WebGraph_CS_GSLB_1 and WebGraph_CS_GSLB_ADNS for GSLB and GSLB_adns repectively. Configuring GSLB is a two-step process.

Using XML to Configure L4-L7 Service Parameters for SharePoint Traffic

Included in Appendix C, “Configurations,” the file ConfigServiceGraphWithParams_SP_cs_ssl_1.xml configures L4-L7 service parameters for Content Switching with SSL Offloading of SharePoint web traffic. As the following excerpt shows, the file creates a service graph WebGraph_cs_ssl, defines the CS VIP for SharePoint traffic, and specifies parameters for the CS policy and binding. Note how the file also specifies parameters for the target load-balancing server (LB VIP). This is necessary since a CS VIP redirects traffic to a LB VIP based on defined policy.

<!-- ConfigServiceGraphWithParams_SP_cs_ssl_1.xml --><!-- Configure L4-L7 parameters for CS of SharePoint --><polUni>

<fvTenant name="silverTenant1"><fvAp dn="uni/tn-silverTenant1/ap-Web1-AppProfile" name="Web1-AppProfile"><!-- EPG 1 --><fvAEPg dn="uni/tn-silverTenant1/ap-Web1-AppProfile/epg-Web1-EPG"

name="Web1-EPG"><fvRsBd tnFvBDName="silverTenant1-BD1" /><fvRsProv tnVzBrCPName="webCtrct1"></fvRsProv>

. . .<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="csvserver" name="vip-CS_SP2013" ><vnsParamInst name="name" key="name" value="vip-CS_SP2013"/><vnsParamInst name="ipv46" key="ipv46" value="101.16.1.121"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/><vnsFolderInst ctrctNameOrLbl="webCtrct1"

graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"key="csvserver_cspolicy_binding" name="cspolbind1">

<vnsCfgRelInst key="policyname" name="poll1"targetName="csPolicy/cspol1"/>

<vnsParamInst name="targetlbvserver" key="targetlbvserver"value="vip-LB-sp2013-1"/>

</vnsFolderInst>. . .

4-24Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsConfiguring ACI and NetScaler for a SharePoint Deployment

Appendix C, “Configurations” includes other XML files that configure L4-L7 service parameters for service graphs that will be deployed to NetScaler instances to manage SharePoint traffic:

• ConfigServiceGraphWithParams_SP_cs_ssl_2.xml—Configures additional L4-L7 service parameters for Content Switching with SSL Offloading of SharePoint web traffic. Configuring Content Switching with SSL Offloading is a two-step process.

• CreateServiceGraphWithParams_SP_cs_DB_1.xml and CreateServiceGraphWithParams_SP_cs_DB_2.xml—These files create service graphs as well as configure L4-L7 service parameters for Content Switching for Database (Microsoft SQL Server 2012). Configuring Content Switching for Database is a two-step process that requires two files.

• CreateServiceGraphWithParams_AppFW.xml – This file creates a service graph as well as configures L4-L7 service parameters for AppFW functions applied to SharePoint web traffic. Note that the AppFW service requires the import of the SharePoint signature file, as described in the APIC GUI steps above.

• ConfigServiceGraph_SP_cs_ssl_1_withAppFW-policy.xml—This file configures L4-L7 parameters for CS with SSL for AppFW of SharePoint traffic. It also configures AppFW policy.

• CreateServiceGraphWithParams_SP_GSLB_1.xml and CreateServiceGraphWithParams_SP_GSLB_2.xml—These files create service graphs as well as configure L4-L7 service parameters for GSLB_adns and GSLB. Configuring GSLB is a two-step process.

• ConfigParameters_SP_GSLB_DynamicProx.xml, ConfigParameters_SP_GSLB_StaticProx.xml, ConfigParameters_SP_GSLB_LeastConn.xml—These files configure L4-L7 service parameters, specifically the distribution algorithm for GSLB.

Note Some NetScaler service functions above (such as Content Switching with SSL Offloading, Database, and GSLB) require multiple XML files to configure service graph parameters. This is necessary so that APIC can set parameters properly in a sequence of operations.

Configuring a ContractA contract contains all of the filters that will be applied between provider and consumer endpoint groups (EPGs). It restricts the protocols and ports on which a provider and consumer are allowed to communi-cate, enabling access control for greater security.

Using the APIC GUI to Create a Contract

Step 1 In the Navigation pane, expand the tenant for which you want to configure a contract. Under Security Policies, select Contracts. Click right and choose Create Contract. In this system solution, the administrator creates a contract called webCtrct1.

4-25Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsConfiguring ACI and NetScaler for a SharePoint Deployment

Step 2 Select the contract webCtrct1 in the Navigation pane, and click + to expand the contract and view the list of contract subjects.

Step 3 Select the contract subject http. Under Filters, click + to create a filter acl_lb_generic for the contract subject http. Complete the fields in the Create Filter dialog box that appears.

4-26Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsConfiguring ACI and NetScaler for a SharePoint Deployment

Step 4 Select the contract subject CS_SSL_1. Under Filters, click + to create a filter acl_cs_sharepoint.

Step 5 Select each of contract subjects and assign the appropriate filter to each. Assign the filter acl_lb_generic for the contract subjects that perform load balancing of generic traffic (http and https). Assign the filter acl_cs_sharepoint to CS_SSL_1 (as shown below) and to the other contract subjects that process SharePoint traffic (CS_AppFW1, CS_DB_1, CS_DB_2, CS_SSL_2, GSLB_1, and GSLB_ADNS).

4-27Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsConfiguring ACI and NetScaler for a SharePoint Deployment

Using XML to Create a Contract

The following XML file assigns the filter acl_lb_generic to the contract webCtrct1 for generic web traffic (incoming and outgoing HTTP traffic on port 80):

<!— CreateContract_lb_http.xml --><!— Configures a contract for LB traffic --><polUni>

<fvTenant dn="uni/tn-silverTenant1" name="silverTenant1"><vzFilter name="HttpIn">

<vzEntry name="e1" prot="6" dFromPort="80" dToPort="80" etherT="ip"/></vzFilter><vzFilter name="HttpOut">

<vzEntry name="e1" prot="6" dFromPort="80" etherT="ip"/></vzFilter><vzFilter name="acl_lb_generic"><vzEntry name="e1"/>

</vzFilter><vzBrCP name="webCtrct1" scope="global">

<vzSubj name="http"><vzRsSubjFiltAtt tnVzFilterName="acl_lb_generic"/>

</vzSubj></vzBrCP>

</fvTenant></polUni>

Appendix C, “Configurations” lists the XML file CreateContract_lb_ssl.xml that assigns the filter acl_lb_generic to the contract webCtrct1 for HTTPS traffic. (In this system solution, the administrator used the APIC GUI to create the filter acl_cs_sharepoint and assign to SharePoint traffic.)

4-28Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsConfiguring ACI and NetScaler for a SharePoint Deployment

Deploying Service GraphsOnce all the parameters are configured, the NetScaler service graphs can be deployed. Attaching the service graphs to the contract causes APIC to deploy them. In this way APIC applies the configuration to the NetScaler VPX instances.

This section provides procedures to deploy service graphs using the APIC GUI and using XML files.

Using the APIC GUI to Deploy Service Graphs

Perform the following procedure to deploy service graphs using the APIC GUI.

Step 1 Under the Silver Tenant’s Security Policies, expand Contracts. Select the contract to attach to a service graph. Select the subject, which is the service graph to be deployed to the NetScaler instances. Repeat this process for each of the NetScaler service graphs to attach them to the contract. When complete, click Submit to deploy the service graph configurations to the NetScaler instances.

Step 2 Select Deployed Graph Instances in the navigation pane. After graphs are deployed successfully, corresponding entries should appear.

4-29Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsConfiguring ACI and NetScaler for a SharePoint Deployment

Step 3 Select Deployed Devices in the navigation pane. The device configuration is displayed, as shown.

Using XML to Deploy Service Graphs

The following XML files are used to deploy service graphs that perform load balancing on HTTP traffic and SSL offloading on HTTP traffic, respectively.

4-30Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsConfiguring ACI and NetScaler for a SharePoint Deployment

• This XML file (AttachGraphToContract_lb_http.xml) deploys a service graph called WebGraph that performs load balancing on HTTP traffic:<!— AttachGraphToContract_lb_http.xml --><!— Attaches LB service graph to contract --><polUni>

<fvTenant name="silverTenant1"><vzBrCP name="webCtrct1">

<vzSubj name="http"><vzRsSubjGraphAtt tnVnsAbsGraphName="WebGraph"/>

</vzSubj></vzBrCP>

</fvTenant></polUni>

• This XML file (AttachGraphToContract_lb_ssl.xml) deploys a service graph called WebGraph_ssl that performs SSL offloading on HTTP traffic:<!— AttachGraphToContract_lb_ssl.xml --><!— Attaches SSL service graph to contract --><polUni>

<fvTenant name="silverTenant1"><vzBrCP name="webCtrct1">

<vzSubj name="http"><vzRsSubjGraphAtt tnVnsAbsGraphName="WebGraph_ssl"/>

</vzSubj></vzBrCP>

</fvTenant></polUni>

Viewing Service Graphs Deployed to NetScalerAfter the graphs are deployed to NetScaler instances, an administrator can see corresponding topology views. In the Deployed Graph Instances pane, click on each service graph listed to see the service graph topology. Figure 4-6 shows the topology for the Content Switching service (CS_SSL_1). Based on the configuration represented by this graph, the NetScaler instance will apply Content Switching to SharePoint traffic.

4-31Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 4 Configuration DetailsConfiguring ACI and NetScaler for a SharePoint Deployment

Figure 4-6 Control Switching ServiceTopology

4-32Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Deploying MicrosDesign and Implementation Guide

C H A P T E R 5

Validating the Configuration

Citrix and Cisco test engineers collaborated to build out a sample test deployment for SharePoint Server 2013 using the topology and configuration procedures described in earlier sections. This test deployment simulates a large enterprise-level deployment characterized by full redundancy for each data center component.

A number of test cases were defined and executed to validate the integration of NetScaler technology into the ACI fabric and in particular, the use of APIC to apply NetScaler network services to manage fabric traffic. This section describes the test cases and how NetScaler capabilities were verified in the test environment.

Verifying the ConfigurationThe first set of test cases validated the successful integration of NetScaler into the ACI fabric and the use of APIC to define NetScaler configurations. Several test cases were run to verify NetScaler compatibility and configuration, including:

• Compatibility tests. The following compatibility tests executed successfully without displaying any errors or warning messages.

– Using APIC to import NetScaler device package

– Using APIC to create 4 device clusters for NetScaler instances

– Using APIC: delete 4 device clusters for NetScaler instances

– Using APIC: re-create 2 device clusters for NetScaler instances

• Configuration tests. The following configuration tests executed successfully. All settings were pushed to the NetScaler VPX instance as expected and the appropriate services and virtual IPs (VIPs) were available.

– Using APIC to configure L2/L3 settings for a NetScaler VPX instance.

– Using APIC to configure LB settings for a NetScaler VPX instance.

– Using APIC to configure CS settings for a NetScaler VPX instance.

– Using APIC to configure AppFW settings for a NetScaler VPX instance.

– Using APIC to configure GSLB settings for a NetScaler VPX instance in a data center.

Figure 5-1 shows the APIC dashboard for the system solution configuration. The dashboard summarizes configuration health, helping to confirm (in addition to the traffic flow tests) that the NetScaler VPX instances have been deployed and configured successfully.

5-1oft SharePoint with Cisco ACI and Citrix NetScaler

Chapter 5 Validating the ConfigurationVerifying the Configuration

Figure 5-1 Control Switching ServiceTopology

Validating Traffic Flows with NetScalerThe following sections describe validating traffic flows with NetScaler:

Validating General Traffic Flows with NetScaler

Additional tests verified the ability of a NetScaler instance to perform traffic management for general traffic on the ACI fabric. All ACI traffic (HTTP/TCP on port 80; SSL/TCP on port on port 443; TCP/TCP on port 8080; and DNS/UDP on port 53) is subject to Load Balancing and SSL Offloading. Tests were run to validate these traffic flows:

• Load Balancing. HTTP, TCP, DNS traffic was processed using the Load Balancing VIPs configured for the NetScaler instance.

• SSL Offloading. SSL traffic was directed to LB VIPs to accelerate SSL Offloading in NetScaler SDX hardware.

Validating SharePoint Traffic Flows with NetScaler

To validate that SharePoint traffic flows through the NetScaler VPX instances securely and correctly, the SharePoint server farm was configured with two SharePoint sites, Engineering and Marketing, to simulate a large enterprise organization. In this way, it was possible to examine how NetScaler applied Content Switching policies to direct SharePoint client requests as well to SQL database requests. Based on the specified URL in the request (for example, https://sp2013.test.ctx/sites/Eng/… or https://sp2013.test.ctx/sites/Mkt/…), the NetScaler VPX instance directed the request to the Load Balancing VIP bound to the Content Switching VIP.

5-2Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 5 Validating the ConfigurationVerifying the Configuration

Figure 5-2 and Figure 5-3 shows Content Switching functionality across the two SharePoint sites. Each site was accessed by different users, user aaa and bbb, respectively. The user login authentication occurred on the SharePoint server that received the user request.

Figure 5-2 Content Switching AcrossTwo SharePoint Sites (user aaa)

5-3Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 5 Validating the ConfigurationVerifying the Configuration

Figure 5-3 Content Switching AcrossTwo SharePoint Sites (user bbb)

Validating Microsoft SQL Server Flows with NetScaler

The test environment configures NetScaler instances to manage traffic for Microsoft SQL Server 2012 cluster. NetScaler performs Content Switching for database requests as well as load balancing. Since there are multiple secondary databases in an AlwaysON Availability Group, the NetScaler LB VIP distributes database read traffic based on the defined load-balancing algorithm. These test cases validated traffic flows for database requests:

• Microsoft SQL Server Load Balancing—As expected, the NetScaler instance directed database requests to the Content Switching virtual server (vserver) for load balancing.

• Microsoft SQL Server Content Switching for Read/Write Split—For an SQL query that writes to the database, the NetScaler instance directs it to the LB VIP that routes it to the appropriate primary database. For read operations, the query is sent to the LB VIP that routes it to a secondary replica database.

• Intelligent Monitoring for Microsoft SQL Server Health Check—Native MS-SQL monitors configured in the NetScaler instance query a particular field in a database table to determine which node is the current secondary. The monitor probe queries the database for the secondary replica and marks the primary replica service as down in the NetScaler instance.

5-4Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 5 Validating the ConfigurationVerifying the Configuration

Validating AppFW Functionality with NetScaler

As a part of the NetScaler configuration process, an administrator should import the Microsoft SharePoint signature file prior to configuring the AppFW service graph and parameters. Using a Citrix account, the administrator can download a signature file from the site: https://www.citrix.com/downloads/netscaler-adc/components/application-signature-protection-for-application-firewall.html. For this system solution, the signature file for the NetScaler 10.5 release (sig-r10.5b0v8s5.xml) was downloaded and customized.

The following test cases validate the successful configuration of AppFW functionality:

• AppFW blocks the sites that are not specified in the startURL. In the test environment, access is permitted to two SharePoint sites only: https://sp2013.test.ctx/sites/Eng and https://sp2013.test.ctx/sites/Mkt. Access to https://sp2013.test.ctx/sites/Financial, however, is blocked.

• AppFW blocks SQL injection attacks. The NetScaler instance successfully blocks access to a site that attempts to inject SQL queries, such as the URL: https://sp2013.test.ctx/sites/Eng/SitePages/Home.aspx?select;

• AppFW blocks XSS (Cross-Site-Scripting) attacks. In this test case the NetScaler instance successfully blocks XSS attacks. NetScaler blocked access to this URL: https://sp2013.test.ctx/sites/test/_layouts/15/start.aspx#/SitePages/Home.aspx?<script>.

• AppFW blocks Denial of Service (DoS) vulnerability in MS SharePoint. In this test case, NetScaler blocked access for a known XSS attack when accessing this URL: https://sp2013.test.ctx/sites/test/_layouts/15/start.aspx#/SitePages/Home.aspx?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN.

Validating Solution High Availability and FailoverThe topology for this system solution provides redundancy and failover for NetScaler VPX instances, NetScaler SDX appliances, fabric nodes, and APIC servers. In addition to redundancy and failover features in the tested solution, an enterprise SharePoint deployment should include monitoring to foster high service levels. In NetScaler deployments, SNMP and syslog monitoring are usually performed out-of-band to detect and proactively resolve problems. These methods can be used in-band through the ACI fabric as well.

NetScaler VPX Instance Failover

NetScaler VPX instances are configured in an HA device cluster in Active-Standby mode. (NetScaler Active-Active configuration is not yet supported because Dynamic Routing is required, which is forthcoming in a future Cisco ACI software release.)

To validate the HA configuration and failover of NetScaler VPX instances, an administrator forced a failover scenario by entering “force failover –force” to the Primary NetScaler VPX instance. The process was repeated to force a failover again on the Primary HA node. Immediately after each forced failover, traffic was directed and processed by the new Primary HA node as expected.

In addition to failover testing, administrators added and removed VPX instances on the NetScaler SDX appliance. Other instances were not impacted and continued to manage traffic on the fabric.

5-5Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 5 Validating the ConfigurationVerifying the Configuration

NetScaler SDX Appliance Failover

An additional test case was performed to validate failover in the event of an unavailable NetScaler SDX appliance. In particular, the test case validated continued operation after a simulated failure of the appliance hosting the HA Primary NetScaler VPX instance. For this test case, APIC configured the HA device cluster in Active-Standby. When the SDX unit with the primary instance was made unavailable, the standby HA instance on the other unit became the Primary HA node. Traffic management continued as expected.

Fabric and APIC Failover Scenarios

For this system solution, a number of failover scenarios were validated to demonstrate SharePoint application continuity. The following failover scenarios were successfully validated in testing the system solution environment within a single data center:

• Single link in LACP channel failure. Fabric traffic continues to flow using all other physical links.

• Single vPC leg failure. Fabric traffic continues to flow using the other vPC leg.

• Single leaf failure. Fabric traffic flows using an alternate leaf.

• Single spine failure. Fabric traffic continues to flow on the fabric using an alternate spine.

• Single APIC failure. An alternate APIC server from the APIC cluster is still available. As expected, fabric traffic continues to flow.

Configuring NetScaler GSLB for Multiple data centers

When configured for global server load balancing (GSLB, Figure 5-4), NetScaler appliances support disaster recovery and enable continuous application availability, protecting against single points of failure in a WAN deployment. GSLB enables intelligent load distribution, by directing client requests to the closest or best performing data center, or to an available and online data center in the case of an outage.

5-6Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 5 Validating the ConfigurationVerifying the Configuration

Figure 5-4 GSLB AcrossTwo Data Centers

When GSLB is configured, NetScaler appliances use the DNS infrastructure to connect client requests to the data center that best meets the set distribution criteria. NetScaler devices keep track of the location, performance, load, and availability of each data center and use these factors to select the data center for the client request.

An ADNS service is a special kind of service that responds only to DNS requests for domains for which the NetScaler appliance is authoritative. When an ADNS service is configured, the appliance owns that IP address and advertises it. Upon receipt of a DNS request by an ADNS service, the appliance checks for a GSLB virtual server bound to that domain. If a GSLB virtual server is bound, it’s queried for the best IP address to which to send the DNS response. (Note: On a public DNS server, configure the IPs of ADNS services from both data centers as authoritative DNS servers for the domain.)

NetScaler GSLB capabilities were implemented and tested for this system solution using the XML files listed in Appendix C, “Configurations.”

After configuring GSLB in the system solution environment, this functionality was tested by simulating a data center link failure. As expected, NetScaler successfully redirected traffic to the remaining available data center. Various GSLB distribution scenarios were also configured and tested. For example, NetScaler instances can distribute client load across data centers according to different algorithms. This system solution successfully validated three GSLB distribution scenarios:

• Dynamic Proximity—A delay injector was used to simulate a data center with less proximity. The NetScaler instance tracks Round Trip Time (RTT) and distributes load based on this value. Clients connected only to the data center with the least RTT value.

• Static Proximity—Based on the VLANs, the NetScaler instance directs traffic to the closest data center. In this way, clients connect to the data center in the same region.

• Even Distribution—The NetScaler instance tracks the number of connections and distributes the client request to the data center with the lowest number of connections. This method spreads out load across configured data centers.

DNSServer

v91

v1101,v101-v102

v1201,v121-v122

Data Center 2

v93

Client_1

FI SDX FISDX

2987

89

Silver TenantASR 1000

Silver TenantASR 1000

Catalyst 4948

v221-v223 (10.2.[1-3].0/24)

VLANs – ACI specified(v235-v237)

(10.1.[1-3].0/24)

Core Catalyst 6509Delay Injector

Data Center 1

Web

VM

App

VM

dB

VM

AD

VM

Web

VM

App

VM

dB

VM

AD

VM

ACIFabric

Internet

DNSServer

v92

v92

Client_2

5-7Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Chapter 5 Validating the ConfigurationVerifying the Configuration

5-8Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Deploying Microsoft ShaDesign and Implementation Guide

A

P P E N D I X A Product List

The following system solution product list is available for reference:

• Cisco Nexus 9508

• Cisco Nexus 9396

• Cisco: ACI 1.0 (2j)—latest version compatible with Citrix NetScaler device model package

• Cisco N20-6508 5108 UCS Blade Server Chassis

• Cisco ASR 1004 series Aggregation Service Router

• Cisco Application Policy Infrastructure Controller

• Citrix NetScaler SDX 11542 appliance, NetScaler VPX 10.5-53.9, and NetScaler Device Package 10.5-54.2

• Microsoft Windows Server 2012 R2 Standard Edition

• Microsoft SharePoint Server 2013 Enterprise Edition

• Microsoft SQL Server 2012 Enterprise Edition

• Microsoft Windows 7 Enterprise Edition

• VMware ESXi 5.1 with vCenter

• Fedora Linux x64 (hosts for public DNS servers)

• Ubuntu x64 (hosts Python interpreter for XML configuration files)

• Spirent chassis - SPT-N11U

A-1rePoint with Cisco ACI and Citrix NetScaler

Appendix A Product List

A-2Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Deploying Microsoft ShaDesign and Implementation Guide

A

P P E N D I X B References

The following system solution documentation references are available for convenience:

Cisco ACI References• Intercloud Data Center ACI 1.0 Implementation Guide

• Cisco Application Policy Infrastructure Controller (APIC)

• At-a-Glance: Cisco Virtual Multiservice Data Center Validated Designs

• Configuration Note: VMDC Architecture with Citrix NetScaler VPX and SDX

• Service Insertion with Cisco Application Centric Infrastructure

• Connecting Application Centric Infrastructure (ACI) to Outside Layer 2 and 3 Networks Guide

• Cisco APIC Layer 4 to Layer 7 Services Deployment Guide

Citrix Reference• Implementing Cisco Application Centric Infrastructure with Citrix NetScaler Application Delivery

Controllers

• Integrating Citrix NetScaler ADCs with Cisco Application Centric Infrastructure

• Citrix NetScaler 10.5 Product Documentation

• Citrix NetScaler SDX Hardware Installation

B-1rePoint with Cisco ACI and Citrix NetScaler

Appendix B ReferencesCitrix Reference

B-2Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Deploying Microsoft ShaDesign and Implementation Guide

A

P P E N D I X C Configurations

The following system solution configuration sections provide configuration details for this design and implementation validation:

• NetScaler Instance Configuration Summary, page C-1

• Automating APIC Configuration for SharePoint, page C-8

• XML Files for Configuring NetScaler Instances, page C-9

NetScaler Instance Configuration SummaryThe following NetScaler instance configuration summary provides the full configuration for the single NetScaler instance SDX-A_VPX-1.

