Nowadays, in a lot of companies, the IT environment is way more important than it was a few years ago. The IT environment is one of the primary processes. For example, the order system or the e-mails need to be fully functional 24 hours a day, 7 days a week. This makes it hard for the IT department to perform maintenance or migrations, for example.
Because of this, companies need to invest more money in the IT environment to make sure that it is fully functional at any time, for example, with data centers at different locations. This data center could be on the other side of the building or at a separate location. This separated location could be a colocation provider, for example.
When implementing a second or a third data center, we also need to be aware of the changes that need to be made to the environment. All data centers need to be connected with each other through a good connection with a high capacity to transfer data between the data center locations.
Also, we need to think about whether the secondary data center will be in an active/active configuration or an active/passive configuration. In an active/active configuration, it's possible to let users connect to both data centers. In active/passive mode, only one data center will be available for the user; if the current active data center stops running, the IT department can switch over to the passive data center.
Depending on the needs and the available finances, we need to consider whether the IT environment should be in active/active or active/passive mode. Also, between the active/passive functionality we can make a difference. This is because it's possible to have the passive data center start up automatically when the primary data center stops running.
Normally, the storage will always be in an active/active configuration. This is because if the active data center stops running, we don't like to use old data when running on the passive data center.
When we have an active/active data center or an active/passive data center with automatic failover, we need to think about whether the users have a connection to the environment. In the case of Citrix, all users are connected through Citrix StoreFront or the Citrix NetScaler Gateway functionality. The user connects through the Citrix Receiver or through a web browser to the environment. So basically, the user is connecting through HTTP or HTTPs traffic to a Fully Qualified Domain Name (FQDN). This FQDN will be translated by the DNS server into an IP address. In the case of an active/active data center configuration, or when the environment is configured with different IP addresses, we need at least two IP addresses available for Citrix StoreFront and Citrix NetScaler Gateway in every data center.
Because of these different IP addresses, users don't know how to connect should there be a problem. The GSLB functionality can help us with this issue. With GSLB, we can use different IP addresses; if there is a problem, the GSLB functionality recognizes this and disables one of the IP addresses.
In the next diagram, we can find an active/active Citrix environment configuration based on the Citrix NetScaler Enterprise or Platinum license. In this configuration, we're using Citrix NetScaler to determine whether the user is logging in.
Global server load balancing is configured on the fastest response time, which means that the fastest data center will respond to the user.
In every data center, we're using Citrix NetScaler to load balance Citrix StoreFront, the Citrix Data Collectors, and the Active Directory with failover to the other data center. These failover virtual servers will be used only if the servers in their own data center stop running. This ensures that there is no single point of failure.
As discussed in Chapter 1, Configuring the Standard Features of NetScaler ®, we need to perform a callback from the Citrix StoreFront server to Citrix NetScaler. When using GSLB, it could be possible that the callback functionality is sent to the other data center.
To arrange this, we're installing a separate Citrix NetScaler Gateway virtual server; it will be used only for the callback. This ensures that always the correct Citrix NetScaler Gateway will be contacted. This Citrix NetScaler Gateway virtual server for callback needs a separate URL, for example, dc1-citrix.company.com
.
The Citrix StoreFront environment will be configured as a separated server group per data center. We're creating separated server groups per data center because we need to make some adjustments to each data center to ensure some settings. As server farms in Citrix StoreFront, we will create two farms, one per data center. Since the same applications/desktops are running in both data centers, we will see all the appliances double; this is because we're searching in two server farms. With a little adjustment from Citrix StoreFront, we will display only the primary server farm (the Citrix environment) in its own data center. This customization needs to be done on all the Citrix StoreFront servers manually.
