netscaler 10 getting started with vpx - citrix.com · getting started with citrix netscaler vpx 6....

Click here to load reader

Post on 01-May-2018

249 views

Category:

Documents

4 download

Embed Size (px)

TRANSCRIPT

  • Getting Started with Citrix NetScalerVPX

    2015-05-17 05:02:15 UTC

    2015 Citrix Systems, Inc. All rights reserved. Terms of Use | Trademarks | Privacy Statement

    http://www.citrix.com/about/legal/legal-notice.htmlhttp://www.citrix.com/about/legal/brand-guidelines.htmlhttp://www.citrix.com/about/legal/privacy.html

  • Contents

    Getting Started with Citrix NetScaler VPX............................................................... 5

    NetScaler VPX 10 ................................................................................. 7

    Citrix NetScaler Virtual Appliance Overview ........................................... 8

    NetScaler Virtual Appliance Setup for the XenServer Platform................ 9

    NetScaler Virtual Appliance Setup for the VMware ESX Platform ............. 12

    NetScaler Virtual Appliance Setup for the Microsoft Hyper-V Platform ...... 13

    NetScaler Virtual Appliance Setup for Linux-KVM Platform .................... 14

    Hypervisors Supported on a NetScaler Virtual Appliance ....................... 15

    Understanding the NetScaler ............................................................. 16

    Switching Features .................................................................... 17

    Security and Protection Features................................................... 18

    Optimization Features................................................................ 19

    Where Does a NetScaler Appliance Fit in the Network?......................... 20

    Physical Deployment Modes .................................................... 21

    Citrix NetScaler as an L2 Device............................................... 22

    Citrix NetScaler as a Packet Forwarding Device ............................ 23

    How a NetScaler Communicates with Clients and Servers ...................... 24

    Understanding NetScaler-Owned IP Addresses .............................. 25

    How Traffic Flows Are Managed ............................................... 26

    Traffic Management Building Blocks .......................................... 27

    A Simple Load Balancing Configuration ...................................... 28

    Understanding Virtual Servers ................................................. 30

    Understanding Services ......................................................... 33

    Understanding Policies and Expressions ........................................... 34

    Processing Order of Features........................................................ 35

    Installing NetScaler Virtual Appliances on XenServer ................................. 37

    Prerequisites for Installing NetScaler Virtual Appliances on XenServer ...... 38

    Installing NetScaler Virtual Appliances on XenServer by Using XenCenter 40

    Installing NetScaler Virtual Appliances on VMware ESX............................... 41

    2

  • Prerequisites for Installing NetScaler Virtual Appliances on VMware ......... 42

    Installing NetScaler Virtual Appliances on VMware ESX 4.0 or Later.......... 46

    Installing Citrix NetScaler Virtual Appliances on Microsoft Hyper-V Servers ...... 47

    Prerequisites for Installing NetScaler Virtual Appliance on MicrosoftServers .................................................................................. 48

    Installing NetScaler Virtual Appliance on Microsoft Servers .................... 50

    Configuring the Basic System Settings................................................... 52

    Setting Up the Initial Configuration by Using the NetScaler VirtualAppliance Console..................................................................... 53

    Configuring NetScaler Virtual Appliance by Using the Command LineInterface................................................................................ 55

    Configuring NetScaler Virtual Appliance by Using the Configuration Utility 56

    Understanding Common Network Topologies........................................... 57

    Setting Up Common Two-Arm Topologies ......................................... 58

    Setting Up a Simple Two-Arm Multiple Subnet Topology .................. 59

    Setting Up a Simple Two-Arm Transparent Topology ...................... 61

    Setting Up Common One-Arm Topologies ......................................... 62

    Setting Up a Simple One-Arm Single Subnet Topology ..................... 63

    Setting Up a Simple One-Arm Multiple Subnet Topology .................. 64

    Configuring System Management Settings .............................................. 66

    Configuring System Settings ......................................................... 67

    Configuring Modes of Packet Forwarding .......................................... 70

    Enabling and Disabling Layer 2 Mode ......................................... 71

    Enabling and Disabling Layer 3 Mode ......................................... 73

    Enabling and Disabling MAC-Based Forwarding Mode ...................... 75

    Configuring Network Interfaces ..................................................... 78

    Configuring Clock Synchronization ................................................. 80

    Configuring DNS ....................................................................... 82

    Configuring SNMP...................................................................... 84

    Adding SNMP Managers.......................................................... 86

    Adding SNMP Traps Listeners................................................... 87

    Configuring SNMP Alarms ....................................................... 89

    Configuring Syslog..................................................................... 91

    Verifying the Configuration.......................................................... 92

    Load Balancing Traffic on a NetScaler Appliance...................................... 95

    How Load Balancing Works .......................................................... 96

    Configuring Load Balancing .......................................................... 98

    Enabling Load Balancing ........................................................ 100

    Configuring Services and a Virtual Server.................................... 102

    3

  • Choosing and Configuring Persistence Settings ............................. 104

    Configuring Persistence Based on Cookies.............................. 106

    Configuring Persistence Based on Server IDs in URLs ................. 109

    Configuring Features to Protect the Load Balancing Configuration 111

    Configuring URL Redirection.............................................. 112

    Configuring Backup Virtual Servers ...................................... 114

    A Typical Load Balancing Scenario ................................................. 116

    Accelerating Load Balanced Traffic by Using Compression .......................... 119

    Compression Configuration Task Sequence ....................................... 120

    Enabling Compression ................................................................ 122

    Configuring Services to Compress Data ............................................ 123

    Binding a Compression Policy to a Virtual Server ................................ 125

    Securing Load Balanced Traffic by Using SSL........................................... 127

    SSL Configuration Task Sequence................................................... 128

    Enabling SSL Offload .................................................................. 130

    Creating HTTP Services............................................................... 131

    Adding an SSL-Based Virtual Server ................................................ 133

    Binding Services to the SSL Virtual Server......................................... 135

    Adding a Certificate Key Pair........................................................ 137

    Binding an SSL Certificate Key Pair to the Virtual Server....................... 139

    Configuring Support for Outlook Web Access ..................................... 141

    Creating an SSL Action to Enable OWA Support............................. 142

    Creating SSL Policies ............................................................ 143

    Binding the SSL Policy to an SSL Virtual Server ............................. 145

    Features at a Glance ....................................................................... 147

    Application Switching and Traffic Management Features....................... 148

    Application Acceleration Features.................................................. 151

    Application Security and Firewall Features ....................................... 152

    Application Visibility Feature ....................................................... 155

    4

  • 5

    Getting Started with Citrix NetScaler VPX

    Intended for system and network administrators who install and configure complexnetworking equipment, this section of the library describes initial setup and basicconfiguration of the Citrix NetScaler VPX product, including the following topics.

    Citrix NetScaler VPX Overview Defines NetScaler VPX and includes adescription of the virtualization platformson which NetScaler VPX can be hosted.

    Understanding the NetScaler What a NetScaler is and where it fits in anetwork, with descriptions of entities usedin typical configurations and the order inwhich data is processed by the variousfeatures.

    Installing NetScaler Virtual Appliances onXenServer

    Prerequisites and tasks for installingNetScaler VPX on XenServer.

    Installing NetScaler Virtual Appliances onVMware ESX

    Prerequisites and tasks for installingNetScaler VPX on VMware ESX 4.0 andVMware ESX 3.5.

    Installing NetScaler Virtual Appliances onMicrosoft Server 2008 RT

    Prerequisites and tasks for installingNetScaler VPX on Microsoft Server 2008 RT

    Installing NetScaler VPX on AWS Prerequisites and tasks for installingNetScaler VPX on AWS

    Configuring the Basic System Settings Tasks for setting up an initial configurationby using the NetScaler VPX Console inXenCenter and tasks for configuring aNetScaler VPX virtual appliance.

    Understanding Common NetworkTopologies

    Describes the four common deploymenttopologies: Two-Arm Multiple Subnet,Two-Arm Transparent, One-Arm SingleSubnet, and One-Arm Multiple Subnet.Includes topology diagrams, sample values,and references.

    Configuring System Management Settings Procedures for configuring basic systemmanagement settings, such as VLANs,SNMP, and DNS.

    Load Balancing Traffic on a NetScaler Basic introduction to the load balancingfeature. Includes procedures forconfiguring a basic load balancing setup todeliver a Web application, and proceduresfor configuring persistence, URLredirection, and backup vservers.

    Accelerating Load Balanced Traffic byUsing Compression

    Basic introduction to the compressionfeature. Includes procedures forconfiguring a NetScaler to compressapplication traffic.

  • Securing Load Balanced Traffic by UsingSSL

    Basic introduction to the SSL offloadfeature. Includes procedures forconfiguring a NetScaler to secureapplication traffic by using SSL.

    Features at a Glance Brief description of all the features, withlinks to documentation for the features.

    Getting Started with Citrix NetScaler VPX

    6

  • 7

    Citrix NetScaler Virtual ApplianceOverview

    The NetScaler virtual appliance product is a virtual NetScaler appliance that can be hostedon Citrix XenServer, VMware ESX or ESXi, and Microsoft Hyper-V virtualization platforms.

    A NetScaler virtual appliance supports all the features of a physical NetScaler, exceptvirtual MAC (vMAC) addresses, Layer 2 (L2) mode, and link aggregation control protocol(LACP). VLAN tagging is supported on the NetScaler virtual appliances hosted on theXenServer and on VMware ESX platforms.

