Many of our clients use NetScaler VPX in AWS primarily as a Gateway Appliance for ICA proxy connections, and load balancing Storefront and Delivery Controller Servers.

We often get questions about,

  1. How to design a Highly available NetScaler’s including across Availability Zones?
  2. Can the Solution meet organisation’s agreed RTO (Recovery Time Objective)?
  3. Can the Failover occur without any administrative effort and incurring unwanted/ additional Costs?

What are the Current options?

There are many articles and videos detailing how to install Citrix NetScaler on AWS. The following links provide some background information on Citrix NetScaler HA deployment options, and detailed configuration for three different scenarios.

https://docs.citrix.com/en-us/netscaler/11-1/deploying-vpx/install-vpx-on-aws/vpx-aws-ha.html

https://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/deployment-practices-and-guidelines-for-netscaler-amazon-web-services.pdf

Both the documents mention how to deploy NetScaler as High Availability pairs within the same Availability Zone, and how to use GSLB for different Availability Zones.

Pro’s and Cons of current options

The following table detail some of Benefits and Limitations of various options

Method  Pro’s Con’s
Manual – This requires a secondary NetScaler AMI to be configured and cutover to production. Relatively simple   to manage Internal resource in place with NetScaler knowledge
Will support an RTO of more than 15 min or more What if it happens on 2 am on Sunday?
HA – Active/Passive-Two NetScaler’s acting in an Active/Passive within the same AZ No manual intervention Secondary NetScaler running in cloud costing $$$ with no usage
The setup can’t span across AZ’s which means no HA if there is a AZ outage
GSLB – Global Server load balancing-Two NetScaler’s running either Active/Active or Active/Passive and can be across AZ’s No manual intervention and available even with one AZ outage Requires Enterprise or platinum licence which is a overkill if the NetScaler is only deployed as an ICA proxy or basic Load Balancer
ADNS needs to be configured on public DNS which may not be accepted by security team

Are there any alternate options?

So what are the options If you have a NetScaler used primarily for ICA proxy connections, can sustain an outage of few minutes, but still want to automate the HA process, without spending huge $$$ and across Availability Zone’s?

By leveraging the power of simple AWS Services like SNS, Lambda, Cloud watch and our internally developed tools, we can design and build a NetScaler’s to achieve this objective.

Contact me Kart Sankarkrishnan on my email  to discuss your current Citrix Environment and how we can assist in designing and building a highly available Citrix Environment in AWS including Citrix Cloud.