This blog helps in configuring XenMobile server in cluster mode and load balancing it with NetScaler (NS).  XMS is a unified server which is an integration between XDM and AppC, hence there would be two Load Balance VIPs (LB VIP) that need to be configured at NetScaler level. In the earlier versions of XME, we had XDM configured as cluster and AppC as HA pair cluster. Now, in the unified console of XMS, only cluster is configured.

There are two LB VIPs required, which are :

MDM LB VIP – MDM LB VIPs are required to configure XDM cluster in SSL Bridge mode. These LB VIPs are created on 443 and 8443 ports.

MAM LB VIP – MAM LB VIP is required for AccessGateway to talk to XMS. The LB VIP is created on 8443 port. In the XMS, all the traffic from AccessGateway is routed to LB VIP on 8443 port.

This can  be manually configured or via Wizard in the NetScaler.


  1. It is assumed that you have the required XMS nodes fully configured.
  2. Two free IPs for LB VIPs
  3. Server Certificate/s
  4. AG VIP already configured
NOTE: There is a wizard available in NetScaler 10.5 to create the MDM and MAM VIPs and the configurations automatically, via XenMobile 10 Deployment Wizard. However, the intent of this blog is to understand the configurations done by the wizard while creating the VIPs so that it will help in troubleshooting. This blog also helps with steps to create MAM VIP manually, without using the Wizard for better undestanding.

Visit the below URL , FAQs on XenMobile 10 and NetScaler 10.5 Integration and also steps to run the XenMobile 10 Deployment Wizard in NetScaler:

1.    Install the Cluster Nodes

Based on the number of nodes required, you need to create new VMs and point them to same DB and providing same pki certificate passwords. You should also ensure the ‘enable cluster’ is set to ‘y’ in CLI while configuring the first node.

Follow the below steps to join a new VM to cluster.

1. Open the console of the new VM and enter a new password for Admin account

2. Provide the network configuration details as below

3. If you want to use the default password for data protection, you can type ‘y’ here else type ‘n’ and enter a new password

4. Configure the database such that you point to same DB as that of the previous fully configured VM. You will see the message “Database already exists”

5. Enter the same passwords for the certificates here, as was given for the first VM.

6. After you have entered the password, the initial configuration on second node will complete.

7. Once the configuration is complete, the XMS will restart and you will get the login prompt

Note: The login prompt name here would be same in all the nodes, which is the host name of the XMS. This is a check point to understand that both the VMs are pointing to the same DB server/service.

8. Access the UI of the XMS server using the FQDN. On the landing page, top right you will find a tool icon (circled in red in the below image). Click on that.

9. This will open up a support utility page. In that page, under Advanced, click on Cluster Information

10. This page will provide you all the information about the cluster including cluster member, device connection information, tasks etc.

11. This is how a new node is made member of cluster. You can add other nodes by following the same method.

1.1.    Finding XMS Node Server IDs

To find service IDs of nodes, perform the below steps:


1. Login to CLI of XMS for which you want to find the node ID

2. Enter choice as 1 to get into Clustering Menu

3. You can see the node ID, as shown

Note: Repeat same steps to find the Node IDs of all the cluster members in the XMS cluster


1. Login to XMS Admin Console

2. In the support page, click on Cluster Information under Advanced

3. You will find the node IDs, as shown below

2.    Configure Load Balancing of XMS Cluster in NetScaler

Once the required nodes are added as members of XMS cluster, you need to load balance them to access these clusters. Since it is a unified XMS server console, you need to configure SSL bridge on MDM component and MAM component. You will also need to configure DNS address record (NetScaler > Traffic Management > DNS Records > Address Records) to point the XMS FQDN to MAM LB VIP. The required details are explained in the this blog.


In this section, we will look at configuring SSL Bridge using the wizard in NetScaler.

1. Login to NetScaler Gateway

2. In the Configuration tab, click on XenMobile

3. Click on Configure (Device Manager Load Balancing)

4. Enter the LB VIP

5. Click on Continue

6. To this VIP, add the XMS nodes

7. Enter the XMS server IP

8. Click Add

9. In the same way, add the second node of XMS

10. Click Continue and then Done.

This will create the MDM LB VIP


You need to configure SSL Offload for MAM component on 8443 port by following the steps below

1. Navigate to Configurations -> Traffic Management ->Load Balancing ->Virtual Servers

2. Click on ‘Add’

3. Enter the MAM LB VIP server info here

4. Protocol should be SSL and Port should be 8443

5. Click Continue

6. After you have created a VIP, you need to add the Persistence value

7. Select Persistence as CustomServerID

8. Enter the below value as expression


9. Click Save and you will see this screen with saved settings

10. Since this is on SSL Certificate, you need to bind the server certificate. From Advanced on the left side, choose certificates

11. Choose the > mark to add certificate (as shown below)

12. It will take you to server cert key page, click Bind

13. Select the SSL certificate and click on Insert

14. Click Continue

15. Click Done

2.3.    Create Service Groups

Create Service Groups by following the steps given here:

Service Group for MDM on Port 443

1. Navigate to NetScaler > Traffic Management > Load Balancing > Service Groups

2. Click Add

3. Choose the protocol as SSL_BRIDGE

4. Click Continue

5. Click Done to create service group

6. In the same way, create one more service group for MDM on port 8443

7. Once done with MDM, you need to create a service group for MAM on port 8443

Note: You can follow the same steps as above. Make sure the Protocol is selected as SSL

2.4.    Create Members for Service Groups

Create members for Service Groups by following the steps given here

1. Open the LB service groups and click on first (or anyone) to add members

2. Here, I have selected MDM service group on port 443

3. Click + next to Members

4. Click > to add service members

5. Click Add

6. Enter the IP address of the Node

7. Make sure the port number matches.

8. Repeat the same steps for other nodes of in cluster

9. Once done, click Close

10. Click Done

11. Repeat the same steps for MDM service group on port 8443

Note: Since groups and members are mapped, you would see the status UP

12. Now, open the MAM service group

13. Perform the same steps as you have done for MDM, and also you need to add the server IDs as shown here.

14. You should see all the VIPs in Enabled and UP mode

2.5.    Binding LB VIPs to Service Groups

You need to bind the service groups with the LB VIPs. You can do that by performing the below steps

1. Open the MDM LB (or anyone that you like)

2. On the right side, click on service groups

3. Click the > mark in the service group

4. Click on Bind

5. Select the same port group to bind

6. Click Save

7. Click Done

8. You will see that LB VIP shows as enabled and up

9. Repeat the steps for other LB VIPs

10. You should see all the LBs in UP and Enabled state

2.6.    Point AG VIP to LB VIP

After configuring the LB VIP, you point AG to LB VIP. You can do that by following the below steps:

1. Open the AG VIP configuration page (NS Configuration -> XenMobile)

2. Click Edit

3. Click on Edit beside XenMobile Settings

4. Append the App Controller FQDN (XMS FQDN) with :8443

5. After you append, you would see the port as below

6. Click Done

2.7.    Point XMS Host to MAM LB VIP

You need make changes in NS to route all the traffic from AG to MAM LB VIP. To achieve this, we need to add a DNS record in NS, as below

1. Navigate to NetScaler > Traffic Management > DNS > Records > Address Records

2. Click Add

3. Enter the Host Name and AG VIP IP address and click the + sign to add the IP

4. Click Create

5. You will see the DNS entry in the list.


This concludes the blog.