Improving Microsoft Exchange 2013 performance with NetScaler Hands-on Lab Exercise Guide. Johnathan Campos

Improving Microsoft Exchange 2013 performance with NetScaler Hands-on Lab Exercise Guide Johnathan Campos

Contents Contents... 1 Overview... 2 Scenario... 6 Exercise 1 - Initial Configuration... 7 Exercise 2 - Exchange Server Load Balancing...20 Exercise 3 - Configuring Custom Exchange Monitors...42 Exercise 4 - Configuring Custom Exchange Server Responder Policies...72 1

Overview Hands-on Training Module Objective Companies today conduct much of their business online. Whether email for corporate communications, websites for product and service information or sales, or server-hosted apps that run across a variety of end-user devices, companies rely on secure, reliable network connectivity in order to function and prosper. As the volume of a company s network traffic increases, so does the need for robust, resilient, and reliable network infrastructure that can not only sustain the network traffic, but optimize it. Gaining optimum efficiency in network connections, whether between private company assets across semi-private telecommunications channels, or between companies and their customers across the public internet, is a key asset to any company s operations. Citrix NetScaler, leveraging Load Balancing, optimizes and enhances the reliability of network infrastructures to allow better, more secure network communications, regardless of device or protocol. In this hands-on lab, we will configure Citrix NetScaler s Load Balancing, Custom Monitors, and Responder features in tandem with Microsoft Exchange 2013. Challenges: Providing increased reliability of email services, even in the face of individual server downtime Ensuring that email communications facilitate business operations while not introducing potential security threats Optimizing limited bandwidth on internet connections to ensure effective network communications across all platforms (email, data, etc.) Prerequisites Basic understanding of deployment scenarios of the Citrix NetScaler. Basic understanding of deployment scenarios of Microsoft Exchange 2013. Basic understanding of the Microsoft Exchange 2013 management console. Audience Citrix Partners Customers Sales Engineers Consultants Technical Support 2

Lab Environment Details The system diagram of the lab is shown below: The Student Desktop is accessed remotely using Citrix Receiver running on your laptop. All windows applications such as XenCenter, (the XenServer GUI management tool), are accessed from the Student Desktop. Lab Guide Conventions This symbol indicates particular attention must be paid to this step Special note to offer advice or background information reboot VMDemo Start Text the student enters or an item they select is printed like this Filename mentioned in text or lines added to files during editing Bold text indicates reference to a button or object Focuses attention on a particular part of the screen (R:255 G:20 B:147) Shows where to click or select an item on a screen shot (R:255 G:102 B:0) 3

List of Virtual Machines Used VM Name IP Address Description / OS Site1-NS1 192.168.10.15 Citrix NetScaler Build 10.5 53.9 Site1-AD1 192.168.10.11 Windows Server 2012R2 LDAP Server Site1-Client1 192.168.10.45 Windows 8.1 Client Site1-Exchange 192.168.10.20 Windows Server 2012R2 Exchange 2013 - CAS/MB Site2-Exchange2 192.168.20.20 Windows Server 2012R2 Exchange 2013 - CAS/MB Site2-AD2 192.168.20.11 Windows Server 2012R2 LDAP Server Required Lab Credentials The credentials required to connect to the environment and complete the lab exercises. VM Name IP Address Username Password Site1-NS1 192.168.10.15 nsroot nsroot Site1-AD1 192.168.10.11 Training\Administrator Citrix123 Site1-Client1 192.168.10.45 Training\Administrator Citrix123 Site1-Exchange 192.168.10.20 Training\Administrator Citrix123 Site2-Exchange2 192.168.20.20 Training\Administrator Citrix123 Site2-AD2 192.168.20.11 Training\Administrator Citrix123 Important Lab Environment Note When connecting to the lab environment, you may be prompted to restart the Windows on the Student Desktop If prompted, please select Restart Later. Selecting Restart Now will disconnect you from the Student Desktop. Additionally, you may receive intermittent User Access Control prompts on the Student Desktop regarding jucheck.exe: 4

