Product Documentation

Configuring Multiple Azure VIPs for a NetScaler VPX in the Azure Resource Manager

May 04, 2017

Configure multiple cloud service IP addresses (Azure public virtual IP addresses (VIPs)) to access Azure Resource Manager for single VPX deployment and also for HA deployment.

You need to deploy NetScaler VPX instances in both single mode and high availability mode using PowerShell commands as you can create multiple front-end IP addresses (FIP) by PowerShell alone.

NetScaler VPX Deployment as Standalone Mode

This section provides PowerShell commands to deploy a NetScaler VPX as a standalone mode with multiple front-end IPs mapped to a single backend pool. 

Configure multiple FIPs, back-end pools, LB rules, and inbound NAT rules as part of Azure Load balancer.

The following rules hold good in a single VPX deployment:

  1. A back-end pool contains only one VPX instance.
  2. Two load balancer rules are defined and these maps define the following two VIPs:
    1. VIP1:80 > Back-end Pool 1:10080
    2. VIP2:80 > Back-end Pool 1:10081
  3. A load balancer rule is defined to map VIP1:10080 > Back-end Pool 1:80, to access NetScaler VPX user interface.
  4. An inbound NAT rule is defined to map VIP1:22 > Back-end Pool 1:22 to access NetScaler VPX through SSH.

The following image illustrates how you can configure multiple cloud service IP addresses on Azure Resource Manager for NetScaler virtual servers.

localized image

Provision NetScaler VPX in Standalone Mode in Azure PowerShell

Create Resource Group

$rgName="<resource group name>"

$locName="<location name, such as West US>"

Command:

New-AzureRmResourceGroup -Name $rgName -Location $locName

For example:

$rgName = "ARM-LB-NS"

$locName = "East Asia"

New-AzureRmResourceGroup -Name $rgName -Location $locName

Create Storage Account

You must select a globally unique name for your storage account that contains only lowercase letters and numbers.

$saName="<storage account name>"

$saType="<storage account type, specify one: Standard_LRS, Standard_GRS, Standard_RAGRS, or Premium_LRS>"

Command:

New-AzureRmStorageAccount -Name $saName -ResourceGroupName $rgName -Type $saType -Location $locName

For example:

$saName="vpxstorage"

$saType="Standard_LRS"

New-AzureRmStorageAccount -Name $saName -ResourceGroupName $rgName -Type $saType -Location $locName

Create Availability Set

$avName="<availability set name>"

Command:

New-AzureRmAvailabilitySet -Name $avName -ResourceGroupName $rgName -Location $locName

For example:

$avName="avNSSet"

Create Virtual Network and Subnet

Add new virtual network with at least one subnet, if it is not created previously.

$vnetName = "LBVnet"

Commands:

Create subnets:

$frontendSubnet=New-AzureRmVirtualNetworkSubnetConfig -Name   frontendSubnet -AddressPrefix 10.0.1.0/24 (this parameter value should be as per your requirement)

$backendSubnet=New-AzureRmVirtualNetworkSubnetConfig -Name backendSubnet -AddressPrefix 10.0.2.0/24

Create Virtual Network:

New-AzureRmVirtualNetwork -Name $vnetName -ResourceGroupName $rgName -Location $locName -AddressPrefix 10.0.0.0/16 -Subnet $frontendSubnet,$backendSubnet

Create Public IP Address

The number of public IPs created should be equal to number of External VIPs required.

  • Before using, check for the availability of the value for DomainNameLabel.
  • Create two VIPs.

Commands:

$pubName1 ="PublicIp1"

$dnsName1="nsvpx1"

$pubName2 ="PublicIp2"

$dnsName2="nsvpx2"

$publicIP1 = New-AzureRmPublicIpAddress -Name $pubName1 -ResourceGroupName $rgName -Location $locName -AllocationMethod Static -DomainNameLabel $dnsName1

$publicIP2 = New-AzureRmPublicIpAddress -Name $pubName2 -ResourceGroupName $rgName -Location $locName -AllocationMethod Static -DomainNameLabel $dnsName2

Create Front-end IP for Specified Public IP Addresses

$FIPName1 ="VIP1"

$FIPName2="VIP2"

Commands:

$frontendIP1 = New-AzureRmLoadBalancerFrontendIpConfig -Name $FIPName1 -PublicIpAddress $publicIP1

$frontendIP2 = New-AzureRmLoadBalancerFrontendIpConfig -Name $FIPName2 -PublicIpAddress $publicIP2

Create Back-end Pool

$BEPool1 = "backend-Pool1"

Command:

$beaddresspool1= New-AzureRmLoadBalancerBackendAddressPoolConfig -Name $BEPool1

Create Health Probe

Create TCP health probe with port 9000 and interval 5 seconds.

