Archive for the ‘Netscaler / Access Gateway’ Category

Using Citrix Netscaler and Netscaler MAS 11.01 with Nutanix Acropolis Hypervisor

Friday, July 15th, 2016

Hi Folks,

if you want to use the Citrix Netscaler or the Netscaler Management and Analytics System 11.01 Build 47.14 together with the Nutanix Acropolis Hypervisor Platform, this is the way how you get it running.

  1. Download the Netscaler / Netscaler MAS KVM Version
  2. Extract the Arcive(s) with a tool like 7-Zip until you have the virtual HDD (Netscaler = .raw file)
  3. Login to the Nutanix Web Console and open the Image configuration, import the virtual HDD as harddisk. Prefer to use the Mozilla Browser for this task, IE may crash regarding that the file is to large.
  4. Create a new VM, remove the CD-ROM (!) and configure the VM min. like below:
    – 2 CPU’s with 1 Core
    – 2GB RAM for Netscaler, 8GB RAM for Netscaler MAS
    – Add the imported HDD by using the Nutanix Image Service as IDE drive, the Size should be min. 20GB for Netscaler and 500GB (!) for Netscaler MAS
    – Add a Network Card
  5. Before you start the VM open a telnet client like Putty and connect to any Nutanix Controller VM (Default login User: nutanix Password: nutanix/4u)
  6. Execute the following commands:
    a) acli
    b) vm.serial_port_create “<VM Name>” type=kServer index=0Replace only <VM Name> with the Name of the Virtual Machine you have created, the commands will add a serial port to the VM, without a serial port the VM will NOT boot.
  7. Start the VM
  8.  To perform the initial Setup perform the following steps by using the Acropolis VM console:
    a) Login with user “nsroot” password “nsroot
    b) For Netscaler execute the command “config ns
    c) For Netscaler MAS execute the command “shell” followed by the command “networkconfig
  9.  Have fun with the rest of the configuration… 😉

Cheers
Michael

Tip: Getting struggled with SHA2 certificates and the Citrix Linux Receiver?

Friday, September 5th, 2014

Hi Folks,

if you got issues with SHA2 certificates in the past and if used together with a Citrix environment you should try the latest IGEL 5.04.100 LX/OS firmware.

The new firmware contains a updated Citrix Receiver 13 version which comes now with SHA2 certificate support, important here: You must use the Citrix Receiver 13, no option to use Receiver Version 12 here! So it might be that you have to reconfigure your thin clients to work together with your environment and to get Receiver 13 to work.

Please test the new configuration in advance, do not just modify it to see what happens for all your users (otherwise they will hate you). 😉

Cheers

Michael

 

Info: OpenSSL Heartbleed (CVE-2014-0160) issue doesn’t have an effect for Citrix Netscaler but..

Thursday, April 10th, 2014

Hello Folks,

all people talking about the OpenSSL Hearbeat/Heartbleed issue and how bad it is… Remembers me a little bit like the Sasser/MSBlast wave a couple of years ago.

heartbleed

At all, if you’re currently using Citrix Netscaler to protect your environment you should get a look at CTX140605.

In general the Citrix Netscaler is not affected by the Heartbleed issue but please note: This do not count for the internal Website running behind the Netscaler on your server by design, for example if you use Apache based Webserver, so in this case you should verify this and upgrade the Webserver. The Netscaler itself is safe at the moment, also the external access to websites hosted in your fabric should be save if the external connection run thru the Netscaler; primary risk are internal sites in your company where the Netscaler can/would be bypassed for internal access/users and if the affected OpenSSL Version 1.01 is used.

So the “but…” in the headline points to the fact that mostly attacks are coming from internal sources/users and here the Netscaler will not help you depending on your network setup if the OpenSSL Version 1.01 is used.

Iam quite sure a few web based companies are now feeling sad that they have not used the Netscaler in the past. 🙂

Cheers

Michael

P.S.: If you want to check your site visit http://filippo.io/Heartbleed/, if your site is “unsercure” you should to the following steps asap.

1) Upgrade your webserver to a secure OpenSSL Version
2) Change all used SSL certificates to new ones.
3) Notify all users to renew there passwords (force them)

There are already a lot articles covering this in more detail, so no more need to repeat this… I hope…

P.S.2: Details about the OpenSSL issue can be found here https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

Test: Using IGEL Linux based Thin Clients together with Citrix CloudGateway Enterprise

Friday, February 15th, 2013

Hi Folks,

today i’ve tested the IGEL Universal Desktop LX/OS together with Citrix XenApp 6.5, XenDesktop 5.6 and VDI in a Box 5.2 and Citrix CloudGateway Enterprise (LAN and WAN thru Citrix Netscaler).

I’ve used the internal Webbrowser coming with the IGEL Linux for the connection, in both cases (LAN and WAN) it works like a charm. For my test i’ve used the IGEL Firmware 4.11.100.

CloudGateway thru IGEL Universal Desktop LX Webbrowser

 …and connected to a session (XenApp 6.5)

 

Connection thru CloudGateway to XenApp 6.5


If you plan to upgrade your Citrix Environment to CloudGateway this should work for you, so the IGEL Linux based Clients seams to be ready for the new Citrix products. Official i’ve read no confirmation from IGEL about this, so in anyway you should test this to confirm the results. If you discover issues here feel free to contact me.

Update: I forgot, in the screenshots the Desktop Connections to XenApp,XenDesktop and VDI in a Box are missing but i works also fine for me.

Cheers
Michael

P.S.: The old PNAgent Service Site is now called “Legacy” in Citrix products…..

Note: IGEL UD2 Multimedia and Citrix Access Gateway/Netscaler

Wednesday, November 21st, 2012

Hello Folks,

if you got an SSL Error 4 if you try to setup an ICA Connection thru an Citrix Access Gateway / Netscaler with the IGEL UD2 Multimedia (ARM based, Firmware 1.03.100). Don’t try to solve it! Currently it looks that the Citrix Receiver for ARM based systems can not connect to a Citrix environment (XenDesktop, XenApp or VDIinaBox) thru CAG/Netscaler. In this case you have to use a x86 based system like the UD3 or UD5, with these devices i don’t got any issue during my test’s with Firmware 4.10.100.

I will post an update here if a solution is available.

Cheers
Michael

P.S.: This issue should also pop up with any other ARM based device using the Citrix Receiver for Linux and it don’t seems to be a general IGEL UD2 Multimedia issue. Iam only sorry that this is not mentioned in the release notes in any way….