hands-on lab exercise guidedocs.citrixvirtualclassroom.com/events/syn2015/syn-603.pdfhands-on lab...
TRANSCRIPT
Hands-on Lab Exercise Guide SYN603 Disaster Recovery strategy for XenMobile 10 using NetScaler is now simpler than ever!
Albert Alvarez and Abhijit Dange May 2015
1 |
Contents
Contents ..................................................................................................................................... 1
Overview ..................................................................................................................................... 2 Hands-on Training Module ........................................................................................................................2 Lab Environment Details ............................................................................................................................2 Lab Guide Conventions ..............................................................................................................................3 List of Virtual Machines Used ....................................................................................................................4 Required Lab Credentials ...........................................................................................................................4 How to Log into the Lab Environment .......................................................................................................5 Scenario .....................................................................................................................................................7
Exercise 1 .................................................................................................................................... 9 Initial Configuration of the XenMobile 10 Server Cluster .........................................................................9 Test ......................................................................................................................................................... 18 Exercise Summary ................................................................................................................................... 19
Exercise 2 .................................................................................................................................. 20 XenMobile Server Getting Started Wizard ............................................................................................. 20 Test ......................................................................................................................................................... 34 Exercise Summary ................................................................................................................................... 35
Exercise 3 .................................................................................................................................. 36 Enable SQL’s Always On for XM 10 ......................................................................................................... 36 Exercise Summary ................................................................................................................................... 44
Exercise 4 .................................................................................................................................. 45 Configure NetScaler Gateway for Enterprise Store ................................................................................ 45 Exercise Summary ................................................................................................................................... 77
Exercise 5 .................................................................................................................................. 78 Configuring Disaster Recovery for XenMobile with NetScaler GSLB ...................................................... 78 Exercise Summary ................................................................................................................................. 107
About Citrix ............................................................................................................................. 107
2 |
Overview
Hands-on Training Module
Objective
This training will provide hands-on experience with the following:
Initial configuration of XenMobile Server 10.0 including Clustering
Integrating XenMobile Server with NetScaler to load balance MDM SSL traffic and allow access to the corporate network using NetScaler Gateway mVPN
Prerequisites
Basic understanding of Web/SaaS/Mobile apps.
Previous XenMobile products knowledge.
Familiarity with navigating the NetScaler Configuration Utility.
Basic understanding of http/https communication.
Understanding of networking concepts (IE: IP addressing and communication including DNS and GSLB).
Audience
Citrix Partners, Customers, Sales Engineers, & Consultants
Lab Environment Details
The lab environment for the exercises to come contains the following:
External access to common services (HTTP, SSL, SMTP, RDP, SSH, DNS)
to simulate a real production environment
Active Directory namespace
Pre-configured enterprise applications (AD\MSSQL)
XenMobile Enterprise components (XenMobile Server, NetScaler Gateway)
3 |
The Student Desktop is accessed remotely using Citrix Receiver running on your laptop. All windows
applications such as XenCenter, (the XenServer GUI management tool), are accessed from the
Student Desktop.
When you get into the XenCenter management interface for the first time, you will see the following
set of available servers.
Lab Guide Conventions
This symbol indicates particular attention must be paid to this step
Special note to offer advice or background information
reboot Text the student enters or an item they select is printed like this
VMDemo Filename mentioned in text or lines added to files during editing
Start Bold text indicates reference to a button or object
Focuses attention on a particular part of the screen (R:255 G:20 B:147)
Shows where to click or select an item on a screen shot (R:255 G:102 B:0)
4 |
List of Virtual Machines Used
VM Name IP Address Description / OS
Site1-AD.training.lab 192.168.10.11 Primary Site (Site1) Active Directory Services and
DNS.
Site2-AD.training.lab 192.168.20.11 DR Site (Site2) Active Directory Services and DNS.
Site1-XenMobile
Server
192.168.10.20
XenMobile Server 10.0. Students will perform the
initial/basic XenMobile Server and configure apps,
policies, and delivery groups.
Site2-XenMobile
Server 192.168.20.20
Clone of XMS for DR Site, which the students will
create as part of this exercise.
Site1-Netscaler
NSIP=192.168.10.50
SNIP=192.168.10.51
ADNS=192.168.10.52
NS10.5 Students will perform steps to integrate
NetScaler GSLB\LB XenMobile Server.
Site2-Netscaler
NSIP=192.168.20.50
SNIP=192.168.20.51
ADNS=192.168.20.52
NS10.5 Students will perform steps to integrate
NetScaler GSLB\LB XenMobile Server.
