How high availability works
When you configure Citrix Gateway in a high availability pair, the secondary Citrix Gateway monitors the first appliance by sending periodic messages, also called a heartbeat message or health check, to determine if the first appliance is accepting connections. If a health check fails, the secondary Citrix Gateway tries the connection again for a specified amount of time until it determines that the primary appliance is not working. If the secondary appliance confirms the health check failure, the secondary Citrix Gateway takes over for the primary Citrix Gateway. This is called failover.
The following ports are used to exchange information related to high availability between Citrix Gateway appliances:
- UDP port 3003 is used to exchange hello packets for communicating the status for intervals.
- TCP port 3010 is used for the high availability configuration synchronization.
- TCP port 3011 is used to synchronize configuration settings.
Guidelines for configuring high availability
Before configuring a high availability pair, you must review these guidelines:
- Each Citrix Gateway appliance must be running the same version of the Citrix Gateway software. You can find the version number at the top of the page in the configuration utility.
- Citrix Gateway does not automatically synchronize passwords between two appliances. You can choose to configure each Citrix Gateway with the user name and password of the other appliance in the pair.
- Entries in the configuration file, ns.conf, on both the primary and the secondary Citrix Gateway must match, with the following exceptions:
The primary and secondary Citrix Gateway appliance must each be configured with its own unique system IP address. Use the Setup Wizard to configure or modify the system IP address on either Citrix Gateway.
In a high availability pair, the Citrix Gateway ID and associated IP address must point to the other Citrix Gateway.
For example, if you have two appliances, named AG1 and AG2, you must configure AG1 with the unique Citrix Gateway ID and IP address of AG2. You must configure AG2 with the unique Citrix Gateway ID and IP address of AG1.
Note: Each Citrix Gateway appliance is always identified as Node 0. Configure each appliance with a unique node ID.
- Each appliance in the high availability pair must have the same license. For more information about licensing, see Licensing.
- If you create a configuration file on either node by using a method that does not go directly through the configuration utility or the command-line interface (for example, importing SSL certificates, or changing to start up scripts), you must copy the configuration file to the other node or create an identical file on that node.
- When you configure a high availability pair, make sure the mapped IP addresses and default gateway address of both the primary and the secondary appliances are identical. If necessary, you can change the mapped IP address at any time by running the Setup Wizard.
You can use the pre-installation checklist to view a list of the specific settings you need to configure in a high availability deployment. For details, see Pre-Installation Checklist.