Configuring Citrix NetScaler Load Balancer for use with vSphere Platform Services Controller (PSC) 6.0
search cancel

Configuring Citrix NetScaler Load Balancer for use with vSphere Platform Services Controller (PSC) 6.0

book

Article ID: 341808

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

The purpose of this article is to provide guidance on configuring a Citrix NetScaler Load Balancer with the intention of using it to provide vSphere 6.0 Platform Services Controller (PSC) High Availability.

Note: This article was created using Citrix NetScaler VPX (1000) with Firmware version NS10.5 55.8.nc. Some aspects may differ depending on the version of Citrix NetScaler you are running.

Important: If you have upgraded from SSO 5.5 HA using a Citrix NetScaler Load Balancer, you may have portions of the configuration complete. Some configuration requirements have changed with vSphere 6.0. So it is important that any existing settings are also reviewed.

Note: VMware does not support the configuration or setup of the load balancer used to provide high availability within a vSphere environment. In the event that a non-certified load balancer is used, VMware reserves the right to not support the environment until a compatible load balancer is used.

Environment

VMware vCenter Server 6.0.x
VMware vCenter Server Appliance 6.0.x

Resolution

Upload certificates to the NetScaler Load Balancer

To upload certificates to the NetScaler VPX:
  1. Navigate to Configuration > Traffic Management > SSL > Certificates.
  2. Select Install.
    1. Enter a Certificate-Key Pair Name (psc-ha-crt).
    2. Click Certificate File Name and then select Browse.
    3. Select the certificate (lb.crt) generated as part of the PSC High Availability process.

      Note: You may have to first select Upload and upload the required files to the NetScaler.

    4. Click Key File Name and then select Browse.
    5. Select the key (lb_rsa.key) generated as part of the PSC High Availability process.
    6. Click Install.

  3. Repeat the above steps for the Issuing Certificate (root.cer) generated as part of the PSC High Availability process.

    Note: There is no key to pair with the Issuing Certificate.

  4. Right-click the PSC HA Certificate uploaded in step c. and select Link.
  5. Select the Issuing Certificate uploaded in step 3. and click OK.
Create Server Nodes

To create Servers:
  1. Navigate to Configuration > Traffic Management > Load Balancing > Servers.
  2. Select Add
    1. Enter a Server Name for the First PSC Node (psc-vcsa-1).
    2. Enter an IP Address (192.168.2.105) for the First PSC Node.
    3. Click Create.

  3. Select Add again.
    1. Enter a Server Name for the Additional PSC Node (psc-vcsa-2).
    2. Enter an IP Address (192.168.2.104) for the Additional PSC Node.
    3. Click Create.
Create Services for each port (443, 389, 636, 2012, 2014, 2020)
  1. To create SSL_TCP Port 443 Services:
    1. Navigate to Configuration > Traffic Management > Load Balancing > Services.
    2. Select Add.
      1. Enter a Service Name (psc-vcsa-1-443).
      2. Select Existing Server.
      3. Click Server and then select the First PSC Node (psc-vcsa-1) from the drop down menu.
      4. Click Protocol and then select SSL_TCP.
      5. Click Port and enter 443.

    3. Repeat the above steps for the Additional PSC Node (psc-vcsa-2).

  2. To create TCP Port 389 Services:
    1. Navigate to Configuration > Traffic Management > Load Balancing > Services.
    2. Select Add.
      1. Enter a Service Name (psc-vcsa-1-389).
      2. Select Existing Server.
      3. Click Server and then select the First PSC Node from the drop down menu (psc-vcsa-1).
      4. Click Protocol and then select TCP.
      5. Click Port and then enter 389.

    3. Repeat the above steps for the Additional PSC Node (psc-vcsa-2).

  3. To create TCP Port 636 Services:
    1. Navigate to Configuration > Traffic Management > Load Balancing > Services.
    2. Select Add.
      1. Enter a Service Name (psc-vcsa-1-636).
      2. Select Existing Server.
      3. Click Server and then select the First PSC Node from the drop down menu (psc-vcsa-1).
      4. Click Protocol and then select TCP.
      5. Click Port and enter 636.

