Product Documentation

Verifying the Configuration

Nov 08, 2013

After you finish configuring your system, complete the following checklists to verify your configuration.

Configuration Checklist

  • The build running is:
  • There are no incompatibility issues. (Incompatibility issues are documented in the build’s release notes.)
  • The port settings (speed, duplex, flow control, monitoring) are the same as the switch’s port.
  • Enough mapped IP addresses have been configured to support all server-side connections during peak times.
    • The number of configured mapped IP addresses is: ____
    • The expected number of simultaneous server connections is:

      [ ] 62,000 [ ] 124,000 [ ] Other____

Topology Configuration Checklist

  • The routes have been used to resolve servers on other subnets.

    The routes entered are:

    _________________________________________

  • If the NetScaler is in a public-private topology, reverse NAT has been configured.
  • The failover (high availability) settings configured on the NetScaler resolve in a one arm or two-arm configuration. All unused network interfaces have been disabled:

    _________________________________________

  • If the NetScaler is placed behind an external load balancer, then the load balancing policy on the external load balancer is not “least connection.”

    The load balancing policy configured on the external load balancer is:

    _________________________________________

  • If the NetScaler is placed in front of a firewall, the session time-out on the firewall is set to a value greater than or equal to 300 seconds.
    Note: The TCP idle connection timeout on a NetScaler appliance is 360 seconds. If the timeout on the firewall is also set to 300 seconds or more, then the appliance can perform TCP connection multiplexing effectively because connections will not be closed earlier.
    The value configured for the session time-out is: ___________________

Server Configuration Checklist

  • “Keep-alive” has been enabled on all the servers.

    The value configured for the keep-alive time-out is: ___________________

  • The default gateway has been set to the correct value. (The default gateway should either be a NetScaler or upstream router.) The default gateway is:

    _________________________________________

  • The server port settings (speed, duplex, flow control, monitoring) are the same as the switch port settings.

    _________________________________________

  • If the Microsoft® Internet Information Server is used, buffering is enabled on the server.
  • If an Apache Server is used, the MaxConn (maximum number of connections) parameter is configured on the server and on the NetScaler.

    The MaxConn (maximum number of connections) value that has been set is:

    _________________________________________

  • If a Netscape® Enterprise Server™ is used, the maximum requests per connection parameter is set on the NetScaler. The maximum requests per connection value that has been set is:

    _________________________________________

Software Features Configuration Checklist

  • Does the Layer 2 mode feature need to be disabled? (Disable if another Layer 2 device is working in parallel with a NetScaler.)

    Reason for enabling or disabling:

    _________________________________________

  • Does the MAC-based forwarding feature need to be disabled? (If the MAC address used by return traffic is different, it should be disabled.)

    Reason for enabling or disabling:

    _________________________________________

  • Does host-based reuse need to be disabled? (Is there virtual hosting on the servers?)

    Reason for enabling or disabling:

    _________________________________________

  • Do the default settings of the surge protection feature need to be changed?

    Reason for changing or not changing:

    _________________________________________

Access Checklist

  • The system IPs can be pinged from the client-side network.
  • The system IPs can be pinged from the server-side network.
  • The managed server(s) can be pinged through the NetScaler.
  • Internet hosts can be pinged from the managed servers.
  • The managed server(s) can be accessed through the browser.
  • The Internet can be accessed from managed server(s) using the browser.
  • The system can be accessed using SSH.
  • Admin access to all managed server(s) is working.
Note: When you are using the ping utility, ensure that the pinged server has ICMP ECHO enabled, or your ping will not succeed.

Firewall Checklist

The following firewall requirements have been met:

  • UDP 161 (SNMP)
  • UDP 162 (SNMP trap)
  • TCP/UDP 3010 (GUI)
  • HTTP 80 (GUI)
  • TCP 22 (SSH)