615: improve the resilience of your xenmobile...
TRANSCRIPT
| 1 |
615: Improve the Resilience of Your XenMobile Implementation with Multi-site Redundancy
Hands-on Lab Exercise Guide
Synergy 2014 Make money selling Field Services Stop by the Education and Consulting booths in the Solutions Expo to find out how! We're here to help.
| 2 |
Contents Contents ..................................................................................................................................... 2
Overview .................................................................................................................................... 3
Scenario ..................................................................................................................................... 8
Exercise 1 ................................................................................................................................... 9
Create a XenMobile Device Manager Cluster ............................................................................. 9
Exercise 2 ................................................................................................................................. 28
Creating an LDAP Policy for XenMobile Device Manager ......................................................... 28
Exercise 3 ................................................................................................................................. 35
Enabling Multi-Node mode with XenMobile Device Manager .................................................... 35
Exercise 4 ................................................................................................................................. 39
Configure Load Balancing for XenMobile Device Manager on Citrix NetScaler ......................... 39
Exercise 5 ................................................................................................................................. 55
Configure MSSQL Load Balancing with NetScaler DataStream ................................................ 55
Exercise 6 ................................................................................................................................. 63
Configuring Remote Access to XenMobile through NetScaler Gateway ................................... 63
Exercise 7 ................................................................................................................................. 69
Configuring High Availability for XDM AppController ................................................................. 69
Configuring AppController and XDM in Disaster Recovery Site ................................................ 77
Configuring Disaster Recovery for XenMobile with NetScaler GSLB ........................................ 80
Exercise 9 ................................................................................................................................. 75 Configuring Disaster Recovery for XenMobile with NetScaler GSLB ........................................ 75
| 3 |
Overview Hands-on Training Module Objective The following exercises will assist you in the process of designing and implementing a high-availability and DR strategy for XenMobile Enterprise edition.
Prerequisites • Basic understanding of networking • Basic knowledge of Citrix NetScaler management • Basic knowledge of XenMobile Device Manager
Audience Citrix Partners, Customers, Sales Engineers, Consultants, and Technical Support
Lab Environment Details The topology diagram of the lab deployment is detailed below:
| 4 |
The Student Desktop is accessed remotely using Citrix Receiver running on your laptop. All windows applications such as XenCenter, (the XenServer GUI management tool), are accessed from the Student Desktop.
Lab Guide Conventions This symbol indicates particular attention must be paid to this step
Special note to offer advice or background information
reboot Text the student enters or an item they select is printed like this
VMDemo Filename mentioned in text or lines added to files during editing
Start Bold text indicates reference to a button or object
Focuses attention on a particular part of the screen (R:255 G:20 B:147)
Shows where to click or select an item on a screen shot (R:255 G:102 B:0)
List of Virtual Machines Used VM Name IP Address Description
Site1-AD1 192.168.10.11 Site1 MS AD – DHCP, DNS, Certificate Services, MSSQL 2012 Witness, IIS
Site1-SQL1 192.168.10.28 MS SQL 2012 Primary Site1-SQL2 MS SQL 2012 Mirror Site1-Exch 192.168.10.26 MS Exchange 2010MS Site1-XDM1 192.168.10.30 Primary XenMobile Device Manger Site1-XDM2 192.168.10.31 Secondary XenMobile Device Manger Site1-AppController1 192.168.10.21 Primary XenMobile AppController Site1-AppController2 192.168.10.22 Secondary XenMobile AppController Site1-NS1 192.168.10.50 Primary NetScaler Site2-NS2 192.168.20.50 Secondary NetScaler Site2-AD2 192.168.20.11 Site 2 - AD – DHCP, DNS, Certificate Services, IIS Site2-SQLRemote 192.168.20.28 MSSQL 2012 - Replication Subscriber Site2-XDM3 192.168.20.30 DR XenMobile Device Manger Site2-AppController3 192.168.20.23 DR XenMobile AppController
| 5 |
Required Lab Credentials The credentials required to connect to the environment and complete the lab exercises.
VM Name Username Password
Site1 / Site2 Domain training\administrator Citrix123 XDM1/2/3 (Pre-LDAP) admin Citrix123 Site1-AppController1 administrator Citrix123 Site1-AppController2 administrator password Site1-NS1 / Site2-NS2 nsroot nsroot
| 6 |
How to Log into the Lab Environment Follow the directions below to access the lab environment.
Step by step guidance Action
1. Launch your web browser and go to http://ilt.citrixsynergy.net
2. On the website, type in the session code provided by your instructor and your business email address. Click “Get started”.
3. Once you’ve logged in, click the Start Lab button. This will launch a desktop.
Please leave this screen open as you will need these details during the exercises.
Note: Please allow time for the desktop to launch.
4. Take note of your assigned Credentials and Assigned IP Addresses for later use in the Lab:
| 7 |
5. On your landing VM, start XenCenter and select Add Server.
6. On the Add New Server screen enter the XenServer IP address provided on the website and in the Password field enter the password provided on the site.
| 8 |
Scenario Your company has implemented the Citrix XenMobile Enterprise Edition to manage mobile devices and applications used by its employees.
