Download - Citrix Netscaler Deployment Document
- 1 -
CITRIX NETSCALER DEPLOYMENT DOCUMENT
At
State Bank of India - Internet Banking
Belapur, Navi Mumbai.
By
Magnamious Systems Pvt. Ltd.
Mumbai.
Version: 1.0
Author: KUMAR. N
WARNING – THIS DOCUMENT CONTAINS CONFIDENTIAL INFORMATION & IS MEANT FOR INTERNAL USE OF STATE
BANK OF INDIA AND MAGNAMIOUS SYSTEMS P. LTD. ACCESS TO THIS DOCUMENT IS RESTRICTED. DO NOT
DISCLOSE, COPY OR DISTRIBUTE WITHOUT PRIOR PERMISSION.
- 2 -
CONTENTS:
1. SYSTEM CONFIGURATION
03
2. ACCESSING NETSCALER CONFIGURATION 04
3. INITIAL SYSTEM CONFIGURATION 05
4. ADDING OTHER ROUTES 06
5. ADDING IPADDRESSES TO NETSCALER 07
6. ADDING MANAGEMENT USERS.
08
7. ADDING SERVER OBJECTS 09
8. INSTALLING SSL CERTIFICATES ON NETSCALER 10
9. OBTAINING A NEW CERTIFICATE FROM A CERTIFICATE AUTHORITY 11
10 ADDING SERVICES OBJECTS TO NETSCALER 14
11. ADDING VSERVERS OBJECTS TO NETSCALER 15
12. HIGH AVAILABILITY CONFIGURATION 19
13. USEFUL COMMANDS 20
14. CONFIGURATION BACKUP 23
15. MONITORING 23
16. CONTACT AND SUPPORT INFORMATION 25
- 3 -
1. SYSTEM CONFIGURATION:
� Netscaler Firmware version is NS 8.1 Build 60.3
� Devices are connected in One-Arm configuration and in HIGH-AVAILABILITY MODE.
� Enterprise Edition licenses installed.
• CONFIGURED MODES:
1. Fast ramp
2. Tcp buffering
3. Edge configuration
4. L3 mode ( IP forwarding)
5. Path MTU Discovery
6. Use Subnet IP
• CONFIGURED BASIC FEATURES:
1. SSL Offloading
2. Compression
3. Load balancing
• ADMIN USERS:
1. nsroot
2. mspl
IP Addresses Configuration:
(Table 1)
IP ADDRESS TYPE REMARKS
192.168.25.132 NETSCALER IP MANAGEMENT IP FOR FIRST DEVICE
192.168.25.133 NETSCALER IP MANAGEMENT IP FOR SECOND DEVICE
192.168.25.130 SUBNET IP SERVER FACING IP
192.168.25.170 VIP CLIENT FACING IP (SBH SITE)
192.168.25.171 VIP CLIENT FACING IP (SBT SITE)
192.168.25.173 VIP CLIENT FACING IP (SBI SITE)
192.168.25.174 VIP CLIENT FACING IP (SBBJ SITE)
192.168.25.176 VIP CLIENT FACING IP (SBP SITE)
192.168.25.177 VIP CLIENT FACING IP (SBM SITE)
192.168.25.178 VIP CLIENT FACING IP (SBS SITE)
192.168.25.179 VIP CLIENT FACING IP (SB INDORE SITE)
SUBNET MASK: 255.255.255.192 Table 1
- 4 -
2. ACCESSING NETSCALER CONFIGURATION:
This document assumes 192.168.25.132 as Primary Netscaler and 192.168.25.133 as
Secondary Netscaler. But their role may be reversed if a failover had happened during
operations. All configurations must be done on Current Primary Device only.
A. Using GUI method, type http://192.168.25.132 or http://192.168.25.133
B. Enter Username and Password when prompted (refer figure 1)
Figure 1
C. For accessing using Command-line Interface (CLI), use tools like PuTTY
Key in the IP address of the device (refer figure 2).
