Getting Started with Citrix ADC
Deploy a Citrix ADC VPX instance
Install a Citrix ADC VPX instance on Microsoft Hyper-V servers
Install a Citrix ADC VPX instance on Linux-KVM platform
Prerequisites for Installing Citrix ADC VPX Virtual Appliances on Linux-KVM Platform
Provisioning the Citrix ADC Virtual Appliance by using OpenStack
Provisioning the Citrix ADC Virtual Appliance by using the Virtual Machine Manager
Configuring Citrix ADC Virtual Appliances to Use SR-IOV Network Interface
Configuring Citrix ADC Virtual Appliances to use PCI Passthrough Network Interface
Provisioning the Citrix ADC Virtual Appliance by using the virsh Program
Provisioning the Citrix ADC Virtual Appliance with SR-IOV, on OpenStack
Configuring a Citrix ADC VPX Instance on KVM to Use OVS DPDK-Based Host Interfaces
Deploy a Citrix ADC VPX instance on Microsoft Azure
Network architecture for Citrix ADC VPX instances on Microsoft Azure
Configure multiple IP addresses for a Citrix ADC VPX standalone instance
Configure a high-availability setup with multiple IP addresses and NICs
Configure a high-availability setup with multiple IP addresses and NICs by using PowerShell commands
Configure address pools (IIP) for a Citrix Gateway appliance
Upgrade and downgrade a Citrix ADC appliance
Solutions for Telecom Service Providers
Load Balance Control-Plane Traffic that is based on Diameter, SIP, and SMPP Protocols
Provide Subscriber Load Distribution Using GSLB Across Core-Networks of a Telecom Service Provider
非盟thentication, authorization, and auditing application traffic
Configuring authentication, authorization, and auditing policies
Configuring Authentication, authorization, and auditing with commonly used protocols
Use an on-premises Citrix Gateway as the identity provider for Citrix Cloud
Troubleshoot authentication issues in Citrix ADC and Citrix Gateway with aaad.debug module
-
-
-
-
-
Persistence and persistent connections
广告vanced load balancing settings
Gradually stepping up the load on a new service with virtual server–level slow start
Protect applications on protected servers against traffic surges
Retrieve location details from user IP address using geolocation database
Use source IP address of the client when connecting to the server
Use client source IP address for backend communication in a v4-v6 load balancing configuration
Set a limit on number of requests per connection to the server
Configure automatic state transition based on percentage health of bound services
Use case 2: Configure rule based persistence based on a name-value pair in a TCP byte stream
Use case 3: Configure load balancing in direct server return mode
Use case 6: Configure load balancing in DSR mode for IPv6 networks by using the TOS field
Use case 7: Configure load balancing in DSR mode by using IP Over IP
Use case 10: Load balancing of intrusion detection system servers
Use case 11: Isolating network traffic using listen policies
Use case 12: Configure Citrix Virtual Desktops for load balancing
Use case 13: Configure Citrix Virtual Apps for load balancing
Use case 14: ShareFile wizard for load balancing Citrix ShareFile
-
-
-
-
非盟thentication and authorization
-
Configuring a CloudBridge Connector Tunnel between two Datacenters
Configuring CloudBridge Connector between Datacenter and AWS Cloud
Configuring a CloudBridge Connector Tunnel Between a Datacenter and Azure Cloud
Configuring CloudBridge Connector Tunnel between Datacenter and SoftLayer Enterprise Cloud
Configuring a CloudBridge Connector Tunnel Between a Citrix ADC Appliance and Cisco IOS Device
CloudBridge Connector Tunnel Diagnostics and Troubleshooting
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde.(Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique.(Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica.(Aviso legal)
此内容已经过机器动态翻译。放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다.책임 부인
Este texto foi traduzido automaticamente.(Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt.(Haftungsausschluss)
Ce article a été traduit automatiquement.(Clause de non responsabilité)
Este artículo ha sido traducido automáticamente.(Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
佐薇ne Maintenance
From a DNSSEC perspective, zone maintenance involves rolling over zone signing keys and key signing keys when key expiry is imminent. These zone maintenance tasks must be performed manually. The zone is re-signed automatically and does not require any manual intervention.
Re-sign an updated zone
When a zone is updated (add a record or modify an existing record), the appliance automatically re-signs the new (or modified) record. If a zone contains multiple zone signing keys, the appliance re-signs the new (or modified) record with the key used to sign the zone.
Roll over DNSSEC keys
Note:Manually roll over the DNSSEC keys (KSK, ZSK) before they expire.
On the Citrix ADC, you can use the prepublish and double signature methods to perform a rollover of the zone signing key and key signing key. More information about these two rollover methods is available in RFC 4641, “DNSSEC Operational Practices.”
The following topics map commands on the ADC to the steps in the rollover procedures discussed in RFC 4641.
The key expiry notification is sent through an SNMP trap called dnskeyExpiry. Three MIB variables, dnskeyName, dnskeyTimeToExpire, and dnskeyUnitsOfExpiry are sent along with the dnskeyExpiry SNMP trap. For more information, seeCitrix NetScaler SNMP OID ReferenceatNetScaler 12.0 SNMP OID Reference.
