Configure StoreFront 3 Load Balancing with Citrix NetScaler.
More from the Lab!
- Building a Dual-Xeon Citrix Lab: Part 1 – Considerations
- Building a Dual-Xeon Citrix Lab: Part 2 – Hardware
- Building a Dual-Xeon Citrix Lab: Part 3 – Windows and Hyper-V installation
- Lab: Part 4 – Hyper-V Networking
- Lab: Part 5 – NetScaler 11 Architecture and Installation
- Lab: Part 6 – Configure NetScaler 11 High Availability (HA Pair)
- Lab: Part 7 – Upgrade NetScalers in HA
- Lab: Part 8 – Save, Backup and Restore NetScaler 11 configuration
- Lab: Part 9 – Install Microsoft SQL Server 2014 (Dedicated)
- Lab: Part 10 – Citrix Licensing demystified
- Lab: Part 11 – Install XenDesktop 7.6
- Lab: Part 12 – Setup NetScaler 11 Clustering (TriScale)
- Lab: Part 13 – Configure Published Applications with XenDesktop 7.6
- Lab: Part 14 – Citrix StoreFront 3.x
- Lab: Part 15 – Configure SSL in StoreFront
- Lab: Part 16 – StoreFront load balancing with NetScaler (Internal)
- Lab: Part 17 – Optimize and secure StoreFront load balancing with NetScaler (Internal)
- Lab: Part 18 – Secure LDAP (LDAPS) load balancing with Citrix NetScaler 11
- Lab: Part 19 – Configure Active Directory authentication(LDAP) with Citrix NetScaler 11
- Lab: Part 20 – RDP Proxy with NetScaler Unified Gateway 11
- Lab: Part 21 – Secure SSH Authentication with NetScaler (public-private key pair)
- Lab: Part 22 – Ultimate StoreFront 3 customization guide
- Lab: Part 23 – Securing Citrix StoreFront DMZ deployment
- Lab: Part 25 – Upgrade to Citrix StoreFront 3.7
- Lab: Part 26 – Install/Upgrade Citrix XenDesktop 7.11
- Lab: Part 27 – Getting started with Microsoft Azure
- Lab: Part 28 – Getting started with Citrix Cloud
- Lab: Part 29 – Configure XenDesktop And XenApp Service with Microsoft Azure and Citrix Cloud
- Lab: Part 30 – Configure Identity and Access Management in Citrix Cloud with Microsoft Azure AD
- Lab: Part 31 – Configure NetScaler Gateway Service for XenApp and XenDesktop Service in Citrix Cloud
- Lab: Part 32 – Configure MCS with XenDesktop and XenApp Service in Citrix Cloud
- Lab: Part 33 – Configure Azure Quick Deploy with XenDesktop and XenApp Service in Citrix Cloud
- Lab: Part 34 – Configure Site Aggregation for Citrix Workspace in Citrix Cloud with XenDesktop 7.x located on-premises
- Lab: Part 35 – Configure a Hybrid NetScaler MA Service environment in Citrix Cloud
- Lab: Part 36 – Configure ShareFile in Citrix Cloud with StorageZones on-premises
- Lab: Part 37 – Upgrade NetScaler HA pair with NetScaler MA Service in Citrix Cloud
- Lab: Part 38 – How to Configure Full VPN Setup with Citrix NetScaler in CLI
- Lab: Part 39 – Configure Multi-Factor Authentication with Azure MFA Service and Citrix Workspace
- Lab: Part 40 – Getting Started with Citrix App Layering
- Lab: Part 41 – Configure Citrix App Layering
- Lab: Part 42 – OS Layer with Citrix App Layering
- Lab: Part 43 – Platform Layer with Citrix App Layering
- Lab: Part 44 – Application Layers with Citrix App Layering
- Lab: Part 45 – Layered Image Deployment with Citrix App Layering
- Lab: Part 46 – Elastic deployment with Citrix App Layering
- Lab: Part 47 – User Layers with Citrix App Layering
- Lab: Part 48 – Windows 10 and PVS with Citrix App Layering
In this post, we will review how to use our NetScaler TriScale cluster to load balance Citrix StoreFront. We will not use NetScaler Gateway for internal Load Balancing as our users will connect directly to the Citrix servers on the LAN.
