- Therefore, the Citrix Branch Repeater was called as Citrix CloudBridge from version 6.2. Citrix CloudBridge provides a unified platform that connects and accelerates applications, optimizes bandwidth utilization across third-party public cloud and private networks, and offers a platform for third-party applications.
- CloudBridge 7.4. Sign In to access restricted downloads. The item you are trying to access is restricted and requires additional permissions! If you think you should have access to this file, please contact Customer Service for further assistance.
You require a routable remote IP connectivity to the LOM port for Graphical User Interface (GUI) and access to the Service VM (SVM) GUI to run the reset to factory command.
Citrix Adc Cloud Bridge
The CloudBridge 20003000 platform factory reset process takes about 30 to 60 minutes. Do not power-off the appliance during the factory reset process. The appliance restarts several times during the process. If the power is lost during the reset process, then it can make the appliance non-operational and you might have to process a Return Merchandise Authorization (RMA) for the appliance.The default IP address for initial access to the LOM port is 192.168.1.3. Change the default credentials and IP address the first time you log on. All LOM GUI operations require you to connect to the appliance by typing the LOM IP address in a web browser and then entering the administrator credentials. Alternatively, you can access LOM functionality through the command line by using the ipmitool utility.
If the LOM port is connected by using a cable but is not configured with an IP address, you can configure an IP address for the LOM port by completing the following procedure:
Open a Secure Shell (SSH) console to the XenServer IP address.
Run the following commands to configure an IP address for the LOM port:
ipmitool lan set 1 ipaddr <desired LOM IP>
ipmitool lan set 1 netmask <desired LOM netmask>
ipmitool lan set 1 defgw ipaddr <desired LOM default gateway>
After the LOM port is accessible, continue with the following procedure to reset to factory settings remotely:
Access the SVM of the CloudBridge appliance and refer to CTX137613 - How to Reset CloudBridge 2000 or 3000 to Factory Default Settings to reset to factory settings.
Note: CloudBridge appliance takes around 60 minutes to fully reset to factory default settings.
Open the following URL by using a web browser that is installed with Java:
http://<desired LOM ip>
Note: Use the default credentials nsroot/nsroot.
Open the Configuration console from Remote Control > Console Redirection.
Click Launch Console.
Select Local Command Shell.
Note: Use a different web browser if Java does not display the content properly.
Enter in the XenServer username and password:
Note: The default credentials are root/nsroot.
From the Local Command Shell, run the following command to access the NetScaler root shell prompt with the default credentials root/nsroot:
Run the following command from the shell prompt to access the Management Service Initial Network Address Configuration:
Select option 1 to issue a new SVM IP, then press Enter.
Select option 2 to issue a new SVM netmask, then press Enter.
Select option 3 to issue a new SVM default gateway, then press Enter.
Select option 7, then press Enter to save and exit.
From [email protected], run the following command to restart the SVM:
After the SVM restart, you can use the newly configured IP address and open the SVM GUI.
Note: The CloudBridge is not designed for deployment in a demilitarized zone (DMZ) and this is not recommended by Citrix. Deploying the CloudBridge on the external facing side of the NetScaler Gateway is suitable for private Multiprotocol Label Switching (MPLS) and other scenarios where CloudBridge security is not a concern.
To accelerate ICA Proxy Mode on NetScaler Gateway with a CloudBridge, complete the following procedures:
Collecting Required Certificates
Required Peer Communication Certificates:
It is recommended to use certificates that refer to a trusted certifying authority.
Note: This is not the certificate used in NetScaler Gateway ICA Proxy virtual server.
For testing purposes, you can generate and use a self-signed X509 certificate based on a private key (which is also generated by you). This certificate /key pair can be used alternatively for Peer Communication. For more information refer to Citrix Documentation.
Set aside when ready to configure Peer Communication.
Required SSL Profile Certificates:
From NetScaler Gateway, verify the Certificate (Server Certificate) referenced by the ICA Proxy virtual server. Navigate to NetScaler Gateway > Virtual Servers >Your ICA Proxy Virtual Server > Edit > Server Certificate. Make note of the certificate name.
Go to Traffic Management > SSL > Certificates to find the actual certificate/key pair referenced by Server Certificate.
Download the referenced certificate/key pair by navigating to Traffic Management > SSL > Manage Certificate / Keys / CSRs.
You will also need to get the company’s root and intermediate certificates (if any). If there are intermediate certificates, it must be concatenated with root certificate to a single certificate file.
At this point, you are expected to have the following certificates:
Root + intermediate(s), all must be concatenated into a single file.
One certificate/key pair (taken from NetScaler Gateway virtual server).
