Manuals / Citrix Systems / Computer Equipment / Network Router

Citrix Systems CITRIX NETSCALER 9.3 Configuration steps, 4. Sample Values for Creating Entities

Models: CITRIX NETSCALER 9.3

1 195

Download 195 pages 43.21 Kb

Page 36

Chapter 1	Authentication and Authorization

	Table 1-4.Sample Values for Creating Entities

	Field	Value	Note

	NetScaler host name	ns01.example.net	N/A

	User accounts	johnd, mariar, and	John Doe, IT manager,
		michaelb	Maria Ramirez, IT
			administrator and Michael
			Baldrock, IT administrator.

	Groups	Managers and SysOps	All managers and all IT
			administrators.

	Command Policies	read_all, modify_lb, and	Allow complete read-only
		modify_all	access, Allow modify
			access to load balancing,
			and Allow complete
			modify access.

The following description walks you through the process of creating a complete set of user accounts, groups, and command policies on the NetScaler appliance named ns01.example.net.

The description includes procedures for binding the appropriate user accounts and groups to one another, and binding appropriate command policies to the user accounts and groups.

This example illustrates how you can use prioritization to grant precise access and privileges to each user in the IT department.

The example assumes that initial installation and configuration have already been performed on the NetScaler.

Configuration steps

1.Use the procedure described in Configuring User Accounts on page 22 to create user accounts johnd, mariar, and michaelb.

2.Use the procedure described in Configuring User Groups on page 24 to create user groups Managers and SysOps, and then bind the users mariar and michaelb to the SysOps group and the user johnd to the Managers group.

3.Use the procedure described in Creating Custom Command Policies on page 28 to create the following command policies:

•read_all with action Allow and command spec "(^show\s+(?!system)(?!ns ns.conf) (?!ns runningConfig).*)(^stat.*)"

•modify_lb with action as Allow and the command spec "^set\s+lb\s+.*$"

•modify_all with action as Allow and the command spec "^\S+\s+(?!system).*"

36

Image 36

Citrix Systems CITRIX NETSCALER 9.3 manual Configuration steps, 4. Sample Values for Creating Entities, Field

