Installing and Configuring NetScaler ADC VPX 10.1

A few weeks ago I wrote a blog about Configuring NetScaler Access Gateway VPX and Citrix StoreFront. This blog was based on the NetScaler Access Gateway Enterprise Edition 10.0 with Citrix StoreFront 1.2. Last week Citrix released NetScaler ADC VPX 10.1 at Synergy 2013. Of course I want to look at it right away. The first thing that noticed me is the improved interface and the new welcome wizard (see screenshots below).

I know you can do a lot with the NetScaler but this blog will be limited to upload the NetScaler VPX to a Citrix XenServer, configure the NetScaler VPX, install the SSL Certificate, setting up the NetScaler Gateway and finally I will install and configure the Web Interface on NetScaler.

Before you begin make sure you have Java Runtime installed and that you have a license file for the NetScaler. The NetScaler needs a SSL certificate, make sure you can create a key by a CA. For this blog I will use and describe the step for creating the key by Go Daddy.

Downloading the NetScaler VPX and the Web Interface Components

Installing-and-Configuring-NetScaler-ADC-VPX-101-001

For this installation I will download “NetScaler ADC VPX for XenSever 10.1 Build 112.13” from the Citrix website.

Installing-and-Configuring-NetScaler-ADC-VPX-101-002

For the “Web Interface on NetScaler 10” I will download the “Web Interface on NetScaler Installation Package” and for the Java part I will use the “Open JDK6 Package”

Uploading the NetScaler VPX to the XenServer

 Installing-and-Configuring-NetScaler-ADC-VPX-101-003

In Citrix XenCenter, open the File menu and choose the option Import…

Installing-and-Configuring-NetScaler-ADC-VPX-101-004

Browse to the NetScalerVDX and click Next

Installing-and-Configuring-NetScaler-ADC-VPX-101-005

Select your XenServer and click on Next

Installing-and-Configuring-NetScaler-ADC-VPX-101-006

Select the storage you want to upload the Netscaler to and click Import

Installing-and-Configuring-NetScaler-ADC-VPX-101-007

Select the network interface you want to connect to the Netscaler to and click Next

Installing-and-Configuring-NetScaler-ADC-VPX-101-008

Click Finish

Configuring the Netscaler ADC VPX

Installing-and-Configuring-NetScaler-ADC-VPX-101-009

Start the NetScaler and go to the Console tab of the virual machine (XenCenter). Enter the desired IP Adress (this will be the management interface IP address a.k.a. NSIP), Netmask and Gateway address.

Installing-and-Configuring-NetScaler-ADC-VPX-101-010

After entering all the network information there should be a menu to appear, but in this version of to the NetScaler it is not the case. From earlier versions I know option 4 is “Save and Quit”, so type in number 4 and hit Enter

Installing-and-Configuring-NetScaler-ADC-VPX-101-011

After rebooting the Netscaler, open Internet Explorer and enter the NSIP address (management interface IP address). Login with User Name; nsroot and Password; nsroot

Installing-and-Configuring-NetScaler-ADC-VPX-101-012

The new Welcome screen appears. Fill in the Subnet IP Address (will be used to connect to the resource servers), the Hostname and the DNS server. Select the correct time zone and optionally change the administrator password. Click Continue.

Installing-and-Configuring-NetScaler-ADC-VPX-101-013

Click Browse to select your license file.

Installing-and-Configuring-NetScaler-ADC-VPX-101-014

Select the license file uploaded in the previous step and click Continue

Installing-and-Configuring-NetScaler-ADC-VPX-101-015

Installing-and-Configuring-NetScaler-ADC-VPX-101-016

Click Yes to reboot the NetScaler

Installing the SSL Certificate

Installing-and-Configuring-NetScaler-ADC-VPX-101-017

On the Configuration tab go to the Traffic Management > SSL menu, on the right side of the screen click on Create RSA Key

Installing-and-Configuring-NetScaler-ADC-VPX-101-018

Fill in the following information;

Key Filename: “name”.key, anything you like
Key Size (bits): 2048
Public Exponent Value: F4
Key Format: PEM
PEM Encoding Algorithm: DES3
PEM Passphrase: A password you like
Verify Rassphrase: Same as above

