-
Getting Started with NetScaler
-
Deploy a NetScaler VPX instance
-
Optimize NetScaler VPX performance on VMware ESX, Linux KVM, and Citrix Hypervisors
-
Apply NetScaler VPX configurations at the first boot of the NetScaler appliance in cloud
-
Configure simultaneous multithreading for NetScaler VPX on public clouds
-
Install a NetScaler VPX instance on Microsoft Hyper-V servers
-
Install a NetScaler VPX instance on Linux-KVM platform
-
Prerequisites for installing NetScaler VPX virtual appliances on Linux-KVM platform
-
Provisioning the NetScaler virtual appliance by using OpenStack
-
Provisioning the NetScaler virtual appliance by using the Virtual Machine Manager
-
Configuring NetScaler virtual appliances to use SR-IOV network interface
-
Configure a NetScaler VPX on KVM hypervisor to use Intel QAT for SSL acceleration in SR-IOV mode
-
Configuring NetScaler virtual appliances to use PCI Passthrough network interface
-
Provisioning the NetScaler virtual appliance by using the virsh Program
-
Provisioning the NetScaler virtual appliance with SR-IOV on OpenStack
-
Configuring a NetScaler VPX instance on KVM to use OVS DPDK-Based host interfaces
-
-
Deploy a NetScaler VPX instance on AWS
-
Deploy a VPX high-availability pair with elastic IP addresses across different AWS zones
-
Deploy a VPX high-availability pair with private IP addresses across different AWS zones
-
Protect AWS API Gateway using the NetScaler Web Application Firewall
-
Configure a NetScaler VPX instance to use SR-IOV network interface
-
Configure a NetScaler VPX instance to use Enhanced Networking with AWS ENA
-
Deploy a NetScaler VPX instance on Microsoft Azure
-
Network architecture for NetScaler VPX instances on Microsoft Azure
-
Configure multiple IP addresses for a NetScaler VPX standalone instance
-
Configure a high-availability setup with multiple IP addresses and NICs
-
Configure a high-availability setup with multiple IP addresses and NICs by using PowerShell commands
-
Deploy a NetScaler high-availability pair on Azure with ALB in the floating IP-disabled mode
-
Configure a NetScaler VPX instance to use Azure accelerated networking
-
Configure HA-INC nodes by using the NetScaler high availability template with Azure ILB
-
Configure a high-availability setup with Azure external and internal load balancers simultaneously
-
Configure a NetScaler VPX standalone instance on Azure VMware solution
-
Configure a NetScaler VPX high availability setup on Azure VMware solution
-
Configure address pools (IIP) for a NetScaler Gateway appliance
-
Deploy a NetScaler VPX instance on Google Cloud Platform
-
Deploy a VPX high-availability pair on Google Cloud Platform
-
Deploy a VPX high-availability pair with external static IP address on Google Cloud Platform
-
Deploy a single NIC VPX high-availability pair with private IP address on Google Cloud Platform
-
Deploy a VPX high-availability pair with private IP addresses on Google Cloud Platform
-
Install a NetScaler VPX instance on Google Cloud VMware Engine
-
-
Solutions for Telecom Service Providers
-
Load Balance Control-Plane Traffic that is based on Diameter, SIP, and SMPP Protocols
-
Provide Subscriber Load Distribution Using GSLB Across Core-Networks of a Telecom Service Provider
-
Authentication, authorization, and auditing application traffic
-
Basic components of authentication, authorization, and auditing configuration
-
Web Application Firewall protection for VPN virtual servers and authentication virtual servers
-
On-premises NetScaler Gateway as an identity provider to Citrix Cloud
-
Authentication, authorization, and auditing configuration for commonly used protocols
-
Troubleshoot authentication and authorization related issues
-
-
-
-
-
-
Configure DNS resource records
-
Configure NetScaler as a non-validating security aware stub-resolver
-
Jumbo frames support for DNS to handle responses of large sizes
-
Caching of EDNS0 client subnet data when the NetScaler appliance is in proxy mode
-
Use case - configure the automatic DNSSEC key management feature
-
Use Case - configure the automatic DNSSEC key management on GSLB deployment
-
-
-
Persistence and persistent connections
-
Advanced load balancing settings
-
Gradually stepping up the load on a new service with virtual server–level slow start
-
Protect applications on protected servers against traffic surges
-
Retrieve location details from user IP address using geolocation database
-
Use source IP address of the client when connecting to the server
-
Use client source IP address for backend communication in a v4-v6 load balancing configuration