Contents

Citrix NetScaler Administration Guide Citrix NetScalerCopyright and Trademark Notice All rights reserved Last Updated March Document code May 21 2012 Page Contents 1 Authentication and AuthorizationPreface Contents 2 SNMPCitrix NetScaler Administration Guide Enabling Unconditional SNMP Trap Loggingviii Contents3 Audit Logging Citrix NetScaler Administration Guide 4 Web Server LoggingContents Installing and Configuring the Client System for Web Server Logging. . . . . . . . . . . . . . . . . . . . . 96 Installing NSWL Client on a Solaris Operating System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97 To install the NSWL client package on a Solaris operating system. . . . . . . . . . . . . . 97 To uninstall the NSWL client package on a Solaris operating systemConfiguring TCP Window Scaling xi Citrix NetScaler Administration Guide5 Advanced Configurations Contents Specifying the MSS Value in a TCP Profile xiiiCitrix NetScaler Administration Guide 6 Web InterfaceEnabling AppFlow for Virtual Servers 179 xivContents 7 AppFlowCitrix NetScaler Administration Guide 8 Reporting ToolContents Preface Formatting Conventions for NetScaler DocumentationIn This Preface Table 1. Formatting ConventionsDocumentation Available on the NetScaler Appliance PrefaceTo view the documentation ConventionGetting Service and Support NetScaler Documentation FeedbackTo provide feedback at the Knowledge Center home page Preface Authentication and Authorization Configuring Users and Groups Configuring Command PoliciesResetting the Default Administrator nsroot Password Example of a User Scenario Configuring External User AuthenticationConfiguring Users and Groups Configuring User AccountsTo create a user account by using the NetScaler command line w show system user ExampleParameters for configuring a user account password Passwordtimeout CLI Idle Session Timeout Secs userName User NameConfiguring User Groups To configure a user account by using the configuration utilityTo create a user group by using the NetScaler command line Password Confirm Password CLI Prompt CLI Idle Session Timeout SecsTo modify or remove a user group by using the NetScaler command line To bind a user to a group by using the NetScaler command lineTo unbind a user from a group by using the NetScaler command line w show system group groupName ExampleParameters for configuring a user group To configure a user group by using the configuration utilityw show system group groupName groupName Group NameConfiguring Command Policies Built-in Command PoliciesCLI Prompt CLI Idle Session Timeout Secs Creating Custom Command Policies Table 1-1. Built-in Command Policiesexcept show runningconfig, show runningconfig, and sh gslbTable 1-2. Examples of Regular Expressions for Command Policies Command specificationMatches these commands Table 1-3. Expressions Used in the Built-in Command PoliciesTo create a command policy by using the NetScaler command line Parameters for configuring a command policyw sh system cmdPolicy Example policynameBinding Command Policies to Users and Groups To configure a command policy by using the configuration utilityParameters for binding a command policy to a user To bind command policies to a user by using the configuration utilityw sh system user userName Example w sh system user userNameParameters for binding a command policy to a group Resetting the Default Administrator nsroot Password To reset the nsroot passwordExample of a User Scenario fsck /dev/ad0s1a mount /dev/ad0s1a /flashConfiguration steps modifyall with action as Allow and the command spec \S+\s+?!systemTable 1-4. Sample Values for Creating Entities FieldConfiguring External User Authentication Configuring LDAP Authentication Table 1-5. User Attribute Fields for LDAP Servers LDAP serverUser attribute Case sensitive?To configure LDAP authentication by using the configuration utility 4. In Authentication Type, select LDAP. Next to Server, click NewLDAP server Bind DNDetermining attributes in the LDAP directory Configuring RADIUS Authentication To configure RADIUS authentication by using the configuration utilityChoosing RADIUS authentication protocols 4. In Authentication Type, select RADIUSConfiguring IP address extraction To configure IP address extraction by using the configuration utility4. Under Details, in Group Vendor Identifier, type the value Configuring TACACS+ Authentication Configuring NT4 Authentication4. In Authentication Type, select TACACS Binding the Authentication Policies