GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → devblackops → NetScaler

devblackops / NetScaler

Licence: Apache-2.0 License
PowerShell module for interacting with Citrix NetScaler via the Nitro API

Programming Languages

powershell
5483 projects

Labels

netscalercitrix-netscalernitro-api

Projects that are alternatives of or similar to NetScaler

terraform-provider-citrixadc
Terraform Custom Provider for Citrix ADC (formerly Citrix NetScaler)
Stars: ✭ 89 (+34.85%)
Mutual labels:  netscaler, citrix-netscaler, nitro-api
check netscaler
A Nagios Plugin written in Perl for the Citrix ADC (formerly Citrix NetScaler). It uses the NetScaler NITRO API.
Stars: ✭ 36 (-45.45%)
Mutual labels:  netscaler, citrix-netscaler, nitro-api
go-nitro
A Golang client to the Citrix ADC API
Stars: ✭ 18 (-72.73%)
Mutual labels:  netscaler, citrix-netscaler
citrix-adc-aws-cloudformation
Citrix ADC (Formerly Netscaler) templates and scripts for AWS deployment
Stars: ✭ 11 (-83.33%)
Mutual labels:  netscaler, citrix-netscaler
uac
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Stars: ✭ 260 (+293.94%)
Mutual labels:  netscaler
citrix-honeypot
Citrix ADC (NetScaler) Honeypot. Supports detection for CVE-2019-19781 and login attempts
Stars: ✭ 24 (-63.64%)
Mutual labels:  citrix-netscaler
windows-lab
Windows Automated Lab with Vagrant
Stars: ✭ 78 (+18.18%)
Mutual labels:  netscaler

Build status

NetScaler

PowerShell module for interacting with Citrix NetScaler via the Nitro API.

This module contains functions that abstract away the nitty-gritty aspects of the Nitro API. It provides a set of idiomatic PowerShell functions with parameter validation and inline documentation. The module can be used for both a better command line experience and writing scripts that automate NetScaler setup.

Getting started

Login into NetScaler

This script establishes a session with the NetScaler instance and sets its host name:

$Nsip, $Username, $Password = "1.2.3.4", "nsroot", "nsroot"

$SecurePassword = ConvertTo-SecureString $Password -AsPlainText -Force
$Credential = New-Object System.Management.Automation.PSCredential ($Username, $SecurePassword)

$Session =  Connect-Netscaler -Hostname $Nsip -Credential $Credential -PassThru

Set-NSHostname -Hostname ns01 -Force -Session $Session

Initial setup

Once logged into a freshly installed NetScaler, the following script sets up the time zone, installs a license, saves the configuration and reboots:

Set-NSTimeZone -TimeZone 'GMT+01:00-CET-Europe/Zurich' -Session $Session -Force

Install-NSLicense -Path licenses/license.lic -Session $Session
Restart-NetScaler -WarmReboot -Wait -SaveConfig -Session $Session -Force

After reboot, a reconnection is required:

$Session =  Connect-Netscaler -Hostname $Nsip -Credential $Credential -PassThru

Basic tasks

Once initial setup is done, regular configuration can start. The following commands will set up a VIP and SNIP:

Add-NSIPResource -Type SNIP -IPAddress 172.16.124.11 -SubNetMask '255.255.255.0' -VServer -Session $Session

Add-NSIPResource -Type VIP  -IPAddress 172.16.124.12 -SubNetMask '255.255.255.0' -VServer -Session $Session

This will add a DNS server:

Add-NSDnsNameServer -IPAddress 1.2.3.10

The line below will enable the following features:

  • Authentication, Authorization and Auditing,
  • Load balancing,
  • Rewrite,
  • SSL offloading.
Enable-NSFeature -Session $Session -Force -Name "aaa", "lb", "rewrite", "ssl"

Setting up a reverse proxy

The above example deal with setting up the stage. However, to configure NetScaler for some real work, more complex set of commands is needed. Usually, this kind of work can be abstracted in a PowerShell function. For instance, the following function will create a very simple reverse proxy:

New-ReverseProxy -IPAddress 172.16.124.12 -ExternalFQDN www.extlab.local -InternalFQDN www.lab.local

The actual implementation could be:

function New-ReverseProxy {
    Param(
        [String]$IPAddress,
        [String]$ExternalFQDN,
        [String]$InternalFQDN,
        [String]$CertificateName = $ExternalFQDN
    )
    $VServerName = "vsrv-$ExternalFQDN"
    $ServerName = "srv-$InternalFQDN"

    New-NSLBServer -Name $ServerName -Domain $InternalFQDN
    Enable-NSLBServer -Name $ServerName -Force
    New-NSLBServiceGroup -Name svg-$ExternalFQDN -Protocol HTTP
    New-NSLBServiceGroupMember -Name svg-$ExternalFQDN -ServerName $ServerName

    New-NSLBVirtualServer -Name $VServerName -IPAddress $IPAddress -ServiceType SSL -Port 443
    Add-NSLBVirtualServerBinding -VirtualServerName $VServerName -ServiceGroupName svg-$ExternalFQDN
    Enable-NSLBVirtualServer -Name $VServerName -Force

    Add-NSLBSSLVirtualServerCertificateBinding -Certificate $CertificateName -VirtualServerName $VServerName

    New-NSRewriteAction -Name "act-proxy-host-$InternalFQDN" -Type Replace -Target 'HTTP.REQ.HOSTNAME' -Expression "`"$InternalFQDN`""
    New-NSRewritePolicy -Name "pol-proxy-host-$InternalFQDN" -ActionName "act-proxy-host-$InternalFQDN" -Rule "true"
    Add-NSLBVirtualServerRewritePolicyBinding -VirtualServerName $VServerName -PolicyName "pol-proxy-host-$InternalFQDN" `
        -BindPoint Request -Priority 100
}

Beyond the module

Although, the module is still a work in progress, there are already more than 140 functions implemented. Those functions cover most needs. However, you might occasionally need a Nitro resource that is not implemented. In that case you can rely on a simple call to Invoke-Nitro. For instance, the following call will set the nsroot user's session expiration time to 1 day (not recommended in production but very helpful in a development environment!):

Invoke-Nitro -Type systemuser -Method PUT -Payload @{
        username     = "nsroot"
        timeout      = "86400"
        logging      = "ENABLED"
        externalauth = "ENABLED"
    } -Action Add -Force

## Examples

For a more complete example you can take a look ad NSConfig.ps1

Similar work

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].