Beruflich Dokumente
Kultur Dokumente
Introduction
Microsoft SharePoint is becoming ubiquitous in the enterprise as the information portal of choice. With
the latest release of Microsoft Office Server System 2007, the SharePoint Portal Server 2007 solution
has become an integral part of the Office Suite, allowing users to work on deliverables collaboratively and
increase productivity across the enterprise.
Users access SharePoint through a web browser which demands an Application Delivery Strategy to
help fulfill availability, scalability, performance, and security goals while delivering content to increasingly
global work forces.
This document is intended to be a guideline for deploying Citrix NetScaler with SharePoint Portal Server
2007. This guide will provide steps for improving the Microsoft SharePoint end user experience by utilizing
Citrix NetScaler’s acceleration and optimization features. The configuration examples are extractions
from a Microsoft performance test lab validated by Citrix. This guide is not designed to replace existing
Citrix NetScaler Implementation and Configuration Guides (ICG) or Microsoft Office SharePoint 2007
documentation.
Table of contents
Prerequisites..........................................................................................................................................4
Citrix Application Delivery and Optimization Features.............................................................................5
Application-Layer Switching...................................................................................................................5
TCP/IP Multiplexing and Connection Management................................................................................5
Web Compression.................................................................................................................................5
Application Data Caching......................................................................................................................5
SSL Encryption......................................................................................................................................5
Microsoft SharePoint Services Application Notes...................................................................................6
MySite Application.................................................................................................................................6
NetScaler Configuration.........................................................................................................................7
Deployment Model: NetScaler One-Arm Mode......................................................................................7
Configuring Citrix NetScaler Global Features..........................................................................................8
Global Policy Expressions......................................................................................................................9
Create Policy Expressions...................................................................................................................10
Policy Expression for gifs.....................................................................................................................11
Citrix NetScaler Compression..............................................................................................................22
Citrix NetScaler Static Caching............................................................................................................25
Citrix NetScaler Load Balancing...........................................................................................................31
Session Persistence for SharePoint.....................................................................................................38
Citrix NetScaler SSL Acceleration........................................................................................................39
Conclusion..........................................................................................................................................46
Appendix.............................................................................................................................................47
Prerequisites
• Proficient with Windows 2003 Server, deployment of Windows SharePoint Service 3.0 and it’s
components.
• Knowledgeable with Citrix NetScaler Installation and Configuration Guide (ICG) Volume 1 & 2. There
are several sections in this document that refer to the ICG for further discussion and configuration
considerations.
• Intermediate or Advanced knowledge of Networking, Secure Socket Layer (SSL), and Web
technologies.
• NetScaler running version 7.0 or higher used in this deployment example.
Citrix Application Delivery and
Optimization Features
Application-Layer Switching
Application-layer switching capabilities provides application content distribution among multiple
application servers, ensuring increased application performance with fail-over support for business
continuity in an Microsoft SharePoint Services environment. Citrix Request Switching® ensures even
traffic distribution irrespective of individual user demands.
Web Compression
AppCompress™ improves performance by reducing the amount of data sent from Web servers to
browsers. Redundant data is removed from messages sent to clients, and then compression software
that is built into virtually all Web browsers recreates the data exactly as it was created by the server. This
makes Web compression transparent to all Web-facing applications.
SSL Encryption
High-capacity SSL Encryption moves the computing-intensive processing associated with industry-
standard SSL encryption from the server to the Citrix NetScaler solution. This frees up server capacity,
speeds up SSL processing, and enables the Citrix NetScaler solution to provide application-layer security
to encrypted data streams.
