CCDE, CCENT, CCSI, Cisco Eos, Cisco Explorer, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase,
Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco TrustSec, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip
Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work,
Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; and
Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the
Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity,
Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, iLYNX, IOS, iPhone, IronPort, the
IronPort logo, Laser Link, LightStream, Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY,
PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo are
registered trademarks of Cisco and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (1002R)
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCBs public
domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler Design and Implementation Guide
Partner Access ONLY
Service Provider Segment
2015 Cisco Systems, Inc. All rights reserved.
CONTENTS
Preface
Navigator
1-1
1-1
Introduction
CHAPTER
Use Cases
1-1
1-1
2-1
2-2
Design Overview
2-4
3-1
3-2
3-4
Configuration Details
4-1
4-2
Contents
4-3
5-1
ii
Contents
Product List
A-1
APPENDIX
References
B-1
Configurations
5-6
B-1
B-1
C-1
C-1
C-8
C-41
iii
Contents
iv
Preface
Cisco Application Centric Infrastructure (ACI) and Citrix NetScaler SDX appliances can deliver
application and business agility.
Cisco ACI and Citrix NetScaler enable data center and cloud administrators to holistically control L2-L7
network services in a unified manner via seamless insertion and automation of NetScaler services in data
centers built with ACI architectures. NetScaler leverages the Cisco APIC (Application Policy
Infrastructure Controller) to automate provisioning based on application needs.
This document is based on the foundation of the Cisco Intercloud Data Center ACI 1.0 Implementation
Guide.
Note
Navigator
This Cisco Validated Design (system solution) documents the necessary topology, configuration steps,
and reference materials needed to implement and integrate the Citrix NetScaler SDX appliance into the
ACI fabric to support deployments of Microsoft SharePoint Server 2013.
Preface
Use Cases/Services/Deployment Models
CH A P T E R
Introduction
Microsoft SharePoint Server 2013 is an innovative way for employee teams to work together. It
allows enterprises to create a secure mechanism for teams to store, organize, share, and access
information. Documents can be downloaded, edited, and then re-uploaded for continued sharing.
SharePoint simplifies how companies can manage information, project teams, and assignments across
the organization.
For enterprise IT organizations, delivering Microsoft SharePoint Server 2013 via a cloud services
deployment model can yield compelling business benefits: greater business agility, faster provisioning,
and efficiencies that can reduce costs. To help IT organizations realize these goals, Cisco and Citrix offer
leading-edge technologies and a validated reference architecture that can transform SharePoint
implementations into secure, scalable, and dynamic cloud services.
Cisco Application Centric Infrastructure (ACI) technology takes advantage of software defined
networking (SDN) concepts, using a centralized policy controller to configure, deploy and manage
infrastructure and networking resources. To apply ACI policies to network services, this system solution
incorporates Citrix NetScaler, an Application Delivery Controller (ADC) that intelligently directs
application traffic between the Cisco ACI fabric and available infrastructure components. The
combination of these technologies yields an enterprise-ready cloud services model for resilient, secure,
and responsive SharePoint collaborative services.
This system solution describes how to configure Citrix NetScaler within the ACI fabric in an optimized
deployment for SharePoint Server 2013.
1-1
Chapter 1
Introduction
1-2
CH A P T E R
Use Cases
Two categorical use cases are presented in defining this system solution:
2-1
Chapter 2
Use Cases
NetScaler Services
NetScaler instances in this system solution are specifically configured to perform these operations:
Load balancing of web traffic using load-balancing virtual IPs (LB VIPs). NetScaler instances
perform Layer 4 (TCP and UDP) through Layer 7 (FTP, HTTP, and HTTPS) traffic management and
load balancing.
SSL offloading using built-in NetScaler hardware acceleration. In this system solution, SSL
offloading is performed for generic traffic as well as for SharePoint web traffic.
Content (or Layer 7) switching for SharePoint web and Database traffic. Content switching provides
fast packet switching based on application-specific information (such as a URL, a cookie, or an SSL
session ID). In this deployment, content switching allows traffic to be directed to different
2-2
Chapter 2
Use Cases
Technology Use Cases
SharePoint or SQL servers based on application layer criteria. The packet is forwarded from a
Content Switching (CS) VIP to an LB VIP and in this way load-balanced across SharePoint or SQL
servers in the farm.
Layer 7 application firewall for SharePoint web traffic. This is in addition to the ACI fabrics
firewall capabilitiesACI acts inherently as a network firewall since it allows only configured
traffic to pass between fabric endpoints. (By default, communication between endpoints is denied.
ACI policies define the TCP/UDP ports that are opened to allow communication between
endpoints.) NetScaler devices provide complementary firewall capabilities at the application layer.
Global server load balancing (GSLB). GSLB extends the concept of load balancing across the
end-to-end enterprise, distributing client requests across multiple data centers based on proximity,
load, or availability. In this way, the NetScaler instances improve response time and support disaster
recovery for SharePoint services.
The Cisco Application Policy Infrastructure Controller (APIC) provides an intuitive and easy
configuration process, allowing NetScaler functions to be intelligently chained together (such as the
combination of content switching, SSL offloading, and load balancing for SharePoint client
requests). APIC uses the concept of a service graph to represent the sequence of traffic management
functions. As shown in later configuration procedures, service graphs (and associated Layer 4 to
Layer 7 parameters) for NetScaler functions can be defined in APIC using the graphical user
interface (GUI) or Python-interpreted XML files.
APIC also supplies comprehensive management visibility into the fabric and NetScaler operations.
It supplies a centralized view of configuration parameters as well as the ability to manage and
observe traffic, events, and performance.
An overview describing the integration of Cisco ACI and Citrix NetScaler technologies is available in
the architecture guide, Implementing Cisco Application Centric Infrastructure with Citrix NetScaler
Application Delivery Controllers.
Enabling high availability and failover for SharePoint services and associated databases
2-3
Chapter 2
Use Cases
NetScaler enables application-layer protections, including a full-featured application firewall, data loss
protection, and countermeasures for thwarting denial-of-service (DoS) and other Layer 7 attacks. Layer
7 application firewall (AppFW) capabilities examine bi-directional traffic, including SSL-encrypted
packets, to safeguard against a range of security threats. At the application layer NetScaler can also
perform HTTP protocol validation to protect against DoS attacks.
NetScaler also incorporates several network and infrastructure-oriented security capabilities, including
SSL-based encryption, DNS security, and Layer 4 attack protection. To protect against Layer 4 DoS
attacks, NetScaler controls the allocation of back-end resources until it establishes a legitimate client
connection and a valid request has been received.
For SharePoint traffic, SSL offloading can be applied pervasively beyond HTTPS. A simple SSL
offloading scheme decrypts SSL records in HTTPS and then forwards HTTP traffic in clear text to
back-end web servers. To safeguard against HTTP compromise, an end-to-end SSL offloading approach
applies SSL offloading to re-encrypt the clear text for communications with the back-end web servers.
To facilitate fast SSL operations, NetScaler supports both 2048 and 4096 bit keys in hardware.
In addition to load balancing internal DNS servers, NetScaler can also be configured to operate as an
authoritative DNS (ADNS) server to directly handle name and IP resolution requests. This capability can
be implemented in conjunction with GSLB to balance load across multiple data centers that support
SharePoint Server 2013.
2-4
Chapter 2
Use Cases
Technology Use Cases
NetScaler load balancing promotes high availability for on-demand SharePoint services. Within a single
data center, if a SharePoint server in the farm or an SQL Server is unavailable, the NetScaler instance
will direct application requests to the remaining servers. Across multiple enterprise data centers,
NetScaler GSLB functionality can be configured to distribute SharePoint client requests across data
centers. Various criteria for GSLB distribution can be used, such as least connection, static proximity,
or dynamic proximity. If a link to a data center goes down, NetScaler can redirect traffic to an available
data center.
This system solution includes configuration details deploying NetScalers in the ACI fabric to achieve a
resilient SharePoint deployment. Later sections cover how to configure NetScaler instances from APIC
to optimize application service levels and enable service failover.
2-5
Chapter 2
Use Cases
2-6
CH A P T E R
Design Overview
The following sections emphasize system solution design considerations.
Spine Switches
Leaf Switches
Controllers
298795
Layer 4 Through
Layer 7 Services
3-1
Chapter 3
Design Overview
The main benefits of using a Cisco ACI fabric to provision Layer 4 through Layer 7 services include:
Single point of provisioning through the GUI, the Representational State Transfer (REST) API, or
Python scripts
Powerful scripting and programming environment with a Python software development kit (SDK)
Capability to add and remove workloads from the load balancers or firewall configurations without
human intervention
Capability to create a logical flow of functions instead of just a sequence of Layer 4 through Layer
7 devices
One of Cisco ACIs several innovations in the area of service insertion is that Cisco ACI allows you to
concatenate functions offered by individual Layer 4 through Layer 7 devices instead of simply
connecting discrete boxes in sequence.
298796
Figure 3-2
Each NetScaler VPX instance runs as a separate virtual machine with its own dedicated NetScaler
kernel, CPU resources, memory, address space, and bandwidth allocations. Network I/O is done in a way
that not only maintains aggregate system performance but also enables complete segregation of each
tenant's data and management-plane traffic.
3-2
Chapter 3
Design Overview
Cisco Intercloud DC ACI 1.0 Architecture
NetScaler VPX features include Layer 4 through Layer 7 traffic management (L4 load balancing, L7
content switching, database load balancing), application acceleration, application security/firewall, and
network integration.
The NetScaler SDX appliance is equipped with 10 Gbps Ethernet (10GE) and 1 Gbps Ethernet (1GE)
portsthe type and number of ports varies according to the specific NetScaler SDX model. The
connections can form an EtherChannel bundle that is desirable for an appliance-based service design in
the Cisco InterCloud Data Center ACI architecture.
This system solution uses the NetScaler SDX 11542 that features eight 10GE ports and four 1GE ports
(fiber or copper). This model has 16 SSL cores to accelerate SSL encryption and decryption offloading
in hardware. The NetScaler SDX 11542 can support up to 20 NetScaler virtual instances. On this
NetScaler SDX model, pay-as-you-grow licensing delivers from 15 Gbps at the entry level and up to 42
Gbps at the highest level for HTTP traffic with a single instance.
Redhat
Provider Clouds
Cisco Intercloud
Fabric for Business
Cisco Intercloud
Fabric for
Providers
Cisco Intercloud
Ecosystem
Cisco Intercloud
Fabric for
Providers
Cisco Powered
Services and Cloud
Providers
Secure Cloud
Extension
Azure APIs
Microsoft Azure
EC2 APIs
Amazon
Web Services
Network, Compute,
and Storage
298797
Figure 3-3
3-3
Chapter 3
Design Overview
Cisco Intercloud Fabric for Provider is a multi-tenant software appliance that is installed and managed
by the cloud providers that are part of the Intercloud Fabric ecosystem. This virtual appliance creates
Cloud API uniformity across different cloud providers and abstracts the complexity of supporting
heterogeneous Cloud APIs. In the future Intercloud Fabric for Provider will help to build Cisco
infrastructure-specific differentiation for all Cisco Powered Cloud Providers.
Cisco Intercloud Fabric gives customers multiple choices of cloud providers, including the ecosystem
of Cisco Powered Cloud Providers and the hyper scale public clouds such as Amazon EC2 and Microsoft
Azure. Cisco believes that business customers also want choices of hypervisors for their virtualized
environment, so it is important for the solution that enables hybrid cloud to be hypervisor-agnostic. The
scenario with multiple choices of hypervisors on premises and off premises can make workload mobility
and portability difficult, but Cisco Intercloud Fabric resolves this problem and makes this transparent
for customers, allowing workloads to be moved to multiple clouds and back to the enterprise.
In summary, Cisco Intercloud Fabric aims to provide greater agility in response to business needs and
addresses many potential challenges for hybrid cloud deployments. Benefits include:
Consistent operations and workload portability across clouds. Cisco Intercloud Fabric delivers
unified hybrid cloud management for end users and IT administrators, enabling workload mobility
to and from service provider clouds for physical and virtual workloads.
To protect critical business assets and meet compliance requirements, Cisco Intercloud Fabric
provides highly secure, scalable connectivity to extend private clouds to service provider clouds.
A single point of management and control for physical and virtual workloads
Cisco Intercloud DC ACI 1.0 Architecture with Silver Cloud Consumer Model
The Cisco Intercloud DC ACI 1.0 architecture with the Silver cloud consumer model is defined by
describing the container and its layout.
3-4
Chapter 3
Design Overview
Solution Topology and Design Principles
Figure 3-4
Internet
Loopback Interface
QFP
QFP
ASR 1000
Loopback Interface
Border Leaf - 1
Border Leaf - 2
Loopback Interface
ACI Fabric
Access Leaf - 1
Access Leaf - 2
NetScaler
HA-Pair
UCS Chassis
SLB
APP
OS
Database
APP
OS
APP
OS
Database VMs
298794
VIP - Web
VIP - App and DB
SNIP
Each tenant can host different applications based on customer requirements. This may require a number
of application tiers of virtual machines (VMs) to be implemented such as web, application, and database.
