-
Getting Started with Citrix ADC
-
Deploy a Citrix ADC VPX instance
-
Install a Citrix ADC VPX instance on Microsoft Hyper-V servers
-
Install a Citrix ADC VPX instance on Linux-KVM platform
-
Prerequisites for Installing Citrix ADC VPX Virtual Appliances on Linux-KVM Platform
-
Provisioning the Citrix ADC Virtual Appliance by using OpenStack
-
Provisioning the Citrix ADC Virtual Appliance by using the Virtual Machine Manager
-
Configuring Citrix ADC Virtual Appliances to Use SR-IOV Network Interface
-
Configuring Citrix ADC Virtual Appliances to use PCI Passthrough Network Interface
-
Provisioning the Citrix ADC Virtual Appliance by using the virsh Program
-
Provisioning the Citrix ADC Virtual Appliance with SR-IOV, on OpenStack
-
Configuring a Citrix ADC VPX Instance on KVM to Use OVS DPDK-Based Host Interfaces
-
-
Deploy a Citrix ADC VPX instance on Microsoft Azure
-
Network architecture for Citrix ADC VPX instances on Microsoft Azure
-
Configure multiple IP addresses for a Citrix ADC VPX standalone instance
-
Configure a high-availability setup with multiple IP addresses and NICs
-
Configure a high-availability setup with multiple IP addresses and NICs by using PowerShell commands
-
Configure HA-INC nodes by using the Citrix high availability template with Azure ILB
-
Configure address pools (IIP) for a Citrix Gateway appliance
-
-
Upgrade and downgrade a Citrix ADC appliance
-
Solutions for Telecom Service Providers
-
Load Balance Control-Plane Traffic that is based on Diameter, SIP, and SMPP Protocols
-
Provide Subscriber Load Distribution Using GSLB Across Core-Networks of a Telecom Service Provider
-
Authentication, authorization, and auditing application traffic
-
Configuring authentication, authorization, and auditing policies
-
Configuring Authentication, authorization, and auditing with commonly used protocols
-
Use an on-premises Citrix Gateway as the identity provider for Citrix Cloud
-
Troubleshoot authentication issues in Citrix ADC and Citrix Gateway with aaad.debug module
-
-
-
-
-
-
Persistence and persistent connections
-
Advanced load balancing settings
-
Gradually stepping up the load on a new service with virtual server–level slow start
-
Protect applications on protected servers against traffic surges
-
Retrieve location details from user IP address using geolocation database
-
Use source IP address of the client when connecting to the server
-
Use client source IP address for backend communication in a v4-v6 load balancing configuration
-
Set a limit on number of requests per connection to the server
-
Configure automatic state transition based on percentage health of bound services
-
-
Use case 2: Configure rule based persistence based on a name-value pair in a TCP byte stream
-
Use case 3: Configure load balancing in direct server return mode
-
Use case 6: Configure load balancing in DSR mode for IPv6 networks by using the TOS field
-
Use case 7: Configure load balancing in DSR mode by using IP Over IP
-
Use case 10: Load balancing of intrusion detection system servers
-
Use case 11: Isolating network traffic using listen policies
-
Use case 12: Configure Citrix Virtual Desktops for load balancing
-
Use case 13: Configure Citrix Virtual Apps for load balancing
-
Use case 14: ShareFile wizard for load balancing Citrix ShareFile
-
-
-
-
-
Configure SureConnect
-
-
Authentication and authorization
-
-
Configuring a CloudBridge Connector Tunnel between two Datacenters
-
Configuring CloudBridge Connector between Datacenter and AWS Cloud
-
Configuring a CloudBridge Connector Tunnel Between a Datacenter and Azure Cloud
-
Configuring CloudBridge Connector Tunnel between Datacenter and SoftLayer Enterprise Cloud
-
Configuring a CloudBridge Connector Tunnel Between a Citrix ADC Appliance and Cisco IOS Device
-
CloudBridge Connector Tunnel Diagnostics and Troubleshooting
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Configure SureConnect
The following topics describe how to configure SureConnect for scenarios involving alternate server failure.
Configure the response for alternate server failure
If the alternate server fails, and the primary server cannot immediately deliver the requested content to the client, SureConnect does not display alternate content from the failed alternate server in the client Web browser.