Figure 2
- 5 -
D. Enter Username and Password when prompted (refer figure 3)
Figure 3
3. INITIAL SYSTEM CONFIGURATION:
Initial system configuration has to be done separately on each NetScaler unit.
(This configuration is generally done on new devices and is not required for devices already
configured and running properly.)
A. On Primary Netscaler:
1. Connect the serial cable (red colour) to the console port (9-pin serial interface
located on the front of the unit)
2. Access the command line with a terminal emulator (for e.g.; HyperTerminal in
windows). Set the HyperTerminal settings to: Bits per second: 9600, Data bits: 1,
Parity: None, Stop bits: 1 and Flow control: None.
3. At the login prompt, type the user name nsroot and the password nsroot and
press the ENTER key.
4. Setting the NetScaler IP Address:
To set the Netscaler IP (NSIP) use the following command:
> set ns config -IPAddress 192.168.25.132 -netmask 255.255.255.192
5. Setting the Default Gateway
You will also want to change the IP of the default gateway. To change this IP, use the
following command.
> add route 0.0.0.0 0.0.0.0 192.168.25.190
6. Saving the Configuration
To save configuration changes use the following command:
> save ns config
7. Rebooting the System
> reboot
- 6 -
B. On secondary Netscaler.
1. Connect the serial cable (red color) to the console port (9-pin serial interface
located on the front of the unit)
2. Access the command line with a terminal emulator (for e.g.; HyperTerminal in
windows). Set the HyperTerminal settings to: Bits per second: 9600, Data bits: 1,
Parity: None, Stop bits: 1, and Flow control: None.
3. At the login prompt, type the user name nsroot and the password nsroot and
press the ENTER key.
4. Setting the NetScaler IP Address:
To set the Netscaler IP (NSIP) use the following command:
> set ns config -IPAddress 192.168.25.133 -netmask 255.255.255.192
5. Setting the Default Gateway
You will also want to change the IP of the default gateway. To change this IP, use the
following command.
> add route 0.0.0.0 0.0.0.0 192.168.25.190
6. Saving the Configuration
To save configuration changes use the following command:
> save ns config
7. Rebooting the System
> reboot
AFTER THIS PROCEDURE THE SECONDARY DEVICE CAN BE KEPT OFF UNTIL IT IS REQUIRED FOR HA
MODE CONFIGURATION. THE FOLLOWING PAGES WILL DESCRIBE CONFIGURATIONS ON PRIMARY
DEVICE ONLY. WHEN HA MODE IS ENABLED, THIS CONFIGURATION SYNCHRONIZES FROM PRIMARY
TO SECONDARY.
4. ADDING OTHER ROUTES:
Depending upon the network architecture some additional routes can be added on
Netscaler as needed. The command using CLI is as follows.
> add route <network address> <mask address> <gateway address>
> save ns config
- 7 -
5. ADDING IPADDRESSES TO NETSCALER:
Whenever we need to add different IP addresses to Netscaler device, Use the following
commands to do the same.
In CLI use the following command:
> add ns ip <network address> <mask address> -type <type>
(Where type may be MIP, SNIP, VIP or GSLBsiteIP)
> save ns config
In GUI, one can add IPs by navigating Netscaler >Network > IPs and click ‘ADD’ button
(See figure 4)
Figure 4
Click on to save the changes.
- 8 -
6. ADDING MANAGEMENT USERS:
We can add additional users apart from nsroot, to manage the devices. These users can
have 4 different policies or permissions level. See Table 2
POLICY NAME DESCRIPTION
read-only
Can issue all show and stat commands except show system and
show ns.conf.
operator
Allows read-only access as above, and in addition allows ability to
enable and disable services and server object.
network
Permits full access except system and shell commands.
superuser
Grants full system privileges, giving exactly the same privileges as
the nsroot user.
