Citrix NetScaler HA on Microsoft Azure Ultimate Guide
This is not a technical or at least not a step by step deployment post, the reason behind it is that I have seen a lot of buzz around Microsoft recent Official support for Multi NIC and Multi IP per VM running on Azure ARM “ Azure Resource Manager “ which removes a lot of the Single IP mode limitations for Citrix NetScaler running on Azure but few maybe none have pointed out what limitation still exists for this kind of deployment in highly available production environments.
If you want to understand how Citrix NetScaler used to work before Multi NIC/IP official support in Single IP mode and afterwards in Multi IP/NIC mode, have a quick look at the following posts:
Configuring Multiple VIPs for Citrix NetScaler VPX on Microsoft Azure ARM Cloud Guide
Configuring Active-Active Citrix NetScaler Load Balancing on Microsoft Azure Resource Manager
Configuring Multiple IP Addresses for Citrix NetScaler VPX on Microsoft Azure Resource Manager
Citrix NetScaler VM Bandwidth Sizing on Microsoft Azure
Citrix NetScaler with Multi IP/NIC configuration running on Microsoft Azure ARM does not operate in terms of HA in the same fashion that an on-premise NetScaler acts although both now can have a NSIP, SNIP, and VIPs each with a different IP aka “ NO Single IP mode “. In an on-premise deployment Netscaler SNIP and VIPs are floating on your network and NetScaler instances thus when one NS goes offline/down the other NS instance takes over the same SNIP and VIPs previously owned by the failing NS instance. This is expected behavior and most optimal I would say so no change is required what so ever when failing over or back between two NetScalers in an High availability deployment.
Citrix NetScaler with Multi IP/NIC configuration running on Microsoft Azure ARM has Private/Public IPs statically allocated to that NetScaler VM instance inside Azure. Those IP addresses are not floating on Azure network but are statically allocated manually and linked to that VM specifically. If we try to configure 2 NetScaler instances in an HA configuration in the same manner we do with on-premise, whenever an instance tries to failover after downtime/failure the second NS instance cannot pickup the SNIP & VIPs because that would require manual intervention to set those IPs statically on that other NS VM, it would not work out of the box because of how Azure networking works thus out of the box NetScaler Multi NIC/IP High Availability configuration is not possible on Microsoft Azure.
Why do I need HA on the Cloud !? Its a valid question … The cloud is merely big scattered Datacenters that are managed by providers constituting of Servers, Networking, & Storage which have to be maintained every while. Microsoft Azure VMs not in an availability set and HA configuration meaning a single VM running any service like for a single NetScaler with Multi IP/NIC might be prone to downtime on the cloud. Azure might need to maintain the rack or DC that VM is hosted on so they normally send a request 7 days in advance that this VM will incur downtime at this specific time ( time out of your control ), normally the downtime is about 15 minutes but that is not a sure thing. This downtown timing and duration might just be in the peek of your working hours so without an HA configuration in place , there is no way to maintain your NetScaler services as the VM will be shutdown at that time.
Because IPs cannot be shared on NetScaler instances running on Azure automatically just like an active/passive HA configuration does on-premise, Citrix has a way around that in a multi IP/NIC NetScaler situation ( Single IP mode can work with active/passive HA but also has considerations which are listed in previous shared articles ). The way around that is fronting every published NetScaler service with an Azure load balancer and running both NetScaler instances in an active – active scenario which basically means configure both NetScalers with the same configuration ( obviously different IP addresses ) and for every published service just front it with an Azure load balancer to distribute the requests between both NetScaler instances.
In single IP mode that was the case and still is 
though in single IP mode you lose access to certain well known ports but lets think about it for a second, I am fronting all my services with an ALB which can do PAT/NAT so I don’t actually need those ports because that ALB can be presented with that port and published accordingly while communicating with any non-known port on NS hosting that service. Yet in Single IP mode you can have an active/passive HA configuration which which to some customers is a safer option.
For an HA configuration if GSLB is not required I would definitely go with single IP mode if active/passive is what I am comfortable with ( not needing to replicate every change on the second NetScaler to say the least … ). That is the untold truth but hold on …
What if we created a script that would !? :
-
Create a New NetScaler on Azure
-
Take a backup of the existing NetScaler Configuration
-
De-allocate the existing NetScaler Static/Public IPs
-
Allocate the IPs to the new NetScaler
-
Restore configuration on the new NetScaler
-
Verify and test services functionality
-
De-allocate and allocate the IPs back to the original NetScaler when unplanned downtime is completed by Azure
This way we can benefit from all NS features including Multi IP/NIC without utilizing Azure Load balancer or creating an active active NetScaler configuration paying for a second NetScaler instance and having to configure each twice … It is possible and it is a work in progress maybe after Synergy 2017 hopefully if time permits .
Update: While scripting my way through this which proved to be a challenge by itself, Microsoft released a very similar solution, check it out here:
NetScaler HA on Microsoft Azure “Planned Maintenance”
Citrix NetScaler HA on Microsoft Azure Ultimate Guide
I hope it has been informative and would love to meet in Citrix Synergy 2017 to discuss NetScaler on Azure Further.
Salam .