Site1-NSG
NSIP=192.168.10.55
SNIP=192.168.10.56
Netscaler Gateway for mVPN at Site1. Students will
have to go through some guided wizards to
configure this.
Site2-NSG
NSIP=192.168.20.55
SNIP=192.168.20.56
Netscaler Gateway for mVPN at Site2. Students will
have to go through some guided wizards to
configure this.
Site1-SQLServer
192.168.10.12
Windows Server 2012 Standard with
SQL Server installed at Site1.
Site2-SQLServer 192.168.10.21 Windows Server 2012 Standard with
SQL Server installed at Site2.
Required Lab Credentials
The credentials required to connect to the environment and complete the lab exercises.
VM Name Username Password Description
Win81Client administrator Citrix123 Domain admin
NS1,NS2,NSg1,NSG nsroot nsroot NetScaler admin
AD.training.lab administrator Citrix123 Domain admin
SQL sa account Training\Administrator Citrix123 SQL sa
Client Test Device Training\test Citrix123 user
5 |
How to Log into the Lab Environment
Follow the directions below to access the lab environment.
Step 1: Access the training portal
Launch your web browser and go to the training portal URL address provided by your instructor (e.g
https://iltevents.citrixvirtualclassroom.com)
Step 2: Provide Session Code
On the website, enter your Session Code and Business Email, Note the session will be associated to
your email, session Code will be provided by the Instructor. After some time, the lab will be
provisioned – maybe this takes a minute or so.
Step 3: Launch the Receiver Session
After logged in, click Launch to begin the session you will need Citrix receiver
installed in your PC.
6 |
Click Launch Lab.
Step 4: Go to Student Desktop
7 |
Step 5: Launch XenCenter and access the lab
Launch XenCenter, connect to the XenServer (192.168.10.5) and login with the credentilas
credentials provided on the landing page.
Begin the Lab…
Scenario You have been hired as a consultant to deploy a XenMobile 10 Enterprise Edition for Tex, Inc. in
order to provide management of devices along with access to internal applications and data resources
from any mobile device. The customer requires a disaster recovery solution to the DR standby site
8 |
with minimal configuration and user impact. Your task is to use the guidelines outlined below to
implement a solution that meets the business needs.
9 |
Exercise 1
Initial Configuration of the XenMobile 10 Server Cluster
Overview
Configuring the XenMobile Server is a two-part process. The initial configuration is done at the console of the server by configuring the new password, network settings (IP address, subnet mask, default gateway), database location, and external FQDN. Once this is done, you will connect to the Administration Console from a web browser to configure the basic configuration via the Start-up Wizard. In this lab, you will perform the initial configuration at the console of the XenMobile 10 server.
Step by step guidance
Estimated time to complete this lab: 30 minutes.
Step Action
1. Within XenCenter, select the Site1-XenMobile Server virtual machine and click the
Console tab. Power on the VM if needed. You will notice that the XenMobile Server is
(in First Time Use mode).
Configure the following:
New Password Citrix123
Re-enter new password Citrix123
10 |
Step Action
2. Configure the following settings:
IP Address 192.168.10.20
Netmask 255.255.255.0
Default gateway 192.168.10.1
Primary DNS server 192.168.10.11
Secondary DNS server [optional] Leave blank and hit Enter
Hit Enter to commit the settings.
3. The network settings are applied. Hit Enter to accept the default [y] to generate a random
password to secure server data.
4. You are given the option to enable FIPS mode. Press [n] and Hit
5. Next we will configure the database.
You will be asked what remote Database you will be connecting to, type [mi] for Microsoft
SQL, say “n” for using SSL and hit Enter
11 |
Step Action
6. Configure the database with the following settings:
Server XML.training.lab
Port Hit Enter to accept the default [1433]
Username training\administrator
Password Citrix123
Database name Hit Enter to accept the default [DB_service]
XML.training.lab is the virtual IP which is shared in the Always On Availability
Group.
Hit Enter to accept the default [y] to commit the settings.
7. You are prompted to enable clustering. Enter [y] and hit the Enter key.
8. You are prompted for the XenMobile hostname.
Enter enroll.mycitrixtraining.net and hit the Enter key.
Note: because we are using GSLB therefore you will use the domain FQDN. Example Only: enroll.mycitrixtraining.net
12 |
Step Action
9. Hit Enter to accept the default [y] to commit the settings.
10. Configure the following communication ports (Port listeners):
HTTP [80]
HTTPS with certificate authentication [443]
HTTPS with no certificate authentication [8443]
HTTPS for management [4443]
Hit Enter to accept the default [y] to commit the settings.