Command:

$healthProbe = New-AzureRmLoadBalancerProbeConfig -Name HealthProbe -Protocol Tcp -Port 9000 -IntervalInSeconds 5 -ProbeCount 2

Create Load Balancer Rule

For each frond end IP and service, we need to create lbRule.

Here back-end address pool  can contain set of virtual machines. For single VPX deployment only single VPX instance will be part of this pool.

Note: Combined values for front-end IP configuration, back-end address pool, front-end port, back-end port parameters should not be same for any two rules.

For example, every FIP/VIP access, and HTTP service uses front-end port 80. As back-end pool is same, back-end port needs to be used differently for each load balancer rule.

Commands:

$lbrule1 = New-AzureRmLoadBalancerRuleConfig -Name "HTTP1" -FrontendIpConfiguration $frontendIP1 -BackendAddressPool  $beAddressPool1 -Probe $healthProbe -Protocol Tcp -FrontendPort 80 -BackendPort 10080

$lbrule2 = New-AzureRmLoadBalancerRuleConfig -Name "HTTP2" -FrontendIpConfiguration $frontendIP2 -BackendAddressPool  $beAddressPool1 -Probe $healthProbe -Protocol Tcp -FrontendPort 80 -BackendPort 10081

LB rule to access http service of NS can be added in the following way:

Command:

$lbrule3 = New-AzureRmLoadBalancerRuleConfig -Name "HTTPNS" -FrontendIpConfiguration $frontendIP1 -BackendAddressPool  $beAddressPool1 -Probe $healthProbe -Protocol Tcp -FrontendPort 10080 -BackendPort 80

Create Inbound NAT Rules

Create NAT rules for services that does not require to be load balanced.

For example, create an ssh access to VPX instance.

Protocol - FrontEndPort - BackendPort triplet should not be same for two NAT rules belonging to same front-end IP.

Command:

$inboundNATRule1= New-AzureRmLoadBalancerInboundNatRuleConfig -Name SSH1 -FrontendIpConfiguration $frontendIP1 -Protocol TCP -FrontendPort 22 -BackendPort 22

Create Load Balancer

Create load balancer with all of the above defined rules, front-end IPs, and a back-end pool.

Command:

$lbName = "NSALB"

$NRPLB = New-AzureRmLoadBalancer -ResourceGroupName $rgName -Name $lbName -Location $locName -InboundNatRule $inboundNATRule1 -FrontendIpConfiguration $frontendIP1, $frontendIP2 -LoadBalancingRule $lbrule1, $lbrule2, $lbrule3 -BackendAddressPool $beAddressPool1  -Probe $healthProbe

Create NIC

Create a NIC and associate it with the NetScaler VPX instance.

Commands:

$nicName="NIC1"

$lbName="NSALB"

$bePoolIndex=0 

$natRuleIndex=0

$subnetIndex=0 ß Frontend subnet index

$lb=Get-AzureRmLoadBalancer -Name $lbName -ResourceGroupName $rgName

$nic1=New-AzureRmNetworkInterface -Name $nicName -ResourceGroupName $rgName -Location $locName -Subnet $vnet.Subnets[$subnetIndex] -LoadBalancerBackendAddressPool $lb.BackendAddressPools[$bePoolIndex] -LoadBalancerInboundNatRule $lb.InboundNatRules[$natRuleIndex]

Create NetScaler VPX Instance

Create NetScaler VPX instance from MarketPlace image and attach the NIC to the virtual instance.

Commands:

$vmName="VPX1"

$vmSize="Standard_A3" / "Standard_DS4"

$pubName="citrix"

$skuName = "netscalerbyol"

$offerName="netscalervpx110-6531"

$avSet=Get-AzureRmAvailabilitySet -Name $avName -ResourceGroupName $rgName

$vm1=New-AzureRmVMConfig -VMName $vmName -VMSize $vmSize -AvailabilitySetId $avset.Id

$cred=Get-Credential -Message "Type Credentials which will be used to login to VPX instance"

$vm1=Set-AzureRmVMOperatingSystem -VM $vm1 -Linux -ComputerName $vmName -Credential $cred -Verbose

$vm1=Set-AzureRmVMSourceImage -VM $vm1 -PublisherName $pubName -Offer $offerName -Skus $skuName -Version "latest"

$vm1=Add-AzureRmVMNetworkInterface -VM $vm1 -Id $nic1.Id

$diskName="dynamic"   

$storageAcc=Get-AzureRmStorageAccount -ResourceGroupName $rgName -Name $saName

$osDiskUri1=$storageAcc.PrimaryEndpoints.Blob.ToString() + "vhds1/" + $diskName  + ".vhd"

$vm1=Set-AzureRmVMOSDisk -VM $vm1 -Name $diskName -VhdUri $osDiskUri1 -CreateOption fromImage

Set-AzureRmVMPlan -VM $vm1 -Publisher $pubName -Product $offerName -Name $skuName

New-AzureRmVM -ResourceGroupName $rgName -Location $locName -VM $vm1

 

The above commands creates a NetScaler VPX instance, then add virtual servers to the NetScaler VPX instance for the specified front end services.