StoreFront Load Balancing
Requirements
- StoreFront website must be up and running in https
- Root CA, Storefront Certificates.
- NetScaler TriScale clustering must be configured
Lab Configuration
- Two servers with StoreFront installed (SF01/SF02).
- SF02 is the primary StoreFront server (10.0.0.32/8)
- SF01 is the secondary StoreFront (10.0.0.31/8)
- DNS Record: storefront.citrixguru.lab pointing to SF02.
- NetScaler Cluster IP (CLIP): 192.168.1.100
- NetScaler SNIP: 10.0.0.111 and 10.0.0.112.
- Load Balancing/SSL features enabled on the NetScaler cluster.
- IP for the Load Balancing : 10.0.0.30.
- CA Certificate is ready.
- StoreFront certificate is ready.
StoreFront Load Balancing Configuration
Connect to the NetScaler Cluster using the CLIP (http://192.168.0.100) and logon with the nsroot account.
Import Certificates
Navigate to the Traffic Management > SSL. Make sure that the feature is enabled.
Import Root CA certificate
Select SSL and navigate to Tools, select Manage Certificate/ Keys / CSRs.
Select Upload.
Select the Root CA certificate to upload.
Go to Certificates and select Install. Browse the appliance the find the Root CA certificate previously updated.
Click on Install.
Import StoreFront certificate
Method 1: not secure
Go to Certificates and select Install. Browse your local computer the find the StoreFront certificate created in the previous post: Lab: Part 15 – Configure SSL in StoreFront.
Note: Take a look at the key file (located in nsconfig/ssl/storefront.fx.ns). The file is not encrypted.
Method 2: secure
To import the StoreFront certificate and keep the private key encrypted, Go to SSL and navigate to Tools, select Import PKCS#12.
- Output file name: /nsconfig/ssl/storefront.cer
- Input file name: storefront.pfx located on your local computer
Select Ok to import the certificate.
Select SSL and navigate to Tools, select Manage Certificate/ Keys / CSRs.
Select StoreFront.cer and View.
Add servers
Navigate to Traffic Management > Load Balancing. Make sure that the feature is enabled then go to servers.
Add the two StoreFront servers.
Both servers should be Enabled. If not make sure that you can ping the servers from the NetScalers.
Create new service group
Navigate to Service groups and add a new service group.
- Name: svcgrp-storefront-https
- Protocol: HTTPS
The state of the service group is Down but it is normal at this time.
Now click on No Service group Member to add members.
Select Server based and Click to select.
Select both servers previously created.
Specify the port 443.
Select Create to create the service group members.
Monitors
On the right panel, select Monitors.
Select No Service group to monitor binding.
Select Click to select.
Select HTTPS-EVC.
Note: NetScaler has a specific monitor for StoreFront but we cannot use it here as the StoreFront monitor is using the NSIP to communicate with the StoreFront servers. In our lab, this communication is not allowed (the StoreFront monitor does not work over the SNIP).
Select Bind.
The service group should now be UP.
Select Settings and configure as below:
Select Client IP and for the Header, enter : X-Forwarded-For.
Create new virtual server
Navigate to Traffic Management > Load Balancing > Virtual Servers. Select Add to create a new virtual server.
- Name: vslb-storefront
- Protocol: SSL
- IP address: 10.0.0.30
- Port: 443
Click Ok to create the virtual server. Don’t worry about the down state, we first need to bind our new virtual server to something.
Select No Load Balancing Virtual Server ServiceGroup Binding.
Select Click to Select.
Select the previously created serviceGroup.
Select Bind.
Our new virtual server is now bound to our service group.
The next step is to link the certificates to this vServer.
Select CA certificate.
Select Bind.
Repeat the same for the server certificate.
Both certificates are now linked to the vServer.
You can also configure the persistence. Usually I recommend to use SOURCEIP.
The timeout is 30minutes.
You can also configure the load Balancing method.
LEASTCONNECTION will redirect the requests on the server with the lowest number of sessions.
The vServer is now configured and ready to use.
Testing
You need first to change the DNS record storefront.citrixguru.lab to use the vServer IP address (10.0.0.30) instead of SF02 IP address (10.0.0.32).
Once the DNS is updated, go to https://storefront.citrixguru.lab/Citrix/CitrixGuruStoreWeb.
