Forum Discussion

Tim_Slogick_122's avatar
Tim_Slogick_122
Icon for Nimbostratus rankNimbostratus
Dec 01, 2014
Solved

Citrix Storefront and Webinterface without APM

I want looking at the deployment guide for the new Citrix 2.0 iApp. In the documentation it shows a diagram using either Citrix Storefront or Webinterface without using the APM module and just the LTM. My question is will this work with a PNAgent site to load balance 2 webinterface servers and also work with a standard Citrix website? We did not purchase the APM module so I am trying see if I can still use the F5's to load balance the servers.

 

APM
application delivery
citrix
deployment
devops
iApps
LTM
security
  • Greg_Crosby_319's avatar
    Greg_Crosby_319
    Dec 03, 2014

    You can route ICA traffic through your LTM to optimize traffic, but will not be able to dynamically adjust client destination address and force secure ssl connections back to your BIG-IP. APM modifies the ICA client file to force clients ICA traffic back to APM virtual server ip address and notifies clients to encapsulation ICA into SSL. Once application traffic arrives to your BIG-IP, APM strips SSL from ICA traffic and sends ICA to original assigned destination. A public LTM only deployment would require your application addresses to be public, or you would have to do some adjustments to your Citrix deployment to use host address rather then ip which you could then NAT back to your application servers ip addresses. LTM only is great for local private networks were client connections are trusted and exposing application server address is not a concern, but is not ideal for public deployments. Hope this is helpful,

     

    Greg

     

4 Replies

Sort By
  • Greg_Crosby_319's avatar
    Greg_Crosby_319
    Historic F5 Account
    Dec 01, 2014

    Clients will need to be able to route back to application servers since LTM will not be able to proxy application traffic (ICA), but you can load balance Web Interface or Storefront server traffic (PNAgent or web browser client connections).

     

  • Tim_Slogick_122's avatar
    Tim_Slogick_122
    Icon for Nimbostratus rankNimbostratus
    Dec 03, 2014

    I guess that is where I am confused, because in the template there is a section that refers to routing the ICA traffic back thru the LTM from the application servers. It also shows this on the Visio diagram in the documentation.

     

  • Greg_Crosby_319's avatar
    Greg_Crosby_319
    Historic F5 Account
    Dec 03, 2014

    You can route ICA traffic through your LTM to optimize traffic, but will not be able to dynamically adjust client destination address and force secure ssl connections back to your BIG-IP. APM modifies the ICA client file to force clients ICA traffic back to APM virtual server ip address and notifies clients to encapsulation ICA into SSL. Once application traffic arrives to your BIG-IP, APM strips SSL from ICA traffic and sends ICA to original assigned destination. A public LTM only deployment would require your application addresses to be public, or you would have to do some adjustments to your Citrix deployment to use host address rather then ip which you could then NAT back to your application servers ip addresses. LTM only is great for local private networks were client connections are trusted and exposing application server address is not a concern, but is not ideal for public deployments. Hope this is helpful,

     

    Greg