Microsoft SharePoint Services
Application Notes
The following SharePoint environment consists of the following components in hierarchical order:
MySite Application
In Microsoft Office SharePoint Server 2007, MySites are special SharePoint sites that are personalized
and through which users pass to access their own personal site. It is recommended that the MySite
application be included in the overall SharePoint architecture design, regardless of the planned
deployment. For more information on MySite for Microsoft Office SharePoint Server 2007 see:
• MySite Design:
http://technet2.microsoft.com/Office/en-us/library/97a22c4e-6fc0-4745-9a03-0bfa500a4ca51033.
mspx?mfr=true
• Planning MySite:
http://technet2.microsoft.com/Office/en-us/library/4edf74cf-8808-4277-ba10-b1f925d7c4401033.
mspx?mfr=true
Due to the design recommendations above, it is recommended that MySite is hosted as a dedicated
Web application. This will require a unique IP address and port separate from the IP address allocated
for the SharePoint deployment. With this in mind, a separate Virtual IP (VIP) in the NetScaler configuration
will also be required. This will be covered in the Load Balancing section.
If there is a limitation on IP address allocation for the SharePoint deployment, NetScaler Content Switching
can be used as an alternative to consolidate the use of IP addresses for SharePoint.
Content Switching will be required if SSL acceleration is to be implemented for SharePoint. This will be
covered in the SSL Acceleration Section.
NetScaler Configuration
Deployment Model: NetScaler One-Arm Mode
NetScalers can be deployed as a pair to provide high availability for the SharePoint application. The
NetScalers in One-Arm mode can be transparently integrated into the SharePoint environment without
any physical changes to the existing network infrastructure. The One-Arm design allows for simplicity
and fl exibility to route non-SharePoint or unrelated traffic around the NetScaler appliance.
For further discussion on the various NetScaler deployment models, refer to section 2.2.1 (Planning the
Deployment) of the NetScaler ICG guide Volume 1.
Software:
NOTE: It is recommended that the existing configuration be saved before beginning the following
procedures in this deployment guide. See section 3.0 of the Netscaler ICG guide Volume 1 for instructions
on how to save settings.
1. To access the Configuration Utility from the browser, type the system’s default IP address in the
address bar of the Web browser:
2. To launch the Configuration Utility, click the Applet Client or Web Start Client hyperlink on the right-
hand side of the Configuration Utility label.
3. At the login prompt, type the user name nsroot and the password nsroot and click Login. The Setup
Wizard is displayed with the Configuration Utility in the background.
Global Policy Expressions
A Policy Expression is a set of conditions that can be applied on content entering the NetScaler system.
Expressions represent one or more of these conditions and make up a Policy Expression. The Policy
Expressions are shared among the NetScaler features. The NetScaler Compression, Integrated Caching,
and Content Switching features enabled for SharePoint are controlled by Policy Expressions.
These Policy Expressions can be created through various windows within the NetScaler Configuration
Utility. They can be created within the Feature node or at the System (Global) node of the NetScaler
Configuration Utility. The System node represents a global repository for Policy Expressions and can
provide a benefit to the system administrator’s management responsibilities for all the expressions.
For further discussion on Policy Expressions, refer to Chapter 15 of the NetScaler Installation and
Configuration Guide Volume 1.
The following steps will illustrate the creation of the Policy Expressions within the System node.
For Static Caching, the names of the following Policy Expressions will be created for the following HTTP/
HTTPS objects:
• gifs (images)
• jpeg and jpg (images)
• js (javascript)
• css (Content Style Sheets)
For increased compression capability on the NetScaler, the names of the following Policy Expressions
will be added:
• js (javascript)
• js_content_type (javascript)
Create Policy Expressions
• Go to the Navigation Panel (left side of the main NetScaler Configuration (Utility) and expand the
System Node.
• Select Expressions and click Add.
This introduces the NetScaler technician to the AppExpert Visual Policy Builder.
10
Policy Expression for gifs
In the Expression Name* field, enter the name for this Expression.
Click OK to create the Expression in the box. This is shown in the Expression box and shown as REQ.
HTTP.URL== *.gif
11
Once the *.GIF expression has been created, Close out of the Add Expression sub-window and Click
Create.
The expressions REQ.HTTP.URL==*.gif and REQ.HTTP.URL==*.GIF will now have formed the Policy
Expression gif.
The creation of these expressions will identify an http/https object with the gif and GIF file extension
within the URL and will later be used for Static Caching policies.
12
Policy Expression for jpeg
In the Expression Name* field, enter the name for this Expression.
