Forum Discussion

Aviv's avatar
Aviv
Icon for Cirrus rankCirrus
Oct 04, 2011

XenApp 6.5 behind Big-Ip

Hi!

 

 

 

 

i have started a POC of XenApp 6.5 For surfing the Web.

 

 

 

i have to different networks in the same site that have between them some firewalls and of course BIG-IP.(BIG-IP 10.2.0 Build 1789.0 Hotfix HF2 )

 

 

 

The citrix poc include 2 fisic win2008 r2 servers. one of the servers called "citrix1" takes all the roles:XenApp+Web Interface+Licence Server and the other called "citrixIBM1" only have XenApp Role installed.

 

 

 

I don't need an access to the citrix farm from the INTERNET.

 

 

 

I'm only want the Users in the Internal network will connect to

 

 

 

the citrix Farm that have an interface connected to the Internet and interface to the BIG-Ip.

 

 

(Internel Network>>CP FW>>BigIp>>Citrix Farm>>Internet)

 

I tried to use the Citrix Presentation Server 4.5 Template but it didn't worked.

 

 

 

i also tried to create a virtual server and a pool with Health Monitors and i could get the citrix1 web interface and also logged in Successfully but when i try to open application it not opens and i can see in the checkpoint tracker that only http sessions comes with no tcp 2598 port (ica).

 

 

When i work directly without BIG-IP everything working good.

 

 

 

My configuration is very simple but i didn't find any Guide this topolgy.

 

 

 

I will be glad For advice,

 

 

 

Thanks,

 

 

 

Aviv Hassidim

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

citrix
partner

4 Replies

Sort By
  • Michael_Koyfma1's avatar
    Michael_Koyfma1
    Icon for Cirrus rankCirrus
    Oct 04, 2011
    Aviv,

     

     

    You don't really need a loadbalancer in this scenario, since you only have one Web Interface server. Unless F5 is already inline between your CP FW and XenApp servers, then all you need to do is create forwarding IP virtual servers for the IP addresses of the XenApp servers on ports 80, 2598, and 1494 - and F5 LTM will let those ports through.
  • Aviv's avatar
    Aviv
    Icon for Cirrus rankCirrus
    Oct 05, 2011
    So the users will connect to the ip of the citrix1 directly? because i want the user will connect to the big-ip ip address and the big-ip will connect the citrix1 server.

     

    i don't want to add routes directly to the citix farm.

     

     

  • Michael_Koyfma1's avatar
    Michael_Koyfma1
    Icon for Cirrus rankCirrus
    Oct 05, 2011
    Aviv,

     

     

    If you don't want to route to the Citrix farm, you have to use our ICA proxy functionality that is available in APM. With that, APM will proxy all connections to the Citrix farm and all users will have to connect to the IP address on the BigIP. Your BigIP should already come APM-ready and your license includes 10 free concurrent users. If you need to proxy to the larger scale, you can purchase an appropriate APM add-on license for your device. If you device to go the APM route, I suggest you upgrade to v10.2.2 and follow this deployment guide:

     

     

    http://www.f5.com/pdf/deployment-guides/apm-xenapp-xendesktop-dg.pdf

     

     

    Keep in mind that in order to achieve this solution, you should upgrade your devices as well as procure a valid SSL certificate(or use the one that your internal clients will trust). Overall, I think it's much easier to just let BigIP route connections to the Citrix farm on the three ports needed - it's simple to setup and also secure - no other ports but Citrix ports will be allowed(we do act like a firewall in this scenario).