The Netscaler XenMobile configuration wizard is only useful when it comes to SSL offloading of the MAM traffic, and I really hope Citrix add the ability of MDM SSL offloading using the same wizard in future releases 🙂
Here follows how you SSL offload XenMobile MAM traffic:
1. First of all The load balancing FQDN for MAM must match with the XenMobile Server hostname defined during the initial configuration of XenMobile 10. You can easily see the hostname by accessing the console (It is the FQDN you see before the login field).
If the FQDN does not match, users would not be able to access the WorxStore. So make sure the FQDN defined in the VPN session profile matches the XMS appliance FQDN…
2. When XenMobile Server 10 is deployed in a multi-node cluster state, NetScaler needs to maintain the MAM-traffic session by checking the server ID value of each node. Each XenMobile Server node has a unique server ID.
Let’s go ahead and extract this Node ID by logon to the XMS console, select “Show Cluster Status” and you’ll get something like this:
(Attention: The cluster feature needs to be enabled to see the node ID)
3. Logon to the Netscaler and navigate to Traffic Management – Load Balancing – Service Groups
- Add a Load Balancing Service Group and Provide a name
- Use Protocol: SSL and Hit OK
- Under Service Group Members, add the IP of the XMS appliance, specify port 8443 and enter the Server ID (node ID) from step 2
- Navigate to Traffic Management – Load Balancing – Virtual Servers and add a Load Balancing Virtual Server
- Provide a name, SSL as protocol and an internal IP and port 8443 and hit OK
- Open the VIP you just created and bind the Load balancing virtual server group we already created
- Bind the server certificate
- Add persistence as CUSTOMSERVERID and provide the following expression HTTP.REQ.COOKIE.VALUE(“ACNODEID”) and hit OK
That’s it 🙂