So this week, Citrix finally launched Netscaler on Azure. The reason why they couldnt do this before well there has been alot of limitations on Azure and there still are so therefore the appliance itself is also a bit limited, but ill get to that.
So whats important to know about Netscaler on Azure, is that
- Its bring your own license
- Runs as a A2 Linux instance (Which costs about 44$ a month) by default, this can be changed.
- Runs in single IP mode (meaning that VIP – SNIP and NSIP run using the same IP
- Bandwidth is also an extra cost on Azure (Meaning traffic that is going out of Microsofts datacentres)
- Since it runs a single IP mode you do not need to enter a SNIP address (even thou the welcome configuration wizard will bug you about it)
- Runs a custom firmware build Build 51.1048.e, and you we cannot upgrade it.
- Adding a Azure DNS server should be done using TCP not UDP’’
- IP is given using the DHCP service of Azure
- Use the Static IP address feature in Azure to avoid changing IP address in case of reboots and so on.
- There are some features which are not supported
Clustering
IPv6
Gratuitous ARP (GARP)
L2 Mode
Tagged VLAN
Dynamic Routing
Virtual MAC (VMAC)
USIP
GSLB
CloudBridge Connector
Note that we can also use multiple NICs within Azure, this allows to have multiple NICs on a Netscaler intance, but Citrix does not recommend using this feature, and therefore the regular Netscaler VPX in Azure has 1 NIC.
VPX 10, 200 and 1000 is supported in Azure. If you need to have the VPX 1000 you need to scale up the virtual machine in order to support the amount of bandwidth. Since a medium machine A2 instance only supports up to 200 mbps of bandwidth
So now that we know some about how do we set it up ? The easiest way is by using the Marketplace feature in Azure (This requires an active subscription, but can also be setup if you have for instance an MSDN partner sub)
Just search for Citrix and you can find it there.
Now you need to enter a password (or public key) for SSH for the nsroot user. Make sure that by default it is a A2 istance, which I mentioned has limits for bandwidth.
Now we nee to alter some networking configurations as well, before we can create the VPX. By default IP is set by DHCP in Azure, but this can changed to static by using the new portal
And we have two options, one for VIP (Which is the external public IP address) and the Private IP internal address. You should change them both (VIP to Reserved) and Private range to static to be sure that the IP is static on the VPX in case of reboot and such.
Also be sure to add other endspoints if you for instance want to manage the VPX using HTTP/HTTPS, by default only SSH is added as an endpoint
After the provisioning is done you can now access the VPX using the public DNS address.
And voila!
Important to remember when setting up public services that you cannot use the following ports for external services
The following ports are reserved by the NetScaler virtual machine. You cannot define these as private ports when using the cloud service IP address for requests from the Internet.
Ports 21, 22, 80, 443, 8080, 67, 161, 179, 500, 520, 3003, 3008, 3009, 3010, 3011, 4001, 5061, 9000, 7000.