Netscaler Knowledgebase

Configuring Web Interface for Active / Active GSLB on an AGEE Vserver

Active/Active GSLB AGEE has different characteristics than a typical Active/Active GSLB service for a web farm.  The following are a few challenges to consider when deploying an Active/Active GSLB AGEE configuration:
1.   GSLB persistence is based on the source IP address of the DNS server that queries the ADNS service on the Netscaler. 
2.   You can not control whether or not ISP’s are load balancing their DNS servers over two separate Class A subnets.
3.   To compensate for this using typical Web servers, Forward Proxy can be used.
4.   ICA does not read cookies; therefore Forward Proxy can not be used for AGEE
5.   You may also decide to use static Proximity as a "fall back method" of persistence; however, Static Proximity will still fall back to Least Loaded load balancing in the event that the Source IP is not found in the proximity database.

SOLUTION
You must use Wild Card Certificates for your AGEE site for this solution to work


The following configuration is supported by Citrix to provide an Active/Active GSLB configuration for Access Gateway Enterprise 8.0:

Active/Active GSLB DNS Settings

On both Netscalers in each site, you must create a unique FQDN that resolves to each site’s SSL VPN Vserver.  This is performed under the DNS / A records node.

For instance, if the AGEE Vserver FQDN is access.mycompany.com which resolves to 1.1.1.100 and 2.2.2.100, you will create one A Record called accessErnie.mycompany.com with an IP address of 1.1.1.100.  Then create an A Record called accessBert.mycompany.com with an IP address of 2.2.2.100. 
You must create both records on both sites. 


NOTE: these names must match the SSL Certificate tied to the SSL Vserver; therefore you must purchase a Wild Card Certificate where the Domain name of the Certificate matches the Vserver Domain name and the special Gateway Server domain names.
You could get around this limitation by purchasing a 3 separate certificates and binding three separate AGEE Vservers.

Active/Active GSLB Web Interface Integration with AGEE

Once you have the DNS names configured, you will configure the Web Interface servers in each site with a unique Gateway Server Address. 
For example, Site A’s Gateway Address will be AccessBert.mycompany.com and Site B’s Gateway Address will be AccessBert.mycompany.com

To perform these tasks, go into the AMC, right click on the Web Interface Site, choose Manage Secure client Access, and choose Edit Gateway Settings.

Here you will enter the FQDN of the Site Vserver appended with the name of the site. 
All other settings will remain the same.

Address (FQDN) = AccessBert.Mycompany.com
STA = Your STA servers

When you are finished with all servers in the first site, you will then configure the Web Interface servers in the second site the same way, however, you will append the site name of the second site to the FQDN.

Address (FQDN) = AccessEarnie.Mycompany.com
STA = Your STA servers

All other settings will mimic a typical Access Gateway configuration; however, you must also modify the hosts file of the site Web Interface to communicate to the site Virtual Server.  Note this is only important when configuring a multi-site, Source IP persistence GSLB configuration.  Editing the Hosts file prevents the Web Interface from resolving a different IP address of the AG Vserver.

#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host
2.2.2.100      FQDN of AGEE
You may also want to modify the Access Gateway’s Index.html file with the some information that will identify the site for troubleshooting reasons.  One common way of doing this is by adding text in the white space of the web site…

Add the following lines to the end of the index.html file in its respective site:
Site Ernie
<div style="color: #fff; background-color: #fff; text-shadow: 2px 2px 2px #000; font-size: 14px; padding: 10px;">Ernie</div>

Site Bert
<div style="color: #fff; background-color: #fff; text-shadow: 2px 2px 2px #000; font-size: 14px; padding: 10px;">Bert</div>