This post has already been read 21238 times!
Whilst attending @XenAppBlog Automation Framework Masterclass in London last month Eric and I started to talk about how we could automate and bring some NetScaler Unified Gateway goodness to the course. This (obviously) peaked my interest and I started to look into using NITRO to automate a NetScaler Unified Gateway build so that the students could test access both via Citrix StoreFront and NetScaler Unified Gateway.
Firstly, if you don’t know about the masterclass it covers everything Citrix and Automation. I would highly recommend taking a look and better still attending one of the 3 day masterclasses, you can find out more and register for an event near you by checking out this link.
The below script is written in Powershell and is a “as is” script. I know that its not written to best practice but rest assured v2 has been tweaked and will be sent to Eric for testing. This is just meant to give you a sneak preview of whats possibly with NetScaler, Powershell and NITRO.
So, lets get it configured.
Pre-reqs
- A NetScaler with NSIP, NSIP, DNS Servers and License Configured
- A Public Trusted Certificate Installed and Linked
First from a server or desktop that has access to the NetScaler NSIP navigate to the following directory
C:\Program Files\WindowsPowershell\Modules
and create a directory called “netscaler-nitro”
NOTE: This directory is case sensitive and will need to match the .psm1 file
Next create a new files in that directory with the same name as the directory but with an extension .psm1 (e.g. netscaler-nitro.psm1)
Open that file and copy and paste the code at the bottom of this article into the psm1 file. Close and save the file.
The modules directory will be read into Powershell when you open up a command window. To check that there are no errors in the psm1 file you can open a Powershell window now and make sure it does not error
NOTE: To test its read in the functions correctly you can type in login-net and press TAB. It should fill out the function to Login-Netscaler
Next create a new ps1 file called build-netscaler.ps1 in a location that you use to save your scripts
Copy and paste the following code into the build-netscaler.ps1 file
Measure-Command { #NetScaler IP Address $NSIP = "192.168.0.201" #Parameters: NetScaler IP, Username, Password login-netscaler $NSIP nsroot nsroot #Parameters: NTP IP Address, NetScaler IP Add-NetScalerNTP 129.6.15.28 $NSIP Add-NetScalerNTP 129.6.15.29 $NSIP Add-NetScalerNTP 129.6.15.30 $NSIP #Parameters: , NetScaler IP, Ldap Profile Name, DC IP Address, Security, Port, Type, Timeout, Base DN, Bind Account, Password, Login Name, Group Attribute, Sub Attribute, SSO Attribute Add-NetScalerLdapServer $NSIP XenAppBlog-LDAP 192.168.0.200 PLAINTEXT 389 AD 600 "dc=bretty,dc=me,dc=uk" david.brett@bretty.me.uk password userprincipalname memberof cn userprincipalname #Parameters: NetScaler IP, LDAP Policy Name, Expression, LDAP Profile Name Add-NetScalerLdapPolicy $NSIP XenAppBlog-LDAP-Policy ns_true XenAppBlog-LDAP #Parameters: NetScaler IP, Session Action Name, Default Auth, ICA Proxy, StoreFront Address, SSO Domain Add-NetScalerSessionAction $NSIP XenAppBlog-Web ALLOW ON https://storefront.bretty.me.uk/citrix/brettyweb bretty.me.uk #Parameters: NetScaler IP, Session Policy Name, Expression, Session Profile Name Add-NetScalerSessionPolicy $NSIP XenAppBlog-Web-Policy "REQ.HTTP.HEADER User-Agent NOTCONTAINS CitrixReceiver && REQ.HTTP.HEADER Referer EXISTS" XenAppBlog-Web #Parameters: NetScaler IP, NetScaler Gateway Name, Type Add-NetScalerGateway $NSIP XenAppBlogGateway SSL #Parameters: NetScaler IP, Content Switch Name, Type, IP Address, Port Add-ContentSwitch $NSIP XenAppBlog-CS SSL 192.168.0.242 443 #Parameters: NetScaler IP, Content Switch Name, NetScaler Gateway Name Bind-ContentSwitchDefaultvServer $NSIP XenAppBlog-CS XenAppBlogGateway #Parameters: NetScaler IP, Content Switch Name, Certificate Name Bind-CertificateCS $NSIP XenAppBlog-CS wildcard.bretty.me.uk_external #Parameters: NetScaler IP, NetScaler Gateway Name, Certificate Name Bind-CertificateGW $NSIP XenAppBlogGateway wildcard.bretty.me.uk_external #Parameters: NetScaler IP, NetScaler Gateway Name, LDAP Policy Name Bind-GatewayLDAP $NSIP XenAppBlogGateway XenAppBlog-LDAP-Policy #Parameters: NetScaler IP, NetScaler Gateway Name, Session Policy Name Bind-GatewaySession $NSIP XenAppBlogGateway XenAppBlog-Web-Policy #Parameters: NetScaler IP, NetScaler Gateway Name, STA Address Bind-GatewaySTA $NSIP XenAppBlogGateway http://xd.bretty.me.uk logout-netscaler $NSIP }
I know there is a bunch of parameters and options for improving this but it was build just to test the possibility of this as a concept. The script being released to the masterclass will be significantly “cleaner”
That’s it, you can now spin up a NetScaler and run the script against it. Once run it will give you a timer for the time taken and should have put a nice usable Unified Gateway on your NetScaler ready for you.
