StoreFront 2.0 load Balanced

i am stuck at configuring StoreFront 2.0 , load balanced and provide access through Netscaler  , here is my situation.

I have been asked to build 2 Storefront servers , which should be part of the same group.

So as i understand  , i will setup the first server configure it and join the 2nd server to it.

Doubts:

Since i have been asked  to implement SSL certficate for storefront servers as well , we have a Internal root CA

How many certificates do i have to request.

Do i request 1 for each server ?


I want my internal users to go to https://Vdi.domain.com and be able to acces sthe published resources /desktops

What should be the Common Name of the certificate  ?

Will the common name for both certificates for both storefront servers be same ?

once i get it working internally , i will tehn have to setup Netsacler access


I followed http://support.citrix.com/article/CTX133185

http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-netscaler-and-citrix-xendesktop-7-deployment-guide.pdf

However neither of them tells us about what has to be done with respect to certificates on the 2nd Storefront server.
MOQINFRAAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CoralonCommented:
You will create the certificate on the first StoreFront server.  
The common name will be the load balanced name - vdi.domain.com.
After you have created the cert, you will export it, along with the private key into a PFX file.
You will import that PFX file into the 2nd StoreFront server.
You will then import that same PFX file into your netscaler.  

To test this, you will first configure a DNS alias for your common name internally, and just point it at the 1st netscaler.  
Get it working, then join your 2nd SF server to the group/farm.  (You don't actually configure your 2nd SF server - when you join it and provide the code, it automatically imports the configuration from the first one).
Then change your DNS alias to point to the 2nd SF server and test.
*Then* you change your DNS alias to point to the VIP on your Netscaler.

That's the basics of it :-)

Coralon
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MOQINFRAAuthor Commented:
quick question  (Many to come though)

When i export it from server01 (in IIS or mmc for certificates),

do i import it on server 02 through IIS or in the Certificates console > Personal >Certificates
0
CoralonCommented:
Yes.  You will export it with the certificates MMC and import it the same way.  Be sure you get your chaining & root certs also.  (There is a checkbox when you export to include all the certs in the chain).

Coralon
0
MOQINFRAAuthor Commented:
After struggling for long -- I have made the 1st test and 2nd test work .

Now internally i am able to browse https://ourvdi.domain.com 

I have tested using the DNS Alias for both Servers and they work.

Will test the Netscaler stuff


----


P.S I Still have lot of StoreFront issues though related to - replication and Join
0
MOQINFRAAuthor Commented:
Getting stuck conceptualy on setting up netscaler:

Now that i have tested internally by creating CNAMES for both server and they work.

The certificate we issues internally using Intrnal CA has the Comman Name

vditest.domain.com

However the certificate that we purchased from Symantec is

vdi.domain.com


Was i supposed to use vdi.domain,com internally on the Storefront servers as well , or just on the netscaler.

How will the vdi.domain.com relate to our internal vditest.domain.com
0
CoralonCommented:
You'll use your vdi.domain.com on the Netscaler, and on the cert.  You'll point vdi.domain.com to the VIP on the netscaler.   You'll also load the vditest.domain.com certs on your Netscaler.

You'll attach the vdi.domain.com cert to the externally facing VIP, and vditest.domain.com cert on your internal facing VIP.  

The Netscaler will handle the SSL offloading the vdi.domain.com and passing through the vditest.domain.com SSL traffic.  

Coralon
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Citrix

From novice to tech pro — start learning today.