    For the VLAN tagging feature to work, do one of the following:

    On the Citrix XenServer, configure tagged VLANs on a port on the switch but do NOTconfigure any VLANs on the XenServer interface attached to that port. The VLAN tagsare passed through to the virtual appliance and you can use the tagged VLANconfiguration on the virtual appliance.

    On the VMware ESX, set the port groups VLAN ID to 4095 on the VSwitch of VMware ESXserver. For more information about setting a VLAN ID on the VSwitch of VMware ESXserver, see http://www.vmware.com/pdf/esx3_vlan_wp.pdf.

    This overview covers only aspects that are unique to NetScaler virtual appliance. For anoverview of NetScaler virtual appliance functionality, see Understanding the NetScaler.

    Note: The terms NetScaler, NetScaler appliance, and appliance are used interchangeablywith NetScaler virtual appliance unless stated otherwise.

  • 8

    Citrix NetScaler Virtual ApplianceOverview

    The NetScaler virtual appliance product is a virtual NetScaler appliance that can be hostedon Citrix XenServer, VMware ESX or ESXi, and Microsoft Hyper-V virtualization platforms.

    A NetScaler virtual appliance supports all the features of a physical NetScaler, exceptvirtual MAC (vMAC) addresses, Layer 2 (L2) mode, and link aggregation control protocol(LACP). VLAN tagging is supported on the NetScaler virtual appliances hosted on theXenServer and on VMware ESX platforms.

    For the VLAN tagging feature to work, do one of the following:

    On the Citrix XenServer, configure tagged VLANs on a port on the switch but do NOTconfigure any VLANs on the XenServer interface attached to that port. The VLAN tagsare passed through to the virtual appliance and you can use the tagged VLANconfiguration on the virtual appliance.

    On the VMware ESX, set the port groups VLAN ID to 4095 on the VSwitch of VMware ESXserver. For more information about setting a VLAN ID on the VSwitch of VMware ESXserver, see http://www.vmware.com/pdf/esx3_vlan_wp.pdf.

    This overview covers only aspects that are unique to NetScaler virtual appliance. For anoverview of NetScaler virtual appliance functionality, see Understanding the NetScaler.

    Note: The terms NetScaler, NetScaler appliance, and appliance are used interchangeablywith NetScaler virtual appliance unless stated otherwise.

  • 9

    NetScaler Virtual Appliance Setup for theXenServer Platform

    When you set up NetScaler virtual appliance on XenServer, you must use the XenCenterclient to install the first NetScaler virtual appliance. Subsequent virtual appliances can beadded by using either the XenCenter client or Citrix Command Center.

    XenServerThe XenServer product is a server virtualization platform that offers near bare-metalvirtualization performance for virtualized server and client operating systems. XenServeruses the Xen hypervisor to virtualize each server on which it is installed, enabling eachserver to host multiple virtual machines simultaneously.

    The following figure shows the bare-metal solution architecture of NetScaler virtualappliance on XenServer.

    Figure 1. NetScaler Virtual Appliance on XenServer

    The bare-metal solution architecture has the following components:

    Hardware or physical layer:

    Physical hardware components including memory, CPU, network cards, and disk drives.

  • Xen hypervisor:

    Thin layer of software that runs on top of the hardware. The Xen hypervisor gives eachvirtual machine a dedicated view of the hardware.

    Virtual machine:

    Operating system hosted on the hypervisor and appearing to the user as a separatephysical computer. However, the machine shares physical resources with other virtualmachines, and it is portable because the virtual machine is abstracted from physicalhardware.

    A NetScaler virtual machine, or virtual appliance, is installed on the Xen hypervisor anduses paravirtualized drivers to access storage and network resources. It appears to the usersas an independent NetScaler appliance with its own network identity, user authorizationand authentication capabilities, configuration, applications, and data. Theparavirtualization technique enables the virtual machines and the hypervisor to worktogether to achieve high performance for I/O and for CPU and memory virtualization.

    For more information about XenServer, see the XenServer documentation athttp://support.citrix.com/product/xens/.

    XenCenterXenCenter is a graphical virtualization-management interface for XenServer, enablingyou to manage servers, resource pools, and shared storage, and to deploy, manage, andmonitor virtual machines from your Windows desktop machine.

    Use XenCenter to install NetScaler virtual appliance on XenServer.

    For more information about XenCenter, see the XenServer documentation athttp://support.citrix.com/product/xens/.

    Command CenterCommand Center is a management and monitoring solution for Citrix application networkingproducts that include NetScaler, NetScaler virtual appliance, Access Gateway EnterpriseEdition, Citrix Branch Repeater, Branch Repeater VPX, and Citrix Repeater. CommandCenter enables network administrators and operations teams to manage, monitor, andtroubleshoot the entire global application delivery infrastructure from a single, unifiedconsole.

    This centralized management solution simplifies operations by providing administrators withenterprise-wide visibility and automating management tasks that need to be executedacross multiple devices.

    Command Center is available with Citrix NetScaler Enterprise and Platinum editions.

    You can use Command Center to provision NetScaler virtual appliance on XenServer, andthen you can manage and monitor the virtual appliances from Command Center.

    NetScaler Virtual Appliance Setup for the XenServer Platform

    10

    http://support.citrix.com/product/xens/http://support.citrix.com/product/xens/

  • Note: You must use the XenCenter client to manage XenServer. You cannot manageXenServer from Command Center.

    For more information about Command Center, see the Command Center documentation.

    NetScaler Virtual Appliance Setup for the XenServer Platform

    11

    http://support.citrix.com/proddocs/topic/netscaler/cc-gen-commmand-center-wrapper-con.html

  • 12

    NetScaler Virtual Appliance Setup for theVMware ESX Platform

    The NetScaler virtual appliance setup for the VMware ESX platform requires a VMware ESXor ESXi server and the vSphere client.

    VMware ESX and ESXi are virtualization products based on bare-metal architecture, offeredby VMware, Inc. Citrix NetScaler virtual appliance can be hosted on a VMware ESX or ESXiserver.

    For more information about VMware ESX, see http://www.vmware.com/.

    The vSphere client is a graphical interface for managing virtual machines on VMware ESXservers. You use the vSphere client to allocate resources on the ESX server to virtualappliances installed on the server or to deallocate resources. For example, you can allocatevirtual network ports to a virtual appliance.

    For more information about VMware vSphere client, see http://www.vmware.com/.

    http://www.vmware.com/http://www.vmware.com/

  • 13

    NetScaler Virtual Appliance Setup for theMicrosoft Hyper-V Platform

    Note: This feature is only available in releases 9.3.e and 10.

    The NetScaler virtual appliance setup for the Microsoft Hyper-V platform requires WindowsServer 2008 R2 or 2012 with the Hyper-V role installed. Like all virtualization systems,Hyper-V enables you to create a virtualized computing environment that results in betterutilization of your hardware resources.

    Hyper-V is a type 1 hypervisor that comes preinstalled with Windows Server 2008 R2 or2012. It needs to be enabled as a role on the Windows Server.

    For more information about Hyper-V, seehttp://technet.microsoft.com/en-us/library/cc816638(WS.10).aspx.

    http://technet.microsoft.com/en-us/library/cc816638(WS.10).aspx

  • 14

    NetScaler Virtual Appliance Setup forLinux-KVM Platform

    The NetScaler VPX is a virtual NetScaler appliance that can be hosted on a kernel basedVirtualization Machine(KVM). The host Linux operating system must be installed on suitablehardware by using virtualization tools such as KVM Module and QEMU. NetScaler VPX runs asa virtual appliance on Linux-KVM server. Like all virtualization systems, KVM enables you tocreate a virtualized computing environment that results in better utilization of yourhardware resources.

  • 15

    Hypervisors Supported on a NetScalerVirtual Appliance

    The following table lists the details, such as system ID (sysID) and whether support isavailable for multiple packet engines (multi-PE), for the different hypervisors supported ona NetScaler virtual appliance.

    Table 1. Hypervisors Supported on a NetScaler Virtual Appliance

    VPX onXenServer

    VPX on VMwareESX

    VPX onMicrosoftHyper-V

    VPX on AmazonWeb Services

    HypervisorVersion

    6.0, 6.1 4.1, 5.1 2008, 2012 N/A

    SysID 450000 450010 450020 450040

    Multi-PESupported

    Yes Yes No No

    ClusteringSupported

    Yes Yes Yes No

    Licenses VPX-10,VPX-200,VPX-1000,VPX-3000,VPX-8000

    VPX-10,VPX-200,VPX-1000,VPX-3000,VPX-8000

    VPX-10,VPX-200,VPX-1000,VPX-3000,VPX-8000

    VPX-10,VPX-200,VPX-1000,VPX-BYOL

  • 16

    Understanding the NetScaler

    The Citrix NetScaler product is an application switch that performs application-specifictraffic analysis to intelligently distribute, optimize, and secure Layer 4-Layer 7 (L4L7)network traffic for web applications. For example, a NetScaler bases load balancingdecisions on individual HTTP requests instead of on long-lived TCP connections, so that thefailure or slowdown of a server is managed much more quickly and with less disruption toclients. The NetScaler feature set can be broadly categorized as consisting of switchingfeatures, security and protection features, and server-farm optimization features.

  • 17

    Switching Features

    When deployed in front of application servers, a NetScaler ensures optimal distribution oftraffic by the way in which it directs client requests. Administrators can segmentapplication traffic according to information in the body of an HTTP or TCP request, and onthe basis of L4L7 header information such as URL, application data type, or cookie.Numerous load balancing algorithms and extensive server health checks improve applicationavailability by ensuring that client requests are directed to the appropriate servers.