Laters,
b@m
Here is a video of the script in action. I will be building a gateway called “brettyNITRO” in 840 milliseconds
[embedyt] https://www.youtube.com/watch?v=QxpSnD0T-sQ[/embedyt]
NetScaler Nitro PSM1 Script Code
function Login-NetScaler { <# .SYNOPSIS Logs into a Citrix NetScaler. .DESCRIPTION Logs into a NetScaler ADC and creates a global variable called $NSSession to be used to invoke NITRO Commands. .PARAMETER NSIP Citrix NetScaler NSIP. .PARAMETER UserName UserName to be used for login. .PARAMETER Password The Password to be used for Login .NOTES Name: Login-NetScaler Author: David Brett - Citrix CTP Date Created: 15/03/2017 .CHANGE LOG David Brett - 15/03/2017 - Initial Script Creation .LINK https://bretty.me.uk #> [cmdletbinding( DefaultParameterSetName = '', ConfirmImpact = 'low' )] Param ( [Parameter( Mandatory = $False, Position = 0, ParameterSetName = '', ValueFromPipeline = $True)] [string]$NSIP, [Parameter( Mandatory = $False, Position = 1, ParameterSetName = '', ValueFromPipeline = $True)] [string]$UserName, [Parameter( Mandatory = $False, Position = 2, ParameterSetName = '', ValueFromPipeline = $True)] [string]$Password ) #Check to see if parameters were passed in, if not then prompt the user for them if ($NSIP -eq "") {$NSIP = read-host "Enter NetScaler IP"} if ($UserName -eq "") {$UserName = read-host "Enter NetScaler User Name"} if ($Password -eq "") { $SecurePassword = read-host "Enter NetScaler Password" -AsSecureString $BasePassword = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword) $Password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BasePassword) } #Validate That the IP Address is valid Validate-IP $NSIP #Set up the JSON Payload to send to the netscaler $PayLoad = ConvertTo-JSON @{ "login"=@{ "username"=$UserName; "password"=$Password } } #Connect to NetScaler Invoke-RestMethod -uri "$NSIP/nitro/v1/config/login" -body $PayLoad -SessionVariable saveSession -Headers @{"Content-Type"="application/vnd.com.citrix.netscaler.login+json"} -Method POST #Build Global NetScaler Session Variable $Global:nsSession = New-Object -TypeName PSObject $nsSession | Add-Member -NotePropertyName Endpoint -NotePropertyValue $NSIP -TypeName String $nsSession | Add-Member -NotePropertyName WebSession -NotePropertyValue $saveSession -TypeName Microsoft.PowerShell.Commands.WebRequestSession #Return NetScaler Session return $nsSession } function Logout-NetScaler { <# .SYNOPSIS Logs out of a Citrix NetScaler. .DESCRIPTION Logs out of a Citrix NetScaler and clears the NSSession Global Variable. .PARAMETER NSIP Citrix NetScaler NSIP. .NOTES Name: Logout-NetScaler Author: David Brett - Citrix CTP Date Created: 15/03/2017 .CHANGE LOG David Brett - 15/03/2017 - Initial Script Creation .LINK https://bretty.me.uk #> [cmdletbinding( DefaultParameterSetName = '', ConfirmImpact = 'low' )] Param ( [Parameter( Mandatory = $False, Position = 0, ParameterSetName = '', ValueFromPipeline = $True)] [string]$NSIP ) #Validate That the IP Address is valid Validate-IP $NSIP #Check to see if a valid NSSession is active. If not then quit the function if ($NSSession -eq "") { write-host -ForegroundColor Red "No valid NetScaler session found, quitting" break } #Set up the JSON Payload to send to the netscaler $PayLoad = ConvertTo-JSON @{ "logout"=@{ } } #Logout of the NetScaler Invoke-RestMethod -uri "$NSIP/nitro/v1/config/logout" -body $PayLoad -WebSession $NSSession.WebSession -Headers @{"Content-Type"="application/vnd.com.citrix.netscaler.logout+json"} -Method POST #Clear the Global Variable for the NetScaler Session Remove-Variable -name nsSession -Scope global -force } function Validate-IP { <# .SYNOPSIS Validate a passed in IP Address. .DESCRIPTION Validate a passed in IP Address. .PARAMETER IPAddress IP Address to be validated. .NOTES Name: Validate-IP Author: David Brett - Citrix CTP Date Created: 15/03/2017 .CHANGE LOG David Brett - 15/03/2017 - Initial Script Creation .LINK https://bretty.me.uk #> [cmdletbinding( DefaultParameterSetName = '', ConfirmImpact = 'low' )] Param ( [Parameter( Mandatory = $False, Position = 0, ParameterSetName = '', ValueFromPipeline = $True)] [string]$IPAddress ) if ([BOOL]($IPAddress -as [IPADDRESS])){ return $True } else { write-Host -ForegroundColor Red "$IPAddress is an invalid address - quitting" break } } function Add-NetScalerNTP { <# .SYNOPSIS Add a NTP Server to a NetScaler. .DESCRIPTION Add a NTP Server to a NetScaler. .PARAMETER NtpIP NTP Server IP Address .PARAMETER NSIP NetScaler IP Address .NOTES Name: Add-NetScalerNTP Author: David Brett - Citrix CTP Date Created: 21/04/2017 .CHANGE LOG David Brett - 21/04/2017 - Initial Script Creation .LINK https://bretty.me.uk #> [cmdletbinding( DefaultParameterSetName = '', ConfirmImpact = 'low' )] Param ( [Parameter( Mandatory = $True, Position = 0, ParameterSetName = '', ValueFromPipeline = $True)] [string]$NtpIP, [Parameter( Mandatory = $True, Position = 1, ParameterSetName = '', ValueFromPipeline = $True)] [string]$NSIP ) #Check if there is a valid NetScaler session active if ($nssession -eq $null) { write-host -ForegroundColor Red "NetScaler Login is required to continue, please use Login-NetScaler, quitting" break } #Check if the vServer exists and is already disabled $Url = "$NSIP/nitro/v1/config/ntpserver/$NtpIP" $Method = "GET" $ContentType = "application/json" try { $NtpIPStatus = Invoke-RestMethod -uri $Url -WebSession $nsSession.WebSession -ContentType $ContentType -Method $Method $NTPStatus = "Good" } catch { $ErrException = $_.Exception.Response.StatusCode.value__ if ($ErrException -eq 404) { $NtpStatus = "Bad" cls write-host -ForegroundColor Red "NTP Server is not found, adding NTP Server" } } if ($NtpStatus -eq "Bad" ) { #Set up the NetScaler Url for NITRO $Url = "$NSIP/nitro/v1/config/ntpserver" #Set the HTTP Method $Method = "POST" #Set the Request Header for Content Type $ContentType = "application/json" #Set up the JSON Payload to send to the netscaler $PayLoad = ConvertTo-JSON @{ "ntpserver"=@{ "serverip"=$NtpIP } } #Execute the NetScaler Nitro Command and catch the output. If error then break the function Invoke-RestMethod -uri $Url -WebSession $nsSession.WebSession -ContentType $ContentType -Body $Payload -Method $Method cls write-host -ForegroundColor Green "$NtpIP has been added" } else { write-host -ForegroundColor Green "$NtpIP already exists" } } function Add-NetScalerLdapServer { <# .SYNOPSIS Adds a LDAP Authentication Server to a NetScaler. .DESCRIPTION Adds a LDAP Authentication Server to a NetScaler. .PARAMETER NSIP NetScaler IP Address .PARAMETER Name NetScaler LDAP Server Name .PARAMETER ServerIP LDAP Server IP .PARAMETER SecurityType LDAP Security Type .PARAMETER Port LDAP Server Port .PARAMETER ServerType LDAP Server Type .PARAMETER Timeout LDAP Server Timeout .PARAMETER BaseDN LDAP Base DN .PARAMETER BindDN LDAP Bind DN .PARAMETER AdminPass LDAP Admin Password .PARAMETER LoginNameAttr LDAP Login Name Attribute .PARAMETER GroupAttr LDAP Group Attribute .PARAMETER SubAttribute LDAP Sub Login Attribute .PARAMETER SingleSignOnAttr LDAP Single Sign On Attribute .NOTES Name: Add-NetScalerLdapServer Author: David Brett - Citrix CTP Date Created: 21/04/2017 .CHANGE LOG David Brett - 21/04/2017 - Initial Script Creation .LINK https://bretty.me.uk #> [cmdletbinding( DefaultParameterSetName = '', ConfirmImpact = 'low' )] Param ( [Parameter( Mandatory = $True, Position = 0, ParameterSetName = '', ValueFromPipeline = $True)] [string]$NSIP, [Parameter( Mandatory = $True, Position = 1, ParameterSetName = '', ValueFromPipeline = $True)] [string]$Name, [Parameter( Mandatory = $True, Position = 2, ParameterSetName = '', ValueFromPipeline = $True)] [string]$ServerIP, [Parameter( Mandatory = $True, Position = 3, ParameterSetName = '', ValueFromPipeline = $True)] [string]$SecurityType, [Parameter( Mandatory = $True, Position = 4, ParameterSetName = '', ValueFromPipeline = $True)] [string]$Port, [Parameter( Mandatory = $True, Position = 5, ParameterSetName = '', ValueFromPipeline = $True)] [string]$ServerType, [Parameter( Mandatory = $True, Position = 6, ParameterSetName = '', ValueFromPipeline = $True)] [string]$Timeout, [Parameter( Mandatory = $True, Position = 7, ParameterSetName = '', ValueFromPipeline = $True)] [string]$BaseDN, [Parameter( Mandatory = $True, Position = 8, ParameterSetName = '', ValueFromPipeline = $True)] [string]$BindDN, [Parameter( Mandatory = $True, Position = 9, ParameterSetName = '', ValueFromPipeline = $True)] [string]$AdminPass, [Parameter( Mandatory = $True, Position = 10, ParameterSetName = '', ValueFromPipeline = $True)] [string]$LoginNameAttr, [Parameter( Mandatory = $True, Position = 11, ParameterSetName = '', ValueFromPipeline = $True)] [string]$GroupAttr, [Parameter( Mandatory = $True, Position = 12, ParameterSetName = '', ValueFromPipeline = $True)] [string]$SubAttr, [Parameter( Mandatory = $True, Position = 13, ParameterSetName = '', ValueFromPipeline = $True)] [string]$SingleSignOnAttr ) #Check if there is a valid NetScaler session active if ($nssession -eq $null) { write-host -ForegroundColor Red "NetScaler Login is required to continue, please use Login-NetScaler, quitting" break } #Check if the LDAP Server exists $Url = "$NSIP/nitro/v1/config/authenticationldapaction/$Name" $Method = "GET" $ContentType = "application/json" try { $LDAPStatus = Invoke-RestMethod -uri $Url -WebSession $nsSession.WebSession -ContentType $ContentType -Method $Method $LDAPStatus = "Good" } catch { $ErrException = $_.Exception.Response.StatusCode.value__ if ($ErrException -eq 404) { $LDAPStatus = "Bad" cls write-host -ForegroundColor Red "LDAP Server is not found, adding LDAP Server" } } if ($LDAPStatus -eq "Bad" ) { #Set up the NetScaler Url for NITRO $Url = "$NSIP/nitro/v1/config/authenticationldapaction" #Set the HTTP Method $Method = "POST" #Set the Request Header for Content Type $ContentType = "application/json" #Set up the JSON Payload to send to the