Table 2
Please note that these users are used only for accessing management and statistic tools of
Netscaler. The normal operation of the device doesn’t require any user to be logged in.
To add users navigate to Netscaler > System > Users and click on Add button. A Create User
window would pop up. Type in username, password, and select desired command polices
referring to table 2 above. (Refer figure 5)
Figure 5
Click on to save the changes.
- 9 -
“FROM HERE ON WE START CONFIGURING NETSCALER FOR WEB SERVER OPTIMISATION”
7. ADDING SERVER OBJECTS:
We start first by defining the server objects in Netscaler so that the device knows the
IPAddress of the server it has to optimize
Under Netscaler > Load balancing > Servers > click on add button, You shall get a “create
server” window.(Refer figure 6)
Type in the details as shown i.e. A Server Name and IPAddress.
Figure 6
Click on to save the changes.
Refer to Table 3, and add the entries as per the table.
SERVER NAME
IP ADDRESSES
srv_sbi_163 192.168.25.163
srv_sbi_183 192.168.25.183
srv_sbi_153 192.168.25.153
srv_sbt_145 192.168.25.145
srv_sbt_164 192.168.25.164
srv_sbt_184 192.168.25.184
srv_sbbj_144 192.168.25.144
srv_sbbj_168 192.168.25.168
- 10 -
srv_sbbj_180 192.168.25.180
srv_sbh_150 192.168.25.150
srv_sbh_165 192.168.25.165
srv_sbh_186 192.168.25.186
srv_sbm_147 192.168.25.147
srv_sbm_167 192.168.25.167
srv_sbm_159 192.168.25.159
srv_sbp_146 192.168.25.146
srv_sbp_158 192.168.25.158
srv_sbp_172 192.168.25.172
srv_sbindore_166 192.168.25.166
srv_sbindore_187 192.168.25.187
srv_sbindore_149 192.168.25.149
srv_sbs_142 192.168.25.142
srv_sbs_169 192.168.25.169
srv_sbs_182 192.168.25.182
Table 3
Click on to save the changes.
8. INSTALLING SSL CERTIFICATES ON NETSCALER:
Netscaler can be configured for SSL Offloading, so that SSL related tasks of Web Servers
would be taken over by Netscaler.For this to happen we need to install SSL Certificates on
Netscaler device.
All certificate related files were copied from SBI’s old Netscaler device to the nsconfig /ssl
folder of the new device.
Then the following commands were run on the new device for installing the certificates.
- 11 -
add ssl certKey inter_ca -cert inter_ca.public
add ssl certKey vpncert -cert rtca.pem -key rtcaky.pem
add ssl certKey sbtcert -cert sbt2007.public -key sbt2007.private
add ssl certKey sbpatiala_zoning -cert sbp2007.public -key sbp2007.private
add ssl certKey sbmysore_cert -cert sbm2007.public -key sbm2007.private
add ssl certKey sbs2004_cert -cert sbs2007withoutCA.public -key sbs2007.private
add ssl certKey sbindore_cert -cert "/nsconfig/ssl/onlinesbindore.txt" -key "/nsconfig/ssl/onlinsbindore-pem"
add ssl certKey sbh -cert "/nsconfig/ssl/onlinesbhnewcert.txt" -key "/nsconfig/ssl/onlinesbh.pem"
add ssl certKey sbbj_cert -cert "/nsconfig/ssl/sbbjonline-newcert.txt" -key "/nsconfig/ssl/sbbjonline.pem"
add ssl certKey sbi2006 -cert "/nsconfig/ssl/onlinesbi.cer" -key "/nsconfig/ssl/onlinesbi.pem"
link ssl certKey sbtcert inter_ca
link ssl certKey sbpatiala_zoning inter_ca
link ssl certKey sbmysore_cert inter_ca
link ssl certKey sbs2004_cert inter_ca
link ssl certKey sbindore_cert inter_ca
link ssl certKey sbh inter_ca
link ssl certKey sbbj_cert inter_ca
link ssl certKey sbi2006 inter_ca
After performing this operation, the certificates of all Sites were installed on new device.
