• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 320
  • Last Modified:

NetScaler Gateway with XenDesktop 7.1

I am trying to get my NetScaler configured so my users can securely access my Citrix StoreFront.  Right now I am trying to do this all on one subnet to simplify configuration.  The NetScaler, clients and XenDesktop server are all on the same network.  I have been reading "Implementing NetScaler VPX" by Marius Sandbu, specifically section 2.  It is a good book but I still don't have a working solution.  I seem to be stuck setting up the virtual server.  I can't get the state to change from down.
0
kferreira
Asked:
kferreira
  • 3
  • 2
1 Solution
 
Dirk KotteSECommented:
which license do you install?
check/post system/licensing
0
 
Daniel BorgerSenior Citrix Engineer- CCEECommented:
If you setup storefront with HTTPS the virtual server would need a Certificate to be shown as up.  It should also be networking.  Netscaler?system/diagnostics/ping and try to ping storefront from Netscaler.  This may be helpful...http://blogs.citrix.com/2012/04/10/netscaler-for-the-xendesktopxenapp-dummy/
0
 
kferreiraAuthor Commented:
@dkotte I am running the demo version of VPX (1000).  

> show license
      License status:
                         Web Logging: YES
                    Surge Protection: YES
                      Load Balancing: YES
                   Content Switching: YES
                   Cache Redirection: YES
                        Sure Connect: YES
                 Compression Control: YES
                   Delta Compression: NO
                    Priority Queuing: YES
                      SSL Offloading: YES
        Global Server Load Balancing: YES
                      GSLB Proximity: YES
                 Http DoS Protection: YES
                     Dynamic Routing: YES
                   Content Filtering: YES
                  Integrated Caching: YES
                             SSL VPN: YES  (Maximum users = 5)  (Maximum ICA users = Unlimited)
                                 AAA: YES
                        OSPF Routing: YES
                         RIP Routing: YES
                         BGP Routing: YES
                             Rewrite: YES
           IPv6 protocol translation: YES
                Application Firewall: YES
                           Responder: YES
                      HTML Injection: YES
                      NetScaler Push: YES
                 Web Interface on NS: YES
                             AppFlow: YES
                         CloudBridge: YES
                        ISIS Routing: YES
                          Clustering: NO
                            CallHome: NO
                              AppQoE: YES
                     Appflow for ICA: YES
                               Vpath: NO
                     Model Number ID: 1000
                        License Type: Platinum License
 Done
0
 
Daniel BorgerSenior Citrix Engineer- CCEECommented:
Some notes from a build sheet, hard to find anything that doesn't have customer info.  

CONFIGURE ACCESS GATEWAY SETTINGS
   Go to Access Gateway, Virtual Servers
      Create new virtual server Storefront External 443/SSL
      Enter DMZ IP address (NATED IP from external IP)
       SSL protocol port 443  

     Max users- enter # of users listed in licenses "maximum ICA Users Allowed (10000)
      Published Applications Secure Ticket Authority click add
      URL http://citrixservername.domain.com
      Enter 2 STA servers from Citrix farm
      Verify servers are reporting in (save refresh and open vip_external_access/ published applications
Add Certificate
Add Policies – These depend on what you want.

Add Authentication Policies


      Published Applications  TAB Secure Ticket Authority click add
      Enter 2 STA servers from Citrix farm
      Verify servers are reporting in (save refresh and open vip_external_access/ published applications
      Create new virtual server vip_ext_authentication
0
 
kferreiraAuthor Commented:
@dborger I did not have a DNS server setup under Traffic Management.  I just added it.  I also turned off the Windows Firewall for domain networks on the store front server.  After that I was able to ping the Storefront server using the full name.  Strange it could not assume the domain.  

I am just starting to go through the "Netscaler for Dummies" link you left.  It looks like that could be helpful.
0
 
kferreiraAuthor Commented:
The info provided was helpful.
0
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now