In the 5th and final part of this blog series on configuring NetScaler 10.1 I will cover VPN configuration. If you have been following along for the entire series you have a fully functional NetScaler that is successfully load balancing your DNS, LDAP, XML traffic, StoreFront traffic, and secure external access via Access Gateway. I consider VPN the “final piece” of the puzzle in a basic config and I’m going to show you in this post two methods specifically of doing it.
If you have been doing Citrix for any length of time you are probably very familiar with the “Web Interface” servers of old. That has now changed, Web Interface is on its way out and its replacement is StoreFront. With the release of XenDesktop 7 we also finally got StoreFront 2.0 which addressed a lot of the complaints I had with StoreFront 1.2 (namely, the PITA SQL requirement). Having finally done some SF 2.0 deployments now I can say I am pleased with the progress that has been made..and for users running XenApp 6.5 we finally got pre-launch functionality back with SF2.0.
In this part 4 in my 5 part series of basic NetScaler configuration I will show you how to make your XenApp/XenDesktop environment securely available to your external users with Access Gateway Enterprise Edition (AGEE). In addition, your LDAP authentication queries will be load balanced (bonus!) and we’ll modify the theme to match StoreFront’s green bubble UI. As a prerequisite you need to have the certificate already loaded onto the NetScaler that you want to use for your external access. I’ve got to say I really like the new AGEE setup wizard, it really simplifies setup here over past releases.
Continuing from my 2nd of this 5 part series..in my last post I showed how to load balance your DNS and LDAP. Along that same line we will now load balance a XenApp farm’s XML brokers and StoreFront servers. If you have web interface, I’ll call out where you would do that also but I won’t detail it with screen shots as StoreFront is the de facto standard moving forward now. You can also load balance XenDesktop using a wizard almost identical to the XenApp one and I will call it out also but will not be diving into it with screen shots as they would just be redundant.
As a prerequisite, almost all StoreFront deployments utilize SSL internally (and externally) so the StoreFront servers would be loaded with a certificate. That certificate would need to be exported and then imported into the NetScaler along with its intermediate and root and properly linked. That is beyond the scope of this post but there is a great walkthrough HERE on how to do it.