NetScaler konsoll-kommandoer for å last balansere Microsoft Exchange 2013 CAS Servere med Content Switching og avansert monitorering.

Pre-krav; NetScaler Server sertifikat eksporteres og installeres fra Exchange CAS server.

Det kan ta en hel dag og masse kaffe å konfigurere dette fra NetScaler GUI, via konsoll kommandoer vil du gjøre det på par minutter.
Du kan bare kopiere lime inn hele dette skriptet til NetScaler konsollen, men du må huske å installere sertifikatet først og du må sannsynligvis endre IP-adresser og servernavn før du utfører kommandoer 🙂
Mer informasjon om Load Balancing Exchange 2013:

https://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/microsoft-exchange-2013-citrix-netscaler-deployment-guide.pdf

#ADD CAS SERVERS
add server EXCHANGE01 10.100.100.101
add server EXCHANGE02 10.100.100.102
add server EXCHANGE03 10.100.100.103
#ADD SERVICE GROUPS FOR EXCHANGE SSL
add serviceGroup service_group_cas_owa SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add serviceGroup service_group_cas_rpc SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add serviceGroup service_group_cas_ews SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add serviceGroup service_group_cas_activesync SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add serviceGroup service_group_cas_autodiscover SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add serviceGroup service_group_cas_ecp SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add serviceGroup service_group_cas_mapi SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add serviceGroup service_group_cas_oab SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
#ADD SERVICE GROUP FOR EXCHANGE SMTP
add serviceGroup service_group_cas_smtp TCP -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 9000 -svrTimeout 9000 -CKA NO -TCPB NO -CMP NO
#ADD VIRTUAL SERVERS FOR EXCHANGE SSL
add lb vserver exchange_v_cas_owa SSL 0.0.0.0 0 -persistenceType NONE -Listenpolicy NONE -cltTimeout 180
add lb vserver exchange_v_cas_rpc SSL 0.0.0.0 0 -persistenceType NONE -Listenpolicy NONE -cltTimeout 180
add lb vserver exchange_v_cas_activesync SSL 0.0.0.0 0 -persistenceType NONE -Listenpolicy NONE -cltTimeout 180
add lb vserver exchange_v_cas_ews SSL 0.0.0.0 0 -persistenceType NONE -Listenpolicy NONE -cltTimeout 180
add lb vserver exchange_v_cas_autodiscover SSL 0.0.0.0 0 -persistenceType NONE -Listenpolicy NONE -cltTimeout 180
add lb vserver exchange_v_cas_ecp SSL 0.0.0.0 0 -persistenceType NONE -Listenpolicy NONE -cltTimeout 180
add lb vserver exchange_v_cas_mapi SSL 0.0.0.0 0 -persistenceType NONE -Listenpolicy NONE -cltTimeout 180
add lb vserver exchange_v_cas_oab SSL 0.0.0.0 0 -persistenceType NONE -Listenpolicy NONE -cltTimeout 180
#ADD VIRTUAL SERVER FOR EXCHANGE SMTP
add lb vserver exchange_v_cas_smtp TCP 10.106.102.135 25 -persistenceType NONE -Listenpolicy NONE -cltTimeout 9000
#ADD CONTENT SWITCHING VIRTUAL SERVER FOR EXCHANCE SSL
add cs vserver exchange-cs-cas-vserver SSL 10.106.102.136 443 -cltTimeout 180 -Listenpolicy NONE
#ADD CONTENT SWITHING ACTIONS
add cs action exchange_cs_act_owa -targetLBVserver exchange_v_cas_owa
add cs action exchange_cs_act_activesync -targetLBVserver exchange_v_cas_activesync
add cs action exchange_cs_act_rpc -targetLBVserver exchange_v_cas_rpc
add cs action exchange_cs_act_ews -targetLBVserver exchange_v_cas_ews
add cs action exchange_cs_act_autodiscover -targetLBVserver exchange_v_cas_autodiscover
add cs action exchange_cs_act_ecp -targetLBVserver exchange_v_cas_ecp
add cs action exchange_cs_act_mapi -targetLBVserver exchange_v_cas_mapi
add cs action exchange_cs_act_oab -targetLBVserver exchange_v_cas_oab
#ADD CONTENT SWITHING POLICIES
add cs policy exchange_cs_pol_autodiscover -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/autodiscover")" -action exchange_cs_act_autodiscover
add cs policy exchange_cs_pol_ecp -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/ecp")" -action exchange_cs_act_ecp
add cs policy exchange_cs_pol_mapi -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS(“/mapi”)” -action exchange_cs_act_mapi
