CirrusLoad-balancing Citrix CloudGateway Express/StoreFront
As more and more customers are trying to get their feet wet with Citrix CloudGateway Express, F5 has been hard at work extending our support and developing guidance for optimal load-balancing of CloudGateway Express servers.
Citrix has published an implementation guide for CloudGateway Express(which, I am finding out, many Citrix customers are simply not aware of), and it does a very good job of guiding you through the steps of how to deploy CloudGateway Express Cluster and configure Netscaler in front of it to do load-balancing. The guide is available on Citrix support site: http://support.citrix.com/article/CTX133185
Our preliminary tests show that simply leveraging existing F5 Citrix iApp to load-balance CloudGateway instances works just fine - so if you're deploying F5 in front of your CloudGateway servers, you can easily fill in IP addresses of your CloudGateway Express instances instead of Web Interface IP addresses should work just fine. We are also working on updated the iApp and Deployment Guide to include CloudGateway nuiances explicitly.
However, as we usually do, we have gone a step above and beyond what Citrix provided in terms of guidance. Citrix deployment guide presumes that you are doing SSL termination on the CloudGateway Express instances themselves and implies that SSL offload is not possible for CloudGateway Express. However, through in-depth investigation, we have discovered and tested that you can still leverage F5 for the SSL offload when used to load-balance CloudGateway Express instances. All you have to do is install CloudGateway Express, as described in the Citrix Implementation guide. However, when you configure F5 for load-balancing CloudGateway, you can choose to perform SSL offload and create a pool of CloudGateway Express servers with port 80 destination on the back – and everything is going to work just fine. The good news is that there are no tweaks or changes that are required on the CloudGateway instance side to take advantage of that, and you can always seamlessly use both SSL offload and SSL re-encryption if you chose to compare performance, scalability, and capacity. However, if you have accidentally installed CloudGateway Express in an http-only mode(without specifying an https URL during its initial setup, then performing SSL offload on F5(or any other device) is not going to work, as Citrix embeds http-only links in some of its communication with Receiver clients.
I hope you find this information useful, and if you have any feedback on how SSL offload for CloudGateway Express is working out for you, please post your experiences here.