netscaler $PayLoad = ConvertTo-JSON @{ "authenticationldapaction"=@{ "name"=$Name; "serverip"=$ServerIP; "serverport"=$Port; "authtimeout"=$Timeout; "ldapbase"=$BaseDN; "ldapbinddn"=$BindDN; "ldapbinddnpassword"=$AdminPass; "ldaploginname"=$LoginNameAttr; "groupattrname"=$GroupAttr; "subattributename"=$SubAttribute; "sectype"=$SecurityType; "svrtype"=$ServerType; "ssonameattribute"=$SingleSignOnAttr } } #Execute the NetScaler Nitro Command and catch the output. If error then break the function Invoke-RestMethod -uri $Url -WebSession $nsSession.WebSession -ContentType $ContentType -Body $Payload -Method $Method cls write-host -ForegroundColor Green "LDAP Server has been added" } else { write-host -ForegroundColor Green "LDAP Server already exists" } } function Add-NetScalerLdapPolicy { <# .SYNOPSIS Adds a LDAP Authentication Policy to a NetScaler. .DESCRIPTION Adds a LDAP Authentication Policy to a NetScaler. .PARAMETER NSIP NetScaler IP Address .PARAMETER Name NetScaler LDAP Server Name .PARAMETER Rule LDAP Server IP .PARAMETER ReqAction LDAP Security Type .NOTES Name: Add-NetScalerLdapPolicy Author: David Brett - Citrix CTP Date Created: 21/04/2017 .CHANGE LOG David Brett - 21/04/2017 - Initial Script Creation .LINK https://bretty.me.uk #> [cmdletbinding( DefaultParameterSetName = '', ConfirmImpact = 'low' )] Param ( [Parameter( Mandatory = $True, Position = 0, ParameterSetName = '', ValueFromPipeline = $True)] [string]$NSIP, [Parameter( Mandatory = $True, Position = 1, ParameterSetName = '', ValueFromPipeline = $True)] [string]$Name, [Parameter( Mandatory = $True, Position = 2, ParameterSetName = '', ValueFromPipeline = $True)] [string]$Rule, [Parameter( Mandatory = $True, Position = 3, ParameterSetName = '', ValueFromPipeline = $True)] [string]$ReqAction ) #Check if there is a valid NetScaler session active if ($nssession -eq $null) { write-host -ForegroundColor Red "NetScaler Login is required to continue, please use Login-NetScaler, quitting" break } #Check if the LDAP Policy exists $Url = "$NSIP/nitro/v1/config/authenticationldappolicy/$Name" $Method = "GET" $ContentType = "application/json" try { $LDAPStatus = Invoke-RestMethod -uri $Url -WebSession $nsSession.WebSession -ContentType $ContentType -Method $Method $LDAPStatus = "Good" } catch { $ErrException = $_.Exception.Response.StatusCode.value__ if ($ErrException -eq 404) { $LDAPStatus = "Bad" cls write-host -ForegroundColor Red "LDAP Policy is not found, adding LDAP Policy" } } if ($LDAPStatus -eq "Bad" ) { #Set up the NetScaler Url for NITRO $Url = "$NSIP/nitro/v1/config/authenticationldappolicy" #Set the HTTP Method $Method = "POST" #Set the Request Header for Content Type $ContentType = "application/json" #Set up the JSON Payload to send to the netscaler $PayLoad = ConvertTo-JSON @{ "authenticationldappolicy"=@{ "name"=$Name; "rule"=$Rule; "reqaction"=$ReqAction } } #Execute the NetScaler Nitro Command and catch the output. If error then break the function Invoke-RestMethod -uri $Url -WebSession $nsSession.WebSession -ContentType $ContentType -Body $Payload -Method $Method cls write-host -ForegroundColor Green "LDAP Policy has been added" } else { write-host -ForegroundColor Green "LDAP Policy already exists" } } function Add-NetScalerSessionAction { <# .SYNOPSIS Adds a NetScaler Gateway Session Action to a NetScaler. .DESCRIPTION Adds a NetScaler Gateway Session Action to a NetScaler. .PARAMETER NSIP NetScaler IP Address .PARAMETER Name NetScaler Session Action Server Name .PARAMETER DefaultAuth Default Authorisation .PARAMETER ICAProxy ICA Proxy .PARAMETER WebInterfaceAddress Web Interface Address .PARAMETER SSODomain Single Sign On Domain .NOTES Name: Add-NetScalerSessionAction Author: David Brett - Citrix CTP Date Created: 21/04/2017 .CHANGE LOG David Brett - 21/04/2017 - Initial Script Creation .LINK https://bretty.me.uk #> [cmdletbinding( DefaultParameterSetName = '', ConfirmImpact = 'low' )] Param ( [Parameter( Mandatory = $True, Position = 0, ParameterSetName = '', ValueFromPipeline = $True)] [string]$NSIP, [Parameter( Mandatory = $True, Position = 1, ParameterSetName = '', ValueFromPipeline = $True)] [string]$Name, [Parameter( Mandatory = $True, Position = 2, ParameterSetName = '', ValueFromPipeline = $True)] [string]$DefaultAuth, [Parameter( Mandatory = $True, Position = 3, ParameterSetName = '', ValueFromPipeline = $True)] [string]$ICAProxy, [Parameter( Mandatory = $True, Position = 4, ParameterSetName = '', ValueFromPipeline = $True)] [string]$WebInterfaceAddress, [Parameter( Mandatory = $True, Position = 5, ParameterSetName = '', ValueFromPipeline = $True)] [string]$SSODomain ) #Check if there is a valid NetScaler session active if ($nssession -eq $null) { write-host -ForegroundColor Red "NetScaler Login is required to continue, please use Login-NetScaler, quitting" break } #Check if the LDAP Policy exists $Url = "$NSIP/nitro/v1/config/vpnsessionaction/$Name" $Method = "GET" $ContentType = "application/json" try { $SessionStatus = Invoke-RestMethod -uri $Url -WebSession $nsSession.WebSession -ContentType $ContentType -Method $Method $SessionStatus = "Good" } catch { $ErrException = $_.Exception.Response.StatusCode.value__ if ($ErrException -eq 404) { $SessionStatus = "Bad" cls write-host -ForegroundColor Red "NetScaler Session Action is not found, adding LDAP Policy" } } if ($SessionStatus -eq "Bad" ) { #Set up the NetScaler Url for NITRO $Url = "$NSIP/nitro/v1/config/vpnsessionaction" #Set the HTTP Method $Method = "POST" #Set the Request Header for Content Type $ContentType = "application/json" #Set up the JSON Payload to send to the netscaler $PayLoad = ConvertTo-JSON @{ "vpnsessionaction"=@{ "name"=$Name; "defaultauthorizationaction"=$DefaultAuth; "icaproxy"=$ICAProxy; "wihome"=$WebInterfaceAddress; "ntdomain"=$SSODomain } } #Execute the NetScaler Nitro Command and catch the output. If error then break the function Invoke-RestMethod -uri $Url -WebSession $nsSession.WebSession -ContentType $ContentType -Body $Payload -Method $Method cls write-host -ForegroundColor Green "NetScaler Session Policy has been added" } else { write-host -ForegroundColor Green "NetScaler Session Policy already exists" } } function Add-NetScalerSessionPolicy { <# .SYNOPSIS Adds a NetScaler Session Policy to a NetScaler. .DESCRIPTION Adds a NetScaler Session Policy to a NetScaler. .PARAMETER NSIP NetScaler IP Address .PARAMETER Name NetScaler Session Policy Name .PARAMETER Rule NetScaler Session Policy Rule .PARAMETER Action NetScaler Session Policy Action .NOTES Name: Add-NetScalerSessionPolicy Author: David Brett - Citrix CTP Date Created: 21/04/2017 .CHANGE LOG David Brett - 21/04/2017 - Initial Script Creation .LINK https://bretty.me.uk #> [cmdletbinding( DefaultParameterSetName = '', ConfirmImpact = 'low' )] Param ( [Parameter( Mandatory = $True, Position = 0, ParameterSetName = '', ValueFromPipeline = $True)] [string]$NSIP, [Parameter( Mandatory = $True, Position = 1, ParameterSetName = '', ValueFromPipeline = $True)] [string]$Name, [Parameter( Mandatory = $True, Position = 2, ParameterSetName = '', ValueFromPipeline = $True)] [string]$Rule, [Parameter( Mandatory = $True, Position = 3, ParameterSetName = '', ValueFromPipeline = $True)] [string]$Action ) #Check if there is a valid NetScaler session active if ($nssession -eq $null) { write-host -ForegroundColor Red "NetScaler Login is required to continue, please use Login-NetScaler, quitting" break } #Check if the LDAP Policy exists $Url = "$NSIP/nitro/v1/config/vpnsessionpolicy/$Name" $Method = "GET" $ContentType = "application/json" try { $SessionStatus = Invoke-RestMethod -uri $Url -WebSession $nsSession.WebSession -ContentType $ContentType -Method $Method $SessionStatus = "Good" } catch { $ErrException = $_.Exception.Response.StatusCode.value__ if ($ErrException -eq 404) { $SessionStatus = "Bad" cls write-host -ForegroundColor Red "Session Policy is not found, adding LDAP Policy" } } if ($SessionStatus -eq "Bad" ) { #Set up the NetScaler Url for NITRO $Url = "$NSIP/nitro/v1/config/vpnsessionpolicy" #Set the HTTP Method $Method = "POST" #Set the Request Header for Content Type $ContentType = "application/json" #Set up the JSON Payload to send to the netscaler $PayLoad = ConvertTo-JSON @{ "vpnsessionpolicy"=@{ "name"=$Name; "rule"=$Rule; "action"=$Action } } #Execute the NetScaler Nitro Command and catch the output. If error then break the function Invoke-RestMethod -uri $Url -WebSession $nsSession.WebSession -ContentType $ContentType -Body $Payload -Method $Method cls write-host -ForegroundColor Green "Session Policy has been added" } else { write-host -ForegroundColor Green "Session Policy already exists" } } function Add-NetScalerGateway { <# .SYNOPSIS Adds a NetScaler Gateway to a NetScaler. .DESCRIPTION Adds a NetScaler Gateway to a NetScaler. .PARAMETER NSIP NetScaler IP Address .PARAMETER Name NetScaler Gateway Server Name .PARAMETER ServiceType Service Type .PARAMETER IPv46 IP Address of the Gateway .PARAMETER ICAOnly ICA Only Gateway .NOTES Name: Add-NetScalerGateway Author: David Brett - Citrix CTP Date Created: 21/04/2017 .CHANGE LOG David Brett - 21/04/2017 - Initial Script Creation .LINK https://bretty.me.uk #> [cmdletbinding( DefaultParameterSetName = '', ConfirmImpact = 'low' )] Param ( [Parameter( Mandatory = $True, Position = 0, ParameterSetName = '', ValueFromPipeline = $True)] [string]$NSIP, [Parameter( Mandatory = $True, Position = 1, ParameterSetName = '', ValueFromPipeline = $True)] [string]$Name, [Parameter( Mandatory = $True, Position = 2, ParameterSetName = '', ValueFromPipeline = $True)] [string]$ServiceType ) #Check if there is a valid NetScaler session active if ($nssession -eq $null) { write-host -ForegroundColor Red "NetScaler Login is required to continue, please use Login-NetScaler, quitting" break } #Check if the LDAP Policy exists $Url = "$NSIP/nitro/v1/config/vpnvserver/$Name" $Method = "GET" $ContentType = "application/json" try { $GatewayStatus = Invoke-RestMethod -uri $Url -WebSession $nsSession.WebSession -ContentType $ContentType -Method $Method $GatewayStatus = "Good" } catch { $ErrException = $_.Exception.Response.StatusCode.value__ if ($ErrException -eq 404) { $GatewayStatus = "Bad" cls write-host -ForegroundColor Red "NetScaler Gateway is not found, adding NetScaler Gateway" } } if ($GatewayStatus -eq "Bad" ) { #Set up the NetScaler Url for NITRO $Url = "$NSIP/nitro/v1/config/vpnvserver" #Set the HTTP Method $Method = "POST" #Set the Request Header for Content Type $ContentType = "application/json" #Set up the JSON Payload to send to the netscaler $PayLoad = ConvertTo-JSON @{ "vpnvserver"=@{ "name"=$Name; "servicetype"=$ServiceType } } #Execute the NetScaler Nitro Command and catch the output. If error then break the function Invoke-RestMethod -uri $Url -WebSession $nsSession.WebSession -ContentType $ContentType -Body $Payload -Method $Method cls write-host -ForegroundColor Green "NetScaler Gateway has been added" } else { write-host -ForegroundColor Green "NetScaler Gateway already exists" } } function Add-ContentSwitch { <# .SYNOPSIS Adds a Content Switch to a NetScaler. .DESCRIPTION Adds a Content Switch to a NetScaler. .PARAMETER NSIP NetScaler IP Address .PARAMETER Name Content Switch Name .PARAMETER ServiceType Service Type .PARAMETER IPv46 IP Address of the Gateway .PARAMETER Port Port .NOTES Name: Add-ContentSwitch Author: David Brett - Citrix CTP Date Created: 21/04/2017 .CHANGE LOG David Brett - 21/04/2017 - Initial Script Creation .LINK https://bretty.me.uk #> [cmdletbinding( DefaultParameterSetName = '', ConfirmImpact = 'low' )] Param ( [Parameter( Mandatory = $True, Position = 0, ParameterSetName = '', ValueFromPipeline = $True)] [string]$NSIP, [Parameter( Mandatory = $True, Position = 1, ParameterSetName = '', ValueFromPipeline = $True)] [string]$Name, [Parameter( Mandatory = $True, Position = 2, ParameterSetName = '', ValueFromPipeline = $True)] [string]$ServiceType, [Parameter( Mandatory = $True, Position = 3, ParameterSetName = '', ValueFromPipeline = $True)] [string]$IPv46, [Parameter( Mandatory = $True, Position = 4, ParameterSetName = '', ValueFromPipeline = $True)] [string]$Port ) #Check if there is a valid NetScaler session active if ($nssession -eq $null) { write-host -ForegroundColor Red "NetScaler Login is required to continue, please use Login-NetScaler, quitting" break } #Check if the LDAP Policy exists $Url = "$NSIP/nitro/v1/config/csvserver/$Name" $Method = "GET" $ContentType = "application/json" try { $CSStatus = Invoke-RestMethod -uri $Url -WebSession $nsSession.WebSession -ContentType $ContentType -Method $Method $CSStatus = "Good" } catch { $ErrException = $_.Exception.Response.StatusCode.value__ if ($ErrException -eq 404) { $CSStatus = "Bad" cls write-host -ForegroundColor Red "Content Switch is not found, adding Content Switch" } } if ($CSStatus -eq "Bad" ) { #Set up the NetScaler Url for NITRO $Url = "$NSIP/nitro/v1/config/csvserver" #Set the HTTP Method $Method = "POST" #Set the Request Header for Content Type $ContentType = "application/json" #Set up the JSON Payload to send to the netscaler $PayLoad = ConvertTo-JSON @{ "csvserver"=@{ "name"=$Name; "servicetype"=$ServiceType; "ipv46"=$IPv46; "Port"=$Port } } #Execute the NetScaler Nitro Command and catch the output. If error then break the function Invoke-RestMethod -uri $Url -WebSession $nsSession.WebSession -ContentType $ContentType -Body $Payload -Method $Method cls write-host -ForegroundColor Green "Content Switch has been added" } else { write-host -ForegroundColor Green "Content Switch already exists" } } function Bind-ContentSwitchDefaultvServer { <# .SYNOPSIS Binds a default VPN vServer to the Content Switch. .DESCRIPTION Binds a default VPN vServer to the Content Switch. .PARAMETER NSIP NetScaler IP Address .PARAMETER Name Content Switch Name .PARAMETER vServer vServer Name .NOTES Name: Add-ContentSwitchDefaultvServer Author: David Brett - Citrix CTP Date Created: 21/04/2017 .CHANGE LOG David Brett - 21/04/2017 - Initial Script Creation .LINK https://bretty.me.uk #> [cmdletbinding( DefaultParameterSetName = '', ConfirmImpact = 'low' )] Param ( [Parameter( Mandatory = $True, Position = 0, ParameterSetName = '', ValueFromPipeline = $True)] [string]$NSIP, [Parameter( Mandatory = $True, Position = 1, ParameterSetName = '', ValueFromPipeline = $True)] [string]$Name, [Parameter( Mandatory = $True, Position = 2, ParameterSetName = '', ValueFromPipeline = $True)] [string]$vServer ) #Check if there is a valid NetScaler session active if ($nssession -eq $null) { write-host -ForegroundColor Red "NetScaler Login is required to continue, please use Login-NetScaler, quitting" break } #Set up the NetScaler Url for NITRO $Url = "$NSIP/nitro/v1/config/csvserver_vpnvserver_binding" #Set the HTTP Method $Method = "POST" #Set the Request Header for Content Type $ContentType = "application/json" #Set up the JSON Payload to send