  • 18

    Security and Protection Features

    NetScaler security and protection features protect web applications from Application Layerattacks. A NetScaler allows legitimate client requests and can block malicious requests. Itprovides built-in defenses against denial-of-service (DoS) attacks and supports features thatprotect against legitimate surges in application traffic that would otherwise overwhelm theservers. An available built-in firewall protects web applications from Application Layerattacks, including buffer overflow exploits, SQL injection attempts, cross-site scriptingattacks, and more. In addition, the firewall provides identity theft protection by securingconfidential corporate information and sensitive customer data.

  • 19

    Optimization Features

    Optimization features offload resource-intensive operations, such as Secure Sockets Layer(SSL) processing, data compression, client keep-alive, TCP buffering, and the caching ofstatic and dynamic content from servers. This improves the performance of the servers inthe server farm and therefore speeds up applications. A NetScaler supports severaltransparent TCP optimizations, which mitigate problems caused by high latency andcongested network links, accelerating the delivery of applications while requiring noconfiguration changes to clients or servers.

  • 20

    Where Does a NetScaler Appliance Fit inthe Network?

    A NetScaler appliance resides between the clients and the servers, so that client requestsand server responses pass through it. In a typical installation, virtual servers configured onthe appliance provide connection points that clients use to access the applications behindthe appliance. In this case, the appliance owns public IP addresses that are associated withits virtual servers, while the real servers are isolated in a private network. It is also possibleto operate the appliance in a transparent mode as an L2 bridge or L3 router, or even tocombine aspects of these and other modes.

  • 21

    Physical Deployment Modes

    A NetScaler appliance logically residing between clients and servers can be deployed ineither of two physical modes: inline and one-arm. In inline mode, multiple networkinterfaces are connected to different Ethernet segments, and the appliance is placedbetween the clients and the servers. The appliance has a separate network interface toeach client network and a separate network interface to each server network. Theappliance and the servers can exist on different subnets in this configuration. It is possiblefor the servers to be in a public network and the clients to directly access the serversthrough the appliance, with the appliance transparently applying the L4-L7 features.Usually, virtual servers (described later) are configured to provide an abstraction of thereal servers. The following figure shows a typical inline deployment.

    Figure 1. Inline Deployment

    In one-arm mode, only one network interface of the appliance is connected to an Ethernetsegment. The appliance in this case does not isolate the client and server sides of thenetwork, but provides access to applications through configured virtual servers. One-armmode can simplify network changes needed for NetScaler installation in someenvironments.

    For examples of inline (two-arm) and one-arm deployment, see "Understanding CommonNetwork Topologies."

  • 22

    Citrix NetScaler as an L2 Device

    A NetScaler functioning as an L2 device is said to operate in L2 mode. In L2 mode, theNetScaler forwards packets between network interfaces when all of the followingconditions are met:

    The packets are destined to another device's media access control (MAC) address.

    The destination MAC address is on a different network interface.

    The network interface is a member of the same virtual LAN (VLAN).

    By default, all network interfaces are members of a pre-defined VLAN, VLAN 1. AddressResolution Protocol (ARP) requests and responses are forwarded to all network interfacesthat are members of the same VLAN. To avoid bridging loops, L2 mode must be disabled ifanother L2 device is working in parallel with the NetScaler.

    For information about how the L2 and L3 modes interact, see "Configuring Modes of PacketForwarding."

    For information about configuring L2 mode, see "Enabling and Disabling Layer 2 Mode."

    http://support.citrix.com/proddocs/topic/netscaler-vpx-10/ns-gen-config-mod-pkt-fwd-intro.html#concept_CF644A9E1EDD40BBAA13AE494D015FE1http://support.citrix.com/proddocs/topic/netscaler-vpx-10/ns-gen-config-mod-pkt-fwd-intro.html#concept_CF644A9E1EDD40BBAA13AE494D015FE1http://support.citrix.com/proddocs/topic/netscaler-vpx-10/ns-gen-enbl-disbl-l2-mode-tsk.html#task_66754129613C49CAAC576C81DEC57BFB

  • 23

    Citrix NetScaler as a Packet ForwardingDevice

    A NetScaler appliance can function as a packet forwarding device, and this mode ofoperation is called L3 mode. With L3 mode enabled, the appliance forwards any receivedunicast packets that are destined for an IP address that does not belong to the appliance, ifthere is a route to the destination. The appliance can also route packets between VLANs.

    In both modes of operation, L2 and L3, the appliance generally drops packets that are in:

    Multicast frames

    Unknown protocol frames destined for an appliance's MAC address (non-IP and non-ARP)

    Spanning Tree protocol (unless BridgeBPDUs is ON)

    For information about how the L2 and L3 modes interact, see "Configuring Modes of PacketForwarding."

    For information about configuring the L3 mode, see "Enabling and Disabling Layer 3 Mode."

    http://support.citrix.com/proddocs/topic/netscaler-vpx-10/ns-gen-config-mod-pkt-fwd-intro.html#concept_CF644A9E1EDD40BBAA13AE494D015FE1http://support.citrix.com/proddocs/topic/netscaler-vpx-10/ns-gen-config-mod-pkt-fwd-intro.html#concept_CF644A9E1EDD40BBAA13AE494D015FE1http://support.citrix.com/proddocs/topic/netscaler-vpx-10/ns-gen-enbl-disbl-l3-mode-tsk.html#task_A5198E29E01942548D7541777B18E339

  • 24

    How a NetScaler Communicates withClients and Servers

    A NetScaler appliance is usually deployed in front of a server farm and functions as atransparent TCP proxy between clients and servers, without requiring any client-sideconfiguration. This basic mode of operation is called Request Switching technology and isthe core of NetScaler functionality. Request Switching enables an appliance to multiplexand offload the TCP connections, maintain persistent connections, and manage traffic atthe request (application layer) level. This is possible because the appliance can separatethe HTTP request from the TCP connection on which the request is delivered.

    Depending on the configuration, an appliance might process the traffic before forwardingthe request to a server. For example, if the client attempts to access a secure applicationon the server, the appliance might perform the necessary SSL processing before sendingtraffic to the server.

    To facilitate efficient and secure access to server resources, an appliance uses a set of IPaddresses collectively known as NetScaler-owned IP addresses. To manage your networktraffic, you assign NetScaler-owned IP addresses to virtual entities that become the buildingblocks of your configuration. For example, to configure load balancing, you create virtualservers to receive client requests and distribute them to services, which are entitiesrepresenting the applications on your servers.

  • 25

    Understanding NetScaler-Owned IPAddresses

    To function as a proxy, a NetScaler appliance uses a variety of IP addresses. The keyNetScaler-owned IP addresses are:

    NetScaler IP (NSIP) address

    The NSIP address is the IP address for management and general system access to theappliance itself, and for communication between appliances in a high availabilityconfiguration.

    Mapped IP (MIP) address

    A MIP address is used for server-side connections. It is not the IP address of theappliance. In most cases, when the appliance receives a packet, it replaces the source IPaddress with a MIP address before sending the packet to the server. With the serversabstracted from the clients, the appliance manages connections more efficiently.

    Virtual server IP (VIP) address

    A VIP address is the IP address associated with a virtual server. It is the public IP addressto which clients connect. An appliance managing a wide range of traffic may have manyVIPs configured.

    Subnet IP (SNIP) address

    A SNIP address is used in connection management and server monitoring. You can specifymultiple SNIP addresses for each subnet. SNIP addresses can be bound to a VLAN.

    IP Set

    An IP set is a set of IP addresses, which are configured on the appliance as SNIP . An IPset is identified with a meaningful name that helps in identifying the usage of the IPaddresses contained in it.

    Net Profile

    A net profile (or network profile) contains an IP address or an IP set. A net profile can bebound to load balancing or content switching virtual servers, services, service groups, ormonitors. During communication with physical servers or peers, the appliance uses theaddresses specified in the profile as source IP addresses.

  • 26

    How Traffic Flows Are Managed

    Because a NetScaler appliance functions as a TCP proxy, it translates IP addresses beforesending packets to a server. When you configure a virtual server, clients connect to a VIPaddress on the NetScaler instead of directly connecting to a server. As determined by thesettings on the virtual server, the appliance selects an appropriate server and sends theclient's request to that server. By default, the appliance uses a SNIP address to establishconnections with the server, as shown in the following figure.

    Figure 1. Virtual Server Based Connections

    In the absence of a virtual server, when an appliance receives a request, it transparentlyforwards the request to the server. This is called the transparent mode of operation. Whenoperating in transparent mode, an appliance translates the source IP addresses of incomingclient requests to the SNIP address but does not change the destination IP address. For thismode to work, L2 or L3 mode has to be configured appropriately.

    For cases in which the servers need the actual client IP address, the appliance can beconfigured to modify the HTTP header by inserting the client IP address as an additionalfield, or configured to use the client IP address instead of a SNIP address for connections tothe servers.

  • 27

    Traffic Management Building Blocks

    The configuration of a NetScaler appliance is typically built up with a series of virtualentities that serve as building blocks for traffic management. The building block approachhelps separate traffic flows. Virtual entities are abstractions, typically representing IPaddresses, ports, and protocol handlers for processing traffic. Clients access applicationsand resources through these virtual entities. The most commonly used entities are virtualservers and services. Virtual servers represent groups of servers in a server farm or remotenetwork, and services represent specific applications on each server.

