Deployment Guide. Policy Engine (PE) Deployment Guide. A Technical Reference

Similar documents
DEPLOYMENT GUIDE Amazon EC2 Security Groups. Deployment Guide. Security Groups Amazon EC2.

DEPLOYMENT GUIDE XenApp, Avaya 1X Agent. Deployment Guide. Avaya 1X Agent R2 SP2. XenApp 6.0.

Installation Guide. Citrix License Server VPX v1.01

Deployment Guide. ICA Proxy for Citrix Receiver with SMS Authentication. Access Gateway Enterprise Edition XenApp XenDesktop

Deployment Guide. ICA Proxy for Citrix Receiver. Access Gateway Enterprise Edition XenApp XenDesktop

Deployment Guide. Compression. Deployment Guide. A Step-by-Step Technical Guide

Citrix Consulting. Guide to Consulting Methodology and Services

WHITE PAPER. Citrix NetScaler VPX. NetScaler VPX: Harness the Power of Virtualized Web App Delivery.

Five reasons to choose Citrix XenServer

Guide to Deploying NetScaler as an Active Directory Federation Services Proxy

Windows 7 made easier with Citrix XenDesktop

White paper. The three levels of high availability Balancing priorities and cost

Deploying NetScaler with Microsoft Exchange 2016

Azure MFA Integration with NetScaler

Desktop virtualization for all

High availability and disaster recovery with Microsoft, Citrix and HP

How to buy or cancel the XenDesktop Essentials Service

Citrix SD-WAN for Optimal Office 365 Connectivity and Performance

White paper. Keys to Oracle application acceleration: advances in delivery systems.

Optimizing Citrix XenApp high availability A new approach. Using tiered availability to achieve your SLAs with fewer resources and lower costs

Adding XenMobile Users to an Existing XenDesktop Environment

Citrix ADC Web App Firewall Service

Citrix Education Learning Journey

XenApp 7.x on Oracle Cloud Infrastructure

What is an application delivery controller?

Oracle PeopleSoft 9.2 with NetScaler for Global Server Load Balancing

Citrix Tech Zone Citrix Product Documentation docs.citrix.com November 13, 2018

Comprehensive Citrix HDX visibility powered by NetScaler Management and Analytics System

Citrix XenDesktop White Paper. How to provide unmatched availability, performance and security for Citrix XenDesktop.

Configuring and Delivering ServiceNow as a managed application to XenMobile Users with 3 rd Party SAML IDP (Identity Provider)

Your Adoption Kit for Citrix Workspace Standard

Welcome to the new Citrix Product Documentation site

Citrix Education Learning Journey

Configuring and Delivering Salesforce as a managed application to XenMobile Users with 3 rd Party SAML IDP (Identity Provider)

Citrix CloudBridge Product Overview

XenApp, XenDesktop and XenMobile Integration

Configuring and Delivering Salesforce as a managed application to XenMobile Users with NetScaler as the SAML IDP (Identity Provider)

Accelerate Graphics in Virtual Environments

Citrix EdgeSight TM BRIDGING THE GAP BETWEEN SYSTEM PERFORMANCE

Empower a Mobile Workforce with Secure App Delivery

A comprehensive security solution for enhanced mobility and productivity

The Citrix guide to desktop virtualisation

NetScaler 2048-bit SSL Performance

Citrix XenApp and XenDesktop 7.15 LTSR FIPS Sample Deployments

A10 Thunder ADC with Oracle E-Business Suite 12.2 DEPLOYMENT GUIDE

ShareFile Account Admin Guide

Remote access to enterprise PCs

White Paper Taking Windows Mobile on Any Device Taking Windows Mobile on Any Device

Citrix XenApp and XenDesktop 7.6 LTSR FIPS Sample Deployments

10 ways to securely optimize your network. Integrate WAN acceleration with next-gen firewalls to enhance performance, security and control

SAP NetWeaver Server with NetScaler for Load Balancing(SSL offload), Application Firewall and- Integrated Caching

Deploying Virtual Apps and Desktops with Citrix Provisioning using Oracle Cloud Infrastructure

Cisco Jabber for Android 10.5 Quick Start Guide

Welcome to your Citrix User Adoption Kit

Top three reasons to deliver web apps with application virtualization

By Anthony di Donato. Citrix Systems, Inc.

Secure app and data delivery across devices, networks and locations

Citrix StoreFront 2.0

Features. HDX WAN optimization. QoS

NetScaler Management and Analytics System service trial account checklist

Configuring and Delivering AetherPal as a managed application to XenMobile ios Users for Mobile Support.