Click OK to create the Expression in the box. This is shown in the Expression box and shown as REQ.
HTTP.URL== *.jpeg
13
Once the *.JPEG expression has been created, Close out of the Add Expression sub-window and Click
Create.
The expressions REQ.HTTP.URL==*.jpeg and REQ.HTTP.URL==*.JPEG will now have formed the Policy
Expression gif.
The creation of these expressions will identify an http/https object with the jpeg nd JPEG file extension
within the URL and will later be used for Static Caching policies.
14
Policy Expression for jpg
In the Expression Name* field, enter the name for this Expression.
15
Once the *.JPG expression has been created, Close out of the Add Expression sub-window and Click
Create.
The expressions REQ.HTTP.URL==*.jpg and REQ.HTTP.URL==*.JPG will now have formed the Policy
Expression jpg.
The creation of these expressions will identify an http/https object with the jpg and JPG file extension
within the URL and will later be used for Static Caching policies.
16
Policy Expression for css
In the Expression Name* field, enter the name for this Expression.
Click OK to create the Expression in the box. This is shown in the Expression box and shown as REQ.
HTTP.URL== *.css
17
Once the *.css expression has been created, Close out of the Add Expression sub-window and Click
Create.
The expressions REQ.HTTP.URL==*.css and REQ.HTTP.URL==*.CSS will now have formed the Policy
Expression css.
The creation of these expressions will identify an http/https object with the css and CSS file extension
within the URL and will later be used for Static Caching policies.
18
Policy Expression for js
In the Expression Name* field, enter the name for this Expression.
Click Add.
Once the .js expression has been created, close out the Add Expression subwindow and Click Create.
The creation of this expression will identify an http/https object with the js file
extension within the URL and will later be used for Static Caching and Compression policies.
19
Policy Expression for js_content_type
In the Expression Name* field, enter the name for this Expression.
Click Add.
Click OK to create the Expression in the box. This is shown in the Expression box and shown as RES.
HTTP.HEADER Content-Type CONTAINS application/x-javascript.
This expression will identify the javascript MIME type within the HTTP header and will later be used for
Static Caching and Compression policies.
20
Policy Expression for MySite
In the Expression Name* field, enter the name for this Expression.
Click Add.
Click OK to create the Expression in the box. This is shown in the Expression box and shown as REQ.
HTTP.URL CONTAINS _layouts/Mysite.aspx.
The creation of this expression will identify an http/https request for the MySite application and will later
be used for Content Switching with SSL acceleration.
21
Citrix NetScaler Compression
The NetScaler system implements lossless compression that can be interpreted by popular browsers
like Internet Explorer, Netscape, and AOL. It can compress payloads up to a ratio of 4:1. By default,
the system compresses text/ HTML and text/* MIME formats for all browsers. The NetScaler system
compresses traffic based on the format supported by the browser. While the NetScaler system can
compress content generated by most CGI applications, by default it does not compress client side
javascript traffic.
Like many other web applications, Microsoft SharePoint incorporates the use of javascript within the
various SharePoint tasks. Configuring Compression for SharePoint Go to the Navigation Panel (left side
of the main NetScaler Configuration Utility) and expand the Compression Node.
Type cmp_javascript in the Policy Name field and select the Response Action pull down box to
COMPRESS.
In the Named Expressions pull down box, select js (Policy Expression created in the System Node).
22
Add another Named Expression to the compression policy.
23
Once the new compression policy is created, click on the Global Bindings button at the bottom of the
HTTP sub-node window.
This will bind the new javascript compression policy to the global settings.
24
Citrix NetScaler Static Caching
Standard HTTP caching requires no web application knowledge. In most scenarios it can be turned on
transparently. This enables caching of static content. For example, image files generally static can be
cached by the NetScaler. Dynamically generated application content is typically not cacheable using
standard caching. You can adjust the standard caching settings to change the maximum cacheable
response size, the VIA header string and make other such minor customizations.