#===== SDX-A_VPX-1 ===========================================================# set ns config -IPAddress 192.168.114.111 -netmask 255.255.255.0#=============================================================================

enable ns feature WL SP LB CS SSL GSLB AppFw RESPONDERenable ns mode FR Edge USNIP PMTUD

add vlan 101add vlan 102

add ns ip 10.16.1.11 255.255.255.0 -vServer DISABLEDadd ns ip 10.16.1.12 255.255.255.0 -vServer DISABLEDadd ns ip 10.16.1.13 255.255.255.0 -vServer DISABLEDadd ns ip 101.16.1.11 255.255.255.0 -vServer DISABLED

bind vlan 101 -ifnum LA/1 -taggedbind vlan 101 -IPAddress 10.16.1.11 255.255.255.0bind vlan 102 -ifnum LA/1 -taggedbind vlan 102 -IPAddress 101.16.1.11 255.255.255.0

add server server-tg-01 10.16.2.1add server server-tg-02 10.16.2.2add server server-tg-03 10.16.2.3add server server-tg-04 10.16.2.4add server server-tg-05 10.16.2.5add server server-tg-06 10.16.2.6add server server-tg-07 10.16.2.7add server server-tg-08 10.16.2.8add server server-tg-09 10.16.2.9add server server-tg-10 10.16.2.10add server server-tg-11 10.16.2.11

C-1rePoint with Cisco ACI and Citrix NetScaler

Appendix C ConfigurationsNetScaler Instance Configuration Summary

add server server-tg-12 10.16.2.12add server server-tg-13 10.16.2.13add server server-tg-14 10.16.2.14add server server-tg-15 10.16.2.15add server server-tg-16 10.16.2.16add server server-tg-17 10.16.2.17add server server-tg-18 10.16.2.18add server server-tg-19 10.16.2.19add server server-tg-20 10.16.2.20add server server-tg-21 10.16.2.21add server server-tg-22 10.16.2.22add server server-tg-23 10.16.2.23add server server-tg-24 10.16.2.24add server server-tg-25 10.16.2.25add server server-tg-26 10.16.2.26add server server-tg-27 10.16.2.27add server server-tg-28 10.16.2.28add server server-tg-29 10.16.2.29add server server-tg-30 10.16.2.30add server server-tg-31 10.16.2.31add server server-tg-32 10.16.2.32add server server-tg-33 10.16.2.33add server server-tg-34 10.16.2.34add server server-tg-35 10.16.2.35add server server-tg-36 10.16.2.36add server server-tg-37 10.16.2.37add server server-tg-38 10.16.2.38add server server-tg-39 10.16.2.39add server server-tg-40 10.16.2.40add server server-tg-41 10.16.2.41add server server-tg-42 10.16.2.42add server server-tg-43 10.16.2.43add server server-tg-44 10.16.2.44add server server-tg-45 10.16.2.45add server server-tg-46 10.16.2.46add server server-tg-47 10.16.2.47add server server-tg-48 10.16.2.48add server server-tg-49 10.16.2.49add server server-tg-50 10.16.2.50add server server-tg-51 10.16.2.51add server server-tg-52 10.16.2.52add server server-tg-53 10.16.2.53add server server-tg-54 10.16.2.54add server server-tg-55 10.16.2.55add server server-tg-56 10.16.2.56add server server-tg-57 10.16.2.57add server server-tg-58 10.16.2.58add server server-tg-59 10.16.2.59add server server-tg-60 10.16.2.60add server server-tg-61 10.16.2.61add server server-tg-62 10.16.2.62add server server-tg-63 10.16.2.63add server server-tg-64 10.16.2.64add server server-tg-65 10.16.2.65add server server-tg-66 10.16.2.66add server server-tg-67 10.16.2.67add server server-tg-68 10.16.2.68add server server-tg-69 10.16.2.69add server server-tg-70 10.16.2.70add server server-tg-71 10.16.2.71add server server-tg-72 10.16.2.72add server server-tg-73 10.16.2.73add server server-tg-74 10.16.2.74add server server-tg-75 10.16.2.75

C-2Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsNetScaler Instance Configuration Summary

add server server-tg-76 10.16.2.76add server server-tg-77 10.16.2.77add server server-tg-78 10.16.2.78add server server-tg-79 10.16.2.79add server server-tg-80 10.16.2.80

add service service-tg-01 server-tg-01 HTTP 80add service service-tg-02 server-tg-02 HTTP 80add service service-tg-03 server-tg-03 HTTP 80add service service-tg-04 server-tg-04 HTTP 80add service service-tg-05 server-tg-05 HTTP 80add service service-tg-06 server-tg-06 HTTP 80add service service-tg-07 server-tg-07 HTTP 80add service service-tg-08 server-tg-08 HTTP 80add service service-tg-09 server-tg-09 HTTP 80add service service-tg-10 server-tg-10 HTTP 80add service service-tg-11 server-tg-11 HTTP 80add service service-tg-12 server-tg-12 HTTP 80add service service-tg-13 server-tg-13 HTTP 80add service service-tg-14 server-tg-14 HTTP 80add service service-tg-15 server-tg-15 HTTP 80add service service-tg-16 server-tg-16 HTTP 80add service service-tg-17 server-tg-17 HTTP 80add service service-tg-18 server-tg-18 HTTP 80add service service-tg-19 server-tg-19 HTTP 80add service service-tg-20 server-tg-20 HTTP 80add service service-tg-21 server-tg-21 SSL 443add service service-tg-22 server-tg-22 SSL 443add service service-tg-23 server-tg-23 SSL 443add service service-tg-24 server-tg-24 SSL 443add service service-tg-25 server-tg-25 SSL 443add service service-tg-26 server-tg-26 SSL 443add service service-tg-27 server-tg-27 SSL 443add service service-tg-28 server-tg-28 SSL 443add service service-tg-29 server-tg-29 SSL 443add service service-tg-30 server-tg-30 SSL 443add service service-tg-31 server-tg-31 SSL 443add service service-tg-32 server-tg-32 SSL 443add service service-tg-33 server-tg-33 SSL 443add service service-tg-34 server-tg-34 SSL 443add service service-tg-35 server-tg-35 SSL 443add service service-tg-36 server-tg-36 SSL 443add service service-tg-37 server-tg-37 SSL 443add service service-tg-38 server-tg-38 SSL 443add service service-tg-39 server-tg-39 SSL 443add service service-tg-40 server-tg-40 SSL 443add service service-tg-41 server-tg-41 TCP 8080add service service-tg-42 server-tg-42 TCP 8080add service service-tg-43 server-tg-43 TCP 8080add service service-tg-44 server-tg-44 TCP 8080add service service-tg-45 server-tg-45 TCP 8080add service service-tg-46 server-tg-46 TCP 8080add service service-tg-47 server-tg-47 TCP 8080add service service-tg-48 server-tg-48 TCP 8080add service service-tg-49 server-tg-49 TCP 8080add service service-tg-50 server-tg-50 TCP 8080add service service-tg-51 server-tg-51 TCP 8080add service service-tg-52 server-tg-52 TCP 8080add service service-tg-53 server-tg-53 TCP 8080add service service-tg-54 server-tg-54 TCP 8080add service service-tg-55 server-tg-55 TCP 8080add service service-tg-56 server-tg-56 TCP 8080add service service-tg-57 server-tg-57 TCP 8080add service service-tg-58 server-tg-58 TCP 8080

C-3Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsNetScaler Instance Configuration Summary

add service service-tg-59 server-tg-59 TCP 8080add service service-tg-60 server-tg-60 TCP 8080add service service-tg-61 server-tg-61 DNS 53add service service-tg-62 server-tg-62 DNS 53add service service-tg-63 server-tg-63 DNS 53add service service-tg-64 server-tg-64 DNS 53add service service-tg-65 server-tg-65 DNS 53add service service-tg-66 server-tg-66 DNS 53add service service-tg-67 server-tg-67 DNS 53add service service-tg-68 server-tg-68 DNS 53add service service-tg-69 server-tg-69 DNS 53add service service-tg-70 server-tg-70 DNS 53add service service-tg-71 server-tg-71 DNS 53add service service-tg-72 server-tg-72 DNS 53add service service-tg-73 server-tg-73 DNS 53add service service-tg-74 server-tg-74 DNS 53add service service-tg-75 server-tg-75 DNS 53add service service-tg-76 server-tg-76 DNS 53add service service-tg-77 server-tg-77 DNS 53add service service-tg-78 server-tg-78 DNS 53add service service-tg-79 server-tg-79 DNS 53add service service-tg-80 server-tg-80 DNS 53

add lb vserver vip-tg-101 HTTP 101.16.1.101 80add lb vserver vip-tg-102 HTTP 101.16.1.102 80add lb vserver vip-tg-103 SSL 101.16.1.103 443add lb vserver vip-tg-104 SSL 101.16.1.104 443add lb vserver vip-tg-105 TCP 101.16.1.105 8080add lb vserver vip-tg-106 TCP 101.16.1.106 8080add lb vserver vip-tg-107 DNS 101.16.1.107 53add lb vserver vip-tg-108 DNS 101.16.1.108 53

bind lb vserver vip-tg-101 service-tg-01bind lb vserver vip-tg-101 service-tg-02bind lb vserver vip-tg-101 service-tg-03bind lb vserver vip-tg-101 service-tg-04bind lb vserver vip-tg-101 service-tg-05bind lb vserver vip-tg-101 service-tg-06bind lb vserver vip-tg-101 service-tg-07bind lb vserver vip-tg-101 service-tg-08bind lb vserver vip-tg-101 service-tg-09bind lb vserver vip-tg-101 service-tg-10bind lb vserver vip-tg-102 service-tg-11bind lb vserver vip-tg-102 service-tg-12bind lb vserver vip-tg-102 service-tg-13bind lb vserver vip-tg-102 service-tg-14bind lb vserver vip-tg-102 service-tg-15bind lb vserver vip-tg-102 service-tg-16bind lb vserver vip-tg-102 service-tg-17bind lb vserver vip-tg-102 service-tg-18bind lb vserver vip-tg-102 service-tg-19bind lb vserver vip-tg-102 service-tg-20bind lb vserver vip-tg-103 service-tg-21bind lb vserver vip-tg-103 service-tg-22bind lb vserver vip-tg-103 service-tg-23bind lb vserver vip-tg-103 service-tg-24bind lb vserver vip-tg-103 service-tg-25bind lb vserver vip-tg-103 service-tg-26bind lb vserver vip-tg-103 service-tg-27bind lb vserver vip-tg-103 service-tg-28bind lb vserver vip-tg-103 service-tg-29bind lb vserver vip-tg-103 service-tg-30bind lb vserver vip-tg-104 service-tg-31bind lb vserver vip-tg-104 service-tg-32

C-4Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsNetScaler Instance Configuration Summary

bind lb vserver vip-tg-104 service-tg-33bind lb vserver vip-tg-104 service-tg-34bind lb vserver vip-tg-104 service-tg-35bind lb vserver vip-tg-104 service-tg-36bind lb vserver vip-tg-104 service-tg-37bind lb vserver vip-tg-104 service-tg-38bind lb vserver vip-tg-104 service-tg-39bind lb vserver vip-tg-104 service-tg-40bind lb vserver vip-tg-105 service-tg-41bind lb vserver vip-tg-105 service-tg-42bind lb vserver vip-tg-105 service-tg-43bind lb vserver vip-tg-105 service-tg-44bind lb vserver vip-tg-105 service-tg-45bind lb vserver vip-tg-105 service-tg-46bind lb vserver vip-tg-105 service-tg-47bind lb vserver vip-tg-105 service-tg-48bind lb vserver vip-tg-105 service-tg-49bind lb vserver vip-tg-105 service-tg-50bind lb vserver vip-tg-106 service-tg-51bind lb vserver vip-tg-106 service-tg-52bind lb vserver vip-tg-106 service-tg-53bind lb vserver vip-tg-106 service-tg-54bind lb vserver vip-tg-106 service-tg-55bind lb vserver vip-tg-106 service-tg-56bind lb vserver vip-tg-106 service-tg-57bind lb vserver vip-tg-106 service-tg-58bind lb vserver vip-tg-106 service-tg-59bind lb vserver vip-tg-106 service-tg-60bind lb vserver vip-tg-107 service-tg-61bind lb vserver vip-tg-107 service-tg-62bind lb vserver vip-tg-107 service-tg-63bind lb vserver vip-tg-107 service-tg-64bind lb vserver vip-tg-107 service-tg-65bind lb vserver vip-tg-107 service-tg-66bind lb vserver vip-tg-107 service-tg-67bind lb vserver vip-tg-107 service-tg-68bind lb vserver vip-tg-107 service-tg-69bind lb vserver vip-tg-107 service-tg-70bind lb vserver vip-tg-108 service-tg-71bind lb vserver vip-tg-108 service-tg-72bind lb vserver vip-tg-108 service-tg-73bind lb vserver vip-tg-108 service-tg-74bind lb vserver vip-tg-108 service-tg-75bind lb vserver vip-tg-108 service-tg-76bind lb vserver vip-tg-108 service-tg-77bind lb vserver vip-tg-108 service-tg-78bind lb vserver vip-tg-108 service-tg-79bind lb vserver vip-tg-108 service-tg-80

add ssl certKey sp2013.test.ctx-cert -cert sp2013-server.cert -keysp2013-server.key

bind ssl vserver vip-tg-103 -certkeyName sp2013.test.ctx-certbind ssl vserver vip-tg-104 -certkeyName sp2013.test.ctx-cert

add route 10.1.1.0 255.255.255.0 10.16.1.254add route 10.1.2.0 255.255.255.0 10.16.1.254add route 10.1.3.0 255.255.255.0 10.16.1.254add route 10.16.2.0 255.255.255.0 10.16.1.254add route 192.168.0.0 255.255.0.0 192.168.114.254

add route 0.0.0.0 0.0.0.0 101.16.1.254

# === CS ===================================================================

C-5Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsNetScaler Instance Configuration Summary

add server server-sp2013-1 10.1.2.101add server server-sp2013-2 10.1.2.102

add service service-sp2013-1 server-sp2013-1 SSL 443add service service-sp2013-2 server-sp2013-2 SSL 443

add lb vserver vip-LB-sp2013-1 HTTP 10.16.1.111 80add lb vserver vip-LB-sp2013-2 HTTP 10.16.1.112 80

bind lb vserver vip-LB-sp2013-1 service-sp2013-1bind lb vserver vip-LB-sp2013-2 service-sp2013-2

add cs vserver vip-CS_SP2013 SSL 101.16.1.121 443

bind ssl vserver vip-CS_SP2013 -certkeyName sp2013.test.ctx-cert

add cs policy policy-cs-eng -url "/sites/Eng/*"add cs policy policy-cs-mkt -url "/sites/Mkt/*"

bind cs vserver vip-CS_SP2013 -policy policy-cs-eng -targetLBVservervip-LB-sp2013-1

bind cs vserver vip-CS_SP2013 -policy policy-cs-mkt -targetLBVservervip-LB-sp2013-2

bind cs vserver vip-CS_SP2013 -lbvserver vip-LB-sp2013-1

# === DB ===================================================================

add db user sa -password Citrix123

add server server-mssql-1 10.1.3.101add server server-mssql-2 10.1.3.102add server server-mssql-3 10.1.3.103add server server-mssql_listener 10.1.3.105

add service sql-1.test.ctx server-mssql-1 MSSQL 1433add service sql-2.test.ctx server-mssql-2 MSSQL 1433add service sql-3.test.ctx server-mssql-3 MSSQL 1433

add service sql_listener server-mssql_listener MSSQL 1433

add monitor read_replica1 MSSQL-ECV -sqlQuery "select role, role_desc fromsys.dm_hadr_availability_replica_states as A,sys.dm_hadr_availability_replica_cluster_states as B where (A.replica_id =B.replica_id and B.replica_server_name = 'sql-1') and A.group_id in(select ag_id from sys.dm_hadr_name_id_map where ag_name ='AG_SharePoint_2013')" -evalRule"MSSQL.RES.ROW(0).TEXT_ELEM(1).EQ(\"SECONDARY\")" -username sa

add monitor read_replica2 MSSQL-ECV -sqlQuery "select role, role_desc fromsys.dm_hadr_availability_replica_states as A,sys.dm_hadr_availability_replica_cluster_states as B where (A.replica_id =B.replica_id and B.replica_server_name = 'sql-2') and A.group_id in(select ag_id from sys.dm_hadr_name_id_map where ag_name ='AG_SharePoint_2013')" -evalRule"MSSQL.RES.ROW(0).TEXT_ELEM(1).EQ(\"SECONDARY\")" -username sa

add monitor read_replica3 MSSQL-ECV -sqlQuery "select role, role_desc fromsys.dm_hadr_availability_replica_states as A,sys.dm_hadr_availability_replica_cluster_states as B where (A.replica_id =B.replica_id and B.replica_server_name = 'sql-3') and A.group_id in(select ag_id from sys.dm_hadr_name_id_map where ag_name ='AG_SharePoint_2013')" -evalRule"MSSQL.RES.ROW(0).TEXT_ELEM(1).EQ(\"SECONDARY\")" -username sa

C-6Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsNetScaler Instance Configuration Summary

bind service sql-1.test.ctx -monitorName read_replica1bind service sql-2.test.ctx -monitorName read_replica2bind service sql-3.test.ctx -monitorName read_replica3

add lb vserver vip-mssql-LB_READ MSSQL 10.16.1.151 1433 -mssqlServerVersion2012

add lb vserver vip-mssql-LB_WRITE MSSQL 10.16.1.152 1433 -mssqlServerVersion2012

bind lb vserver vip-mssql-LB_WRITE sql_listener

bind lb vserver vip-mssql-LB_READ sql-1.test.ctxbind lb vserver vip-mssql-LB_READ sql-2.test.ctxbind lb vserver vip-mssql-LB_READ sql-3.test.ctx

add cs vserver vip-MSSQL_CS MSSQL 10.16.1.122 1433 -mssqlServerVersion 2012

add cs policy CS_Read1 -rule "MSSQL.CLIENT.TYPEFLAGS.BITAND(32).EQ(32)"add cs policy CS_Read2 -rule

"MSSQL.REQ.QUERY.COMMAND.SET_TEXT_MODE(IGNORECASE).EQ(\"select\")"

bind cs vserver vip-MSSQL_CS -policy CS_Read1 -targetLBVserver vip-mssql-LB_READ -priority 10

bind cs vserver vip-MSSQL_CS -policy CS_Read2 -targetLBVserver vip-mssql-LB_READ -priority 20

bind cs vserver vip-MSSQL_CS -lbvserver vip-mssql-LB_WRITE

# === AppFW ==================================================================# === Out-of-band operation:# === import appfw signatures# === http://10.1.1.101/mssharepoint/mssharepoint.xml mssharepoint

add appfw profile Sharepoint_SharePoint_sig -startURLAction block learn logstats -startURLClosure ON -signatures mssharepoint

bind appfw profile Sharepoint_SharePoint_sig -startURL"^http://sp2013.test.ctx(\\:)*(\\d)*/sites/Eng(/)?"

bind appfw profile Sharepoint_SharePoint_sig -startURL"^http://sp2013.test.ctx(\\:)*(\\d)*/sites/Mkt(/)?"

add appfw policy Sharepoint_SharePoint_sig"HTTP.REQ.HOSTNAME.EQ(\"sp2013.test.ctx\")" Sharepoint_SharePoint_sig

bind cs vserver vip-CS_SP2013 -policyName Sharepoint_SharePoint_sig -priority100 -gotoPriorityExpression END -type REQUEST

set appfw profile Sharepoint_SharePoint_sig -SQLInjectionAction block learnlog stats

set appfw profile Sharepoint_SharePoint_sig -crossSiteScriptingAction blocklearn log stats

# === GSLB ===================================================================

add service svc_adns_1 101.16.1.11 ADNS 53

add gslb site Data_Center_1 101.16.1.11add gslb site Data_Center_2 201.16.1.11

add gslb vserver vip-gslb-sp2013 ssl

add gslb service svc_gslb_sp2013_dc1 101.16.1.121 ssl 443 -sitenameData_Center_1

C-7Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsAutomating APIC Configuration for SharePoint

add gslb service svc_gslb_sp2013_dc2 201.16.1.121 ssl 443 -sitenameData_Center_2

bind gslb vserver vip-gslb-sp2013 -servicename svc_gslb_sp2013_dc1bind gslb vserver vip-gslb-sp2013 -servicename svc_gslb_sp2013_dc2

bind gslb vserver vip-gslb-sp2013 -domainname sp2013.test.ctx

set gslb vserver vip-gslb-sp2013 -lbmethod RTT

add location 91.1.1.1 91.1.1.255 DC1add location 101.16.1.121 101.16.1.121 DC1add location 102.16.1.121 102.16.1.121 DC1add location 92.1.1.1 92.1.1.255 DC2add location 201.16.1.121 201.16.1.121 DC2add location 202.16.1.121 202.16.1.121 DC2

set gslb vserver vip-gslb-sp2013 -lbmethod staticproximity

set gslb vserver vip-gslb-sp2013 -lbmethod leastconnection

#=============================================================================

Return to Configurations, page C-1.

Automating APIC Configuration for SharePointFrom a Ubuntu machine, XML files can be interpreted using Python to define APIC configurations for ACI deployments. APIC then deploys the appropriate configuration settings to the NetScaler VPX instances.

This appendix contains the XML files largely used to configure NetScaler VPX instances used in this system solution. The following script processes a series of XML files to automate the creation and configuration of the NetScaler instances. (A few additional steps, such as creating and assigning the filter acl_cs_sharepoint to contract subjects for SharePoint, were performed using the APIC GUI and do not have comparable XML files in this appendix.)

#!/bin/bash# Ubuntu machine: 192.168.115.221 (administrator/cisco)# Basic config: /Citrix/APICscript/# ============================================================================./post_xml.py CreateServiceGraph_lb_http.xml 192.168.114.1:443./post_xml.py ConfigServiceGraphWithParams_lb_http.xml 192.168.114.1:443./post_xml.py CreateContract_lb_http.xml 192.168.114.1:443./post_xml.py AttachGraphToContract_lb_http.xml 192.168.114.1:443

./post_xml.py CreateServiceGraph_lb_ssl.xml 192.168.114.1:443

./post_xml.py ConfigServiceGraphWithParams_lb_ssl.xml 192.168.114.1:443

./post_xml.py CreateContract_lb_ssl.xml 192.168.114.1:443

./post_xml.py AttachGraphToContract_lb_ssl.xml 192.168.114.1:443

# CS/SSL: /Citrix/APICscript/SP_CS_SSL/# ============================================================================./post_xml.py CreateServiceGraph_SP_cs_ssl_1.xml 192.168.114.1:443./post_xml.py ConfigServiceGraphWithParams_SP_cs_ssl_1.xml 192.168.114.1:443./post_xml.py CreateServiceGraph_SP_cs_ssl_2.xml 192.168.114.1:443./post_xml.py ConfigServiceGraphWithParams_SP_cs_ssl_2.xml 192.168.114.1:443

# CS/DB: /Citrix/APICscript/SP_CS_DB/# ============================================================================

C-8Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

./post_xml.py CreateServiceGraphWithParams_SP_cs_DB_1.xml 192.168.114.1:443

./post_xml.py CreateServiceGraphWithParams_SP_cs_DB_2.xml 192.168.114.1:443

# AppFW: /Citrix/APICscript/AppFW/# ============================================================================./post_xml.py CreateServiceGraphWithParams_AppFW.xml 192.168.114.1:443./post_xml.py ConfigServiceGraph_SP_cs_ssl_1_withAppFW-policy.xml 192.168.114.1:443./post_xml.py ConfigAppFW_block_SQL_injection.xml 192.168.114.1:443./post_xml.py ConfigAppFW_block_XSS.xml 192.168.114.1:443

# GSLB: /Citrix/APICscript/SP_GSLB/# ============================================================================./post_xml.py CreateServiceGraphWithParams_SP_GSLB_1.xml 192.168.114.1:443./post_xml.py CreateServiceGraphWithParams_SP_GSLB_2.xml 192.168.114.1:443./post_xml.py ConfigParameters_SP_GSLB_DynamicProx.xml 192.168.114.1:443./post_xml.py ConfigParameters_SP_GSLB_StaticProx.xml 192.168.114.1:443./post_xml.py ConfigParameters_SP_GSLB_LeastConn.xml192.168.114.1:443

The first eight files perform configuration tasks that set up basic network service functions that APIC applies to the NetScaler instances. These tasks include the configuration of Load Balancing and SSL off-loading functions that are performed on generic traffic. The remaining files configure NetScaler functions that are specific to SharePoint Server 2013 workloads.

XML Files for Configuring NetScaler InstancesThe following system solution XML files for configuring NetScaler instances are available for reference:

XML Files for Configuring Basic Functions, page C-10

• CreateServiceGraph_lb_http.xml, page C-10

• ConfigServiceGraphWithParams_lb_http.xml , page C-30

• CreateContract_lb_http.xml, page C-31

• AttachGraphToContract_lb_http.xml , page C-32

• CreateServiceGraph_lb_ssl.xml , page C-32

• ConfigServiceGraphWithParams_lb_ssl.xml, page C-40

• CreateContract_lb_ssl.xml, page C-40

• AttachGraphToContract_lb_ssl.xml , page C-41

XML Files that Configure NetScaler Services for SharePoint, page C-41

• XML for Content Switching

– CreateServiceGraph_SP_cs_ssl_1.xml, page C-43

– ConfigServiceGraphWithParams_SP_cs_ssl_1.xml, page C-46

– CreateServiceGraph_SP_cs_ssl_2.xml , page C-47

– ConfigServiceGraphWithParams_SP_cs_ssl_2.xml , page C-48

• XML for Database Content Switching

– CreateServiceGraphWithParams_SP_cs_DB_1.xml, page C-49

– CreateServiceGraphWithParams_SP_cs_DB_2.xml, page C-51

C-9Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

• XML for Application Firewall

– CreateServiceGraphWithParams_AppFW.xml, page C-56

– ConfigServiceGraph_SP_cs_ssl_1_withAppFW-policy.xml, page C-58

– ConfigAppFW_block_SQL_injection.xml, page C-62

– ConfigAppFW_block_XSS.xml, page C-63.

• XML for Global Server Load Balancing (GSLB)

– CreateServiceGraphWithParams_SP_GSLB_1.xml , page C-66

– CreateServiceGraphWithParams_SP_GSLB_2.xml, page C-67

– ConfigParameters_SP_GSLB_DynamicProx.xml, page C-70

– ConfigParameters_SP_GSLB_StaticProx.xml, page C-73

– ConfigParameters_SP_GSLB_LeastConn.xml, page C-76

XML Files for Configuring Basic FunctionsThese XML files set up basic NetScaler network service functions that process generic traffic on the ACI fabric:

• CreateServiceGraph_lb_http.xml, page C-10

Creates a service graph (WebGraph) for HTTP, SSL, DNS, and TCP load balancing.

• ConfigServiceGraphWithParams_lb_http.xml , page C-30

Configures L4-L7 parameters for the load balancing service graph.

• CreateContract_lb_http.xml, page C-31

Configures a contract for load balancing traffic.

• AttachGraphToContract_lb_http.xml , page C-32

Attaches the service graph to the contract.

• CreateServiceGraph_lb_ssl.xml , page C-32

Creates a service graph (WebGraph_ssl) for SSL Offloading.

• ConfigServiceGraphWithParams_lb_ssl.xml, page C-40

Configures L4-L7 parameters for the SSL Offloading service graph.

• CreateContract_lb_ssl.xml, page C-40

Configures a contract for SSL Offloading of generic traffic on the fabric.

• AttachGraphToContract_lb_ssl.xml , page C-41

Attaches the SSL Offloading service graph to a contract.