Cisco 1000 Series Connected Grid Routers QoS Software Configuration Guide

Printing Enhancements to Citrix Presentation Server 4.0

SAML SSO Okta Identity Provider 2

Configuring and Delivering Notate for Enterprise as a managed application to XenMobile Users

Cisco FindIT Plugin for Kaseya Quick Start Guide

Deploying Oracle Hyperion 11.1 with NetScaler

Citrix ShareFile Enterprise: a technical overview citrix.com

Overview. Compatibility Requirements and Caveats. XenServer-Nutanix Integration Guide. December 2017

Validated Reference Design NetScaler SSL Profiles

Cisco UCS C-Series IMC Emulator Quick Start Guide. Cisco IMC Emulator 2 Overview 2 Setting up Cisco IMC Emulator 3 Using Cisco IMC Emulator 9

Citrix Netscaler configuration for Receiver

Cisco Unified Communications Self Care Portal User Guide, Release 11.5(1)

Citrix Shifts Your SAP Solutions into High Gear

By Jorge Gomez. Citrix Consulting Services. Citrix Systems, Inc.

IP Switching Configuring Fast Switching Configuration Guide Cisco IOS Release 15SY

Cisco ACI and Citrix NetScaler: Opening the Way to Data Center Agility

Citrix NetScaler LLB Deployment Guide

Deploying Oracle ATG with NetScaler

Windows Server 2003 Migration with Citrix App and Desktop Delivery

DesktopPlayer for Windows

Mobilizing Windows apps

Cisco Discovery Protocol Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 920 Series)

WHITEPAPER. Security overview. podio.com

By Citrix Consulting Services. Citrix Systems, Inc.

Self-Service Password Reset

Technical Guide for Upgrading/Migrating to XenApp 6

DaaS Market Report Workspace Services and Desktops-as-a-Service Global Market Trends: The Service Provider Perspective

White paper. Security Beyond Corporate Boundaries. Using Citrix Application Delivery to Protect Corporate Information Anywhere Business Happens

Design and deliver cloud-based apps and data for flexible, on-demand IT

Solutions Brief. Unified Communications with XenApp and XenDesktop. citrix.com

Recovery Guide for Cisco Digital Media Suite 5.4 Appliances

Citrix, Dell and Intel

DesktopPlayer for Windows

White Paper. Citrix NetScaler Deployment Guide

Cisco IOS HTTP Services Command Reference

Cisco Jabber IM for iphone Frequently Asked Questions

Security in Higher Education: A Model for the Modern Institution

White Paper. Deployment Practices and Guidelines for NetScaler 10.1 on Amazon Web Services. citrix.com

A simple, cost-effective way to transition your workloads to the cloud

Transcription:

Deployment Guide Policy Engine (PE) Deployment Guide A Technical Reference

Deployment Guide Notice: The information in this publication is subject to change without notice. THIS PUBLICATION IS PROVIDED AS IS WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT. CITRIX SYSTEMS, INC. ( CITRIX ), SHALL NOT BE LIABLE FOR TECHNICAL OR EDITORIAL ERRORS OR OMISSIONS CONTAINED HEREIN, NOR FOR DIRECT, INCIDENTAL, CONSEQUENTIAL OR ANY OTHER DAMAGES RESULTING FROM THE FURNISHING, PERFORMANCE, OR USE OF THIS PUBLICATION, EVEN IF CITRIX HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE. This publication contains information protected by copyright. Except for internal distribution, no part of this publication may be photocopied or reproduced in any form without prior written consent from Citrix. The exclusive warranty for Citrix products, if any, is stated in the product documentation accompanying such products. Citrix does not warrant products other than its own. Product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. Copyright 2008 Citrix Systems, Inc., 851 West Cypress Creek Road, Ft. Lauderdale, Florida 33309-2009 U.S.A. All rights reserved.

