Load Balancing Citrix Delivery Controllers with NetScaler

To Load Balance via NetScaler you need a Standard ADC license at minimum. This post will show how to load balance the Delivery Controllers and ensure their services are health monitored by using NetScaler built-in monitoring. The Delivery Controllers will use HTTPS for communication.

If you have not already enabled Load Balancing, right-click Load Balancing within NetScaler and choose Enable.

First create server objects for each of your Delivery Controllers. Navigate to Traffic Management -> Load Balancing -> Servers -> Add.

Enter a name and the IP of your Delivery Controller. Click Create. Do the same for your remaining Delivery Controllers. Now each server object will go in to a Service Group. Navigate to Traffic Management -> Load Balancing -> Service Groups -> Add. Specify a name and choose SSL as the protocol. You can configure HTTP/80 but I like to secure the XML broker communication and it is recommended for security. Click OK. Click on No Service Group Member to bind a members to this Service Group. Click Click to select. Select your Delivery Controller server objects, click Select. Now enter 443 as the port. Click Create. Click OK. Expand Monitors. Click on No Service Group to Monitor Binding. Click on the + symbol. Enter a name and under Type choose CITRIX-XD-DDC. Towards the bottom of the Standard Parameters tab check Secure. Click on the Special Parameters tab. Here you can validate credentials against your Delivery Controllers. This is just an added monitoring capability to ensure the Delivery Controllers are online even if the standard monitor probe is successful. Click Create. Click Done. The new Service Group shows as UP. A load balanced certificate needs to be installed on your Delivery Controllers and additional work binding that SSL certificate and the Citrix Broker Service together needs performed. If the Delivery Controllers have IIS then you use that to do your certificate to HTTPS bindings however most Delivery Controller installs are on a dedicated machine and does not run IIS. See http://www.jgspiers.com/securing-ddc-xml-broker-communication-over-https/ Now we create the Load Balanced vServer. Navigate to Traffic Management -> Load Balancing -> Virtual Servers -> Add. Specify a name, set the protocol as SSL and enter an IP. Click OK. Click No Load Balancing Virtual Server ServiceGroup Binding to bind the Service Group to this Virtual Server. Click on Click to select. Select the Service Group. Click Select Click Bind. Click Continue. Click No Server Certificate. Click on Click to select. Select the Load Balanced certificate that is also installed on the Delivery Controllers. In my case, it matches the URL of ddclb.jgspiers.com. Click Select. Click Bind. Expand Persistence. Choose SOURCEIP and click OK. Expand Method. Choose ROUNDROBIN and click OK. Click Done. The Virtual Server reports UP and is ready to be used. Within StoreFront make sure you specify the Load Balanced FQDN against your stores.


10 Comments

  • Bilal Aslam

    January 19, 2017

    To best of my understanding this statement is not correct. “To Load Balance via NetScaler you need an Enterprise ADC license at minimum”

    Reply
    • George Spiers

      January 19, 2017

      You are right – that is just a mistake on my end. You need Standard or higher.

      Reply
      • SaaJ

        October 13, 2017

        I am guessing we could use a Netscaler VPX Express to achieve this. Any disadvantages in doing this? Would the 5mbs limit be a blocker?

        Thanks.

        Reply
        • George Spiers

          October 13, 2017

          Yes VPX Express can do that and 5Mbps will only become a blocker if DDC Load Balancing tries to comsume more than that 🙂 I’m not sure how much bandwidth brokering consumes, but would bet it is very minimal.

          Reply
  • Martin Meier

    March 14, 2017

    Can this LB vServer also be used as STA on NetScaler Gateway and on StoreFront Remote Access configuration?

    Reply
    • George Spiers

      March 14, 2017

      Nope you can’t use load balanced names for STA. You’ll have to use the FQDN of one or more DDCs.

      Reply
  • Joeke van der Velde

    May 15, 2017

    Maybe a bit of a newbie question, but i’m wondering:

    What are the user rights the “service_ddc” account needs under special parameters?
    Are they only Citrix rights within Citrix Studio? Or maybe a few AD rights?

    I can’t find it anywhere, so it looks like i’m the only one who doesn’t know.. :-p

    Reply
    • George Spiers

      May 15, 2017

      Hi Joeke
      It is just a standard domain user account you need.

      Reply
      • Joeke van der Velde

        May 15, 2017

        Thx George!

        Reply
  • berks

    October 17, 2017

    Hi JG, just want to thank you, your articles are always fantastic and always appreciate the effort you put in.

    Reply

Leave a Reply