XML Services & Citrix Director together behind a NetScaler

by
image_pdfimage_print

Hey NetScaler Fans

I’ve following scenario in my environment:
– two XenDesktop Controller on which is also Director installed
– one Loadbalancing (LB) vServer on a NetScaler, which connects to both server

The goal was:
– use the SSL LB vServer for XML-Requests between Storefront and Controller with the Hostname = xmlxd7.domain.pit
– us the same SSL LB vServer for the access to the Director Site with the Hostname = director.domain.pit
… sounds easy, but
– while accessing the hostname director.domain.pit, the NetScaler should redirect to the URL /Director, but UNDER NO CIRCUMSTANCES if the LB vServer receives a XML Request

So far so good, set up the load balancing is not so difficult:

add server pit-xd01 192.168.100.31
add server pit-xd02 192.168.100.32

add service svc-https-pit-xd-01 pit-xd01 SSL 443
add service svc-https-pit-xd-02 pit-xd01 SSL 443

add lb vserver lb-vsrv-PIT-XD-HTTPS SSL 192.168.100.30 443 -persistenceType SOURCEIP -timeout 1440

bind lb vserver lb-vsrv-PIT-XD-HTTPS svc-https-pit-01
bind lb vserver lb-vsrv-PIT-XD-HTTPS svc-https-pit-02

add ssl certKey lb-server-cert -cert lb-server.cert -key lb-server.key
add ssl certKey PIT-CA -cert PIT-CA.cer
link ssl certKey lb-server-cert PIT-CA 
bind ssl vserver lb-vsrv-PIT-XD-HTTPS -certkeyName lb-server-cert

You’ve to create two Host records within DNS for the new vServer:
xmlxd7.domain.pit = 192.168.100.30
director.domain.pit = 192.168.100.30

It’s comming the tricky part now – the redirection for the Director URL
The solution is a Responder Policy, which
– checks the hostname (starts it with director…?)
– checks, if the URL the value “director” not contains – regardless of the case sensitive
– redirects to /director, if the conditions above matches:

add responder action Resp_Act_to_Director redirect "\"/Director\"" -responseStatusCode 302

add responder policy Resp_Pol_to_Director "HTTP.REQ.HOSTNAME.STARTSWITH(\"director\") && HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(\"director\").NOT" Resp_Act_to_Director

bind lb vserver lb-vsrv-PIT-XD-HTTPS -policyName Resp_Pol_to_Director -priority 100 -gotoPriorityExpression END -type REQUEST

We the Responder Policy the goal is reached.

One last thing…
The attentive reader has detected, that the LB vServer for XML and Director listen to port 443 (HTTPS). This little thing is often missing while typing the Director address. For this you can redirect the unsecure traffic with a further LB vServer:

add lb vserver http_redirect-director.domain.pit HTTP 192.168.100.30 80 -redirectURL "https://director.software-online.ch"

Good luck with rebuild :-)

 

Script: NS-XMLandDirector

1 thought on “XML Services & Citrix Director together behind a NetScaler”

  1. Pingback: NetScaler Responder für Storefront | PIT – Power of IT

Comments are closed.