add cs policy exchange_cs_pol_oab -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/oab")" -action exchange_cs_act_oab
add cs policy exchange_cs_pol_ews -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/ews")" -action exchange_cs_act_ews
add cs policy exchange_cs_pol_activesync -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/Microsoft-Server-ActiveSync")" -action exchange_cs_act_activesync
add cs policy exchange_cs_pol_owa -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/owa")" -action exchange_cs_act_owa
add cs policy exchange_cs_pol_rpc -rule "HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/rpc")" -action exchange_cs_act_rpc
#BIND SERVICE GROUPS TO LOAD BALANCING VIRTUAL SERVERS
bind lb vserver exchange_v_cas_owa service_group_cas_owa
bind lb vserver exchange_v_cas_rpc service_group_cas_rpc
bind lb vserver exchange_v_cas_ews service_group_cas_ews
bind lb vserver exchange_v_cas_activesync service_group_cas_activesync
bind lb vserver exchange_v_cas_autodiscover service_group_cas_autodiscover
bind lb vserver exchange_v_cas_ecp service_group_cas_ecp
bind lb vserver exchange_v_cas_mapi service_group_cas_mapi
bind lb vserver exchange_v_cas_oab service_group_cas_oab
bind lb vserver exchange_v_cas_smtp service_group_cas_smtp
#BIND CONTENT SWITHING VIRTUAL SERVER TO POLICIES
bind cs vserver exchange-cs-cas-vserver -policyName exchange_cs_pol_autodiscover -priority 100
bind cs vserver exchange-cs-cas-vserver -policyName exchange_cs_pol_ecp -priority 110
bind cs vserver exchange-cs-cas-vserver -policyName exchange_cs_pol_mapi -priority 120
bind cs vserver exchange-cs-cas-vserver -policyName exchange_cs_pol_oab -priority 130
bind cs vserver exchange-cs-cas-vserver -policyName exchange_cs_pol_ews -priority 140
bind cs vserver exchange-cs-cas-vserver -policyName exchange_cs_pol_activesync -priority 150
bind cs vserver exchange-cs-cas-vserver -policyName exchange_cs_pol_owa -priority 160
bind cs vserver exchange-cs-cas-vserver -policyName exchange_cs_pol_rpc -priority 170
#ADD MONITORS FOR EXCHANGE SSL
add lb monitor monitor-owa HTTP -respCode 200 -httpRequest "GET /owa/healthcheck.htm" -LRTM DISABLED -deviation 0 -interval 5 -resptimeout 2 -downTime 30 -secure YES
add lb monitor monitor-ews HTTP -respCode 200 -httpRequest "GET /ews/healthcheck.htm" -LRTM DISABLED -deviation 0 -interval 5 -resptimeout 2 -downTime 30 -secure YES
add lb monitor monitor-activesync HTTP -respCode 200 -httpRequest "GET /Microsoft-Server-ActiveSync/healthcheck.htm" -LRTM DISABLED -deviation 0 -interval 5 -resptimeout 2 -downTime 30 -secure YES
add lb monitor monitor-rpc HTTP -respCode 200 -httpRequest "GET /rpc/healthcheck.htm" -LRTM DISABLED -deviation 0 -interval 5 -resptimeout 2 -downTime 30 -secure YES
add lb monitor monitor-autodiscover HTTP -respCode 200 -httpRequest "GET /Autodiscover/healthcheck.htm" -LRTM DISABLED -deviation 0 -interval 5 -resptimeout 2 -downTime 30 -secure YES
add lb monitor monitor-ecp HTTP -respCode 200 -httpRequest "GET /ecp/healthcheck.htm" -LRTM DISABLED -deviation 0 -interval 5 -resptimeout 2 -downTime 30 -secure YES
add lb monitor monitor-mapi HTTP -respCode 200 -httpRequest "GET /mapi/healthcheck.htm" -LRTM DISABLED -deviation 0 -interval 5 -resptimeout 2 -downTime 30 -secure YES
add lb monitor monitor-oab HTTP -respCode 200 -httpRequest "GET /OAB/healthcheck.htm" -LRTM DISABLED -deviation 0 -interval 5 -resptimeout 2 -downTime 30 -secure YES
#ADD MONITOR FOR EXCHANGE SMTP
add lb monitor monitor-smtp SMTP -scriptName nssmtp.pl -dispatcherIP 127.0.0.1 -dispatcherPort 3013 -LRTM DISABLED -deviation 0 -interval 30 -resptimeout 5 -downTime 2 MIN
#BIND SERVERS TO SERVICE GROUPS
bind serviceGroup service_group_cas_owa EXCHANGE01 443
bind serviceGroup service_group_cas_owa EXCHANGE02 443
bind serviceGroup service_group_cas_owa EXCHANGE03 443
bind serviceGroup service_group_cas_owa -monitorName monitor-owa
bind serviceGroup service_group_cas_rpc EXCHANGE01 443
bind serviceGroup service_group_cas_rpc EXCHANGE02 443
bind serviceGroup service_group_cas_rpc EXCHANGE03 443