Every object cached by the NetScaler Integrated Cache is made a member of a Content Group. The
association happens at the time the object is being downloaded and stored. This association is declared
in the policy that resulted in the caching of this object.
Go to the Navigation Panel (left side of the main NetScaler Configuration Utility) and expand the Integrated
Caching node.
25
Due to larger than average page sizes generated by the application, the Max Response Size setting for
AppCache should be increased from the default of 80 KB to 500 KB.
Once the Memory settings have been completed, click Create to create the images Content Group.
Repeat the steps above to create more Content Groups with the following names:
• javascript
• css
The creation of these content groups will store all static http/https objects that have matched the static
caching policies for images javascript, and css.
To create the Cache Policy for the Content Groups, go to the Navigation Panel (left side of the main
NetScaler Configuration Utility) and expand Integrated Caching node.
26
Create Cache policy for images:
In the Named Expressions pull down box, select gif (Policy Expression
created in the System Node) and click Add Expression. Repeat this step
The creation of this caching policy will cache all of the static http/https objects that match the gif, jpeg,
and jpg expressions and store them in the images content group.
27
Create Cache policy for css:
In the Named Expressions pull down box, select css (Policy Expression created in the System Node) and
click Add Expression.
The creation of this caching policy will cache all of the static http/https objects that match the expression
for cascading style sheets and store them in the css content group.
28
Create Cache policies for javascript:
In the Named Expressions pull down box, select js_content_type (Policy Expression created in the
System Node) and click Add Expression.
29
In the Name* field of the Policy, type cache_js
In the Named Expressions pull down box, select js (Policy Expression created in the System Node) and
click Add Expression.
The creation of this caching policy will cache all of the static http/https objects that match the expression
for cascading style sheets and store them in the css content group.
30
Citrix NetScaler Load Balancing
Perform the following steps to configure NetScaler Load Balancing with SharePoint Server 2007:
Server Monitoring
Prior to configuring Load Balancing, the parameters for Server health monitoring should be considered.
The NetScaler Server monitor periodically checks the health of the server by probing a specified
destination and taking the appropriate action based on the server response. The NetScaler system has
a default TCP based monitor that is automatically bound to each SharePoint Service created for load
balancing.
Based on the default parameters of the SharePoint server, the NetScaler’s default TCP monitor will satisfy
a basic server health check and will mark the SharePoint Service as “Up.” The default parameters will
be sufficient for a typical Windows based SharePoint server. For further discussion on customizing other
TCP and HTTP based Server monitoring, refer to the Section 6.5 of the NetScaler ICG Volume 1.
31
The example below describes the steps in creating a TCP monitor for a SharePoint Service.
Go to the Navigation Panel (left side of the main NetScaler Configuration Utility) and expand the Monitors
node.
Click Add.
32
The first step in configuring Load Balancing requires creating NetScaler Services for SharePoint.
Go to the Navigation Panel (left side of the main NetScaler Configuration Utility) and expand the Load
Balancing node.
33
Select the Services sub-node and click Add.
In the Service Name* field, enter the name for this SharePoint service. In the example below, the Service
Name is SharePoint_web1.
In the Server field, enter the IP address of the server. In the example below, the IP address is
10.197.162.96.
In the Monitors tab, select SharePoint_TCP from the list of Available Monitors and Add to the Configured
list.
Click Create.
Repeat this step for adding other SharePoint Services to be Load balanced.
These newly created services are now configured to accept http requests through port 80 and are ready
to be placed in the SharePoint Virtual Server.
34
For the MySite component of SharePoint Server 2007, a separate service with a unique TCP Port number
can be created to facilitate this application.
In the Service Name* field, enter the name for this SharePoint service. In the example below, the Service
Name is my_site1.
In the Server field, enter the IP address of the server. In the example below, the IP address is
10.197.162.95.
In the Monitors tab, select SharePoint_TCP from the list of Available Monitors and Add to the Configured
list.
Click Create.
These newly created services are now configured to accept http requests through port 8080 and are
ready to be placed in the MySite Virtual Server.
35
SharePoint Virtual Server
Go to the Navigation Panel (left side of the main NetScaler Configuration Utility) and expand the Load
Balancing node.
