Score A+ on SSLlabs.com the easy way

Change the following variables below to that of your NetScaler deployment

• %vServer% to the VIP name of your access gateway
• “VPX_Group %OR% MPX_Group” – Choose the cipher group to bind, either VPX or MPX

Copy and paste the script via a putty onto your NetScaler CLI

—————Start – Do Not Copy This Line—————
set ssl vserver %vServer% -ssl3 disabled -tls11 enabled -tls12 enabled

 

create ssl dhparam DH-Key 2048 -gen 2

set ssl vserver %vServer% -dh ENABLED -dhFile “/nsconfig/ssl/DH-Key” -dhCount 1000 -eRSA DISABLED

 

add ssl cipher “MPX_Group”

add ssl cipher “VPX_Group”

bind ssl cipher “MPX_Group” -cipherName TLS1-DHE-DSS-AES-256-CBC-SHA

bind ssl cipher “MPX_Group” -cipherName TLS1-DHE-DSS-AES-128-CBC-SHA

bind ssl cipher “MPX_Group” -cipherName TLS1-DHE-RSA-AES-256-CBC-SHA

bind ssl cipher “MPX_Group” -cipherName TLS1-DHE-RSA-AES-128-CBC-SHA

bind ssl cipher “MPX_Group” -cipherName TLS1-ECDHE-RSA-DES-CBC3-SHA

bind ssl cipher “MPX_Group” -cipherName TLS1-ECDHE-RSA-AES128-SHA

bind ssl cipher “MPX_Group” -cipherName TLS1-ECDHE-RSA-AES256-SHA

bind ssl cipher “MPX_Group” -cipherName TLS1.2-AES128-GCM-SHA256

bind ssl cipher “MPX_Group” -cipherName TLS1.2-AES256-GCM-SHA384

bind ssl cipher “MPX_Group” -cipherName TLS1.2-DHE-RSA-AES128-GCM-SHA256

bind ssl cipher “MPX_Group” -cipherName TLS1.2-DHE-RSA-AES256-GCM-SHA384

bind ssl cipher “MPX_Group” -cipherName TLS1.2-ECDHE-RSA-AES128-GCM-SHA256

bind ssl cipher “MPX_Group” -cipherName TLS1.2-ECDHE-RSA-AES256-GCM-SHA384

bind ssl cipher “MPX_Group” -cipherName TLS1.2-ECDHE-RSA-AES-128-SHA256

bind ssl cipher “MPX_Group” -cipherName TLS1.2-ECDHE-RSA-AES-256-SHA384

bind ssl cipher “MPX_Group” -cipherName TLS1.2-AES-256-SHA256

bind ssl cipher “MPX_Group” -cipherName TLS1.2-AES-128-SHA256

bind ssl cipher “MPX_Group” -cipherName TLS1.2-DHE-RSA-AES-128-SHA256

bind ssl cipher “MPX_Group” -cipherName TLS1.2-DHE-RSA-AES-256-SHA256

bind ssl cipher “MPX_Group” -cipherName TLS1-AES-256-CBC-SHA

bind ssl cipher “MPX_Group” -cipherName TLS1-AES-128-CBC-SHA

bind ssl cipher “MPX_Group” -cipherName SSL3-DES-CBC3-SHA

bind ssl cipher “VPX _Group” -cipherName TLS1.2-ECDHE-RSA-AES-128-SHA256

bind ssl cipher “VPX_Group” -cipherName TLS1-ECDHE-RSA-AES256-SHA

bind ssl cipher “VPX_Group” -cipherName TLS1-ECDHE-RSA-AES128-SHA

bind ssl cipher “VPX_Group” -cipherName TLS1-DHE-RSA-AES-256-CBC-SHA

bind ssl cipher “VPX_Group” -cipherName TLS1-DHE-RSA-AES-128-CBC-SHA

bind ssl cipher “VPX_Group” -cipherName TLS1-AES-128-CBC-SHA

bind ssl cipher “VPX_Group” -cipherName SSL3-DES-CBC3-SHA

 

unbind ssl vserver %vServer% -cipherName ALL

bind ssl vserver %vServer% -cipherName “VPX_Group %OR% MPX_Group”

bind ssl vs %vServer% -eccCurveName ALL

 

add rewrite action act_sts_header insert_http_header Strict-Transport-Security q/””max-age=157680000″”/

add rewrite policy pol_sts_force true act_sts_header

bind vpn vserver %vServer% -policy pol_sts_force -priority 100 -gotoPriorityExpression END -type RESPONSE