Click OK and then Close

Installing-and-Configuring-NetScaler-ADC-VPX-101-019

The next step is to create a request that needs to send over to the CA. On the right side of the screen click  Create CSR (Certificate Signing Request)

Installing-and-Configuring-NetScaler-ADC-VPX-101-020

Fill in the following information;

Request File Name: “name”.REQ, anything you like
Key File Name: Browse to the .KEY file you just created
Key Format: PEM
PEM Passphrase (For Encrypted Key): The password you specified in the previous step

Country: Your Country
Organization Name: The name of your organization
State or Province: You State or Province
Common Name: This is the address the users will type in their browsers
Challenge Password: A password you like

Click OK and then Close

Installing-and-Configuring-NetScaler-ADC-VPX-101-021

The .REQ file needs to be download for importing it to the CA. Go to “Manage Certificates / Keys / CSRs”

Installing-and-Configuring-NetScaler-ADC-VPX-101-022

Select the .REQ file and click Download. Click on Browse to give a “Save in” location, click on Download and then Close.

Installing-and-Configuring-NetScaler-ADC-VPX-101-023

Open the .REQ file in Notepad and copy all the text. Go to your CA (in my case Go Daddy) to create the key or re-key an existing certificate by pasting the text from the .REQ file.

Installing-and-Configuring-NetScaler-ADC-VPX-101-024

After creating the certificate, download it. Select IIS7 as server type.

Installing-and-Configuring-NetScaler-ADC-VPX-101-025

After downloading the certificate, go back to “Manage Certificates / Keys / CSRs” under the SSL menu of the NetScaler and Upload the .crt file.

Installing-and-Configuring-NetScaler-ADC-VPX-101-026

Go to the menu Traffic Management > SSL > Certificates. On the upper right side on the screen click on Install..

Installing-and-Configuring-NetScaler-ADC-VPX-101-027

Fill in the following information;

Certificate-Key Pair Name: Any name you want
Certificate File Name: Browse to the .crt file you just uploaded
Key File Name: Browse to the .KEY file created earlier
Password: The password entered when creating the request
Certificate Format: PEM

Click on Create and Close

Installing-and-Configuring-NetScaler-ADC-VPX-101-028

After the installation you can see the status and the number of days the certificate expires.

Create the NetScaler Gateway Virtual Server

Installing-and-Configuring-NetScaler-ADC-VPX-101-029

On the Configuration tab go to NetScaler Gateway and then on the right site click on NetScaler Gateway wizard

Installing-and-Configuring-NetScaler-ADC-VPX-101-030

Click on Next

Installing-and-Configuring-NetScaler-ADC-VPX-101-031

Fill the IP Address, this is the IP address the outside IP address must point to. Fill in port number 443 and the Virtual Server Name (anything you like). After this Wizard configure your router and/or firewall to redirect port 443 (and optionally port 80) from outside to this IP address.

Installing-and-Configuring-NetScaler-ADC-VPX-101-032

By Certificate Options choose Use an installed certificate and private key pair. By Server Certificate choose the certificate installed in the previous step.

Installing-and-Configuring-NetScaler-ADC-VPX-101-033

Fill in the DNS Server IP Address of your DNS server, leave WINS IP Address blank. Choose DNS as Name Lookup Priority and click next

Installing-and-Configuring-NetScaler-ADC-VPX-101-034

Choose LDAP as authentication type. By Connection Settings fill in the requested information as shown in the screenshot above and click on Retrieve Attributes.

Installing-and-Configuring-NetScaler-ADC-VPX-101-035

Click OK

Installing-and-Configuring-NetScaler-ADC-VPX-101-036

Set Configure Authorization to Allow. Optionally you can enable Port 80 redirection. Click Next

Installing-and-Configuring-NetScaler-ADC-VPX-101-037

Select what is applicable and click Next

Installing-and-Configuring-NetScaler-ADC-VPX-101-038

Click Finish

Installing-and-Configuring-NetScaler-ADC-VPX-101-039

Click Exit

Installing-and-Configuring-NetScaler-ADC-VPX-101-040

The next step is to configure the LDAP server and LDAP policy and assign it to the NetScaler Gateway. Go to menu NetScaler Gateway > Policies > Authentication > LDAP. On the right side of the screen select the Servers tab, and then click Add.