In the Name* field, enter the name for this SharePoint service. In the example below, the Virtual Server
Name is SharePoint_http_80.
In the IP Address* field, enter the IP address of the server. In the example below, the IP address is
10.197.251.122.
To bind the SharePoint services to the Virtual Server, select the Services tab and add Available services
to the Configured Services.
Creating this Virtual server now enables NetScaler to accept http requests and load balance them across
servers within the SharePoint Virtual Server deployment.
36
MySite Virtual Server
In the Name* field, enter the name for this SharePoint service. In the example below, the Virtual Server
Name is SharePoint_http_8080.
In the IP Address* field, enter the IP address of the server. In the example below, the IP address is
10.197.251.122.
To bind the SharePoint services to the Virtual Server, select the Services tab and add Available services
to the Configured Services.
Creating this Virtual server now enables NetScaler to accept http requests and load balance them across
servers within the MySite Virtual Server deployment.
37
Session Persistence for SharePoint
When the NetScaler Load Balancer initially selects a specific SharePoint server and directs a client
request to this server, all subsequent requests from the same client may need to be sent to the same
physical server to access state information for that client.
To enable session persistence for SharePoint, NetScaler Cookie based persistence can be configured
to insert a HTTP cookie into client responses. The cookie is inserted into the Cookie header field of the
HTTP response. A web browser configured to accept cookies will include it in all subsequent requests
Note: A timeout value of 0 to the server.
(zero) will not set an expiration
Open the Virtual Server from the Load Balancing Node.
time regardless of Cookie
version. The expiration time is Select the Method and Persistence tab.
client software implementation
dependent, and usually such Choose Cookie Insert for the Persistence type.
cookies expire when the
software is properly closed. Set the timeout to 0.
38
Citrix NetScaler SSL Acceleration
The SSL feature provides a transparent way to increase the performance of web sites that carry out SSL
transactions. Citrix NetScaler can be placed in front of web servers where it intercepts SSL transactions
on behalf of the web server. It then processes these transactions, applies the system’s load balancing
and content switching feature policies, and relays the transactions to the servers. Thus, Citrix NetScaler
transparently offl oads the CPU-intensive SSL encryption/decryption from the local web servers and
allows the server resources to service other content requests.
Before SSL acceleration can be configured on the NetScaler system, an SSL Certificate (X509) and
Private Key must be configured on the system. Obtaining a certificate and key is out of the scope of this
document and is covered in Section 8.3.1 of the NetScaler Installation and Configuration Guide (ICG)
Volume 1.
Key and certificate files exported from Microsoft IIS 5 are in PKCS#12 formats and must be converted to
.PEM-encoded format before loading into the NetScaler system. The conversion of certificate and keys
are covered in Appendix A of the NetScaler ICG Volume 1.
• Go to the Navigation Panel (left side of the main NetScaler Configuration Utility) and expand the SSL
node.
• Select Certificates and click Add.
• In the Certificate-Key Pair Name*, type the name. The example below indicates ms_pair_new.
• In the Certificate Filename and Key Filename fields, browse to the folder where the converted files
are stored.
39
NetScaler now has a valid Certificate and Key pair installed and is ready to be used for SSL encryption/
decryption.
40
SSL with Content Switching
Since MySite and the other SharePoint sites are configured on separate Virtual Servers, Content Switching
with SSL is required to secure all SharePoint Virtual servers within a single SSL virtual server.
Go to the Navigation Panel (left side of the main NetScaler Configuration Utility) and expand the Content
Switching node.
41
In the Named Expressions pull down box, select mysite_pol (Policy Expression created in the System
Node) and click Add Expression.
42
Create SSL Content Switching Virtual Server
In the Name* field, enter the name for this SharePoint service. In the example below, the Virtual Server
Name is SharePoint_SSL_VIP.
In the IP Address* field, enter the IP address of the server. In the example below, the IP address is
10.197.251.122.
Activate the Policy with the blank name, select SharePoint_http_80 for the Target (This will configure the
default Virtual Server for SharePoint).