    3. Repeat the above steps for the Additional PSC Node (psc-vcsa-2).

  4. To create TCP Port 2012 Services:
    1. Navigate to Configuration > Traffic Management > Load Balancing > Services.
    2. Select Add.
      1. Enter a Service Name (psc-vcsa-1-2012).
      2. Select Existing Server.
      3. Click Server and then select the First PSC Node from the drop down menu (psc-vcsa-1).
      4. Click Protocol and then select TCP.
      5. Click Port and then enter 2012.

    3. Repeat the above steps for the Additional PSC Node (psc-vcsa-2).

  5. To create TCP Port 2014 Services:
    1. Navigate to Configuration > Traffic Management > Load Balancing > Services.
    2. Select Add.
      1. Enter a Service Name (psc-vcsa-1-2014).
      2. Select Existing Server.
      3. Click Server and then select the First PSC Node from the drop down menu (psc-vcsa-1).
      4. Click Protocol and then select TCP.
      5. Click Port and then enter 2014.

    3. Repeat the above steps for the Additional PSC Node (psc-vcsa-2).

  6. To create TCP Port 2020 Services:
    1. Navigate to Configuration > Traffic Management > Load Balancing > Services.
    2. Select Add.
      1. Enter a Service Name (psc-vcsa-1-2020).
      2. Select Existing Server.
      3. Click Server and then select the First PSC Node from the drop down menu (psc-vcsa-1).
      4. Click Protocol and then select TCP.
      5. Click Port and then enter 2020.

    3. Repeat the above steps for the Additional PSC Node (psc-vcsa-2)
Create Virtual Servers for each port (443, 389, 636, 2012, 2014, 2020)
  1. To create SSL_TCP VIP for HTTPS Port 443:
    1. Navigate to Configuration > Traffic Management > Load Balancing > Virtual Servers.
    2. Select Add.
      1. Enter a Name (psc-ha-vip-443).
      2. Click Protocol and then select SSL_TCP.
      3. Click IP Address input the Load Balanced IP Address defined (192.168.2.99).
      4. Click Port and then enter 443.

    3. Click Services and Service Groups and then select No Load Balancing Virtual Server Service Binding.
      1. Select Add Binding.
      2. Click Select Service and then choose the 443 Service for the First PSC Node. (psc-vcsa-1-443).
      3. Click OK.
      4. Click Weight and then enter the value 1.
      5. Click Bind.
      6. Click Select Service and then choose the 443 Service for the Additional PSC Node (psc-vcsa-2-443).
      7. Click Weight and then enter the value 10.
      8. Click Bind.
      9. Click Close.

    4. Click Certificates and then select No Server Certificate.
      1. Click Select Server Certificate and then choose the PSC HA Certificate uploaded in section A.
      2. Click OK.
      3. Click Bind.

    5. Click Certificates and then select No CA Certificate.
      1. Click Select Server Certificate and then choose the Issuing Certificate uploaded in section A.
      2. Click OK.
      3. Click Bind.

  2. To create TCP VIP for Port 389:
    1. Navigate to Configuration > Traffic Management > Load Balancing > Virtual Servers.
    2. Select Add.
      1. Enter a Name (psc-ha-vip-389).
      2. Click Protocol and then select TCP.
      3. Click IP Address and enter the Load Balanced IP Address defined (192.168.2.99).
      4. Click Port and then enter 389.

    3. Click Services and Service Groups and then select No Load Balancing Virtual Server Service Binding
      1. Select Add Binding
      2. Click Select Service and then choose the 389 Service for the First PSC Node. (psc-vcsa-1-389)
      3. Click OK.
      4. Click Weight and enter the value 1.
      5. Click Bind.
      6. Click Select Service and then choose the 389 Service for the Additional PSC Node. (psc-vcsa-2-389)
      7. Click Weight and enter the value 10.
      8. Click Bind.
      9. Click Close.

