How can we use the secondary Citrix NetScaler Server, in an H.A. pair to safely test out new configurations before the same changes are propagated to the other NetScaler?
We have 2 x version 12.0 Citrix NetScaler Servers in our environment. They both are setup for auto-sync and propagation by default; but according to websites:
There are commands to that can be executed to turn the HA Sync and HA Propagation off and then back on later. At my company we would like to test out a 2 factor authentication option (during a planned maintenance window) and see how that works before it is available for all of the users. I am thinking of doing the following:
1. Enable the 2 factor authentication settings on the Authentication server.
a. Whatever it may be, that is a separate topic from this question.
2. Then after the Authentication server is ready, disable auto-sync and auto-propagation on the NetScaler HA-Pair.
3. Then configure the secondary
NetScaler to work with the 2nd factor Authentication server.
a. Then plan a maintenance window to temporarily make the secondary
NetScaler Server into the new primary
b. When I fail over the primary server, the secondary server will then become the new 'primary' server automatically.
4. Then test out the 2 factor authentication, during the maintenance window, and see if it works well.
a. If it works well, great then keep that NetScaler server as the primary.
b. If it does not work well, then fail back over to the other NetScaler Server before the maintenance window is over.
My question is, if the NetScaler testing proves to work correctly, how can I propagate the changes from that NetScaler server to the other automatically? Or must I manually make the same changes on the other NetScaler server and test again at a later time?
Keep in mind that the HA-Sync would have been disabled before the testing is completed.