13 |
Step Action
11. You are asked to use the same password for all certificates of the PKI.
Hit Enter to accept the default [y].
Configure the following:
New Password: Citrix123
Re-enter new password: Citrix123
Hit Enter to accept the default [y] to commit the settings
12. You are prompted to configure the XenMobile (WEB Portal) console administrator
account.
Configure the account as follows:
Username: [administrator] not
need to change - hit
enter to keep
username as
administrator
Password: Citrix123
Re-enter new password: Citrix123
Hit Enter to accept the default [y] to commit the settings.
Note: This configuration is for all the Public Key Infrastructure (PKI) certificates. This step creates the device manager’s certificate authorities. This are stored in the DB. If you intend to cluster XenMobile Server nodes, if clone process is not used you will need to provide identical passwords for subsequent nodes.
14 |
Step Action
13. You are asked if this is an upgrade from a previous release.
Hit Enter to accept the default [n]. The initial system configuration is complete.
Make a note of the URL given to complete the setup process.
15 |
14. Go to Chrome browser on the student desktop and try that specific URL.
Get past the certificate error by first clicking on “Advanced” then clicking on “Proceed to
192.168.10.20 (unsafe).
16 |
Step Action
This shows that your XenMobile server Site1-XenMobile Server is up and running. Don’t
try authenticating yet. That will be in the next exercise.
15. First Shutdown Site1-XenMobile Server
Right click on Site1-XenMobile Server the click “Copy VM..”
“Make sure that VM Site1-XenMobile Server is powered off before starting the close
server”
17 |
16. After completing the VM copy process, rename the new VM to Site2-XenMobile Server. Power
on the new created Site2-XenMobile Server, while Site1-XenMobile Server is still powered off.
This may take a minute or so.
Log in as, go to [0] Configration Menu, then select option [1] Changed IP address
Username admin
Password Citrix123
Under configuration > enter [0] > then [1] to change the network settings enter [y] to proceed
Enter “y” to proceed.
Configure the new VM to use this network settings IP Address (as below) IP address 192.168.20.20
Netmask 255.255.255.0
Default Gateway 192.168.20.1
Primary DNS
Secondary DNS
192.168.20.11
192.168.10.11
Enter “y” to restart the system to apply changes. (you will need to completely power off
the VM to change the Virtual Network before continuing )
Power off the new created XMS VM
Go to properties and rename to Site2-XenMobile Server.
Under Networking change the new created XMS to use the Remote Network,under networking properties > select Remote
18 |
17.
Now that both the XenMobile Server have different IP Addresses you can now start the Site1-
XenMobile Server and Site2-XenMobile Server by right clicking on the VMs from XenCenter.
Test
Now repeat the test in step 14 but this time go to https://192.168.20.20:4443. Again, no need to
authenticate, the login challenge page is good enough indication that you have completed this
exercise well.
19 |
Exercise Summary
In this exercise, the student performed the initial configuration of the XenMobile Server. During the
first time use, you configured the XenMobile Server networking information, FQDN, DNS Server,
connection to a remote SQL database using the MSFT SQL Always On Listener. In addition a second
server was added.
20 |
Exercise 2
XenMobile Server Getting Started Wizard
Overview
In this exercise we will go through the XenMobile Server Getting Started wizard, in order to complete
server configuration, licensing, remote access, auth, configure categories, applications, policies, and
delivery groups. The applications and policies will be assigned to the delivery groups.
Step by step guidance
Estimated time to complete this lab: 20 minutes.
Step Action
1. From the student desktop Browser “Chrome” navigate to the XMS URL
https://192.168.10.20:4443.
21 |
Step Action
2. Launch Internet Explorer and browse to Site1-XenMobileServer
https://192.168.10.20:4443
Click Continue to this website to accept the certificate error.
Login with the following credentials:
Username administrator
Password Citrix123
Click Sign in.
The Get Started page is displayed. Click Start to begin the configuration wizard.
22 |
Step Action
3. The Initial Configuration window is displayed. Configure XMS UI components
Configure Licensing server to > Remote License >
licenses.citrixvirtualclassroom.com
Click on “Test Connection” – this will take a few seconds but it should show success and should populate the license information as shown in the screen shot.
Leave the “Expiration Notification” as “Off”
Click Next
4. On the SSL Certificate page, click Import.
5. Configure the following settings:
23 |
Step Action
APNs certificate has been previously created and available for this lab. Follow these steps:
Import Keystore
Keystore type PKCS#12
Use as APNs
Keystore file APNS.pfx (Browse to \\Ad\Software\Files)
Password Citrix123
Description APNS
The host AD might challenge you for credentials – use training\administrator and Citrix123.