Citrix XenMobile Enterprise consists of multiple components:
• Citrix XenMobile Device Manager (called XDM from here on) – version 8.8 (Please Note that a Pre-Release version is being used for the lab. The Release to Web version may be different from this build)
• Citrix XenMobile App Controller (called XAC from here on) – version 2.10
• Citrix NetScaler Gateway (called NSG from here on) – version 10.1 Build 124.1308e
You are tasked with providing external access using NetScaler Gateway, as well as improving the reliability of the solution by configuring high availability and disaster recovery to a second site. This will be accomplished by completing the following tasks:
• Install and configure a HA Multi-Node Cluster of XenMobile Device Manager servers
• Configure a HA pair of AppController appliances
• Allow external access to the environment through NetScaler Gateway
• Configure NetScaler GSLB between the Primary Site and the Secondary site for Disaster Recovery
• Force a disaster scenario and recovery for predictable impact to operations
This document refers to a Primary Location and a Disaster Recovery Location, and explains with the possibility that the Primary Location goes offline because of a disaster. And an assigned passive DR Location. It recommends architecture and procedures for implementing Active/Passive or Active/DR or Active/Standby topologies for the different components of XenMobile
| 9 |
When you come to the Components Selection Dialog, de-select the License and Database installation option:
Exercise 1 Create a XenMobile Device Manager Cluster Overview In this exercise you will install XenMobile Device Manager on virtual machines Site1-XDM2, and Site2-XDM3, and copy some components from Site1-XDM1 which are required to configure XDM Load Balancing and Clustering in subsequent exercises.
Pre-requisites Site1-XDM1 was already preconfigured for this exercise
Step by step guidance Estimated time to complete this lab: 30 minutes
Step Action 1. Open XenCenter and select the Site1-XDM2 virtual machine (turn vm on) then click the
Console tab. At the console logon prompt, enter the administrator credentials. Username: Training\Administrator Password: Citrix123
2. Navigate to \\AD\Share to locate XenMobile Device Manager 8.8.0.34548.exe.
3. Launch the executable to install Device Manager on XDM2.
| 10 |
Click “Next” and choose the defaults for the remaining dialogs to start the install. Continue the process until prompt for license.
4. When prompted for the XenMobile Device Manager License, browse to and select the license file located on \\AD\Share\XenMobile MDM Files\ Select Citrix Internal 3XM MDM Eval Lic and then click “Next”
| 11 |
Click “Next”
5 When prompted for the SQL Server Connection details, Enter the following information:
| 12 |
Database Driver: SQL Server/jTDS Authentication type: SQL Server Authentication Host Name: sql1.training.lab Port: 1433 User name: sa Password: Citrix123 Database name: zdm Once you have entered the above information, click “Check the connection” to verify you can connect successfully to the XenMobile configuration database. If not successful, verify the input information. If successful, click “Next”
| 13 |
6 When prompted for the Crystal Reports Java Reporting Components keycode, leave the field
blank and click “Next” – This component is optional and only required for custom reporting or report branding
7 When prompted to configure the iOS usage authentication code, leave the default values and selection and click “Next”
| 14 |
Repeat the Installation Previous Steps 2-8 for XDM3. Stop in the exact same place at step 8
Then Stop Here!
Open XenCenter and select the Site2-XDM3 virtual machine and then click the Console tab. At the console logon prompt, enter the administrator credentials. Username: Training\Administrator Password: Citrix123
In XenCenter return to the Site1-XDM1 VM.
Navigate to: Shortcut on Site1-XDM1 Desktop
This takes you to the C:\Program Files (x86)\Citrix\XenMobile Device Manager\tomcat\conf directory. Locate the following files and copy them to the same location on Site1-XDM2 and Site2-XDM3:
| 15 |
• pki-ca-root-crt.pem • https • pki-ca-devices • pki-ca-root • pki-ca-servers
Return to Site1-XDM2 to continue the installation Leave the defaults and click “Next”
| 16 |
Leave the defaults and click “Next”
| 17 |
Enter the Keystore password and confirmation for the root certification authority:
| 18 |
Keystore Password: Citrix123 This field should turn green if the Keystore password has been entered correctly. Click “Next” Enter the Keystore password and confirmation for the server certification authority:
| 19 |
Keystore Password: Citrix123 Click “Next” Enter the Keystore password and confirmation for the Device certification authority:
| 20 |
Keystore Password: Citrix123 Click “Next” When prompted for the certificate for HTTPS usage, enter only the Keystore password
and the external FQDN:
| 21 |
Keystore password: Citrix123 IP Address or FQDN: mdm.citrixtraining.net Click “Next” When prompted to define the APNS certificate file for iOS, first enter the Private key
password and then browse to the Apple_APNS_Certificate.pfx file located on
Mdm.mycitrixtraining.net will be configured as our GSLB Domain
| 22 |
the \\AD\Share\XenMobile MDM Files folder Share Select File APNS
| 23 |
Private key password: Citrix123 Click “Next” Leave the defaults when prompted to configure the tunnel ports for remote support:
| 24 |
Click “Next” When prompted for Extended management options, enter the following information:
The DATABASE was pre-configured during XDM1 installation, no need to input
credentials
| 25 |
User name: admin Password: Citrix123 Click “Next” On the final dialog, click “Finish” to complete the installation of Site1-XDM2.
| 26 |
There will be a few more prompts to click through and you will also be returned to the origin installer dialog to finish the installation. Repeat steps 14-24 on Site2-XDM3 On each XDM Server navigate to http://localhost/ZDM to verify the installation
succeeded
| 27 |
User name: admin Password: Citrix123
Exercise Summary You have completed the required steps to install XenMobile Device Manager on multiple server nodes for a load balanced, clustered deployment. All nodes will point to the same database configuration and can be managed from this point forward from a single Administration Console.
| 28 |
Exercise 2 Creating an LDAP Policy for XenMobile Device Manager Overview In this exercise you will configure an LDAP policy on the XenMobile Device Manager to enable external authentication and group-to-role mapping.
