Citrix Cloud Bridge

Posted on  by admin
  1. Therefore, the Citrix Branch Repeater was called as Citrix CloudBridge from version 6.2. Citrix CloudBridge provides a unified platform that connects and accelerates applications, optimizes bandwidth utilization across third-party public cloud and private networks, and offers a platform for third-party applications.
  2. CloudBridge 7.4. Sign In to access restricted downloads. The item you are trying to access is restricted and requires additional permissions! If you think you should have access to this file, please contact Customer Service for further assistance.
downloadWhy can't I download this file?

Requirements:-

Citrix cloudbridge vpx

You require a routable remote IP connectivity to the LOM port for Graphical User Interface (GUI) and access to the Service VM (SVM) GUI to run the reset to factory command.

Instructions

Citrix Adc Cloud Bridge

The CloudBridge 20003000 platform factory reset process takes about 30 to 60 minutes. Do not power-off the appliance during the factory reset process. The appliance restarts several times during the process. If the power is lost during the reset process, then it can make the appliance non-operational and you might have to process a Return Merchandise Authorization (RMA) for the appliance.

The default IP address for initial access to the LOM port is 192.168.1.3. Change the default credentials and IP address the first time you log on. All LOM GUI operations require you to connect to the appliance by typing the LOM IP address in a web browser and then entering the administrator credentials. Alternatively, you can access LOM functionality through the command line by using the ipmitool utility.

If the LOM port is connected by using a cable but is not configured with an IP address, you can configure an IP address for the LOM port by completing the following procedure:

  1. Open a Secure Shell (SSH) console to the XenServer IP address.

  2. Run the following commands to configure an IP address for the LOM port:
    ipmitool lan set 1 ipaddr <desired LOM IP>
    ipmitool lan set 1 netmask <desired LOM netmask>
    ipmitool lan set 1 defgw ipaddr <desired LOM default gateway>

Citrix netscaler cloudbridge

After the LOM port is accessible, continue with the following procedure to reset to factory settings remotely:

  1. Access the SVM of the CloudBridge appliance and refer to CTX137613 - How to Reset CloudBridge 2000 or 3000 to Factory Default Settings to reset to factory settings.
    Note: CloudBridge appliance takes around 60 minutes to fully reset to factory default settings.

  2. Open the following URL by using a web browser that is installed with Java:
    http://<desired LOM ip>
    Note: Use the default credentials nsroot/nsroot.

  3. Open the Configuration console from Remote Control > Console Redirection.

  4. Click Launch Console.

  5. Select Local Command Shell.
    Note: Use a different web browser if Java does not display the content properly.

  6. Enter in the XenServer username and password:
    Note: The default credentials are root/nsroot.

  7. From the Local Command Shell, run the following command to access the NetScaler root shell prompt with the default credentials root/nsroot:
    ssh 169.254.0.10

  8. Run the following command from the shell prompt to access the Management Service Initial Network Address Configuration:
    networkconfig

  9. Select option 1 to issue a new SVM IP, then press Enter.

  10. Select option 2 to issue a new SVM netmask, then press Enter.

  11. Select option 3 to issue a new SVM default gateway, then press Enter.

  12. Select option 7, then press Enter to save and exit.

  13. From [email protected], run the following command to restart the SVM:
    reboot

    After the SVM restart, you can use the newly configured IP address and open the SVM GUI.

Additional Resources

downloadWhy can't I download this file?Citrix Cloudbridge Vpx

Note: The CloudBridge is not designed for deployment in a demilitarized zone (DMZ) and this is not recommended by Citrix. Deploying the CloudBridge on the external facing side of the NetScaler Gateway is suitable for private Multiprotocol Label Switching (MPLS) and other scenarios where CloudBridge security is not a concern.

Instructions

To accelerate ICA Proxy Mode on NetScaler Gateway with a CloudBridge, complete the following procedures:

Collecting Required Certificates

Required Peer Communication Certificates:

  1. It is recommended to use certificates that refer to a trusted certifying authority.
    Note: This is not the certificate used in NetScaler Gateway ICA Proxy virtual server.

  2. For testing purposes, you can generate and use a self-signed X509 certificate based on a private key (which is also generated by you). This certificate /key pair can be used alternatively for Peer Communication. For more information refer to Citrix Documentation.

  3. Set aside when ready to configure Peer Communication.

Required SSL Profile Certificates:

  1. From NetScaler Gateway, verify the Certificate (Server Certificate) referenced by the ICA Proxy virtual server. Navigate to NetScaler Gateway > Virtual Servers >Your ICA Proxy Virtual Server > Edit > Server Certificate. Make note of the certificate name.

  2. Go to Traffic Management > SSL > Certificates to find the actual certificate/key pair referenced by Server Certificate.

  3. Download the referenced certificate/key pair by navigating to Traffic Management > SSL > Manage Certificate / Keys / CSRs.

  4. You will also need to get the company’s root and intermediate certificates (if any). If there are intermediate certificates, it must be concatenated with root certificate to a single certificate file.

  5. At this point, you are expected to have the following certificates:

    • Root + intermediate(s), all must be concatenated into a single file.

    • One certificate/key pair (taken from NetScaler Gateway virtual server).