Installing-and-Configuring-NetScaler-ADC-VPX-101-041

Fill in the following information;

Name: Any name you want
IP Address: The IP address of your AD Domain Controller
Base DN (location of users): Distinguished Name of the domain
Administrator Bind DN: A domain administrator account name
Administrator Password: The password of the domain administrator account
Confirm Administrator Pass: Same as above

Click on Retrieve Attributes

Installing-and-Configuring-NetScaler-ADC-VPX-101-042

Click OK

Installing-and-Configuring-NetScaler-ADC-VPX-101-043

Click on Create and Close

Installing-and-Configuring-NetScaler-ADC-VPX-101-044

Go the Policies tab and click Add

Installing-and-Configuring-NetScaler-ADC-VPX-101-045

Fill in the following information;

Name: Any name you want
Server: The LDAP server created in the previous step

Select True value and click Add Expression, then click Create and Close

Installing-and-Configuring-NetScaler-ADC-VPX-101-046

Go to menu NetScaler Gateway > Virtual Servers, select the server created in the previous steps and click Open…

Installing-and-Configuring-NetScaler-ADC-VPX-101-047

Go to the Authentication tab and click on Insert Policy to apply the policy created in the previous step. Click OK

At this moment you can already logon to the NetScaler with the external URL (you must configured the router to allow the 443 traffic to the Access Gate IP Address).

Installing the Web Interface on NetScaler

Installing-and-Configuring-NetScaler-ADC-VPX-101-048

Go to menu System > Web interface, on the right side of the screen click on Web Interface Wizard

Installing-and-Configuring-NetScaler-ADC-VPX-101-049

Click Next

Installing-and-Configuring-NetScaler-ADC-VPX-101-050

Browse local to the downloaded Web Interface and Java Runtime Tar files. Set Maximum number of sites to 3 and click Next.

Installing-and-Configuring-NetScaler-ADC-VPX-101-051

Click OK

Installing-and-Configuring-NetScaler-ADC-VPX-101-052

Select GatewayDirect as Default Access Method, Select the NetScaler Gateway Vserver and enter the STA’s of your XenApp and/or XenDesktop controllers/brokers. Click Next.

Installing-and-Configuring-NetScaler-ADC-VPX-101-053

You now have to option to customize the Web Interface Site Appearance, fill in what you want to customize and click Next

Installing-and-Configuring-NetScaler-ADC-VPX-101-054

Click Next

Installing-and-Configuring-NetScaler-ADC-VPX-101-055

Click Add

Installing-and-Configuring-NetScaler-ADC-VPX-101-056

Enter the information of your XenApp Controller or XenDesktop Broker and click Create and Close (repeat this step if you want to add more XenApp / XenDesktop farms)

Installing-and-Configuring-NetScaler-ADC-VPX-101-057

Click Next

Installing-and-Configuring-NetScaler-ADC-VPX-101-058

Click Finish

Installing-and-Configuring-NetScaler-ADC-VPX-101-059

Click Exit

Configure the NetScaler to redirect to the Web Interface

Installing-and-Configuring-NetScaler-ADC-VPX-101-060

Go to menu NetScaler Gateway and on the right side of the screen click Published application wizard

Installing-and-Configuring-NetScaler-ADC-VPX-101-061

Click Next

Installing-and-Configuring-NetScaler-ADC-VPX-101-062

Select the Virtual Server Name created in previous steps and click Next.

Installing-and-Configuring-NetScaler-ADC-VPX-101-063

Enter the Web Interface Address “http://127.0.0.1:8080/Citrix/XenApp and fill in the Single Sign-on Domain. Click Add to add the STA’s of your XenApp server(s) and/or XenDesktop server(s) in this format: “http(s)://<servername>.<domainname>”. In previous versions it was needed to add “/scripts/ctxsta.dll” to this path, but with this version of the NetScaler it’s not needed (In my case).

Click Next

Installing-and-Configuring-NetScaler-ADC-VPX-101-064

Select “SETVPNPARAMS_POL” and click Next

Installing-and-Configuring-NetScaler-ADC-VPX-101-065

Click Finish

Installing-and-Configuring-NetScaler-ADC-VPX-101-066

Click Exit

Installing-and-Configuring-NetScaler-ADC-VPX-101-067

At this point everything should be working fine and you can now access the NetScaler Gateway with the https://<server adres>

Installing-and-Configuring-NetScaler-ADC-VPX-101-068

After the logon you will be redirected to the Webinterface with the customizations you have specified during the wizard.