Step by step guidance Estimated time to complete this lab: 10 minutes
Step
Action
1. Navigate to the Site1-XDM1 Management console at http://localhost/xdm, login with the administrator credentials and go to Options menu:
2. Click on LDAP Configuration:
| 29 |
.168
Click on “New”
3. On the type of directory dialog, select LDAP:
Then click “Next >”
4. Enter the following information for the Directory connection parameters:
| 30 |
Directory type: Microsoft Active Directory Primary host: 192.168.10.11 Root context: DC=Training,DC=lab Search user: [email protected] Domain alias: training Global Catalog TCP port: 3268 Global Catalog root context: DC=Training,DC=lab User Search By: userPrincipalName
5. Click “Check” to verify connectivity to the LDAP server:
| 31 |
Click “OK”, then “Next >”
6. Leave the default values selected on the LDAP attributes import dialog:
| 32 |
Click “Next >”
7. On the Mapping between the LDAP groups and the security model, click “ New group” button:
| 33 |
8. Create 2 Group-To-Role mappings:
Domain Users : Users
| 34 |
Domain Admins : Admins
9. Verify the settings on the Summary dialog:
Click “Finish”
| 35 |
Before Exiting enable LDAP Policy
Exercise Summary In this exercise you have completed the required steps to create an LDAP connector which is used for authentication and role mapping for directory user accounts in XenMobile Device Manager.
.
Exercise 3 Enabling Multi-Node mode with XenMobile Device Manager Overview In this exercise you will complete the remaining steps required to enable a XenMobile Device Manager multi-node active-active cluster deployment.
Step by step guidance Estimated time to complete this lab: 15 minutes.
Step Action 1. On all the XDM nodes stop the XenMobile Device Manager Windows service by
selecting the Stop script from the Windows Start Menu: type XenMobile Device Manager
XDM supports the addition of multiple LDAP connectors for redundancy but a better alternative is to leverage a NetScaler LB VServer to make an HA connection
Before Exiting enable LDAP Policy try to log in with [email protected] Citrix 123 credentials. in case you get an auth error restart the services in the XDM servers and try again.
| 36 |
2. To be able to manage the deployment with the XDM Remote Console when configured in a cluster, verify the ew-config.properties file located in <installation_dir>\tomcat\webapps\zdm\WEB-INF\classes on each XDM server has the following entries in the CLUSTERING section of that file: multi.node.enabled =true
3. Once you verify each server, start the XenMobile Device Manager Windows service by selecting the Start script from the Windows Start menu.
| 37 |
Verify the service has started by accessing the XenMobile Administration Console on each by navigating to http://localhost/zdm in a browser window.
4. Verify Clustering is configured properly by navigating to the diagnostics page located at http://localhost/zdm/helper.jsp
5. Select MultiNode Info from the Navigation Tree menu:
You should see all servers defined under Cluster Members with an Active Status
| 38 |
Exercise Summary In this exercise you completed the setup of a XenMobile Device Manager Multi-Node Cluster. This will enable the ability to leverage Citrix NetScaler to Load Balance the Cluster for High Availability and High Scalability. All nodes share the same configuration database
| 39 |
Exercise 4 Configure Load Balancing for XenMobile Device Manager on Citrix NetScaler Overview In this exercise you will configure NetScaleR Load Balancing for the XenMobile Device Manager Cluster you configured previously in Exercises 1-3. To accomplish this, we will setup HTTP load balancing services for the XDM servers, import the SSL Certificate referenced during the installation, create a custom monitor and then configure the SSL Offload VServers required for an XDM HA Deployment
Step by step guidance
Estimated time to complete this lab: 45 minutes.
Step Action 1. Open XenCenter and select the Site1-Win7 VM and then click the Console tab. At the
console logon prompt, enter the administrator credentials.
2. Open up a browser window and navigate to the Site1-NS1 NetScaler Administration UI at http://192.168.10.50
Username: nsroot Password: nsroot
3. In Site1-NS1 Navigate to Traffic Management > Load Balancing > Services and click “Add” to create a new LB Service for XDM1 with the following properties:
| 40 |
Service Name: XDM1 Protocol: HTTP Server: 192.168.10.30 Port: 80 Click ‘Create” but keep the dialog open (don’t click “Close”)
4. Add an additional XenMobile Device Manager Service which points to XDM2 in Site 1 with the following properties:
| 41 |
Service Name: XDM2 Protocol: HTTP Server: 192.168.10.31 Port: 80
Click “Create” and “Close”
5.
6.
