#SYN513, Risks and Challenges with NetScaler Gateway and Storefront

#SYN513, Risks and Challenges with NetScaler Gateway and Storefront.

Went over how to load balance and showed the traffic flow for StoreFront and WI and spoke on the importance of also Load Balancing your authentication provider. Make sure and have TCP 8008 of you are using HTML 5 client.

Talked about the Platform license and how it cannot move between MPX and VPX and then get the LM Host ID from the command line. Keep track of your MACs on VPXs if you need to redeploy the instance. Talked about the access gateway platform license (basic mode) for just basic XA and XD access and the Access gateway universal license (smart access) is for the full VPN and XenMobile micro VPNs which could be a gotcha for some clients now. Use /var/log/license.log to troubleshoot license problems.

Went over common authentication errors where the parts are not open, bind account expired, 636 isn’t enabled on the DC. Then you can use the cat aaadebug file to go further. If you get “cannot complete request” check to see if your storefront server can resolve the FQDN of the AG vServer.

If the application cannot launch telnet 1494 and 2598 from the NetScaler to check that access. Check your STAs to make sure they are up and the list is the same on the NetScaler and StoreFront.

Did a great overview of Session Policies and Profiles and how to make expressions.

Great command to see what AGEE policies are being used
Nsconmsg -d current -g pol_hits

Really great information for anyone who is using NetScaler, StoreFront and Web Interface and how the traffic flows and how to troubleshoot it when something goes wrong.