netscaler 10 developer's guide - citrix.com · citrix netscaler developer's guide ... in...
TRANSCRIPT
Citrix NetScaler Developer's Guide
Citrix® NetScaler® 10
Copyright and Trademark Notice© CITRIX SYSTEMS, INC., 2012. ALL RIGHTS RESERVED. NO PART OF THIS DOCUMENT MAY BEREPRODUCED OR TRANSMITTED IN ANY FORM OR BY ANY MEANS OR USED TO MAKE DERIVATIVE WORK(SUCH AS TRANSLATION, TRANSFORMATION, OR ADAPTATION) WITHOUT THE EXPRESS WRITTENPERMISSION OF CITRIX SYSTEMS, INC.
ALTHOUGH THE MATERIAL PRESENTED IN THIS DOCUMENT IS BELIEVED TO BE ACCURATE, IT ISPRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE ALLRESPONSIBILITY FOR THE USE OR APPLICATION OF THE PRODUCT(S) DESCRIBED IN THIS MANUAL.
CITRIX SYSTEMS, INC. OR ITS SUPPLIERS DO NOT ASSUME ANY LIABILITY THAT MAY OCCUR DUE TO THEUSE OR APPLICATION OF THE PRODUCT(S) DESCRIBED IN THIS DOCUMENT. INFORMATION IN THISDOCUMENT IS SUBJECT TO CHANGE WITHOUT NOTICE. COMPANIES, NAMES, AND DATA USED INEXAMPLES ARE FICTITIOUS UNLESS OTHERWISE NOTED.
The following information is for FCC compliance of Class A devices: This equipment has been tested and found tocomply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed toprovide reasonable protection against harmful interference when the equipment is operated in a commercialenvironment. This equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used inaccordance with the instruction manual, may cause harmful interference to radio communications. Operation of thisequipment in a residential area is likely to cause harmful interference, in which case users will be required to correct theinterference at their own expense.
Modifying the equipment without Citrix' written authorization may result in the equipment no longer complying with FCCrequirements for Class A digital devices. In that event, your right to use the equipment may be limited by FCCregulations, and you may be required to correct any interference to radio or television communications at your ownexpense.
You can determine whether your equipment is causing interference by turning it off. If the interference stops, it wasprobably caused by the NetScaler appliance. If the NetScaler equipment causes interference, try to correct theinterference by using one or more of the following measures:
Move the NetScaler equipment to one side or the other of your equipment.
Move the NetScaler equipment farther away from your equipment.
Plug the NetScaler equipment into an outlet on a different circuit from your equipment. (Make sure the NetScalerequipment and your equipment are on circuits controlled by different circuit breakers or fuses.)
Modifications to this product not authorized by Citrix Systems, Inc., could void the FCC approval and negate yourauthority to operate the product.
BroadCom is a registered trademark of BroadCom Corporation. Fast Ramp, NetScaler, and NetScaler Request Switchare trademarks of Citrix Systems, Inc. Linux is a registered trademark of Linus Torvalds. Internet Explorer, Microsoft,PowerPoint, Windows and Windows product names such as Windows NT are trademarks or registered trademarks ofthe Microsoft Corporation. NetScape is a registered trademark of Netscape Communications Corporation. Red Hat is atrademark of Red Hat, Inc. Sun and Sun Microsystems are registered trademarks of Sun Microsystems, Inc. Otherbrand and product names may be registered trademarks or trademarks of their respective holders.
Portions of this software may be redistributed under an open source license. Information about those portions of thesoftware, including a listing of all third party attribution notices and open source license agreements can be found at http://www.citrix.com/lang/English/lp/lp_2305124.asp.
All rights reserved.