7. Return to the Site1-XDM1 VM in XenServer and click the Console tab. Login as the Administrator Account – Training\Administrator Citrix123
8. Find the Shortcut link to the C:\Program Files (x86)\Citrix\XenMobile Device Manager\tomcat\conf folder and open it.
9. Open the cacerts.pem file in Notepad and then click File > Save As and enter a name of “Devices-CA.cer” on the Desktop
| 42 |
Make sure you do not overwrite the original cacerts certificate file
10. Open a second instance of Notepad as we will segment the two certificates in the
Devices –CA certificate file into two separate files:
Select the text from the second certificate in the file: To make it easier to access we will save the 2 certs to \\AD\Share after created.
| 43 |
Use Ctrl-X to cut this selection and Ctrl-V to paste into the new Notepad Window. Save this file as “Root-CA.cer” on the Desktop
11. Open up a browser window and navigate to the Site1-NS1 NetScaler Administration UI at http://192.168.10.50
| 44 |
Username: nsroot
Password: nsroot
12. In the NetScaler UI navigate to Traffic Management > SSL > Certificates. Click “Install” and enter Devices-CA for Certificate-Key Pair Name. For Certificate File Name click the drop-down arrow beside Browse and select Local. From the Open prompt you can navigate to the Desktop and select the Devices-CA.cer file. Click “Create”.
Repeat this step for the Root-CA.cer file using the name Root-CA
13. Once the two Certificate Authority SSL Certificates are added to the NetScaler we need to link them as part of the configuration. In the Certificates UI select the newly created Devices-CA certificate and from the Action menu select Link. This will open the Link Server Certificates dialogue box:
In the drop-down select the Root-CA certificate you installed in step 12 and Click “OK”
14. Repeat steps 11-13 on the Site2-NS2 NetScaler VM 15. On Site1-NS1 Navigate to Traffic Management > SSL Offload > Virtual Servers >
| 45 |
Click “Add”
16. Use the following settings to create the SSL Offload LB VServer for the XDM Cluster:
Name: LB_XDM_SSL_Offload_443 Protocol: SSL IP address: your MDM Site 1 IP = 192.168.10.100 Port: 443 Select Services XDM1 and XDM2 you created in steps 3-4 Do not click Create yet as we need to bind
an SSL cert and modify the SSL Settings
| 46 |
17. Under SSL Settings, select the MCP-Wildcard SSL Certificate which was pre-installed and click “Add” to bind the certificate to the SSL Offload VServer
Next select Devices-CA in the left-hand pane and select the drop-down arrow beside Add and select as CA
Repeat this for Root-CA and you should end up with:
| 47 |
Click “OK”
18. Next we need to create an SSL Policy and Action for use with the configuration. Navigate to Traffic management > Virtual Servers > LB_XDM_SSL_Offload_443 LB VIP and click Open. Under SSL Settings > SSL
Policies >Insert Policies >new policies. Name it SSL Policy button NS and in Create SSL Action give the name SSL-Action, change Client Certificate to ENABLE and enter NSClientCert in the Certificate Tag field. Click Create.
| 48 |
Click New Name it SSLOffload Note: (remove the true value )
| 49 |
Click New Name Action as SSL Action SSL
Set Client Certificate to Enabled, and Certificate Tag to NSClientCert
| 50 |
Click on Expression Builder to reveal the Expression Builder dialogue box. Using the drop-down options, you can create the following expression:
Note: Delete true value form Expression panel. CLIENT.SSL.CLIENT_CERT.EXISTS
| 51 |
Click OK. You should end up with this window: Click Create and OK and OK.
19. Now that the first vServer is in place, we can move onto the second. Click Add again in Virtual Servers. Use the following settings for the virtual server: Name: LB_XDM_SSL_Offload_8443 Protocol: SSL IP address: Your Site 1 XDM LB IP= 192.168.10.100 Port: 8443
| 52 |
You can bind the existing MDM1+MDM2 service by selecting the checkbox. The SSL Settings only require the MCT-Wildcard certificate to be added:
Under SSL Settings, select only the MCT-Wildcard Certificate:
Click “Add” to bind it to the VServer
20. Click “Create” and “Close” to finish the setup of the second SSL Offload VServer. Note we will to bind the CA Certs for the 8443 vServer
21.
We will do the Same Steps in Site2-Netscaler http://192.168.20.50 but with NS 2 DR Site Assigned IP’s
Open up a browser window and navigate to the Site2-NS2 NetScaler Administration UI at http://192.168.20.50
Save the configuration by clicking the disk icon in the UI
| 53 |
Username: nsroot
Password: nsroot
In Site2-NS3 Navigate to Traffic Management > Load Balancing > Services and click “Add” to create a new LB Service for XDM3 with the following properties:
Service Name: XDM1 Protocol: HTTP
| 54 |
Server: 192.168.10.30 Port: 80
Name: LB_XDM_SSL_Offload_443 Protocol: SSL IP address: your MDM Site 1 IP = 192.168.20.100 Name: LB_XDM_SSL_Offload_8443 Protocol: SSL IP address: your MDM Site 1 IP = 192.168.20.100
Service XDM3
Exercise Summary In this exercise you configured Load Balancing for XenMobile Device Manager on Citrix NetScaler.
| 55 |
Exercise 5 Configure MSSQL Load Balancing with NetScaler DataStream Overview In this exercise you will again work with the NetScaler VM to configure HA for the Device Manager Database leveraging the NetScaler DataStream feature. The main benefit of this is two-fold: to overcome a limitation of the jTDS driver used by the XDM application which does not support MSSQL mirroring and also to provide a seamless failover for the XDM application upon the event of a database failure.
Step by step guidance Estimated time to complete this lab: 20 minutes.
