Monthly Archives: October 2016

Configuring Citrix FAS with shibboleth iDP

So the other I was invovled trying to get shibboleth SAML iDP to work with Citrix FAS, but for some reason the user authentication was never successful. When reviewing the the authentication tab in NetScaler I noticed that only the username from the iDP was being sent with the SAML assertion to the NetScaler, so when the NetScaler tries to forward this to Storefront to validate it couldn’t resolve the UPN therefore authentication failed.

So in order for Shibboleth to send the full UPN you need to adjust some customizations.

<s:samlContentSpecifications xmlns:s=””>

    <contentSpecification name=”name”

                          channelType=”office”

                          profileType=”saml2_”

                          signResponseWithKey=”signedcert”

                          includeCertificateInfo=”true”>

        <namespace name=””>

               <attribute name=”UserID”>

                <value>${officeUser.systemAccess:fddata.fdUserId}@domainname.com</value>

            </attribute>

So in the Content specification you need to specify the @domainname behind so when a SAML assertion is being forwarded to the NetScaler Gateway it will map it to an UPN instead of just the username.

Introduction to Morpheus data

As a Service Provider you need to have support for multiple platforms, multiple services, multiple applications but still having to have a consistent way to deliver each and every service to the end-customer. Now most vendors have their own self-service solution which works for their own service, the issue with these are that they often don’t integrate with others or are missing customization options to make it easier to do custom deployments. Now when I worked at BigTec I stumbled across Morpheus Data, but I didn’t have a chance to take a closer look at it until now.  Now the cool thing with Morpheus is that it provides an orchestration layer across different platforms like (AWS, GCP, Microsoft Azure, vCloud Air, Nutanix, AzureStack even!)

Just a sneak peak of the dasbhoard

image

It can also integrate with load balancers like NetScaler, AVI and F5 which handles scaling of load balanced services. So just to give an example of how a service can be provisioned from within Morpheus. So for instance for a certain customer I can spin up resources on a cloud (Which can be either locally or in the cloud, I have a local ESX cluster I can deploy resources to)

image

I can choose NGINX which is a finished image I have available to deploy to my resources.

image

So I specify the location which is the “cloud” setting and click next, then I specify the VMware options like host, datastore & networks and so on. This can of course be defined in the template. Then I specify the load balancing settings as well

image

So this enviroment is integrated with Avi Networks Controller to handle load balancing setup. Now I can see in the portal that the VM is spinning up.

image

So now the virtual machine is provisioned

image

If I look under scale settings I can see that it has also deployed a load balancing rule to AVI networks as well

image

So if I now access the LB IP, Yiha!

image

I can also go into the instance and scale out the node as well, to give another node to the service

image

image

It will also automatical update the LB vserver with the additional node as well. The cool thing is that it checks the availability automatically depending on the type of service that is deployed, so for instance for web services it does an automatic HTTP GET

image

So this has been a quick introduction to Morpheus data, which I will clearly be taking a closer look at moving forward with the cloud management platform solution which seems to be to have alot of integrations already in place, and I also noticed that they are also in the whatmatrix category for CMP which they are listed as the one with the highest technical score, so keep an watch out for this one! Smilefjes You can check our more here –> http://www.morpheusdata.com

Goliath for NetScaler v4

Today, Goliath Technologies is releasing version 4.0 of their Goliath for NetScaler product, which is packed with new features. Up until now Goliath has focused presenting AppFlow data and the critical metrics to measure end-user experience of both ICA traffic and Web insight to the IT-administrators responsible for. AppFlow can be used to essentially measure two types of metrics, either HDX data which is typical ICA-proxy traffic, where it measures ICA latency, bandwidth usage and so on. There is also the other metric which is Web insight. With Web insight we get a constant flow of information about which clients are connecting, where they are connecting from, what resource did they request and so on.

This information is crucial to measure for instance if:

· Are users suffering from bad user-experience or timeouts?

