In this post I will show you how to load balance two StoreFront 3.0 servers through NetScaler 11. In this demo I am using two StoreFront servers named StoreFront1 and StoreFront2.
- StoreFront1 – IP = 192.168.0.104 – Protocol = HTTPS
- StoreFront2 – IP = 192.168.0.105 – Protocol = HTTPS
- LB vServer – VIP = 192.168.0.242 – Protocol = SSL
To configure StoreFront load balancing we need the following:
- Two or more StoreFront servers
- The SSL certificate used to secure communication if StoreFront is using HTTPS. This should be installed on your NetScalers. My StoreFront servers are using HTTPS so certificates apply
- StoreFront server objects, service objtcts and monitors
- A Load Balanced vServer that users will connect to when accessing StoreFront
Enable Load Balancing by navigating to Configuration -> System -> Settings -> Configure Basic Features.
Tick the box next to Load Balancing and click OK.
Time to add objects for each of your StoreFront servers that you want to load balance. Navigate to Traffic Management -> Load Balancing -> Servers -> Add.
Enter your first StoreFront servers information: Name, IP Address, Create.
Repeat the process for your remaining StoreFront servers.
Once done two server objects that I have just created now show and are enabled.
Navigate to Traffic Management -> Load Balancing -> Monitors -> Add. We need a way of monitoring the two StoreFront servers so that in the event one goes down users are not routed to that failed server. Citrix have a created StoreFront monitor built in to NetScaler which we will use. The monitor is named STOREFRONT.
We will be creating a seperate monitor for each StoreFront server. Within the Standard Parameters tab, enter a name referencing your first StoreFront server. Click the type drop-down box and select STOREFRONT. Enter the Destination IP (your StoreFront servers IP) and the port StoreFront is configured to listen on. My StoreFront servers have been configured to use HTTPS/TCP 443.Check the Secure check box.
On the Special Parameters tab, enter the name of your Citrix Store and check the boxes for StoreFront Account Service and Check Backend Services. Click OK.
Repeat the same process for your remaining StoreFront servers.
Once done, the two StoreFront monitors are created and ready to be attached to service objects.
Now we need to create those service objects. Navigate to Traffic Management -> Load Balancing -> Services -> Add.
Enter a name for your service, and attach an existing server object that you created earlier. StoreFront1 will be the first server attached to this service. Click OK.
We need to add the STOREFRONT monitor to the service we are creating. Click underneath Monitors to add the monitor we created for StoreFront1.
Click Add Binding.
Click on Click to select beneath Select Monitor*.
Select the monitor previously created and then click Select.
Click on Bind.
Repeat the same steps to create a service for your remaining StoreFront servers and attach a monitor. Click OK.
Notice both services that I created are in the down state. This is because when configuring the StoreFront monitors I asked the monitor to Check backend services. This is OK and StoreFront monitoring is built in to v3.0 by default but only via HTTP. My StoreFront servers are using HTTPS so the monitor I created earlier is trying to probe the backend services of our server through HTTP. StoreFront prior to v2.6 needed an additional add-on installed to support NetScaler -> StoreFront monitoring.
The monitoring service is accessible on each StoreFront server over port 8000 as shown below.
To change this to HTTPS. We need to configure the monitor service to use HTTPS instead. On all the StoreFront 3.0 servers perform the following steps.
Run PowerShell as an administrator.
Change directory to the Scripts folder. The location may be different for you depending on your install.
Execute the ImportModules.ps1 PowerShell script.
After the modules have been imported, running the Get-DSServiceMonitorFeature command will confirm the current StoreFront monitor URL and that it is using HTTP.
Now run the Set-DSServiceMonitorFeature -ServiceURL https://localhost:443/StoreFrontMonitor command.
Enter the new HTTPS URL in your web browser to make sure you get a response from the StoreFront monitor service.
Now back on the NetScaler the StoreFront1 service is now up. This is because NetScaler’s monitor can now probe the StoreFront monitoring service via HTTPS.
Both services are up.
So, as a summary we have server objects created which we then attached to services. These services also have monitors bound against them. The remaning piece we need is a Load Balanced vServer. Browse to Traffic Management -> Load Balancing -> Virtual Servers -> Add.
Enter a name, protocol, IP address, and port for your vServer. Click OK.
Click on No Load Balancing Virtual Server Service Binding.
Click Click to select.
Select the two services created earlier for each StoreFront server. Click Select.
The service members are now bound to the vServer. Click Continue.
Cick on No Server Certificate. We need to bind a certificate that matches the hostname we will use for our vServer, which resolves to the VIP of the vServer.
Click on Click to select.
Click on StoreFrontCertificate. Click Select. Obviously here your certificate will be called something different.
The StoreFront certificate has now been attached to the vServer. Click Continue.
Expand Method and Persistence. A load balancing method and persistence type must be defined.
Under method select ROUNDROBIN. You can also choose other methods such as LEASTCONNECTION which would normally be my preferred choice however for this demo I am selecting ROUNDROBIN. I’ll be able to test the Round Robin feature later to make sure load balancing is working as expected. Click OK.
Under Persistence choose SOURCEIP.
The new StoreFront vServer is up and online.
Save your running configuration.
Ensure you have an internal DNS A record pointing to the StoreFront Load Balanced vServer VIP. This is part of the URL that users will use to connect to StoreFront/Receiver for Web. This hostname A record must match the subject name of the certificate attached to the Load Balanced vServer.
Now with DNS resolution in place enter the Receiver for Web address in to your web browser. Your connection request will be load balanced through NetScaler and Receiver for Web will display.
Once authenticated you can now access your published applications and desktops.
To test that the ROUNDROBIN load balancing method is working, you can enter the https://storefront.domain.com URL which shoud resolve to the default IIS web page by default hosted by either of your StoreFront servers. The first request sent me to StoreFront2. I edited the iis-85.png image file and wrote StoreFron2 on the image using paint and did the same over on StoreFront1. This made it easy to identify which server I was being connected to.
The next request directed me to StoreFront1 as expected.
Alternatively on the NetScaler you can look at the statistics of your Load Balanced vServer and services. Keeping an eye on the Service Hits, Requests, and Responses will indicate which StoreFront server is taking the hit. Here you can see the difference between service hits on StoreFront 1 to StoreFront2, which is a result of persistency. If no persistency was set against general web servers for example, the service hits would in most cases be the same.