Netscaler Knowledgebase

hi,

i have two farms, both on the same domain.  one is an existing production ps4.5 farm, and the other is a new xa6.5 farm which we intend to migrate everyone over to once uat has taken place.  i have a single instance of agee, currently configured to hit the new xa6.5 farm.  this all works.  is it possible to also use this agee instance to also provide access to the excisting ps4.5 farm?

can i just add in the sta servers for the ps4.5 farm into the agee instance, and then define a new session policy that points to a wi in the ps4.5 farm, and an authorisation policy that permits access to the ps4.5 application servers?  i would then bond this to an ad group such that when a user logs in they either get old or new dependant upon who they are.

would this work?

thanks, andy.

i'm defining the web interface within the session policy which is bound to the ad user group containing the users i want to receive that configuration....so i can differentiate the web interface the user hits by session policy / ad group membership...unless i'm missing something?

If I remember correctly the STA is used for two thing, the security token the NS uses to impersonate the user, and the token used when building the ICA file. I would aviod having a global one, in preference of having two policies of them, one for each farm.

The STA has no relationship with the farm at all, and in fact, the STA *can* be on it's own server if you want!

The STA is really no more than a cloakroom that takes your coat, and gives you a ticket... later on, anyone can swap the ticket for the coat again. You can have multiple cloakrooms (the ticket will tell you which) and as long as the redeemer knows where the cloakroom specified on the ticket is, then there's no problem :-)

Which STA servers are used depend upon which ones a specific WI defines. As long as AGEE knows about them all, all is ok. If it knows about others that are never used, then that's not a problem.


Back to the original issuse of multiple WI servers: the session policy 100% determines which WI the user goes to. The thing to remember is that there can be multiple policies that apply, and you could end up looking in the wrong place... AGEE will look at ALL applicable policies (from USER level to GLOBAL) and decide which values to use for what (binding priorities ALWAYS take precedence; after that USER has precedence over GROUP over VSERVER over GLOBAL.) Watch out: if the user is a member of more than one group, then all those group policies WILL apply (the final values for setting based upon the precedence).

So, if someone is going to the wrong WI, check which of the profiles could be forwarding to that WI: it could be as simple as the user is NOT in one of the defined groups, so is inheriting from GLOBAL.