—————End – Do Not Copy This Line—————

Once the script has completed, Check you server status: Qualys SSL labs

 

 

Deploy a Hyper-V Cluster

Windows 2012 R2 with Hyper-V and failover clusters limitations:

• The failover cluster can have a maximum of 64 nodes.
• You can have a maximum of 8,000 virtual machines per cluster for server computer virtualization, with a maximum of 1,024 virtual machines on a single node, provided that the server hardware has the resources to support them. For example, when Hyper-V is used together with Virtual Desktop Infrastructure (VDI) for client computer virtualization, you can have a maximum of 8,000 VDI (Windows 8.1, Windows 8 or Windows 7) virtual machines per cluster, with a maximum of 1,024 on a single node.

 

Step 1: Connect both physical computers to the networks and storage

Use the following instructions to connect your selected servers to networks and storage.

To connect the servers to the networks and storage

1. For details about the kinds of network adapters and device controllers that you can use with a failover cluster, review Prerequisites, earlier in this topic.

2. Connect and configure the networks that the servers in the cluster will use.

   Note
   If you want to include clients or a non-clustered domain controller as part of your test configuration, make sure that these computers can connect to the failover cluster servers through at least one network.

3. Follow the manufacturer’s instructions for physically connecting the servers to the storage.

4. Ensure that the disks (LUNs) that you want to use in the cluster are exposed to the servers that you will cluster (and only those servers). You can use either of the following interfaces to expose disks or LUNs:

   • The interface provided by the manufacturer of the storage.
   • An appropriate iSCSI interface.

5. If you have purchased software that controls the format or function of the disk, follow the instructions from the vendor about how to use that software with Windows Server 2012 R2 or Windows Server 2012.

6. On one of the servers that you want to cluster, in Server Manager or in Disk Management, confirm that the cluster disks are visible.

7. If you want to have a storage volume larger than 2 terabytes, and you are using the Windows interface to control the format of the disk, convert that disk to the partition style called GUID partition table (GPT). To do this, back up any data on the disk, and delete all volumes on the disk. Then, in Disk Management, right-click the disk (not a partition), and click Convert to GPT Disk.

   For volumes smaller than 2 terabytes, instead of using GPT, you can use the partition style called master boot record (MBR).

   Important
   You can use either the MBR or the GPT partition style for a disk that is used by a failover cluster, but you cannot use a disk that you have converted to dynamic by using Disk Management.

8. Check the format of any exposed volume or LUN. We recommend NTFS for the format (for the quorum witness disk, you can use NTFS or ReFS).

 

Step 2: Install Hyper-V and Failover Clustering on both physical computers

To install the Hyper-V role and the Failover Clustering feature on each physical computer, see the following procedures:

• Add the Hyper-V role in “Install the Hyper-V Role and Configure a Virtual Machine.”
• Installing the Failover Cluster Feature and Tools in Windows Server 2012

 

Step 3: Create a virtual switch

Perform this step on both physical computers if you did not create the virtual switch when you installed the Hyper-V role. This virtual switch provides the highly available virtual machine with access to the physical network.

To create a virtual switch

1. Open Hyper-V Manager.

2. From the Actions menu, click Virtual Switch Manager.

3. Under Create virtual switch, select External.

4. Click Create Virtual Switch. The New Virtual Switch page appears.

5. Type a name for the new switch. Make sure you use exactly the same name on both servers running Hyper-V.

6. Under Connection Type, click External network, and then select the physical network adapter.

7. Click OK to save the virtual network and close Virtual Switch Manager.

Windows PowerShell equivalent commands

The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints.

The following example creates the external switch VMExternalSwitch, which binds to the network adapter Wired Ethernet Connection 3 and allows the management operating system to share the network adapter.

