Warning: Creating default object from empty value in /home/content/84/11844684/html/wp-content/themes/platform/includes/class.layout.php on line 164

Warning: Creating default object from empty value in /home/content/84/11844684/html/wp-content/themes/platform/includes/class.layout.php on line 167

Warning: Creating default object from empty value in /home/content/84/11844684/html/wp-content/themes/platform/includes/class.layout.php on line 170

Warning: Creating default object from empty value in /home/content/84/11844684/html/wp-content/themes/platform/includes/class.layout.php on line 173

Warning: Creating default object from empty value in /home/content/84/11844684/html/wp-content/themes/platform/includes/class.layout.php on line 176

Warning: Creating default object from empty value in /home/content/84/11844684/html/wp-content/themes/platform/includes/class.layout.php on line 178

Warning: Creating default object from empty value in /home/content/84/11844684/html/wp-content/themes/platform/includes/class.layout.php on line 180

Warning: Creating default object from empty value in /home/content/84/11844684/html/wp-content/themes/platform/includes/class.layout.php on line 202

Warning: Creating default object from empty value in /home/content/84/11844684/html/wp-content/themes/platform/includes/class.layout.php on line 206

Warning: Creating default object from empty value in /home/content/84/11844684/html/wp-content/themes/platform/includes/class.layout.php on line 224

Warning: Creating default object from empty value in /home/content/84/11844684/html/wp-content/themes/platform/includes/class.layout.php on line 225

Warning: Creating default object from empty value in /home/content/84/11844684/html/wp-content/themes/platform/includes/class.layout.php on line 227

Warning: Creating default object from empty value in /home/content/84/11844684/html/wp-content/themes/platform/includes/class.layout.php on line 321

Warning: Creating default object from empty value in /home/content/84/11844684/html/wp-content/themes/platform/includes/class.layout.php on line 321

Warning: Creating default object from empty value in /home/content/84/11844684/html/wp-content/themes/platform/includes/class.layout.php on line 321

Warning: Creating default object from empty value in /home/content/84/11844684/html/wp-content/themes/platform/includes/class.layout.php on line 321

Warning: Creating default object from empty value in /home/content/84/11844684/html/wp-content/themes/platform/admin/class.options.metapanel.php on line 56

Warning: Creating default object from empty value in /home/content/84/11844684/html/wp-content/themes/platform/admin/class.options.metapanel.php on line 56

Warning: Creating default object from empty value in /home/content/84/11844684/html/wp-content/themes/platform/admin/class.options.metapanel.php on line 56

Warning: Creating default object from empty value in /home/content/84/11844684/html/wp-content/themes/platform/admin/class.options.metapanel.php on line 49
Citrix Netscaler: Configuring HTTP and HTTPS Load Balancing (without SSL Offload) | Trailing Reboot

When configuring Load Balancing for SSL (HTTPS) connections you have a number of options. In many cases you will want to use SSL Offloading wherein the Netscaler negotiates the SSL encryption with the client and unencrypted traffic is then passed to the server (offloading the SSL overhead from the web server and reducing server load). In some cases, however, you may not want to offload the SSL overhead and instead allow IIS or Apache to negotiate the SSL communication as they would were the connection not traversing a load balancer.

The example below enables load balancing for two Citrix Storefront servers with both the HTTP and HTTPS protocols on port 80 and 443 respectively. This assumes you have a Netscaler deployed, licensed and configured with appropriate networking (in particular, a NSIP and SNIP are defined). Note that this will re-write the source address and traffic will traverse the Netscaler to both send data to the web server and to reply to the client.

To configure Netscaler load balancing for HTTP and HTTPS connections using a single VIP for both:

  1. Log in to Netscaler. Access Traffic Management -> Load Balancing -> Servers
  2. Add your servers, specifying a name and IP Address:
  3. Access Traffic Management -> Load Balancing -> Services.
  4. Now, we need to configure services. These define how we determine which servers are functioning.
    • Service definition for the HTTPS load balancing without SSL offload:
      Note: The protocol is SSL_BRIDGE (not SSL). This enables you to pass the SSL communication to the servers without offloading.
    • Service definition for unsecured HTTP connections:
  5. Add additional services for each server. When you’re done, your services should look similar to this:
  6. Access Traffic Management -> Load Balancing -> Virtual Servers
  7. Now, we create virtual servers. Create a virtual server for each port we’ll be load balancing. If you will be balancing two ports on the same IP you will need two virtual servers.
    • Virtual Server for HTTPS:
    • Virtual Server for HTTP:
  8. Once your virtual servers are configured wait for a moment or two while the Netscaler initiates load balancing. You after a minute you should see the virtual server with two hosts ‘UP’:

And you’re done! Test with a telnet session on port 80 and port 443 to your virtual server IP and confirm that the connection is not refused.

Tagged with:
 

4 Responses to Citrix Netscaler: Configuring HTTP and HTTPS Load Balancing (without SSL Offload)

  1. Dave Lynn says:

    What about certs? You don’t mention them at all.

    • Shawn says:

      Hey Dave – thanks for asking. This example assumes that we are not doing SSL offloading with the Netscaler. In other words, we’re forwarding traffic on port 443 to the web server and the SSL certificate is installed on the web server itself (and configured for the website).

  2. Naveen says:

    Shawn,
    Excellent one but what we are doing is we have f5 which is redirecting the traffic from http to https, so any idea what we do on the Storefront as we have 2 Storefront for load balancing.
    If I understood correctly we will have to install the same certificate on both Storefront Servers and then in the change base url we point to VIP IP of the F5, is this right?
    Any thought suggestion would be appreciated!!!!

    • Shawn says:

      You could do exactly that with your F5 load balancer.

      Alternatively, you could install your certificate on the F5 and have F5 terminate the SSL connection. In that scenario the clients will talk to F5 on port 443 and the F5 would communicate with Storefront on http/port 80.

      In either scenario the VIP host name would be your base URL.

Leave a Reply

Your email address will not be published. Required fields are marked *