Last Updated: March 2012
Document code: March 30 2012 07:36:18
Contents
Preface....................................................................................................5Formatting Conventions for NetScaler Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5Documentation Available on the NetScaler Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6Getting Service and Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7NetScaler Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
1 Introduction to the API. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9Hardware and Software Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10API Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10The NSConfig Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11Examples of API Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Example: Setting the Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13Example: Querying the Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
2 The Web Service Definition Language (WSDL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15Creating Client Applications with the NSConfig.wsdl File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16Filter WSDL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
3 Securing API Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19To configure secure API access based on the NetScaler IP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20To configure secure API access based on the subnet IP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
A Documentation Library. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23Release Notes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24Quick Start Guides. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24Configuration Guides. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25Reference Guides. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
iii
Contents
iv
Preface
Learn about the Citrix® NetScaler® collection of documentation, including informationabout support options and ways to send us feedback.
In This Preface:
w Formatting Conventions for NetScaler Documentation
w Documentation Available on the NetScaler Appliance
w Getting Service and Support
w NetScaler Documentation Feedback
Formatting Conventions for NetScalerDocumentation
The NetScaler documentation uses the following formatting conventions.
Table 1. Formatting Conventions
Convention Meaning
Boldface In text paragraphs or steps in aprocedure, information that you typeexactly as shown (user input), or anelement in the user interface.
Monospace Text that appears in a command-lineinterface. Used for examples ofcommand-line procedures. Also used todistinguish interface terms, such asnames of directories and files, fromordinary text.
<angle brackets> A term enclosed in angle brackets is avariable placeholder, to be replaced withan appropriate value. Do not enter theangle brackets.
[ brackets ] Optional items in command statements.For example, in the following command,[ -range <positiveInteger> ] means thatyou have the option of entering a range,but it is not required:
5
Convention Meaning
add lb vserver <name> <serviceType><IPAddress> <port> [ -range<positiveInteger>]
Do not type the brackets themselves.
| (vertical bar) A separator between options in braces orbrackets in command statements. Forexample, the following indicates thatyou choose one of the following loadbalancing methods:
<lbMethod> = ( ROUNDROBIN |LEASTCONNECTION |LEASTRESPONSETIME | URLHASH |DOMAINHASH | DESTINATIONIPHASH |SOURCEIPHASH | SRCIPDESTIPHASH |LEASTBANDWIDTH | LEASTPACKETS |TOKEN | SRCIPSRCPORTHASH | LRTM |CALLIDHASH | CUSTOMLOAD )
… (ellipsis) You can repeat the previous item oritems in command statements. Forexample, /route:<DeviceName>[ ,…]means you can type additional<DeviceNames> separated by commas.
Documentation Available on the NetScalerAppliance
A complete set of Citrix® NetScaler® documentation is available on the Documentationtab of your NetScaler appliance and at http://support.citrix.com/ (PDF version), and at http://edocs.citrix.com (HTML version). (The PDF version of the documents requireAdobe Reader, available at http://adobe.com/.)
To view the documentation
1. From a Web browser, log on to the NetScaler Appliance.
2. Click the Documentation tab.
3. To view a short description of each document, hover the mouse pointer over thetitle. To open a document, click the title.
Preface
6
Getting Service and SupportCitrix® offers a variety of resources for support with your Citrix environment, includingthe following:
w The Knowledge Center is a self-service, Web-based technical support database thatcontains thousands of technical solutions, including access to the latest hotfixes,service packs, and security bulletins.
w Technical Support Programs for both software support and appliance maintenanceare available at a variety of support levels.
w The Subscription Advantage program is a one-year membership that gives you aneasy way to stay current with the latest product version upgrades and enhancements.
w Citrix Education provides official training and certification programs on virtually allCitrix products and technologies.
For more information about Citrix services and support, see the Citrix Systems SupportWeb site at http://www.citrix.com/lang/English/support.asp.
You can also participate in and follow technical discussions offered by the experts onvarious Citrix products at the following sites:
w http://community.citrix.com
w http://twitter.com/citrixsupport
w http://forums.citrix.com/support
NetScaler Documentation FeedbackYou are encouraged to provide feedback and suggestions so that we can enhance thedocumentation. You can send an email to [email protected]. In the subjectline, specify "Documentation Feedback." Please include the title of the guide and thepage number in the email message.
You can also provide feedback through the Knowledge Center at http://support.citrix.com/.
To provide feedback at the Knowledge Center home page
1. Go to the Knowledge Center home page at http://support.citrix.com/.
2. On the Knowledge Center home page, under Products, expand NetScaler, and thenclick the NetScaler release for which you want to provide feedback.