bind serviceGroup service_group_cas_rpc -monitorName monitor-rpc
bind serviceGroup service_group_cas_ews EXCHANGE01 443
bind serviceGroup service_group_cas_ews EXCHANGE02 443
bind serviceGroup service_group_cas_ews EXCHANGE03 443
bind serviceGroup service_group_cas_ews -monitorName monitor-ews
bind serviceGroup service_group_cas_activesync EXCHANGE01 443
bind serviceGroup service_group_cas_activesync EXCHANGE02 443
bind serviceGroup service_group_cas_activesync EXCHANGE03 443
bind serviceGroup service_group_cas_activesync -monitorName monitor-activesync
bind serviceGroup service_group_cas_autodiscover EXCHANGE01 443
bind serviceGroup service_group_cas_autodiscover EXCHANGE02 443
bind serviceGroup service_group_cas_autodiscover EXCHANGE03 443
bind serviceGroup service_group_cas_autodiscover -monitorName monitor-autodiscover
bind serviceGroup service_group_cas_ecp EXCHANGE01 443
bind serviceGroup service_group_cas_ecp EXCHANGE02 443
bind serviceGroup service_group_cas_ecp EXCHANGE03 443
bind serviceGroup service_group_cas_ecp -monitorName monitor-ecp
bind serviceGroup service_group_cas_mapi EXCHANGE01 443
bind serviceGroup service_group_cas_mapi EXCHANGE02 443
bind serviceGroup service_group_cas_mapi EXCHANGE03 443
bind serviceGroup service_group_cas_mapi -monitorName monitor-mapi
bind serviceGroup service_group_cas_oab EXCHANGE01 443
bind serviceGroup service_group_cas_oab EXCHANGE02 443
bind serviceGroup service_group_cas_oab EXCHANGE03 443
bind serviceGroup service_group_cas_oab -monitorName monitor-oab
bind serviceGroup service_group_cas_smtp EXCHANGE01 25
bind serviceGroup service_group_cas_smtp EXCHANGE02 25
bind serviceGroup service_group_cas_smtp EXCHANGE03 25
bind serviceGroup service_group_cas_smtp -monitorName monitor-smtp
#DISABLE SSL3, TLS11, TLS12 FROM SERVICEGROUPS
set ssl serviceGroup service_group_cas_oab -ssl3 DISABLED -tls11 DISABLED -tls12 DISABLED
set ssl serviceGroup service_group_cas_mapi -ssl3 DISABLED -tls11 DISABLED -tls12 DISABLED
set ssl serviceGroup service_group_cas_ecp -ssl3 DISABLED -tls11 DISABLED -tls12 DISABLED
set ssl serviceGroup service_group_cas_autodiscover -ssl3 DISABLED -tls11 DISABLED -tls12 DISABLED
set ssl serviceGroup service_group_cas_activesync -ssl3 DISABLED -tls11 DISABLED -tls12 DISABLED
set ssl serviceGroup service_group_cas_ews -ssl3 DISABLED -tls11 DISABLED -tls12 DISABLED
set ssl serviceGroup service_group_cas_rpc -ssl3 DISABLED -tls11 DISABLED -tls12 DISABLED
set ssl serviceGroup service_group_cas_owa -ssl3 DISABLED -tls11 DISABLED -tls12 DISABLED
#DISABLE SSL3 FROM VIRTUAL SERVERS
set ssl vserver exchange_v_cas_owa -ssl3 DISABLED
set ssl vserver exchange_v_cas_rpc -ssl3 DISABLED
set ssl vserver exchange_v_cas_activesync -ssl3 DISABLED
set ssl vserver exchange_v_cas_ews -ssl3 DISABLED
set ssl vserver exchange_v_cas_autodiscover -ssl3 DISABLED
set ssl vserver exchange_v_cas_ecp -ssl3 DISABLED
set ssl vserver exchange_v_cas_mapi -ssl3 DISABLED
set ssl vserver exchange_v_cas_oab -ssl3 DISABLED
set ssl vserver exchange-cs-cas-vserver -ssl3 DISABLED
#BIND SERVER CERTIFICATE TO VIRTUAL SERVERS
bind ssl vserver exchange_v_cas_owa -certkeyName mail_janikohonen_com
bind ssl vserver exchange_v_cas_rpc -certkeyName mail_janikohonen_com
bind ssl vserver exchange_v_cas_activesync -certkeyName mail_janikohonen_com
bind ssl vserver exchange_v_cas_ews -certkeyName mail_janikohonen_com
bind ssl vserver exchange_v_cas_autodiscover -certkeyName mail_janikohonen_com
bind ssl vserver exchange_v_cas_ecp -certkeyName mail_janikohonen_com
bind ssl vserver exchange_v_cas_mapi -certkeyName mail_janikohonen_com
bind ssl vserver exchange_v_cas_oab -certkeyName mail_janikohonen_com
#BIND SERVER CERTIFICATE TO CONTENT SWITCHING VIRTUAL SERVER
bind ssl vserver exchange-cs-cas-vserver -certkeyName mail_janikohonen_com
#SAVE CONFIG AND ENJOY!
save ns config
Share.

About Author

Senior Infrastructure Engineer med spesialitet på Citrix produkter

Leave A Reply

Dette nettstedet bruker Akismet for å redusere spam. Lær om hvordan dine kommentar-data prosesseres.