cns-203-3i-idg

Basic Administration for CitrixNetScaler 9.2 Instructor DeliveryGuide

Citrix Course CNS-203-3I

Basic Administration forCitrix NetScaler 9.2

Instructor Delivery GuideCitrix Course CNS-203-3I

July 2011Version 3.0

Table of ContentsModuleModule 1:1: DeliveryDelivery GuideGuide OverviewOverview ................................................................................................................................ 55Delivery Guide Overview ......................................................................................................... 7Module 1: Introductions and Courseware Overview ................................................................ 9Module 2: Introducing and Deploying Citrix NetScaler .......................................................... 10Module 3: Networking .......................................................................................................... 12Module 4: Configuring High Availability ................................................................................. 14Module 5: Securing the NetScaler System ............................................................................ 16Module 6: Configuring Load Balancing ................................................................................. 17Module 7: Configuring SSL Offload ....................................................................................... 19Module 8: Configuring Global Server Load Balancing ........................................................... 20Module 9: Using AppExpert Classic to Optimize Traffic ........................................................ 21Module 10: Using AppExpert for Responder, Rewrite, and URL Transform .......................... 22Module 11: Using AppExpert for Content Switching ............................................................. 24Module 12: Using AppExpert Advance to Optimize Traffic .................................................... 26Module 13: Management ...................................................................................................... 28Citrix NetScaler 9.3 Features ................................................................................................ 29

© Copyright 2011 Citrix Systems, Inc. 3

Release Notes: July 2011 Version 3.0The 3.0 version of the CNS-203-3I course has had several improvements, including:

• Updates to the style in the student manual and lab guide.• Clarifications and enhancements to the steps in the following labs:

• Configuring High Availability• Securing the NetScaler System• Configuring Load Balancing• Configuring Global Server Load Balancing• Configuring Rewrite, Responder, and URL Transformation

• Grammar and syntax corrections in both the student manual and lab guide.

Module 1

Delivery Guide Overview

6 © Copyright 2011 Citrix Systems, Inc.

Delivery Guide Overview

Description

This delivery guide contains advice and suggestions for delivering CNS-203-2I Basic Administrationfor Citrix NetScaler 9.2.

Included in the delivery guide are:

• Module Timings• Suggestions for overcoming problems encountered in exercises

Definitions

Practices provide students with a chance to test their understanding of theinformation presented in the lesson. Additionally, practices allowstudents to break out of the listening mode, think critically andinteract with fellow students.

Demonstrations provide students with an opportunity to see how tasks areaccomplished using the product.

Exercises provide students with hands-on practice using the product. Eachexercise includes a scenario and step-by-step instructions forcompleting the exercise. For the best learning experience, studentsshould attempt to complete the exercises using the information inthe scenario. Students should only use the step-by-step instructionsis they need additional help.

Reviews provide students with a chance to test their understanding of theinformation presented in the lesson. Reviews are at the end of eachmodule to give the instructor a chance to reinforce the previouslycovered topics with the students.

Overview

It is strongly recommended that you place exercises and reviews in the proper perspective beforestudents attempt them. Allow students to attempt the exercises on their own before relying on thestep-by-step instructions.

© Copyright 2011 Citrix Systems, Inc. Module 1: Delivery Guide Overview 7

Set exercise expectations accordingly and watch for student errors. If several students are makingthe same mistakes, reinforce the correct concepts to the entire class.

Reinforce the types of answers that you would like to receive for reviews, and guide the students ina collaborative effort to discuss the given answers as well as additional answers. Be watchful oftiming to ensure that reviews do not take more than five minutes to complete.

New In This Course

Instructors should take note and familiarize themselves with the following new organization ofcontent included in this course.

Instructor Slides

The instructor PowerPoint slides are available for download on MyCitrix.com. Review these notesprior to teaching the class.

Online Student Resources

Make sure students are aware of the Online Student Resources, and that they can access theresources by following the steps on the Citrix eLearning Voucher page, which is located on the lastpage of the courseware.