Step Action 1. From the Win7 Desktop Browser link to Site1-NS1 192.168.10.50 , Open the NS
Configuration UI and login with :
User: nsroot
Password: nsroot
2. Under System > User Administration on the navigation menu, select “Database Users” and create a new account as follows:
Note: sa user was pre-created open and modify password
User Name: sa
Password: Citrix123
3. role Navigate to Traffic Management > Load Balancing > Monitors and click “Add” and create a monitor to create a monitor for checking the state of SQL Mirroring. This monitor queries a system table on each server periodically to determine which server is the principal server:
NetScaler DataStream also supports IWA Authentication but SQL Authentication was chosen for simplicity in the lab
| 56 |
Name: XDM-MSSQL-Mirroring Type: MSSQL-ECV Database: master Query: SELECT mirroring_role_desc from sys.database_mirroring WHERE database_id = DB_ID(‘ZDM’) User Name: sa Rule: MSSQL.RES.ROW(0).TEXT_ELEM(0).EQ("PRINCIPAL") Protocol Version: 2008R2
4. Go to Traffic Management > Load Balancing > Servers, Click “Add” and create the following two SQL servers which will serve as LB targets:
Server Name: sql1.training.lab IP Address: 192.168.10.28
Click “Create” but don’t hit “Close” and create the second server entity:
| 57 |
Server Name: sql2.training.lab IP Address: 192.168.10.29
Click “Close”
5. Go to Traffic Management > Load Balancing > Services and click “Add” to create the following two services for the server entities created in step 4, and referencing the monitor in step 3:
Service Name: svc_SQL1_MSSQL_1433 Type: MSSQL IP Address: sql1.training.lab Port: 1433 Monitor: XDM-MSSQL-Mirroring
| 58 |
Service Name: svc_SQL2_MSSQL_1433 Type: MSSQL IP Address: sql2.training.lab Port: 1433 Monitor: XDM-MSSQL-Mirroring
6. Go to Traffic Management > Load Balancing > Virtual Servers and click “Add” to configure the VServer entities you will use to Load Balance and make highly available the SQL Load Balancing DB used for your XenMobile Device Manager Deployment:
Name: vsrv_XDM_SQL1_1433 Protocol: MSSQL IP Address: 192.168.10.41 Port: 1433
| 59 |
Services: svc_SQL1_MSSQL_1433 Comments: “Primary XDM Configuration Database”
Click “Create” but don’t close the dialog to create the next VServer in step 7.
7. This VServer will serve as the Backup VServer for the primary VServer created in step 6. For this reason, network information will not be required as upon failover, the network settings from the Primary will be assumed. Use the following information to create the backup:
Name: vsrv_XDM_SQL2_1433 Protocol: MSSQL Directly Accessible: Unchecked Services: svc_SQL2_MSSQL_1433 Comments: “Mirror XDM Configuration Database”
Click “Create” and “Close”
8. Re-open the vsrv_XDM_SQL1_1433 Virtual Server previously created and configure vsrv_XDM_SQL2_1433 as a Backup Virtual Server on the Advanced settings tab:
| 60 |
Click “OK” and “Close”
9. If not already connected, open Remote Desktop Connection Manager or XenCenter and connect to Site1-XDM1. If prompted for Credentials enter:
Training\Administrator Citrix123
10. To test SQL HA provided by NetScaler DataStream you just configured in the previous steps, the ew.-config.properties will be altered to point XenMobile Device Manager to the Virtual Server. This file is located in all 3 XDM Servers at C:\Program Files (x86)\Citrix\XenMobile Device Manager\tomcat\webapps\zdm\WEB-INF\classes:
Note that only one of the VServers will show in a state of UP at any given time. This is because there is only one database in a Primary
| 61 |
Use Ctrll+F to find and replace all sql1.training.lab entries with datastream.training.lab. Click File > Save and close the file.
11. To test functionality of the XenMobile Device Manager after the database configuration change, first stop and start the XenMobile Device Manager on each server from the scripts located in the Start Menu
12. After completing step 11, load the Administration console by Opening a browser and navigating to http://localhost/xdm on each XDM server and then close the browser
13. From the Site1-SQL1 VM Start SQL Management Studio:
14. Connect to SQL1 and open Databases > Mirror > Failover:
| 62 |
Click “Failover” to force a failover of the primary SQL DB to the mirror SQL DB.
15. Return to the XenMobile Device Manager on Site1-XDM1 and verify you can still access the Administration Console at http://localhost/xdm
16. In the Site1-NS1 UI, verify the states of each Vserver
Exercise Summary In this exercise you configured and tested SQL HA for the XenMobile Configuration DB by leveraging the NetScaler DataStream feature.
| 63 |
Exercise 6 Configuring Remote Access to XenMobile through NetScaler Gateway Overview In this exercise you will configure a NetScaler Gateway VServer for External access to the Enterprise Store for both the Primary and DR sites by leveraging the built-in Wizard.
Step by step guidance Estimated time to complete this lab: 15 minutes.
