Configuring Skype for Business frontend pool loadbalancing via Citrix Netscaler VPX


– 3rd party Trusted certificate imported in Netscaler, take a look on my previous articles:
Installing certificate into Citrix Netscaler VPX -part 1

Installing certificate into Citrix Netscaler VPX -part 2

– Skype Front End Servers up and running. I assume that External HTTP is listening on 8080 and External HTTPS on 4443. In my scenario, I have two FE servers configured MGMTSFBFE01 and MGMTSFBFE02.


Connect and login to Netscaler via SSH (I use Putty)

1. First we create servers:

add server MGMTSFBFE01.mgmt.local
add server MGMTSFBFE02.mgmt.local

2. Create custom Monitors:

add lb monitor monitor-SFB-TCP4443 TCP -LRTM ENABLED -destPort 4443 -secure YES
add lb monitor monitor-SFB-TCP8080 TCP -LRTM ENABLED -destPort 8080

3. Create Service Groups

add serviceGroup service-SFB-FE_8080 HTTP -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES -appflowLog DISABLED
add serviceGroup service-SFB-FE_4443 SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES -appflowLog DISABLED

4. Bind Monitors

bind serviceGroup service-SFB-FE_8080 MGMTSFBFE01.mgmt.local 8080 -CustomServerID „\“None\““
bind serviceGroup service-SFB-FE_8080 MGMTSFBFE02.mgmt.local 8080 -CustomServerID „\“None\““
bind serviceGroup service-SFB-FE_8080 -monitorName monitor-SFB-TCP8080
bind serviceGroup service-SFB-FE_4443 MGMTSFBFE01.mgmt.local 4443 -CustomServerID „\“None\““
bind serviceGroup service-SFB-FE_4443 MGMTSFBFE02.mgmt.local 4443 -CustomServerID „\“None\““
bind serviceGroup service-SFB-FE_4443 -monitorName monitor-SFB-TCP4443

5. Create Virtual Servers for Skype

add lb vserver vserver-SFB-FE_80 HTTP 80 -persistenceType COOKIEINSERT -timeout 180 -cookieName MS-WSMAN -cltTimeout 180
add lb vserver vserver-SFB-FE_443 SSL 443 -persistenceType COOKIEINSERT -timeout 180 -cookieName MS-WSMAN -cltTimeout 180


6. Bind Virtual Servers to Service Groups

bind lb vserver vserver-SFB-FE_80 service-SFB-FE_8080
bind lb vserver vserver-SFB-FE_443 service-SFB-FE_4443

7.  configure SSL

set ssl vserver vserver-SFB-FE_443 -tls11 DISABLED -tls12 DISABLED
bind ssl vserver vserver-SFB-FE_443 -certkeyName SFB_FE_Certificate


Pridaj komentár

Vaša e-mailová adresa nebude zverejnená. Vyžadované polia sú označené *