Locate the file APNs.pfx. Password is Citrix123.
Click Import.
24 |
Step Action
A confirmation window pops up.
Click OK. Note Changes don’t apply until server reboot.
25 |
Step Action
6. Click Import.
Configure the following settings: SSL Listener is the Server FQDN Certificate
Import Keystore
Keystore type PKCS#12
Use as SSL Listener
Keystore file MCTWildcard.pfx (Browse to \\Ad\Software\Files)
Password Citrix123
Description SSL Listener
Click Import.
26 |
Step Action
7. You receive a prompt “changes won’t apply until all server nodes are rebooted”
Click OK.
8. The APNs, Server, Root and SSL Listener certificates are displayed.
Click Next.
27 |
Step Action
9. Configuring SSL NSG access in XMS for remote access.
Click Next.
You are prompted to configure NetScaler Gateway. “note that we will be using GSLB for
this lab, so the FQDN will be the GSLB domain FQDN”
Configure the following settings:
Name NSG
Alias GSLB NSG
External URL https://nsg.mycitrixtraining.net
Logon Type Domain only
Password Required On
Click Next.
Note: we are using GSLB, the NSG settings will use the GSLB domain FQDN “NSG.mycitrixtraining.net”
Example Only: 198-11-223-11.mycitrixtraining.net
28 |
Step Action
10. The LDAP Configuration page is displayed.
Configure the following settings:
Primary Server
Secondary
Server
192.168.10.11
192.168.20.11
Port 389 (Default)
Domain name training.lab
User base DN dc=training,dc=lab (auto-filled in)
Group base DN dc=training,dc=lab (auto-filled in)
User ID: [email protected]
Password Citrix123
Domain alias training.lab
Use search by sAMAccountName
Click Next.
11. Click Next to skip the Notification Server configuration. We will not configure the
Notification Server for this exercise.
29 |
Step Action
12. Click Finish on the Summary page.
13. The initial configuration is complete. Click Start Managing Apps and Devices.
14. In order to get a better understanding of the behavior when moving connections from the
Primary site to the DR site we will configure a basic application. Note that this lab will not
cover application or policies configuration in deployment.
1. Navigate to the Configure Tab on the XMS management console > Apps > Click Add.
30 |
Step Action
15. Select MDX from the Add App Menu
16. Select the Platform e.g. IOS > Provide name “WorxMail” leave all the other settings s
default and continue.
31 |
Step Action
17. Browse to \\AD\Files using trainining\administrator credentials and select the
WorxMail.MDX file > Upload .mdx file
Complete the WorkFlow (no Workflow) and MDX configuration with the default
settings.and select “AllUsers”
“we will not be testing application functionability on this lab”
18.
Click “Save”.
32 |
Step Action
19. Please create a URL for example www.yahoo.com - as follows:
Click on “Web Link”.
Again choose All Users just like before.
33 |
Step Action
20. Enable PIN auth and password caching. Configure> Settings > More > Client Properties >
change the values of ENABLE_PASSCODE_AUTH and
ENABLE_PASSWORD_CAHCING to true.
34 |
Step Action
21. In XenCenter, select the XenMobile Servers virtual machines. Click Reboot to reboot
both the servers - Site1-XenMobile Server and Site2-XenMobile Server.
Click Yes on the popup window to reboot the vm.
Reboot is required to apply the changes. Wait until both the XMS servers are back up
before continuing with the next exercise.
Test
Ensure that both VMs start okay, go to https://192.168.10.20:4443 and https://192.168.20.20:443 in
Chrome side by side and compare the configuration in the two. All the configuration should be
identical.
35 |
Exercise Summary
The Getting Started wizard takes you through configuring licensing, certificates, NetScaler Gateway
& LDAP settings for the XenMobile Server. Created a basic MDX application for testing.
36 |
Exercise 3
Enable SQL’s Always On for XM 10
MSFT SQL Always On provides high availability at the instance level. We will leverage this feature to provide seamless Database connections to the XenMobile servers in case of a failure.
For more information, see Always On Failover Cluster Instances (SQL Server).
Step by step guidance
Estimated time to complete this lab: 30 minutes.