3. On the Documentation tab, click the guide name, and then click Article Feedback.
4. On the Documentation Feedback page, complete the form, and then click Submit.
Citrix NetScaler Developer's Guide
7
Preface
8
Chapter 1
Introduction to the API
Topics:• Hardware and Software
Requirements
• API Architecture
• The NSConfig Interface
• Examples of API Usage
The API enables programmatic communications betweenclient applications and the NetScaler appliance, providing thefollowing benefits:
w Developers can control the NetScaler from a customapplication. The API enables the client application toconfigure and monitor the NetScaler.
w Developers can create client applications easily andquickly, using a language and platform with which they arecomfortable.
w The API provides a secure, end-to-end, standards-basedframework that integrates into the existing infrastructure.
Based on the Simple Object Access Protocol (SOAP) over HTTP,the API consists of the NSConfig interface. NSConfig includesmethods for setting and querying the configuration. Thesemethods allow the client application using the NSConfiginterface to perform almost all operations that anadministrator would normally perform with the CLI or GUI.
In addition, the NetScaler provides an interface description,based on the Web Services Definition Language (WSDL), thatfacilitates the development of client applications.
9
Hardware and Software RequirementsTo work with the API, your system needs to meet the following hardware and softwaresetup and requirements:
w A client workstation.
w Access to a NetScaler, version 8.0 or higher.
w A SOAP client tool kit (supporting SOAP version 1.1 and above), and thedevelopment environment for the tool kit. For example, if you use a Visual Basictool kit, you must have Visual Basic installed on your system.
API ArchitectureThe API architecture is designed to allow NSConfig client requests to be routed,through the HTTP daemon running on the target NetScaler, to a SOAP handler thattranslates the SOAP request into a call to the (internal) kernel configuration API.
Figure 1-1. The API Architecture
The order in which the NetScaler processes requests through the API is as follows:
w The client formats a request containing XML conforming to the SOAP protocol andsends it to the NetScaler.
w The HTTPD server instance on the NetScaler routes this request to a SOAP handler.
w The SOAP handler interprets the SOAP headers and maps the enclosed request to aninternal configuration function.
w The kernel acts on the request and returns one or more responses.
Chapter 1 Introduction to the API
10
w The SOAP handler translates the response(s) to a SOAP response message.
w The XML response is sent back to the client in an HTTP response.
The NSConfig InterfaceThe NSConfig interface closely mirrors the structure of the NetScaler command lineinterface (CLI). Administrators and programmers who are familiar with the CLI caneasily create and implement custom applications to query or set the configuration ontheir NetScaler.
The NSConfig interface includes methods for most of the CLI commands. In most casesthe method and the command name are the same. See the PortType section of theWSDL for a complete list of methods and their names.
For example, you use the add lb vserver CLI command to create a load balancingvirtual server, as follows:
add lb vserver <vServerName> <serviceType> [<IPAddress> <port>]
where:
<vServerName> = A name for the virtual server.
<serviceType> = ( HTTP | FTP | TCP | UDP).
<IPAddress> = The IP address used by the virtual server.
<port> = The port that the virtual server listens on.
Following is the corresponding API call, in the C language:
int ns__addlbvserver(void *handle, string vServerName, string serviceType, string IPAddress, unsignedShort port, ns__addlbvserverResponse *out);
Note: The exact syntax of the API call depends on the language used to write theclient program. The above ns__addlbvserver function prototype is similar to theone that would be generated by the gSOAP package at http://www.cs.fsu.edu/~engelen/soap.html.
The result returned for all NSConfig requests consists of:Rc
An integer return code. The value is zero if the request succeeded. A non-zero valueindicates that the request failed.
MessageA string message. Contains meaningful information only if the request fails (rc is non-zero) (for example, “Required argument missing”).
Citrix NetScaler Developer's Guide
11
ListA type-specific list of result entities. This element is present only for requests thatretrieve information from the NetScaler. For example, the API method names startingwith get, which correspond to the CLI show commands, return a list.
