Basic Administration for Citrix

NetScaler 9.2 Instructor Delivery

Guide

Citrix Course CNS-203-3I

 Basic Administration for
Citrix NetScaler 9.2
Instructor Delivery Guide
Citrix Course CNS-203-3I
July 2011
Version 3.0
Table of Contents
Module 1: Delivery Guide Overview ................................................................ 5
Delivery Guide Overview ......................................................................................................... 7
Module 1: Introductions and Courseware Overview ................................................................ 9
Module 2: Introducing and Deploying Citrix NetScaler .......................................................... 10
Module 3: Networking .......................................................................................................... 12
Module 4: Configuring High Availability ................................................................................. 14
Module 5: Securing the NetScaler System ............................................................................ 16
Module 6: Configuring Load Balancing ................................................................................. 17
Module 7: Configuring SSL Offload ....................................................................................... 19
Module 8: Configuring Global Server Load Balancing ........................................................... 20
Module 9: Using AppExpert Classic to Optimize Traffic ........................................................ 21
Module 10: Using AppExpert for Responder, Rewrite, and URL Transform .......................... 22
Module 11: Using AppExpert for Content Switching ............................................................. 24
Module 12: Using AppExpert Advance to Optimize Traffic .................................................... 26
Module 13: Management ...................................................................................................... 28
Citrix NetScaler 9.3 Features ................................................................................................ 29

Copyright 2011 Citrix Systems, Inc. 3

Release Notes: July 2011 Version 3.0
The 3.0 version of the CNS-203-3I course has had several improvements, including:
Updates to the style in the student manual and lab guide.
Clarifications and enhancements to the steps in the following labs:
Configuring High Availability
Securing the NetScaler System
Configuring Load Balancing
Configuring Global Server Load Balancing
Configuring Rewrite, Responder, and URL Transformation
Grammar and syntax corrections in both the student manual and lab guide.
Module 1

Delivery Guide Overview

6 Copyright 2011 Citrix Systems, Inc.
Delivery Guide Overview
Description
This delivery guide contains advice and suggestions for delivering CNS-203-2I Basic Administration
for Citrix NetScaler 9.2.
Included in the delivery guide are:
Module Timings
Suggestions for overcoming problems encountered in exercises

Definitions

Practices provide students with a chance to test their understanding of the

information presented in the lesson. Additionally, practices allow
students to break out of the listening mode, think critically and
interact with fellow students.

Demonstrations provide students with an opportunity to see how tasks are

accomplished using the product.

Exercises provide students with hands-on practice using the product. Each
exercise includes a scenario and step-by-step instructions for
completing the exercise. For the best learning experience, students
should attempt to complete the exercises using the information in
the scenario. Students should only use the step-by-step instructions
is they need additional help.

Reviews provide students with a chance to test their understanding of the

information presented in the lesson. Reviews are at the end of each
module to give the instructor a chance to reinforce the previously
covered topics with the students.

Overview
It is strongly recommended that you place exercises and reviews in the proper perspective before
students attempt them. Allow students to attempt the exercises on their own before relying on the
step-by-step instructions.

Copyright 2011 Citrix Systems, Inc. Module 1: Delivery Guide Overview 7

Set exercise expectations accordingly and watch for student errors. If several students are making
the same mistakes, reinforce the correct concepts to the entire class.
Reinforce the types of answers that you would like to receive for reviews, and guide the students in
a collaborative effort to discuss the given answers as well as additional answers. Be watchful of
timing to ensure that reviews do not take more than five minutes to complete.

New In This Course

Instructors should take note and familiarize themselves with the following new organization of
content included in this course.

Instructor Slides
The instructor PowerPoint slides are available for download on MyCitrix.com. Review these notes
prior to teaching the class.

Online Student Resources

Make sure students are aware of the Online Student Resources, and that they can access the
resources by following the steps on the Citrix eLearning Voucher page, which is located on the last
page of the courseware.

