Manuals / Citrix Systems / Computer Equipment / Network Router

Citrix Systems 4.2 Creating a Tier with Custom ACL List, Assigning a Custom ACL List to a Tier

Models: 4.2

1 272

Download 272 pages 63.23 Kb

Page 221

Configuring Network Access Control List

protocol is typically used to send error messages or network monitoring data. All supports all the traffic. Other option is Protocol Number.

•Start Port, End Port (TCP, UDP only): A range of listening ports that are the destination for the incoming traffic. If you are opening a single port, use the same number in both fields.

•Protocol Number: The protocol number associated with IPv4. For more information, see Protocol Numbers12.

•ICMP Type, ICMP Code (ICMP only): The type of message and error code that will be sent.

•Traffic Type: The type of traffic: Incoming or outgoing.

8.Click Add. The ACL rule is added.

You can edit the tags assigned to the ACL rules and delete the ACL rules you have created. Click the appropriate button in the Details tab.

16.27.4.4. Creating a Tier with Custom ACL List

1.Create a VPC.

2.Create a custom ACL list.

3.Add ACL rules to the ACL list.

4.Create a tier in the VPC.

Select the desired ACL list while creating a tier.

5.Click OK.

16.27.4.5. Assigning a Custom ACL List to a Tier

1.Create a VPC.

2.Create a tier in the VPC.

3.Associate the tier with the default ACL rule.

4.Create a custom ACL list.

5.Add ACL rules to the ACL list.

6.Select the tier for which you want to assign the custom ACL.

7.

Click the Replace ACL List icon.

The Replace ACL List dialog is displayed.

8.Select the desired ACL list.

9.Click OK.

12http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml

211

Image 221

Citrix Systems 4.2 manual Creating a Tier with Custom ACL List, Assigning a Custom ACL List to a Tier

