Posted by: Sulaiman Syed
2010, CAS, Citrix, Configure, hosted, how, HUB, Load Balancer, microsoft, NetScaler, OA, OWA, SSL Offload
In previous Entry I have shown how to import certificates, and do the re-write policy. Well, in this entry. I would like to add the the virtual Servers for OWA, then i would show the required settings to add the other applications (IMAP4, RPC, POP3, and OA).
As for the Load Balancing Method, Microsoft has its own recommendation, I would suggest to go with “Least Connection”, “Round Robin” is really not a good way, since one server can be loaded unequally by longer connection session. Persistence for OWP is Cookieinsert, while AS, OA is Source IP. Since our CAS is handling all the three applications, we used cookieInsert for all. Some users, mentioned issues with cookieinsert, and used Source IP. We would like to do our own testing before deciding with Persistence method to choose.
We start by creating virtual Server for OWA. Before adding anything, first we need to add the real servers. This will ease the process when we want to associate the service (ports) with the real servers. In the image below, click on add. Then just follow the procedure shown.
Figure 1: Servers Menu
Figure 2 : Adding Real Server
Once we have added the servers, it is best to add all the required servers running the various applications. It can be seen from above that we have added 3 CAS, 3 HUB servers. Since Citrix NetScaler is being used to load balance CAS and HUB only.
Now, Adding the service is next step. as seen in First Entry, we would like to create the services of the real server. Since we are creating OWA, HTTP with port 80 is the real service. click on Add as shown in the services Menu.
Figure 3 : Service Menu
Figure 4 : Adding Service
to Add the service, Write the name of your choice. Pick the real Server, Protocol, and Port number. Please note that you would need to do this for all the OWA application servers. In our case we have done 3 of them. Figure 3 shows that we created services for OWA, POP3, IMAP4 and RPC. Since, the RPC uses random port numbers. Use the following settings, Service name (add the name), Server (add real server), Protocol pick TCP, and port pick *.
Now, lets create the Virtual Server. Since we are going to offload SSL from real servers. The Virtual Server will run on port 443, with SSL certificate added and persistence enabled. Please click on Add at the Virtual Servers menu as shown below.
In figure 6, we are adding the virtual server by Naming it, Giving it Virtual IP address, Selecting Protocol SSL, and port number 443. We have selected the Services that we want to associate this Virtual IP with. Figure 7 shows that we have picked the Method of load balancing as Least Connection, while Persistence mode is cookiesinsert.
Figure 8 : Adding SSL Certificate to Virtual Server
Figure 8 shows that we have added the certificate we created earlier here. With this, configuration of the Load Balancer is done. Although there is one small detail that should be looked at. Since NetScaler will Send traffic from SSL to HTTP (from 443 to 80). The CAS server will reply with port 80 (HTTP). We would like to configure NetScaler to Intercept this traffic. So we create a virtual server for protocol HTTP, port 80, and we don’t associate any service with it. Figure 9 shows the configuration for the Return-OWA traffic.
Figure 9 : Virtual Server to Intercept Return Traffic
Figure 5 shows all the virtual servers that we have created for various applications running in the hosted Microsoft Exchange Server 2010. With this, we have finalized the configuration of NetScaler for the CAS. In our next Entry, i would Configure the Load Balancer for HUB.