Step Action
1. From the XenCenter console connect to the Site1-SQL Server console and log in as
Username: Training\Admin
2. Launch SQL Server Management Studio (Green Icon on the screen below) from the Start Menu
Server Type Database Engine
Server Name SQLSERVER
Authentication Windows Authentication
User Name TRAINING\administrator (auto-filled in and
greyed out)
Password
37 |
Step Action
Click Connect
3. Use the Connect > Object Explore to add the second SQL DB
SQLSERVER2
38 |
Step Action
4. Before Starting the exercise take a look at the AO configuration “this was pre-configured for the
lab”
5. Under “SQLSERVER” expand the Databases > select DB_service > right click > Task > Back
Up. Click OK to complete Back Up.
39 |
Step Action
40 |
Step Action
6. After completing the Backup > navigate to Always On High Availability > Availability Groups >
Availability Database > Add Database. The Wizard will take you through the steps.
Click Next
At this point if a Database Back up was not previously created, the Wizard will indicate that
prerequisites arent met.
41 |
Step Action
Click Next
7. Next we get to “Select Data Synchronization”. By selecting Full, the database data will be place
in a shared location and the replica server will be added to the availability group.
Browse to \\ISCSI\share and click ok.
Click Next
42 |
Step Action
8. The Wizard will require a connection to the SQLSERVER2 in order to replicate the files.
Username: Training\Administrator
Password: Citrix123
Connect and Click Next to continue.
9.
Click Next and Finish.
43 |
Step Action
10. Wizard Completion report.
Close
11.
12. Navigate to Always On High Availability > Availability Groups > Availability Replicas and confirm
that both SQL servers are showing.
Note: you can now see the DB restoring in the SQLSERVER2 “this may take a couple of minutes”
44 |
Step Action
Test: shut down one of them and second one becomes replica. [AD]
Exercise Summary
You have now configured MSFT SQL Always On High Available Database for XenMobile 10 Server.
45 |
Exercise 4
Configure NetScaler Gateway for Enterprise Store
Overview
In this exercise you will use the XenMobile Get Started wizard within the NetScaler Configuration
Utility to configure NetScaler Gateway for an Enterprise Store. The wizard will create the virtual
server, load balancing virtual server, policies, and profiles necessary to connect to the enterprise
store from the XenMobile Server. This will be created in both NSG Site1 and Site 2
“NOTE that we are separating the NSG from the LB/GSLB function in to 2 Netscalers per site.
Step by step guidance
Estimated time to complete this lab: 20 minutes.
Step Action
1. 1.1.
Create Site 1 Netscaler Gateway in IE, open another tab and navigate to Site1-NSG
http://192.168.10.55 and login with the following credentials:
Username nsroot
Password nsroot
46 |
Step Action
2. In the NetScaler Gateway Configuration Utility, scroll down to the Integrate with Citrix
Products section and click XenMobile.
33
2. 3.
Scroll down to the bottom of the window and click Continue.
Click Continue.
47 |
Step Action
1. 52AO
Create and Configure the NSG Virtual Server the following settings:
IP Address 192.168.10.53
Port 443
Virtual Server Name XenMobileGateway
Click Continue.
48 |
Step Action
2. The Wildcard certificate is selected by default.
Click Continue.
“Note that the Cert Chain” is complete (goes all the way to CA root).
49 |
Step Action
3. Configure the following Authentication Settings:
IP Address 192.168.10.11
Port 389
Base DN dc=training,dc=lab
Service account [email protected]
Password Citrix123
Confirm Password Citrix123
Server Logon Name Attribute sAMAccountName
Click Continue.
Note: A best practice is to use a service account for the Base DN. However, for this lab environment and exercise, we are using the administrator account.
50 |
Step Action
4. Configure the following MAM Controller FQDN, LB VIP Address and Port No., select
HTTPs communication to XenMobile Server and click Continue:
Load Balancing for MAM
FQDN enroll.mycitrixtraining.net
LoadBalancing virtual IP 192.168.10.35
Port 8443
Note: Your using the same FQDN set on the XMS server “enroll.mycitrixtraining.net”
51 |
Step Action
5. Select the wildcard certificate for the load balancer SSL communication and click
Continue.
Continue
52 |
Step Action
6. Add the XenMobile Server to the load balancer and click Continue.
53 |
Step Configure XDM Load Balancing
Now from the Browser Navigate to Site1-Netscaler https://192.168.10.50 Site1-Netscaler
Use the following information:
Username
Password
nsroot
nsroot
NSG IP
MDM IP 192.168.10.101
XMS Server 192.168.10.20
AD Auth 192.168.10.11
7. Launch the XenMobile Wizard for XenMobile 10
54 |
8. Select Load Balance XenMobile Server option. The default LB option is SSL Forward
(SSL Bridge)
Click Continue.