CreateServiceGraph_lb_http.xml

Creates a service graph (WebGraph) for HTTP, SSL, DNS, and TCP load balancing.<!— CreateServiceGraph_lb_http.xml --><!— Create service graph for LB --><polUni><fvTenant name="silverTenant1"><!-- Application Profile --><fvAp dn="uni/tn-silverTenant1/ap-Web1-AppProfile" name="Web1-AppProfile">

C-10Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<!-- EPG 1 --><fvAEPg dn="uni/tn-silverTenant1/ap-Web1-AppProfile/epg-Web1-EPG"

name="Web1-EPG"><fvRsBd tnFvBDName="silverTenant1-BD1" /><fvRsProv tnVzBrCPName="webCtrct1"></fvRsProv>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"nodeNameOrLbl="LB1" key="Network" name="network">

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"nodeNameOrLbl="LB1" key="nsip" name="snip1">

<vnsParamInst key="ipaddress" name="ip1" value="101.16.1.11"/><vnsParamInst key="netmask" name="netmask1" value="255.255.255.0"/><vnsParamInst key="dynamicrouting" name="dynamicRouting"

value="ENABLED"/><vnsParamInst key="hostroute" name="hostroute" value="DISABLED"/><vnsParamInst key="mgmtaccess" name="mgmtaccess" value="ENABLED"/><vnsParamInst key="type" name="type" value="SNIP"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="nsip" name="snip2"><vnsParamInst key="ipaddress" name="ip2" value="10.16.1.11"/><vnsParamInst key="netmask" name="netmask2" value="255.255.255.0"/><vnsParamInst key="dynamicrouting" name="dynamicRouting"

value="DISABLED"/><vnsParamInst key="hostroute" name="hostroute" value="DISABLED"/><vnsParamInst key="mgmtaccess" name="mgmtaccess" value="ENABLED"/><vnsParamInst key="type" name="type" value="SNIP"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="nsip" name="snip3"><vnsParamInst key="ipaddress" name="ip3" value="10.16.1.12"/><vnsParamInst key="netmask" name="netmask3" value="255.255.255.0"/><vnsParamInst key="dynamicrouting" name="dynamicRouting"

value="DISABLED"/><vnsParamInst key="hostroute" name="hostroute" value="DISABLED"/><vnsParamInst key="type" name="type" value="SNIP"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="nsip" name="snip4"><vnsParamInst key="ipaddress" name="ip4" value="10.16.1.13"/><vnsParamInst key="netmask" name="netmask4" value="255.255.255.0"/><vnsParamInst key="dynamicrouting" name="dynamicRouting"

value="DISABLED"/><vnsParamInst key="hostroute" name="hostroute" value="DISABLED"/><vnsParamInst key="type" name="type" value="SNIP"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="route" name="route1"><vnsParamInst key="network" name="network1" value="0.0.0.0"/><vnsParamInst key="netmask" name="netmask1" value="0.0.0.0"/><vnsParamInst key="gateway" name="gateway1" value="101.16.1.254"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="route" name="route2"><vnsParamInst key="network" name="network2" value="10.1.1.0"/><vnsParamInst key="netmask" name="netmask2" value="255.255.255.0"/><vnsParamInst key="gateway" name="gateway2" value="10.16.1.254"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="route" name="route3"><vnsParamInst key="network" name="network3" value="10.1.2.0"/><vnsParamInst key="netmask" name="netmask3" value="255.255.255.0"/><vnsParamInst key="gateway" name="gateway2" value="10.16.1.254"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

C-11Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

nodeNameOrLbl="LB1" key="route" name="route4"><vnsParamInst key="network" name="network4" value="10.1.3.0"/><vnsParamInst key="netmask" name="netmask4" value="255.255.255.0"/><vnsParamInst key="gateway" name="gateway2" value="10.16.1.254"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"nodeNameOrLbl="LB1" key="route" name="route5">

<vnsParamInst key="network" name="network5" value="10.16.2.0"/><vnsParamInst key="netmask" name="netmask5" value="255.255.255.0"/><vnsParamInst key="gateway" name="gateway2" value="10.16.1.254"/></vnsFolderInst>

</vnsFolderInst>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"nodeNameOrLbl="LB1" key="lbvserver" name="vip-tg-101">

<vnsParamInst name="name" key="name" value="vip-tg-101"/><vnsParamInst name="ipv46" key="ipv46" value="101.16.1.101"/><vnsParamInst name="servicetype" key="servicetype" value="HTTP"/><vnsParamInst name="port" key="port" value="80"/><vnsParamInst name="clttimeout" key="clttimeout" value="200"/><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-01"><vnsCfgRelInst key="servicename" name="service-tg-01"targetName="service-tg-01"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-02"><vnsCfgRelInst key="servicename" name="service-tg-02"targetName="service-tg-02"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-03"><vnsCfgRelInst key="servicename" name="service-tg-03"targetName="service-tg-03"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-04"><vnsCfgRelInst key="servicename" name="service-tg-04"targetName="service-tg-04"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-05"><vnsCfgRelInst key="servicename" name="service-tg-05"targetName="service-tg-05"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-06"><vnsCfgRelInst key="servicename" name="service-tg-06"targetName="service-tg-06"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-07"><vnsCfgRelInst key="servicename" name="service-tg-07"targetName="service-tg-07"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

C-12Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-08"><vnsCfgRelInst key="servicename" name="service-tg-08"targetName="service-tg-08"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-09"><vnsCfgRelInst key="servicename" name="service-tg-09"targetName="service-tg-09"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-10"><vnsCfgRelInst key="servicename" name="service-tg-10"targetName="service-tg-10"/>

</vnsFolderInst></vnsFolderInst>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"nodeNameOrLbl="LB1" key="lbvserver" name="vip-tg-102">

<vnsParamInst name="name" key="name" value="vip-tg-102"/><vnsParamInst name="ipv46" key="ipv46" value="101.16.1.102"/><vnsParamInst name="servicetype" key="servicetype" value="HTTP"/><vnsParamInst name="port" key="port" value="80"/><vnsParamInst name="clttimeout" key="clttimeout" value="200"/><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-11"><vnsCfgRelInst key="servicename" name="service-tg-11"targetName="service-tg-11"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-12"><vnsCfgRelInst key="servicename" name="service-tg-12"targetName="service-tg-12"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-13"><vnsCfgRelInst key="servicename" name="service-tg-13"targetName="service-tg-13"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-14"><vnsCfgRelInst key="servicename" name="service-tg-14"targetName="service-tg-14"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-15"><vnsCfgRelInst key="servicename" name="service-tg-15"targetName="service-tg-15"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-16"><vnsCfgRelInst key="servicename" name="service-tg-16"targetName="service-tg-16"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

C-13Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-17"><vnsCfgRelInst key="servicename" name="service-tg-17"targetName="service-tg-17"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-18"><vnsCfgRelInst key="servicename" name="service-tg-18"targetName="service-tg-18"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-19"><vnsCfgRelInst key="servicename" name="service-tg-19"targetName="service-tg-19"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-20"><vnsCfgRelInst key="servicename" name="service-tg-20"targetName="service-tg-20"/>

</vnsFolderInst></vnsFolderInst>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"nodeNameOrLbl="LB1" key="lbvserver" name="vip-tg-105">

<vnsParamInst name="name" key="name" value="vip-tg-105"/><vnsParamInst name="ipv46" key="ipv46" value="101.16.1.105"/><vnsParamInst name="servicetype" key="servicetype" value="TCP"/><vnsParamInst name="port" key="port" value="8080"/><vnsParamInst name="clttimeout" key="clttimeout" value="200"/><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-41"><vnsCfgRelInst key="servicename" name="service-tg-41"targetName="service-tg-41"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-42"><vnsCfgRelInst key="servicename" name="service-tg-42"targetName="service-tg-42"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-43"><vnsCfgRelInst key="servicename" name="service-tg-43"targetName="service-tg-43"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-44"><vnsCfgRelInst key="servicename" name="service-tg-44"targetName="service-tg-44"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-45"><vnsCfgRelInst key="servicename" name="service-tg-45"targetName="service-tg-45"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

C-14Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-46"><vnsCfgRelInst key="servicename" name="service-tg-46"targetName="service-tg-46"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-47"><vnsCfgRelInst key="servicename" name="service-tg-47"targetName="service-tg-47"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-48"><vnsCfgRelInst key="servicename" name="service-tg-48"targetName="service-tg-48"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-49"><vnsCfgRelInst key="servicename" name="service-tg-49"targetName="service-tg-49"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-50"><vnsCfgRelInst key="servicename" name="service-tg-50"targetName="service-tg-50"/>

</vnsFolderInst></vnsFolderInst>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"nodeNameOrLbl="LB1" key="lbvserver" name="vip-tg-106">

<vnsParamInst name="name" key="name" value="vip-tg-106"/><vnsParamInst name="ipv46" key="ipv46" value="101.16.1.106"/><vnsParamInst name="servicetype" key="servicetype" value="TCP"/><vnsParamInst name="port" key="port" value="8080"/><vnsParamInst name="clttimeout" key="clttimeout" value="200"/><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-51"><vnsCfgRelInst key="servicename" name="service-tg-51"targetName="service-tg-51"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-52"><vnsCfgRelInst key="servicename" name="service-tg-52"targetName="service-tg-52"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-53"><vnsCfgRelInst key="servicename" name="service-tg-53"targetName="service-tg-53"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-54"><vnsCfgRelInst key="servicename" name="service-tg-54"targetName="service-tg-54"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

C-15Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-55"><vnsCfgRelInst key="servicename" name="service-tg-55"targetName="service-tg-55"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-56"><vnsCfgRelInst key="servicename" name="service-tg-56"targetName="service-tg-56"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-57"><vnsCfgRelInst key="servicename" name="service-tg-57"targetName="service-tg-57"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-58"><vnsCfgRelInst key="servicename" name="service-tg-58"targetName="service-tg-58"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-59"><vnsCfgRelInst key="servicename" name="service-tg-59"targetName="service-tg-59"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-60"><vnsCfgRelInst key="servicename" name="service-tg-60"targetName="service-tg-60"/>

</vnsFolderInst></vnsFolderInst>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"nodeNameOrLbl="LB1" key="lbvserver" name="vip-tg-107">

<vnsParamInst name="name" key="name" value="vip-tg-107"/><vnsParamInst name="ipv46" key="ipv46" value="101.16.1.107"/><vnsParamInst name="servicetype" key="servicetype" value="DNS"/><vnsParamInst name="port" key="port" value="53"/><vnsParamInst name="clttimeout" key="clttimeout" value="200"/><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-61"><vnsCfgRelInst key="servicename" name="service-tg-61"targetName="service-tg-61"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-62"><vnsCfgRelInst key="servicename" name="service-tg-62"targetName="service-tg-62"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-63"><vnsCfgRelInst key="servicename" name="service-tg-63"targetName="service-tg-63"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

C-16Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-64"><vnsCfgRelInst key="servicename" name="service-tg-64"targetName="service-tg-64"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-65"><vnsCfgRelInst key="servicename" name="service-tg-65"targetName="service-tg-65"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-66">

<vnsCfgRelInst key="servicename" name="service-tg-66"targetName="service-tg-66"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-67"><vnsCfgRelInst key="servicename" name="service-tg-67"targetName="service-tg-67"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-68"><vnsCfgRelInst key="servicename" name="service-tg-68"targetName="service-tg-68"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-69"><vnsCfgRelInst key="servicename" name="service-tg-69"targetName="service-tg-69"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-70"><vnsCfgRelInst key="servicename" name="service-tg-70"targetName="service-tg-70"/>

</vnsFolderInst></vnsFolderInst>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"nodeNameOrLbl="LB1" key="lbvserver" name="vip-tg-108">

<vnsParamInst name="name" key="name" value="vip-tg-108"/><vnsParamInst name="ipv46" key="ipv46" value="101.16.1.108"/><vnsParamInst name="servicetype" key="servicetype" value="DNS"/><vnsParamInst name="port" key="port" value="53"/><vnsParamInst name="clttimeout" key="clttimeout" value="200"/><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-71"><vnsCfgRelInst key="servicename" name="service-tg-71"targetName="service-tg-71"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-72"><vnsCfgRelInst key="servicename" name="service-tg-72"targetName="service-tg-72"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

C-17Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-73"><vnsCfgRelInst key="servicename" name="service-tg-73"targetName="service-tg-73"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-74"><vnsCfgRelInst key="servicename" name="service-tg-74"targetName="service-tg-74"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-75"><vnsCfgRelInst key="servicename" name="service-tg-75"targetName="service-tg-75"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-76"><vnsCfgRelInst key="servicename" name="service-tg-76"targetName="service-tg-76"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-77"><vnsCfgRelInst key="servicename" name="service-tg-77"targetName="service-tg-77"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-78"><vnsCfgRelInst key="servicename" name="service-tg-78"targetName="service-tg-78"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-79"><vnsCfgRelInst key="servicename" name="service-tg-79"targetName="service-tg-79"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="lbvserver_service_binding"name="service-tg-80"><vnsCfgRelInst key="servicename" name="service-tg-80"targetName="service-tg-80"/>

</vnsFolderInst></vnsFolderInst>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"nodeNameOrLbl="LB1" key="service" name="service-tg-01">

<vnsParamInst name="name" key="name" value="service-tg-01"/><vnsParamInst name="ip" key="ip" value="10.16.2.1"/><vnsParamInst name="servicetype" key="servicetype" value="HTTP"/><vnsParamInst name="port" key="port" value="80"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-02"><vnsParamInst name="name" key="name" value="service-tg-02"/><vnsParamInst name="ip" key="ip" value="10.16.2.2"/><vnsParamInst name="servicetype" key="servicetype" value="HTTP"/><vnsParamInst name="port" key="port" value="80"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

C-18Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

nodeNameOrLbl="LB1" key="service" name="service-tg-03"><vnsParamInst name="name" key="name" value="service-tg-03"/><vnsParamInst name="ip" key="ip" value="10.16.2.3"/><vnsParamInst name="servicetype" key="servicetype" value="HTTP"/><vnsParamInst name="port" key="port" value="80"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-04"><vnsParamInst name="name" key="name" value="service-tg-04"/><vnsParamInst name="ip" key="ip" value="10.16.2.4"/><vnsParamInst name="servicetype" key="servicetype" value="HTTP"/><vnsParamInst name="port" key="port" value="80"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-05"><vnsParamInst name="name" key="name" value="service-tg-05"/><vnsParamInst name="ip" key="ip" value="10.16.2.5"/><vnsParamInst name="servicetype" key="servicetype" value="HTTP"/><vnsParamInst name="port" key="port" value="80"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-06"><vnsParamInst name="name" key="name" value="service-tg-06"/><vnsParamInst name="ip" key="ip" value="10.16.2.6"/><vnsParamInst name="servicetype" key="servicetype" value="HTTP"/><vnsParamInst name="port" key="port" value="80"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-07"><vnsParamInst name="name" key="name" value="service-tg-07"/><vnsParamInst name="ip" key="ip" value="10.16.2.7"/><vnsParamInst name="servicetype" key="servicetype" value="HTTP"/><vnsParamInst name="port" key="port" value="80"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-08"><vnsParamInst name="name" key="name" value="service-tg-08"/><vnsParamInst name="ip" key="ip" value="10.16.2.8"/><vnsParamInst name="servicetype" key="servicetype" value="HTTP"/><vnsParamInst name="port" key="port" value="80"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-09"><vnsParamInst name="name" key="name" value="service-tg-09"/><vnsParamInst name="ip" key="ip" value="10.16.2.9"/><vnsParamInst name="servicetype" key="servicetype" value="HTTP"/><vnsParamInst name="port" key="port" value="80"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-10"><vnsParamInst name="name" key="name" value="service-tg-10"/><vnsParamInst name="ip" key="ip" value="10.16.2.10"/><vnsParamInst name="servicetype" key="servicetype" value="HTTP"/><vnsParamInst name="port" key="port" value="80"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-11"><vnsParamInst name="name" key="name" value="service-tg-11"/><vnsParamInst name="ip" key="ip" value="10.16.2.11"/><vnsParamInst name="servicetype" key="servicetype" value="HTTP"/><vnsParamInst name="port" key="port" value="80"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-12">

C-19Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsParamInst name="name" key="name" value="service-tg-12"/><vnsParamInst name="ip" key="ip" value="10.16.2.12"/><vnsParamInst name="servicetype" key="servicetype" value="HTTP"/><vnsParamInst name="port" key="port" value="80"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-13"><vnsParamInst name="name" key="name" value="service-tg-13"/><vnsParamInst name="ip" key="ip" value="10.16.2.13"/><vnsParamInst name="servicetype" key="servicetype" value="HTTP"/><vnsParamInst name="port" key="port" value="80"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-14"><vnsParamInst name="name" key="name" value="service-tg-14"/><vnsParamInst name="ip" key="ip" value="10.16.2.14"/><vnsParamInst name="servicetype" key="servicetype" value="HTTP"/><vnsParamInst name="port" key="port" value="80"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-15"><vnsParamInst name="name" key="name" value="service-tg-15"/><vnsParamInst name="ip" key="ip" value="10.16.2.15"/><vnsParamInst name="servicetype" key="servicetype" value="HTTP"/><vnsParamInst name="port" key="port" value="80"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-16"><vnsParamInst name="name" key="name" value="service-tg-16"/><vnsParamInst name="ip" key="ip" value="10.16.2.16"/><vnsParamInst name="servicetype" key="servicetype" value="HTTP"/><vnsParamInst name="port" key="port" value="80"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-17"><vnsParamInst name="name" key="name" value="service-tg-17"/><vnsParamInst name="ip" key="ip" value="10.16.2.17"/><vnsParamInst name="servicetype" key="servicetype" value="HTTP"/><vnsParamInst name="port" key="port" value="80"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-18"><vnsParamInst name="name" key="name" value="service-tg-18"/><vnsParamInst name="ip" key="ip" value="10.16.2.18"/><vnsParamInst name="servicetype" key="servicetype" value="HTTP"/><vnsParamInst name="port" key="port" value="80"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-19"><vnsParamInst name="name" key="name" value="service-tg-19"/><vnsParamInst name="ip" key="ip" value="10.16.2.19"/><vnsParamInst name="servicetype" key="servicetype" value="HTTP"/><vnsParamInst name="port" key="port" value="80"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-20"><vnsParamInst name="name" key="name" value="service-tg-20"/><vnsParamInst name="ip" key="ip" value="10.16.2.20"/><vnsParamInst name="servicetype" key="servicetype" value="HTTP"/><vnsParamInst name="port" key="port" value="80"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-41"><vnsParamInst name="name" key="name" value="service-tg-41"/>

C-20Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsParamInst name="ip" key="ip" value="10.16.2.41"/><vnsParamInst name="servicetype" key="servicetype" value="TCP"/><vnsParamInst name="port" key="port" value="8080"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-42"><vnsParamInst name="name" key="name" value="service-tg-42"/><vnsParamInst name="ip" key="ip" value="10.16.2.42"/><vnsParamInst name="servicetype" key="servicetype" value="TCP"/><vnsParamInst name="port" key="port" value="8080"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-43"><vnsParamInst name="name" key="name" value="service-tg-43"/><vnsParamInst name="ip" key="ip" value="10.16.2.43"/><vnsParamInst name="servicetype" key="servicetype" value="TCP"/><vnsParamInst name="port" key="port" value="8080"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-44"><vnsParamInst name="name" key="name" value="service-tg-44"/><vnsParamInst name="ip" key="ip" value="10.16.2.44"/><vnsParamInst name="servicetype" key="servicetype" value="TCP"/><vnsParamInst name="port" key="port" value="8080"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-45"><vnsParamInst name="name" key="name" value="service-tg-45"/><vnsParamInst name="ip" key="ip" value="10.16.2.45"/><vnsParamInst name="servicetype" key="servicetype" value="TCP"/><vnsParamInst name="port" key="port" value="8080"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-46"><vnsParamInst name="name" key="name" value="service-tg-46"/><vnsParamInst name="ip" key="ip" value="10.16.2.46"/><vnsParamInst name="servicetype" key="servicetype" value="TCP"/><vnsParamInst name="port" key="port" value="8080"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-47"><vnsParamInst name="name" key="name" value="service-tg-47"/><vnsParamInst name="ip" key="ip" value="10.16.2.47"/><vnsParamInst name="servicetype" key="servicetype" value="TCP"/><vnsParamInst name="port" key="port" value="8080"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-48"><vnsParamInst name="name" key="name" value="service-tg-48"/><vnsParamInst name="ip" key="ip" value="10.16.2.48"/><vnsParamInst name="servicetype" key="servicetype" value="TCP"/><vnsParamInst name="port" key="port" value="8080"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-49"><vnsParamInst name="name" key="name" value="service-tg-49"/><vnsParamInst name="ip" key="ip" value="10.16.2.49"/><vnsParamInst name="servicetype" key="servicetype" value="TCP"/><vnsParamInst name="port" key="port" value="8080"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-50"><vnsParamInst name="name" key="name" value="service-tg-50"/><vnsParamInst name="ip" key="ip" value="10.16.2.50"/>

C-21Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsParamInst name="servicetype" key="servicetype" value="TCP"/><vnsParamInst name="port" key="port" value="8080"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-51"><vnsParamInst name="name" key="name" value="service-tg-51"/><vnsParamInst name="ip" key="ip" value="10.16.2.51"/><vnsParamInst name="servicetype" key="servicetype" value="TCP"/><vnsParamInst name="port" key="port" value="8080"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-52"><vnsParamInst name="name" key="name" value="service-tg-52"/><vnsParamInst name="ip" key="ip" value="10.16.2.52"/><vnsParamInst name="servicetype" key="servicetype" value="TCP"/><vnsParamInst name="port" key="port" value="8080"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-53"><vnsParamInst name="name" key="name" value="service-tg-53"/><vnsParamInst name="ip" key="ip" value="10.16.2.53"/><vnsParamInst name="servicetype" key="servicetype" value="TCP"/><vnsParamInst name="port" key="port" value="8080"/>

</vnsFolderInst>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"nodeNameOrLbl="LB1" key="service" name="service-tg-54">

<vnsParamInst name="name" key="name" value="service-tg-54"/><vnsParamInst name="ip" key="ip" value="10.16.2.54"/><vnsParamInst name="servicetype" key="servicetype" value="TCP"/><vnsParamInst name="port" key="port" value="8080"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-55"><vnsParamInst name="name" key="name" value="service-tg-55"/><vnsParamInst name="ip" key="ip" value="10.16.2.55"/><vnsParamInst name="servicetype" key="servicetype" value="TCP"/><vnsParamInst name="port" key="port" value="8080"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-56"><vnsParamInst name="name" key="name" value="service-tg-56"/><vnsParamInst name="ip" key="ip" value="10.16.2.56"/><vnsParamInst name="servicetype" key="servicetype" value="TCP"/><vnsParamInst name="port" key="port" value="8080"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-57"><vnsParamInst name="name" key="name" value="service-tg-57"/><vnsParamInst name="ip" key="ip" value="10.16.2.57"/><vnsParamInst name="servicetype" key="servicetype" value="TCP"/><vnsParamInst name="port" key="port" value="8080"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-58"><vnsParamInst name="name" key="name" value="service-tg-58"/><vnsParamInst name="ip" key="ip" value="10.16.2.58"/><vnsParamInst name="servicetype" key="servicetype" value="TCP"/><vnsParamInst name="port" key="port" value="8080"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-59"><vnsParamInst name="name" key="name" value="service-tg-59"/><vnsParamInst name="ip" key="ip" value="10.16.2.59"/>

C-22Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsParamInst name="servicetype" key="servicetype" value="TCP"/><vnsParamInst name="port" key="port" value="8080"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-60"><vnsParamInst name="name" key="name" value="service-tg-60"/><vnsParamInst name="ip" key="ip" value="10.16.2.60"/><vnsParamInst name="servicetype" key="servicetype" value="TCP"/><vnsParamInst name="port" key="port" value="8080"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-61"><vnsParamInst name="name" key="name" value="service-tg-61"/><vnsParamInst name="ip" key="ip" value="10.16.2.61"/><vnsParamInst name="servicetype" key="servicetype" value="DNS"/><vnsParamInst name="port" key="port" value="53"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-62"><vnsParamInst name="name" key="name" value="service-tg-62"/><vnsParamInst name="ip" key="ip" value="10.16.2.62"/><vnsParamInst name="servicetype" key="servicetype" value="DNS"/><vnsParamInst name="port" key="port" value="53"/>

</vnsFolderInst>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"nodeNameOrLbl="LB1" key="service" name="service-tg-63">

<vnsParamInst name="name" key="name" value="service-tg-63"/><vnsParamInst name="ip" key="ip" value="10.16.2.63"/><vnsParamInst name="servicetype" key="servicetype" value="DNS"/><vnsParamInst name="port" key="port" value="53"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-64"><vnsParamInst name="name" key="name" value="service-tg-64"/><vnsParamInst name="ip" key="ip" value="10.16.2.64"/><vnsParamInst name="servicetype" key="servicetype" value="DNS"/><vnsParamInst name="port" key="port" value="53"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-65"><vnsParamInst name="name" key="name" value="service-tg-65"/><vnsParamInst name="ip" key="ip" value="10.16.2.65"/><vnsParamInst name="servicetype" key="servicetype" value="DNS"/><vnsParamInst name="port" key="port" value="53"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-66"><vnsParamInst name="name" key="name" value="service-tg-66"/><vnsParamInst name="ip" key="ip" value="10.16.2.66"/><vnsParamInst name="servicetype" key="servicetype" value="DNS"/><vnsParamInst name="port" key="port" value="53"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-67"><vnsParamInst name="name" key="name" value="service-tg-67"/><vnsParamInst name="ip" key="ip" value="10.16.2.67"/><vnsParamInst name="servicetype" key="servicetype" value="DNS"/><vnsParamInst name="port" key="port" value="53"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-68"><vnsParamInst name="name" key="name" value="service-tg-68"/><vnsParamInst name="ip" key="ip" value="10.16.2.68"/>

C-23Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsParamInst name="servicetype" key="servicetype" value="DNS"/><vnsParamInst name="port" key="port" value="53"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-69"><vnsParamInst name="name" key="name" value="service-tg-69"/><vnsParamInst name="ip" key="ip" value="10.16.2.69"/><vnsParamInst name="servicetype" key="servicetype" value="DNS"/><vnsParamInst name="port" key="port" value="53"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-70"><vnsParamInst name="name" key="name" value="service-tg-70"/><vnsParamInst name="ip" key="ip" value="10.16.2.70"/><vnsParamInst name="servicetype" key="servicetype" value="DNS"/><vnsParamInst name="port" key="port" value="53"/>

</vnsFolderInst>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"nodeNameOrLbl="LB1" key="service" name="service-tg-71">

<vnsParamInst name="name" key="name" value="service-tg-71"/><vnsParamInst name="ip" key="ip" value="10.16.2.71"/><vnsParamInst name="servicetype" key="servicetype" value="DNS"/><vnsParamInst name="port" key="port" value="53"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-72"><vnsParamInst name="name" key="name" value="service-tg-72"/><vnsParamInst name="ip" key="ip" value="10.16.2.72"/><vnsParamInst name="servicetype" key="servicetype" value="DNS"/><vnsParamInst name="port" key="port" value="53"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-73"><vnsParamInst name="name" key="name" value="service-tg-73"/><vnsParamInst name="ip" key="ip" value="10.16.2.73"/><vnsParamInst name="servicetype" key="servicetype" value="DNS"/><vnsParamInst name="port" key="port" value="53"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-74"><vnsParamInst name="name" key="name" value="service-tg-74"/><vnsParamInst name="ip" key="ip" value="10.16.2.74"/><vnsParamInst name="servicetype" key="servicetype" value="DNS"/><vnsParamInst name="port" key="port" value="53"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-75"><vnsParamInst name="name" key="name" value="service-tg-75"/><vnsParamInst name="ip" key="ip" value="10.16.2.75"/><vnsParamInst name="servicetype" key="servicetype" value="DNS"/><vnsParamInst name="port" key="port" value="53"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-76"><vnsParamInst name="name" key="name" value="service-tg-76"/><vnsParamInst name="ip" key="ip" value="10.16.2.76"/><vnsParamInst name="servicetype" key="servicetype" value="DNS"/><vnsParamInst name="port" key="port" value="53"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-77"><vnsParamInst name="name" key="name" value="service-tg-77"/><vnsParamInst name="ip" key="ip" value="10.16.2.77"/>

