Product Documentation

Setting Up NetScaler for XenApp/XenDesktop

Aug 30, 2016

A NetScaler appliance can provide load balanced, secure remote access to your XenApp/XenDesktop applications. You can use the NetScaler load balancing feature to distribute traffic across the XenApp/XenDesktop servers, and the NetScaler Gateway feature to provide secure remote access to the servers. NetScaler can also accelerate and optimize the traffic flow and offer visibility features that are useful for XenApp/XenDesktop deployments.

The configurations that are required to be performed on the NetScaler are consolidated in a wizard that simplifies the deployment. You can also apply the following preset configurations:

  • Optimization settings such as TCP profiles, compression, caching, and SSL quantum settings.

  • Security settings such as application firewall profiles and policies.

  • Visibility settings such as HDX Insight policies.

Figure 1. NetScaler Appliance in XenApp/XenDesktop Setup

The above figure shows the components involved in this deployment:

  • NetScaler Gateway. Provides the URL for user access, and provides security by authenticating the users.

  • NetScaler load balancing virtual server. Load balances the traffic for the Web Interface or StoreFront servers. You can also deploy a load balancing virtual server in front of the XenApp/XenDesktop servers to load balance key components such as XML Broker and Desktop Delivery Controller (DDC) server.

  • Web Interface or StoreFront or Web Interface on NetScaler. Provides the interface through which you can access the applications.

    Note: Web Interface on NetScaler (WIonNS) is a customization of the Web Interface product, hosted on the NetScaler appliance.
  • XenApp/XenDesktop. Provides the applications that your users want to access.

Prerequisites

Before using the wizard, make sure of the following:

  • XenApp/XenDesktop servers are configured and available.

  • Web Interface, StoreFront, or Web Interface on NetScaler servers are configured and available.

  • You have a working knowledge of NetScaler Gateway, NetScaler, XenApp, XenDesktop, and StoreFront/Web Interface/Web Interface on NetScaler. For more information, see "Citrix eDocs."

To set up the NetScaler for XenApp/XenDesktop by using the wizard

  1. Log on to the NetScaler appliance and, on the Configuration tab, navigate to Traffic Management > Load Balancing.
  2. In the details pane, under XenApp/XenDesktop, click Set Up NetScaler for XenApp/XenDesktop.
    Note: If the setup exists on the NetScaler, click the Edit link corresponding to each of the section that you want to modify.
  3. Select the XenApp/XenDesktop deployment type.
    Note: The wizard supports only the single-hop deployment of XenApp/XenDesktop.
  4. Select the product (StoreFront, Web Interface, or Web Interface on NetScaler) that in your deployment provides the interface for access to the XenApp/XenDesktop applications.
  5. Set up secure remote access.
    1. In the NetScaler Gateway Settings section, specify the details for the VPN virtual server.
    2. In the Certificate section, choose an existing certificate or install a new certificate.
    3. In the Authentication Settings section, configure the primary authentication mechanism to be used and specify the server details. You can also configure secondary authentication to provide two-factor authentication.
      Note: While configuring the primary authentication mechanism, you can select the Load Balancing check box to distribute traffic among authentication servers. In the address field that appears, specify the IP address to assign to the load balancing virtual server.
  6. Set up the interface used to access the applications. In the Web Interface, StoreFront, or Web Interface on NetScaler section, do the following:
    1. Specify the details of the server that provides the interface for accessing the applications.
    2. Select the Load Balancing check box to distribute load among the servers. In the address field that appears, specify the IP address to assign to the load balancing virtual server.
      Note: If Web Interface on NetScaler is selected in this wizard, but it is not installed on the NetScaler appliance, you are prompted to upload the TAR and JRE files. For more information, see "Installing the Web Interface."
  7. Specify the XenApp/XenDesktop server(s) from which the applications are to be accessed. In the Xen Farm section, do the following:
    1. Provide details of the servers from which your users want to access applications.
    2. Select the Load Balancing check box to distribute load among the servers. In the address field that appears, specify the IP address to assign to the load balancing virtual server.
  8. Configure optimization, security, and visibility on the NetScaler appliance.
    • In the Optimization section, click Apply. The following configurations are executed internally:

      TCP Profile 
      > set vpn vserver ag_vsvr1 -tcpProfileName nstcp_default_XA_XD_profile 
      > set servicegroup WI_servicegroup -tcpProfileName nstcp_default_XA_XD_profile 
      > set servicegroup SF_servicegroup -tcpProfileName nstcp_default_XA_XD_profile 
      > set servicegroup XA_Primary_Broker_servicegroup -tcpProfileName nstcp_default_XA_XD_profile 
      > set servicegroup XA_Secondary_Broker_servicegroup -tcpProfileName nstcp_default_XA_XD_profile 
      > set servicegroup XD_servicegroup -tcpProfileName nstcp_default_XA_XD_profile 
       
      Compression 
      > enable ns feature cmp 
      > set servicegroup WI_servicegroup -cmp on 
      > set servicegroup SF_servicegroup -cmp on 
      > set servicegroup XA_Primary_Broker_servicegroup -cmp on 
      > set servicegroup XA_Secondary_Broker_servicegroup -cmp on 
      > set servicegroup XD_servicegroup -cmp on 
       
      Caching 
      > enable ns feature IC 
      > add cache contentgroup cache_group_XA-XD 
      > set cache parameter -memLimit 100 
      > add cache policy cache_pol1 -rule TRUE -action CACHE -storeInGroup cache_group_XA-XD 
      > bind cache global XA_XD_10.102.87.108_cachepol -priority 10 -gotoPriorityExpression END -type REQ_DEFAULT 
       
      SSL quantum settings 
      > set ssl parameter -quantumSize 4 -sslTriggerTimeout 10 -encryptTriggerPktCount 10 -pushEncTriggerTimeout 10
    • In the Security section, click Apply.

      Note: The security settings are not applicable for this release.
    • In the Visibility section, click Apply. The following configurations are executed internally:

      > enable feature Appflow 
      > set vpn vserver ag_vsvr1 -appflowLog ENABLED
      Note: Make sure that the appliance is added to the NetScaler Insight Center appliance.
  9. Click Done to complete the configuration.