Nowadays, in a lot of companies, the IT environment is way more important than it was a few years ago. The IT environment is one of the primary processes. For example, the order system or the e-mails need to be fully functional 24 hours a day, 7 days a week. This makes it hard for the IT department to perform maintenance or migrations, for example.
Because of this, companies need to invest more money in the IT environment to make sure that it is fully functional at any time, for example, with data centers at different locations. This data center could be on the other side of the building or at a separate location. This separated location could be a colocation provider, for example.
When implementing a second or a third data center, we also need to be aware of the changes that need to be made to the environment. All data centers need to be connected with each other through a good connection with a high capacity to transfer data between the data center locations.
Also, we need to think about whether the secondary data center will be in an active/active configuration or an active/passive configuration. In an active/active configuration, it's possible to let users connect to both data centers. In active/passive mode, only one data center will be available for the user; if the current active data center stops running, the IT department can switch over to the passive data center.
Depending on the needs and the available finances, we need to consider whether the IT environment should be in active/active or active/passive mode. Also, between the active/passive functionality we can make a difference. This is because it's possible to have the passive data center start up automatically when the primary data center stops running.
Normally, the storage will always be in an active/active configuration. This is because if the active data center stops running, we don't like to use old data when running on the passive data center.
When we have an active/active data center or an active/passive data center with automatic failover, we need to think about whether the users have a connection to the environment. In the case of Citrix, all users are connected through Citrix StoreFront or the Citrix NetScaler Gateway functionality. The user connects through the Citrix Receiver or through a web browser to the environment. So basically, the user is connecting through HTTP or HTTPs traffic to a Fully Qualified Domain Name (FQDN). This FQDN will be translated by the DNS server into an IP address. In the case of an active/active data center configuration, or when the environment is configured with different IP addresses, we need at least two IP addresses available for Citrix StoreFront and Citrix NetScaler Gateway in every data center.
Because of these different IP addresses, users don't know how to connect should there be a problem. The GSLB functionality can help us with this issue. With GSLB, we can use different IP addresses; if there is a problem, the GSLB functionality recognizes this and disables one of the IP addresses.
In the next diagram, we can find an active/active Citrix environment configuration based on the Citrix NetScaler Enterprise or Platinum license. In this configuration, we're using Citrix NetScaler to determine whether the user is logging in.
Global server load balancing is configured on the fastest response time, which means that the fastest data center will respond to the user.
In every data center, we're using Citrix NetScaler to load balance Citrix StoreFront, the Citrix Data Collectors, and the Active Directory with failover to the other data center. These failover virtual servers will be used only if the servers in their own data center stop running. This ensures that there is no single point of failure.
As discussed in Chapter 1, Configuring the Standard Features of NetScaler ®, we need to perform a callback from the Citrix StoreFront server to Citrix NetScaler. When using GSLB, it could be possible that the callback functionality is sent to the other data center.
To arrange this, we're installing a separate Citrix NetScaler Gateway virtual server; it will be used only for the callback. This ensures that always the correct Citrix NetScaler Gateway will be contacted. This Citrix NetScaler Gateway virtual server for callback needs a separate URL, for example, dc1-citrix.company.com.
The Citrix StoreFront environment will be configured as a separated server group per data center. We're creating separated server groups per data center because we need to make some adjustments to each data center to ensure some settings. As server farms in Citrix StoreFront, we will create two farms, one per data center. Since the same applications/desktops are running in both data centers, we will see all the appliances double; this is because we're searching in two server farms. With a little adjustment from Citrix StoreFront, we will display only the primary server farm (the Citrix environment) in its own data center. This customization needs to be done on all the Citrix StoreFront servers manually.
The following configuration items will be used:
- There are two separate data centers with separate and independent XenDesktop sites on each data center: Datacenter 1, and Datacenter 2.
- There is a Citrix NetScaler Enterprise or Platinum on each data center with GSLB, where Citrix NetScaler is configured as authoritative for a GSLB subdomain.
- Three Citrix NetScaler Gateway GSLB virtual servers are configured as follows in each data center:
citrix.company.com: This is the Citrix NetScaler GSLB virtual server that provides the FQDN that users enter in their browser in order to locate their desktops or applications. This URL is configured for active/active GSLB across both datacenters. Load balancing will be based on health monitoring and fastest response time.datacenter1-citrix.company.com: This is a Citrix NetScaler Gateway virtual server that refers to the Citrix NetScaler Gateway virtual server hosted in Datacenter 1. This virtual server will be used for ICA Proxy traffic to Datacenter 1. It will be configured in an active/passive GSLB configuration, where traffic will only be routed to Datacenter 2 in the event that Datacenter 1 is inaccessible.datacenter2-citrix.company.com: This is a Citrix NetScaler Gateway virtual server that refers to the Citrix NetScaler Gateway virtual server hosted in Datacenter 2. This Citrix NetScaler Gateway virtual server will be used for ICA Proxy traffic to Datacenter 2. It will be configured in an active/passive GSLB configuration, where traffic will only be routed to Datacenter 1 in the event that Datacenter 2 is inaccessible.