NetScaler VPX Deployment in High Availability Mode

This section provides PowerShell commands to deploy a NetScaler VPX in HA deployment with multiple front-end IPs mapped to a single back-end pool. 

Configure multiple FIPs, backend pools, load balance rules, and inbound NAT rules as part of the Azure load balancer.

The following rules hold good in HA deployment of NetScaler VPX instances:

  1. A back-end pool contains two NetScaler VPX instances, which are part of HA.
  2. Two load balancer rules are defined and these maps define the following two VIPs:
    1. VIP1:80 > Back-end Pool 1:10080
    2. VIP2:80 > Back-end Pool 1:10081
  3. A load balancer rule is defined, which maps VIP1:10080 > Back-end Pool 1:80, to access NetScaler VPX GUI.
  4. Two inbound NAT rules are defined to map the following two VIPS:
    1. VIP1:22 > Back-end Pool 1:22 to access NetScaler VPX Primary
    2. VIP1:10022 > Back-end Pool-1:22 to access NetScaler VPX Secondary through SSH

All services that are defined as part of Azure load balancer rules will get load balanced. That is, if the primary VPX fails, the secondary VPX will take care of all of the services in Active-Passive HA deployment.

The following image illustrates how you can configure multiple cloud service IP addresses on Azure Resource Manager for NetScaler virtual servers in HA mode.

localized image

Create Resource Group

$rgName="<resource group name>"

$locName="<location name, such as West US>"

Commands:

New-AzureRmResourceGroup -Name $rgName -Location $locName

For example:

$rgName = "ARM-Mult-VIP-HA"

$locName = "East Asia"

New-AzureRmResourceGroup -Name $rgName -Location $locName

Create Storage Account

You must select a globally unique name for your storage account that contains only lowercase letters and numbers.

$saName="<storage account name>"

$saType="<storage account type, specify one: Standard_LRS, Standard_GRS, Standard_RAGRS, or Premium_LRS>"

Commands:

New-AzureRmStorageAccount -Name $saName -ResourceGroupName $rgName -Type $saType -Location $locName

For example:

$saName="vpxstorage1"

$saType="Standard_LRS"

New-AzureRmStorageAccount -Name $saName -ResourceGroupName $rgName -Type $saType -Location $locName

Create Availability Set

$avName="<availability set name>"

Command:

New-AzureRmAvailabilitySet -Name $avName -ResourceGroupName $rgName -Location $locName

For example:

$avName="avNSSetARM"

Create Virtual Network and Subnet

Add new virtual network with at least one subnet if it is not created previously.

$vnetName = "LBVnet"

Commands:

Create subnets:

$frontendSubnet=New-AzureRmVirtualNetworkSubnetConfig -Name   frontendSubnet -AddressPrefix 10.0.7.0/24 ß (this parameter value should be as per your requirement)

$backendSubnet=New-AzureRmVirtualNetworkSubnetConfig -Name backendSubnet -AddressPrefix 10.0.8.0/24

Create Virtual Network:

New-AzureRmVirtualNetwork -Name $vnetName -ResourceGroupName $rgName -Location $locName -AddressPrefix 10.0.0.0/16 -Subnet $frontendSubnet,$backendSubnet

Create Public IP Address

The number of public IP addresses created should be equal to the number of external VIPs required.

  • Before using, check for the availability of the value for Domain.Name.Label.
  • Create two VIPs.

Commands:

$pubName1 ="PublicIp1"

$dnsName1="nsvpx1"

$pubName2 =”PublicIp2"

$dnsName2="nsvpx2"

$publicIP1 = New-AzureRmPublicIpAddress -Name $pubName1 -ResourceGroupName $rgName -Location $locName -AllocationMethod Static -DomainNameLabel $dnsName1

$publicIP2 = New-AzureRmPublicIpAddress -Name $pubName2 -ResourceGroupName $rgName -Location $locName -AllocationMethod Static -DomainNameLabel $dnsName2

Create Front-end IP Addresses

$FIPName1 = "VIP1"

$FIPName2="VIP2"

Commands:

$frontendIP1 = New-AzureRmLoadBalancerFrontendIpConfig -Name $FIPName1 -PublicIpAddress $publicIP1

$frontendIP2 = New-AzureRmLoadBalancerFrontendIpConfig -Name $FIPName2 -PublicIpAddress $publicIP2

Create Back-end Pool

$BEPool1 = "backend-Pool1"

Command:

$beaddresspool1= New-AzureRmLoadBalancerBackendAddressPoolConfig -Name $BEPool1

Create Health Probe

Create TCP health probe with port 9000 and interval 5 seconds.