The Citrix ADC appliance automatically sends a response to the client browser. You can customize the server response to display information suited to your needs.
The default response is:
Your Request is being processed… Estimated Time: __ Secs
Customize the default response
The Citrix ADC appliance automatically sends the response to the client if the alternate server fails, or if the appliance is configured to send the default response.
To customize the default response of the appliance, create a vsr.htm file (a sample is provided in this section) as follows:
- The file can contain any valid HTML statements other than embedded objects.
- The file size cannot exceed 800 bytes.
- The file must reside on the Citrix ADC appliance. If you have a high availability (HA) setup, the file must reside on the primary and secondary nodes. Any changes made to the file on the primary node must also be applied to the file on the secondary node.
- Put vsr.htm file in the /etc directory.
To customize the default response
Change any of the contents between the </HEAD> and </HTML> tags in the vsr.htm file. Following is the sample content from vsr.htm file. The sections that you can edit are in bold text.
HTTP/1.1 200 OK
Server: NS_WS3.0
Content-Type: text/html
Cache-control: no-cache
Pragma: no-cache
Set-Cookie: NSC_BPIP=@@SID@@; path=/
<HTML> <HEAD> <META HTTP-EQUIV="Refresh" CONTENT="0">
</HEAD> <font color=blue size=5>Your request is being processed...
<br>Estimated Delay: @@DELAY@@ Sec </font> </HTML>
<!--NeedCopy-->
Note: Include @@DELAY@@ to display the predicted delayed response time in seconds.
SureConnect with in-memory response (NS action)
When defining the SureConnect policy by using the add sc policy command, you can configure the Citrix ADC appliance to serve alternative content to the client.
To enable SureConnect and configure the in-memory response, perform the following tasks:
- Enable the SureConnect feature on the appliance by using the enable feature SC command
- Define the services by using the
add service <servicename> <IP address> <servicetype> <port>command. This identifies the original server for which the SureConnect is configured and the types of services. - Add a SureConnect policy by using the add sc policy command. You can configure a URL-based policy or a rule-based policy. The incoming requests are validated against the URL or rule you specify in the policy.
Note: You can configure the SureConnect feature on a load balancing virtual server. In that case, perform the following additional actions:
- Enable Load Balancing by using the enable feature LB command.
- Enable SureConnect feature on the virtual server by using the
set lb vserver <vservername> -sc ONcommand. - Bind services to the virtual server by using the
bind lb vserver <name> <serviceName>command. - Bind policies to the virtual server by using the
bind lb vserver <name> -policyname <name>command.
The following example illustrates how to configure SureConnect for the load balancing feature so that SureConnect will display alternative content from the Citrix ADC appliance.
In this example, two physical servers, with IP addresses, 10.101.3.187 and 10.101.3.188 are load balanced by the Citrix ADC appliance. The appliance has one configured virtual server, vs-NSact, whose IP address is 10.101.3.201. The file that contains the alternative content is vsr.htm. It is copied from the file system into system memory. Services are loaded until the SureConnect policy triggers, and the appliance supplies the alternate content.
enable feature SC LB
add service psvc1 10.101.3.187 http 80
add service psvc2 10.101.3.188 http 80
add lb vserver vs-NSact HTTP 10.101.3.201 80
bind lb vserver vs-NSact psvc1
bind lb vserver vs-NSact psvc2
add sc policy policyNS -url /cgi-bin/*.cgi -delay 400000
-action NS
set sc parameter -vsr /nsconfig/ssl/vsr.htm
bind lb vserver vs-NSact -policyName policyNS
set lb vserver vs-NSact -sc ON
save config
<!--NeedCopy-->
Table 1. Parameter values used in this example
| Service | |
| Name | psvc1, psvc2 |
| Server | 10.101.3.187, 10.101.3.188 |
| Protocol | HTTP |
| Port | 80 |
| Load Balancing Virtual Server | |
| Name | vs-NSact |
| IP Address | 10.101.3.201 |
| Protocol | HTTP |
| Port | 80 |
| SureConnect Policy | |
| Name | policyNS |
| URL | /cgi-bin/*.cgi |
| Delay(microseconds) | 400000 |
| SC Parameter | |
| VSR File Name | vsr.htm |
To configure this example by using the GUI
- In the In the navigation pane, navigate to System > Settings. In the Modes and Features pane, perform the following actions:
- Click Configure Basic Features, select Load Balancing, and Click Go.
