You can configure two Citrix NetScaler VPX instances on AWS as a high availability (HA) active-passive pair. With one instance configured as the primary node and the other as the secondary node, the primary node accepts connections and manages servers while the secondary node monitors the primary. If, for any reason, the primary node is unable to accept connections, the secondary node takes over.
For more information on HA, see High Availability.
The following figure shows an example of the HA deployment architecture for NetScaler VPX instances on AWS.
Figure 1. A NetScaler VPX HA Pair on AWS
To deploy HA for two VPX instances on AWS, you either create the instances with IAM Role manually by using the AWS Management Console and then configure HA on them, or you can automate the HA deployment by using the Citrix CloudFormation template.
The CloudFormation template significantly decreases the number of steps involved for creating an HA pair, and it automatically creates an IAM Role. This section shows how to deploy a NetScaler VPX HA (active-passive) pair by using the Citrix CloudFormation template.
Keep the following points in mind while deploying two NetScaler VPX instances as an HA pair.
Before start the CloudFormation template, ensure that you complete the following requirements:
- A VPC
- Three subnets within the VPC
- A security group with UDP 3003, TCP 3009-3010, HTTP, SSH ports open
- A key pair
To launch the Citrix CloudFormation template
- Log on to the AWS marketplace (https://aws.amazon.com/marketplace) by using your AWS credentials.
- In the search field, type NetScaler VPX to search for the NetScaler AMI, and click Go.
- On the search result page, click the desired Citrix NetScaler VPX offering.
- Under For Region, select your region.
- Select the Delivery Methods as Netscaler AWS-VPX Cluster and click Continue.
6. On the Launch on EC2 page , under Version, select the correct NetScaler version. Ensure that the Region and Deployment Options are correct. Check pricing details.
7. Click Launch with CloudFormation Console to launch the Citrix CloudFormation template..
8. The Select Template page appears. Click Next.
9. The Specify Details appears. Enter the following details.
a. Type a Stack name. The name must be within 25 characters.
b. Under High Availability Configuration
Select Yes from the drop-down menu for Create HA pair?.
c. Under Virtual Private Network Configuration
Select the VPC that you've already created for VPC ID.
Type Remote SSH CIDR IP.
Type Remote HTTP CIDR IP.
Type Remote HTTPS CIDR IP.
Select the key pair that you've already created from the drop-down menu for Key Pair.
d. Under Network Interface Configuration
Select Management Subnetwork, Client Subnetwork, and Server Subnetwork. Ensure that you select the correct subnetworks you created within the VPC that you selected under VPC ID in step c.
Add Primary Management IP, Secondary Management IP, Client IP, and Server IP. The IP addresses should belong to the same subnets of the respective subnetworks. Alternatively, you can let the template assign the IP addresses automatically.
e. Under Other Parameters
Select m4.large for Instant Type.
Select default for Tenancy Type.
f. Click Next.
8. The Options page appears. (This is an optional page.). Click Next.
9. The Review page appears. Take a moment to review the settings and make necessary changes if required.
10. Select the I acknowledge that AWS CloudFormation might create IAM resources. check box, and then click Create.
11. The CREATE-IN-PROGRESS status appears. Wait until the status is CREATE-COMPLETE. If the status does not change to "COMPLETE," check the Events tab for the reason of failure and recreate the instance with proper configurations.
11. After an IAM resource is created, go to EC2 Management Console > Instances. You should notice two VPX insntances created with IAM role. The primary node is created with three private IP addresses and three network interfaces.
The secondary node is created with one private IP addresss and one network interface.
13. Log on to the primary node with user name nsroot and the instance ID as the password. From the NetScaler GUI, go to System > High Availability.
14. Under Nodes, click Add and enter the IP address of the secondary instance.
Next, configure the HA pairing on both the instances. Configure the instance with three ENIs before configuring HA on the instance with one ENI). Use the add HA node command, from within the NetScaler CLI, or from the NetScaler GUI.
add HA node <private IP of the first instance>
add HA node <private IP of the second instance>
After you run the "add HA node" commands, the two nodes form an HA pair, and configuration information is synchronized between the two VPX instances.