How to monitor the uptime of a Citrix gateway VPN vserver?

[Anurag Parmar 3]

Whenever in network or apllictaion failure issue happen from citrix gateway point of view how we ensure that gateway vserver is up

[Steven Wright]

Hi Anurag,

I'm sure that I understand your question. I think you want to ensure that the resources a Gateway VPN vServer relies upon remain available. Please let me know if that's incorrect.

The Gateway VPN vServer will usually rely on various backend server resources, such as LDAP and RADIUS for authentication, DNS, StoreFront, and one or more Secure Ticket Authority servers (if the VPN vServer provided remote access to published applications and desktops).

You would ensure the Gateway vServer remained available when a backend server resource went offline by directing the Gateway to access these resources through local Load Balancing vServers. The LB vServers would have monitors attached and, the event an individual backend server failed, the monitor would detect that failure and send requests from the Gateway vServer to another backend server that's still online.

A complete reference design for Gateway with all backend resources being handled by LB vServers is available here: https://community.netscaler.com/s/article/Tech-Paper-Reference-Designs-for-NetScaler-Gateway-On-Premises

The reference article includes copy/paste CLI commands for fast/easy configuration.

Alternatively, if I have misunderstood, and you wanted to have multiple Gateway vServers (perhaps at different locations) and stop directing users to a Gateway vServers when all of its backend resources had failed and inter-site redundancy on the previously mentioned LB vServers wasn't possible, you could look at configuring Global Service Load Balancing (GSLB) to direct users to the Gateway vServers at your sites. The GSLB configuration could use custom monitors to test not only that the Gateway vServer at each site is online but, to also test the required backend server resources also remained online.

Initially, I would use the first configuration that I mentioned (and the reference designs) and then supplement that with GSLB if needed.

[Anurag Parmar 3]

Hi Steven,

Thanks for taking time to answer my question and given explaintion.

I wanted to know as we know we have option to see normal virtual server up/down timestamp.

Does in the same way do we have any option to know from how long citrix gateway VPN vserver is up?

[Steven Wright]

Hi Anurag,

Unfortunately, the last state change time isn't displayed for Gateway vServers.

That said, the circumstances in which a Gateway vServer will enter a down state are quite rare (all STAs offline). As the Gateway vServer is a service running on the NetScaler, it is usually up regardless the state of the backend resource and you would use GSLB to monitor both.

[Terry Hooper]

Depending on the information required, it may be possible to use ADM and report in the status change with subsequent notification (ADM Event / Rules) relating to the corresponding ADC / vserver.

The screenshot below from ADM details the event created when the status changes on a vserver (this was a Gateway).