New-VMSwitch "VMExternalSwitch" –NetAdapterName "Wired Ethernet Connection 3" –AllowManagementOS

 

Step 4: Validate the cluster configuration

Before you create the cluster, we strongly recommend that you run a full validation test of your cluster configuration by running the Validate a Configure Wizard in Failover Cluster Manager, or the Windows PowerShell Test-Cluster cmdlet. Specific validation tests are included for the configuration of the Hyper-V role in the failover cluster.

For detailed considerations and steps to validate the cluster, see Validate Hardware for a Failover Cluster.

 

Step 5: Create the cluster

To create a failover cluster by using Failover Cluster Manager or the Windows PowerShell New-Cluster cmdlet, see Creating a Windows Server 2012 Failover Cluster.

 

Step 6: Add a disk as CSV to store virtual machine data

To implement certain scenarios for clustered virtual machines, the virtual machine storage and virtual hard disk file should be configured as Cluster Shared Volumes (CSV). To configure a disk in clustered storage as a CSV volume, you can use Failover Cluster Manager or the Windows PowerShell Add-ClusterSharedVolume cmdlet. For detailed planning considerations and steps to create CSV, see Use Cluster Shared Volumes in a Windows Server 2012 Failover Cluster.

CSV can enhance the availability and manageability of virtual machines by enabling multiple nodes to concurrently access a single shared storage volume. For example, on a failover cluster that uses CSV, multiple clustered virtual machines that are distributed across multiple cluster nodes can all access their virtual hard disk files at the same time, even if the files are on a single disk (LUN) in the storage. This means that the clustered virtual machines can fail over independently of one another, even if they use only a single LUN. CSV also support live migration of a Hyper-V virtual machine between nodes in a failover cluster.

 

Step 7: Create a highly available virtual machine

In this step, you create a virtual machine and configure it for high availability.

Note
You can run the Hyper-V New Virtual Machine Wizard directly from Failover Cluster Manager. After the virtual machine is created in this way, it is automatically configured for high availability.

Considerations for creating a virtual machine that will be highly available

• Starting in Windows Server 2012, we do not support the configuration where there is more than one virtual machine in a virtual machine clustered role. An example of this is a scenario where multiple virtual machines have files on a common physical disk that is not part of CSV. A single virtual machine per clustered role improves the management experience and the functionality of virtual machines in a clustered environment, such as virtual machine mobility.
• Choose the shared storage as the location to store the virtual machine and the virtual hard disk. Otherwise, you will not be able to make the virtual machine highly available. To make the shared storage available to the virtual machine, you must create the virtual machine on the physical computer that is the node which owns the storage.
• If you created a CSV volume in Step 6: Add a disk as CSV to store virtual machine data, in the settings for the virtual hard disk, specify the CSV volume as the location of both the virtual machine and the virtual hard disk.
• Ensure that you select a virtual hard disk option that is appropriate for the method you are using to install the guest operating system on the virtual machine (for example, from physical media or from an .iso file).

To create a highly available virtual machine

1. In Failover Cluster Manager, select or specify the cluster that you want. Ensure that the console tree under the cluster is expanded.

2. Click Roles.

3. In the Actions pane, click Virtual Machines, and then click New Virtual Machine. The New Virtual Machine Wizard appears. Click Next.

4. On the Specify Name and Location page, specify a name for the virtual machine, such as FailoverTest. Click Store the virtual machine in a different location, and then type the full path or click Browse and navigate to the shared storage.

5. On the Assign Memory page, specify the amount of memory required for the operating system that will run on this virtual machine. For example, specify 1024 MB to run Windows Server 2012 R2.

6. On the Configure Networking page, connect the network adapter to the virtual switch that is associated with the physical network adapter. You should specify the virtual switch that you configured in Step 3: Create a virtual switch.

7. On the Connect Virtual Hard Disk page, click Create a virtual hard disk. If you want to change the name, type a new a name for the virtual hard disk. Click Next.

8. On the Installation Options page, click Install an operating system from a boot CD/DVD-ROM. Under Media, specify the location of the media, and then click Finish.

   The virtual machine is created. The High Availability Wizard in Failover Cluster Manager then automatically configures the virtual machine for high availability.

Windows PowerShell equivalent commands

The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints.

The following example creates the virtual machine FailoverTest, specifying that it will be installed from a .iso file, and configures it for high availability.

