NetScaler SSL Offload for Device Manager - Update
As aujourd 'hui XenMobile device manager has a limitation where the device manager should be placed in the DMZ network instead of internal network or device driver from the traffic before finally making NetScaler SSL bridge. But now with XenMobile Device Manager SSL Offload Server Patch you can place the device manager in the internal network and discharge all SSL (443 and 8443) traffic @ NetScaler and reinitaite traffic NetScaler Device harbor Manager 80.
pre-Req:
- You must have the relevant license with NS applied to it
- You must have XenMobile Device Manager SSL. Patch Server Offload.
- Certificates valid on NetScaler.
- Port 80 open NetScaler Device Manager server.
Installation procedure XenMobile Device Manager Server SSL offload Patch
- Download the SSL Offload patch Citrix Downloads
- Copy the .jar file to: XenMobile device Manager tomcat webapps [instance_name] WEB-INF lib (on all cluster nodes, in device Manager cluster configuration)
- Reboot device Manager XenMobile Service
- to confirm the installation of the patch, access http // .: XDM server / zdm / helper.jsp. You can find the connection details installed.
Export Java Tomcat Root and CA Device Certs Device Manager server
- Connecting to the device Manager server
- Access C :. Program Files (x86) Citrix XenMobile Device Manager tomcat folder conf
- Copy cacerts.pem and copy it to your local hard disk (you'll need download it by NetScaler.)
- Open cacerts.pem cert [avecBloc-notescopiezlapremièresectionducertificatdepEMetl'enregistrercommeCAdepériphériqueetladeuxièmesectionducertificatdepemuneracineCA
Procedure SSL configuration to unload NetScaler XenMobile Device Manager
- log in to NetScaler.
- Expand SSL Select Certificates and Install CA Device and root CA also Install server certificate in NetScaler.
- Under SSL Select Policies under Actions Click Add to create SSL action.
- provide the name of action, Enable on client certificate in the menu selection and provide certificate Tag as NSClientCert and click Create .
- Under SSL Select Policies Under Policies Click Add to create SSL policies.
- Provide the name of the policy, select action in the drop down list you created in the previous step and provide the value of expression CLIENT.SSL.CLIENT_CERT .EXISTS Click Create .
- Expand traffic management , select Service under SSL Offload and click Add.
- Provide Service Name provide XDM server IP address and the Protocol on the basis of the Port ( 80) and available Monitors Add the tcp monitor set list [[desmoniteursetcliquezsur Create.
- Check the service you have created is up. (If the service is down please check if the XDM server is accessible from NS on port 80, so make sure you patch applied to the Device Manager).
- Again, expand traffic management , select virtual servers under SSL Offload and click Add .
- provide Server Name provide server IP address which is used / you have booked to SSLOffload and port as 443 and select the XDM service.
- Under SSL Settings add the server certificate to the configured list.
- Press device CA and root CA such as Cert CA Add the drop.
- In the same pane, select SSL policies and enter the SSL policy you created in the previous step and click Ok.
- Select SSL Parameter check box for [] authentication client 1945002 and set client certificate to optional.
- provide Server Name provide server IP address is used / you have booked the SSLOffload and port as 8443 and select the XDM service under SSL Settings select the certificate appropriately and click create. (You can find the steps to download a cert in NS @ http://support.citrix.com/article/CTX109260)
Note: you should not add the root and CA certs Device and SSL link the policy for the VServer on port 8443.
- Check the servers you created is in place.
- Once the above configuration is completed in NetScaler you can go ahead and access / Join the server device driver on the virtual server IP.
. Note: If you are not able to access / connection to the Device Manager console after the above steps, activate "SSL Redirect" under SSL Offload> Certificates> SSL Settings> Configure SSL Params
0 Komentar