Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


How to Plan a hot Standby Gateway server for Citrix

Posted on 2013-11-19
Medium Priority
Last Modified: 2016-10-25
Hi Experts,

We have three Xenapp farms(Xenapp 4.5 and 5.0 on windows 2003 and one Xenapp 6.5 on 2008R2) at present.

All the users are connecting to Citrix via Citrix Secure Gateway. This server is on VMware with Windows 2003 OS.

We want to create another Gateway server which will act as a Hot Standby or as a load balance. Our aim is to reduce any single point of failure for getting into Citrix farms.

Can you please guide me what should be the best solutions. We dont want to invest on Netscaler at this time.

Also what about the Windows load balance options? We are into planning stage and thus we can consider anything that will suite our goal.
Question by:bubaibhatta
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 26

Expert Comment

by:Tony J
ID: 39658710

You can indeed use NLB althought ideally it should be a hardware based load balancer.

There are some details on how to configure HA for Secure Gateway here:

You don't necessarily need a Netscaler by the way - you may want to investigate CAG's (Citrix Access Gateways). You can get VPX editions which are virtual appliances (as indeed, you can get NS VPX's) which tend to be considerably less expensive than their physical counterparts.

Expert Comment

by:Jayanta Sarmah
ID: 39663216
Well if you are planning for load balancing the Secure Gateways , you will require a load balancing option like Windows Load balancing/F5 etc as you mentioned.

But if you simply require a Hot standby configuring DNS round robin should be good enough to ensure if user session fails on the first Secure Gateway it redirects to the Second , although preferance will be always to have it controlled through NLB / F5 etc if you already have it.

Looking at your objective to avoid single point of failure , NLB seems good .

As Tony suggested CAG ( netscaler access gateway module /VPX) is a great solution for HA/loadbalancing , ofcourse all good thing comes with a price tag :)
LVL 26

Accepted Solution

Tony J earned 1500 total points
ID: 39665229
Personally though, I am not a fan of DNS round robin - if you have two servers and one goes down, 50% of requests still land on the failed address until such a time as someone notices and either fixes the issue or removes the DNS entry.

I know...user education should help but even after almost 20 years of working with Citrix technologies, I still see users making the same mistakes they really shouldn't be like not logging off, so I'm not a big believer they can grasp even simple ideas for the most.


Three other, VMware-based options may be viable for you of course - if you have sufficient hosts you can rely on HA. Granted it's not an instant failover. Nor is the second - have a hot (virtual) spare running on a different host but with the network disconnected. Simply enable the network in the event of a failure. And finally if your servers could cope with a single core, single CPU you could investigate having a lockstep partner.

I am not a massive fan of any of these options either, though:

The hot spare could cause issues if someone accidentally enables the NIC at the wrong time;
HA is ok if you don't need instant failover;
Lockstep is limited to single-core, single CPU so simply may not be powerful enough to cope.

Author Comment

ID: 39668091
So what about this idea:

we create another clean gateway with CSG server on a VM. When there is some issue, we simply update the user to use another link till we solve the issue?

I was thinking one step ahead though. Is there any way that will redirect the link (that the users are using all the time) to the standby server link when we have some issue on the main server? This redirection should work even when the main server is dead or powered off.
Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question