to the System Global Entity To configure NT4 authentication by using the configuration utilityChapter 1 Authentication and Authorization 2. On the Policies tab, click Global BindingsConfiguring the NetScaler to Generate SNMPv1 and SNMPv2 Traps Configuring the NetScaler for SNMP v1 and v2 QueriesConfiguring SNMP Alarms for Rate Limiting Configuring the NetScaler for SNMPv3 QueriesConfiguring the NetScaler to Generate SNMPv1 and SNMPv2 Traps Importing MIB Files to the SNMP Manager and Trap ListenerTo import the MIB files to the SNMP manager and trap listener Enabling or Disabling an SNMP Alarm To enable or disable an SNMP alarm by using the command lineTo enable or disable an SNMP alarm by using the configuration utility w enable snmp alarm alarm name w sh snmp alarm alarm nameConfiguring Alarms To configure an SNMP alarm by using the command lineParameters for configuring SNMP alarms w sh snmp alarm alarm NameConfiguring Traps To configure SNMP alarms by using the configuration utilityTo add an SNMP trap by using the NetScaler command line Parameters for configuring SNMP traps To configure SNMP Traps by using the configuration utilityw show snmp trap trapClassw set snmp option -snmpTrapLogging ENABLED DISABLED Enabling Unconditional SNMP Trap LoggingDestination IP Address*-trapDestination Destination Port-destPort Source IP Address-srcIP Minimum Severity-severityConfiguring the NetScaler for SNMP v1 and v2 Queries Specifying an SNMP ManagerParameters for unconditional SNMP trap logging SnmpTrapLogging SNMP Trap LoggingTo add an SNMP manager by using the NetScaler command line w show snmp managerw show snmp manager Parameters for configuring an SNMP manager IPAddressw show snmp manager To add an SNMP manager by using the configuration utility netmaskdomainResolveRetry IP Address*-IPAddressTo specify an SNMP community by using the NetScaler command line Parameters for configuring an SNMP community stringSpecifying an SNMP Community w sh snmp communityConfiguring SNMP Alarms for Rate Limiting Configuring an SNMP Alarm for Throughput or PPSTo remove an SNMP community string by using the configuration utility Community String*-communityNamew show snmp alarm PF-RL-RATE-THRESHOLD Parameters for configuring an SNMP alarm for throughput or PPS w show snmp alarm PF-RL-PPS-THRESHOLDthresholdValue normalValueConfiguring SNMP Alarm for Dropped Packets Configuring the NetScaler for SNMPv3 Queries Parameters for configuring an SNMP alarm for dropped packetsstate severitySetting the Engine ID Configuring a View To set the engine ID by using the NetScaler command lineParameters for setting the engine ID To set the engine ID by using configuration utilityConfiguring a Group Parameters for configuring an SNMP viewTo configure an SNMP view by using the configuration utility To add an SNMP group by using the NetScaler command lineConfiguring a User Parameters for configuring an SNMP groupTo configure an SNMP group by using the configuration utility To configure a user by using the NetScaler command lineParameters for configuring an SNMP user To configure an SNMP user by using the configuration utilityName*-name Group Name*-group Authentication Type-authType Authentication Password-authPasswd Privacy Type-privTypeCitrix NetScaler Administration Guide A required parameter 4. Click Create or OK, and then click CloseChapter 2 SNMP Configuring the NetScaler Appliance for Audit Logging Installing and Configuring the NSLOG Server Running the NSLOG ServerDefault Settings for the Log Properties Sample Configuration File audit.confChapter 3 Audit Logging Configuring the NetScaler Appliance for Audit Logging Configuring Audit ServersTo configure a SYSLOG server action by using the command line w show audit syslogAction nameTo configure an NSLOG server action by using the command line Parameters for configuring auditing serversw show audit nslogAction name serverIPERROR Log levels defineddateFormat logFacilityConfiguring Audit Policies To configure an auditing server actionTo configure a SYSLOG policy by using the command line User Configurable Log Messages-userDefinedAuditlogTo configure an NSLOG policy by using the command line Parameters for configuring audit policiesw add audit syslogPolicy name rule action w show audit syslogPolicy nameTo configure an audit server policy Binding the Audit Policies GloballyParameters for binding the audit policies globally Name* name Server* actionConfiguring Policy-Based Logging Configuring an Audit Message ActionTo