Product Documentation

Configure NetScaler for StorageZones Controller

Sep 27, 2015

NetScaler, version 10.1 build 120.1316.e and above, includes a wizard that prompts you for basic information about your StorageZones Controller environment and then generates a configuration that:

  • Load balances traffic across StorageZones Controllers
  • Provides user authentication for StorageZone Connectors
  • Validates URI signatures for ShareFile uploads and downloads
  • Terminates SSL connections at the NetScaler appliance

NetScaler deployment configuration

The diagram shows these NetScaler components created by the configuration:

  • NetScaler content switching virtual server — Sends user requests for data from ShareFile and from StorageZone Connectors to the appropriate NetScaler load balancing virtual server.
  • NetScaler load balancing virtual server — Load balances the traffic for your StorageZones Controllers and also handles the following:
    • For requests for data from your private data storage, a load balancing virtual server performs hash validation, to ensure valid URI signatures are present on incoming requests.
    • For requests for data from StorageZone Connectors, a load balancing virtual server performs user authentication. It stops a user request at the NetScaler, authenticates the user, and then performs single sign-on of the user to StorageZones Controller.

      Although authentication to NetScaler is optional, it is a recommended best practice.

Note: To set up NetScaler versions prior to 10.1 build 120.1316.e, see Configure NetScaler manually.

The Set up NetScaler for ShareFile wizard does not handle the configuration required to use NetScaler and XenMobile App Controller as a SAML identity provider for ShareFile.

Prerequisites

  • A working NetScaler configuration
  • Security certificate: If one is not already available in NetScaler, the wizard enables you to install one on the content switching virtual server.
  • Information about your Active Directory configuration:
    • IP address and port of your Active Directory server
    • Active Directory domain name
    • LDAP Base DN where users are stored
    • Account name and password for an administrator account that has permissions to communicate with Active Directory

To set up NetScaler for StorageZones Controllers

  1. Log on to the NetScaler appliance and, on the Configuration tab, navigate to Traffic Management > Load Balancing.
  2. Under Citrix ShareFile, click Set up NetScaler for ShareFile.

    You can also access the wizard as follows: Under Mobility, click Configure XenMobile, ShareFile, and NetScaler Gateway.

  3. Supply the information requested in the wizard.
    Option Description
    Name A display name for the content switching virtual server.
    IP Address The external (public or DMZ) IP address to be used for the content switching virtual server. If you use a DMZ IP address, you must define a Network Address Translation (NAT) mapping from your external firewall address to this DMZ IP address.
    ShareFile Data This option is enabled, indicating that you will use the NetScaler connection for StorageZones for ShareFile Data.
    StorageZone Connectors for Network File Shares/SharePoint If you use Connectors and you want to perform user authentication at the NetScaler, select the check box.
    Certificate Choose a certificate or install one for the content switching virtual server. If you choose to install a certificate, you are prompted to upload the certificate and private key. Certificates must be publicly trusted and not self-signed.
    StorageZones Controller IP Address The internal IP addresses for one or more StorageZones Controller servers. These IP addresses define the StorageZones Controller servers as entities inside of NetScaler. If you already added the servers to NetScaler, click Add From Existing and select the servers.

    To use NetScaler for load balancing, enter an internal IP address for each StorageZones Controller server. To use NetScaler only for SSL and authentication, enter just one IP address.

    Port and Protocol The port and protocol used for communication from the NetScaler to StorageZones Controllers.
    AAA VServer IP Address An unused internal IP address for the Authentication, Authorization, and Auditing (AAA) virtual server. NetScaler creates this virtual server for its own use. The server does not require outside access.
    LDAP Server IP Address and Port The IP address and port of your Active Directory server. If you already added an LDAP server to NetScaler, click the Choose LDAP tab and choose the server.
    Time out The maximum number of seconds that the NetScaler waits for a response from the LDAP server. Defaults to 3 seconds. The minimum value is 1 second.
    Single Sign-on Domain The Active Directory domain name.
    Base DN (location of users) The LDAP Base Distinguished Name (DN) where users are stored. Specify the DN using the general form: CN=Users,dc=domain, dc=Net
    Administrator Bind DN and Password An administrator account that has permissions to communicate with Active Directory.
    Logon Name An LDAP attribute, used by NetScaler to determine whether users log on with their user name or email address. Defaults to sAMAccountName, which enables users to log on with their user names. To require users to enter their email address to log on, change this field to userPrincipalName.

To verify the configuration

After you complete the wizard, go to Traffic Management > Load Balancing > Virtual Servers to view the status of the load balancing virtual servers created by the wizard.

To view the throughput of ShareFile requests through NetScaler

  1. Go to Traffic Management > Load Balancing.
  2. Under Mobility, click Configure XenMobile, ShareFile, and NetScaler Gateway. The throughput is shown under ShareFile LB.

    You can also edit or remove the configuration generated by the wizard by clicking the links on that page.