-
Set a limit on number of requests per connection to the server
-
Configure automatic state transition based on percentage health of bound services
-
-
Use case 2: Configure rule based persistence based on a name-value pair in a TCP byte stream
-
Use case 3: Configure load balancing in direct server return mode
-
Use case 6: Configure load balancing in DSR mode for IPv6 networks by using the TOS field
-
Use case 7: Configure load balancing in DSR mode by using IP Over IP
-
Use case 10: Load balancing of intrusion detection system servers
-
Use case 11: Isolating network traffic using listen policies
-
Use case 12: Configure Citrix Virtual Desktops for load balancing
-
Use case 13: Configure Citrix Virtual Apps and Desktops for load balancing
-
Use case 14: ShareFile wizard for load balancing Citrix ShareFile
-
Use case 15: Configure layer 4 load balancing on the NetScaler appliance
-
-
-
-
-
Authentication and authorization for System Users
-
-
-
Configuring a CloudBridge Connector Tunnel between two Datacenters
-
Configuring CloudBridge Connector between Datacenter and AWS Cloud
-
Configuring a CloudBridge Connector Tunnel Between a Datacenter and Azure Cloud
-
Configuring CloudBridge Connector Tunnel between Datacenter and SoftLayer Enterprise Cloud
-
Configuring a CloudBridge Connector Tunnel Between a NetScaler Appliance and Cisco IOS Device
-
CloudBridge Connector Tunnel Diagnostics and Troubleshooting
-
-
Synchronizing Configuration Files in a High Availability Setup
-
Restricting High-Availability Synchronization Traffic to a VLAN
-
Managing High Availability Heartbeat Messages on a NetScaler Appliance
-
Remove and Replace a NetScaler in a High Availability Setup
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Remove and Replace a NetScaler in a High Availability Setup
This topic helps you to address RMA replacements. Also, this topic has instructions on how to backup configurations, upgrade or downgrade shipped software version, and setup of RPC password on ADC.
Points to Consider
The following configurations are not synchronized or propagated in a high availability configuration in INC (Independent Network Configuration) or non-INC mode:
- All node specific HA configuration commands. For example, add ha node, set ha node, and bind ha node.
- All Interface related configuration commands. For example, set interface and unset interface.
- All channel related configuration commands. For example, add channel, set channel, and bind channel.
- All Interface HA Monitoring configuration commands.
The following configurations are not synced nor propagated in an HA configuration in INC mode (Independent Network Configuration):
- SNIPs
- VLANs
- Routes (except LLB routes)
- Route monitors
- RNAT rules (except any RNAT rule with VIP as the NAT IP)
- Dynamic routing configurations
Instructions
Complete the following steps to replace a NetScaler in high availability setup:
- Remove an Active NetScaler secondary node
- Configure Replacement secondary node
- Verify and Update the Software Build on Replacement ADC
- Set Password on New secondary to Match primary
- Add Licenses to Replacement ADC
- Creating HA Pair between primary and New secondary node
Remove an Active Secondary Node
-
Log on to both ADCs and run the following command to confirm which node is primary and which node is secondary:
show ha node <!--NeedCopy-->
-
Log on to the primary ADC, backup the configurations on the primary node, and copy the files off of the ADC prior to the changes. These files are located under “/var /ns_sys_backup/” directory.
The steps are as follows:
-
Save the ADC running configurations to memory:
save ns config <!--NeedCopy-->
-
Create the full backup file package:
create system backup -level full <!--NeedCopy-->
-
Create the basic backup file package:
create system backup -level basic <!--NeedCopy-->
-
-
After all backup files have been generated, be sure to copy them off of the device before proceeding.
From a windows terminal, open a Command Prompt and copy the backup files off of the ADC and onto your local hard drive. This can be done using the following command:
pscp <username>@<NSIP>:<Target file source> <Target file destination> <!--NeedCopy-->
Example:
pscp nsroot@10.125.245.78:/var/ns_sys_backup/backup_basic_10.125.245.78_2016_09_14_15_08.tgz c:\nsbackup\backup_basic_10.125.245.78_2016_09_14_15_08.tgz <!--NeedCopy-->
When prompted, enter the password for the specified administrator account, then hit Enter. Repeat these steps until all backup bundles are copied to the local PC before proceeding.