8 Module 1: Delivery Guide Overview Copyright 2011 Citrix Systems, Inc.

Module 1: Introductions and Courseware
Overview
Time to Teach
Module: 45 minutes
Exercises: No exercises

Overview
This module provides students with background information about an environment containing
Citrix NetScaler 9.2.
Before proceeding with the topics in this module, make sure the students understand the objectives
for Module 2.

Key Points
Do not spend too much time reviewing the components. Additional information will be
presented for many components later in the course.
Emphasize the references to materials outside the course as they are a good source of detailed
information for the student.

Copyright 2011 Citrix Systems, Inc. Module 1: Delivery Guide Overview 9

Module 2: Introducing and Deploying Citrix
NetScaler
Time to Teach
Module: 1 hour minutes
Exercises: 1
Total Time: 5 minutes

Overview
This module provides students with information about Citrix NetScaler 9.2. The module discusses
how Citrix NetScaler optimizes the delivery of internal- and external-facing web applications,
accelerating performance, improving availability and increasing security. This approach ensures the
best total cost of ownership, security, availability and performance for web applications.
Before proceeding with the topics in this module, make sure the students understand the objectives
for Module 2.

Key Points
Introduce the Citrix NetScaler, including content switching and load-balancing.
Identify network placement options for the NetScaler system when planning a deployment:
one-arm, two-arm and in-line mode
Discuss the deployment scenarios for deployment: Flex-tenancy, displacement and new
technology.
Describe the key feature sets of the NetScaler system:
Lower cost of ownership
Application acceleration
Application security
Application availability
Simple manageability
Web 2.0
Discuss NetScaler product editions, hardware platforms and hardware components. Reference
the Instructor PowerPoint slides for hardware platform specifications.
Discuss the NetScaler architecture. Reference the Instructor PowerPoint Slides for graphical
representation of the NetScaler architecture.

10 Module 1: Delivery Guide Overview Copyright 2011 Citrix Systems, Inc.

Exercise Notes
New in 9.2: removal of the license update exercise.
For more information, see the Classroom Setup Guide

Copyright 2011 Citrix Systems, Inc. Module 1: Delivery Guide Overview 11

Module 3: Networking
Time to Teach
Module: 2 hours minutes
Exercises: 1
Total Time: 25 minutes

Overview
This module discusses how networking works on the NetScaler system, as well as how the NetScaler
system is fundamentally different from other devices.
Before proceeding with the topics in this module, make sure the students understand the objectives
for Module 4.

Key Points
Introduce NetScaler networking including:
Connection separation
Basic NetScaler system networking rules
Multiplexing
Describe the difference between the following IP address types:
NetScaler IP address
Subnet IP address
Mapped IP address
Virtual IP address
Discuss the different type of NetScaler modes and how to some of the different modes.
Describe inbound network translation and reverse network address translation. Refer to the
courseware manual and PowerPoint slides for an example RNAT example.
Discuss virtual local area networks and tagging, the functionality of VLANs with NetScaler
VPX and how to configure VLANs in the Configuration Utility and command-line interface.
Discuss how to configure LACP manually, and how to configure Link aggregation with LACP
Mention dynamic routing support and Route Health Injection (RHI)
Explain internet control message protocol (ICMP) and PathMTU. Refer to the PowerPoint
slide for an animation which provides an overview of PathMTU.

12 Module 1: Delivery Guide Overview Copyright 2011 Citrix Systems, Inc.

Exercise Notes
The steps in this lab are required for the NetScaler system to reach any back-end resources.
Misconfigurations here will naturally impact later labs.
For more information, see the Classroom Setup Guide

Common Issues
Later exercises call for rebooting the NetScaler system. Doing so will reset the system to the last
saved state. If the student did not save his or her configuration, the NetScaler system will be reset to
the original state (prior to this lab) and will have lost basic connectivity to back-end resources.
It is recommended to save the configuration after having successfully completed this lab.