In the implementation guide, the Silver Tenant Container is defined with three application tiers. Each
tier has a unique VLAN assigned and hosts web, application and database services. The Silver Tenant
also provides load-balancing services for the application tiers using Citrix NetScaler SDX appliances.
The SDX units are deployed in a physical 1-arm mode but in a logical 2-arm mode. This section covers
the following topics:
Physical Topology
Logical Topology
Tenant Construction
Physical Topology
Figure 3-5 shows the Silver tenant physical topology. Tiers hosting applications are deployed on Cisco
UCS B-Series Servers. NetScaler VPX instances are deployed on NetScaler SDX appliances. Cisco ASR
1000 Series Routers (specifically ASR 1004s) provide external connectivity to the applications.
3-5
Chapter 3
Design Overview
Figure 3-5
APIC1
APIC3
UCS-6296-FI-A
UCS-6296-FI-B
Leaf1
Leaf2
Spine1
Spine2
NetScaler SDX
NetScaler SDX
Netapp
FAS3200
Series
APIC2
Leaf4
QFP
QFP
ASR 1000
ASR 1000
298790
Leaf3
Logical Topology
In this section, the physical topology is translated into a logical layout. Figure 3-6 shows how the Silver
container is constructed logically. The logical topology can be divided into two sections: first, ACI
Fabric to Application Servers; and second, ACI Fabric to the Internet.
3-6
Chapter 3
Design Overview
Solution Topology and Design Principles
Figure 3-6
Internet
Loopback Interface
QFP
QFP
ASR 1000
Loopback Interface
Border Leaf - 1
Border Leaf - 2
Loopback Interface
ACI Fabric
Access Leaf - 1
Access Leaf - 2
NetScaler
HA-Pair
UCS Chassis
SLB
APP
OS
Database
APP
OS
APP
OS
Database VMs
298794
VIP - Web
VIP - App and DB
SNIP
A unique VRF is assigned to each Silver Tenant which is defined in the access leafs in the fabric. Each
of the application tier and load balancers is assigned a specific VLAN, which are a part of the VRF
assigned to the Silver Tenant. The fabric serves as the default gateway for each of the tiers and the
NetScalers. In this document, a single EPG is used to host a tier that serves web and database
functionality.
With the ACI Fabric being the default gateway, it has the capability to route packets from one tier to
another for both load balanced and non-load balanced flow. For external connectivity two leafs in the
fabric are used as border leafs to connect to ASR 1000 routers using port channels. Switched virtual
interfaces (SVI) are configured on the leaf switches and static routes help to route the packets to the edge
router. Interior BGP (IBGP) is configured between the two devices to advertise the routes for traffic to
reach the application tiers. Loopback interfaces are configured for the same.
3-7
Chapter 3
Design Overview
Figure 3-7
Silver TenantAPIC
QFP
ASR 1000
Port-channel
VRF net01
HTTP
HTTPS
contract
contract
DNS
MSSQL
MEP
ICMP
ICMP
EPG: epg01
Bridge Domain:
slb_bd
Bridge Domain:
bd02
EPG: epg02
contract
Consumer
Provider
298793
Bridge Domain:
bd01
3-8
CH A P T E R
Configuration Details
In the Cisco ACI policy model, administrators define service graphs for Layer 4 through Layer 7
networking functions such as traffic filtering, load balancing, and SSL offloading. ACI service graphs
define which functions are performed on traffic between different endpoint groups (EPGs). The
functions are independent of the underlying devices that perform the actual task. ACI renders the
specified functions in the graph on available devices within the fabricin this case on the NetScaler
Application Delivery Controllers. In this way, ACI applies NetScaler resources to govern traffic as
prescribed between one EPG and another.
This section describes prerequisites and configuration procedures necessary to optimize ACI-NetScaler
deployments. It describes how to:
The Cisco Application Policy Infrastructure Controller (APIC) is used to initialize and control NetScaler
configurationsit pushes configuration settings to the NetScaler instances. Administrators can use the
APIC graphical user interface (GUI) or XML files to define NetScaler configuration settings. The steps
here show both APIC GUI screen captures as well as excerpts from relevant XML files. Appendix C,
Configurations includes more complete XML listings used to configure this system solution
environment.
4-1
Chapter 4
Configuration Details
4-2
Chapter 4
Configuration Details
Prerequisites and Initial Provisioning
From the standpoint of traffic flow, client requests destined for a web server in the server farm pass first
to a virtual IP address (VIP) in a NetScaler VPX instance. After the NetScaler processes the request, it
is forwarded through the same interface to the gateway on the private network. The ACI fabric then
redirects the packet to the appropriate web server on one of the private VLANs. The return traffic from
servers is routed back to NetScaler instances and from NetScaler instances to clients. The traffic is
routed inside the data center using static routes.
Multiple virtual NetScaler VPX instances can be configured on each NetScaler SDX appliance. To
support NetScaler failover within a data center, a VPX instance on two NetScaler SDX appliances is
configured into High Availability (HA) Active/Standby mode. A heartbeat is used between the VPX
instances to determine if a NetScaler instance failure occurs. To support Disaster Recovery scenarios,
NetScaler GSLB capabilities also can be implemented across multiple data centers (Figure 4-1).
Figure 4-1
Logical View of the Network Topology for GSLB Across Two Data Centers
DNS
Server
Client_1
v91
v93
Internet
Silver Tenant
ASR 1000
Silver Tenant
ASR 1000
Client_2
Catalyst 4948
ACI
Fabric
Web
VM
App
VM
SDX
SDX
v1101,
v101-v102
v1201,
v121-v122
dB
VM
Data Center 1
AD
VM
Web
VM
FI
v92
DNS
Server
App
VM
dB
VM
AD
VM
Data Center 2
v221-v223
(10.2.[1-3].0/24)
298789
FI
v92
4-3
Chapter 4
Configuration Details
Figure 4-2
By editing each NetScaler VPX instance in the pane above, the administrator can configure VPX
instances with the required L2-L3 network settings. Figure 4-3 shows the configuration settings for the
first NetScaler VPX instance, SilverTenant1_SDX-A_VPX-1.
4-4
Chapter 4
Configuration Details
Prerequisites and Initial Provisioning
Figure 4-3
4-5
Chapter 4
Configuration Details
For general or non-SharePoint traffic, the NetScaler VPX instances are configured to perform Load
Balancing and SSL Offloading. Third party traffic generators were used to simulate traffic on the
fabric to represent an actual deployment.
For SharePoint client requests, the NetScaler VPX instances support multiple network services:
Content Switching with SSL offloading and Load Balancing for web traffic; Content Switching and
Load Balancing for Database traffic (Microsoft SQL Server 2012); Application Firewall; and Global
Server Load Balancing (GSLB). Real client Windows 7 machines were used to access the
SharePoint Content Switching VIP. All servers in the SharePoint farm were configured with two
sites: Engineering and Marketing.
The NetScaler instances process these two categories of traffic according to Layer 4 through Layer 7
parameters configured in APIC service graphs. When the service graphs are deployed from APIC, the
NetScaler VPX instances are configured to apply the appropriate network services to ACI fabric traffic.
Table 4-1 summarizes many of the system solution implementation settings for configuring NetScaler in
a SharePoint deployment. The configuration defines SNIP addresses (used as source NAT) for NetScaler
to open new connections to the backend servers.
The settings below reflect the system solution implementation in one of two data centers (settings for
the second data center would be similar).
Table 4-1
Category
Description
Details
Device Package
Supports
ACI-NetScaler
communication
Cluster Definition
Concrete Device 1
Concrete Device 2
Device Cluster
192.168.114.110 (SNIP)
Interfaces
L2 Configuration
VLAN bindings
4-6
Chapter 4
Configuration Details
Configuring ACI and NetScaler for a SharePoint Deployment
Table 4-1
Category
Description
Details
L3 Configuration
SNIPs
Static routes
- 0.0.0.0/0
gw: 101.16.1.1
NetScaler Load
Balancing (LB)
Virtual IPs (VIPs)
NetScaler Content
Switching (CS)
Virtual IPs (VIPs)
Certain configuration procedures are required to apply NetScaler network services to SharePoint traffic
on the ACI fabric. The remainder of this chapter describes the procedures used to create the
ACI-NetScaler system solution environment:
Define Citrix NetScaler as a L4-L7 device by importing the NetScaler Device Package
Configuring service graphs with L4-L7 service parameters for NetScaler instances
Configuring a contract
Deploying the service graphs by attaching them to the contract. This process pushes the defined
APIC configurations to the NetScaler instances.
For detailed information about ACI and NetScaler configuration procedures, refer to these documents:
4-7
Chapter 4
Configuration Details
From L4-L7 Services, select the Packages option and click on L4-L7 Service Device Type. Click on
Actions. Select the action to import a device package into one of the APIC cluster controllers.
Step 2
Specify the NetScaler Device Package to be imported. For this system solution, version 1.0 of the
NetScaler Device Package (NetScaler Release 10.5-54.2) was installed.
The service functions enabled through the NetScaler Device Package are listed under L4-L7 Service
Functions in the APIC GUI. The interface labels (e.g., inside, mgmt, and outside) are mapped to
the physical interfaces on the NetScaler device.
4-8
Chapter 4
Configuration Details
Configuring ACI and NetScaler for a SharePoint Deployment
Download the NetScaler Device Package file from the Citrix web site to the local management machine.
Step 2
Transfer this file to one of the APIC controllers under the directory /home/admin.
Step 3
On APIC, execute the following command to install the NetScaler Device Package.
admin@apic:~> services install DevicePackage-1.0-10.5-54.2.zip
Navigate to the Tenant tab and select the appropriate tenant name. Navigate to the L4-L7 Services tab.
Right click on L4-L7 Devices and select Create L4-L7 Devices.
Step 2
Under the General tab enter the name for the logical device.
a.
Select the device package from the drop-down. Set the mode to HA Cluster.
b.
In the Credentials section, enter the access credentials used by APIC to log into NetScaler device
cluster (VPX instances).
c.
For concrete device configuration, provide the Management IP Address and Management Port.
Click VPC as the connection.
d.
Under Physical Interfaces, click + to add the physical (concrete) device in each case. The data
interface LA/1 is used for data plane communication. Since NetScaler physical deployment is in
one-arm mode, the same interface is used as both provider and consumer.
4-9
Chapter 4
Configuration Details
Step 3
Select the Parameters tab. Configure the required NetScaler modes and features:
a.
Enable modes FR, Edge, USNIP, and PMTUD, and disable modes L3.
b.
Enable features WL, SP, LB, CS, SSL, GSLB, AppFw, and RESPONDER.
Other parameters can be configured at this point as appropriate for requirements. The captures below
depict many of the configured parameters for this system solution.
4-10
Chapter 4
Configuration Details
Configuring ACI and NetScaler for a SharePoint Deployment
Step 4
4-11
Chapter 4
Configuration Details
</vnsCDev>
</vnsLDevVip>
</fvTenant>
</polUni>
For the Silver Tenant, select Application Profiles from the Navigation Pane to begin profile
configuration. Under Application Profiles, click right and choose Create Application Profile.
Complete the fields in the dialog box to create the profile Web1-AppProfile.
Step 2
Under the profile Web1-AppProfile, select Application EPGs. Right click and choose Create
Application EPGs. Complete the fields in the dialog box to define the EPG named Web1-EPG. Refer
to the Cisco Intercloud Data Center ACI 1.0 Implementation Guide for APIC GUI specifics. The client
endpoints for Web1-EPG are defined.
4-12
Chapter 4
Configuration Details
Configuring ACI and NetScaler for a SharePoint Deployment
4-13
Chapter 4
Configuration Details
Consumer
Consumer
Function Node
Load Balance
Function Node
Content Switching
Function Node
Load Balancer
Provider
Provider
298798
Figure 4-4
The procedures in this section define service graphs that are applied to general load-balanced traffic on
the ACI fabric as well as service graphs that are applied to SharePoint traffic. Service graphs for general
traffic include network services for Load Balancing (LB1) and SSL Offloading (SSL1). These service
graphs configure NetScaler instances to process non-SharePoint traffic on the fabric.
Additional service graphs support application requirements specific to SharePoint: Content Switching
and SSL Offloading for SharePoint web traffic, Content Switching for database traffic, Application
Firewall, and Global Server Load Balancing.
Procedures for creating service graphs are documented in the Cisco Intercloud Data Center ACI 1.0
Implementation Guide, Chapter 9 (Service Graph Configuration). There are multiple ways to build out
service graphs. In this system solution, the administrator used the following approaches:
Create a service graph template, which creates a service graph, and then later on set L4-L7 service
parameters for the graph.
