Blog posts tagged with 'headers'


15 Aug 2008 12:27 PM EDT
[ Tags: appexpert,  ssl,  tips,  netscaler,  citrix ready,  http header,  rewrite,  iis,  ssl vpn,  headers,  ssl offload,  apptips,  app firewall,  website firewall,  web filter,  content filter,  client-ip,  x-forwarded-for,  external url,  internal url,  home page redirect,  apache rewrite,  server obfuscation,  application obfuscation,  bridge,  content rewrite,  apache,  number 1 web filter,  web filters,  web filtering,  url filtering,  internet filter,  website filter,  content filtering,  im filter,  p2p filter,  antivirus,  hybrid,  iprism,  stbernard,  im filtering,  p2p filtering,  email filter,  email filtering,  eprism,  proxy,  transparent proxy,  security switch,  application firewall,  appdos,  appfw,  spam firewall,  rnat,  citrix web filter ]

The #1 Web Filter by St.Bernard is now Citrix Ready. The Highest Performance Web Application Solution from Citrix Systems can now be deployed with the the #1 Web Filter by St. Berdard. IDC ranked them #1, SC Magazine gives them high ratings, and you will agree when you plug this thing in. The Citrix Web Application Firewall protects inbound traffic destined to Web and Application Servers without degrading throughput or response time. Now, with St.Bernard's iPrism h-Series high performance appliances, you can also do outbound Web filtering, IM/P2P filtering, and antivirus detection. The iPrism Web Filter is optimized for the datacenter infrastructure and sits behind the firewall while it monitors traffic. St. Bernard's platforms are hybrid so that Web filtering, antivirus and IM/P2P filtering are all contained within one box - unlike other point solutions.

St.Bernard's iPrism Web Filter is easy to use and easy to manage. If fact, it's so easy, we had the device up and running in Proxy mode and then in Bridge mode in a matter of seconds. The management software auto-discovers the box, so you don't have to plug in a console cable - very nice!

It is far better than a transparent proxy because St.Bernard has engineered their filtering technology at the kernel level, so their bridge mode really is a bridge between interfaces, and not just a transparent proxy like other solutions in the market.

We deployed the iPrism Web Filter behind our NetScaler, and had the NetScaler perform NAT (Reverse NAT) for outbound connections to the Internet. The iPrism Web Filter adds another level of security that IT organizations sometimes look for to complement their existing base of high-performance Citrix Gear.


Citrix & St.Bernard Deployment Guide!






You can try this product for free.


The product demo is awesome.


As a hybrid unit, this is a steal.












NetScaler Developer Network!

Expand Blog Post
14 Apr 2008 12:17 PM EDT
[ Tags: acceleration,  load balancing,  appexpert,  gslb,  caching,  compression,  oracle,  siebel,  peoplesoft,  sap,  policies,  microsoft,  policy,  tips,  netscaler,  http header,  pe,  rewrite,  application delivery,  iis,  appcompress,  appcache,  wireshark,  pcap,  headers,  request,  response,  lb,  ssl offload,  apptips,  content switching,  global server load balancing,  ssl acceleration,  tcp multiplexing,  mpx,  load balancer,  web application controller,  compress,  controller,  llb,  link load balancing,  asp,  cache,  f5,  application controller,  application switch,  client-ip,  x-forwarded-for,  external url,  internal url,  home page redirect,  apache rewrite,  server obfuscation,  application obfuscation,  server load balancing,  clustering,  citrix load balancer,  slb,  citrix load balancing,  link load balancer,  server load balancer,  security load balancer,  security load balancing,  hardware load balancer,  hardware load balancing,  next gen load balancing,  website load balancer,  website load balancing,  application load balancer,  application load balancing,  array,  zeus,  radware,  cisco,  ias,  foundry,  extreme,  bea,  ssl multiplexing,  wan load balancing,  content rewrite,  apache,  policy engine,  content switch,  content acceleration,  content accelerator,  application acceleration,  application accelerator,  tcp acceleration,  trace,  sniff,  sniffer ]

Application Profiling

Introduction:

I can turn you into an Application expert in 5 minutes by reading this post.  Just do what the experts do, or even the not-so-experts.  They pay meticulous attention to the requests from clients and the responses from servers, both headers and body content.  You do this the old fashioned way by taking a trace.  There are better tools out there, some free, some not-so-free.

