Looking into using Citrix Netscalers

Kieran

Kieran

Active Member
Hi all

We are looking at using our existing Citrix Netscalers to load balance our Web (JAS) Servers for JDE. We currently use a powershell script which randomises connections but thats about all it does. I'm interested to see what experiences others have had using Netscalers for JDE? I was curious about the load on the Netscalers and any performance improvements for the users? And any tips and/or gotchas? We are on 9.0, Tools 9.1.3.3 and Websphere 8.5 but we may move soon to Weblogic 11g.

From what I have read, it is worthwhile offloading SSL to the Netscalers.

Thanks
Kieran
 
Citrix Netscalers is one way to go. F5's are another. Personally, I like using Zen Loadbalancer - as the "community edition" is open-source and free, and I've never had an issue with Zen Loadbalancers. If all you're looking for is SSL Offloading and Loadbalancing of JDE servers, then Zen is the direction to go in my opinion.

But if you want the support, maintenance etc - then any load balancer will work well, as long as it provides persistency (preferably in-memory persistency). SSL Offloading is absolutely the right direction, because SSL on Weblogic/Websphere is terribly, terribly inefficient (being java based). Any google search about SSL Offloading will give you information on the "why" to do it.
 
Thanks for the info Jon. We already have Citrix Netscalers so we are planning to leverage those, otherwise we would consider other load balancers.
 
We have been using Citrix NetScaler LB for our JDE installation and other Applications and it is quite stable and easy to maintain (once setup correctly). We have WebSphere on Windows platform with SSL offloading on the NetScaler appliance. There is one minor setup adjustment you would need to do on the WebSphere to ensure https works the way you want, other wise it is pretty straight forward. We never had had any issues as far as LB is concerned.

However we did had a lot of trouble trying to offload SSL for our AIS Mobility setup. Even engaging the Citrix support did not help and at the end they suggested SSL-Bridge which is basically no SSL-Offloading (a bad architecture).

Thanks,
Soumen
 
Hi

Could you share the "minor setup adjustment" for https as it would be very helpful?
 
It is documented under Doc ID 1596421.1 on MOS
Basically it is an indicator flag on the websphere to make sure the https traffic does not revert back to http.

Some excerpt from the MOS Doc ..

Issue:

When an HTML client user attempts to login to EnterpriseOne, they connect to the following URL:
https://e1.YOURSERVER.com:8011/jde/E1Menu.maf

If the user types in the wrong credentials they get the sign in error, but also the address changes to HTTP:
http://e1.YOURSERVER.com:8011/jde/E1Menu.maf

Custom setup:

You can use a custom property called "httpsIndicatorHeader" on the WebSphere Server. This property is described in the IBM documentation as follows:

The custom property httpsIndicatorHeader manages HTTPS requests that are forwarded to an application server from an SSL offloader that is used in front of WebSphere Application Server. When an HTTPS request is received by an SSL offloader it is redirected over HTTP to an application server using WebSphere Application Server. The SSL offloader must be configured to add a special header indicating that the original request was over HTTPS. The httpsIndicatorHeader property specifies the request header key name added by the SSL box. The application server checks this indicator to determine if SSL is required. If it determines the request is SSL over HTTP, an HTTPS scheme is chosen.
 
Back
Top