8 Module 1: Delivery Guide Overview © Copyright 2011 Citrix Systems, Inc.

Module 1: Introductions and CoursewareOverview

Time to Teach

Module: 45 minutes

Exercises: No exercises

Overview

This module provides students with background information about an environment containingCitrix NetScaler 9.2.

Before proceeding with the topics in this module, make sure the students understand the objectivesfor Module 2.

Key Points

• Do not spend too much time reviewing the components. Additional information will bepresented for many components later in the course.

• Emphasize the references to materials outside the course as they are a good source of detailedinformation for the student.


Module 2: Introducing and Deploying CitrixNetScaler

Time to Teach

Module: 1 hour minutes

Exercises: 1

Total Time: 5 minutes

Overview

This module provides students with information about Citrix NetScaler 9.2. The module discusseshow Citrix NetScaler optimizes the delivery of internal- and external-facing web applications,accelerating performance, improving availability and increasing security. This approach ensures thebest total cost of ownership, security, availability and performance for web applications.


Key Points

• Introduce the Citrix NetScaler, including content switching and load-balancing.• Identify network placement options for the NetScaler system when planning a deployment:

one-arm, two-arm and in-line mode• Discuss the deployment scenarios for deployment: Flex-tenancy, displacement and new

technology.• Describe the key feature sets of the NetScaler system:

• Lower cost of ownership• Application acceleration• Application security• Application availability• Simple manageability• Web 2.0

• Discuss NetScaler product editions, hardware platforms and hardware components. Referencethe Instructor PowerPoint slides for hardware platform specifications.

• Discuss the NetScaler architecture. Reference the Instructor PowerPoint Slides for graphicalrepresentation of the NetScaler architecture.


Exercise Notes

• New in 9.2: removal of the license update exercise.• For more information, see the Classroom Setup Guide


Module 3: Networking

Time to Teach

Module: 2 hours minutes

Exercises: 1


Overview

This module discusses how networking works on the NetScaler system, as well as how the NetScalersystem is fundamentally different from other devices.


Key Points

• Introduce NetScaler networking including:• Connection separation• Basic NetScaler system networking rules• Multiplexing

• Describe the difference between the following IP address types:• NetScaler IP address• Subnet IP address• Mapped IP address• Virtual IP address

• Discuss the different type of NetScaler modes and how to some of the different modes.• Describe inbound network translation and reverse network address translation. Refer to the

courseware manual and PowerPoint slides for an example RNAT example.• Discuss virtual local area networks and tagging, the functionality of VLANs with NetScaler

VPX and how to configure VLANs in the Configuration Utility and command-line interface.• Discuss how to configure LACP manually, and how to configure Link aggregation with LACP• Mention dynamic routing support and Route Health Injection (RHI)• Explain internet control message protocol (ICMP) and PathMTU. Refer to the PowerPoint

slide for an animation which provides an overview of PathMTU.


Exercise Notes

• The steps in this lab are required for the NetScaler system to reach any back-end resources.Misconfigurations here will naturally impact later labs.

• For more information, see the Classroom Setup Guide

Common Issues

Later exercises call for rebooting the NetScaler system. Doing so will reset the system to the lastsaved state. If the student did not save his or her configuration, the NetScaler system will be reset tothe original state (prior to this lab) and will have lost basic connectivity to back-end resources.

It is recommended to save the configuration after having successfully completed this lab.


Module 4: Configuring High Availability

Time to Teach

Module: 1 hour and 30 minutes

Exercises: 1


Overview

This module discusses the deployment of two NetScaler systems in an environment as a highavailability pair. A high availability pair ensures that the NetScaler-provided services are alwaysavailable even if one system fails.


Key Points

• Describe high availability functionality.• Describe the process for configuring a high availability node:

• Pre-configuration checklist• Virtual media access control address• Primary and secondary nodes configuration procedure• High availability status verification• Master status verification on the NetScaler system

• Discuss propagation and synchronization including:• Command propagation verification in the Configuration Utility and the command-line

interface• Command propagation disablement• Automatic configuration synchronization• Forced synchronization using the Configuration Utility and the command-line interface• File synchronization• Forced failover using the Configuration Utility and the command-line interface

• Describe how to enable management access in the command-line interface.• Describe secure system communication• Explain how to upgrade a high availability pair


Exercise Notes

• This exercise requires students to partner up.• The configurations done during this exercises must be undone to proceed to later labs.• For more information, see the Classroom Setup Guide

Common Issues

If students do not undo their HA configuration, they will proceed into later labs as a highavailability pair and will likely encounter problems.