Create the service graph template, specifying parameters during the creation process. Its possible
to edit L4-L7 service parameters in the process of creating the template.
For most of the NetScaler network services defined for this system solution, the first approach the
two-step process of building the graph from a template and subsequently setting parameterswas the
technique used. Some of the XML files for this system solution create a service graph and set parameters
at the same time.
On the navigation pane, click on L4-L7 Services > Service Graph Templates. Click right and select
Create L4-L7 Service Graph Template. A dialog box appears to create the template. (Refer to the
video Cisco APICCreating an L4-L7 Service Graph Template and the Cisco APIC Layer 4 to Layer 7
Services Deployment Guide.)
Step 2
Complete the dialog to define the template. Enter the template name (WebGraph) and the type (e.g.,
Single NodeADC in Two-Arm Mode) from the drop-down list. In the ADC window, select the device
function Citrix-NetScaler-1.0\LoadBalancing from the drop-down list. (APIC knows about NetScaler
devices and device functions from the device package that was previously imported.) Choose the
function profile from the drop-down list and click Submit. Below, the created template WebGraph (in
Web1-EPG) defines a load balancer in two-arm mode configured between a Provider and Consumer.
4-14
Chapter 4
Configuration Details
Configuring ACI and NetScaler for a SharePoint Deployment
Step 3
Creating the template also creates a corresponding service graph. The topology graph for Load
Balancing is shown below.
Step 4
Repeat Steps 1 to 3 to create templates and service graphs for other NetScaler services. This system
solution constructed the following templates and service graphs, as shown:
4-15
Chapter 4
Configuration Details
Global Server Load Balancing (WebGraph_ CS_GSLB_ 1 and WebGraph_ CS_GSLB_ ADNS)
4-16
Chapter 4
Configuration Details
Configuring ACI and NetScaler for a SharePoint Deployment
</vnsAbsNode>
<vnsAbsTermNodeCon name="Output1">
<vnsAbsTermConn name="C6">
</vnsAbsTermConn>
</vnsAbsTermNodeCon>
<vnsAbsConnection name="CON1" adjType="L3">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph/AbsTermNodeCon-Output1/AbsTConn"/>
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph/AbsNode-LB1/AbsFConn-outside"/>
</vnsAbsConnection>
<vnsAbsConnection name="CON2">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph/AbsNode-LB1/AbsFConn-inside"/>
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph/AbsTermNodeProv-Input1/AbsTConn"/>
</vnsAbsConnection>
</vnsAbsGraph>
</fvTenant>
</polUni>
4-17
Chapter 4
Configuration Details
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl/AbsTermNodeCon-Output1/AbsTConn"/>
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl/AbsNode-CS_SSL_1/AbsFConn-outside"/>
</vnsAbsConnection>
<vnsAbsConnection name="CON2">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl/AbsNode-CS_SSL_1/AbsFConn-inside"/>
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl/AbsTermNodeProv-Input1/AbsTConn"/>
</vnsAbsConnection>
</vnsAbsGraph>
</fvTenant>
</polUni>
Appendix C, Configurations contains additional XML files that configure NetScaler service graphs
for SharePoint traffic.
Note
CreateServiceGraphWithParams_SP_cs_DB_1.xml and
CreateServiceGraphWithParams_SP_cs_DB_2.xmlThese files create service graphs
(WebGraph_CS_DB and WebGraph_CS_DB_2) as well as configure L4-L7 service parameters for
Content Switching for Database (Microsoft SQL Server 2012). Configuring Content Switching for
Database is a two-step process that requires two files. The second file configures additional settings
(such as defining a user) for Database processing.
CreateServiceGraphWithParams_SP_GSLB_1.xml and
CreateServiceGraphWithParams_SP_GSLB_2.xmlThese files create service graphs
(WebGraph_CS_GSLB_1) and set L4-L7 parameters for Global Server Load Balancing.
Configuring GSLB is a two-step process that requires two files. The second file configures
additional settings for GSLB.
Some NetScaler service functions above (such as Content Switching with SSL Offloading, Database,
and GSLB) require multiple XML files to configure the service. This is sometimes necessary so that
APIC can properly sequence certain parameter settings or operations.
4-18
Chapter 4
Configuration Details
Configuring ACI and NetScaler for a SharePoint Deployment
Figure 4-5
L4-L7 Service Parameters Set at EPG Level for NetScaler Service Graphs
Using the APIC GUI to Configure L4-L7 Service Parameters for Generic LB Traffic
Step 1
In the navigation pane under the application profile, press + to expand the EPG Web1-EPG and select
L4-L7 Service Parameters. Right click and choose Create L4-L7 Service Parameters. Click on the
edit icon to configure the L4-L7 service parameters. Specify the service graph to be created and the
function node name (e.g., Load Balancing). Specify parameters under Config Device and Config
Function. (Refer to the Cisco Intercloud Data Center ACI 1.0 Implementation Guide for APIC GUI
specifics and detailed instructions.) For generic load balancing (HTTP, TCP, and DNS), L4-L7 service
parameters are configured for the service graph WebGraph.
4-19
Chapter 4
Configuration Details
Step 2
Repeat the process to configure L4-L7 service parameters for generic SSL offloading. The configured
parameters for the service graph WebGraph_ssl are shown.
4-20
Chapter 4
Configuration Details
Configuring ACI and NetScaler for a SharePoint Deployment
4-21
Chapter 4
Configuration Details
Appendix C, Configurations contains the complete XML listing. It also includes the XML file CreateServiceGraph_lb_ssl.xml. This file creates the service graph WebGraph_ssl and configures L4-L7
service parameters for the graph. In the following excerpt, the service graph is configured to apply SSL
Offloading to web traffic:
<!-- excerpt from CreateServiceGraph_lb_ssl.xml -->
<fvAp dn="uni/tn-silverTenant1/ap-Web1-AppProfile" name="Web1-AppProfile">
<!-- EPG 1 -->
<fvAEPg dn="uni/tn-silverTenant1/ap-Web1-AppProfile/epg-Web1-EPG"
name="Web1-EPG">
<fvRsBd tnFvBDName="silverTenant1-BD1" />
<fvRsProv tnVzBrCPName="webCtrct1"></fvRsProv>
. . .
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver" name="vip-tg-104_lb">
<vnsParamInst name="name" key="name" value="vip-tg-104"/>
<vnsParamInst name="ipv46" key="ipv46" value="101.16.1.104"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding" name="service-tg-31">
<vnsCfgRelInst key="servicename" name="service-tg-31"
targetName="service-tg-31"/>
</vnsFolderInst>
. . .
Using the APIC GUI to Configure L4-L7 Service Parameters for SharePoint Traffic
Perform the following procedure to configure L4-L7 service parameters for SharePoint traffic.
Step 1
Repeat the APIC GUI steps to configure the profile and EPG L4-L7 service parameters for graphs that
will be applied to SharePoint traffic. In the navigation pane, press + to expand EPG Web1-EPG and
select L4-L7 Service Parameters. Right click and choose Create L4-L7 Service Parameters.
Step 2
Click on the edit icon to configure the L4-L7 service parameters and create the service graph
WebGraph_cs_ssl for Content Switching.
4-22
Chapter 4
Configuration Details
Configuring ACI and NetScaler for a SharePoint Deployment
Step 3
Repeat the steps to configure L4-L7 service parameters and create the service graph
WebGraph_cs_ssl_2 for the combination of Content Switching with SSL Offloading. Configuring
Content Switching with SSL Offloading is a two-step process.
Step 4
Click on the edit icon to configure the L4-L7 service parameters and create the service graph
WebGraph_CS_DB for Database Content Switching. Repeat the process to create the service graph
WebGraph_CS_DB_2 for Database Content Switching, Configuring Database Content Switching is a
two-step process.
4-23
Chapter 4
Configuration Details
Step 5
Before configuring and applying L4-L7 parameters to NetScaler instances to provide Application
Firewall (AppFW) protection against known SharePoint attack vectors, it is necessary to configure
NetScaler instances out-of-band with a SharePoint signature file. Using a Citrix account, obtain the
signature file for the NetScaler 10.5 release (sig-r10.5b0v8s5.xml) from the site:
https://www.citrix.com/downloads/netscaler-adc/components/application-signature-protection-for-appl
ication-firewall.html. (For this system solution, the file was customized and renamed
mssharepoint.xml.)
Step 6
Use the NetScaler command line interface on the management plane to import the mssharepoint.xml
signature file from a web server:
import appfw signatures http://10.1.1.101/mssharepoint/mssharepoint.xml
mssharepoint
Step 7
After the signature file has been imported out-of-band, configure L4-L7 service parameters for a service
graph that applies AppFW services to SharePoint traffic. Click on the edit icon to configure the L4-L7
service parameters and create the service graph WebGraph_CS_AppFW_1 for Application Firewall.
Step 8
Under L4-L7 Service Parameters, right click and choose Create L4-L7 Service Parameters. Click on
the edit icon to configure L4-L7 service parameters for GSLB and GSLB_ADNS. Create the service
graphs WebGraph_CS_GSLB_1 and WebGraph_CS_GSLB_ADNS for GSLB and GSLB_adns
repectively. Configuring GSLB is a two-step process.
4-24
Chapter 4
Configuration Details
Configuring ACI and NetScaler for a SharePoint Deployment
Appendix C, Configurations includes other XML files that configure L4-L7 service parameters for
service graphs that will be deployed to NetScaler instances to manage SharePoint traffic:
Note
CreateServiceGraphWithParams_SP_cs_DB_1.xml and
CreateServiceGraphWithParams_SP_cs_DB_2.xmlThese files create service graphs as well as
configure L4-L7 service parameters for Content Switching for Database (Microsoft SQL Server
2012). Configuring Content Switching for Database is a two-step process that requires two files.
CreateServiceGraphWithParams_SP_GSLB_1.xml and
CreateServiceGraphWithParams_SP_GSLB_2.xmlThese files create service graphs as well as
configure L4-L7 service parameters for GSLB_adns and GSLB. Configuring GSLB is a two-step
process.
ConfigParameters_SP_GSLB_DynamicProx.xml,
ConfigParameters_SP_GSLB_StaticProx.xml,
ConfigParameters_SP_GSLB_LeastConn.xmlThese files configure L4-L7 service parameters,
specifically the distribution algorithm for GSLB.
Some NetScaler service functions above (such as Content Switching with SSL Offloading, Database,
and GSLB) require multiple XML files to configure service graph parameters. This is necessary so that
APIC can set parameters properly in a sequence of operations.
Configuring a Contract
A contract contains all of the filters that will be applied between provider and consumer endpoint groups
(EPGs). It restricts the protocols and ports on which a provider and consumer are allowed to communicate, enabling access control for greater security.
In the Navigation pane, expand the tenant for which you want to configure a contract. Under Security
Policies, select Contracts. Click right and choose Create Contract. In this system solution, the
administrator creates a contract called webCtrct1.
4-25
Chapter 4
Configuration Details
Step 2
Select the contract webCtrct1 in the Navigation pane, and click + to expand the contract and view the
list of contract subjects.
Step 3
Select the contract subject http. Under Filters, click + to create a filter acl_lb_generic for the contract
subject http. Complete the fields in the Create Filter dialog box that appears.
4-26
Chapter 4
Configuration Details
Configuring ACI and NetScaler for a SharePoint Deployment
Step 4
Select the contract subject CS_SSL_1. Under Filters, click + to create a filter acl_cs_sharepoint.
Step 5
Select each of contract subjects and assign the appropriate filter to each. Assign the filter acl_lb_generic
for the contract subjects that perform load balancing of generic traffic (http and https). Assign the filter
acl_cs_sharepoint to CS_SSL_1 (as shown below) and to the other contract subjects that process
SharePoint traffic (CS_AppFW1, CS_DB_1, CS_DB_2, CS_SSL_2, GSLB_1, and GSLB_ADNS).
4-27
Chapter 4
Configuration Details
Appendix C, Configurations lists the XML file CreateContract_lb_ssl.xml that assigns the filter
acl_lb_generic to the contract webCtrct1 for HTTPS traffic. (In this system solution, the administrator
used the APIC GUI to create the filter acl_cs_sharepoint and assign to SharePoint traffic.)
4-28
Chapter 4
Configuration Details
Configuring ACI and NetScaler for a SharePoint Deployment
Under the Silver Tenants Security Policies, expand Contracts. Select the contract to attach to a service
graph. Select the subject, which is the service graph to be deployed to the NetScaler instances. Repeat
this process for each of the NetScaler service graphs to attach them to the contract. When complete, click
Submit to deploy the service graph configurations to the NetScaler instances.
Step 2
Select Deployed Graph Instances in the navigation pane. After graphs are deployed successfully,
corresponding entries should appear.
4-29
Chapter 4
Configuration Details
Step 3
Select Deployed Devices in the navigation pane. The device configuration is displayed, as shown.
