Creating a Load Balanced Multi-Node Citrix StoreFront 2.0 Server Group with NetScaler Gateway 10.1!

Share Button

Over a year ago I wrote a blog post covering the recently released Citrix Receiver StoreFront 1.0 at the time, which can be found here. Much has changed in the world of Citrix technologies in a year and a half, and I felt it was time to provide an update for the new Citrix StoreFront 2.0 which among other major enhancements has removed the Microsoft SQL database requirement!! Horray! Here’s the updated architectural overview that I will be covering in this blog post:

StoreFront2.0

Additionally, you’ll notice updated vernacular relating to the Access Gateway component as CAG VPX (v5.0.x) can be safely disregarded. If you or a customer you know are still running the 5.0.x code (CAG 2010 for example), here’s your wake up call that it’s time to migrate off that legacy platform (sorry to burst your bubble!).  Furthermore, I won’t be covering that platform in any future blog posts, including this one. This article will be highlighting the new NetScaler 10.1 codebase including the rebranded “NetScaler Gateway” which is essentially Access Gateway Enterprise Edition (v10.1) without the advanced Load Balancing functionality. Keep in mind NetScaler Gateway can be purchased as a virtual appliance (VPX) for the low, low price of $995 list price.  At $2,000 for an HA pair, you have no more excuses to stay on the CAG platform, so now’s the time to start migrating!

Let’s get started with the basic installation. StoreFront 2.0 can be found on the XenDesktop 7.0 installation media, or can be downloaded as a separate installer from MyCitrix.com Downloads. You can find it under “StoreFront/Web Interface” –> “StoreFront”.  Simply click the StoreFront 2.0 link found here:

STORE-0000

Review the eDocs if you need to and click Download to get started. Store this download in a safe place, we’ll be using it throughout this article:

STORE-0001

As with all components in XenDesktop 7.0, Windows Server 2012 is fully supported, so I will be using that platform as my preferred choice for this article. Double click the installer or Run as Administrator if UAC is enabled:

STORE-0002

Accept the lice nse agreement and click Next:

STORE-0003

Click Next:

STORE-0004

Click Install:

STORE-0005

When completed, click Finish:

STORE-0006

If you’re a little more inclined to use command line switches to perform installations, you can optionally use the –silent switch from an elevated command prompt, however this option will not provide any progress indicators:

STORE-0007

Repeat the above process on all servers in the server group and we will proceed below. Before we get started, we should create the DNS record (friendly name for the VIP) and the load balancer virtual servers. For my internal friendly name, I’ll use storefront.ws12.com:

STORE-0008

For the external friendly name, I recommend a different name than internal as I have seen issues in StoreFront 1.x when the same name was used for internal access to StoreFront and external access to Access Gateway. For my external friendly name, I’ll use go.ws12.com:

STORE-0009

Next, I’ll go ahead and create the Load Balancing virtual server (VIP) using simple HTTP monitors for the time being. It’s important when creating these LB services that we use the Client IP Headers. When creating the LB Service, this can be found on the Advanced tab. Check the box under Settings to Override Global, check the box to enable Client IP and in the Header text box enter “X-Forwarded-for”:

STORE-0010

For the Persistence method we want to use COOKIEINSERT (Optionally you can increase the time-out from the default 2 minutes) with a backup persistence method of SOURCEIP:

STORE-0011

Review to ensure that all services have been added appropriately. After we’ve configured the StoreFront sites, I’ll come back and update the monitors to use the built-in StoreFront monitors for NetScaler 10.1:

STORE-0013

Let’s start in the console by launching Citrix StoreFront from the start menu of the first server. Click Create a new deployment:

STORE-0014

If you have an SSL certificate, you can either offload at the load balancer or pass the SSL traffic directly through to the StoreFront servers.  I’ve tested with both options, both are supported. For this demo, I’ll be using HTTP load balancing without SSL certificate to keep the configuration simple. Use the friendly name of the load balanced VIP (http://storefront.ws12.com):

STORE-0015

I recommend keeping the first Store named “Store” as a starting point. This will come in hand down the road when you do things like e-mail/DNS based discovery:

STORE-0016

Add your delivery controllers and multiple XenApp/XenDesktop sites as appropriate (XenDesktop 7 in my case).  If you have a NetScaler load balancer available, I recommend load balancing the XML services to provide more advanced monitoring than built-in StoreFront capabilities:

STORE-0017

Review the Sites/Farms and click Next:

STORE-0018

For a NetScaler Gateway based deployment, I typically recommend No VPN Tunnel unless you plan on using the Access Gateway plug-ins for SSL VPN. Click Add to configure the NetScaler Gateway (this can always be configured at a later time):

