Jump to content
Welcome to our new Citrix community!

Optimal HDX routing


Martijn Kools

Recommended Posts

Ok not sure if this is a Netscaler or Storefront question.

 

I have configured storefront to route internal ICA traffic over our Netscaler, this works fine. However to accomplish this I have to select Optimal HDX Routing in storefront configuration, select the internal netscaler / storefront vserver and add the delivery controllers. Then clear the checkbox external only, so far so good.

 

However this kills my external connections which is a different vserver in Netscaler, suddenly these STAs are not available to the external vserver any longer.

So how can I resolve this, I can't add a new farm with the same controllers, it tells me they already exist. Do I just need to install 2 additional delivery controllers, so 4 total?

 

I assume I can split up the 2 controllers I have now one for internal one for external usage but that would give me a single point of failure.

 

Thanks!

Link to comment
Share on other sites

You can't bind the STAs to the external vServer?

 

I sometimes build separate StoreFront server groups for internal users and external users. That way I can have different Gateway/Optimal Routing configs for each. External users connect to externally-facing StoreFront servers. Internal users connect to internal StoreFront servers. I use the same DNS Name for both.

Link to comment
Share on other sites

I recently did the same but we used two different stores within StoreFront. An internal store pointing to an internal NS Gateway via HDX Routing. Internal gateway configured without authentication.  A separate external Store was created, pointing to the same farms, but with the typical External Access setup via another external gateway. 

In fact the setup was a bit more complex using a double hop scenario for external access, whereby the 2nd hop = the same gateway as the internal traffic. 

  • Like 1
Link to comment
Share on other sites

You can't bind the STAs to the external vServer?

 

I sometimes build separate StoreFront server groups for internal users and external users. That way I can have different Gateway/Optimal Routing configs for each. External users connect to externally-facing StoreFront servers. Internal users connect to internal StoreFront servers. I use the same DNS Name for both.

 

The external vserver has both STAs bound and both are green. Yet if I use the DCs for the other vserver, the internal one in Storefront, external connections start failing with error 1030/0111 as soon as the desktop opens (out of my head). When I remove it again everything works like a charm again.

 

I like the idea of having different storefront setups for internal and external access but that will require two more servers and we have another, seperate Citrix environment so that would be 8 servers for storefront alone. I wonder why Citrix doesn't allow you to use the same DC multiple times for every vserver.

Link to comment
Share on other sites

I recently did the same but we used two different stores within StoreFront. An internal store pointing to an internal NS Gateway via HDX Routing. Internal gateway configured without authentication.  A separate external Store was created, pointing to the same farms, but with the typical External Access setup via another external gateway. 

In fact the setup was a bit more complex using a double hop scenario for external access, whereby the 2nd hop = the same gateway as the internal traffic. 

 

That might be a possible solution, create one store for external and one for internal access and assign both vservers accordingly.

 

I will try that, thanks.

Link to comment
Share on other sites

  • 3 years later...
On 5/25/2016 at 7:04 PM, Frank Vandebergh said:

I recently did the same but we used two different stores within StoreFront. An internal store pointing to an internal NS Gateway via HDX Routing. Internal gateway configured without authentication.  A separate external Store was created, pointing to the same farms, but with the typical External Access setup via another external gateway. 

In fact the setup was a bit more complex using a double hop scenario for external access, whereby the 2nd hop = the same gateway as the internal traffic. 

 

Hi Frank, did you set up HDX optimal gateway for the internal NS gateway where you have not configured the authentication?

Link to comment
Share on other sites

28 minutes ago, Nishith Gupta said:

 

Hi Frank, did you set up HDX optimal gateway for the internal NS gateway where you have not configured the authentication?

 

Yes I believe it was the 'Direct Access' checkbox on optimal hdx routing settings that had to be checked with the internal gateway. This to force the direct connections to Storefront to use a specific gateway.

In this case the setup was:
Internet => External Gateway => Internal Gateway => Session Hosts

For external connections this was done via double hop mechanism through the two netscaler gateways.

For internal connections the traffic was enforced via Internal netscaler gateway using HDX Optimal routing. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...