-
Getting Started with Citrix NetScaler
-
Deploy a Citrix NetScaler VPX instance
-
Install a Citrix NetScaler VPX instance on Microsoft Hyper-V servers
-
Install a NetScaler VPX instance on Linux-KVM platform
-
Prerequisites for Installing NetScaler VPX Virtual Appliances on Linux-KVM Platform
-
Provisioning the NetScaler Virtual Appliance by using OpenStack
-
Provisioning the NetScaler Virtual Appliance by using the Virtual Machine Manager
-
Configuring NetScaler Virtual Appliances to Use SR-IOV Network Interface
-
Configuring NetScaler Virtual Appliances to use PCI Passthrough Network Interface
-
Provisioning the NetScaler Virtual Appliance by using the virsh Program
-
-
Deploying NetScaler VPX Instances on AWS
-
-
-
-
-
-
Overriding Static Proximity Behavior by Configuring Preferred Locations
-
Example of a Complete Parent-Child Configuration Using the Metrics Exchange Protocol
-
Configuring Global Server Load Balancing for DNS Queries with NAPTR records
-
Using the EDNS0 Client Subnet Option for Global Server Load Balancing
-
-
Persistence and persistent connections
-
Advanced load balancing settings
-
Gradually stepping up the load on a new service with virtual server–level slow start
-
Protect applications on protected servers against traffic surges
-
Use source IP address of the client when connecting to the server
-
Set a limit on number of requests per connection to the server
-
Configure automatic state transition based on percentage health of bound services
-
-
Use case 2: Configure rule based persistence based on a name-value pair in a TCP byte stream
-
Use case 3: Configure load balancing in direct server return mode
-
Use case 6: Configure load balancing in DSR mode for IPv6 networks by using the TOS field
-
Use case 7: Configure load balancing in DSR mode by using IP Over IP
-
Use case 10: Load balancing of intrusion detection system servers
-
Use case 11: Isolating network traffic using listen policies
-
Use case 14: ShareFile wizard for load balancing Citrix ShareFile
-
-
-
Support for Gemalto SafeNet Network hardware security module
-
Configure Safenet HSMs in a high availability setup on the ADC
-
-
-
-
Configuring a CloudBridge Connector Tunnel between two Datacenters
-
Configuring CloudBridge Connector between Datacenter and AWS Cloud
-
Configuring a CloudBridge Connector Tunnel Between a Datacenter and Azure Cloud
-
Configuring CloudBridge Connector Tunnel between Datacenter and SoftLayer Enterprise Cloud
-
Configuring a CloudBridge Connector Tunnel Between a NetScaler Appliance and Cisco IOS Device
-
CloudBridge Connector Tunnel Diagnostics and Troubleshooting
View PDF
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已动态机器翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.
Este artigo foi traduzido automaticamente.
这篇文章已经过机器翻译.放弃
Translation failed!
Configure Safenet HSMs in a high availability setup on the ADC
Configuring SafeNet HSMs in a high availability (HA) ensures uninterrupted service even if all but one of the devices are unavailable. In an HA setup, each HSM joins an HA group in active-active mode. SafeNet HSMs in an HA setup provide load balancing of all the group members to increase performance and response time while providing the assurance of high availability service. For more information, contact SafeNet Sales and Support.
Prerequisites:
- Minimum two SafeNet HSM devices. All the devices in an HA group must have either PED (trusted path) authentication or password authentication. A combination of trusted path authentication and password authentication in an HA group is not supported.
- Partitions on each HSM device must have the same password even if the label (name) is different.
- All partitions in HA must be assigned to the client (NetScaler appliance).
After configuring a SafeNet client on the ADC as described in Configure a SafeNet client on the ADC, perform the following steps to configure Safenet HSMs in HA:
1. On the NetScaler shell prompt, launch “lunacm” (/usr/safenet/lunaclient/bin)
Example:
root@ns# cd /var/safenet/safenet/lunaclient/bin/
root@ns# ./lunacm
2. Identify the slot IDs of the partitions. To list the available slots (partitions), type:
lunacm:> slot list
Example;
Slot Id -> 0
HSM Label -> trinity-p1
HSM Serial Number -> 481681014
HSM Model -> LunaSA 6.2.1
HSM Firmware Version -> 6.10.9
HSM Configuration -> Luna SA Slot (PED) Signing With Cloning Mode
HSM Status -> OK
Slot Id -> 1
HSM Label -> trinity-p2
HSM Serial Number -> 481681018
HSM Model -> LunaSA 6.2.1
HSM Firmware Version -> 6.10.9
HSM Configuration -> Luna SA Slot (PED) Signing With Cloning Mode
HSM Status -> OK
Slot Id -> 2
HSM Label -> neo-p1
HSM Serial Number -> 487298014
HSM Model -> LunaSA 6.2.1
HSM Firmware Version -> 6.10.9
HSM Configuration -> Luna SA Slot (PED) Signing With Cloning Mode
HSM Status -> OK
Slot Id -> 3
HSM Label -> neo-p2
HSM Serial Number -> 487298018
HSM Model -> LunaSA 6.2.1
HSM Firmware Version -> 6.10.9
HSM Configuration -> Luna SA Slot (PED) Signing With Cloning Mode
HSM Status -> OK
Slot Id -> 7
HSM Label -> hsmha
HSM Serial Number -> 1481681014
HSM Model -> LunaVirtual
HSM Firmware Version -> 6.10.9
HSM Configuration -> Luna Virtual HSM (PED) Signing With Cloning Mode
HSM Status -> N/A - HA Group
Slot Id -> 8
HSM Label -> newha
HSM Serial Number -> 1481681018
HSM Model -> LunaVirtual
HSM Firmware Version -> 6.10.9
HSM Configuration -> Luna Virtual HSM (PED) Signing With Cloning Mode
HSM Status -> N/A - HA Group
Current Slot Id: 0
3. Create the HA group. The first partition is called the primary partition. You can add more than one secondary partitions.
lunacm:> hagroup createGroup -slot <slot number of primary partition> -label <group name> -password <partition password >
lunacm:> hagroup createGroup -slot 1 -label gp12 -password ******
4. Add the secondary members (HSM partitions). Repeat this step for all partitions to be added to the HA group.
lunacm:> hagroup addMember -slot <slot number of secondary partition to be added> -group <group name> -password <partition password>
Code:
lunacm:> hagroup addMember -slot 2 -group gp12 -password ******
5. Enable HA only mode.
lunacm:> hagroup HAOnly –enable
6. Enable active recovery mode.
lunacm:.>hagroup recoveryMode –mode active
7. Set auto recovery interval time (in seconds). Default is 60 seconds.
lunacm:.>hagroup interval –interval <value in seconds>
Example:
lunacm:.>hagroup interval –interval 120
8. Set recovery retry count. A value of -1 allows infinite number of retries.
lunacm:> hagroup retry -count <xxx>
Example:
lunacm:> hagroup retry -count 2
After configuring SafeNet HSM in HA, see Additional ADC configuration for further configuration on the ADC.
Configure Safenet HSMs in a high availability setup on the ADC
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select Do Not Agree to exit.