- Besides the Citrix NetScaler Gateway virtual server where the user actually connects, we need an additional Citrix NetScaler Gateway virtual server in each data center. This will be used for callback authentication from Citrix StoreFront to the Citrix NetScaler Gateway. Because the callback authentication must go back to the original Citrix NetScaler Gateway, we need a separate Citrix NetScaler Gateway virtual server that will not be used in the GSLB configuration:
datacenter1-callback.company.com(Citrix NetScaler Gateway virtual server in Datacenter 1)datacenter2-callback.company.com(Citrix NetScaler Gateway virtual server in Datacenter 2)
- At least one pair of Citrix StoreFront servers at each data center:
- Multiple Citrix NetScaler load balancing virtual servers will be created to provide access to the Citrix StoreFront servers. The Citrix StoreFront load balancing virtual servers will use the other data center as a failover virtual server.
- At least one Citrix XenApp/XenDesktop site per data center.
In order to let Citrix StoreFront run in a multisite configuration, we need to adjust web.config in the C:inetpubwwwrootCitrixstorename directory, where storename is the name specified for the store when it was created.
These adjustments can't be made through the GUI because they are not implemented yet. To ensure that the user sees the published applications and desktops from only one data center, the published applications and desktops will become visible only when the primary data centers closest to the data center are not able to host Citrix XenApp/XenDesktop sessions.
Search for this code in web.config:
<resourcesWingConfigurations> <resourcesWingConfiguration name="Default" wingName="Default" /> </resourcesWingConfigurations>
Change it to the following:
<resourcesWingConfigurations>
<resourcesWingConfiguration name="Default" wingName="Default">
<userFarmMappings>
<clear />
<userFarmMapping name="user_mapping">
<groups>
<group name="domainusergroup" sid="securityidentifier" />
<group ... />
...
</groups>
<equivalentFarmSets>
<equivalentFarmSet name="setname" loadBalanceMode="{LoadBalanced | Failover}"
aggregationGroup="aggregationgroupname">
<primaryFarmRefs>
<farm name="primaryfarmname" />
</primaryFarmRefs>
<backupFarmRefs>
<farm name="backupfarmname" />
</backupFarmRefs>
</equivalentFarmSet>
</equivalentFarmSets>
</userFarmMapping>
</userFarmMappings>
</resourcesWingConfiguration>
</resourcesWingConfigurations>The new web.config contains some new features that make it possible to have a multisite configuration. The parameters that are highlighted need to be filled in and can be found here:
userFarmMapping: In this section, we can configure the users to access for this type of deployment. It controls user access to resources by using the Microsoft Active Directory user groups to the specified groups of deployments. Normally, this would be the Domain Users group.groups: This is the same asuserFarmMapping, but here the names and security identifiers (SIDs) of Active Directory user groups will be used. Make sure that the username is entered in the domain/usergroup format.equivalentFarmSet: TheequivalentFarmSetcontains the actual information that Citrix StoreFront uses to configure the multisite configuration. TheloadBalanceModedetermines the allocation of users in the deployment configuration. When the value is set toLoadBalanced, Citrix StoreFront distributes users across all the available deployments. When the value is set toFailover, users are connected to the first available deployment in the order in which they are listed in the configuration.Set the value of the
loadBalanceModeattribute toLoadBalancedto randomly assign users to deployments in the equivalent deployment set, evenly distributing users across all the available deployments. When the value of theloadBalanceModeattribute is set toFailover, users are connected to the first available deployment in the order in which they are listed in the configuration, minimizing the number of deployments in use at any given time.primaryFarmRefs: This value will contain the farm of the primary farm configured in Citrix StoreFront. The name or names that will be used as the primary farm need to exactly match the names that we entered in the Citrix StoreFront configuration.backupFarmRefs: This value contains the secondary farm configured in Citrix StoreFront. ThisbackpFarmRefsvalue will be used only when the primary farm doesn't respond anymore.
To make sure that the Citrix StoreFront server uses the Citrix NetScaler Gateway that is in the same data center, we need to configure this in the web.config configuration file. So, this configuration contains information on which Citrix NetScaler Gateway should be used closest to the Citrix StoreFront server.