5 When prompted, please select No and continue with your lab.

Scenario AnyCo, Inc. has requested that a Sales Engineer demonstrate to their executive IT staff a solution that can improve the reliability and operational continuity of their infrastructure while also enhancing their network security as they increase the amount of traffic that must flow between their internal network and the public internet. Likewise, they also want to ensure that these additional security and functionality enhancements do not impede their available throughput or negatively impact their employees day-to-day productivity. Citrix NetScaler, through its Load Balancing feature, can provide all of these abilities and more. In order to improve email availability system-wide and provide service redundancy, your goal is to assist AnyCo, Inc. with their challenges outlined below, and ensure that these solutions fit their business needs. Challenges: The customer wants to make sure that their email services continue despite server maintenance or unexpected downtime in any one site Emails sent outside the company should reveal as little network information as possible about the sender s environment Fluctuating volumes of email and other network traffic should not affect users experience working within the company s network 6

Exercise 1 Initial Configuration Overview This exercise will guide you through the initial configuration of the NetScaler Application Delivery Controller appliances in this lab environment, which are identified as: Site1-NS1 The following settings will be configured for each NetScaler: NSIP (NetScaler Management IP) SNIP (Subnet IP) Verify Licenses Enable Global Features Step by step guidance Estimated time to complete this lab: 20 minutes. Step Action 1. Begin by logging on to the assigned Citrix XenServer by double-clicking on the Citrix XenCenter icon. 2. Connect to the assigned XenServer by right clicking on your attached XenServer and clicking Connect. 7

3. Enter the XenServer credentials shown on the login screen of the lab execution page. Below is an example of assigned XenServer credentials. 8

4. Select the following VM and click on the console tab to begin the configuration of the Citrix NetScaler. VM: Site1-NS1 5. Enter the following IP Address, Subnet Mask and Default Gateway for the Site1-NS1, pressing Enter after each line entry. IP Address: 192.168.10.15 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.10.1 9

6. Select the following option and press Enter to Save and Quit to commit the following settings previously entered. Option: 4 7. Once the reboot is completed proceed to login to the Site1-NS1 NetScaler ADC with the following credentials. Login: nsroot Password: nsroot When entering the password text will not display for security reasons. 10

8. Enter the following command once logged onto the Site1-NS1 and confirm that 192.168.10.15 is set as the NetScaler IP. Command: show ns ip Once verified type exit on the Site1-NS1 console, press Enter, and minimize the XenCenter application. 11

9. Using Internet Explorer, proceed to type the below URL and credentials to logon to the Site1-NS1 NetScaler. http://192.168.10.15 Username: nsroot Password: nsroot 10. Select the Subnet IP Address box on the initial NetScaler configuration wizard to enter the SNIP (Subnet IP Address) for the Site1-NS1 NetScaler ADC and click Continue. 12

11. Enter the following Subnet IP Address and click Done. Subnet IP Address: 192.168.10.50 A subnet IP address is used by the NetScaler to communicate with the backend servers. NetScaler uses this subnet IP address as a source IP address to proxy the client connections as well as to send monitor probes to check the health of the backend servers. 12. Proceed to click the Host Name, DNS IP Address, and Time Zone boxes on the initial NetScaler configuration wizard to enter the Host Name, DNS IP Address, and Time Zone for the Site1-NS1 NetScaler ADC and click Continue. 13

13. Enter the following Host Name, DNS IP Address, and Time Zone and click Done. Host Name: NS1 DNS IP Address: 192.168.10.11 Time Zone: GMT-7:00-PDT-America/Los_Angeles 14. Proceed to click the Licenses box on the initial NetScaler configuration wizard to confirm the license for the Site1-NS1 NetScaler ADC. 14

15. Confirm that the four pre-configured licenses have been uploaded to the Site1-NS1 NetScaler ADC and click Back. 16. Click Continue on the initial NetScaler configuration wizard to proceed to the Site1-NS1 NetScaler dashboard. 15

17. On the NetScaler dashboard proceed to System > Settings > and click Configure Basic Features. 18. Select the following basic features and click OK to return to the NetScaler dashboard. Features: SSL Offloading Load Balancing Rewrite Authentication, Authorization, and Auditing HTTP Compression Content Switching 16

17 19. On the NetScaler dashboard proceed to System, Settings, and click Configure Advanced Features.