Module 5: Securing the NetScaler System

Time to Teach


Exercises: 1


Overview

This module provides students with background information about Securing NetScalercommunications with ACLs.


Key Points

• Do not spend too much time reviewing the components. Additional information will bepresented for many components later in the course.

• Emphasize the references to materials outside the course as they are a good source of detailedinformation for the student.

Exercise Notes

• The exercise for this module covers external authentication to the NetScaler. Not ACLs.• This exercise may be treated as optional.• For more information, see the Classroom Setup Guide

Common Issues

Students sometimes encounter problems with the LDAP configuration. All required information isprovided for them in the Before You Begin section of the exercise workbook.


Module 6: Configuring Load Balancing

Time to Teach

Module: 2 hours and 15 minutes

Exercises: 4


Overview

This module provides students with information on how load balancing allows the NetScaclersystem to distribute client requests across multiple servers to optimize resource utilization. Loadbalancing improves server fault tolerance and user response times.

Key Points

• Describe the following entities and how to add each in the Configuration Utility andcommand-line interface:• Servers• Services• Virtual servers• monitors

• Discuss load-balancing traffic types• Describe service monitoring

• Point out the type of monitors• Describe default monitors• Describe the PING-default monitor• Identify service dependency monitors• Identify monitor parameters• Describe the HTTP monitoring process and monitor parameters• Describe the load balancing process• Explain how to configure service weights in the Configuration Utility and command-line

interface• Describe the different types of session persistence• Describe load balancing options: spillover, connection-based and bandwidth-based,

dynamic spillover


• Explain how to configure load balancing options in the Configuration Utility and thecommand-line interface

• Discuss link load balancing• Discuss service and virtual server management

Exercise Notes

• New to 9.2: Exercise 6-3 (RADIUS Load Balancing).• Exercise 6-4 (RTSP Load Balancing) is optional.• For more information, see the Classroom Setup Guide

Common Issues

Exercise 6-3 uses various similar credentials that may confuse students.

RadLogin.exe Client Username: student, Password: Password1

RADIUS Server Username: any, Password: Password1

Authentication to the RADIUS server is based on request IP and pass phrase. In this case, the IP isthe SNIP assigned to the student (the request originates from the front-end workstation, but isproxied through the NetScaler system. The RADIUS server sees the connection coming from theNetScaler's back-end IP).

Therefore, the username used in the request is irrelevant to the RADIUS server. In fact, theusername is only used by the NetScaler system for determining Load Balancing persistence.


Module 7: Configuring SSL Offload

Time to Teach

Module: 1 hour

Exercises: 1


Overview

This module contains information about how the SSL Offload feature of the NetScaler systemtransparently handles the CPU-intensive SSL encryption and decryption process, allowing the webservers to dedicate more processing power to content requests. The SSL Offload feature increasesthe performance of web sites that carry out SSL transactions.


Key Points

• Describe SSL and important SSL concepts• Describe SSL Offload and how it is configured• Describe the SSL session process• Describe SSL keys, certificate signing requests, certificates• Explain how to create a certkey pair on the NetScaler system• Define SSL deployment scenarios• Explain how to configure SSL Offload

Exercise Notes



Module 8: Configuring Global Server LoadBalancing

Time to Teach

Module: 2 hours

Exercises: 1


Overview

This module discusses how the Global Server Load Balancing feature ensures that client requestsare directed to the best performing site available in a global enterprise or Internet environment.GSLB enables the NetScaler system to make intelligent traffic decisions based on server availability,and prevents client requests from being directed to sites which are not available.


Key Points

• Describe GSLB architecture and explain the GSLB conversation process.• Describe Metric Exchange Protocol (MEP) and how to disable it from the command-line

interface.• Discuss GSLB monitoring• Describe how the NetScaler system can be configured to respond to DNS queries• Discuss DNS proxy configuration• Discuss GSLB DNS methods• Describe GSLB configurations: Traditional GSLB and Proximity-based GSLB• Describe how to implement GSLB failover for disaster recovery• Describe the GSLB entity relationship

Exercise Notes

• This exercise requires students to partner up.• The configurations done during this exercises must be undone to proceed to later labs.• For more information, see the Classroom Setup Guide


Module 9: Using AppExpert Classic toOptimize Traffic

Time to Teach


Exercises: 2


Overview

This module provides an overview of the classic policy expression engine and syntax, as well as howto configure classic policy expressions for content filtering and compression.


Key Points

• Describe classic policies• Identify basic policy components• Discuss policy bindings and policy priorities• Describe HTTP request and response headers• Define expressions, and explain how to view expressions in the Configuration Utility and in the

command-line interface• Identify and define available qualifiers for HTTP and non-HTTP traffic• Identify and define available operators• Define a simple and compound expression• Go over examples of simple and compound expressions• Describe content filtering actions and rules• Define compressions• Discuss the compression process and considerations• Discuss compression responses, parameters, policies and actions

Exercise Notes



Module 10: Using AppExpert for Responder,Rewrite, and URL Transform

Time to Teach

Module: 2 hours

Exercises: 6


Overview

This module discusses how the Rewrite feature, often called URL rewrite, modifies the headersection of an HTTP request or response. The responder feature, which is used to generate responsesfrom the NetScaler system to the client, eliminates the need to send some responses to the serverfor processing. the URL Transformation feature identifies URL patterns in HTML pages andmodifies them to a different form by translating URLs from their external appearance to an internalresource.


Key Points

• Describe rewrite, responder and URL transformation• Describe the processes for rewrite, responder and URL transformation• Explain how to configure and write rewrite and responder policies• Explain how to:

• Insert and replace HTTP headers• Delete HTTP headers• Delete request content• Replace response content

• Explain how to add a rewrite policy, and how to bind the policy in the Configuration Utilityand command-line interface

• Identify arguments when adding a responder action• Describe responder redirect action• Explain how to add a responder action• Describe RespondWith and how to add this responder in the command-line interface• Describe built in responder actions


• Explain how to add a responder policy, and bind the policy in the Configuration Utility andcommand-line interface

• Describe URL Transformation feature, and how to configure this feature

Exercise Notes

• There are many exercices in this module. You may want to break up the module lecture withexercises.



Module 11: Using AppExpert for ContentSwitching

Time to Teach

Module: 1 hour

Exercises: 1


Overview

This module discusses how content switching provides the ability to direct traffic.

This module discusses how content switching provides the ability to direct traffic and clientrequests to back-end services based on an aspect of the request beyond the IP/port pair. Contentswitching allows the design of a complex internal system to appear to the public behind a single IPaddress. As clients connect to and request data from a single address, the NetScaler systemexamines the type of connection and sends it to the appropriate back-end service.

The NetScaler system diverts the application requests transparently to the client and the application,allowing the application to be managed separately from the hosting site.

Content switching allows the NetScaler system to direct traffic to servers on the basis of the contentthat the user is attempting to access. Content switching involves configuring load-balancing servers,services, virtual servers and content-switching policies.

Before proceeding with the topics in this module, make sure students understand the objectives forModule 10.

Key Points

• Describe content switching.• Explain how to configure content switching• Describe content-switching virtual servers• Explain how to configure content-switching virtual servers in the Configuration Utility and in

the command-line interface.• Walk through rule-based policy examples• Describe unmatched traffic handling


Exercise Notes



Module 12: Using AppExpert Advance toOptimize Traffic

Time to Teach

Module: 1 hour

Exercises: 1


Overview

This module discusses how the Integrated Caching feature of the NetScaler system helps optimizethe delivery of web content and application, as well as how the NetScaler compression featureprovides a transparent way to increase the performance of web sites with compressible content.