Running a trace:

Running a trace will help you 'profile' the application. It is recommended that you do this before placing the Citrix Application Switch in-line of the Application traffic. This will gather important information about the Application that will help you understand it's basic operation at Layer 7, and help you begin to understand what it is that needs to be accelerated - cached, compressed, load balanced, ssl offloaded, etc.

Running a trace exposes the flow of transactions between all points of interest. Traces are especially helpful when digging in to find what is contained within the headers being exchanged between the client and the application.

Taking a trace with wireshark:

The free network protocol analyzer called wireshark, http://www.wireshark.org, will capture packets for you on the localhost, whether it's windows or linux. By filtering the stream of packets by IP Address, right clicking and selecting 'Follow TCP Stream' inside of wireshark, you can see the headers for both requests and responses.

Wireshark tip 1
Find the first 'SYN' in the stream, right click, 'Follow TCP Stream'.


Wireshark tip 2
Client requests are in Red, Server responses are in Blue.


Taking a trace with the Citrix Application Switch:

If the Citrix Application Switch is already in place, a trace can be run directly on the Citrix Application Switch. Running a trace will expose the flow of transactions between all points of interest, especially the client, load balancing VIPs and backend servers. Traces are especially helpful when digging in to find out if the proper headers are being exchanged between client & VIP and VIP & backend servers. A trace can be run directly on the Citrix Application Switch. Once downloaded this file can be opened and request and response headers read with Wireshark, a free network trace utility, http://www.wireshark.org. From the Citrix Application Switch GUI, navigate to NetScaler -> System -> Diagnostics -> New Trace -> Run. 

Viewing headers with Paros:

Paros was originially written for web security, but has value when viewing request and response headers, cookies and the like. Through Paros's proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted. There is an additional option of trapping and modifying data before sending it on to the server, or client. Paros can be found at http://parosproxy.org. Free.

Viewing headers with Live HTTP Headers:

Live HTTP Headers, http://livehttpheaders.mozdev.org/, was developed for use with the Firefox web browser. It is a free add-on and allows you to view HTTP header information in real time. Free.

Viewing headers with IE Analyzer:

IEInspector HTTP Analyzer, http://www.ieinspector.com, is a tool that allows you to monitor, trace, debug and analyze HTTP/HTTPS traffic in real-time. It works with Microsoft Internet Explorer. Not-Free.

Viewing headers with IE Watch:

IEWatch, http://www.iewatch.com, is another plug-in for Microsoft Internet Explorer that helps you profile your web applications. You can use this tool to dig deep into the inner workings of web applications to find hidden issues. Not-Free.

Watch this Application Profiling Tip:

Tap into the power of AppExpert

Expand Blog Post
04 Apr 2008 06:06 PM EDT
[ Tags: acceleration,  soa,  load balancing,  appexpert,  gslb,  caching,  compression,  sap,  xml,  policies,  expertexchange,  policy,  tips,  netscaler,  soap,  http header,  pe,  rewrite,  application delivery,  iis,  appcompress,  appcache,  headers,  request,  response,  lb,  ssl offload,  wisl,  apptips,  content switching,  global server load balancing,  ssl acceleration,  tcp multiplexing,  mpx,  load balancer,  web application controller,  compress,  controller,  llb,  link load balancing,  cache,  application controller,  application switch,  client-ip,  x-forwarded-for,  external url,  internal url,  home page redirect,  apache rewrite,  server obfuscation,  application obfuscation,  server load balancing,  clustering,  citrix load balancer,  slb,  citrix load balancing,  link load balancer,  server load balancer,  security load balancer,  security load balancing,  hardware load balancer,  hardware load balancing,  next gen load balancing,  website load balancer,  website load balancing,  application load balancer,  application load balancing,  ssl multiplexing,  wan load balancing,  content rewrite,  apache,  policy engine,  content switch,  content acceleration,  content accelerator,  application acceleration,  application accelerator,  tcp acceleration,  xml load balancer,  xml load balancing ]
posted by Craig Ellrod

The SAP Enterprise Service Oriented Architecture (SOA) provides a blueprint for services-based, enterprise scale business solutions that are adaptable, flexible, and open. Enterprise Services Architecture takes the concept of service-oriented architecture to a new level by transforming Web services into enterprise services. Bringing Citrix and SAP Enterprise Services Architecture together reduces the dependence on customized applications, and increases flexibility and reduces time to deployment while reducing operational expenses.