- Click Configure Advanced Features, select SureConnect, and Click Go.
- In the navigation pane, navigate to Security > Protection Features > SureConnect. In the details pane, click Parameters. In the Configure SureConnect Parameters window, browse and select the VSR filename.
- Navigate to Traffic Management > Load Balancing > Services. In the details pane, click Add. In the Create Services window, enter the paramter values as shown in Table 5-1, and click OK.
- Navigate to Traffic Management > Load Balancing > Virtual servers. In the details pane, click Add. In the Create Virtual Server (Load Balancing) dialog box, enter the values shown in Table 5.1 for the Load Balancing Virtual Server parameters and click OK.
- In the navigation pane, navigate to Traffic Management > Load Balancing > Virtual servers. Select the virtual server vs-NSact and click Open in the details pane. The Configure Virtual system (Load Balancing) dialog box, displays the list of configured services. Select services psvc1 and psvc2 and click OK.
- In the navigation pane, expand Security > Protection Features > SureConnect. In the details pane, click Add. Create the policy with the values as given in the parameters table.
- In the navigation pane, navigate to Traffic Management > Load Balancing > Virtual servers. Select the virtual server vs-NSact and click Open in the details pane. In the Configure Virtual system (Load Balancing) dialog box, click the Policies tab. Click » to expand the features. Select SureConnect. When the list of SureConnect polices appear, select policyNS and click OK.
- In the navigation pane, navigate to Traffic Management > Load Balancing > Virtual servers. Select the virtual server vs-NSact and click Open in the details pane. In the Configure Virtual system (Load Balancing) dialog box, on the Advanced tab, select SC and click OK.
Configure the SureConnect policies
You can configure the following SureConnect policies. The Citrix ADC appliance matches incoming requests in the order the policies are configured:
- Exact URL-based policies
- Wildcard rule-based policies
Configure exact URL based policies
When you configure an exact URL based policy, the Citrix ADC appliance matches the incoming request against the URL that has been configured in the policy. URL based policies take precedence over rule based policies.
Configure an exact URL based policy by using the CLI
At the command prompt, type:
add sc policy <name> [-url <URL> | -rule <expression>] [ -delay <usecs>] [ -maxConn <positive_integer>] [ -action (ACS <altContentSvcName> <altContentPath>) | NS | NOACTION)]
<!--NeedCopy-->
Configure an exact URL based policy by using the GUI
- Navigate to Security > Protection Features > SureConnect.
- In the details pane, click Add.
- In the Create SureConnect Policy dialog box, set the following parameters:
- Name*
- URL (Make sure that the URL check box is selected)
- Value*
- Delay (microseconds)*
- Maximum Client Connections
- Action (Select from the Choose Action list.)
- Alternate Service Name (if you select ACS as the Action)
- Alternate Content Path (if you select ACS as the Action) *A required parameter
- Click Create, and click Close. The URL based policy appears in the right pane, and a message displays in the status bar that the policy is successfully configured.
Configure wildcard rule-based policies
SureConnect matches the incoming requests to a defined rule, if you configure a rule-based policy.
Configure a SureConnect policy based on a wildcard rule by using the CLI
-
Create the expression(s).
Use the add expression command to create each expression.
-
Create the rule(s).
Use the add sc policy command with the -rule expression_logic argument to specify the rule(s). In the -rule expression_logic argument, refer to the expression(s) you created in step 1.
Repeat this command to create and name each rule.
The following example creates a rule “rule = = /*.cgi”:
add vserver vs-lb http 1.1.1.1 80
add expression expr1 url == /cgi-bin/*.cgi
add expression expr2 url == /index.html
add sc policy surecpolicy1 -rule (expr1||expr2) -delay 1000000 -action NS
bind lb vserver vs-lb -policyName surecpolicy1
<!--NeedCopy-->
To complete the SureConnect configuration, you will need to enter additional commands, beyond those shown in the example.
Configure a wildcard rule-based policy by using the GUI
- Navigate to Security > Protection Features > SureConnect.