Table of Contents Introduction...4 Prerequisites...5 Policy Expressions (PE)...6 Components of Policy Expression...6 Qualifiers...6 Operators...7 Operands...7 Policy Limitations...8 Performance Considerations...8 Important Policy Behavior - Policy Engine (PE)...9 Sample Expressions using the CLI...10 Sample Expressions using the GUI...10 Compound Expressions...12 Sample Compound Expressions using the CLI...12 Sample Compound Expressions using the GUI...12

Introduction Citrix NetScaler optimizes the delivery of web applications increasing security and improving performance and Web server capacity. This approach ensures the best total cost of ownership (TCO), security, availability, and performance for Web applications. The Citrix NetScaler solution is a comprehensive network system that combines high-speed load balancing and content switching with state-of-the-art application acceleration, layer 4-7 traffic management, data compression, dynamic content caching, SSL acceleration, network optimization, and robust application security into a single, tightly integrated solution. Deployed in front of application servers, the system significantly reduces processing overhead on application and database servers, reducing hardware and bandwidth costs. Policies are used to configure various Application Switch features. For example, the parameters for compressing content are defined in a compression policy. The features that use policies are: Content Switching Content Filtering AppCompress Cache Redirection SSL VPN Priority Queuing DoS Protection Sure Connect Policy expressions are applied to content that enters the system. Expressions are shared among features, but actions are feature-specific. For example, you can create an expression to identify.pdf files being sent through the system. You can then create a compression policy that uses this expression to compress those files. The Policy Engine refers to the architecture in the Citrix NetScaler Application Switch for versions up to 8.x. The architecture for Policy Engine and the manner in which it operates is presented in this guide. 4

Prerequisites Citrix NetScaler Application Switch, running version 8.x, (Quantity x 1 for single deployment, Quantity x 2 for HA deployment). Client laptop/workstation running Internet Explorer 6.0+, Ethernet port 9-pin serial cable -or- USB-to-serial cable NOTE: The policies in this guide are based on the Policy Engine (PE) architecture in NetScaler version 8.0. The policies for NetScaler version 9.0+ use the Policy Infrastructure (PI) architecture which are different in syntax and methodology. Policy Infrastructure (PI) is not discussed in this guide. 5

Policy Expressions (PE) Components of Policy Expression The Policy Expressions (PE) language is a basic expressions language that is used to define policy conditions on the NetScaler Application Switch. Because it is the original expressions language on the NetScaler, the expressions written in it are often called classic expressions. A Policy consists of an expression and an action. Expressions are shared among features on the switch. Actions are feature-specific. For example you can create an expression to identify.pdf files being sent through the system. You can then create a compression policy that uses this expression to compress (take action) those files. Policy Expressions are like an If-Then-Else language. The Expression is the If, the Action is the Then. Expressions consist of the following components: Name: expression name Qualifier: The information to be tested. Operator: Operation to perform. Operand: Values to compare to Qualifiers. Expression Syntax: add expression <name> <qualifier> <operator> <operand> Example: add expression mpost REQ.HTTP.METHOD == POST Qualifiers Qualifiers are directional, or flow based. In other words they are relevant to requests coming from clients and responses being sent from backend servers. Most often they are based on components of HTTP flows. In the Policy Expression language you will see flow based expressions start with REQ for request based expressions and RES for response based expressions. The qualifier format is: [<flow.type>.<protocol>.]qualifier For example: REQ.HTTP.METHOD REQ.HTTP.URL REQ.HTTP.HEADER 6

Operators The Operator identifies the operation to perform on the operands. The following table defines the operators. Operator Description ==,!=, EQ, NEQ Test for exact matches. These are case sensitive. GT CONTAINS, NOTCONTAINS EXIST, NOTEXISTS CONTENTS Use for numerical comparisons on the length of the URLs and query strings. Determine if the specified string is contained in the qualifier. These are not case sensitive. Checks for the existence of particular qualifier. For example, to check is a specific HTTP header exists or if a URL query exists. Checks for the existence of the qualifier and it s contents. Operands An Operand defines the values for the corresponding qualifiers, or the values being compared to the corresponding qualifiers. Wildcard characters can sometimes be used in Operands. For example /*. gif. 7

Policy Limitations The Cache Redirection feature has a maximum of 128 expressions and Content Switching has a maximum of 512 expressions, which are hard-coded and cannot be changed. For the remaining features, there is a built-in maximum limit of 1024 expressions in the NetScaler Application Switch, but this can be changed by entering the following through the command line interface: nsapimgr -ys maxexpr=<new limit number Performance Considerations Some operators behave differently, so you might want to take note of the behavior and the potential impact to performance. The operator == is: Case Sensitive Accepts Wildcards * Is not CPU intensive The operator CONTAINS is: Not Case Sensitive Does Not Accept Wildcards * Is CPU Intensive 8