New-VHD -Path <PathToVHDXFile> -Dynamic -SizeBytes 127GB
New-VM -Name FailoverTest -Path <PathToVMFolder> -Memory 1GB –SwitchName "VMExternalSwitch" –BootDevice CD -VHDPath <PathToVHDXFile>
Add-VMDvdDrive -VMName FailoverTest –Path <PathtoISOFile>
Set-VM –Name FailoverTest –AutomaticStartAction Nothing
Add-ClusterVirtualMachineRole -VirtualMachine FailoverTest

 

Step 8: Install the guest operating system on the virtual machine

You then start the clustered virtual machine that you configured in Step 7: Create a highly available virtual machine. This installs the guest operating system (which, in this topic, is assumed to be Windows Server 2012 R2). To do this, see Step 3: Install the guest operating system in “Install the Hyper-V Role and Configure a Virtual Machine.”

Note
If you are installing an operating system other than Windows Server 2012 R2 on a Windows Server 2012 R2 Hyper-V host, or an operating system other than Windows Server 2012 on a Windows Server 2012 Hyper-V host, you might also need to install Hyper-V integration services for the operating system.

 

Step 9: Test a planned failover

To test a planned failover, you can move the clustered virtual machine that you created in Step 7: Create a highly available virtual machine to another node.

You have the following options to move a clustered virtual machine:

• Live migration   Move ownership of the clustered virtual machine to another node without pausing the role.
• Quick migration   Pause the virtual machine, save state, move the role to another node, and start the virtual machine on the other node.
• Storage migration   Move only the virtual machine data to other clustered storage.

For example, to test a planned failover by performing a live migration, you can use Failover Cluster Manager or the Windows PowerShell Move-ClusterVirtualMachineRole cmdlet.

To test a planned failover

1. In Failover Cluster Manager, select or specify the cluster that you want. Ensure that the console tree under the cluster is expanded.

2. To select the destination node for live migration of the clustered virtual machine, right-click FailoverTest (the clustered virtual machine that you configured in Step 7: Create a highly available virtual machine), point to Move, point to Live Migration, and then clickSelect Node.

   As the FailoverTest virtual machine is moved, the status is displayed in the results pane (center pane). Optionally, you can repeat this step to move the virtual machine to an additional node or back to the original node.

3. Verify that the move succeeded by inspecting the details of each node.

Windows PowerShell equivalent commands

The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints.

The following example live migrates the virtual machine FailoverTest to the node ContosoFCNode2.

Move-ClusterVirtualMachineRole -Name "FailoverTest" –Node ContosoFCNode2

 

Step 10: Test an unplanned failover

To test an unplanned failover of the clustered virtual machine, you can stop the Cluster service on the node that owns the clustered virtual machine.

To test an unplanned failover

1. In Failover Cluster Manager, select or specify the cluster that you want. Ensure that the console tree under the cluster is expanded.

2. To minimize disruption to clients, before stopping the Cluster service on a node, move the clustered roles that are currently owned by that node (other than FailoverTest) to another node by doing the following:

   1. Expand the console tree under the cluster that you want to manage, and then expand Nodes.
   2. Select the node that owns the clustered virtual machine FailoverTest (the clustered virtual machine that you configured in Step 7: Create a highly available virtual machine).
   3. Select all of the clustered roles on the node, except FailoverTest.
   4. To select the destination node for the selected clustered roles, right-click the roles, point to Move, and then click Select Node

   It might take several minutes to move the clustered roles to the destination node.

3. Expand the console tree under Nodes.

4. Right-click the node that owns FailoverTest, point to More Actions, and then click Stop Cluster Service.

   The virtual machine moves to the other node. There might be a short delay while this happens.

Windows PowerShell equivalent commands

The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints.

The following example stops the Cluster service on ContosoFCNode2, the node that owns the clustered virtual machine FailoverTest.

