Product Documentation

Monitoring SSL Services

Jun 16, 2014

The NetScaler appliance has built-in secure monitors, TCPS and HTTPS. You can use the secure monitors to monitor HTTP as well as non-HTTP traffic. To configure a secure HTTP monitor, select the monitor type as HTTP, and then set the secure flag. To configure a secure TCP monitor, select the monitor type as TCP, and then set the secure flag.The secure monitors work as described below:

  • Secure TCP monitoring. The NetScaler appliance establishes a TCP connection. After the connection is established, the appliance performs an SSL handshake with the server. After the handshake is over, the appliance closes the connection.
  • Secure HTTP monitoring. The NetScaler appliance establishes a TCP connection. After the connection is established, the appliance performs an SSL handshake with the server. When the SSL connection is established, the appliance sends HTTP requests over the encrypted channel and checks the response codes.

The following table describes the available built-in monitors for monitoring SSL services.

Monitor type

Probe

Success criteria (Direct condition)

TCP

TCP connection

SSL handshake

Successful TCP connection established and successful SSL handshake.

HTTP

TCP connection

SSL handshake

Encrypted HTTP request

Successful TCP connection is established, successful SSL handshake is performed, and expected HTTP response code in server HTTP response is encrypted.

TCP-ECV

TCP connection

SSL handshake

(Data sent to a server is encrypted.)

Successful TCP connection is established, successful SSL handshake is performed, and expected TCP data is received from the server.

HTTP-ECV

TCP connection

SSL handshake

(Encrypted HTTP request)

Successful TCP connection is established, successful SSL handshake is performed, and expected HTTP data is received from the server.