Copyright 2011 Citrix Systems, Inc. Module 1: Delivery Guide Overview 13

Module 4: Configuring High Availability
Time to Teach
Module: 1 hour and 30 minutes
Exercises: 1
Total Time: 25 minutes

Overview
This module discusses the deployment of two NetScaler systems in an environment as a high
availability pair. A high availability pair ensures that the NetScaler-provided services are always
available even if one system fails.
Before proceeding with the topics in this module, make sure the students understand the objectives
for Module 5.

Key Points
Describe high availability functionality.
Describe the process for configuring a high availability node:
Pre-configuration checklist
Virtual media access control address
Primary and secondary nodes configuration procedure
High availability status verification
Master status verification on the NetScaler system
Discuss propagation and synchronization including:
Command propagation verification in the Configuration Utility and the command-line
interface
Command propagation disablement
Automatic configuration synchronization
Forced synchronization using the Configuration Utility and the command-line interface
File synchronization
Forced failover using the Configuration Utility and the command-line interface
Describe how to enable management access in the command-line interface.
Describe secure system communication
Explain how to upgrade a high availability pair

14 Module 1: Delivery Guide Overview Copyright 2011 Citrix Systems, Inc.

Exercise Notes
This exercise requires students to partner up.
The configurations done during this exercises must be undone to proceed to later labs.
For more information, see the Classroom Setup Guide

Common Issues
If students do not undo their HA configuration, they will proceed into later labs as a high
availability pair and will likely encounter problems.

Copyright 2011 Citrix Systems, Inc. Module 1: Delivery Guide Overview 15

Module 5: Securing the NetScaler System
Time to Teach
Module: 1 hour and 30 minutes
Exercises: 1
Total Time: 15 minutes

Overview
This module provides students with background information about Securing NetScaler
communications with ACLs.
Before proceeding with the topics in this module, make sure the students understand the objectives
for Module 5.

Key Points
Do not spend too much time reviewing the components. Additional information will be
presented for many components later in the course.
Emphasize the references to materials outside the course as they are a good source of detailed
information for the student.

Exercise Notes
The exercise for this module covers external authentication to the NetScaler. Not ACLs.
This exercise may be treated as optional.
For more information, see the Classroom Setup Guide

Common Issues
Students sometimes encounter problems with the LDAP configuration. All required information is
provided for them in the Before You Begin section of the exercise workbook.

16 Module 1: Delivery Guide Overview Copyright 2011 Citrix Systems, Inc.

Module 6: Configuring Load Balancing
Time to Teach
Module: 2 hours and 15 minutes
Exercises: 4
Total Time: 45 minutes

Overview
This module provides students with information on how load balancing allows the NetScacler
system to distribute client requests across multiple servers to optimize resource utilization. Load
balancing improves server fault tolerance and user response times.

Key Points
Describe the following entities and how to add each in the Configuration Utility and
command-line interface:
Servers
Services
Virtual servers
monitors
Discuss load-balancing traffic types
Describe service monitoring
Point out the type of monitors
Describe default monitors
Describe the PING-default monitor
Identify service dependency monitors
Identify monitor parameters
Describe the HTTP monitoring process and monitor parameters
Describe the load balancing process
Explain how to configure service weights in the Configuration Utility and command-line
interface
Describe the different types of session persistence
Describe load balancing options: spillover, connection-based and bandwidth-based,
dynamic spillover

Copyright 2011 Citrix Systems, Inc. Module 1: Delivery Guide Overview 17

 Explain how to configure load balancing options in the Configuration Utility and the
command-line interface
Discuss link load balancing
Discuss service and virtual server management

Exercise Notes
New to 9.2: Exercise 6-3 (RADIUS Load Balancing).
Exercise 6-4 (RTSP Load Balancing) is optional.
For more information, see the Classroom Setup Guide

Common Issues
Exercise 6-3 uses various similar credentials that may confuse students.