4-30
Chapter 4
Configuration Details
Configuring ACI and NetScaler for a SharePoint Deployment
4-31
Chapter 4
Configuration Details
Figure 4-6
4-32
CH A P T E R
Compatibility tests. The following compatibility tests executed successfully without displaying any
errors or warning messages.
Using APIC to import NetScaler device package
Using APIC to create 4 device clusters for NetScaler instances
Using APIC: delete 4 device clusters for NetScaler instances
Using APIC: re-create 2 device clusters for NetScaler instances
Configuration tests. The following configuration tests executed successfully. All settings were
pushed to the NetScaler VPX instance as expected and the appropriate services and virtual IPs
(VIPs) were available.
Using APIC to configure L2/L3 settings for a NetScaler VPX instance.
Using APIC to configure LB settings for a NetScaler VPX instance.
Using APIC to configure CS settings for a NetScaler VPX instance.
Using APIC to configure AppFW settings for a NetScaler VPX instance.
Using APIC to configure GSLB settings for a NetScaler VPX instance in a data center.
Figure 5-1 shows the APIC dashboard for the system solution configuration. The dashboard summarizes
configuration health, helping to confirm (in addition to the traffic flow tests) that the NetScaler VPX
instances have been deployed and configured successfully.
5-1
Chapter 5
Figure 5-1
Load Balancing. HTTP, TCP, DNS traffic was processed using the Load Balancing VIPs configured
for the NetScaler instance.
SSL Offloading. SSL traffic was directed to LB VIPs to accelerate SSL Offloading in NetScaler
SDX hardware.
5-2
Chapter 5
Figure 5-2 and Figure 5-3 shows Content Switching functionality across the two SharePoint sites. Each
site was accessed by different users, user aaa and bbb, respectively. The user login authentication
occurred on the SharePoint server that received the user request.
Figure 5-2
5-3
Chapter 5
Figure 5-3
Microsoft SQL Server Load BalancingAs expected, the NetScaler instance directed database
requests to the Content Switching virtual server (vserver) for load balancing.
Microsoft SQL Server Content Switching for Read/Write SplitFor an SQL query that writes
to the database, the NetScaler instance directs it to the LB VIP that routes it to the appropriate
primary database. For read operations, the query is sent to the LB VIP that routes it to a secondary
replica database.
Intelligent Monitoring for Microsoft SQL Server Health CheckNative MS-SQL monitors
configured in the NetScaler instance query a particular field in a database table to determine which
node is the current secondary. The monitor probe queries the database for the secondary replica and
marks the primary replica service as down in the NetScaler instance.
5-4
Chapter 5
AppFW blocks the sites that are not specified in the startURL. In the test environment, access is
permitted to two SharePoint sites only: https://sp2013.test.ctx/sites/Eng and
https://sp2013.test.ctx/sites/Mkt. Access to https://sp2013.test.ctx/sites/Financial, however, is
blocked.
AppFW blocks SQL injection attacks. The NetScaler instance successfully blocks access to a site
that attempts to inject SQL queries, such as the URL:
https://sp2013.test.ctx/sites/Eng/SitePages/Home.aspx?select;
AppFW blocks XSS (Cross-Site-Scripting) attacks. In this test case the NetScaler instance
successfully blocks XSS attacks. NetScaler blocked access to this URL:
https://sp2013.test.ctx/sites/test/_layouts/15/start.aspx#/SitePages/Home.aspx?<script>.
AppFW blocks Denial of Service (DoS) vulnerability in MS SharePoint. In this test case, NetScaler
blocked access for a known XSS attack when accessing this URL:
https://sp2013.test.ctx/sites/test/_layouts/15/start.aspx#/SitePages/Home.aspx?NNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNN.
5-5
Chapter 5
Single link in LACP channel failure. Fabric traffic continues to flow using all other physical links.
Single vPC leg failure. Fabric traffic continues to flow using the other vPC leg.
Single spine failure. Fabric traffic continues to flow on the fabric using an alternate spine.
Single APIC failure. An alternate APIC server from the APIC cluster is still available. As expected,
fabric traffic continues to flow.
5-6
Chapter 5
Figure 5-4
Client_1
v91
v93
Internet
Silver Tenant
ASR 1000
Silver Tenant
ASR 1000
Client_2
Catalyst 4948
ACI
Fabric
Web
VM
App
VM
SDX
SDX
v1101,
v101-v102
v1201,
v121-v122
dB
VM
Data Center 1
AD
VM
Web
VM
FI
v92
DNS
Server
App
VM
dB
VM
Data Center 2
AD
VM
v221-v223
(10.2.[1-3].0/24)
298789
FI
v92
When GSLB is configured, NetScaler appliances use the DNS infrastructure to connect client requests
to the data center that best meets the set distribution criteria. NetScaler devices keep track of the
location, performance, load, and availability of each data center and use these factors to select the data
center for the client request.
An ADNS service is a special kind of service that responds only to DNS requests for domains for which
the NetScaler appliance is authoritative. When an ADNS service is configured, the appliance owns that
IP address and advertises it. Upon receipt of a DNS request by an ADNS service, the appliance checks
for a GSLB virtual server bound to that domain. If a GSLB virtual server is bound, its queried for the
best IP address to which to send the DNS response. (Note: On a public DNS server, configure the IPs of
ADNS services from both data centers as authoritative DNS servers for the domain.)
NetScaler GSLB capabilities were implemented and tested for this system solution using the XML files
listed in Appendix C, Configurations.
After configuring GSLB in the system solution environment, this functionality was tested by simulating
a data center link failure. As expected, NetScaler successfully redirected traffic to the remaining
available data center. Various GSLB distribution scenarios were also configured and tested. For
example, NetScaler instances can distribute client load across data centers according to different
algorithms. This system solution successfully validated three GSLB distribution scenarios:
Dynamic ProximityA delay injector was used to simulate a data center with less proximity. The
NetScaler instance tracks Round Trip Time (RTT) and distributes load based on this value. Clients
connected only to the data center with the least RTT value.
Static ProximityBased on the VLANs, the NetScaler instance directs traffic to the closest data
center. In this way, clients connect to the data center in the same region.
Even DistributionThe NetScaler instance tracks the number of connections and distributes the
client request to the data center with the lowest number of connections. This method spreads out
load across configured data centers.
5-7
Chapter 5
5-8
A P P E N D I X
Product List
The following system solution product list is available for reference:
Cisco: ACI 1.0 (2j)latest version compatible with Citrix NetScaler device model package
Citrix NetScaler SDX 11542 appliance, NetScaler VPX 10.5-53.9, and NetScaler Device Package
10.5-54.2
A-1
Appendix A
Product List
A-2
A P P E N D I X
References
The following system solution documentation references are available for convenience:
Configuration Note: VMDC Architecture with Citrix NetScaler VPX and SDX
Connecting Application Centric Infrastructure (ACI) to Outside Layer 2 and 3 Networks Guide
Citrix Reference
Implementing Cisco Application Centric Infrastructure with Citrix NetScaler Application Delivery
Controllers
B-1
Appendix B
References
Citrix Reference
B-2
A P P E N D I X
Configurations
The following system solution configuration sections provide configuration details for this design and
implementation validation:
ns
ns
ns
ns
add
add
add
add
add
add
add
add
add
add
add
ip
ip
ip
ip
vlan
vlan
vlan
vlan
server
server
server
server
server
server
server
server
server
server
server
101
101
102
102
server-tg-01
server-tg-02
server-tg-03
server-tg-04
server-tg-05
server-tg-06
server-tg-07
server-tg-08
server-tg-09
server-tg-10
server-tg-11
10.16.2.1
10.16.2.2
10.16.2.3
10.16.2.4
10.16.2.5
10.16.2.6
10.16.2.7
10.16.2.8
10.16.2.9
10.16.2.10
10.16.2.11
C-1
Appendix C
Configurations
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server-tg-12
server-tg-13
server-tg-14
server-tg-15
server-tg-16
server-tg-17
server-tg-18
server-tg-19
server-tg-20
server-tg-21
server-tg-22
server-tg-23
server-tg-24
server-tg-25
server-tg-26
server-tg-27
server-tg-28
server-tg-29
server-tg-30
server-tg-31
server-tg-32
server-tg-33
server-tg-34
server-tg-35
server-tg-36
server-tg-37
server-tg-38
server-tg-39
server-tg-40
server-tg-41
server-tg-42
server-tg-43
server-tg-44
server-tg-45
server-tg-46
server-tg-47
server-tg-48
server-tg-49
server-tg-50
server-tg-51
server-tg-52
server-tg-53
server-tg-54
server-tg-55
server-tg-56
server-tg-57
server-tg-58
server-tg-59
server-tg-60
server-tg-61
server-tg-62
server-tg-63
server-tg-64
server-tg-65
server-tg-66
server-tg-67
server-tg-68
server-tg-69
server-tg-70
server-tg-71
server-tg-72
server-tg-73
server-tg-74
server-tg-75
10.16.2.12
10.16.2.13
10.16.2.14
10.16.2.15
10.16.2.16
10.16.2.17
10.16.2.18
10.16.2.19
10.16.2.20
10.16.2.21
10.16.2.22
10.16.2.23
10.16.2.24
10.16.2.25
10.16.2.26
10.16.2.27
10.16.2.28
10.16.2.29
10.16.2.30
10.16.2.31
10.16.2.32
10.16.2.33
10.16.2.34
10.16.2.35
10.16.2.36
10.16.2.37
10.16.2.38
10.16.2.39
10.16.2.40
10.16.2.41
10.16.2.42
10.16.2.43
10.16.2.44
10.16.2.45
10.16.2.46
10.16.2.47
10.16.2.48
10.16.2.49
10.16.2.50
10.16.2.51
10.16.2.52
10.16.2.53
10.16.2.54
10.16.2.55
10.16.2.56
10.16.2.57
10.16.2.58
10.16.2.59
10.16.2.60
10.16.2.61
10.16.2.62
10.16.2.63
10.16.2.64
10.16.2.65
10.16.2.66
10.16.2.67
10.16.2.68
10.16.2.69
10.16.2.70
10.16.2.71
10.16.2.72
10.16.2.73
10.16.2.74
10.16.2.75
C-2
Appendix C
Configurations
NetScaler Instance Configuration Summary
add
add
add
add
add
server
server
server
server
server
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
server-tg-76
server-tg-77
server-tg-78
server-tg-79
server-tg-80
10.16.2.76
10.16.2.77
10.16.2.78
10.16.2.79
10.16.2.80
service-tg-01
service-tg-02
service-tg-03
service-tg-04
service-tg-05
service-tg-06
service-tg-07
service-tg-08
service-tg-09
service-tg-10
service-tg-11
service-tg-12
service-tg-13
service-tg-14
service-tg-15
service-tg-16
service-tg-17
service-tg-18
service-tg-19
service-tg-20
service-tg-21
service-tg-22
service-tg-23
service-tg-24
service-tg-25
service-tg-26
service-tg-27
service-tg-28
service-tg-29
service-tg-30
service-tg-31
service-tg-32
service-tg-33
service-tg-34
service-tg-35
service-tg-36
service-tg-37
service-tg-38
service-tg-39
service-tg-40
service-tg-41
service-tg-42
service-tg-43
service-tg-44
service-tg-45
service-tg-46
service-tg-47
service-tg-48
service-tg-49
service-tg-50
service-tg-51
service-tg-52
service-tg-53
service-tg-54
service-tg-55
service-tg-56
service-tg-57
service-tg-58
server-tg-01
server-tg-02
server-tg-03
server-tg-04
server-tg-05
server-tg-06
server-tg-07
server-tg-08
server-tg-09
server-tg-10
server-tg-11
server-tg-12
server-tg-13
server-tg-14
server-tg-15
server-tg-16
server-tg-17
server-tg-18
server-tg-19
server-tg-20
server-tg-21
server-tg-22
server-tg-23
server-tg-24
server-tg-25
server-tg-26
server-tg-27
server-tg-28
server-tg-29
server-tg-30
server-tg-31
server-tg-32
server-tg-33
server-tg-34
server-tg-35
server-tg-36
server-tg-37
server-tg-38
server-tg-39
server-tg-40
server-tg-41
server-tg-42
server-tg-43
server-tg-44
server-tg-45
server-tg-46
server-tg-47
server-tg-48
server-tg-49
server-tg-50
server-tg-51
server-tg-52
server-tg-53
server-tg-54
server-tg-55
server-tg-56
server-tg-57
server-tg-58
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
TCP 8080
TCP 8080
TCP 8080
TCP 8080
TCP 8080
TCP 8080
TCP 8080
TCP 8080
TCP 8080
TCP 8080
TCP 8080
TCP 8080
TCP 8080
TCP 8080
TCP 8080
TCP 8080
TCP 8080
TCP 8080
C-3
Appendix C
Configurations
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
add
add
add
add
add
add
add
add
lb
lb
lb
lb
lb
lb
lb
lb
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
service-tg-59
service-tg-60
service-tg-61
service-tg-62
service-tg-63
service-tg-64
service-tg-65
service-tg-66
service-tg-67
service-tg-68
service-tg-69
service-tg-70
service-tg-71
service-tg-72
service-tg-73
service-tg-74
service-tg-75
service-tg-76
service-tg-77
service-tg-78
service-tg-79
service-tg-80
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vip-tg-101
vip-tg-102
vip-tg-103
vip-tg-104
vip-tg-105
vip-tg-106
vip-tg-107
vip-tg-108
server-tg-59
server-tg-60
server-tg-61
server-tg-62
server-tg-63
server-tg-64
server-tg-65
server-tg-66
server-tg-67
server-tg-68
server-tg-69
server-tg-70
server-tg-71
server-tg-72
server-tg-73
server-tg-74
server-tg-75
server-tg-76
server-tg-77
server-tg-78
server-tg-79
server-tg-80
TCP
TCP
DNS
DNS
DNS
DNS
DNS
DNS
DNS
DNS
DNS
DNS
DNS
DNS
DNS
DNS
DNS
DNS
DNS
DNS
DNS
DNS
8080
8080
53
53
53
53
53
53
53
53
53
53
53
53
53
53
53
53
53
53
53
53
vip-tg-101
vip-tg-101
vip-tg-101
vip-tg-101
vip-tg-101
vip-tg-101
vip-tg-101
vip-tg-101
vip-tg-101
vip-tg-101
vip-tg-102
vip-tg-102
vip-tg-102
vip-tg-102
vip-tg-102
vip-tg-102
vip-tg-102
vip-tg-102
vip-tg-102
vip-tg-102
vip-tg-103
vip-tg-103
vip-tg-103
vip-tg-103
vip-tg-103
vip-tg-103
vip-tg-103
vip-tg-103
vip-tg-103
vip-tg-103
vip-tg-104
vip-tg-104
HTTP 101.16.1.101 80
HTTP 101.16.1.102 80
SSL 101.16.1.103 443
SSL 101.16.1.104 443
TCP 101.16.1.105 8080
TCP 101.16.1.106 8080