This Citrix / SAP Enterprise SOA Deployment Guide was created out of a joint engagement between Citrix and SAP at the Co-Innovation Laboratory in Palo Alto, California, USA. This deployment guide walks through the step-by-step configuration details of how to configure the Citrix NetScaler for use as front-end to SAP Portal for end-user traffic, that is HTTP ~ HTML. To further complement the value of the Enterprise SOA, this guide walks through the details of how to configure the Citrix NetScaler for use as a front-end to the SAP Composite Application Framework and SAP ERP Web Services platforms, providing a flexible load balancer and HTTPS encryption point for machine to machine web service traffic. With this deployment Citrix becomes an integral and flexible part of the SAP Enterprise SOA "Applistructure" bringing together applications and technology for a fast, flexible and highly effective service oriented IT infrastructure.


Watch this Load Balancing Tip:



Tap into the power of AppExpert

Expand Blog Post
11 Jan 2008 06:09 PM EST
[ Tags: acceleration,  soa,  load balancing,  appexpert,  gslb,  caching,  compression,  sap,  xml,  policies,  ica,  policy,  tips,  netscaler,  soap,  http header,  wsdl,  pe,  xenapp,  rewrite,  application delivery,  rdp,  iis,  appcompress,  appcache,  ssl vpn,  headers,  request,  response,  lb,  ssl offload,  wisl,  ica proxy,  apptips,  content switching,  global server load balancing,  ssl acceleration,  tcp multiplexing,  mpx,  terminal server,  load balancer,  web application controller,  compress,  controller,  llb,  link load balancing,  cache,  application controller,  application switch,  client-ip,  x-forwarded-for,  external url,  internal url,  home page redirect,  apache rewrite,  server obfuscation,  application obfuscation,  server load balancing,  clustering,  citrix load balancer,  slb,  citrix load balancing,  link load balancer,  server load balancer,  security load balancer,  security load balancing,  hardware load balancer,  hardware load balancing,  next gen load balancing,  website load balancer,  website load balancing,  application load balancer,  application load balancing,  ssl multiplexing,  wan load balancing,  content rewrite,  apache,  policy engine,  content switch,  content acceleration,  content accelerator,  application acceleration,  application accelerator,  tcp acceleration,  xml load balancer,  xml load balancing,  xml firewall,  xml gateway,  xml rewrite,  xml acceleration,  uddi,  enterprise soa,  terminal switch,  virtual terminal ]

We recently had a meeting with a large partner of ours and they handed down some hefty requirements.  An average of 100 partners using their portal on any given month to access their development environments on the backend.  It was clear that NetScaler could scale, but the question was how to keep all of those partners separated from each other, without them peeking into each others traffic. It turned out to be easier than we thought using the NetScaler as an SSL VPN with the addition of some policies bound to each partner's user group.  The following is an overview of the network diagram, and there are some deployment guides to walk you through these installations. 


The Citrix SSL VPN CPS Deployment Guide walks you through deploying NetScaler SSL VPN as an ICA Proxy and authentication point.  It then walks you through deploying Citrix Presentation Server and the steps necessary to connect the SSL VPN to the CPS Applications.  The guide includes Session policies which direct users upon authentication to specific CPS farms on the backend of the NetScaler SSL VPN.  Think of it as an authentication portal.

The Citrix SSL VPN Deployment Guide walks you through deploying NetScalers as an HA Pair, and then as an SSL VPN with ICA Proxy OFF.  The intention was to use the SSL VPN for regular VPN traffic, and not Citrix Presentation Server traffic.  Just as well, policies can be combined on the same NetScaler Application Switch to allow both non-CPS and CPS traffic to traverse the same SSL VPN.

Tap into the power of AppExpert

Expand Blog Post