The following configuration items will be used:
citrix.company.com
: This is the Citrix NetScaler GSLB virtual server that provides the FQDN that users enter in their browser in order to locate their desktops or applications. This URL is configured for active/active GSLB across both datacenters. Load balancing will be based on health monitoring and fastest response time.datacenter1-citrix.company.com
: This is a Citrix NetScaler Gateway virtual server that refers to the Citrix NetScaler Gateway virtual server hosted in Datacenter 1. This virtual server will be used for ICA Proxy traffic to Datacenter 1. It will be configured in an active/passive GSLB configuration, where traffic will only be routed to Datacenter 2 in the event that Datacenter 1 is inaccessible.datacenter2-citrix.company.com
: This is a Citrix NetScaler Gateway virtual server that refers to the Citrix NetScaler Gateway virtual server hosted in Datacenter 2. This Citrix NetScaler Gateway virtual server will be used for ICA Proxy traffic to Datacenter 2. It will be configured in an active/passive GSLB configuration, where traffic will only be routed to Datacenter 1 in the event that Datacenter 2 is inaccessible.datacenter1-callback.company.com
(Citrix NetScaler Gateway virtual server in Datacenter 1)datacenter2-callback.company.com
(Citrix NetScaler Gateway virtual server in Datacenter 2)In order to let Citrix StoreFront run in a multisite configuration, we need to adjust web.config
in the C:inetpubwwwrootCitrixstorename
directory, where storename
is the name specified for the store when it was created.
These adjustments can't be made through the GUI because they are not implemented yet. To ensure that the user sees the published applications and desktops from only one data center, the published applications and desktops will become visible only when the primary data centers closest to the data center are not able to host Citrix XenApp/XenDesktop sessions.
Search for this code in web.config
:
<resourcesWingConfigurations> <resourcesWingConfiguration name="Default" wingName="Default" /> </resourcesWingConfigurations>
Change it to the following:
<resourcesWingConfigurations> <resourcesWingConfiguration name="Default" wingName="Default"> <userFarmMappings> <clear /> <userFarmMapping name="user_mapping"> <groups> <group name="domainusergroup" sid="securityidentifier" /> <group ... /> ... </groups> <equivalentFarmSets> <equivalentFarmSet name="setname" loadBalanceMode="{LoadBalanced | Failover}" aggregationGroup="aggregationgroupname"> <primaryFarmRefs> <farm name="primaryfarmname" /> </primaryFarmRefs> <backupFarmRefs> <farm name="backupfarmname" /> </backupFarmRefs> </equivalentFarmSet> </equivalentFarmSets> </userFarmMapping> </userFarmMappings> </resourcesWingConfiguration> </resourcesWingConfigurations>
The new web.config
contains some new features that make it possible to have a multisite configuration. The parameters that are highlighted need to be filled in and can be found here:
userFarmMapping
: In this section, we can configure the users to access for this type of deployment. It controls user access to resources by using the Microsoft Active Directory user groups to the specified groups of deployments. Normally, this would be the Domain Users group.groups
: This is the same as userFarmMapping
, but here the names and security identifiers (SIDs) of Active Directory user groups will be used. Make sure that the username is entered in the domain/usergroup format.equivalentFarmSet
: The equivalentFarmSet
contains the actual information that Citrix StoreFront uses to configure the multisite configuration. The loadBalanceMode
determines the allocation of users in the deployment configuration. When the value is set to LoadBalanced
, Citrix StoreFront distributes users across all the available deployments. When the value is set to Failover
, users are connected to the first available deployment in the order in which they are listed in the configuration.Set the value of the loadBalanceMode
attribute to LoadBalanced
to randomly assign users to deployments in the equivalent deployment set, evenly distributing users across all the available deployments. When the value of the loadBalanceMode
attribute is set to Failover
, users are connected to the first available deployment in the order in which they are listed in the configuration, minimizing the number of deployments in use at any given time.
primaryFarmRefs
: This value will contain the farm of the primary farm configured in Citrix StoreFront. The name or names that will be used as the primary farm need to exactly match the names that we entered in the Citrix StoreFront configuration.backupFarmRefs
: This value contains the secondary farm configured in Citrix StoreFront. This backpFarmRefs
value will be used only when the primary farm doesn't respond anymore.To make sure that the Citrix StoreFront server uses the Citrix NetScaler Gateway that is in the same data center, we need to configure this in the web.config
configuration file. So, this configuration contains information on which Citrix NetScaler Gateway should be used closest to the Citrix StoreFront server.