DNS 101.16.1.107 53
DNS 101.16.1.108 53
service-tg-01
service-tg-02
service-tg-03
service-tg-04
service-tg-05
service-tg-06
service-tg-07
service-tg-08
service-tg-09
service-tg-10
service-tg-11
service-tg-12
service-tg-13
service-tg-14
service-tg-15
service-tg-16
service-tg-17
service-tg-18
service-tg-19
service-tg-20
service-tg-21
service-tg-22
service-tg-23
service-tg-24
service-tg-25
service-tg-26
service-tg-27
service-tg-28
service-tg-29
service-tg-30
service-tg-31
service-tg-32
C-4
Appendix C
Configurations
NetScaler Instance Configuration Summary
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vip-tg-104
vip-tg-104
vip-tg-104
vip-tg-104
vip-tg-104
vip-tg-104
vip-tg-104
vip-tg-104
vip-tg-105
vip-tg-105
vip-tg-105
vip-tg-105
vip-tg-105
vip-tg-105
vip-tg-105
vip-tg-105
vip-tg-105
vip-tg-105
vip-tg-106
vip-tg-106
vip-tg-106
vip-tg-106
vip-tg-106
vip-tg-106
vip-tg-106
vip-tg-106
vip-tg-106
vip-tg-106
vip-tg-107
vip-tg-107
vip-tg-107
vip-tg-107
vip-tg-107
vip-tg-107
vip-tg-107
vip-tg-107
vip-tg-107
vip-tg-107
vip-tg-108
vip-tg-108
vip-tg-108
vip-tg-108
vip-tg-108
vip-tg-108
vip-tg-108
vip-tg-108
vip-tg-108
vip-tg-108
service-tg-33
service-tg-34
service-tg-35
service-tg-36
service-tg-37
service-tg-38
service-tg-39
service-tg-40
service-tg-41
service-tg-42
service-tg-43
service-tg-44
service-tg-45
service-tg-46
service-tg-47
service-tg-48
service-tg-49
service-tg-50
service-tg-51
service-tg-52
service-tg-53
service-tg-54
service-tg-55
service-tg-56
service-tg-57
service-tg-58
service-tg-59
service-tg-60
service-tg-61
service-tg-62
service-tg-63
service-tg-64
service-tg-65
service-tg-66
service-tg-67
service-tg-68
service-tg-69
service-tg-70
service-tg-71
service-tg-72
service-tg-73
service-tg-74
service-tg-75
service-tg-76
service-tg-77
service-tg-78
service-tg-79
service-tg-80
route
route
route
route
route
C-5
Appendix C
Configurations
server
server
server
server
server-mssql-1 10.1.3.101
server-mssql-2 10.1.3.102
server-mssql-3 10.1.3.103
server-mssql_listener 10.1.3.105
C-6
Appendix C
Configurations
NetScaler Instance Configuration Summary
C-7
Appendix C
Configurations
location
location
location
location
location
location
DC1
DC1
DC2
DC2
CreateServiceGraph_lb_ssl.xml 192.168.114.1:443
ConfigServiceGraphWithParams_lb_ssl.xml 192.168.114.1:443
CreateContract_lb_ssl.xml 192.168.114.1:443
AttachGraphToContract_lb_ssl.xml 192.168.114.1:443
# CS/SSL: /Citrix/APICscript/SP_CS_SSL/
# ============================================================================
./post_xml.py CreateServiceGraph_SP_cs_ssl_1.xml 192.168.114.1:443
./post_xml.py ConfigServiceGraphWithParams_SP_cs_ssl_1.xml 192.168.114.1:443
./post_xml.py CreateServiceGraph_SP_cs_ssl_2.xml 192.168.114.1:443
./post_xml.py ConfigServiceGraphWithParams_SP_cs_ssl_2.xml 192.168.114.1:443
# CS/DB: /Citrix/APICscript/SP_CS_DB/
# ============================================================================
C-8
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
The first eight files perform configuration tasks that set up basic network service functions that APIC
applies to the NetScaler instances. These tasks include the configuration of Load Balancing and SSL offloading functions that are performed on generic traffic. The remaining files configure NetScaler
functions that are specific to SharePoint Server 2013 workloads.
XML Files that Configure NetScaler Services for SharePoint, page C-41
C-9
Appendix C
Configurations
CreateServiceGraph_lb_http.xml
Creates a service graph (WebGraph) for HTTP, SSL, DNS, and TCP load balancing.
<! CreateServiceGraph_lb_http.xml -->
<! Create service graph for LB -->
<polUni>
<fvTenant name="silverTenant1">
<!-- Application Profile -->
<fvAp dn="uni/tn-silverTenant1/ap-Web1-AppProfile" name="Web1-AppProfile">
C-10
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
C-11
Appendix C
Configurations
C-12
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-08">
<vnsCfgRelInst key="servicename" name="service-tg-08"
targetName="service-tg-08"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-09">
<vnsCfgRelInst key="servicename" name="service-tg-09"
targetName="service-tg-09"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-10">
<vnsCfgRelInst key="servicename" name="service-tg-10"
targetName="service-tg-10"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver" name="vip-tg-102">
<vnsParamInst name="name" key="name" value="vip-tg-102"/>
<vnsParamInst name="ipv46" key="ipv46" value="101.16.1.102"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="port" key="port" value="80"/>
<vnsParamInst name="clttimeout" key="clttimeout" value="200"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-11">
<vnsCfgRelInst key="servicename" name="service-tg-11"
targetName="service-tg-11"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-12">
<vnsCfgRelInst key="servicename" name="service-tg-12"
targetName="service-tg-12"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-13">
<vnsCfgRelInst key="servicename" name="service-tg-13"
targetName="service-tg-13"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-14">
<vnsCfgRelInst key="servicename" name="service-tg-14"
targetName="service-tg-14"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-15">
<vnsCfgRelInst key="servicename" name="service-tg-15"
targetName="service-tg-15"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-16">
<vnsCfgRelInst key="servicename" name="service-tg-16"
targetName="service-tg-16"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
C-13
Appendix C
Configurations
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-17">
<vnsCfgRelInst key="servicename" name="service-tg-17"
targetName="service-tg-17"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-18">
<vnsCfgRelInst key="servicename" name="service-tg-18"
targetName="service-tg-18"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-19">
<vnsCfgRelInst key="servicename" name="service-tg-19"
targetName="service-tg-19"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-20">
<vnsCfgRelInst key="servicename" name="service-tg-20"
targetName="service-tg-20"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver" name="vip-tg-105">
<vnsParamInst name="name" key="name" value="vip-tg-105"/>
<vnsParamInst name="ipv46" key="ipv46" value="101.16.1.105"/>
<vnsParamInst name="servicetype" key="servicetype" value="TCP"/>
<vnsParamInst name="port" key="port" value="8080"/>
<vnsParamInst name="clttimeout" key="clttimeout" value="200"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-41">
<vnsCfgRelInst key="servicename" name="service-tg-41"
targetName="service-tg-41"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-42">
<vnsCfgRelInst key="servicename" name="service-tg-42"
targetName="service-tg-42"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-43">
<vnsCfgRelInst key="servicename" name="service-tg-43"
targetName="service-tg-43"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-44">
<vnsCfgRelInst key="servicename" name="service-tg-44"
targetName="service-tg-44"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-45">
<vnsCfgRelInst key="servicename" name="service-tg-45"
targetName="service-tg-45"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
C-14
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-46">
<vnsCfgRelInst key="servicename" name="service-tg-46"
targetName="service-tg-46"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-47">
<vnsCfgRelInst key="servicename" name="service-tg-47"
targetName="service-tg-47"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-48">
<vnsCfgRelInst key="servicename" name="service-tg-48"
targetName="service-tg-48"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-49">
<vnsCfgRelInst key="servicename" name="service-tg-49"
targetName="service-tg-49"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-50">
<vnsCfgRelInst key="servicename" name="service-tg-50"
targetName="service-tg-50"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver" name="vip-tg-106">
<vnsParamInst name="name" key="name" value="vip-tg-106"/>
<vnsParamInst name="ipv46" key="ipv46" value="101.16.1.106"/>
<vnsParamInst name="servicetype" key="servicetype" value="TCP"/>
<vnsParamInst name="port" key="port" value="8080"/>
<vnsParamInst name="clttimeout" key="clttimeout" value="200"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-51">
<vnsCfgRelInst key="servicename" name="service-tg-51"
targetName="service-tg-51"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-52">
<vnsCfgRelInst key="servicename" name="service-tg-52"
targetName="service-tg-52"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-53">
<vnsCfgRelInst key="servicename" name="service-tg-53"
targetName="service-tg-53"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-54">
<vnsCfgRelInst key="servicename" name="service-tg-54"
targetName="service-tg-54"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
C-15
Appendix C
Configurations
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-55">
<vnsCfgRelInst key="servicename" name="service-tg-55"
targetName="service-tg-55"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-56">
<vnsCfgRelInst key="servicename" name="service-tg-56"
targetName="service-tg-56"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-57">
<vnsCfgRelInst key="servicename" name="service-tg-57"
targetName="service-tg-57"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-58">
<vnsCfgRelInst key="servicename" name="service-tg-58"
targetName="service-tg-58"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-59">
<vnsCfgRelInst key="servicename" name="service-tg-59"
targetName="service-tg-59"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-60">
<vnsCfgRelInst key="servicename" name="service-tg-60"
targetName="service-tg-60"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver" name="vip-tg-107">
<vnsParamInst name="name" key="name" value="vip-tg-107"/>
<vnsParamInst name="ipv46" key="ipv46" value="101.16.1.107"/>
<vnsParamInst name="servicetype" key="servicetype" value="DNS"/>
<vnsParamInst name="port" key="port" value="53"/>
<vnsParamInst name="clttimeout" key="clttimeout" value="200"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-61">
<vnsCfgRelInst key="servicename" name="service-tg-61"
targetName="service-tg-61"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-62">
<vnsCfgRelInst key="servicename" name="service-tg-62"
targetName="service-tg-62"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-63">
<vnsCfgRelInst key="servicename" name="service-tg-63"
targetName="service-tg-63"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
C-16
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-64">
<vnsCfgRelInst key="servicename" name="service-tg-64"
targetName="service-tg-64"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-65">
<vnsCfgRelInst key="servicename" name="service-tg-65"
targetName="service-tg-65"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-66">
<vnsCfgRelInst key="servicename" name="service-tg-66"
targetName="service-tg-66"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-67">
<vnsCfgRelInst key="servicename" name="service-tg-67"
targetName="service-tg-67"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-68">
<vnsCfgRelInst key="servicename" name="service-tg-68"
targetName="service-tg-68"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-69">
<vnsCfgRelInst key="servicename" name="service-tg-69"
targetName="service-tg-69"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-70">
<vnsCfgRelInst key="servicename" name="service-tg-70"
targetName="service-tg-70"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver" name="vip-tg-108">
<vnsParamInst name="name" key="name" value="vip-tg-108"/>
<vnsParamInst name="ipv46" key="ipv46" value="101.16.1.108"/>
<vnsParamInst name="servicetype" key="servicetype" value="DNS"/>
<vnsParamInst name="port" key="port" value="53"/>
<vnsParamInst name="clttimeout" key="clttimeout" value="200"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-71">
<vnsCfgRelInst key="servicename" name="service-tg-71"
targetName="service-tg-71"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-72">
<vnsCfgRelInst key="servicename" name="service-tg-72"
targetName="service-tg-72"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
C-17
Appendix C
Configurations
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-73">
<vnsCfgRelInst key="servicename" name="service-tg-73"
targetName="service-tg-73"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-74">
<vnsCfgRelInst key="servicename" name="service-tg-74"
targetName="service-tg-74"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-75">
<vnsCfgRelInst key="servicename" name="service-tg-75"
targetName="service-tg-75"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-76">
<vnsCfgRelInst key="servicename" name="service-tg-76"
targetName="service-tg-76"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-77">
<vnsCfgRelInst key="servicename" name="service-tg-77"
targetName="service-tg-77"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-78">
<vnsCfgRelInst key="servicename" name="service-tg-78"
targetName="service-tg-78"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-79">
<vnsCfgRelInst key="servicename" name="service-tg-79"
targetName="service-tg-79"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-80">
<vnsCfgRelInst key="servicename" name="service-tg-80"