Activate the MySite Policy and select SharePoint_http_8080 for the Target (This will bind the MySite
Policy to the Virtual Server).
To Bind the SSL Certificate-Key pair to Content Switching Virtual Server, select the SSL Settings tab and
Add the Available Certificates to the Configured area.
43
Click Create to create the SharePoint_SSL_VIP.
44
A single content switching Virtual Server has been created. The creation of this SSL based Content
Switching Virtual Server enables NetScaler to receive https requests for both the SharePoint Virtual
Server and MySite Virtual Server.
45
Conclusion
With the latest release of the 2007 Microsoft Office system, Microsoft SharePoint Server 2007 is allowing
users to work on deliverables collaboratively and increasing productivity across the enterprise. But
with the trends towards outsourcing and geographically dispersed workforces, vendors, and partners,
the deployment of a centralized knowledge and document repository is proving to be more and more
challenging.
To ensure the optimal user experience with SharePoint, deployment with Citrix NetScaler is advised.
The installation demonstrated in this guide includes the compression, caching, load balancing, SSL
acceleration, and content switching features of NetScaler. These capabilities help overcome the protocol
inefficiencies and distance limitations of running applications over a wide area network.
This guide highlights the simplified nature of NetScaler’s AppExpert Visual Policy Builder to easily create in
a user friendly GUI interface a series of powerful policy expressions and then to apply them to the various
functional modules. No need for TCL script writing or code generation is required. Additional modules
including web application firewall, SSL access gateway, IPV6 to IPV4 translation, and EdgeSight can be
similarly incorporated in a straightforward manner. Contact Citrix technical support for any installation
and configuration questions you may have.
46
Appendix
Sample Performance Test Results
NetScaler provides Load Balancing and acceleration to common HTTPS-based workfl ows within
Microsoft SharePoint 2007.
The following table details the performance improvements obtained during a test validated at Microsoft
Performance Engineering Lab in Redmond, WA.
This test demonstrates that Citrix NetScaler’s SSL offl oading capabilities allow for the web servers to
save resources and focus their work on delivering content.
These results are discussed in further detail in a Citrix and Microsoft harePoint Performance White
Paper.
47
Citrix Worldwide
Worldwide headquarters
Regional headquarters
Americas
Citrix Silicon Valley
4988 Great America Parkway
Santa Clara, CA 95054
USA
T +1 408 790 8000
Europe
Citrix Systems International GmbH
Rheinweg 9
8200 Schaffhausen
Switzerland
T +41 52 635 7700
Asia Pacific
Citrix Systems Hong Kong Ltd.
Suite 3201, 32nd Floor
One International Finance Centre
1 Harbour View Street
Central
Hong Kong
T +852 2100 5000
www.citrix.com
About Citrix
Citrix Systems, Inc. (Nasdaq:CTXS) is the global leader and the most trusted name in application delivery infrastructure. More than
200,000 organizations worldwide rely on Citrix to deliver any application to users anywhere with the best performance, highest
security and lowest cost. Citrix customers include 100% of the Fortune 100 companies and 98% of the Fortune Global 500, as well
as hundreds of thousands of small businesses and prosumers. Citrix has approximately 6,200 channel and alliance partners in more
than 100 countries. Annual revenue in 2006 was $1.1 billion.
Citrix®, NetScaler®, GoToMyPC®, GoToMeeting®, GoToAssist®, Citrix Presentation Server™, Citrix Password Manager™, Citrix Access Gateway™, Citrix Access
Essentials™, Citrix Access Suite™, Citrix SmoothRoaming™ and Citrix Subscription Advantage™ and are trademarks of Citrix Systems, Inc. and/or one or more of its
subsidiaries, and may be registered in the U.S. Patent and Trademark Office and in other countries. UNIX® is a registered trademark of The Open Group in the U.S. and
other countries. Microsoft®, Windows® and Windows Server® are registered trademarks of Microsoft Corporation in the U.S. and/or other countries. All other trademarks
and registered trademarks are property of their respective owners.
www.citrix.com