Sunday, March 22, 2015

Citrix NetScaler configuration notes for Exchange 2013

So writing an improved Citrix NetScaler deployment guide for Exchange 2013 is on my to-do list for a long time now, and to be honest I don't think I'm able to dedicate the time needed for this project. So I'll leave my notes from a similar deployment I recently carried out in a lab environment.

Disclaimer: This is work in process and is not meant as a replacement for the Citrix documentation. Maybe someone can use this for another project or as an example of how to document the configuration of a NetScaler for load balancing Exchange 2013.

Part A: Create a CS Virtual Server

1. Content Switching Virtual Servers
add cs vserver vserver-cs-exchange-https SSL 443

Part B: Create a Load Balancing setup

2. Load Balancing Virtual Servers
add lb vserver vserver-lb-exchange-owa ssl 443
add lb vserver vserver-lb-exchange-ecp ssl 443
add lb vserver vserver-lb-exchange-ews ssl 443
add lb vserver vserver-lb-exchange-oab ssl 443
add lb vserver vserver-lb-exchange-rpc ssl 443
add lb vserver vserver-lb-exchange-eas ssl 443
add lb vserver vserver-lb-exchange-aut ssl 443

3. Service Groups
add servicegroup servicegroup-exchange-https SSL

4. Bind service to servicegroup
bind servicegroup servicegroup-exchange-https 443
bind servicegroup servicegroup-exchange-https 443

5. Bind Service Groups to LB Virtual Servers
bind lb vserver vserver-lb-exchange-owa servicegroup-exchange-https
bind lb vserver vserver-lb-exchange-ecp servicegroup-exchange-https
bind lb vserver vserver-lb-exchange-ews servicegroup-exchange-https
bind lb vserver vserver-lb-exchange-oab servicegroup-exchange-https
bind lb vserver vserver-lb-exchange-rpc servicegroup-exchange-https
bind lb vserver vserver-lb-exchange-eas servicegroup-exchange-https
bind lb vserver vserver-lb-exchange-aut servicegroup-exchange-https

6. Bind certificate and key to CS and LB Virtual Servers
bind ssl vserver vserver-cs-exchange-https -certkeyName wildcard
bind ssl vserver vserver-lb-exchange-owa -certkeyName wildcard
bind ssl vserver vserver-lb-exchange-ecp -certkeyName wildcard
bind ssl vserver vserver-lb-exchange-ews -certkeyName wildcard
bind ssl vserver vserver-lb-exchange-oab -certkeyName wildcard
bind ssl vserver vserver-lb-exchange-rpc -certkeyName wildcard
bind ssl vserver vserver-lb-exchange-eas -certkeyName wildcard
bind ssl vserver vserver-lb-exchange-aut -certkeyName wildcard

7. Monitors
add lb mon monitor-exchange-owa HTTP-ECV -interval 30 -secure YES -send "GET /owa/healthcheck.htm" -recv "200 OK"
add lb mon monitor-exchange-ecp HTTP-ECV -interval 30 -secure YES -send "GET /ecp/healthcheck.htm" -recv "200 OK"
add lb mon monitor-exchange-ews HTTP-ECV -interval 30 -secure YES -send "GET /ews/healthcheck.htm" -recv "200 OK"
add lb mon monitor-exchange-oab HTTP-ECV -interval 30 -secure YES -send "GET /oab/healthcheck.htm" -recv "200 OK"
add lb mon monitor-exchange-rpc HTTP-ECV -interval 30 -secure YES -send "GET /rpc/healthcheck.htm" -recv "200 OK"
add lb mon monitor-exchange-eas HTTP-ECV -interval 30 -secure YES -send "GET /microsoft-server-activesync/healthcheck.htm" -recv "200 OK"
add lb mon monitor-exchange-aut HTTP-ECV -interval 30 -secure YES -send "GET /autodiscover/healthcheck.htm" -recv "200 OK"

8. Bind monitor to Service Group
bind lb monitor monitor-exchange-owa servicegroup-exchange-https
bind lb monitor monitor-exchange-ecp servicegroup-exchange-https
bind lb monitor monitor-exchange-ews servicegroup-exchange-https
bind lb monitor monitor-exchange-oab servicegroup-exchange-https
bind lb monitor monitor-exchange-rpc servicegroup-exchange-https
bind lb monitor monitor-exchange-eas servicegroup-exchange-https
bind lb monitor monitor-exchange-aut servicegroup-exchange-https

9. Content Switching policies
add cs policy pol-exchange-owa -url "/owa/*"
add cs policy pol-exchange-ecp -url "/ecp/*"
add cs policy pol-exchange-ews -url "/ews/*"
add cs policy pol-exchange-oab -url "/oab/*"
add cs policy pol-exchange-rpc -url "/rpc/*"
add cs policy pol-exchange-eas -url "/microsoft-server-activesync/*"
add cs policy pol-exchange-aut -url "/autodiscover/*"

10. Bind CS policy to Virtual Server
bind cs vserver vserver-cs-exchange-https -lbvserver vserver-lb-exchange-owa
bind cs vserver vserver-cs-exchange-https vserver-lb-exchange-owa -policyName pol-exchange-owa
bind cs vserver vserver-cs-exchange-https vserver-lb-exchange-ecp -policyName pol-exchange-ecp
bind cs vserver vserver-cs-exchange-https vserver-lb-exchange-ews -policyName pol-exchange-ews
bind cs vserver vserver-cs-exchange-https vserver-lb-exchange-oab -policyName pol-exchange-oab
bind cs vserver vserver-cs-exchange-https vserver-lb-exchange-rpc -policyName pol-exchange-rpc
bind cs vserver vserver-cs-exchange-https vserver-lb-exchange-eas -policyName pol-exchange-eas
bind cs vserver vserver-cs-exchange-https vserver-lb-exchange-aut -policyName pol-exchange-aut


Todd said...

Thanks for this, Jetze. I look forward to seeing more.

Honestly, I hope I can use it as a replacement for the Citrix documentation. IMO, their doc on this is disjointed, incomplete and completely awful.

I am currently in the process of working on a document as well, but from the GUI perspective.

Thanks, again.

Alex said...
This comment has been removed by a blog administrator.
sandeep said...

Hi Jetze,

Great Post!

I am working on a similar deployment where everything is configured exactly like yours.

The only problem we are facing is with OAB file downloads. (It is not working at all)

Did you ever get into such scenario.

Any pointers troubleshoot further are greatly appreciated!