security team, we took matters into our own hands, and rather than using multiple IP Addresses, firewall rules, and LB vServers on the Netscaler, we instead decided to use a Content Switching vServer.
If you have multiple XenApp or XenDesktop farms, or have the potential to add/remove farms to the infrastructure, this is a viable option for you. Here's how we did it and what it looks like.
You will need to create the following:
- Create a CNAME for each farm (i.e. farm1.domain.com, farm2.domain.com)
- Create an A Record to be the alias for the Content Switching vServer (i.e. CTXXML.domain.com)
- Load Balancing
- Create the Servers, Service Group, and Load Balancing vServers as you would normally. However, when creating the Load Balancing vServers for EACH farm, uncheck the 'Directly Addressable' check box.
- Content Switching
- Create 2 Content Switching Actions, one for each Load Balancing vServer created earlier, and make them the targets.
- Create 2 Content Switching Policies and set the actions appropriately. The Expression will look for the FQDN DNS Entry created earlier.
- Create a Content Switching vServer setting the appropriate XML Port and the vServer IP Address. Add the Content Switching Policies created in the previous step.
- That's it. Now, add a new farm, add a DNS record and setup your Netscaler. No need for additional Firewall rules or involvement from the Network team!