Posts

F5 to NetScaler Migration

-
Image
I recently had the opportunity to participate from start to finish as the primary technical resource in a project with the goal of completely phasing out a physical F5 solution, migrating the entire configuration and all applications to a NetScaler solution. I was also expected to design and implement the solution and to improve and modernize the configuration. The customer requested a fully virtual solution that they could implement in their global VMware-based hypervisor environment. A much more flexible deployment of load balancers could be easily achieved, since the customer had recently acquired a Universal Hybrid Multi Cloud (UHMC) license which entitled them to 1000 units of NetScaler and a terabit of bandwidth throughput. There were approximately 300 unique applications that needed to be managed in some way in the project. In the F5 solution, there was an externally accessible instance and a completely internal instance to be able to distinguish between external traffic from th...
Post a Comment
Read more

Universal Hybrid Multi Cloud License – Unlimited NetScaler’s

-
There is a new license model from Citrix  that will  let you run NetScaler and Citrix in both cloud  and  on-premises  environments using the same license. In this license there  is a generous  entitlement to 1000 software instances of NetScaler in  the  form factors  of  VPX, CPX  and  BLX . I n other words ,  all the virtual  NetScaler’s .   You will need a NetScaler Console setup where you can then distribute 1 terabit of bandwidth throughput , granularly configured,   the way you need it,  to these appliances .   Which is  very good  since  NetScaler is  now  supported on all major delivery platforms: On-premises :  VMware ,  Nutanix,   XenServer ,  Hyper-V   Cloud:  Azure, AWS, Google  C loud, Oracle Cloud, IBM Cloud What can we do with all this capacity suddenly offered to us?   I have identified  a few   common s...
Post a Comment
Location: Stockholm, Sweden
Read more

Verify JWT token with NetScaler unauthenticated

-
So lets say you have tried the wonderful feature with 401 based oauth action to verify JWT tokens. It works great when it works, but there could also be other situations where it does not fulfil the need. Sometimes tokens are not passed in the standard authorization header, correct attributes might not be there or there could be challenges with cookies at client side. JWT_VERIFY_CERTKEY can be used to verify signature with locally installed certs. This is an example of how you can verify multiple cert keys. HTTP.REQ.HEADER("Authorization").AFTER_STR("Bearer ").JWT_VERIFY_CERTKEY("cert-1").NOT && HTTP.REQ.HEADER("Authorization").AFTER_STR("Bearer ").JWT_VERIFY_CERTKEY("cert-2").NOT && HTTP.REQ.HEADER("Authorization").AFTER_STR("Bearer ").JWT_VERIFY_CERTKEY("cert-3).NOT How will you know if these tokens are not too old and expired? This is an example which you can use where the NS would v...
Post a Comment
Location: Stockholm, Sweden
Read more