20. Select the following advanced features and click OK to return to the NetScaler dashboard. Features: Responder Surge Protection and Web Logging are selected by default. DO NOT un-select. Surge Protection: This feature ensures that connections to the server occur at a rate which the server can handle. The response rate depends on how surge protection is configured. The NetScaler appliance also tracks the number of connections to the server, and uses that information to adjust the rate at which it opens new server connections. Web Logging: This feature send logs of HTTP and HTTPS requests to a client system for storage and retrieval. This feature has two components: The Web log server, which runs on the NetScaler. The NetScaler Web Logging (NSWL) client, which runs on the client system. When you run the NetScaler Web Logging (NSWL) client: 1. It connects to the NetScaler. 2. The NetScaler buffers the HTTP and HTTPS request log entries before sending them to the client. 3. The client can filter the entries before storing them. 18

21. Click the small blue disk to save the NetScaler configuration. Exercise Summary In this exercise, you configured the basic features of Citrix NetScaler, including its IP addresses, licensing, and advanced feature enablement. 19

Exercise 2 Exchange Server Load Balancing Overview In this exercise, you will configure the Load Balancing feature of Citrix NetScaler in order that the NetScaler units in this environment will provide reliable connectivity to the Microsoft Exchange email infrastructure present in the Training.Lab domain. With this configuration in place, the Training.Lab domain should be able to continue to provide email service to its clients despite one of its email servers going offline. Step by step guidance Estimated time to complete this lab: 45 minutes. Step Action 1. Begin by using Internet Explorer and proceed to type the below URL and credentials to logon to the Site1-NS1 NetScaler. http://192.168.10.15 Username: nsroot Password: nsroot 20

2. From the NetScaler dashboard proceed to Traffic Management > SSL > Certificates and click Install to begin the installation of the SSL certificates utilized in this lab and exercise. 3. Add the following Certificate-Key Pair Name and browse for the Certificate File on the local C:\Certificates folder of the student desktop for the MCTIntermediate.cer certificate file. Click Install to complete the installation. Certificate-Key Pair Name: MCT Intermediate Intermediate certificates sit between an end entity certificate and a root certificate. They help complete a Chain of Trust from your certificate back to your certification authorities root certificate. 21

4. Confirm that the MCT Intermediate certificate has been installed and click Install to continue installation of the second certificate utilized in this lab and exercise. 5. Add the following Certificate-Key Pair Name and browse for the Certificate File on the local C:\Certificates folder of the student desktop for the MCTWildcard.cer certificate file and MyCitrixTraining.key key file. Click Install to complete the installation. Certificate-Key Pair Name: MCT Key Pair 22

6. Confirm that the MCT Key Pair certificate has been installed. 7. Link the MCT Key Pair SSL Certificate and MCT Intermediate SSL Certificate by right clicking on the MCT- Key Pair and selecting Link. 8. Select the following CA Certificate Name and click OK to complete the link between both SSL certificates. CA Certificate Name: MCT Intermediate 23

9. Navigate to Configuration > Traffic Management > Load Balancing > Servers and click Add to identify the Site 1 Exchange server on the Site1-NS1 NetScaler ADC. 10. Enter the following Server Name, IP Address, and click Create to complete the addition of Site1 s Exchange server. Server Name: Site1-Exchange1-Server IP Address: 192.168.10.20 24

11. Confirm that the Site1-Exchange1-Server State is Enabled. 12. Navigate to Configuration > Traffic Management > Load Balancing > Servers and click Add to identify the Site 2 Exchange server on the Site1-NS1 NetScaler ADC. 25

13. Enter the following Server Name, IP Address, and click Create to complete the addition of Site2 s Exchange server. Server Name: Site2-Exchange2-Server IP Address: 192.168.20.20 14. Confirm that the Site2-Exchange2-Server State is Enabled. 26

15. Navigate to Configuration > Traffic Management > Load Balancing > Services, click Add to bind the recently added Site1-Exchange1-Server to a general Monitor. 16. Enter the following Service Name, click Existing Server radio button and choose the Site1-Exchange1-Server. Proceed to select the below protocol, port number for the Site1-Exchange1-Server and click continue. Service Name: Site1-Exchange1-Service Protocol: SSL Port: 443 27

17. Click Done to complete the Load Balancing Service. 18. Confirm that the Site1-Exchange-Service current State is up and select Add. 28

19. Enter the following Service Name, click Existing Server radio button and choose the Site2-Exchange2-Server. Proceed to select the below protocol, port number for the Site2-Exchange2-Server and click continue. Service Name: Site2-Exchange2-Service Protocol: SSL Port: 443 20. Click Done to complete the Load Balancing Service. 29

21. Confirm that the Site2-Exchange-Service current State is up. 22. Navigate to Configuration > Traffic Management > Load Balancing > Virtual Servers, click Add to bind the recently added servers and monitors. 30

23. Add the following Name, Protocol, IP Address, Protocol and Port and click Continue. Name: Exchange-vServer IP Address: 192.168.10.100 Protocol: SSL Port: 443 24. Click on NO LBVserver to Service Binding to bind a service to the newly created Exchange-vServer. 31

25. Select Bind to view all available binding services. 26. Select both the Site1-Exchange1-Service, Site2-Exchange2-Service, and click Insert. 27. Click Save to save the Site1-Exchange1-Service and Site2-Exchange2-Service to the newly created Site1-Exchange-vServer. 32

28. Click Continue to proceed to the advanced Load Balancing Virtual Server settings. 29. Select the following advanced settings adding these features to the Virtual Server. Advanced Settings: Method Persistence SSL Certificates 33

30. Add the following LBMethod to the Method settings of the Virtual Server and click Save. LBMethod: ROUNDROBIN 31. Add the following Persistence and Time-out to the Persistence settings of the Virtual Server and click Save. Persistence: SOURCEIP Time-out: 2 Source IP: When source IP persistence is configured, the load balancing virtual server uses the configured load balancing method to select a service for the initial request, and then uses the source IP address (client IP address) to identify subsequent requests from that client and send them to the same service. You can set a time-out value, which specifies the maximum inactivity period for the session. When the timeout value expires, the session is discarded, and the configured load-balancing algorithm is used to select a new server. 32. Click on No Server Certificate to bind the server certificate used for this virtual server. 34

33. Select Bind to bind the Server Cert Key. 34. Select the MCT-Key Pair and click Insert 35

35. Select Save to complete the Server Cert Key settings. 36. Click Done to complete the virtual server setup. 36

37. Confirm that the State and Effective State are up. 38. Click the small blue disk to save the NetScaler configuration. 39. Using Internet Explorer open a new tab and proceed to type the below URL to test the Exchange-vServer. https://exchange.mycitrixtraining.net/owa 37

40. The Exchange Server 1 OWA is displayed. 41. To confirm the redundancy of the Exchange CAS environment proceed back to your NetScaler GUI and navigate to Configuration > Traffic Management > Load Balancing > Services > and Disable the Site2-Exchange2-Service stopping all connections to the Site2-Exchange-Server. 42. Select OK to confirm. 38

43. Confirm that the Site2-Exchange-Service is OUT OF SERVICE. 44. Using Internet Explorer open a new tab and proceed to type the below URL to re-test the Exchange-vServer. https://exchange.mycitrixtraining.net/owa 39

45. The Exchange Server 1 OWA is displayed. Click Refresh on the browser several times to ensure no connections are forwarded to Site2-Exchange2-Server. Log on to Outlook Web Access by utilizing the following credentials. Domain\user name: training\administrator Password: Citrix123 46. Proceed back to your NetScaler GUI and navigate to Configuration > Traffic Management > Load Balancing > Services > and Enable the Site2-Exchange2- Service enabling all connections to the Site2-Exchange-Server. 40

47. Confirm the Site2-Exchange2-Service State is UP. 48. Click the small blue disk to save the NetScaler configuration. Exercise Summary In this exercise, you configured the Load Balancing feature of Citrix NetScaler. With this configuration, the Citrix NetScaler units will be able to receive and redirect all connections to the Training.Lab email infrastructure to ensure that, while both email servers are online, the number of connections made and maintained to each is kept even. Also, in the event that one of the email servers should go offline, the Citrix NetScaler units will be able to redirect connection attempts to the remaining online server, thus ensuring continuity of email services for all clients of the Training.Lab email infrastructure. 41

Exercise 3 Configuring Custom Exchange Monitors Overview This exercise explains how to create custom Microsoft Exchange monitors to thoroughly inspect all existing Microsoft Exchange virtual servers. These monitors will specifically probe the following Exchange sites. 1. /owa (Outlook Web Access) 2. /ecp (Exchange Control Panel) 3. /ews (Exchange Web Service) 4. /Microsoft-Server-ActiveSync (ActiveSync Service for Mobile Mail clients) 5. /oab (Offline Address Book) 6. /rpc (Outlook Anywhere or RPC over HTTPS) 7. /Autodiscover (Autodiscover Service) Step by step guidance Estimated time to complete this lab: 45 minutes. 42

Step Action 1. Begin by using Internet Explorer and proceed to type the below URL and credentials to logon to the Site1-NS1 NetScaler. http://192.168.10.15 Username: nsroot Password: nsroot 2. From the NetScaler dashboard navigate to Configuration > Traffic Management > Load Balancing > Monitors and click Add to create the first Monitor utilized in this exercise. 43

3. Enter the following Name and Type. Scroll down to click the Secure check box to convert the HTTP monitor to HTTPS. Name: OWA-Mon Type: HTTP Do not Click Create. Proceed to the next step. 44

4. Click on the Special Parameters tab, add the following HTTP Request (HTTP Header Request), click the Treat Backslash as Escape Character check box and click Create. HTTP Request: GET /owa/healthcheck.htm The monitor created is a dedicated monitor for Outlook Web Access. 5. Select the OWA-Mon and click Add to create a new pre-populated monitor. 45

6. Change the OWA-Mon name to ECP-Mon and ensure that the Secure check box is checked. 7. Click on the Special Parameters tab, modify the following HTTP Request (HTTP Header Request), and click the Treat Backslash as Escape Character check box and click Create. HTTP Request: GET /ecp/healthcheck.htm The monitor created is a dedicated monitor for the Exchange Control Panel. 46

8. Select the OWA-Mon and click Add to create a new pre-populated monitor. 9. Change the OWA-Mon name to EWS-Mon and ensure that the Secure check box is checked. 47

10. Click on the Special Parameters tab, modify the following HTTP Request (HTTP Header Request), check the Treat Backslash as Escape Character check box and click Create. HTTP Request: GET /ews/healthcheck.htm The monitor created is a dedicated monitor for the Exchange Web Service. 11. Select the OWA-Mon and click Add to create a new pre-populated monitor. 48

12. Change the OWA-Mon name to Activesync-Mon and ensure that the Secure check box is checked. 13. Click on the Special Parameters tab, modify the following HTTP Request (HTTP Header Request), check the Treat Backslash as Escape Character check box and click Create. HTTP Request: GET /Microsoft-Server-ActiveSync/healthcheck.htm The monitor created is a dedicated monitor for Exchange ActiveSync. 49

14. Select the OWA-Mon and click Add to create a new pre-populated monitor. 15. Change the OWA-Mon name to OAB-Mon and ensure that the Secure check box is checked. 50

16. Click on the Special Parameters tab, modify the following HTTP Request (HTTP Header Request),check the Treat Backslash as Escape Character check box and click Create. HTTP Request: GET /oab/healthcheck.htm The monitor created is a dedicated monitor for Exchange Offline Address Book. 17. Select the OWA-Mon and click Add to create a new pre-populated monitor. 51

18. Change the OWA-Mon name to RPC-Mon and ensure that the Secure check box is checked. 19. Click on the Special Parameters tab, modify the following HTTP Request (HTTP Header Request), check the Treat Backslash as Escape Character check box and click Create. HTTP Request: GET /rpc/healthcheck.htm The monitor created is a dedicated monitor for Outlook Anywhere. 52

20. Select the OWA-Mon and click Add to create a new pre-populated monitor. 21. Change the OWA-Mon name to AutoDiscover-Mon and ensure that the Secure check box is checked. 53

22. Click on the Special Parameters tab, modify the following HTTP Request (HTTP Header Request), check the Treat Backslash as Escape Character check box and click Create. HTTP Request: GET /Autodiscover/healthcheck.htm The monitor created is a dedicated monitor for AutoDiscover Service. 23. Navigate to Configuration >Load Balancing > Services and double click on the Site1- Exchange1-Serivce to begin binding the newly created monitors to the Site1-Exchange1- Service. 54

24. Click the 1 Service to LB Monitor Binding bar to show current monitors bound to the Site1-Exchange1-Service. 25. Click Bind to view all available monitors. 55

56 26. Scroll to the bottom of the page and change the Per Page item amount to 50.

27. Select the following Monitors and click Insert. OWA-Mon ECP-Mon EWS-Mon Activesync-Mon OAB-Mon RPC-Mon AutoDiscover-Mon 28. Select Save to complete the binding of the custom exchange monitors to the Site1- Exchange1-Service. 57

29. Click Done to close the Site1-Exchange1-Service details. 30. Confirm that the Site1-Exchange1-Service State is UP. 58

31. Navigate to Configuration >Load Balancing > Services and double click on the Site2- Exchange2-Serivce to also bind the newly created monitors to the Site2-Exchange2- Service. 32. Click the 1 Service to LB Monitor Binding bar to show current monitors bound to the Site2-Exchange2-Service. 59

33. Click Bind to view all available monitors. 34. Scroll to the bottom of the page and change the Per Page item amount to 50. 60

35. Select the following Monitors and click Insert. OWA-Mon ECP-Mon EWS-Mon Activesync-Mon OAB-Mon RPC-Mon AutoDiscover-Mon 36. Select Save to complete the binding of the custom exchange monitors to the Site2- Exchange2-Service. 61

37. Click Done to close the Site2-Exchange2-Service details. 38. Return to your desktop and click on the Exchange2.rdp icon to remote into the Site2- Exchange2 server. Use the following username and password to login to the server. Username: training\administrator Password: Citrix123 62

63 39. Proceed to the Desktop and open Internet Information Services Manager.

40. Navigate the Internet Information Services Manager to EXCHANGE2 > Application Pools and located the MSExchangeOWAAppPool. 41. Stop the MSExchangeOWAAppPool causing the Site2-Exchange2-Service to go down due to the OWA-Mon receiving an HTTP 503 response code. 64

42. To confirm that the Virtual Server Service Monitor is now DOWN (offline), minimize the remote desktop session initiated to Exchange1.training.lab and return to the desktop. Open internet explorer to the following URL. Login to the Site1-NS1 with the following username and password http://192.168.10.15 Username: nsroot Password: nsroot 43. Navigate to Configuration > Traffic Management > Load Balancing > Services and notice that the Site2-Exchange2-Service is DOWN. It is recommended to click refresh to ensure the most accurate State of all Services. 65

44. Right Click on the Site2-Exchange2-Service and choose Edit. 45. Click on 7 Service to LB Monitor Bindings to view the Status of all monitors. 66

46. Confirm that the OWA-Mon s current state is DOWN due to stopping the MSExchagneOWAAppPool. MSExchangeOWAAppPool may auto-start due to Exchange 2013 self-healing features. If OWA- Mon s Current State is shown UP please repeat steps 40 41. 47. Click Save followed by Done. 67

48. Navigate to Configuration > Load Balancing > Virtual Servers and confirm that the Exchange-vServer State and Effective State is UP. 49. Using Internet Explorer open a new tab and proceed to type the below URL to test the Exchange-vServer. https://exchange.mycitrixtraining.net/owa 50. The Exchange Server 1 OWA is displayed. Log on to Outlook Web Access by utilizing the following credentials. Domain\user name: training\administrator Password: Citrix123 68

51. Minimize Internet Explorer on the Student Desktop and proceed to the current remote desktop session initiated to the Exchange2.training.lab server. 52. Start the MSExchangeOWAAppPool by right clicking the MSExchangeOWAAppPool and choosing Start. 69

70 53. Right click on EXCHANGE2 and STOP then START Internet Information Services to refresh all connections to the recently stopped app pool.

54. Proceed back the NetScaler GUI and Navigate to Configuration > Traffic Management > Load Balancing > Services and confirm the Site2-Exchange2-Service State is UP. It is recommended to click refresh to ensure the most accurate State of all Services. 55. Navigate to Configuration and click the small blue disk to save the NetScaler configuration. Exercise Summary In this exercise, you configured Service Monitors which allow the Citrix NetScaler to continually communicate with and verify the availability of the associated email servers. By monitoring the status and availability of the email servers, Citrix NetScaler can ensure that it is always passing network traffic to backend servers and resources that are online and available to server the content that incoming client connections are requesting. Likewise, monitoring the backend severs allows the Citrix NetScaler to redirect traffic when necessary in order to ensure continuity of service availability. 71

Exercise 4 Configuring Custom Exchange Responder Policies Overview In this exercise you will configure custom Responder Policies for the Microsoft Exchange email servers in the Training.Lab environment. These custom Responder Policies will work in conjunction with the previously created Monitors to allow Citrix NetScaler to dynamically redirect incoming email connection requests based on the status of the email servers within the private networks of the Training.Lab domain sites. Step by step guidance Estimated time to complete this lab: 30 minutes. Step Action 1. Using Internet Explorer proceed to type the below URL and credentials to logon to the Site1-NS1 NetScaler. http://192.168.10.15 Username: nsroot Password: nsroot 72

2. Navigate to AppExpert > Responder > Actions and click Add to create the responder action used for our responder policy. 3. Enter the following Name, Type, Expression, check the Bypass Safety Check checkbox and click Create to complete the responder action. Name: OWA-RESP-ACTION Type: Redirect Expression: "https://"+http.req.hostname+"/owa/" It is recommended to COPY and PASTE the expression to ensure no mistakes occur. The responder action create will be used for HTTP to HTTPS redirection for Outlook Web Access. 73

4. Click Add to add a second responder action. 5. Enter the following Name, Type, Expression, check the Bypass Safety Check checkbox and click Create to complete the responder action. Name: EAC-RESP-ACTION Type: Redirect Expression: "https://"+http.req.hostname+"/ecp/" It is recommended to COPY and PASTE the expression to ensure no mistakes occur. The responder action create will be used for HTTP to HTTPS redirection for Outlook Web Access. 74

6. Navigate to AppExpert > Responder > Policies and click Add to create the responder policy that will bind to the newly created actions. 7. Enter the following Name, Action, Expression, and click Create to complete the responder policy. Name: OWA-RESP-POLICY Action: OWA-RESP-ACTION Expression: CLIENT.TCP.DSTPORT.EQ(80) && HTTP.REQ.HOSTNAME.CONTAINS("mail.mycitrixtraining.net") It is recommended to COPY and PASTE the expression to ensure no mistakes occur. The responder policy created here will be used for HTTP to HTTPS redirection for Outlook Web Access. 75

8. Click Add to add a second responder policy. 9. Enter the following Name, Action, Expression, and click Create to complete the responder policy. Name: EAC-RESP-POLICY Action: EAC-RESP-ACTION Expression: CLIENT.TCP.DSTPORT.EQ(80) && HTTP.REQ.HOSTNAME.CONTAINS("eac.mycitrixtraining.net") It is recommended to COPY and PASTE the expression to ensure no mistakes occur. The responder policy created here will be used for HTTP to HTTPS redirection for Outlook Web Access. 76

10. Navigate to Configuration > Traffic Management > Load Balancing > Servers and click Add to add a fictitious server utilized by the responder policies. 11. Enter the following Server Name, IP Address, and click Create to complete the addition of fictitious server. Server Name: HTTP-RESP-Server IP Address: 1.1.1.1 The IP Address 1.1.1.1 is used as a fictitious address as this virtual server sole purpose is for the responder policies. 77

12. Confirm that the HTTP-RESP-Server State is Enabled. 13. Navigate to Configuration > Traffic Management > Load Balancing > Monitors to bind fictitious PING monitor to utilize for the future responder Virtual Server. 14. Click ping followed by Add to complete the ping monitor. 78

15. Enter the following Name and Desitination IP and click Create to complete the customer ping monitor. Name: Self-NS-PING Destination IP: 127.0.0.1 16. Modify the monitors page to display 50 or more items. 79

17. Confirm that the Self-NS-PING is now Enabled. 18. Navigate to Configuration > Traffic Management > Load Balancing > Services, click Add to bind the recently added HTTP-RESP-Server and Self-NS-PING monitor. 80

19. Enter the following Service Name, Existing Server, Protocol, Port, and click Continue. Service Name: HTTP-RESP-Service Existing Server: HTTP-RESP-Server Protocol: HTTP Port: 80 20. Click on 1 Service to LB Monitor Binding to bind the Self-NS-PING monitor to the HTTP- RESP-Service. 21. Select Bind. 81

22. Scroll to the bottom of the page and change the Per Page item amount to 50. 23. Select the following Monitor and click Insert. Monitor: Self-NS-PING 82

24. Click Save to save the selected monitor to the service. 25. Click Done to complete the Load Balancing Service. 26. Confirm that the HTTP-RESP-Service State is Up. It is recommended to click refresh to ensure the most accurate State of all Services. 83

27. Navigate to Configuration > Traffic Management > Load Balancing > Virtual Servers, click Add to bind the recently added HTTP-RESP-Service to a virtual server. 28. Enter the following Name, Protocol, IP Address, Port, and click Continue. Name: HTTP-RESP-vServer IP Address: 192.168.10.100 Protocol: HTTP Port: 80 84

29. Click on the No LBVserver to Service Binding to bind the HTTP-RESP-Service to the newly create Virtual Server. 30. Select Bind. 31. Select the HTTP-RESP-Service and click Insert. 32. Click Save to complete the binding. 85

33. Click Continue to proceed with the addition of policies to the Load Balancing Virtual Server. 34. Select the following Advanced Setting to apply the responder policy to the load balancing virtual server. Policies 86

35. Click on the + sign to add the policy. 36. Choose the following Policy, Type, and click Continue. Policy: Responder Type: Request 37. Select Bind. 87

38. Choose the following Responder Policies and click Insert. Responder Policies: OWA-RESP-POLICY EAC-RESP-POLICY 39. Choose OK to complete the addition of the policies to the Load Balancing Server. 40. Click Done to complete the Load Balancing Server. 88

41. Confirm the State of the HTTP-RESP-vServer State and Effective State is Up. It is recommended to click refresh to ensure the most accurate State of all Services. 42. Select the small blue disk to save the NetScaler configuration. 89

43. Test each responder policy by open a NEW Internet Explorer window and delete the browser history due to persistence of the vserver. Click Delete. Select all check boxes and click Delete. 90

44. Navigate to the following sites to begin testing. URL to test OWA-RESP-POLICY: http://mail.mycitrixtraining.net URL to test EAC-RESP-POLICY: http://eac.mycitrixtraining.net OWA-RESP-Policy will forward any requests to http://mail.mycitrixtraining.net to a secure SSL connection URL https://mail.mycitirixtraining.net/owa (Outlook Web Access) EAC-RESP-Policy will forward any requests to http://eac.mycitrixtraining.net to a secure SSL connection URL https://eac.mycitirixtraining.net/ecp Exchange Admin Center 91

Exercise Summary In this lab, you configured custom Responder Policies in Citrix NetScaler. These custom Responder Policies allowed the Citrix NetScaler to leverage its Monitors for the Microsoft Exchange email servers to dynamically control and redirect the flow of network traffic based on the operational state of the email servers within the private networks of the two sites within the Training.Lab domain. Change Description Updated By Date 1.0 Original version Johnathan Campos 11/2014 1.1 Organization Johnathan Campos 11/25/2014 1.2 Added Site Link to SPO Johnathan Campos 12/1/2014 1.3 Organization Johnathan Campos 12/22/2014 1.4 Organization to Exercise 2 Johnathan Campos 12/22/2014 About Citrix Citrix Systems, Inc. designs, develops and markets technology solutions that enable information technology (IT) services. The Enterprise division and the Online Services division constitute its two segments. Its revenues are derived from sales of Enterprise division products, which include its Desktop Solutions, Datacenter and Cloud Solutions, Cloud-based Data Solutions and related technical services and from its Online Services division's Web collaboration, remote access and support services. It markets and licenses its products directly to enterprise customers, over the Web, and through systems integrators (Sis) in addition to indirectly through value-added resellers (VARs), value-added distributors (VADs) and original equipment manufacturers (OEMs). In July 2012, the Company acquired Bytemobile, provider of data and video optimization solutions for mobile network operators. http://www.citrix.com 92