28 comments

  • Great blog post man, just got a tip from one of my readers. The Netscaler wizard now seems to work much better than the earlier versions. I did a lot hands on with this version on Citrix Synergy.

  • Thanks for the run down on 10.1. Would you by any chance know or have tested if the EPA scanner in 10.1 has improved functionality for Windows Security / Antivirus detection?

  • This is a great blog! I have not had the opportunity to setup the new version; however, this will assist in getting it configured correctly when I do.

    Andre

  • Robin, great log. I’m not up to date NetScaler so this is a great stepping stone. Keep up the good work.

    Dave

  • Great post Robin. I had my first look at the 10.1 last week at a customer site and liked the new “neo”. I’ve never completely trusted “wizard” installs. During my install I chose not to use the wizard and elected to use the old guia. Maybe as I have time to try your steps in our lab and then I might trust the wizard.

  • firewall/netscaler novice here,
    On the physical Netscaler device, how many network interfaces do I need, is one DMZ cable/port enough to carry all traffic from web and to internal network for MIP, SNIP, VIP and public traffic?

  • Hi Team,

    I have one question. Where you mentioned the steps to Go to Godaddy or other CA provider & paste the text from our download certificate and create new certificate… there I have a question.

    Can’t we use the same downloaded certificate ? because we don’t have any GoDaddy or other CA Provider and also we don’t like to purchase that as I am just doing this excercise for POC purpose.

    So, can anyone suggest me the alternative way or way by skipping certificate ? I like to use Netscaler VPX.

  • You are my hero … great job on the blog. Nice screenshots and concise instructions…

  • I can assure you, after spending quite some time working on the not very intuitive netscaler, Robin’s how to is simply the best on the Internet. An amazingly accurate and informative article, that will get you through the configuration, with zero difficulty. Thank you Robin, for your efforts in helping us, the Netscaler Challenged!!

  • Hi Robin, extremly nice post.
    I have one question :
    Is the WI installed in the netscaler a better choice than using an (or two) external (Windows) WI 5.4 ?
    The vendor who installed my NS tell me that the ‘future” of the WI into the NS is not “confirmed”.

    I’m lost with the different solution available to loadbalance users on WI (for redundancy and unload on the WI).
    1) simple VIP to LB on the WI (on windows servers)
    2) using the Netscaler access gateway as an ICA proxy
    3) using the WI provided by the Netscaler

    My NS handle more than 200 simultaneous connection, I prefer having 2 windows WI , each handle so 100 connections.

    Thx

    • Hello Nicolas, WI is official EOL in 2015. There are “rumors” that StoreFront is coming to the NetScaler. Till then I Always install StoreFront servers on externsl Windows Server systems.

  • Hi Robin, Thank you for your informative guides. Using a combination of three of them I’ve configured Storefront 2.0, with Netscaler VPX 10.1 – This is working great internally and externally for Windows clients with the latest Windows Receiver and after downloading the IOS Receiver I’m able to use the same external URL for iPads to connect to, which prompts to download the ICA file and then launches the published app with Receiver – Is there a way though that I can login just using the IOS Receiver app rather than browsing with Safari first?
    Thanks,
    David

  • Best step-by-step on the web right here. Exactly what I was needing.. Cheers and thank you Robin!

  • Hi Robin,
    I am using IE10, can you suggest a tool for capturing screenshot sequences including the java applets when you are doing a config for NS10.1?
    cheers
    Andrew

  • Fantastic blog.

    The only thing I had to do was add an A record to my local DNS so I could resolve the public DNS of my NetScaler to its internal port from the XenDesktop server. Other than that worked a dream.

    Thanks

About Robin Hobo

I am a Technology Specialist working for Microsoft with focus on the Modern Workplace. I am specialized in Microsoft Intune, Azure Virtual Desktop (AVD), Windows 365, Windows 11 and Azure AD. Also interested in mental health, NLP and personal development.

For more information, see the About Me page or my LinkedIn profile.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close