How to Configure a Citrix NetScaler Gateway on Microsoft Azure

How to Configure a Citrix NetScaler Gateway on Microsoft Azure

How to Configure a Citrix NetScaler Gateway on Microsoft Azure

This post has already been read 6438 times!

In my previous post I wrote about deploying Citrix NetScaler in Microsoft Azure and how to get the instance up and running ready for configuration. I am not going to run you through the process if the initial configuration of the Citrix NetScaler as there are numerous posts on doing that already available out there. What I will walk you through is setting up a NetScaler Gateway in Azure to access your cloud based Windows Apps and Desktops.

First navigate to the CloudApp url with the end point you defined when deploying the NetScaler and log in with your admin credentials (also defined during deployment)

myWPEdit Image

You will notice that I do not have a Subnet IP configured as part of the build. The reason for this is that the NetScaler will run in Single IP Mode so in this simple example all my traffic will be transmitted over the NetScaler IP NSIP. I have uploaded a license file (Enterprise Edition VPX) and set up the DNS Servers as required.

myWPEdit Image

For the purpose of this I have pre-build the following in Microsoft Azure:

  • Domain Controller – Hosting DNS and Certificate Services
  • License Server – Citrix Licence and RDS License Server
  • StoreFront Server – Running X1 Tech Preview
  • Controller – Citrix Brokering Services
  • App Server – Windows 2012 XenDesktop 7.6 Server

Click on Continue. This will take you to the base configuration page.

First thing you will need to do is enable the SSL Service and upload a valid certificate. Normally you would buy a certificate from a valid reseller and upload it to your NetScaler – however, in this case I am going to generate a test certificate from the NetScaler itself.

Navigate to Traffic Management and SSL and click generate a Self Signed Server Test Certificate

myWPEdit Image

Enter the details of your CloudApp URL in Azure and click OK.

myWPEdit Image

Add a connection to your LDAP Directory. Navigate to System, Authentication and LDAP. Click on Add.

myWPEdit Image

Give the Authentication Policy a name and click the + next to add server

myWPEdit Image

Fill out the LDAP connection details and click create. From the Saved Policy Expressions list select ns_true and click on create.

myWPEdit Image

You can now add your NetScaler Gateway Virtual Server. Navigate to Netscaler Gateway / Virtual Server and Select Add.

Give the gateway a name and enter the IP Address for the gateway. NOTE: Put in the SAME IP Address as the NSIP (NetScaler IP) for the NetScaler AND change the port from 443 to something else. You will use the endpoint rules to redirect traffic to the virtual server. This is configured in the Azure Portal.

myWPEdit Image

Click to select your certificate from the list of uploaded certs.

myWPEdit Image

Click Add Authentication Binding and select your LDAP Profile you created earlier.

myWPEdit Image

Click continue then done twice. You should now see your virtual server listed and shown as online.

myWPEdit Image

You can now add the normal policies to your NetScaler for access to your Windows Apps and Desktops from any devices, and also update your StoreFront Server to allow access from your new NetScaler.

Once you have configured all this you should be able to sign in and access your Apps. However – you cannot get to the gateway. To resolve this you need to add a new endpoint on Microsoft Azure to forward traffic to your NetScaler.

Navigate to https://portal.azure.com and log in with your Microsoft Credentials.

Click on Browse and select Virtual Machines. Then select your NetScaler from the listed machines.

Click on Settings, then Endpoints.

myWPEdit Image

Click on Add and enter 443 for the public port and forward it to the internal port you defined when building your NetScaler.

myWPEdit Image

Click on OK and wait for the end point to be created.

Once done you should be able to navigate to your CloudApp URL on port 443 and log into your NetScaler Gateway and access all your Windows Apps and Desktops.

myWPEdit Image

Taking this further I would create a DNS record on your own domain and point this to your CloudApp IP. This way it would be seamless to your user base.

Hope this helps some of you out.

Laters,

b@m

2 thoughts on “How to Configure a Citrix NetScaler Gateway on Microsoft Azure

  1. Meraj

    Hi B@M,

    Thanks , informational post ..

    One question i do not see any end point in the settings of Netscaler .

    Any idea why i would`nt have .. am running a trial version .

    Regards ,

    Mubs

    1. Bretty Post author

      Hi there

      The endpoints are a Microsoft Azure thing and not a Citrix NetScaler thing. You will need to create an endpoint in your Azure subscription to port forward port 443 to the internal port your NetScaler is running on in your Subscription (e.g 7443)
      Thanks,
      Dave

Leave a Reply

Your email address will not be published. Required fields are marked *