-
SSH into the secondary ADC, and set the unit to the “STAYSECONDARY” status. This will force the unit to not attempt to assume the primary role in the event of a detected failure during the swap. Confirm that you are connected to the secondary ADC before executing this step
set ha node –haStatus <state> set ha node –haStatus STAYSECONDARY <!--NeedCopy-->
-
Once the secondary ADC’s Node State successfully displays STAYSECONDARY, switch to the primary ADC and delete the secondary node and run the following command:
save ns config <!--NeedCopy-->
While logged into the primary ADC, run the following commands
-
Run the following command to identify which numerical value represents the secondary HA node:
show ha node <!--NeedCopy-->
-
Run the following command to remove the secondary ADC from the primary HA pair;
rm ha node <node ID> <!--NeedCopy-->
-
Run the following command to save the configuration:
save ns config <!--NeedCopy-->
-
With the secondary ADC now removed, shutdown, disconnect, and remove the secondary ADC from the network.
Note. Be sure to label all connections before disconnecting.
-
Configure Replacement Secondary Node
-
With the replacement ADC in place, power up the new device. DO NOT CONNECT the network connections at this point.
-
With boot-up complete, use the console port to connect to the ADC and configure the NSIP that you will use to connect to the unit.
-
When prompted, select 4.
Note. In this example, we are using a different NSIP for the replacement ADC. If you wish to use the original secondary unit’s IP, You may change it on the replacement before binding the new ADC to the primary HA unit.
-
The ADC should now be booted. Now connect the network interface that will be used for Management traffic, and confirm that the IP address is reachable from your network.
Verify and Update the Software Build on Replacement ADC
Before syncing the new unit to the primary ADC, we need to ensure that both ADCs are running the same build.
-
To verify the version on ADC run the following command:
show version <!--NeedCopy-->
-
While on the new secondary ADC, create a subfolder in /var to be used for the upgrade.
-
Go to NetScaler downloads and download the appropriate package that matches the build version running on the primary ADC.
-
Download and extract the .tgz file:
tar -xvzf "file.tgz" <!--NeedCopy-->
-
Copy the extracted files to the secondary ADC. On your windows terminal, open a “Command Prompt” and navigate to the directory containing the extracted .tgz build package and run the following pscp command:
pscp <Target file source> <username>@<NSIP>:<Target file destination> <!--NeedCopy-->
Example:
C:\inetpub>pscp c:\inetpub\build-12.1-47.14_nc.tgz nsroot@10.20.245.80:/var/NS_upg_12.1_47.14/build-12.1-47.14_nc.tgz <!--NeedCopy-->
-
After the file has been transferred, return to the secondary ADC and upgrade. For detailed instructions, see Upgrading a Citrix ADX Standalone Appliance.
-
Once the new secondary has rebooted, SSH back into the unit and confirm that the upgrade is successful and the build matches that of the primary.
Set Password on Replacement Secondary Node to Match Primary
Note: If at this point you want to change the management IP (NSIP) address of the new secondary ADC, you may do so before moving forward.
Change the password on the new secondary ADC to match the password that is currently on the primary ADC.
-
Make that the default administrator (nsroot) account password is the same as the primary ADC. This is accomplished using the following command while logged in through SSH into the new secondary unit:
set system user <user> <password> <!--NeedCopy-->
This command set/resets the password for the specified user.
-
SSH into the primary and new secondary ADC and confirm that passwords match.
Add Licenses to Replacement Secondary Node
With the new ADC updated and ready for pairing, download and install the appropriate licensing for the replacement node.
-
Navigate to https://www.citrix.com to request and download licenses for the new replacement unit.
-
Once you have all appropriate licenses downloaded, SSH into the new secondary ADC and type the following command to see the current state of licensing:
show license <!--NeedCopy-->
-
From the Windows terminal command prompt you must now upload the license files to the new secondary ADC using the following command:
Note. If you have multiple licenses, repeat this step until all licenses are uploaded.
pscp <Target file source> <username>@<NSIP>:<Target file destination> <!--NeedCopy-->
Example:
C:\inetpub>pscp c:\inetpub\NS-VPX-3K-LIC-020030ad0024.lic nsroot@10.125.245.80:/nsconfig/license/NS-VPX-3K-LIC-020030ad0024.lic <!--NeedCopy-->
-
SSH into the new secondary ADC and perform a warm reboot using the following command:
reboot –w <!--NeedCopy-->
After the unit is restarted, SSH into the unit and run show license command once again. At this point, the licenses should be applied.
Set up High Availability between primary and New Secondary Node
At this point, we are now ready to join the NetScaler units into a high availability pair. For more information, see Configuring high availability.
Share
Share
In this article
- Points to Consider
- Instructions
- Remove an Active Secondary Node
- Configure Replacement Secondary Node
- Verify and Update the Software Build on Replacement ADC
- Set Password on Replacement Secondary Node to Match Primary
- Add Licenses to Replacement Secondary Node
- Set up High Availability between primary and New Secondary Node
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.