Deploy a NetScaler VPX instance on Microsoft Azure
When you deploy a NetScaler VPX instance on Microsoft Azure Resource Manager (ARM), you can use both of the following feature sets to achieve your business needs:
- Azure cloud computing capabilities
- NetScaler load balancing and traffic management features
You can deploy NetScaler VPX instances on ARM either as standalone instances or as high availability pairs in active-standby modes.
You can deploy a NetScaler VPX instance on the Microsoft Azure in two ways:
-
Through Azure Marketplace. The NetScaler VPX virtual appliance is available as an image in the Microsoft Azure Marketplace.
-
Using the NetScaler Azure Resource Manager (ARM) json template available on GitHub. For more information, see the GitHub repository for NetScaler solution templates.
The Microsoft Azure stack is an integrated platform of hardware and software that delivers the Microsoft Azure public cloud services in a local data center to let organizations construct hybrid clouds. You can now deploy the NetScaler VPX instances on the Microsoft Azure stack.
Note:
Azure restricts access to traffic originating from outside Azure and blocks them. To provide access, enable the service or port by adding an inbound rule in the network security group attached to the NIC of the VM to which a public IP address is attached. For more information, see Azure documentation about Inbound NAT rules.
Prerequisite
You need some prerequisite knowledge before deploying a NetScaler VPX instance on Azure.
-
Familiarity with Azure terminology and network details. For information, see Azure terminology.
-
Knowledge of a NetScaler appliance. For detailed information the NetScaler appliance, see NetScaler
-
Knowledge of NetScaler networking. See the Networking topic.
How a NetScaler VPX instance works on Azure
In an on-premises deployment, a NetScaler VPX instance requires at least three IP addresses:
- Management IP address, called NSIP address
- Subnet IP (SNIP) address for communicating with the server farm
- Virtual server IP (VIP) address for accepting client requests
For more information, see Network architecture for NetScaler VPX instances on Microsoft Azure.
Note:
NetScaler VPX instance supports both the Intel and AMD processors. VPX virtual appliances can be deployed on any instance type that has two or more virtualized cores and more than 2 GB memory. For more information on system requirements, see NetScaler VPX data sheet.
In an Azure deployment, you can provision a NetScaler VPX instance on Azure in three ways:
- Multi-NIC multi-IP architecture
- Single NIC multi-IP architecture
- Single NIC single IP
Depending on your needs, you can use any of these supported architecture types.
Multi-NIC multi-IP architecture
In this deployment type, you can have more than one network interfaces (NICs) attached to a VPX instance. Any NIC can have one or more IP configurations - static or dynamic public and private IP addresses assigned to it.
For more information, see the following use cases:
-
Configure a high-availability setup with multiple IP addresses and NICs
-
Configure a high-availability setup with multiple IP addresses and NICs by using PowerShell commands
Note:
To avoid MAC moves and interface mutes on Azure environments, we recommend you to create a VLAN per data interface (without tag) of NetScaler VPX instance and bind the primary IP of NIC in Azure. For more information, see CTX224626 article.
Single NIC multi-IP architecture
In this deployment type, one network interface (NIC) associated with multiple IP configurations - static or dynamic public and private IP addresses assigned to it. For more information, see the following use cases:
- Configure multiple IP addresses for a NetScaler VPX standalone instance
- Configure multiple IP addresses for a NetScaler VPX standalone instance by using PowerShell commands
Single NIC single IP
In this deployment type, one network interface (NIC) associated with a single IP address, which is used to perform the functions of NSIP, SNIP, and VIP.
For more information, see Configure a NetScaler VPX standalone instance.
Note:
The single IP mode is available only in Azure deployments. This mode isn’t available for a NetScaler VPX instance on your premises, on AWS, or in other types of deployment.
NetScaler VPX licensing
A NetScaler VPX instance on Azure requires a valid license. The licensing options available for NetScaler VPX instances running on Azure are:
-
Bring your own license (BYOL): To use the BYOL option, follow these steps:
- Use the licensing portal on the NetScaler website to generate a valid license.