9. OBTAINING A NEW CERTIFICATE FROM A CERTIFICATE AUTHORITY (CA):
To obtain an SSL certificate from an authorized certificate authority (CA) like VeriSign, you
must create a certificate signing request (CSR) and submit it to the CA.
The following procedures describe how to create a CSR that you can submit to a CA to
obtain a valid Certificate.
Creating a Private Key to be used for generating a CSR
To create an RSA key using the configuration utility, In the navigation pane, click SSL > CA
Tools, On right side pane, click Create RSA Key. In the Key Filename text box, type the name
of the RSA key (for e.g: sbiprivate.key).In the Key Size (Bits) text box, type the size in bits of
the key (for example, 1024). Click Create, and then click Close. The RSA key you created is
saved on the Netscaler. (Refer figure 7)
- 12 -
Figure 7
Caution: Make sure you limit access to your private key. Anyone who has access to your
private key can generate a new CSR and obtain a new certificate using your identity.
The certificate that you receive from the CA is valid only with the private key used to create
the CSR. The private key is required to add the certificate on the Netscaler.
Click on to save the changes.
Creating a Certificate Signing Request:
The certificate signing request (CSR) is a collection of details, including the domain name,
other important company details, and the private key to be used to create the certificate.
To avoid generating an invalid certificate, you need to ensure that the details provided are
accurate.
To create a certificate signing request using the configuration utility, In the navigation pane,
click SSL > CA Tools > On right side pane, click Create Certificate Request.In the Request File
Name text box, type the name of the CSR (for e.g.: sbireq.csr) In the Key File Name text box,
type the name of the key to be used to create the CSR (for e.g.: sbiprivate.key). Select the
format the key was saved in (for example, PEM).In the PEM Passphrase (For Encrypted Key),
type the password used to encrypt the key. Under Distinguished Name Fields, enter relevant
information for each parameter. The information you enter will form the Distinguished
Name (DN) of the company (Web site).Click Create, and then click Close. Refer (Figure 8)
Figure 8
- 13 -
The certificate signing request you created is saved on the Netscaler in the specified
location.
Next, you need to send the CSR to a CA for authentication and signing. The CA will return a
valid certificate to the email address you used to submit the CSR.Once you have obtained
the signed certificate from a CA, install the certificate and its corresponding private key on
the Netscaler.
Click on to save the changes.
Installing certificate received from CA:
Assume you receive a certificate file from CA for e.g.: onlinesbi.cer. Go to Netscaler > SSL >
Certificates > Add.
In the Certificate-key pair name given the name for the Certificate (e.g.: onlinesbi.com)
In the Key File Name text box, type the name of the key that was used to create the CSR (for
e.g : sbiprivate.key).Click Install.(Refer Figure 9)
Figure 9
Click on to save the changes.
We now need to link the Intermediate certificate to all SBI certificates. Under Netscaler >
SSL > Certificates > on right hand pane select the certificate (for e.g.: onlinesbi.com) and
click on Link button. On the Link Server Certificate, select CA Certificate Name as
‘intermediate’. Click OK.
Repeat the procedure for linking all Banks certificates with Intermediate Certificate.
Refer Figure 10
- 14 -
Figure 10
Click on to save the changes.
10. ADDING SERVICES OBJECTS TO NETSCALER:
Under Netscaler > Load balancing > Services > click on add button,
You shall get a “Create Service” window. (Refer figure 11).
Enter Details as follows:
Service Name: svice_sbi_163_80
Server: srv_sbi_163
Protocol: HTTP
Port: 80
On the Advanced tab, under Settings, select the Use Source IP check box, and then click OK.