    Most features and traffic settings are enabled through virtual entities. For example, you canconfigure an appliance to compress all server responses to a client that is connected to theserver farm through a particular virtual server. To configure the appliance for a particularenvironment, you need to identify the appropriate features and then choose the right mixof virtual entities to deliver them. Most features are delivered through a cascade of virtualentities that are bound to each other. In this case, the virtual entities are like blocks beingassembled into the final structure of a delivered application. You can add, remove, modify,bind, enable, and disable the virtual entities to configure the features. The following figureshows the concepts covered in this section.

    Figure 1. How Traffic Management Building Blocks Work

  • 28

    A Simple Load Balancing Configuration

    In the example shown in the following figure, the NetScaler appliance is configured tofunction as a load balancer. For this configuration, you need to configure virtual entitiesspecific to load balancing and bind them in a specific order. As a load balancer, anappliance distributes client requests across several servers and thus optimizes theutilization of resources.

    The basic building blocks of a typical load balancing configuration are services and loadbalancing virtual servers. The services represent the applications on the servers. The virtualservers abstract the servers by providing a single IP address to which the clients connect.To ensure that client requests are sent to a server, you need to bind each service to avirtual server. That is, you must create services for every server and bind the services to avirtual server. Clients use the VIP address to connect to a NetScaler appliance. When theappliance receives client requests sent to the VIP address, it sends them to a serverdetermined by the load balancing algorithm. Load balancing uses a virtual entity called amonitor to track whether a specific configured service (server plus application) is availableto receive requests.

    Figure 1. Load Balancing Virtual Server, Services, and Monitors

    In addition to configuring the load balancing algorithm, you can configure severalparameters that affect the behavior and performance of the load balancing configuration.For example, you can configure the virtual server to maintain persistence based on sourceIP address. The appliance then directs all requests from any specific IP address to the sameserver.

  • A Simple Load Balancing Configuration

    29

  • 30

    Understanding Virtual Servers

    A virtual server is a named NetScaler entity that external clients can use to accessapplications hosted on the servers. It is represented by an alphanumeric name, virtual IP(VIP) address, port, and protocol. The name of the virtual server is of only local significanceand is designed to make the virtual server easier to identify. When a client attempts toaccess applications on a server, it sends a request to the VIP instead of the IP address ofthe physical server. When the appliance receives a request at the VIP address, it terminatesthe connection at the virtual server and uses its own connection with the server on behalfof the client. The port and protocol settings of the virtual server determine the applicationsthat the virtual server represents. For example, a web server can be represented by avirtual server and a service whose port and protocol are set to 80 and HTTP, respectively.Multiple virtual servers can use the same VIP address but different protocols and ports.

    Virtual servers are points for delivering features. Most features, like compression, caching,and SSL offload, are normally enabled on a virtual server. When the appliance receives arequest at a VIP address, it chooses the appropriate virtual server by the port on which therequest was received and its protocol. The appliance then processes the request asappropriate for the features configured on the virtual server.

    In most cases, virtual servers work in tandem with services. You can bind multiple servicesto a virtual server. These services represent the applications running on physical servers ina server farm. After the appliance processes requests received at a VIP address, it forwardsthem to the servers as determined by the load balancing algorithm configured on the virtualserver. The following figure illustrates these concepts.

  • Figure 1. Multiple Virtual Servers with a Single VIP Address

    The preceding figure shows a configuration consisting of two virtual servers with a commonVIP address but different ports and protocols. Each of the virtual servers has two servicesbound to it. The services s1 and s2 are bound to VS_HTTP and represent the HTTPapplications on Server 1 and Server 2. The services s3 and s4 are bound to VS_SSL andrepresent the SSL applications on Server 2 and Server 3 (Server 2 provides both HTTP andSSL applications). When the appliance receives an HTTP request at the VIP address, itprocesses the request as specified by the settings of VS_HTTP and sends it to either Server1 or Server 2. Similarly, when the appliance receives an HTTPS request at the VIP address,it processes it as specified by the settings of VS_SSL and it sends it to either Server 2 orServer 3.

    Virtual servers are not always represented by specific IP addresses, port numbers, orprotocols. They can be represented by wildcards, in which case they are known as wildcardvirtual servers. For example, when you configure a virtual server with a wildcard instead ofa VIP, but with a specific port number, the appliance intercepts and processes all trafficconforming to that protocol and destined for the predefined port. For virtual servers withwildcards instead of VIPs and port numbers, the appliance intercepts and processes alltraffic conforming to the protocol.

    Virtual servers can be grouped into the following categories:

    Load balancing virtual server

    Receives and redirects requests to an appropriate server. Choice of the appropriateserver is based on which of the various load balancing methods the user configures.

    Cache redirection virtual server

    Understanding Virtual Servers

    31

  • Redirects client requests for dynamic content to origin servers, and requests for staticcontent to cache servers. Cache redirection virtual servers often work in conjunctionwith load balancing virtual servers.

    Content switching virtual server

    Directs traffic to a server on the basis of the content that the client has requested. Forexample, you can create a content switching virtual server that directs all clientrequests for images to a server that serves images only. Content switching virtual serversoften work in conjunction with load balancing virtual servers.

    Virtual private network (VPN) virtual server

    Decrypts tunneled traffic and sends it to intranet applications.

    SSL virtual server

    Receives and decrypts SSL traffic, and then redirects to an appropriate server. Choosingthe appropriate server is similar to choosing a load balancing virtual server.

    Understanding Virtual Servers

    32

  • 33

    Understanding Services

    Services represent applications on a server. While services are normally combined withvirtual servers, in the absence of a virtual server, a service can still manageapplication-specific traffic. For example, you can create an HTTP service on a NetScalerappliance to represent a web server application. When the client attempts to access a website hosted on the web server, the appliance intercepts the HTTP requests and creates atransparent connection with the web server.

    In service-only mode, an appliance functions as a proxy. It terminates client connections,uses a SNIP address to establish a connection to the server, and translates the destination IPaddresses of incoming client requests to a SNIP address. Although the clients send requestsdirectly to the IP address of the server, the server sees them as coming from the SNIPaddress. The appliance translates the IP addresses, port numbers, and sequence numbers.

    A service is also a point for applying features. Consider the example of SSL acceleration. Touse this feature, you must create an SSL service and bind an SSL certificate to the service.When the appliance receives an HTTPS request, it decrypts the traffic and sends it, in cleartext, to the server. Only a limited set of features can be configured in the service-onlycase.

    Services use entities called monitors to track the health of applications. Every service has adefault monitor, which is based on the service type, bound to it. As specified by thesettings configured on the monitor, the appliance sends probes to the application at regularintervals to determine its state. If the probes fail, the appliance marks the service as down.In such cases, the appliance responds to client requests with an appropriate error messageor re-routes the request as determined by the configured load balancing policies.

  • 34

    Understanding Policies and Expressions

    A policy defines specific details of traffic filtering and management on a NetScaler. Itconsists of two parts: the expression and the action. The expression defines the types ofrequests that the policy matches. The action tells the NetScaler what to do when a requestmatches the expression. As an example, the expression might be to match a specific URLpattern to a type of security attack, with the action being to drop or reset the connection.Each policy has a priority, and the priorities determine the order in which the policies areevaluated.

    When a NetScaler receives traffic, the appropriate policy list determines how to process thetraffic. Each policy on the list contains one or more expressions, which together define thecriteria that a connection must meet to match the policy.

    For all policy types except Rewrite policies, a NetScaler implements only the first policythat a request matches, not any additional policies that it might also match. For Rewritepolicies, the NetScaler evaluates the policies in order and, in the case of multiple matches,performs the associated actions in that order. Policy priority is important for getting theresults you want.

  • 35

    Processing Order of Features

    Depending on requirements, you can choose to configure multiple features. For example,you might choose to configure both compression and SSL offload. As a result, an outgoingpacket might be compressed and then encrypted before being sent to the client.

    The following figure shows the L7 packet flow in the NetScaler.

    Figure 1. L7 Packet Flow Diagram

    The following figure shows the DataStream packet flow in the NetScaler. DataStream issupported for MySQL and MS SQL databases. For information about the DataStream feature,see "DataStream."

    Figure 2. DataStream Packet Flow Diagram

    http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-dbproxy-wrapper-con-10.html

  • Processing Order of Features

    36

  • 37

    Installing NetScaler Virtual Appliances onXenServer

    To install NetScaler virtual appliances on Citrix XenServer, you must first install XenServeron a machine with adequate system resources. To perform the NetScaler virtual applianceinstallation, you use Citrix XenCenter, which must be installed on a remote machine thatcan connect to the XenServer host through the network.

    Note: After the initial configuration of the NetScaler appliance, if you want to upgradethe appliance to the latest software release, see Upgrading or Downgrading the SystemSoftware.

    http://support.citrix.com/proddocs/topic/netscaler-migration-10/ns-instpk-upgrd-dwngrd-sys-sw-wrapper-con.htmlhttp://support.citrix.com/proddocs/topic/netscaler-migration-10/ns-instpk-upgrd-dwngrd-sys-sw-wrapper-con.html

  • 38

    Prerequisites for Installing NetScalerVirtual Appliances on XenServer

    Before you begin installing a virtual appliance, do the following:

    Install XenServer version 5.6 or later on hardware that meets the minimumrequirements.

    Install XenCenter on a management workstation that meets the minimum systemrequirements.

    Obtain virtual appliance license files. For more information about virtual appliancelicenses, see the NetScaler VPX Licensing Guide athttp://support.citrix.com/article/ctx122426.