create an audit message action by using the NetScaler command line To globally bind the audit policyParameters for configuring an audit message action bypassSafetyCheckExample stringBuilderExprInstalling and Configuring the NSLOG Server Binding Audit Message Action to a PolicyName*-name Log Level*-logLevel Installing NSLOG Server on the Linux Operating System To install the NSLOG server package on a Linux operating systemTable 3-1. Supported Platforms for the NSLOG Server Operating systemInstalling NSLOG Server on the FreeBSD Operating System To uninstall the NSLOG server package on a Linux operating systemInstalling NSLOG Server Files on the Windows Operating System To install the NSLOG server package on a FreeBSD operating systemTo uninstall the NSLOG server package on a FreeBSD operating system pkgadd audserverbsd-release number-build number.tgz ExampleTo install NSLOG server on a Windows operating system Citrix NetScaler Administration GuideNSLOG Server Command Options To uninstall the NSLOG server on a Windows operating systemAudit server commands audserver -removeAdding the NetScaler Appliance IP Addresses on the NSLOG Server To add the IP addresses of the NetScaler applianceAudit server commands audserver -removeVerifying the NSLOG Server Configuration File To stop audit server logging that starts as a service in WindowsRunning the NSLOG Server To start audit server loggingCustomizing Logging on the NSLOG Server Creating FiltersTo create a filter Specifying Log Properties ExampleExample Default Settings for the Log Properties ExampleExample ExampleSample Configuration File audit.conf ExampleExample Configuring the NetScaler Appliance for Web Server Logging Installing and Configuring the Client System for Web Server LoggingSample Configuration File Arguments for Defining a Custom Log Format Web Server LoggingConfiguring the NetScaler Appliance for Web Server Logging w enable ns feature WL w disable ns feature WL w sh ns featureEnabling or Disabling Web Server Logging Web LoggingModifying the Default Buffer Size To modify the buffer size by using the NetScaler command lineParameter for modifying the buffer size w sh weblogparam ExampleInstalling and Configuring the Client System for Web Server Logging To modify the buffer size by using the configuration utilityTable 4-1. Supported Platforms for the NSWL Client VersionInstalling NSWL Client on a Solaris Operating System To install the NSWL client package on a Solaris operating systemHardware requirements cp pathtocd/Utilities/weblog/Solaris/NSweblog.tar /tmpInstalling NSWL Client on a Linux Operating System To uninstall the NSWL client package on a Solaris operating systemTo install the NSWL client package on a Linux operating system cd /tmpInstalling NSWL Client on a FreeBSD Operating System To uninstall the NSWL client package on a Linux operating systemTo view the installed Web server logging files To install the NSWL client package on a FreeBSD operating systemInstalling NSWL Client on a Mac OS Operating System To uninstall the NSWL client package on a FreeBSD operating systemTo install the NSWL client package on a Mac OS operating system pkgdelete NSweblogInstalling NSWL Client on a Windows Operating System To uninstall the NSWL client package on a Mac OS operating systemTo install the NSWL client on a Windows system pkgdelete NSweblogInstalling NSWL Client on an AIX Operating System To uninstall the NSWL client on a Windows systemTo install the NSWL client package on an AIX operating system To uninstall the NSWL client package on an AIX operating systemNSWL Client Command Options Table 4-3. NSWL Command OptionsNSWL command To view the installed Web server logging filesAdding the IP Addresses of the NetScaler Appliance To add the NSIP address of the NetScaler appliancenswl -addns -f directorypath \log.conf NSWL commandVerifying the NSWL Configuration File To verify the configuration in the NSWL configuration fileRunning the NSWL Client Customizing Logging on the NSWL Client SystemTable 4-4. Parameters for Creating a Filter ParameterCreating Filters SpecifiesTo create a filter for a virtual server To create a filter, enter the following command in the log.conf fileSpecifying Log Properties To create a filterChapter 4 Web Server Logging ExampleExample Understanding the NCSA and W3C Log Formats NCSA Common Log FormatExample ExampleW3C Extended Log Format Table 4-5. NCSA Common Log FormatArgument SpecifiesEntries DirectivesTable 4-6. Directive Descriptions DirectiveFields IdentifiersTable 4-7. Prefix Descriptions PrefixTable 4-8. W3C Extended Log Format Identifiers No Prefix Required IdentifierTable 4-9. W3C Extended Log Format Identifiers Requires a Prefix Table 4-10. W3C Extended Log File Format Allows Log FieldsCreating a Custom Log Format by Using the NSWL Library Creating a Custom Log FormatField DescriptionTo create the custom log format by using the NSWL Library Creating a Custom Log Format ManuallyExample Sample Configuration File Creating Apache Log FormatsCitrix NetScaler Administration Guide Arguments for Defining a Custom Log Format Table 4-11. Custom Log FormatArgument SpecifiesArgument b d g h H Foobari j J l m M Foobaro p qSpecifies Argument r s t formatt T u U v V V6Specifies Time Format Definition Table 4-12. Time Format DefinitionArgument SpecifiesChapter 4 Web Server Logging ArgumentSpecifies Citrix NetScaler Administration Guide Chapter 4 Web Server Logging Advanced Configurations Configuring Clock Synchronization Viewing the System Date and TimeConfiguring TCP Window Scaling Configuring Selective Acknowledgment Clearing the Configuration Viewing the HTTP Band StatisticsConfiguring Clock Synchronization To add an NTP server by using the NetScaler command linew show ntp server Example To modify or remove NTP servers by using the NetScaler command line Parameters for configuring an NTP serverTo configure an NTP server by using the configuration utility serverNameConfiguring Clock Synchronization Manually w enable ntp sync w disable ntp syncStarting or Stopping the NTP Daemon To view the system date and time by using the NetScaler command line usr/sbin/ntpd -c /nsconfig/ntp.conf -l /var/log/ntpd.logshow ns config Example Viewing the System Date and TimeConfiguring TCP Window Scaling To view the system date and time by using the configuration utilitySystem Time Tue Feb 165044 To configure window scaling by using the NetScaler command line Parameters for configuring window scalingw show ns tcpParam Example WSValConfiguring Selective Acknowledgment To configure window scaling by using the configuration utilityENABLED SACK statusClearing the Configuration To enable SACK by using the Configuration UtilityTo clear a configuration by using the NetScaler command line Parameters for clearing a configuration To clear a configuration by using the configuration utilityViewing the HTTP Band Statistics levelTo modify the band range by using the NetScaler command line Configuring HTTP Profiles To modify the band range by using the configuration utilityTo add an HTTP profile by using the NetScaler command line Table 5-1. Built-in HTTP ProfilesENABLED DISABLED w sh ns httpProfile Example Parameters for adding an HTTP profilename Name maxReusePool Max Connection in reusepoolConfiguring TCP Profiles To add an HTTP profile by using the configuration utilityTable 5-2. Built-in TCP Profiles Built-in profileTo add a TCP profile by using the NetScaler command line Built-in profileDescription delayedAck TCP Delayed ACK Time-out msec Parameters for creating a TCP profilew sh ns tcpProfile Example WS Window ScalingTo add a TCP profile by using the configuration utility Initial Congestion Window Size TCP Delayed ACK Time-out msecpktPerRetx Maximum Packets per Retransmission minRTO Minimum RTO in millisecSpecifying a TCP Buffer Size Use Nagles Algorithm Immediate ACK on Receiving Packet with PUSHw set ns tcpProfile name -bufferSize positiveinteger w show ns tcpProfile namew set ns tcpProfile nstcpdefaultprofile -bufferSize positiveinteger w show ns tcpProfile nstcpdefaultprofileExample 12000Parameters for setting the TCP buffer size in a TCP profile bufferSizename Specifying the MSS Value in a TCP Profile Parameters for specifying the MSS value in a TCP profileConfiguring the NetScaler to Learn the MSS Value from Bound Services w set ns tcpParam -learnVsvrMSS ENABLEDDISABLED w show ns tcpParamLearn MSS for VServer ENABLEDlearnVsvrMSS Chapter 5 Advanced Configurations How Web Interface Works Prerequisites Installing the Web Interface Configuring the Web InterfaceWeb Interface ChapterHow Web Interface Works PrerequisitesFigure 6-1. A Basic Web Interface Session Installing the Web Interface ExampleConfiguring the Web Interface Parameters for installing the Web interface and JRE tar filesWeb Interface tar file path JRE tar file pathParameters for configuring Web interface sites Kiosk ModeDirect Mode Site TypeGateway Direct Mode Authentication PointAccess Gateway URL PortConfiguring a Web Interface