Do not change any other settings. Click “Create” to accept the settings. (Refer Figure 11)
Figure 11
- 15 -
Repeat the procedure for adding more services as described in Table 4.
Table 4
SERVICE NAME SERVER NAME PROTOCOL PORT
svice_sbi_163_80 srv_sbi_163 HTTP 80
svice_sbi_183_80 srv_sbi_183 HTTP 80
svice_sbi_153_80 srv_sbi_153 HTTP 80
svice_sbt_164_80 srv_sbt_164 HTTP 80
svice_sbt_184_80 srv_sbt_184 HTTP 80
svice_sbbj_144_80 srv_sbbj_144 HTTP 80
svice_sbbj_168_80 srv_sbbj_168 HTTP 80
svice_sbbj_180_80 srv_sbbj_180 HTTP 80
svice_sbh_150_80 srv_sbh_150 HTTP 80
svice_sbh_165_80 srv_sbh_165 HTTP 80
svice_sbh_186_80 srv_sbh_186 HTTP 80
svice_sbm_147_80 srv_sbm_147 HTTP 80
svice_sbm_167_80 srv_sbm_167 HTTP 80
svice_sbm_159_80 srv_sbm_159 HTTP 80
svice_sbs_142_80 srv_sbs_142 HTTP 80
svice_sbs_169_80 srv_sbs_169 HTTP 80
svice_sbs_182_80 srv_sbs_182 HTTP 80
svice_sbp_146_80 srv_sbp_146 HTTP 80
svice_sbp_172_80 srv_sbp_172 HTTP 80
svice_sbp_158_80 srv_sbp_158 HTTP 80
svice_sbindore_149_80 srv_sbindore_149 HTTP 80
svice_sbindore_166_80 srv_sbindore_166 HTTP 80
svice_sbindore_187_80 srv_sbindore_187 HTTP 80
Click on to save the changes.
11. ADDING VSERVERS OBJECTS TO NETSCALER:
Now we can add HTTP Vserver objects to Netscaler.
Under Netscaler > Load balancing > Virtual Servers > click on add button, on the “Create
Virtual Server”, Enter the following details: (Refer Figure 12)
Name: lb_sbi_133_153_http
IP Address: 192.168.25.173
Protocol: HTTP
Port: 80
Services: svice_sbi_153_80 , svice_sbi_163_80 , svice_sbi_183_80.
- 16 -
Figure 12
Click on Create Button to create the Vserver object.
Click on to save the changes.
Now we shall add a HTTPS (SSL) Vserver object.
Under Netscaler > Load balancing > Virtual Servers > click on add button, On the “Create
Virtual Server”, Enter the following details:
Name: lb_sbi_133_153_ssl
IP Address: 192.168.25.173
Protocol: SSL
Port: 443
Services: svice_sbi_153_80, svice_sbi_163_80, svice_sbi_183_80.
Certificates (On SSL Settings tab): “sbi2006”certificate
Method and Persistence: LEAST CONNECTION and SSLSESSION.
Click Create button to create this Vserver object.
Refer Figure 13
- 17 -
Figure 13
Click on to save the changes.
The above steps need to be repeated for creating more Vserver objects. (Refer Table 5.)
VSERVER NAME VIRTUAL IP
PR
OT
OC
OL
PO
RT
BOUND SERVICES
BO
UN
D
CE
RT
IFIC
AT
E
METHOD AND
PERSISTENCE
lb_sbh_140_150_ssl 192.168.25.170 SSL 443 svice_sbh_150_80
svice_sbh_165_80
svice_sbh_186_80
sbh LEAST CONN.
AND SSL
SESSION
lb_sbh_140_150_http 192.168.25.170 HTTP 80 svice_sbh_150_80
svice_sbh_165_80
svice_sbh_186_80
LEAST CONN.
lb_sbt_141_145_ssl 192.168.25.171 SSL 443 svice_sbt_145_80
svice_sbt_164_80
svice_sbt_184_80
sbtcert
LEAST CONN.