Command names in the NetScaler CLI typically consist of three terms, separated byspaces, identifying the operation, the feature that is being operated on, and thespecific item that is being operated on. For example, to create a new ApplicationFirewall profile, you type add appfw profile, followed by the command arguments.The corresponding API methods omit the spaces. For example, the API method for addappfw profile is addappfwprofile. The same principle applies to CLI commandnames that have only two terms. For example, add monitor becomes addmonitor.The other exceptions to this pattern are as follows:
1. The CLI show command is changed to get in the API, as shown below.
show lb vserver => getlbvserver
show service => getservice2. The following commands are omitted from the API:
• Commands that apply to the CLI itself (for example, clear CLI prompt).
• The batch, ping, grep, more, shell, and scp commands.
• The show router bgp and show router map commands.
• All stat commands.
3. Message "part" names in the API are the same as the corresponding CLI argumentnames. As in the CLI, case does not matter, and these names can be abbreviated.For more information, Citrix NetScaler Command Reference Guide at http://support.citrix.com/article/CTX132384
4. The result of a GET method (which corresponds to a show command in the CLI) isalways an array of a type defined in the WSDL. The elements of these complextypes generally correspond to arguments to the corresponding add/set command/method.
5. Authorization must be performed once, by sending a login request. The responsecontains a Set-Cookie HTTP header, and the cookie must be sent with eachsubsequent request. This is addressed in the Perl examples using by HTTP::Cookies.HTTP::Cookies are used for API client authentication purposes (to log into theNetScaler). In Perl, SOAP::Lite cannot perform this authentication process;HTTP::Cookies are used instead.
6. In some programming languages, such as Perl, it is possible to invoke theprogramming language API without using the WSDL.
Examples of API UsageThe following examples show how to develop an API call from a standard CLI command,how to generate the SOAP request, and how the NetScaler responds to that request.
Chapter 1 Introduction to the API
12
Example: Setting the ConfigurationThis example shows a CLI command, the corresponding API method, the resulting XMLrequest, and the XML response that is sent back to the client.
Note: The actual API method and the XML SOAP message contents may differ fromthe example shown below. The XML shown will be encased in a SOAP envelope,which will in turn be carried in an HTTP message. For more information, see the W3Cweb site at http://www.w3.org/TR/SOAP.
The following CLI command creates a Load Balancing virtual server:
> add lb vserver vipLB1 HTTP 10.100.101.1 80
Following is the corresponding API method:
> ns__addlbvserver (handle, “vipLB1”, “HTTP”, “10.100.101.1”, 80, &out);
The XML generated for this request is as follows.
<ns:addlbvserver><vServerName xsi:type="xsd:string" >vipLB1</vServerName><serviceType xsi:type="ns:vservicetypeEnum>HTTP</ serviceType><IPAddress xsi:type="xsd:string">10.100.101.1</IPAddress><port xsi:type="xsd:unsignedInt" >80</port>< /ns:addlbvserver >The XML response to the above request is as follows.
<ns:addlbvserverResponse><rc xsi:type="xsd:unsignedInt">0</rc><message xsi:type="xsd:string">Done</message></ns:addlbvserverResponse>
Example: Querying the ConfigurationThis example shows an API request that queries the configuration and receives a list ofentities.
Note: The actual API method and the XML SOAP message contents may differ fromthe example shown below.
The following CLI command shows the configured Load Balancing virtual servers:
> show lb vservers
Sample output of the show lb vservers command is as follows.
> show lb vservers2 configured virtual servers:1) vipLB1 (10.100.101.1:80) - HTTP Type: ADDRESS State: DOWN Method: LEASTCONNECTION Mode: IP
Citrix NetScaler Developer's Guide
13
Persistence: NONE2) vipLB2 (10.100.101.2:80) - HTTP Type: ADDRESS State: DOWN Method: LEASTCONNECTION Mode: IP Persistence: NONEDoneFollowing is the corresponding API method to show the list of Load Balancing virtualservers.
ns__getlbvserver(handle, NULL, &out)
The XML generated for this request is as follows.