RadLogin.exe Client Username: student, Password: Password1

RADIUS Server Username: any, Password: Password1

Authentication to the RADIUS server is based on request IP and pass phrase. In this case, the IP is
the SNIP assigned to the student (the request originates from the front-end workstation, but is
proxied through the NetScaler system. The RADIUS server sees the connection coming from the
NetScaler's back-end IP).
Therefore, the username used in the request is irrelevant to the RADIUS server. In fact, the
username is only used by the NetScaler system for determining Load Balancing persistence.

18 Module 1: Delivery Guide Overview Copyright 2011 Citrix Systems, Inc.

Module 7: Configuring SSL Offload
Time to Teach
Module: 1 hour
Exercises: 1
Total Time: 20 minutes

Overview
This module contains information about how the SSL Offload feature of the NetScaler system
transparently handles the CPU-intensive SSL encryption and decryption process, allowing the web
servers to dedicate more processing power to content requests. The SSL Offload feature increases
the performance of web sites that carry out SSL transactions.
Before proceeding with the topics in this module, make sure the students understand the objectives
for Module 7.

Key Points
Describe SSL and important SSL concepts
Describe SSL Offload and how it is configured
Describe the SSL session process
Describe SSL keys, certificate signing requests, certificates
Explain how to create a certkey pair on the NetScaler system
Define SSL deployment scenarios
Explain how to configure SSL Offload

Exercise Notes
For more information, see the Classroom Setup Guide

Copyright 2011 Citrix Systems, Inc. Module 1: Delivery Guide Overview 19

Module 8: Configuring Global Server Load
Balancing
Time to Teach
Module: 2 hours
Exercises: 1
Total Time: 50 minutes

Overview
This module discusses how the Global Server Load Balancing feature ensures that client requests
are directed to the best performing site available in a global enterprise or Internet environment.
GSLB enables the NetScaler system to make intelligent traffic decisions based on server availability,
and prevents client requests from being directed to sites which are not available.
Before proceeding with the topics in this module, make sure the students understand the objectives
for Module 8.

Key Points
Describe GSLB architecture and explain the GSLB conversation process.
Describe Metric Exchange Protocol (MEP) and how to disable it from the command-line
interface.
Discuss GSLB monitoring
Describe how the NetScaler system can be configured to respond to DNS queries
Discuss DNS proxy configuration
Discuss GSLB DNS methods
Describe GSLB configurations: Traditional GSLB and Proximity-based GSLB
Describe how to implement GSLB failover for disaster recovery
Describe the GSLB entity relationship

Exercise Notes
This exercise requires students to partner up.
The configurations done during this exercises must be undone to proceed to later labs.
For more information, see the Classroom Setup Guide

20 Module 1: Delivery Guide Overview Copyright 2011 Citrix Systems, Inc.

Module 9: Using AppExpert Classic to
Optimize Traffic
Time to Teach
Module: 1 hour and 30 minutes
Exercises: 2
Total Time: 30 minutes

Overview
This module provides an overview of the classic policy expression engine and syntax, as well as how
to configure classic policy expressions for content filtering and compression.
Before proceeding with the topics in this module, make sure the students understand the objectives
for Module 9.

Key Points
Describe classic policies
Identify basic policy components
Discuss policy bindings and policy priorities
Describe HTTP request and response headers
Define expressions, and explain how to view expressions in the Configuration Utility and in the
command-line interface
Identify and define available qualifiers for HTTP and non-HTTP traffic
Identify and define available operators
Define a simple and compound expression
Go over examples of simple and compound expressions
Describe content filtering actions and rules
Define compressions
Discuss the compression process and considerations
Discuss compression responses, parameters, policies and actions

Exercise Notes
For more information, see the Classroom Setup Guide

Copyright 2011 Citrix Systems, Inc. Module 1: Delivery Guide Overview 21

Module 10: Using AppExpert for Responder,
Rewrite, and URL Transform
Time to Teach
Module: 2 hours
Exercises: 6
Total Time: 75 minutes

Overview
This module discusses how the Rewrite feature, often called URL rewrite, modifies the header
section of an HTTP request or response. The responder feature, which is used to generate responses
from the NetScaler system to the client, eliminates the need to send some responses to the server
for processing. the URL Transformation feature identifies URL patterns in HTML pages and
modifies them to a different form by translating URLs from their external appearance to an internal
resource.
Before proceeding with the topics in this module, make sure the students understand the objectives
for Module 10.

Key Points
Describe rewrite, responder and URL transformation
Describe the processes for rewrite, responder and URL transformation
Explain how to configure and write rewrite and responder policies
Explain how to:
Insert and replace HTTP headers
Delete HTTP headers
Delete request content
Replace response content
Explain how to add a rewrite policy, and how to bind the policy in the Configuration Utility
and command-line interface
Identify arguments when adding a responder action
Describe responder redirect action
Explain how to add a responder action
Describe RespondWith and how to add this responder in the command-line interface
Describe built in responder actions

22 Module 1: Delivery Guide Overview Copyright 2011 Citrix Systems, Inc.

 Explain how to add a responder policy, and bind the policy in the Configuration Utility and
command-line interface
Describe URL Transformation feature, and how to configure this feature

Exercise Notes
There are many exercices in this module. You may want to break up the module lecture with
exercises.
For more information, see the Classroom Setup Guide

Copyright 2011 Citrix Systems, Inc. Module 1: Delivery Guide Overview 23

Module 11: Using AppExpert for Content
Switching
Time to Teach
Module: 1 hour
Exercises: 1
Total Time: 20 minutes

Overview
This module discusses how content switching provides the ability to direct traffic.
This module discusses how content switching provides the ability to direct traffic and client
requests to back-end services based on an aspect of the request beyond the IP/port pair. Content
switching allows the design of a complex internal system to appear to the public behind a single IP
address. As clients connect to and request data from a single address, the NetScaler system
examines the type of connection and sends it to the appropriate back-end service.
The NetScaler system diverts the application requests transparently to the client and the application,
allowing the application to be managed separately from the hosting site.
Content switching allows the NetScaler system to direct traffic to servers on the basis of the content
that the user is attempting to access. Content switching involves configuring load-balancing servers,
services, virtual servers and content-switching policies.
Before proceeding with the topics in this module, make sure students understand the objectives for
Module 10.

Key Points
Describe content switching.
Explain how to configure content switching
Describe content-switching virtual servers
Explain how to configure content-switching virtual servers in the Configuration Utility and in
the command-line interface.
Walk through rule-based policy examples
Describe unmatched traffic handling

24 Module 1: Delivery Guide Overview Copyright 2011 Citrix Systems, Inc.

Exercise Notes
For more information, see the Classroom Setup Guide

Copyright 2011 Citrix Systems, Inc. Module 1: Delivery Guide Overview 25

Module 12: Using AppExpert Advance to
Optimize Traffic
Time to Teach
Module: 1 hour
Exercises: 1
Total Time: 20 minutes

Overview
This module discusses how the Integrated Caching feature of the NetScaler system helps optimize
the delivery of web content and application, as well as how the NetScaler compression feature
provides a transparent way to increase the performance of web sites with compressible content.
By default, integrated caching is HTTP/1.1 and HTTP/1.0 compliant. It can store a variety of static
and dynamic content and serve content instantly to a large number of users.
Caching of content reduces the number of web server transactions. Caching of dynamic content
reduces the latency and the computation cost associated with the dynamic page generation process.
In addition, caching at the edge of a network deployment results in the significant reduction of
page download time and bandwidth usage.
The NetScaler system compresses HTTP responses for browsers that are compression aware, thus
improving the performance of web sites with compressible content. By implementing lossless
compression, the NetScaler system reduces the number of packets of data transmitted, thus
reducing both download time and bandwidth usage for users. In lossless compression, the exact
original data is reconstructed from the compressed data.
Before proceeding with the topics in this module, make sure the students understand the objectives
for Module 12.

