Part 1: Introduction and getting started.

Part 2: Basic operations and initial configuration.

Part 3: SSL certificates and StoreFront load balancing.

Part 4: NetScaler Gateway with StoreFront configuration.

Part 5: High Availability configuration.
In the last part we looked at SSL certificates and load balancing StoreFront servers. In this post, we’ll go over configuring NetScaler Gateway to work with a load balanced StoreFront configuration.

Configuring NetScaler Gateway for StoreFront

In conjunction with the configuration in the NetScaler appliance, you will need to ensure in the StoreFront console that:

  • The authentication method “Pass-through from NetScaler Gateway” is configured and enabled
  • The NetScaler Gateway appliance has been added and configured (with STA servers) in the NetScaler Gateway node.
  • Remote Access has been configured as No VPN tunnel for the StoreFront store and to use the NetScaler Gateway appliance.

Also, like in the load balancing example from part 3 of this blog series, you’ll need an SSL certificate configured as a certificate and key pair. This cert/key pair is bound to the NetScaler Gateway virtual server as seen in the example below.

Creating a new NetScaler Gateway configuration for StoreFront
(New-NSGatewaySFConfiguration.ps1 example)

To create a gateway configuration that connects to StoreFront, you would normally go over the following steps:

  • Enable features
  • Create LDAP authentication action
  • Create LDAP authentication policy
  • Create VPN virtual server
  • Bind LDAP authentication policy to VPN virtual server
  • Create VPN action policies for StoreFront
  • Create VPN session policies for StoreFront
  • Bind VPN session policies to VPN virtual server
  • Bind SSL certificate and key to VPN virtual server

This is how we would call the example script which consumes new functions in the example NetScaler Configuration module:

New-NSGatewaySFConfiguration.ps1 -NSAddress "10.1.2.3" -LDAPServerIP "10.4.5.6" -LDAPBindDN "administrator@mydomain.com" -LDAPBindDNPassword "p4ssw0rd" -VirtualServerName "gateway.mydomain.com" -VirtualServerIPAddress "10.5.6.7" -StoreFrontServerURL "https://storefront.mydomain.com" -STAServerURL "https://controller1.mydomain.com","https://controller2.mydomain.com" -SingleSignOnDomain "mydomain.com" -ReceiverForWebPath "/Citrix/MyStoreWeb" -CertKeyName "gateway.mydomain.com" -NetScalerConfigurationPSModuleLocation "C:\NetScalerConfigurationPart4"

Keep in mind that the values for the parameters in all of the example calls must be modified to fit your configuration.

Get the example PowerShell Module and scripts (Part 4)

This module is now updated in Scripting: Automating NetScaler configurations using NITRO REST API and PowerShell – Part 5

Coming up next

We’ll look at one final use case and example as part of the NetScaler Configuration PowerShell module example.

Happy Scripting!

Santiago Cardenas

Citrix Solutions Lab

Disclaimer:

This software / sample code is provided to you “AS IS” with no representations, warranties or conditions of any kind. You may use, modify and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that (a) the software / sample code may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the software / sample code fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the software / sample code. In no event should the software / code be used to support of ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SOFTWARE / SAMPLE CODE, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the code.