9. The recommended LB option is HTTPS Communication (SSL Bridge) SSL Offload is
also supported.
Select HTTPS and Continue.
10. Configure the MDM LB Assigned IP Address
Enter 192.168.10.101 and continue.
55 |
56 |
11. Add Server on this Netscaler we will only add the Site1 XenMobile Server
192.168.10.20
Click Add and enter the XMS IP address for Site 1: 192.168.10.20
12.
57 |
Click Continue and Done
13. Add an additional Load Balancing > Virtual Server > for the NSG connection >
Add
58 |
14. Create the LB Virtual Server
Name: NSG1_Bridge
Protocol: SSL_Bridge
IP Adress: 192.168.10.100
Port: 443
15. The SSL Bridge LB VIP will point to the previously created NSG1
Click on “No” to add the IP address of the NSG1 192.168.10.53
59 |
16. Click the + Sign to add the NSG Service
Enter
Service Name = NSG1_svc
IP Address = 192.168.10.53
Protocol = SSl_Bridge
Port = 443
60 |
Click Ok
61 |
17. Click Add Binding
Click on the Arrow > to display available Services
Select NSG1_Svc by checking the box
Click OK
18. This Added 192.168.10.53 and Bind to the NSG1_Bridge LB VIP
Validate that the VIP is Green “UP”
62 |
19.
20. For an easy test you can Navigate to https://192.168.10.100 and log in using
Username: Administrator
Password Citrix123
Since Receiver for Web is no longer available in XM10 you should get a HTTP Status 404 – Not
Found error
21. In the next step you will configure Site_2 Netscaler Gateway and MDM Load Balancing
63 |
22. Navigate to Netscaler Gateway 2 at http://192.168.20.55 Log in:
Username: nsroot
Password: nsroot
In the NetScaler Gateway Configuration Utility, scroll down to the Integrate with Citrix
Products section and click XenMobile.
23. Scroll down to the bottom of the window and click Continue.
64 |
24. Configure the following settings:
IP Address 192.168.20.53
Port 443
Virtual Server Name XenMobileGateway
Click Continue.
65 |
25. The Wildcard certificate is selected by default
Click Continue
“Note that the Cert Chain” is complete (goes all the way to CA root).
66 |
26. Configure the following Authentication Settings:
IP Address 192.168.20.11
Port 389
Base DN dc=training,dc=lab
Service account [email protected]
Password Citrix123
Confirm Password Citrix123
Server Logon Name Attribute sAMAccountName
Click Continue
27. Configure the following MAM Controller FQDN, LB VIP Address and Port No., select
HTTPs communication to XenMobile Server and click Continue:
67 |
Load Balancing for MAM
FQDN
enroll.mycitrixtrain
ing.net
LoadBalancing virtual IP 192.168.20.35
Port 8443
Select the wildcard certificate for the load balancer SSL communication and click
Continue.
Note: Your using the same FQDN set on the XMS server “enroll.mycitrixtraining.lab”
68 |
Continue
28. Add the XenMobile Server to the load balancer and click Continue.
Add XMS Server 192.168.20.20
69 |
29. Configure Site 2 Netscaler MDM Load Balancing. Navigate to http://192.168.20.50 (
Site 2_N)
log in using:
Username = nsroot
Password = nsroot
Launch the XenMobile Wizard, select XenMobile 10 from the dropdown
70 |
30. Select Load Balance XenMobile Server option. The default LB option is SSL Forward
(SSL Bridge)
Click Continue.
31. The recommended LB option is HTTPS Communication (SSL Bridge) SSL Offload is
also supported.
Select HTTPS and Continue.
71 |
32. Configure the MDM LB Assigned IP Address
Enter 192.168.20.101 and continue.
Click Continue
72 |
33. Add Server on this Netscaler we will only add the Site1 XenMobile Server
192.168.20.20
Click Add Server and enter the XMS IP address for Site 1: 192.168.20.20
73 |
34.