Requests SSL Decryption AAA App Fw Responder Caching TCP Buffering SSL Encryption TCP Compression Responses Important Policy Behavior - Policy Engine (PE) Policies get evaluated in the order that they are classified in, that is with their priority numbers. Policies operate on a first-match principle. In a policy classification, the action associated with the first policy that matches gets applied. Once a match is determined, the policy evaluation exits the evaluation logic tree and no more policies are evaluated. If there is no match, the GOTO expression is evaluated, which can be goto the END of the logic tree, or go to the NEXT priority number, or goto a specific priority number. Each Feature has it s own set of priority numbers for it s own set of policies. Policy priority numbers don t overlap between feature sets. Having a policy for rewrite with priority 20 doesn t interfere with a policy for caching with priority 20 or 10 or 30. Request flow policy priorities come before (lower numbers) Response flow policy priorities (higher numbers). Priority numbers increment in units of 10. Content Switching Caching Load Balancing HTTP Compression Content Filtering App Fw HTTP DoS Response Rewrite Sure Connect Content Filtering Priority Queueing SSL Decryption Request Rewrite SSL Encryption 9

Sample Expressions using the CLI add policy expression mget REQ.HTTP.METHOD == GET add policy expression uhtml REQ.HTTP.URL == /*.html add policy expression hhdr REQ.HTTP.HEADER Host CONTAINS myhost.com add policy expression srcip REQ.IP.SOURCEIP == 192.168.10.1 add policy expression dstip REQ.IP.DESTIP == 192.168.12.2 Sample Expressions using the GUI To add a expression in the NetScaler GUI, navigate to NetScaler System Expressions Add. Add each expression and click on Create. 10

11

Compound Expressions Compound expressions check for multiple conditions. Compound expression logic is formed with one or more expressions connected using the logical operators && and, and are grouped for order of evaluation using the symbols ( and ). Processing of compound expressions is done from left to right, and is done with lazy evaluation, i.e. once the final result is known, evaluation is terminated. Sample Compound Expressions using the CLI Sample using and && operators: add policy expression not_get REQ.HTTP.METHOD!= GET add policy expression not_post REQ.HTTP.METHOD!= POST add policy expression not_head REQ.HTTP.METHOD!= HEAD add policy expression not_normal_method not_get && not_post && not_head Sample using or operators: add policy expression no_hdr_host REQ.HTTP.HEADER Host NOTEXISTS add policy expression no_hdr_user_agent REQ.HTTP.HEADER User-Agent NOTEXISTS add policy expression not_normal_hdrs no_hdr_host no_hdr_user_agent add policy expression bad_request not_normal_method not_normal_hdrs Sample Compound Expressions using the GUI Sample using and && operators: 12

13

14 Sample using or operators:

15

Citrix Worldwide Worldwide headquarters Citrix Systems, Inc. 851 West Cypress Creek Road Fort Lauderdale, FL 33309 USA T +1 800 393 1888 T +1 954 267 3000 Regional headquarters Americas Citrix Silicon Valley 4988 Great America Parkway Santa Clara, CA 95054 USA T +1 408 790 8000 Europe Citrix Systems International GmbH Rheinweg 9 8200 Schaffhausen Switzerland T +41 52 635 7700 Asia Pacific Citrix Systems Hong Kong Ltd. Suite 3201, 32nd Floor One International Finance Centre 1 Harbour View Street Central Hong Kong T +852 2100 5000 Citrix Online division 5385 Hollister Avenue Santa Barbara, CA 93111 USA T +1 805 690 6400 www.citrix.com About Citrix Citrix Systems, Inc. (Nasdaq:CTXS) is the global leader and the most trusted name in application delivery infrastructure. More than 200,000 organizations worldwide rely on Citrix to deliver any application to users anywhere with the best performance, highest security and lowest cost. Citrix customers include 100% of the Fortune 100 companies and 98% of the Fortune Global 500, as well as hundreds of thousands of small businesses and prosumers. Citrix has approximately 6,200 channel and alliance partners in more than 100 countries. Annual revenue in 2006 was $1.1 billion. Citrix, NetScaler, GoToMyPC, GoToMeeting, GoToAssist, Citrix Presentation Server, Citrix Password Manager, Citrix Access Gateway, Citrix Access Essentials, Citrix Access Suite, Citrix SmoothRoaming and Citrix Subscription Advantage and are trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the U.S. Patent and Trademark Office and in other countries. UNIX is a registered trademark of The Open Group in the U.S. and other countries. Microsoft, Windows and Windows Server are registered trademarks of Microsoft Corporation in the U.S. and/or other countries. All other trademarks and registered trademarks are property of their respective owners. www.citrix.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback