Storefront 2.1 – Step by Step from install to secure (3/3)

This article is a part of a series of three where I describe the installation of 2 storefront servers, secured, load balanced and accessed from external network.

The Storefront servers installation is covered in the first article.

The second article covers the certificate creation on NetScaler.

Today, we will install an Access Gateway and a Lload balancer for our 2 Storefront servers.

2/3 Configure NetScaler for remote access

First, go to your NetScaler Console. Under Traffic Management / Load Balancing, choose Setup NetScaler for XenApp/XenDesktop. It will start a Wizard.

AGEEBlog1

Select Single Hop.

AGEEBlog2

Choose Storefront as Integration Point.

AGEEBlog3

For The Gateway enter:

  • Name: I like to name it as the external fqdn.
  • an IP address: accessible from the Internet.
  • Check the Redirect requests from 80 to secure port. So, your users won’t have to type HTTPS:// in their browser.
  • The Gateway fqdn: this is the fqdn for which you have installed the certificate the step before.

AGEEBlog4

Choose the certificate you’ve imported before (see previous article).

AGEEBlog5

In the next screen, you’ll be prompted to enter authentication parameters. (Screen shot missing).

Then, Enter Storefront parameters:

StoreFront FQDN: your internal Storefront fqdn.

Site Path: (see your storefront console) something like “/Citrix/storeNameWeb”

PNAgent Site Path: (see your storefront console) something like “/Citrix/storeName/PNAgent/config.xml”. Only if you have activated the legacy PNAgent support in your Storefront installation.

Single Sign-On Domain: your internal domain name.

Store Name: Storefront store name.

Secure Ticket Authority: I recommend to enter th address of two XenApp/XenDesktop Controlers.

Protocol: SSL of course.

Storefront Servers: enter the 2 IP of your Storefront servers.

Port: 443 (or other if you know what you do).

Check Load Balancing to create an LB server.

Virtual Server: enter the IP address desired for your load balancer server.

AGEEBlog6

Then, enter the farm information. Nothing specific here except that you can load balance XML service here too checking the box and entering an IP for this new Load Balancer.

AGEEBlog7

You can then apply optimizations.

AGEEBlog8

Depending on your licences, you may encounter this warning message:

AGEEBlog9

On NetScaler 10.1 Build 120.13 (and maybe others…), there is a bug. The load balancer’s monitor is not set to secure. You have to create a new one. Connect to your NetScaler through SSH and create a new Load Balancer:

add lb monitor storefront_ssl STOREFRONT -storename YOURSTORENAME -storefrontacctservice YES -secure YES

From the NetScaler console, link this New LB to the load Balancer created by the wizard.

That’s it for today.

Don’t hesitate to comment if you want more information on this quick guide.

Regards.
Jerome.

Advertisements

Citrix, mobility & virtualization @Work / father, husband & geek @home

Tagged with: , , , ,
Posted in Citrix
2 comments on “Storefront 2.1 – Step by Step from install to secure (3/3)
  1. Matt says:

    Hello Jerome, awesome article. I have installed Storefront on my console and I was just wondering do I create a separate server certificate to authenticate users or is it possible to use one that I purchased from Go-Daddy for both the Netscaler and the Storefront Server.

    Thanks

    • jeromequief says:

      Hi Matt,
      Thanks for your comment. I recommend you to use the same certificate on the Netscaler and on the Storefront. And, for best result, change the DNS resolution on each Storefront resolving the Storefront load balancer name (storefront.domain.com) with the local IP of the Storefront server.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: