Deploying Microsoft SharePoint with Cisco ACI

and Citrix NetScaler

Design and Implementation Guide
March 23, 2015

Building Architectures to Solve Business Problems

CCDE, CCENT, CCSI, Cisco Eos, Cisco Explorer, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase,
Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco TrustSec, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip
Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work,
Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; and
Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the
Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity,
Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, iLYNX, IOS, iPhone, IronPort, the
IronPort logo, Laser Link, LightStream, Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY,
PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo are
registered trademarks of Cisco and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (1002R)
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCBs public
domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler Design and Implementation Guide
Partner Access ONLY
Service Provider Segment
2015 Cisco Systems, Inc. All rights reserved.

CONTENTS
Preface

Navigator

1-1

Document Objective and Scope

1-1

Use Cases/Services/Deployment Models

CHAPTER

Introduction

CHAPTER

Use Cases

1-1

1-1

2-1

Business Use Case 2-1

Enabling an Efficient, Secure, and Reliable Architecture

2-2

Technology Use Cases 2-2

NetScaler Services 2-2
Optimizing Security, Performance, and Availability 2-3
Use CaseSecuring SharePoint Traffic Delivery 2-3
Use CaseOptimizing Responsiveness and Performance
Use CaseEnabling Resiliency and Failover 2-4
CHAPTER

Design Overview

2-4

3-1

Introduction to Cisco ACI 3-1

Cisco ACI Benefits 3-1
Citrix NetScaler SDX Overview

3-2

Cisco Intercloud DC ACI 1.0 Architecture 3-3

Cisco Intercloud DC ACI 1.0 Architecture with Silver Cloud Consumer Model
Silver Tenant Container 3-4
Silver Tenant Container Layout 3-4

3-4

Solution Topology and Design Principles 3-5

Physical Topology 3-5
Logical Topology 3-6
APIC Tenant Construction 3-7
User Roles and Security Domain 3-8
CHAPTER

Configuration Details

4-1

Prerequisites and Initial Provisioning 4-1

Provisioning an ACI Silver Tenant Container

4-2

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

Contents

Configuring L2 and L3 Settings on ACI for NetScaler SDX 4-2

Initial NetScaler SDX Appliance Installation and Setup 4-2
Structuring a Highly Available Deployment 4-2
Configuring NetScaler VPX Instances on NetScaler SDX Appliances

4-3

Configuring ACI and NetScaler for a SharePoint Deployment 4-6

Define Citrix NetScaler as L4-L7 Device: Importing NetScaler Device Package 4-8
Using the APIC GUI to Import the NetScaler Device Package 4-8
Using the APIC CLI to Import the NetScaler Device Package 4-9
Creating a Device Cluster 4-9
Using the APIC GUI to Create a NetScaler Device Cluster 4-9
Using XML to Create a NetScaler Device Cluster 4-11
Creating an Application Profile 4-12
Using the APIC GUI to Create an Application Profile and EPG 4-12
Using XML to Create an Application Profile and EPG 4-13
Creating APIC Service Graphs for NetScaler Services 4-13
Using the APIC GUI to Create Service Graphs 4-14
Using XML to Configure Service Graphs for Generic LB Traffic 4-16
Using XML to Create Service Graphs for SharePoint Traffic 4-17
Configuring Application Profile L4-L7 Service Parameters for NetScaler Instances 4-18
Using the APIC GUI to Configure L4-L7 Service Parameters for Generic LB Traffic 4-19
Using XML to Configure L4-L7 Service Parameters for Generic LB Traffic 4-21
Using the APIC GUI to Configure L4-L7 Service Parameters for SharePoint Traffic 4-22
Using XML to Configure L4-L7 Service Parameters for SharePoint Traffic 4-24
Configuring a Contract 4-25
Using the APIC GUI to Create a Contract 4-25
Using XML to Create a Contract 4-28
Deploying Service Graphs 4-29
Using the APIC GUI to Deploy Service Graphs 4-29
Using XML to Deploy Service Graphs 4-30
Viewing Service Graphs Deployed to NetScaler 4-31
CHAPTER

Validating the Configuration

5-1

Verifying the Configuration 5-1

Validating Traffic Flows with NetScaler 5-2
Validating General Traffic Flows with NetScaler 5-2
Validating SharePoint Traffic Flows with NetScaler 5-2
Validating Microsoft SQL Server Flows with NetScaler 5-4
Validating AppFW Functionality with NetScaler 5-5
Validating Solution High Availability and Failover 5-5

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

ii

Design and Implementation Guide

Contents

NetScaler VPX Instance Failover 5-5

NetScaler SDX Appliance Failover 5-6
Fabric and APIC Failover Scenarios 5-6
Configuring NetScaler GSLB for Multiple data centers
APPENDIX

Product List

A-1

APPENDIX

References

B-1

Cisco ACI References

Citrix Reference
APPENDIX

Configurations

5-6

B-1

B-1

C-1

NetScaler Instance Configuration Summary

Automating APIC Configuration for SharePoint

C-1
C-8

XML Files for Configuring NetScaler Instances C-9

XML Files for Configuring Basic Functions C-10
XML Files that Configure NetScaler Services for SharePoint
XML for Content Switching C-42
XML for Database Content Switching C-49
XML for Application Firewall C-56
XML for Global Server Load Balancing (GSLB) C-65

C-41

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

iii

Contents

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

iv

Design and Implementation Guide

Preface
Cisco Application Centric Infrastructure (ACI) and Citrix NetScaler SDX appliances can deliver
application and business agility.
Cisco ACI and Citrix NetScaler enable data center and cloud administrators to holistically control L2-L7
network services in a unified manner via seamless insertion and automation of NetScaler services in data
centers built with ACI architectures. NetScaler leverages the Cisco APIC (Application Policy
Infrastructure Controller) to automate provisioning based on application needs.
This document is based on the foundation of the Cisco Intercloud Data Center ACI 1.0 Implementation
Guide.

Note

This document is exclusive to Partners ONLY.

Navigator
This Cisco Validated Design (system solution) documents the necessary topology, configuration steps,
and reference materials needed to implement and integrate the Citrix NetScaler SDX appliance into the
ACI fabric to support deployments of Microsoft SharePoint Server 2013.

Document Objective and Scope

This document provides a comprehensive explanation of Cisco ACI and Citrix NetScaler integration and
configuration, solution architecture, deployment model, and guidelines for implementation and
configuration. The guide also recommends best practices and possible issues when deploying the
reference architecture.

Use Cases/Services/Deployment Models

In support of Microsoft SharePoint Server 2013 deployments, this guide addresses the configuration
of Citrix NetScaler SDX appliances on a Cisco Application Centric Infrastructure (ACI) fabric.
Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler
Design and Implementation Guide

Preface
Use Cases/Services/Deployment Models

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

CH A P T E R

Introduction
Microsoft SharePoint Server 2013 is an innovative way for employee teams to work together. It
allows enterprises to create a secure mechanism for teams to store, organize, share, and access
information. Documents can be downloaded, edited, and then re-uploaded for continued sharing.
SharePoint simplifies how companies can manage information, project teams, and assignments across
the organization.
For enterprise IT organizations, delivering Microsoft SharePoint Server 2013 via a cloud services
deployment model can yield compelling business benefits: greater business agility, faster provisioning,
and efficiencies that can reduce costs. To help IT organizations realize these goals, Cisco and Citrix offer
leading-edge technologies and a validated reference architecture that can transform SharePoint
implementations into secure, scalable, and dynamic cloud services.
Cisco Application Centric Infrastructure (ACI) technology takes advantage of software defined
networking (SDN) concepts, using a centralized policy controller to configure, deploy and manage
infrastructure and networking resources. To apply ACI policies to network services, this system solution
incorporates Citrix NetScaler, an Application Delivery Controller (ADC) that intelligently directs
application traffic between the Cisco ACI fabric and available infrastructure components. The
combination of these technologies yields an enterprise-ready cloud services model for resilient, secure,
and responsive SharePoint collaborative services.
This system solution describes how to configure Citrix NetScaler within the ACI fabric in an optimized
deployment for SharePoint Server 2013.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

1-1

Chapter 1

Introduction

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

1-2

Design and Implementation Guide

CH A P T E R

Use Cases
Two categorical use cases are presented in defining this system solution:

Business Use Case, page 2-1

Technology Use Cases, page 2-2

Business Use Case

The joint solution delivered by Cisco ACI and Citrix NetScaler technologies is ideal for enterprise
deployments of Microsoft SharePoint Server 2013. The solution allows IT administrators to configure
efficient and agile application services for enterprise collaboration. Whether SharePoint is deployed
within a private enterprise cloud or from a cloud service provider, Cisco ACI and Citrix NetScaler create
an application-driven solution that fosters data security, responsive performance, and high service
levels.
Cisco ACI enables a scalable, efficient cloud infrastructure that is application-centric. ACI technology
combines the benefits of Software-Defined Networking with centralized policy control, allowing data
centers to automate, virtualize, and pool infrastructure and network resources and provision them based
on application requirements. Cisco ACI supplies the critical link between business-based requirements
for application services and the enterprise infrastructure that delivers them. As a result, data centers gain
speed and flexibility when deploying applications as well as the ability to consolidate resources, secure
data, and reduce costs.
Citrix NetScaler intelligently directs application traffic between the Cisco ACI fabric and the available
infrastructure. It is the only Application Delivery Controller that fully integrates into Cisco's unified ACI
fabric. This integration reduces deployment complexity and aligns applications to infrastructure using
automation, saving deployment time and increasing flexibility.
This joint solution enables enterprise IT organizations to simplify application-driven control of Layer 4
to Layer 7 network services. Cisco ACI is supported on Cisco Nexus 9000 series switches and is
managed through a centralized policy controller, the Application Policy Infrastructure Controller
(APIC). APIC automates network provisioningincluding production-ready NetScaler
configurationsbased on application requirements and defined traffic management policies. APIC is a
comprehensive and unified management framework that can orchestrate NetScaler instances based on
APIC-configured service policies.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

2-1

Chapter 2

Use Cases

Technology Use Cases

Enabling an Efficient, Secure, and Reliable Architecture

Much of the potential promise of enterprise cloud architectures stems from cost savings and efficiencies
that are gained through consolidation. Sharing infrastructure and networking components can yield
management efficiencies as well as savings in CAPEX and OPEX. At the same time, cloud architectures
require strict separation between shared resources including servers, enterprise networks, and data
streams. Because SharePoint application services enable collaboration between different end-user and
business entities (including suppliers, customers, and line-of-business organizations), secure
multi-tenancy is an underlying requirement to isolate traffic and protect data.
For networking components (such as Application Delivery Controllers), supporting multi-tenancy has
historically involved the ability to carve a single device into multiple logical partitions. This approach
allows different sets of policies to be implemented for each tenant or application without the need for
many separate devices. However, on some ADC devices, this approach is inadequate because the degree
of isolation is limited.
The NetScaler SDX appliancebecause it supports multiple, fully isolated virtualized
instancesovercomes the challenge of enabling consolidation while providing strict isolation. Since the
NetScaler SDX supports ADC instances that run as separate virtual machines, it enables tenant
segregation for consolidated SharePoint workloads. Clustering NetScaler instances, along with best
practices for designing a highly available SharePoint deployment, facilitates the high service levels and
protection needed for strategic SharePoint services.

Technology Use Cases

This system solution constructs a fully functional Microsoft SharePoint farm on a Cisco ACI fabric.
NetScaler instances on the fabric direct SharePoint client requests to physical and virtualized
infrastructure resources, forwarding traffic to infrastructure servers. While doing so, it applies Layer 4
through Layer 7 services.
In addition to redundant SharePoint servers in the farm, this enterprise-ready deployment relies on
Microsoft SQL Server 2012 clustering and failover for high availability. To optimize performance and
availability, traffic is load-balanced across multiple SharePoint and SQL servers. NetScaler and the ACI
fabric provide enterprise-grade security and data protection for SharePoint and SQL client requests as
well as general web traffic.

NetScaler Services
NetScaler instances in this system solution are specifically configured to perform these operations:

Web traffic inspection, identifying destinations, ports, and protocols.

Load balancing of web traffic using load-balancing virtual IPs (LB VIPs). NetScaler instances
perform Layer 4 (TCP and UDP) through Layer 7 (FTP, HTTP, and HTTPS) traffic management and
load balancing.

SSL offloading using built-in NetScaler hardware acceleration. In this system solution, SSL
offloading is performed for generic traffic as well as for SharePoint web traffic.

Content (or Layer 7) switching for SharePoint web and Database traffic. Content switching provides
fast packet switching based on application-specific information (such as a URL, a cookie, or an SSL
session ID). In this deployment, content switching allows traffic to be directed to different

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

2-2

Design and Implementation Guide

Chapter 2

Use Cases
Technology Use Cases

SharePoint or SQL servers based on application layer criteria. The packet is forwarded from a
Content Switching (CS) VIP to an LB VIP and in this way load-balanced across SharePoint or SQL
servers in the farm.

Layer 7 application firewall for SharePoint web traffic. This is in addition to the ACI fabrics
firewall capabilitiesACI acts inherently as a network firewall since it allows only configured
traffic to pass between fabric endpoints. (By default, communication between endpoints is denied.
ACI policies define the TCP/UDP ports that are opened to allow communication between
endpoints.) NetScaler devices provide complementary firewall capabilities at the application layer.

Global server load balancing (GSLB). GSLB extends the concept of load balancing across the
end-to-end enterprise, distributing client requests across multiple data centers based on proximity,
load, or availability. In this way, the NetScaler instances improve response time and support disaster
recovery for SharePoint services.

The Cisco Application Policy Infrastructure Controller (APIC) provides an intuitive and easy
configuration process, allowing NetScaler functions to be intelligently chained together (such as the
combination of content switching, SSL offloading, and load balancing for SharePoint client
requests). APIC uses the concept of a service graph to represent the sequence of traffic management
functions. As shown in later configuration procedures, service graphs (and associated Layer 4 to
Layer 7 parameters) for NetScaler functions can be defined in APIC using the graphical user
interface (GUI) or Python-interpreted XML files.

APIC also supplies comprehensive management visibility into the fabric and NetScaler operations.
It supplies a centralized view of configuration parameters as well as the ability to manage and
observe traffic, events, and performance.

An overview describing the integration of Cisco ACI and Citrix NetScaler technologies is available in
the architecture guide, Implementing Cisco Application Centric Infrastructure with Citrix NetScaler
Application Delivery Controllers.

Optimizing Security, Performance, and Availability

This system solution documents how Citrix NetScaler instances integrate with the fabric to meet
enterprise-level architectural goals, including:

Securing SharePoint application delivery for multiple tenants

Optimizing SharePoint performance

Enabling high availability and failover for SharePoint services and associated databases

Use CaseSecuring SharePoint Traffic Delivery

SharePoint deployments control access to company and customer-sensitive data, so client requests on
the fabric must be protected against data loss and compromise. This implementation of NetScaler
provides critically important application security, network/infrastructure security, and identity and
access management capabilities.
NetScaler provides robust multi-tenancy capabilities, running completely independent NetScaler
instances with separate policies. Separate IP addressing simplifies deployment into the ACI fabric.
NetScaler completely isolates traffic, helping to meet compliance requirements.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

2-3

Chapter 2

Use Cases

Technology Use Cases

NetScaler enables application-layer protections, including a full-featured application firewall, data loss
protection, and countermeasures for thwarting denial-of-service (DoS) and other Layer 7 attacks. Layer
7 application firewall (AppFW) capabilities examine bi-directional traffic, including SSL-encrypted
packets, to safeguard against a range of security threats. At the application layer NetScaler can also
perform HTTP protocol validation to protect against DoS attacks.
NetScaler also incorporates several network and infrastructure-oriented security capabilities, including
SSL-based encryption, DNS security, and Layer 4 attack protection. To protect against Layer 4 DoS
attacks, NetScaler controls the allocation of back-end resources until it establishes a legitimate client
connection and a valid request has been received.
For SharePoint traffic, SSL offloading can be applied pervasively beyond HTTPS. A simple SSL
offloading scheme decrypts SSL records in HTTPS and then forwards HTTP traffic in clear text to
back-end web servers. To safeguard against HTTP compromise, an end-to-end SSL offloading approach
applies SSL offloading to re-encrypt the clear text for communications with the back-end web servers.
To facilitate fast SSL operations, NetScaler supports both 2048 and 4096 bit keys in hardware.
In addition to load balancing internal DNS servers, NetScaler can also be configured to operate as an
authoritative DNS (ADNS) server to directly handle name and IP resolution requests. This capability can
be implemented in conjunction with GSLB to balance load across multiple data centers that support
SharePoint Server 2013.

Use CaseOptimizing Responsiveness and Performance

For SharePoint workloads, NetScaler instances are used to load balance both edge and content servers.
Intelligent load balancing distributes user requests for content across multiple SharePoint servers in the
farm. Load balancing can be used to manage user requests, prevent poor performance and outages, and
ensure that users can access protected applications. Load balancingwithin a single data center as well
as GSLB across multiple data centersmeans that SharePoint services are continuously accessible and
responsive.
NetScaler compression, caching and load balancing features also help to conserve bandwidth. ACI
defines network Quality of Service (QoS) service classes for traffic, permitting bandwidth allocation
based on tenant requirements. Since NetScaler offloads CPU-intensive tasks such as SSL processing,
caching, and compression from SharePoint servers, these servers can process greater load and scale more
efficiently. NetScaler also acts as a SQL proxy, offloading connection management from the SQL
servers, and performs Database optimizations. This conserves SQL server resources, which helps to
improve performance and scalability.

Use CaseEnabling Resiliency and Failover

This system solution defines a highly available architecture for deploying SharePoint. It leverages the
Cisco Intercloud DC ACI 1.0 Architecture (the Silver Cloud Consumer Model) and includes redundant
SharePoint servers and AlwaysOn Availability Groups in Microsoft SQL Server 2012. (Refer to
Microsoft Tech Note: Failover Clustering and AlwaysOn Availability Groups: SQL Server.) NetScaler
DataStream technology performs intelligent monitoring of Microsoft SQL Server, detecting which
AlwaysOn node is the master so that NetScaler load-balancing services direct traffic appropriately.
To support NetScaler failover, NetScaler instances are configured as an Active/Standby pair. All
instance configuration changes are synced from the Primary HA node (Active instance) to the Secondary
HA node (Standby instance). A health check or heartbeat monitors the status of the primary node.
During a failover, the Standby instance takes over as Active.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

2-4

Design and Implementation Guide

Chapter 2

Use Cases
Technology Use Cases

NetScaler load balancing promotes high availability for on-demand SharePoint services. Within a single
data center, if a SharePoint server in the farm or an SQL Server is unavailable, the NetScaler instance
will direct application requests to the remaining servers. Across multiple enterprise data centers,
NetScaler GSLB functionality can be configured to distribute SharePoint client requests across data
centers. Various criteria for GSLB distribution can be used, such as least connection, static proximity,
or dynamic proximity. If a link to a data center goes down, NetScaler can redirect traffic to an available
data center.
This system solution includes configuration details deploying NetScalers in the ACI fabric to achieve a
resilient SharePoint deployment. Later sections cover how to configure NetScaler instances from APIC
to optimize application service levels and enable service failover.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

2-5

Chapter 2

Use Cases

Technology Use Cases

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

2-6

Design and Implementation Guide

CH A P T E R

Design Overview
The following sections emphasize system solution design considerations.

Introduction to Cisco ACI

Cisco Application Centric Infrastructure (ACI) technology provides the capability to insert Layer 4
through Layer 7 (L4-L7) functions using an approach called a service graph. The industry normally
refers to the capability to add L4-L7 devices in the path between endpoints as service insertion. Cisco
ACI service graph technology can be considered a superset of service insertion.
This document describes the service graph concept and how to design for service insertion with the
service graph.
As Figure 3-1 shows, Layer 4 through Layer 7 services can be physically located anywhere in the fabric,
and they can be running as physical appliances or as virtual appliances.
Figure 3-1

Cisco ACI Fabric with Layer 4 Through Layer 7 Services

No Endpoints Attach Here

Spine Switches

Leaf Switches

Controllers

Physical and Virtualized

Servers

298795

Layer 4 Through
Layer 7 Services

Cisco ACI Benefits

The main purpose of a data center fabric is to move traffic from physical and virtualized servers and
forward it to its destination, and while doing so apply meaningful Layer 4 through Layer 7 services such
as: firewalls, load balancing, traffic inspection, SSL offloading, and application acceleration.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

3-1

Chapter 3

Design Overview

Citrix NetScaler SDX Overview

The main benefits of using a Cisco ACI fabric to provision Layer 4 through Layer 7 services include:

Single point of provisioning through the GUI, the Representational State Transfer (REST) API, or
Python scripts

Powerful scripting and programming environment with a Python software development kit (SDK)

Capability to provision very complex topologies instantaneously

Capability to add and remove workloads from the load balancers or firewall configurations without
human intervention

Capability to create a logical flow of functions instead of just a sequence of Layer 4 through Layer
7 devices

Multitenancy (network slicing) on the fabric and on the service devices

Capability to create portable configuration templates

Intuitive and easy configuration process

One of Cisco ACIs several innovations in the area of service insertion is that Cisco ACI allows you to
concatenate functions offered by individual Layer 4 through Layer 7 devices instead of simply
connecting discrete boxes in sequence.

Citrix NetScaler SDX Overview

The Citrix NetScaler SDX platform optimizes delivery of applications over the Internet and private
networks, combining application-level security, optimization, and traffic management into a single,
integrated appliance. After installing NetScaler SDX appliances in a data center, all connections to
managed servers can be routed through it to control incoming and outgoing network traffic.
The Citrix NetScaler SDX platform delivers fully isolated NetScaler instances hosted on a single
physical appliance (Figure 3-2). Each instance is a full-blown NetScaler VPX environment that
optimizes application delivery. Each NetScaler instance performs configured application-level security,
optimization, and traffic management functions. For SharePoint environments, NetScaler instances
provide application load balancing, SSL offloading of encryption/decryption operations to hardware,
content switching, and database load balancing, application firewall, and Global Server Load Balancing
(GSLB).
A Citrix NetScaler SDX Appliance Hosts Multiple Virtual NetScaler VPX Instances

298796

Figure 3-2

Each NetScaler VPX instance runs as a separate virtual machine with its own dedicated NetScaler
kernel, CPU resources, memory, address space, and bandwidth allocations. Network I/O is done in a way
that not only maintains aggregate system performance but also enables complete segregation of each
tenant's data and management-plane traffic.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

3-2

Design and Implementation Guide

Chapter 3

Design Overview
Cisco Intercloud DC ACI 1.0 Architecture

NetScaler VPX features include Layer 4 through Layer 7 traffic management (L4 load balancing, L7
content switching, database load balancing), application acceleration, application security/firewall, and
network integration.
The NetScaler SDX appliance is equipped with 10 Gbps Ethernet (10GE) and 1 Gbps Ethernet (1GE)
portsthe type and number of ports varies according to the specific NetScaler SDX model. The
connections can form an EtherChannel bundle that is desirable for an appliance-based service design in
the Cisco InterCloud Data Center ACI architecture.
This system solution uses the NetScaler SDX 11542 that features eight 10GE ports and four 1GE ports
(fiber or copper). This model has 16 SSL cores to accelerate SSL encryption and decryption offloading
in hardware. The NetScaler SDX 11542 can support up to 20 NetScaler virtual instances. On this
NetScaler SDX model, pay-as-you-grow licensing delivers from 15 Gbps at the entry level and up to 42
Gbps at the highest level for HTTP traffic with a single instance.

Cisco Intercloud DC ACI 1.0 Architecture

The Cisco Intercloud Data Center ACI 1.0 Implementation Guide describes the underlying Silver Tenant
container, including the network fabric and infrastructure design, used for this system solution. This
guide (available through your Cisco account team or partner) gives procedures to construct a Silver
Tenant container.
Cisco Intercloud Fabric is a software solution that enables customers to manage and access their
workloads across multiple public clouds in a heterogeneous environments, giving customers choice and
flexibility to place their workloads where it benefits the most and according to a technical (capacity,
security, etc.) or business (compliance, etc.) needs.
With Cisco Intercloud Fabric, customers can choose what networks can be securely extended to the
public cloud, and consistent network configuration and security policies can be enforced throughout the
hybrid cloud. Intercloud Fabric mechanism to enforce security goes beyond the secure tunnel between
private and public clouds, and extends the security all the way to the Virtual Machines (VMs) running
in the cloud, so the communication between these VMs in the cloud can be secured as well. This
mechanism is explained later in this document.
Figure 3-3 shows the solution footprint for enterprise customers, where Cisco Intercloud Fabric for
Business can be deployed in the private cloud in heterogeneous environments. This software solution
gives IT an admin portal that allows management of workloads, security policies, and network extension
to the cloud, and includes northbound API capabilities to allow integration with existing private cloud
management solutions. IT customers, including enterprise lines of businesses, can take advantage of
Intercloud Fabric for Business embedded self-service catalog to create new workloads in multiple
clouds, and manage workload lifecycle and migration through its end-user portal.
Cisco Intercloud Fabric Solution
Data Center/Private Cloud
Hyper-V
VMware
vSphere
Microsoft
KVM*
OpenStack
Xen*
Citrix

Redhat

Provider Clouds

Cisco Intercloud
Fabric for Business

Cisco Intercloud
Fabric for
Providers

Cisco Intercloud
Ecosystem

End User and

IT Admin Portals

Cisco Intercloud
Fabric for
Providers

Cisco Powered
Services and Cloud
Providers

Secure Cloud
Extension

Azure APIs

Microsoft Azure

EC2 APIs

Amazon
Web Services

Network, Compute,
and Storage

298797

Figure 3-3

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

3-3

Chapter 3

Design Overview

Cisco Intercloud DC ACI 1.0 Architecture

Cisco Intercloud Fabric for Provider is a multi-tenant software appliance that is installed and managed
by the cloud providers that are part of the Intercloud Fabric ecosystem. This virtual appliance creates
Cloud API uniformity across different cloud providers and abstracts the complexity of supporting
heterogeneous Cloud APIs. In the future Intercloud Fabric for Provider will help to build Cisco
infrastructure-specific differentiation for all Cisco Powered Cloud Providers.
Cisco Intercloud Fabric gives customers multiple choices of cloud providers, including the ecosystem
of Cisco Powered Cloud Providers and the hyper scale public clouds such as Amazon EC2 and Microsoft
Azure. Cisco believes that business customers also want choices of hypervisors for their virtualized
environment, so it is important for the solution that enables hybrid cloud to be hypervisor-agnostic. The
scenario with multiple choices of hypervisors on premises and off premises can make workload mobility
and portability difficult, but Cisco Intercloud Fabric resolves this problem and makes this transparent
for customers, allowing workloads to be moved to multiple clouds and back to the enterprise.
In summary, Cisco Intercloud Fabric aims to provide greater agility in response to business needs and
addresses many potential challenges for hybrid cloud deployments. Benefits include:

Workload security throughout resulting hybrid clouds.

Consistent operations and workload portability across clouds. Cisco Intercloud Fabric delivers
unified hybrid cloud management for end users and IT administrators, enabling workload mobility
to and from service provider clouds for physical and virtual workloads.

To protect critical business assets and meet compliance requirements, Cisco Intercloud Fabric
provides highly secure, scalable connectivity to extend private clouds to service provider clouds.

Self-service consumption of hybrid resources with end-user and IT portals

Workload provisioning and bidirectional migration

End-to-end security with consistent policy enforcement

A single point of management and control for physical and virtual workloads

A choice of cloud providers and hypervisors

Cisco Intercloud DC ACI 1.0 Architecture with Silver Cloud Consumer Model
The Cisco Intercloud DC ACI 1.0 architecture with the Silver cloud consumer model is defined by
describing the container and its layout.

Silver Tenant Container

While providing Infrastructure as a Service (IaaS) solutions cloud providers look for a tiered model that
can support a variety of applications. Based on customer requirements, services can be differentiated
into a multi-tier infrastructure. Such a model provides flexibility in expanding services by adding
resources. The Silver Tenant is one such container, which provides application availability with a
dedicated load balancing service.

Silver Tenant Container Layout

As described in the Cisco Intercloud Data Center ACI 1.0 Implementation Guide, a Silver Tenant
Container has the capability to provide various application services with Layer 3 (L3) support. It
maintains a logical separation from other network containers in a shared infrastructure. Dedicating a
unique VRF for each silver tenant helps to maintain the logical isolation. Figure 3-4 shows an overview
of the Silver Tenant model.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

3-4

Design and Implementation Guide

Chapter 3

Design Overview
Solution Topology and Design Principles

Figure 3-4

Silver Tenant Model

Internet

Loopback Interface

QFP

QFP

ASR 1000

Loopback Interface

Border Leaf - 1

Border Leaf - 2

Loopback Interface

ACI Fabric
Access Leaf - 1

Access Leaf - 2

NetScaler
HA-Pair
UCS Chassis

SLB

Web and App

APP
OS

APP
OS

Web and App VMs

Database
APP
OS

APP
OS

Database VMs

298794

VIP - Web
VIP - App and DB
SNIP

Each tenant can host different applications based on customer requirements. This may require a number
of application tiers of virtual machines (VMs) to be implemented such as web, application, and database.
In the implementation guide, the Silver Tenant Container is defined with three application tiers. Each
tier has a unique VLAN assigned and hosts web, application and database services. The Silver Tenant
also provides load-balancing services for the application tiers using Citrix NetScaler SDX appliances.
The SDX units are deployed in a physical 1-arm mode but in a logical 2-arm mode. This section covers
the following topics:

Physical Topology

Logical Topology

Tenant Construction

Solution Topology and Design Principles

Appliances dont need to be placed in any particular place in the fabric. They can run as physical
appliances connected to any leaf, or as virtual appliances running on any virtualized server.
Physical appliances can run with multiple virtual contexts as well. Cisco ACI can model this concept in
the construction of the policy.

Physical Topology
Figure 3-5 shows the Silver tenant physical topology. Tiers hosting applications are deployed on Cisco
UCS B-Series Servers. NetScaler VPX instances are deployed on NetScaler SDX appliances. Cisco ASR
1000 Series Routers (specifically ASR 1004s) provide external connectivity to the applications.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

3-5

Chapter 3

Design Overview

Solution Topology and Design Principles

Figure 3-5

Physical Topology for an ACI Silver Tenant

UCS B-Series Blade Servers

APIC1
APIC3

UCS-6296-FI-A

UCS-6296-FI-B

Leaf1

Leaf2

Spine1

Spine2

NetScaler SDX

NetScaler SDX

Netapp
FAS3200
Series
APIC2

Leaf4

QFP

QFP

ASR 1000

ASR 1000

298790

Leaf3

Logical Topology
In this section, the physical topology is translated into a logical layout. Figure 3-6 shows how the Silver
container is constructed logically. The logical topology can be divided into two sections: first, ACI
Fabric to Application Servers; and second, ACI Fabric to the Internet.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

3-6

Design and Implementation Guide

Chapter 3

Design Overview
Solution Topology and Design Principles

Figure 3-6

Logical Topology for an ACI Silver Tenant

Internet

Loopback Interface

QFP

QFP

ASR 1000

Loopback Interface

Border Leaf - 1

Border Leaf - 2

Loopback Interface

ACI Fabric
Access Leaf - 1

Access Leaf - 2

NetScaler
HA-Pair
UCS Chassis

SLB

Web and App

APP
OS

APP
OS

Web and App VMs

Database
APP
OS

APP
OS

Database VMs

298794

VIP - Web
VIP - App and DB
SNIP

A unique VRF is assigned to each Silver Tenant which is defined in the access leafs in the fabric. Each
of the application tier and load balancers is assigned a specific VLAN, which are a part of the VRF
assigned to the Silver Tenant. The fabric serves as the default gateway for each of the tiers and the
NetScalers. In this document, a single EPG is used to host a tier that serves web and database
functionality.
With the ACI Fabric being the default gateway, it has the capability to route packets from one tier to
another for both load balanced and non-load balanced flow. For external connectivity two leafs in the
fabric are used as border leafs to connect to ASR 1000 routers using port channels. Switched virtual
interfaces (SVI) are configured on the leaf switches and static routes help to route the packets to the edge
router. Interior BGP (IBGP) is configured between the two devices to advertise the routes for traffic to
reach the application tiers. Loopback interfaces are configured for the same.

APIC Tenant Construction

The previous section supplies details on how the Silver Tenant is constructed physically and logically.
It can be mapped to a tenant in APIC by putting a number of pieces together. Figure 3-7 shows the
different pieces put together to create a tenant through APIC.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

3-7

Chapter 3

Design Overview

Solution Topology and Design Principles

Figure 3-7

Silver TenantAPIC

QFP
ASR 1000

Port-channel

External Routed Network:

(outside_network)

VRF net01
HTTP
HTTPS

contract

contract

DNS
MSSQL

MEP

ICMP

ICMP

EPG: epg01

Bridge Domain:
slb_bd

Filters TCP eq {53, 80, 443,

1443, 3009, 8080}
UDP eq {53}
ICMP type {any}

Bridge Domain:
bd02
EPG: epg02

contract
Consumer

Provider

298793

Bridge Domain:
bd01

User Roles and Security Domain

Authentication, Access and Accounting (AAA) functions for the ACI Fabric is managed by APIC
policies. User privileges, roles and security domain put together provides this functionality. By assigning
read/write access to users the administrator can restrict a tenant from seeing any other tenant details.
This enables isolation among the tenants. A set of roles are defined in the ACI Fabric such as aaa,
access-admin, fabric-admin, admin, tenant-admin, vmm-admin, and so on. These roles have no-access,
read-only and read-write privileges associated with them. By assigning specific privileges to a user,
access to functions in the system can be restricted. Security domain is a tag used in the ACI MIT object
tree. A tenant can be linked to a security domain. Thus the access to a tenant object can be restricted to
a particular security domain and thus to the users that are a part of the security domain. This can be
configured in the GUI or the REST API as well.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

3-8

Design and Implementation Guide

CH A P T E R

Configuration Details
In the Cisco ACI policy model, administrators define service graphs for Layer 4 through Layer 7
networking functions such as traffic filtering, load balancing, and SSL offloading. ACI service graphs
define which functions are performed on traffic between different endpoint groups (EPGs). The
functions are independent of the underlying devices that perform the actual task. ACI renders the
specified functions in the graph on available devices within the fabricin this case on the NetScaler
Application Delivery Controllers. In this way, ACI applies NetScaler resources to govern traffic as
prescribed between one EPG and another.
This section describes prerequisites and configuration procedures necessary to optimize ACI-NetScaler
deployments. It describes how to:

Set up NetScaler SDX appliances and virtual instances

Establish communication between the ACI fabric and the NetScalers

Use APIC to configure NetScaler for SharePoint workloads.

The Cisco Application Policy Infrastructure Controller (APIC) is used to initialize and control NetScaler
configurationsit pushes configuration settings to the NetScaler instances. Administrators can use the
APIC graphical user interface (GUI) or XML files to define NetScaler configuration settings. The steps
here show both APIC GUI screen captures as well as excerpts from relevant XML files. Appendix C,
Configurations includes more complete XML listings used to configure this system solution
environment.

Prerequisites and Initial Provisioning

The procedures in this chapter assume that certain initial installation and provisioning steps have already
been completed, including:

Configuring an ACI Silver Tenant container

Configuring L2-L3 settings on ACI

Installation and cabling of NetScaler SDX appliances

Configuring of NetScaler VPX instances in HA mode

The following sections describe these prerequisites in detail.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

4-1

Chapter 4

Configuration Details

Prerequisites and Initial Provisioning

Provisioning an ACI Silver Tenant Container

Prior to configuring NetScaler service graphs for SharePoint workloads, it is assumed that the Silver
Tenant container configuration (discussed in the previous topology section) has already been deployed.
The Cisco Intercloud Data Center ACI 1.0 Implementation Guide gives procedures to construct a Silver
Tenant container.
Chapter 9 of the Cisco Intercloud Data Center ACI 1.0 Implementation Guide describes how to create a
tenant, a private network, a bridge domain, subnets, and an application profile. The application profile
acts as a logical container for the endpoint groups (EPGs). In the Implementation Guide, the Silver
Tenant configuration has 3 EPGs defined by default, one each for web, application, and database server
functions. This system solution focuses on configuration procedures for the web tier that supports SharePoint client requests and describes the application profile configuration for this tier (by design, a SharePoint deployment combines web and application tiers). This system solution also covers the
configuration of traffic management for requests to the Microsoft SQL Server 2012 database cluster in
the database tier.
During the setup of the Silver Tenant container, the administrator must define contracts for inter-EPG
communication and filters that dictate what traffic can pass between the EPGs. The ACI fabric supports
L2 and L3 connectivity between external public/private networks and the fabric. An L3 externally routed
network is defined as a part of the Silver Tenant deployment.

Configuring L2 and L3 Settings on ACI for NetScaler SDX

The Cisco Intercloud Data Center ACI 1.0 Implementation Guide gives the procedures for using the
APIC GUI or XML files to create a tenant, private network, bridge domain, and subnets for the implementation. The only differences from the implementation guide in this system solution were the use of
Cisco ASR 1000 Series routers (rather than ASR 9000s) and the use of a delay injector.
The delay injector works as L2 device and is configured for injecting network errors of type delay. The
RTT for the delay was configured for 100ms.

Initial NetScaler SDX Appliance Installation and Setup

Within the ACI fabric, Citrix NetScaler appliances provide Layer 4 through Layer 7 services (such as
application firewall, load balancing, SSL offloading, etc.). This system solution assumes that two
physical NetScaler SDX appliances are deployed, and that these units are installed and cabled appropriately. Refer to the Citrix NetScaler SDX Hardware Installation documentation for more information.
Cisco ACI abstracts network services and applies the abstractions to application traffic on the data plane.
All NetScaler devices support out-of-band management, which this system solution uses for ACI-NetScaler configuration tasks. This allows management traffic to be separated from application traffic.

Structuring a Highly Available Deployment

To optimize a deployment for high availability, this system solution implements a Virtual PortChannel
(vPC) topology that allows data traffic on the ACI fabric to continue even if one or more switch failures
occur. The two NetScaler SDX appliances are provisioned to use four 10G links that are part of a single
LACP port channel. The SDX units are deployed in a physical 1-arm mode but in a logical 2-arm mode,
carrying the traffic for multiple VLANs through a single port channel. In this implementation, there are
both private and public VLANs and NetScaler has a presence on both. The default gateway is on the
public network.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

4-2

Design and Implementation Guide

Chapter 4

Configuration Details
Prerequisites and Initial Provisioning

From the standpoint of traffic flow, client requests destined for a web server in the server farm pass first
to a virtual IP address (VIP) in a NetScaler VPX instance. After the NetScaler processes the request, it
is forwarded through the same interface to the gateway on the private network. The ACI fabric then
redirects the packet to the appropriate web server on one of the private VLANs. The return traffic from
servers is routed back to NetScaler instances and from NetScaler instances to clients. The traffic is
routed inside the data center using static routes.
Multiple virtual NetScaler VPX instances can be configured on each NetScaler SDX appliance. To
support NetScaler failover within a data center, a VPX instance on two NetScaler SDX appliances is
configured into High Availability (HA) Active/Standby mode. A heartbeat is used between the VPX
instances to determine if a NetScaler instance failure occurs. To support Disaster Recovery scenarios,
NetScaler GSLB capabilities also can be implemented across multiple data centers (Figure 4-1).
Figure 4-1

Logical View of the Network Topology for GSLB Across Two Data Centers
DNS
Server

Client_1

v91

v93

Internet

Core Catalyst 6509

Delay Injector

Silver Tenant
ASR 1000

Silver Tenant
ASR 1000
Client_2
Catalyst 4948

ACI
Fabric

VLANs ACI specified

(v235-v237)
(10.1.[1-3].0/24)

Web
VM

App
VM

SDX

SDX

v1101,
v101-v102

v1201,
v121-v122

dB
VM

Data Center 1

AD
VM

Web
VM

FI

v92
DNS
Server

App
VM

dB
VM

AD
VM

Data Center 2

v221-v223
(10.2.[1-3].0/24)

298789

FI

v92

Configuring NetScaler VPX Instances on NetScaler SDX Appliances

On a NetScaler SDX appliance, the administrator can provision one or more NetScaler VPX instances
using the Management Service. Each VPX instance supports most features of a NetScaler MPX
appliance. (Refer to Provisioning NetScaler Instances in the Citrix NetScaler documentation for the
provisioning procedures.)
In this system solution environment, four pairs of NetScaler VPX instances were created:
SDX-A_VPX-1 and SDX-B_VPX-1, SDX-A_VPX-2 and SDX-B_VPX-2, SDX-A_VPX-3 and
SDX-B_VPX-3, and SDX-A_VPX-4 and SDX-B_VPX-4. A single ACI tenant can support multiple
instances of NetScaler device clusters (physical or virtual appliances).
Figure 4-2 shows how the administrator uses the NetScaler Management Service graphical user interface
to create four NetScaler VPX instances on one of the two NetScaler SDX appliances. The same process
is used to create four corresponding VPX instances on the other SDX appliance.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

4-3

Chapter 4

Configuration Details

Prerequisites and Initial Provisioning

Figure 4-2

Create NetScaler VPX Instances on NetScaler SDX Appliance

By editing each NetScaler VPX instance in the pane above, the administrator can configure VPX
instances with the required L2-L3 network settings. Figure 4-3 shows the configuration settings for the
first NetScaler VPX instance, SilverTenant1_SDX-A_VPX-1.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

4-4

Design and Implementation Guide

Chapter 4

Configuration Details
Prerequisites and Initial Provisioning

Figure 4-3

Configuration Settings for NetScaler VPX Instance

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

4-5

Chapter 4

Configuration Details

Configuring ACI and NetScaler for a SharePoint Deployment

Configuring ACI and NetScaler for a SharePoint Deployment

This chapter describes how to set up ACI-NetScaler communication, how to configure NetScaler instances, and how to configure NetScaler traffic management for the ACI fabric.
All network traffic on the data plane is processed by NetScaler instances according to the configured
ACI settings for NetScaler instances. In this system solution, the settings fall into two different categories: settings for managing non-SharePoint traffic and settings for managing SharePoint traffic. Several
of the APIC configuration steps reflect this two-pronged approach:

For general or non-SharePoint traffic, the NetScaler VPX instances are configured to perform Load
Balancing and SSL Offloading. Third party traffic generators were used to simulate traffic on the
fabric to represent an actual deployment.

For SharePoint client requests, the NetScaler VPX instances support multiple network services:
Content Switching with SSL offloading and Load Balancing for web traffic; Content Switching and
Load Balancing for Database traffic (Microsoft SQL Server 2012); Application Firewall; and Global
Server Load Balancing (GSLB). Real client Windows 7 machines were used to access the
SharePoint Content Switching VIP. All servers in the SharePoint farm were configured with two
sites: Engineering and Marketing.

The NetScaler instances process these two categories of traffic according to Layer 4 through Layer 7
parameters configured in APIC service graphs. When the service graphs are deployed from APIC, the
NetScaler VPX instances are configured to apply the appropriate network services to ACI fabric traffic.
Table 4-1 summarizes many of the system solution implementation settings for configuring NetScaler in
a SharePoint deployment. The configuration defines SNIP addresses (used as source NAT) for NetScaler
to open new connections to the backend servers.
The settings below reflect the system solution implementation in one of two data centers (settings for
the second data center would be similar).
Table 4-1

Summary of ACI-NetScaler Implementation Settings

Category

Description

Details

Device Package

Supports
ACI-NetScaler
communication

NS Device Package, version 1.0, 10.5-54.2

Cluster Definition

Concrete Device 1

192.168.114.111 (NSIP), SDX-A_VPX-1

Concrete Device 2

192.168.114.112 (NSIP), SDX-B_VPX-1

Device Cluster

192.168.114.110 (SNIP)

Interfaces

- 0/2 out-of-band management

L2 Configuration

- LA/1 data traffic; LACP channel with (4) 10G ports;

2 links are connected to each leaf (leaf#1 and leaf#2) in
a vPC topology
VLANs

101, 102 tagged

VLAN bindings

- LA/1 VLAN 101 SNIP: 10.16.1.11/24

- LA/1 VLAN 102 SNIP: 101.16.1.11/24

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

4-6

Design and Implementation Guide

Chapter 4

Configuration Details
Configuring ACI and NetScaler for a SharePoint Deployment

Table 4-1

Summary of ACI-NetScaler Implementation Settings (continued)

Category

Description

Details

L3 Configuration

SNIPs

- Client side: 101.16.1.11/24

- Server side: 10.16.1.11/24

Static routes

- 0.0.0.0/0

gw: 101.16.1.1

- 10.1.1.0/24 gw: 10.16.1.1

- 10.1.2.0/24 gw: 10.16.1.1
- 10.1.3.0/24 gw: 10.16.1.1
- 10.16.2.0/24 gw: 10.16.1.1
L4-L7
Configuration

NetScaler Load
Balancing (LB)
Virtual IPs (VIPs)

- (2) HTTP/TCP:80: 101.16.1.101 ; 101.16.1.102

- (2) SSL/TCP:443: 101.16.1.103 ; 101.16.1.104
- (2) TCP/TCP:8080: 101.16.1.105 ; 101.16.1.106
- (2) DNS/UDP:53: 101.16.1.107 ; 101.16.1.108
- (2) HTTP/TCP:80: 10.16.1.111 ; 10.16.1.112
(SharePoint LB VIP)
- (2) DB/TCP:1433: 10.16.1.151 ; 10.16.1.152
(MSSQL LB VIP)

NetScaler Content
Switching (CS)
Virtual IPs (VIPs)

- (1) SSL/TCP:443: 101.16.1.121 (SharePoint CS VIP)

- (1) DB/TCP:1433: 10.16.1.122 (MSSQL CS VIP)

Certain configuration procedures are required to apply NetScaler network services to SharePoint traffic
on the ACI fabric. The remainder of this chapter describes the procedures used to create the
ACI-NetScaler system solution environment:

Define Citrix NetScaler as a L4-L7 device by importing the NetScaler Device Package

Creating a device cluster

Creating an application profile and endpoint group (EPG)

Creating service graphs

Configuring service graphs with L4-L7 service parameters for NetScaler instances

Configuring a contract

Deploying the service graphs by attaching them to the contract. This process pushes the defined
APIC configurations to the NetScaler instances.

For detailed information about ACI and NetScaler configuration procedures, refer to these documents:

Cisco Intercloud Data Center ACI 1.0 Implementation Guide

Cisco APIC Layer 4 to Layer 7 Services Deployment Guide

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

4-7

Chapter 4

Configuration Details

Configuring ACI and NetScaler for a SharePoint Deployment

Define Citrix NetScaler as L4-L7 Device: Importing NetScaler Device Package

To properly configure NetScaler instances, Cisco APIC needs to communicate to the instances via the
appropriate NetScaler APIs. The NetScaler Device Package is a plugin that enables communication
between Cisco APIC and NetScaler devices.
After the NetScaler device package is uploaded, APIC creates a namespace for it. The package is
unzipped and copied to the namespace. APIC then parses the device specification XML, adding
NetScaler managed objects to APIC's managed object tree.

Using the APIC GUI to Import the NetScaler Device Package

An administrator can use the APIC GUI and install the device package using the L4-L7 Services menu
as follows.
Step 1

From L4-L7 Services, select the Packages option and click on L4-L7 Service Device Type. Click on
Actions. Select the action to import a device package into one of the APIC cluster controllers.

Step 2

Specify the NetScaler Device Package to be imported. For this system solution, version 1.0 of the
NetScaler Device Package (NetScaler Release 10.5-54.2) was installed.

The service functions enabled through the NetScaler Device Package are listed under L4-L7 Service
Functions in the APIC GUI. The interface labels (e.g., inside, mgmt, and outside) are mapped to
the physical interfaces on the NetScaler device.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

4-8

Design and Implementation Guide

Chapter 4

Configuration Details
Configuring ACI and NetScaler for a SharePoint Deployment

Using the APIC CLI to Import the NetScaler Device Package

As an alternative to using the APIC GUI, the administrator can install the device package using the APIC
command line interface by performing the following procedure.
Step 1

Download the NetScaler Device Package file from the Citrix web site to the local management machine.

Step 2

Transfer this file to one of the APIC controllers under the directory /home/admin.

Step 3

On APIC, execute the following command to install the NetScaler Device Package.
admin@apic:~> services install DevicePackage-1.0-10.5-54.2.zip

Creating a Device Cluster

ACI abstracts actual NetScaler devices as concrete devices. Two concrete devices are set up in active-standby mode and form an HA device cluster. When concrete devices are added to a logical device
cluster, the physical (concrete) interface is mapped to a logical interface.
The following procedures were performed out-of-band but can also be performed in in-band mode.

Using the APIC GUI to Create a NetScaler Device Cluster

Step 1

Navigate to the Tenant tab and select the appropriate tenant name. Navigate to the L4-L7 Services tab.
Right click on L4-L7 Devices and select Create L4-L7 Devices.

Step 2

Under the General tab enter the name for the logical device.
a.

Select the device package from the drop-down. Set the mode to HA Cluster.

b.

In the Credentials section, enter the access credentials used by APIC to log into NetScaler device
cluster (VPX instances).

c.

For concrete device configuration, provide the Management IP Address and Management Port.
Click VPC as the connection.

d.

Under Physical Interfaces, click + to add the physical (concrete) device in each case. The data
interface LA/1 is used for data plane communication. Since NetScaler physical deployment is in
one-arm mode, the same interface is used as both provider and consumer.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

4-9

Chapter 4

Configuration Details

Configuring ACI and NetScaler for a SharePoint Deployment

Step 3

Select the Parameters tab. Configure the required NetScaler modes and features:
a.

Enable modes FR, Edge, USNIP, and PMTUD, and disable modes L3.

b.

Enable features WL, SP, LB, CS, SSL, GSLB, AppFw, and RESPONDER.

Other parameters can be configured at this point as appropriate for requirements. The captures below
depict many of the configured parameters for this system solution.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

4-10

Design and Implementation Guide

Chapter 4

Configuration Details
Configuring ACI and NetScaler for a SharePoint Deployment

Step 4

Review the configuration and click Submit.

Using XML to Create a NetScaler Device Cluster

An XML file can also be used to construct a NetScaler device cluster in APIC.
<!-- CreateCDev_HA_.xml -->
<!-- Create NetScaler HA device cluster -->
<polUni>
<fvTenant name="silverTenant1">
<vnsLDevVip name="silverTenant1_clus1">
<vnsCDev name="SDX-A_VPX-1" devCtxLbl="C1">
<vnsCIf name="LA_1">
<vnsRsCIfPathAtt tDn="topology/pod-1/paths-101-102/
pathep-[SDX-A_VPC-PG]"/>
</vnsCIf>
<vnsCMgmt name="devMgmt"host="192.168.114.111" port="80/>
<vnsCCred name="username" value="nsroot"/>
<vnsCCredSecret name="password" value="nsroot"/>
</vnsCDev>
<vnsCDev name="SDX-B_VPX-1" devCtxLbl="C1">
<vnsCIf name="LA_1">
<vnsRsCIfPathAtt tDn="topology/pod-1/paths-101-102/
pathep-[SDX-B_VPC-PG]"/>
</vnsCIf>
<vnsCMgmt name="devMgmt" host="192.168.114.112" port="80"/>
<vnsCCred name="username" value="nsroot"/>
<vnsCCredSecret name="password" value="nsroot"/>
<vnsDevFolder key="HighAvailability" name="HA_1">
<vnsDevParam key="snip" name="snip_1"
value="192.168.114.110"/>
<vnsDevParam key="netmask" name="nm_1"
value="255.255.255.0"/>
</vnsDevFolder>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

4-11

Chapter 4

Configuration Details

Configuring ACI and NetScaler for a SharePoint Deployment

</vnsCDev>
</vnsLDevVip>
</fvTenant>
</polUni>

Creating an Application Profile

The Cisco ACI fabric is designed around instantiating network connectivity by means of configuration
profiles. These profiles, called Application Profiles, define the policies, services, and relationships
between endpoints in an endpoint group (EPG). The following steps construct an application profile
named Web1-AppProfile and an EPG named Web1-EPG. Subsequent procedures will set EPG L4-L7
Service Parameters for NetScaler services in the profile that will be applied to ACI traffic.

Using the APIC GUI to Create an Application Profile and EPG

Step 1

For the Silver Tenant, select Application Profiles from the Navigation Pane to begin profile
configuration. Under Application Profiles, click right and choose Create Application Profile.
Complete the fields in the dialog box to create the profile Web1-AppProfile.

Step 2

Under the profile Web1-AppProfile, select Application EPGs. Right click and choose Create
Application EPGs. Complete the fields in the dialog box to define the EPG named Web1-EPG. Refer
to the Cisco Intercloud Data Center ACI 1.0 Implementation Guide for APIC GUI specifics. The client
endpoints for Web1-EPG are defined.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

4-12

Design and Implementation Guide

Chapter 4

Configuration Details
Configuring ACI and NetScaler for a SharePoint Deployment

Using XML to Create an Application Profile and EPG

If configured manually via the APIC GUI, the entire process of defining an application profile, EPGs,
service graphs, and L4-L7 parameters can be time-consuming. For this reason many administrators
prefer to use XML files to automate the process. Appendix C, Configurations lists XML files that were
used to create service graphs and configure L4-L7 service parameters for this system solution.
The following excerpt from the file CreateServiceGraph_lb_http.xml creates the profile Web1-AppProfile and an EPG called Web1-EPG:
<!-- Application Profile -->
<fvAp dn="uni/tn-silverTenant1/ap-Web1-AppProfile" name="Web1-AppProfile">
<!-- EPG 1 -->
<fvAEPg dn="uni/tn-silverTenant1/ap-Web1-AppProfile/epg-Web1-EPG"
name="Web1-EPG">
<fvRsBd tnFvBDName="silverTenant1-BD1" />
<fvRsProv tnVzBrCPName="webCtrct1"></fvRsProv>
. . .

Appendix C, Configurations lists the entire contents of this XML file.

Creating APIC Service Graphs for NetScaler Services

Service graphs in APIC represent the network services that NetScaler instances apply to traffic on the
ACI fabric. As shown in Figure 4-4, single service graph can combine multiple function nodes to
compose a network service. Application requirements (in this case SharePoint requirements) dictate
what NetScaler function nodes the service graphs should contain.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

4-13

Chapter 4

Configuration Details

Configuring ACI and NetScaler for a SharePoint Deployment

Consumer

Consumer

Service Graphs Contain Function Nodes Representing Network Services

Function Node
Load Balance

Function Node
Content Switching

Function Node
Load Balancer

Provider

Provider

298798

Figure 4-4

The procedures in this section define service graphs that are applied to general load-balanced traffic on
the ACI fabric as well as service graphs that are applied to SharePoint traffic. Service graphs for general
traffic include network services for Load Balancing (LB1) and SSL Offloading (SSL1). These service
graphs configure NetScaler instances to process non-SharePoint traffic on the fabric.
Additional service graphs support application requirements specific to SharePoint: Content Switching
and SSL Offloading for SharePoint web traffic, Content Switching for database traffic, Application
Firewall, and Global Server Load Balancing.
Procedures for creating service graphs are documented in the Cisco Intercloud Data Center ACI 1.0
Implementation Guide, Chapter 9 (Service Graph Configuration). There are multiple ways to build out
service graphs. In this system solution, the administrator used the following approaches:

Create a service graph template, which creates a service graph, and then later on set L4-L7 service
parameters for the graph.

Create the service graph template, specifying parameters during the creation process. Its possible
to edit L4-L7 service parameters in the process of creating the template.

For most of the NetScaler network services defined for this system solution, the first approach the
two-step process of building the graph from a template and subsequently setting parameterswas the
technique used. Some of the XML files for this system solution create a service graph and set parameters
at the same time.

Using the APIC GUI to Create Service Graphs

The following procedure creates service graphs.
Step 1

On the navigation pane, click on L4-L7 Services > Service Graph Templates. Click right and select
Create L4-L7 Service Graph Template. A dialog box appears to create the template. (Refer to the
video Cisco APICCreating an L4-L7 Service Graph Template and the Cisco APIC Layer 4 to Layer 7
Services Deployment Guide.)

Step 2

Complete the dialog to define the template. Enter the template name (WebGraph) and the type (e.g.,
Single NodeADC in Two-Arm Mode) from the drop-down list. In the ADC window, select the device
function Citrix-NetScaler-1.0\LoadBalancing from the drop-down list. (APIC knows about NetScaler
devices and device functions from the device package that was previously imported.) Choose the
function profile from the drop-down list and click Submit. Below, the created template WebGraph (in
Web1-EPG) defines a load balancer in two-arm mode configured between a Provider and Consumer.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

4-14

Design and Implementation Guide

Chapter 4

Configuration Details
Configuring ACI and NetScaler for a SharePoint Deployment

Step 3

Creating the template also creates a corresponding service graph. The topology graph for Load
Balancing is shown below.

Step 4

Repeat Steps 1 to 3 to create templates and service graphs for other NetScaler services. This system
solution constructed the following templates and service graphs, as shown:

SSL Offloading (WebGraph_ssl)

Content Switching (WebGraph_cs_ssl and WebGraph_cs_ssl_2)

Database Content Switching (WebGraph_CS_DB and WebGraph_ CS_DB _2)

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

4-15

Chapter 4

Configuration Details

Configuring ACI and NetScaler for a SharePoint Deployment

Application Firewall Switching (WebGraph_CS_AppFW_1)

Global Server Load Balancing (WebGraph_ CS_GSLB_ 1 and WebGraph_ CS_GSLB_ ADNS)

Using XML to Configure Service Graphs for Generic LB Traffic

XML files can be used to create service graphs in a similar fashion. As an example, the following XML
file creates an instance of the service graph WebGraph that performs load balancing for generic traffic
on the ACI fabric.
<! CreateServiceGraph_lb_http.xml -->
<! Configures a Service Graph for LoadBalancing of fabric traffic -->
<polUni>
<fvTenant name="silverTenant1">
<vnsAbsGraph name="WebGraph">
<vnsAbsTermNodeProv name="Input1">
<vnsAbsTermConn name="C1">
</vnsAbsTermConn>
</vnsAbsTermNodeProv>
<!-- LB1 Provides LoadBalancing functionality -->
<vnsAbsNode name="LB1" funcType="GoTo">
<vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraphWebGraph/AbsTermNodeProv-Input1/outtmnl"/>
<vnsAbsFuncConn name="outside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncLoadBalancing/mConn-external" />
</vnsAbsFuncConn>
<vnsAbsFuncConn name="inside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncLoadBalancing/mConn-internal" />
</vnsAbsFuncConn>
<vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncLoadBalancing" />

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

4-16

Design and Implementation Guide

Chapter 4

Configuration Details
Configuring ACI and NetScaler for a SharePoint Deployment

</vnsAbsNode>
<vnsAbsTermNodeCon name="Output1">
<vnsAbsTermConn name="C6">
</vnsAbsTermConn>
</vnsAbsTermNodeCon>
<vnsAbsConnection name="CON1" adjType="L3">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph/AbsTermNodeCon-Output1/AbsTConn"/>
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph/AbsNode-LB1/AbsFConn-outside"/>
</vnsAbsConnection>
<vnsAbsConnection name="CON2">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph/AbsNode-LB1/AbsFConn-inside"/>
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph/AbsTermNodeProv-Input1/AbsTConn"/>
</vnsAbsConnection>
</vnsAbsGraph>
</fvTenant>
</polUni>

Appendix C, Configurations contains the XML file CreateServiceGraph_lb_ssl.xml that creates an

instance of the service graph WebGraph_ssl for SSL Offloading of traffic on the ACI fabric.

Using XML to Create Service Graphs for SharePoint Traffic

NetScaler uses Content Switching to apply network services to SharePoint traffic on the ACI fabric. The
XML file CreateServiceGraph_SP_cs_ssl_1.xml, for example, configures a service graph for Content
Switching of SharePoint web traffic.
<! CreateServiceGraph_SP_cs_ssl_1.xml -->
<! Configures Service Graph for CS and SSL of SharePoint web traffic -->
<polUni>
<fvTenant name="silverTenant1">
<vnsAbsGraph name="WebGraph_cs_ssl">
<vnsAbsTermNodeProv name="Input1">
<vnsAbsTermConn name="C1">
</vnsAbsTermConn>
</vnsAbsTermNodeProv>
<!-- CS_SSL_1 Provides CS and SSL Offload functionality -->
<vnsAbsNode name="CS_SSL_1" funcType="GoTo">
<vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl/AbsTermNodeProv-Input1/outtmnl"/>
<vnsAbsFuncConn name="outside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler1.0/mFunc-ContentSwitching/mConn-external" />
</vnsAbsFuncConn>
<vnsAbsFuncConn name="inside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler1.0/mFunc-ContentSwitching/mConn-internal" />
</vnsAbsFuncConn>
<vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler1.0/mFunc-ContentSwitching"/>
</vnsAbsNode>
<vnsAbsTermNodeCon name="Output1">
<vnsAbsTermConn name="C6">
</vnsAbsTermConn>
</vnsAbsTermNodeCon>
<vnsAbsConnection name="CON1" adjType="L3">

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

4-17

Chapter 4

Configuration Details

Configuring ACI and NetScaler for a SharePoint Deployment

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl/AbsTermNodeCon-Output1/AbsTConn"/>
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl/AbsNode-CS_SSL_1/AbsFConn-outside"/>
</vnsAbsConnection>
<vnsAbsConnection name="CON2">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl/AbsNode-CS_SSL_1/AbsFConn-inside"/>
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl/AbsTermNodeProv-Input1/AbsTConn"/>
</vnsAbsConnection>
</vnsAbsGraph>
</fvTenant>
</polUni>

Appendix C, Configurations contains additional XML files that configure NetScaler service graphs
for SharePoint traffic.

Note

CreateServiceGraph_SP_cs_ssl_2.xmlCreates a service graph WebGraph_cs_ssl_2 for Content

Switching and SSL Offloading of SharePoint traffic

CreateServiceGraphWithParams_SP_cs_DB_1.xml and
CreateServiceGraphWithParams_SP_cs_DB_2.xmlThese files create service graphs
(WebGraph_CS_DB and WebGraph_CS_DB_2) as well as configure L4-L7 service parameters for
Content Switching for Database (Microsoft SQL Server 2012). Configuring Content Switching for
Database is a two-step process that requires two files. The second file configures additional settings
(such as defining a user) for Database processing.

CreateServiceGraphWithParams_AppFW.xmlCreates a service graph

WebGraph_CS_AppFW_1 for application firewall. In addition, this file configures L4-L7 service
parameters for application firewall.

CreateServiceGraphWithParams_SP_GSLB_1.xml and
CreateServiceGraphWithParams_SP_GSLB_2.xmlThese files create service graphs
(WebGraph_CS_GSLB_1) and set L4-L7 parameters for Global Server Load Balancing.
Configuring GSLB is a two-step process that requires two files. The second file configures
additional settings for GSLB.

Some NetScaler service functions above (such as Content Switching with SSL Offloading, Database,
and GSLB) require multiple XML files to configure the service. This is sometimes necessary so that
APIC can properly sequence certain parameter settings or operations.

Configuring Application Profile L4-L7 Service Parameters for NetScaler

Instances
The following procedure configures L4-L7 service parameters for the service graphs previously created.
The service parameters are specified in service graphs that will eventually be deployed to the NetScaler
instances to configure them to manage ACI traffic.
APIC uses L4-L7 service parameters to configure the NetScaler instances accordingly. Note that APIC
permits the configuration of L4-L7 service parameters at multiple levels, (Figure 4-5). For the NetScaler
service graphs, parameters are set at the EPG level for the application profile.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

4-18

Design and Implementation Guide

Chapter 4

Configuration Details
Configuring ACI and NetScaler for a SharePoint Deployment

Figure 4-5

L4-L7 Service Parameters Set at EPG Level for NetScaler Service Graphs

Using the APIC GUI to Configure L4-L7 Service Parameters for Generic LB Traffic
Step 1

In the navigation pane under the application profile, press + to expand the EPG Web1-EPG and select
L4-L7 Service Parameters. Right click and choose Create L4-L7 Service Parameters. Click on the
edit icon to configure the L4-L7 service parameters. Specify the service graph to be created and the
function node name (e.g., Load Balancing). Specify parameters under Config Device and Config
Function. (Refer to the Cisco Intercloud Data Center ACI 1.0 Implementation Guide for APIC GUI
specifics and detailed instructions.) For generic load balancing (HTTP, TCP, and DNS), L4-L7 service
parameters are configured for the service graph WebGraph.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

4-19

Chapter 4

Configuration Details

Configuring ACI and NetScaler for a SharePoint Deployment

Step 2

Repeat the process to configure L4-L7 service parameters for generic SSL offloading. The configured
parameters for the service graph WebGraph_ssl are shown.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

4-20

Design and Implementation Guide

Chapter 4

Configuration Details
Configuring ACI and NetScaler for a SharePoint Deployment

Using XML to Configure L4-L7 Service Parameters for Generic LB Traffic

An administrator can also configure application profile L4-L7 service parameters using XML. As an
example, the file CreateServiceGraph_lb_http.xml creates a service graph WebGraph and configures
L4-L7 service parameters in the graph. As the following excerpts show, the file specifies parameters for
load balancing of HTTP, SSL, TCP, and DNS traffic:
<!-- excerpts from CreateServiceGraph_lb_http.xml -->
<fvAp dn="uni/tn-silverTenant1/ap-Web1-AppProfile" name="Web1-AppProfile">
<!-- EPG 1 -->
<fvAEPg dn="uni/tn-silverTenant1/ap-Web1-AppProfile/epg-Web1-EPG"
name="Web1-EPG">
<fvRsBd tnFvBDName="silverTenant1-BD1" />
<fvRsProv tnVzBrCPName="webCtrct1"></fvRsProv>
. . .
<!this section gives settings for LB -->
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver" name="vip-tg-101">
<vnsParamInst name="name" key="name" value="vip-tg-101"/>
<vnsParamInst name="ipv46" key="ipv46" value="101.16.1.101"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="port" key="port" value="80"/>
<vnsParamInst name="clttimeout" key="clttimeout" value="200"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding" name="service-tg-01">
<vnsCfgRelInst key="servicename" name="service-tg-01"
targetName="service-tg-01"/>
</vnsFolderInst>
. . .
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver" name="vip-tg-103">
<vnsParamInst name="name" key="name" value="vip-tg-103"/>
<vnsParamInst name="ipv46" key="ipv46" value="101.16.1.103"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
<vnsParamInst name="clttimeout" key="clttimeout" value="200"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding" name="service-tg-21">
<vnsCfgRelInst key="servicename" name="service-tg-21" targetName="servicetg-21"/>
</vnsFolderInst>
. . .
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver" name="vip-tg-105">
<vnsParamInst name="name" key="name" value="vip-tg-105"/>
<vnsParamInst name="ipv46" key="ipv46" value="101.16.1.105"/>
<vnsParamInst name="servicetype" key="servicetype" value="TCP"/>
<vnsParamInst name="port" key="port" value="8080"/>
<vnsParamInst name="clttimeout" key="clttimeout" value="200"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding" name="service-tg-41">
<vnsCfgRelInst key="servicename" name="service-tg-41" targetName="servicetg-41"/>
</vnsFolderInst>
. . .
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver" name="vip-tg-107">
<vnsParamInst name="name" key="name" value="vip-tg-107"/>
<vnsParamInst name="ipv46" key="ipv46" value="101.16.1.107"/>
<vnsParamInst name="servicetype" key="servicetype" value="DNS"/>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

4-21

Chapter 4

Configuration Details

Configuring ACI and NetScaler for a SharePoint Deployment

<vnsParamInst name="port" key="port" value="53"/>

<vnsParamInst name="clttimeout" key="clttimeout" value="200"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding" name="service-tg-61">
<vnsCfgRelInst key="servicename" name="service-tg-61" targetName="servicetg-61"/>
</vnsFolderInst>
. . .

Appendix C, Configurations contains the complete XML listing. It also includes the XML file CreateServiceGraph_lb_ssl.xml. This file creates the service graph WebGraph_ssl and configures L4-L7
service parameters for the graph. In the following excerpt, the service graph is configured to apply SSL
Offloading to web traffic:
<!-- excerpt from CreateServiceGraph_lb_ssl.xml -->
<fvAp dn="uni/tn-silverTenant1/ap-Web1-AppProfile" name="Web1-AppProfile">
<!-- EPG 1 -->
<fvAEPg dn="uni/tn-silverTenant1/ap-Web1-AppProfile/epg-Web1-EPG"
name="Web1-EPG">
<fvRsBd tnFvBDName="silverTenant1-BD1" />
<fvRsProv tnVzBrCPName="webCtrct1"></fvRsProv>
. . .
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver" name="vip-tg-104_lb">
<vnsParamInst name="name" key="name" value="vip-tg-104"/>
<vnsParamInst name="ipv46" key="ipv46" value="101.16.1.104"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding" name="service-tg-31">
<vnsCfgRelInst key="servicename" name="service-tg-31"
targetName="service-tg-31"/>
</vnsFolderInst>
. . .

Using the APIC GUI to Configure L4-L7 Service Parameters for SharePoint Traffic
Perform the following procedure to configure L4-L7 service parameters for SharePoint traffic.
Step 1

Repeat the APIC GUI steps to configure the profile and EPG L4-L7 service parameters for graphs that
will be applied to SharePoint traffic. In the navigation pane, press + to expand EPG Web1-EPG and
select L4-L7 Service Parameters. Right click and choose Create L4-L7 Service Parameters.

Step 2

Click on the edit icon to configure the L4-L7 service parameters and create the service graph
WebGraph_cs_ssl for Content Switching.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

4-22

Design and Implementation Guide

Chapter 4

Configuration Details
Configuring ACI and NetScaler for a SharePoint Deployment

Step 3

Repeat the steps to configure L4-L7 service parameters and create the service graph
WebGraph_cs_ssl_2 for the combination of Content Switching with SSL Offloading. Configuring
Content Switching with SSL Offloading is a two-step process.

Step 4

Click on the edit icon to configure the L4-L7 service parameters and create the service graph
WebGraph_CS_DB for Database Content Switching. Repeat the process to create the service graph
WebGraph_CS_DB_2 for Database Content Switching, Configuring Database Content Switching is a
two-step process.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

4-23

Chapter 4

Configuration Details

Configuring ACI and NetScaler for a SharePoint Deployment

Step 5

Before configuring and applying L4-L7 parameters to NetScaler instances to provide Application
Firewall (AppFW) protection against known SharePoint attack vectors, it is necessary to configure
NetScaler instances out-of-band with a SharePoint signature file. Using a Citrix account, obtain the
signature file for the NetScaler 10.5 release (sig-r10.5b0v8s5.xml) from the site:
https://www.citrix.com/downloads/netscaler-adc/components/application-signature-protection-for-appl
ication-firewall.html. (For this system solution, the file was customized and renamed
mssharepoint.xml.)

Step 6

Use the NetScaler command line interface on the management plane to import the mssharepoint.xml
signature file from a web server:
import appfw signatures http://10.1.1.101/mssharepoint/mssharepoint.xml
mssharepoint

Step 7

After the signature file has been imported out-of-band, configure L4-L7 service parameters for a service
graph that applies AppFW services to SharePoint traffic. Click on the edit icon to configure the L4-L7
service parameters and create the service graph WebGraph_CS_AppFW_1 for Application Firewall.

Step 8

Under L4-L7 Service Parameters, right click and choose Create L4-L7 Service Parameters. Click on
the edit icon to configure L4-L7 service parameters for GSLB and GSLB_ADNS. Create the service
graphs WebGraph_CS_GSLB_1 and WebGraph_CS_GSLB_ADNS for GSLB and GSLB_adns
repectively. Configuring GSLB is a two-step process.

Using XML to Configure L4-L7 Service Parameters for SharePoint Traffic

Included in Appendix C, Configurations, the file ConfigServiceGraphWithParams_SP_cs_ssl_1.xml
configures L4-L7 service parameters for Content Switching with SSL Offloading of SharePoint web
traffic. As the following excerpt shows, the file creates a service graph WebGraph_cs_ssl, defines the
CS VIP for SharePoint traffic, and specifies parameters for the CS policy and binding. Note how the file
also specifies parameters for the target load-balancing server (LB VIP). This is necessary since a CS VIP
redirects traffic to a LB VIP based on defined policy.
<!-- ConfigServiceGraphWithParams_SP_cs_ssl_1.xml -->
<!-- Configure L4-L7 parameters for CS of SharePoint -->
<polUni>
<fvTenant name="silverTenant1">
<fvAp dn="uni/tn-silverTenant1/ap-Web1-AppProfile" name="Web1-AppProfile">
<!-- EPG 1 -->
<fvAEPg dn="uni/tn-silverTenant1/ap-Web1-AppProfile/epg-Web1-EPG"
name="Web1-EPG">
<fvRsBd tnFvBDName="silverTenant1-BD1" />
<fvRsProv tnVzBrCPName="webCtrct1"></fvRsProv>
. . .
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="csvserver" name="vip-CS_SP2013" >
<vnsParamInst name="name" key="name" value="vip-CS_SP2013"/>
<vnsParamInst name="ipv46" key="ipv46" value="101.16.1.121"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"
key="csvserver_cspolicy_binding" name="cspolbind1">
<vnsCfgRelInst key="policyname" name="poll1"
targetName="csPolicy/cspol1"/>
<vnsParamInst name="targetlbvserver" key="targetlbvserver"
value="vip-LB-sp2013-1"/>
</vnsFolderInst>
. . .

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

4-24

Design and Implementation Guide

Chapter 4

Configuration Details
Configuring ACI and NetScaler for a SharePoint Deployment

Appendix C, Configurations includes other XML files that configure L4-L7 service parameters for
service graphs that will be deployed to NetScaler instances to manage SharePoint traffic:

Note

ConfigServiceGraphWithParams_SP_cs_ssl_2.xmlConfigures additional L4-L7 service

parameters for Content Switching with SSL Offloading of SharePoint web traffic. Configuring
Content Switching with SSL Offloading is a two-step process.

CreateServiceGraphWithParams_SP_cs_DB_1.xml and
CreateServiceGraphWithParams_SP_cs_DB_2.xmlThese files create service graphs as well as
configure L4-L7 service parameters for Content Switching for Database (Microsoft SQL Server
2012). Configuring Content Switching for Database is a two-step process that requires two files.

CreateServiceGraphWithParams_AppFW.xml This file creates a service graph as well as

configures L4-L7 service parameters for AppFW functions applied to SharePoint web traffic. Note
that the AppFW service requires the import of the SharePoint signature file, as described in the
APIC GUI steps above.

ConfigServiceGraph_SP_cs_ssl_1_withAppFW-policy.xmlThis file configures L4-L7

parameters for CS with SSL for AppFW of SharePoint traffic. It also configures AppFW policy.

CreateServiceGraphWithParams_SP_GSLB_1.xml and
CreateServiceGraphWithParams_SP_GSLB_2.xmlThese files create service graphs as well as
configure L4-L7 service parameters for GSLB_adns and GSLB. Configuring GSLB is a two-step
process.

ConfigParameters_SP_GSLB_DynamicProx.xml,
ConfigParameters_SP_GSLB_StaticProx.xml,
ConfigParameters_SP_GSLB_LeastConn.xmlThese files configure L4-L7 service parameters,
specifically the distribution algorithm for GSLB.

Some NetScaler service functions above (such as Content Switching with SSL Offloading, Database,
and GSLB) require multiple XML files to configure service graph parameters. This is necessary so that
APIC can set parameters properly in a sequence of operations.

Configuring a Contract
A contract contains all of the filters that will be applied between provider and consumer endpoint groups
(EPGs). It restricts the protocols and ports on which a provider and consumer are allowed to communicate, enabling access control for greater security.

Using the APIC GUI to Create a Contract

Step 1

In the Navigation pane, expand the tenant for which you want to configure a contract. Under Security
Policies, select Contracts. Click right and choose Create Contract. In this system solution, the
administrator creates a contract called webCtrct1.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

4-25

Chapter 4

Configuration Details

Configuring ACI and NetScaler for a SharePoint Deployment

Step 2

Select the contract webCtrct1 in the Navigation pane, and click + to expand the contract and view the
list of contract subjects.

Step 3

Select the contract subject http. Under Filters, click + to create a filter acl_lb_generic for the contract
subject http. Complete the fields in the Create Filter dialog box that appears.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

4-26

Design and Implementation Guide

Chapter 4

Configuration Details
Configuring ACI and NetScaler for a SharePoint Deployment

Step 4

Select the contract subject CS_SSL_1. Under Filters, click + to create a filter acl_cs_sharepoint.

Step 5

Select each of contract subjects and assign the appropriate filter to each. Assign the filter acl_lb_generic
for the contract subjects that perform load balancing of generic traffic (http and https). Assign the filter
acl_cs_sharepoint to CS_SSL_1 (as shown below) and to the other contract subjects that process
SharePoint traffic (CS_AppFW1, CS_DB_1, CS_DB_2, CS_SSL_2, GSLB_1, and GSLB_ADNS).

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

4-27

Chapter 4

Configuration Details

Configuring ACI and NetScaler for a SharePoint Deployment

Using XML to Create a Contract

The following XML file assigns the filter acl_lb_generic to the contract webCtrct1 for generic web
traffic (incoming and outgoing HTTP traffic on port 80):
<! CreateContract_lb_http.xml -->
<! Configures a contract for LB traffic -->
<polUni>
<fvTenant dn="uni/tn-silverTenant1" name="silverTenant1">
<vzFilter name="HttpIn">
<vzEntry name="e1" prot="6" dFromPort="80" dToPort="80" etherT="ip"/>
</vzFilter>
<vzFilter name="HttpOut">
<vzEntry name="e1" prot="6" dFromPort="80" etherT="ip"/>
</vzFilter>
<vzFilter name="acl_lb_generic">
<vzEntry name="e1"/>
</vzFilter>
<vzBrCP name="webCtrct1" scope="global">
<vzSubj name="http">
<vzRsSubjFiltAtt tnVzFilterName="acl_lb_generic"/>
</vzSubj>
</vzBrCP>
</fvTenant>
</polUni>

Appendix C, Configurations lists the XML file CreateContract_lb_ssl.xml that assigns the filter
acl_lb_generic to the contract webCtrct1 for HTTPS traffic. (In this system solution, the administrator
used the APIC GUI to create the filter acl_cs_sharepoint and assign to SharePoint traffic.)

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

4-28

Design and Implementation Guide

Chapter 4

Configuration Details
Configuring ACI and NetScaler for a SharePoint Deployment

Deploying Service Graphs

Once all the parameters are configured, the NetScaler service graphs can be deployed. Attaching the
service graphs to the contract causes APIC to deploy them. In this way APIC applies the configuration
to the NetScaler VPX instances.
This section provides procedures to deploy service graphs using the APIC GUI and using XML files.

Using the APIC GUI to Deploy Service Graphs

Perform the following procedure to deploy service graphs using the APIC GUI.
Step 1

Under the Silver Tenants Security Policies, expand Contracts. Select the contract to attach to a service
graph. Select the subject, which is the service graph to be deployed to the NetScaler instances. Repeat
this process for each of the NetScaler service graphs to attach them to the contract. When complete, click
Submit to deploy the service graph configurations to the NetScaler instances.

Step 2

Select Deployed Graph Instances in the navigation pane. After graphs are deployed successfully,
corresponding entries should appear.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

4-29

Chapter 4

Configuration Details

Configuring ACI and NetScaler for a SharePoint Deployment

Step 3

Select Deployed Devices in the navigation pane. The device configuration is displayed, as shown.

Using XML to Deploy Service Graphs

The following XML files are used to deploy service graphs that perform load balancing on HTTP traffic
and SSL offloading on HTTP traffic, respectively.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

4-30

Design and Implementation Guide

Chapter 4

Configuration Details
Configuring ACI and NetScaler for a SharePoint Deployment

This XML file (AttachGraphToContract_lb_http.xml) deploys a service graph called WebGraph

that performs load balancing on HTTP traffic:
<! AttachGraphToContract_lb_http.xml -->
<! Attaches LB service graph to contract -->
<polUni>
<fvTenant name="silverTenant1">
<vzBrCP name="webCtrct1">
<vzSubj name="http">
<vzRsSubjGraphAtt tnVnsAbsGraphName="WebGraph"/>
</vzSubj>
</vzBrCP>
</fvTenant>
</polUni>

This XML file (AttachGraphToContract_lb_ssl.xml) deploys a service graph called WebGraph_ssl

that performs SSL offloading on HTTP traffic:
<! AttachGraphToContract_lb_ssl.xml -->
<! Attaches SSL service graph to contract -->
<polUni>
<fvTenant name="silverTenant1">
<vzBrCP name="webCtrct1">
<vzSubj name="http">
<vzRsSubjGraphAtt tnVnsAbsGraphName="WebGraph_ssl"/>
</vzSubj>
</vzBrCP>
</fvTenant>
</polUni>

Viewing Service Graphs Deployed to NetScaler

After the graphs are deployed to NetScaler instances, an administrator can see corresponding topology
views. In the Deployed Graph Instances pane, click on each service graph listed to see the service
graph topology. Figure 4-6 shows the topology for the Content Switching service (CS_SSL_1). Based
on the configuration represented by this graph, the NetScaler instance will apply Content Switching to
SharePoint traffic.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

4-31

Chapter 4

Configuration Details

Configuring ACI and NetScaler for a SharePoint Deployment

Figure 4-6

Control Switching Service Topology

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

4-32

Design and Implementation Guide

CH A P T E R

Validating the Configuration

Citrix and Cisco test engineers collaborated to build out a sample test deployment for SharePoint Server
2013 using the topology and configuration procedures described in earlier sections. This test deployment
simulates a large enterprise-level deployment characterized by full redundancy for each data center
component.
A number of test cases were defined and executed to validate the integration of NetScaler technology
into the ACI fabric and in particular, the use of APIC to apply NetScaler network services to manage
fabric traffic. This section describes the test cases and how NetScaler capabilities were verified in the
test environment.

Verifying the Configuration

The first set of test cases validated the successful integration of NetScaler into the ACI fabric and the
use of APIC to define NetScaler configurations. Several test cases were run to verify NetScaler
compatibility and configuration, including:

Compatibility tests. The following compatibility tests executed successfully without displaying any
errors or warning messages.
Using APIC to import NetScaler device package
Using APIC to create 4 device clusters for NetScaler instances
Using APIC: delete 4 device clusters for NetScaler instances
Using APIC: re-create 2 device clusters for NetScaler instances

Configuration tests. The following configuration tests executed successfully. All settings were
pushed to the NetScaler VPX instance as expected and the appropriate services and virtual IPs
(VIPs) were available.
Using APIC to configure L2/L3 settings for a NetScaler VPX instance.
Using APIC to configure LB settings for a NetScaler VPX instance.
Using APIC to configure CS settings for a NetScaler VPX instance.
Using APIC to configure AppFW settings for a NetScaler VPX instance.
Using APIC to configure GSLB settings for a NetScaler VPX instance in a data center.

Figure 5-1 shows the APIC dashboard for the system solution configuration. The dashboard summarizes
configuration health, helping to confirm (in addition to the traffic flow tests) that the NetScaler VPX
instances have been deployed and configured successfully.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

5-1

Chapter 5

Validating the Configuration

Verifying the Configuration

Figure 5-1

Control Switching Service Topology

Validating Traffic Flows with NetScaler

The following sections describe validating traffic flows with NetScaler:

Validating General Traffic Flows with NetScaler

Additional tests verified the ability of a NetScaler instance to perform traffic management for general
traffic on the ACI fabric. All ACI traffic (HTTP/TCP on port 80; SSL/TCP on port on port 443;
TCP/TCP on port 8080; and DNS/UDP on port 53) is subject to Load Balancing and SSL Offloading.
Tests were run to validate these traffic flows:

Load Balancing. HTTP, TCP, DNS traffic was processed using the Load Balancing VIPs configured
for the NetScaler instance.

SSL Offloading. SSL traffic was directed to LB VIPs to accelerate SSL Offloading in NetScaler
SDX hardware.

Validating SharePoint Traffic Flows with NetScaler

To validate that SharePoint traffic flows through the NetScaler VPX instances securely and correctly,
the SharePoint server farm was configured with two SharePoint sites, Engineering and Marketing, to
simulate a large enterprise organization. In this way, it was possible to examine how NetScaler applied
Content Switching policies to direct SharePoint client requests as well to SQL database requests. Based
on the specified URL in the request (for example, https://sp2013.test.ctx/sites/Eng/ or
https://sp2013.test.ctx/sites/Mkt/), the NetScaler VPX instance directed the request to the Load
Balancing VIP bound to the Content Switching VIP.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

5-2

Design and Implementation Guide

Chapter 5

Validating the Configuration

Verifying the Configuration

Figure 5-2 and Figure 5-3 shows Content Switching functionality across the two SharePoint sites. Each
site was accessed by different users, user aaa and bbb, respectively. The user login authentication
occurred on the SharePoint server that received the user request.
Figure 5-2

Content Switching Across Two SharePoint Sites, User AAA

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

5-3

Chapter 5

Validating the Configuration

Verifying the Configuration

Figure 5-3

Content Switching Across Two SharePoint Sites, User BBB

Validating Microsoft SQL Server Flows with NetScaler

The test environment configures NetScaler instances to manage traffic for Microsoft SQL Server 2012
cluster. NetScaler performs Content Switching for database requests as well as load balancing. Since
there are multiple secondary databases in an AlwaysON Availability Group, the NetScaler LB VIP
distributes database read traffic based on the defined load-balancing algorithm. These test cases
validated traffic flows for database requests:

Microsoft SQL Server Load BalancingAs expected, the NetScaler instance directed database
requests to the Content Switching virtual server (vserver) for load balancing.

Microsoft SQL Server Content Switching for Read/Write SplitFor an SQL query that writes
to the database, the NetScaler instance directs it to the LB VIP that routes it to the appropriate
primary database. For read operations, the query is sent to the LB VIP that routes it to a secondary
replica database.

Intelligent Monitoring for Microsoft SQL Server Health CheckNative MS-SQL monitors
configured in the NetScaler instance query a particular field in a database table to determine which
node is the current secondary. The monitor probe queries the database for the secondary replica and
marks the primary replica service as down in the NetScaler instance.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

5-4

Design and Implementation Guide

Chapter 5

Validating the Configuration

Verifying the Configuration

Validating AppFW Functionality with NetScaler

As a part of the NetScaler configuration process, an administrator should import the Microsoft
SharePoint signature file prior to configuring the AppFW service graph and parameters. Using a Citrix
account, the administrator can download a signature file from the site:
https://www.citrix.com/downloads/netscaler-adc/components/application-signature-protection-for-appl
ication-firewall.html. For this system solution, the signature file for the NetScaler 10.5 release
(sig-r10.5b0v8s5.xml) was downloaded and customized.
The following test cases validate the successful configuration of AppFW functionality:

AppFW blocks the sites that are not specified in the startURL. In the test environment, access is
permitted to two SharePoint sites only: https://sp2013.test.ctx/sites/Eng and
https://sp2013.test.ctx/sites/Mkt. Access to https://sp2013.test.ctx/sites/Financial, however, is
blocked.

AppFW blocks SQL injection attacks. The NetScaler instance successfully blocks access to a site
that attempts to inject SQL queries, such as the URL:
https://sp2013.test.ctx/sites/Eng/SitePages/Home.aspx?select;

AppFW blocks XSS (Cross-Site-Scripting) attacks. In this test case the NetScaler instance
successfully blocks XSS attacks. NetScaler blocked access to this URL:
https://sp2013.test.ctx/sites/test/_layouts/15/start.aspx#/SitePages/Home.aspx?<script>.

AppFW blocks Denial of Service (DoS) vulnerability in MS SharePoint. In this test case, NetScaler
blocked access for a known XSS attack when accessing this URL:
https://sp2013.test.ctx/sites/test/_layouts/15/start.aspx#/SitePages/Home.aspx?NNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNN.

Validating Solution High Availability and Failover

The topology for this system solution provides redundancy and failover for NetScaler VPX instances,
NetScaler SDX appliances, fabric nodes, and APIC servers. In addition to redundancy and failover
features in the tested solution, an enterprise SharePoint deployment should include monitoring to foster
high service levels. In NetScaler deployments, SNMP and syslog monitoring are usually performed
out-of-band to detect and proactively resolve problems. These methods can be used in-band through the
ACI fabric as well.

NetScaler VPX Instance Failover

NetScaler VPX instances are configured in an HA device cluster in Active-Standby mode. (NetScaler
Active-Active configuration is not yet supported because Dynamic Routing is required, which is
forthcoming in a future Cisco ACI software release.)
To validate the HA configuration and failover of NetScaler VPX instances, an administrator forced a
failover scenario by entering force failover force to the Primary NetScaler VPX instance. The process
was repeated to force a failover again on the Primary HA node. Immediately after each forced failover,
traffic was directed and processed by the new Primary HA node as expected.
In addition to failover testing, administrators added and removed VPX instances on the NetScaler SDX
appliance. Other instances were not impacted and continued to manage traffic on the fabric.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

5-5

Chapter 5

Validating the Configuration

Verifying the Configuration

NetScaler SDX Appliance Failover

An additional test case was performed to validate failover in the event of an unavailable NetScaler SDX
appliance. In particular, the test case validated continued operation after a simulated failure of the
appliance hosting the HA Primary NetScaler VPX instance. For this test case, APIC configured the HA
device cluster in Active-Standby. When the SDX unit with the primary instance was made unavailable,
the standby HA instance on the other unit became the Primary HA node. Traffic management continued
as expected.

Fabric and APIC Failover Scenarios

For this system solution, a number of failover scenarios were validated to demonstrate SharePoint
application continuity. The following failover scenarios were successfully validated in testing the system
solution environment within a single data center:

Single link in LACP channel failure. Fabric traffic continues to flow using all other physical links.

Single vPC leg failure. Fabric traffic continues to flow using the other vPC leg.

Single leaf failure. Fabric traffic flows using an alternate leaf.

Single spine failure. Fabric traffic continues to flow on the fabric using an alternate spine.

Single APIC failure. An alternate APIC server from the APIC cluster is still available. As expected,
fabric traffic continues to flow.

Configuring NetScaler GSLB for Multiple data centers

When configured for global server load balancing (GSLB, Figure 5-4), NetScaler appliances support
disaster recovery and enable continuous application availability, protecting against single points of
failure in a WAN deployment. GSLB enables intelligent load distribution, by directing client requests to
the closest or best performing data center, or to an available and online data center in the case of an
outage.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

5-6

Design and Implementation Guide

Chapter 5

Validating the Configuration

Verifying the Configuration

Figure 5-4

GSLB Across Two Data Centers

DNS
Server

Client_1

v91

v93

Internet

Core Catalyst 6509

Delay Injector

Silver Tenant
ASR 1000

Silver Tenant
ASR 1000
Client_2
Catalyst 4948

ACI
Fabric

VLANs ACI specified

(v235-v237)
(10.1.[1-3].0/24)

Web
VM

App
VM

SDX

SDX

v1101,
v101-v102

v1201,
v121-v122

dB
VM

Data Center 1

AD
VM

Web
VM

FI

v92
DNS
Server

App
VM

dB
VM

Data Center 2

AD
VM

v221-v223
(10.2.[1-3].0/24)

298789

FI

v92

When GSLB is configured, NetScaler appliances use the DNS infrastructure to connect client requests
to the data center that best meets the set distribution criteria. NetScaler devices keep track of the
location, performance, load, and availability of each data center and use these factors to select the data
center for the client request.
An ADNS service is a special kind of service that responds only to DNS requests for domains for which
the NetScaler appliance is authoritative. When an ADNS service is configured, the appliance owns that
IP address and advertises it. Upon receipt of a DNS request by an ADNS service, the appliance checks
for a GSLB virtual server bound to that domain. If a GSLB virtual server is bound, its queried for the
best IP address to which to send the DNS response. (Note: On a public DNS server, configure the IPs of
ADNS services from both data centers as authoritative DNS servers for the domain.)
NetScaler GSLB capabilities were implemented and tested for this system solution using the XML files
listed in Appendix C, Configurations.
After configuring GSLB in the system solution environment, this functionality was tested by simulating
a data center link failure. As expected, NetScaler successfully redirected traffic to the remaining
available data center. Various GSLB distribution scenarios were also configured and tested. For
example, NetScaler instances can distribute client load across data centers according to different
algorithms. This system solution successfully validated three GSLB distribution scenarios:

Dynamic ProximityA delay injector was used to simulate a data center with less proximity. The
NetScaler instance tracks Round Trip Time (RTT) and distributes load based on this value. Clients
connected only to the data center with the least RTT value.

Static ProximityBased on the VLANs, the NetScaler instance directs traffic to the closest data
center. In this way, clients connect to the data center in the same region.

Even DistributionThe NetScaler instance tracks the number of connections and distributes the
client request to the data center with the lowest number of connections. This method spreads out
load across configured data centers.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

5-7

Chapter 5

Validating the Configuration

Verifying the Configuration

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

5-8

Design and Implementation Guide

A P P E N D I X

Product List
The following system solution product list is available for reference:

Cisco Nexus 9508

Cisco Nexus 9396

Cisco: ACI 1.0 (2j)latest version compatible with Citrix NetScaler device model package

Cisco N20-6508 5108 UCS Blade Server Chassis

Cisco ASR 1004 series Aggregation Service Router

Cisco Application Policy Infrastructure Controller

Citrix NetScaler SDX 11542 appliance, NetScaler VPX 10.5-53.9, and NetScaler Device Package
10.5-54.2

Microsoft Windows Server 2012 R2 Standard Edition

Microsoft SharePoint Server 2013 Enterprise Edition

Microsoft SQL Server 2012 Enterprise Edition

Microsoft Windows 7 Enterprise Edition

VMware ESXi 5.1 with vCenter

Fedora Linux x64 (hosts for public DNS servers)

Ubuntu x64 (hosts Python interpreter for XML configuration files)

Spirent chassis - SPT-N11U

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

A-1

Appendix A

Product List

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

A-2

Design and Implementation Guide

A P P E N D I X

References
The following system solution documentation references are available for convenience:

Cisco ACI References

Intercloud Data Center ACI 1.0 Implementation Guide

Cisco Application Policy Infrastructure Controller (APIC)

At-a-Glance: Cisco Virtual Multiservice Data Center Validated Designs

Configuration Note: VMDC Architecture with Citrix NetScaler VPX and SDX

Service Insertion with Cisco Application Centric Infrastructure

Connecting Application Centric Infrastructure (ACI) to Outside Layer 2 and 3 Networks Guide

Cisco APIC Layer 4 to Layer 7 Services Deployment Guide

Citrix Reference

Implementing Cisco Application Centric Infrastructure with Citrix NetScaler Application Delivery
Controllers

Integrating Citrix NetScaler ADCs with Cisco Application Centric Infrastructure

Citrix NetScaler 10.5 Product Documentation

Citrix NetScaler SDX Hardware Installation

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

B-1

Appendix B

References

Citrix Reference

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

B-2

Design and Implementation Guide

A P P E N D I X

Configurations
The following system solution configuration sections provide configuration details for this design and
implementation validation:

NetScaler Instance Configuration Summary, page C-1

Automating APIC Configuration for SharePoint, page C-8

XML Files for Configuring NetScaler Instances, page C-9

NetScaler Instance Configuration Summary

The following NetScaler instance configuration summary provides the full configuration for the single
NetScaler instance SDX-A_VPX-1.
#===== SDX-A_VPX-1 ===========================================================
# set ns config -IPAddress 192.168.114.111 -netmask 255.255.255.0
#=============================================================================
enable ns feature WL SP LB CS SSL GSLB AppFw RESPONDER
enable ns mode FR Edge USNIP PMTUD
add vlan 101
add vlan 102
add
add
add
add
bind
bind
bind
bind

ns
ns
ns
ns

add
add
add
add
add
add
add
add
add
add
add

ip
ip
ip
ip

vlan
vlan
vlan
vlan

10.16.1.11 255.255.255.0 -vServer DISABLED

10.16.1.12 255.255.255.0 -vServer DISABLED
10.16.1.13 255.255.255.0 -vServer DISABLED
101.16.1.11 255.255.255.0 -vServer DISABLED

server
server
server
server
server
server
server
server
server
server
server

101
101
102
102

-ifnum LA/1 -tagged

-IPAddress 10.16.1.11 255.255.255.0
-ifnum LA/1 -tagged
-IPAddress 101.16.1.11 255.255.255.0

server-tg-01
server-tg-02
server-tg-03
server-tg-04
server-tg-05
server-tg-06
server-tg-07
server-tg-08
server-tg-09
server-tg-10
server-tg-11

10.16.2.1
10.16.2.2
10.16.2.3
10.16.2.4
10.16.2.5
10.16.2.6
10.16.2.7
10.16.2.8
10.16.2.9
10.16.2.10
10.16.2.11

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-1

Appendix C

Configurations

NetScaler Instance Configuration Summary

add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add

server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server

server-tg-12
server-tg-13
server-tg-14
server-tg-15
server-tg-16
server-tg-17
server-tg-18
server-tg-19
server-tg-20
server-tg-21
server-tg-22
server-tg-23
server-tg-24
server-tg-25
server-tg-26
server-tg-27
server-tg-28
server-tg-29
server-tg-30
server-tg-31
server-tg-32
server-tg-33
server-tg-34
server-tg-35
server-tg-36
server-tg-37
server-tg-38
server-tg-39
server-tg-40
server-tg-41
server-tg-42
server-tg-43
server-tg-44
server-tg-45
server-tg-46
server-tg-47
server-tg-48
server-tg-49
server-tg-50
server-tg-51
server-tg-52
server-tg-53
server-tg-54
server-tg-55
server-tg-56
server-tg-57
server-tg-58
server-tg-59
server-tg-60
server-tg-61
server-tg-62
server-tg-63
server-tg-64
server-tg-65
server-tg-66
server-tg-67
server-tg-68
server-tg-69
server-tg-70
server-tg-71
server-tg-72
server-tg-73
server-tg-74
server-tg-75

10.16.2.12
10.16.2.13
10.16.2.14
10.16.2.15
10.16.2.16
10.16.2.17
10.16.2.18
10.16.2.19
10.16.2.20
10.16.2.21
10.16.2.22
10.16.2.23
10.16.2.24
10.16.2.25
10.16.2.26
10.16.2.27
10.16.2.28
10.16.2.29
10.16.2.30
10.16.2.31
10.16.2.32
10.16.2.33
10.16.2.34
10.16.2.35
10.16.2.36
10.16.2.37
10.16.2.38
10.16.2.39
10.16.2.40
10.16.2.41
10.16.2.42
10.16.2.43
10.16.2.44
10.16.2.45
10.16.2.46
10.16.2.47
10.16.2.48
10.16.2.49
10.16.2.50
10.16.2.51
10.16.2.52
10.16.2.53
10.16.2.54
10.16.2.55
10.16.2.56
10.16.2.57
10.16.2.58
10.16.2.59
10.16.2.60
10.16.2.61
10.16.2.62
10.16.2.63
10.16.2.64
10.16.2.65
10.16.2.66
10.16.2.67
10.16.2.68
10.16.2.69
10.16.2.70
10.16.2.71
10.16.2.72
10.16.2.73
10.16.2.74
10.16.2.75

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-2

Design and Implementation Guide

Appendix C

Configurations
NetScaler Instance Configuration Summary

add
add
add
add
add

server
server
server
server
server

add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add

service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service

server-tg-76
server-tg-77
server-tg-78
server-tg-79
server-tg-80

10.16.2.76
10.16.2.77
10.16.2.78
10.16.2.79
10.16.2.80

service-tg-01
service-tg-02
service-tg-03
service-tg-04
service-tg-05
service-tg-06
service-tg-07
service-tg-08
service-tg-09
service-tg-10
service-tg-11
service-tg-12
service-tg-13
service-tg-14
service-tg-15
service-tg-16
service-tg-17
service-tg-18
service-tg-19
service-tg-20
service-tg-21
service-tg-22
service-tg-23
service-tg-24
service-tg-25
service-tg-26
service-tg-27
service-tg-28
service-tg-29
service-tg-30
service-tg-31
service-tg-32
service-tg-33
service-tg-34
service-tg-35
service-tg-36
service-tg-37
service-tg-38
service-tg-39
service-tg-40
service-tg-41
service-tg-42
service-tg-43
service-tg-44
service-tg-45
service-tg-46
service-tg-47
service-tg-48
service-tg-49
service-tg-50
service-tg-51
service-tg-52
service-tg-53
service-tg-54
service-tg-55
service-tg-56
service-tg-57
service-tg-58

server-tg-01
server-tg-02
server-tg-03
server-tg-04
server-tg-05
server-tg-06
server-tg-07
server-tg-08
server-tg-09
server-tg-10
server-tg-11
server-tg-12
server-tg-13
server-tg-14
server-tg-15
server-tg-16
server-tg-17
server-tg-18
server-tg-19
server-tg-20
server-tg-21
server-tg-22
server-tg-23
server-tg-24
server-tg-25
server-tg-26
server-tg-27
server-tg-28
server-tg-29
server-tg-30
server-tg-31
server-tg-32
server-tg-33
server-tg-34
server-tg-35
server-tg-36
server-tg-37
server-tg-38
server-tg-39
server-tg-40
server-tg-41
server-tg-42
server-tg-43
server-tg-44
server-tg-45
server-tg-46
server-tg-47
server-tg-48
server-tg-49
server-tg-50
server-tg-51
server-tg-52
server-tg-53
server-tg-54
server-tg-55
server-tg-56
server-tg-57
server-tg-58

HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
HTTP 80
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
SSL 443
TCP 8080
TCP 8080
TCP 8080
TCP 8080
TCP 8080
TCP 8080
TCP 8080
TCP 8080
TCP 8080
TCP 8080
TCP 8080
TCP 8080
TCP 8080
TCP 8080
TCP 8080
TCP 8080
TCP 8080
TCP 8080

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-3

Appendix C

Configurations

NetScaler Instance Configuration Summary

add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add
add

service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service
service

add
add
add
add
add
add
add
add

lb
lb
lb
lb
lb
lb
lb
lb

bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind

service-tg-59
service-tg-60
service-tg-61
service-tg-62
service-tg-63
service-tg-64
service-tg-65
service-tg-66
service-tg-67
service-tg-68
service-tg-69
service-tg-70
service-tg-71
service-tg-72
service-tg-73
service-tg-74
service-tg-75
service-tg-76
service-tg-77
service-tg-78
service-tg-79
service-tg-80

lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb

vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver

vip-tg-101
vip-tg-102
vip-tg-103
vip-tg-104
vip-tg-105
vip-tg-106
vip-tg-107
vip-tg-108

server-tg-59
server-tg-60
server-tg-61
server-tg-62
server-tg-63
server-tg-64
server-tg-65
server-tg-66
server-tg-67
server-tg-68
server-tg-69
server-tg-70
server-tg-71
server-tg-72
server-tg-73
server-tg-74
server-tg-75
server-tg-76
server-tg-77
server-tg-78
server-tg-79
server-tg-80

TCP
TCP
DNS
DNS
DNS
DNS
DNS
DNS
DNS
DNS
DNS
DNS
DNS
DNS
DNS
DNS
DNS
DNS
DNS
DNS
DNS
DNS

8080
8080
53
53
53
53
53
53
53
53
53
53
53
53
53
53
53
53
53
53
53
53

vip-tg-101
vip-tg-101
vip-tg-101
vip-tg-101
vip-tg-101
vip-tg-101
vip-tg-101
vip-tg-101
vip-tg-101
vip-tg-101
vip-tg-102
vip-tg-102
vip-tg-102
vip-tg-102
vip-tg-102
vip-tg-102
vip-tg-102
vip-tg-102
vip-tg-102
vip-tg-102
vip-tg-103
vip-tg-103
vip-tg-103
vip-tg-103
vip-tg-103
vip-tg-103
vip-tg-103
vip-tg-103
vip-tg-103
vip-tg-103
vip-tg-104
vip-tg-104

HTTP 101.16.1.101 80
HTTP 101.16.1.102 80
SSL 101.16.1.103 443
SSL 101.16.1.104 443
TCP 101.16.1.105 8080
TCP 101.16.1.106 8080
DNS 101.16.1.107 53
DNS 101.16.1.108 53
service-tg-01
service-tg-02
service-tg-03
service-tg-04
service-tg-05
service-tg-06
service-tg-07
service-tg-08
service-tg-09
service-tg-10
service-tg-11
service-tg-12
service-tg-13
service-tg-14
service-tg-15
service-tg-16
service-tg-17
service-tg-18
service-tg-19
service-tg-20
service-tg-21
service-tg-22
service-tg-23
service-tg-24
service-tg-25
service-tg-26
service-tg-27
service-tg-28
service-tg-29
service-tg-30
service-tg-31
service-tg-32

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-4

Design and Implementation Guide

Appendix C

Configurations
NetScaler Instance Configuration Summary

bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind
bind

lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb
lb

vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver
vserver

vip-tg-104
vip-tg-104
vip-tg-104
vip-tg-104
vip-tg-104
vip-tg-104
vip-tg-104
vip-tg-104
vip-tg-105
vip-tg-105
vip-tg-105
vip-tg-105
vip-tg-105
vip-tg-105
vip-tg-105
vip-tg-105
vip-tg-105
vip-tg-105
vip-tg-106
vip-tg-106
vip-tg-106
vip-tg-106
vip-tg-106
vip-tg-106
vip-tg-106
vip-tg-106
vip-tg-106
vip-tg-106
vip-tg-107
vip-tg-107
vip-tg-107
vip-tg-107
vip-tg-107
vip-tg-107
vip-tg-107
vip-tg-107
vip-tg-107
vip-tg-107
vip-tg-108
vip-tg-108
vip-tg-108
vip-tg-108
vip-tg-108
vip-tg-108
vip-tg-108
vip-tg-108
vip-tg-108
vip-tg-108

service-tg-33
service-tg-34
service-tg-35
service-tg-36
service-tg-37
service-tg-38
service-tg-39
service-tg-40
service-tg-41
service-tg-42
service-tg-43
service-tg-44
service-tg-45
service-tg-46
service-tg-47
service-tg-48
service-tg-49
service-tg-50
service-tg-51
service-tg-52
service-tg-53
service-tg-54
service-tg-55
service-tg-56
service-tg-57
service-tg-58
service-tg-59
service-tg-60
service-tg-61
service-tg-62
service-tg-63
service-tg-64
service-tg-65
service-tg-66
service-tg-67
service-tg-68
service-tg-69
service-tg-70
service-tg-71
service-tg-72
service-tg-73
service-tg-74
service-tg-75
service-tg-76
service-tg-77
service-tg-78
service-tg-79
service-tg-80

add ssl certKey sp2013.test.ctx-cert -cert sp2013-server.cert -key

sp2013-server.key
bind ssl vserver vip-tg-103 -certkeyName sp2013.test.ctx-cert
bind ssl vserver vip-tg-104 -certkeyName sp2013.test.ctx-cert
add
add
add
add
add

route
route
route
route
route

10.1.1.0 255.255.255.0 10.16.1.254

10.1.2.0 255.255.255.0 10.16.1.254
10.1.3.0 255.255.255.0 10.16.1.254
10.16.2.0 255.255.255.0 10.16.1.254
192.168.0.0 255.255.0.0 192.168.114.254

add route 0.0.0.0 0.0.0.0 101.16.1.254

# === CS ===================================================================

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-5

Appendix C

Configurations

NetScaler Instance Configuration Summary

add server server-sp2013-1 10.1.2.101

add server server-sp2013-2 10.1.2.102
add service service-sp2013-1 server-sp2013-1 SSL 443
add service service-sp2013-2 server-sp2013-2 SSL 443
add lb vserver vip-LB-sp2013-1 HTTP 10.16.1.111 80
add lb vserver vip-LB-sp2013-2 HTTP 10.16.1.112 80
bind lb vserver vip-LB-sp2013-1 service-sp2013-1
bind lb vserver vip-LB-sp2013-2 service-sp2013-2
add cs vserver vip-CS_SP2013 SSL 101.16.1.121 443
bind ssl vserver vip-CS_SP2013 -certkeyName sp2013.test.ctx-cert
add cs policy policy-cs-eng -url "/sites/Eng/*"
add cs policy policy-cs-mkt -url "/sites/Mkt/*"
bind cs vserver vip-CS_SP2013 -policy policy-cs-eng -targetLBVserver
vip-LB-sp2013-1
bind cs vserver vip-CS_SP2013 -policy policy-cs-mkt -targetLBVserver
vip-LB-sp2013-2
bind cs vserver vip-CS_SP2013 -lbvserver vip-LB-sp2013-1
# === DB ===================================================================
add db user sa -password Citrix123
add
add
add
add

server
server
server
server

server-mssql-1 10.1.3.101
server-mssql-2 10.1.3.102
server-mssql-3 10.1.3.103
server-mssql_listener 10.1.3.105

add service sql-1.test.ctx server-mssql-1 MSSQL 1433

add service sql-2.test.ctx server-mssql-2 MSSQL 1433
add service sql-3.test.ctx server-mssql-3 MSSQL 1433
add service sql_listener server-mssql_listener MSSQL 1433
add monitor read_replica1 MSSQL-ECV -sqlQuery "select role, role_desc from
sys.dm_hadr_availability_replica_states as A,
sys.dm_hadr_availability_replica_cluster_states as B where (A.replica_id =
B.replica_id and B.replica_server_name = 'sql-1') and A.group_id in
(select ag_id from sys.dm_hadr_name_id_map where ag_name =
'AG_SharePoint_2013')" -evalRule
"MSSQL.RES.ROW(0).TEXT_ELEM(1).EQ(\"SECONDARY\")" -username sa
add monitor read_replica2 MSSQL-ECV -sqlQuery "select role, role_desc from
sys.dm_hadr_availability_replica_states as A,
sys.dm_hadr_availability_replica_cluster_states as B where (A.replica_id =
B.replica_id and B.replica_server_name = 'sql-2') and A.group_id in
(select ag_id from sys.dm_hadr_name_id_map where ag_name =
'AG_SharePoint_2013')" -evalRule
"MSSQL.RES.ROW(0).TEXT_ELEM(1).EQ(\"SECONDARY\")" -username sa
add monitor read_replica3 MSSQL-ECV -sqlQuery "select role, role_desc from
sys.dm_hadr_availability_replica_states as A,
sys.dm_hadr_availability_replica_cluster_states as B where (A.replica_id =
B.replica_id and B.replica_server_name = 'sql-3') and A.group_id in
(select ag_id from sys.dm_hadr_name_id_map where ag_name =
'AG_SharePoint_2013')" -evalRule
"MSSQL.RES.ROW(0).TEXT_ELEM(1).EQ(\"SECONDARY\")" -username sa

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-6

Design and Implementation Guide

Appendix C

Configurations
NetScaler Instance Configuration Summary

bind service sql-1.test.ctx -monitorName read_replica1

bind service sql-2.test.ctx -monitorName read_replica2
bind service sql-3.test.ctx -monitorName read_replica3
add lb vserver vip-mssql-LB_READ MSSQL 10.16.1.151 1433 -mssqlServerVersion
2012
add lb vserver vip-mssql-LB_WRITE MSSQL 10.16.1.152 1433 -mssqlServerVersion
2012
bind lb vserver vip-mssql-LB_WRITE sql_listener
bind lb vserver vip-mssql-LB_READ sql-1.test.ctx
bind lb vserver vip-mssql-LB_READ sql-2.test.ctx
bind lb vserver vip-mssql-LB_READ sql-3.test.ctx
add cs vserver vip-MSSQL_CS MSSQL 10.16.1.122 1433 -mssqlServerVersion 2012
add cs policy CS_Read1 -rule "MSSQL.CLIENT.TYPEFLAGS.BITAND(32).EQ(32)"
add cs policy CS_Read2 -rule
"MSSQL.REQ.QUERY.COMMAND.SET_TEXT_MODE(IGNORECASE).EQ(\"select\")"
bind cs vserver vip-MSSQL_CS -policy CS_Read1 -targetLBVserver vip-mssqlLB_READ -priority 10
bind cs vserver vip-MSSQL_CS -policy CS_Read2 -targetLBVserver vip-mssqlLB_READ -priority 20
bind cs vserver vip-MSSQL_CS -lbvserver vip-mssql-LB_WRITE
#
#
#
#

=== AppFW ==================================================================

=== Out-of-band operation:
=== import appfw signatures
===
http://10.1.1.101/mssharepoint/mssharepoint.xml mssharepoint

add appfw profile Sharepoint_SharePoint_sig -startURLAction block learn log

stats -startURLClosure ON -signatures mssharepoint
bind appfw profile Sharepoint_SharePoint_sig -startURL
"^http://sp2013.test.ctx(\\:)*(\\d)*/sites/Eng(/)?"
bind appfw profile Sharepoint_SharePoint_sig -startURL
"^http://sp2013.test.ctx(\\:)*(\\d)*/sites/Mkt(/)?"
add appfw policy Sharepoint_SharePoint_sig
"HTTP.REQ.HOSTNAME.EQ(\"sp2013.test.ctx\")" Sharepoint_SharePoint_sig
bind cs vserver vip-CS_SP2013 -policyName Sharepoint_SharePoint_sig -priority
100 -gotoPriorityExpression END -type REQUEST
set appfw profile Sharepoint_SharePoint_sig -SQLInjectionAction block learn
log stats
set appfw profile Sharepoint_SharePoint_sig -crossSiteScriptingAction block
learn log stats
# === GSLB ===================================================================
add service svc_adns_1 101.16.1.11 ADNS 53
add gslb site Data_Center_1 101.16.1.11
add gslb site Data_Center_2 201.16.1.11
add gslb vserver vip-gslb-sp2013 ssl
add gslb service svc_gslb_sp2013_dc1 101.16.1.121 ssl 443 -sitename
Data_Center_1

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-7

Appendix C

Configurations

Automating APIC Configuration for SharePoint

add gslb service svc_gslb_sp2013_dc2 201.16.1.121 ssl 443 -sitename

Data_Center_2
bind gslb vserver vip-gslb-sp2013 -servicename svc_gslb_sp2013_dc1
bind gslb vserver vip-gslb-sp2013 -servicename svc_gslb_sp2013_dc2
bind gslb vserver vip-gslb-sp2013 -domainname sp2013.test.ctx
set gslb vserver vip-gslb-sp2013 -lbmethod RTT
add
add
add
add
add
add

location
location
location
location
location
location

91.1.1.1 91.1.1.255 DC1

101.16.1.121 101.16.1.121
102.16.1.121 102.16.1.121
92.1.1.1 92.1.1.255 DC2
201.16.1.121 201.16.1.121
202.16.1.121 202.16.1.121

DC1
DC1
DC2
DC2

set gslb vserver vip-gslb-sp2013 -lbmethod staticproximity

set gslb vserver vip-gslb-sp2013 -lbmethod leastconnection
#=============================================================================

Return to Configurations, page C-1.

Automating APIC Configuration for SharePoint

From a Ubuntu machine, XML files can be interpreted using Python to define APIC configurations for
ACI deployments. APIC then deploys the appropriate configuration settings to the NetScaler VPX
instances.
This appendix contains the XML files largely used to configure NetScaler VPX instances used in this
system solution. The following script processes a series of XML files to automate the creation and
configuration of the NetScaler instances. (A few additional steps, such as creating and assigning the
filter acl_cs_sharepoint to contract subjects for SharePoint, were performed using the APIC GUI and do
not have comparable XML files in this appendix.)
#!/bin/bash
# Ubuntu machine: 192.168.115.221 (administrator/cisco)
# Basic config: /Citrix/APICscript/
# ============================================================================
./post_xml.py CreateServiceGraph_lb_http.xml 192.168.114.1:443
./post_xml.py ConfigServiceGraphWithParams_lb_http.xml 192.168.114.1:443
./post_xml.py CreateContract_lb_http.xml 192.168.114.1:443
./post_xml.py AttachGraphToContract_lb_http.xml 192.168.114.1:443
./post_xml.py
./post_xml.py
./post_xml.py
./post_xml.py

CreateServiceGraph_lb_ssl.xml 192.168.114.1:443
ConfigServiceGraphWithParams_lb_ssl.xml 192.168.114.1:443
CreateContract_lb_ssl.xml 192.168.114.1:443
AttachGraphToContract_lb_ssl.xml 192.168.114.1:443

# CS/SSL: /Citrix/APICscript/SP_CS_SSL/
# ============================================================================
./post_xml.py CreateServiceGraph_SP_cs_ssl_1.xml 192.168.114.1:443
./post_xml.py ConfigServiceGraphWithParams_SP_cs_ssl_1.xml 192.168.114.1:443
./post_xml.py CreateServiceGraph_SP_cs_ssl_2.xml 192.168.114.1:443
./post_xml.py ConfigServiceGraphWithParams_SP_cs_ssl_2.xml 192.168.114.1:443
# CS/DB: /Citrix/APICscript/SP_CS_DB/
# ============================================================================

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-8

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

./post_xml.py CreateServiceGraphWithParams_SP_cs_DB_1.xml 192.168.114.1:443

./post_xml.py CreateServiceGraphWithParams_SP_cs_DB_2.xml 192.168.114.1:443
# AppFW: /Citrix/APICscript/AppFW/
# ============================================================================
./post_xml.py CreateServiceGraphWithParams_AppFW.xml 192.168.114.1:443
./post_xml.py ConfigServiceGraph_SP_cs_ssl_1_withAppFW-policy.xml 192.168.114.1:443
./post_xml.py ConfigAppFW_block_SQL_injection.xml 192.168.114.1:443
./post_xml.py ConfigAppFW_block_XSS.xml 192.168.114.1:443
# GSLB: /Citrix/APICscript/SP_GSLB/
# ============================================================================
./post_xml.py CreateServiceGraphWithParams_SP_GSLB_1.xml 192.168.114.1:443
./post_xml.py CreateServiceGraphWithParams_SP_GSLB_2.xml 192.168.114.1:443
./post_xml.py ConfigParameters_SP_GSLB_DynamicProx.xml 192.168.114.1:443
./post_xml.py ConfigParameters_SP_GSLB_StaticProx.xml 192.168.114.1:443
./post_xml.py ConfigParameters_SP_GSLB_LeastConn.xml192.168.114.1:443

The first eight files perform configuration tasks that set up basic network service functions that APIC
applies to the NetScaler instances. These tasks include the configuration of Load Balancing and SSL offloading functions that are performed on generic traffic. The remaining files configure NetScaler
functions that are specific to SharePoint Server 2013 workloads.

XML Files for Configuring NetScaler Instances

The following system solution XML files for configuring NetScaler instances are available for
reference:
XML Files for Configuring Basic Functions, page C-10

CreateServiceGraph_lb_http.xml, page C-10

ConfigServiceGraphWithParams_lb_http.xml , page C-30

CreateContract_lb_http.xml, page C-31

AttachGraphToContract_lb_http.xml , page C-32

CreateServiceGraph_lb_ssl.xml , page C-32

ConfigServiceGraphWithParams_lb_ssl.xml, page C-40

CreateContract_lb_ssl.xml, page C-40

AttachGraphToContract_lb_ssl.xml , page C-41

XML Files that Configure NetScaler Services for SharePoint, page C-41

XML for Content Switching

CreateServiceGraph_SP_cs_ssl_1.xml, page C-43
ConfigServiceGraphWithParams_SP_cs_ssl_1.xml, page C-46
CreateServiceGraph_SP_cs_ssl_2.xml , page C-47
ConfigServiceGraphWithParams_SP_cs_ssl_2.xml , page C-48

XML for Database Content Switching

CreateServiceGraphWithParams_SP_cs_DB_1.xml, page C-49
CreateServiceGraphWithParams_SP_cs_DB_2.xml, page C-51

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-9

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

XML for Application Firewall

CreateServiceGraphWithParams_AppFW.xml, page C-56
ConfigServiceGraph_SP_cs_ssl_1_withAppFW-policy.xml, page C-58
ConfigAppFW_block_SQL_injection.xml, page C-62
ConfigAppFW_block_XSS.xml, page C-63.

XML for Global Server Load Balancing (GSLB)

CreateServiceGraphWithParams_SP_GSLB_1.xml , page C-66
CreateServiceGraphWithParams_SP_GSLB_2.xml, page C-67
ConfigParameters_SP_GSLB_DynamicProx.xml, page C-70
ConfigParameters_SP_GSLB_StaticProx.xml, page C-73
ConfigParameters_SP_GSLB_LeastConn.xml, page C-76

XML Files for Configuring Basic Functions

These XML files set up basic NetScaler network service functions that process generic traffic on the ACI
fabric:

CreateServiceGraph_lb_http.xml, page C-10

Creates a service graph (WebGraph) for HTTP, SSL, DNS, and TCP load balancing.

ConfigServiceGraphWithParams_lb_http.xml , page C-30

Configures L4-L7 parameters for the load balancing service graph.

CreateContract_lb_http.xml, page C-31

Configures a contract for load balancing traffic.

AttachGraphToContract_lb_http.xml , page C-32

Attaches the service graph to the contract.

CreateServiceGraph_lb_ssl.xml , page C-32

Creates a service graph (WebGraph_ssl) for SSL Offloading.

ConfigServiceGraphWithParams_lb_ssl.xml, page C-40

Configures L4-L7 parameters for the SSL Offloading service graph.

CreateContract_lb_ssl.xml, page C-40

Configures a contract for SSL Offloading of generic traffic on the fabric.

AttachGraphToContract_lb_ssl.xml , page C-41

Attaches the SSL Offloading service graph to a contract.

CreateServiceGraph_lb_http.xml

Creates a service graph (WebGraph) for HTTP, SSL, DNS, and TCP load balancing.
<! CreateServiceGraph_lb_http.xml -->
<! Create service graph for LB -->
<polUni>
<fvTenant name="silverTenant1">
<!-- Application Profile -->
<fvAp dn="uni/tn-silverTenant1/ap-Web1-AppProfile" name="Web1-AppProfile">

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-10

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

<!-- EPG 1 -->

<fvAEPg dn="uni/tn-silverTenant1/ap-Web1-AppProfile/epg-Web1-EPG"
name="Web1-EPG">
<fvRsBd tnFvBDName="silverTenant1-BD1" />
<fvRsProv tnVzBrCPName="webCtrct1"></fvRsProv>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="Network" name="network">
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="nsip" name="snip1">
<vnsParamInst key="ipaddress" name="ip1" value="101.16.1.11"/>
<vnsParamInst key="netmask" name="netmask1" value="255.255.255.0"/>
<vnsParamInst key="dynamicrouting" name="dynamicRouting"
value="ENABLED"/>
<vnsParamInst key="hostroute" name="hostroute" value="DISABLED"/>
<vnsParamInst key="mgmtaccess" name="mgmtaccess" value="ENABLED"/>
<vnsParamInst key="type" name="type" value="SNIP"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="nsip" name="snip2">
<vnsParamInst key="ipaddress" name="ip2" value="10.16.1.11"/>
<vnsParamInst key="netmask" name="netmask2" value="255.255.255.0"/>
<vnsParamInst key="dynamicrouting" name="dynamicRouting"
value="DISABLED"/>
<vnsParamInst key="hostroute" name="hostroute" value="DISABLED"/>
<vnsParamInst key="mgmtaccess" name="mgmtaccess" value="ENABLED"/>
<vnsParamInst key="type" name="type" value="SNIP"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="nsip" name="snip3">
<vnsParamInst key="ipaddress" name="ip3" value="10.16.1.12"/>
<vnsParamInst key="netmask" name="netmask3" value="255.255.255.0"/>
<vnsParamInst key="dynamicrouting" name="dynamicRouting"
value="DISABLED"/>
<vnsParamInst key="hostroute" name="hostroute" value="DISABLED"/>
<vnsParamInst key="type" name="type" value="SNIP"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="nsip" name="snip4">
<vnsParamInst key="ipaddress" name="ip4" value="10.16.1.13"/>
<vnsParamInst key="netmask" name="netmask4" value="255.255.255.0"/>
<vnsParamInst key="dynamicrouting" name="dynamicRouting"
value="DISABLED"/>
<vnsParamInst key="hostroute" name="hostroute" value="DISABLED"/>
<vnsParamInst key="type" name="type" value="SNIP"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="route" name="route1">
<vnsParamInst key="network" name="network1" value="0.0.0.0"/>
<vnsParamInst key="netmask" name="netmask1" value="0.0.0.0"/>
<vnsParamInst key="gateway" name="gateway1" value="101.16.1.254"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="route" name="route2">
<vnsParamInst key="network" name="network2" value="10.1.1.0"/>
<vnsParamInst key="netmask" name="netmask2" value="255.255.255.0"/>
<vnsParamInst key="gateway" name="gateway2" value="10.16.1.254"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="route" name="route3">
<vnsParamInst key="network" name="network3" value="10.1.2.0"/>
<vnsParamInst key="netmask" name="netmask3" value="255.255.255.0"/>
<vnsParamInst key="gateway" name="gateway2" value="10.16.1.254"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-11

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

nodeNameOrLbl="LB1" key="route" name="route4">

<vnsParamInst key="network" name="network4" value="10.1.3.0"/>
<vnsParamInst key="netmask" name="netmask4" value="255.255.255.0"/>
<vnsParamInst key="gateway" name="gateway2" value="10.16.1.254"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="route" name="route5">
<vnsParamInst key="network" name="network5" value="10.16.2.0"/>
<vnsParamInst key="netmask" name="netmask5" value="255.255.255.0"/>
<vnsParamInst key="gateway" name="gateway2" value="10.16.1.254"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver" name="vip-tg-101">
<vnsParamInst name="name" key="name" value="vip-tg-101"/>
<vnsParamInst name="ipv46" key="ipv46" value="101.16.1.101"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="port" key="port" value="80"/>
<vnsParamInst name="clttimeout" key="clttimeout" value="200"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-01">
<vnsCfgRelInst key="servicename" name="service-tg-01"
targetName="service-tg-01"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-02">
<vnsCfgRelInst key="servicename" name="service-tg-02"
targetName="service-tg-02"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-03">
<vnsCfgRelInst key="servicename" name="service-tg-03"
targetName="service-tg-03"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-04">
<vnsCfgRelInst key="servicename" name="service-tg-04"
targetName="service-tg-04"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-05">
<vnsCfgRelInst key="servicename" name="service-tg-05"
targetName="service-tg-05"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-06">
<vnsCfgRelInst key="servicename" name="service-tg-06"
targetName="service-tg-06"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-07">
<vnsCfgRelInst key="servicename" name="service-tg-07"
targetName="service-tg-07"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-12

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-08">
<vnsCfgRelInst key="servicename" name="service-tg-08"
targetName="service-tg-08"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-09">
<vnsCfgRelInst key="servicename" name="service-tg-09"
targetName="service-tg-09"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-10">
<vnsCfgRelInst key="servicename" name="service-tg-10"
targetName="service-tg-10"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver" name="vip-tg-102">
<vnsParamInst name="name" key="name" value="vip-tg-102"/>
<vnsParamInst name="ipv46" key="ipv46" value="101.16.1.102"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="port" key="port" value="80"/>
<vnsParamInst name="clttimeout" key="clttimeout" value="200"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-11">
<vnsCfgRelInst key="servicename" name="service-tg-11"
targetName="service-tg-11"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-12">
<vnsCfgRelInst key="servicename" name="service-tg-12"
targetName="service-tg-12"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-13">
<vnsCfgRelInst key="servicename" name="service-tg-13"
targetName="service-tg-13"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-14">
<vnsCfgRelInst key="servicename" name="service-tg-14"
targetName="service-tg-14"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-15">
<vnsCfgRelInst key="servicename" name="service-tg-15"
targetName="service-tg-15"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-16">
<vnsCfgRelInst key="servicename" name="service-tg-16"
targetName="service-tg-16"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-13

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-17">
<vnsCfgRelInst key="servicename" name="service-tg-17"
targetName="service-tg-17"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-18">
<vnsCfgRelInst key="servicename" name="service-tg-18"
targetName="service-tg-18"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-19">
<vnsCfgRelInst key="servicename" name="service-tg-19"
targetName="service-tg-19"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-20">
<vnsCfgRelInst key="servicename" name="service-tg-20"
targetName="service-tg-20"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver" name="vip-tg-105">
<vnsParamInst name="name" key="name" value="vip-tg-105"/>
<vnsParamInst name="ipv46" key="ipv46" value="101.16.1.105"/>
<vnsParamInst name="servicetype" key="servicetype" value="TCP"/>
<vnsParamInst name="port" key="port" value="8080"/>
<vnsParamInst name="clttimeout" key="clttimeout" value="200"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-41">
<vnsCfgRelInst key="servicename" name="service-tg-41"
targetName="service-tg-41"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-42">
<vnsCfgRelInst key="servicename" name="service-tg-42"
targetName="service-tg-42"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-43">
<vnsCfgRelInst key="servicename" name="service-tg-43"
targetName="service-tg-43"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-44">
<vnsCfgRelInst key="servicename" name="service-tg-44"
targetName="service-tg-44"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-45">
<vnsCfgRelInst key="servicename" name="service-tg-45"
targetName="service-tg-45"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-14

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-46">
<vnsCfgRelInst key="servicename" name="service-tg-46"
targetName="service-tg-46"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-47">
<vnsCfgRelInst key="servicename" name="service-tg-47"
targetName="service-tg-47"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-48">
<vnsCfgRelInst key="servicename" name="service-tg-48"
targetName="service-tg-48"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-49">
<vnsCfgRelInst key="servicename" name="service-tg-49"
targetName="service-tg-49"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-50">
<vnsCfgRelInst key="servicename" name="service-tg-50"
targetName="service-tg-50"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver" name="vip-tg-106">
<vnsParamInst name="name" key="name" value="vip-tg-106"/>
<vnsParamInst name="ipv46" key="ipv46" value="101.16.1.106"/>
<vnsParamInst name="servicetype" key="servicetype" value="TCP"/>
<vnsParamInst name="port" key="port" value="8080"/>
<vnsParamInst name="clttimeout" key="clttimeout" value="200"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-51">
<vnsCfgRelInst key="servicename" name="service-tg-51"
targetName="service-tg-51"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-52">
<vnsCfgRelInst key="servicename" name="service-tg-52"
targetName="service-tg-52"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-53">
<vnsCfgRelInst key="servicename" name="service-tg-53"
targetName="service-tg-53"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-54">
<vnsCfgRelInst key="servicename" name="service-tg-54"
targetName="service-tg-54"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-15

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-55">
<vnsCfgRelInst key="servicename" name="service-tg-55"
targetName="service-tg-55"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-56">
<vnsCfgRelInst key="servicename" name="service-tg-56"
targetName="service-tg-56"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-57">
<vnsCfgRelInst key="servicename" name="service-tg-57"
targetName="service-tg-57"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-58">
<vnsCfgRelInst key="servicename" name="service-tg-58"
targetName="service-tg-58"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-59">
<vnsCfgRelInst key="servicename" name="service-tg-59"
targetName="service-tg-59"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-60">
<vnsCfgRelInst key="servicename" name="service-tg-60"
targetName="service-tg-60"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver" name="vip-tg-107">
<vnsParamInst name="name" key="name" value="vip-tg-107"/>
<vnsParamInst name="ipv46" key="ipv46" value="101.16.1.107"/>
<vnsParamInst name="servicetype" key="servicetype" value="DNS"/>
<vnsParamInst name="port" key="port" value="53"/>
<vnsParamInst name="clttimeout" key="clttimeout" value="200"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-61">
<vnsCfgRelInst key="servicename" name="service-tg-61"
targetName="service-tg-61"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-62">
<vnsCfgRelInst key="servicename" name="service-tg-62"
targetName="service-tg-62"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-63">
<vnsCfgRelInst key="servicename" name="service-tg-63"
targetName="service-tg-63"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-16

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-64">
<vnsCfgRelInst key="servicename" name="service-tg-64"
targetName="service-tg-64"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-65">
<vnsCfgRelInst key="servicename" name="service-tg-65"
targetName="service-tg-65"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-66">
<vnsCfgRelInst key="servicename" name="service-tg-66"
targetName="service-tg-66"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-67">
<vnsCfgRelInst key="servicename" name="service-tg-67"
targetName="service-tg-67"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-68">
<vnsCfgRelInst key="servicename" name="service-tg-68"
targetName="service-tg-68"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-69">
<vnsCfgRelInst key="servicename" name="service-tg-69"
targetName="service-tg-69"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-70">
<vnsCfgRelInst key="servicename" name="service-tg-70"
targetName="service-tg-70"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver" name="vip-tg-108">
<vnsParamInst name="name" key="name" value="vip-tg-108"/>
<vnsParamInst name="ipv46" key="ipv46" value="101.16.1.108"/>
<vnsParamInst name="servicetype" key="servicetype" value="DNS"/>
<vnsParamInst name="port" key="port" value="53"/>
<vnsParamInst name="clttimeout" key="clttimeout" value="200"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-71">
<vnsCfgRelInst key="servicename" name="service-tg-71"
targetName="service-tg-71"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-72">
<vnsCfgRelInst key="servicename" name="service-tg-72"
targetName="service-tg-72"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-17

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-73">
<vnsCfgRelInst key="servicename" name="service-tg-73"
targetName="service-tg-73"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-74">
<vnsCfgRelInst key="servicename" name="service-tg-74"
targetName="service-tg-74"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-75">
<vnsCfgRelInst key="servicename" name="service-tg-75"
targetName="service-tg-75"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-76">
<vnsCfgRelInst key="servicename" name="service-tg-76"
targetName="service-tg-76"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-77">
<vnsCfgRelInst key="servicename" name="service-tg-77"
targetName="service-tg-77"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-78">
<vnsCfgRelInst key="servicename" name="service-tg-78"
targetName="service-tg-78"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-79">
<vnsCfgRelInst key="servicename" name="service-tg-79"
targetName="service-tg-79"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="lbvserver_service_binding"
name="service-tg-80">
<vnsCfgRelInst key="servicename" name="service-tg-80"
targetName="service-tg-80"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-01">
<vnsParamInst name="name" key="name" value="service-tg-01"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.1"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="port" key="port" value="80"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-02">
<vnsParamInst name="name" key="name" value="service-tg-02"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.2"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="port" key="port" value="80"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-18

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

nodeNameOrLbl="LB1" key="service" name="service-tg-03">

<vnsParamInst name="name" key="name" value="service-tg-03"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.3"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="port" key="port" value="80"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-04">
<vnsParamInst name="name" key="name" value="service-tg-04"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.4"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="port" key="port" value="80"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-05">
<vnsParamInst name="name" key="name" value="service-tg-05"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.5"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="port" key="port" value="80"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-06">
<vnsParamInst name="name" key="name" value="service-tg-06"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.6"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="port" key="port" value="80"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-07">
<vnsParamInst name="name" key="name" value="service-tg-07"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.7"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="port" key="port" value="80"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-08">
<vnsParamInst name="name" key="name" value="service-tg-08"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.8"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="port" key="port" value="80"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-09">
<vnsParamInst name="name" key="name" value="service-tg-09"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.9"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="port" key="port" value="80"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-10">
<vnsParamInst name="name" key="name" value="service-tg-10"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.10"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="port" key="port" value="80"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-11">
<vnsParamInst name="name" key="name" value="service-tg-11"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.11"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="port" key="port" value="80"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-12">

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-19

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

<vnsParamInst name="name" key="name" value="service-tg-12"/>

<vnsParamInst name="ip" key="ip" value="10.16.2.12"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="port" key="port" value="80"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-13">
<vnsParamInst name="name" key="name" value="service-tg-13"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.13"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="port" key="port" value="80"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-14">
<vnsParamInst name="name" key="name" value="service-tg-14"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.14"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="port" key="port" value="80"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-15">
<vnsParamInst name="name" key="name" value="service-tg-15"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.15"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="port" key="port" value="80"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-16">
<vnsParamInst name="name" key="name" value="service-tg-16"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.16"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="port" key="port" value="80"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-17">
<vnsParamInst name="name" key="name" value="service-tg-17"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.17"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="port" key="port" value="80"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-18">
<vnsParamInst name="name" key="name" value="service-tg-18"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.18"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="port" key="port" value="80"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-19">
<vnsParamInst name="name" key="name" value="service-tg-19"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.19"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="port" key="port" value="80"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-20">
<vnsParamInst name="name" key="name" value="service-tg-20"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.20"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="port" key="port" value="80"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-41">
<vnsParamInst name="name" key="name" value="service-tg-41"/>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-20

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

<vnsParamInst name="ip" key="ip" value="10.16.2.41"/>

<vnsParamInst name="servicetype" key="servicetype" value="TCP"/>
<vnsParamInst name="port" key="port" value="8080"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-42">
<vnsParamInst name="name" key="name" value="service-tg-42"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.42"/>
<vnsParamInst name="servicetype" key="servicetype" value="TCP"/>
<vnsParamInst name="port" key="port" value="8080"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-43">
<vnsParamInst name="name" key="name" value="service-tg-43"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.43"/>
<vnsParamInst name="servicetype" key="servicetype" value="TCP"/>
<vnsParamInst name="port" key="port" value="8080"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-44">
<vnsParamInst name="name" key="name" value="service-tg-44"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.44"/>
<vnsParamInst name="servicetype" key="servicetype" value="TCP"/>
<vnsParamInst name="port" key="port" value="8080"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-45">
<vnsParamInst name="name" key="name" value="service-tg-45"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.45"/>
<vnsParamInst name="servicetype" key="servicetype" value="TCP"/>
<vnsParamInst name="port" key="port" value="8080"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-46">
<vnsParamInst name="name" key="name" value="service-tg-46"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.46"/>
<vnsParamInst name="servicetype" key="servicetype" value="TCP"/>
<vnsParamInst name="port" key="port" value="8080"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-47">
<vnsParamInst name="name" key="name" value="service-tg-47"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.47"/>
<vnsParamInst name="servicetype" key="servicetype" value="TCP"/>
<vnsParamInst name="port" key="port" value="8080"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-48">
<vnsParamInst name="name" key="name" value="service-tg-48"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.48"/>
<vnsParamInst name="servicetype" key="servicetype" value="TCP"/>
<vnsParamInst name="port" key="port" value="8080"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-49">
<vnsParamInst name="name" key="name" value="service-tg-49"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.49"/>
<vnsParamInst name="servicetype" key="servicetype" value="TCP"/>
<vnsParamInst name="port" key="port" value="8080"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-50">
<vnsParamInst name="name" key="name" value="service-tg-50"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.50"/>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-21

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

<vnsParamInst name="servicetype" key="servicetype" value="TCP"/>

<vnsParamInst name="port" key="port" value="8080"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-51">
<vnsParamInst name="name" key="name" value="service-tg-51"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.51"/>
<vnsParamInst name="servicetype" key="servicetype" value="TCP"/>
<vnsParamInst name="port" key="port" value="8080"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-52">
<vnsParamInst name="name" key="name" value="service-tg-52"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.52"/>
<vnsParamInst name="servicetype" key="servicetype" value="TCP"/>
<vnsParamInst name="port" key="port" value="8080"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-53">
<vnsParamInst name="name" key="name" value="service-tg-53"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.53"/>
<vnsParamInst name="servicetype" key="servicetype" value="TCP"/>
<vnsParamInst name="port" key="port" value="8080"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-54">
<vnsParamInst name="name" key="name" value="service-tg-54"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.54"/>
<vnsParamInst name="servicetype" key="servicetype" value="TCP"/>
<vnsParamInst name="port" key="port" value="8080"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-55">
<vnsParamInst name="name" key="name" value="service-tg-55"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.55"/>
<vnsParamInst name="servicetype" key="servicetype" value="TCP"/>
<vnsParamInst name="port" key="port" value="8080"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-56">
<vnsParamInst name="name" key="name" value="service-tg-56"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.56"/>
<vnsParamInst name="servicetype" key="servicetype" value="TCP"/>
<vnsParamInst name="port" key="port" value="8080"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-57">
<vnsParamInst name="name" key="name" value="service-tg-57"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.57"/>
<vnsParamInst name="servicetype" key="servicetype" value="TCP"/>
<vnsParamInst name="port" key="port" value="8080"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-58">
<vnsParamInst name="name" key="name" value="service-tg-58"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.58"/>
<vnsParamInst name="servicetype" key="servicetype" value="TCP"/>
<vnsParamInst name="port" key="port" value="8080"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-59">
<vnsParamInst name="name" key="name" value="service-tg-59"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.59"/>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-22

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

<vnsParamInst name="servicetype" key="servicetype" value="TCP"/>

<vnsParamInst name="port" key="port" value="8080"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-60">
<vnsParamInst name="name" key="name" value="service-tg-60"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.60"/>
<vnsParamInst name="servicetype" key="servicetype" value="TCP"/>
<vnsParamInst name="port" key="port" value="8080"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-61">
<vnsParamInst name="name" key="name" value="service-tg-61"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.61"/>
<vnsParamInst name="servicetype" key="servicetype" value="DNS"/>
<vnsParamInst name="port" key="port" value="53"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-62">
<vnsParamInst name="name" key="name" value="service-tg-62"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.62"/>
<vnsParamInst name="servicetype" key="servicetype" value="DNS"/>
<vnsParamInst name="port" key="port" value="53"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-63">
<vnsParamInst name="name" key="name" value="service-tg-63"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.63"/>
<vnsParamInst name="servicetype" key="servicetype" value="DNS"/>
<vnsParamInst name="port" key="port" value="53"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-64">
<vnsParamInst name="name" key="name" value="service-tg-64"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.64"/>
<vnsParamInst name="servicetype" key="servicetype" value="DNS"/>
<vnsParamInst name="port" key="port" value="53"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-65">
<vnsParamInst name="name" key="name" value="service-tg-65"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.65"/>
<vnsParamInst name="servicetype" key="servicetype" value="DNS"/>
<vnsParamInst name="port" key="port" value="53"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-66">
<vnsParamInst name="name" key="name" value="service-tg-66"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.66"/>
<vnsParamInst name="servicetype" key="servicetype" value="DNS"/>
<vnsParamInst name="port" key="port" value="53"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-67">
<vnsParamInst name="name" key="name" value="service-tg-67"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.67"/>
<vnsParamInst name="servicetype" key="servicetype" value="DNS"/>
<vnsParamInst name="port" key="port" value="53"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-68">
<vnsParamInst name="name" key="name" value="service-tg-68"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.68"/>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-23

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

<vnsParamInst name="servicetype" key="servicetype" value="DNS"/>

<vnsParamInst name="port" key="port" value="53"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-69">
<vnsParamInst name="name" key="name" value="service-tg-69"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.69"/>
<vnsParamInst name="servicetype" key="servicetype" value="DNS"/>
<vnsParamInst name="port" key="port" value="53"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-70">
<vnsParamInst name="name" key="name" value="service-tg-70"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.70"/>
<vnsParamInst name="servicetype" key="servicetype" value="DNS"/>
<vnsParamInst name="port" key="port" value="53"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-71">
<vnsParamInst name="name" key="name" value="service-tg-71"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.71"/>
<vnsParamInst name="servicetype" key="servicetype" value="DNS"/>
<vnsParamInst name="port" key="port" value="53"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-72">
<vnsParamInst name="name" key="name" value="service-tg-72"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.72"/>
<vnsParamInst name="servicetype" key="servicetype" value="DNS"/>
<vnsParamInst name="port" key="port" value="53"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-73">
<vnsParamInst name="name" key="name" value="service-tg-73"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.73"/>
<vnsParamInst name="servicetype" key="servicetype" value="DNS"/>
<vnsParamInst name="port" key="port" value="53"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-74">
<vnsParamInst name="name" key="name" value="service-tg-74"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.74"/>
<vnsParamInst name="servicetype" key="servicetype" value="DNS"/>
<vnsParamInst name="port" key="port" value="53"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-75">
<vnsParamInst name="name" key="name" value="service-tg-75"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.75"/>
<vnsParamInst name="servicetype" key="servicetype" value="DNS"/>
<vnsParamInst name="port" key="port" value="53"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-76">
<vnsParamInst name="name" key="name" value="service-tg-76"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.76"/>
<vnsParamInst name="servicetype" key="servicetype" value="DNS"/>
<vnsParamInst name="port" key="port" value="53"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-77">
<vnsParamInst name="name" key="name" value="service-tg-77"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.77"/>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-24

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

<vnsParamInst name="servicetype" key="servicetype" value="DNS"/>

<vnsParamInst name="port" key="port" value="53"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-78">
<vnsParamInst name="name" key="name" value="service-tg-78"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.78"/>
<vnsParamInst name="servicetype" key="servicetype" value="DNS"/>
<vnsParamInst name="port" key="port" value="53"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-79">
<vnsParamInst name="name" key="name" value="service-tg-79"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.79"/>
<vnsParamInst name="servicetype" key="servicetype" value="DNS"/>
<vnsParamInst name="port" key="port" value="53"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="service" name="service-tg-80">
<vnsParamInst name="name" key="name" value="service-tg-80"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.80"/>
<vnsParamInst name="servicetype" key="servicetype" value="DNS"/>
<vnsParamInst name="port" key="port" value="53"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCnglbvserver" name="Func_vip-tg-101">
<vnsCfgRelInst name="lbsverver_key" key="lbvserver_key"
targetName="vip-tg-101"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCnglbvserver" name="Func_vip-tg-102">
<vnsCfgRelInst name="lbsverver_key" key="lbvserver_key"
targetName="vip-tg-102"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCnglbvserver" name="Func_vip-tg-105">
<vnsCfgRelInst name="lbsverver_key" key="lbvserver_key"
targetName="vip-tg-105"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCnglbvserver" name="Func_vip-tg-106">
<vnsCfgRelInst name="lbsverver_key" key="lbvserver_key"
targetName="vip-tg-106"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCnglbvserver" name="Func_vip-tg-107">
<vnsCfgRelInst name="lbsverver_key" key="lbvserver_key"
targetName="vip-tg-107"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCnglbvserver" name="Func_vip-tg-108">
<vnsCfgRelInst name="lbsverver_key" key="lbvserver_key"
targetName="vip-tg-108"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-01">
<vnsCfgRelInst name="Func_service-tg-01_key" key="service_key"
targetName="service-tg-01"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-02">
<vnsCfgRelInst name="Func_service-tg-02_key" key="service_key"
targetName="service-tg-02"/>
</vnsFolderInst>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-25

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-03">
<vnsCfgRelInst name="Func_service-tg-03_key" key="service_key"
targetName="service-tg-03"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-04">
<vnsCfgRelInst name="Func_service-tg-04_key" key="service_key"
targetName="service-tg-04"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-05">
<vnsCfgRelInst name="Func_service-tg-05_key" key="service_key"
targetName="service-tg-05"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-06">
<vnsCfgRelInst name="Func_service-tg-06_key" key="service_key"
targetName="service-tg-06"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-07">
<vnsCfgRelInst name="Func_service-tg-07_key" key="service_key"
targetName="service-tg-07"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-08">
<vnsCfgRelInst name="Func_service-tg-08_key" key="service_key"
targetName="service-tg-08"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-09">
<vnsCfgRelInst name="Func_service-tg-09_key" key="service_key"
targetName="service-tg-09"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-10">
<vnsCfgRelInst name="Func_service-tg-10_key" key="service_key"
targetName="service-tg-10"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-11">
<vnsCfgRelInst name="Func_service-tg-11_key" key="service_key"
targetName="service-tg-11"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-12">
<vnsCfgRelInst name="Func_service-tg-12_key" key="service_key"
targetName="service-tg-12"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-13">
<vnsCfgRelInst name="Func_service-tg-13_key" key="service_key"
targetName="service-tg-13"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-14">
<vnsCfgRelInst name="Func_service-tg-14_key" key="service_key"
targetName="service-tg-14"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-15">
<vnsCfgRelInst name="Func_service-tg-15_key" key="service_key"
targetName="service-tg-15"/>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-26

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-16">
<vnsCfgRelInst name="Func_service-tg-16_key" key="service_key"
targetName="service-tg-16"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-17">
<vnsCfgRelInst name="Func_service-tg-17_key" key="service_key"
targetName="service-tg-17"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-18">
<vnsCfgRelInst name="Func_service-tg-18_key" key="service_key"
targetName="service-tg-18"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-19">
<vnsCfgRelInst name="Func_service-tg-19_key" key="service_key"
targetName="service-tg-19"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-20">
<vnsCfgRelInst name="Func_service-tg-20_key" key="service_key"
targetName="service-tg-20"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-41">
<vnsCfgRelInst name="Func_service-tg-41_key" key="service_key"
targetName="service-tg-41"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-42">
<vnsCfgRelInst name="Func_service-tg-42_key" key="service_key"
targetName="service-tg-42"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-43">
<vnsCfgRelInst name="Func_service-tg-43_key" key="service_key"
targetName="service-tg-43"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-44">
<vnsCfgRelInst name="Func_service-tg-44_key" key="service_key"
targetName="service-tg-44"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-45">
<vnsCfgRelInst name="Func_service-tg-45_key" key="service_key"
targetName="service-tg-45"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-46">
<vnsCfgRelInst name="Func_service-tg-46_key" key="service_key"
targetName="service-tg-46"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-47">
<vnsCfgRelInst name="Func_service-tg-47_key" key="service_key"
targetName="service-tg-47"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-48">

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-27

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

<vnsCfgRelInst name="Func_service-tg-48_key" key="service_key"

targetName="service-tg-48"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-49">
<vnsCfgRelInst name="Func_service-tg-49_key" key="service_key"
targetName="service-tg-49"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-50">
<vnsCfgRelInst name="Func_service-tg-50_key" key="service_key"
targetName="service-tg-50"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-51">
<vnsCfgRelInst name="Func_service-tg-51_key" key="service_key"
targetName="service-tg-51"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-52">
<vnsCfgRelInst name="Func_service-tg-52_key" key="service_key"
targetName="service-tg-52"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-53">
<vnsCfgRelInst name="Func_service-tg-53_key" key="service_key"
targetName="service-tg-53"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-54">
<vnsCfgRelInst name="Func_service-tg-54_key" key="service_key"
targetName="service-tg-54"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-55">
<vnsCfgRelInst name="Func_service-tg-55_key" key="service_key"
targetName="service-tg-55"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-56">
<vnsCfgRelInst name="Func_service-tg-56_key" key="service_key"
targetName="service-tg-56"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-57">
<vnsCfgRelInst name="Func_service-tg-57_key" key="service_key"
targetName="service-tg-57"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-58">
<vnsCfgRelInst name="Func_service-tg-58_key" key="service_key"
targetName="service-tg-58"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-59">
<vnsCfgRelInst name="Func_service-tg-59_key" key="service_key"
targetName="service-tg-59"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-60">
<vnsCfgRelInst name="Func_service-tg-60_key" key="service_key"
targetName="service-tg-60"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-28

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-61">

<vnsCfgRelInst name="Func_service-tg-61_key" key="service_key"
targetName="service-tg-61"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-62">
<vnsCfgRelInst name="Func_service-tg-62_key" key="service_key"
targetName="service-tg-62"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-63">
<vnsCfgRelInst name="Func_service-tg-63_key" key="service_key"
targetName="service-tg-63"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-64">
<vnsCfgRelInst name="Func_service-tg-64_key" key="service_key"
targetName="service-tg-64"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-65">
<vnsCfgRelInst name="Func_service-tg-65_key" key="service_key"
targetName="service-tg-65"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-66">
<vnsCfgRelInst name="Func_service-tg-66_key" key="service_key"
targetName="service-tg-66"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-67">
<vnsCfgRelInst name="Func_service-tg-67_key" key="service_key"
targetName="service-tg-67"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-68">
<vnsCfgRelInst name="Func_service-tg-68_key" key="service_key"
targetName="service-tg-68"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-69">
<vnsCfgRelInst name="Func_service-tg-69_key" key="service_key"
targetName="service-tg-69"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-70">
<vnsCfgRelInst name="Func_service-tg-70_key" key="service_key"
targetName="service-tg-70"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-71">
<vnsCfgRelInst name="Func_service-tg-71_key" key="service_key"
targetName="service-tg-71"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-72">
<vnsCfgRelInst name="Func_service-tg-72_key" key="service_key"
targetName="service-tg-72"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-73">
<vnsCfgRelInst name="Func_service-tg-73_key" key="service_key"
targetName="service-tg-73"/>
</vnsFolderInst>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-29

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"

nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-74">
<vnsCfgRelInst name="Func_service-tg-74_key" key="service_key"
targetName="service-tg-74"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-75">
<vnsCfgRelInst name="Func_service-tg-75_key" key="service_key"
targetName="service-tg-75"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-76">
<vnsCfgRelInst name="Func_service-tg-76_key" key="service_key"
targetName="service-tg-76"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-77">
<vnsCfgRelInst name="Func_service-tg-77_key" key="service_key"
targetName="service-tg-77"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-78">
<vnsCfgRelInst name="Func_service-tg-78_key" key="service_key"
targetName="service-tg-78"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-79">
<vnsCfgRelInst name="Func_service-tg-79_key" key="service_key"
targetName="service-tg-79"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="mFCngservice" name="Func_service-tg-80">
<vnsCfgRelInst name="Func_service-tg-80_key" key="service_key"
targetName="service-tg-80"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="external_network"
name="external_network">
<vnsCfgRelInst name="external_network_key"
key="external_network_key" targetName="network/snip1" />
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph"
nodeNameOrLbl="LB1" key="internal_network"
name="internal_network">
<vnsCfgRelInst name="internal_network_key"
key="internal_network_key" targetName="network/snip2"/>
</vnsFolderInst>
</fvAEPg>
</fvAp>
</fvTenant>
</polUni>

Return to XML Files for Configuring Basic Functions, page C-10.

Goto Configurations, page C-1
ConfigServiceGraphWithParams_lb_http.xml

Configures L4-L7 parameters for the load balancing service graph.

<! ConfigServiceGraphWithParams_lb_http.xml -->
<! Configure L4-L7 parameters for LB Service Graph ->
<polUni>
<fvTenant name="silverTenant1">

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-30

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

<vnsAbsGraph name="WebGraph">
<vnsAbsTermNodeProv name="Input1">
<vnsAbsTermConn name="C1">
</vnsAbsTermConn>
</vnsAbsTermNodeProv>
<!-- LB1 Provides LoadBalancing functionality -->
<vnsAbsNode name="LB1" funcType="GoTo">
<vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraphWebGraph/AbsTermNodeProv-Input1/outtmnl"/>
<vnsAbsFuncConn name="outside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncLoadBalancing/mConn-external" />
</vnsAbsFuncConn>
<vnsAbsFuncConn name="inside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncLoadBalancing/mConn-internal" />
</vnsAbsFuncConn>
<vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncLoadBalancing" />
</vnsAbsNode>
<vnsAbsTermNodeCon name="Output1">
<vnsAbsTermConn name="C6">
</vnsAbsTermConn>
</vnsAbsTermNodeCon>
<vnsAbsConnection name="CON1" adjType="L3">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph/AbsTermNodeCon-Output1/AbsTConn"/>
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph/AbsNode-LB1/AbsFConn-outside"/>
</vnsAbsConnection>
<vnsAbsConnection name="CON2">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph/AbsNode-LB1/AbsFConn-inside"/>
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph/AbsTermNodeProv-Input1/AbsTConn"/>
</vnsAbsConnection>
</vnsAbsGraph>
</fvTenant>
</polUni>

Return to XML Files for Configuring Basic Functions, page C-10.

Goto Configurations, page C-1.
CreateContract_lb_http.xml

Configures a contract for load balancing traffic.

<! CreateContract_lb_http.xml -->
<! Create contract for LB -->
<polUni>
<fvTenant dn="uni/tn-silverTenant1" name="silverTenant1">
<vzFilter name="HttpIn">
<vzEntry name="e1" prot="6" dFromPort="80" dToPort="80" etherT="ip"/>
</vzFilter>
<vzFilter name="HttpOut">
<vzEntry name="e1" prot="6" dFromPort="80" etherT="ip"/>
</vzFilter>
<vzFilter name="acl_lb_generic">
<vzEntry name="e1"/>
</vzFilter>
<vzBrCP name="webCtrct1" scope="global">
<vzSubj name="http">

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-31

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

<vzRsSubjFiltAtt tnVzFilterName="acl_lb_generic"/>
</vzSubj>
</vzBrCP>
</fvTenant>
</polUni>

Return to XML Files for Configuring Basic Functions, page C-10.

Goto Configurations, page C-1.
AttachGraphToContract_lb_http.xml

Attaches the service graph to the contract.

<! AttachGraphToContract_lb_http.xml -->
<! Attaches LB service graph to contract -->
<polUni>
<fvTenant name="silverTenant1">
<vzBrCP name="webCtrct1">
<vzSubj name="http">
<vzRsSubjGraphAtt tnVnsAbsGraphName="WebGraph"/>
</vzSubj>
</vzBrCP>
</fvTenant>
</polUni>

Return to XML Files for Configuring Basic Functions, page C-10.

Goto Configurations, page C-1.
CreateServiceGraph_lb_ssl.xml

Creates a service graph (WebGraph_ssl) for SSL Offloading.

<! CreateServiceGraph_lb_ssl.xml -->
<! Create service graph for SSL -->
<polUni>
<fvTenant name="silverTenant1">
<!-- Application Profile -->
<fvAp dn="uni/tn-silverTenant1/ap-Web1-AppProfile" name="Web1-AppProfile">
<!-- EPG 1 -->
<fvAEPg dn="uni/tn-silverTenant1/ap-Web1-AppProfile/epg-Web1-EPG"
name="Web1-EPG">
<fvRsBd tnFvBDName="silverTenant1-BD1" />
<fvRsProv tnVzBrCPName="webCtrct1"></fvRsProv>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="Network" name="network">
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="nsip" name="snip1">
<vnsParamInst key="ipaddress" name="ip1" value="101.16.1.11"/>
<vnsParamInst key="netmask" name="netmask1" value="255.255.255.0"/>
<vnsParamInst key="dynamicrouting" name="dynamicRouting"
value="ENABLED"/>
<vnsParamInst key="hostroute" name="hostroute" value="DISABLED"/>
<vnsParamInst key="type" name="type" value="SNIP"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="nsip" name="snip2">
<vnsParamInst key="ipaddress" name="ip2" value="10.16.1.11"/>
<vnsParamInst key="netmask" name="netmask2" value="255.255.255.0"/>
<vnsParamInst key="dynamicrouting" name="dynamicRouting"
value="DISABLED"/>
<vnsParamInst key="hostroute" name="hostroute" value="DISABLED"/>
<vnsParamInst key="mgmtaccess" name="mgmtaccess" value="ENABLED"/>
<vnsParamInst key="type" name="type" value="SNIP"/>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-32

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver" name="vip-tg-103_lb">
<vnsParamInst name="name" key="name" value="vip-tg-103"/>
<vnsParamInst name="ipv46" key="ipv46" value="101.16.1.103"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-21">
<vnsCfgRelInst key="servicename" name="service-tg-21"
targetName="service-tg-21"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-22">
<vnsCfgRelInst key="servicename" name="service-tg-22"
targetName="service-tg-22"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-23">
<vnsCfgRelInst key="servicename" name="service-tg-23"
targetName="service-tg-23"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-24">
<vnsCfgRelInst key="servicename" name="service-tg-24"
targetName="service-tg-24"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-25">
<vnsCfgRelInst key="servicename" name="service-tg-25"
targetName="service-tg-25"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-26">
<vnsCfgRelInst key="servicename" name="service-tg-26"
targetName="service-tg-26"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-27">
<vnsCfgRelInst key="servicename" name="service-tg-27"
targetName="service-tg-27"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-28">
<vnsCfgRelInst key="servicename" name="service-tg-28"
targetName="service-tg-28"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-29">
<vnsCfgRelInst key="servicename" name="service-tg-29"
targetName="service-tg-29"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-33

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-30">
<vnsCfgRelInst key="servicename" name="service-tg-30"
targetName="service-tg-30"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver" name="vip-tg-104_lb">
<vnsParamInst name="name" key="name" value="vip-tg-104"/>
<vnsParamInst name="ipv46" key="ipv46" value="101.16.1.104"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-31">
<vnsCfgRelInst key="servicename" name="service-tg-31"
targetName="service-tg-31"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-32">
<vnsCfgRelInst key="servicename" name="service-tg-32"
targetName="service-tg-32"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-33">
<vnsCfgRelInst key="servicename" name="service-tg-33"
targetName="service-tg-33"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-34">
<vnsCfgRelInst key="servicename" name="service-tg-34"
targetName="service-tg-34"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-35">
<vnsCfgRelInst key="servicename" name="service-tg-35"
targetName="service-tg-35"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-36">
<vnsCfgRelInst key="servicename" name="service-tg-36"
targetName="service-tg-36"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-37">
<vnsCfgRelInst key="servicename" name="service-tg-37"
targetName="service-tg-37"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-38">
<vnsCfgRelInst key="servicename" name="service-tg-38"
targetName="service-tg-38"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-39">

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-34

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

<vnsCfgRelInst key="servicename" name="service-tg-39"

targetName="service-tg-39"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="lbvserver_service_binding"
name="service-tg-40">
<vnsCfgRelInst key="servicename" name="service-tg-40"
targetName="service-tg-40"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="sslcertkey" name="sp2013.test.ctx-cert">
<vnsParamInst name="certkey" key="certkey"
value="sp2013.test.ctx-cert"/>
<vnsParamInst name="cert" key="cert" value="sp2013-server.cert"/>
<vnsParamInst name="key" key="key" value="sp2013-server.key"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="sslvserver" name="vip-tg-103_ssl">
<vnsParamInst name="vservername" key="vservername" value="vip-tg-103"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" name="sslvserver_binding"
key="sslvserver_sslcertkey_binding">
<vnsCfgRelInst name="certkeyname" key="certkeyname"
targetName="sp2013.test.ctx-cert"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="sslvserver" name="vip-tg-104_ssl">
<vnsParamInst name="vservername" key="vservername" value="vip-tg-104"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" name="sslvserver_binding"
key="sslvserver_sslcertkey_binding">
<vnsCfgRelInst name="certkeyname" key="certkeyname"
targetName="sp2013.test.ctx-cert"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="service" name="service-tg-21">
<vnsParamInst name="name" key="name" value="service-tg-21"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.21"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="service" name="service-tg-22">
<vnsParamInst name="name" key="name" value="service-tg-22"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.22"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="service" name="service-tg-23">
<vnsParamInst name="name" key="name" value="service-tg-23"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.23"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="service" name="service-tg-24">
<vnsParamInst name="name" key="name" value="service-tg-24"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.24"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-35

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

<vnsParamInst name="port" key="port" value="443"/>

</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="service" name="service-tg-25">
<vnsParamInst name="name" key="name" value="service-tg-25"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.25"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="service" name="service-tg-26">
<vnsParamInst name="name" key="name" value="service-tg-26"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.26"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="service" name="service-tg-27">
<vnsParamInst name="name" key="name" value="service-tg-27"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.27"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="service" name="service-tg-28">
<vnsParamInst name="name" key="name" value="service-tg-28"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.28"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="service" name="service-tg-29">
<vnsParamInst name="name" key="name" value="service-tg-29"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.29"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="service" name="service-tg-30">
<vnsParamInst name="name" key="name" value="service-tg-30"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.30"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="service" name="service-tg-31">
<vnsParamInst name="name" key="name" value="service-tg-31"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.31"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="service" name="service-tg-32">
<vnsParamInst name="name" key="name" value="service-tg-32"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.32"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="service" name="service-tg-33">
<vnsParamInst name="name" key="name" value="service-tg-33"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.33"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
</vnsFolderInst>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-36

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"

nodeNameOrLbl="SSL1" key="service" name="service-tg-34">
<vnsParamInst name="name" key="name" value="service-tg-34"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.34"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="service" name="service-tg-35">
<vnsParamInst name="name" key="name" value="service-tg-35"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.35"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="service" name="service-tg-36">
<vnsParamInst name="name" key="name" value="service-tg-36"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.36"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="service" name="service-tg-37">
<vnsParamInst name="name" key="name" value="service-tg-37"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.37"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="service" name="service-tg-38">
<vnsParamInst name="name" key="name" value="service-tg-38"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.38"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="service" name="service-tg-39">
<vnsParamInst name="name" key="name" value="service-tg-39"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.39"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="service" name="service-tg-40">
<vnsParamInst name="name" key="name" value="service-tg-40"/>
<vnsParamInst name="ip" key="ip" value="10.16.2.40"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCnglbvserver" name="Func_vip-tg-103_lb">
<vnsCfgRelInst name="lbvserver_key" key="lbvserver_key"
targetName="vip-tg-103_lb"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCnglbvserver" name="Func_vip-tg-104_lb">
<vnsCfgRelInst name="lbvserver_key" key="lbvserver_key"
targetName="vip-tg-104_lb"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngsslvserver"
name="Func_vip-tg-103_ssl">
<vnsCfgRelInst name="sslvserver_key" key="sslvserver_key"
targetName="vip-tg-103_ssl"/>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-37

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngsslvserver"
name="Func_vip-tg-104_ssl">
<vnsCfgRelInst name="sslvserver_key" key="sslvserver_key"
targetName="vip-tg-104_ssl"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngsslcertkey" name="Func_sslcertkey">
<vnsCfgRelInst name="sslcertkey_key" key="sslcertkey_key"
targetName="sp2013.test.ctx-cert"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-21">
<vnsCfgRelInst name="Func_service-tg-21_key" key="service_key"
targetName="service-tg-21"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-22">
<vnsCfgRelInst name="Func_service-tg-22_key" key="service_key"
targetName="service-tg-22"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-23">
<vnsCfgRelInst name="Func_service-tg-23_key" key="service_key"
targetName="service-tg-23"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-24">
<vnsCfgRelInst name="Func_service-tg-24_key" key="service_key"
targetName="service-tg-24"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-25">
<vnsCfgRelInst name="Func_service-tg-25_key" key="service_key"
targetName="service-tg-25"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-26">
<vnsCfgRelInst name="Func_service-tg-26_key" key="service_key"
targetName="service-tg-26"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-27">
<vnsCfgRelInst name="Func_service-tg-27_key" key="service_key"
targetName="service-tg-27"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-28">
<vnsCfgRelInst name="Func_service-tg-28_key" key="service_key"
targetName="service-tg-28"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-29">
<vnsCfgRelInst name="Func_service-tg-29_key" key="service_key"
targetName="service-tg-29"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-30">
<vnsCfgRelInst name="Func_service-tg-30_key" key="service_key"
targetName="service-tg-30"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-31">

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-38

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

<vnsCfgRelInst name="Func_service-tg-31_key" key="service_key"

targetName="service-tg-31"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-32">
<vnsCfgRelInst name="Func_service-tg-32_key" key="service_key"
targetName="service-tg-32"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-33">
<vnsCfgRelInst name="Func_service-tg-33_key" key="service_key"
targetName="service-tg-33"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-34">
<vnsCfgRelInst name="Func_service-tg-34_key" key="service_key"
targetName="service-tg-34"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-35">
<vnsCfgRelInst name="Func_service-tg-35_key" key="service_key"
targetName="service-tg-35"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-36">
<vnsCfgRelInst name="Func_service-tg-36_key" key="service_key"
targetName="service-tg-36"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-37">
<vnsCfgRelInst name="Func_service-tg-37_key" key="service_key"
targetName="service-tg-37"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-38">
<vnsCfgRelInst name="Func_service-tg-38_key" key="service_key"
targetName="service-tg-38"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-39">
<vnsCfgRelInst name="Func_service-tg-39_key" key="service_key"
targetName="service-tg-39"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="mFCngservice" name="Func_service-tg-40">
<vnsCfgRelInst name="Func_service-tg-40_key" key="service_key"
targetName="service-tg-40"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="external_network" name="external_network">
<vnsCfgRelInst name="external_network_key" key="external_network_key"
targetName="network/snip1" />
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_ssl"
nodeNameOrLbl="SSL1" key="internal_network" name="internal_network">
<vnsCfgRelInst name="internal_network_key" key="internal_network_key"
targetName="network/snip2"/>
</vnsFolderInst>
</fvAEPg>
</fvAp>
</fvTenant>
</polUni>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-39

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

Return to XML Files for Configuring Basic Functions, page C-10.

Goto Configurations, page C-1.
ConfigServiceGraphWithParams_lb_ssl.xml

Configures L4-L7 parameters for the SSL Offloading service graph.

<! ConfigServiceGraphWithParams_lb_ssl.xml -->
<! Configure L4-L7 parameters for SSL Service Graph ->
<polUni>
<fvTenant name="silverTenant1">
<vnsAbsGraph name="WebGraph_ssl">
<vnsAbsTermNodeProv name="Input1">
<vnsAbsTermConn name="C1">
</vnsAbsTermConn>
</vnsAbsTermNodeProv>
<!-- SSL1 Provides SSL Offloading functionality -->
<vnsAbsNode name="SSL1"
funcType="GoTo">
<vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraphWebGraph_ssl/AbsTermNodeProv-Input1/outtmnl"/>
<vnsAbsFuncConn name="outside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler1.0/mFunc-SSLOffload/mConn-external" />
</vnsAbsFuncConn>
<vnsAbsFuncConn name="inside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler1.0/mFunc-SSLOffload/mConn-internal" />
</vnsAbsFuncConn>
<vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/
mFunc-SSLOffload" />
</vnsAbsNode>
<vnsAbsTermNodeCon name="Output1">
<vnsAbsTermConn name="C6">
</vnsAbsTermConn>
</vnsAbsTermNodeCon>
<vnsAbsConnection name="CON1" adjType="L3">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_ssl/AbsTermNodeCon-Output1/AbsTConn"/>
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_ssl/AbsNode-SSL1/AbsFConn-outside"/>
</vnsAbsConnection>
<vnsAbsConnection name="CON2">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_ssl/AbsNode-SSL1/AbsFConn-inside"/>
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_ssl/AbsTermNodeProv-Input1/AbsTConn"/>
</vnsAbsConnection>
</vnsAbsGraph>
</fvTenant>
</polUni>

Return to XML Files for Configuring Basic Functions, page C-10.

Goto Configurations, page C-1.
CreateContract_lb_ssl.xml

Configures a contract for SSL Offloading of generic traffic on the fabric.

<! CreateContract_lb_ssl.xml -->
<! Create contract for SSL -->
<polUni>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-40

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

<fvTenant dn="uni/tn-silverTenant1" name="silverTenant1">

<vzFilter name="HttpsIn">
<vzEntry name="e1" prot="6" dFromPort="443" dToPort="443"
etherT="ip"/>
</vzFilter>
<vzFilter name="HttpsOut">
<vzEntry name="e1" prot="6" dFromPort="443" etherT="ip"/>
</vzFilter>
<vzFilter name="acl_lb_generic">
<vzEntry name="e1"/>
</vzFilter>
<vzBrCP name="webCtrct1" scope="global">
<vzSubj name="https">
<vzRsSubjFiltAtt tnVzFilterName="acl_lb_generic"/>
</vzSubj>
</vzBrCP>
</fvTenant>
</polUni>

Return to XML Files for Configuring Basic Functions, page C-10.

Goto Configurations, page C-1.
AttachGraphToContract_lb_ssl.xml

Attaches the SSL Offloading service graph to a contract.

<! AttachGraphToContract_lb_ssl.xml -->
<! Attaches SSL service graph to contract -->
<polUni>
<fvTenant name="silverTenant1">
<vzBrCP name="webCtrct1">
<vzSubj name="http">
<vzRsSubjGraphAtt tnVnsAbsGraphName="WebGraph_ssl"/>
</vzSubj>
</vzBrCP>
</fvTenant>
</polUni>

Return to XML Files for Configuring Basic Functions, page C-10.

Goto Configurations, page C-1.

XML Files that Configure NetScaler Services for SharePoint

These XML files set up NetScaler services to manage SharePoint traffic on the ACI fabric:

XML for Content Switching

CreateServiceGraph_SP_cs_ssl_1.xml, page C-43

Create a service graph (WebGraph_cs_ssl) for CS with SSL Offloading of SharePoint traffic.
ConfigServiceGraphWithParams_SP_cs_ssl_1.xml, page C-46

Configure service graph with L4-L7 parameters for CS and SSL Offloading for SharePoint
traffic.
CreateServiceGraph_SP_cs_ssl_2.xml , page C-47

Create a second service graph (WebGraph_cs_ssl_2) for CS with SSL Offloading of SharePoint
traffic. Configuring a service graph for Content Switching is a two-step process.
ConfigServiceGraphWithParams_SP_cs_ssl_2.xml , page C-48

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-41

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

Configure graph (WebGraph_cs_ssl_2) with L4-L7 parameters for CS and SSL Offloading for
SharePoint traffic.

XML for Database Content Switching

CreateServiceGraphWithParams_SP_cs_DB_1.xml, page C-49

Create a service graph and configure L4-L7 parameters for Content Switching of Database
CreateServiceGraphWithParams_SP_cs_DB_2.xml, page C-51

Create a second service graph and configure L4-L7 parameters for Content Switching of
Database. Configuring a service graph for Content Switching of Database is a two-step process.

XML for Application Firewall

CreateServiceGraphWithParams_AppFW.xml, page C-56

Create a service graph and configure L4-L7 parameters for AppFW.

ConfigServiceGraph_SP_cs_ssl_1_withAppFW-policy.xml, page C-58

Configures additional L4-L7 parameters for the AppFW service graph that define the binding
of AppFW policy.
ConfigAppFW_block_SQL_injection.xml, page C-62

Configures AppFW to block SQL injection attacks.

ConfigAppFW_block_XSS.xml, page C-63

Configures AppFW to block cross-site scripting (XSS) attacks.

XML for Global Server Load Balancing (GSLB)

CreateServiceGraphWithParams_SP_GSLB_1.xml , page C-66

Create service graph with L4-L7 parameters for a GSLB ADNS configuration.
CreateServiceGraphWithParams_SP_GSLB_2.xml, page C-67

Create a second service graph and configure additional L4-L7 parameters for GSLB.
ConfigParameters_SP_GSLB_DynamicProx.xml, page C-70

Configure L4-L7 parameters for GSLB using distribution by dynamic proximity.

ConfigParameters_SP_GSLB_StaticProx.xml, page C-73

Configure L4-L7 parameters for GSLB using distribution by static proximity.

ConfigParameters_SP_GSLB_LeastConn.xml, page C-76

Configure L4-L7 parameters for GSLB using distribution by least connection.

XML for Content Switching

The following Content Switching XML files are available for reference.

CreateServiceGraph_SP_cs_ssl_1.xml, page C-43

Create a service graph (WebGraph_cs_ssl) for CS with SSL Offloading of SharePoint traffic.

ConfigServiceGraphWithParams_SP_cs_ssl_1.xml, page C-46

Configure service graph with L4-L7 parameters for CS and SSL Offloading for SharePoint traffic.

CreateServiceGraph_SP_cs_ssl_2.xml , page C-47

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-42

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

Create a second service graph (WebGraph_cs_ssl_2) for CS with SSL Offloading of SharePoint
traffic. Configuring a service graph for Content Switching is a two-step process.

ConfigServiceGraphWithParams_SP_cs_ssl_2.xml , page C-48

Configure graph (WebGraph_cs_ssl_2) with L4-L7 parameters for CS and SSL Offloading for
SharePoint traffic.

CreateServiceGraph_SP_cs_ssl_1.xml

Create a service graph (WebGraph_cs_ssl) for CS with SSL Offloading of SharePoint traffic.
<!-- CreateServiceGraph_SP_cs_ssl_1.xml -->
<!-- Create a service graph for CS with SSL Offloading for SharePoint -->
<polUni>
<fvTenant name="silverTenant1">
<fvAp dn="uni/tn-silverTenant1/ap-Web1-AppProfile" name="Web1-AppProfile">
<!-- EPG 1 -->
<fvAEPg dn="uni/tn-silverTenant1/ap-Web1-AppProfile/epg-Web1-EPG"
name="Web1-EPG">
<fvRsBd tnFvBDName="silverTenant1-BD1" />
<fvRsProv tnVzBrCPName="webCtrct1"></fvRsProv>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"
key="Network" name="network">
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"
key="nsip" name="snip1">
<vnsParamInst key="ipaddress" name="ip1" value="101.16.1.11"/>
<vnsParamInst key="netmask" name="netmask1"
value="255.255.255.0"/>
<vnsParamInst key="dynamicrouting" name="dynamicRouting"
value="ENABLED"/>
<vnsParamInst key="hostroute" name="hostroute"
value="DISABLED"/>
<vnsParamInst key="type" name="type" value="SNIP"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"
key="nsip" name="snip2">
<vnsParamInst key="ipaddress" name="ip2" value="10.16.1.11"/>
<vnsParamInst key="netmask" name="netmask2"
value="255.255.255.0"/>
<vnsParamInst key="dynamicrouting" name="dynamicRouting"
value="DISABLED"/>
<vnsParamInst key="hostroute" name="hostroute"
value="DISABLED"/>
<vnsParamInst key="mgmtaccess" name="mgmtaccess"
value="ENABLED"/>
<vnsParamInst key="type" name="type" value="SNIP"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="csvserver" name="vip-CS_SP2013" >
<vnsParamInst name="name" key="name" value="vip-CS_SP2013"/>
<vnsParamInst name="ipv46" key="ipv46" value="101.16.1.121"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"
key="csvserver_cspolicy_binding" name="cspolbind1">

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-43

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

<vnsCfgRelInst key="policyname" name="poll1"

targetName="csPolicy/cspol1"/>
<vnsParamInst name="targetlbvserver" key="targetlbvserver"
value="vip-LB-sp2013-1"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"
key="csvserver_cspolicy_binding" name="cspolbind2">
<vnsCfgRelInst key="policyname" name="poll2"
targetName="csPolicy/cspol2"/>
<vnsParamInst name="targetlbvserver" key="targetlbvserver"
value="vip-LB-sp2013-2"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"
key="csvserver_lbvserver_binding" name="lbind">
<vnsCfgRelInst key="lbvserver" name="lbvserver"
targetName="vip-LB-sp2013-1"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="lbvserver" name="vip-LB-sp2013-1" >
<vnsParamInst name="name" key="name" value="vip-LB-sp2013-1"/>
<vnsParamInst name="ipv46" key="ipv46" value="10.16.1.111"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="port" key="port" value="80"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"
key="lbvserver_service_binding" name="lbService1">
<vnsCfgRelInst key="servicename" name="webservice1"
targetName="service1"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="lbvserver" name="vip-LB-sp2013-2" >
<vnsParamInst name="name" key="name" value="vip-LB-sp2013-2"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="ipv46" key="ipv46" value="10.16.1.112"/>
<vnsParamInst name="port" key="port" value="80"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"
key="lbvserver_service_binding" name="lbService1">
<vnsCfgRelInst key="servicename" name="webservice1"
targetName="service2"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="service" name="service1" >
<vnsParamInst name="name" key="name" value="service-sp2013-1"/>
<vnsParamInst name="ip" key="ip" value="10.1.2.101"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="service" name="service2">
<vnsParamInst name="name" key="name" value="service-sp2013-2"/>
<vnsParamInst name="ip" key="ip" value="10.1.2.102"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
</vnsFolderInst>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-44

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="Policy" name="csPolicy">
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"
key="cspolicy" name="cspol1">
<vnsParamInst name="policyname" key="policyname" value="policy-cs-eng"/>
<vnsParamInst name="url" key="url" value="/sites/Eng/*"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"
key="cspolicy" name="cspol2">
<vnsParamInst name="policyname" key="policyname" value="policy-cs-mkt"/>
<vnsParamInst name="url" key="url" value="/sites/Mkt/*"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="mFCngcsvserver" name="wcsvserver1">
<vnsCfgRelInst name="csvserver_key" key="csvservercsvserver1_key"
targetName="vip-CS_SP2013"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="mFCnglbvserver" name="wlbvserver1">
<vnsCfgRelInst name="lbsverver_key" key="lbvserver_key" targetName="vipLB-sp2013-1"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="mFCnglbvserver" name="wlbvserver2">
<vnsCfgRelInst name="lbsverver_key" key="lbvserver_key" targetName="vipLB-sp2013-2"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="mFCngservice" name="wservice1">
<vnsCfgRelInst name="service_key1" key="service_key"
targetName="service1"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="mFCngservice" name="wservice2">
<vnsCfgRelInst name="service_key1" key="service_key"
targetName="service2"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="mFCngPolicy" name="Pol1">
<vnsCfgRelInst name="Policy_key" key="Policy_key"
targetName="csPolicy/cspol1"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="mFCngPolicy" name="Pol2">
<vnsCfgRelInst name="Policy_key" key="Policy_key"
targetName="csPolicy/cspol2"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="external_network"
name="external_network">
<vnsCfgRelInst name="internal_network_key" key="external_network_key"
targetName="network/snip1"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="internal_network"
name="internal_network">
<vnsCfgRelInst name="external_network_key" key="internal_network_key"
targetName="network/snip2"/>
</vnsFolderInst>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-45

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

</fvAEPg>
</fvAp>
</fvTenant>
</polUni>

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
ConfigServiceGraphWithParams_SP_cs_ssl_1.xml

Configure service graph with L4-L7 parameters for CS and SSL Offloading for SharePoint traffic.
<! ConfigServiceGraphWithParams_SP_cs_ssl_1.xml -->
<! Configure L4-L7 parameters for CS and SSL Offloading for SharePoint -->
<polUni>
<fvTenant name="silverTenant1">
<vnsAbsGraph name="WebGraph_cs_ssl">
<vnsAbsTermNodeProv name="Input1">
<vnsAbsTermConn name="C1">
</vnsAbsTermConn>
</vnsAbsTermNodeProv>
<!-- CS_SSL_1 Provides CS and SSL Offload functionality -->
<vnsAbsNode name="CS_SSL_1" funcType="GoTo">
<vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl/AbsTermNodeProv-Input1/outtmnl"/>
<vnsAbsFuncConn name="outside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler1.0/mFunc-ContentSwitching/mConn-external" />
</vnsAbsFuncConn>
<vnsAbsFuncConn name="inside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler1.0/mFunc-ContentSwitching/mConn-internal" />
</vnsAbsFuncConn>
<vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler1.0/mFunc-ContentSwitching"/>
</vnsAbsNode>
<vnsAbsTermNodeCon name="Output1">
<vnsAbsTermConn name="C6">
</vnsAbsTermConn>
</vnsAbsTermNodeCon>
<vnsAbsConnection name="CON1" adjType="L3">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl/AbsTermNodeCon-Output1/AbsTConn"/>
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl/AbsNode-CS_SSL_1/AbsFConn-outside"/>
</vnsAbsConnection>
<vnsAbsConnection name="CON2">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl/AbsNode-CS_SSL_1/AbsFConn-inside"/>
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl/AbsTermNodeProv-Input1/AbsTConn"/>
</vnsAbsConnection>
</vnsAbsGraph>
</fvTenant>
</polUni>

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-46

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

CreateServiceGraph_SP_cs_ssl_2.xml

Create a second service graph (WebGraph_cs_ssl_2) for CS with SSL Offloading of SharePoint
traffic. Configuring a service graph for Content Switching is a two-step process.
<! CreateServiceGraph_SP_cs_ssl_2.xml -->
<! Create a service graph for CS with SSL Offloading of SharePoint -->
<polUni>
<fvTenant name="silverTenant1">
<fvAp dn="uni/tn-silverTenant1/ap-Web1-AppProfile" name="Web1-AppProfile">
<!-- EPG 1 -->
<fvAEPg dn="uni/tn-silverTenant1/ap-Web1-AppProfile/epg-Web1-EPG"
name="Web1-EPG">
<fvRsBd tnFvBDName="silverTenant1-BD1" />
<fvRsProv tnVzBrCPName="webCtrct1"></fvRsProv>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl_2" nodeNameOrLbl="CS_SSL_2"
key="Network" name="network">
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl_2"
nodeNameOrLbl="CS_SSL_2" key="nsip" name="snip1">
<vnsParamInst key="ipaddress" name="ip1" value="101.16.1.11"/>
<vnsParamInst key="netmask" name="netmask1" value="255.255.255.0"/>
<vnsParamInst key="dynamicrouting" name="dynamicRouting"
value="ENABLED"/>
<vnsParamInst key="hostroute" name="hostroute" value="DISABLED"/>
<vnsParamInst key="type" name="type" value="SNIP"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl_2"
nodeNameOrLbl="CS_SSL_2" key="nsip" name="snip2">
<vnsParamInst key="ipaddress" name="ip2" value="10.16.1.11"/>
<vnsParamInst key="netmask" name="netmask2" value="255.255.255.0"/>
<vnsParamInst key="dynamicrouting" name="dynamicRouting"
value="DISABLED"/>
<vnsParamInst key="hostroute" name="hostroute" value="DISABLED"/>
<vnsParamInst key="mgmtaccess" name="mgmtaccess" value="ENABLED"/>
<vnsParamInst key="type" name="type" value="SNIP"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl_2"
nodeNameOrLbl="CS_SSL_2" key="sslcertkey" name="sp2013.test.ctx-cert" >
<vnsParamInst name="certkey" key="certkey" value="sp2013.test.ctx-cert"/>
<vnsParamInst name="cert" key="cert" value="sp2013-server.cert"/>
<vnsParamInst name="key" key="key" value="sp2013-server.key"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl_2"
nodeNameOrLbl="CS_SSL_2" key="sslvserver" name="vip-CS_SP2013_ssl">
<vnsParamInst name="vservername" key="vservername" value="vip-CS_SP2013"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl_2" nodeNameOrLbl="CS_SSL_2"
key="sslvserver_sslcertkey_binding" name="certkeyBind">
<vnsCfgRelInst name="certkeyname" key="certkeyname"
targetName="sp2013.test.ctx-cert"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl_2"
nodeNameOrLbl="CS_SSL_2" key="mFCngsslvserver" name="mFCngsslvserver2">
<vnsCfgRelInst name="sslvserver_key" key="sslvserver_key"
targetName="vip-CS_SP2013_ssl"/>
</vnsFolderInst>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-47

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl_2"
nodeNameOrLbl="CS_SSL_2" key="mFCngsslcertkey" name="mFCngsslcertkey2">
<vnsCfgRelInst name="sslcertkey_key" key="sslcertkey_key"
targetName="sp2013.test.ctx-cert"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl_2"
nodeNameOrLbl="CS_SSL_2" key="external_network" name="external_network">
<vnsCfgRelInst name="internal_network_key" key="external_network_key"
targetName="network/snip1"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl_2"
nodeNameOrLbl="CS_SSL_2" key="internal_network" name="internal_network">
<vnsCfgRelInst name="external_network_key" key="internal_network_key"
targetName="network/snip2"/>
</vnsFolderInst>
</fvAEPg>
</fvAp>
</fvTenant>
</polUni>

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
ConfigServiceGraphWithParams_SP_cs_ssl_2.xml

Configure graph (WebGraph_cs_ssl_2) with L4-L7 parameters for CS and SSL Offloading for
SharePoint traffic.
<! ConfigServiceGraphWithParams_SP_cs_ssl_2.xml -->
<! Configure additional L4-L7 parameters for CS and SSL Offloading for SharePoint -->
<polUni>
<fvTenant name="silverTenant1">
<vnsAbsGraph name="WebGraph_cs_ssl_2">
<vnsAbsTermNodeProv name="Input1">
<vnsAbsTermConn name="C1">
</vnsAbsTermConn>
</vnsAbsTermNodeProv>
<!-- CS_SSL_2 Provides CS and SSL Offload functionality -->
<vnsAbsNode name="CS_SSL_2" funcType="GoTo" >
<vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl_2/AbsTermNodeProv-Input1/outtmnl"/>
<vnsAbsFuncConn name="outside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncSSLOffload/mConn-external" />
</vnsAbsFuncConn>
<vnsAbsFuncConn name="inside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncSSLOffload/mConn-internal" />
</vnsAbsFuncConn>
<vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncSSLOffload"/>
</vnsAbsNode>
<vnsAbsTermNodeCon name="Output1">
<vnsAbsTermConn name="C6">
</vnsAbsTermConn>
</vnsAbsTermNodeCon>
<vnsAbsConnection name="CON1" adjType="L3">

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-48

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl_2/AbsTermNodeCon-Output1/AbsTConn"/>
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl_2/AbsNode-CS_SSL_2/AbsFConn-outside"/>
</vnsAbsConnection>
<vnsAbsConnection name="CON2">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl_2/AbsNode-CS_SSL_2/AbsFConn-inside"/>
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_cs_ssl_2/AbsTermNodeProv-Input1/AbsTConn"/>
</vnsAbsConnection>
</vnsAbsGraph>
</fvTenant>
</polUni>

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.

XML for Database Content Switching

The following Database Content Switching XML files are available for reference.

CreateServiceGraphWithParams_SP_cs_DB_1.xml, page C-49

Create a service graph and configure L4-L7 parameters for Content Switching of Database

CreateServiceGraphWithParams_SP_cs_DB_2.xml, page C-51

Create a second service graph and configure L4-L7 parameters for Content Switching of Database.
Configuring a service graph for Content Switching of Database is a two-step process.

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
CreateServiceGraphWithParams_SP_cs_DB_1.xml

Create a service graph and configure L4-L7 parameters for Content Switching of Database
<!-- CreateServiceGraphWithParams_SP_cs_DB_1.xml -->
<!-- Create service graph and L4-L7 parameters for CS of Database -->
<polUni>
<fvTenant name="silverTenant1"> <!-- DB configuration -->
<vnsAbsGraph name = "WebGraph_CS_DB_2">
<vnsAbsTermNodeProv name = "Input1">
<vnsAbsTermConn name = "C1">
</vnsAbsTermConn>
</vnsAbsTermNodeProv>
<vnsAbsNode name = "CS_DB_2" funcType="GoTo" >
<vnsAbsFuncConn name = "outside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncDataStream/mConn-external" />
</vnsAbsFuncConn>
<vnsAbsFuncConn name = "inside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncDataStream/mConn-internal" />
</vnsAbsFuncConn>
<vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncDataStream"/>
<vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_DB_2/AbsTermNodeProv-Input1/outtmnl"/>
<!-- Device Configuration -->
<vnsAbsDevCfg>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-49

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

<vnsAbsFolder key="Network" name="network" scopedBy="epg">

<vnsAbsFolder key="nsip" name="snip1">
<vnsAbsParam key="ipaddress" name="ip1" value="101.16.1.11"/>
<vnsAbsParam key="netmask" name="netmask1" value="255.255.255.0"/>
<vnsAbsParam key="type" name="type" value="SNIP"/>
<vnsAbsParam key="dynamicrouting" name="dynamicrouting"
value="ENABLED"/>
<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>
</vnsAbsFolder>
<vnsAbsFolder key="nsip" name="snip2">
<vnsAbsParam key="ipaddress" name="ip2" value="10.16.1.11"/>
<vnsAbsParam key="netmask" name="netmask2" value="255.255.255.0"/>
<vnsAbsParam key="type" name="type" value="SNIP"/>
<vnsAbsParam key="dynamicrouting" name="dynamicrouting"
value="DISABLED"/>
<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="dbuser" name="dbUser1" scopedBy="epg">
<vnsAbsParam name="username" key="username" value="sa"/>
<vnsAbsParam name="password" key="password" value="Citrix123"/>
</vnsAbsFolder>
</vnsAbsDevCfg>
<!-- Function Configuration -->
<vnsAbsFuncCfg>
<vnsAbsFolder key="mFCngdbuser" name="dbuser1" scopedBy="epg">
<vnsAbsCfgRel name="dbuser_key" key="dbuser_key"
targetName="dbUser1"/>
</vnsAbsFolder>
<vnsAbsFolder key="external_network" name="external_network"
scopedBy="epg">
<vnsAbsCfgRel name="external_network_key" key="external_network_key"
targetName="network/snip1"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_DB_2/AbsNode-CS_DB_2/AbsFConn-outside" />
</vnsAbsFolder>
<vnsAbsFolder key="internal_network" name="internal_network"
scopedBy="epg">
<vnsAbsCfgRel name="internal_network_key" key="internal_network_key"
targetName="network/snip2"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_DB_2/AbsNode-CS_DB_2/AbsFConn-inside" />
</vnsAbsFolder>
</vnsAbsFuncCfg>
</vnsAbsNode>
<vnsAbsTermNodeCon name = "Output1">
<vnsAbsTermConn name = "C6">
</vnsAbsTermConn>
</vnsAbsTermNodeCon>
<vnsAbsConnection name = "CON1">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_DB_2/AbsTermNodeCon-Output1/AbsTConn" />
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_DB_2/AbsNode-CS_DB_2/AbsFConn-outside" />
</vnsAbsConnection>
<vnsAbsConnection name = "CON2">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_DB_2/AbsNode-CS_DB_2/AbsFConn-inside" />
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_DB_2/AbsTermNodeProv-Input1/AbsTConn" />
</vnsAbsConnection>
</vnsAbsGraph>
</fvTenant>
</polUni>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-50

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
CreateServiceGraphWithParams_SP_cs_DB_2.xml

Create a second service graph and configure L4-L7 parameters for Content Switching of Database.
Configuring a service graph for Content Switching of Database is a two-step process.
<!-- CreateServiceGraphWithParams_SP_cs_DB_2.xml -->
<!-- Create service graph with L4-L7 parameters for CS of Database -->
<polUni>
<fvTenant name="silverTenant1"> <!-- CS / DB configuration -->
<vnsAbsGraph name = "WebGraph_CS_DB">
<vnsAbsTermNodeProv name = "Input1">
<vnsAbsTermConn name = "C1">
</vnsAbsTermConn>
</vnsAbsTermNodeProv>
<vnsAbsNode name = "CS_DB" funcType="GoTo" >
<vnsAbsFuncConn name = "outside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncContentSwitching/mConn-external" />
</vnsAbsFuncConn>
<vnsAbsFuncConn name = "inside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncContentSwitching/mConn-internal" />
</vnsAbsFuncConn>
<vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncContentSwitching"/>
<vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_DB/AbsTermNodeProv-Input1/outtmnl"/>
<vnsAbsDevCfg>
<vnsAbsFolder key="Network" name="network" scopedBy="epg">
<vnsAbsFolder key="nsip" name="snip1">
<vnsAbsParam key="ipaddress" name="ip1" value="101.16.1.11"/>
<vnsAbsParam key="netmask" name="netmask1"
value="255.255.255.0"/>
<vnsAbsParam key="type" name="type" value="SNIP"/>
<vnsAbsParam key="dynamicrouting" name="dynamicrouting"
value="ENABLED"/>
<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>
</vnsAbsFolder>
<vnsAbsFolder key="nsip" name="snip2">
<vnsAbsParam key="ipaddress" name="ip2" value="10.16.1.11"/>
<vnsAbsParam key="netmask" name="netmask2"
value="255.255.255.0"/>
<vnsAbsParam key="type" name="type" value="SNIP"/>
<vnsAbsParam key="dynamicrouting" name="dynamicrouting"
value="DISABLED"/>
<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="csvserver" name="csvserver1" scopedBy="epg">
<vnsAbsParam name="name" key="name" value="vip-MSSQL_CS"/>
<vnsAbsParam name="ipv46" key="ipv46" value="10.16.1.122"/>
<vnsAbsParam name="servicetype" key="servicetype" value="MSSQL"/>
<vnsAbsParam name="port" key="port" value="1433"/>
<vnsAbsParam name="mssqlserverversion" key="mssqlserverversion"
value="2012"/>
<vnsAbsFolder key="csvserver_cspolicy_binding" name="cspolbind1">
<vnsAbsCfgRel key="policyname" name="poll1"
targetName="csPolicy/cs_pol1"/>
<vnsAbsParam name="priority" key="priority" value="10"/>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-51

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

<vnsAbsParam name="targetlbvserver" key="targetlbvserver"

value="vip-mssql-LB_READ"/>
</vnsAbsFolder>
<vnsAbsFolder key="csvserver_cspolicy_binding" name="cspolbind2">
<vnsAbsCfgRel key="policyname" name="poll2"
targetName="csPolicy/cs_pol2"/>
<vnsAbsParam name="priority" key="priority" value="20"/>
<vnsAbsParam name="targetlbvserver" key="targetlbvserver"
value="vip-mssql-LB_READ"/>
</vnsAbsFolder>
<vnsAbsFolder key="csvserver_lbvserver_binding" name="cslbbind">
<vnsAbsCfgRel key="lbvserver" name="cslb3"
targetName="lbvserver2"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="lbvserver" name="lbvserver1" scopedBy="epg">
<vnsAbsParam name="name" key="name" value="vip-mssql-LB_READ"/>
<vnsAbsParam name="servicetype" key="servicetype" value="MSSQL"/>
<vnsAbsParam name="ipv46" key="ipv46" value="10.16.1.151"/>
<vnsAbsParam name="port" key="port" value="1433"/>
<vnsAbsParam name="mssqlserverversion" key="mssqlserverversion"
value="2012"/>
<vnsAbsFolder key="lbvserver_service_binding" name="lbService1">
<vnsAbsCfgRel key="servicename" name="webservice1"
targetName="service1_db"/>
</vnsAbsFolder>
<vnsAbsFolder key="lbvserver_service_binding" name="lbService2">
<vnsAbsCfgRel key="servicename" name="webservice2"
targetName="service2_db"/>
</vnsAbsFolder>
<vnsAbsFolder key="lbvserver_service_binding" name="lbService3">
<vnsAbsCfgRel key="servicename" name="webservice3"
targetName="service3_db"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="lbvserver" name="lbvserver2" scopedBy="epg">
<vnsAbsParam name="name" key="name" value="vip-mssqlLB_WRITE"/>
<vnsAbsParam name="servicetype" key="servicetype"
value="MSSQL"/>
<vnsAbsParam name="ipv46" key="ipv46" value="10.16.1.152"/>
<vnsAbsParam name="port" key="port" value="1433"/>
<vnsAbsParam name="mssqlserverversion" key="mssqlserverversion"
value="2012"/>
<vnsAbsFolder key="lbvserver_service_binding"
name="lbService3">
<vnsAbsCfgRel key="servicename" name="webservice1"
targetName="service4_db"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="service" name="service1_db" scopedBy="epg">
<vnsAbsParam name="name" key="name" value="sql-1.test.ctx"/>
<vnsAbsParam name="ip" key="ip" value="10.1.3.101"/>
<vnsAbsParam name="servicetype" key="servicetype"
value="MSSQL"/>
<vnsAbsParam name="port" key="port" value="1433"/>
<vnsAbsFolder key="service_lbmonitor_binding"
name="servMonBind1">
<vnsAbsCfgRel key="monitor_name" name="monitor_name"
targetName="lbMon1"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="service" name="service2_db" scopedBy="epg">
<vnsAbsParam name="name" key="name" value="sql-2.test.ctx"/>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-52

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

<vnsAbsParam name="ip" key="ip" value="10.1.3.102"/>

<vnsAbsParam name="servicetype" key="servicetype"
value="MSSQL"/>
<vnsAbsParam name="port" key="port" value="1433"/>
<vnsAbsFolder key="service_lbmonitor_binding"
name="servMonBind1">
<vnsAbsCfgRel key="monitor_name" name="monitor_name"
targetName="lbMon2"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="service" name="service3_db" scopedBy="epg">
<vnsAbsParam name="name" key="name" value="sql-3.test.ctx"/>
<vnsAbsParam name="ip" key="ip" value="10.1.3.103"/>
<vnsAbsParam name="servicetype" key="servicetype"
value="MSSQL"/>
<vnsAbsParam name="port" key="port" value="1433"/>
<vnsAbsFolder key="service_lbmonitor_binding"
name="servMonBind1">
<vnsAbsCfgRel key="monitor_name" name="monitor_name"
targetName="lbMon3"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="service" name="service4_db" scopedBy="epg">
<vnsAbsParam name="name" key="name" value="sql_listener"/>
<vnsAbsParam name="ip" key="ip" value="10.1.3.105"/>
<vnsAbsParam name="servicetype" key="servicetype"
value="MSSQL"/>
<vnsAbsParam name="port" key="port" value="1433"/>
</vnsAbsFolder>
<vnsAbsFolder key="lbmonitor" name="lbMon1" scopedBy="epg">
<vnsAbsParam name="monitorname" key="monitorname"
value="read_replica1"/>
<vnsAbsParam name="type" key="type" value="MSSQL-ECV"/>
<vnsAbsParam name="sqlquery" key="sqlquery" value="select role,
role_desc from sys.dm_hadr_availability_replica_states as A,
sys.dm_hadr_availability_replica_cluster_states as B where
(A.replica_id = B.replica_id and B.replica_server_name =
'sql-1') and A.group_id in (select ag_id from
sys.dm_hadr_name_id_map where ag_name =
'AG_SharePoint_2013')"/>
<vnsAbsParam name="evalrule" key="evalrule"
value="MSSQL.RES.ROW(0).TEXT_ELEM(1)
.EQ(&quot;SECONDARY&quot;)"/>
<vnsAbsParam name="username" key="username" value="sa"/>
</vnsAbsFolder>
<vnsAbsFolder key="lbmonitor" name="lbMon2" scopedBy="epg">
<vnsAbsParam name="monitorname" key="monitorname"
value="read_replica2"/>
<vnsAbsParam name="type" key="type" value="MSSQL-ECV"/>
<vnsAbsParam name="sqlquery" key="sqlquery" value="select role,
role_desc from sys.dm_hadr_availability_replica_states as A,
sys.dm_hadr_availability_replica_cluster_states as B where
(A.replica_id = B.replica_id and B.replica_server_name =
'sql-2') and A.group_id in (select ag_id from
sys.dm_hadr_name_id_map where ag_name =
'AG_SharePoint_2013')"/>
<vnsAbsParam name="evalrule" key="evalrule"
value="MSSQL.RES.ROW(0).TEXT_ELEM(1).EQ(&quot;
SECONDARY&quot;)"/>
<vnsAbsParam name="username" key="username" value="sa"/>
</vnsAbsFolder>
<vnsAbsFolder key="lbmonitor" name="lbMon3" scopedBy="epg">
<vnsAbsParam name="monitorname" key="monitorname"
value="read_replica3"/>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-53

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

<vnsAbsParam name="type" key="type" value="MSSQL-ECV"/>

<vnsAbsParam name="sqlquery" key="sqlquery" value="select role,
role_desc from sys.dm_hadr_availability_replica_states as A,
sys.dm_hadr_availability_replica_cluster_states as B where
(A.replica_id = B.replica_id and B.replica_server_name =
'sql-3') and A.group_id in (select ag_id from
sys.dm_hadr_name_id_map where ag_name =
'AG_SharePoint_2013')"/>
<vnsAbsParam name="evalrule" key="evalrule"
value="MSSQL.RES.ROW(0).TEXT_ELEM(1).EQ(&quot;
SECONDARY&quot;)"/>
<vnsAbsParam name="username" key="username" value="sa"/>
</vnsAbsFolder>
<vnsAbsFolder key="Policy" name="csPolicy" scopedBy="epg">
<vnsAbsFolder key="cspolicy" name="cs_pol1">
<vnsAbsParam name="policyname" key="policyname"
value="CS_Read1"/>
<vnsAbsParam name="rule" key="rule"
value="MSSQL.CLIENT.TYPEFLAGS.BITAND(32).EQ(32)"/>
</vnsAbsFolder>
<vnsAbsFolder key="cspolicy" name="cs_pol2">
<vnsAbsParam name="policyname" key="policyname"
value="CS_Read2"/>
<vnsAbsParam name="rule" key="rule"
value="MSSQL.REQ.QUERY.COMMAND.SET_TEXT_MODE(IGNORECASE)
.EQ(&quot;select&quot;)"/>
</vnsAbsFolder>
<vnsAbsFolder key="responderpolicy" name="respPol">
<vnsAbsParam name="name" key="name"
value="Top_MSSQL_QUERY_RPC_LBVSERVER"/>
<vnsAbsParam name="rule" key="rule"
value="ANALYTICS.STREAM
(&quot;Top_MSSQL_QUERY_RPC_LBVSERVER&quot;)
.COLLECT_STATS"/>
<vnsAbsCfgRel key="action" name="action" targetName="noOP"/>
<vnsAbsCfgRel key="logaction" name="logaction"
targetName="auditMsgAction"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="responderaction" name="noOP" scopedBy="epg">
<vnsAbsParam name="name" key="name" value="OPnahi"/>
<vnsAbsParam name="type" key="type" value="noop"/>
<vnsAbsParam name="target" key="target" value="dummy_arg"/>
</vnsAbsFolder>
<vnsAbsFolder key="auditmessageaction" name="auditMsgAction"
scopedBy="epg">
<vnsAbsParam name="name" key="name" value="db_log"/>
<vnsAbsParam name="loglevel" key="loglevel" value="ALERT"/>
<vnsAbsParam name="stringbuilderexpr" key="stringbuilderexpr"
value="'MSSQL.REQ.RPC.NAME + &quot; accessed by &quot;
+ MSSQL.CLIENT.USER + &quot; from &quot; + CLIENT.IP.SRC'"/>
</vnsAbsFolder>
</vnsAbsDevCfg>
<vnsAbsFuncCfg>
<vnsAbsFolder key="mFCngcsvserver" name="wcsvserver1" scopedBy="epg">
<vnsAbsCfgRel name="csvserver_key" key="csvserver_key"
targetName="csvserver1"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_DB/AbsNode-CS_DB/AbsFConn-outside" />
</vnsAbsFolder>
<vnsAbsFolder key="mFCnglbvserver" name="wlbvserver1" scopedBy="epg">
<vnsAbsCfgRel name="lbsverver_key" key="lbvserver_key"
targetName="lbvserver1"/>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-54

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_DB/AbsNode-CS_DB/AbsFConn-outside" />

</vnsAbsFolder>
<vnsAbsFolder key="mFCnglbvserver" name="wlbvserver2" scopedBy="epg">
<vnsAbsCfgRel name="lbsverver_key" key="lbvserver_key"
targetName="lbvserver2"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_DB/AbsNode-CS_DB/AbsFConn-outside" />
</vnsAbsFolder>
<vnsAbsFolder key="mFCngservice" name="wservice1" scopedBy="epg">
<vnsAbsCfgRel name="service_key" key="service_key"
targetName="service1_db"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_DB/AbsNode-CS_DB/AbsFConn-inside" />
</vnsAbsFolder>
<vnsAbsFolder key="mFCngservice" name="wservice2" scopedBy="epg">
<vnsAbsCfgRel name="service_key" key="service_key"
targetName="service2_db"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_DB/AbsNode-CS_DB/AbsFConn-inside" />
</vnsAbsFolder>
<vnsAbsFolder key="mFCngservice" name="wservice3" scopedBy="epg">
<vnsAbsCfgRel name="service_key" key="service_key"
targetName="service3_db"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_DB/AbsNode-CS_DB/AbsFConn-inside" />
</vnsAbsFolder>
<vnsAbsFolder key="mFCngservice" name="wservice4" scopedBy="epg">
<vnsAbsCfgRel name="service_key" key="service_key"
targetName="service4_db"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_DB/AbsNode-CS_DB/AbsFConn-inside" />
</vnsAbsFolder>
<vnsAbsFolder key="mFCnglbmonitor" name="LBMON1" scopedBy="epg">
<vnsAbsCfgRel name="lbmonitor_key" key="lbmonitor_key"
targetName="lbMon1"/>
</vnsAbsFolder>
<vnsAbsFolder key="mFCnglbmonitor" name="LBMON2" scopedBy="epg">
<vnsAbsCfgRel name="lbmonitor_key" key="lbmonitor_key"
targetName="lbMon2"/>
</vnsAbsFolder>
<vnsAbsFolder key="mFCnglbmonitor" name="LBMON3" scopedBy="epg">
<vnsAbsCfgRel name="lbmonitor_key" key="lbmonitor_key"
targetName="lbMon3"/>
</vnsAbsFolder>
<vnsAbsFolder key="mFCngPolicy" name="Pol1" scopedBy="epg">
<vnsAbsCfgRel name="Policy_key" key="Policy_key"
targetName="csPolicy/cs_pol1"/>
</vnsAbsFolder>
<vnsAbsFolder key="mFCngPolicy" name="Pol2" scopedBy="epg">
<vnsAbsCfgRel name="Policy_key" key="Policy_key"
targetName="csPolicy/cs_pol2"/>
</vnsAbsFolder>
<vnsAbsFolder key="mFCngPolicy" name="Pol3" scopedBy="epg">
<vnsAbsCfgRel name="Policy_key" key="Policy_key"
targetName="csPolicy/respPol"/>
</vnsAbsFolder>
<vnsAbsFolder key="external_network" name="external_network"
scopedBy="epg">
<vnsAbsCfgRel name="external_network_key"
key="external_network_key" targetName="network/snip1"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_DB/AbsNode-CS_DB/AbsFConn-outside" />
</vnsAbsFolder>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-55

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

<vnsAbsFolder key="internal_network" name="internal_network"

scopedBy="epg">
<vnsAbsCfgRel name="internal_network_key"
key="internal_network_key" targetName="network/snip2"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_DB/AbsNode-CS_DB/AbsFConn-inside" />
</vnsAbsFolder>
</vnsAbsFuncCfg>
</vnsAbsNode>
<vnsAbsTermNodeCon name = "Output1">
<vnsAbsTermConn name = "C6">
</vnsAbsTermConn>
</vnsAbsTermNodeCon>
<vnsAbsConnection name = "CON1">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_DB/AbsTermNodeCon-Output1/AbsTConn" />
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_DB/AbsNode-CS_DB/AbsFConn-outside" />
</vnsAbsConnection>
<vnsAbsConnection name = "CON2">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_DB/AbsNode-CS_DB/AbsFConn-inside" />
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_DB/AbsTermNodeProv-Input1/AbsTConn" />
</vnsAbsConnection>
</vnsAbsGraph>
</fvTenant>
</polUni>

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.

XML for Application Firewall

The following Application Firewall XML files are available for reference.

CreateServiceGraphWithParams_AppFW.xml, page C-56

Create a service graph and configure L4-L7 parameters for AppFW.

ConfigServiceGraph_SP_cs_ssl_1_withAppFW-policy.xml, page C-58

Configure additional L4-L7 parameters for the AppFW service graph that define the binding of
AppFW policy.

ConfigAppFW_block_SQL_injection.xml, page C-62

Configure AppFW to block SQL injection attacks.

ConfigAppFW_block_XSS.xml, page C-63

Configure AppFW to block cross-site scripting (XSS) attacks.

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
CreateServiceGraphWithParams_AppFW.xml

Create a service graph and configure L4-L7 parameters for AppFW.

<!-- CreateServiceGraphWithParams_AppFW.xml -->
<!-- Create service graph and L4-L7 parameters for AppFW -->
<polUni>
<fvTenant name="silverTenant1">

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-56

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

<vnsAbsGraph name = "WebGraph_CS_AppFW_1">

<vnsAbsTermNodeProv name = "Input1">
<vnsAbsTermConn name = "C1">
</vnsAbsTermConn>
</vnsAbsTermNodeProv>
<vnsAbsNode name = "CS_AppFW_1" funcType="GoTo" >
<vnsAbsFuncConn name = "outside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncApplicationFirewall/mConn-external" />
</vnsAbsFuncConn>
<vnsAbsFuncConn name = "inside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncApplicationFirewall/mConn-internal" />
</vnsAbsFuncConn>
<vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncApplicationFirewall"/>
<vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_AppFW_1/AbsTermNodeProv-Input1/outtmnl"/>
<vnsAbsDevCfg>
<vnsAbsFolder key="Network" name="network" scopedBy="epg">
<vnsAbsFolder key="nsip" name="snip1">
<vnsAbsParam key="ipaddress" name="ip1" value="101.16.1.11"/>
<vnsAbsParam key="netmask" name="netmask1" value="255.255.255.0"/>
<vnsAbsParam key="type" name="type" value="SNIP"/>
<vnsAbsParam key="dynamicrouting" name="dynamicrouting" value="ENABLED"/>
<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>
</vnsAbsFolder>
<vnsAbsFolder key="nsip" name="snip2">
<vnsAbsParam key="ipaddress" name="ip2" value="10.16.1.11"/>
<vnsAbsParam key="netmask" name="netmask2" value="255.255.255.0"/>
<vnsAbsParam key="type" name="type" value="SNIP"/>
<vnsAbsParam key="dynamicrouting" name="dynamicrouting"
value="DISABLED"/>
<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="appfwprofile" name="apppro" scopedBy="epg">
<vnsAbsParam name="name" key="name" value="Sharepoint_SharePoint_sig"/>
<vnsAbsParam name="starturlaction" key="starturlaction" value="block learn
log stats"/>
<vnsAbsParam name="starturlclosure" key="starturlclosure" value="ON"/>
<vnsAbsParam name="signatures" key="signatures" value="mssharepoint"/>
<vnsAbsFolder key="appfwprofile_starturl_binding" name="appFw_1">
<vnsAbsParam key="starturl" name="starturl"
value="^https://sp2013.test.ctx(\\:)*(\\d)*/sites/Eng(/)?"/>
</vnsAbsFolder>
<vnsAbsFolder key="appfwprofile_starturl_binding" name="appFw_2">
<vnsAbsParam key="starturl" name="starturl"
value="^https://sp2013.test.ctx(\\:)*(\\d)*/sites/Mkt(/)?"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="Policy" name="csPolicy" scopedBy="epg">
<vnsAbsFolder key="appfwpolicy" name="apppol" scopedBy="epg">
<vnsAbsParam name="name" key="name" value="Sharepoint_SharePoint_sig"/>
<vnsAbsParam name="rule" key="rule"
value="HTTP.REQ.HOSTNAME.EQ(&quot;sp2013.test.ctx&quot;)"/>
<vnsAbsCfgRel key="profilename" name="cslb3" targetName="apppro"/>
</vnsAbsFolder>
</vnsAbsFolder>
</vnsAbsDevCfg>
<vnsAbsFuncCfg>
<vnsAbsFolder key="mFCngappfwprofile" name="appfwprofile1" scopedBy="epg">

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-57

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

<vnsAbsCfgRel name="appfwprofile_key" key="appfwprofile_key"

targetName="apppro"/>
</vnsAbsFolder>
<vnsAbsFolder key="mFCngPolicy" name="FwPol" scopedBy="epg">
<vnsAbsCfgRel name="Policy_key" key="Policy_key"
targetName="csPolicy/apppol"/>
</vnsAbsFolder>
<vnsAbsFolder key="external_network" name="external_network"
scopedBy="epg">
<vnsAbsCfgRel name="external_network_key" key="external_network_key"
targetName="network/snip1"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_AppFW_1/AbsNode-CS_AppFW_1/AbsFConn-inside" />
</vnsAbsFolder>
<vnsAbsFolder key="internal_network" name="internal_network"
scopedBy="epg">
<vnsAbsCfgRel name="internal_network_key" key="internal_network_key"
targetName="network/snip2"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_AppFW_1/AbsNode-CS_AppFW_1/AbsFConn-outside" />
</vnsAbsFolder>
</vnsAbsFuncCfg>
</vnsAbsNode>
<vnsAbsTermNodeCon name = "Output1">
<vnsAbsTermConn name = "C6">
</vnsAbsTermConn>
</vnsAbsTermNodeCon>
<vnsAbsConnection name = "CON1">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_AppFW_1/AbsTermNodeCon-Output1/AbsTConn" />
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_AppFW_1/AbsNode-CS_AppFW_1/AbsFConn-outside" />
</vnsAbsConnection>
<vnsAbsConnection name = "CON2">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_AppFW_1/AbsNode-CS_AppFW_1/AbsFConn-inside" />
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_AppFW_1/AbsTermNodeProv-Input1/AbsTConn" />
</vnsAbsConnection>
</vnsAbsGraph>
</fvTenant>
</polUni>

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
ConfigServiceGraph_SP_cs_ssl_1_withAppFW-policy.xml

Configure additional L4-L7 parameters for the AppFW service graph that define the binding of
AppFW policy.
<!-- ConfigServiceGraph_SP_cs_ssl_1_withAppFW-policy.xml -->
<!-- Configures additional L4-L7 parameters for binding AppFW policy -->
<polUni>
<fvTenant name="silverTenant1">
<fvAp dn="uni/tn-silverTenant1/ap-Web1-AppProfile" name="Web1-AppProfile">
<!-- EPG 1 -->
<fvAEPg dn="uni/tn-silverTenant1/ap-Web1-AppProfile/epg-Web1-EPG"
name="Web1-EPG">
<fvRsBd tnFvBDName="silverTenant1-BD1" />
<fvRsProv tnVzBrCPName="webCtrct1"></fvRsProv>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-58

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"

nodeNameOrLbl="CS_SSL_1" key="Network" name="network">
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1" key="nsip"
name="snip1">
<vnsParamInst key="ipaddress" name="ip1" value="101.16.1.11"/>
<vnsParamInst key="netmask" name="netmask1" value="255.255.255.0"/>
<vnsParamInst key="dynamicrouting" name="dynamicRouting"
value="ENABLED"/>
<vnsParamInst key="hostroute" name="hostroute" value="DISABLED"/>
<vnsParamInst key="type" name="type" value="SNIP"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1" key="nsip"
name="snip2">
<vnsParamInst key="ipaddress" name="ip2" value="10.16.1.11"/>
<vnsParamInst key="netmask" name="netmask2" value="255.255.255.0"/>
<vnsParamInst key="dynamicrouting" name="dynamicRouting"
value="DISABLED"/>
<vnsParamInst key="hostroute" name="hostroute" value="DISABLED"/>
<vnsParamInst key="mgmtaccess" name="mgmtaccess" value="ENABLED"/>
<vnsParamInst key="type" name="type" value="SNIP"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="csvserver" name="vip-CS_SP2013" >
<vnsParamInst name="name" key="name" value="vip-CS_SP2013"/>
<vnsParamInst name="ipv46" key="ipv46" value="101.16.1.121"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="csvserver_cspolicy_binding"
name="cspolbind1">
<vnsCfgRelInst key="policyname" name="poll1"
targetName="csPolicy/cspol1"/>
<vnsParamInst name="targetlbvserver" key="targetlbvserver" value="vip-LBsp2013-1"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="csvserver_cspolicy_binding"
name="cspolbind2">
<vnsCfgRelInst key="policyname" name="poll2"
targetName="csPolicy/cspol2"/>
<vnsParamInst name="targetlbvserver" key="targetlbvserver" value="vip-LBsp2013-2"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="csvserver_lbvserver_binding" name="lbind">
<vnsCfgRelInst key="lbvserver" name="lbvserver" targetName="vip-LBsp2013-1"/>
</vnsFolderInst>
<!-- ================================== -->
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="csvserver_appfwpolicy_binding"
name="appfwbind1">
<vnsCfgRelInst key="policyname" name="poll1"
targetName="appfwPolicy_1/apfw1"/>
<vnsParamInst name="priority" key="priority" value="100"/>
<vnsParamInst name="gotopriorityexpression" key="gotopriorityexpression"
value="END"/>
<vnsParamInst name="bindpoint" key="bindpoint" value="REQUEST"/>
</vnsFolderInst>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-59

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

<!-- ================================== -->

</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="lbvserver" name="vip-LB-sp2013-1" >
<vnsParamInst name="name" key="name" value="vip-LB-sp2013-1"/>
<vnsParamInst name="ipv46" key="ipv46" value="10.16.1.111"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="port" key="port" value="80"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="lbvserver_service_binding"
name="lbService1">
<vnsCfgRelInst key="servicename" name="webservice1"
targetName="service1"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="lbvserver" name="vip-LB-sp2013-2" >
<vnsParamInst name="name" key="name" value="vip-LB-sp2013-2"/>
<vnsParamInst name="servicetype" key="servicetype" value="HTTP"/>
<vnsParamInst name="ipv46" key="ipv46" value="10.16.1.112"/>
<vnsParamInst name="port" key="port" value="80"/>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="lbvserver_service_binding"
name="lbService1">
<vnsCfgRelInst key="servicename" name="webservice1"
targetName="service2"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="service" name="service1" >
<vnsParamInst name="name" key="name" value="service-sp2013-1"/>
<vnsParamInst name="ip" key="ip" value="10.1.2.101"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="service" name="service2">
<vnsParamInst name="name" key="name" value="service-sp2013-2"/>
<vnsParamInst name="ip" key="ip" value="10.1.2.102"/>
<vnsParamInst name="servicetype" key="servicetype" value="SSL"/>
<vnsParamInst name="port" key="port" value="443"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="Policy" name="csPolicy">
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"
key="cspolicy" name="cspol1">
<vnsParamInst name="policyname" key="policyname" value="policy-cs-eng"/>
<vnsParamInst name="url" key="url" value="/sites/Eng/*"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="cspolicy" name="cspol2">
<vnsParamInst name="policyname" key="policyname" value="policy-cs-mkt"/>
<vnsParamInst name="url" key="url" value="/sites/Mkt/*"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="Policy" name="appfwPolicy_1">
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="appfwpolicy" name="apfw1">
<vnsParamInst name="name" key="name"
value="Sharepoint_SharePoint_sig"/>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-60

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

<vnsParamInst name="rule" key="rule"

value="HTTP.REQ.HOSTNAME.EQ(&quot;sp2013.test.ctx&quot;)"/>
</vnsFolderInst>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="mFCngcsvserver" name="wcsvserver1">
<vnsCfgRelInst name="csvserver_key" key="csvserver_key" targetName="vipCS_SP2013"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1"
graphNameOrLbl="WebGraph_cs_ssl" nodeNameOrLbl="CS_SSL_1"
key="mFCnglbvserver" name="wlbvserver1">
<vnsCfgRelInst name="lbsverver_key" key="lbvserver_key" targetName="vipLB-sp2013-1"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="mFCnglbvserver" name="wlbvserver2">
<vnsCfgRelInst name="lbsverver_key" key="lbvserver_key" targetName="vipLB-sp2013-2"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="mFCngservice" name="wservice1">
<vnsCfgRelInst name="service_key1" key="service_key"
targetName="service1"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="mFCngservice" name="wservice2">
<vnsCfgRelInst name="service_key1" key="service_key"
targetName="service2"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="mFCngPolicy" name="Pol1">
<vnsCfgRelInst name="Policy_key" key="Policy_key"
targetName="csPolicy/cspol1"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="mFCngPolicy" name="Pol2">
<vnsCfgRelInst name="Policy_key" key="Policy_key"
targetName="csPolicy/cspol2"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="mFCngPolicy" name="Pol1_appfw">
<vnsCfgRelInst name="Policy_key" key="Policy_key"
targetName="appfwPolicy_1"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="external_network" name="external_network">
<vnsCfgRelInst name="internal_network_key" key="external_network_key"
targetName="network/snip1"/>
</vnsFolderInst>
<vnsFolderInst ctrctNameOrLbl="webCtrct1" graphNameOrLbl="WebGraph_cs_ssl"
nodeNameOrLbl="CS_SSL_1" key="internal_network" name="internal_network">
<vnsCfgRelInst name="external_network_key" key="internal_network_key"
targetName="network/snip2"/>
</vnsFolderInst>
</fvAEPg>
</fvAp>
</fvTenant>
</polUni>

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-61

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

ConfigAppFW_block_SQL_injection.xml

Configure AppFW to block SQL injection attacks.

<!-- ConfigAppFW_block_SQL_injection.xml -->
<!-- Configure AppFW to block SQL injection attacks -->
<polUni>
<fvTenant name="silverTenant1">
<vnsAbsGraph name = "WebGraph_CS_AppFW_1">
<vnsAbsTermNodeProv name = "Input1">
<vnsAbsTermConn name = "C1">
</vnsAbsTermConn>
</vnsAbsTermNodeProv>
<vnsAbsNode name = "CS_AppFW_1" funcType="GoTo" >
<vnsAbsFuncConn name = "outside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncApplicationFirewall/mConn-external" />
</vnsAbsFuncConn>
<vnsAbsFuncConn name = "inside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncApplicationFirewall/mConn-internal" />
</vnsAbsFuncConn>
<vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncApplicationFirewall"/>
<vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_AppFW_1/AbsTermNodeProv-Input1/outtmnl"/>
<vnsAbsDevCfg>
<vnsAbsFolder key="Network" name="network" scopedBy="epg">
<vnsAbsFolder key="nsip" name="snip1">
<vnsAbsParam key="ipaddress" name="ip1" value="101.16.1.11"/>
<vnsAbsParam key="netmask" name="netmask1" value="255.255.255.0"/>
<vnsAbsParam key="type" name="type" value="SNIP"/>
<vnsAbsParam key="dynamicrouting" name="dynamicrouting"
value="ENABLED"/>
<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>
</vnsAbsFolder>
<vnsAbsFolder key="nsip" name="snip2">
<vnsAbsParam key="ipaddress" name="ip2" value="10.16.1.11"/>
<vnsAbsParam key="netmask" name="netmask2" value="255.255.255.0"/>
<vnsAbsParam key="type" name="type" value="SNIP"/>
<vnsAbsParam key="dynamicrouting" name="dynamicrouting"
value="DISABLED"/>
<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="appfwprofile" name="apppro" scopedBy="epg">
<vnsAbsParam name="name" key="name" value="Sharepoint_SharePoint_sig"/>
<vnsAbsParam name="starturlaction" key="starturlaction" value="block
learn log stats"/>
<vnsAbsParam name="starturlclosure" key="starturlclosure" value="ON"/>
<vnsAbsParam name="signatures" key="signatures" value="mssharepoint"/>
<vnsAbsParam name="sqlinjectionaction" key="sqlinjectionaction"
value="block learn log stats"/>
<vnsAbsFolder key="appfwprofile_starturl_binding" name="appFw_1">
<vnsAbsParam key="starturl" name="starturl"
value="^https://sp2013.test.ctx(\\:)*(\\d)*/sites/Eng(/)?"/>
</vnsAbsFolder>
<vnsAbsFolder key="appfwprofile_starturl_binding" name="appFw_2">
<vnsAbsParam key="starturl" name="starturl"
value="^https://sp2013.test.ctx(\\:)*(\\d)*/sites/Mkt(/)?"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="Policy" name="csPolicy" scopedBy="epg">
<vnsAbsFolder key="appfwpolicy" name="apppol" scopedBy="epg">

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-62

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

<vnsAbsParam name="name" key="name"

value="Sharepoint_SharePoint_sig"/>
<vnsAbsParam name="rule" key="rule"
value="HTTP.REQ.HOSTNAME.EQ(&quot;sp2013.test.ctx&quot;)"/>
<vnsAbsCfgRel key="profilename" name="cslb3" targetName="apppro"/>
</vnsAbsFolder>
</vnsAbsFolder>
</vnsAbsDevCfg>
<vnsAbsFuncCfg>
<vnsAbsFolder key="mFCngappfwprofile" name="appfwprofile1"
scopedBy="epg">
<vnsAbsCfgRel name="appfwprofile_key" key="appfwprofile_key"
targetName="apppro"/>
</vnsAbsFolder>
<vnsAbsFolder key="mFCngPolicy" name="FwPol" scopedBy="epg">
<vnsAbsCfgRel name="Policy_key" key="Policy_key"
targetName="csPolicy/apppol"/>
</vnsAbsFolder>
<vnsAbsFolder key="external_network" name="external_network"
scopedBy="epg">
<vnsAbsCfgRel name="external_network_key" key="external_network_key"
targetName="network/snip1"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_AppFW_1/AbsNode-CS_AppFW_1/AbsFConn-inside" />
</vnsAbsFolder>
<vnsAbsFolder key="internal_network" name="internal_network"
scopedBy="epg">
<vnsAbsCfgRel name="internal_network_key" key="internal_network_key"
targetName="network/snip2"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_AppFW_1/AbsNode-CS_AppFW_1/AbsFConn-outside" />
</vnsAbsFolder>
</vnsAbsFuncCfg>
</vnsAbsNode>
<vnsAbsTermNodeCon name = "Output1">
<vnsAbsTermConn name = "C6">
</vnsAbsTermConn>
</vnsAbsTermNodeCon>
<vnsAbsConnection name = "CON1">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_AppFW_1/AbsTermNodeCon-Output1/AbsTConn" />
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_AppFW_1/AbsNode-CS_AppFW_1/AbsFConn-outside" />
</vnsAbsConnection>
<vnsAbsConnection name = "CON2">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_AppFW_1/AbsNode-CS_AppFW_1/AbsFConn-inside" />
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_AppFW_1/AbsTermNodeProv-Input1/AbsTConn" />
</vnsAbsConnection>
</vnsAbsGraph>
</fvTenant>
</polUni>

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
ConfigAppFW_block_XSS.xml

Configure AppFW to block cross-site scripting (XSS) attacks.

<!-- ConfigAppFW_block_XSS.xml -->
<!-- Configure AppFW to block XSS attacks -->

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-63

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

<polUni>
<fvTenant name="silverTenant1">
<vnsAbsGraph name = "WebGraph_CS_AppFW_1">
<vnsAbsTermNodeProv name = "Input1">
<vnsAbsTermConn name = "C1">
</vnsAbsTermConn>
</vnsAbsTermNodeProv>
<vnsAbsNode name = "CS_AppFW_1" funcType="GoTo" >
<vnsAbsFuncConn name = "outside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncApplicationFirewall/mConn-external" />
</vnsAbsFuncConn>
<vnsAbsFuncConn name = "inside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncApplicationFirewall/mConn-internal" />
</vnsAbsFuncConn>
<vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncApplicationFirewall"/>
<vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_AppFW_1/AbsTermNodeProv-Input1/outtmnl"/>
<vnsAbsDevCfg>
<vnsAbsFolder key="Network" name="network" scopedBy="epg">
<vnsAbsFolder key="nsip" name="snip1">
<vnsAbsParam key="ipaddress" name="ip1" value="101.16.1.11"/>
<vnsAbsParam key="netmask" name="netmask1"
value="255.255.255.0"/>
<vnsAbsParam key="type" name="type" value="SNIP"/>
<vnsAbsParam key="dynamicrouting" name="dynamicrouting"
value="ENABLED"/>
<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>
</vnsAbsFolder>
<vnsAbsFolder key="nsip" name="snip2">
<vnsAbsParam key="ipaddress" name="ip2" value="10.16.1.11"/>
<vnsAbsParam key="netmask" name="netmask2"
value="255.255.255.0"/>
<vnsAbsParam key="type" name="type" value="SNIP"/>
<vnsAbsParam key="dynamicrouting" name="dynamicrouting"
value="DISABLED"/>
<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="appfwprofile" name="apppro" scopedBy="epg">
<vnsAbsParam name="name" key="name" value="Sharepoint_SharePoint_sig"/>
<vnsAbsParam name="starturlaction" key="starturlaction" value="block
learn log stats"/>
<vnsAbsParam name="starturlclosure" key="starturlclosure" value="ON"/>
<vnsAbsParam name="signatures" key="signatures" value="mssharepoint"/>
<vnsAbsParam name="crossSiteScriptingAction"
key="crosssitescriptingaction" value="block learn log stats"/>
<vnsAbsFolder key="appfwprofile_starturl_binding" name="appFw_1">
<vnsAbsParam key="starturl" name="starturl"
value="^https://sp2013.test.ctx(\\:)*(\\d)*/sites/Eng(/)?"/>
</vnsAbsFolder>
<vnsAbsFolder key="appfwprofile_starturl_binding" name="appFw_2">
<vnsAbsParam key="starturl" name="starturl"
value="^https://sp2013.test.ctx(\\:)*(\\d)*/sites/Mkt(/)?"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="Policy" name="csPolicy" scopedBy="epg">
<vnsAbsFolder key="appfwpolicy" name="apppol" scopedBy="epg">
<vnsAbsParam name="name" key="name"
value="Sharepoint_SharePoint_sig"/>
<vnsAbsParam name="rule" key="rule"
value="HTTP.REQ.HOSTNAME.EQ(&quot;sp2013.test.ctx&quot;)"/>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-64

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

<vnsAbsCfgRel key="profilename" name="cslb3" targetName="apppro"/>

</vnsAbsFolder>
</vnsAbsFolder>
</vnsAbsDevCfg>
<vnsAbsFuncCfg>
<vnsAbsFolder key="mFCngappfwprofile" name="appfwprofile1"
scopedBy="epg">
<vnsAbsCfgRel name="appfwprofile_key" key="appfwprofile_key"
targetName="apppro"/>
</vnsAbsFolder>
<vnsAbsFolder key="mFCngPolicy" name="FwPol" scopedBy="epg">
<vnsAbsCfgRel name="Policy_key" key="Policy_key"
targetName="csPolicy/apppol"/>
</vnsAbsFolder>
<vnsAbsFolder key="external_network" name="external_network"
scopedBy="epg">
<vnsAbsCfgRel name="external_network_key" key="external_network_key"
targetName="network/snip1"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_AppFW_1/AbsNode-CS_AppFW_1/AbsFConn-inside" />
</vnsAbsFolder>
<vnsAbsFolder key="internal_network" name="internal_network"
scopedBy="epg">
<vnsAbsCfgRel name="internal_network_key" key="internal_network_key"
targetName="network/snip2"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_AppFW_1/AbsNode-CS_AppFW_1/AbsFConn-outside" />
</vnsAbsFolder>
</vnsAbsFuncCfg>
</vnsAbsNode>
<vnsAbsTermNodeCon name = "Output1">
<vnsAbsTermConn name = "C6">
</vnsAbsTermConn>
</vnsAbsTermNodeCon>
<vnsAbsConnection name = "CON1">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_AppFW_1/AbsTermNodeCon-Output1/AbsTConn" />
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_AppFW_1/AbsNode-CS_AppFW_1/AbsFConn-outside" />
</vnsAbsConnection>
<vnsAbsConnection name = "CON2">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_AppFW_1/AbsNode-CS_AppFW_1/AbsFConn-inside" />
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_AppFW_1/AbsTermNodeProv-Input1/AbsTConn" />
</vnsAbsConnection>
</vnsAbsGraph>
</fvTenant>
</polUni>

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.

XML for Global Server Load Balancing (GSLB)

The following Global Server Load Balancing XML files are available for reference.

CreateServiceGraphWithParams_SP_GSLB_1.xml , page C-66

Create service graph with L4-L7 parameters for a GSLB ADNS configuration.

CreateServiceGraphWithParams_SP_GSLB_2.xml, page C-67

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-65

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

Create a second service graph and configure additional L4-L7 parameters for GSLB.

ConfigParameters_SP_GSLB_DynamicProx.xml, page C-70

Configure L4-L7 parameters for GSLB using distribution by dynamic proximity.

ConfigParameters_SP_GSLB_StaticProx.xml, page C-73

Configure L4-L7 parameters for GSLB using distribution by static proximity.

ConfigParameters_SP_GSLB_LeastConn.xml, page C-76

Configure L4-L7 parameters for GSLB using distribution by least connection.

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
CreateServiceGraphWithParams_SP_GSLB_1.xml

Create service graph with L4-L7 parameters for a GSLB ADNS configuration.
<!-- CreateServiceGraphWithParams_SP_GSLB_1.xml -->
<!-- Create service graph with L4-L7 parameters for GSLB -->
<polUni>
<fvTenant name="silverTenant1"> <!-- GSLB configuration -->
<vnsAbsGraph name = "WebGraph_CS_GSLB_ADNS">
<vnsAbsTermNodeProv name = "Input1">
<vnsAbsTermConn name = "C1">
</vnsAbsTermConn>
</vnsAbsTermNodeProv>
<vnsAbsNode name = "GSLB_adns" funcType="GoTo" >
<vnsAbsFuncConn name = "outside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/
mFunc-DomainNameService/mConn-external" />
</vnsAbsFuncConn>
<vnsAbsFuncConn name = "inside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncDomainNameService/mConn-internal" />
</vnsAbsFuncConn>
<vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncDomainNameService"/>
<vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_ADNS/AbsTermNodeProv-Input1/outtmnl"/>
<!-- Device Configuration -->
<vnsAbsDevCfg>
<vnsAbsFolder key="Network" name="network" scopedBy="epg">
<vnsAbsFolder key="nsip" name="snip1">
<vnsAbsParam key="ipaddress" name="ip1" value="101.16.1.11"/>
<vnsAbsParam key="netmask" name="netmask1"
value="255.255.255.0"/>
<vnsAbsParam key="type" name="tye" value="SNIP"/>
<vnsAbsParam key="dynamicrouting" name="dynamicrouting"
value="ENABLED"/>
<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>
</vnsAbsFolder>
<vnsAbsFolder key="nsip" name="snip2">
<vnsAbsParam key="ipaddress" name="ip2" value="10.16.1.11"/>
<vnsAbsParam key="netmask" name="netmask2"
value="255.255.255.0"/>
<vnsAbsParam key="type" name="tye" value="SNIP"/>
<vnsAbsParam key="dynamicrouting" name="dynamicrouting"
value="DISABLED"/>
<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>
</vnsAbsFolder>
</vnsAbsFolder>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-66

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

<vnsAbsFolder key="service" name="service1_adns" scopedBy="epg">

<vnsAbsParam name="name" key="name" value="svc_adns_1"/>
<vnsAbsParam name="ip" key="ip" value="101.16.1.11"/>
<vnsAbsParam name="servicetype" key="servicetype"
value="ADNS"/>
<vnsAbsParam name="port" key="port" value="53"/>
</vnsAbsFolder>
</vnsAbsDevCfg>
<!-- Function Configuration -->
<vnsAbsFuncCfg>
<vnsAbsFolder key="mFCngservice" name="wservice1" scopedBy="epg">
<vnsAbsCfgRel name="service_key1" key="service_key"
targetName="service1_adns"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_ADNS/AbsNode-GSLB_adns/AbsFConn-inside" />
</vnsAbsFolder>
<vnsAbsFolder key="external_network" name="external_network"
scopedBy="epg">
<vnsAbsCfgRel name="external_network_key" key="external_network_key"
targetName="network/snip1"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_ADNS/AbsNode-GSLB_adns/AbsFConn-inside" />
</vnsAbsFolder>
<vnsAbsFolder key="internal_network" name="internal_network"
scopedBy="epg">
<vnsAbsCfgRel name="internal_network_key" key="internal_network_key"
targetName="network/snip2"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_ADNS/AbsNode-GSLB_adns/AbsFConn-outside" />
</vnsAbsFolder>
</vnsAbsFuncCfg>
</vnsAbsNode>
<vnsAbsTermNodeCon name = "Output1">
<vnsAbsTermConn name = "C6">
</vnsAbsTermConn>
</vnsAbsTermNodeCon>
<vnsAbsConnection name = "CON1">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_ADNS/AbsTermNodeCon-Output1/AbsTConn" />
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_ADNS/AbsNode-GSLB_adns/AbsFConn-outside" />
</vnsAbsConnection>
<vnsAbsConnection name = "CON2">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_ADNS/AbsNode-GSLB_adns/AbsFConn-inside" />
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_ADNS/AbsTermNodeProv-Input1/AbsTConn" />
</vnsAbsConnection>
</vnsAbsGraph>
</fvTenant>
</polUni>

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
CreateServiceGraphWithParams_SP_GSLB_2.xml

Create a second service graph and configure additional L4-L7 parameters for GSLB.
<!-- CreateServiceGraphWithParams_SP_GSLB_2 -->
<!-- Configure additional L4-L7 parameters for GSLB -->
<polUni>
<fvTenant name="silverTenant1">

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-67

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

<vnsAbsGraph name = "WebGraph_CS_GSLB_1">

<vnsAbsTermNodeProv name = "Input1">
<vnsAbsTermConn name = "C1">
</vnsAbsTermConn>
</vnsAbsTermNodeProv>
<!-- Config here is for GSLB local node -->
<vnsAbsNode name = "GSLB_1" funcType="GoTo" >
<vnsAbsFuncConn name = "outside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncGlobalServerLoadBalancing/mConn-external" />
</vnsAbsFuncConn>
<vnsAbsFuncConn name = "inside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncGlobalServerLoadBalancing/mConn-internal" />
</vnsAbsFuncConn>
<vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncGlobalServerLoadBalancing"/>
<vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsTermNodeProv-Input1/outtmnl"/>
<vnsAbsDevCfg>
<vnsAbsFolder key="Network" name="network" scopedBy="epg">
<vnsAbsFolder key="nsip" name="snip1">
<vnsAbsParam key="ipaddress" name="ip2" value="101.16.1.11"/>
<vnsAbsParam key="netmask" name="netmask1" value="255.255.255.0"/>
<vnsAbsParam key="type" name="tye" value="SNIP"/>
<vnsAbsParam key="dynamicrouting" name="dynamicrouting"
value="ENABLED"/>
<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>
</vnsAbsFolder>
<vnsAbsFolder key="nsip" name="snip2">
<vnsAbsParam key="ipaddress" name="ip1" value="10.16.1.11"/>
<vnsAbsParam key="netmask" name="netmask2" value="255.255.255.0"/>
<vnsAbsParam key="type" name="tye" value="SNIP"/>
<vnsAbsParam key="dynamicrouting" name="dynamicrouting"
value="DISABLED"/>
<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="gslbvserver" name="gslbVs1" scopedBy="epg">
<vnsAbsParam name="name" key="name" value="vip-gslb-sp2013"/>
<vnsAbsParam name="servicetype" key="servicetype" value="SSL"/>
<vnsAbsFolder key="gslbvserver_gslbservice_binding"
name="gslbVsServBind1" scopedBy="epg">
<vnsAbsCfgRel name="servicename" key="servicename"
targetName="gslbServ1"/>
</vnsAbsFolder>
<vnsAbsFolder key="gslbvserver_gslbservice_binding"
name="gslbVsServBind2" scopedBy="epg">
<vnsAbsCfgRel name="servicename" key="servicename"
targetName="gslbServ2"/>
</vnsAbsFolder>
<vnsAbsFolder key="gslbvserver_domain_binding" name="gslbVsDomainBind1"
scopedBy="epg">
<vnsAbsParam name="domainname" key="domainname"
value="sp2013.test.ctx"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="gslbservice" name="gslbServ1" scopedBy="epg">
<vnsAbsParam name="servicename" key="servicename"
value="svc_gslb_sp2013_dc1"/>
<vnsAbsParam name="ip" key="ip" value="101.16.1.121"/>
<vnsAbsParam name="servicetype" key="servicetype" value="SSL"/>
<vnsAbsParam name="port" key="port" value="443"/>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-68

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

<vnsAbsCfgRel name="sitename" key="sitename" targetName="gslbSite1"/>

</vnsAbsFolder>
<vnsAbsFolder key="gslbservice" name="gslbServ2" scopedBy="epg">
<vnsAbsParam name="servicename" key="servicename"
value="svc_gslb_sp2013_dc2"/>
<vnsAbsParam name="ip" key="ip" value="201.16.1.121"/>
<vnsAbsParam name="servicetype" key="servicetype" value="SSL"/>
<vnsAbsParam name="port" key="port" value="443"/>
<vnsAbsCfgRel name="sitename" key="sitename" targetName="gslbSite2"/>
</vnsAbsFolder>
<vnsAbsFolder key="gslbsite" name="gslbSite1" scopedBy="epg">
<vnsAbsParam name="sitename" key="sitename" value="Data_Center_1"/>
<vnsAbsParam name="siteipaddress" key="siteipaddress"
value="101.16.1.11"/>
</vnsAbsFolder>
<vnsAbsFolder key="gslbsite" name="gslbSite2" scopedBy="epg">
<vnsAbsParam name="sitename" key="sitename" value="Data_Center_2"/>
<vnsAbsParam name="siteipaddress" key="siteipaddress"
value="201.16.1.11"/>
</vnsAbsFolder>
</vnsAbsDevCfg>
<vnsAbsFuncCfg>
<vnsAbsFolder key="mFCnggslbsite" name="mFCngslbsite1" scopedBy="epg">
<vnsAbsCfgRel name="gslbsite_key" key="gslbsite_key"
targetName="gslbSite1"/>
</vnsAbsFolder>
<vnsAbsFolder key="mFCnggslbsite" name="mFCngslbsite2" scopedBy="epg">
<vnsAbsCfgRel name="gslbsite_key" key="gslbsite_key"
targetName="gslbSite2"/>
</vnsAbsFolder>
<vnsAbsFolder key="mFCnggslbvserver" name="gslbvserver1" scopedBy="epg">
<vnsAbsCfgRel name="gslbvserver_key" key="gslbvserver_key"
targetName="gslbVs1"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-outside" />
</vnsAbsFolder>
<vnsAbsFolder key="mFCnggslbservice" name="gslbservice1" scopedBy="epg">
<vnsAbsCfgRel name="gslbservice_key" key="gslbservice_key"
targetName="gslbServ1"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />
</vnsAbsFolder>
<vnsAbsFolder key="mFCnggslbservice" name="gslbservice2" scopedBy="epg">
<vnsAbsCfgRel name="gslbservice_key" key="gslbservice_key"
targetName="gslbServ2"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />
</vnsAbsFolder>
<vnsAbsFolder key="external_network" name="external_network"
scopedBy="epg">
<vnsAbsCfgRel name="external_network_key" key="external_network_key"
targetName="network/snip1"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />
</vnsAbsFolder>
<vnsAbsFolder key="internal_network" name="internal_network"
scopedBy="epg">
<vnsAbsCfgRel name="internal_network_key" key="internal_network_key"
targetName="network/snip2"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-outside" />
</vnsAbsFolder>
</vnsAbsFuncCfg>
</vnsAbsNode>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-69

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

<vnsAbsTermNodeCon name = "Output1">

<vnsAbsTermConn name = "C6">
</vnsAbsTermConn>
</vnsAbsTermNodeCon>
<vnsAbsConnection name = "CON1">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsTermNodeCon-Output1/AbsTConn" />
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-outside" />
</vnsAbsConnection>
<vnsAbsConnection name = "CON2">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsTermNodeProv-Input1/AbsTConn" />
</vnsAbsConnection>
</vnsAbsGraph>
</fvTenant>
</polUni>

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
ConfigParameters_SP_GSLB_DynamicProx.xml

Configure L4-L7 parameters for GSLB using distribution by dynamic proximity.

<!-- ConfigParameters_SP_GSLB_DynamicProx.xml -->
<!-- Configure L4-L7 parameters for GSLB by Dynamic Proximity -->
<polUni>
<fvTenant name="silverTenant1"> <!-- GSLB configuration -->
<vnsAbsGraph name = "WebGraph_CS_GSLB_1">
<vnsAbsTermNodeProv name = "Input1">
<vnsAbsTermConn name = "C1">
</vnsAbsTermConn>
</vnsAbsTermNodeProv>
<!-- Config here is for GSLB local node -->
<vnsAbsNode name = "GSLB_1" funcType="GoTo" >
<vnsAbsFuncConn name = "outside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncGlobalServerLoadBalancing/mConn-external" />
</vnsAbsFuncConn>
<vnsAbsFuncConn name = "inside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncGlobalServerLoadBalancing/mConn-internal" />
</vnsAbsFuncConn>
<vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncGlobalServerLoadBalancing"/>
<vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsTermNodeProv-Input1/outtmnl"/>
<vnsAbsDevCfg>
<vnsAbsFolder key="Network" name="network" scopedBy="epg">
<vnsAbsFolder key="nsip" name="snip1">
<vnsAbsParam key="ipaddress" name="ip2" value="101.16.1.11"/>
<vnsAbsParam key="netmask" name="netmask1"
value="255.255.255.0"/>
<vnsAbsParam key="type" name="tye" value="SNIP"/>
<vnsAbsParam key="dynamicrouting" name="dynamicrouting"
value="ENABLED"/>
<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>
</vnsAbsFolder>
<vnsAbsFolder key="nsip" name="snip2">
<vnsAbsParam key="ipaddress" name="ip1" value="10.16.1.11"/>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-70

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

<vnsAbsParam key="netmask" name="netmask2"

value="255.255.255.0"/>
<vnsAbsParam key="type" name="tye" value="SNIP"/>
<vnsAbsParam key="dynamicrouting" name="dynamicrouting"
value="DISABLED"/>
<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="gslbvserver" name="gslbVs1" scopedBy="epg">
<vnsAbsParam name="name" key="name" value="vip-gslb-sp2013"/>
<vnsAbsParam name="servicetype" key="servicetype" value="SSL"/>
<vnsAbsParam name="lbmethod" key="lbmethod" value="RTT"/>
<vnsAbsFolder key="gslbvserver_gslbservice_binding"
name="gslbVsServBind1" scopedBy="epg">
<vnsAbsCfgRel name="servicename" key="servicename"
targetName="gslbServ1"/>
</vnsAbsFolder>
<vnsAbsFolder key="gslbvserver_gslbservice_binding"
name="gslbVsServBind2" scopedBy="epg">
<vnsAbsCfgRel name="servicename" key="servicename"
targetName="gslbServ2"/>
</vnsAbsFolder>
<vnsAbsFolder key="gslbvserver_domain_binding"
name="gslbVsDomainBind1" scopedBy="epg">
<vnsAbsParam name="domainname" key="domainname"
value="sp2013.test.ctx"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="gslbservice" name="gslbServ1" scopedBy="epg">
<vnsAbsParam name="servicename" key="servicename"
value="svc_gslb_sp2013_dc1"/>
<vnsAbsParam name="ip" key="ip" value="101.16.1.121"/>
<vnsAbsParam name="servicetype" key="servicetype" value="SSL"/>
<vnsAbsParam name="port" key="port" value="443"/>
<vnsAbsCfgRel name="sitename" key="sitename"
targetName="gslbSite1"/>
</vnsAbsFolder>
<vnsAbsFolder key="gslbservice" name="gslbServ2" scopedBy="epg">
<vnsAbsParam name="servicename" key="servicename"
value="svc_gslb_sp2013_dc2"/>
<vnsAbsParam name="ip" key="ip" value="201.16.1.121"/>
<vnsAbsParam name="servicetype" key="servicetype" value="SSL"/>
<vnsAbsParam name="port" key="port" value="443"/>
<vnsAbsCfgRel name="sitename" key="sitename"
targetName="gslbSite2"/>
</vnsAbsFolder>
<vnsAbsFolder key="gslbsite" name="gslbSite1" scopedBy="epg">
<vnsAbsParam name="sitename" key="sitename"
value="Data_Center_1"/>
<vnsAbsParam name="siteipaddress" key="siteipaddress"
value="101.16.1.11"/>
</vnsAbsFolder>
<vnsAbsFolder key="gslbsite" name="gslbSite2" scopedBy="epg">
<vnsAbsParam name="sitename" key="sitename"
value="Data_Center_2"/>
<vnsAbsParam name="siteipaddress" key="siteipaddress"
value="201.16.1.11"/>
</vnsAbsFolder>
</vnsAbsDevCfg>
<vnsAbsFuncCfg>
<vnsAbsFolder key="mFCnggslbsite" name="mFCngslbsite1"
scopedBy="epg">

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-71

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

<vnsAbsCfgRel name="gslbsite_key" key="gslbsite_key"

targetName="gslbSite1"/>
</vnsAbsFolder>
<vnsAbsFolder key="mFCnggslbsite" name="mFCngslbsite2"
scopedBy="epg">
<vnsAbsCfgRel name="gslbsite_key" key="gslbsite_key"
targetName="gslbSite2"/>
</vnsAbsFolder>
<vnsAbsFolder key="mFCnggslbvserver" name="gslbvserver1"
scopedBy="epg">
<vnsAbsCfgRel name="gslbvserver_key" key="gslbvserver_key"
targetName="gslbVs1"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-outside" />
</vnsAbsFolder>
<vnsAbsFolder key="mFCnggslbservice" name="gslbservice1"
scopedBy="epg">
<vnsAbsCfgRel name="gslbservice_key" key="gslbservice_key"
targetName="gslbServ1"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />
</vnsAbsFolder>
<vnsAbsFolder key="mFCnggslbservice" name="gslbservice2"
scopedBy="epg">
<vnsAbsCfgRel name="gslbservice_key" key="gslbservice_key"
targetName="gslbServ2"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />
</vnsAbsFolder>
<vnsAbsFolder key="external_network" name="external_network"
scopedBy="epg">
<vnsAbsCfgRel name="external_network_key"
key="external_network_key" targetName="network/snip1"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />
</vnsAbsFolder>
<vnsAbsFolder key="internal_network" name="internal_network"
scopedBy="epg">
<vnsAbsCfgRel name="internal_network_key"
key="internal_network_key" targetName="network/snip2"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-outside" />
</vnsAbsFolder>
</vnsAbsFuncCfg>
</vnsAbsNode>
<vnsAbsTermNodeCon name = "Output1">
<vnsAbsTermConn name = "C6">
</vnsAbsTermConn>
</vnsAbsTermNodeCon>
<vnsAbsConnection name = "CON1">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsTermNodeCon-Output1/AbsTConn" />
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-outside" />
</vnsAbsConnection>
<vnsAbsConnection name = "CON2">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsTermNodeProv-Input1/AbsTConn" />
</vnsAbsConnection>
</vnsAbsGraph>
</fvTenant>
</polUni>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-72

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
ConfigParameters_SP_GSLB_StaticProx.xml

Configure L4-L7 parameters for GSLB using distribution by static proximity.

<!-- ConfigParameters_SP_GSLB_StaticProx.xml -->
<!-- Configure L4-L7 parameters for GSLB by Static Proximity -->
<polUni>
<fvTenant name="silverTenant1"> <!-- GSLB configuration STATICPROXIMITY -->
<vnsAbsGraph name = "WebGraph_CS_GSLB_1">
<vnsAbsTermNodeProv name = "Input1">
<vnsAbsTermConn name = "C1">
</vnsAbsTermConn>
</vnsAbsTermNodeProv>
<!-- Config here is for GSLB local node -->
<vnsAbsNode name = "GSLB_1" funcType="GoTo" >
<vnsAbsFuncConn name = "outside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncGlobalServerLoadBalancing/mConn-external" />
</vnsAbsFuncConn>
<vnsAbsFuncConn name = "inside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncGlobalServerLoadBalancing/mConn-internal" />
</vnsAbsFuncConn>
<vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncGlobalServerLoadBalancing"/>
<vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsTermNodeProv-Input1/outtmnl"/>
<vnsAbsDevCfg>
<vnsAbsFolder key="Network" name="network" scopedBy="epg">
<vnsAbsFolder key="nsip" name="snip1">
<vnsAbsParam key="ipaddress" name="ip2" value="101.16.1.11"/>
<vnsAbsParam key="netmask" name="netmask1"
value="255.255.255.0"/>
<vnsAbsParam key="type" name="tye" value="SNIP"/>
<vnsAbsParam key="dynamicrouting" name="dynamicrouting"
value="ENABLED"/>
<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>
</vnsAbsFolder>
<vnsAbsFolder key="nsip" name="snip2">
<vnsAbsParam key="ipaddress" name="ip1" value="10.16.1.11"/>
<vnsAbsParam key="netmask" name="netmask2"
value="255.255.255.0"/>
<vnsAbsParam key="type" name="tye" value="SNIP"/>
<vnsAbsParam key="dynamicrouting" name="dynamicrouting"
value="DISABLED"/>
<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="gslbvserver" name="gslbVs1" scopedBy="epg">
<vnsAbsParam name="name" key="name" value="vip-gslb-sp2013"/>
<vnsAbsParam name="servicetype" key="servicetype" value="SSL"/>
<vnsAbsParam name="lbmethod" key="lbmethod"
value="STATICPROXIMITY"/>
<vnsAbsFolder key="gslbvserver_gslbservice_binding"
name="gslbVsServBind1" scopedBy="epg">
<vnsAbsCfgRel name="servicename" key="servicename"
targetName="gslbServ1"/>
</vnsAbsFolder>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-73

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

<vnsAbsFolder key="gslbvserver_gslbservice_binding"
name="gslbVsServBind2" scopedBy="epg">
<vnsAbsCfgRel name="servicename" key="servicename"
targetName="gslbServ2"/>
</vnsAbsFolder>
<vnsAbsFolder key="gslbvserver_domain_binding"
name="gslbVsDomainBind1" scopedBy="epg">
<vnsAbsParam name="domainname" key="domainname"
value="sp2013.test.ctx"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="gslbservice" name="gslbServ1" scopedBy="epg">
<vnsAbsParam name="servicename" key="servicename"
value="svc_gslb_sp2013_dc1"/>
<vnsAbsParam name="ip" key="ip" value="101.16.1.121"/>
<vnsAbsParam name="servicetype" key="servicetype" value="SSL"/>
<vnsAbsParam name="port" key="port" value="443"/>
<vnsAbsCfgRel name="sitename" key="sitename"
targetName="gslbSite1"/>
</vnsAbsFolder>
<vnsAbsFolder key="gslbservice" name="gslbServ2" scopedBy="epg">
<vnsAbsParam name="servicename" key="servicename"
value="svc_gslb_sp2013_dc2"/>
<vnsAbsParam name="ip" key="ip" value="201.16.1.121"/>
<vnsAbsParam name="servicetype" key="servicetype" value="SSL"/>
<vnsAbsParam name="port" key="port" value="443"/>
<vnsAbsCfgRel name="sitename" key="sitename"
targetName="gslbSite2"/>
</vnsAbsFolder>
<vnsAbsFolder key="gslbsite" name="gslbSite1" scopedBy="epg">
<vnsAbsParam name="sitename" key="sitename" value="Data_Center_1"/>
<vnsAbsParam name="siteipaddress" key="siteipaddress"
value="101.16.1.11"/>
</vnsAbsFolder>
<vnsAbsFolder key="gslbsite" name="gslbSite2" scopedBy="epg">
<vnsAbsParam name="sitename" key="sitename" value="Data_Center_2"/>
<vnsAbsParam name="siteipaddress" key="siteipaddress"
value="201.16.1.11"/>
</vnsAbsFolder>
<vnsAbsFolder key="location" name="locat1" scopedBy="epg">
<vnsAbsParam name="ipfrom" key="ipfrom" value="91.1.1.1"/>
<vnsAbsParam name="ipto" key="ipto" value="91.1.1.255"/>
<vnsAbsParam name="preferredlocation" key="preferredlocation"
value="DC1"/>
</vnsAbsFolder>
<vnsAbsFolder key="location" name="locat2" scopedBy="epg">
<vnsAbsParam name="ipfrom" key="ipfrom" value="101.16.1.121"/>
<vnsAbsParam name="ipto" key="ipto" value="101.16.1.121"/>
<vnsAbsParam name="preferredlocation" key="preferredlocation"
value="DC1"/>
</vnsAbsFolder>
<vnsAbsFolder key="location" name="locat3" scopedBy="epg">
<vnsAbsParam name="ipfrom" key="ipfrom" value="102.16.1.121"/>
<vnsAbsParam name="ipto" key="ipto" value="102.16.1.121"/>
<vnsAbsParam name="preferredlocation" key="preferredlocation"
value="DC1"/>
</vnsAbsFolder>
<vnsAbsFolder key="location" name="locat4" scopedBy="epg">
<vnsAbsParam name="ipfrom" key="ipfrom" value="92.1.1.1"/>
<vnsAbsParam name="ipto" key="ipto" value="92.1.1.255"/>
<vnsAbsParam name="preferredlocation" key="preferredlocation"
value="DC2"/>
</vnsAbsFolder>
<vnsAbsFolder key="location" name="locat5" scopedBy="epg">

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-74

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

<vnsAbsParam name="ipfrom" key="ipfrom" value="201.16.1.121"/>

<vnsAbsParam name="ipto" key="ipto" value="201.16.1.121"/>
<vnsAbsParam name="preferredlocation" key="preferredlocation"
value="DC2"/>
</vnsAbsFolder>
<vnsAbsFolder key="location" name="locat6" scopedBy="epg">
<vnsAbsParam name="ipfrom" key="ipfrom" value="202.16.1.121"/>
<vnsAbsParam name="ipto" key="ipto" value="202.16.1.121"/>
<vnsAbsParam name="preferredlocation" key="preferredlocation"
value="DC2"/>
</vnsAbsFolder>
</vnsAbsDevCfg>
<vnsAbsFuncCfg>
<vnsAbsFolder key="mFCnggslbsite" name="mFCngslbsite1" scopedBy="epg">
<vnsAbsCfgRel name="gslbsite_key" key="gslbsite_key"
targetName="gslbSite1"/>
</vnsAbsFolder>
<vnsAbsFolder key="mFCnggslbsite" name="mFCngslbsite2" scopedBy="epg">
<vnsAbsCfgRel name="gslbsite_key" key="gslbsite_key"
targetName="gslbSite2"/>
</vnsAbsFolder>
<vnsAbsFolder key="mFCnggslbvserver" name="gslbvserver1" scopedBy="epg">
<vnsAbsCfgRel name="gslbvserver_key" key="gslbvserver_key"
targetName="gslbVs1"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-outside" />
</vnsAbsFolder>
<vnsAbsFolder key="mFCnggslbservice" name="gslbservice1" scopedBy="epg">
<vnsAbsCfgRel name="gslbservice_key" key="gslbservice_key"
targetName="gslbServ1"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />
</vnsAbsFolder>
<vnsAbsFolder key="mFCnggslbservice" name="gslbservice2" scopedBy="epg">
<vnsAbsCfgRel name="gslbservice_key" key="gslbservice_key"
targetName="gslbServ2"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />
</vnsAbsFolder>
<vnsAbsFolder key="mFCnglocation" name="LOC1" scopedBy="epg">
<vnsAbsCfgRel name="location_key" key="location_key"
targetName="locat1"/>
</vnsAbsFolder>
<vnsAbsFolder key="mFCnglocation" name="LOC2" scopedBy="epg">
<vnsAbsCfgRel name="location_key" key="location_key"
targetName="locat2"/>
</vnsAbsFolder>
<vnsAbsFolder key="mFCnglocation" name="LOC3" scopedBy="epg">
<vnsAbsCfgRel name="location_key" key="location_key"
targetName="locat3"/>
</vnsAbsFolder>
<vnsAbsFolder key="mFCnglocation" name="LOC4" scopedBy="epg">
<vnsAbsCfgRel name="location_key" key="location_key"
targetName="locat4"/>
</vnsAbsFolder>
<vnsAbsFolder key="mFCnglocation" name="LOC5" scopedBy="epg">
<vnsAbsCfgRel name="location_key" key="location_key"
targetName="locat5"/>
</vnsAbsFolder>
<vnsAbsFolder key="external_network" name="external_network"
scopedBy="epg">
<vnsAbsCfgRel name="external_network_key" key="external_network_key"
targetName="network/snip1"/>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-75

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />

</vnsAbsFolder>
<vnsAbsFolder key="internal_network" name="internal_network"
scopedBy="epg">
<vnsAbsCfgRel name="internal_network_key" key="internal_network_key"
targetName="network/snip2"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-outside" />
</vnsAbsFolder>
</vnsAbsFuncCfg>
</vnsAbsNode>
<vnsAbsTermNodeCon name = "Output1">
<vnsAbsTermConn name = "C6">
</vnsAbsTermConn>
</vnsAbsTermNodeCon>
<vnsAbsConnection name = "CON1">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsTermNodeCon-Output1/AbsTConn" />
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-outside" />
</vnsAbsConnection>
<vnsAbsConnection name = "CON2">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsTermNodeProv-Input1/AbsTConn" />
</vnsAbsConnection>
</vnsAbsGraph>
</fvTenant>
</polUni>

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.
ConfigParameters_SP_GSLB_LeastConn.xml

Configure L4-L7 parameters for GSLB using distribution by least connection.

<!-- ConfigParameters_SP_GSLB_LeastConn.xml -->
<!-- Configure L4-L7 parameters for GSLB by Least Connection -->
<polUni>
<fvTenant name="silverTenant1"> <!-- GSLB config LEASTCONNECTION -->
<vnsAbsGraph name = "WebGraph_CS_GSLB_1">
<vnsAbsTermNodeProv name = "Input1">
<vnsAbsTermConn name = "C1">
</vnsAbsTermConn>
</vnsAbsTermNodeProv>
<!-- Config here is for GSLB local node -->
<vnsAbsNode name = "GSLB_1" funcType="GoTo" >
<vnsAbsFuncConn name = "outside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncGlobalServerLoadBalancing/mConn-external" />
</vnsAbsFuncConn>
<vnsAbsFuncConn name = "inside" attNotify="true">
<vnsRsMConnAtt tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncGlobalServerLoadBalancing/mConn-internal" />
</vnsAbsFuncConn>
<vnsRsNodeToMFunc tDn="uni/infra/mDev-Citrix-NetScaler-1.0/mFuncGlobalServerLoadBalancing"/>
<vnsRsDefaultScopeToTerm tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsTermNodeProv-Input1/outtmnl"/>
<vnsAbsDevCfg>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-76

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

<vnsAbsFolder key="Network" name="network" scopedBy="epg">

<vnsAbsFolder key="nsip" name="snip1">
<vnsAbsParam key="ipaddress" name="ip2" value="101.16.1.11"/>
<vnsAbsParam key="netmask" name="netmask1" value="255.255.255.0"/>
<vnsAbsParam key="type" name="tye" value="SNIP"/>
<vnsAbsParam key="dynamicrouting" name="dynamicrouting"
value="ENABLED"/>
<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>
</vnsAbsFolder>
<vnsAbsFolder key="nsip" name="snip2">
<vnsAbsParam key="ipaddress" name="ip1" value="10.16.1.11"/>
<vnsAbsParam key="netmask" name="netmask2" value="255.255.255.0"/>
<vnsAbsParam key="type" name="tye" value="SNIP"/>
<vnsAbsParam key="dynamicrouting" name="dynamicrouting"
value="DISABLED"/>
<vnsAbsParam key="hostroute" name="hostroute" value="DISABLED"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="gslbvserver" name="gslbVs1" scopedBy="epg">
<vnsAbsParam name="name" key="name" value="vip-gslb-sp2013"/>
<vnsAbsParam name="servicetype" key="servicetype" value="SSL"/>
<vnsAbsParam name="lbmethod" key="lbmethod" value="LEASTCONNECTION"/>
<vnsAbsFolder key="gslbvserver_gslbservice_binding"
name="gslbVsServBind1" scopedBy="epg">
<vnsAbsCfgRel name="servicename" key="servicename"
targetName="gslbServ1"/>
</vnsAbsFolder>
<vnsAbsFolder key="gslbvserver_gslbservice_binding"
name="gslbVsServBind2" scopedBy="epg">
<vnsAbsCfgRel name="servicename" key="servicename"
targetName="gslbServ2"/>
</vnsAbsFolder>
<vnsAbsFolder key="gslbvserver_domain_binding" name="gslbVsDomainBind1"
scopedBy="epg">
<vnsAbsParam name="domainname" key="domainname"
value="sp2013.test.ctx"/>
</vnsAbsFolder>
</vnsAbsFolder>
<vnsAbsFolder key="gslbservice" name="gslbServ1" scopedBy="epg">
<vnsAbsParam name="servicename" key="servicename"
value="svc_gslb_sp2013_dc1"/>
<vnsAbsParam name="ip" key="ip" value="101.16.1.121"/>
<vnsAbsParam name="servicetype" key="servicetype" value="SSL"/>
<vnsAbsParam name="port" key="port" value="443"/>
<vnsAbsCfgRel name="sitename" key="sitename" targetName="gslbSite1"/>
</vnsAbsFolder>
<vnsAbsFolder key="gslbservice" name="gslbServ2" scopedBy="epg">
<vnsAbsParam name="servicename" key="servicename"
value="svc_gslb_sp2013_dc2"/>
<vnsAbsParam name="ip" key="ip" value="201.16.1.121"/>
<vnsAbsParam name="servicetype" key="servicetype" value="SSL"/>
<vnsAbsParam name="port" key="port" value="443"/>
<vnsAbsCfgRel name="sitename" key="sitename" targetName="gslbSite2"/>
</vnsAbsFolder>
<vnsAbsFolder key="gslbsite" name="gslbSite1" scopedBy="epg">
<vnsAbsParam name="sitename" key="sitename" value="Data_Center_1"/>
<vnsAbsParam name="siteipaddress" key="siteipaddress"
value="101.16.1.11"/>
</vnsAbsFolder>
<vnsAbsFolder key="gslbsite" name="gslbSite2" scopedBy="epg">
<vnsAbsParam name="sitename" key="sitename" value="Data_Center_2"/>
<vnsAbsParam name="siteipaddress" key="siteipaddress"
value="201.16.1.11"/>
</vnsAbsFolder>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-77

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

</vnsAbsDevCfg>
<vnsAbsFuncCfg>
<vnsAbsFolder key="mFCnggslbsite" name="mFCngslbsite1" scopedBy="epg">
<vnsAbsCfgRel name="gslbsite_key" key="gslbsite_key"
targetName="gslbSite1"/>
</vnsAbsFolder>
<vnsAbsFolder key="mFCnggslbsite" name="mFCngslbsite2" scopedBy="epg">
<vnsAbsCfgRel name="gslbsite_key" key="gslbsite_key"
targetName="gslbSite2"/>
</vnsAbsFolder>
<vnsAbsFolder key="mFCnggslbvserver" name="gslbvserver1" scopedBy="epg">
<vnsAbsCfgRel name="gslbvserver_key" key="gslbvserver_key"
targetName="gslbVs1"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-outside" />
</vnsAbsFolder>
<vnsAbsFolder key="mFCnggslbservice" name="gslbservice1" scopedBy="epg">
<vnsAbsCfgRel name="gslbservice_key" key="gslbservice_key"
targetName="gslbServ1"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />
</vnsAbsFolder>
<vnsAbsFolder key="mFCnggslbservice" name="gslbservice2" scopedBy="epg">
<vnsAbsCfgRel name="gslbservice_key" key="gslbservice_key"
targetName="gslbServ2"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />
</vnsAbsFolder>
<vnsAbsFolder key="external_network" name="external_network"
scopedBy="epg">
<vnsAbsCfgRel name="external_network_key" key="external_network_key"
targetName="network/snip1"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />
</vnsAbsFolder>
<vnsAbsFolder key="internal_network" name="internal_network"
scopedBy="epg">
<vnsAbsCfgRel name="internal_network_key" key="internal_network_key"
targetName="network/snip2"/>
<vnsRsCfgToConn tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-outside" />
</vnsAbsFolder>
</vnsAbsFuncCfg>
</vnsAbsNode>
<vnsAbsTermNodeCon name = "Output1">
<vnsAbsTermConn name = "C6">
</vnsAbsTermConn>
</vnsAbsTermNodeCon>
<vnsAbsConnection name = "CON1">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsTermNodeCon-Output1/AbsTConn" />
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-outside" />
</vnsAbsConnection>
<vnsAbsConnection name = "CON2">
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsNode-GSLB_1/AbsFConn-inside" />
<vnsRsAbsConnectionConns tDn="uni/tn-silverTenant1/AbsGraphWebGraph_CS_GSLB_1/AbsTermNodeProv-Input1/AbsTConn" />
</vnsAbsConnection>
</vnsAbsGraph>
</fvTenant>
</polUni>

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-78

Design and Implementation Guide

Appendix C

Configurations
XML Files for Configuring NetScaler Instances

Return to XML Files that Configure NetScaler Services for SharePoint, page C-41.
Goto Configurations, page C-1.

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

Design and Implementation Guide

C-79

Appendix C

Configurations

XML Files for Configuring NetScaler Instances

Deploying Microsoft SharePoint with Cisco ACI and Citrix NetScaler

C-80

Design and Implementation Guide