  6. Set aside the certificates when ready to configure SSL Profile.

Enabling SSL Traffic Acceleration

To enable SSL traffic acceleration on a CloudBridge, complete the following procedure on both client and server-side CloudBridge:

  1. Install the CloudBridge Crypto License.

  2. On the CloudBridge Graphical User Interface (GUI), select SSL Encryption from the Configuration > SSL settings section.

  3. For the Key Store parameter, click Create Password.

  4. Set the password as required.

  5. For the User Data Store parameter, click Enable Encryption.

  6. For the SSL Optimization parameter, click Enable.

Citrix cloud bridge

Setting up the Peer Communication

To set up the peer communication on a CloudBridge, complete the following procedure:
Note: The following steps must be completed on both client and server-side CloudBridge, unless specified.

  1. On the CloudBridge GUI, select Secure Partners from the Configuration > SSL Settings section.

  2. Select the Enabled option for the Partner State parameter.

  3. Configure the following Partner Security settings:

  • From Certificate/Key name list, select ADD NEW ENTRY, if you must install a certificate. If you have already installed the required certificate, then select the appropriate certificate/key from the list.

  • From CA Certificate Store name list, select ADD NEW ENTRY, if you must install a certificate. If you have already installed the required certificate, then select the appropriate CA certificate from the list.
    Note: For self-signed certificates, CA certificate is the same certificate for the certificate/key pair.

  • Select the Signature/Expiration option for the Certificate Verification parameter.
    Note: This is required to maintain security between CloudBridge.

  1. Ensure that the Enable Auto-Discovery option is selected.

  2. For server-side CloudBridge, populate the Listen On parameter with its IP address that is reachable from the client-side CloudBridge as shown in the following screen shot:

  3. For client-side CloudBridge, populate the Connect To with the same IP address as that in the preceding step.
    Note: On the server-side CloudBridge, do not specify anything for this parameter.

  4. Click Save.

Citrix Cloud Bridge

Configuring SSL Profiles on the Server-Side CloudBridge

To configure SSL profiles on a CloudBridge, complete the following procedure:
Note: This section should be completed only on the server-side CloudBridge.
  1. On the CloudBridge GUI, select SSL Acceleration from the Configuration > SSL Settings section.

  2. Click Add.

  3. In the Profile Name field, specify a SSL Profile name.

  4. Select the Profile Enabled option.

  5. For the Proxy Type parameter, ensure that the Split option is selected.

  6. From the Certificate/Private Key list, select ADD NEW ENTRY, if you must install a certificate. Install gathered NetScaler Gateway virtual server and root (may include concatenated intermediate) certificates. If you have already installed the required certificates, then select the appropriate certificate from the list.

  7. Ensure Build Certificate Chain is checked.

  8. Select Use all configured CA stores for Certificate Chain Store.

  9. Select the Signature/Expiration option for the Certificate Verification parameter.
    Note: This is required to maintain security between the CloudBridge appliance/VPX.

  10. Select Use all configured CA stores for Verification Store.

  11. Retain the default settings for the other fields, as shown in the following screen shot:

  12. Click Add.
    For more information refer to Citrix Documentation.

Configuring Service Class

To configure Service Class on both client and server-side CloudBridge, complete the following procedure:

  1. On the CloudBridge GUI, select Service Classes from the Configuration > Optimization Rules section.

  2. Move the ICA service class to the top of the list.

  3. For ICA service class, click Edit under Action.

  4. Ensure that the Enabled option is selected and Disk is selected from the Acceleration Policy.

  5. Add a new line under Filter Rules with the following field entries:
    Application: HTTPS
    Src IP: Any
    Dst IP: NetScaler Gateway VIP IP address
    VLAN: Any
    DiffServ DSCP Bits: Any
    SSL Profile: ICA Proxy profile that was created in the previous steps.

    Note: This only applies to server-side CloudBridge. For client-side CloudBridge, it must be set to Any.

Citrix

Server-Side CloudBridge

Client-Side CloudBridge

Configuring an External Firewall

Configure the external Firewall application in the data center to allow the following inbound ports for the CloudBridge:

  • Signaling Address and Port (default 2312) for the CloudBridge peer communication.

  • NetScaler Gateway traffic port (default 443).

Confirming the ICA Acceleration

To confirm the ICA acceleration on a CloudBridge, complete the following procedure:

  1. On the CloudBridge GUI, select Secure Partners from the Monitoring > Partners & Plug-ins section.

  2. Ensure that a secure connection is established between the target client and server-side CloudBridge, as shown in the following screen shot:

Server-Side CloudBridge

Client-Side CloudBridge

Note: Depending on which CloudBridge you are viewing, Peer Name denotes the hostname of the partner CloudBridge on the other end.

  1. On the CloudBridge GUI, select Citrix (ICA/CGP) from the Monitoring > Optimization section.

  2. Ensure that the accelerated ICA connections in Green are listed in the ICA Status page, as shown in the following screen shot:

    Note: If the accelerated ICA connections are not listed, then review the CloudBridge configuration.

Additional Resources

Citrix Cloudbridge Vpx

Refer to the latest CloudBridge Documentation for additional details on SSL compression as it applies to ICA Proxy.