targetName="service-tg-80"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-01">
<vnsParamInst name="name" key="name" value="service-tg-01"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.1"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="port" key="port" value="80"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-02">
<vnsParamInst name="name" key="name" value="service-tg-02"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.2"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="port" key="port" value="80"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
C-18
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
C-19
Appendix C
Configurations
C-20
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
C-21
Appendix C
Configurations
C-22
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
C-23
Appendix C
Configurations
C-24
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
C-25
Appendix C
Configurations
C-26
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-16">
<vnsCfgRelInst name="Func_service-tg-16_key" key="service_key"
targetName="service-tg-16"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-17">
<vnsCfgRelInst name="Func_service-tg-17_key" key="service_key"
targetName="service-tg-17"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-18">
<vnsCfgRelInst name="Func_service-tg-18_key" key="service_key"
targetName="service-tg-18"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-19">
<vnsCfgRelInst name="Func_service-tg-19_key" key="service_key"
targetName="service-tg-19"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-20">
<vnsCfgRelInst name="Func_service-tg-20_key" key="service_key"
targetName="service-tg-20"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-41">
<vnsCfgRelInst name="Func_service-tg-41_key" key="service_key"
targetName="service-tg-41"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-42">
<vnsCfgRelInst name="Func_service-tg-42_key" key="service_key"
targetName="service-tg-42"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-43">
<vnsCfgRelInst name="Func_service-tg-43_key" key="service_key"
targetName="service-tg-43"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-44">
<vnsCfgRelInst name="Func_service-tg-44_key" key="service_key"
targetName="service-tg-44"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-45">
<vnsCfgRelInst name="Func_service-tg-45_key" key="service_key"
targetName="service-tg-45"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-46">
<vnsCfgRelInst name="Func_service-tg-46_key" key="service_key"
targetName="service-tg-46"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-47">
<vnsCfgRelInst name="Func_service-tg-47_key" key="service_key"
targetName="service-tg-47"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-48">
C-27
Appendix C
Configurations
C-28
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
C-29
Appendix C
Configurations
C-30
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
<vnsAbsGraph name="WebGraph">
<vnsAbsTermNodeProv name="Input1">
<vnsAbsTermConn name="C1">
</vnsAbsTermConn>
</vnsAbsTermNodeProv>
<!-- LB1 Provides LoadBalancing functionality -->
<vnsAbsNode name="LB1" funcType="GoTo">
<vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraphWebGraph/AbsTermNodeProv-Input1/outtmnl"/>
<vnsAbsFuncConn name="outside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncLoadBalancing/mConn-external" />
</vnsAbsFuncConn>
<vnsAbsFuncConn name="inside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncLoadBalancing/mConn-internal" />
</vnsAbsFuncConn>
<vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncLoadBalancing" />
</vnsAbsNode>
<vnsAbsTermNodeCon name="Output1">
<vnsAbsTermConn name="C6">
</vnsAbsTermConn>
</vnsAbsTermNodeCon>
<vnsAbsConnection name="CON1" adjType="L3">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph/AbsTermNodeCon-Output1/AbsTConn"/>
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph/AbsNode-LB1/AbsFConn-outside"/>
</vnsAbsConnection>
<vnsAbsConnection name="CON2">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph/AbsNode-LB1/AbsFConn-inside"/>
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph/AbsTermNodeProv-Input1/AbsTConn"/>
</vnsAbsConnection>
</vnsAbsGraph>
</fvTenant>
</polUni>
C-31
Appendix C
Configurations
<vzRsSubjFiltAtt tnVzFilterName="acl_lb_generic"/>
</vzSubj>
</vzBrCP>
</fvTenant>
</polUni>
C-32
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver" name="vip-tg-103_lb">
<vnsParamInst name="name" key="name" value="vip-tg-103"/>
<vnsParamInst name="ipv46" key="ipv46" value="101.16.1.103"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-21">
<vnsCfgRelInst key="servicename" name="service-tg-21"
targetName="service-tg-21"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-22">
<vnsCfgRelInst key="servicename" name="service-tg-22"
targetName="service-tg-22"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-23">
<vnsCfgRelInst key="servicename" name="service-tg-23"
targetName="service-tg-23"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-24">
<vnsCfgRelInst key="servicename" name="service-tg-24"
targetName="service-tg-24"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-25">
<vnsCfgRelInst key="servicename" name="service-tg-25"
targetName="service-tg-25"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-26">
<vnsCfgRelInst key="servicename" name="service-tg-26"
targetName="service-tg-26"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-27">
<vnsCfgRelInst key="servicename" name="service-tg-27"
targetName="service-tg-27"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-28">
<vnsCfgRelInst key="servicename" name="service-tg-28"
targetName="service-tg-28"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-29">
<vnsCfgRelInst key="servicename" name="service-tg-29"
targetName="service-tg-29"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
C-33
Appendix C
Configurations
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-30">
<vnsCfgRelInst key="servicename" name="service-tg-30"
targetName="service-tg-30"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver" name="vip-tg-104_lb">
<vnsParamInst name="name" key="name" value="vip-tg-104"/>
<vnsParamInst name="ipv46" key="ipv46" value="101.16.1.104"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-31">
<vnsCfgRelInst key="servicename" name="service-tg-31"
targetName="service-tg-31"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-32">
<vnsCfgRelInst key="servicename" name="service-tg-32"
targetName="service-tg-32"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-33">
<vnsCfgRelInst key="servicename" name="service-tg-33"
targetName="service-tg-33"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-34">
<vnsCfgRelInst key="servicename" name="service-tg-34"
targetName="service-tg-34"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-35">
<vnsCfgRelInst key="servicename" name="service-tg-35"
targetName="service-tg-35"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-36">
<vnsCfgRelInst key="servicename" name="service-tg-36"
targetName="service-tg-36"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-37">
<vnsCfgRelInst key="servicename" name="service-tg-37"
targetName="service-tg-37"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-38">
<vnsCfgRelInst key="servicename" name="service-tg-38"
targetName="service-tg-38"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-39">
C-34
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
C-35
Appendix C
Configurations
C-36
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
C-37
Appendix C
Configurations
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngsslvserver"
name="Func_vip-tg-104_ssl">
<vnsCfgRelInst name="sslvserver_key" key="sslvserver_key"
targetName="vip-tg-104_ssl"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngsslcertkey" name="Func_sslcertkey">
<vnsCfgRelInst name="sslcertkey_key" key="sslcertkey_key"
targetName="sp2013.test.ctx-cert"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-21">
<vnsCfgRelInst name="Func_service-tg-21_key" key="service_key"
targetName="service-tg-21"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-22">
<vnsCfgRelInst name="Func_service-tg-22_key" key="service_key"
targetName="service-tg-22"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-23">
<vnsCfgRelInst name="Func_service-tg-23_key" key="service_key"
targetName="service-tg-23"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-24">
<vnsCfgRelInst name="Func_service-tg-24_key" key="service_key"
targetName="service-tg-24"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-25">
<vnsCfgRelInst name="Func_service-tg-25_key" key="service_key"
targetName="service-tg-25"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-26">
<vnsCfgRelInst name="Func_service-tg-26_key" key="service_key"
targetName="service-tg-26"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-27">
<vnsCfgRelInst name="Func_service-tg-27_key" key="service_key"
targetName="service-tg-27"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-28">
<vnsCfgRelInst name="Func_service-tg-28_key" key="service_key"
targetName="service-tg-28"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-29">
<vnsCfgRelInst name="Func_service-tg-29_key" key="service_key"
targetName="service-tg-29"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-30">
<vnsCfgRelInst name="Func_service-tg-30_key" key="service_key"
targetName="service-tg-30"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-31">
C-38
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
C-39
Appendix C
Configurations
C-40
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
Create a service graph (WebGraph_cs_ssl) for CS with SSL Offloading of SharePoint traffic.
ConfigServiceGraphWithParams_SP_cs_ssl_1.xml, page C-46
Configure service graph with L4-L7 parameters for CS and SSL Offloading for SharePoint
traffic.
CreateServiceGraph_SP_cs_ssl_2.xml , page C-47
Create a second service graph (WebGraph_cs_ssl_2) for CS with SSL Offloading of SharePoint
traffic. Configuring a service graph for Content Switching is a two-step process.
ConfigServiceGraphWithParams_SP_cs_ssl_2.xml , page C-48
C-41
Appendix C
Configurations
Configure graph (WebGraph_cs_ssl_2) with L4-L7 parameters for CS and SSL Offloading for
SharePoint traffic.
Create a service graph and configure L4-L7 parameters for Content Switching of Database
CreateServiceGraphWithParams_SP_cs_DB_2.xml, page C-51
Create a second service graph and configure L4-L7 parameters for Content Switching of
Database. Configuring a service graph for Content Switching of Database is a two-step process.
Configures additional L4-L7 parameters for the AppFW service graph that define the binding
of AppFW policy.
ConfigAppFW_block_SQL_injection.xml, page C-62
Create service graph with L4-L7 parameters for a GSLB ADNS configuration.
CreateServiceGraphWithParams_SP_GSLB_2.xml, page C-67
Create a second service graph and configure additional L4-L7 parameters for GSLB.
ConfigParameters_SP_GSLB_DynamicProx.xml, page C-70
C-42
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
Create a second service graph (WebGraph_cs_ssl_2) for CS with SSL Offloading of SharePoint
traffic. Configuring a service graph for Content Switching is a two-step process.
CreateServiceGraph_SP_cs_ssl_1.xml
Create a service graph (WebGraph_cs_ssl) for CS with SSL Offloading of SharePoint traffic.
<!-- CreateServiceGraph_SP_cs_ssl_1.xml -->
<!-- Create a service graph for CS with SSL Offloading for SharePoint -->
<polUni>
<fvTenant name="silverTenant1">
<fvAp dn="uni/tn-silverTenant1/ap-Web1-AppProfile" name="Web1-AppProfile">
<!-- EPG 1 -->
<fvAEPg dn="uni/tn-silverTenant1/ap-Web1-AppProfile/epg-Web1-EPG"
name="Web1-EPG">
<fvRsBd tnFvBDName="silverTenant1-BD1" />
<fvRsProv tnVzBrCPName="webCtrct1"></fvRsProv>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"
key="Network" name="network">
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"
key="nsip" name="snip1">
<vnsParamInst key="ipaddress" name="ip1" value="101.16.1.11"/>
<vnsParamInst key="netmask" name="netmask1"
value="255.255.255.0"/>
<vnsParamInst key="dynamicrouting" name="dynamicRouting"
value="ENABLED"/>
<vnsParamInst key="hostroute" name="hostroute"
value="DISABLED"/>
<vnsParamInst key="type" name="type" value="SNIP"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"
key="nsip" name="snip2">
<vnsParamInst key="ipaddress" name="ip2" value="10.16.1.11"/>
<vnsParamInst key="netmask" name="netmask2"
value="255.255.255.0"/>
<vnsParamInst key="dynamicrouting" name="dynamicRouting"
value="DISABLED"/>
<vnsParamInst key="hostroute" name="hostroute"
value="DISABLED"/>
<vnsParamInst key="mgmtaccess" name="mgmtaccess"
value="ENABLED"/>
<vnsParamInst key="type" name="type" value="SNIP"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="csvserver" name="vip-CS_SP2013" >
<vnsParamInst name="name" key="name" value="vip-CS_SP2013"/>
<vnsParamInst name="ipv46" key="ipv46" value="101.16.1.121"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"
key="csvserver_cspolicy_binding" name="cspolbind1">
C-43
Appendix C
Configurations
C-44
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
C-45
Appendix C
Configurations
</fvAEPg>
</fvAp>
</fvTenant>
</polUni>
Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
ConfigServiceGraphWithParams_SP_cs_ssl_1.xml
Configure service graph with L4-L7 parameters for CS and SSL Offloading for SharePoint traffic.
