Overview
Just like our ARR servers today, the Citrix ADC's are basically acting as reverse proxies to our servers/resources on premise. Setting up a Virtual Server/Virtual IP address on a Citrix ADC so that the actual server itself does have benefits, especially when it comes to security. Also, there are subset of Virtual Servers that Content Switch which basically allow the ADC to send traffic to different resources based on the URL provided by the client.
There are three components that are defined for a basic setup where the ADC proxies traffic to the resource: Server definition, Service (or Service Group) definition, and Virtual Server definition. You will define each component in the order above since the Virtual Server is dependant on the Service, which in turn is dependant on the server.
Requirements
- A free IP address to designate as a Virtual Server IP
- If the ADC is in a DMZ and the resource is not, the ADC will need access through the firewall to communicate with the resource
Procedure
Create the Server
- Navigate to Traffic Management->Load Balancing->Servers
- Click on Add and enter the name of the server as well as its IP address along with a brief Comment of what the server is and click Create. We are not leveraging Traffic Domains in this environment today, and Traffic Domains will eventually be phased out
Create the Service
- Now that the server has been added, we will create a Service for it. A service defines what application this server will be hosting based off of TCP/UDP port that the application is listening to. In most cases, we are balancing HTTPS traffic, but since this is just a basic proxy, we will create a HTTP service. Since we are just talking about a single server, we will create a service vs a service group
- Navigate to Traffic Management->Load Balancing->Services and click Add
- Since we are just accessing IIS on port 80 (HTTP) on the test server, we will create the following and select Existing Server so we can pick the server from the list. Yes, we can "add" a new server using this interface, but you will have to go back to servers to update the name of the server.
- When you click OK, a summary screen is presented. Since this is a simple HTTP service, there is really not much more to do that to click Done. However, note that the Server State is UP with a green light. The ADC I am using for this document is not behind a firewall. If it were, the Server State might be red indicating that the ADC is NOT communicating with the server. Server state is determined by the Monitor at the bottom of the screen. The default monitor is a TCP request where the ADC sends a syn and expects a syn+ack back (2/3's of the three way handshake).
- Now that we have a service defined that is online/UP, we can create a Virtual Server
Create a Virtual Server (IP address that clients will access)
- Navigate to Traffic Management->Load Balancing->Virtual Servers and click Add. The important item here is the IP address. This is the IP that all clients will be connecting to, the IP address that we will be creating an DNS entry for. If this IP address is used for a different Virtual Server (but on a different port), then you can safely create the virtual server. However, if this is the first Virtual Server using this IP, you may want to verify that nothing else is using the IP address.
- When you click OK, you will be presented with the Virtual Server Summary page.
- You will notice that the State is Down because we have not bound this Virtual Server to a Service
- To Bind the Service we just created, click on the Virtual Server Service Binding
- Click on the Select field and you will be presented with a list of Services. Click on the one you just created and click on the Select button (which activates when you select a service).
- The Service Binding page appears. Since it's just the service, we can leave the Weight at 1. If we were binding additional services to this Virtual Server, we can use the Weight to determine which service takes precedence.
- Now that there is an active service bound to the Virtual Server, the Virtual Server state should be green/Up.
To Test your new Virtual server, you can just browse to the IP - in this case - http://10.1.52.37. You should get the same result as if you browsed directly to the server itself. Now, if we are using SSL, then there's a few extra steps as well as updating your host file so you can browse your Virtual Server IP using an actual FQDN.