Site for LAN Users Using HTTP XML Service AddressesXML Service Port TransportFigure 6-2. A Web Interface Site Configured for LAN Users Using HTTP Site Type Published Resource Type Kiosk ModeXML Service Addresses XML Service Port Transport Load Balance Virtual Server Protocol select HTTPS IP Address PortExample ExampleExample ExampleConfiguring a Web Interface Site for LAN Users Using HTTPS Figure 6-3. A Web Interface Site Configured for LAN Users Using HTTPSSite Type Published Resource Type Kiosk Mode Chapter 6 Web InterfaceVirtual Server Protocol select HTTPS IP Address Port XML Service Addresses XML Service Port Transport Load Balance ExampleExample ExampleExample ExampleExample ExampleConfiguring a Web Interface Site for Remote Users Using AGEE ExampleExample Site Type Published Resource Type Kiosk Mode Authentication Point Access Gateway URL Add DNS Entry Trust SSL Certificate STA Server URL STA Server URLSession Reliability Use two STA Servers XML Service Addresses XML Service Port Transport Load BalanceChapter 6 Web Interface ExampleExample How AppFlow Works Configuring the AppFlow Feature AppFlowChapter TopicsHow AppFlow Works Figure 7-1. NetScaler Flow SequenceFlow Records TemplatestransactionID connectionIDConfiguring the AppFlow Feature httpRequestSizehttpRequestURL httpUserAgentEnabling or Disabling the AppFlow Feature To enable the AppFlow feature by using the configuration utilityTo specify a collector by using the NetScaler command line w enable ns feature appflow w disable ns feature appflowConfiguring an AppFlow Action To remove a collector by using the NetScaler command lineTo specify a collector by using the configuration utility To configure an AppFlow action by using the NetScaler command lineParameters for configuring an AppFlow action Done show appflow action 1 Name apfl-act-collector-1Collectors collecter-1 Hits Action Reference Count 2 Name apfl-act-collector-2-and-3 Collectors collector-2, collecter-3Configuring an AppFlow Policy To configure an AppFlow action by using the configuration utilityTo configure an AppFlow policy by using the NetScaler command line w show appflow policy nameParameters for configuring an AppFlow policy namerule actionTo configure an AppFlow policy by using the configuration utility To add an expression by using the Add Expression dialog boxHTTP commentBinding an AppFlow Policy CLIENTw show appflow global To globally bind an AppFlow policy by using the configuration utility Parameters for binding an AppFlow policygotoPriorityExpression invoke Invoke flag labelTypeTo enable AppFlow for a virtual server by using the NetScaler command lineEnabling AppFlow for Virtual Servers 6. Click Apply ChangesEnabling AppFlow for a Service Setting the AppFlow ParametersTo enable AppFlow for a service by using the NetScaler command line To enable AppFlow for a service by using the configuration utilityAppFlow Parameters w show appflowParamtemplateRefresh appnameRefreshTo set the AppFlow parameters by using the configuration utility httpCookiehttpReferer httpMethodUsing the Reporting Tool Reporting ToolStopping and Starting the Data Collection Utility ChapterUsing the Reporting Tool Figure 8-1. Report Toolbar Figure 8-2. Chart ToolbarTo invoke the Reporting tool Working with ReportsUsing Built-in Reports Creating and Deleting ReportsTo display a built-in report To create a custom reportModifying the Time Interval To delete a custom reportTable 8-1. Time Intervals Time intervalSetting the Data Source and Time Zone Exporting and Importing Custom ReportsTo modify the time interval To set the data source and time zoneWorking with Charts Adding a ChartModifying a Chart To add a chart to a reportViewing a Chart To change the graph type of a chartTo refocus a chart with detailed data To scroll through time in a chart To change the background color and text color of a chartTo customize the axes of a chart To view numeric data for a graphExporting Chart Data to Excel To change the color and graph type of a data setCitrix NetScaler Administration Guide Deleting a Chart To delete a chartTo export chart data to Excel ExamplesTable 8-2. Limits on Entity Numbers Retrieved by nscollect Entity nameLimit Stopping and Starting the Data Collection UtilityTo stop nscollect To start nscollect on the local systemnetscaler/nscollect stop Entity namenetscaler/nscollect start -U 10.102.29.170nsrootnsroot -ds default To start nscollect on the remote systemnetscaler/nscollect start Citrix NetScaler Administration Guide