NetScaler SDX

Consolidation when the Management Service and the NetScaler instances are in different networks

In certain cases, the appliance administrator might allow other administrators to perform administration tasks on individual instances. This can be safely done by giving an individual instance administrator login rights to just that instance. But, for security reasons, the appliance administrator might not want to allow the instance to be on the same network as the Management Service. This is a common scenario in service provider environments, and it is becoming increasingly common in enterprises as they adopt virtualization and cloud architectures.

In the following example, the Management Service is in the 10.1.1.x network and the NetScaler instances are in the 10.1.2.x network. Interfaces 0/1 and 0/2 are the management interfaces, 1/1 to 1/8 are 1G data interfaces, and 10/1 to 10/4 are 10G data interfaces. Each instance has its own dedicated administrator and its own dedicated physical interface. Therefore, the number of instances is limited to the number of physical interfaces available on the appliance. VLAN filtering is not required, because each instance has its own dedicated interface. Optionally, disable VLAN filtering to configure up to 4096 VLANs per instance per interface. In this example, you do not need to configure an NSVLAN, because the instances are not sharing a physical interface and there are no tagged VLANs. For more information about NSVLANs, see Adding a NetScaler instance

The following figure illustrates the preceding use case.

Figure 1. Network topology of an SDX appliance with Management Service and NSIPs for Instances in different networks

topology3

As the appliance administrator, you can keep the traffic between the Management Service and the NSIP addresses on the SDX appliance. Or you can force the traffic off the device if, for example, you want traffic to go through an external firewall or some other security intermediary and then return to the appliance.

The following table lists the names and values of the parameters used for provisioning NetScaler instance 1 in this example.

Parameter Name Values for Instance 1
Name vpx1
IP Address 10.1.2.2
Netmask 255.255.255.0
Gateway 10.1.2.1
XVA File NS-VPX-XEN-10.0-51.308.a_nc.xva
Feature License Platinum
Admin Profile ns_nsroot_profile
User Name vpx1
Password Sdx1
Confirm Password Sdx1
Shell/Sftp/Scp Access True
Total Memory (MB) 2048
#SSL Chips 1
Throughput (Mbps) 1000
Packets per second 1000000
CPU Shared
Interface 0/2 and 1/1

To provision NetScaler instance 1 as shown in this example

  1. On the Configuration tab, in the navigation pane, expand NetScaler Configuration, and then click Instances.
  2. In the NetScaler instances pane, click Add.
  3. In the Provision NetScaler Wizard follow the instructions in the wizard to set the parameters to the values shown in the preceding table.
  4. Click Create, and then click Close. The NetScaler instance you provisioned appears in the NetScaler instances pane.
Consolidation when the Management Service and the NetScaler instances are in different networks