AND SSL
SESSION
lb_sbt_141_145_http 192.168.25.171 HTTP 80 svice_sbt_145_80
svice_sbt_164_80
svice_sbt_184_80
LEAST CONN.
lb_sbi_133_153_ssl 192.168.25.173 SSL 443 svice_sbi_153_80
svice_sbi_163_80
svice_sbi_183_80
sbi2006 LEAST CONN.
AND SSL
SESSION
- 18 -
lb_sbi_133_153_http 192.168.25.173 HTTP 80 svice_sbi_153_80
svice_sbi_163_80
svice_sbi_183_80
LEAST CONN.
lb_sbbj_134_144_ssl 192.168.25.174 SSL 443 svice_sbbj_144_80
svice_sbbj_168_80
svice_sbbj_180_80
sbbj_cert LEAST CONN.
AND SSL
SESSION
lb_sbbj_134_144_http 192.168.25.174 HTTP 80 svice_sbbj_144_80
svice_sbbj_168_80
svice_sbbj_180_80
LEAST CONN.
lb_sbp_136_146_ssl 192.168.25.176 SSL 443 svice_sbp_146_80
svice_sbp_158_80
svice_sbp_172_80
sbpatiala
_zoning
LEAST CONN.
AND SSL
SESSION
lb_sbp_136_146_http 192.168.25.176 HTTP 80 svice_sbp_146_80
svice_sbp_158_80
svice_sbp_172_80
LEAST CONN.
lb_sbm_137_147_ssl 192.168.25.177 SSL 443 svice_sbm_147_80
svice_sbm_159_80
svice_sbm_167_80
sbmysor
e_cert
LEAST CONN.
AND SSL
SESSION
lb_sbm_137_147_http 192.168.25.177 HTTP 80 svice_sbm_147_80
svice_sbm_159_80
svice_sbm_167_80
LEAST CONN.
lb_sbs_138_142_ssl 192.168.25.178 SSL 443 svice_sbs_142_80
svice_sbs_169_80
svice_sbs_182_80
sbs2004_
cert
LEAST CONN.
AND SSL
SESSION
lb_sbs_138_142_http 192.168.25.178 HTTP 80 svice_sbs_142_80
svice_sbs_169_80
svice_sbs_182_80
LEAST CONN.
lb_sbindore_139_149
_ssl
192.168.25.179 SSL 443 svice_sbindore_149_
80
svice_sbindore_166_
80
svice_sbindore_187_
80
sbindore
_cert
LEAST CONN.
AND SSL
SESSION
lb_sbindore_139_149
_http
192.168.25.179 HTTP 80 svice_sbindore_149_
80
svice_sbindore_166_
80
svice_sbindore_187_
80
LEAST CONN.
Table 5
Click on to save the changes.
This finishes the Netscaler configuration for Web Server optimization.
- 19 -
12. HIGH AVAILABILITY CONFIGURATION:
Now we shall start HA configuration on both Netscalers.
Pre-requisites for high availability configuration:
• All unused Ethernet interfaces must be disabled on both Netscalers
• “nsroot” password must be same for both devices.
• Netscaler IP (NSIP) must be different for both devices, but all other IPs would be
common to them.
Procedure:
1. On device intended to be Secondary and which does not contain configuration
execute following CLI command:
> set ha node -hastatus STAYSECONDARY
2. ON device which is Primary run the following command:
> set ha node -hastatus STAYPRIMARY
3. On primary Netscaler run the following command:
> add HA node 2 192.168.25.133
> save ns config
4. On secondary Netscaler run the following command:
> add HA node 1 192.168.25.132
> save ns config
5. ON Primary Device run the following CLI command:
> force HA sync
6. On both Primary and Secondary device run the following CLI command:
> set ha node –hastatus ENABLED
> save ns config
This will enable HA on both devices and Configuration from Primary will be synchronized
to Secondary.