Click Continue and Done
35. Add an additional Load Balancing > Virtual Server > for the NSG connection >
Add
36. Create the LB Virtual Server
Name: NSG1_Bridge
Protocol: SSL_Bridge
P Adress: 192.168.20.100
Port: 443
74 |
Click Ok
37. The SSl Bridge LB VIP will need to point to the previously created NSG2 VIP
Click on “No” to create a service for NSG2 using IP 192.168.20.53
75 |
38. Create the Service using
Service Name = NSG2_svc
IP Address = 192.168.20.53
Protocol = SSL_Bridge
Port = 443
Click Ok
76 |
39. Click Add Binding
Click on the Arrow > to display available Services
Select NSG1_Svc by checking the box
Click OK
77 |
40. This Added 192.168.10.53 and Bind to the NSG2_Bridge LB VIP
Validate that the VIP is Green “UP”
Exercise Summary
In this exercise, you used the wizard to configure NetScaler Gateway and XMS Load Balancing to
connect to an enterprise store and device enrollment. The wizard created the virtual servers as well
as the authentication and session policies. The wizard is designed to simplify configuration for the
administrator so that manual configuration of the policies is avoided.
78 |
Exercise 5
Configuring Disaster Recovery for XenMobile with NetScaler GSLB
Overview
In this exercise configure an Authoritative DNS service, A Primary site and DR Site, and the related services required to enable Global Server Load Balancing for XenMobile.
Step-by-Step guidance
Estimated time to complete this lab: 45 minutes. NOTE that this exercise is done in Site 1 and Site2.
Step Action
1. 1.1.
From Internet Explorer navigate to to Site1-NS1
http://192.168.10.50 Log in nsroot Password nsroot
2. In the NetScaler Administration UI Navigate to Load Balancing > Services and click
“Add”
79 |
Step Action
3. Create an ADNS service for the Primary site used to resolve client queries by entering
the following details: note that ADNS Service enables Netscaler to respond to DNS
queries..
Act as a DNS Server….
Service Name: svc_ADNS_Site1
Server: 192.168.10.52
Protocol: ADNS
Port: 53
Click “ok”
4. Navigate to Traffic Management > GSLB > Sites and click “Add…” to create a GSLB Site for the Primary site with the following details:
Name: site_1
Site Type: LOCAL
Site IP Address: 192.168.10.51
Leave the rest of the fields as default. Click “Create” but don’t close the dialog
80 |
Step Action
5. Clear the previous entries and enter the following details to create the DR GSLB Site on Site1-NS1:
Name: site_2
Site Type: REMOTE
Site IP Address: 192.168.20.51
Click “Create”.
This site’s MEP status will show as DOWN until the site is also configured on the remote NetScaler.
81 |
Step Action
6. Create the GSLB services click Add
7.
Create MDM_8443_Primary GSLB Service
Service Name: MDM_8443_Primary
Site Name: site_1
Site Type: Local
Service Type:SSL_Bridge
Virtual Server XM_LB_XenMobileMDM_8443
Server IP: 192.168.10.101
82 |
Step Action
Public IP: use your student External IP #2
Public Port 8443
Click Ok, then Done
8. Configure MDM_443_Primary GSLB Primary Site Services
83 |
Step Action
Service Name:MDM_443_Primary
Site Name: site_1
Site Type: Local
Service Type:SSL_Bridge
Virtual Server XM_LB_XenMobileMDDM_443
Server IP: 192.168.10.101
Public IP: use your student External IP #2
Public Port 443
9. Configure NSG_Primary _Primary_svc GSLB Service
Service Name: NSG_443_Primary
Site Name: site_1
Site Type: Local
Service Type:SSL_Bridge
84 |
Step Action
Virtual Server NSG1_Bridge
Server IP: 192.168.10.100
Public IP: use your student External IP #1
Public Port 443
Ng vg
10. Configure the Site 2 services in Site 1 as Remote services,
85 |
Step Action
There are similar services in Site 2.
11. Configure the GSLB Site 1 Primary Virtual Servers and GSLB Domains
Virtual Servers > Add to create the enroll GSLB vServer
86 |
Step Action
Click OK
12.
Once the GSLB server is created Add Service and Domains by clicking the + icon
87 |
Step Action
13.
14. Click Select to bind the MDM Services
Bind
Select the “Primary” MDM 8443 and 443 GSLB Services
88 |
Step Action
Click ok to Bind
15. Next Configure GSLB Domain
Click on N
Enter “enroll.mycitrixtraining.net” for the enrollment GSLB Domain
Click Bind and Done
16.
Add a Second GSLB Virtual Server for NSG
Name:NSG
DNS Record Type:A
Service Type:SSL Bridge
89 |
Step Action
Click Ok
Bind NSG_Primary Service
Add domain “nsg.mycitrixtraining.net”
90 |
Step Action
Click Bind and Done
Create now the DR “Backup” GSLB Services
Create 2 More GSLB Virtual Servers (these two are Enroll_DR and NSG_DR)
We will bind this to the Site2 GSLB Services
91 |
Step Action
This will be use for back up of the Primary Enroll GSLB vServer
As Enroll_DR and NSG_DR are backups to their respective Enroll and NSG virtual servers, they don’t need domain definition.