Step
Action
1. From the XAStudent Landing VM Desktop, Open the link to Site1-NS1
2. At the logon prompt, select the Deployment Type “NetScaler Gateway” from the dropdown:
Username: nsroot Password: nsroot
3. Select “Get Started”:
| 64 |
4. Enter the following information in the NetScaler Gateway Settings dialog:
Name: NSG Site1 IP Address: 192.168.10.101 Port: 443 Click “Continue”
5. On the “Choose Certificate” option, select “MCT_Wildcard” for the Certificate:
| 65 |
Click “Continue”
6. For the Authentication Settings, leave LDAP selected for the Primary Authentication and select Choose LDAP, and then select the pre-configured authentication policy for training.lab:
Click “Continue”
7. For the Enterprise Store Settings, use the following values:
| 66 |
XenMobile App Controller FQDN: AppCHA.training.lab
Click “Done”
8. At this point, the wizard will automatically create the NetScaler Gateway Server and required policies for accessing XenMobile remotely. Once the process completes, you should be directed to the Statistics landing page as below:
9. From the XAStudent Landing VM Desktop, Open the link to Site2-NS3
| 67 |
10. Repeat steps 1-8 to create the NetScaler Gateway VServer for the DR site. For the NetScaler Gateway settings you will use the following settings:
Name: NSG Site2 IP Address: 192.168.20.101 Port: 443 All other settings for the wizard should be the same as you used in steps 1-8
11. Once the NetScaler Gateway VServers are created for both sites, Open a new browser session and navigate to https://appcha.training.lab:4443. Log in as Administrator and Citrix123
12. Navigate for Settings > Deployment and click the plus sign to configure AppController for External Access via the NetScaler Gateway VServer you previously created with the following settings:
| 68 |
Alias: NSG Display Name: NSG Callback URL: leave blank External URL: https://nsg.mycitrixtraining.net
Logon Type: Domain only Select Set as default Click “Save”
Exercise Summary In this exercise you created two NetScaler Gateway VServers for both the Primary and DR sites by using the built-in wizard and then configured the AppController virtual machine for external access.
This is the GSLB FQDN we will be using the access the environment remotely
| 69 |
Exercise 7 Configuring High Availability for XDM AppController Overview In this exercise you will configure two XenMobile AppController virtual appliances as a high availability pair, and then configure remote access from your mobile device via NetScaler Gateway in Site 1 you configured in Exercise 6.
Step by step guidance Estimated time to complete this lab: 20 minutes.
Step Action 1. From the XAStudent Landing VM Desktop, open a browser and navigate to the Site 1
AppController Administration UI located at https://192.168.10.21:4443:
User name: Administrator Password: Citrix123
2. Before Starting we will Export the configuration for later use to bring up the DR Site. In the Administration Console, navigate to Settings > Release Management
| 70 |
3. A pop-up window will open:
From this dailog, select “Export” to backup the current configuration datebase
4. When prompted, save the file to \\AD\Share
5. Open XenCenter and select the Site1-AppController2 virtual machine and then click the Console tab.
6. At the console logon prompt, enter the administrator credentials. The default user name for the console is administrator and the default password is password
Site1-AppController1 was preconfigured for this Lab
| 71 |
7. At a command prompt, press [0] to select Express Setup. Enter the following information for the network configuration:
IP Address / Subnet Mask: 192.168.10.22 / 255.255.255.0 Default Gateway: 192.168.10.1 Primary DNS Server: 192.168.10.11 Secondary DNS Server: Leave Empty NTP Server: 192.168.10.11
8. Select [5] to commit the changes and type y to confirm the restart:
9. Return to XenCenter and log on to the Site1-AppController1 by using the Console tab with username administrator and Citrix123:
| 72 |
At the prompt, select option [1] for the High Availability configuration and press Enter
10. Select option [1] to set the current virtual appliance as the Primary AppController and press Enter:
11. Select option [2] and then press ENTER to set the virtual IP address (on the primary only), peer IP address, and shared key as per the following:
Virtual IP address: 192.168.10.23 (Site1-AppController2) Peer IP address: 192.168.10.22 Shared Key: 12345
When finished, press y to commit the changes.
12. Select option [3] to invoke the High Availability Settings:
| 73 |
Note - Once started, the status will show as STANDALONE, as the second appliance is not yet configured.
13. Log on to the secondary appliance (Site1-AppController2) by using the Console tab in XenCenter. Start VM
14. At the command prompt, press [1] and Enter to configure High Availability:
| 74 |
15. Press [1] and then press [2] and Enter to set the VM role preference as the secondary.
16. At the command prompt, press [3], then y and then press return to enable High Availability. Enter y and Enter to commit the change:
| 75 |
18. Go back to the console of Site1-AppController1 and press [4] and ENTER to show the status:
19.
Log on to Site1-AD.Training.Lab and create a DNS Host entry for AppCHA.Training.Lab. We will also add the DR AppController IP to the DNS record for Disaster Site testing:
Connections to AppController will now be made using the Virtual IP of the HA pair
| 76 |
DNS Record IS ALREADY CREATED!
Exercise Summary AppController could be used in an Active Passive High Available mode.
Exercise 8
| 77 |
Configuring AppController and XDM in the Disaster Recovery Site Overview In this exercise you will configure the DR Site AppController from the Primary Site configuration backup and change the database connection for XDM to leverage the DR site replicated SQL DB.
Step by step guidance Estimated time to complete this lab: 15 minutes.
Step Action 1. From the XAStudent Landing VM Desktop, open a browser window and navigate to
https://1921.168.20.23:4443/ControlPoint/ to access the DR site AppController Administrative UI.