    XenServer Hardware RequirementsThe following table describes the minimum hardware requirements for a XenServerplatform running NetScaler.

    Table 1. Minimum System Requirements for XenServer Running NetScaler nCore virtualappliance

    Component Requirement

    CPU 2 or more 64-bit x86 CPUs with virtualizationassist (Intel-VT or AMD-V) enabled

    Note: To run NetScaler virtual appliance,hardware support for virtualization must beenabled on the XenServer host. Make sure thatthe BIOS option for virtualization support is notdisabled. Consult your BIOS documentation formore details.

    RAM 3 gigabytes (GB)

    Disk space Locally attached storage (PATA, SATA, SCSI) with40 GB of disk space

    Note: XenServer installation creates a 4 GBpartition for the XenServer host control domain;the remaining space is available for NetScalervirtual appliance and other virtual machines.

    Network Interface Card (NIC) One 1-Gbps NIC

    Recommended: Two 1-Gbps NICs

    http://support.citrix.com/article/ctx122426

  • For information about installing XenServer, see the XenServer documentation athttp://support.citrix.com/product/xens/.

    The following table lists the virtual computing resources that XenServer must provide foreach NetScaler nCore virtual appliance .

    Table 2. Minimum Virtual Computing Resources Required for Running NetScaler ncorevirtual appliance

    Component Requirement

    Memory 2 GB

    Virtual CPU (VCPU) 2

    Virtual network interfaces 2

    Note: For production use of NetScaler virtual appliance, Citrix recommends that CPUpriority (in virtual machine properties) be set to the highest level, in order to improvescheduling behavior and network latency.

    XenCenter System RequirementsXenCenter is a Windows client application. It cannot run on the same machine as theXenServer host. The following table describes the minimum system requirements.

    Table 3. Minimum System Requirements for XenCenter Installation

    Component Requirement

    Operating system Windows 7, Windows XP, Windows Server2003, or Windows Vista

    .NET framework Version 2.0 or later

    CPU 750 megahertz (MHz)

    Recommended: 1 gigahertz (GHz) or faster

    RAM 1 GB

    Recommended: 2 GB

    Network Interface Card (NIC) 100 megabits per second (Mbps) or fasterNIC

    For information about installing XenCenter, see the XenServer documentation athttp://support.citrix.com/product/xens/.

    Prerequisites for Installing NetScaler Virtual Appliances on XenServer

    39

    http://support.citrix.com/product/xens/http://support.citrix.com/product/xens/

  • 40

    Installing NetScaler Virtual Appliances onXenServer by Using XenCenter

    After you have installed and configured XenServer and XenCenter, you can use XenCenter toinstall virtual appliances on XenServer. The number of virtual appliances that you caninstall depends on the amount of memory available on the hardware that is runningXenServer.

    After you have used XenCenter to install the initial NetScaler virtual appliance (.xva image)on XenServer, you have the option to use Command Center to provision NetScaler virtualappliance. For more information, see the Command Center documentation.

    To install NetScaler virtual appliances on XenServer by using XenCenter

    1. Start XenCenter on your workstation.

    2. On the Server menu, click Add.

    3. In the Add New Server dialog box, in the Hostname text box, type the IP address or DNSname of the XenServer that you want to connect to.

    4. In the User Name and Password text boxes, type the administrator credentials, andthen click Connect. The XenServer name appears in the navigation pane with a greencircle, which indicates that the XenServer is connected.

    5. In the navigation pane, click the name of the XenServer on which you want to installNetScaler virtual appliance.

    6. On the VM menu, click Import.

    7. In the Import dialog box, in Import file name, browse to the location at which you savedthe NetScaler virtual appliance .xva image file. Make sure that the Exported VM optionis selected, and then click Next.

    8. Select the XenServer on which you want to install the virtual appliance, and then clickNext.

    9. Select the local storage repository in which to store the virtual appliance, and thenclick Import to begin the import process.

    10. You can add, modify, or delete virtual network interfaces as required. When finished,click Next.

    11. Click Finish to complete the import process.

    Note: To view the status of the import process, click the Log tab.

    12. If you want to install another virtual appliance, repeat steps 5 through 11.

    http://support.citrix.com/proddocs/topic/netscaler/cc-gen-commmand-center-wrapper-con.html

  • 41

    Installing NetScaler Virtual Appliances onVMware ESX

    Important: You cannot install standard VMware Tools or upgrade the VMware Toolsversion available on a NetScaler virtual appliance. VMware Tools for a NetScaler virtualappliance are delivered as part of the NetScaler software release.

    Before installing NetScaler virtual appliances on VMware ESX, make sure that VMware ESXServer is installed on a machine with adequate system resources. To install NetScalervirtual appliances on VMware ESXi version 4.0 or later, you use VMware vSphere client. Theclient or tool must be installed on a remote machine that can connect to VMware ESXthrough the network.

    After the installation, you can use vSphere client or vSphere Web Client to manage virtualappliances on VMware ESX 4.0 or later release.

    Note:

    The VMware vSphere client shows the guest operating system as "Sun Solaris 10" forNetScaler virtual machine. This is by design because VMware ESXi does not recognizeFreeBSD.

    After the initial configuration of the NetScaler appliance, if you want to upgrade theappliance to the latest software release, see "Upgrading or Downgrading the SystemSoftware."

    http://support.citrix.com/proddocs/topic/netscaler-migration-10/ns-instpk-upgrd-dwngrd-sys-sw-wrapper-con.htmlhttp://support.citrix.com/proddocs/topic/netscaler-migration-10/ns-instpk-upgrd-dwngrd-sys-sw-wrapper-con.html

  • 42

    Prerequisites for Installing NetScalerVirtual Appliances on VMware

    Before you begin installing a virtual appliance, do the following:

    Install VMware ESX version 4.1 or later on hardware that meets the minimumrequirements.

    Install VMware Client on a management workstation that meets the minimum systemrequirements.

    Download the NetScaler virtual appliance setup files.

    Label the physical network ports of VMware ESX.

    Obtain NetScaler license files. For more information about NetScaler virtual appliancelicenses, see the NetScaler VPX Licensing Guide athttp://support.citrix.com/article/ctx131110.

    VMware ESX Hardware RequirementsThe following table describes the minimum system requirements for VMware ESX serversrunning NetScaler ncore virtual appliance.

    Table 1. Minimum System Requirements for VMware ESX Servers Running NetScaler nCorevirtual appliance

    Component Requirement

    CPU 2 or more 64-bit x86 CPUs withvirtualization assist (Intel-VT or AMD-V)enabled

    Note: To run NetScaler virtualappliance, hardware support forvirtualization must be enabled on theVMware ESX host. Make sure that theBIOS option for virtualization support isnot disabled. For more information, seeyour BIOS documentation.

    RAM 3 GB

    Disk space 40 GB of disk space available

    Network One 1-Gbps NIC; Two 1-Gbps NICsrecommended (The network interfacesmust be Intel E1000.)

    For information about installing VMware ESX, see http://www.vmware.com/.

    http://support.citrix.com/article/ctx131110http://www.vmware.com

  • The following table lists the virtual computing resources that the VMware ESX server mustprovide for each NetScaler ncore virtual appliance.

    Table 2. Minimum Virtual Computing Resources Required for Running NetScaler ncorevirtual appliance

    Component Requirement

    Memory 2 GB

    Virtual CPU (VCPU) 2

    Important: Do not modify the systemresources to create a virtual CPU (VCPU)in addition to the two CPUs alreadyallotted to the virtual appliance.

    Virtual network interfaces 1

    Note: With ESX 4.0 or later, you caninstall a maximum of 10 virtual networkinterfaces if the VPX hardware isupgraded version to 7 or higher.

    Disk space 20 GB

    Note: This is in addition to any diskrequirements for the hypervisor.

    Note: For production use of NetScaler virtual appliance, the full memory allocation mustbe reserved. CPU cycles (in MHz) equal to at least the speed of one CPU core of the ESXshould also be reserved.

    VMware vSphere Client System RequirementsVMware vSphere is a client application that can run on Windows and Linux operatingsystems. It cannot run on the same machine as the VMware ESX server. The following tabledescribes the minimum system requirements.

    Table 3. Minimum System Requirements for VMware vSphere Client Installation

    Component Requirement

    Operating system For detailed requirements from VMware,search for the "vSphere CompatibilityMatrixes" PDF file athttp://kb.vmware.com/.

    CPU 750 megahertz (MHz); 1 gigahertz (GHz) orfaster recommended

    RAM 1 GB; 2 GB recommended

    Network Interface Card (NIC) 100 Mbps or faster NIC

    Prerequisites for Installing NetScaler Virtual Appliances on VMware

    43

    http://kb.vmware.com/

  • OVF Tool 1.0 System RequirementsOVF Tool is a client application that can run on Windows and Linux systems. It cannot runon the same machine as the VMware ESX server. The following table describes the minimumsystem requirements.

    Table 4. Minimum System Requirements for OVF Tool Installation

    Component Requirement

    Operating system For detailed requirements from VMware,search for the "OVF Tool User Guide" PDFfile at http://kb.vmware.com/.

    CPU 750 MHz minimum, 1 GHz or fasterrecommended.

    RAM 1 GB Minimum, 2 GB recommended.

    Network Interface Card (NIC) 100 Mbps or faster NICFor information about installing OVF, search for the "OVF Tool User Guide" PDF file athttp://kb.vmware.com/.