Contents

Page Page Getting More Information and Help User Services OverviewConcepts Cloud Infrastructure ConceptsSteps to Provisioning Your Cloud Infrastructure Service OfferingsSetting Up Networking for Users Working With Hosts 103 Working With Virtual MachinesWorking With Storage 129 Working with Templates 113Managing Networks and Traffic 147 Working with Usage 141Page Troubleshooting 251 Tuning 249Working with System Virtual Machines 229 System Reliability and High Availability 233Event Types 259 Alerts 261 Additional Documentation Available Getting More Information and HelpCitrix Knowledge Center Contacting Support ChapterPage Concepts What Is CloudPlatform?What Can CloudPlatform Do? Multiple Hypervisor SupportDeployment Architecture Overview Cloud Infrastructure Overview Management Server OverviewMore Information Networking OverviewPage Page About Zones Cloud Infrastructure ConceptsAbout Regions Cloud Infrastructure Concepts About Pods About Clusters About Primary Storage About HostsAbout Physical Networks About Secondary StorageBasic Zone Network Traffic Types Advanced Zone Guest IP Addresses Basic Zone Guest IP AddressesAdvanced Zone Network Traffic Types System Reserved IP Addresses Advanced Zone Public IP AddressesAll zones A zone that uses advanced networkingPage Accounts, Users, and Domains AccountsBehavior of Dedicated Hosts, Clusters, Pods, and Zones How to Use Dedicated HostsDedicating Resources to Accounts and Domains Adding an Ldap Server Using an Ldap Server for User AuthenticationConfiguring an Ldap Server Trust Store Trust Store Password Search Base Example Ldap Configuration CommandsRemoving an Ldap Configuration ApacheDS Query FilterActive Directory Search User Bind DN SSL Keystore Path and PasswordPage Chapter User Services OverviewPage Supported Browsers User InterfaceLog In to the UI End Users UI OverviewLogging In as the Root Administrator Root Administrators UI OverviewCreating an Instance from a Template that Supports SSH Keys Using SSH Keys for AuthenticationChanging the Root Password Creating the SSH Keypair Output is something similar to what is given belowCreating an Instance Logging In Using the SSH KeypairResetting SSH Keys Page Configuring Projects Using Projects to Organize Users and ResourcesSetting Up Invitations Overview of ProjectsSetting Project Creator Permissions Setting Resource Limits for ProjectsSending Project Membership Invitations Creating a New ProjectAdding Members to a Project Adding Project Members From the UI Accepting a Membership InvitationSuspending or Deleting a Project Using the Project ViewPage Overview of Provisioning Steps Steps to Provisioning Your Cloud InfrastructureAdding a Region First Region The Default RegionAdding Regions optional Adding Third and Subsequent Regions Deleting a Region Prepare the System VM Template Adding a ZoneCreate a Secondary Storage Mount Point for the New Zone Steps to Add a New Zone Network Offering Description Basic Zone ConfigurationSteps to Provisioning Your Cloud Infrastructure Page Advanced Zone Configuration Page Steps to Provisioning Your Cloud Infrastructure Page NFS Vmfs Adding a PodAdd Cluster OVM Adding a ClusterAdd Cluster KVM or XenServer Adding a vSphere Cluster Add Cluster vSphereVMware Cluster Size Limit Steps to Provisioning Your Cloud Infrastructure Page Requirements for XenServer, KVM, and OVM Hosts Warning Adding a HostAdding a Host XenServer, KVM, or OVM KVM Host Additional Requirements Adding a XenServer, KVM, or OVM HostAdding a Host vSphere Adding Primary StorageAdding Secondary Storage Adding an NFS Secondary Staging Store for Each Zone Initialize and Test Steps to Provisioning Your Cloud Infrastructure Creating a New Compute Offering Service OfferingsCompute and Disk Service Offerings Creating a New Disk Offering Service OfferingsCreating a New System Service Offering System Service OfferingsModifying or Deleting a Service Offering For more information, see .7, Stopping and Starting VMs Page Page Overview of Setting Up Networking for Users Setting Up Networking for UsersAbout Virtual Networks Isolated NetworksNetwork Service Providers Support Matrix Network Service ProvidersRuntime Allocation of Virtual Network Resources IndividualACL Support Matrix for an Isolated Network CombinationSupport Matrix for Shared Network Combination Support Matrix for Basic Zone Network OfferingsCreating a New Network Offering Supported Services Description Isolated Shared See Section Remote Access VPN Changing the Network Offering on a Guest Network Creating and Changing a Virtual Router Network Offering Page Page Best Practices for Virtual Machines Working With Virtual MachinesAbout Working with Virtual Machines Monitor VMs for Max Capacity Install Required Tools and DriversVM Lifecycle Creating a VM from a template Creating VMsCreating a VM from an ISO Configuring Usage of Linked Clones on VMwareAppending a Display Name to the Guest VM’s Internal Name Accessing VMsAssigning VMs to Hosts Stopping and Starting VMsCreating a New Affinity Group Affinity