· Are users getting 404 error messages from the web service?

· Is our web service good enough for mobile devices?

But! Appflow is just a small part of the puzzle. AppFlow measures the traffic going from the client to the backend resource, it does not however measure the state of the NetScaler as traffic goes through, so if we have some users complain about web sessions timing out, or ICA sessions freezing we will not get a good explanation why from AppFlow, because this might be because the NetScaler has too much traffic to handle, or the CPU usage has gotten to a point where it cannot process packets.

This is where the second piece of GFN 4 comes in, having AppFlow data combined with real-time NetScaler performance metrics which are being pulled from the appliances using NITRO API, which allows us to show how the NetScaler is performing while seeing how ICA traffic and Web sessions are behaving at the same time.

Within the 4.0 we now have the option add NetScaler Appliances

clip_image002

This should be just using a read-only user on the NetScaler, to allow pulling of data using the NITRO API. Once you have added an appliance, it will start to pull data.

Now within the main dashboard we now have a new pane called infrastructure. The infrastructure view is an also new capability that provides a single screen view of the entire NetScaler deployment from hardware to policies. Having this aggregated overview is a great benefit because all data points that are important are available in a glance, as opposed to having to move between management screens or having to drill into multiple layers within the console.

clip_image004

So we can go into detail and take a closer look at for instance load balanced virtual servers, hit rate and attached virtual services

clip_image005

We can also get a list of policies and see if we have had any hits on those specific policies today. I’m not going to go through them all in detail, but the infrastructure view provides an easy view of the NetScaler infrastructure in terms of “How are my NetScaler’s today?”

We also have custom reports available, which are built upon the data it collects from the NITRO API so for instance we can see if we have a spike in the packet CPU on the NetScaler, or perhaps the MGMT CPU got a spike we can get this information easily from the built-in reports.

clip_image007

Now Goliath has also included some updates to the AppFlow monitoring as well, which makes it easier to see which ICA-channel for a particular user is taking much bandwidth

clip_image009

Which of course makes it easier to detect if there is a printer hogging all the available bandwidth in a session and so on. Another issue that happens with an ICA session is Jitter, which is actually the variation of data between the end-user and the session. So with this release they have also included Client RTT/Jitter metric which also can be correlated with server RTT/Jitter

clip_image011clip_image013

Which allows us to much easier tell if for instance a user is suffering from packet loss / retransmission or other factors which affects the variation on the session, and we can now correlate it with the Server RTT and Jitter if an issue is connected or not.

So these are just some of the new features added in GFN 4.0. NetScaler is a Swiss army tool of features and therefore it is important to keep a close eye on how it is behaving since it is often a crucial part of many company’s infrastructure, and with GFN 4.0 I believe Goliath are on the right path in terms of how to fully manage and monitor our NetScaler infrastructure.

You can download GFN4 trial by filling out the form on this page here.

ADC Category published on WhatMatrix.com

So this is something that Ive been working on for some time. Since I initially contacted WhatMatrix for about half a year ago. Since they already had alot of comparisons already I immidietly noticed that something was missing, which was ADC category! Now  having worked alot with NetScaler, KEMP, AVI I felt like I had alot to contribute with. So Ive been speaking with the different vendors and have gotten great feedback and insight into their roadmap and vision for the future as well. The vendors have also been quite helpful with feedback on the features as well.

In the initial comparison you can see Radware, Citrix & Avi Networks, which some other vendors which will be published shortly. Important to note that this is a pure feature comparison and does not reflect in granular level on all the different features,, or ease of use or other factors as well. More features will be published in the matrix as well soon.

Well what are you waiting for? take a look at it here — https://www.whatmatrix.com/comparison/Application-Delivery-Controllers#’

Feedback is of course very velcome! things change, things make be marked wrong or lacking details so if you have feedback send it to me on msandbu@gmail.com

If you work for a vendors which you would like to see published let me know as well, ill help in anyway I can as well.