<ns:getlbvserver></ns:getlbvserver>
The XML response to the above request is as follows.
<ns:getlbvserverResponse> <rc xsi:type="xsd:unsignedInt">0</rc> <message xsi:type="xsd:string">Done</message> <List xsi:type="SOAP-ENC:Array" SOAP-ENC:arrayType="ns:lbvserver[2]"> <item xsi:type="ns:lbvserver"> <vServerName xsi:type="xsd:string>vipLB1 </vServerName> <serviceType xsi:type="xsd:string>HTTP</ serviceType> <IPAddress xsi:type="xsd:string >10.100.101.1 </IPAddress> <port xsi:type="xsd:unsignedInt">80</port> </item> <item xsi:type="ns:lbvserver"> <vServerName xsi:type="xsd:string>vipLB2 </vServerName> <serviceType xsi:type="xsd:string>HTTP</ serviceType> <IPAddress xsi:type="xsd:string >10.100.101.2 </IPAddress> <port xsi:type="xsd:unsignedInt">80</port> </item> </List></ns:getlbvserverResponse>
Chapter 1 Introduction to the API
14
Chapter 2
The Web Service Definition Language(WSDL)
Topics:• Creating Client Applications
with the NSConfig.wsdl File
• Filter WSDL
The NetScaler WSDL describes services for the entire range ofNetScaler services. The NetScaler provides two WSDL files:
NSConfig.wsdlConfiguration APIs are defined in this file. TheNSConfig.wsdl file is found on the NetScaler at http://<NSIP>/api/NSConfig.wsdl, where <NSIP> is the IPaddress of your NetScaler. This file is much larger than theNSStat.wsdl file. With the help of a third-party tool (suchas gSOAP), developers can use this file to generate clientstubs. A custom application can then call the stubs to sendrequests to the NetScaler. The application can be in anystandard programming language that is supported by thethird-party tool. Common programming languages for thispurpose include Perl, Java, C, and C#. You can use thefilterwsdl command to select only the service definitionsthat are relevant to the API calls made in your script.
NSStat.wsdlStatistical APIs are defined in this file. The NSStat.wsdlfile is found on the NetScaler at http://<NSIP>/api/NSStat.wsdl, where <NSIP> is the IP address of yourNetScaler.
15
Creating Client Applications with theNSConfig.wsdl File
A client application can be created by importing the NSConfig.wsdl file with thegSOAP WSDL Importer to create a header file with C or C++ declarations of the SOAPmethods. The gSOAP compiler is then used to translate this header file into stubs forthe client application.
1. Get the NSConfig.h header file from the WSDL file.
a. Run the wsdl2h program that comes with gSOAP on the WSDL file.The wsdl2h program is in the following location.
> ./wsdl2h NSConfig.wsdl
The output of wsdl2h is as follows:
** The gSOAP WSDL parser for C and C++ 1.0.2** Copyright (C) 2001-2004 Robert van Engelen, Genivia, Inc.** All Rights Reserved. This product is provided "as is", without any warranty.Saving NSConfig.hReading file 'NSConfig.wsdl'Cannot open file 'typemap.dat'Problem reading type map file typemap.dat.Using internal type definitions for C instead.
b. Run the soapcpp2 program to compile the header file and complete theprocess, as shown below.> soapcpp2 NSConfig.h
2. Generate the XML files and stubs as follows:
> ./soapcpp2 -c -i NSConfig.h
Following is sample output for this command:
** The gSOAP Stub and Skeleton Compiler for C and C++ 2.4.1** Copyright (C) 2001-2004 Robert van Engelen, Genivia, Inc.** All Rights Reserved. This product is provided "as is", without any warranty.Saving soapStub.hSaving soapH.hSaving soapC.cSaving soapClient.cSaving soapServer.cSaving soapClientLib.cSaving soapServerLib.cUsing ns1 service name: NSConfigBindingUsing ns1 service location: http://NetScaler.com/api Using ns1 schema namespace: urn:NSConfigSaving soapNSConfigBindingProxy.h client proxySaving soapNSConfigBindingObject.h server objectSaving NSConfigBinding.addserver.req.xml sample SOAP/XML
Chapter 2 The Web Service Definition Language (WSDL)
16
requestSaving NSConfigBinding.addserver.res.xml sample SOAP/XML responseSaving NSConfigBinding.disableserver.req.xml sample SOAP/ XML requestSaving NSConfigBinding.disableserver.res.xml sample SOAP/ XML responseSaving NSConfigBinding.enableserver.req.xml sample SOAP/ XML requestSaving NSConfigBinding.enableserver.res.xml sample SOAP/ XML response[ ... Similar lines clipped ... ]Saving NSConfigBinding.nsmap namespace mapping tableCompilation successfulThis creates the stub files soapC.c, soapClient.c and stdsoap2.c.