GroupsAssign a New VM to an Affinity Group Change Affinity Group for an Existing VMDelete an Affinity Group Virtual Machine Snapshots for VMwareView Members of an Affinity Group Limitations on VM Snapshots Configuring VM SnapshotsUsing VM Snapshots Changing the VM Name, OS, or Group CPU and Memory Scaling for Running VMs Changing the Service Offering for a VMHow to Dynamically Scale CPU and RAM Configuring Dynamic CPU and RAM ScalingUpdating Existing VMs LimitationsMoving VMs Between Hosts Manual Live Migration Resetting the Virtual Machine Root Volume on RebootWorking with ISOs Recovering a Destroyed VMDeleting VMs Adding an ISO Changing a VMs Base Image Attaching an ISO to a VMPage 102 VCenter and Maintenance Mode Scheduled Maintenance and Maintenance Mode for HostsXenServer and Maintenance Mode Working With HostsDisabling and Enabling Zones, Pods, and Clusters To take a server out of Maintenance ModeRemoving Hosts Working With HostsUsing Cisco UCS as Bare Metal Host CloudPlatform Re-Installing HostsMaintaining Hypervisors on Hosts Removing XenServer and KVM HostsAssociating a Profile with a UCS Blade Registering a UCS ManagerDisassociating a Profile from a UCS Blade Changing Host PasswordOver-Provisioning and Service Offering Limits Limitations on Over-Provisioning in XenServer and KVM Setting Over-Provisioning RatiosRequirements for Over-Provisioning Balloon DriverVlan Provisioning Service Offering Limits and Over-ProvisioningAdding Non Contiguous Vlan Ranges Vlan Allocation ExampleAssigning VLANs to Isolated Networks Working with Templates Default TemplateCreating Templates Overview Requirements for TemplatesWorking with Templates Private and Public TemplatesCreating a Template from an Existing Virtual Machine Uploading Templates Creating a Template from a SnapshotWorking with Templates System Preparation for Windows Server 2008 R2 Exporting TemplatesCreating a Windows Template Working with Templates Page Working with Templates System Preparation for Windows Server 2003 R2 Importing Amazon Machine Images Create a grub entry in /boot/grub/grub.conf Exit out of chroot Converting a Hyper-V VM to a Template Adding Password Management to Your Templates Deleting Templates Linux OS InstallationWindows OS Installation 128 Primary Storage Working With StorageStorage Overview Working With Storage Storage TagsFiber Channel support NFS support Local storage support Storage over-provisioningSecondary Storage Maintenance Mode for Primary StorageBest Practices for Secondary Storage Changing the Secondary Storage IP AddressCreating a New Volume Working With VolumesUsing Local Storage for Data Volumes Changing Secondary Storage ServersTo Create a New Volume Uploading an Existing Volume to a Virtual MachineHypervisor Disk Image Format Attaching a VolumeVM Storage Migration Detaching and Moving VolumesMigrating a VM Root Volume to a New Storage Pool Migrating a Data Volume to a New Storage PoolResizing Volumes Volume Deletion and Garbage Collection Reset VM to New Root Disk on RebootTo enable root disk reset on VM reboot Working with SnapshotsAutomatic Snapshot Creation and Retention Incremental Snapshots and BackupVolume Status Snapshot Job Throttling Snapshot RestoreVMware Volume Snapshot Performance Working with Usage Configuring the Usage ServerAlerttypeusagesanityresult = Working with UsageSetting Usage Limits Parameter Name Definition Globally Configured LimitsDefault Account Resource Limits Per-Domain Limits Networking in a Pod Managing Networks and TrafficGuest Traffic Managing Networks and Traffic Networking in a ZoneConfiguring Isolated Guest Network Basic Zone Physical Network ConfigurationAdvanced Zone Physical Network Configuration Configure Public Traffic in an Advanced Zone Configuring a Shared Guest Network About Security Groups Using Security Groups to Control Traffic to VMsSecurity Groups in Advanced Zones KVM Only LimitationAdding Ingress and Egress Rules to a Security Group Enabling Security GroupsAdding a Security Group External Firewalls and Load Balancers MPX About Using a NetScaler Load BalancerVPX Configuring SNMPCommunity String on a Rhel ServerInitial Setup of External Firewalls and Load Balancers Adding a Load Balancer Rule Load Balancer RulesConfiguring AutoScale Prerequisites Configuration Managing Networks and Traffic Updating an AutoScale Configuration Disabling and Enabling an AutoScale ConfigurationRuntime Considerations Sticky Session Policies for Load Balancer RulesHealth Checks for Load Balancer Rules Components of Gslb Global Server Load BalancingAbout Global Server Load Balancing How Gslb Works in CloudPlatform Configuring Gslb For more information, see Configuring a Gslb Virtual Server4 Enabling Gslb in NetScaler Prerequisites and GuidelinesAdding a Gslb Rule Assigning Load Balancing Rules to Gslb Adding an Additional Guest Network Using Multiple Guest NetworksReconfiguring Networks in VMs Prerequisites Selecting the Default NetworkAdding a Network Removing a NetworkReleasing an IP Address Guest IP RangesAcquiring a New IP Address