to the netscaler $PayLoad = ConvertTo-JSON @{ "csvserver_vpnvserver_binding"=@{ "name"=$Name; "vserver"=$vServer } } #Execute the NetScaler Nitro Command and catch the output. If error then break the function Invoke-RestMethod -uri $Url -WebSession $nsSession.WebSession -ContentType $ContentType -Body $Payload -Method $Method cls write-host -ForegroundColor Green "Content Switch Binding has been added" } function Bind-CertificateCS { <# .SYNOPSIS Binds a Certificate to the Content Switch. .DESCRIPTION Binds a Certificate to the Content Switch. .PARAMETER NSIP NetScaler IP Address .PARAMETER Name Content Switch Name .PARAMETER CertName Certificate Name .NOTES Name: Bind-CertificateCS Author: David Brett - Citrix CTP Date Created: 21/04/2017 .CHANGE LOG David Brett - 21/04/2017 - Initial Script Creation .LINK https://bretty.me.uk #> [cmdletbinding( DefaultParameterSetName = '', ConfirmImpact = 'low' )] Param ( [Parameter( Mandatory = $True, Position = 0, ParameterSetName = '', ValueFromPipeline = $True)] [string]$NSIP, [Parameter( Mandatory = $True, Position = 1, ParameterSetName = '', ValueFromPipeline = $True)] [string]$Name, [Parameter( Mandatory = $True, Position = 2, ParameterSetName = '', ValueFromPipeline = $True)] [string]$CertName ) #Check if there is a valid NetScaler session active if ($nssession -eq $null) { write-host -ForegroundColor Red "NetScaler Login is required to continue, please use Login-NetScaler, quitting" break } #Set up the NetScaler Url for NITRO $Url = "$NSIP/nitro/v1/config/sslvserver_sslcertkey_binding" #Set the HTTP Method $Method = "POST" #Set the Request Header for Content Type $ContentType = "application/json" #Set up the JSON Payload to send to the netscaler $PayLoad = ConvertTo-JSON @{ "sslvserver_sslcertkey_binding"=@{ "vservername"=$Name; "certkeyname"=$CertName } } #Execute the NetScaler Nitro Command and catch the output. If error then break the function Invoke-RestMethod -uri $Url -WebSession $nsSession.WebSession -ContentType $ContentType -Body $Payload -Method $Method cls write-host -ForegroundColor Green "Content Switch Binding has been added" } function Bind-CertificateGW { <# .SYNOPSIS Binds a Certificate to the NetScaler Gateway. .DESCRIPTION Binds a Certificate to the NetScaler Gateway. .PARAMETER NSIP NetScaler IP Address .PARAMETER Name NetScaler Gateway Name .PARAMETER CertName Certificate Name .NOTES Name: Bind-CertificateCS Author: David Brett - Citrix CTP Date Created: 21/04/2017 .CHANGE LOG David Brett - 21/04/2017 - Initial Script Creation .LINK https://bretty.me.uk #> [cmdletbinding( DefaultParameterSetName = '', ConfirmImpact = 'low' )] Param ( [Parameter( Mandatory = $True, Position = 0, ParameterSetName = '', ValueFromPipeline = $True)] [string]$NSIP, [Parameter( Mandatory = $True, Position = 1, ParameterSetName = '', ValueFromPipeline = $True)] [string]$Name, [Parameter( Mandatory = $True, Position = 2, ParameterSetName = '', ValueFromPipeline = $True)] [string]$CertName ) #Check if there is a valid NetScaler session active if ($nssession -eq $null) { write-host -ForegroundColor Red "NetScaler Login is required to continue, please use Login-NetScaler, quitting" break } #Set up the NetScaler Url for NITRO $Url = "$NSIP/nitro/v1/config/sslvserver_sslcertkey_binding" #Set the HTTP Method $Method = "POST" #Set the Request Header for Content Type $ContentType = "application/json" #Set up the JSON Payload to send to the netscaler $PayLoad = ConvertTo-JSON @{ "sslvserver_sslcertkey_binding"=@{ "vservername"=$Name; "certkeyname"=$CertName } } #Execute the NetScaler Nitro Command and catch the output. If error then break the function Invoke-RestMethod -uri $Url -WebSession $nsSession.WebSession -ContentType $ContentType -Body $Payload -Method $Method cls write-host -ForegroundColor Green "Content Switch Binding has been added" } function Bind-GatewayLDAP { <# .SYNOPSIS Binds a LDAP Auth Policy to the NetScaler Gateway. .DESCRIPTION Binds a LDAP Auth Policy to the NetScaler Gateway. .PARAMETER NSIP NetScaler IP Address .PARAMETER Name NetScaler Gateway Name .PARAMETER PolicyName LDAP Policy Name .NOTES Name: Bind-GatewayLDAP Author: David Brett - Citrix CTP Date Created: 21/04/2017 .CHANGE LOG David Brett - 21/04/2017 - Initial Script Creation .LINK https://bretty.me.uk #> [cmdletbinding( DefaultParameterSetName = '', ConfirmImpact = 'low' )] Param ( [Parameter( Mandatory = $True, Position = 0, ParameterSetName = '', ValueFromPipeline = $True)] [string]$NSIP, [Parameter( Mandatory = $True, Position = 1, ParameterSetName = '', ValueFromPipeline = $True)] [string]$Name, [Parameter( Mandatory = $True, Position = 2, ParameterSetName = '', ValueFromPipeline = $True)] [string]$PolicyName ) #Check if there is a valid NetScaler session active if ($nssession -eq $null) { write-host -ForegroundColor Red "NetScaler Login is required to continue, please use Login-NetScaler, quitting" break } #Set up the NetScaler Url for NITRO $Url = "$NSIP/nitro/v1/config/vpnvserver_authenticationldappolicy_binding" #Set the HTTP Method $Method = "POST" #Set the Request Header for Content Type $ContentType = "application/json" #Set up the JSON Payload to send to the netscaler $PayLoad = ConvertTo-JSON @{ "vpnvserver_authenticationldappolicy_binding"=@{ "name"=$Name; "policy"=$PolicyName } } #Execute the NetScaler Nitro Command and catch the output. If error then break the function Invoke-RestMethod -uri $Url -WebSession $nsSession.WebSession -ContentType $ContentType -Body $Payload -Method $Method cls write-host -ForegroundColor Green "LDAP Policy Binding Complete" } function Bind-GatewaySession { <# .SYNOPSIS Binds a Session Policy to the NetScaler Gateway. .DESCRIPTION Binds a Session Policy to the NetScaler Gateway. .PARAMETER NSIP NetScaler IP Address .PARAMETER Name NetScaler Gateway Name .PARAMETER PolicyName Session Policy Name .NOTES Name: Bind-GatewaySession Author: David Brett - Citrix CTP Date Created: 21/04/2017 .CHANGE LOG David Brett - 21/04/2017 - Initial Script Creation .LINK https://bretty.me.uk #> [cmdletbinding( DefaultParameterSetName = '', ConfirmImpact = 'low' )] Param ( [Parameter( Mandatory = $True, Position = 0, ParameterSetName = '', ValueFromPipeline = $True)] [string]$NSIP, [Parameter( Mandatory = $True, Position = 1, ParameterSetName = '', ValueFromPipeline = $True)] [string]$Name, [Parameter( Mandatory = $True, Position = 2, ParameterSetName = '', ValueFromPipeline = $True)] [string]$PolicyName ) #Check if there is a valid NetScaler session active if ($nssession -eq $null) { write-host -ForegroundColor Red "NetScaler Login is required to continue, please use Login-NetScaler, quitting" break } #Set up the NetScaler Url for NITRO $Url = "$NSIP/nitro/v1/config/vpnvserver_vpnsessionpolicy_binding" #Set the HTTP Method $Method = "POST" #Set the Request Header for Content Type $ContentType = "application/json" #Set up the JSON Payload to send to the netscaler $PayLoad = ConvertTo-JSON @{ "vpnvserver_vpnsessionpolicy_binding"=@{ "name"=$Name; "policy"=$PolicyName } } #Execute the NetScaler Nitro Command and catch the output. If error then break the function Invoke-RestMethod -uri $Url -WebSession $nsSession.WebSession -ContentType $ContentType -Body $Payload -Method $Method cls write-host -ForegroundColor Green "LDAP Policy Binding Complete" } function Bind-GatewaySTA { <# .SYNOPSIS Binds a STA to the NetScaler Gateway. .DESCRIPTION Binds a STA to the NetScaler Gateway. .PARAMETER NSIP NetScaler IP Address .PARAMETER Name NetScaler Gateway Name .PARAMETER StaUrl STA Url .NOTES Name: Bind-GatewaySTA Author: David Brett - Citrix CTP Date Created: 21/04/2017 .CHANGE LOG David Brett - 21/04/2017 - Initial Script Creation .LINK https://bretty.me.uk #> [cmdletbinding( DefaultParameterSetName = '', ConfirmImpact = 'low' )] Param ( [Parameter( Mandatory = $True, Position = 0, ParameterSetName = '', ValueFromPipeline = $True)] [string]$NSIP, [Parameter( Mandatory = $True, Position = 1, ParameterSetName = '', ValueFromPipeline = $True)] [string]$Name, [Parameter( Mandatory = $True, Position = 2, ParameterSetName = '', ValueFromPipeline = $True)] [string]$StaUrl ) #Check if there is a valid NetScaler session active if ($nssession -eq $null) { write-host -ForegroundColor Red "NetScaler Login is required to continue, please use Login-NetScaler, quitting" break } #Set up the NetScaler Url for NITRO $Url = "$NSIP/nitro/v1/config/vpnvserver_staserver_binding" #Set the HTTP Method $Method = "POST" #Set the Request Header for Content Type $ContentType = "application/json" #Set up the JSON Payload to send to the netscaler $PayLoad = ConvertTo-JSON @{ "vpnvserver_staserver_binding"=@{ "name"=$Name; "staserver"=$StaUrl } } #Execute the NetScaler Nitro Command and catch the output. If error then break the function Invoke-RestMethod -uri $Url -WebSession $nsSession.WebSession -ContentType $ContentType -Body $Payload -Method $Method cls write-host -ForegroundColor Green "LDAP Policy Binding Complete" }
Pingback: How to Build a Citrix NetScaler Unified Gateway in under a Second
Can you give me a short hint on why to use PowerShell instead of just bulk importing a bunch of predefined netscaler commands on the ns-shell or through a batch file? This also takes just a few seconds and brings us to the same result, doesn’t it?
I think I missed something obvious here maybe. Thank you!
Hi Marco,
I agree you could use a batch file and a bunch of SSH commands to achieve the same. However, using Powershell and NITRO lets you check for configurations and trap errors before sending the JSON Payload to the NetScaler. I also allows for a nicer user experience if you chose to wrap a UI around the script. You can also manipulate the output and feed into other applications as an output from the NITRO actions (such as Octoblu).
As always there is more than one way to achieve the same task – Powershell is the option I use currently as it gives me the greatest flexibility.
Dave