C-24Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsParamInst name="servicetype" key="servicetype" value="DNS"/><vnsParamInst name="port" key="port" value="53"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-78"><vnsParamInst name="name" key="name" value="service-tg-78"/><vnsParamInst name="ip" key="ip" value="10.16.2.78"/><vnsParamInst name="servicetype" key="servicetype" value="DNS"/><vnsParamInst name="port" key="port" value="53"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-79"><vnsParamInst name="name" key="name" value="service-tg-79"/><vnsParamInst name="ip" key="ip" value="10.16.2.79"/><vnsParamInst name="servicetype" key="servicetype" value="DNS"/><vnsParamInst name="port" key="port" value="53"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="service" name="service-tg-80"><vnsParamInst name="name" key="name" value="service-tg-80"/><vnsParamInst name="ip" key="ip" value="10.16.2.80"/><vnsParamInst name="servicetype" key="servicetype" value="DNS"/><vnsParamInst name="port" key="port" value="53"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCnglbvserver" name="Func_vip-tg-101"><vnsCfgRelInst name="lbsverver_key" key="lbvserver_key"

targetName="vip-tg-101"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCnglbvserver" name="Func_vip-tg-102"><vnsCfgRelInst name="lbsverver_key" key="lbvserver_key"

targetName="vip-tg-102"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCnglbvserver" name="Func_vip-tg-105"><vnsCfgRelInst name="lbsverver_key" key="lbvserver_key"

targetName="vip-tg-105"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCnglbvserver" name="Func_vip-tg-106"><vnsCfgRelInst name="lbsverver_key" key="lbvserver_key"

targetName="vip-tg-106"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCnglbvserver" name="Func_vip-tg-107"><vnsCfgRelInst name="lbsverver_key" key="lbvserver_key"

targetName="vip-tg-107"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCnglbvserver" name="Func_vip-tg-108"><vnsCfgRelInst name="lbsverver_key" key="lbvserver_key"

targetName="vip-tg-108"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-01"><vnsCfgRelInst name="Func_service-tg-01_key" key="service_key"

targetName="service-tg-01"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-02"><vnsCfgRelInst name="Func_service-tg-02_key" key="service_key"

targetName="service-tg-02"/></vnsFolderInst>

C-25Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-03">

<vnsCfgRelInst name="Func_service-tg-03_key" key="service_key"targetName="service-tg-03"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-04"><vnsCfgRelInst name="Func_service-tg-04_key" key="service_key"

targetName="service-tg-04"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-05"><vnsCfgRelInst name="Func_service-tg-05_key" key="service_key"

targetName="service-tg-05"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-06"><vnsCfgRelInst name="Func_service-tg-06_key" key="service_key"

targetName="service-tg-06"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-07"><vnsCfgRelInst name="Func_service-tg-07_key" key="service_key"

targetName="service-tg-07"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-08"><vnsCfgRelInst name="Func_service-tg-08_key" key="service_key"

targetName="service-tg-08"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-09"><vnsCfgRelInst name="Func_service-tg-09_key" key="service_key"

targetName="service-tg-09"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-10"><vnsCfgRelInst name="Func_service-tg-10_key" key="service_key"

targetName="service-tg-10"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-11"><vnsCfgRelInst name="Func_service-tg-11_key" key="service_key"

targetName="service-tg-11"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-12"><vnsCfgRelInst name="Func_service-tg-12_key" key="service_key"

targetName="service-tg-12"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-13"><vnsCfgRelInst name="Func_service-tg-13_key" key="service_key"

targetName="service-tg-13"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-14"><vnsCfgRelInst name="Func_service-tg-14_key" key="service_key"

targetName="service-tg-14"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-15"><vnsCfgRelInst name="Func_service-tg-15_key" key="service_key"

targetName="service-tg-15"/>

C-26Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-16"><vnsCfgRelInst name="Func_service-tg-16_key" key="service_key"

targetName="service-tg-16"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-17"><vnsCfgRelInst name="Func_service-tg-17_key" key="service_key"

targetName="service-tg-17"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-18"><vnsCfgRelInst name="Func_service-tg-18_key" key="service_key"

targetName="service-tg-18"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-19"><vnsCfgRelInst name="Func_service-tg-19_key" key="service_key"

targetName="service-tg-19"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-20"><vnsCfgRelInst name="Func_service-tg-20_key" key="service_key"

targetName="service-tg-20"/></vnsFolderInst>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-41">

<vnsCfgRelInst name="Func_service-tg-41_key" key="service_key"targetName="service-tg-41"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-42"><vnsCfgRelInst name="Func_service-tg-42_key" key="service_key"

targetName="service-tg-42"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-43"><vnsCfgRelInst name="Func_service-tg-43_key" key="service_key"

targetName="service-tg-43"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-44"><vnsCfgRelInst name="Func_service-tg-44_key" key="service_key"

targetName="service-tg-44"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-45"><vnsCfgRelInst name="Func_service-tg-45_key" key="service_key"

targetName="service-tg-45"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-46"><vnsCfgRelInst name="Func_service-tg-46_key" key="service_key"

targetName="service-tg-46"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-47"><vnsCfgRelInst name="Func_service-tg-47_key" key="service_key"

targetName="service-tg-47"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-48">

C-27Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsCfgRelInst name="Func_service-tg-48_key" key="service_key"targetName="service-tg-48"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-49"><vnsCfgRelInst name="Func_service-tg-49_key" key="service_key"

targetName="service-tg-49"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-50"><vnsCfgRelInst name="Func_service-tg-50_key" key="service_key"

targetName="service-tg-50"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-51"><vnsCfgRelInst name="Func_service-tg-51_key" key="service_key"

targetName="service-tg-51"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-52"><vnsCfgRelInst name="Func_service-tg-52_key" key="service_key"

targetName="service-tg-52"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-53"><vnsCfgRelInst name="Func_service-tg-53_key" key="service_key"

targetName="service-tg-53"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-54"><vnsCfgRelInst name="Func_service-tg-54_key" key="service_key"

targetName="service-tg-54"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-55"><vnsCfgRelInst name="Func_service-tg-55_key" key="service_key"

targetName="service-tg-55"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-56"><vnsCfgRelInst name="Func_service-tg-56_key" key="service_key"

targetName="service-tg-56"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-57"><vnsCfgRelInst name="Func_service-tg-57_key" key="service_key"

targetName="service-tg-57"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-58"><vnsCfgRelInst name="Func_service-tg-58_key" key="service_key"

targetName="service-tg-58"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-59"><vnsCfgRelInst name="Func_service-tg-59_key" key="service_key"

targetName="service-tg-59"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-60"><vnsCfgRelInst name="Func_service-tg-60_key" key="service_key"

targetName="service-tg-60"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

C-28Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-61"><vnsCfgRelInst name="Func_service-tg-61_key" key="service_key"

targetName="service-tg-61"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-62"><vnsCfgRelInst name="Func_service-tg-62_key" key="service_key"

targetName="service-tg-62"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-63"><vnsCfgRelInst name="Func_service-tg-63_key" key="service_key"

targetName="service-tg-63"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-64"><vnsCfgRelInst name="Func_service-tg-64_key" key="service_key"

targetName="service-tg-64"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-65"><vnsCfgRelInst name="Func_service-tg-65_key" key="service_key"

targetName="service-tg-65"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-66"><vnsCfgRelInst name="Func_service-tg-66_key" key="service_key"

targetName="service-tg-66"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-67"><vnsCfgRelInst name="Func_service-tg-67_key" key="service_key"

targetName="service-tg-67"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-68"><vnsCfgRelInst name="Func_service-tg-68_key" key="service_key"

targetName="service-tg-68"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-69"><vnsCfgRelInst name="Func_service-tg-69_key" key="service_key"

targetName="service-tg-69"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-70"><vnsCfgRelInst name="Func_service-tg-70_key" key="service_key"

targetName="service-tg-70"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-71"><vnsCfgRelInst name="Func_service-tg-71_key" key="service_key"

targetName="service-tg-71"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-72"><vnsCfgRelInst name="Func_service-tg-72_key" key="service_key"

targetName="service-tg-72"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-73"><vnsCfgRelInst name="Func_service-tg-73_key" key="service_key"

targetName="service-tg-73"/></vnsFolderInst>

C-29Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-74">

<vnsCfgRelInst name="Func_service-tg-74_key" key="service_key"targetName="service-tg-74"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-75"><vnsCfgRelInst name="Func_service-tg-75_key" key="service_key"

targetName="service-tg-75"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-76"><vnsCfgRelInst name="Func_service-tg-76_key" key="service_key"

targetName="service-tg-76"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-77"><vnsCfgRelInst name="Func_service-tg-77_key" key="service_key"

targetName="service-tg-77"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-78"><vnsCfgRelInst name="Func_service-tg-78_key" key="service_key"

targetName="service-tg-78"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-79"><vnsCfgRelInst name="Func_service-tg-79_key" key="service_key"

targetName="service-tg-79"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-80"><vnsCfgRelInst name="Func_service-tg-80_key" key="service_key"

targetName="service-tg-80"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="external_network"name="external_network">

<vnsCfgRelInst name="external_network_key"key="external_network_key" targetName="network/snip1" />

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="internal_network"name="internal_network">

<vnsCfgRelInst name="internal_network_key"key="internal_network_key" targetName="network/snip2"/>

</vnsFolderInst></fvAEPg>

</fvAp></fvTenant>

</polUni>

Return to XML Files for Configuring Basic Functions, page C-10.

Goto Configurations, page C-1

ConfigServiceGraphWithParams_lb_http.xml

Configures L4-L7 parameters for the load balancing service graph.<!— ConfigServiceGraphWithParams_lb_http.xml --><!— Configure L4-L7 parameters for LB Service Graph -—><polUni>

<fvTenant name="silverTenant1">

C-30Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsAbsGraph name="WebGraph"><vnsAbsTermNodeProv name="Input1">

<vnsAbsTermConn name="C1"></vnsAbsTermConn>

</vnsAbsTermNodeProv>

<!-- LB1 Provides LoadBalancing functionality --><vnsAbsNode name="LB1" funcType="GoTo">

<vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraph-WebGraph/AbsTermNodeProv-Input1/outtmnl"/>

<vnsAbsFuncConn name="outside" attNotify="true"><vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-LoadBalancing/mConn-external" />

</vnsAbsFuncConn><vnsAbsFuncConn name="inside" attNotify="true">

<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-LoadBalancing/mConn-internal" />

</vnsAbsFuncConn><vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-

LoadBalancing" /></vnsAbsNode><vnsAbsTermNodeCon name="Output1">

<vnsAbsTermConn name="C6"></vnsAbsTermConn>

</vnsAbsTermNodeCon><vnsAbsConnection name="CON1" adjType="L3">

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph/AbsTermNodeCon-Output1/AbsTConn"/>

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph/AbsNode-LB1/AbsFConn-outside"/>

</vnsAbsConnection><vnsAbsConnection name="CON2">

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph/AbsNode-LB1/AbsFConn-inside"/>

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph/AbsTermNodeProv-Input1/AbsTConn"/>

</vnsAbsConnection></vnsAbsGraph>

</fvTenant></polUni>

Return to XML Files for Configuring Basic Functions, page C-10.

Goto Configurations, page C-1.

CreateContract_lb_http.xml

Configures a contract for load balancing traffic.<!— CreateContract_lb_http.xml --><!— Create contract for LB --><polUni>

<fvTenant dn="uni/tn-silverTenant1" name="silverTenant1"><vzFilter name="HttpIn">

<vzEntry name="e1" prot="6" dFromPort="80" dToPort="80" etherT="ip"/></vzFilter><vzFilter name="HttpOut">

<vzEntry name="e1" prot="6" dFromPort="80" etherT="ip"/></vzFilter><vzFilter name="acl_lb_generic"><vzEntry name="e1"/>

</vzFilter><vzBrCP name="webCtrct1" scope="global">

<vzSubj name="http">

C-31Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vzRsSubjFiltAtt tnVzFilterName="acl_lb_generic"/></vzSubj>

</vzBrCP></fvTenant>

</polUni>

Return to XML Files for Configuring Basic Functions, page C-10.

Goto Configurations, page C-1.

AttachGraphToContract_lb_http.xml

Attaches the service graph to the contract.<!— AttachGraphToContract_lb_http.xml --><!— Attaches LB service graph to contract --><polUni>

<fvTenant name="silverTenant1"><vzBrCP name="webCtrct1">

<vzSubj name="http"><vzRsSubjGraphAtt tnVnsAbsGraphName="WebGraph"/>

</vzSubj></vzBrCP>

</fvTenant></polUni>

Return to XML Files for Configuring Basic Functions, page C-10.

Goto Configurations, page C-1.

CreateServiceGraph_lb_ssl.xml

Creates a service graph (WebGraph_ssl) for SSL Offloading.<!— CreateServiceGraph_lb_ssl.xml --><!— Create service graph for SSL --><polUni><fvTenant name="silverTenant1"><!-- Application Profile --><fvAp dn="uni/tn-silverTenant1/ap-Web1-AppProfile" name="Web1-AppProfile">

<!-- EPG 1 --><fvAEPg dn="uni/tn-silverTenant1/ap-Web1-AppProfile/epg-Web1-EPG"

name="Web1-EPG"><fvRsBd tnFvBDName="silverTenant1-BD1" /><fvRsProv tnVzBrCPName="webCtrct1"></fvRsProv>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"nodeNameOrLbl="SSL1" key="Network" name="network">

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"nodeNameOrLbl="SSL1" key="nsip" name="snip1">

<vnsParamInst key="ipaddress" name="ip1" value="101.16.1.11"/><vnsParamInst key="netmask" name="netmask1" value="255.255.255.0"/><vnsParamInst key="dynamicrouting" name="dynamicRouting"

value="ENABLED"/><vnsParamInst key="hostroute" name="hostroute" value="DISABLED"/><vnsParamInst key="type" name="type" value="SNIP"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="nsip" name="snip2"><vnsParamInst key="ipaddress" name="ip2" value="10.16.1.11"/><vnsParamInst key="netmask" name="netmask2" value="255.255.255.0"/><vnsParamInst key="dynamicrouting" name="dynamicRouting"

value="DISABLED"/><vnsParamInst key="hostroute" name="hostroute" value="DISABLED"/><vnsParamInst key="mgmtaccess" name="mgmtaccess" value="ENABLED"/><vnsParamInst key="type" name="type" value="SNIP"/>

C-32Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

</vnsFolderInst></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="lbvserver" name="vip-tg-103_lb"><vnsParamInst name="name" key="name" value="vip-tg-103"/><vnsParamInst name="ipv46" key="ipv46" value="101.16.1.103"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="lbvserver_service_binding"name="service-tg-21">

<vnsCfgRelInst key="servicename" name="service-tg-21"targetName="service-tg-21"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="lbvserver_service_binding"name="service-tg-22">

<vnsCfgRelInst key="servicename" name="service-tg-22"targetName="service-tg-22"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="lbvserver_service_binding"name="service-tg-23">

<vnsCfgRelInst key="servicename" name="service-tg-23"targetName="service-tg-23"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="lbvserver_service_binding"name="service-tg-24">

<vnsCfgRelInst key="servicename" name="service-tg-24"targetName="service-tg-24"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="lbvserver_service_binding"name="service-tg-25">

<vnsCfgRelInst key="servicename" name="service-tg-25"targetName="service-tg-25"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="lbvserver_service_binding"name="service-tg-26">

<vnsCfgRelInst key="servicename" name="service-tg-26"targetName="service-tg-26"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="lbvserver_service_binding"name="service-tg-27">

<vnsCfgRelInst key="servicename" name="service-tg-27"targetName="service-tg-27"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="lbvserver_service_binding"name="service-tg-28">

<vnsCfgRelInst key="servicename" name="service-tg-28"targetName="service-tg-28"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="lbvserver_service_binding"name="service-tg-29">

<vnsCfgRelInst key="servicename" name="service-tg-29"targetName="service-tg-29"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

C-33Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

nodeNameOrLbl="SSL1" key="lbvserver_service_binding"name="service-tg-30">

<vnsCfgRelInst key="servicename" name="service-tg-30"targetName="service-tg-30"/>

</vnsFolderInst></vnsFolderInst>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"nodeNameOrLbl="SSL1" key="lbvserver" name="vip-tg-104_lb">

<vnsParamInst name="name" key="name" value="vip-tg-104"/><vnsParamInst name="ipv46" key="ipv46" value="101.16.1.104"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="lbvserver_service_binding"name="service-tg-31">

<vnsCfgRelInst key="servicename" name="service-tg-31"targetName="service-tg-31"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="lbvserver_service_binding"name="service-tg-32">

<vnsCfgRelInst key="servicename" name="service-tg-32"targetName="service-tg-32"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="lbvserver_service_binding"name="service-tg-33">

<vnsCfgRelInst key="servicename" name="service-tg-33"targetName="service-tg-33"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="lbvserver_service_binding"name="service-tg-34">

<vnsCfgRelInst key="servicename" name="service-tg-34"targetName="service-tg-34"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="lbvserver_service_binding"name="service-tg-35">

<vnsCfgRelInst key="servicename" name="service-tg-35"targetName="service-tg-35"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="lbvserver_service_binding"name="service-tg-36">

<vnsCfgRelInst key="servicename" name="service-tg-36"targetName="service-tg-36"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="lbvserver_service_binding"name="service-tg-37">

<vnsCfgRelInst key="servicename" name="service-tg-37"targetName="service-tg-37"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="lbvserver_service_binding"name="service-tg-38">

<vnsCfgRelInst key="servicename" name="service-tg-38"targetName="service-tg-38"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="lbvserver_service_binding"name="service-tg-39">

C-34Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsCfgRelInst key="servicename" name="service-tg-39"targetName="service-tg-39"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="lbvserver_service_binding"name="service-tg-40">

<vnsCfgRelInst key="servicename" name="service-tg-40"targetName="service-tg-40"/>

</vnsFolderInst></vnsFolderInst>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"nodeNameOrLbl="SSL1" key="sslcertkey" name="sp2013.test.ctx-cert">

<vnsParamInst name="certkey" key="certkey"value="sp2013.test.ctx-cert"/>

<vnsParamInst name="cert" key="cert" value="sp2013-server.cert"/><vnsParamInst name="key" key="key" value="sp2013-server.key"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="sslvserver" name="vip-tg-103_ssl"><vnsParamInst name="vservername" key="vservername" value="vip-tg-103"/><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" name="sslvserver_binding"key="sslvserver_sslcertkey_binding">

<vnsCfgRelInst name="certkeyname" key="certkeyname"targetName="sp2013.test.ctx-cert"/>

</vnsFolderInst></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="sslvserver" name="vip-tg-104_ssl"><vnsParamInst name="vservername" key="vservername" value="vip-tg-104"/><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" name="sslvserver_binding"key="sslvserver_sslcertkey_binding">

<vnsCfgRelInst name="certkeyname" key="certkeyname"targetName="sp2013.test.ctx-cert"/>

</vnsFolderInst></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="service" name="service-tg-21"><vnsParamInst name="name" key="name" value="service-tg-21"/><vnsParamInst name="ip" key="ip" value="10.16.2.21"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="service" name="service-tg-22"><vnsParamInst name="name" key="name" value="service-tg-22"/><vnsParamInst name="ip" key="ip" value="10.16.2.22"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="service" name="service-tg-23"><vnsParamInst name="name" key="name" value="service-tg-23"/><vnsParamInst name="ip" key="ip" value="10.16.2.23"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="service" name="service-tg-24"><vnsParamInst name="name" key="name" value="service-tg-24"/><vnsParamInst name="ip" key="ip" value="10.16.2.24"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/>

C-35Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsParamInst name="port" key="port" value="443"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="service" name="service-tg-25"><vnsParamInst name="name" key="name" value="service-tg-25"/><vnsParamInst name="ip" key="ip" value="10.16.2.25"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="service" name="service-tg-26"><vnsParamInst name="name" key="name" value="service-tg-26"/><vnsParamInst name="ip" key="ip" value="10.16.2.26"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"nodeNameOrLbl="SSL1" key="service" name="service-tg-27">

<vnsParamInst name="name" key="name" value="service-tg-27"/><vnsParamInst name="ip" key="ip" value="10.16.2.27"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="service" name="service-tg-28"><vnsParamInst name="name" key="name" value="service-tg-28"/><vnsParamInst name="ip" key="ip" value="10.16.2.28"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="service" name="service-tg-29"><vnsParamInst name="name" key="name" value="service-tg-29"/><vnsParamInst name="ip" key="ip" value="10.16.2.29"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="service" name="service-tg-30"><vnsParamInst name="name" key="name" value="service-tg-30"/><vnsParamInst name="ip" key="ip" value="10.16.2.30"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="service" name="service-tg-31"><vnsParamInst name="name" key="name" value="service-tg-31"/><vnsParamInst name="ip" key="ip" value="10.16.2.31"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="service" name="service-tg-32"><vnsParamInst name="name" key="name" value="service-tg-32"/><vnsParamInst name="ip" key="ip" value="10.16.2.32"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="service" name="service-tg-33"><vnsParamInst name="name" key="name" value="service-tg-33"/><vnsParamInst name="ip" key="ip" value="10.16.2.33"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/>

</vnsFolderInst>

C-36Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"nodeNameOrLbl="SSL1" key="service" name="service-tg-34">

<vnsParamInst name="name" key="name" value="service-tg-34"/><vnsParamInst name="ip" key="ip" value="10.16.2.34"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="service" name="service-tg-35"><vnsParamInst name="name" key="name" value="service-tg-35"/><vnsParamInst name="ip" key="ip" value="10.16.2.35"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="service" name="service-tg-36"><vnsParamInst name="name" key="name" value="service-tg-36"/><vnsParamInst name="ip" key="ip" value="10.16.2.36"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="service" name="service-tg-37"><vnsParamInst name="name" key="name" value="service-tg-37"/><vnsParamInst name="ip" key="ip" value="10.16.2.37"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="service" name="service-tg-38"><vnsParamInst name="name" key="name" value="service-tg-38"/><vnsParamInst name="ip" key="ip" value="10.16.2.38"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="service" name="service-tg-39"><vnsParamInst name="name" key="name" value="service-tg-39"/><vnsParamInst name="ip" key="ip" value="10.16.2.39"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="service" name="service-tg-40"><vnsParamInst name="name" key="name" value="service-tg-40"/><vnsParamInst name="ip" key="ip" value="10.16.2.40"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="mFCnglbvserver" name="Func_vip-tg-103_lb"><vnsCfgRelInst name="lbvserver_key" key="lbvserver_key"

targetName="vip-tg-103_lb"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="mFCnglbvserver" name="Func_vip-tg-104_lb"><vnsCfgRelInst name="lbvserver_key" key="lbvserver_key"

targetName="vip-tg-104_lb"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="mFCngsslvserver"name="Func_vip-tg-103_ssl">

<vnsCfgRelInst name="sslvserver_key" key="sslvserver_key"targetName="vip-tg-103_ssl"/>

C-37Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="mFCngsslvserver"name="Func_vip-tg-104_ssl">

<vnsCfgRelInst name="sslvserver_key" key="sslvserver_key"targetName="vip-tg-104_ssl"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="mFCngsslcertkey" name="Func_sslcertkey"><vnsCfgRelInst name="sslcertkey_key" key="sslcertkey_key"

targetName="sp2013.test.ctx-cert"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-21"><vnsCfgRelInst name="Func_service-tg-21_key" key="service_key"

targetName="service-tg-21"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-22"><vnsCfgRelInst name="Func_service-tg-22_key" key="service_key"

targetName="service-tg-22"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-23"><vnsCfgRelInst name="Func_service-tg-23_key" key="service_key"

targetName="service-tg-23"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-24"><vnsCfgRelInst name="Func_service-tg-24_key" key="service_key"

targetName="service-tg-24"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-25"><vnsCfgRelInst name="Func_service-tg-25_key" key="service_key"

targetName="service-tg-25"/></vnsFolderInst>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-26">

<vnsCfgRelInst name="Func_service-tg-26_key" key="service_key"targetName="service-tg-26"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-27"><vnsCfgRelInst name="Func_service-tg-27_key" key="service_key"

targetName="service-tg-27"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-28"><vnsCfgRelInst name="Func_service-tg-28_key" key="service_key"

targetName="service-tg-28"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-29"><vnsCfgRelInst name="Func_service-tg-29_key" key="service_key"

targetName="service-tg-29"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-30"><vnsCfgRelInst name="Func_service-tg-30_key" key="service_key"

targetName="service-tg-30"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-31">

C-38Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsCfgRelInst name="Func_service-tg-31_key" key="service_key"targetName="service-tg-31"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-32"><vnsCfgRelInst name="Func_service-tg-32_key" key="service_key"

targetName="service-tg-32"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-33"><vnsCfgRelInst name="Func_service-tg-33_key" key="service_key"

targetName="service-tg-33"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-34"><vnsCfgRelInst name="Func_service-tg-34_key" key="service_key"

targetName="service-tg-34"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-35"><vnsCfgRelInst name="Func_service-tg-35_key" key="service_key"

targetName="service-tg-35"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-36"><vnsCfgRelInst name="Func_service-tg-36_key" key="service_key"

targetName="service-tg-36"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-37"><vnsCfgRelInst name="Func_service-tg-37_key" key="service_key"

targetName="service-tg-37"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-38"><vnsCfgRelInst name="Func_service-tg-38_key" key="service_key"

targetName="service-tg-38"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-39"><vnsCfgRelInst name="Func_service-tg-39_key" key="service_key"

targetName="service-tg-39"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-40"><vnsCfgRelInst name="Func_service-tg-40_key" key="service_key"

targetName="service-tg-40"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="external_network" name="external_network"><vnsCfgRelInst name="external_network_key" key="external_network_key"

targetName="network/snip1" /></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="internal_network" name="internal_network"><vnsCfgRelInst name="internal_network_key" key="internal_network_key"

targetName="network/snip2"/></vnsFolderInst>

</fvAEPg></fvAp>

</fvTenant></polUni>

C-39Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

Return to XML Files for Configuring Basic Functions, page C-10.