3. Link the stub files you created with your source code to create a stand-alonebinary that invokes the API.
Filter WSDLThe NetScaler WSDL describes services for the entire range of NetScaler services. Whenyou use the NetScaler API in your scripts, by linking to the WSDL and attempting tocompile the application, the entire WSDL is included, unnecessarily increasingcompilation time and the size of the program.
Filter WSDL is a tool for selecting only those service definitions from the NetScalerWSDL that are relevant to the API calls made in the script. You can use the filter WSDLtool to filter NSConfig.wsdl and NSStat.wsdl files.
The NetScaler provides two WSDL files, one for the configuration APIs(NSConfig.wsdl) and the other for statistical APIs (NSStat.wsdl). The WSDL file forthe configuration API is much larger. Therefore, it is important to use filter WSDL whencompiling programs written with the configuration API.
Filter WSDL is a program that works on the Windows, FreeBSD and Linux platforms, andit can be run from the CLI.
The syntax for running filter WSDL is as follows:
filterwsdl <fromwsdl> <pattern>
where:
fromwsdl = The wsdl file that you want to filter
pattern = API method names or patterns that should be filtered
For example, if you want to filter all the service definitions for the API methodaddlbvserver from the NetScaler WSDL file, NSConfig.wsdl, you can use the command:
> filterwsdl NSConfig.wsdl "addlbvserver"
The output of this command is sent to the screen by default, but it can be redirectedto a file on the NetScaler by using the UNIX redirect operator (>). The output of the
Citrix NetScaler Developer's Guide
17
previous command can be saved into a file called NSConfig-Custom.wsdl by usingthe command as follows:
> filterwsdl NSConfig.wsdl "addlbvserver" > NSConfig-Custom.wsdl
In this case, the original WSDL file is 1.58 MB, but the filtered WSDL file is 6 KB.
The pattern used in the filterwsdl command can include the + and - operators and thewildcard operator (*) to create more generic filters.
For example, if you want to filter the service definitions for all the available loadbalancing methods, you can use the following command:
> filterwsdl NSConfig.wsdl "*lb"*
This command will filter all the Load Balancing methods but will also include GSLBmethods, because the pattern lb will be matched by all GSLB methods also. To includeonly LB methods and exclude all GSLB methods, use the command as follows:
> filterwsdl NSConfig.wsdl +"*lb" -"glsb"*
Chapter 2 The Web Service Definition Language (WSDL)
18
Chapter 3
Securing API Access
Topics:• To configure secure API
access based on theNetScaler IP
• To configure secure APIaccess based on the subnet IP
Secure access to CLI objects can be based on the NetScaler IPaddress or on the subnet IP address on which the NetScaler isdeployed. To provide secured API access based on theNetScaler IP address, you must configure the NetScaler to usetransparent SSL mode with clear text port.
19
To configure secure API access based on theNetScaler IP
1. Create a loopback SSL service and configure it use transparent SSL mode with cleartext port:
add service secure_xmlaccess 127.0.0.1 SSL 443 -clearTextPort 80
2. Add certificate and key:
add certkey cert1 –cert /nsconfig/ssl/ssl/cert1024.pem –key /nsconfig/ssl/ssl/rsakey.pem
Note: You can use an existing certificate and key or use the NetScaler CertificateAuthority Tool to create a key and test certificate for secure access.
