This blog helps in configuring XenMobile server in cluster mode and load balancing it with NetScaler (NS). XMS is a unified server which is an integration between XDM and AppC, hence there would be two Load Balance VIPs (LB VIP) that need to be configured at NetScaler level. In the earlier versions of XME, we had XDM configured as cluster and AppC as HA pair cluster. Now, in the unified console of XMS, only cluster is configured.
There are two LB VIPs required, which are :
MDM LB VIP – MDM LB VIPs are required to configure XDM cluster in SSL Bridge mode. These LB VIPs are created on 443 and 8443 ports.
MAM LB VIP – MAM LB VIP is required for AccessGateway to talk to XMS. The LB VIP is created on 8443 port. In the XMS, all the traffic from AccessGateway is routed to LB VIP on 8443 port.
This can be manually configured or via Wizard in the NetScaler.
- It is assumed that you have the required XMS nodes fully configured.
- Two free IPs for LB VIPs
- Server Certificate/s
- AG VIP already configured
Visit the below URL , FAQs on XenMobile 10 and NetScaler 10.5 Integration and also steps to run the XenMobile 10 Deployment Wizard in NetScaler:
1. Install the Cluster Nodes
Based on the number of nodes required, you need to create new VMs and point them to same DB and providing same pki certificate passwords. You should also ensure the ‘enable cluster’ is set to ‘y’ in CLI while configuring the first node.
Follow the below steps to join a new VM to cluster.
1. Open the console of the new VM and enter a new password for Admin account
2. Provide the network configuration details as below
3. If you want to use the default password for data protection, you can type ‘y’ here else type ‘n’ and enter a new password
4. Configure the database such that you point to same DB as that of the previous fully configured VM. You will see the message “Database already exists”
5. Enter the same passwords for the certificates here, as was given for the first VM.
6. After you have entered the password, the initial configuration on second node will complete.
7. Once the configuration is complete, the XMS will restart and you will get the login prompt
Note: The login prompt name here would be same in all the nodes, which is the host name of the XMS. This is a check point to understand that both the VMs are pointing to the same DB server/service.
8. Access the UI of the XMS server using the FQDN. On the landing page, top right you will find a tool icon (circled in red in the below image). Click on that.
9. This will open up a support utility page. In that page, under Advanced, click on Cluster Information
10. This page will provide you all the information about the cluster including cluster member, device connection information, tasks etc.
11. This is how a new node is made member of cluster. You can add other nodes by following the same method.
1.1. Finding XMS Node Server IDs
To find service IDs of nodes, perform the below steps:
1. Login to CLI of XMS for which you want to find the node ID
2. Enter choice as 1 to get into Clustering Menu
3. You can see the node ID, as shown
Note: Repeat same steps to find the Node IDs of all the cluster members in the XMS cluster
1. Login to XMS Admin Console
2. In the support page, click on Cluster Information under Advanced
3. You will find the node IDs, as shown below
2. Configure Load Balancing of XMS Cluster in NetScaler
Once the required nodes are added as members of XMS cluster, you need to load balance them to access these clusters. Since it is a unified XMS server console, you need to configure SSL bridge on MDM component and MAM component. You will also need to configure DNS address record (NetScaler > Traffic Management > DNS Records > Address Records) to point the XMS FQDN to MAM LB VIP. The required details are explained in the this blog.
2.1. SSL BRIDGE – MDM LB VIP
In this section, we will look at configuring SSL Bridge using the wizard in NetScaler.
1. Login to NetScaler Gateway
2. In the Configuration tab, click on XenMobile
3. Click on Configure (Device Manager Load Balancing)
4. Enter the LB VIP
6. To this VIP, add the XMS nodes
7. Enter the XMS server IP
8. Click Add
9. In the same way, add the second node of XMS
10. Click Continue and then Done.
This will create the MDM LB VIP
2.2. SSL OFFLOAD – MAM LB VIP
You need to configure SSL Offload for MAM component on 8443 port by following the steps below
1. Navigate to Configurations -> Traffic Management ->Load Balancing ->Virtual Servers
2. Click on ‘Add’
3. Enter the MAM LB VIP server info here
4. Protocol should be SSL and Port should be 8443
5. Click Continue
6. After you have created a VIP, you need to add the Persistence value
7. Select Persistence as CustomServerID
8. Enter the below value as expression
9. Click Save and you will see this screen with saved settings
10. Since this is on SSL Certificate, you need to bind the server certificate. From Advanced on the left side, choose certificates
11. Choose the > mark to add certificate (as shown below)
12. It will take you to server cert key page, click Bind
13. Select the SSL certificate and click on Insert
14. Click Continue
15. Click Done
2.3. Create Service Groups
Create Service Groups by following the steps given here:
Service Group for MDM on Port 443
1. Navigate to NetScaler > Traffic Management > Load Balancing > Service Groups
2. Click Add
3. Choose the protocol as SSL_BRIDGE
4. Click Continue
5. Click Done to create service group
6. In the same way, create one more service group for MDM on port 8443
7. Once done with MDM, you need to create a service group for MAM on port 8443
Note: You can follow the same steps as above. Make sure the Protocol is selected as SSL
2.4. Create Members for Service Groups
Create members for Service Groups by following the steps given here
1. Open the LB service groups and click on first (or anyone) to add members
2. Here, I have selected MDM service group on port 443
3. Click + next to Members
4. Click > to add service members
5. Click Add
6. Enter the IP address of the Node
7. Make sure the port number matches.
8. Repeat the same steps for other nodes of in cluster
9. Once done, click Close
10. Click Done
11. Repeat the same steps for MDM service group on port 8443
Note: Since groups and members are mapped, you would see the status UP
12. Now, open the MAM service group
13. Perform the same steps as you have done for MDM, and also you need to add the server IDs as shown here.
14. You should see all the VIPs in Enabled and UP mode
2.5. Binding LB VIPs to Service Groups
You need to bind the service groups with the LB VIPs. You can do that by performing the below steps
1. Open the MDM LB (or anyone that you like)
2. On the right side, click on service groups
3. Click the > mark in the service group
4. Click on Bind
5. Select the same port group to bind
6. Click Save
7. Click Done
8. You will see that LB VIP shows as enabled and up
9. Repeat the steps for other LB VIPs
10. You should see all the LBs in UP and Enabled state
2.6. Point AG VIP to LB VIP
After configuring the LB VIP, you point AG to LB VIP. You can do that by following the below steps:
1. Open the AG VIP configuration page (NS Configuration -> XenMobile)
2. Click Edit
3. Click on Edit beside XenMobile Settings
4. Append the App Controller FQDN (XMS FQDN) with :8443
5. After you append, you would see the port as below
6. Click Done
2.7. Point XMS Host to MAM LB VIP
You need make changes in NS to route all the traffic from AG to MAM LB VIP. To achieve this, we need to add a DNS record in NS, as below
1. Navigate to NetScaler > Traffic Management > DNS > Records > Address Records
2. Click Add
3. Enter the Host Name and AG VIP IP address and click the + sign to add the IP
4. Click Create
5. You will see the DNS entry in the list.
IMPORTANT: The MAM LB VIP FQDN, MDM LB VIP FQDN and the XMS FQDN should be same.
This concludes the blog.