jdflory
asked on
How design a Citrix Netscaler deployment?
Hello Everyone,
Just purchased a new Netscaler 8200. We want to use this for reverse proxy, NLB and SSL vpn. I am trying to figure out the best deployment scenario for our environment.
Basic Setup:
The netscaler has a management nic. Is this interface any different then the other interfaces? Does having a management nic on different network mean that it would be a 2 arm deployment?
If everything is behind a firewall should I even bother with a management nic? With the management nic routing becomes more complicated.
SSL VPN
For SSL vpn is it best to have a nic the inside and one on the DMZ? Or should I just have a single nic in the DMZ?
Reverse proxy
If we want to do reverse proxy in the DMZ for servers that reside on internal network is single arm ok?
Thanks
Just purchased a new Netscaler 8200. We want to use this for reverse proxy, NLB and SSL vpn. I am trying to figure out the best deployment scenario for our environment.
Basic Setup:
The netscaler has a management nic. Is this interface any different then the other interfaces? Does having a management nic on different network mean that it would be a 2 arm deployment?
If everything is behind a firewall should I even bother with a management nic? With the management nic routing becomes more complicated.
SSL VPN
For SSL vpn is it best to have a nic the inside and one on the DMZ? Or should I just have a single nic in the DMZ?
Reverse proxy
If we want to do reverse proxy in the DMZ for servers that reside on internal network is single arm ok?
Thanks
ASKER
Is single arm ok for vpn? Should I be looking at each service separately? Like single arm for reverse proxy and dual arm for vpn?
If I have single arm for vpn would have to open all ports from netscaler to inside network?
Thanks
If I have single arm for vpn would have to open all ports from netscaler to inside network?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Following Citrix document will give you comprehensive details of how to setup SSL VPN and reverse proxy.
http://cdn.ws.citrix.com/wp-content/uploads/2008/09/Citrix_SSLVPN_DeploymentGuide.pdf
http://support.citrix.com/proddocs/topic/netscaler-cache-redirection-92/ns-cr-config-revrs-prx-redirct-tsk.html
Single arm should be okay for Reverse proxy setup. Single arm setup is easy to implement and troubleshoot; not many network changes required and provides good security..
-Chandu