- Upload the generated license to the instance.
-
NetScaler VPX Check-in and Check-out license: This licensing model allows you to check out a license from a pool of available licenses and check it back in when no longer needed. For more information and detailed instructions, see NetScaler VPX Check-in and Check-out License.
Note:
Subscription-based licensing is no longer supported for NetScaler VPX instances on Azure.
Do a warm restart before making any configuration changes on the NetScaler VPX instance to enable the correct NetScaler VPX license.
VPX performance and Recommended Azure instance types
For the desired VPX performance, the following Azure instance types are recommended.
| VPX performance
|
Azure instance types | ||
|---|---|---|---|
| VPX 1 NIC/2 NIC | VPX 3 NIC | VPX up to 8 NIC | |
| Up to 200 Mbps | Standard_D2s_v5 | Standard_D8s_v5 | Standard_D16_v5 |
| Up to 1 Gbps | Standard_D4s_v5 | Standard_D8s_v5 | Standard_D16_v5 |
| Up to 5 Gbps | Standard_D8ds_v5 | Standard_D8ds_v5 | Standard_D16_v5 |
| Up to 10 Gbps | Standard_D2_v5 | Standard_D8_v5 | Standard_D16_v5 |
Points to note
-
Azure supports VPX throughput up to 10 Gbps. For more information, see the NetScaler VPX Data Sheet.
-
To achieve optimal performance on NetScaler VPX instances with throughput over 1 Gbps, you must enable Azure accelerated networking. It is recommended to use an Azure instance type that supports accelerated networking for this purpose. For more information on configuring Accelerated networking, see Configure a NetScaler VPX instance to use Azure accelerated networking.
-
If you expect that you might have to shut down and temporarily deallocate the NetScaler VPX virtual machine at any time, assign a static Internal IP address while creating the virtual machine. If you do not assign a static internal IP address, Azure might assign the virtual machine a different IP address each time it restarts, and the virtual machine might become inaccessible.
-
For Citrix Virtual Apps and Desktops deployment, a VPN virtual server on a VPX instance can be configured in the following modes:
- Basic mode, where the
ICAOnlyVPN virtual server parameter is set to ON. The Basic mode works fully on an unlicensed NetScaler VPX instance. - SmartAccess mode, where the
ICAOnlyVPN virtual server parameter is set to OFF. The SmartAccess mode works for only five NetScaler AAA session users on an unlicensed NetScaler VPX instance.
Note:
To configure the SmartControl feature, you must apply a Premium license to the NetScaler VPX instance.
- Basic mode, where the
IPv6 support for NetScaler VPX instance in Azure
From release 13.1-21.x onwards, NetScaler VPX standalone instance supports IPv6 addresses in Azure. You can configure the IPv6 addresses as VIP and SNIP addresses on NetScaler VPX standalone instance in Azure cloud.
For information on how to enable IPv6 on Azure, see the following Azure documentation:
For information on how the NetScaler appliance supports IPv6, see Internet Protocol version 6.
IPv6 Limitations:
- IPv6 deployments in NetScaler currently do not support Azure backend autoscaling.
- IPv6 is not supported for NetScaler VPX HA deployment.
Limitations
Running the NetScaler VPX load-balancing solution on ARM imposes the following limitations:
-
The Azure architecture does not accommodate support for the following NetScaler features:
- Gratuitous ARP (GARP)
- L2 Mode
- Tagged VLAN
- Dynamic Routing
- virtual MAC
- USIP
- Clustering
-
When using a NetScaler VPX instance with a throughput exceeding 3 Gbps, the actual network throughput may not align with the throughput specified in the instance’s license. However, other features such as SSL throughput and SSL transactions per second might improve.
-
The deployment ID that is generated by Azure during virtual machine provisioning isn’t visible to the user in ARM. You can’t use the deployment ID to deploy NetScaler VPX appliance on ARM.