Prepublish key rollover
RFC 4641, “DNSSEC Operational Practices” defines four stages for the prepublish key rollover method: initial, new DNSKEY, new RRSIGs, and DNSKEY removal. Each stage is associated with a set of tasks that you must perform on the ADC. Following are the descriptions of each stage and the tasks that you must perform. The rollover procedure described here can be used for both key signing keys and zone signing keys.
Stage 1: Initial.The zone contains only those key sets with which the zone has currently been signed. The state of the zone in the initial stage is the state of the zone just before you begin the key rollover process.
Example:
Consider the key, example.com.zsk1, with which the zone example.com is signed. The zone contains only those RRSIGs generated by the example.com.zsk1 key, which is due for expiry. The key signing key is example.com.ksk1.
Stage 2: New DNSKEY.A new key is created and published in the zone (that is, the key is added to the ADC), but the zone is not signed with the new key until the pre-roll phase is complete. In this stage, the zone contains the old key, the new key, and the RRSIGs generated by the old key. Publishing the new key for the complete duration of the pre-roll phase gives the DNSKEY resource record (that corresponds to the new key) enough time to propagate to the secondary name servers.
Example:
A new key example.com.zsk2 is added to the example.com zone. The zone is not signed with example.com.zsk2 until the pre-roll phase is complete. The example.com zone contains DNSKEY resource records for both example.com.zsk1 and example.com.zsk2.
Citrix ADC commands:
Perform the following tasks on the ADC:
Create a DNS key by using the
create dns key
command.For more information about creating a DNS key, including an example, seeCreate DNS keys for a zone.
Publish the new DNS key in the zone by using the
add dns key
command.For more information about publishing the key in the zone, including an example, seePublish a DNS key in a zone.
Stage 3: New RRSIGs.The zone is signed with the new DNS key and then unsigned with the old DNS key. The old DNS key is not removed from the zone and remains published until the RRSIGs generated by the old key expire.
Example:
The zone is signed with example.com.zsk2 and then unsigned with example.com.zsk1. The zone continues to publish example.com.zsk1 until the RRSIGs generated by example.com.zsk1 expire.
Citrix ADC commands:
Perform the following tasks on the ADC:
- 签署的区域新的DNS键使用
sign dns zone
command. - Unsign the zone with the old DNS key by using the
unsign dns zone
command.
For more information about signing and unsigning a zone, including examples, seeSign and unsign a DNS zone.
- 签署的区域新的DNS键使用
Stage 4: DNSKEY Removal.When the RRSIGs generated by the old DNS key expire, the old DNS key is removed from the zone.
Example:
The old DNS key example.com.zsk1 is removed from the example.com zone.
Citrix ADC commands
On the ADC, you remove the old DNS key by using the
rm dns key
command. For more information about removing a key from a zone, including an example, seeRemove a DNS key.
Double signature key rollover
RFC 4641, “DNSSEC Operational Practices” defines three stages for double signature key rollover: initial, new DNSKEY, and DNSKEY removal. Each stage is associated with a set of tasks that you must perform on the ADC. Following are the descriptions of each stage and the tasks that you must perform. The rollover procedure described here can be used for both key signing keys and zone signing keys.
Stage 1: Initial.The zone contains only those key sets with which the zone has currently been signed. The state of the zone in the initial stage is the state of the zone just before you begin the key rollover process.
Example:
Consider the key, example.com.zsk1, with which the zone example.com is signed. The zone contains only those RRSIGs generated by the example.com.zsk1 key, which is due for expiry. The key signing key is example.com.ksk1.
Stage 2: New DNSKEY.The new key is published in the zone and the zone is signed with the new key. The zone contains the RRSIGs that are generated by the old and the new keys. The minimum duration for which the zone must contain both sets of RRSIGs is the time required for all the RRSIGs to expire.
Example:
A new key example.com.zsk2 is added to the example.com zone. The zone is signed with example.com.zsk2. The example.com zone now contains the RRSIGs generated from both keys.
Citrix ADC commands
Perform the following tasks on the ADC:
Create a DNS key by using the
create dns key
command.For more information about creating a DNS key, including an example, seeCreate DNS keys for a zone.
Publish the new key in the zone by using the
add dns key
command.For more information about publishing the key in the zone, including an example, seePublish a DNS key in a zone.
Sign the zone with the new key by using the
sign dns zone
command.For more information about signing a zone, including examples, seeSign and unsign a DNS zone.
Stage 3: DNSKEY Removal.When the RRSIGs generated by the old DNS key expire, the old DNS key is removed from the zone.
Example:
The old DNS key example.com.zsk1 is removed from the example.com zone.
Citrix ADC commands:
On the ADC, you remove the old DNS key by using the
rm dns key
command.For more information about removing a key from a zone, including an example, seeRemove a DNS key.
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select Do Not Agree to exit.