Goto Configurations, page C-1.

ConfigServiceGraphWithParams_lb_ssl.xml

Configures L4-L7 parameters for the SSL Offloading service graph.<!— ConfigServiceGraphWithParams_lb_ssl.xml --><!— Configure L4-L7 parameters for SSL Service Graph -—><polUni>

<fvTenant name="silverTenant1"><vnsAbsGraph name="WebGraph_ssl">

<vnsAbsTermNodeProv name="Input1"><vnsAbsTermConn name="C1"></vnsAbsTermConn>

</vnsAbsTermNodeProv>

<!-- SSL1 Provides SSL Offloading functionality --><vnsAbsNode name="SSL1"

funcType="GoTo"><vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_ssl/AbsTermNodeProv-Input1/outtmnl"/><vnsAbsFuncConn name="outside" attNotify="true">

<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-SSLOffload/mConn-external" />

</vnsAbsFuncConn><vnsAbsFuncConn name="inside" attNotify="true">

<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-SSLOffload/mConn-internal" />

</vnsAbsFuncConn><vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/

mFunc-SSLOffload" /></vnsAbsNode><vnsAbsTermNodeCon name="Output1">

<vnsAbsTermConn name="C6"></vnsAbsTermConn>

</vnsAbsTermNodeCon><vnsAbsConnection name="CON1" adjType="L3">

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_ssl/AbsTermNodeCon-Output1/AbsTConn"/>

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_ssl/AbsNode-SSL1/AbsFConn-outside"/>

</vnsAbsConnection><vnsAbsConnection name="CON2">

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_ssl/AbsNode-SSL1/AbsFConn-inside"/>

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_ssl/AbsTermNodeProv-Input1/AbsTConn"/>

</vnsAbsConnection></vnsAbsGraph>

</fvTenant></polUni>

Return to XML Files for Configuring Basic Functions, page C-10.

Goto Configurations, page C-1.

CreateContract_lb_ssl.xml

Configures a contract for SSL Offloading of generic traffic on the fabric.<!— CreateContract_lb_ssl.xml --><!— Create contract for SSL --><polUni>

C-40Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<fvTenant dn="uni/tn-silverTenant1" name="silverTenant1"><vzFilter name="HttpsIn">

<vzEntry name="e1" prot="6" dFromPort="443" dToPort="443"etherT="ip"/>

</vzFilter><vzFilter name="HttpsOut">

<vzEntry name="e1" prot="6" dFromPort="443" etherT="ip"/></vzFilter>

<vzFilter name="acl_lb_generic"><vzEntry name="e1"/></vzFilter>

<vzBrCP name="webCtrct1" scope="global"><vzSubj name="https">

<vzRsSubjFiltAtt tnVzFilterName="acl_lb_generic"/></vzSubj>

</vzBrCP></fvTenant>

</polUni>

Return to XML Files for Configuring Basic Functions, page C-10.

Goto Configurations, page C-1.

AttachGraphToContract_lb_ssl.xml

Attaches the SSL Offloading service graph to a contract.<!— AttachGraphToContract_lb_ssl.xml --><!— Attaches SSL service graph to contract --><polUni>

<fvTenant name="silverTenant1"><vzBrCP name="webCtrct1">

<vzSubj name="http"><vzRsSubjGraphAtt tnVnsAbsGraphName="WebGraph_ssl"/>

</vzSubj></vzBrCP>

</fvTenant></polUni>

Return to XML Files for Configuring Basic Functions, page C-10.

Goto Configurations, page C-1.

XML Files that Configure NetScaler Services for SharePointThese XML files set up NetScaler services to manage SharePoint traffic on the ACI fabric:

• XML for Content Switching

– CreateServiceGraph_SP_cs_ssl_1.xml, page C-43

Create a service graph (WebGraph_cs_ssl) for CS with SSL Offloading of SharePoint traffic.

– ConfigServiceGraphWithParams_SP_cs_ssl_1.xml, page C-46

Configure service graph with L4-L7 parameters for CS and SSL Offloading for SharePoint traffic.

– CreateServiceGraph_SP_cs_ssl_2.xml , page C-47

Create a second service graph (WebGraph_cs_ssl_2) for CS with SSL Offloading of SharePoint traffic. Configuring a service graph for Content Switching is a two-step process.

– ConfigServiceGraphWithParams_SP_cs_ssl_2.xml , page C-48

C-41Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

Configure graph (WebGraph_cs_ssl_2) with L4-L7 parameters for CS and SSL Offloading for SharePoint traffic.

• XML for Database Content Switching

– CreateServiceGraphWithParams_SP_cs_DB_1.xml, page C-49

Create a service graph and configure L4-L7 parameters for Content Switching of Database

– CreateServiceGraphWithParams_SP_cs_DB_2.xml, page C-51

Create a second service graph and configure L4-L7 parameters for Content Switching of Database. Configuring a service graph for Content Switching of Database is a two-step process.

• XML for Application Firewall

– CreateServiceGraphWithParams_AppFW.xml, page C-56

Create a service graph and configure L4-L7 parameters for AppFW.

– ConfigServiceGraph_SP_cs_ssl_1_withAppFW-policy.xml, page C-58

Configures additional L4-L7 parameters for the AppFW service graph that define the binding of AppFW policy.

– ConfigAppFW_block_SQL_injection.xml, page C-62

Configures AppFW to block SQL injection attacks.

– ConfigAppFW_block_XSS.xml, page C-63

Configures AppFW to block cross-site scripting (XSS) attacks.

• XML for Global Server Load Balancing (GSLB)

– CreateServiceGraphWithParams_SP_GSLB_1.xml , page C-66

Create service graph with L4-L7 parameters for a GSLB ADNS configuration.

– CreateServiceGraphWithParams_SP_GSLB_2.xml, page C-67

Create a second service graph and configure additional L4-L7 parameters for GSLB.

– ConfigParameters_SP_GSLB_DynamicProx.xml, page C-70

Configure L4-L7 parameters for GSLB using distribution by dynamic proximity.

– ConfigParameters_SP_GSLB_StaticProx.xml, page C-73

Configure L4-L7 parameters for GSLB using distribution by static proximity.

– ConfigParameters_SP_GSLB_LeastConn.xml, page C-76

Configure L4-L7 parameters for GSLB using distribution by least connection.

XML for Content Switching

The following Content Switching XML files are available for reference.

• CreateServiceGraph_SP_cs_ssl_1.xml, page C-43

Create a service graph (WebGraph_cs_ssl) for CS with SSL Offloading of SharePoint traffic.

• ConfigServiceGraphWithParams_SP_cs_ssl_1.xml, page C-46

Configure service graph with L4-L7 parameters for CS and SSL Offloading for SharePoint traffic.

• CreateServiceGraph_SP_cs_ssl_2.xml , page C-47

C-42Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

Create a second service graph (WebGraph_cs_ssl_2) for CS with SSL Offloading of SharePoint traffic. Configuring a service graph for Content Switching is a two-step process.

• ConfigServiceGraphWithParams_SP_cs_ssl_2.xml , page C-48

Configure graph (WebGraph_cs_ssl_2) with L4-L7 parameters for CS and SSL Offloading for SharePoint traffic.

CreateServiceGraph_SP_cs_ssl_1.xml

Create a service graph (WebGraph_cs_ssl) for CS with SSL Offloading of SharePoint traffic.<!-- CreateServiceGraph_SP_cs_ssl_1.xml --><!-- Create a service graph for CS with SSL Offloading for SharePoint --><polUni>

<fvTenant name="silverTenant1"><fvAp dn="uni/tn-silverTenant1/ap-Web1-AppProfile" name="Web1-AppProfile">

<!-- EPG 1 --><fvAEPg dn="uni/tn-silverTenant1/ap-Web1-AppProfile/epg-Web1-EPG"

name="Web1-EPG"><fvRsBd tnFvBDName="silverTenant1-BD1" /><fvRsProv tnVzBrCPName="webCtrct1"></fvRsProv>

<vnsFolderInst ctrctNameOrLbl="webCtrct1"graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"key="Network" name="network">

<vnsFolderInst ctrctNameOrLbl="webCtrct1"graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"key="nsip" name="snip1">

<vnsParamInst key="ipaddress" name="ip1" value="101.16.1.11"/><vnsParamInst key="netmask" name="netmask1"

value="255.255.255.0"/><vnsParamInst key="dynamicrouting" name="dynamicRouting"

value="ENABLED"/><vnsParamInst key="hostroute" name="hostroute"

value="DISABLED"/><vnsParamInst key="type" name="type" value="SNIP"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1"

graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"key="nsip" name="snip2">

<vnsParamInst key="ipaddress" name="ip2" value="10.16.1.11"/><vnsParamInst key="netmask" name="netmask2"

value="255.255.255.0"/><vnsParamInst key="dynamicrouting" name="dynamicRouting"

value="DISABLED"/><vnsParamInst key="hostroute" name="hostroute"

value="DISABLED"/><vnsParamInst key="mgmtaccess" name="mgmtaccess"

value="ENABLED"/><vnsParamInst key="type" name="type" value="SNIP"/></vnsFolderInst>

</vnsFolderInst>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"nodeNameOrLbl="CS_SSL_1" key="csvserver" name="vip-CS_SP2013" >

<vnsParamInst name="name" key="name" value="vip-CS_SP2013"/><vnsParamInst name="ipv46" key="ipv46" value="101.16.1.121"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/><vnsFolderInst ctrctNameOrLbl="webCtrct1"

graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"key="csvserver_cspolicy_binding" name="cspolbind1">

C-43Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsCfgRelInst key="policyname" name="poll1"targetName="csPolicy/cspol1"/>

<vnsParamInst name="targetlbvserver" key="targetlbvserver"value="vip-LB-sp2013-1"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1"

graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"key="csvserver_cspolicy_binding" name="cspolbind2">

<vnsCfgRelInst key="policyname" name="poll2"targetName="csPolicy/cspol2"/>

<vnsParamInst name="targetlbvserver" key="targetlbvserver"value="vip-LB-sp2013-2"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1"

graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"key="csvserver_lbvserver_binding" name="lbind">

<vnsCfgRelInst key="lbvserver" name="lbvserver"targetName="vip-LB-sp2013-1"/>

</vnsFolderInst></vnsFolderInst>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"nodeNameOrLbl="CS_SSL_1" key="lbvserver" name="vip-LB-sp2013-1" >

<vnsParamInst name="name" key="name" value="vip-LB-sp2013-1"/><vnsParamInst name="ipv46" key="ipv46" value="10.16.1.111"/><vnsParamInst name="servicetype" key="servicetype" value="HTTP"/><vnsParamInst name="port" key="port" value="80"/><vnsFolderInst ctrctNameOrLbl="webCtrct1"

graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"key="lbvserver_service_binding" name="lbService1">

<vnsCfgRelInst key="servicename" name="webservice1"targetName="service1"/>

</vnsFolderInst></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="lbvserver" name="vip-LB-sp2013-2" ><vnsParamInst name="name" key="name" value="vip-LB-sp2013-2"/><vnsParamInst name="servicetype" key="servicetype" value="HTTP"/><vnsParamInst name="ipv46" key="ipv46" value="10.16.1.112"/><vnsParamInst name="port" key="port" value="80"/><vnsFolderInst ctrctNameOrLbl="webCtrct1"

graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"key="lbvserver_service_binding" name="lbService1">

<vnsCfgRelInst key="servicename" name="webservice1"targetName="service2"/>

</vnsFolderInst></vnsFolderInst>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"nodeNameOrLbl="CS_SSL_1" key="service" name="service1" >

<vnsParamInst name="name" key="name" value="service-sp2013-1"/><vnsParamInst name="ip" key="ip" value="10.1.2.101"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="service" name="service2"><vnsParamInst name="name" key="name" value="service-sp2013-2"/><vnsParamInst name="ip" key="ip" value="10.1.2.102"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/>

</vnsFolderInst>

C-44Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"nodeNameOrLbl="CS_SSL_1" key="Policy" name="csPolicy">

<vnsFolderInst ctrctNameOrLbl="webCtrct1"graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"key="cspolicy" name="cspol1">

<vnsParamInst name="policyname" key="policyname" value="policy-cs-eng"/><vnsParamInst name="url" key="url" value="/sites/Eng/*"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1"

graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"key="cspolicy" name="cspol2">

<vnsParamInst name="policyname" key="policyname" value="policy-cs-mkt"/><vnsParamInst name="url" key="url" value="/sites/Mkt/*"/>

</vnsFolderInst></vnsFolderInst>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"nodeNameOrLbl="CS_SSL_1" key="mFCngcsvserver" name="wcsvserver1">

<vnsCfgRelInst name="csvserver_key" key="csvservercsvserver1_key"targetName="vip-CS_SP2013"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="mFCnglbvserver" name="wlbvserver1"><vnsCfgRelInst name="lbsverver_key" key="lbvserver_key" targetName="vip-

LB-sp2013-1"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="mFCnglbvserver" name="wlbvserver2"><vnsCfgRelInst name="lbsverver_key" key="lbvserver_key" targetName="vip-

LB-sp2013-2"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="mFCngservice" name="wservice1"><vnsCfgRelInst name="service_key1" key="service_key"

targetName="service1"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="mFCngservice" name="wservice2"><vnsCfgRelInst name="service_key1" key="service_key"

targetName="service2"/></vnsFolderInst>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"nodeNameOrLbl="CS_SSL_1" key="mFCngPolicy" name="Pol1">

<vnsCfgRelInst name="Policy_key" key="Policy_key"targetName="csPolicy/cspol1"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="mFCngPolicy" name="Pol2"><vnsCfgRelInst name="Policy_key" key="Policy_key"

targetName="csPolicy/cspol2"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="external_network"name="external_network">

<vnsCfgRelInst name="internal_network_key" key="external_network_key"targetName="network/snip1"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="internal_network"name="internal_network">

<vnsCfgRelInst name="external_network_key" key="internal_network_key"targetName="network/snip2"/>

</vnsFolderInst>

C-45Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

</fvAEPg></fvAp>

</fvTenant></polUni>

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.

Goto Configurations, page C-1.

ConfigServiceGraphWithParams_SP_cs_ssl_1.xml

Configure service graph with L4-L7 parameters for CS and SSL Offloading for SharePoint traffic.<!— ConfigServiceGraphWithParams_SP_cs_ssl_1.xml --><!— Configure L4-L7 parameters for CS and SSL Offloading for SharePoint --><polUni>

<fvTenant name="silverTenant1"><vnsAbsGraph name="WebGraph_cs_ssl">

<vnsAbsTermNodeProv name="Input1"><vnsAbsTermConn name="C1"></vnsAbsTermConn>

</vnsAbsTermNodeProv><!-- CS_SSL_1 Provides CS and SSL Offload functionality --><vnsAbsNode name="CS_SSL_1" funcType="GoTo">

<vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_cs_ssl/AbsTermNodeProv-Input1/outtmnl"/>

<vnsAbsFuncConn name="outside" attNotify="true">

<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-ContentSwitching/mConn-external" />

</vnsAbsFuncConn><vnsAbsFuncConn name="inside" attNotify="true">

<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-ContentSwitching/mConn-internal" />

</vnsAbsFuncConn><vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-

1.0/mFunc-ContentSwitching"/></vnsAbsNode><vnsAbsTermNodeCon name="Output1">

<vnsAbsTermConn name="C6"></vnsAbsTermConn>

</vnsAbsTermNodeCon><vnsAbsConnection name="CON1" adjType="L3">

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_cs_ssl/AbsTermNodeCon-Output1/AbsTConn"/>

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_cs_ssl/AbsNode-CS_SSL_1/AbsFConn-outside"/>

</vnsAbsConnection><vnsAbsConnection name="CON2">

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_cs_ssl/AbsNode-CS_SSL_1/AbsFConn-inside"/>

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_cs_ssl/AbsTermNodeProv-Input1/AbsTConn"/>

</vnsAbsConnection></vnsAbsGraph>

</fvTenant></polUni>

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.

Goto Configurations, page C-1.

C-46Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

CreateServiceGraph_SP_cs_ssl_2.xml

Create a second service graph (WebGraph_cs_ssl_2) for CS with SSL Offloading of SharePoint traffic. Configuring a service graph for Content Switching is a two-step process.<!— CreateServiceGraph_SP_cs_ssl_2.xml --><!— Create a service graph for CS with SSL Offloading of SharePoint --><polUni><fvTenant name="silverTenant1"><fvAp dn="uni/tn-silverTenant1/ap-Web1-AppProfile" name="Web1-AppProfile"><!-- EPG 1 --><fvAEPg dn="uni/tn-silverTenant1/ap-Web1-AppProfile/epg-Web1-EPG"

name="Web1-EPG"><fvRsBd tnFvBDName="silverTenant1-BD1" /><fvRsProv tnVzBrCPName="webCtrct1"></fvRsProv><vnsFolderInst ctrctNameOrLbl="webCtrct1"

graphNameOrLbl="WebGraph_cs_ssl_2" nodeNameOrLbl="CS_SSL_2"key="Network" name="network">

<vnsFolderInst ctrctNameOrLbl="webCtrct1"graphNameOrLbl="WebGraph_cs_ssl_2"nodeNameOrLbl="CS_SSL_2" key="nsip" name="snip1">

<vnsParamInst key="ipaddress" name="ip1" value="101.16.1.11"/><vnsParamInst key="netmask" name="netmask1" value="255.255.255.0"/><vnsParamInst key="dynamicrouting" name="dynamicRouting"

value="ENABLED"/><vnsParamInst key="hostroute" name="hostroute" value="DISABLED"/><vnsParamInst key="type" name="type" value="SNIP"/></vnsFolderInst>

<vnsFolderInst ctrctNameOrLbl="webCtrct1"graphNameOrLbl="WebGraph_cs_ssl_2"nodeNameOrLbl="CS_SSL_2" key="nsip" name="snip2">

<vnsParamInst key="ipaddress" name="ip2" value="10.16.1.11"/><vnsParamInst key="netmask" name="netmask2" value="255.255.255.0"/><vnsParamInst key="dynamicrouting" name="dynamicRouting"

value="DISABLED"/><vnsParamInst key="hostroute" name="hostroute" value="DISABLED"/><vnsParamInst key="mgmtaccess" name="mgmtaccess" value="ENABLED"/><vnsParamInst key="type" name="type" value="SNIP"/>

</vnsFolderInst></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1"

graphNameOrLbl="WebGraph_cs_ssl_2"nodeNameOrLbl="CS_SSL_2" key="sslcertkey" name="sp2013.test.ctx-cert" >

<vnsParamInst name="certkey" key="certkey" value="sp2013.test.ctx-cert"/><vnsParamInst name="cert" key="cert" value="sp2013-server.cert"/><vnsParamInst name="key" key="key" value="sp2013-server.key"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1"

graphNameOrLbl="WebGraph_cs_ssl_2"nodeNameOrLbl="CS_SSL_2" key="sslvserver" name="vip-CS_SP2013_ssl">

<vnsParamInst name="vservername" key="vservername" value="vip-CS_SP2013"/><vnsFolderInst ctrctNameOrLbl="webCtrct1"

graphNameOrLbl="WebGraph_cs_ssl_2" nodeNameOrLbl="CS_SSL_2"key="sslvserver_sslcertkey_binding" name="certkeyBind">

<vnsCfgRelInst name="certkeyname" key="certkeyname"targetName="sp2013.test.ctx-cert"/>

</vnsFolderInst></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1"

graphNameOrLbl="WebGraph_cs_ssl_2"nodeNameOrLbl="CS_SSL_2" key="mFCngsslvserver" name="mFCngsslvserver2">

<vnsCfgRelInst name="sslvserver_key" key="sslvserver_key"targetName="vip-CS_SP2013_ssl"/>

</vnsFolderInst>

C-47Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsFolderInst ctrctNameOrLbl="webCtrct1"graphNameOrLbl="WebGraph_cs_ssl_2"nodeNameOrLbl="CS_SSL_2" key="mFCngsslcertkey" name="mFCngsslcertkey2">

<vnsCfgRelInst name="sslcertkey_key" key="sslcertkey_key"targetName="sp2013.test.ctx-cert"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1"

graphNameOrLbl="WebGraph_cs_ssl_2"nodeNameOrLbl="CS_SSL_2" key="external_network" name="external_network">

<vnsCfgRelInst name="internal_network_key" key="external_network_key"targetName="network/snip1"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1"

graphNameOrLbl="WebGraph_cs_ssl_2"nodeNameOrLbl="CS_SSL_2" key="internal_network" name="internal_network">

<vnsCfgRelInst name="external_network_key" key="internal_network_key"targetName="network/snip2"/>

</vnsFolderInst></fvAEPg>

</fvAp></fvTenant>

</polUni>

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.

Goto Configurations, page C-1.

ConfigServiceGraphWithParams_SP_cs_ssl_2.xml

Configure graph (WebGraph_cs_ssl_2) with L4-L7 parameters for CS and SSL Offloading for SharePoint traffic.<!— ConfigServiceGraphWithParams_SP_cs_ssl_2.xml --><!— Configure additional L4-L7 parameters for CS and SSL Offloading for SharePoint -->

<polUni><fvTenant name="silverTenant1">

<vnsAbsGraph name="WebGraph_cs_ssl_2"><vnsAbsTermNodeProv name="Input1">

<vnsAbsTermConn name="C1"></vnsAbsTermConn>

</vnsAbsTermNodeProv><!-- CS_SSL_2 Provides CS and SSL Offload functionality --><vnsAbsNode name="CS_SSL_2" funcType="GoTo" >

<vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_cs_ssl_2/AbsTermNodeProv-Input1/outtmnl"/>

<vnsAbsFuncConn name="outside" attNotify="true">

<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-SSLOffload/mConn-external" />

</vnsAbsFuncConn><vnsAbsFuncConn name="inside" attNotify="true">

<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-SSLOffload/mConn-internal" />

</vnsAbsFuncConn><vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-

SSLOffload"/></vnsAbsNode><vnsAbsTermNodeCon name="Output1">

<vnsAbsTermConn name="C6"></vnsAbsTermConn>

</vnsAbsTermNodeCon><vnsAbsConnection name="CON1" adjType="L3">

C-48Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_cs_ssl_2/AbsTermNodeCon-Output1/AbsTConn"/>

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_cs_ssl_2/AbsNode-CS_SSL_2/AbsFConn-outside"/>

</vnsAbsConnection><vnsAbsConnection name="CON2">

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_cs_ssl_2/AbsNode-CS_SSL_2/AbsFConn-inside"/>

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_cs_ssl_2/AbsTermNodeProv-Input1/AbsTConn"/>

</vnsAbsConnection></vnsAbsGraph>

</fvTenant></polUni>

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.

Goto Configurations, page C-1.

XML for Database Content Switching

The following Database Content Switching XML files are available for reference.

• CreateServiceGraphWithParams_SP_cs_DB_1.xml, page C-49

Create a service graph and configure L4-L7 parameters for Content Switching of Database

• CreateServiceGraphWithParams_SP_cs_DB_2.xml, page C-51

Create a second service graph and configure L4-L7 parameters for Content Switching of Database. Configuring a service graph for Content Switching of Database is a two-step process.

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.

Goto Configurations, page C-1.

CreateServiceGraphWithParams_SP_cs_DB_1.xml

Create a service graph and configure L4-L7 parameters for Content Switching of Database <!-- CreateServiceGraphWithParams_SP_cs_DB_1.xml --><!-- Create service graph and L4-L7 parameters for CS of Database --><polUni><fvTenant name="silverTenant1"> <!-- DB configuration -->

<vnsAbsGraph name = "WebGraph_CS_DB_2"><vnsAbsTermNodeProv name = "Input1">

<vnsAbsTermConn name = "C1"></vnsAbsTermConn>

</vnsAbsTermNodeProv><vnsAbsNode name = "CS_DB_2" funcType="GoTo" >

<vnsAbsFuncConn name = "outside" attNotify="true"><vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-

DataStream/mConn-external" /></vnsAbsFuncConn><vnsAbsFuncConn name = "inside" attNotify="true">

<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-DataStream/mConn-internal" />

</vnsAbsFuncConn><vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-

DataStream"/><vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_DB_2/AbsTermNodeProv-Input1/outtmnl"/><!-- Device Configuration --><vnsAbsDevCfg>

C-49Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsAbsFolder key="Network" name="network" scopedBy="epg"><vnsAbsFolder key="nsip" name="snip1">

<vnsAbsParam key="ipaddress" name="ip1" value="101.16.1.11"/><vnsAbsParam key="netmask" name="netmask1" value="255.255.255.0"/><vnsAbsParam key="type" name="type" value="SNIP"/><vnsAbsParam key="dynamicrouting" name="dynamicrouting"

value="ENABLED"/><vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>

</vnsAbsFolder><vnsAbsFolder key="nsip" name="snip2">

<vnsAbsParam key="ipaddress" name="ip2" value="10.16.1.11"/><vnsAbsParam key="netmask" name="netmask2" value="255.255.255.0"/><vnsAbsParam key="type" name="type" value="SNIP"/><vnsAbsParam key="dynamicrouting" name="dynamicrouting"

value="DISABLED"/><vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>

</vnsAbsFolder></vnsAbsFolder>

<vnsAbsFolder key="dbuser" name="dbUser1" scopedBy="epg"><vnsAbsParam name="username" key="username" value="sa"/><vnsAbsParam name="password" key="password" value="Citrix123"/>

</vnsAbsFolder></vnsAbsDevCfg><!-- Function Configuration --><vnsAbsFuncCfg>

<vnsAbsFolder key="mFCngdbuser" name="dbuser1" scopedBy="epg"><vnsAbsCfgRel name="dbuser_key" key="dbuser_key"

targetName="dbUser1"/></vnsAbsFolder><vnsAbsFolder key="external_network" name="external_network"

scopedBy="epg"><vnsAbsCfgRel name="external_network_key" key="external_network_key"

targetName="network/snip1"/><vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_DB_2/AbsNode-CS_DB_2/AbsFConn-outside" /></vnsAbsFolder><vnsAbsFolder key="internal_network" name="internal_network"

scopedBy="epg"><vnsAbsCfgRel name="internal_network_key" key="internal_network_key"

targetName="network/snip2"/><vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_DB_2/AbsNode-CS_DB_2/AbsFConn-inside" /></vnsAbsFolder>

</vnsAbsFuncCfg></vnsAbsNode><vnsAbsTermNodeCon name = "Output1">

<vnsAbsTermConn name = "C6"></vnsAbsTermConn>

</vnsAbsTermNodeCon><vnsAbsConnection name = "CON1">

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_DB_2/AbsTermNodeCon-Output1/AbsTConn" />

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_DB_2/AbsNode-CS_DB_2/AbsFConn-outside" />

</vnsAbsConnection><vnsAbsConnection name = "CON2">

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_DB_2/AbsNode-CS_DB_2/AbsFConn-inside" />

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_DB_2/AbsTermNodeProv-Input1/AbsTConn" />

</vnsAbsConnection></vnsAbsGraph>

</fvTenant></polUni>

C-50Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.

