This post has already been read 9430 times!
In my previous post I wrote about deploying Citrix NetScaler in Microsoft Azure and how to get the instance up and running ready for configuration. I am not going to run you through the process if the initial configuration of the Citrix NetScaler as there are numerous posts on doing that already available out there. What I will walk you through is setting up a NetScaler Gateway in Azure to access your cloud based Windows Apps and Desktops.
First navigate to the CloudApp url with the end point you defined when deploying the NetScaler and log in with your admin credentials (also defined during deployment)
You will notice that I do not have a Subnet IP configured as part of the build. The reason for this is that the NetScaler will run in Single IP Mode so in this simple example all my traffic will be transmitted over the NetScaler IP NSIP. I have uploaded a license file (Enterprise Edition VPX) and set up the DNS Servers as required.
For the purpose of this I have pre-build the following in Microsoft Azure:
- Domain Controller – Hosting DNS and Certificate Services
- License Server – Citrix Licence and RDS License Server
- StoreFront Server – Running X1 Tech Preview
- Controller – Citrix Brokering Services
- App Server – Windows 2012 XenDesktop 7.6 Server
Click on Continue. This will take you to the base configuration page.
First thing you will need to do is enable the SSL Service and upload a valid certificate. Normally you would buy a certificate from a valid reseller and upload it to your NetScaler – however, in this case I am going to generate a test certificate from the NetScaler itself.
Navigate to Traffic Management and SSL and click generate a Self Signed Server Test Certificate
Enter the details of your CloudApp URL in Azure and click OK.
Add a connection to your LDAP Directory. Navigate to System, Authentication and LDAP. Click on Add.
Give the Authentication Policy a name and click the + next to add server
Fill out the LDAP connection details and click create. From the Saved Policy Expressions list select ns_true and click on create.
You can now add your NetScaler Gateway Virtual Server. Navigate to Netscaler Gateway / Virtual Server and Select Add.
Give the gateway a name and enter the IP Address for the gateway. NOTE: Put in the SAME IP Address as the NSIP (NetScaler IP) for the NetScaler AND change the port from 443 to something else. You will use the endpoint rules to redirect traffic to the virtual server. This is configured in the Azure Portal.
Click to select your certificate from the list of uploaded certs.
Click Add Authentication Binding and select your LDAP Profile you created earlier.
Click continue then done twice. You should now see your virtual server listed and shown as online.
You can now add the normal policies to your NetScaler for access to your Windows Apps and Desktops from any devices, and also update your StoreFront Server to allow access from your new NetScaler.
Once you have configured all this you should be able to sign in and access your Apps. However – you cannot get to the gateway. To resolve this you need to add a new endpoint on Microsoft Azure to forward traffic to your NetScaler.
Navigate to https://portal.azure.com and log in with your Microsoft Credentials.
Click on Browse and select Virtual Machines. Then select your NetScaler from the listed machines.
Click on Settings, then Endpoints.
Click on Add and enter 443 for the public port and forward it to the internal port you defined when building your NetScaler.
Click on OK and wait for the end point to be created.
Once done you should be able to navigate to your CloudApp URL on port 443 and log into your NetScaler Gateway and access all your Windows Apps and Desktops.
Taking this further I would create a DNS record on your own domain and point this to your CloudApp IP. This way it would be seamless to your user base.
Hope this helps some of you out.