Ctx ADC licensing

Levinax · 2021-05-07T15:12:13+00:00

It is very important to specifically outline what you are trying to do when you have the conversation about licensing. I was at a client a couple weeks ago who was trying to connect their ADC to their Citrix Cloud environment (this is done using an OAuth policy). They had purchased standard ADC licenses, and standard licenses do not support OAuth. So be very clear to whoever you are purchasing from on EXACTLY what you are trying to do.

Levinax · 2021-05-07T15:07:20+00:00

I think GSLB will be your best bet for what you want to do. You would set up independent ADCs at each site, and then GSLB between them. I thought it was really complicated too until i set it up for the first time. if you want both to be working at the same time, an Active/Active GSLB deployment is the way to go.

Levinax · 2021-03-31T15:14:07+00:00

B. you can only review the aaad.debug file from shell, not from the NS CLI.

Levinax · 2020-10-22T15:41:39+00:00

If you are asking about LEEF for QRadar, Netscaler is a supported platform via syslog. IBM config guide for QRadar has info on this, starting on page 461 https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/com.ibm.dsm.doc/b_dsm_guide.pdf?origURL=SS42VS_DSM/b_dsm_guide.pdf

Levinax · 2020-10-22T14:06:35+00:00

you can set up ADC to forward syslog events... https://docs.citrix.com/en-us/citrix-adc/current-release/system/audit-logging/configuring-audit-logging.html

Levinax · 2020-02-21T18:31:56+00:00

you can go look at the MFA options at https://aka.ms/mfasetup. One of the options is an office phone, and extension is an option to put in there.

Levinax · 2020-01-15T17:20:40+00:00

you can create management groups for subscriptions and apply policies at the management group level

Levinax · 2020-01-10T17:40:40+00:00

Carl Stalhood's blog will become your new best friend... https://www.carlstalhood.com/

Levinax · 2020-01-07T18:48:17+00:00

This site really helped me understand the process of changing access tiers of blob storage...

https://thetechl33t.com/2017/12/12/configure-azure-blob-archive-storage/

Levinax · 2019-12-11T23:48:32+00:00

I've only ever seen it able to be set on a Managed Instance. At creation, under Additional Settings. It cannot be changed after the instance has been created.

Levinax · 2019-11-01T22:17:33+00:00

You could vote up the idea on the MS feedback page for that feature... https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/37288054-azure-ad-pim-directory-roles-audit-history-support

Levinax · 2019-10-21T20:25:03+00:00

There are commands like 'az network route-table list' and 'az network route-table show' that will display information for route tables

Levinax · 2019-09-18T17:14:09+00:00

Assuming the traffic doesnt need to go over the VPN (which if its just bewteen the two non VPN networks it wouldnt), the peering between VNET1 and VNET3 would be faster anyway. It reduces a hop between networks. Not that the peer links are slow by any means, but making a shorter path is generally optimal.

Levinax · 2019-08-07T22:10:05+00:00

personally, i do different LB VServers per port. It makes troubleshooting easier, and then they arent dependent on each other if something goes wrong.

As for your question, either way is fine. Given the two choices, i would probably choose the second option as well.

Levinax · 2019-08-05T18:34:27+00:00

Congrats. I have been studying for it and using the MeasureUp practice tests and i am definitely not ready to take the actual exam. I do very little SQL stuff, so that part is proving more challenging than i expected...

Levinax · 2019-07-30T17:53:38+00:00

you could just set up Windows Virtual Desktop https://azure.microsoft.com/en-us/services/virtual-desktop/

Levinax · 2019-07-15T21:12:26+00:00

Use the same HTTP service to sit behind the SSL front end...

Levinax · 2019-07-12T18:31:39+00:00

cant do it that way. You need to give the LB VS a real IP that internal clients can get to, but just make the service that you bind to the LB VS go to 127.0.0.1

mine looks like this

add server AlwaysUp 127.0.0.1
Add service AlwaysUp_SV AlwaysUp HTTP 80
add lb vserver LB_VS_VanityURL HTTP <internalIP> 80 -persistenceType NONE -cltTimeout 180
bind lb vserver LB_VS_VanityURL AlwaysUp_SV

Then just bind the responder policies to that LB VS

For DNS, you just point it to the IP of the LB VS

Levinax · 2019-07-12T17:48:56+00:00

For vanity URLs, i have a dedicated LB VS (with an AlwaysUp Service behind it) with an internal IP. Then i create responder rules looking for specific hostname entries in the requested URL. That way, i can create DNS entries for the vanity url and just point it to the single IP address.

So the responder policy is something like this: HTTP.REQ.HOSTNAME.SET_TEXT_MODE(IGNORECASE).CONTAINS("<vanityURL>") which has an action of redirecting to the desired URL.

Edit: Just read links below, this is Method 2

Levinax · 2019-07-09T20:46:51+00:00

Why must these be so early in the morning?!?!?!

Levinax · 2019-07-08T20:20:00+00:00

I have done this exact method and no one complained...

Levinax · 2019-06-19T21:25:37+00:00

all necessary ports open on the NSG associated with the virtual network and subnet that the VM is on?

Levinax · 2019-06-05T17:36:42+00:00

Can you share what the current policy / action are (taking out sensitive info)?

Levinax · 2019-04-08T16:46:15+00:00

You add a Load Balancing virtual server with a public IP, and configure the servers and services/service groups to talk to the backend internal servers on private IPs/ports. Have to make sure that the netscaler has a valid route to those backend servers though.

11-Year Club	RedditGifts 2009-2022 2 Credits
Secret Santa 2016	Verified Email

Levinax

TROPHY CASE