  3. To create TCP VIP for Port 636:
    1. Navigate to Configuration > Traffic Management > Load Balancing > Virtual Servers.
    2. Select Add.
      1. Enter a Name (psc-ha-vip-636).
      2. Click Protocol and then select TCP.
      3. Click IP Address and enter the Load Balanced IP Address defined (192.168.2.99).
      4. Click Port and then enter 636.

    3. Click Services and Service Groups and then select No Load Balancing Virtual Server Service Binding:
      1. Select Add Binding.
      2. Click Select Service and then choose the 636 Service for the First PSC Node (psc-vcsa-1-636).
      3. Click OK.
      4. Click Weight and then enter the value 1.
      5. Click Bind.
      6. Click Select Service and then choose the 636 Service for the Additional PSC Node (psc-vcsa-2-636).
      7. Click Weight and then enter the value 10.
      8. Click Bind.
      9. Click Close.

  4. To create TCP VIP for Port 2012:
    1. Navigate to Configuration > Traffic Management > Load Balancing > Virtual Servers.
    2. Select Add.
      1. Enter a Name (psc-ha-vip-2012).
      2. Click Protocol and then select TCP.
      3. Click IP Address and then enter the Load Balanced IP Address defined (192.168.2.99).
      4. Click Port and then enter 2012.

    3. Click Services and Service Groups and then select No Load Balancing Virtual Server Service Binding.
      1. Select Add Binding
      2. Click Select Service and then choose the 2012 Service for the First PSC Node (psc-vcsa-1-2012).
      3. Click OK.
      4. Click Weight and then enter the value 1.
      5. Click Bind.
      6. Click Select Service and then choose the 2012 Service for the Additional PSC Node (psc-vcsa-2-2012).
      7. Click Weight and then enter the value 10.
      8. Click Bind.
      9. Click Close.

  5. To create TCP VIP for Port 2014:
    1. Navigate to Configuration > Traffic Management > Load Balancing > Virtual Servers.
    2. Select Add.
      1. Enter a Name (psc-ha-vip-2014).
      2. Click Protocol, select TCP.
      3. Click IP Address and enter the Load Balanced IP Address defined (192.168.2.99).
      4. Click Port and then enter 2014.

    3. Click Services and Service Groups and then select No Load Balancing Virtual Server Service Binding.
      1. Select Add Binding.
      2. Click Select Service and then choose the 2014 Service for the First PSC Node (psc-vcsa-1-2014).
      3. Click OK.
      4. Click Weight and then enter the value 1.
      5. Click Bind.
      6. Click Select Service and then choose the 2014 Service for the Additional PSC Node (psc-vcsa-2-2014).
      7. Click Weight and then enter the value 10.
      8. Click Bind.
      9. Click Close.

  6. To create TCP VIP for Port 2020:
    1. Navigate to Configuration > Traffic Management > Load Balancing > Virtual Server.
    2. Select Add.
      1. Enter a Name (psc-ha-vip-2020).
      2. Click Protocol and then select TCP.
      3. Click IP Address and then enter the Load Balanced IP Address defined (192.168.2.99).
      4. Click Port and then enter 2020.

    3. Click Services and Service Groups and then select No Load Balancing Virtual Server Service Binding.
      1. Select Add Binding.
      2. Click Select Service and then choose the 2020 Service for the First PSC Node. (psc-vcsa-1-2020).
      3. Click OK.
      4. Click Weight and then enter the value 1.
      5. Click Bind.
      6. Click Select Service and then choose the 2020 Service for the Additional PSC Node (psc-vcsa-2-2020).
      7. Click Weight and then enter the value 10.
      8. Click Bind.
      9. Click Close.
Create a Persistency Group

To create Persistency Group:
  1. Navigate to Configuration > Traffic Management > Load Balancing > Persistency Groups.
  2. Click Add.
    1. Click Group Name provide a name (psc-ha).
    2. Click Persistence and then select SOURCEIP.
    3. Click Time-out and enter 1440.
    4. Click Virtual Server Name and then click the + Add button.
    5. Click the > button move all six PSC VIP to the Configured pane.
    6. Click Create.


Additional Information

Citrix NetScaler Load Balancer を vSphere Platform Services Controller (PSC) 6.0 で使用するように構成する

Powered by Wolken Software