Stop-ClusterNode –Name ContosoFCNode2

 

Step 11: Modify the settings of a virtual machine

To modify the configuration of a virtual machine, you can use the Failover Clustering tools or the Hyper-V tools to access the settings. We recommend that you use the Failover Clustering tools to access the virtual machine settings. When you do this, the cluster is updated automatically after you apply the new settings, and you are able to modify all of the virtual machine settings. However, if you make changes to the virtual machine settings by using the Hyper-V tools directly, you must update the cluster manually after you make the changes, and you will be prevented from modifying certain virtual machine settings or performing actions that could conflict with settings for the failover cluster. In addition, if the configuration is not refreshed after changes are made, a subsequent failover may not succeed, or it may succeed but the virtual machine will then be configured incorrectly.

Note
To modify certain virtual machine settings, you may be prompted to first shut down the virtual machine.

To modify the settings of a virtual machine

1. In Failover Cluster Manager, select or specify the cluster that you want. Ensure that the console tree under the cluster is expanded.

2. If you need to shut down the virtual machine before modifying the settings, expand Roles, right-click FailoverTest(the clustered virtual machine that you configured in Step 7: Create a highly available virtual machine), and then click Shut Down.

3. Right-click FailoverTest, and then click Settings. The Settings page for the virtual machine appears.

4. Configure the settings for the virtual machine, and then click OK.

   The virtual machine configuration is updated in the failover cluster.

5. If you previously shut down the clustered virtual machine, right-click FailoverTest, point to More Actions, and then click Start Role.

Use the following procedure to manually refresh the virtual machine configuration in the failover cluster

To manually refresh the virtual machine configuration in the failover cluster

1. In Failover Cluster Manager, select or specify the cluster that you want. Ensure that the console tree under the cluster is expanded.

2. Right-click FailoverTest (the clustered virtual machine that you configured in Step 7: Create a highly available virtual machine), point to More Actions, and then click Refresh Virtual Machine Configuration.

Windows PowerShell equivalent commands

The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints.

The following example refreshes the configuration of the clustered virtual machine FailoverTest.

Update-ClusterVirtualMachineConfiguration –Name "FailoverTest"

 

Step 12: Remove a virtual machine from a cluster

When you want to remove a virtual machine from a cluster, the procedure you need to use varies depending on whether you want to keep the virtual machine and its files. This step illustrates both scenarios.

Scenario A: To remove a virtual machine from a cluster and retain the virtual machine

1. Use Failover Cluster Manager to take the virtual machine offline. Under Roles, right-click FailoverTest (the clustered virtual machine that you configured in Step 7: Create a highly available virtual machine), point to More Actions, and then click Stop Role.

2. Optionally, export the virtual machine. Exporting a virtual machine allows you to move the virtual machine to another server running Hyper-V, such as a non-clustered server. To do this:

   1. Switch to Hyper-V Manager and verify that the FailoverTest virtual machine is selected.
   2. Under Actions, click Export.
   3. Type or browse to specify a location in which to export the virtual machine, and then click Export.

   Important
   If you plan to import the virtual machine to another cluster, use either Hyper-V Manager or Microsoft System Center Virtual Machine Manager. If you import a virtual machine using Hyper-V Manager, afterwards, configure the virtual machine by using the High Availability Wizard in Failover Cluster Manager, or the Windows PowerShell Add-ClusterVirtualMachineRole cmdlet.

3. In Hyper-V Manager, verify that the FailoverTest virtual machine is selected. Under Actions, click Delete.

4. In Failover Cluster Manager. expand Roles, right-click FailoverTest, and then click Remove.

   The virtual machine is removed from the cluster.

Scenario B: To remove a virtual machine from a cluster and delete the virtual machine

1. Use Failover Cluster Manager to take the virtual machine offline. Under Roles, right-click FailoverTest (the clustered virtual machine that you configured in Step 7: Create a highly available virtual machine), point to More Actions, and then click Stop Role.

2. Switch to Hyper-V Manager and select the FailoverTest virtual machine. Under Actions, click Delete.

3. In Failover Cluster Manager, expand Roles, right-click FailoverTest, and then click Remove.

   The virtual machine is removed from the cluster.

