Product Documentation

Configuring NetScaler VPX in High Availability Mode in Azure Service Management

Feb 13, 2017

You can set up two NetScaler VPX instances for high availability in either active-active or active-passive mode.

When two NetScaler VPX instances are configured in active-active mode, both instances must have the same configuration. The client traffic is distributed across the virtual servers in both the instances by the Azure load balancer. The VIP addresses in both the instances are different and should match the NSIP of that VPX instance.

The active-passive mode provides failover capability. In this mode, the VPX instances synchronize their configuration states. When the primary instance fails, the secondary instance takes over.

For information about high availability in NetScaler appliance, see http://support.citrix.com/proddocs/topic/ns-system-10-5-map/ns-nw-ha-intro-wrppr-con.html

In a Microsoft Azure deployment, a high availability configuration of two NetScaler virtual machines is achieved by using the Azure load balancer, which distributes the client traffic across the virtual servers configured on both the NetScaler instances. Two types of Azure load balancers are available for high availability:
  • Azure external load balancer: If the client traffic originates from the Internet, you have to deploy the external load balancer between the Internet and the NetScaler VPX instances to distribute client traffic.
  • Azure internal load balancer: If the client traffic originates from within the cloud service, or is forwarded by a gateway or firewall within the cloud service, you have to deploy the internal load balancer to distribute client traffic.

To achieve high availability on Azure, you must add the two NetScaler VMs as a load balanced set and configure the endpoints.

Points to Consider Before You Begin Configuration

Note the following before you begin configuring the NetScaler instances in high availability mode in the Azure cloud.
  • The two NetScaler virtual machines that you want to add to a load balanced set should be provisioned in the same cloud service.
  • A load balanced set applies only to a VM’s default NIC. Therefore the VIP has to be configured on the VPX’s default NIC.
  • The endpoints are configured on both the NetScaler VMs and are bound to the Azure load balancer.
  • In an active-passive deployment, the Azure load balancer monitors both the primary and the secondary NetScaler VM by sending them TCP probes. These TCP probes are sent on port 9000.

Configuring NetScaler High Availability with the Azure External Load Balancer

If your client traffic originates from the Internet, you have to deploy the external load balancer to create a high availability configuration of NetScaler virtual machines in a load-balanced set.

The following figure shows how high availability is achieved in active-active mode by using the external load balancer. The two NetScaler VMs are in a load-balanced set sharing an endpoint that accepts client traffic from the Internet over port 15000. The Azure external load balancer load balances these client requests between the two virtual machines.

Before you begin configuring the load-balanced set through the Azure portal, do one of the following:
  • For an active-active deployment, configure the required services on the two NetScaler virtual machines.
  • For an active-passive deployment, configure the NetScaler virtual machines as primary and secondary nodes by using the following command: add ha node <ID> <IP address>.
To configure the load-balanced set by using the Azure management portal
  1. Select the first virtual machine that you want to make part of HA pair, click Endpoint, and then click Add.
  2. Select Add a stand-alone endpoint, specify values for name, protocol, public and private ports, and select Create a load-balanced set.
  3. Set the parameters as follows:
    • Probe protocol – TCP
    • Probe port – 9000
    • Probe interval – 5 seconds
    • Number of probes - 2
  4. Select the second virtual machine of the HA pair, and add an endpoint.
  5. Select Add an endpoint to an existing load-balanced set, and then specify values for name, protocol, public ports, and private ports. Click the tick mark to complete the configuration.

Configuring NetScaler High Availability with the Azure Internal Load Balancer

If your client traffic originates from within the cloud service or a virtual network with a regional scope, you have to deploy the internal load balancer to achieve high availability of NetScaler virtual machines added to a load-balanced set.

Note: You can configure an internal load balancer only by using Azure PowerShell.

The following figure shows how high availability is achieved in an active-active mode by using the internal load balancer. The two NetScaler virtual machines are in a load-balanced set sharing an endpoint that accepts client traffic from the Internet at port 15001. The Azure internal load balancer load balances these client requests between the two virtual machines.

Before you begin configuring the load-balanced set by using Azure PowerShell, do one of the following:
  • For an active-active deployment, configure the required services on the two NetScaler virtual machines.
  • For an active-passive deployment, configure the NetScaler virtual machines as primary and secondary nodes by using the following command: add ha node <ID> <IP address>.

You can configure the load-balanced set only by using Azure PowerShell. For information about the cmdlet that you need to run, see Configuring NetScaler VPX HA with Azure Internal Load Balancer by Using Azure PowerShell.