STORE-0019

Enter the appropriate information, most importantly the URLs and Subnet IP.  If you’re unsure of the Subnet IP, this can be found under the Network –> IPs section within the NetScaler GUI.  Ensure that all of these URLs are resolvable to the Access Gateway Virtual IP (VIP), otherwise your deployment may fail. Click Next:

STORE-0020

Add the applicable Secure Ticket Authorities using the Fully Qualified Domain Names. Click Create once all have been added:

STORE-0021

Review the Remote Access configuration and click Create:

STORE-0022

When completed, click Finish:

STORE-0023

Before we go any further, now is an opportune time to configure the server group. Expand the tree and select Server Group. Click Add Server on the right action pane:

STORE-0024

Copy the Authorization code to your clipboard, we’ll need to enter this on the second server in the group:

STORE-0025

On the second server, launch the StoreFront console and select Join existing server group:

STORE-0026

Enter the DNS name of the authorizing server (first server) and paste the Authorization code. Click Join:

STORE-0027

Unlike previous versions of StoreFront, the user interface in v2.0 is very intuitive, showing detailed progress along the way:

STORE-0028

Provided successful, at the end a status message will indicate that the server was joined successfully. From this point forward, I would recommend changes ONLY be made from the first server, then propagated out to the additional servers. If desired, you could even disable logons for the second and subsequent servers.

STORE-0029

On the first server, a similar confirmation is displayed:

STORE-0030

Propagation automatically occurs when the additional servers are joined now, but after any changes are made, you can come back to this section and manual initiate a synchronization by clicking Propagate Changes in the actions pane:

STORE-0031

Additionally, many of the manual activities in previous builds such as configuring authentication sources, beacons, etc. are handled automatically now when using the welcome wizard. This definitely helps and cuts down on the manual steps to build a StoreFront server group.

STORE-0032

Outside of this, the only additional changes that I like to make are to enable HTML5 access. The HTML5 Engine components are now automatically installed with StoreFront 2, but need to be manually enabled. To do this, navigate to the Receiver for Web section and click Deploy Citrix Receiver:

STORE-0033

Change the option to Use Receiver for HTML5 if local install fails from the default (Install locally) and click OK

STORE-0035

Once this change is made, you’ll need to manually propagate changes using the procedures mentioned above. Now that we have StoreFront sites created, we can proceed with configuration of the NetScaler monitors for StoreFront. To configure the LB Monitors, expand Virtual Servers and Services, right click on Monitors and click Add:

STORE-0035

We’ll need to add a monitor for every server in the server group. You can use either IP addresses or DNS names, depending on NetScaler DNS resolution to internal providers. I personally prefer IP addresses as LB VIPs are typically tied to IP addresses anyway. Create a unique name for each monitor, for example IPAddress_StoreFront and select StoreFront at the end of the Type drop-down:

STORE-0037

Click the Special Parameters tab and enter http://IPAddress for the host name. Enter the Store name, typically “Store” and be sure to leave Storefront Account Service unchecked. (Note: I tried checking this and the monitor would consistently show DOWN. I checked documentation and I’m not quite sure what this LB Monitor feature does. Perhaps a deprecated component from StoreFront 1.x?  Not sure. Just trust me and leave it unchecked.) Click Create and repeat this process for any additional servers in the server group.

STORE-0040

Finally, we need to go back to each of our Virtual Services and change the monitor from TCP or HTTP to the StoreFront monitor. You can optionally leave multiple monitors with weights, but I figure if the StoreFront monitor is responding, it’s good enough by me:

STORE-0041

Apply the new monitor, save the config, and make sure all the LB services and VIP are showing operational. To test out the new monitor, I stopped the Citrix* IIS Application Pools. As expected, IIS was still responding on HTTP Port 80, but all Citrix StoreFront services were down. Equally expected, the LB Service displayed down within the UI. Optionally at this point you can apply your IIS HTTP Redirects to take the users to /Citrix/StoreWeb.  Compared to my previous article on StoreFront 1.0, hopefully you can appreciate how much simpler the end-to-end setup is with StoreFront 2.0 and NetScaler 10.1!

As always, if you have any questions, comments, or just want to leave feedback, please do so below.  Thanks for reading!

–youngtech

Share Button
  1. DavidDavid04-29-2015

    At what point to you configure the Access Gateway on your External Netscaler? There is no mention of what you did with the external friendly name and IP 10.0.1..123???
    What policies did you use on the External AG? How did you get the traffic to the internal Netscaler VIP that load balances the StoreFront servers on your internal network?

Leave a Reply