Product Documentation

Enable data collection to monitor NetScaler ADCs deployed in LAN user mode

May 24, 2018

External users who access XenApp or XenDesktop applications must authenticate themselves on the NetScaler Gateway. Internal users, however, might not require to be redirected to the NetScaler Gateway. Also, in a transparent mode deployment, the administrator must manually apply the routing policies, so that the requests are redirected to the NetScaler appliance.

To overcome these challenges, and for LAN users to directly connect to XenApp and XenDesktop applications, you can deploy the NetScaler appliance in a LAN user mode by configuring a cache redirection virtual server, which acts as a SOCKS proxy on the NetScaler Gateway appliance.

Figure 4. NetScaler MAS deployed in LAN User Mode

localized image

Note: NetScaler MAS and NetScaler Gateway appliance reside in the same subnet.

To monitor NetScaler appliances deployed in this mode, first add the NetScaler appliance to the NetScaler Insight inventory, enable AppFlow and then view the reports on the dashboard.

After you add the NetScaler appliance to the NetScaler MAS inventory, you must enable AppFlow for data collection.

Note

  • You cannot enable data collection on a NetScaler ADC deployed in LAN User mode by using the NetScaler MAS configuration utility.
  • For detailed information about the commands and their usage, see Command Reference.
  • For information on policy expressions, see Policies and Expressions.

To configure data collection on a NetScaler appliance by using the command line interface

At the command prompt, do the following:

1. Log on to an appliance.

2. Add a forward proxy cache redirection virtual server with the proxy IP and port, and specify the service type as HDX.

add cr vserver <name> <servicetype> [<ipaddress> <port>] [-cacheType <cachetype>] [ - cltTimeout <secs>]

Example

add cr vserver cr1 HDX 10.12.2.2 443 –cacheType FORWARD –cltTimeout 180

Note: If you are accessing the LAN network by using a NetScaler Gateway appliance, add an action to be applied by a policy that matches the VPN traffic.

add vpn trafficAction <name> <qual> [-HDX ( ON | OFF )]

add vpn trafficPolicy <name> <rule> <action>

Example

add vpn trafficAction act1 tcp -HDX ON

add vpn trafficPolicy pol1 "REQ.IP.DESTIP == 10.102.69.17" act1

3. Add NetScaler MAS as an appflow collector on the NetScaler appliance.

add appflow collector <name> -IPAddress <ip_addr>

Example:

add appflow collector MyInsight -IPAddress 192.168.1.101

4. Create an appflow action and associate the collector with the action.

add appflow action <name> -collectors <string> ...

Example:

add appflow action act -collectors MyInsight

5. Create an appflow policy to specify the rule for generating the traffic.

add appflow policy <policyname> <rule> <action>

Example:

add appflow policy pol true act

6. Bind the appflow policy to a global bind point.

bind appflow global <policyname> <priority> -type <type>

Example:

bind appflow global pol 1 -type ICA_REQ_DEFAULT

Note: The value of type should be ICA_REQ_OVERRIDE or ICA_REQ_DEFAULT in order to apply to ICA traffic.

7. Set the value of the flowRecordInterval parameter for Appflow to 60 seconds.

set appflow param -flowRecordInterval 60

Example:

set appflow param -flowRecordInterval 60

8. Save the configuration.

save ns config