17. Configure enroll GSLB Virtual Server Back UP from the Enroll GSLB Virtual Server properites.
Click Done
18. Create NSG Back Up GSLB Virtual Server
92 |
Step Action
Bind to NSG_DR
Click Close
Note: no Domain Binding is needed as GSLB will assign the domain
19. Configure Virtual Server BackUp for NSG Virtual Server
From the NSG Virtual Server properties , select the NSG_DR GSLB Virtual Server as a backup
Configure the DR Site “Site 2” Navigate to http://192.168.20.50
Log in using
Username: nsroot
93 |
Step Action
Password: nsroot
20. From GSLB > Sites Create Site2 as Local and Site1 as Remote
Add new Site
Create Local Site: Site_2
Type: Local
Site IP Address: 192.168.20.51
94 |
Step Action
Create Site “Remote” Site: Site_1
Type: Remote
Site IP Address: 192.168.10.51
Click Create
Create aDNS Service on DR Site2 Netscaler
On Site2-Netscaler Traffic Management . Load Balancing > Services
Create LB Service for ADNS
95 |
Step Action
ADNS_DR_svc
IP Address: 192.168.20.52
Protocol ADNS
Port 53
Click Ok
Create Site2-Netscaler Services. Basically you will do the same as in Site1 but using a different set of IP address. Using the GSLB concept. In this case Site is Local.
Site2 Create the Local GSLB Services
Navigate to Traffic Management > GSLB > Services
Add
96 |
Step Action
Create 3 GSLB Services as showen below
Note you will be using the referenced External IP# from the sutudents portal.
97 |
98 |
Step Action
Click Ok
21. Now using the same process create 3 more services with the parameters below.
This will point to Site_1.
“Site 2 DR monitors the Site 1 resources and only uses his local if site 1 is down..
99 |
100 |
Step Action
Click Ok
22. Configure the GSLB Site 2 DR Virtual Servers and GSLB Domains
Virtual Servers > Add to create the enroll GSLB vServer
101 |
Step Action
23. Once the GSLB server is created Add Service and Domains by clicking the + icon
102 |
Step Action
24.
25. Click Select to bind the MDM Services
Click Bind
103 |
Step Action
26.
Click Ok
27. Next Configure GSLB Domain
Click on N
Enter “enroll.mycitrixtraining.net” for the enrollment GSLB Domain
104 |
Step Action
28.
29. Add a Second GSLB Virtual Server for NSG
Name:NSG
DNS Record Type:A
Service Type:SSL Bridge
Click Ok
105 |
Step Action
30. Bind GSLB Service
NSG.mycitrixtraining.net Select Bind NSG_Primary
106 |
Step Action
31.
Click Bind and Done
32. You can now test GSLB, Connect your Device to the Wifi Synergy2015 and change the DNS to point to the External IP#1 and External IP#3
IOS Example:
You can now turn off Services in the Primary Netscaler and See GSLB working.
Users will need to Authenticate when Switching Sites.
Please Note that we are manually making this changes based in Lab limitations. In the realworld you will make the Netscaler a SOA for the domain GSLB Zone and the public DNS will handle the request and send it to the Netscalers.
107 |
Step Action
Navigate to the device Wifi Menu connect to Synergy AP and edit DNS to use your Netscaler as the DNS server.
IOS Android
33. The End
Exercise Summary
In this exercise, you have verified the enrollment of a mobile device in your lab. The device is
confirmed and operating in MDM and MAM mode. The device is able to receive notifications, either
through APNS or scheduling. Common policies such as password policies were enforced.
About Citrix Citrix (NASDAQ:CTXS) is a cloud company that enables mobile workstyles—empowering people to
work and collaborate from anywhere, securely accessing apps and data on any of the latest devices,
as easily as they would in their own office. Citrix solutions help IT and service providers build clouds,
108 |
leveraging virtualization and networking technologies to deliver high-performance, elastic and cost-
effective cloud services. With market-leading cloud solutions for mobility, desktop virtualization,
networking, cloud platforms, collaboration and data sharing, Citrix helps organizations of all sizes
achieve the speed and agility necessary to succeed in a mobile and dynamic world. Citrix products
are in use at more than 330,000 organizations and by over 100 million users globally. Annual revenue
in 2012 was $2.59 billion. Learn more at http://www.citrix.com.