Automating Your NetScaler 11.1 vServer Config Using NetScaler Management and Analytics System

Automating Your NetScaler 11.1 vServer Config Using NetScaler Management and Analytics System

Automating Your NetScaler 11.1 vServer Config Using NetScaler Management and Analytics System

This post has already been read 11206 times!

With the release of NetScaler 11.1 and NetScaler Management and Analytics System (NMAS) into beta at Citrix Synergy I have started to look at what we can achieve from the new versions of the NetScaler firmware and the NMAS appliance.

One of the features of NMAS that I think is really good is the Configuration Jobs.  This will allow you to automate tasks on a single NetScaler or a group of NetScalers and better still it will let you put variables into the script and gather user input prior to running the job.  This will allow you to generalize the script and run it on multiple instances!

In this article I will walk you through creating a Configuration job to build a StoreFront vServer running on port 443 and an http to https redirect server to ensure that traffic is always secure.

Before we start you need to ensure that your internal Root CA and StoreFront Certificates are pre-installed on the NetScaler

Pre Installed SSL Certificates

13 - certificates installed

No existing Virtual Servers

14 - no current vservers

So, once you have deployed and run the initial config on your NMAS appliance head over to the log in screen and log into the management interface

If you want help deploying NMAS for the first time check my post here

http://bretty.me.uk/netscaler-11-1-management-and-analytics-system-initial-setup-guide/

01 - log into nmas

Navigate to Instances on the Infrastructure tab and ensure you have an instance linked and showing as green.

02 - instance to run job on

Further down the list click on Configuration Jobs and then click Create Job

03 - configuration jobs

When prompted enter the following commands.  There is a slight bug in the interface where by you cannot copy and paste the entire script into the window as it will not split the lines out.

Cope each line into a new SSH command as shown below

NOTE:  You will notice the variables in $dollars$ – make sure to paste these into the script window and we will re-define them later

add server web.$domain-name$ $web-server-ip$
add server storefront.$domain-name$ $storefront-vip-ip$
add server localhost.$domain-name$ 127.0.0.1
add service svc.always.up localhost.$domain-netbios$.local HTTP 80 -gslb NONE -maxClient 0 -maxReq 0 -cip ENABLED cip-header -usip YES -useproxyport YES -sp OFF -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add serviceGroup svc.grp.$domain-netbios$.storefront.443 SSL -maxClient 0 -maxReq 0 -cip ENABLED X-Forwarded-For -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add lb vserver vsvr.$domain-netbios$.storefront.443 SSL $storefront-vip-ip$ 443 -persistenceType NONE -cltTimeout 180
add lb vserver vsvr.$domain-netbios$.storefront.80 HTTP $storefront-vip-ip$ 80 -persistenceType NONE -cltTimeout 180
add responder action responder.act.http.to.https redirect "\"https://\" + HTTP.REQ.HOSTNAME.HTTP_URL_SAFE + HTTP.REQ.URL.PATH_AND_QUERY.HTTP_URL_SAFE" -responseStatusCode 302
add responder policy responder.pol.http.to.https HTTP.REQ.IS_VALID responder.act.http.to.https RESET
bind lb vserver vsvr.$domain-netbios$.storefront.80 svc.always.up
bind lb vserver vsvr.$domain-netbios$.storefront.443 svc.grp.$domain-netbios$.storefront.443
bind lb vserver vsvr.$domain-netbios$.storefront.80 -policyName responder.pol.http.to.https -priority 100 -gotoPriorityExpression END -type REQUEST
add lb monitor $domain-netbios$.storefront.secure STOREFRONT -scriptName nssf.pl -dispatcherIP 127.0.0.1 -dispatcherPort 3013 -LRTM DISABLED -secure YES -storename $storefront-store-name$
add lb monitor $domain-netbios$.localhost PING -LRTM DISABLED -destIP 127.0.0.1
bind service svc.always.up -monitorName $domain-netbios$.localhost
bind serviceGroup svc.grp.$domain-netbios$.storefront.443 web.$domain-name$ 443
bind serviceGroup svc.grp.$domain-netbios$.storefront.443 -monitorName $domain-netbios$.storefront.secure
bind ssl vserver vsvr.$domain-netbios$.storefront.443 -certkeyName $ssl-cert$
bind ssl vserver vsvr.$domain-netbios$.storefront.443 -certkeyName $root-cert$ -CA -ocspCheck Optional
bind ssl vserver vsvr.$domain-netbios$.storefront -eccCurveName P_256
bind ssl vserver vsvr.$domain-netbios$.storefront -eccCurveName P_384
bind ssl vserver vsvr.$domain-netbios$.storefront -eccCurveName P_224
bind ssl vserver vsvr.$domain-netbios$.storefront -eccCurveName P_521

04 - add ssh commands

Once the script is pasted we need to define the variables – highlight the first variable

05 - highlight text

hover over the variable with your mouse and click Convert To Variable

06 - convert to variable

When the variable is converted double click it to define the details for the variable.

07 - fill out variable info

In Display Name enter the text you want to show the user as a prompt

08 - storefront server ip

Go though each variable in the script until its all complete

09 - updated variables

Once done click the Save as Configuration Template

10 - save as template

Give the template a name and click on Save

11 - save details

You will notice that the Configuration Job is now available as a default template.  You can drag and drop this into the script windows for future deployments

12 - template saved

Give your new job a name

15 - give job a name

Select the NetScaler instance you want to run the job on

16 - add instance

You will be prompted for values for all the variables you have defined in the script

17 - blank variables

Fill the variables out

18 - fill out variables

Click next, review the detail then run the job

19 - review and complete

You will see the status of the job running

20 - job running

Once complete you will see the Completed Status in the jobs window

21 - job complete

If we switch back to our NetScaler you will see that the Virtual Servers have been created

22 - vservers up

If you check the vServer for port 80 you will notice that it has a responder policy to redirect traffic to port 443

23 - responder policy

That’s it, I have to say that I think this is a very powerful part of the NMAS appliance and cant wait to get more and more of my NetScaler build into it.

Hope this helps you out

Laters,

b@m

3 thoughts on “Automating Your NetScaler 11.1 vServer Config Using NetScaler Management and Analytics System

  1. Saadallah Chebaro

    Just starting playing with NMAS. By all means your 2 articles are spot on. Waiting for more …

    Thanks :) .

  2. Pingback: NetScaler Management and Analytics System – Carl Stalhood

  3. Gabriel Marmolejos

    Thanks for this information.

    I would like to know if it’s possible to create a job that assign a variable multiple names in every execution, for example if i want to have an automatically backup task and in its names changes constantly.

Leave a Reply

Your email address will not be published. Required fields are marked *