<! ConfigServiceGraphWithParams_SP_cs_ssl_1.xml -->
<! Configure L4-L7 parameters for CS and SSL Offloading for SharePoint -->
<polUni>
<fvTenant name="silverTenant1">
<vnsAbsGraph name="WebGraph_cs_ssl">
<vnsAbsTermNodeProv name="Input1">
<vnsAbsTermConn name="C1">
</vnsAbsTermConn>
</vnsAbsTermNodeProv>
<!-- CS_SSL_1 Provides CS and SSL Offload functionality -->
<vnsAbsNode name="CS_SSL_1" funcType="GoTo">
<vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl/AbsTermNodeProv-Input1/outtmnl"/>
<vnsAbsFuncConn name="outside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler1.0/mFunc-ContentSwitching/mConn-external" />
</vnsAbsFuncConn>
<vnsAbsFuncConn name="inside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler1.0/mFunc-ContentSwitching/mConn-internal" />
</vnsAbsFuncConn>
<vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler1.0/mFunc-ContentSwitching"/>
</vnsAbsNode>
<vnsAbsTermNodeCon name="Output1">
<vnsAbsTermConn name="C6">
</vnsAbsTermConn>
</vnsAbsTermNodeCon>
<vnsAbsConnection name="CON1" adjType="L3">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl/AbsTermNodeCon-Output1/AbsTConn"/>
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl/AbsNode-CS_SSL_1/AbsFConn-outside"/>
</vnsAbsConnection>
<vnsAbsConnection name="CON2">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl/AbsNode-CS_SSL_1/AbsFConn-inside"/>
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl/AbsTermNodeProv-Input1/AbsTConn"/>
</vnsAbsConnection>
</vnsAbsGraph>
</fvTenant>
</polUni>
Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
C-46
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
CreateServiceGraph_SP_cs_ssl_2.xml
Create a second service graph (WebGraph_cs_ssl_2) for CS with SSL Offloading of SharePoint
traffic. Configuring a service graph for Content Switching is a two-step process.
<! CreateServiceGraph_SP_cs_ssl_2.xml -->
<! Create a service graph for CS with SSL Offloading of SharePoint -->
<polUni>
<fvTenant name="silverTenant1">
<fvAp dn="uni/tn-silverTenant1/ap-Web1-AppProfile" name="Web1-AppProfile">
<!-- EPG 1 -->
<fvAEPg dn="uni/tn-silverTenant1/ap-Web1-AppProfile/epg-Web1-EPG"
name="Web1-EPG">
<fvRsBd tnFvBDName="silverTenant1-BD1" />
<fvRsProv tnVzBrCPName="webCtrct1"></fvRsProv>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl_2" nodeNameOrLbl="CS_SSL_2"
key="Network" name="network">
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl_2"
nodeNameOrLbl="CS_SSL_2" key="nsip" name="snip1">
<vnsParamInst key="ipaddress" name="ip1" value="101.16.1.11"/>
<vnsParamInst key="netmask" name="netmask1" value="255.255.255.0"/>
<vnsParamInst key="dynamicrouting" name="dynamicRouting"
value="ENABLED"/>
<vnsParamInst key="hostroute" name="hostroute" value="DISABLED"/>
<vnsParamInst key="type" name="type" value="SNIP"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl_2"
nodeNameOrLbl="CS_SSL_2" key="nsip" name="snip2">
<vnsParamInst key="ipaddress" name="ip2" value="10.16.1.11"/>
<vnsParamInst key="netmask" name="netmask2" value="255.255.255.0"/>
<vnsParamInst key="dynamicrouting" name="dynamicRouting"
value="DISABLED"/>
<vnsParamInst key="hostroute" name="hostroute" value="DISABLED"/>
<vnsParamInst key="mgmtaccess" name="mgmtaccess" value="ENABLED"/>
<vnsParamInst key="type" name="type" value="SNIP"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl_2"
nodeNameOrLbl="CS_SSL_2" key="sslcertkey" name="sp2013.test.ctx-cert" >
<vnsParamInst name="certkey" key="certkey" value="sp2013.test.ctx-cert"/>
<vnsParamInst name="cert" key="cert" value="sp2013-server.cert"/>
<vnsParamInst name="key" key="key" value="sp2013-server.key"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl_2"
nodeNameOrLbl="CS_SSL_2" key="sslvserver" name="vip-CS_SP2013_ssl">
<vnsParamInst name="vservername" key="vservername" value="vip-CS_SP2013"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl_2" nodeNameOrLbl="CS_SSL_2"
key="sslvserver_sslcertkey_binding" name="certkeyBind">
<vnsCfgRelInst name="certkeyname" key="certkeyname"
targetName="sp2013.test.ctx-cert"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl_2"
nodeNameOrLbl="CS_SSL_2" key="mFCngsslvserver" name="mFCngsslvserver2">
<vnsCfgRelInst name="sslvserver_key" key="sslvserver_key"
targetName="vip-CS_SP2013_ssl"/>
</vnsFolderInst>
C-47
Appendix C
Configurations
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl_2"
nodeNameOrLbl="CS_SSL_2" key="mFCngsslcertkey" name="mFCngsslcertkey2">
<vnsCfgRelInst name="sslcertkey_key" key="sslcertkey_key"
targetName="sp2013.test.ctx-cert"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl_2"
nodeNameOrLbl="CS_SSL_2" key="external_network" name="external_network">
<vnsCfgRelInst name="internal_network_key" key="external_network_key"
targetName="network/snip1"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl_2"
nodeNameOrLbl="CS_SSL_2" key="internal_network" name="internal_network">
<vnsCfgRelInst name="external_network_key" key="internal_network_key"
targetName="network/snip2"/>
</vnsFolderInst>
</fvAEPg>
</fvAp>
</fvTenant>
</polUni>
Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
ConfigServiceGraphWithParams_SP_cs_ssl_2.xml
Configure graph (WebGraph_cs_ssl_2) with L4-L7 parameters for CS and SSL Offloading for
SharePoint traffic.
<! ConfigServiceGraphWithParams_SP_cs_ssl_2.xml -->
<! Configure additional L4-L7 parameters for CS and SSL Offloading for SharePoint -->
<polUni>
<fvTenant name="silverTenant1">
<vnsAbsGraph name="WebGraph_cs_ssl_2">
<vnsAbsTermNodeProv name="Input1">
<vnsAbsTermConn name="C1">
</vnsAbsTermConn>
</vnsAbsTermNodeProv>
<!-- CS_SSL_2 Provides CS and SSL Offload functionality -->
<vnsAbsNode name="CS_SSL_2" funcType="GoTo" >
<vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl_2/AbsTermNodeProv-Input1/outtmnl"/>
<vnsAbsFuncConn name="outside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncSSLOffload/mConn-external" />
</vnsAbsFuncConn>
<vnsAbsFuncConn name="inside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncSSLOffload/mConn-internal" />
</vnsAbsFuncConn>
<vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncSSLOffload"/>
</vnsAbsNode>
<vnsAbsTermNodeCon name="Output1">
<vnsAbsTermConn name="C6">
</vnsAbsTermConn>
</vnsAbsTermNodeCon>
<vnsAbsConnection name="CON1" adjType="L3">
C-48
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl_2/AbsTermNodeCon-Output1/AbsTConn"/>
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl_2/AbsNode-CS_SSL_2/AbsFConn-outside"/>
</vnsAbsConnection>
<vnsAbsConnection name="CON2">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl_2/AbsNode-CS_SSL_2/AbsFConn-inside"/>
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl_2/AbsTermNodeProv-Input1/AbsTConn"/>
</vnsAbsConnection>
</vnsAbsGraph>
</fvTenant>
</polUni>
Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
CreateServiceGraphWithParams_SP_cs_DB_1.xml
Create a service graph and configure L4-L7 parameters for Content Switching of Database
<!-- CreateServiceGraphWithParams_SP_cs_DB_1.xml -->
<!-- Create service graph and L4-L7 parameters for CS of Database -->
<polUni>
<fvTenant name="silverTenant1"> <!-- DB configuration -->
<vnsAbsGraph name = "WebGraph_CS_DB_2">
<vnsAbsTermNodeProv name = "Input1">
<vnsAbsTermConn name = "C1">
</vnsAbsTermConn>
</vnsAbsTermNodeProv>
<vnsAbsNode name = "CS_DB_2" funcType="GoTo" >
<vnsAbsFuncConn name = "outside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncDataStream/mConn-external" />
</vnsAbsFuncConn>
<vnsAbsFuncConn name = "inside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncDataStream/mConn-internal" />
</vnsAbsFuncConn>
<vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncDataStream"/>
<vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_DB_2/AbsTermNodeProv-Input1/outtmnl"/>
<!-- Device Configuration -->
<vnsAbsDevCfg>
C-49
Appendix C
Configurations
C-50
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
CreateServiceGraphWithParams_SP_cs_DB_2.xml
Create a second service graph and configure L4-L7 parameters for Content Switching of Database.
Configuring a service graph for Content Switching of Database is a two-step process.
<!-- CreateServiceGraphWithParams_SP_cs_DB_2.xml -->
<!-- Create service graph with L4-L7 parameters for CS of Database -->
<polUni>
<fvTenant name="silverTenant1"> <!-- CS / DB configuration -->
<vnsAbsGraph name = "WebGraph_CS_DB">
<vnsAbsTermNodeProv name = "Input1">
<vnsAbsTermConn name = "C1">
</vnsAbsTermConn>
</vnsAbsTermNodeProv>
<vnsAbsNode name = "CS_DB" funcType="GoTo" >
<vnsAbsFuncConn name = "outside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncContentSwitching/mConn-external" />
</vnsAbsFuncConn>
<vnsAbsFuncConn name = "inside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncContentSwitching/mConn-internal" />
</vnsAbsFuncConn>
<vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncContentSwitching"/>
<vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_DB/AbsTermNodeProv-Input1/outtmnl"/>
<vnsAbsDevCfg>
<vnsAbsFolder key="Network" name="network" scopedBy="epg">
<vnsAbsFolder key="nsip" name="snip1">
<vnsAbsParam key="ipaddress" name="ip1" value="101.16.1.11"/>
<vnsAbsParam key="netmask" name="netmask1"
value="255.255.255.0"/>
<vnsAbsParam key="type" name="type" value="SNIP"/>
<vnsAbsParam key="dynamicrouting" name="dynamicrouting"
value="ENABLED"/>
<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>
</vnsAbsFolder>
<vnsAbsFolder key="nsip" name="snip2">
<vnsAbsParam key="ipaddress" name="ip2" value="10.16.1.11"/>
<vnsAbsParam key="netmask" name="netmask2"
value="255.255.255.0"/>
<vnsAbsParam key="type" name="type" value="SNIP"/>
<vnsAbsParam key="dynamicrouting" name="dynamicrouting"
value="DISABLED"/>
<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="csvserver" name="csvserver1" scopedBy="epg">
<vnsAbsParam name="name" key="name" value="vip-MSSQL_CS"/>
<vnsAbsParam name="ipv46" key="ipv46" value="10.16.1.122"/>
<vnsAbsParam name="servicetype" key="servicetype" value="MSSQL"/>
<vnsAbsParam name="port" key="port" value="1433"/>
<vnsAbsParam name="mssqlserverversion" key="mssqlserverversion"
value="2012"/>
<vnsAbsFolder key="csvserver_cspolicy_binding" name="cspolbind1">
<vnsAbsCfgRel key="policyname" name="poll1"
targetName="csPolicy/cs_pol1"/>
<vnsAbsParam name="priority" key="priority" value="10"/>
C-51
Appendix C
Configurations
C-52
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
C-53
Appendix C
Configurations
C-54
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
C-55
Appendix C
Configurations
Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
CreateServiceGraphWithParams_AppFW.xml
C-56
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
C-57
Appendix C
Configurations
Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
ConfigServiceGraph_SP_cs_ssl_1_withAppFW-policy.xml
Configure additional L4-L7 parameters for the AppFW service graph that define the binding of
AppFW policy.
