Configure HA-INC nodes by using the Citrix high availability template for internet-facing applications

March 1, 2023

Contributed by:

C S

You can quickly and efficiently deploy a pair of VPX instances in HA-INC mode by using the standard template for internet-facing applications. The Azure load balancer (ALB) uses a public IP address for the front end. The template creates two nodes, with three subnets and six NICs. The subnets are for management, client, and server-side traffic. Each subnet has two NICs for both the VPX instances.

You can get the Citrix ADC HA pair template for internet-facing applications at theAzure Marketplace.

Complete the following steps to launch the template and deploy a high availability VPX pair by using Azure availability sets or availability zone.

From the Azure Marketplace, searchCitrix ADC.
ClickGET IT NOW.
Select the required HA deployment along with license, and clickContinue.
TheBasicspage appears. Create a Resource Group. Under theParameterstab, enter details for the Region, Admin user name, Admin Password, license type (VM SKU), and other fields.
ClickNext : VM Configurations >.
On theVM Configurationspage, perform the following:
- Configure public IP domain name suffix
- Enable or disableAzure Monitoring Metrics
- Enable or disableBackend Autoscale
ClickNext: Network and Additional settings >
OnNetwork and Additional Settingspage, create Boot diagnostics account and configure the network settings.
ClickNext: Review + create >.
Review the basic settings, VM configuration, network and additional settings, and clickCreate.
It might take a moment for the Azure Resource Group to be created with the required configurations. After completion, select the Resource Group in the Azure portal to see the configuration details, such as LB rules, back-end pools, and health probes. The high availability pair appears ascitrix-adc-vpx-0andcitrix-adc-vpx-1.
If further modifications are required for your HA setup, such as creating more security rules and ports, you can do that from the Azure portal.
Once the required configuration is complete, the following resources are created.
You must log on tocitrix-adc-vpx-0andcitrix-adc-vpx-1节点验证以下配置:
- NSIP addresses for both nodes must be in the management subnet.
- On the primary (citrix-adc-vpx-0) and secondary (citrix-adc-vpx-1) nodes, you must see two SNIP addresses. One SNIP (client subnet) is used for responding to the ALB probes and the other SNIP (server subnet) is used for back-end server communication.
Note

In the HA-INC mode, the SNIP addresses of the citrix-adc-vpx-0 and citrix-adc-vpx-1 VMs are different, unlike with the classic on-premises ADC high availability deployment where both are the same.

On the primary node (citrix-adc-vpx-0)
On the secondary node (citrix-adc-vpx-1)
After the primary and secondary nodes are UP and the Synchronization status isSUCCESS, you must configure the load balancing virtual server or the gateway virtual server on the primary node (citrix-adc-vpx-0) with the public IP address of the ALB virtual server. For more information, see theSample configurationsection.
To find the public IP address of ALB virtual server, navigate toAzure portal > Azure Load Balancer > Frontend IP configuration.
Add the inbound security rule for virtual server port 443 on the network security group of both the client interfaces.
Configure the ALB port that you want to access, and create inbound security rule for the specified port. The Backend port is your load balancing virtual server port or the VPN virtual server port.
Now, you can access the load balancing virtual server or the VPN virtual server using the fully qualified domain name (FQDN) associated with the ALB public IP address.

Sample configuration

To configure a gateway VPN virtual server and load balancing virtual server, run the following commands on the primary node (ADC-VPX-0). The configuration auto synchronizes to the secondary node (ADC-VPX-1).

Gateway sample configuration

              enable feature aaa LB SSL SSLVPN add ip 52.172.55.197 255.255.255.0 -type VIP add vpn vserver vpn_ssl SSL 52.172.55.197 443 add ssl certKey ckp -cert cgwsanity.cer -key cgwsanity.key bind ssl vserver vpn_ssl -certkeyName ckp 
             

Load balancing sample configuration

              enable feature LB SSL enable ns mode MBF add lb vserver lb_vs1 SSL 52.172.55.197 443 bind ssl vserver lb_vs1 -certkeyName ckp 
             

You can now access the load balancing or VPN virtual server using the FQDN associated with the public IP address of ALB.

See theResourcessection for more information about how to configure the load balancing virtual server.

Resources:

The following links provide additional information related to HA deployment and virtual server configuration:

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Configure HA-INC nodes by using the Citrix high availability template for internet-facing applications

March 1, 2023

Contributed by:

C S

March 1, 2023

Contributed by:

C S

Configure HA-INC nodes by using the Citrix high availability template for internet-facing applications

Sample configuration

In this article