2. Logon to the Admin UI:
User name: administrator Password: Citrix123
3. Navigate to Settings > Release Management and select “Import” to restore the Primary site configuration we previously backed up to \\AD\Share:
| 78 |
4. From XenCenter start the Site2-XDM3 VM:
5. Once the VM powers up, log in to XDM3 Server using training\administrator Citrix123 credentials.
6. Open the shortcut on the XDM3 desktop pointing to Tomcat Folder C:\Program Files
| 79 |
(x86)\Citrix\XenMobile Device Manager\tomcat\webapps\zdm\WEB-INF\classes Locate file ew-config-properties file and search-replace the connection string for the configuration database:
Find what: datastream.training.lab Replace with: sqlremote.training.lab
7. Stop and start the XenMobile Device Manager Windows service by using the shortcuts in the Start menu
8. Once the service is restarted, Open a new browser window and navigate to the Administration UI at https://xdm3.training.lab/zdm to test the XenMobile Device Manager functionality
Is Very Important that the DR AppController is not turned on until the Site has completely Failed Over
| 80 |
Exercise 9 Configuring Disaster Recovery for XenMobile with NetScaler GSLB Overview In this exercise configure an Authoritative DNS service, A Primary site and DR Site, and the related services required to enable Global Server Load Balancing for XenMobile.
Step by step guidance Estimated time to complete this lab: 45 minutes.
Step Action 1. From the XAStudent Landing VM Desktop, Open the link to Site1-NS1
http://192.168.10.50 Log in nsroot Password nsroot
2. In the NetScaler Administration UI Navigate to Load Balancing > Services and click
Note: the AppController3 will now become FQDN AppCHA.training.lab We will shut down Site1-AppController 1 and 2 to test DR Site2-AppController Then test connecting to https://appcha.training.lab
| 81 |
“Add”
3. Create an ADNS service for the Primary site used to resolve client queries by entering the following details:
Service Name: svc_ADNS_Site1 Server: 192.168.10.51 Protocol: ADNS Port: 53 Click “Create” and “Close”
4. Navigate to Load Balancing > Servers 5. Create a server entry for the Primary NS Gateway with the following settings:
6.
7. Clear the previous entries and create an additional server entry for the DR NS Gateway
with the following settings:
| 82 |
Server Name: RemoteNSG IP Address: 192.168.20.100 Click “Close”
8. Navigate to GSLB > Sites and click “Add” 9. Enter the following details to create a GSLB Site for the Primary site:
Name: site_1 Site Type: LOCAL Site IP Address: 192.168.10.51 Leave the rest of the fields as default. Click “Create” but don’t close the dialog
| 83 |
10. Create the DR GSLB Site on Site1-NS1 by entering the following details:
Name: site_2 Site Type: REMOTE Site IP Address: 192.168.20.51
Click “Create” and “Close”
11. From the XAStudent Landing VM Desktop, Open the link to Site2-NS http://192.168.20.50 Username nsroot Password nsroot
12. Navigate to Load Balancing > Services and click “Add” 13. Create an ADNS service for the DR site used to resolve client queries by entering the
following details:
This site’s MEP status will show as DOWN until the site is also configured on the remote NetScaler.
| 84 |
Service Name: svc_ADNS_Site2 Server: 192.168.20.51 Protocol: ADNS Port: 53 Click “Create” and “Close”
14. Navigate to Load Balancing > Servers 15. Create a server entry for the Primary NS Gateway with the following settings:
| 85 |
Server Name: LocalNSG IP Address: 192.168.20.101 Click “Create” but do not click “Close”
16. Clear the previous entries and create an additional server entry for the DR NS Gateway with the following settings:
Server Name: RemoteNSG IP Address: 192.168.10.101 Click “Close”
17. Navigate to Load Balancing > Monitors and click on Add. Create a monitor for the GSLB MDM service on port 443. Use the following parameters: Name: Mon-MDM-443-Main IP: 192.168.10.100 Port: 443
| 86 |
18. Create another monitor for the GSLB MDM service on port 8443. Use the following
parameters: Name: Mon-MDM-8443-Main IP: 192.168.10.100 Port: 8443
19. Finally, create a monitor for the GSLB NSG service on port 443. Use the following parameters: Name: Mon-NSG-443-Main IP: 192.168.10.100 Port: 443
| 87 |
20. Open a new browser and navigate to Site2-NS management IP: 192.168.20.50.
Navigate to Load Balancing > Monitors and click on Add. Create a monitor for the GSLB MDM service on port 443. Use the following parameters: Name: Mon-MDM-443-Remote IP: 192.168.20.100 Port: 443
21. Create another monitor for the GSLB MDM service on port 8443. Use the following parameters: Name: Mon-MDM-8443-Remote IP: 192.168.10.100 Port: 8443
22. Finally, create a monitor for the GSLB NSG service on port 443. Use the following parameters: Name: Mon-NSG-443-Remote IP: 192.168.10.100 Port: 443
23. Navigate to GSLB > Sites and click Add
24. Create the GSLB Site for the DR site by entering the following details:
| 88 |
Name: site_2 Site Type: LOCAL Site IP Address: 192.168.20.51 Leave the rest of the fields as default. Click “Create” but don’t close the dialog
25. Add the Primary Site as a Remote GSLB site by entering the following details:
Name: site_1 Site Type: REMOTE
| 89 |
Site IP Address: 192.168.10.51 Click “Create” and “Close”
26. Return to the Site1-NS1 NetScaler Administration UI
27. Navigate to GSLB > Services and Click “Add”
28. Create a GSLB Service for the local NetScaler Gateway vServer you previously created with the following settings:
Service Name: GSLB_svc_NSG_Main Site Name: site_1 Virtual Server: Name: NSG Site1 (192.168.10.100), when prompted to create the service click “Yes” Server Name: LocalNSG (This will be pre-populated) Server IP: 192.168.10.101 (This will be pre-populated) Service Type: SSL (This will be populated once you select the NSG_vsrv VServer) Public IP: <External Public IP#2> (Clear the pre-populated IP) Public Port: 443 Click “Create” and “Close”
29. Click “Add” and create another GSLB service for the remote DR Site with the following settings:
If the remote site shows up as DOWN, click Refresh.