Goto Configurations, page C-1.

CreateServiceGraphWithParams_SP_cs_DB_2.xml

Create a second service graph and configure L4-L7 parameters for Content Switching of Database. Configuring a service graph for Content Switching of Database is a two-step process.<!-- CreateServiceGraphWithParams_SP_cs_DB_2.xml --><!-- Create service graph with L4-L7 parameters for CS of Database --><polUni><fvTenant name="silverTenant1"> <!-- CS / DB configuration -->

<vnsAbsGraph name = "WebGraph_CS_DB"><vnsAbsTermNodeProv name = "Input1">

<vnsAbsTermConn name = "C1"></vnsAbsTermConn>

</vnsAbsTermNodeProv><vnsAbsNode name = "CS_DB" funcType="GoTo" >

<vnsAbsFuncConn name = "outside" attNotify="true"><vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-

ContentSwitching/mConn-external" /></vnsAbsFuncConn><vnsAbsFuncConn name = "inside" attNotify="true">

<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-ContentSwitching/mConn-internal" />

</vnsAbsFuncConn><vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-

ContentSwitching"/><vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_DB/AbsTermNodeProv-Input1/outtmnl"/><vnsAbsDevCfg>

<vnsAbsFolder key="Network" name="network" scopedBy="epg"><vnsAbsFolder key="nsip" name="snip1">

<vnsAbsParam key="ipaddress" name="ip1" value="101.16.1.11"/><vnsAbsParam key="netmask" name="netmask1"value="255.255.255.0"/>

<vnsAbsParam key="type" name="type" value="SNIP"/><vnsAbsParam key="dynamicrouting" name="dynamicrouting"value="ENABLED"/>

<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/></vnsAbsFolder><vnsAbsFolder key="nsip" name="snip2">

<vnsAbsParam key="ipaddress" name="ip2" value="10.16.1.11"/><vnsAbsParam key="netmask" name="netmask2"value="255.255.255.0"/>

<vnsAbsParam key="type" name="type" value="SNIP"/><vnsAbsParam key="dynamicrouting" name="dynamicrouting"value="DISABLED"/>

<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/></vnsAbsFolder>

</vnsAbsFolder><vnsAbsFolder key="csvserver" name="csvserver1" scopedBy="epg">

<vnsAbsParam name="name" key="name" value="vip-MSSQL_CS"/><vnsAbsParam name="ipv46" key="ipv46" value="10.16.1.122"/><vnsAbsParam name="servicetype" key="servicetype" value="MSSQL"/><vnsAbsParam name="port" key="port" value="1433"/><vnsAbsParam name="mssqlserverversion" key="mssqlserverversion"

value="2012"/><vnsAbsFolder key="csvserver_cspolicy_binding" name="cspolbind1">

<vnsAbsCfgRel key="policyname" name="poll1"targetName="csPolicy/cs_pol1"/>

<vnsAbsParam name="priority" key="priority" value="10"/>

C-51Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsAbsParam name="targetlbvserver" key="targetlbvserver"value="vip-mssql-LB_READ"/>

</vnsAbsFolder><vnsAbsFolder key="csvserver_cspolicy_binding" name="cspolbind2">

<vnsAbsCfgRel key="policyname" name="poll2"targetName="csPolicy/cs_pol2"/>

<vnsAbsParam name="priority" key="priority" value="20"/><vnsAbsParam name="targetlbvserver" key="targetlbvserver"value="vip-mssql-LB_READ"/>

</vnsAbsFolder><vnsAbsFolder key="csvserver_lbvserver_binding" name="cslbbind">

<vnsAbsCfgRel key="lbvserver" name="cslb3"targetName="lbvserver2"/>

</vnsAbsFolder></vnsAbsFolder><vnsAbsFolder key="lbvserver" name="lbvserver1" scopedBy="epg">

<vnsAbsParam name="name" key="name" value="vip-mssql-LB_READ"/><vnsAbsParam name="servicetype" key="servicetype" value="MSSQL"/><vnsAbsParam name="ipv46" key="ipv46" value="10.16.1.151"/><vnsAbsParam name="port" key="port" value="1433"/><vnsAbsParam name="mssqlserverversion" key="mssqlserverversion"

value="2012"/><vnsAbsFolder key="lbvserver_service_binding" name="lbService1">

<vnsAbsCfgRel key="servicename" name="webservice1"targetName="service1_db"/>

</vnsAbsFolder><vnsAbsFolder key="lbvserver_service_binding" name="lbService2">

<vnsAbsCfgRel key="servicename" name="webservice2"targetName="service2_db"/>

</vnsAbsFolder><vnsAbsFolder key="lbvserver_service_binding" name="lbService3">

<vnsAbsCfgRel key="servicename" name="webservice3"targetName="service3_db"/>

</vnsAbsFolder></vnsAbsFolder><vnsAbsFolder key="lbvserver" name="lbvserver2" scopedBy="epg">

<vnsAbsParam name="name" key="name" value="vip-mssql-LB_WRITE"/><vnsAbsParam name="servicetype" key="servicetype"value="MSSQL"/><vnsAbsParam name="ipv46" key="ipv46" value="10.16.1.152"/><vnsAbsParam name="port" key="port" value="1433"/><vnsAbsParam name="mssqlserverversion" key="mssqlserverversion"value="2012"/>

<vnsAbsFolder key="lbvserver_service_binding"name="lbService3"><vnsAbsCfgRel key="servicename" name="webservice1"

targetName="service4_db"/></vnsAbsFolder>

</vnsAbsFolder><vnsAbsFolder key="service" name="service1_db" scopedBy="epg">

<vnsAbsParam name="name" key="name" value="sql-1.test.ctx"/><vnsAbsParam name="ip" key="ip" value="10.1.3.101"/><vnsAbsParam name="servicetype" key="servicetype"

value="MSSQL"/><vnsAbsParam name="port" key="port" value="1433"/><vnsAbsFolder key="service_lbmonitor_binding"name="servMonBind1">

<vnsAbsCfgRel key="monitor_name" name="monitor_name"targetName="lbMon1"/>

</vnsAbsFolder></vnsAbsFolder><vnsAbsFolder key="service" name="service2_db" scopedBy="epg">

<vnsAbsParam name="name" key="name" value="sql-2.test.ctx"/>

C-52Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsAbsParam name="ip" key="ip" value="10.1.3.102"/><vnsAbsParam name="servicetype" key="servicetype"

value="MSSQL"/><vnsAbsParam name="port" key="port" value="1433"/><vnsAbsFolder key="service_lbmonitor_binding"

name="servMonBind1"><vnsAbsCfgRel key="monitor_name" name="monitor_name"

targetName="lbMon2"/></vnsAbsFolder>

</vnsAbsFolder><vnsAbsFolder key="service" name="service3_db" scopedBy="epg">

<vnsAbsParam name="name" key="name" value="sql-3.test.ctx"/><vnsAbsParam name="ip" key="ip" value="10.1.3.103"/><vnsAbsParam name="servicetype" key="servicetype"

value="MSSQL"/><vnsAbsParam name="port" key="port" value="1433"/><vnsAbsFolder key="service_lbmonitor_binding"name="servMonBind1">

<vnsAbsCfgRel key="monitor_name" name="monitor_name"targetName="lbMon3"/>

</vnsAbsFolder></vnsAbsFolder><vnsAbsFolder key="service" name="service4_db" scopedBy="epg">

<vnsAbsParam name="name" key="name" value="sql_listener"/><vnsAbsParam name="ip" key="ip" value="10.1.3.105"/><vnsAbsParam name="servicetype" key="servicetype"

value="MSSQL"/><vnsAbsParam name="port" key="port" value="1433"/>

</vnsAbsFolder><vnsAbsFolder key="lbmonitor" name="lbMon1" scopedBy="epg">

<vnsAbsParam name="monitorname" key="monitorname"value="read_replica1"/>

<vnsAbsParam name="type" key="type" value="MSSQL-ECV"/><vnsAbsParam name="sqlquery" key="sqlquery" value="select role,role_desc from sys.dm_hadr_availability_replica_states as A,sys.dm_hadr_availability_replica_cluster_states as B where(A.replica_id = B.replica_id and B.replica_server_name ='sql-1') and A.group_id in (select ag_id fromsys.dm_hadr_name_id_map where ag_name =

'AG_SharePoint_2013')"/><vnsAbsParam name="evalrule" key="evalrule"value="MSSQL.RES.ROW(0).TEXT_ELEM(1).EQ(&quot;SECONDARY&quot;)"/>

<vnsAbsParam name="username" key="username" value="sa"/></vnsAbsFolder><vnsAbsFolder key="lbmonitor" name="lbMon2" scopedBy="epg">

<vnsAbsParam name="monitorname" key="monitorname"value="read_replica2"/>

<vnsAbsParam name="type" key="type" value="MSSQL-ECV"/><vnsAbsParam name="sqlquery" key="sqlquery" value="select role,role_desc from sys.dm_hadr_availability_replica_states as A,sys.dm_hadr_availability_replica_cluster_states as B where(A.replica_id = B.replica_id and B.replica_server_name ='sql-2') and A.group_id in (select ag_id fromsys.dm_hadr_name_id_map where ag_name =

'AG_SharePoint_2013')"/><vnsAbsParam name="evalrule" key="evalrule"value="MSSQL.RES.ROW(0).TEXT_ELEM(1).EQ(&quot;SECONDARY&quot;)"/>

<vnsAbsParam name="username" key="username" value="sa"/></vnsAbsFolder><vnsAbsFolder key="lbmonitor" name="lbMon3" scopedBy="epg">

<vnsAbsParam name="monitorname" key="monitorname"value="read_replica3"/>

C-53Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsAbsParam name="type" key="type" value="MSSQL-ECV"/><vnsAbsParam name="sqlquery" key="sqlquery" value="select role,role_desc from sys.dm_hadr_availability_replica_states as A,sys.dm_hadr_availability_replica_cluster_states as B where(A.replica_id = B.replica_id and B.replica_server_name ='sql-3') and A.group_id in (select ag_id fromsys.dm_hadr_name_id_map where ag_name ='AG_SharePoint_2013')"/>

<vnsAbsParam name="evalrule" key="evalrule"value="MSSQL.RES.ROW(0).TEXT_ELEM(1).EQ(&quot;SECONDARY&quot;)"/>

<vnsAbsParam name="username" key="username" value="sa"/></vnsAbsFolder><vnsAbsFolder key="Policy" name="csPolicy" scopedBy="epg">

<vnsAbsFolder key="cspolicy" name="cs_pol1"><vnsAbsParam name="policyname" key="policyname"value="CS_Read1"/>

<vnsAbsParam name="rule" key="rule"value="MSSQL.CLIENT.TYPEFLAGS.BITAND(32).EQ(32)"/>

</vnsAbsFolder><vnsAbsFolder key="cspolicy" name="cs_pol2">

<vnsAbsParam name="policyname" key="policyname"value="CS_Read2"/>

<vnsAbsParam name="rule" key="rule"value="MSSQL.REQ.QUERY.COMMAND.SET_TEXT_MODE(IGNORECASE)

.EQ(&quot;select&quot;)"/></vnsAbsFolder><vnsAbsFolder key="responderpolicy" name="respPol">

<vnsAbsParam name="name" key="name"value="Top_MSSQL_QUERY_RPC_LBVSERVER"/>

<vnsAbsParam name="rule" key="rule"value="ANALYTICS.STREAM(&quot;Top_MSSQL_QUERY_RPC_LBVSERVER&quot;).COLLECT_STATS"/>

<vnsAbsCfgRel key="action" name="action" targetName="noOP"/><vnsAbsCfgRel key="logaction" name="logaction"

targetName="auditMsgAction"/></vnsAbsFolder>

</vnsAbsFolder><vnsAbsFolder key="responderaction" name="noOP" scopedBy="epg">

<vnsAbsParam name="name" key="name" value="OPnahi"/><vnsAbsParam name="type" key="type" value="noop"/><vnsAbsParam name="target" key="target" value="dummy_arg"/>

</vnsAbsFolder><vnsAbsFolder key="auditmessageaction" name="auditMsgAction"

scopedBy="epg"><vnsAbsParam name="name" key="name" value="db_log"/><vnsAbsParam name="loglevel" key="loglevel" value="ALERT"/><vnsAbsParam name="stringbuilderexpr" key="stringbuilderexpr"value="'MSSQL.REQ.RPC.NAME + &quot; accessed by &quot;+ MSSQL.CLIENT.USER + &quot; from &quot; + CLIENT.IP.SRC'"/>

</vnsAbsFolder></vnsAbsDevCfg>

<vnsAbsFuncCfg><vnsAbsFolder key="mFCngcsvserver" name="wcsvserver1" scopedBy="epg">

<vnsAbsCfgRel name="csvserver_key" key="csvserver_key"targetName="csvserver1"/>

<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_DB/AbsNode-CS_DB/AbsFConn-outside" />

</vnsAbsFolder><vnsAbsFolder key="mFCnglbvserver" name="wlbvserver1" scopedBy="epg">

<vnsAbsCfgRel name="lbsverver_key" key="lbvserver_key"targetName="lbvserver1"/>

C-54Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_DB/AbsNode-CS_DB/AbsFConn-outside" />

</vnsAbsFolder><vnsAbsFolder key="mFCnglbvserver" name="wlbvserver2" scopedBy="epg">

<vnsAbsCfgRel name="lbsverver_key" key="lbvserver_key"targetName="lbvserver2"/>

<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_DB/AbsNode-CS_DB/AbsFConn-outside" />

</vnsAbsFolder><vnsAbsFolder key="mFCngservice" name="wservice1" scopedBy="epg">

<vnsAbsCfgRel name="service_key" key="service_key"targetName="service1_db"/>

<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_DB/AbsNode-CS_DB/AbsFConn-inside" />

</vnsAbsFolder><vnsAbsFolder key="mFCngservice" name="wservice2" scopedBy="epg">

<vnsAbsCfgRel name="service_key" key="service_key"targetName="service2_db"/>

<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_DB/AbsNode-CS_DB/AbsFConn-inside" />

</vnsAbsFolder><vnsAbsFolder key="mFCngservice" name="wservice3" scopedBy="epg">

<vnsAbsCfgRel name="service_key" key="service_key"targetName="service3_db"/>

<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_DB/AbsNode-CS_DB/AbsFConn-inside" />

</vnsAbsFolder><vnsAbsFolder key="mFCngservice" name="wservice4" scopedBy="epg">

<vnsAbsCfgRel name="service_key" key="service_key"targetName="service4_db"/>

<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_DB/AbsNode-CS_DB/AbsFConn-inside" />

</vnsAbsFolder><vnsAbsFolder key="mFCnglbmonitor" name="LBMON1" scopedBy="epg">

<vnsAbsCfgRel name="lbmonitor_key" key="lbmonitor_key"targetName="lbMon1"/>

</vnsAbsFolder><vnsAbsFolder key="mFCnglbmonitor" name="LBMON2" scopedBy="epg">

<vnsAbsCfgRel name="lbmonitor_key" key="lbmonitor_key"targetName="lbMon2"/>

</vnsAbsFolder><vnsAbsFolder key="mFCnglbmonitor" name="LBMON3" scopedBy="epg">

<vnsAbsCfgRel name="lbmonitor_key" key="lbmonitor_key"targetName="lbMon3"/></vnsAbsFolder>

<vnsAbsFolder key="mFCngPolicy" name="Pol1" scopedBy="epg"><vnsAbsCfgRel name="Policy_key" key="Policy_key"targetName="csPolicy/cs_pol1"/>

</vnsAbsFolder><vnsAbsFolder key="mFCngPolicy" name="Pol2" scopedBy="epg">

<vnsAbsCfgRel name="Policy_key" key="Policy_key"targetName="csPolicy/cs_pol2"/>

</vnsAbsFolder><vnsAbsFolder key="mFCngPolicy" name="Pol3" scopedBy="epg">

<vnsAbsCfgRel name="Policy_key" key="Policy_key"targetName="csPolicy/respPol"/>

</vnsAbsFolder><vnsAbsFolder key="external_network" name="external_network"

scopedBy="epg"><vnsAbsCfgRel name="external_network_key"

key="external_network_key" targetName="network/snip1"/><vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_DB/AbsNode-CS_DB/AbsFConn-outside" /></vnsAbsFolder>

C-55Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsAbsFolder key="internal_network" name="internal_network"scopedBy="epg">

<vnsAbsCfgRel name="internal_network_key"key="internal_network_key" targetName="network/snip2"/>

<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_DB/AbsNode-CS_DB/AbsFConn-inside" />

</vnsAbsFolder></vnsAbsFuncCfg>

</vnsAbsNode><vnsAbsTermNodeCon name = "Output1">

<vnsAbsTermConn name = "C6"></vnsAbsTermConn>

</vnsAbsTermNodeCon><vnsAbsConnection name = "CON1">

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_DB/AbsTermNodeCon-Output1/AbsTConn" />

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_DB/AbsNode-CS_DB/AbsFConn-outside" />

</vnsAbsConnection><vnsAbsConnection name = "CON2">

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_DB/AbsNode-CS_DB/AbsFConn-inside" />

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_DB/AbsTermNodeProv-Input1/AbsTConn" />

</vnsAbsConnection></vnsAbsGraph>

</fvTenant></polUni>

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.

Goto Configurations, page C-1.

XML for Application Firewall

The following Application Firewall XML files are available for reference.

• CreateServiceGraphWithParams_AppFW.xml, page C-56

Create a service graph and configure L4-L7 parameters for AppFW.

• ConfigServiceGraph_SP_cs_ssl_1_withAppFW-policy.xml, page C-58

Configure additional L4-L7 parameters for the AppFW service graph that define the binding of AppFW policy.

• ConfigAppFW_block_SQL_injection.xml, page C-62

Configure AppFW to block SQL injection attacks.

• ConfigAppFW_block_XSS.xml, page C-63

Configure AppFW to block cross-site scripting (XSS) attacks.

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.

Goto Configurations, page C-1.

CreateServiceGraphWithParams_AppFW.xml

Create a service graph and configure L4-L7 parameters for AppFW.<!-- CreateServiceGraphWithParams_AppFW.xml --><!-- Create service graph and L4-L7 parameters for AppFW --><polUni><fvTenant name="silverTenant1">

C-56Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsAbsGraph name = "WebGraph_CS_AppFW_1"><vnsAbsTermNodeProv name = "Input1">

<vnsAbsTermConn name = "C1"></vnsAbsTermConn>

</vnsAbsTermNodeProv><vnsAbsNode name = "CS_AppFW_1" funcType="GoTo" ><vnsAbsFuncConn name = "outside" attNotify="true">

<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-ApplicationFirewall/mConn-external" />

</vnsAbsFuncConn>

<vnsAbsFuncConn name = "inside" attNotify="true"><vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-

ApplicationFirewall/mConn-internal" /></vnsAbsFuncConn><vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-

ApplicationFirewall"/><vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_AppFW_1/AbsTermNodeProv-Input1/outtmnl"/><vnsAbsDevCfg><vnsAbsFolder key="Network" name="network" scopedBy="epg">

<vnsAbsFolder key="nsip" name="snip1"><vnsAbsParam key="ipaddress" name="ip1" value="101.16.1.11"/><vnsAbsParam key="netmask" name="netmask1" value="255.255.255.0"/>

<vnsAbsParam key="type" name="type" value="SNIP"/><vnsAbsParam key="dynamicrouting" name="dynamicrouting" value="ENABLED"/><vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/></vnsAbsFolder><vnsAbsFolder key="nsip" name="snip2"><vnsAbsParam key="ipaddress" name="ip2" value="10.16.1.11"/><vnsAbsParam key="netmask" name="netmask2" value="255.255.255.0"/>

<vnsAbsParam key="type" name="type" value="SNIP"/><vnsAbsParam key="dynamicrouting" name="dynamicrouting"

value="DISABLED"/><vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/></vnsAbsFolder>

</vnsAbsFolder><vnsAbsFolder key="appfwprofile" name="apppro" scopedBy="epg"><vnsAbsParam name="name" key="name" value="Sharepoint_SharePoint_sig"/><vnsAbsParam name="starturlaction" key="starturlaction" value="block learn

log stats"/><vnsAbsParam name="starturlclosure" key="starturlclosure" value="ON"/><vnsAbsParam name="signatures" key="signatures" value="mssharepoint"/><vnsAbsFolder key="appfwprofile_starturl_binding" name="appFw_1"><vnsAbsParam key="starturl" name="starturl"

value="^https://sp2013.test.ctx(\\:)*(\\d)*/sites/Eng(/)?"/></vnsAbsFolder><vnsAbsFolder key="appfwprofile_starturl_binding" name="appFw_2"><vnsAbsParam key="starturl" name="starturl"

value="^https://sp2013.test.ctx(\\:)*(\\d)*/sites/Mkt(/)?"/></vnsAbsFolder>

</vnsAbsFolder><vnsAbsFolder key="Policy" name="csPolicy" scopedBy="epg"><vnsAbsFolder key="appfwpolicy" name="apppol" scopedBy="epg"><vnsAbsParam name="name" key="name" value="Sharepoint_SharePoint_sig"/><vnsAbsParam name="rule" key="rule"value="HTTP.REQ.HOSTNAME.EQ(&quot;sp2013.test.ctx&quot;)"/>

<vnsAbsCfgRel key="profilename" name="cslb3" targetName="apppro"/></vnsAbsFolder>

</vnsAbsFolder></vnsAbsDevCfg>

<vnsAbsFuncCfg><vnsAbsFolder key="mFCngappfwprofile" name="appfwprofile1" scopedBy="epg">

C-57Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsAbsCfgRel name="appfwprofile_key" key="appfwprofile_key"targetName="apppro"/>

</vnsAbsFolder><vnsAbsFolder key="mFCngPolicy" name="FwPol" scopedBy="epg"><vnsAbsCfgRel name="Policy_key" key="Policy_key"

targetName="csPolicy/apppol"/></vnsAbsFolder><vnsAbsFolder key="external_network" name="external_network"

scopedBy="epg"><vnsAbsCfgRel name="external_network_key" key="external_network_key"

targetName="network/snip1"/><vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_AppFW_1/AbsNode-CS_AppFW_1/AbsFConn-inside" /></vnsAbsFolder><vnsAbsFolder key="internal_network" name="internal_network"

scopedBy="epg"><vnsAbsCfgRel name="internal_network_key" key="internal_network_key"

targetName="network/snip2"/><vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_AppFW_1/AbsNode-CS_AppFW_1/AbsFConn-outside" /></vnsAbsFolder>

</vnsAbsFuncCfg></vnsAbsNode><vnsAbsTermNodeCon name = "Output1"><vnsAbsTermConn name = "C6"></vnsAbsTermConn>

</vnsAbsTermNodeCon><vnsAbsConnection name = "CON1"><vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_AppFW_1/AbsTermNodeCon-Output1/AbsTConn" /><vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_AppFW_1/AbsNode-CS_AppFW_1/AbsFConn-outside" /></vnsAbsConnection><vnsAbsConnection name = "CON2"><vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_AppFW_1/AbsNode-CS_AppFW_1/AbsFConn-inside" /><vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_AppFW_1/AbsTermNodeProv-Input1/AbsTConn" /></vnsAbsConnection></vnsAbsGraph>

</fvTenant></polUni>

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.

Goto Configurations, page C-1.