Search for the following code in web.config
:
<optimalGatewayForFarmsCollection />
Change it to this:
<optimalGatewayForFarmsCollection> <optimalGatewayForFarms enabledOnDirectAccess="{true | false}"> <farms> <farm name="farmname" /> </farms> <optimalGateway key="_" name="deploymentname" stasUseLoadBalancing="{true | false}" stasBypassDuration="hh:mm:ss" enableSessionReliability="{true | false}" useTwoTickets="{true | false}"> <hostnames> <add hostname="appliancefqdn:port" /> </hostnames> <staUrls> <add staUrl="https://stapath/scripts/ctxsta.dll" /> </staUrls> </optimalGateway> </optimalGatewayForFarms> <optimalGatewayForFarms> ... </optimalGatewayForFarms> </optimalGatewayForFarmsCollection>
The new web.config
file contains some new features that make it possible to use the optimal Citrix NetScaler Gateway. The parameters that are highlighted need to be filled in and can be found here:
optimalGatewayForFarms
: Set the value of the enabledOnDirectAccess
attribute to true
to ensure that local users on the internal network log on to StoreFront directly. All the requested connections to their resources are routed through the optimal Citrix NetScaler Gateway appliance for the deployment. When the value of the enabledOnDirectAccess
attribute is set to false
, the connections to resources are not routed through the optimal Citrix NetScaler Gateway appliance unless users access StoreFront through the NetScaler Gateway.farms
: This specifies the server farms that share a common optimal Citrix NetScaler Gateway appliance.optimalGateway
: This specifies the configuration details of the optimal Citrix NetScaler Gateway appliance for users so as to access resources. Enter a name for the Citrix NetScaler Gateway appliance that helps you identify it.Set the value of the stasUseLoadBalancing
attribute to true
to randomly obtain session tickets from all STAs. When the value of the stasUseLoadBalancing
attribute is set to false
, users are connected to the first available STA in the order in which they are listed in the configuration. Use the stasBypassDuration
attribute to set the time period for which an STA is considered unavailable after a failed request.
To keep disconnected sessions open while Citrix Receiver attempts to reconnect automatically, set the value of the enableSessionReliability
attribute to true
. If we configure multiple STAs and want to ensure that session reliability is always available, we set the value of the useTwoTickets
attribute to true
to obtain session tickets from two different STAs just in case one STA becomes unavailable during the session.
hostnames
: This specifies the fully qualified domain name and port of the optimal NetScaler Gateway appliance.staUrls
: This specifies the URLs for the Citrix XenDesktop or XenApp that runs the Secure Ticket Authority (STA) in the environment. Choose the STA closest matching in the Citrix StoreFront data center.Citrix XenApp/XenDesktop users are able to subscribe to applications that they want to see as default. These subscriptions are stored in the database on the Citrix StoreFront servers. Because we will create a server group per data center, we need to make sure that the database will be synchronized between the data centers. This synchronization will make sure that all subscribed applications are visible in all data centers.
The subscription synchronization can be configured as follows:
Import-Module "C:Program FilesCitrixReceiver StoreFrontManagementCmdletsUtilsModule.psm1" Import-Module "C:Program FilesCitrixReceiver StoreFrontManagementCmdletsSubscriptionSyncModule.psm1"
Add-DSSubscriptionsRemoteSyncCluster –clusterName deploymentname –clusterAddress deploymentaddress
Here, deploymentname
is the name that helps identify the other data center, and deploymentaddress
is the accessible address of the Citrix StoreFront server or Citrix NetScaler load balancing virtual server for the other data center.
Add-DSSubscriptionsRemoteSyncStore –clusterName deploymentname –storeName storename
Here, deploymentname
is the name that helps identify the other data center, and storeName
is the name specified for both the local and remote stores when they were created.
Add-DSSubscriptionsSyncReoccuringSchedule –scheduleName synchronizationname –startTime hh:mm:ss -repeatMinutes interval
Here, synchronizationname
is a name that helps identify the schedule that we're creating. Use the -startTime
setting to specify the delay in hours, minutes, and seconds before the new schedule becomes active. For the interval option, specify the time in minutes between each synchronization in the repeatMinutes
value.
CitrixSubscriptionSyncUsers
on the current Citrix StoreFront server.Restart-DSSubscriptionsStoreSubscriptionService