    Downloading the NetScaler virtual appliance SetupFiles

    The NetScaler virtual appliance setup package for VMware ESX follows the Open VirtualMachine (OVF) format standard. You can download the files from MyCitrix.com. You need aMy Citrix account to log on. If you do not have a My Citrix account, access the home page athttp://www.mycitrix.com, click the New Users link, and follow the instructions to create anew My Citrix account.

    Once logged on, navigate the following path from the My Citrix home page:

    MyCitrix.com > Downloads > NetScaler > Virtual Appliances.

    Copy the following files to a workstation on the same network as the ESX server. Copy allthree files into the same folder.

    NSVPX-ESX---disk1.vmdk (for example,NSVPX-ESX-9.3-39.8-disk1.vmdk)

    NSVPX-ESX--.ovf (for example,NSVPX-ESX-9.3-39.8.ovf)

    NSVPX-ESX--.mf (for example, NSVPX-ESX-9.3-39.8.mf)

    Prerequisites for Installing NetScaler Virtual Appliances on VMware

    44

    http://kb.vmware.com/http://kb.vmware.com/http://www.mycitrix.com/

  • Labeling the Physical Network Ports of VMware ESXBefore installing a NetScaler virtual appliance, label of all the interfaces that you plan toassign to virtual appliances, in a unique format. Citrix recommends the following format:NS_NIC_1_1, NS_NIC_1_2, and so on. In large deployments, labeling in a unique formathelps in quickly identifying the interfaces that are allocated to the NetScaler virtualappliance among other interfaces used by other virtual machines, such as Windows andLinux. Such labeling is especially important when different types of virtual machines sharethe same interfaces.

    To label the physical network ports of VMware ESX server

    1. Log on to the VMware ESX server by using the vSphere client.

    2. On the vSphere client, select the Configuration tab, and then click Networking.

    3. At the top-right corner, click Add Networking.

    4. In the Add Network Wizard, for Connection Type, select Virtual Machine, and thenclick Next.

    5. Scroll through the list of vSwitch physical adapters, and choose the physical port thatwill map to interface 1/1 on the virtual appliances.

    6. Enter NS_NIC_1_1 as the name of the vSwitch that will be associated with interface 1/1of the virtual appliances.

    7. Click Next to finish the vSwitch creation. Repeat the procedure, beginning with step 2,to add any additional interfaces to be used by your virtual appliances. Label theinterfaces sequentially, in the correct format (for example, NS_NIC_1_2).

    Prerequisites for Installing NetScaler Virtual Appliances on VMware

    45

  • 46

    Installing NetScaler Virtual Appliances onVMware ESX 4.0 or Later

    After you have installed and configured VMware ESX 4.0 or later, you can use the VMwarevSphere client to install virtual appliances on the VMware ESX. The number of virtualappliances that you can install depends on the amount of memory available on thehardware that is running VMware ESX.

    To install NetScaler virtual appliances on VMware ESX4.0 or later by using VMware vSphere Client

    1. Start the VMware vSphere client on your workstation.

    2. In the IP address / Name text box, type the IP address of the VMware ESX server thatyou want to connect to.

    3. In the User Name and Password text boxes, type the administrator credentials, andthen click Login.

    4. On the File menu, click Deploy OVF Template.

    5. In the Deploy OVF Template dialog box, in Deploy from file, browse to the location atwhich you saved the NetScaler virtual appliance setup files, select the .ovf file, andclick Next.

    6. Map the networks shown in the virtual appliance OVF template to the networks that youconfigured on the ESX host. Click Next to start installing a virtual appliance on VMwareESX. When installation is complete, a pop-up window informs you of the successfulinstallation.

    7. You are now ready to start the NetScaler virtual appliance. In the navigation pane,select the NetScaler virtual appliance that you have just installed and, from theright-click menu, select Power On. Click the Console tab to emulate a console port.

    8. If you want to install another virtual appliance, repeat steps 4 through 6.

  • 47

    Installing Citrix NetScaler VirtualAppliances on Microsoft Hyper-V Servers

    To install Citrix NetScaler virtual appliances on Microsoft Windows Server, you must firstinstall Windows Server, with the Hyper-V role enabled, on a machine with adequate systemresources. While installing the Hyper-V role, be sure to specify the network interface cards(NICs) on the server that Hyper-V will use to create the virtual networks. You can reservesome NICs for the host. Use Hyper-V Manager to perform the NetScaler virtual applianceinstallation.

    NetScaler virtual appliance for Hyper-V is delivered in virtual hard disk (VHD) format. Itincludes the default configuration for elements such as CPU, network interfaces, andhard-disk size and format. After you install NetScaler virtual appliance, you can configurethe network adapters on virtual appliance, add virtual NICs, and then assign the NetScalerIP address, subnet mask, and gateway, and complete the basic configuration of the virtualappliance.

    Note:

    After the initial configuration of the NetScaler appliance, if you want to upgrade theappliance to the latest software release, see "Upgrading or Downgrading the SystemSoftware."

    http://support.citrix.com/proddocs/topic/netscaler-migration-10/ns-instpk-upgrd-dwngrd-sys-sw-wrapper-con.htmlhttp://support.citrix.com/proddocs/topic/netscaler-migration-10/ns-instpk-upgrd-dwngrd-sys-sw-wrapper-con.html

  • 48

    Prerequisites for Installing NetScalerVirtual Appliance on Microsoft Servers

    Before you begin installing a virtual appliance, do the following:

    Enable the Hyper-V role on Windows Servers . For more information, seehttp://technet.microsoft.com/en-us/library/ee344837(WS.10).aspx.

    Download the virtual appliance setup files.

    Obtain NetScaler virtual appliance license files. For more information about NetScalervirtual appliance licenses, see the NetScaler VPX Licensing Guide athttp://support.citrix.com/article/ctx131110.

    Microsoft Server Hardware RequirementsThe following table describes the minimum system requirements for Microsoft Servers .

    Table 1. Minimum System Requirements for Microsoft Servers

    Component Requirement

    CPU 1.4 GHz 64-bit processor

    RAM 3 GB

    Disk Space 32 GB or greaterThe following table lists the virtual computing resources for each NetScaler virtualappliance.

    Table 2. Minimum Virtual Computing Resources Required for Running NetScaler VirtualAppliance

    Component Requirement

    RAM 2 GB

    Virtual CPU 2

    Disk Space 20 GB

    Virtual Network Interfaces 1

    http://technet.microsoft.com/en-us/library/ee344837(WS.10).aspxhttp://support.citrix.com/article/ctx131110

  • Downloading the NetScaler Virtual Appliance SetupFiles

    NetScaler virtual appliance for Hyper-V is delivered in virtual hard disk (VHD) format. Youcan download the files from MyCitrix.com. You will need a My Citrix account to log on. Ifyou do not have a My Citrix account, access the home page at http://www.mycitrix.com,click the New Users link, and follow the instructions to create a new My Citrix account.

    To download the NetScaler virtual appliance setup files

    1. In a Web browser, go to http://www.citrix.com/ and click My Citrix.

    2. Type your user name and password.

    3. Click Downloads.

    4. In Search Downloads by Product, select NetScaler.

    5. Under Virtual Appliances, click NetScaler VPX.

    6. Copy the compressed file to your server.

    Prerequisites for Installing NetScaler Virtual Appliance on Microsoft Servers

    49

    http://www.mycitrix.com/http://www.citrix.com/

  • 50

    Installing NetScaler Virtual Appliance onMicrosoft Servers

    After you have enabled the Hyper-V role on Microsoft Server and extracted the virtualappliance files, you can use Hyper-V Manager to install NetScaler virtual appliance. Afteryou import the virtual machine, you need to configure the virtual NICs by associating themto the virtual networks created by Hyper-V.

    You can configure a maximum of eight virtual NICs. Even if the physical NIC is DOWN, thevirtual appliance assumes that the virtual NIC is UP, because it can still communicate withthe other virtual appliances on the same host (server).

    Note: You cannot change any settings while the virtual appliance is running. Shut downthe virtual appliance and then make changes.

    To install NetScaler Virtual Appliance on MicrosoftServer by using Hyper-V Manager

    1. To start Hyper-V Manager, click Start, point to Administrative Tools, and then clickHyper-V Manager.

    2. In the navigation pane, under Hyper-V Manager, select the server on which you want toinstall NetScaler virtual appliance.

    3. On the Action menu, click Import Virtual Machine.

    4. In the Import Virtual Machine dialog box, in Location, specify the path of the folderthat contains the NetScaler virtual appliance software files, and then select Copy thevirtual machine (create a new unique ID). This folder is the parent folder thatcontains the Snapshots, Virtual Hard Disks, and Virtual Machines folders.

    Note: If you received a compressed file, make sure that you extract the files into afolder before you specify the path to the folder.

    5. Click Import.

    6. Verify that the virtual appliance that you imported is listed under Virtual Machines.

    7. To install another virtual appliance, repeat steps 2 through 6.

    Important: Make sure that you extract the files to a different folder in step 4.

  • To configure virtual NICs on the NetScaler VirtualAppliance

    1. Select the virtual appliance that you imported, and then on the Action menu, selectSettings.

    2. In the Settings for dialog box, click Add Hardware in the leftpane.

    3. In the right pane, from the list of devices, select Network Adapter.

    4. Click Add.

    5. Verify that Network Adapter (not connected) appears in the left pane.

    6. Select the network adapter in the left pane.

    7. In the right pane, from the Network drop-down list, select the virtual network toconnect the adapter to.

    8. To select the virtual network for additional network adapters that you want to use,repeat steps 6 and 7.

    9. Click Apply, and then click OK.

    To configure NetScaler Virtual Appliance1. Right-click the virtual appliance that you previously installed, and then select Start.