Return to the class logon portal at http://ilt.citrixsynergy.net if you did not record your assigned public IP addresses
| 90 |
Service Name: GSLB_svc_NSG_DR Site Name: site_2 Virtual Server: Name: None Server Name: RemoteNSG Server IP: 192.168.20.101 (This will be pre-populated) Service Type: SSL Public IP: <External Public IP#4> (Clear the pre-populated IP) Public Port: 443
30. On the Configure GSLB Service Dialog, switch to the Monitors tab
. From the Available Monitors list, select all the monitors and click “Add”:
Mon-MDM-443-Main Mon-MDM-8443-Main Mon-NSG-443-Main
There is no need to use monitors for LOCAL site load balancing virtual servers. GSLB is notified of a load balancing virtual server with the status as DOWN for its own virtual servers and services.
| 91 |
Click “Create” and “Close”
31. From Traffic Management > Load Balancing > Servers click “Add…” to create a server entry for the Primary site XenMobile Device Manager with the following settings:
Server Name: MDMPrimary IP Address: 192.168.10.100
Click “Create”
32. Clear the previous entries and create an additional server entry for the DR Site XenMobile server with the following settings:
Server Name: RemoteMDM IP Address: 192.168.20.100
| 92 |
Click “Create” and “Close” 33. Navigate to Traffic Maangement > GSLB > Services and click “Add a GSLB Service
for the local MDM 443 vServer you previously created with the following settings: Service Name: GSLB_svc_XDM_443_Main Site Name: site_1 Virtual Server: MDM443 Service Type: SSL Public IP: <External Public IP#1> (Clear the pre-populated IP)
34. Remote GSLB Service 443 Main GSLB Service 443 Service Name: GSLB_svc_XDM_443_Remote Site Name: site_1 Virtual Server: RemoteMDM Service Type: SSL Public IP: <External Public IP#1> (Clear the pre-populated IP) Click “Create” and “Close”
| 93 |
Main GSLB Service 8443 Service Name: GSLB_svc_XDM_8443_Main Site Name: site_1 Virtual Server: MDM443 Service Type: SSL Public IP: <External Public IP#1> (Clear the pre-populated IP) Click “Create” and “Close”
Remote GSL Service 8443 Service Name: GSLB_svc_XDM_8443_Main
| 94 |
Virtual Server: RemoteMDM Service Type: SSL Public IP: <External Public IP#3> (Clear the pre-populated IP
Create and Close
35. Configure GSLB Virtual Server
From Traffic Management < GSLB< Virtual Server
| 95 |
36. On GSLB_vsrv_NSG Switch to the Domains tab and click Add nsg.mycitrixtraining.net In Backup use the IP for the Remote Site EXTIP#4
37. Click OK 38. Select the Domains tab and click “Add…” to create a GSLB domain with the following
settings:
| 96 |
Domain Name: mdm.mycitrixtraining.net TTL: 5s Backup IP: <IP Address for Remote Site> EXT IP#3 Click “OK” and “Close”
39. 40. Synchronize the configuration to the remote site:
On Site1-NS1, navigate to GSLB. Click on ‘Synchronize configuration on remote sites’.
| 97 |
41. Select the Synchronization Option ‘Force Sync’ and click Run.
| 98 |
Note – If you receive an error, you can review the successful and failed commands in /var/netscaler/gslb/[remote_site].error
42. On NetScaler1’s GUI, navigate to GSLB > Services
43. Right-click on GSLB_svc_NSG_site1 and select ‘disable’. See different NSG 44. 45. You could enroll using training\user1 password Citrix123
| 99 |
46. To test a connection from outside the lab environment you will need to use the NetScaler as your local DNS server by specifying the public IP addresses #1 Your IP and #3 Your IP on your mobile device or Laptop.
Exercise Summary <<Summarize what the student accomplished in the exercise>>
| 100 |
Revision: Change Description Updated By Date
1.0 Original version Albert Alvarez 04/2014 1.1 Updated Jeff Sani 04/2014
Please complete this survey
We value your feedback! Please take a moment to let us know about your training experience by completing the brief Learning Lab Survey
About Citrix Citrix Systems, Inc. designs, develops and markets technology solutions that enable information technology (IT) services. The Enterprise division and the Online Services division constitute its two segments. Its revenues are derived from sales of Enterprise division products, which include its Desktop Solutions, Datacenter and Cloud Solutions, Cloud-based Data Solutions and related technical services and from its Online Services division's Web collaboration, remote access and support services. It markets and licenses its products directly to enterprise customers, over the Web, and through systems integrators (Sis) in addition to indirectly through value-added resellers (VARs), value-added distributors (VADs) and original equipment manufacturers (OEMs). In July 2012, the Company acquired Bytemobile, provider of data and video optimization solutions for mobile network operators.
http://www.citrix.com
The following are sample warning and info boxes.
This is a sample warning
of an important step. Your physical XenServer name will be different.