Application Delivery Management

Authentication

Users can be authenticated either internally by NetScaler Console, externally by an authenticating server, or both. If local authentication is used, the user must be in the NetScaler Console security database. If the user is authenticated externally, the user “external name” must match the external user identity registered with the authenticating server, depending on the selected authentication protocol.

NetScaler Console supports external authentication by RADIUS, LDAP, and TACACS servers. This unified support provides a common interface to authenticate and authorize all the local and external Authentication, Authorization, and Accounting server users who are accessing the system. NetScaler Console can authenticate users regardless of the actual protocols they use to communicate with the system. When a user attempts to access a NetScaler Console implementation that is configured for external authentication, the requested application server sends the user name and password to the RADIUS, LDAP, or TACACS server for authentication. If the authentication is successful, the user is granted access to NetScaler Console.

External authentication servers

NetScaler Console sends all authentication, authorization, and auditing service requests to the remote RADIUS, LDAP, or TACACS server. The remote authentication, authorization, and auditing server receive the request, validates the request, and sends a response to NetScaler Console. When configured to use a remote RADIUS, TACACS, or LDAP server for authentication, NetScaler Console becomes a RADIUS, TACACS, or LDAP client. In any of these configurations, authentication records are stored in the remote host server database. The account name, assigned permissions, and time-accounting records are also stored on the authentication, authorization, and auditing server for each user.

Also, you can use the internal database of NetScaler Console to authenticate users locally. You create entries in the database for users and their passwords and default roles. You can also select the authentication order for specific types of authentication. The list of servers in a server group is an ordered list. The first server in the list is always used unless it is unavailable, in which case the next server in the list is used. You can configure servers to include the internal database as a fallback authentication backup to the configured list of authentication, authorization, and auditing servers.

Authenticate users in NetScaler Console

You can authenticate your users in NetScaler Console in two ways:

  • Local users configured in NetScaler Console

    Authentication local users

    After configuration, the following is the workflow for user authentication in the local server.

    Authentication local users

    1 – The user logs on to NetScaler Console

    2 – NetScaler Console prompts the users for credentials for authentication and checks if the credentials match in the NetScaler Console database.

  • Using external authentication servers

    Authentication external users

    After configuration, the following is the workflow for user authentication in the external authentication, authorization, and auditing server:

    Authentication external users

    1 – The user connects with NetScaler Console

    2 – NetScaler Console prompts the user for credentials

    3 – NetScaler Console validates the user credentials with the external authentication, authorization, and auditing server. If the validation is successful, the user can continue to log on

Authentication