    2. Access the console by double-clicking the virtual appliance.

    3. Type the NetScaler IP address, subnet mask, and gateway for your virtual appliance.

    You have completed the basic configuration of your virtual appliance. Type the IP addressin a Web browser to access the virtual appliance.

    Installing NetScaler Virtual Appliance on Microsoft Servers

    51

  • 52

    Configuring the Basic System Settings

    After installing a Citrix NetScaler virtual appliance, you need to access it to configure thebasic settings. Initially, you must access the NetScaler command line through the respectivemanagement application of the virtualization host (either Citrix XenCenter for CitrixXenServer or VMware vSphere client for VMware ESX) to specify a NetScaler IP (NSIP)address, subnet mask, and default gateway. The NSIP is the management address at whichyou can then access the NetScaler command line, through an SSH client, or access theconfiguration utility. You can use either of these access methods, or the console, tocontinue with basic configuration.

    To access the configuration utility, type the NSIP into the address field of any browser (forexample, http://). You need Java RunTime Environment (JRE) version1.6 or later.

  • 53

    Setting Up the Initial Configuration byUsing the NetScaler Virtual ApplianceConsole

    Your first task after installing a NetScaler virtual appliance on a virtualization host is to usethe NetScaler virtual appliance console in the XenCenter client or vSphere client toconfigure the following initial settings.

    Note: If you have installed a virtual appliance on XenServer by using Command Center,you do not have to configure these settings. Command Center implicitly configures thesettings during installation. For more information about provisioning virtual appliancefrom Command Center, see the "Command Center" documentation.

    NetScaler IP address (NSIP):

    The IP address at which you access a NetScaler or a NetScaler virtual appliance formanagement purposes. A physical NetScaler or virtual appliance can have only one NSIP.You must specify this IP address when you configure the virtual appliance for the firsttime. You cannot remove an NSIP address.

    Netmask:

    The subnet mask associated with the NSIP address.

    Default Gateway:

    You must add a default gateway on the virtual appliance if you want access it throughSSH or the configuration utility from an administrative workstation or laptop that is on adifferent network.

    To configure the initial settings on the virtualappliance through the virtual appliance Console byusing the management application

    1. Connect to the XenServer or VMware ESX server on which the virtual appliance isinstalled by using XenCenter or vSphere client, respectively.

    2. In the details pane, on the Console tab, log on to the virtual appliance by using theadministrator credentials.

    3. At the prompts, enter the NSIP address, subnet mask, and default gateway, and thensave the configuration.

    After you have set up an initial configuration through the NetScaler virtual applianceConsole in the management application, you can use either the NetScaler command-line

    http://support.citrix.com/proddocs/topic/netscaler/cc-gen-commmand-center-wrapper-con.html

  • interface or the configuration utility to complete the configuration or to change the initialsettings.

    Setting Up the Initial Configuration by Using the NetScaler Virtual Appliance Console

    54

  • 55

    Configuring NetScaler Virtual Applianceby Using the Command Line Interface

    You can use the command line interface to set up the NSIP, Mapped IP (MIP), Subnet IP(SNIP), and hostname. You can also configure advanced network settings and change thetime zone.

    For information about MIP, SNIP, other NetScaler-owned IP addresses, and network settings,see "Configuring NetScaler-Owned IP Addresses."

    To complete initial configuration by using thecommand line interface

    1. Use either the SSH client or the NetScaler virtual appliance Console in XenCenter toaccess the command line interface.

    2. Log on to the virtual appliance, using the administrator credentials.

    3. At the command prompt, type config ns to run the configuration script.

    4. To complete the initial configuration, follow the prompts.

    You have now completed the basic configuration of the virtual appliance. To continue theconfiguration process, choose one of the following options:

    Citrix NetScaler Load Balancing Switch

    If you are configuring the virtual appliance as a standard NetScaler load balancing switchwith other licensed features, see "Traffic Management."

    Citrix Application Firewall

    If you are configuring the virtual appliance as a standalone application firewall, see"Application Firewall."

    For more information about the various features supported on the NetScaler virtualappliance, see Features at a Glance.

    http://support.citrix.com/proddocs/topic/ns-system-10-map/ns-nw-ipaddrssng-confrng-ns-ownd-ip-addrss-con.htmlhttp://support.citrix.com/proddocs/topic/netscaler-10/ns-tmg-wrapper-10-con.htmlhttp://support.citrix.com/proddocs/topic/ns-security-10-map/appfw-wrapper-con-10.html

  • 56

    Configuring NetScaler Virtual Applianceby Using the Configuration Utility

    To use the Setup Wizard to set up the NetScaler virtual appliance, you must access theconfiguration utility from your Web browser. You can use the Setup Wizard to configure theNSIP, MIP, SNIP, hostname, and default gateway. You can also configure settings for a Webapplication by using an application template. You can also configure the appliance as a loadbalancer for Citrix XenDesktop or Citrix XenApp.

    For information about MIP, SNIP, other NetScaler-owned IP addresses, and network settings,see "Configuring NetScaler-Owned IP Addresses."

    For information about application templates, see "AppExpert."

    For information about the load balancing feature of a virtual appliance, see "TrafficManagement."

    To configure initial settings by using the configurationutility

    1. In the address field of a Web browser, type: http://

    2. In User Name and Password, type the administrator credentials.

    3. In Start in, select Configuration, and then click Login.

    4. In the Setup Wizard, click Next and follow the instructions.

    You have now completed the basic configuration of the virtual appliance. To continue theconfiguration process, choose one of the following options:

    Citrix NetScaler Load Balancing Switch

    If you are configuring the virtual appliance as a standard NetScaler load balancing switchwith other licensed features, see "Traffic Management."

    Citrix Application Firewall

    If you are configuring the virtual appliance as a standalone application firewall, see"Application Firewall."

    For more information about the various features supported on the NetScaler virtualappliance, see Features at a Glance.

    http://support.citrix.com/proddocs/topic/ns-system-10-map/ns-nw-ipaddrssng-confrng-ns-ownd-ip-addrss-con.htmlhttp://support.citrix.com/proddocs/topic/netscaler-10/ns-appexpert-con-10.htmlhttp://support.citrix.com/proddocs/topic/netscaler-10/ns-tmg-wrapper-10-con.htmlhttp://support.citrix.com/proddocs/topic/netscaler-10/ns-tmg-wrapper-10-con.htmlhttp://support.citrix.com/proddocs/topic/netscaler-10/ns-tmg-wrapper-10-con.htmlhttp://support.citrix.com/proddocs/topic/ns-security-10-map/appfw-wrapper-con-10.html

  • 57

    Understanding Common NetworkTopologies

    As described in "Physical Deployment Modes," you can deploy the Citrix NetScaler applianceeither inline between the clients and servers or in one-arm mode. Inline mode uses atwo-arm topology, which is the most common type of deployment.

    http://support.citrix.com/proddocs/topic/netscaler-vpx-10/ns-gen-phy-deploy-mds-con.html#concept_A26F8F5523A54B2F9C06B2DB8F9257E1

  • 58

    Setting Up Common Two-Arm Topologies

    In a two-arm topology, one network interface is connected to the client network andanother network interface is connected to the server network, ensuring that all trafficflows through the appliance. This topology might require you to reconnect your hardwareand also might result in a momentary downtime. The basic variations of two-arm topologyare multiple subnets, typically with the appliance on a public subnet and the servers on aprivate subnet, and transparent mode, with both the appliance and the servers on thepublic network.

  • 59

    Setting Up a Simple Two-Arm MultipleSubnet Topology

    One of the most commonly used topologies has the NetScaler appliance inline between theclients and the servers, with a virtual server configured to handle the client requests. Thisconfiguration is used when the clients and servers reside on different subnets. In mostcases, the clients and servers reside on public and private subnets, respectively.

    For example, consider an appliance deployed in two-arm mode for managing servers S1, S2,and S3, with a virtual server of type HTTP configured on the appliance, and with HTTPservices running on the servers. The servers are on a private subnet and a SNIP is configuredon the appliance to communicate with the servers. The Use SNIP (USNIP) option must beenabled on the appliance so that it uses the SNIP instead of the MIP.

    As shown in the following figure, the VIP is on public subnet 217.60.10.0, and the NSIP, theservers, and the SNIP are on private subnet 192.168.100.0/24.

    Figure 1. Topology Diagram for Two-Arm Mode, Multiple Subnets

    Task overview: To deploy a NetScaler appliance in two-arm mode with multiple subnets

    1. Configure the NSIP and default gateway, as described in "Configuring the NetScaler IPAddress (NSIP)."

    http://support.citrix.com/proddocs/topic/ns-system-10-map/ns-nw-ipaddrssng-confrng-nsip-tsk.htmlhttp://support.citrix.com/proddocs/topic/ns-system-10-map/ns-nw-ipaddrssng-confrng-nsip-tsk.html

  • 2. Configure the SNIP, as described in "Configuring Subnet IP Addresses."