Command:

$healthProbe = New-AzureRmLoadBalancerProbeConfig -Name HealthProbe -Protocol Tcp -Port 9000 -IntervalInSeconds 5 -ProbeCount 2

Create Load Balancer Rules

For each frond end IP and service, we need to create a separate load balancer rule.

Here Back-end address pool  can contain set of virtual machines. For single NetScaler VPX deployment, only single NetScaler VPX instance will be part of this pool.

Note: Combined values for front-end IP configuration, back-end address pool, front-end port, back-end port parameters should not be the same for any two rules.

Examples:

Here each FIP/VIP access and HTTP service uses front-end port 80. As back-end pool is same, back-end port needs to be used differently for each lb rule.

Command:

$lbrule1 = New-AzureRmLoadBalancerRuleConfig -Name "HTTP1" -FrontendIpConfiguration $frontendIP1 -BackendAddressPool  $beAddressPool1 -Probe $healthProbe -Protocol Tcp -FrontendPort 80 -BackendPort 10080

$lbrule2 = New-AzureRmLoadBalancerRuleConfig -Name "HTTP2" -FrontendIpConfiguration $frontendIP2 -BackendAddressPool  $beAddressPool1 -Probe $healthProbe -Protocol Tcp -FrontendPort 80 -BackendPort 10081

LB rule to access http service of NS can be added in the following way:

Command:

$lbrule3 = New-AzureRmLoadBalancerRuleConfig -Name "HTTPNS" -FrontendIpConfiguration $frontendIP1 -BackendAddressPool  $beAddressPool1 -Probe $healthProbe -Protocol Tcp -FrontendPort 10080 -BackendPort 80

Create Inbound NAT Rules

Create NAT rules for services that does not require to be load balanced.

For example, create an ssh access to VPX instance.

Note: Protocol - Front-end Port - Back-end Port triplet should not be the same for two NAT rules belonging to the same front-end IP address.

Commands:

$inboundNATRule1= New-AzureRmLoadBalancerInboundNatRuleConfig -Name SSH1 -FrontendIpConfiguration $frontendIP1 -Protocol TCP -FrontendPort 22 -BackendPort 22

$inboundNATRule2= New-AzureRmLoadBalancerInboundNatRuleConfig -Name SSH2 -FrontendIpConfiguration $frontendIP1 -Protocol TCP -FrontendPort 10022 -BackendPort 22

Create Load Balancer

Create load balancer with all of the above defined rules, front-end IPs, and a back-end pool.

Command:

$lbName ="NSALB"

$NRPLB = New-AzureRmLoadBalancer -ResourceGroupName $rgName -Name $lbName -Location $locName -InboundNatRule $inboundNATRule1, $inboundNATRule2 -FrontendIpConfiguration $frontendIP1, $frontendIP2 -LoadBalancingRule $lbrule1, $lbrule2, $lbrule3 -BackendAddressPool $beAddressPool1  -Probe $healthProbe

Create NIC

Create a NIC and associate it with the NetScaler VPX instance.

Commands:

$nicName="NIC1"

$lbName="NSALB"

$bePoolIndex=0 

$natRuleIndex=0

$subnetIndex=0 ß Frontend subnet index

$lb=Get-AzureRmLoadBalancer -Name $lbName -ResourceGroupName $rgName

$nic1=New-AzureRmNetworkInterface -Name $nicName -ResourceGroupName $rgName -Location $locName -Subnet $vnet.Subnets[$subnetIndex] -LoadBalancerBackendAddressPool $lb.BackendAddressPools[$bePoolIndex] -LoadBalancerInboundNatRule $lb.InboundNatRules[$natRuleIndex]

$nicName="NIC2”

$lbName="NSALB"

$bePoolIndex=0 

$natRuleIndex=1ß 2nd SSH rule

$subnetIndex=0

$nic2=New-AzureRmNetworkInterface -Name $nicName -ResourceGroupName $rgName -Location $locName -Subnet $vnet.Subnets[$subnetIndex] -LoadBalancerBackendAddressPool $lb.BackendAddressPools[$bePoolIndex] -LoadBalancerInboundNatRule $lb.InboundNatRules[$natRuleIndex]

Create NetScaler VPX Instances

Create a NetScaler VPX instance from MarketPlace image and attach a NIC to it.

Commands:

$vmName="VPX1"

$vmSize="Standard_A3"

$pubName="citrix"

$skuName = "netscalerbyol"

$offerName="netscalervpx110-6531"

$avSet=Get-AzureRmAvailabilitySet -Name $avName -ResourceGroupName $rgName

$vm1=New-AzureRmVMConfig -VMName $vmName -VMSize $vmSize -AvailabilitySetId $avset.Id

$cred=Get-Credential -Message "Type Credentials which will be used to login to VPX instance"

$vm1=Set-AzureRmVMOperatingSystem -VM $vm1 -Linux -ComputerName $vmName -Credential $cred -Verbose

$vm1=Set-AzureRmVMSourceImage -VM $vm1 -PublisherName $pubName -Offer $offerName -Skus $skuName -Version "latest"

$vm1=Add-AzureRmVMNetworkInterface -VM $vm1 -Id $nic1.Id

$diskName="dynamic"

$storageAcc=Get-AzureRmStorageAccount -ResourceGroupName $rgName -Name $saName

$osDiskUri1=$storageAcc.PrimaryEndpoints.Blob.ToString() + "vhds1/" + $diskName  + ".vhd"

$vm1=Set-AzureRmVMOSDisk -VM $vm1 -Name $diskName -VhdUri $osDiskUri1 -CreateOption fromImage

Set-AzureRmVMPlan -VM $vm1 -Publisher $pubName -Product $offerName -Name $skuName

New-AzureRmVM -ResourceGroupName $rgName -Location $locName -VM $vm1

$vmName="VPX2"

$vmSize="Standard_A3"

$pubName="citrix"

$skuName = "netscalerbyol"

$offerName="netscalervpx110-6531"

$avSet=Get-AzureRmAvailabilitySet –Name $avName –ResourceGroupName $rgName

$vm2=New-AzureRmVMConfig -VMName $vmName -VMSize $vmSize -AvailabilitySetId $avset.Id

$cred=Get-Credential -Message "Type Credentials which will be used to login to VPX instance"

$vm2=Set-AzureRmVMOperatingSystem -VM $vm2 -Linux -ComputerName $vmName -Credential $cred -Verbose

$vm2=Set-AzureRmVMSourceImage -VM $vm2 -PublisherName $pubName -Offer $offerName -Skus $skuName -Version "latest"

$vm2=Add-AzureRmVMNetworkInterface -VM $vm2 -Id $nic2.Id

$diskName="dynamic”   

$storageAcc=Get-AzureRmStorageAccount -ResourceGroupName $rgName -Name $saName

$osDiskUri2=$storageAcc.PrimaryEndpoints.Blob.ToString() + "vhds2/" + $diskName  + ".vhd"

$vm1=Set-AzureRmVMOSDisk -VM $vm2 -Name $diskName -VhdUri $osDiskUri2 -CreateOption fromImage

Set-AzureRmVMPlan -VM $vm2 -Publisher $pubName -Product $offerName -Name $skuName

New-AzureRmVM -ResourceGroupName $rgName -Location $locName -VM $vm2

Create Virtual Machines

Once both NetScaler VPX instances come up, then connect to both VPX instances through SSH to configure the virtual machines.

  1. To configure Active-Passive HA, run "add HA node #nodeID" command on both nodes and then running configuration commands on Primary VPX instance.
  2. To configure Active-Active HA, run same set of configuration commands on both of nodes.

Azure ARM Components

This table lists those of the Azure ARM components that can be created using PowerShell and those that can be created using the Azure Resource Manager portal.

  PowerShell ARM Portal
Resource Group Yes Yes
Storage Account
Yes Yes
Availability Set  Yes Yes
Virtual Network and Subnet Yes Yes
Public IP Yes Yes
Multiple Frontend IP Yes No
Backend Pool Yes Yes
Health Probes      Yes Yes
LB Rules with each rule using only one front end IP Yes Yes
LB Rules with each rule using different front end IP Yes No
Inbound NAT Rules with same front end IP for all Yes Yes
Inbound NAT rules with different front end IP Yes No
External Load Balancer Yes Yes
Internal Load Balancer Yes Yes
Load balancer with front end IP Yes Yes
Load balancer with multiple front end IP Yes No
Network Security Group (NSG) Yes Yes
Network Interface Card (NIC) Yes Yes
Virtual Machine Yes Yes
Yes
Yes
Yes