ConfigServiceGraph_SP_cs_ssl_1_withAppFW-policy.xml

Configure additional L4-L7 parameters for the AppFW service graph that define the binding of AppFW policy.<!-- ConfigServiceGraph_SP_cs_ssl_1_withAppFW-policy.xml --><!-- Configures additional L4-L7 parameters for binding AppFW policy --><polUni><fvTenant name="silverTenant1"><fvAp dn="uni/tn-silverTenant1/ap-Web1-AppProfile" name="Web1-AppProfile"><!-- EPG 1 --><fvAEPg dn="uni/tn-silverTenant1/ap-Web1-AppProfile/epg-Web1-EPG"

name="Web1-EPG"><fvRsBd tnFvBDName="silverTenant1-BD1" /><fvRsProv tnVzBrCPName="webCtrct1"></fvRsProv>

C-58Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"nodeNameOrLbl="CS_SSL_1" key="Network" name="network">

<vnsFolderInst ctrctNameOrLbl="webCtrct1"graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1" key="nsip"name="snip1">

<vnsParamInst key="ipaddress" name="ip1" value="101.16.1.11"/><vnsParamInst key="netmask" name="netmask1" value="255.255.255.0"/><vnsParamInst key="dynamicrouting" name="dynamicRouting"

value="ENABLED"/><vnsParamInst key="hostroute" name="hostroute" value="DISABLED"/><vnsParamInst key="type" name="type" value="SNIP"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1"

graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1" key="nsip"name="snip2">

<vnsParamInst key="ipaddress" name="ip2" value="10.16.1.11"/><vnsParamInst key="netmask" name="netmask2" value="255.255.255.0"/><vnsParamInst key="dynamicrouting" name="dynamicRouting"

value="DISABLED"/><vnsParamInst key="hostroute" name="hostroute" value="DISABLED"/>

<vnsParamInst key="mgmtaccess" name="mgmtaccess" value="ENABLED"/><vnsParamInst key="type" name="type" value="SNIP"/>

</vnsFolderInst></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="csvserver" name="vip-CS_SP2013" ><vnsParamInst name="name" key="name" value="vip-CS_SP2013"/><vnsParamInst name="ipv46" key="ipv46" value="101.16.1.121"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"nodeNameOrLbl="CS_SSL_1" key="csvserver_cspolicy_binding"name="cspolbind1">

<vnsCfgRelInst key="policyname" name="poll1"targetName="csPolicy/cspol1"/>

<vnsParamInst name="targetlbvserver" key="targetlbvserver" value="vip-LB-sp2013-1"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="csvserver_cspolicy_binding"name="cspolbind2">

<vnsCfgRelInst key="policyname" name="poll2"targetName="csPolicy/cspol2"/>

<vnsParamInst name="targetlbvserver" key="targetlbvserver" value="vip-LB-sp2013-2"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="csvserver_lbvserver_binding" name="lbind"><vnsCfgRelInst key="lbvserver" name="lbvserver" targetName="vip-LB-sp2013-1"/>

</vnsFolderInst>

<!-- ================================== --><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="csvserver_appfwpolicy_binding"name="appfwbind1">

<vnsCfgRelInst key="policyname" name="poll1"targetName="appfwPolicy_1/apfw1"/>

<vnsParamInst name="priority" key="priority" value="100"/><vnsParamInst name="gotopriorityexpression" key="gotopriorityexpression"

value="END"/><vnsParamInst name="bindpoint" key="bindpoint" value="REQUEST"/>

</vnsFolderInst>

C-59Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<!-- ================================== -->

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="lbvserver" name="vip-LB-sp2013-1" ><vnsParamInst name="name" key="name" value="vip-LB-sp2013-1"/><vnsParamInst name="ipv46" key="ipv46" value="10.16.1.111"/><vnsParamInst name="servicetype" key="servicetype" value="HTTP"/><vnsParamInst name="port" key="port" value="80"/><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="lbvserver_service_binding"name="lbService1">

<vnsCfgRelInst key="servicename" name="webservice1"targetName="service1"/>

</vnsFolderInst></vnsFolderInst>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"nodeNameOrLbl="CS_SSL_1" key="lbvserver" name="vip-LB-sp2013-2" >

<vnsParamInst name="name" key="name" value="vip-LB-sp2013-2"/><vnsParamInst name="servicetype" key="servicetype" value="HTTP"/><vnsParamInst name="ipv46" key="ipv46" value="10.16.1.112"/><vnsParamInst name="port" key="port" value="80"/><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="lbvserver_service_binding"name="lbService1">

<vnsCfgRelInst key="servicename" name="webservice1"targetName="service2"/>

</vnsFolderInst></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="service" name="service1" ><vnsParamInst name="name" key="name" value="service-sp2013-1"/><vnsParamInst name="ip" key="ip" value="10.1.2.101"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="service" name="service2"><vnsParamInst name="name" key="name" value="service-sp2013-2"/><vnsParamInst name="ip" key="ip" value="10.1.2.102"/><vnsParamInst name="servicetype" key="servicetype" value="SSL"/><vnsParamInst name="port" key="port" value="443"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="Policy" name="csPolicy"><vnsFolderInst ctrctNameOrLbl="webCtrct1"

graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"key="cspolicy" name="cspol1">

<vnsParamInst name="policyname" key="policyname" value="policy-cs-eng"/><vnsParamInst name="url" key="url" value="/sites/Eng/*"/></vnsFolderInst>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"nodeNameOrLbl="CS_SSL_1" key="cspolicy" name="cspol2">

<vnsParamInst name="policyname" key="policyname" value="policy-cs-mkt"/><vnsParamInst name="url" key="url" value="/sites/Mkt/*"/>

</vnsFolderInst></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="Policy" name="appfwPolicy_1"><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="appfwpolicy" name="apfw1"><vnsParamInst name="name" key="name"value="Sharepoint_SharePoint_sig"/>

C-60Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsParamInst name="rule" key="rule"value="HTTP.REQ.HOSTNAME.EQ(&quot;sp2013.test.ctx&quot;)"/>

</vnsFolderInst></vnsFolderInst>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"nodeNameOrLbl="CS_SSL_1" key="mFCngcsvserver" name="wcsvserver1">

<vnsCfgRelInst name="csvserver_key" key="csvserver_key" targetName="vip-CS_SP2013"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1"

graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"key="mFCnglbvserver" name="wlbvserver1">

<vnsCfgRelInst name="lbsverver_key" key="lbvserver_key" targetName="vip-LB-sp2013-1"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="mFCnglbvserver" name="wlbvserver2"><vnsCfgRelInst name="lbsverver_key" key="lbvserver_key" targetName="vip-

LB-sp2013-2"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="mFCngservice" name="wservice1"><vnsCfgRelInst name="service_key1" key="service_key"

targetName="service1"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="mFCngservice" name="wservice2"><vnsCfgRelInst name="service_key1" key="service_key"

targetName="service2"/></vnsFolderInst>

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"nodeNameOrLbl="CS_SSL_1" key="mFCngPolicy" name="Pol1">

<vnsCfgRelInst name="Policy_key" key="Policy_key"targetName="csPolicy/cspol1"/>

</vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="mFCngPolicy" name="Pol2"><vnsCfgRelInst name="Policy_key" key="Policy_key"

targetName="csPolicy/cspol2"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="mFCngPolicy" name="Pol1_appfw"><vnsCfgRelInst name="Policy_key" key="Policy_key"

targetName="appfwPolicy_1"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="external_network" name="external_network"><vnsCfgRelInst name="internal_network_key" key="external_network_key"

targetName="network/snip1"/></vnsFolderInst><vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="internal_network" name="internal_network"><vnsCfgRelInst name="external_network_key" key="internal_network_key"

targetName="network/snip2"/></vnsFolderInst></fvAEPg>

</fvAp></fvTenant>

</polUni>

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.

Goto Configurations, page C-1.

C-61Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

ConfigAppFW_block_SQL_injection.xml

Configure AppFW to block SQL injection attacks.<!-- ConfigAppFW_block_SQL_injection.xml --><!-- Configure AppFW to block SQL injection attacks --><polUni><fvTenant name="silverTenant1"><vnsAbsGraph name = "WebGraph_CS_AppFW_1"><vnsAbsTermNodeProv name = "Input1">

<vnsAbsTermConn name = "C1"></vnsAbsTermConn>

</vnsAbsTermNodeProv><vnsAbsNode name = "CS_AppFW_1" funcType="GoTo" >

<vnsAbsFuncConn name = "outside" attNotify="true"><vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-

ApplicationFirewall/mConn-external" /></vnsAbsFuncConn><vnsAbsFuncConn name = "inside" attNotify="true">

<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-ApplicationFirewall/mConn-internal" />

</vnsAbsFuncConn><vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-

ApplicationFirewall"/><vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_AppFW_1/AbsTermNodeProv-Input1/outtmnl"/><vnsAbsDevCfg>

<vnsAbsFolder key="Network" name="network" scopedBy="epg"><vnsAbsFolder key="nsip" name="snip1">

<vnsAbsParam key="ipaddress" name="ip1" value="101.16.1.11"/><vnsAbsParam key="netmask" name="netmask1" value="255.255.255.0"/><vnsAbsParam key="type" name="type" value="SNIP"/><vnsAbsParam key="dynamicrouting" name="dynamicrouting"

value="ENABLED"/><vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>

</vnsAbsFolder><vnsAbsFolder key="nsip" name="snip2">

<vnsAbsParam key="ipaddress" name="ip2" value="10.16.1.11"/><vnsAbsParam key="netmask" name="netmask2" value="255.255.255.0"/><vnsAbsParam key="type" name="type" value="SNIP"/><vnsAbsParam key="dynamicrouting" name="dynamicrouting"

value="DISABLED"/><vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>

</vnsAbsFolder></vnsAbsFolder>

<vnsAbsFolder key="appfwprofile" name="apppro" scopedBy="epg"><vnsAbsParam name="name" key="name" value="Sharepoint_SharePoint_sig"/><vnsAbsParam name="starturlaction" key="starturlaction" value="block

learn log stats"/><vnsAbsParam name="starturlclosure" key="starturlclosure" value="ON"/><vnsAbsParam name="signatures" key="signatures" value="mssharepoint"/><vnsAbsParam name="sqlinjectionaction" key="sqlinjectionaction"

value="block learn log stats"/><vnsAbsFolder key="appfwprofile_starturl_binding" name="appFw_1">

<vnsAbsParam key="starturl" name="starturl"value="^https://sp2013.test.ctx(\\:)*(\\d)*/sites/Eng(/)?"/>

</vnsAbsFolder><vnsAbsFolder key="appfwprofile_starturl_binding" name="appFw_2">

<vnsAbsParam key="starturl" name="starturl"value="^https://sp2013.test.ctx(\\:)*(\\d)*/sites/Mkt(/)?"/>

</vnsAbsFolder></vnsAbsFolder><vnsAbsFolder key="Policy" name="csPolicy" scopedBy="epg">

<vnsAbsFolder key="appfwpolicy" name="apppol" scopedBy="epg">

C-62Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsAbsParam name="name" key="name"value="Sharepoint_SharePoint_sig"/>

<vnsAbsParam name="rule" key="rule"value="HTTP.REQ.HOSTNAME.EQ(&quot;sp2013.test.ctx&quot;)"/>

<vnsAbsCfgRel key="profilename" name="cslb3" targetName="apppro"/></vnsAbsFolder>

</vnsAbsFolder></vnsAbsDevCfg><vnsAbsFuncCfg>

<vnsAbsFolder key="mFCngappfwprofile" name="appfwprofile1"scopedBy="epg"><vnsAbsCfgRel name="appfwprofile_key" key="appfwprofile_key"

targetName="apppro"/></vnsAbsFolder><vnsAbsFolder key="mFCngPolicy" name="FwPol" scopedBy="epg">

<vnsAbsCfgRel name="Policy_key" key="Policy_key"targetName="csPolicy/apppol"/>

</vnsAbsFolder><vnsAbsFolder key="external_network" name="external_network"

scopedBy="epg"><vnsAbsCfgRel name="external_network_key" key="external_network_key"

targetName="network/snip1"/><vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_AppFW_1/AbsNode-CS_AppFW_1/AbsFConn-inside" /></vnsAbsFolder><vnsAbsFolder key="internal_network" name="internal_network"

scopedBy="epg"><vnsAbsCfgRel name="internal_network_key" key="internal_network_key"

targetName="network/snip2"/><vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_AppFW_1/AbsNode-CS_AppFW_1/AbsFConn-outside" /></vnsAbsFolder>

</vnsAbsFuncCfg></vnsAbsNode><vnsAbsTermNodeCon name = "Output1">

<vnsAbsTermConn name = "C6"></vnsAbsTermConn>

</vnsAbsTermNodeCon><vnsAbsConnection name = "CON1">

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_AppFW_1/AbsTermNodeCon-Output1/AbsTConn" />

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_AppFW_1/AbsNode-CS_AppFW_1/AbsFConn-outside" />

</vnsAbsConnection><vnsAbsConnection name = "CON2">

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_AppFW_1/AbsNode-CS_AppFW_1/AbsFConn-inside" />

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_AppFW_1/AbsTermNodeProv-Input1/AbsTConn" />

</vnsAbsConnection></vnsAbsGraph></fvTenant>

</polUni>

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.

Goto Configurations, page C-1.

ConfigAppFW_block_XSS.xml

Configure AppFW to block cross-site scripting (XSS) attacks.<!-- ConfigAppFW_block_XSS.xml --><!-- Configure AppFW to block XSS attacks -->

C-63Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<polUni><fvTenant name="silverTenant1"><vnsAbsGraph name = "WebGraph_CS_AppFW_1"><vnsAbsTermNodeProv name = "Input1">

<vnsAbsTermConn name = "C1"></vnsAbsTermConn>

</vnsAbsTermNodeProv><vnsAbsNode name = "CS_AppFW_1" funcType="GoTo" ><vnsAbsFuncConn name = "outside" attNotify="true">

<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-ApplicationFirewall/mConn-external" />

</vnsAbsFuncConn><vnsAbsFuncConn name = "inside" attNotify="true">

<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-ApplicationFirewall/mConn-internal" />

</vnsAbsFuncConn><vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-

ApplicationFirewall"/><vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_AppFW_1/AbsTermNodeProv-Input1/outtmnl"/><vnsAbsDevCfg>

<vnsAbsFolder key="Network" name="network" scopedBy="epg"><vnsAbsFolder key="nsip" name="snip1">

<vnsAbsParam key="ipaddress" name="ip1" value="101.16.1.11"/><vnsAbsParam key="netmask" name="netmask1"

value="255.255.255.0"/><vnsAbsParam key="type" name="type" value="SNIP"/><vnsAbsParam key="dynamicrouting" name="dynamicrouting"value="ENABLED"/><vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>

</vnsAbsFolder><vnsAbsFolder key="nsip" name="snip2">

<vnsAbsParam key="ipaddress" name="ip2" value="10.16.1.11"/><vnsAbsParam key="netmask" name="netmask2"

value="255.255.255.0"/><vnsAbsParam key="type" name="type" value="SNIP"/><vnsAbsParam key="dynamicrouting" name="dynamicrouting"

value="DISABLED"/><vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>

</vnsAbsFolder></vnsAbsFolder>

<vnsAbsFolder key="appfwprofile" name="apppro" scopedBy="epg"><vnsAbsParam name="name" key="name" value="Sharepoint_SharePoint_sig"/><vnsAbsParam name="starturlaction" key="starturlaction" value="block

learn log stats"/><vnsAbsParam name="starturlclosure" key="starturlclosure" value="ON"/><vnsAbsParam name="signatures" key="signatures" value="mssharepoint"/><vnsAbsParam name="crossSiteScriptingAction"

key="crosssitescriptingaction" value="block learn log stats"/><vnsAbsFolder key="appfwprofile_starturl_binding" name="appFw_1">

<vnsAbsParam key="starturl" name="starturl"value="^https://sp2013.test.ctx(\\:)*(\\d)*/sites/Eng(/)?"/>

</vnsAbsFolder><vnsAbsFolder key="appfwprofile_starturl_binding" name="appFw_2">

<vnsAbsParam key="starturl" name="starturl"value="^https://sp2013.test.ctx(\\:)*(\\d)*/sites/Mkt(/)?"/>

</vnsAbsFolder></vnsAbsFolder><vnsAbsFolder key="Policy" name="csPolicy" scopedBy="epg">

<vnsAbsFolder key="appfwpolicy" name="apppol" scopedBy="epg"><vnsAbsParam name="name" key="name"

value="Sharepoint_SharePoint_sig"/><vnsAbsParam name="rule" key="rule"

value="HTTP.REQ.HOSTNAME.EQ(&quot;sp2013.test.ctx&quot;)"/>

C-64Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsAbsCfgRel key="profilename" name="cslb3" targetName="apppro"/></vnsAbsFolder>

</vnsAbsFolder></vnsAbsDevCfg><vnsAbsFuncCfg>

<vnsAbsFolder key="mFCngappfwprofile" name="appfwprofile1"scopedBy="epg">

<vnsAbsCfgRel name="appfwprofile_key" key="appfwprofile_key"targetName="apppro"/>

</vnsAbsFolder><vnsAbsFolder key="mFCngPolicy" name="FwPol" scopedBy="epg">

<vnsAbsCfgRel name="Policy_key" key="Policy_key"targetName="csPolicy/apppol"/>

</vnsAbsFolder><vnsAbsFolder key="external_network" name="external_network"

scopedBy="epg"><vnsAbsCfgRel name="external_network_key" key="external_network_key"

targetName="network/snip1"/><vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_AppFW_1/AbsNode-CS_AppFW_1/AbsFConn-inside" /></vnsAbsFolder><vnsAbsFolder key="internal_network" name="internal_network"

scopedBy="epg"><vnsAbsCfgRel name="internal_network_key" key="internal_network_key"

targetName="network/snip2"/><vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_AppFW_1/AbsNode-CS_AppFW_1/AbsFConn-outside" /></vnsAbsFolder>

</vnsAbsFuncCfg></vnsAbsNode><vnsAbsTermNodeCon name = "Output1"><vnsAbsTermConn name = "C6">

</vnsAbsTermConn></vnsAbsTermNodeCon><vnsAbsConnection name = "CON1"><vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_AppFW_1/AbsTermNodeCon-Output1/AbsTConn" /><vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_AppFW_1/AbsNode-CS_AppFW_1/AbsFConn-outside" /></vnsAbsConnection><vnsAbsConnection name = "CON2"><vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_AppFW_1/AbsNode-CS_AppFW_1/AbsFConn-inside" />

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_AppFW_1/AbsTermNodeProv-Input1/AbsTConn" />

</vnsAbsConnection></vnsAbsGraph>

</fvTenant></polUni>

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.

Goto Configurations, page C-1.

XML for Global Server Load Balancing (GSLB)

The following Global Server Load Balancing XML files are available for reference.

• CreateServiceGraphWithParams_SP_GSLB_1.xml , page C-66

Create service graph with L4-L7 parameters for a GSLB ADNS configuration.

• CreateServiceGraphWithParams_SP_GSLB_2.xml, page C-67

C-65Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

Create a second service graph and configure additional L4-L7 parameters for GSLB.

• ConfigParameters_SP_GSLB_DynamicProx.xml, page C-70

Configure L4-L7 parameters for GSLB using distribution by dynamic proximity.

• ConfigParameters_SP_GSLB_StaticProx.xml, page C-73

Configure L4-L7 parameters for GSLB using distribution by static proximity.

• ConfigParameters_SP_GSLB_LeastConn.xml, page C-76

Configure L4-L7 parameters for GSLB using distribution by least connection.

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.

Goto Configurations, page C-1.

CreateServiceGraphWithParams_SP_GSLB_1.xml

Create service graph with L4-L7 parameters for a GSLB ADNS configuration.<!-- CreateServiceGraphWithParams_SP_GSLB_1.xml --><!-- Create service graph with L4-L7 parameters for GSLB --><polUni>

<fvTenant name="silverTenant1"> <!-- GSLB configuration --><vnsAbsGraph name = "WebGraph_CS_GSLB_ADNS"><vnsAbsTermNodeProv name = "Input1">

<vnsAbsTermConn name = "C1"></vnsAbsTermConn>

</vnsAbsTermNodeProv><vnsAbsNode name = "GSLB_adns" funcType="GoTo" >

<vnsAbsFuncConn name = "outside" attNotify="true"><vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/

mFunc-DomainNameService/mConn-external" /></vnsAbsFuncConn><vnsAbsFuncConn name = "inside" attNotify="true">

<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-DomainNameService/mConn-internal" />

</vnsAbsFuncConn><vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-

DomainNameService"/><vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_GSLB_ADNS/AbsTermNodeProv-Input1/outtmnl"/><!-- Device Configuration --><vnsAbsDevCfg>

<vnsAbsFolder key="Network" name="network" scopedBy="epg"><vnsAbsFolder key="nsip" name="snip1">

<vnsAbsParam key="ipaddress" name="ip1" value="101.16.1.11"/><vnsAbsParam key="netmask" name="netmask1"

value="255.255.255.0"/><vnsAbsParam key="type" name="tye" value="SNIP"/><vnsAbsParam key="dynamicrouting" name="dynamicrouting"

value="ENABLED"/><vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>

</vnsAbsFolder><vnsAbsFolder key="nsip" name="snip2"><vnsAbsParam key="ipaddress" name="ip2" value="10.16.1.11"/>

<vnsAbsParam key="netmask" name="netmask2"value="255.255.255.0"/>

<vnsAbsParam key="type" name="tye" value="SNIP"/><vnsAbsParam key="dynamicrouting" name="dynamicrouting"

value="DISABLED"/><vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>

</vnsAbsFolder></vnsAbsFolder>

C-66Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsAbsFolder key="service" name="service1_adns" scopedBy="epg"><vnsAbsParam name="name" key="name" value="svc_adns_1"/>

<vnsAbsParam name="ip" key="ip" value="101.16.1.11"/><vnsAbsParam name="servicetype" key="servicetype"

value="ADNS"/><vnsAbsParam name="port" key="port" value="53"/></vnsAbsFolder>

</vnsAbsDevCfg><!-- Function Configuration -->

<vnsAbsFuncCfg><vnsAbsFolder key="mFCngservice" name="wservice1" scopedBy="epg">

<vnsAbsCfgRel name="service_key1" key="service_key"targetName="service1_adns"/>

<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_ADNS/AbsNode-GSLB_adns/AbsFConn-inside" />

</vnsAbsFolder><vnsAbsFolder key="external_network" name="external_network"

scopedBy="epg"><vnsAbsCfgRel name="external_network_key" key="external_network_key"

targetName="network/snip1"/><vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_GSLB_ADNS/AbsNode-GSLB_adns/AbsFConn-inside" /></vnsAbsFolder><vnsAbsFolder key="internal_network" name="internal_network"

scopedBy="epg"><vnsAbsCfgRel name="internal_network_key" key="internal_network_key"targetName="network/snip2"/>

<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_ADNS/AbsNode-GSLB_adns/AbsFConn-outside" />

</vnsAbsFolder></vnsAbsFuncCfg>

</vnsAbsNode><vnsAbsTermNodeCon name = "Output1">

<vnsAbsTermConn name = "C6"></vnsAbsTermConn>

</vnsAbsTermNodeCon><vnsAbsConnection name = "CON1">

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_ADNS/AbsTermNodeCon-Output1/AbsTConn" />

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_ADNS/AbsNode-GSLB_adns/AbsFConn-outside" />

</vnsAbsConnection><vnsAbsConnection name = "CON2">

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_ADNS/AbsNode-GSLB_adns/AbsFConn-inside" />

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_ADNS/AbsTermNodeProv-Input1/AbsTConn" />

</vnsAbsConnection></vnsAbsGraph></fvTenant></polUni>

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.

Goto Configurations, page C-1.

CreateServiceGraphWithParams_SP_GSLB_2.xml

Create a second service graph and configure additional L4-L7 parameters for GSLB.<!-- CreateServiceGraphWithParams_SP_GSLB_2 --><!-- Configure additional L4-L7 parameters for GSLB --><polUni>

<fvTenant name="silverTenant1">

C-67Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsAbsGraph name = "WebGraph_CS_GSLB_1"><vnsAbsTermNodeProv name = "Input1">

<vnsAbsTermConn name = "C1"></vnsAbsTermConn>

</vnsAbsTermNodeProv><!-- Config here is for GSLB local node --><vnsAbsNode name = "GSLB_1" funcType="GoTo" ><vnsAbsFuncConn name = "outside" attNotify="true"><vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-

GlobalServerLoadBalancing/mConn-external" /></vnsAbsFuncConn>

<vnsAbsFuncConn name = "inside" attNotify="true"><vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-

GlobalServerLoadBalancing/mConn-internal" /></vnsAbsFuncConn><vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-

GlobalServerLoadBalancing"/><vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_GSLB_1/AbsTermNodeProv-Input1/outtmnl"/><vnsAbsDevCfg>

<vnsAbsFolder key="Network" name="network" scopedBy="epg"><vnsAbsFolder key="nsip" name="snip1"><vnsAbsParam key="ipaddress" name="ip2" value="101.16.1.11"/><vnsAbsParam key="netmask" name="netmask1" value="255.255.255.0"/><vnsAbsParam key="type" name="tye" value="SNIP"/><vnsAbsParam key="dynamicrouting" name="dynamicrouting"

value="ENABLED"/><vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>

</vnsAbsFolder>

<vnsAbsFolder key="nsip" name="snip2"><vnsAbsParam key="ipaddress" name="ip1" value="10.16.1.11"/><vnsAbsParam key="netmask" name="netmask2" value="255.255.255.0"/><vnsAbsParam key="type" name="tye" value="SNIP"/><vnsAbsParam key="dynamicrouting" name="dynamicrouting"

value="DISABLED"/><vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>

</vnsAbsFolder></vnsAbsFolder><vnsAbsFolder key="gslbvserver" name="gslbVs1" scopedBy="epg"><vnsAbsParam name="name" key="name" value="vip-gslb-sp2013"/><vnsAbsParam name="servicetype" key="servicetype" value="SSL"/>

<vnsAbsFolder key="gslbvserver_gslbservice_binding"name="gslbVsServBind1" scopedBy="epg">

<vnsAbsCfgRel name="servicename" key="servicename"targetName="gslbServ1"/>

</vnsAbsFolder><vnsAbsFolder key="gslbvserver_gslbservice_binding"

name="gslbVsServBind2" scopedBy="epg"><vnsAbsCfgRel name="servicename" key="servicename"

targetName="gslbServ2"/></vnsAbsFolder><vnsAbsFolder key="gslbvserver_domain_binding" name="gslbVsDomainBind1"

scopedBy="epg"><vnsAbsParam name="domainname" key="domainname"

value="sp2013.test.ctx"/></vnsAbsFolder></vnsAbsFolder>

<vnsAbsFolder key="gslbservice" name="gslbServ1" scopedBy="epg"><vnsAbsParam name="servicename" key="servicename"

value="svc_gslb_sp2013_dc1"/><vnsAbsParam name="ip" key="ip" value="101.16.1.121"/><vnsAbsParam name="servicetype" key="servicetype" value="SSL"/><vnsAbsParam name="port" key="port" value="443"/>

C-68Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsAbsCfgRel name="sitename" key="sitename" targetName="gslbSite1"/></vnsAbsFolder>

<vnsAbsFolder key="gslbservice" name="gslbServ2" scopedBy="epg"><vnsAbsParam name="servicename" key="servicename"

value="svc_gslb_sp2013_dc2"/><vnsAbsParam name="ip" key="ip" value="201.16.1.121"/><vnsAbsParam name="servicetype" key="servicetype" value="SSL"/><vnsAbsParam name="port" key="port" value="443"/><vnsAbsCfgRel name="sitename" key="sitename" targetName="gslbSite2"/>

</vnsAbsFolder><vnsAbsFolder key="gslbsite" name="gslbSite1" scopedBy="epg"><vnsAbsParam name="sitename" key="sitename" value="Data_Center_1"/><vnsAbsParam name="siteipaddress" key="siteipaddress"

value="101.16.1.11"/></vnsAbsFolder>

<vnsAbsFolder key="gslbsite" name="gslbSite2" scopedBy="epg"><vnsAbsParam name="sitename" key="sitename" value="Data_Center_2"/><vnsAbsParam name="siteipaddress" key="siteipaddress"

value="201.16.1.11"/></vnsAbsFolder>

</vnsAbsDevCfg><vnsAbsFuncCfg>

<vnsAbsFolder key="mFCnggslbsite" name="mFCngslbsite1" scopedBy="epg"><vnsAbsCfgRel name="gslbsite_key" key="gslbsite_key"targetName="gslbSite1"/>

</vnsAbsFolder><vnsAbsFolder key="mFCnggslbsite" name="mFCngslbsite2" scopedBy="epg">

<vnsAbsCfgRel name="gslbsite_key" key="gslbsite_key"targetName="gslbSite2"/>

</vnsAbsFolder><vnsAbsFolder key="mFCnggslbvserver" name="gslbvserver1" scopedBy="epg">

<vnsAbsCfgRel name="gslbvserver_key" key="gslbvserver_key"targetName="gslbVs1"/>

<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-outside" />

</vnsAbsFolder><vnsAbsFolder key="mFCnggslbservice" name="gslbservice1" scopedBy="epg">

<vnsAbsCfgRel name="gslbservice_key" key="gslbservice_key"targetName="gslbServ1"/>

<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />

</vnsAbsFolder><vnsAbsFolder key="mFCnggslbservice" name="gslbservice2" scopedBy="epg">

<vnsAbsCfgRel name="gslbservice_key" key="gslbservice_key"targetName="gslbServ2"/>

<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />

</vnsAbsFolder><vnsAbsFolder key="external_network" name="external_network"

scopedBy="epg"><vnsAbsCfgRel name="external_network_key" key="external_network_key"targetName="network/snip1"/>

<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />

</vnsAbsFolder><vnsAbsFolder key="internal_network" name="internal_network"

scopedBy="epg"><vnsAbsCfgRel name="internal_network_key" key="internal_network_key"targetName="network/snip2"/>

<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-outside" />

</vnsAbsFolder></vnsAbsFuncCfg></vnsAbsNode>

C-69Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsAbsTermNodeCon name = "Output1"><vnsAbsTermConn name = "C6"></vnsAbsTermConn></vnsAbsTermNodeCon><vnsAbsConnection name = "CON1">

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsTermNodeCon-Output1/AbsTConn" />

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-outside" />

</vnsAbsConnection><vnsAbsConnection name = "CON2">

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsTermNodeProv-Input1/AbsTConn" />

</vnsAbsConnection></vnsAbsGraph>

</fvTenant></polUni>

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.

