by Marius Sandbu, CTP, Norway CUGC
This blog post is a summary of the questions that we got during the two webinars that the Networking SIG has been hosting the last couple of weeks. For those that didn’t see their questions answered hopefully you get the answers you were looking here.
Can the deployment/configuration of NetScaler in Azure be scripted/automated via ARM/PowerShell?
Yes you can do that. You can create a ARM template to deploy NetScaler via the marketplace using ARM → an ARM example for that can be found here https://github.com/msandbu/azure and you can then do that with Azure Automation or just a script which triggers NITRO API do to the rest of the configuration settings. Be aware of that you need to do some changes in the NSG rules in Azure to allow Nitro API calls.
how to setup a DMZ setup on Azure for NetScaler Gateway with XA/XD
You can follow this guidelines from Citrix here → http://docs.citrix.com/en-us/netscaler/11/getting-started-with-vpx/deploy-vpx-on-azure.html
Should you use azure lb and then lb the services as well on the ns…services like sf, ldap, radius etc?
If you have a Netscaler license which allows you to do Load Balancing (standard license) I would highly recommend that you use the NetScaler for this purpose, it has much better monitoring capabilities compared to the ones available in the Azure load balancer, even though it can be used for this purpose.
Hi, there any performance advantage if we use NetScaler on office premises rather on Azure?
Yes you can because on on-premises infrastructure you have more access to the virtualization layer and can therefore much easier have access to more advanced capabilities such as SR-IOV, so for an on-premises deployment you can actually have a virtual appliance which supports up to 25 GBps, while in Azure only up to 3 GB VPX is supported.
NetScaler should it be one leg or one IP or Multiple IPs if used in ICA proxy mode and also LB services?
This is mostly dependant on what kind of network security model you want to use, the most common deployments I have been involved is typically a two leg approach where we have two subnets DMZ and intenral in Azure
Can you compare NS LB and Azure ILB
Azure LB (Load Balancer) is a free platform service which can do load balancing on Layer 4 in Azure, it can do load balancing externally or inside a virtual network. Azure Load Balancer be managed using ARM but has some limitations when it comes to flexibility and how it does monitoring.
Can we configure NS on Azure from NMAS is On-prem ?
Yes you can as long as the NMAS cna reach the NS using the management IP, the best approach is to have a VPN connection between on-premises and Azure.
With premium storage even if switched off do you still have to pay? – So it is not like deallocating a VM to save costs.
Yes, if you shutdown a virtual instance and it becomes in a deallocated state you will not need to pay for the virtual machine instance as long as it is in that state, but any other resource such as Storage you will still get billed for. But Compute cost is always the majority of the cost.
For NetScaler Gateway as a Service- is that hardware accelerated? Is there a cap of # of users practical or supported?
There is no limit to the amount of users on Netscaler Gateway as a service. This is an additional service running on the cloud connectors.As long as it has enough CPU and memory, but the current limitation is the overall bandwidth it can use which is up to 250 Mbps
In XenApp essential option so we don’t have to worry about Management Components
From a Citrix perspective, no. Citrix will manage all the Citrix resources, but in a XenApp Essentials deployment you will need to manage other resources in Azure such as your subscription and Active Directory on your own.
Hello, my question is related to Azure AD is flat structure and there is no group policy, is this correct?
Correct! in Azure AD there is no structure and no group policy there, the only type of configuration rules you might have there is attached to applications which might be added or if you are using Azure AD with Intune for policy management. But you have Azure AD Domain Services which provides us with AD capabilities and here we can have a OU structure and Group Policy
Sounds like for a 24×7 XenApp infrastructure with every 100+ servers running all day, not really able to shutdown a good number, that moving the entire infrastructure to the cloud would not be a great option over keeping on-prem with purchased hardware?
Great question! In most cases Public Clouds will not provide any cost savings compared to a fine tuned infrastructure for instance running some form of hyperconverged infrastructure.
Azure AD , can it be sync with local AD
Yes, when you use Azure AD connect you can sync your on-premises Active Directory
Does Smart Scale Deallocate or just shutdown?
It does an ARM shutdown, which means that machines will be shutdown and become deallocated (which means that Microsoft will no longer reserve hardware for that particular VM and therefore no longer bill you for that compute power.
Could you please explain what is CWC connector
CWC Connector (Cloud Connector) is a piece of software which you will need to install if you plan to install using Citrix Cloud. The Cloud Connector replaces you DDC in a Citrix Cloud deployment and will act as the communication layer between you VDA servers and Citrix Cloud. This is just some software running on a Windows Server.
Is OMS supported for on prem ?
Yes you can install OMS agents on on-premises sources such as Windows, Linux or plain syslog forwarding, but it also has specific Azure integrations.