• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 415
  • Last Modified:

How to Plan a hot Standby Gateway server for Citrix

Hi Experts,

We have three Xenapp farms(Xenapp 4.5 and 5.0 on windows 2003 and one Xenapp 6.5 on 2008R2) at present.

All the users are connecting to Citrix via Citrix Secure Gateway. This server is on VMware with Windows 2003 OS.

We want to create another Gateway server which will act as a Hot Standby or as a load balance. Our aim is to reduce any single point of failure for getting into Citrix farms.

Can you please guide me what should be the best solutions. We dont want to invest on Netscaler at this time.

Also what about the Windows load balance options? We are into planning stage and thus we can consider anything that will suite our goal.
  • 2
1 Solution
Tony JLead Technical ArchitectCommented:

You can indeed use NLB althought ideally it should be a hardware based load balancer.

There are some details on how to configure HA for Secure Gateway here:


You don't necessarily need a Netscaler by the way - you may want to investigate CAG's (Citrix Access Gateways). You can get VPX editions which are virtual appliances (as indeed, you can get NS VPX's) which tend to be considerably less expensive than their physical counterparts.
Jayanta SarmahCommented:
Well if you are planning for load balancing the Secure Gateways , you will require a load balancing option like Windows Load balancing/F5 etc as you mentioned.

But if you simply require a Hot standby configuring DNS round robin should be good enough to ensure if user session fails on the first Secure Gateway it redirects to the Second , although preferance will be always to have it controlled through NLB / F5 etc if you already have it.

Looking at your objective to avoid single point of failure , NLB seems good .

As Tony suggested CAG ( netscaler access gateway module /VPX) is a great solution for HA/loadbalancing , ofcourse all good thing comes with a price tag :)
Tony JLead Technical ArchitectCommented:
Personally though, I am not a fan of DNS round robin - if you have two servers and one goes down, 50% of requests still land on the failed address until such a time as someone notices and either fixes the issue or removes the DNS entry.

I know...user education should help but even after almost 20 years of working with Citrix technologies, I still see users making the same mistakes they really shouldn't be like not logging off, so I'm not a big believer they can grasp even simple ideas for the most.


Three other, VMware-based options may be viable for you of course - if you have sufficient hosts you can rely on HA. Granted it's not an instant failover. Nor is the second - have a hot (virtual) spare running on a different host but with the network disconnected. Simply enable the network in the event of a failure. And finally if your servers could cope with a single core, single CPU you could investigate having a lockstep partner.

I am not a massive fan of any of these options either, though:

The hot spare could cause issues if someone accidentally enables the NIC at the wrong time;
HA is ok if you don't need instant failover;
Lockstep is limited to single-core, single CPU so simply may not be powerful enough to cope.
bubaibhattaAuthor Commented:
So what about this idea:

we create another clean gateway with CSG server on a VM. When there is some issue, we simply update the user to use another link till we solve the issue?

I was thinking one step ahead though. Is there any way that will redirect the link (that the users are using all the time) to the standby server link when we have some issue on the main server? This redirection should work even when the main server is dead or powered off.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now