- In the details pane, click Add.
- In the Create SureConnect Policy dialog box, in the Name text box, type the name of the policy.
- Under What to Monitor, click Expression, and then click Configure.
- In the Create Expression dialog box, click Add.
- In the Add Expression dialog box, enter an expression. For example, you can select an Expression Type of General, a Flow Type of REQ, a Protocol of HTTP, a Qualifier of URLQUERY, an Operator of CONTAINS, and in the Value text box, type AA. For more information about expressions, see “Policies and Expressions.”
- Click OK, and click Close.
- In the Create Expression dialog box, click Create.
Examples of wildcard rules:
“/sports/*” matches all URLs under /sports
“/sports*” matches all URLs whose prefix matches “/sports”, starting at the beginning of the URL.
“/*.jsp” matches all URLs whose file extension is “jsp”
When configuring rule-based policies, first add the more specific rule-based policies, before adding more generic rules (for example, add /cgi-bin/sports.cgi before adding /cgi-bin/.cgi).
Display the configured SureConnect policy
To view the SureConnect policy that you have configured, at the Citrix ADC command prompt, enter the show sc policy command.
Customize the alternate content file
When SureConnect activates, it can display alternate content from one of the following files that you have configured:
- progressbar.htm. Displays the progress information.
- alternatepage.htm. Displays an alternate page.
- barandpage.htm. Displays both the progress information and an alternate page.
The alternate content files are JavaScript files. During SureConnect installation, these files are copied onto the server that contains the alternate content. These files can contain alternate content (including an alternate page) or references to other files that contain the alternate content.
This section describes the changes you can make to the alternate content file provided by the appliance.
//**** DEFINE YOUR VALUES HERE ****
var alt_url = "/netscaler system /sample.gif";
var alt_url = "http://www.DomainName.com";
var netscaler system _logo = "netscaler_logo.gif";
var our_logo = "netscaler_logo.gif";
var height = 450;
var width = 550;
var top = 200;
var left = 200;
var popunder = "no"; //specify yes for pop-under & no for pop-up
var shift_focus = "yes" //if you want to send pop-up to background on getting primary content else specify no
//**** YOUR DEFINITIONS ENDS HERE ****
<!--NeedCopy-->
You can make these changes:
-
var alt_url. Specify the URL for the alternate content if a file provides the alternate content. For example:
var alt_url = “/netscaler system/sports.htm” <!--NeedCopy-->Note: The alternate content file must be present in the /netscaler system directory under the documents root of the Web server.
-
var our_logo. Specify the image file of your organization logo.
-
var height. Specify the height of the SureConnect window.
-
var width. Specify the width of the SureConnect window.
-
var top and var left. Specify the position of the SureConnect window.
-
var popunder. Specifies the position of the alternate content window. Specify the value as NO to place the alternate content window above the original window. Specify the value as YES to place the alternate content window beneath the original window.
-
var shift_focus. Specify the focus of the alternate content window. YES places the pop-up window in the background when getting the primary content. NO always keeps the pop-up window in focus, even when getting the primary content.
Note: For more information, see the README.txt file provided by the appliance with other alternate content files.
Configure SureConnect for Citrix ADC features
This section describes how SureConnect works in combination with the load balancing, content switching, cache redirection, and high availability features of the Citrix ADC appliance.
Configure SureConnect for load balancing
You can use SureConnect in environments where the primary servers use the load balancing feature, with or without alternate servers. If the load balancing virtual server configured for SureConnect fails, the backup virtual server (if there is one) handles the traffic. Backup virtual servers do not support SureConnect policies.
Note: For information about load balancing, see Load Balancing.
Configure SureConnect for cache redirection
You can use SureConnect in environments where cache redirection is configured. The primary server is a load balancing virtual server bound to the cache redirection virtual server. Regardless of any rules configured for the cache redirection feature:
- You can configure any URL for SureConnect.
- Once SureConnect is activated for a client, requests from the client are always sent to the origin server.
Configure SureConnect for high availability
SureConnect is compatible with Citrix ADC appliances operating in high availability mode.
Note: If the optional vsr.htm file is used, it must be present in both nodes (primary and secondary) and must use the same name and directory.
Share
Share
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.