Let’s look at steps on configuring a Citrix high available site for applications. These are high level steps only. Not a step by step article.
- Based on your user count and how critical is the application, create 4 DDCs. Two in North India Datacenter, and two in south India datacenter (or you can create 1 in each datacenter).
- Similarly, create storefront servers as well. All storefront servers should have all DDCs added under manage delivery controllers section.
- Create two zones in your DDC servers: SouthIndia and NorthIndia. Don’t add any DDCs/machine catalogs/delivery groups for now. Just leave them empty.
- Create 4 VDA servers. Two in south india datacenter, and two in north india datacenter.
- While installing VDA software, for the VDAs in north india, use DDC server names in north india datacenter. So, these app servers only connect to north india dc’s DDCs. Similarly, for VDAs in south india, use DDC server names in south india datacenter. These app servers only connect to south india dc’s DDCs.
- Install the application in all the VDA (application servers) servers.
- While creating the application in citrix studio, in zone section, in zone tab, select the radio box, “use the selected zone to determine where this application launches” and select NorthIndia zone from the dropdown. Do not check the box, “Launch the application only in selected zone.”
- Create 2 machine catalogs. Add 2 north india VDA servers to one machine catalog and add the machine catalog to NorthIndia zone. Similarly, add 2 south india VDA servers to other machine catalog and add the machine catalog to SouthIndia zone.
- Create delivery group, and add all 4 app servers to that delivery group from 2 machine catalogs created in above step.
- In the application properties, add the application to NorthIndia zone.
- By now, your VDA has only DDC names from north india datacenter. So, your application tries to connect to any one of the north india ddc. If both north india VDAs are unavailable, as per the configuration above, in the delivery group, you have two other app servers from south india machine catalog. Application launches from south india zone app servers. This is by zone design. (If you want the application to launch only from the selected zone (and not from any other zone), select the check box under the zone selection.)
- Make sure application and machine catalogs are added to the correct zone names. They should be same for both. Example, for an application server installed in north india datacenter, in application properties and machine catalog, it should be added to NorthIndia zone.
- In your zone, you will only have machine catalogs and applications.
In netscaler, we will create three VIPs overall. One primary netscaler gateway VIP, where users connect and it will be used for authentication. Other two will be used for HDX optimal gateway routing (configured in storefront).
- Primary VIP: mycompany.apps.com (used for authentication only)
- southindia hdx optimal gateway routing: mycompanySIOGR.apps.com
- northindia hdx optimal gateway routing: mycompanyNIOGR.apps.com
Based on your user count and the traffic, create 4 netscalers (for example).
- Configure netscaler gateway completely as standalone netscalers in all 4 netscalers. This includes, creating SF lb vip for your storefront, creating session policies, netscaler gateway vip, certificates etc..
- Create two other netscaler VIPs in all 4 netscalers, one for southindia and another for northindia. This netscaler gateway vips configuration will be the same as primary netscaler gateway VIP, but netscaler gateway vip, certificate and dns hostname will change (mycompanysiogr.apps.com and mycompanyniogr.apps.com).
- Login to netscaler gateway vips and make sure you can open application as expected.
- Goto your storefront server, under manage netscaler gateways, add your primary netscaler gateway vip (mycompany.apps.com) and select “authentication only” option under usage or role dropdown. Similarly, add other two OGR VIPs and select “HDX routing only” under usage or role dropdown for them.
- Right click on your store, and select “configure store settings” option. Next, click on optimal HDX routing option. Here you should see your two OGR Vips. select south india zone OGR vip (mycompanySIOGR.apps.com) and click manage zones. Enter the exact same zone name that you used in DDC studio earlier for south india zone(in our case it is SouthIndia).
- Similarly, select north india zone OGR vip and click manage zones. Enter exact same zone name that you used in DDC studio earlier for north india zone(in our case it is NorthIndia)
- We haven’t configured GSLB yet, but when users go to mycompany.apps.com, this VIP will only be used for authentication. When Storefront provides ICA file, based on the zone name, it will pick a netscaler vip (mycompanySIOGR.apps.com or mycompanyNIOGR.apps.com) and send it to users. User when clicks on the ica file, will connect through that particular netscaler optimal gateway routing VIP.
- Next configure GSLB.
mycompany.apps.com is used for authentication only. Once user is logged in, as part of enumeration, he gets the applications. Lets say user is in north india. He clicks on an application which is configured to north india zone. That application server (VDA) registers to any one of the DDC in north india zone. DDC sends that VDA server name to storefront specifying it is in NorthIndia zone. Storefront, when sending the ica file to user, it inserts mycompanyNIOGR.apps.com. When user clicks on the ica file, it directly connects to the mycompanyNIOGR.apps.com vip on the netscaler.