Featured Post

NetScaler Cipher Lists - 2016 Edition with ECC/ECDSA

The new NetScaler 11.1 Release (starting with Build 47.14) brings Support for ECC/ECDSA Ciphers, unfortunately only on MPX Appliances with a...

Wednesday, July 3, 2013

Configure NetScaler Gateway for Receiver Storefront Access

I have seen quite a lot of Questions in the CitrixIRC Channel on how to correctly configure the NetScaler Access Gateway (now named NetScaler Gateway) to provide access to Storefront Services (also often called CloudGateway Express) for all the different Citrix Receivers.

The following Configuration is intended for a CloudGateway Express Implementation (Storefront without the AppController). The Load Balancing of the Storefront Servers itself should already be working (see my other Blogpost on how to setup Storefront Load Balancing).

I'll just dump a lot of Screenshots of my NetScaler Gateway Configuration without any further explanations in the hopes to help someone out there in configuring the NetScaler Gateway + Storefront. If you have questions, feel free to leave a comment below.

Screenshots after the break.

Citrix NetScaler Storefront Load Balancing

A quick Guide on how to setup your Storefront Servers for Load Balancing under NetScaler.
  • The first Step is to add your Storefront Servers as Servers in the NetScaler GUI under Load Balancing -> Servers. My Storefront Servers are my existing Citrix WebInterface Servers who are currently running WebInterface 5.4 and Storefront 2.0 side by side.

  • The next Step is to configure the needed Storefront Monitors. Since NetScaler Release 10.1 there is a new builtin Storefront Monitor. For every Storefront Server you are going to load balance you should create a separate Monitor (see my older Blogpost for more Information).
  • Update: Since Netscaler Build 10.1-123.9 the Storefront Monitor Script has been updated by Citrix and no longer requires the Hostname. So you can now use a single Storefront Monitor for all your Storefront Servers.

    If you are loadbalancing a HTTPS/SSL Storefront Deployment make sure to tick the "Secure" Box when configuring the NetScaler Monitor under Standard Parameters (not shown in the Screenshot because of a Bug in the older Netscaler Builds before 10.1-123.9)

    Under the "Special Parameters" Tab fill in the Hostname of your Server hosting the Storefront Services and also fill in the Store Name you choose during the initial Storefront Installation and Configuration.

  • Step 3 is to create your Storefront Services under Load Balancing -> Services. Bind your newly created Storefront Monitors to your Services. If you have created separate Monitors for every Storefront Server, make sure to bind the correct Monitor to the corresponding Storefront Service or else your Monitor will mark your Service as DOWN.

    Under the "Advanced" Tab you'll have to enable the "Client IP" checkbox and put X-Forwarded-For into the Textfield (like in the Screenshot).

  • The last step is to create the Virtual Server who will be load balancing your two (or more) Storefront Servers. Choose an IP and activate the previously created Storefront Services (svc_sf01 and svc_sf02 in my case). I would recommend creating a new DNS A Record pointing to your new Virtual IP (should be the same Alias you choose during the Storefront Configuration).

    Under "Method and Persistence" choose Round Robin or Least Connection as LB Method. Under Persistence you should select SOURCEIP and set the Time-out to 20 Minutes (Default Timeout in Storefront).

    Finally create a new SSL Cert pointing to the DNS Alias you created earlier and bind the SSL Cert to the Virtual Server. Done. 

Feel free to leave a comment if you have questions.