<!-- ConfigServiceGraph_SP_cs_ssl_1_withAppFW-policy.xml -->
<!-- Configures additional L4-L7 parameters for binding AppFW policy -->
<polUni>
<fvTenant name="silverTenant1">
<fvAp dn="uni/tn-silverTenant1/ap-Web1-AppProfile" name="Web1-AppProfile">
<!-- EPG 1 -->
<fvAEPg dn="uni/tn-silverTenant1/ap-Web1-AppProfile/epg-Web1-EPG"
name="Web1-EPG">
<fvRsBd tnFvBDName="silverTenant1-BD1" />
<fvRsProv tnVzBrCPName="webCtrct1"></fvRsProv>
C-58
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
C-59
Appendix C
Configurations
C-60
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
C-61
Appendix C
Configurations
ConfigAppFW_block_SQL_injection.xml
C-62
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
ConfigAppFW_block_XSS.xml
C-63
Appendix C
Configurations
<polUni>
<fvTenant name="silverTenant1">
<vnsAbsGraph name = "WebGraph_CS_AppFW_1">
<vnsAbsTermNodeProv name = "Input1">
<vnsAbsTermConn name = "C1">
</vnsAbsTermConn>
</vnsAbsTermNodeProv>
<vnsAbsNode name = "CS_AppFW_1" funcType="GoTo" >
<vnsAbsFuncConn name = "outside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncApplicationFirewall/mConn-external" />
</vnsAbsFuncConn>
<vnsAbsFuncConn name = "inside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncApplicationFirewall/mConn-internal" />
</vnsAbsFuncConn>
<vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncApplicationFirewall"/>
<vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_AppFW_1/AbsTermNodeProv-Input1/outtmnl"/>
<vnsAbsDevCfg>
<vnsAbsFolder key="Network" name="network" scopedBy="epg">
<vnsAbsFolder key="nsip" name="snip1">
<vnsAbsParam key="ipaddress" name="ip1" value="101.16.1.11"/>
<vnsAbsParam key="netmask" name="netmask1"
value="255.255.255.0"/>
<vnsAbsParam key="type" name="type" value="SNIP"/>
<vnsAbsParam key="dynamicrouting" name="dynamicrouting"
value="ENABLED"/>
<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>
</vnsAbsFolder>
<vnsAbsFolder key="nsip" name="snip2">
<vnsAbsParam key="ipaddress" name="ip2" value="10.16.1.11"/>
<vnsAbsParam key="netmask" name="netmask2"
value="255.255.255.0"/>
<vnsAbsParam key="type" name="type" value="SNIP"/>
<vnsAbsParam key="dynamicrouting" name="dynamicrouting"
value="DISABLED"/>
<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="appfwprofile" name="apppro" scopedBy="epg">
<vnsAbsParam name="name" key="name" value="Sharepoint_SharePoint_sig"/>
<vnsAbsParam name="starturlaction" key="starturlaction" value="block
learn log stats"/>
<vnsAbsParam name="starturlclosure" key="starturlclosure" value="ON"/>
<vnsAbsParam name="signatures" key="signatures" value="mssharepoint"/>
<vnsAbsParam name="crossSiteScriptingAction"
key="crosssitescriptingaction" value="block learn log stats"/>
<vnsAbsFolder key="appfwprofile_starturl_binding" name="appFw_1">
<vnsAbsParam key="starturl" name="starturl"
value="^https://sp2013.test.ctx(\\:)*(\\d)*/sites/Eng(/)?"/>
</vnsAbsFolder>
<vnsAbsFolder key="appfwprofile_starturl_binding" name="appFw_2">
<vnsAbsParam key="starturl" name="starturl"
value="^https://sp2013.test.ctx(\\:)*(\\d)*/sites/Mkt(/)?"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="Policy" name="csPolicy" scopedBy="epg">
<vnsAbsFolder key="appfwpolicy" name="apppol" scopedBy="epg">
<vnsAbsParam name="name" key="name"
value="Sharepoint_SharePoint_sig"/>
<vnsAbsParam name="rule" key="rule"
value="HTTP.REQ.HOSTNAME.EQ("sp2013.test.ctx")"/>
C-64
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
C-65
Appendix C
Configurations
Create a second service graph and configure additional L4-L7 parameters for GSLB.
Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
CreateServiceGraphWithParams_SP_GSLB_1.xml
Create service graph with L4-L7 parameters for a GSLB ADNS configuration.
<!-- CreateServiceGraphWithParams_SP_GSLB_1.xml -->
<!-- Create service graph with L4-L7 parameters for GSLB -->
<polUni>
<fvTenant name="silverTenant1"> <!-- GSLB configuration -->
<vnsAbsGraph name = "WebGraph_CS_GSLB_ADNS">
<vnsAbsTermNodeProv name = "Input1">
<vnsAbsTermConn name = "C1">
</vnsAbsTermConn>
</vnsAbsTermNodeProv>
<vnsAbsNode name = "GSLB_adns" funcType="GoTo" >
<vnsAbsFuncConn name = "outside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/
mFunc-DomainNameService/mConn-external" />
</vnsAbsFuncConn>
<vnsAbsFuncConn name = "inside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncDomainNameService/mConn-internal" />
</vnsAbsFuncConn>
<vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncDomainNameService"/>
<vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_ADNS/AbsTermNodeProv-Input1/outtmnl"/>
<!-- Device Configuration -->
<vnsAbsDevCfg>
<vnsAbsFolder key="Network" name="network" scopedBy="epg">
<vnsAbsFolder key="nsip" name="snip1">
<vnsAbsParam key="ipaddress" name="ip1" value="101.16.1.11"/>
<vnsAbsParam key="netmask" name="netmask1"
value="255.255.255.0"/>
<vnsAbsParam key="type" name="tye" value="SNIP"/>
<vnsAbsParam key="dynamicrouting" name="dynamicrouting"
value="ENABLED"/>
<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>
</vnsAbsFolder>
<vnsAbsFolder key="nsip" name="snip2">
<vnsAbsParam key="ipaddress" name="ip2" value="10.16.1.11"/>
<vnsAbsParam key="netmask" name="netmask2"
value="255.255.255.0"/>
<vnsAbsParam key="type" name="tye" value="SNIP"/>
<vnsAbsParam key="dynamicrouting" name="dynamicrouting"
value="DISABLED"/>
<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>
</vnsAbsFolder>
</vnsAbsFolder>
C-66
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
CreateServiceGraphWithParams_SP_GSLB_2.xml
Create a second service graph and configure additional L4-L7 parameters for GSLB.
<!-- CreateServiceGraphWithParams_SP_GSLB_2 -->
<!-- Configure additional L4-L7 parameters for GSLB -->
<polUni>
<fvTenant name="silverTenant1">
C-67
Appendix C
Configurations
C-68
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
C-69
Appendix C
Configurations
Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
ConfigParameters_SP_GSLB_DynamicProx.xml
C-70
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
C-71
Appendix C
Configurations
C-72
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
ConfigParameters_SP_GSLB_StaticProx.xml
C-73
Appendix C
Configurations
<vnsAbsFolder key="gslbvserver_gslbservice_binding"
name="gslbVsServBind2" scopedBy="epg">
<vnsAbsCfgRel name="servicename" key="servicename"
targetName="gslbServ2"/>
</vnsAbsFolder>
<vnsAbsFolder key="gslbvserver_domain_binding"
name="gslbVsDomainBind1" scopedBy="epg">
<vnsAbsParam name="domainname" key="domainname"
value="sp2013.test.ctx"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="gslbservice" name="gslbServ1" scopedBy="epg">
<vnsAbsParam name="servicename" key="servicename"
value="svc_gslb_sp2013_dc1"/>
<vnsAbsParam name="ip" key="ip" value="101.16.1.121"/>
<vnsAbsParam name="servicetype" key="servicetype" value="SSL"/>
<vnsAbsParam name="port" key="port" value="443"/>
<vnsAbsCfgRel name="sitename" key="sitename"
targetName="gslbSite1"/>
</vnsAbsFolder>
<vnsAbsFolder key="gslbservice" name="gslbServ2" scopedBy="epg">
<vnsAbsParam name="servicename" key="servicename"
value="svc_gslb_sp2013_dc2"/>
<vnsAbsParam name="ip" key="ip" value="201.16.1.121"/>
<vnsAbsParam name="servicetype" key="servicetype" value="SSL"/>
<vnsAbsParam name="port" key="port" value="443"/>
<vnsAbsCfgRel name="sitename" key="sitename"
targetName="gslbSite2"/>
</vnsAbsFolder>
<vnsAbsFolder key="gslbsite" name="gslbSite1" scopedBy="epg">
<vnsAbsParam name="sitename" key="sitename" value="Data_Center_1"/>
<vnsAbsParam name="siteipaddress" key="siteipaddress"
value="101.16.1.11"/>
</vnsAbsFolder>
<vnsAbsFolder key="gslbsite" name="gslbSite2" scopedBy="epg">
<vnsAbsParam name="sitename" key="sitename" value="Data_Center_2"/>
<vnsAbsParam name="siteipaddress" key="siteipaddress"
value="201.16.1.11"/>
</vnsAbsFolder>
<vnsAbsFolder key="location" name="locat1" scopedBy="epg">
<vnsAbsParam name="ipfrom" key="ipfrom" value="91.1.1.1"/>
<vnsAbsParam name="ipto" key="ipto" value="91.1.1.255"/>
<vnsAbsParam name="preferredlocation" key="preferredlocation"
value="DC1"/>
</vnsAbsFolder>
<vnsAbsFolder key="location" name="locat2" scopedBy="epg">
<vnsAbsParam name="ipfrom" key="ipfrom" value="101.16.1.121"/>
<vnsAbsParam name="ipto" key="ipto" value="101.16.1.121"/>
<vnsAbsParam name="preferredlocation" key="preferredlocation"
value="DC1"/>
</vnsAbsFolder>
<vnsAbsFolder key="location" name="locat3" scopedBy="epg">
<vnsAbsParam name="ipfrom" key="ipfrom" value="102.16.1.121"/>
<vnsAbsParam name="ipto" key="ipto" value="102.16.1.121"/>
<vnsAbsParam name="preferredlocation" key="preferredlocation"
value="DC1"/>
</vnsAbsFolder>
<vnsAbsFolder key="location" name="locat4" scopedBy="epg">
<vnsAbsParam name="ipfrom" key="ipfrom" value="92.1.1.1"/>
<vnsAbsParam name="ipto" key="ipto" value="92.1.1.255"/>
<vnsAbsParam name="preferredlocation" key="preferredlocation"
value="DC2"/>
</vnsAbsFolder>
<vnsAbsFolder key="location" name="locat5" scopedBy="epg">
C-74
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
C-75
Appendix C
Configurations
Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
ConfigParameters_SP_GSLB_LeastConn.xml
C-76
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
C-77
Appendix C
Configurations
</vnsAbsDevCfg>
<vnsAbsFuncCfg>
<vnsAbsFolder key="mFCnggslbsite" name="mFCngslbsite1" scopedBy="epg">
<vnsAbsCfgRel name="gslbsite_key" key="gslbsite_key"
targetName="gslbSite1"/>
</vnsAbsFolder>
<vnsAbsFolder key="mFCnggslbsite" name="mFCngslbsite2" scopedBy="epg">
<vnsAbsCfgRel name="gslbsite_key" key="gslbsite_key"
targetName="gslbSite2"/>
</vnsAbsFolder>
<vnsAbsFolder key="mFCnggslbvserver" name="gslbvserver1" scopedBy="epg">
<vnsAbsCfgRel name="gslbvserver_key" key="gslbvserver_key"
targetName="gslbVs1"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-outside" />
</vnsAbsFolder>
<vnsAbsFolder key="mFCnggslbservice" name="gslbservice1" scopedBy="epg">
<vnsAbsCfgRel name="gslbservice_key" key="gslbservice_key"
targetName="gslbServ1"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />
</vnsAbsFolder>
<vnsAbsFolder key="mFCnggslbservice" name="gslbservice2" scopedBy="epg">
<vnsAbsCfgRel name="gslbservice_key" key="gslbservice_key"
targetName="gslbServ2"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />
</vnsAbsFolder>
<vnsAbsFolder key="external_network" name="external_network"
scopedBy="epg">
<vnsAbsCfgRel name="external_network_key" key="external_network_key"
targetName="network/snip1"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />
</vnsAbsFolder>
<vnsAbsFolder key="internal_network" name="internal_network"
scopedBy="epg">
<vnsAbsCfgRel name="internal_network_key" key="internal_network_key"
targetName="network/snip2"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-outside" />
</vnsAbsFolder>
</vnsAbsFuncCfg>
</vnsAbsNode>
<vnsAbsTermNodeCon name = "Output1">
<vnsAbsTermConn name = "C6">
</vnsAbsTermConn>
</vnsAbsTermNodeCon>
<vnsAbsConnection name = "CON1">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsTermNodeCon-Output1/AbsTConn" />
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-outside" />
</vnsAbsConnection>
<vnsAbsConnection name = "CON2">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsTermNodeProv-Input1/AbsTConn" />
</vnsAbsConnection>
</vnsAbsGraph>
</fvTenant>
</polUni>
C-78
Appendix C
Configurations
XML Files for Configuring NetScaler Instances
Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
C-79
Appendix C
Configurations
C-80