- 20 -
13. USEFUL COMMANDS:
1. > show arp
Synopsis:
show arp
Description:
Display all the entries in the system's ARP table.
2. > add arp
Synopsis:
add arp -IPAddress <ip_addr> -mac <mac_addr> -ifnum
<interface_name>
Description:
Add a static entry to the system's ARP table. This ARP entry never times out.
3. > rm arp
Synopsis:
rm arp (<IPAddress> | -all)
Description:
Remove an entry from the system's ARP table.
4. > show vlan
Synopsis:
show vlan [<id>] show vlan stats - alias for 'stat vlan'
Description:
Displays the configured VLANs. If id is specified, then only that particular VLAN
information is displayed. If it is not specified, all configured VLANs are displayed.
5. > show route
Synopsis:
show route
Description:
Display the configured routing information.
- 21 -
6. > add route
Synopsis:
add route <network> <netmask> <gateway>
Description:
Add a static route to the forwarding table.
7. > rm route
Synopsis:
rm route <network> <netmask> <gateway>
Description:
Remove a configured static route from the system.
8. > save ns config
Synopsis:
save ns config
Description:
Save the system configuration to the system's FLASH.
9. > show ns license
Synopsis:
show ns license
Description:
Display information about the current system license.
10. > shutdown
Synopsis:
shutdown
Description:
Use this command to stop the operations of the system on which you are issuing this
command. After you enter this command, you can turn off power to the system.
- 22 -
11. > reboot
Synopsis:
reboot
Description:
Use this command to restart a system.
12. > show ns feature
Synopsis:
show ns feature
Description:
Display the current status of System features.
13. > show interface
Synopsis:
show interface [<id>]
Description:
Show the interface settings configured in the system for the specified interface
number. If ifnum is not specified, the settings are shown for all interfaces (in a brief
format).
14. > show ns ip
Synopsis:
show ns ip
Description:
Display all the IP addresses such as VIP, MIP, NSIP, and SNIP.
15. > shell
Synopsis:
shell
- 23 -
Description:
Exit to the FreeBSD command prompt, where FreeBSD commands may be entered.
Press the <Control> + <D> keys or type exit to return to the NetScaler system CLI
prompt.
16. > set system user
Synopsis:
set system user <username> {<password>}
Description:
Set a system user's password.
WARNING: password of “nsroot” user must be same for HA to work. Hence make
sure to change nsroot passwords of both devices at same time and keep the
passwords same.
14. CONFIGURATION BACKUP:
It is recommended that before doing any changes into the system, take a backup of current
config.
All Netscaler configuration is stored in the /nsconfig folder.
To backup current configuration, copy “ns.conf” file from this folder. One can use tools like
winSCP or SCP for copying the files.
SSL Certificates are stored in /nsconfig/ssl folder. Hence this folder can also be copied as a
backup measure.
Netscaler License is stored in /nsconfig/license folder. This can also be copied for safe
keeping.
The above procedure is to be repeated on secondary device also.
15. MONITORING:
From GUI Netscaler can be managed in two ways.
A. On main GUI click on “DASHBOARD”. This will show real time statistics of the device
on various parameters like HTTP requests; Interface CPU used Memory used, etc.
Refer Figure 14
- 24 -
Figure 14
B. On main GUI, click on “MONITORING”. This will also provide with statistics on various
parameters of the device. But in this case one needs to refresh data manually.
(Refer Figure 15)
Figure 15
- 25 -
16. CONTACT AND SUPPORT INFORMATION:
Citrix Access Partner:
Magnamious Systems Pvt. Ltd., Mumbai.
Support Telephone Numbers: 91-22-26115106 / 26115128 /24146108 /24146178
Email IDs: [email protected] ; [email protected]
Call Escalation: +91-9820013958 - Mr. Deepak Jhaveri. –Director.
Email ID: [email protected]
----------