Link to home
Start Free TrialLog in
Avatar of MOQINFRA
MOQINFRA

asked on

StoreFront 2.0 load Balanced

i am stuck at configuring StoreFront 2.0 , load balanced and provide access through Netscaler  , here is my situation.

I have been asked to build 2 Storefront servers , which should be part of the same group.

So as i understand  , i will setup the first server configure it and join the 2nd server to it.

Doubts:

Since i have been asked  to implement SSL certficate for storefront servers as well , we have a Internal root CA

How many certificates do i have to request.

Do i request 1 for each server ?


I want my internal users to go to https://Vdi.domain.com and be able to acces sthe published resources /desktops

What should be the Common Name of the certificate  ?

Will the common name for both certificates for both storefront servers be same ?

once i get it working internally , i will tehn have to setup Netsacler access


I followed http://support.citrix.com/article/CTX133185

http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-netscaler-and-citrix-xendesktop-7-deployment-guide.pdf

However neither of them tells us about what has to be done with respect to certificates on the 2nd Storefront server.
ASKER CERTIFIED SOLUTION
Avatar of Coralon
Coralon
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of MOQINFRA
MOQINFRA

ASKER

quick question  (Many to come though)

When i export it from server01 (in IIS or mmc for certificates),

do i import it on server 02 through IIS or in the Certificates console > Personal >Certificates
Yes.  You will export it with the certificates MMC and import it the same way.  Be sure you get your chaining & root certs also.  (There is a checkbox when you export to include all the certs in the chain).

Coralon
After struggling for long -- I have made the 1st test and 2nd test work .

Now internally i am able to browse https://ourvdi.domain.com 

I have tested using the DNS Alias for both Servers and they work.

Will test the Netscaler stuff


----


P.S I Still have lot of StoreFront issues though related to - replication and Join
Getting stuck conceptualy on setting up netscaler:

Now that i have tested internally by creating CNAMES for both server and they work.

The certificate we issues internally using Intrnal CA has the Comman Name

vditest.domain.com

However the certificate that we purchased from Symantec is

vdi.domain.com


Was i supposed to use vdi.domain,com internally on the Storefront servers as well , or just on the netscaler.

How will the vdi.domain.com relate to our internal vditest.domain.com
You'll use your vdi.domain.com on the Netscaler, and on the cert.  You'll point vdi.domain.com to the VIP on the netscaler.   You'll also load the vditest.domain.com certs on your Netscaler.

You'll attach the vdi.domain.com cert to the externally facing VIP, and vditest.domain.com cert on your internal facing VIP.  

The Netscaler will handle the SSL offloading the vdi.domain.com and passing through the vditest.domain.com SSL traffic.  

Coralon