Search for the following code in web.config:
<optimalGatewayForFarmsCollection />
Change it to this:
<optimalGatewayForFarmsCollection> <optimalGatewayForFarms enabledOnDirectAccess="{true | false}"> <farms> <farm name="farmname" /> </farms> <optimalGateway key="_" name="deploymentname" stasUseLoadBalancing="{true | false}" stasBypassDuration="hh:mm:ss" enableSessionReliability="{true | false}" useTwoTickets="{true | false}"> <hostnames> <add hostname="appliancefqdn:port" /> </hostnames> <staUrls> <add staUrl="https://stapath/scripts/ctxsta.dll" /> </staUrls> </optimalGateway> </optimalGatewayForFarms> <optimalGatewayForFarms> ... </optimalGatewayForFarms> </optimalGatewayForFarmsCollection>
The new web.config file contains some new features that make it possible to use the optimal Citrix NetScaler Gateway. The parameters that are highlighted need to be filled in and can be found here:
optimalGatewayForFarms: Set the value of theenabledOnDirectAccessattribute totrueto ensure that local users on the internal network log on to StoreFront directly. All the requested connections to their resources are routed through the optimal Citrix NetScaler Gateway appliance for the deployment. When the value of theenabledOnDirectAccessattribute is set tofalse, the connections to resources are not routed through the optimal Citrix NetScaler Gateway appliance unless users access StoreFront through the NetScaler Gateway.farms: This specifies the server farms that share a common optimal Citrix NetScaler Gateway appliance.optimalGateway: This specifies the configuration details of the optimal Citrix NetScaler Gateway appliance for users so as to access resources. Enter a name for the Citrix NetScaler Gateway appliance that helps you identify it.Set the value of the
stasUseLoadBalancingattribute totrueto randomly obtain session tickets from all STAs. When the value of thestasUseLoadBalancingattribute is set tofalse, users are connected to the first available STA in the order in which they are listed in the configuration. Use thestasBypassDurationattribute to set the time period for which an STA is considered unavailable after a failed request.To keep disconnected sessions open while Citrix Receiver attempts to reconnect automatically, set the value of the
enableSessionReliabilityattribute totrue. If we configure multiple STAs and want to ensure that session reliability is always available, we set the value of theuseTwoTicketsattribute totrueto obtain session tickets from two different STAs just in case one STA becomes unavailable during the session.hostnames: This specifies the fully qualified domain name and port of the optimal NetScaler Gateway appliance.staUrls: This specifies the URLs for the Citrix XenDesktop or XenApp that runs the Secure Ticket Authority (STA) in the environment. Choose the STA closest matching in the Citrix StoreFront data center.
Citrix XenApp/XenDesktop users are able to subscribe to applications that they want to see as default. These subscriptions are stored in the database on the Citrix StoreFront servers. Because we will create a server group per data center, we need to make sure that the database will be synchronized between the data centers. This synchronization will make sure that all subscribed applications are visible in all data centers.
The subscription synchronization can be configured as follows:
- Use an account with local administrator permissions, start PowerShell, and type the following commands to import the StoreFront modules:
Import-Module "C:Program FilesCitrixReceiver StoreFrontManagementCmdletsUtilsModule.psm1" Import-Module "C:Program FilesCitrixReceiver StoreFrontManagementCmdletsSubscriptionSyncModule.psm1"
- To specify the remote Citrix StoreFront deployment containing the store to be synchronized, type this command:
Add-DSSubscriptionsRemoteSyncCluster –clusterName deploymentname –clusterAddress deploymentaddress
Here,
deploymentnameis the name that helps identify the other data center, anddeploymentaddressis the accessible address of the Citrix StoreFront server or Citrix NetScaler load balancing virtual server for the other data center. - To specify the store with which to synchronize users' application subscriptions, type the following command:
Add-DSSubscriptionsRemoteSyncStore –clusterName deploymentname –storeName storename
Here,
deploymentnameis the name that helps identify the other data center, andstoreNameis the name specified for both the local and remote stores when they were created. - To configure regular synchronization at specific intervals, type this command:
Add-DSSubscriptionsSyncReoccuringSchedule –scheduleName synchronizationname –startTime hh:mm:ss -repeatMinutes interval
Here,
synchronizationnameis a name that helps identify the schedule that we're creating. Use the-startTimesetting to specify the delay in hours, minutes, and seconds before the new schedule becomes active. For the interval option, specify the time in minutes between each synchronization in therepeatMinutesvalue. - Add the domain machine accounts from all Citrix StoreFront servers in the remote deployment to the local Windows user group called
CitrixSubscriptionSyncUserson the current Citrix StoreFront server. - If the Citrix StoreFront deployment consists of multiple servers per data center, use the Citrix StoreFront management console to propagate the configuration changes to other servers in the server group.
- Repeat steps 1 to 6 on the remote StoreFront deployment to configure a subscription synchronization schedule from the remote deployment to the local deployment.
- To start synchronizing application subscriptions between the stores by restarting subscriptions, store the service on both the local and remote deployments. At a Windows PowerShell Command Prompt on a server in each deployment, type the following command:
Restart-DSSubscriptionsStoreSubscriptionService