3. Bind the certificate and key to the service:
bind certkey secure_xmlaccess cert1 -Service
4. Add a custom TCP monitor to monitor the SSL service you have added:
add monitor ssl_mon TCP -destport 80
5. Bind the custom TCP monitor to the SSL service:
bind monitor ssl_mon secure_xmlaccess
To configure secure API access based on thesubnet IP
1. Create an SSL VIP in the appropriate subnet:
add vserver <vServerName> SSL <Subnet-IP> 443
2. Create a loopback HTTP service:
add service <serviceName> 127.0.0.1 HTTP 80
3. Bind the service to the SSL VIP:
bind lb vserver <vServerName> <serviceName>
4. Add the certificate and the key:
Chapter 3 Securing API Access
20
add certkey cert1 –cert /nsconfig/ssl/ssl/cert1024.pem –key /nsconfig/ssl/ssl/rsakey.pem
Note: You can use an existing certificate and key or use the NetScaler CertificateAuthority Tool to create a key and test certificate.
5. Bind the Certificate and the Key to the SSL VIP:
bind certkey <vServerName> cert1
Citrix NetScaler Developer's Guide
21
Chapter 3 Securing API Access
22
Appendix A
Documentation Library
Topics:• Release Notes
• Quick Start Guides
• Configuration Guides
• Reference Guides
This appendix contains links to various NetScaler guides. Youcan either click the respecting document ID to open the PDFversion of the guide, or use the ID to search the guide in theCitrix Knowledge Center website available at http://support.citrix.com.
To search the guide on Citrix Knowledge Center website
1. Open the http://support.citrix.com link in a web browser.
2. Type the document ID in the Knowledge Center searchtext box and click Search.
3. Select the appropriate link from the search results.
23
Release NotesTitle Document ID
Citrix NetScaler Release Notes CTX132356
Quick Start GuidesTitle Document ID
Citrix NetScaler Quick Start Guide forNetScaler MPX
CTX132374
Citrix NetScaler Quick Start Guide forNetScaler MPX 5500
CTX132371
Citrix NetScaler Quick Start Guide forNetScaler MPX 7500, 9500
CTX132370
Citrix NetScaler Quick Start Guide forNetScaler MPX 9700, 10500, 12500, 15500
CTX132373
Citrix NetScaler Quick Start Guide forMPX 11500, 13500, 14500, 16500, 18500
CTX132379
Citrix NetScaler Quick Start Guide MPX17550/19550/20550/21550
CTX132380
Citrix NetScaler Quick Start Guide forNetScaler MPX 17500, 19500, 21500
CTX132377
Citrix NetScaler Quick Start Guide forSDX 11500, 13500, 14500, 16500, 18500,20500
CTX132785
Citrix NetScaler Quick Start Guide forSDX 17500/19500/21500
CTX132784
Citrix NetScaler Quick Start Guide forSDX 17550/19550/20550/21550
CTX132783
Appendix A Documentation Library
24
Configuration GuidesTitle Document ID
Citrix NetScaler Administration Guide CTX132357
Citrix NetScaler AppExpert Guide CTX132358
Citrix NetScaler Application OptimizationGuide
CTX132361
Citrix NetScaler Application Security Guide CTX132366
Citrix NetScaler Clustering Guide CTX132840
Citrix Application Firewall Guide CTX132360
Citrix NetScaler Getting Started Guide CTX132368
Citrix Hardware Installation and Setup Guide CTX132365
Citrix NetScaler Migration Guide CTX132364
Citrix NetScaler Networking Guide CTX132369
Citrix NetScaler Policy Configuration andReference Guide
CTX132362
Citrix NetScaler SDX Administration CTX132782
Citrix NetScaler Traffic Management Guide CTX132359
Citrix NetScaler VPX Getting Started Guide CTX132363
Reference GuidesTitle Document ID
Citrix NetScaler Command ReferenceGuide
CTX132384
Citrix NetScaler Developers Guide CTX132367
Citrix NetScaler Glossary CTX132383
Citrix NetScaler Log Message Reference CTX132384
Citrix NetScaler SNMP OID Reference CTX132381
Citrix NetScaler Developer's Guide
25