4. Manually delete the virtual machine and the virtual hard disk from the shared storage.

Provisioning Service 7.7 Setup

In the last week of 2015 Citrix released Provisioning Services 7.7. One of the best new features is that it is now official supporting Windows 10 (Enterprise and Professional Edition) as target device. Another cool new feature is that you can do an in-place upgrade (from version 7.6.1 or higher) and thus reverse-imaging belongs to […]

Source: Installing and Configuring Citrix Provisioning Service 7.7 and creating a vDisk – RobinHobo.com

Windows Server 2012 Virtual Use Licensing

Server 2012 Standard includes two virtual use licenses, while Datacenter includes unlimited and the free Hyper-V Server doesn’t include any

Virtual use licenses are only allowed so long as the host server is not running any other role other than Hyper-V

You can convert from standard to datacenter by entering the following command at the command prompt:

dism /online /set-edition:ServerDatacenter /productkey:48HP8-DN98B-MYWDG-T2DCC-8W83P /AcceptEULA

The key above is a generic MS activation key so after the upgrade is completed enter your MAK or KMS key to activate the server

Turn On/Off Windows Server 2012 GUI with PowerShell

Turn GUI Off with PowerShell

Get-WindowsFeature *gui* | Uninstall-WindowsFeature –Restart
Once rebooted, you will only have the command line and no GUI

Turn GUI On with PowerShell

Get-WindowsFeature Server-Gui-Mgmt-Infra, Server-Gui-Shell | Install-WindowsFeature –restart
Once rebooted, you will have the GUI

Slow or lagging Wireless mouse on Raspberry Pi

sudo nano /boot/cmdline.txt

add the following to the end of the line (with a space)
usbhid.mousepoll=0

ctrl + o to save
ctrl + x to exit
sudo reboot

 

Using a generic HDMI TO VGA Cable Adapter

edited /boot/config.txt initially to uncomment the hdmi_safe=1 line
booted the pi – (low-res vga mode)
in terminal
sudo nano /boot/config.txt

commented out the hdmi_safe line
uncommented/edited to give the following settings:

disable_overscan=1

hdmi_force_hotplug=1

hdmi_drive=2
hdmi_group=2
hdmi_mode=4
hdmi_force_hotplug=1

ctrl + o to save
ctrl + x to exit
sudo reboot

For the correct hdmi_group and hdmi_mode see here: https://www.raspberrypi.org/forums/viewtopic.php?t=5851

I have an old screen attached to my Pi so can only handy 720p 😦

Citrix Scout

Source: Citrix Scout – Citrix Scout

Sealing a XenApp 7.6 PVS vDisk

1. Run chkdsk C: and reboot
2. Clean-up event logs if they are not redirected to the cache disk :
   • Via PowerShell -> Get-EventLog -List |%{$_.clear()}
   • wevtutil cl system
3. if vSphere is used, delete « ghost » NICs :
   • open elevated prompt
   • type : ” SET DEVMGR_SHOW_NONPRESENT_DEVICES=1 “ and validate
   • type : ” Start devmgmt.msc ” and validate
   • click on View and ” Show Hidden Devices “
   • delete « ghost » NICs
4. run slmgr.vbs /dlv to ensure a proper KMS server and license configuration
5. If MS Distributed Transaction Service is installed, run msdtc.exe -reset
6. if MS Message Queuing is installed, clear its cache :
   • NET STOP MQAC
   • NET STOP MSMQ
7. Run Disk Cleanup on C: drive as elevated administrator
8. Delete local profiles that are not required
9. Stop Citrix Profile Manager service
10. If Citrix Profile Manager is configured via GPO, check that its INI in C:Program FilesCitrixUser Profile Manager has been renamed
11. Delete Citrix Profile Manager logs from c:WindowsSystem32LogFilesUser Profile Manager if not redirected to the cache disk
12. if using App-V or similar technology, check for updated App-V content to update the precache within the vDisk image
13. Perform required “de-personalization” for your antivirus (refer to their KB, as the process will differ based on the vendor)
14. Perform required “de-personalization” for your monitoring agent (SCOM, Tivoli..)
15. Perform required “de-personalization” for your other agents (AppSense, RES, SCCM..)
16. Perform a full antivirus scan on the virtual machine
17. Stop Client DHCP service
18. Run elevated : “regedit /s DHCP_clear.reg” (see Dave’s post)
19. Perform a Defrag on the virtual machine
20. PvD only: run inventory (with machine shutdown option ticked)
21. Shutdown the machine if PvD is not used
22. Perform a defrag of the VHD by mounting it in a WS2012R2 server

 

How to back up and restore NetScaler

CTX200418

How to Back Up and Restore NetScaler Appliance

Objective

This article explains how to back up and restore NetScaler appliance.

