How to build a NetScaler Gateway 10.5 in the Amazon AWS Cloud

How to build a NetScaler Gateway 10.5 in the Amazon AWS Cloud

How to build a NetScaler Gateway 10.5 in the Amazon AWS Cloud

This post has already been read 9683 times!

I previously wrote an article (here) about building a NetScaler VPX Appliance in teh Amazon AWS Cloud.  The next logical step it to put either a load balancer or a NetScaler Gateway on there to start to service your user base.  This article will walk you through getting NetScaler Gateway running on your NetScaler VPX in AWS.

Navigate to the admin console of your NetScaler.  Log into the NetScaler using nsroot and the instanceid that Amazon AWS assigned during the build process.

The first thing you are going to need is a valid external certificate provided by a trusted issuer.  Once you have this you will need to upload the certificate to the NetScaler.

Navigate to Traffic Management – SSL.  Right click and enable this feature.


You will then need to import the certificate to the device.  I am not going to go into detail about how to do this as its a pretty straight forward process.  If you need some documentation on this Citrix do a great job of that on their eDocs site.  Follow this link for more information.

Once you have your certificate installed you will have to enable the NetScaler Gateway option. Right click on NetScaler Gateway and select Enable.


Then expand NetScaler Gateway and select Virtual Servers. Click Add.  Enter a name for the gateway and give it an IP Address that is in the Public Subnet you assigned during the NetScaler Build process.

NOTE: Write down this IP Address as we will need it when allocating the Elastic IP Addresses later on.


Click on OK then click on “No Server Certificate” and select the certificate you imported earlier and click bind.



Click on OK and Done and at this stage you should have a NetScaler Gateway being shown in an “Up” state.


At this point you can go ahead and configure your gateway to authenticate with your Domain Controllers or RSA Servers, set up the Session Policies and configure the access to StoreFront.  I am not going to go into detail about setting all of this up as there are hundreds of blog articles out there already describing this process.  Effectively you will be setting up the Gateway as if it were in your datacentre.

One Point worth mentioning is: Make Sure you add a Subnet IP for your internal subnets if you are hosting the NetScaler Gateway in Amazon AWS and have a VPC VPN Connection to your corporate network.

Once you have your gateway configured how you want it the next step is to provide external access to it.

Login to your AWS Portal at and navigate to your instances.  Right click on your NetScaler, Select Networking and then Manage Private IP Addresses.


This will open up a windows showing all the private IP Addresses assigned to the NetScaler.  Click on Assign New IP on the interface you want to run the NetScaler Gateway on.  In this example I am running it on the Management Interface in Single Arm mode but you would normally put it on the Public Interface.  When you assign the IP Address make sure you use the SAME address that you assigned to your NetScaler Gateway when building it.


Click on “Yes Update”.  This will assign the new IP Address to the instance at an AWS level.  You can now assign a new Elastic IP to this Private IP.

Navigate to Network and Security and Elastic IP’s, then click “Allocate New Address”, when prompted – select Yes to get a new IP Address.


You now have to associate that address with the new IP Address you previously assigned to the instance. Select the address from the list and select Associate Address.


When the screen below pops up select the NetScaler instance you built previously from the Instance List.  Once this is selected you will be able to select the IP Address you statically assigned to the instance (the same address as your NetScaler Gateway) and select Associate.


Thats it! You should now be able to point your dns name to the elastic ip address Amazon assigned you and log into your NetScaler Gateway.


I hope this helps some of you out there who are looking to put a NetScaler Gateway into the Amazon AWS Cloud.








2 thoughts on “How to build a NetScaler Gateway 10.5 in the Amazon AWS Cloud

  1. Frank

    when i create a Subnet with Management, Private, Public Subnet, can i define than also a new vlan in case for the AD Server and Citrix Env? I have on idea, what is the best for a small test env in amazon aws, so i create a VPC, create first this three Subnets for Netscaler and one for the Servers. I will have than a AD Server, DDC&SF&SQL&LIC Server and a normal VDA Server, so in all 3 Servers, and than i want use Netscaler only as Gateway. So is this ok, to have than 4 Subnets or not?


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.