Table of Contents
Copy NetScaler configuration and change all the IPsÃ‚Â is something you will have to do eventually when Citrix NetScaler is your playing field. Some customer will ask you to copy a running configuration to a new NetScaler, because they are redesigning the network or they need an exact replica of the production NetScaler for testing purposes. So you will have to move the configuration to a new NetScaler and change the IP addresses to match the new network situation. This can be done in a several ways, but in this post I will show you how I do it. Because when you have have little time and is has to be done in a fast and reliable way, I believe this is the way to go. Let me show you how in this post.
Deliverables of this post:
- Copy a running (production) NetScaler config to another NetScaler.
- Change the NetScaler IP (NSIP), Subnet IP (SNIP) and Virtual IP (VIP).
Requirements for the configuration:
- Same version and build on every NetScaler (www.citrix.com).
- NetScalerÃ‚Â License (same license type on both appliances).
- Ip addresses for the new NetScaler (NSIP, SNIP and VIP).
The steps in this post require you having extended knowledge of NetScaler command prompt (SSH). It is very important you understand what is going on in the ns.conf file. This is the file where all the configuration of the NetScaler is stored. If you mess up this file, you will have to restore it from a backup. Furthermore make sure that your old and new NetScaler is running the same version and build.
Below is an overview of the old and the new IP addresses I amÃ‚Â using in my network.
|Description||NS01 (old NetScaler)||NS02 (new NetScaler)|
In my homelab setup I don’t have a High Availability (HA) NetScaler configured. If you need an HA pair in your new setup, just follow the steps in this post for only one new NetScaler. When everything is copied and running on the new NetScaler, just add the second NetScaler, create your HA pair, and everything should sync fine.
Setup and configure your new NetScaler
We will start with the setup and configuration of the new NetScaler. The following things need to be setup on the new NetScaler:
- DNS / TimeZone
Start you new NetScaler virtual machine and enter the initial setup information.
Log into your NetScaler to start the setup wizard. Choose your option on theÃ‚Â Citrix User Experience Improvement Program.
Click onÃ‚Â Subnet IP Address. Enter the IP and click onÃ‚Â Done.
Click onÃ‚Â Host Name, DNS IP Address and Time Zone.
Enter the information, select the time zone and click onÃ‚Â Done.
The NetScaler will reboot now to apply the changes. Click onÃ‚Â Yes.
After the reboot log into the NetScaler management and click onÃ‚Â Licenses.
Allocate your NetScaler license using you Citrix account. The license needs to be allocated using the system ID, displayed on the right side. SelectÃ‚Â Upload license files and click onÃ‚Â Browse to select the license file you have allocated.
After the license file is imported successfully, click onÃ‚Â Reboot.
After the reboot log into the NetScaler management. You will be presented with an overview of the features activated by your license. Now you can see the model number according to your license. Close the License overview window.
Copy certificate files to the new NetScaler
The next step is to make sure all your certificates are available on the new NetScaler. For this I will be using WinSCP. Using the Secure File Transport Protocol (SFTP) option in WinSCP I can easily copy files from the NetScaler. Feel free to use your favorite editor or tool to connect to the NetScaler to get the files.
Get the certificates from your old NetScaler. Log into the NetScaler using WinSCP and browse to /flash/nsconfig. Select theÃ‚Â ssl directory and download it to your computer.
Upload the certificates in theÃ‚Â ssl directory to your new NetScaler. Log into the new NetScaler and browse to /flash/nsconfig/ssl. Select the certificates you downloaded in the previous step and upload them to this directory.
Check the directory and clickÃ‚Â OK.
SelectÃ‚Â Yes to All to confirm overwriting existing certificates on your new NetScaler.
So now the certificates from your old NetScaler should be available on the new one.
Download NetScaler configuration file from old NetScaler
Using WinSCP go back to your old NetScaler and get the ns.conf file. This is the file where all the configuration is stored and weÃ‚Â will modify and import this on the new NetScaler.
Start by saving your configuration to make sure that everything is written to the ns.conf. Browse toÃ‚Â /flash/nsconfig and select the ns.conf. Then click onÃ‚Â Download.
Prepare NetScaler configuration file
We have to modify the ns.conf file before we can import it on the new NetScaler. Rename the file in WinSCP.
Upload the renamed file to your new NetScaler in the directoryÃ‚Â /var/tmp. This is the directory we will use to import the file later.
With the renamed ns.conf uploaded to the new NetScaler, it is time to edit it. Right-clickÃ‚Â the file and click onÃ‚Â Edit -> Internal Editor in WinSCP.
We have to anonymize this file for the new NetScaler, so every object here which is bound to the old NetScaler we have to delete. Let’s remove at least the following lines in this file:
- set ns config -IPAddress
- set lacp
- set ns hostname
- add route (all of the routes)
- set system user nsroot
- set interface (all of them)
- add ns ip6
The next step is to replace the IP addresses for the SNIP and the VIP with the new ones. Just scroll do the file and change them, or use find and replace in your editor. Then save the file.
Import the configuration on your new NetScaler
Now we can import the file in the new NetScaler. Log into your new NetScaler (web) and navigate toÃ‚Â System -> Diagnostics. Then click onÃ‚Â Batch configuration.
Click onÃ‚Â Choose File and then onÃ‚Â Appliance.
Select the file we edited and prepared for import in the steps above. Click onÃ‚Â Open.
Click then onÃ‚Â Run to start the import.
The import will start.
When the import is finished you will see a message that a system reboot is needed. Click onÃ‚Â Stop.
Go toÃ‚Â System and click onÃ‚Â Reboot.
Make sureÃ‚Â Save configuration is checked and click on OK.
After the reboot login to your NetScaler.
Check the IP addresses. Go toÃ‚Â System -> Network -> IPs -> IPV4s. The list should show you only the new IP addresses.
This concludes this blog post. Feel free to contact me of you have any questions or comments.
You can follow me on twitter or add the RSSÃ‚Â feed from myÃ‚Â blog and you will be notified when I add new posts.