    3. Enable the USNIP option, as described in "To enable or disable USNIP mode."

    4. Configure the virtual server and the services, as described in "Creating a Virtual Server"and "Configuring Services."

    5. Connect one of the network interfaces to a private subnet and the other interface to apublic subnet.

    Setting Up a Simple Two-Arm Multiple Subnet Topology

    60

    http://support.citrix.com/proddocs/topic/ns-system-10-map/ns-nw-ipaddrssng-confrng-snips-tsk.htmlhttp://support.citrix.com/proddocs/topic/ns-system-10-map/ns-nw-ipaddrssng-confrng-snips-tsk.htmlhttp://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-lb-setup-creatingvserver-tsk.htmlhttp://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-lb-setup-configuringservices-con.html

  • 61

    Setting Up a Simple Two-ArmTransparent Topology

    Use transparent mode if the clients need to access the servers directly, with no interveningvirtual server. The server IP addresses must be public because the clients need to be ableto access them. In the example shown in the following figure, a NetScaler appliance isplaced between the client and the server, so the traffic must pass through the appliance.You must enable L2 mode for bridging the packets. The NSIP and MIP are on the same publicsubnet, 217.60.10.0/24.

    Figure 1. Topology Diagram for Two-Arm, Transparent Mode

    Task overview: To deploy a NetScaler in two-arm, transparent mode

    1. Configure the NSIP, MIP, and default gateway, as described in "Configuring a NetScalerby Using the Command Line Interface."

    2. Enable L2 mode, as described in "Enabling and Disabling Layer 2 Mode."

    3. Configure the default gateway of the managed servers as the MIP.

    4. Connect the network interfaces to the appropriate ports on the switch.

    http://support.citrix.com/proddocs/topic/netscaler-getting-started-map-10/ns-cli-config-usng-cli-tsk.htmlhttp://support.citrix.com/proddocs/topic/netscaler-getting-started-map-10/ns-cli-config-usng-cli-tsk.htmlhttp://support.citrix.com/proddocs/topic/netscaler-vpx-10/ns-gen-enbl-disbl-l2-mode-tsk.html#task_66754129613C49CAAC576C81DEC57BFB

  • 62

    Setting Up Common One-Arm Topologies

    The two basic variations of one-arm topology are with a single subnet and with multiplesubnets.

  • 63

    Setting Up a Simple One-Arm SingleSubnet Topology

    You can use a one-arm topology with a single subnet when the clients and servers reside onthe same subnet. For example, consider a NetScaler deployed in one-arm mode formanaging servers S1, S2, and S3. A virtual server of type HTTP is configured on a NetScaler,and HTTP services are running on the servers. As shown in the following figure, theNetScaler IP address (NSIP), the Mapped IP address (MIP), and the server IP addresses are onthe same public subnet, 217.60.10.0/24.

    Figure 1. Topology Diagram for One-Arm Mode, Single Subnet

    Task overview: To deploy a NetScaler in one-arm mode with a single subnet

    1. Configure the NSIP, MIP, and the default gateway, as described in "Configuring theNetScaler IP Address (NSIP)".

    2. Configure the virtual server and the services, as described in "Creating a Virtual Server"and "Configuring Services".

    3. Connect one of the network interfaces to the switch.

    http://support.citrix.com/proddocs/topic/ns-system-10-map/ns-nw-ipaddrssng-confrng-nsip-tsk.htmlhttp://support.citrix.com/proddocs/topic/ns-system-10-map/ns-nw-ipaddrssng-confrng-nsip-tsk.htmlhttp://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-lb-setup-creatingvserver-tsk.htmlhttp://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-lb-setup-configuringservices-con.html

  • 64

    Setting Up a Simple One-Arm MultipleSubnet Topology

    You can use a one-arm topology with multiple subnets when the clients and servers resideon the different subnets. For example, consider a NetScaler appliance deployed in one-armmode for managing servers S1, S2, and S3, with the servers connected to switch SW1 on thenetwork. A virtual server of type HTTP is configured on the appliance, and HTTP servicesare running on the servers. These three servers are on the private subnet, so a subnet IPaddress (SNIP) is configured to communicate with them. The Use Subnet IP address (USNIP)option must be enabled so that the appliance uses the SNIP instead of a MIP. As shown inthe following figure, the virtual IP address (VIP) is on public subnet 217.60.10.0/24; theNSIP, SNIP, and the server IP addresses are on private subnet 192.168.100.0/24.

    Figure 1. Topology Diagram for One-Arm Mode, Multiple Subnets

    Task overview: To deploy a NetScaler appliance in one-arm mode with multiple subnets

    1. Configure the NSIP and the default gateway, as described in "Configuring the NetScalerIP Address (NSIP)".

    2. Configure the SNIP and enable the USNIP option, as described in "Configuring Subnet IPAddresses".

    http://support.citrix.com/proddocs/topic/ns-system-10-map/ns-nw-ipaddrssng-confrng-nsip-tsk.htmlhttp://support.citrix.com/proddocs/topic/ns-system-10-map/ns-nw-ipaddrssng-confrng-nsip-tsk.htmlhttp://support.citrix.com/proddocs/topic/ns-system-10-map/ns-nw-ipaddrssng-confrng-snips-tsk.htmlhttp://support.citrix.com/proddocs/topic/ns-system-10-map/ns-nw-ipaddrssng-confrng-snips-tsk.html

  • 3. Configure the virtual server and the services, as described in "Creating a Virtual Server"and "Configuring Services".

    4. Connect one of the network interfaces to the switch.

    Setting Up a Simple One-Arm Multiple Subnet Topology

    65

    http://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-lb-setup-creatingvserver-tsk.htmlhttp://support.citrix.com/proddocs/topic/netscaler-traffic-management-10-map/ns-lb-setup-configuringservices-con.html

  • 66

    Configuring System ManagementSettings

    Once your initial configuration is in place, you can configure settings to define the behaviorof the Citrix NetScaler appliance and facilitate connection management. You have anumber of options for handling HTTP requests and responses. Routing, bridging, and MACbased forwarding modes are available for handling packets not addressed to the NetScaler.You can define the characteristics of your network interfaces and can aggregate theinterfaces. To prevent timing problems, you can synchronize the NetScaler clock with aNetwork Time Protocol (NTP) server. The NetScaler can operate in various DNS modes,including as an authoritative domain name server (ADNS). You can set up SNMP for systemmanagement and customize syslog logging of system events. Before deployment, verify thatyour configuration is complete and correct.

  • 67

    Configuring System Settings

    Configuration of system settings includes basic tasks such as configuring HTTP ports toenable connection keep-alive and server offload, setting the maximum number ofconnections for each server, and setting the maximum number of requests per connection.You can enable client IP address insertion for situations in which a proxy IP address is notsuitable, and you can change the HTTP cookie version.

    You can also configure a NetScaler appliance to open FTP connections on a controlled rangeof ports instead of ephemeral ports for data connections. This improves security, becauseopening all ports on the firewall is insecure. You can set the range anywhere from 1,024 to64,000.

    Before deployment, go through the verification checklists to verify your configuration. Toconfigure HTTP parameters and the FTP port range, use the NetScaler configuration utility.

    You can modify the types of HTTP parameters described in the following table.

    Table 1. HTTP Parameters

    Parameter Type Specifies

    HTTP Port Information The web server HTTP ports used by yourmanaged servers. If you specify the ports,the appliance performs request switchingfor any client request that has adestination port matching a specified port.

    Note: If an incoming client request is notdestined for a service or a virtual serverthat is specifically configured on theappliance, the destination port in therequest must match one of the globallyconfigured HTTP ports. This allows theappliance to perform connectionkeep-alive and server off-load.

  • Limits The maximum number of connections toeach managed server, and the maximumnumber of requests sent over eachconnection. For example, if you set MaxConnections to 500, and the appliance ismanaging three servers, it can open amaximum of 500 connections to each ofthe three servers. By default, theappliance can create an unlimited numberof connections to any of the servers itmanages. To specify an unlimited numberof requests per connection, set MaxRequests to 0.

    Note: If you are using the Apache HTTPserver, you must set Max Connectionsequal to the value of the MaxClientsparameter in the Apache httpd.conf file.Setting this parameter is optional forother web servers.

    Client IP Insertion Enable/disable insertion of the client's IPaddress into the HTTP request header. Youcan specify a name for the header field inthe adjacent text box. When a web servermanaged by an appliance receives amapped IP address or a subnet IP address,the server identifies it as the clients IPaddress. Some applications need theclients IP address for logging purposes orto dynamically determine the content tobe served by the web server.

    You can enable insertion of the actualclient IP address into the HTTP headerrequest sent from the client to one, some,or all servers managed by the appliance.You can then access the inserted addressthrough a minor modification to the server(using an Apache module, ISAPI interface,or NSAPI interface).

    Cookie Version The HTTP cookie version to use whenCOOKIEINSERT persistence is configured ona virtual server. The default, version 0, isthe most common type on the Internet.Alternatively, you can specify version 1.

    Requests/Responses Options for handling certain types ofrequests, and enable/disable logging ofHTTP error responses.

    Server Header Insertion Insert a server header inNetScaler-generated HTTP responses.

    Configuring System Settings

    68

  • To configure HTTP parameters by using theconfiguration utility

    1. In the navigation pane, expand System, and then click Settings.

    2. In the details pane, under Settings, click Change HTTP parameters.

    3. In the Configure HTTP parameters dialog box, specify values for some or all of theparameters that appear under the headings listed in the table above.

    4. Click OK.

    To set the FTP port range by using the configurationutility

    1. In the navigation pane, expand System, and then click Settings.

    2. In the details pane, under Settings, click Change global system settings.

    3. Under FTP Port Range, in the Start Port and End Port text boxes, type the lowest andhighest port numbers, respectively, for the range you want to specify (for example,5000 and 6000).

    4. Click OK.

    Configuring System Settings

    69