Dedicating IP Address Ranges to an Account Reserving Public IP Addresses and VLANs for AccountsStart IP End IP Dedicating Vlan Ranges to an AccountGateway Netmask IP Reservation Considerations IP Reservation in Isolated Guest NetworksReserving an IP Range Configuring Multiple IP Addresses on a Single NICBest Practices Use Cases Port Forwarding and StaticNAT Services ChangesGuidelines Assigning Additional IPs to a VMAdding Multiple Subnets to a Shared Network Multiple Subnets in Shared NetworkPrerequisites and Guidelines About Elastic IP Managing Networks and Traffic About Portable IP Portable IPsGuidelines Configuring Portable IPsAcquiring a Portable IP Enabling or Disabling Static NAT Static NATTransferring Portable IP Egress Firewall Rules in an Advanced Zone Configuring an Egress Firewall RuleIP Forwarding and Firewalling Deny Configuring the Default Egress PolicyAllow Firewall Rules Port Forwarding IP Load BalancingDNS and Dhcp Remote Access VPNConfiguring Remote Access VPN Using Remote Access VPN with Windows Setting Up a Site-to-Site VPN Connection Using Remote Access VPN with Mac OSCreating and Updating a VPN Customer Gateway Note See .27, Configuring a Virtual Private CloudManaging Networks and Traffic Page Updating and Removing a VPN Customer Gateway Creating a VPN gateway for the VPCCidr Creating a VPN Connection NoteManaging Networks and Traffic Restarting and Removing a VPN Connection About Private Vlan Isolation in Advanced Zone Using Private VlanPrerequisites Creating a PVLAN-Enabled Guest NetworkAbout Inter-VLAN Routing Page Major Components of a VPC Configuring a Virtual Private CloudAbout Virtual Private Clouds VPC Network Considerations Network Architecture in a VPCConnectivity Options for a VPC Adding a Virtual Private Cloud Adding Tiers Managing Networks and Traffic Creating ACL Lists Configuring Network Access Control ListAbout Network ACL Lists Creating an ACL Rule Assigning a Custom ACL List to a Tier Creating a Tier with Custom ACL ListAdding a Private Gateway to a VPC See .27.5.2, ACL on Private Gateway Source NAT on Private GatewayCreating a Static Route ACL on Private GatewayBlacklisting Routes Deploying VMs to the TierDeploying VMs to VPC Tier and Shared Networks Acquiring a New IP Address for a VPC Releasing an IP Address Alloted to a VPC Enabling or Disabling Static NAT on a VPC Load Balancing Public Traffic Public LB Adding Load Balancing Rules on a VPCCreating a Network Offering for Public LB Creating a Public LB Rule How Does Internal LB Work in VPC? Load Balancing Tier-to-Tier traffic Internal LBEnabling Internal LB on a VPC Tier Creating an Internal LB Rule Adding a Port Forwarding Rule on a VPC TCP UDP Removing TiersPersistent Network Considerations Persistent NetworksEditing, Restarting, and Removing a Virtual Private Cloud Creating a Persistent Guest Network System VM Template Working with System Virtual MachinesMultiple System VM Support for VMware Console ProxyWorking with System Virtual Machines Changing the Console Proxy SSL Certificate and DomainVirtual Router Configuring the Virtual RouterBest Practices for Virtual Routers Upgrading a Virtual Router with System Service OfferingsSecondary Storage VM System Reliability and High Availability HA-Enabled Virtual MachinesHA for Management Server Dedicated HA HostsPrimary Storage Outage and Data Loss Configuring the API Request RateSecondary Storage Outage and Data Loss Limiting the Rate of API RequestsLimitations on API Throttling 236 Managing the Cloud Using Tags to Organize Resources in the CloudManaging the Cloud Setting Configuration ParametersAbout Configuration Parameters Setting Local Configuration Parameters Setting Global Configuration ParametersGranular Global Configuration Parameters Cluster.cpu.allocated.capacity.disablThethr Administrator Alerts Changing the Database ConfigurationSnmp Alert Details Customizing Alerts with Global Configuration SettingsSending Alerts to External Snmp and Syslog Managers Syslog Alert Details Configuring Snmp and Syslog ManagersDeleting an Snmp or Syslog Manager Customizing the Network Domain NameStopping and Restarting the Management Server CloudPlatform API Provisioning and Authentication APIAllocators User Data and Meta DataCloudPlatform API Performance Monitoring TuningIncrease Management Server Maximum Memory Set Database Buffer Pool SizeSet and Monitor Total VM Limits per Host Configure XenServer dom0 MemoryTuning Events TroubleshootingEvent Logs Event NotificationLong Running Job Events TroubleshootingStandard Events Deleting and Archiving Events and Alerts Event Log QueriesPermissions ProcedureWorking with Server Logs Symptom Using cloud-bugtoolLog Collection Utility cloud-bugtool Data Loss on Exported Primary StorageMaintenance mode not working on vCenter Recovering a Lost Virtual RouterSolution CauseUnable to deploy VMs from uploaded vSphere template Unable to power on virtual machine on VMwareLoad balancer rules fail after changing network offering Appendix A. Event Types 260 Appendix B. Alerts Appendix B. Alerts