By default, integrated caching is HTTP/1.1 and HTTP/1.0 compliant. It can store a variety of staticand dynamic content and serve content instantly to a large number of users.

Caching of content reduces the number of web server transactions. Caching of dynamic contentreduces the latency and the computation cost associated with the dynamic page generation process.In addition, caching at the edge of a network deployment results in the significant reduction ofpage download time and bandwidth usage.

The NetScaler system compresses HTTP responses for browsers that are compression aware, thusimproving the performance of web sites with compressible content. By implementing losslesscompression, the NetScaler system reduces the number of packets of data transmitted, thusreducing both download time and bandwidth usage for users. In lossless compression, the exactoriginal data is reconstructed from the compressed data.


Key Points

• Define compression policies• Identify and define compression actions.• Enable compression and add a compression policy• Go over the offerings of integrated caching• Describe a reverse proxy cache configuration• Describe content groups and cache selectors• Describe static and dynamic content


• Discuss the process flow from the request side, and from the response side• Discuss cache policies and cache expressions• Explain how to add user-defined policies in the command-line interface• Identify and define the options for binding cache policies• Describe built-in policies• Explain how to implement graceful changes to the integrated cache• Describe the DEFAULT and ALL content groups• Explain how to change an existing content group and how to configure the expiry method in

the command-line interface• Describe FlashCache and how to enable FlashCache in the command-line interface• Explain how to configure, remove and view a cache policy• Configure cache expiration and cache flush• Describe the application pane, and point out application units.• Explain the methodology behind deploying a NetScaler configuration for an application• Go over AppExpert template deployment guides and deployment examples• Import an AppExpert template• Create an application and application units• Discuss policy-based parameters and configuration

Exercise Notes



Module 13: Management

Time to Teach

Module: 1 hour

Exercises: 2


Overview

This module discusses how the NetScaler system can be monitored with Simple NetworkManagement Protocol (SNMP), the Dashboard and the Monitoring tool, and how the NetScalersystem supports syslog and nslog auditing, log access and management.


Key Points

• Review Simple Network Management Protocol (SNMP)• Describe the following SNMPv1 and SNMPv2 components• Explain the SNMPv1 and SNMPv2 communication process• Explain how to configure SNMP component• Discuss the dashboard, and its components and features• Explain how to navigate the dashboard• Explain how to display a built-in report and custom report• Describe the syslog and nslog logging formats• Explain how to add and configure an auditing server in the Configuration Utility and in the

command-line interface• Explain how to bind and unbind an auditing policy globally in the Configuration Utility and in

the command-line interface• Explain how to replace a high availability node and perform and upgrade• Discuss how to capture network traffic using NSTCPDUMP and NSTRACE

Exercise Notes



Citrix NetScaler 9.3 Features

Time to Teach

Slide Deck: 35 minutes

Overview

This slide deck discusses the new NetScaler 9.3 features.

Key Points

• Describe XenApp and XenDesktop enhancements.• Describe the NetScaler SDX platforms.• Explain how AppFlow provides visibility to application behavior, performance, and security.• Describe how to load balance Branch Repeaters, RDP connections, and SQL services.• Explain how OpenCloud Bridge mitigates risk by having an application appear as part of an

enterprise network at the packet level.• Discuss OpenCloud Access as a single sign-on solution.• Describe the security enhancements for Citrix Application Firewall and DNS Security

Extensions.• Mention that more information on the NetScaler 9.3 features and simulations on three of the

features (Branch Repeater load balancing, RDP load balancing, and Database load balancing)can be found in the CNS-101-1W Citrix NetScaler Overview course.


30 © Copyright 2011 Citrix Systems, Inc.

851 West Cypress Creek Road Fort Lauderdale, FL 33309 USA (954) 267 3000 www.citrix.com

Rheinweg 9 8200 Schaffhausen Switzerland +41 (0) 52 63577 00 www.citrix.com

© Copyright 2011 Citrix Systems, Inc. All rights reserved.

Date post:	28-Dec-2015
Category:	Documents
Upload:	nele-van-landeghem
View:	26 times
Download:	0 times

cns-203-3i-idg

Documents