- 1 - CITRIX NETSCALER DEPLOYMENT DOCUMENT At State Bank of India - Internet Banking Belapur, Navi Mumbai. By Magnamious Systems Pvt. Ltd. Mumbai. Version: 1.0 Author: KUMAR. N WARNING – THIS DOCUMENT CONTAINS CONFIDENTIAL INFORMATION & IS MEANT FOR INTERNAL USE OF STATE BANK OF INDIA AND MAGNAMIOUS SYSTEMS P. LTD. ACCESS TO THIS DOCUMENT IS RESTRICTED. DO NOT DISCLOSE, COPY OR DISTRIBUTE WITHOUT PRIOR PERMISSION.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
- 1 -
CITRIX NETSCALER DEPLOYMENT DOCUMENT
At
State Bank of India - Internet Banking
Belapur, Navi Mumbai.
By
Magnamious Systems Pvt. Ltd.
Mumbai.
Version: 1.0
Author: KUMAR. N
WARNING – THIS DOCUMENT CONTAINS CONFIDENTIAL INFORMATION & IS MEANT FOR INTERNAL USE OF STATE
BANK OF INDIA AND MAGNAMIOUS SYSTEMS P. LTD. ACCESS TO THIS DOCUMENT IS RESTRICTED. DO NOT
DISCLOSE, COPY OR DISTRIBUTE WITHOUT PRIOR PERMISSION.
- 2 -
CONTENTS:
1. SYSTEM CONFIGURATION
03
2. ACCESSING NETSCALER CONFIGURATION 04
3. INITIAL SYSTEM CONFIGURATION 05
4. ADDING OTHER ROUTES 06
5. ADDING IPADDRESSES TO NETSCALER 07
6. ADDING MANAGEMENT USERS.
08
7. ADDING SERVER OBJECTS 09
8. INSTALLING SSL CERTIFICATES ON NETSCALER 10
9. OBTAINING A NEW CERTIFICATE FROM A CERTIFICATE AUTHORITY 11
10 ADDING SERVICES OBJECTS TO NETSCALER 14
11. ADDING VSERVERS OBJECTS TO NETSCALER 15
12. HIGH AVAILABILITY CONFIGURATION 19
13. USEFUL COMMANDS 20
14. CONFIGURATION BACKUP 23
15. MONITORING 23
16. CONTACT AND SUPPORT INFORMATION 25
- 3 -
1. SYSTEM CONFIGURATION:
� Netscaler Firmware version is NS 8.1 Build 60.3
� Devices are connected in One-Arm configuration and in HIGH-AVAILABILITY MODE.
� Enterprise Edition licenses installed.
• CONFIGURED MODES:
1. Fast ramp
2. Tcp buffering
3. Edge configuration
4. L3 mode ( IP forwarding)
5. Path MTU Discovery
6. Use Subnet IP
• CONFIGURED BASIC FEATURES:
1. SSL Offloading
2. Compression
3. Load balancing
• ADMIN USERS:
1. nsroot
2. mspl
IP Addresses Configuration:
(Table 1)
IP ADDRESS TYPE REMARKS
192.168.25.132 NETSCALER IP MANAGEMENT IP FOR FIRST DEVICE
192.168.25.133 NETSCALER IP MANAGEMENT IP FOR SECOND DEVICE
192.168.25.130 SUBNET IP SERVER FACING IP
192.168.25.170 VIP CLIENT FACING IP (SBH SITE)
192.168.25.171 VIP CLIENT FACING IP (SBT SITE)
192.168.25.173 VIP CLIENT FACING IP (SBI SITE)
192.168.25.174 VIP CLIENT FACING IP (SBBJ SITE)
192.168.25.176 VIP CLIENT FACING IP (SBP SITE)
192.168.25.177 VIP CLIENT FACING IP (SBM SITE)
192.168.25.178 VIP CLIENT FACING IP (SBS SITE)
192.168.25.179 VIP CLIENT FACING IP (SB INDORE SITE)
SUBNET MASK: 255.255.255.192 Table 1
- 4 -
2. ACCESSING NETSCALER CONFIGURATION:
This document assumes 192.168.25.132 as Primary Netscaler and 192.168.25.133 as
Secondary Netscaler. But their role may be reversed if a failover had happened during
operations. All configurations must be done on Current Primary Device only.
A. Using GUI method, type http://192.168.25.132 or http://192.168.25.133
B. Enter Username and Password when prompted (refer figure 1)
Figure 1
C. For accessing using Command-line Interface (CLI), use tools like PuTTY
Key in the IP address of the device (refer figure 2).
Figure 2
- 5 -
D. Enter Username and Password when prompted (refer figure 3)
Figure 3
3. INITIAL SYSTEM CONFIGURATION:
Initial system configuration has to be done separately on each NetScaler unit.
(This configuration is generally done on new devices and is not required for devices already
configured and running properly.)
A. On Primary Netscaler:
1. Connect the serial cable (red colour) to the console port (9-pin serial interface
located on the front of the unit)
2. Access the command line with a terminal emulator (for e.g.; HyperTerminal in
windows). Set the HyperTerminal settings to: Bits per second: 9600, Data bits: 1,
Parity: None, Stop bits: 1 and Flow control: None.
3. At the login prompt, type the user name nsroot and the password nsroot and
press the ENTER key.
4. Setting the NetScaler IP Address:
To set the Netscaler IP (NSIP) use the following command:
> set ns config -IPAddress 192.168.25.132 -netmask 255.255.255.192
5. Setting the Default Gateway
You will also want to change the IP of the default gateway. To change this IP, use the
following command.
> add route 0.0.0.0 0.0.0.0 192.168.25.190
6. Saving the Configuration
To save configuration changes use the following command:
> save ns config
7. Rebooting the System
> reboot
- 6 -
B. On secondary Netscaler.
1. Connect the serial cable (red color) to the console port (9-pin serial interface
located on the front of the unit)
2. Access the command line with a terminal emulator (for e.g.; HyperTerminal in
windows). Set the HyperTerminal settings to: Bits per second: 9600, Data bits: 1,
Parity: None, Stop bits: 1, and Flow control: None.
3. At the login prompt, type the user name nsroot and the password nsroot and
press the ENTER key.
4. Setting the NetScaler IP Address:
To set the Netscaler IP (NSIP) use the following command:
> set ns config -IPAddress 192.168.25.133 -netmask 255.255.255.192
5. Setting the Default Gateway
You will also want to change the IP of the default gateway. To change this IP, use the
following command.
> add route 0.0.0.0 0.0.0.0 192.168.25.190
6. Saving the Configuration
To save configuration changes use the following command:
> save ns config
7. Rebooting the System
> reboot
AFTER THIS PROCEDURE THE SECONDARY DEVICE CAN BE KEPT OFF UNTIL IT IS REQUIRED FOR HA
MODE CONFIGURATION. THE FOLLOWING PAGES WILL DESCRIBE CONFIGURATIONS ON PRIMARY
DEVICE ONLY. WHEN HA MODE IS ENABLED, THIS CONFIGURATION SYNCHRONIZES FROM PRIMARY
TO SECONDARY.
4. ADDING OTHER ROUTES:
Depending upon the network architecture some additional routes can be added on
Netscaler as needed. The command using CLI is as follows.