Key Points
Define compression policies
Identify and define compression actions.
Enable compression and add a compression policy
Go over the offerings of integrated caching
Describe a reverse proxy cache configuration
Describe content groups and cache selectors
Describe static and dynamic content

26 Module 1: Delivery Guide Overview Copyright 2011 Citrix Systems, Inc.

 Discuss the process flow from the request side, and from the response side
Discuss cache policies and cache expressions
Explain how to add user-defined policies in the command-line interface
Identify and define the options for binding cache policies
Describe built-in policies
Explain how to implement graceful changes to the integrated cache
Describe the DEFAULT and ALL content groups
Explain how to change an existing content group and how to configure the expiry method in
the command-line interface
Describe FlashCache and how to enable FlashCache in the command-line interface
Explain how to configure, remove and view a cache policy
Configure cache expiration and cache flush
Describe the application pane, and point out application units.
Explain the methodology behind deploying a NetScaler configuration for an application
Go over AppExpert template deployment guides and deployment examples
Import an AppExpert template
Create an application and application units
Discuss policy-based parameters and configuration

Exercise Notes
For more information, see the Classroom Setup Guide

Copyright 2011 Citrix Systems, Inc. Module 1: Delivery Guide Overview 27

Module 13: Management
Time to Teach
Module: 1 hour
Exercises: 2
Total Time: 30 minutes

Overview
This module discusses how the NetScaler system can be monitored with Simple Network
Management Protocol (SNMP), the Dashboard and the Monitoring tool, and how the NetScaler
system supports syslog and nslog auditing, log access and management.
Before proceeding with the topics in this module, make sure the students understand the objectives
for Module 13.

Key Points
Review Simple Network Management Protocol (SNMP)
Describe the following SNMPv1 and SNMPv2 components
Explain the SNMPv1 and SNMPv2 communication process
Explain how to configure SNMP component
Discuss the dashboard, and its components and features
Explain how to navigate the dashboard
Explain how to display a built-in report and custom report
Describe the syslog and nslog logging formats
Explain how to add and configure an auditing server in the Configuration Utility and in the
command-line interface
Explain how to bind and unbind an auditing policy globally in the Configuration Utility and in
the command-line interface
Explain how to replace a high availability node and perform and upgrade
Discuss how to capture network traffic using NSTCPDUMP and NSTRACE

Exercise Notes
For more information, see the Classroom Setup Guide

28 Module 1: Delivery Guide Overview Copyright 2011 Citrix Systems, Inc.

Citrix NetScaler 9.3 Features
Time to Teach
Slide Deck: 35 minutes

Overview
This slide deck discusses the new NetScaler 9.3 features.

Key Points
Describe XenApp and XenDesktop enhancements.
Describe the NetScaler SDX platforms.
Explain how AppFlow provides visibility to application behavior, performance, and security.
Describe how to load balance Branch Repeaters, RDP connections, and SQL services.
Explain how OpenCloud Bridge mitigates risk by having an application appear as part of an
enterprise network at the packet level.
Discuss OpenCloud Access as a single sign-on solution.
Describe the security enhancements for Citrix Application Firewall and DNS Security
Extensions.
Mention that more information on the NetScaler 9.3 features and simulations on three of the
features (Branch Repeater load balancing, RDP load balancing, and Database load balancing)
can be found in the CNS-101-1W Citrix NetScaler Overview course.

Copyright 2011 Citrix Systems, Inc. Module 1: Delivery Guide Overview 29

30 Copyright 2011 Citrix Systems, Inc.
851 West Cypress Creek Road Fort Lauderdale, FL 33309 USA (954) 267 3000 www.citrix.com
Rheinweg 9 8200 Schaffhausen Switzerland +41 (0) 52 63577 00 www.citrix.com
Copyright 2011 Citrix Systems, Inc. All rights reserved.