Set aside the certificates when ready to configure SSL Profile.
Enabling SSL Traffic Acceleration
To enable SSL traffic acceleration on a CloudBridge, complete the following procedure on both client and server-side CloudBridge:
Install the CloudBridge Crypto License.
On the CloudBridge Graphical User Interface (GUI), select SSL Encryption from the Configuration > SSL settings section.
For the Key Store parameter, click Create Password.
Set the password as required.
For the User Data Store parameter, click Enable Encryption.
For the SSL Optimization parameter, click Enable.
Setting up the Peer Communication
To set up the peer communication on a CloudBridge, complete the following procedure:
Note: The following steps must be completed on both client and server-side CloudBridge, unless specified.
On the CloudBridge GUI, select Secure Partners from the Configuration > SSL Settings section.
Select the Enabled option for the Partner State parameter.
Configure the following Partner Security settings:
From Certificate/Key name list, select ADD NEW ENTRY, if you must install a certificate. If you have already installed the required certificate, then select the appropriate certificate/key from the list.
From CA Certificate Store name list, select ADD NEW ENTRY, if you must install a certificate. If you have already installed the required certificate, then select the appropriate CA certificate from the list.
Note: For self-signed certificates, CA certificate is the same certificate for the certificate/key pair.
Select the Signature/Expiration option for the Certificate Verification parameter.
Note: This is required to maintain security between CloudBridge.
Ensure that the Enable Auto-Discovery option is selected.
For server-side CloudBridge, populate the Listen On parameter with its IP address that is reachable from the client-side CloudBridge as shown in the following screen shot:
For client-side CloudBridge, populate the Connect To with the same IP address as that in the preceding step.
Note: On the server-side CloudBridge, do not specify anything for this parameter.
Configuring SSL Profiles on the Server-Side CloudBridgeTo configure SSL profiles on a CloudBridge, complete the following procedure:
Note: This section should be completed only on the server-side CloudBridge.
On the CloudBridge GUI, select SSL Acceleration from the Configuration > SSL Settings section.
In the Profile Name field, specify a SSL Profile name.
Select the Profile Enabled option.
For the Proxy Type parameter, ensure that the Split option is selected.
From the Certificate/Private Key list, select ADD NEW ENTRY, if you must install a certificate. Install gathered NetScaler Gateway virtual server and root (may include concatenated intermediate) certificates. If you have already installed the required certificates, then select the appropriate certificate from the list.
Ensure Build Certificate Chain is checked.
Select Use all configured CA stores for Certificate Chain Store.
Select the Signature/Expiration option for the Certificate Verification parameter.
Note: This is required to maintain security between the CloudBridge appliance/VPX.
Select Use all configured CA stores for Verification Store.
Retain the default settings for the other fields, as shown in the following screen shot:
For more information refer to Citrix Documentation.
Configuring Service Class
To configure Service Class on both client and server-side CloudBridge, complete the following procedure:
On the CloudBridge GUI, select Service Classes from the Configuration > Optimization Rules section.
Move the ICA service class to the top of the list.
For ICA service class, click Edit under Action.
Ensure that the Enabled option is selected and Disk is selected from the Acceleration Policy.
Add a new line under Filter Rules with the following field entries:
Src IP: Any
Dst IP: NetScaler Gateway VIP IP address
DiffServ DSCP Bits: Any
SSL Profile: ICA Proxy profile that was created in the previous steps.
Note: This only applies to server-side CloudBridge. For client-side CloudBridge, it must be set to Any.
Configuring an External Firewall
Configure the external Firewall application in the data center to allow the following inbound ports for the CloudBridge:
Signaling Address and Port (default 2312) for the CloudBridge peer communication.
NetScaler Gateway traffic port (default 443).
Confirming the ICA Acceleration
To confirm the ICA acceleration on a CloudBridge, complete the following procedure:
On the CloudBridge GUI, select Secure Partners from the Monitoring > Partners & Plug-ins section.
Ensure that a secure connection is established between the target client and server-side CloudBridge, as shown in the following screen shot:
Note: Depending on which CloudBridge you are viewing, Peer Name denotes the hostname of the partner CloudBridge on the other end.
On the CloudBridge GUI, select Citrix (ICA/CGP) from the Monitoring > Optimization section.
Ensure that the accelerated ICA connections in Green are listed in the ICA Status page, as shown in the following screen shot:
Note: If the accelerated ICA connections are not listed, then review the CloudBridge configuration.
Citrix Cloudbridge Vpx
Refer to the latest CloudBridge Documentation for additional details on SSL compression as it applies to ICA Proxy.