NetScaler

Let’s Encrypt and NetScaler – A Docker Approach

Let’s Encrypt has proven to be a fantastic solution to obtaining and maintaining SSL certificates. It’s completely free and once it’s setup, you never need to worry about certificate renewal again. The only drawback is that it requires automation. Let’s Encrypt certificates are only valid for 90 days, and you’re expected to renew them programmatically. This makes using them with a NetScaler somewhat difficult. As I’ve mentioned before, Ryan Butler has bailed us out with…

Read More

NetScaler nFactor with Duo – Update

A while back, I wrote a post on integrating NetScaler nFactor with Duo for 2 factor authentication.  The implementation in that post included some workarounds for two limitations between nFactor and Duo.  These workarounds were great, but they made the configuration more complicated.  They also had some limitations.  The good news is that we don’t need them anymore.

Read More

NetScaler SSL Ciphers – Fun with Bitwarden

Some time ago, I replaced LastPass with the Bitwarden password manager for personal use.  I wanted something that had the features of LastPass, but could be self hosted.  Bitwarden checks all of those boxes with a really slick set of clients, a Docker based server package and a super responsive developer. The Docker container comes with a really easy to use script to launch it, configure it…and update it.  I have a scheduled job that…

Read More

NetScaler Powershell Integration

NetScaler’s NITRO is very powerful and feature rich API.  It is robust to the point where you can manage nearly 100% of NetScaler functionality through it.  This makes enterprise level programmatic management and orchestration of NetScaler fleets a reality.  The one drawback is that since it’s a REST API it can be a bit difficult to interface with directly without some kind of wrapper or library. Powershell is very useful for anything from quick and…

Read More

Let’s Encrypt Certificates on NetScaler – Lessons Learned

It’s always been annoying to pay for and manage the SSL certificates in the lab environments I manage.  That’s why I was a very early adopter of Let’s Encrypt.  It’s a fantastic resource for free, hands-off SSL certificates…as long as you’re on a platform that supports it.  Unfortunately NetScaler is, at this time, not one of those platforms.  Lucky for us, there are folks like Ryan Butler out there.  He created an awesome python script…

Read More

NetScaler Authentication with Duo – An nFactor Example

UPDATE: Citrix and Duo have made some changes that simplify this configuration.  I discuss a new variation of this configuration in this post. Duo has become prevalent enough that I check it’s compatibility any time I’m looking at a new remote access system.  Duo actually publishes a solid how-to on integrating with NetScaler, specifically Gateway.  Unfortunately, this method relies on the old NetScaler Basic Authentication Policy framework and uses some secret sauce internal to both NetScaler…

Read More

Monitoring NetScaler with PRTG

PRTG has become my go to for monitoring when there’s a need to monitor lots of different components like switches, servers and services.  PRTG provides a platform that’s easier to use than most, but still has a ton of power and flexibility.  It can monitor pretty much anything through generic interfaces (SNMP, WMI, Powershell, etc…).  There are also many robust built-in monitors for specific systems like Exchange, NetApp and vSphere.  Missing from that list, though,…

Read More