You can play with the Load Balancing to validate the two StoreFront servers, go Servers and disable SF01 or SF02.
That’s all for StoreFront internal Load Balancing. In the next post, we will discuss how to optimize the load balancing configuration.
More from the Lab!
- Building a Dual-Xeon Citrix Lab: Part 1 – Considerations
- Building a Dual-Xeon Citrix Lab: Part 2 – Hardware
- Building a Dual-Xeon Citrix Lab: Part 3 – Windows and Hyper-V installation
- Lab: Part 4 – Hyper-V Networking
- Lab: Part 5 – NetScaler 11 Architecture and Installation
- Lab: Part 6 – Configure NetScaler 11 High Availability (HA Pair)
- Lab: Part 7 – Upgrade NetScalers in HA
- Lab: Part 8 – Save, Backup and Restore NetScaler 11 configuration
- Lab: Part 9 – Install Microsoft SQL Server 2014 (Dedicated)
- Lab: Part 10 – Citrix Licensing demystified
- Lab: Part 11 – Install XenDesktop 7.6
- Lab: Part 12 – Setup NetScaler 11 Clustering (TriScale)
- Lab: Part 13 – Configure Published Applications with XenDesktop 7.6
- Lab: Part 14 – Citrix StoreFront 3.x
- Lab: Part 15 – Configure SSL in StoreFront
- Lab: Part 16 – StoreFront load balancing with NetScaler (Internal)
- Lab: Part 17 – Optimize and secure StoreFront load balancing with NetScaler (Internal)
- Lab: Part 18 – Secure LDAP (LDAPS) load balancing with Citrix NetScaler 11
- Lab: Part 19 – Configure Active Directory authentication(LDAP) with Citrix NetScaler 11
- Lab: Part 20 – RDP Proxy with NetScaler Unified Gateway 11
- Lab: Part 21 – Secure SSH Authentication with NetScaler (public-private key pair)
- Lab: Part 22 – Ultimate StoreFront 3 customization guide
- Lab: Part 23 – Securing Citrix StoreFront DMZ deployment
- Lab: Part 25 – Upgrade to Citrix StoreFront 3.7
- Lab: Part 26 – Install/Upgrade Citrix XenDesktop 7.11
- Lab: Part 27 – Getting started with Microsoft Azure
- Lab: Part 28 – Getting started with Citrix Cloud
- Lab: Part 29 – Configure XenDesktop And XenApp Service with Microsoft Azure and Citrix Cloud
- Lab: Part 30 – Configure Identity and Access Management in Citrix Cloud with Microsoft Azure AD
- Lab: Part 31 – Configure NetScaler Gateway Service for XenApp and XenDesktop Service in Citrix Cloud
- Lab: Part 32 – Configure MCS with XenDesktop and XenApp Service in Citrix Cloud
- Lab: Part 33 – Configure Azure Quick Deploy with XenDesktop and XenApp Service in Citrix Cloud
- Lab: Part 34 – Configure Site Aggregation for Citrix Workspace in Citrix Cloud with XenDesktop 7.x located on-premises
- Lab: Part 35 – Configure a Hybrid NetScaler MA Service environment in Citrix Cloud
- Lab: Part 36 – Configure ShareFile in Citrix Cloud with StorageZones on-premises
- Lab: Part 37 – Upgrade NetScaler HA pair with NetScaler MA Service in Citrix Cloud
- Lab: Part 38 – How to Configure Full VPN Setup with Citrix NetScaler in CLI
- Lab: Part 39 – Configure Multi-Factor Authentication with Azure MFA Service and Citrix Workspace
- Lab: Part 40 – Getting Started with Citrix App Layering
- Lab: Part 41 – Configure Citrix App Layering
- Lab: Part 42 – OS Layer with Citrix App Layering
- Lab: Part 43 – Platform Layer with Citrix App Layering
- Lab: Part 44 – Application Layers with Citrix App Layering
- Lab: Part 45 – Layered Image Deployment with Citrix App Layering
- Lab: Part 46 – Elastic deployment with Citrix App Layering
- Lab: Part 47 – User Layers with Citrix App Layering
- Lab: Part 48 – Windows 10 and PVS with Citrix App Layering
Nicolas, thanks for share the setup info, I have a question in your example
•IP for the Load Balancing : 10.0.0.30. is this NS VIP address? please advise thanks