HowTo: Create a NetScaler Load Balancing vServer for Citrix Workspace Environment Management on the CLI

Since Citrix has released Workspace Environment Management 4.2 there is now a complete section about #WEM in the Citrix eDocs. Part of the new official documentation is a section about load balancing advices. But before that, there has already been a superior blog article about that topic by Ryan Revord.
But what is still missing is a complete overview of the necessary NetScaler CLI commands. That way you can import your WEM load balancing configuration in less than a minute! As I try to do everything in NetScaler on the CLI, I documented the steps during my first WEM deployment and wanted to share them with the community.

Prerequisites:

    1. A working NetScaler with a SNIP in the corresponding subnet of your network
    2. Two WEM Broker Server up and running with a third server hosting the SQL database
      (When you create the Workspace Environment Management database, select the option Broker Database Connection Uses Windows Security!)
    3. Configure the Service Principal Names (SPNs) for the Citrix Workspace Environment Management Infrastructure Services to use the Broker Service Account name.
    4. Step 2 and 3 are most important! Check twice that you use Windows authentication for SQL and set the SPN to the Windows Account!
      setspn -U -S Norskale/BrokerService [accountname]

After that we come to the interesting part, we have to load balance 4 TCP ports: 8284, 8286, 8285, 8287

Legend:

WEM Broker #1 xa-wms2016-01.int.corp.de 192.168.24.21
WEM Broker #2 xa-wms2016-02.int.corp.de 192.168.24.22
NetScaler lb vserver VIP citrix-wem.int.corp.de 192.168.24.30

The following CLI commands have a recurring logic:

  1. Create Service Group for a specific port
  2. Bind WEM Broker #1 to the Service Group with the corresponding port
  3. Bind WEM Broker #2 to the Service Group with the corresponding port
  4. (Bind WEM Broker #x to the Service Group with the corresponding port; in case you would like to have more than two WEM Broker)
  5. Bind the default TCP Monitor to the Service Group
  6. Create the TCP Load Balancing Virtual Server with the corresponding port on the shared IP for all WEM ports
  7. Bind the Service Group to the Load Balancing Virtual Server
enable ns feature LB

add server xa-wms2016-01.int.corp.de 192.168.24.21
add server xa-wms2016-02.int.corp.de 192.168.24.22

add serviceGroup svcgrp-WEM-BrokerAdmin TCP -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 9000 -svrTimeout 9000 -CKA NO -TCPB NO -CMP NO
bind serviceGroup svcgrp-WEM-BrokerAdmin xa-wms2016-01.int.corp.de 8284
bind serviceGroup svcgrp-WEM-BrokerAdmin xa-wms2016-02.int.corp.de 8284
bind serviceGroup svcgrp-WEM-BrokerAdmin -monitorName TCP
add lb vserver WEM-BrokerAdmin TCP 192.168.24.30 8284 -persistenceType NONE -cltTimeout 9000
bind lb vserver WEM-BrokerAdmin svcgrp-WEM-BrokerAdmin

add serviceGroup svcgrp-WEM-AgentBroker TCP -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 9000 -svrTimeout 9000 -CKA NO -TCPB NO -CMP NO
bind serviceGroup svcgrp-WEM-AgentBroker xa-wms2016-01.int.corp.de 8286
bind serviceGroup svcgrp-WEM-AgentBroker xa-wms2016-02.int.corp.de 8286
bind serviceGroup svcgrp-WEM-AgentBroker -monitorName TCP
add lb vserver WEM-AgentBroker TCP 192.168.24.30 8286 -persistenceType NONE -cltTimeout 9000
bind lb vserver WEM-AgentBroker svcgrp-WEM-AgentBroker

add serviceGroup svcgrp-WEM-AgentSync TCP -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 9000 -svrTimeout 9000 -CKA NO -TCPB NO -CMP NO
bind serviceGroup svcgrp-WEM-AgentSync xa-wms2016-01.int.corp.de 8285
bind serviceGroup svcgrp-WEM-AgentSync xa-wms2016-02.int.corp.de 8285
bind serviceGroup svcgrp-WEM-AgentSync -monitorName TCP
add lb vserver WEM-AgentSync TCP 192.168.24.30 8285 -persistenceType NONE -cltTimeout 9000
bind lb vserver WEM-AgentSync svcgrp-WEM-AgentSync

add serviceGroup svcgrp-WEM-MonitoringBroker TCP -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 9000 -svrTimeout 9000 -CKA NO -TCPB NO -CMP NO
bind serviceGroup svcgrp-WEM-MonitoringBroker xa-wms2016-01.int.corp.de 8287
bind serviceGroup svcgrp-WEM-MonitoringBroker xa-wms2016-02.int.corp.de 8287
bind serviceGroup svcgrp-WEM-MonitoringBroker -monitorName TCP
add lb vserver WEM-MonitoringBroker TCP 192.168.24.30 8287 -persistenceType NONE -cltTimeout 9000
bind lb vserver WEM-MonitoringBroker svcgrp-WEM-MonitoringBroker

That’s it, hope it helps someone!

Author: Marco

Marco is an IT-System administrator and IT-Consultant with 10+ years experience. He is specialized in the delivery of virtual Apps and Desktops with Citrix solutions. In 2017 he has been awarded Citrix Technology Advocate by Citrix for his community work (#CTA). His second core area is availability & performance monitoring with Zabbix, a leading open-source solution. His employer is the German IT-Company ANAXCO, which is developing a Transport Management Software (TMS) based on Microsoft Dynamics AX. More about Marco

5 thoughts on “HowTo: Create a NetScaler Load Balancing vServer for Citrix Workspace Environment Management on the CLI”

  1. Hi Marco,

    I don’t see any persistence on your LB vServers. From Citrix Docs: “Session persistence is required for the connection between agent and broker, and between consoles and broker. Citrix recommends that you connect all Administration Consoles to one Broker Service, rather than using the VIP.”

    1. You are right. In my original setup I oriented myself at Ryan Tevord where he says: “The Broker is stateless so no need to set persistence either.”
      But Citrix says you need Persistence. Should have read more closely. Will fix this tomorrow as soon as possible.

    2. Citrix has reworked its statement:

      Session persistence is required for the connection between administration consoles and the infrastructure service. (Session persistence between the agent and the infrastructure service is not required.) Citrix recommends that you directly connect each administration console to an infrastructure service server, rather than using the VIP.

      Source: http://docs.citrix.com/en-us/workspace-environment-management/current-release/install-and-configure/infrastructure-services.html

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.