Goto Configurations, page C-1.

ConfigParameters_SP_GSLB_DynamicProx.xml

Configure L4-L7 parameters for GSLB using distribution by dynamic proximity.<!-- ConfigParameters_SP_GSLB_DynamicProx.xml --><!-- Configure L4-L7 parameters for GSLB by Dynamic Proximity --><polUni>

<fvTenant name="silverTenant1"> <!-- GSLB configuration --><vnsAbsGraph name = "WebGraph_CS_GSLB_1"><vnsAbsTermNodeProv name = "Input1">

<vnsAbsTermConn name = "C1"></vnsAbsTermConn>

</vnsAbsTermNodeProv><!-- Config here is for GSLB local node --><vnsAbsNode name = "GSLB_1" funcType="GoTo" >

<vnsAbsFuncConn name = "outside" attNotify="true"><vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-

GlobalServerLoadBalancing/mConn-external" /></vnsAbsFuncConn><vnsAbsFuncConn name = "inside" attNotify="true">

<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-GlobalServerLoadBalancing/mConn-internal" />

</vnsAbsFuncConn><vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-

GlobalServerLoadBalancing"/><vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_GSLB_1/AbsTermNodeProv-Input1/outtmnl"/><vnsAbsDevCfg><vnsAbsFolder key="Network" name="network" scopedBy="epg"><vnsAbsFolder key="nsip" name="snip1">

<vnsAbsParam key="ipaddress" name="ip2" value="101.16.1.11"/><vnsAbsParam key="netmask" name="netmask1"

value="255.255.255.0"/><vnsAbsParam key="type" name="tye" value="SNIP"/><vnsAbsParam key="dynamicrouting" name="dynamicrouting"

value="ENABLED"/><vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/></vnsAbsFolder>

<vnsAbsFolder key="nsip" name="snip2"><vnsAbsParam key="ipaddress" name="ip1" value="10.16.1.11"/>

C-70Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsAbsParam key="netmask" name="netmask2"value="255.255.255.0"/>

<vnsAbsParam key="type" name="tye" value="SNIP"/><vnsAbsParam key="dynamicrouting" name="dynamicrouting"

value="DISABLED"/><vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>

</vnsAbsFolder></vnsAbsFolder><vnsAbsFolder key="gslbvserver" name="gslbVs1" scopedBy="epg">

<vnsAbsParam name="name" key="name" value="vip-gslb-sp2013"/><vnsAbsParam name="servicetype" key="servicetype" value="SSL"/><vnsAbsParam name="lbmethod" key="lbmethod" value="RTT"/><vnsAbsFolder key="gslbvserver_gslbservice_binding"

name="gslbVsServBind1" scopedBy="epg"><vnsAbsCfgRel name="servicename" key="servicename"

targetName="gslbServ1"/></vnsAbsFolder>

<vnsAbsFolder key="gslbvserver_gslbservice_binding"name="gslbVsServBind2" scopedBy="epg">

<vnsAbsCfgRel name="servicename" key="servicename"targetName="gslbServ2"/>

</vnsAbsFolder><vnsAbsFolder key="gslbvserver_domain_binding"

name="gslbVsDomainBind1" scopedBy="epg"><vnsAbsParam name="domainname" key="domainname"value="sp2013.test.ctx"/>

</vnsAbsFolder></vnsAbsFolder>

<vnsAbsFolder key="gslbservice" name="gslbServ1" scopedBy="epg"><vnsAbsParam name="servicename" key="servicename"

value="svc_gslb_sp2013_dc1"/><vnsAbsParam name="ip" key="ip" value="101.16.1.121"/><vnsAbsParam name="servicetype" key="servicetype" value="SSL"/><vnsAbsParam name="port" key="port" value="443"/><vnsAbsCfgRel name="sitename" key="sitename"

targetName="gslbSite1"/></vnsAbsFolder>

<vnsAbsFolder key="gslbservice" name="gslbServ2" scopedBy="epg"><vnsAbsParam name="servicename" key="servicename"

value="svc_gslb_sp2013_dc2"/><vnsAbsParam name="ip" key="ip" value="201.16.1.121"/><vnsAbsParam name="servicetype" key="servicetype" value="SSL"/><vnsAbsParam name="port" key="port" value="443"/><vnsAbsCfgRel name="sitename" key="sitename"

targetName="gslbSite2"/></vnsAbsFolder><vnsAbsFolder key="gslbsite" name="gslbSite1" scopedBy="epg">

<vnsAbsParam name="sitename" key="sitename"value="Data_Center_1"/>

<vnsAbsParam name="siteipaddress" key="siteipaddress"value="101.16.1.11"/>

</vnsAbsFolder><vnsAbsFolder key="gslbsite" name="gslbSite2" scopedBy="epg">

<vnsAbsParam name="sitename" key="sitename"value="Data_Center_2"/>

<vnsAbsParam name="siteipaddress" key="siteipaddress"value="201.16.1.11"/>

</vnsAbsFolder></vnsAbsDevCfg><vnsAbsFuncCfg>

<vnsAbsFolder key="mFCnggslbsite" name="mFCngslbsite1"scopedBy="epg">

C-71Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsAbsCfgRel name="gslbsite_key" key="gslbsite_key"targetName="gslbSite1"/></vnsAbsFolder><vnsAbsFolder key="mFCnggslbsite" name="mFCngslbsite2"

scopedBy="epg"><vnsAbsCfgRel name="gslbsite_key" key="gslbsite_key"

targetName="gslbSite2"/></vnsAbsFolder><vnsAbsFolder key="mFCnggslbvserver" name="gslbvserver1"scopedBy="epg">

<vnsAbsCfgRel name="gslbvserver_key" key="gslbvserver_key"targetName="gslbVs1"/>

<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-outside" /></vnsAbsFolder>

<vnsAbsFolder key="mFCnggslbservice" name="gslbservice1"scopedBy="epg">

<vnsAbsCfgRel name="gslbservice_key" key="gslbservice_key"targetName="gslbServ1"/>

<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />

</vnsAbsFolder><vnsAbsFolder key="mFCnggslbservice" name="gslbservice2"

scopedBy="epg"><vnsAbsCfgRel name="gslbservice_key" key="gslbservice_key"

targetName="gslbServ2"/><vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" /></vnsAbsFolder>

<vnsAbsFolder key="external_network" name="external_network"scopedBy="epg">

<vnsAbsCfgRel name="external_network_key"key="external_network_key" targetName="network/snip1"/>

<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />

</vnsAbsFolder><vnsAbsFolder key="internal_network" name="internal_network"

scopedBy="epg"><vnsAbsCfgRel name="internal_network_key"

key="internal_network_key" targetName="network/snip2"/><vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-outside" /></vnsAbsFolder>

</vnsAbsFuncCfg></vnsAbsNode>

<vnsAbsTermNodeCon name = "Output1"><vnsAbsTermConn name = "C6"></vnsAbsTermConn>

</vnsAbsTermNodeCon><vnsAbsConnection name = "CON1">

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsTermNodeCon-Output1/AbsTConn" />

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-outside" />

</vnsAbsConnection><vnsAbsConnection name = "CON2">

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsTermNodeProv-Input1/AbsTConn" />

</vnsAbsConnection></vnsAbsGraph>

</fvTenant></polUni>

C-72Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.

Goto Configurations, page C-1.

ConfigParameters_SP_GSLB_StaticProx.xml

Configure L4-L7 parameters for GSLB using distribution by static proximity.<!-- ConfigParameters_SP_GSLB_StaticProx.xml --><!-- Configure L4-L7 parameters for GSLB by Static Proximity --><polUni>

<fvTenant name="silverTenant1"> <!-- GSLB configuration STATICPROXIMITY --><vnsAbsGraph name = "WebGraph_CS_GSLB_1"><vnsAbsTermNodeProv name = "Input1">

<vnsAbsTermConn name = "C1"></vnsAbsTermConn>

</vnsAbsTermNodeProv><!-- Config here is for GSLB local node --><vnsAbsNode name = "GSLB_1" funcType="GoTo" >

<vnsAbsFuncConn name = "outside" attNotify="true"><vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-

GlobalServerLoadBalancing/mConn-external" /></vnsAbsFuncConn><vnsAbsFuncConn name = "inside" attNotify="true">

<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-GlobalServerLoadBalancing/mConn-internal" />

</vnsAbsFuncConn><vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-

GlobalServerLoadBalancing"/><vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_GSLB_1/AbsTermNodeProv-Input1/outtmnl"/><vnsAbsDevCfg>

<vnsAbsFolder key="Network" name="network" scopedBy="epg"><vnsAbsFolder key="nsip" name="snip1">

<vnsAbsParam key="ipaddress" name="ip2" value="101.16.1.11"/><vnsAbsParam key="netmask" name="netmask1"

value="255.255.255.0"/><vnsAbsParam key="type" name="tye" value="SNIP"/><vnsAbsParam key="dynamicrouting" name="dynamicrouting"

value="ENABLED"/><vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>

</vnsAbsFolder><vnsAbsFolder key="nsip" name="snip2">

<vnsAbsParam key="ipaddress" name="ip1" value="10.16.1.11"/><vnsAbsParam key="netmask" name="netmask2"

value="255.255.255.0"/><vnsAbsParam key="type" name="tye" value="SNIP"/><vnsAbsParam key="dynamicrouting" name="dynamicrouting"

value="DISABLED"/><vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>

</vnsAbsFolder></vnsAbsFolder>

<vnsAbsFolder key="gslbvserver" name="gslbVs1" scopedBy="epg"><vnsAbsParam name="name" key="name" value="vip-gslb-sp2013"/><vnsAbsParam name="servicetype" key="servicetype" value="SSL"/><vnsAbsParam name="lbmethod" key="lbmethod"

value="STATICPROXIMITY"/><vnsAbsFolder key="gslbvserver_gslbservice_binding"

name="gslbVsServBind1" scopedBy="epg"><vnsAbsCfgRel name="servicename" key="servicename"targetName="gslbServ1"/>

</vnsAbsFolder>

C-73Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsAbsFolder key="gslbvserver_gslbservice_binding"name="gslbVsServBind2" scopedBy="epg">

<vnsAbsCfgRel name="servicename" key="servicename"targetName="gslbServ2"/>

</vnsAbsFolder><vnsAbsFolder key="gslbvserver_domain_binding"

name="gslbVsDomainBind1" scopedBy="epg"><vnsAbsParam name="domainname" key="domainname"

value="sp2013.test.ctx"/></vnsAbsFolder>

</vnsAbsFolder><vnsAbsFolder key="gslbservice" name="gslbServ1" scopedBy="epg">

<vnsAbsParam name="servicename" key="servicename"value="svc_gslb_sp2013_dc1"/>

<vnsAbsParam name="ip" key="ip" value="101.16.1.121"/><vnsAbsParam name="servicetype" key="servicetype" value="SSL"/><vnsAbsParam name="port" key="port" value="443"/>

<vnsAbsCfgRel name="sitename" key="sitename"targetName="gslbSite1"/>

</vnsAbsFolder><vnsAbsFolder key="gslbservice" name="gslbServ2" scopedBy="epg">

<vnsAbsParam name="servicename" key="servicename"value="svc_gslb_sp2013_dc2"/>

<vnsAbsParam name="ip" key="ip" value="201.16.1.121"/><vnsAbsParam name="servicetype" key="servicetype" value="SSL"/><vnsAbsParam name="port" key="port" value="443"/><vnsAbsCfgRel name="sitename" key="sitename"

targetName="gslbSite2"/></vnsAbsFolder><vnsAbsFolder key="gslbsite" name="gslbSite1" scopedBy="epg">

<vnsAbsParam name="sitename" key="sitename" value="Data_Center_1"/><vnsAbsParam name="siteipaddress" key="siteipaddress"

value="101.16.1.11"/></vnsAbsFolder><vnsAbsFolder key="gslbsite" name="gslbSite2" scopedBy="epg">

<vnsAbsParam name="sitename" key="sitename" value="Data_Center_2"/><vnsAbsParam name="siteipaddress" key="siteipaddress"

value="201.16.1.11"/></vnsAbsFolder><vnsAbsFolder key="location" name="locat1" scopedBy="epg">

<vnsAbsParam name="ipfrom" key="ipfrom" value="91.1.1.1"/><vnsAbsParam name="ipto" key="ipto" value="91.1.1.255"/>

<vnsAbsParam name="preferredlocation" key="preferredlocation"value="DC1"/>

</vnsAbsFolder><vnsAbsFolder key="location" name="locat2" scopedBy="epg"><vnsAbsParam name="ipfrom" key="ipfrom" value="101.16.1.121"/><vnsAbsParam name="ipto" key="ipto" value="101.16.1.121"/><vnsAbsParam name="preferredlocation" key="preferredlocation"

value="DC1"/></vnsAbsFolder><vnsAbsFolder key="location" name="locat3" scopedBy="epg">

<vnsAbsParam name="ipfrom" key="ipfrom" value="102.16.1.121"/><vnsAbsParam name="ipto" key="ipto" value="102.16.1.121"/><vnsAbsParam name="preferredlocation" key="preferredlocation"

value="DC1"/></vnsAbsFolder><vnsAbsFolder key="location" name="locat4" scopedBy="epg">

<vnsAbsParam name="ipfrom" key="ipfrom" value="92.1.1.1"/><vnsAbsParam name="ipto" key="ipto" value="92.1.1.255"/><vnsAbsParam name="preferredlocation" key="preferredlocation"value="DC2"/>

</vnsAbsFolder><vnsAbsFolder key="location" name="locat5" scopedBy="epg">

C-74Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsAbsParam name="ipfrom" key="ipfrom" value="201.16.1.121"/><vnsAbsParam name="ipto" key="ipto" value="201.16.1.121"/><vnsAbsParam name="preferredlocation" key="preferredlocation"

value="DC2"/></vnsAbsFolder><vnsAbsFolder key="location" name="locat6" scopedBy="epg">

<vnsAbsParam name="ipfrom" key="ipfrom" value="202.16.1.121"/><vnsAbsParam name="ipto" key="ipto" value="202.16.1.121"/><vnsAbsParam name="preferredlocation" key="preferredlocation"

value="DC2"/></vnsAbsFolder>

</vnsAbsDevCfg><vnsAbsFuncCfg>

<vnsAbsFolder key="mFCnggslbsite" name="mFCngslbsite1" scopedBy="epg"><vnsAbsCfgRel name="gslbsite_key" key="gslbsite_key"

targetName="gslbSite1"/></vnsAbsFolder><vnsAbsFolder key="mFCnggslbsite" name="mFCngslbsite2" scopedBy="epg">

<vnsAbsCfgRel name="gslbsite_key" key="gslbsite_key"targetName="gslbSite2"/>

</vnsAbsFolder><vnsAbsFolder key="mFCnggslbvserver" name="gslbvserver1" scopedBy="epg">

<vnsAbsCfgRel name="gslbvserver_key" key="gslbvserver_key"targetName="gslbVs1"/>

<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-outside" />

</vnsAbsFolder><vnsAbsFolder key="mFCnggslbservice" name="gslbservice1" scopedBy="epg">

<vnsAbsCfgRel name="gslbservice_key" key="gslbservice_key"targetName="gslbServ1"/>

<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />

</vnsAbsFolder><vnsAbsFolder key="mFCnggslbservice" name="gslbservice2" scopedBy="epg">

<vnsAbsCfgRel name="gslbservice_key" key="gslbservice_key"targetName="gslbServ2"/>

<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />

</vnsAbsFolder><vnsAbsFolder key="mFCnglocation" name="LOC1" scopedBy="epg">

<vnsAbsCfgRel name="location_key" key="location_key"targetName="locat1"/>

</vnsAbsFolder><vnsAbsFolder key="mFCnglocation" name="LOC2" scopedBy="epg">

<vnsAbsCfgRel name="location_key" key="location_key"targetName="locat2"/>

</vnsAbsFolder><vnsAbsFolder key="mFCnglocation" name="LOC3" scopedBy="epg">

<vnsAbsCfgRel name="location_key" key="location_key"targetName="locat3"/>

</vnsAbsFolder><vnsAbsFolder key="mFCnglocation" name="LOC4" scopedBy="epg">

<vnsAbsCfgRel name="location_key" key="location_key"targetName="locat4"/>

</vnsAbsFolder><vnsAbsFolder key="mFCnglocation" name="LOC5" scopedBy="epg">

<vnsAbsCfgRel name="location_key" key="location_key"targetName="locat5"/>

</vnsAbsFolder><vnsAbsFolder key="external_network" name="external_network"

scopedBy="epg"><vnsAbsCfgRel name="external_network_key" key="external_network_key"

targetName="network/snip1"/>

C-75Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />

</vnsAbsFolder><vnsAbsFolder key="internal_network" name="internal_network"

scopedBy="epg"><vnsAbsCfgRel name="internal_network_key" key="internal_network_key"

targetName="network/snip2"/><vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-outside" /></vnsAbsFolder>

</vnsAbsFuncCfg></vnsAbsNode><vnsAbsTermNodeCon name = "Output1"><vnsAbsTermConn name = "C6"></vnsAbsTermConn>

</vnsAbsTermNodeCon><vnsAbsConnection name = "CON1">

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsTermNodeCon-Output1/AbsTConn" />

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-outside" />

</vnsAbsConnection><vnsAbsConnection name = "CON2"><vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" /><vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_GSLB_1/AbsTermNodeProv-Input1/AbsTConn" /></vnsAbsConnection></vnsAbsGraph>

</fvTenant></polUni>

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.

Goto Configurations, page C-1.

ConfigParameters_SP_GSLB_LeastConn.xml

Configure L4-L7 parameters for GSLB using distribution by least connection.<!-- ConfigParameters_SP_GSLB_LeastConn.xml --><!-- Configure L4-L7 parameters for GSLB by Least Connection --><polUni>

<fvTenant name="silverTenant1"> <!-- GSLB config LEASTCONNECTION --><vnsAbsGraph name = "WebGraph_CS_GSLB_1"><vnsAbsTermNodeProv name = "Input1">

<vnsAbsTermConn name = "C1"></vnsAbsTermConn>

</vnsAbsTermNodeProv><!-- Config here is for GSLB local node --><vnsAbsNode name = "GSLB_1" funcType="GoTo" >

<vnsAbsFuncConn name = "outside" attNotify="true"><vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-

GlobalServerLoadBalancing/mConn-external" /></vnsAbsFuncConn><vnsAbsFuncConn name = "inside" attNotify="true">

<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-GlobalServerLoadBalancing/mConn-internal" />

</vnsAbsFuncConn><vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFunc-

GlobalServerLoadBalancing"/><vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_GSLB_1/AbsTermNodeProv-Input1/outtmnl"/><vnsAbsDevCfg>

C-76Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

<vnsAbsFolder key="Network" name="network" scopedBy="epg"><vnsAbsFolder key="nsip" name="snip1">

<vnsAbsParam key="ipaddress" name="ip2" value="101.16.1.11"/><vnsAbsParam key="netmask" name="netmask1" value="255.255.255.0"/><vnsAbsParam key="type" name="tye" value="SNIP"/><vnsAbsParam key="dynamicrouting" name="dynamicrouting"value="ENABLED"/>

<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/></vnsAbsFolder><vnsAbsFolder key="nsip" name="snip2">

<vnsAbsParam key="ipaddress" name="ip1" value="10.16.1.11"/><vnsAbsParam key="netmask" name="netmask2" value="255.255.255.0"/>

<vnsAbsParam key="type" name="tye" value="SNIP"/><vnsAbsParam key="dynamicrouting" name="dynamicrouting"

value="DISABLED"/><vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>

</vnsAbsFolder></vnsAbsFolder><vnsAbsFolder key="gslbvserver" name="gslbVs1" scopedBy="epg">

<vnsAbsParam name="name" key="name" value="vip-gslb-sp2013"/><vnsAbsParam name="servicetype" key="servicetype" value="SSL"/><vnsAbsParam name="lbmethod" key="lbmethod" value="LEASTCONNECTION"/><vnsAbsFolder key="gslbvserver_gslbservice_binding"

name="gslbVsServBind1" scopedBy="epg"><vnsAbsCfgRel name="servicename" key="servicename"targetName="gslbServ1"/>

</vnsAbsFolder><vnsAbsFolder key="gslbvserver_gslbservice_binding"

name="gslbVsServBind2" scopedBy="epg"><vnsAbsCfgRel name="servicename" key="servicename"targetName="gslbServ2"/>

</vnsAbsFolder><vnsAbsFolder key="gslbvserver_domain_binding" name="gslbVsDomainBind1"

scopedBy="epg"><vnsAbsParam name="domainname" key="domainname"value="sp2013.test.ctx"/>

</vnsAbsFolder></vnsAbsFolder><vnsAbsFolder key="gslbservice" name="gslbServ1" scopedBy="epg">

<vnsAbsParam name="servicename" key="servicename"value="svc_gslb_sp2013_dc1"/>

<vnsAbsParam name="ip" key="ip" value="101.16.1.121"/><vnsAbsParam name="servicetype" key="servicetype" value="SSL"/><vnsAbsParam name="port" key="port" value="443"/><vnsAbsCfgRel name="sitename" key="sitename" targetName="gslbSite1"/>

</vnsAbsFolder><vnsAbsFolder key="gslbservice" name="gslbServ2" scopedBy="epg">

<vnsAbsParam name="servicename" key="servicename"value="svc_gslb_sp2013_dc2"/>

<vnsAbsParam name="ip" key="ip" value="201.16.1.121"/><vnsAbsParam name="servicetype" key="servicetype" value="SSL"/><vnsAbsParam name="port" key="port" value="443"/><vnsAbsCfgRel name="sitename" key="sitename" targetName="gslbSite2"/>

</vnsAbsFolder><vnsAbsFolder key="gslbsite" name="gslbSite1" scopedBy="epg">

<vnsAbsParam name="sitename" key="sitename" value="Data_Center_1"/><vnsAbsParam name="siteipaddress" key="siteipaddress"

value="101.16.1.11"/></vnsAbsFolder><vnsAbsFolder key="gslbsite" name="gslbSite2" scopedBy="epg">

<vnsAbsParam name="sitename" key="sitename" value="Data_Center_2"/><vnsAbsParam name="siteipaddress" key="siteipaddress"

value="201.16.1.11"/></vnsAbsFolder>

C-77Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

</vnsAbsDevCfg><vnsAbsFuncCfg>

<vnsAbsFolder key="mFCnggslbsite" name="mFCngslbsite1" scopedBy="epg"><vnsAbsCfgRel name="gslbsite_key" key="gslbsite_key"

targetName="gslbSite1"/></vnsAbsFolder><vnsAbsFolder key="mFCnggslbsite" name="mFCngslbsite2" scopedBy="epg">

<vnsAbsCfgRel name="gslbsite_key" key="gslbsite_key"targetName="gslbSite2"/>

</vnsAbsFolder><vnsAbsFolder key="mFCnggslbvserver" name="gslbvserver1" scopedBy="epg">

<vnsAbsCfgRel name="gslbvserver_key" key="gslbvserver_key"targetName="gslbVs1"/>

<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-outside" />

</vnsAbsFolder><vnsAbsFolder key="mFCnggslbservice" name="gslbservice1" scopedBy="epg">

<vnsAbsCfgRel name="gslbservice_key" key="gslbservice_key"targetName="gslbServ1"/>

<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />

</vnsAbsFolder><vnsAbsFolder key="mFCnggslbservice" name="gslbservice2" scopedBy="epg">

<vnsAbsCfgRel name="gslbservice_key" key="gslbservice_key"targetName="gslbServ2"/>

<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />

</vnsAbsFolder><vnsAbsFolder key="external_network" name="external_network"

scopedBy="epg"><vnsAbsCfgRel name="external_network_key" key="external_network_key"

targetName="network/snip1"/><vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" /></vnsAbsFolder><vnsAbsFolder key="internal_network" name="internal_network"

scopedBy="epg"><vnsAbsCfgRel name="internal_network_key" key="internal_network_key"

targetName="network/snip2"/><vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraph-

WebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-outside" /></vnsAbsFolder>

</vnsAbsFuncCfg></vnsAbsNode><vnsAbsTermNodeCon name = "Output1">

<vnsAbsTermConn name = "C6"></vnsAbsTermConn>

</vnsAbsTermNodeCon><vnsAbsConnection name = "CON1">

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsTermNodeCon-Output1/AbsTConn" />

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-outside" />

</vnsAbsConnection><vnsAbsConnection name = "CON2">

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraph-WebGraph_CS_GSLB_1/AbsTermNodeProv-Input1/AbsTConn" />

</vnsAbsConnection></vnsAbsGraph>

</fvTenant></polUni>

C-78Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.

Goto Configurations, page C-1.

C-79Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Appendix C ConfigurationsXML Files for Configuring NetScaler Instances

C-80Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide