Product Documentation

Consolidation When the Management Service and the NetScaler Instances are in Different Networks

Apr 28, 2017
In certain cases, the appliance administrator might allow other administrators to perform administration tasks on individual instances. This can be safely done by giving an individual instance administrator login rights to just that instance. But, for security reasons, the appliance administrator might not want to allow the instance to be on the same network as the Management Service. This is a very common scenario in service provider environments, and it is becoming increasingly common in enterprises as they adopt virtualization and cloud architectures.

In the following example, the Management Service is in the 10.1.1.x network and the NetScaler instances are in the 10.1.2.x network. Interfaces 0/1 and 0/2 are the management interfaces, 1/1 to 1/8 are 1G data interfaces, and 10/1 to 10/4 are 10G data interfaces. Each instance has its own dedicated administrator and its own dedicated physical interface. Therefore, the number of instances is limited to the number of physical interfaces available on the appliance. VLAN filtering is not required, because each instance has its own dedicated interface. Optionally, disable VLAN filtering to configure up to 4096 VLANs per instance per interface. In this example, you do not need to configure an NSVLAN, because instances are not sharing a physical interface and there are no tagged VLANs. For more information about NSVLANs, see Adding a NetScaler Instance.

The following figure illustrates the above use case.

Figure 1. Network topology of an SDX appliance with Management Service and NetScaler NSIPs for Instances in different networks

As the appliance administrator, you have the option to keep the traffic between the Management Service and the NSIP addresses on the SDX appliance, or to force the traffic off the device if, for example, you want traffic to go through an external firewall or some other security intermediary and then return to the appliance.

The following table lists the names and values of the parameters used for provisioning NetScaler Instance 1 in this example.

Parameter Name

Values for Instance 1

Name

vpx1

IP Address

10.1.2.2

Netmask

255.255.255.0

Gateway

10.1.2.1

XVA File

NS-VPX-XEN-10.0-51.308.a_nc.xva

Feature License

Platinum

Admin Profile

ns_nsroot_profile

User Name

vpx1

Password

Sdx

Confirm Password

Sdx

Shell/Sftp/Scp Access

True

Total Memory (MB)

2048

#SSL Chips

1

Throughput (Mbps)

1000

Packets per second

1000000

CPU

Shared

Interface

0/2 and 1/1

To provision NetScaler Instance 1 as shown in this example

  1. On the Configuration tab, in the navigation pane, expand NetScaler Configuration, and then click Instances.
  2. In the NetScaler Instances pane, click Add.
  3. In the Provision NetScaler Wizard follow the instructions in the wizard to set the parameters to the values shown in the above table.
  4. Click Create, and then click Close. The NetScaler instance you provisioned appears in the NetScaler Instances pane.