Background

You can back up the current state of a NetScaler appliance, and later use the backed up files to restore the appliance to the same state. You must use this feature before performing an upgrade or for precautionary reasons. A backup of a stable system enables you to restore the system to a stable point in the event that it becomes unstable.

Points to remember

• You cannot use the backup file taken from one appliance to restore a different appliance.
• You can back up and restore appliances in an HA setup, but ensure that you restore to the same appliance from which the backup file was created. For example, if the backup was taken from the primary appliance of the HA pair, when restoring ensure that the appliance you are restoring is the same appliance, even if it is no longer the primary appliance.
• You cannot perform the back up and restore operation on a NetScaler cluster.

---

Instructions

Backing Up a NetScaler Appliance

Depending on the type of data to be backed up and the frequency at which you will create a backup, you can take a basic backup or a full backup.

• Basic backup: Backs up only the configuration files. You might want to perform this type of backup frequently, because files it backs up change constantly. The files that are backed up are as follows:

  Directory	Sub-Directory or Files
  /nsconfig/	ns.conf ZebOS.conf rc.netscaler snmpd.conf nsbefore.sh nsafter.sh monitors
  /var/	download/* log/wicmd.log wi/tomcat/webapps/* wi/tomcat/logs/* wi/tomcat/conf/catalina/localhost/* nslw.bin/etc/krb.conf nslw.bin/etc/krb.keytab netscaler/locdb/* lib/likewise/db/* vpn/bookmark/* netscaler/crl nstemplates/* learnt_data/*
  /netscaler/	custom.html vsr.htm

• Full backup: In addition to the files that are backed up by a basic backup, a full backup backs up some less frequently updated files. The files that are backed up when using the full backup are as follows:

  Directory	Sub-Directory or Files
  /nsconfig/	ssl/* license/* fips/*
  /var/	netscaler/ssl/* wi/java_home/jre/lib/security/cacerts/* wi/java_home/lib/security/cacerts/*

The backup is stored as a compressed TAR file in the /var/ns_sys_backup/ directory. To avoid issues because of non-availability of disk space, you can store a maximum of 50 backup files in this directory. You can use the rm system backup command to delete existing backup files so that you can create more backups.

Notes:

• While the backup operation is in progress, do not execute commands that affect the configuration.

• If a file that is required to be backed up is not available, the operation skips that file.

To back up the NetScaler by using the command line interface

At the command prompt, do the following:

1. Save the NetScaler configurations using:
   save ns config

2. Create the backup file using:
   create system backup [<fileName>] -level <basic | full> -comment <string>

   Note: If the file name is not specified, the appliance creates a TAR file with the following naming convention:

   backup_<level>_<nsip_address>_<date-timestamp>.tgz.

   For example, to back up the full appliance using the default naming convention for the backup file use:
   create system backup -level full

3. Verify that the backup file was created using:
   show system backup

   You can view properties of a specific backup file by using the fileName parameter.

To back up the NetScaler by using the configuration utility

1. Navigate to System > Backup and Restore.
2. On the Details pane, click Backup.
3. On the Backup screen, specify the details required to backup the appliance.
4. Click Backup.

Restoring the NetScaler Appliance

When you restore the appliance from a backup file, the restore operation untars the backup file into the /var/ns_sys_backup/directory. Once the untar operation is complete, the files are copied to their respective directories.
Note: The restore operation does not succeed if the backup file is renamed or if the contents of the file are modified.

To restore the NetScaler by using the command line interface

At the command prompt, do the following:

1. Obtain a list of the backup files available on the appliance:
   show system backup

2. Restore the appliance by specifying one of the backup files:
   restore system backup <filename>

   For example, to restore by using a full backup of an appliance.
   > restore system backup backup_full_<nsip_address>_<date-timestamp>.tgz

3. Reboot the appliance:
   reboot

To restore the NetScaler by using the configuration utility

Navigate to System > Backup and Restore, right-click the backup file to be restored and click Restore.