How to Load Balance IBM Domino Webmail Servers with Citrix Netscaler

Citrix have released this cool knowledge article on how to Load Balance the IBM Domino web servers with a Citrix Netscaler appliances. If you have Domino in your production then this is a must to do thing =o) GO Netscaler…. :o)

 

Summary

This article contains information about how to Load Balance the IBM Domino Webmail Servers with a NetScaler appliance.

Background

The configuration demonstrated in this article refers to a Domino configuration where there is one exclusive logon server and individual mailbox servers for each user.

Refer to Achieving High Availability with IBM Lotus iNotes for more information.

Procedure

Because the Domino server must redirect users to their respective mailboxes, a NetScaler appliance must rewrite the URL sent by the Domino server.

This allows the users to only communicate with one given URL such as https://webmail.example.com, instead of multiple URLs such ashttps://mailbox1.example.com or https://mailbox2.example.com.

The following steps describe the network flow when load balancing the IBM Domino Webmail Servers:

  • A user opens the webmail.example.com website by using a Web browser.
  • The Web browser redirects the user to https://webmail.example.com.
  • The user enters the credentials.
  • If the credentials are successful, then the server redirects the user to http://mailbox1.example.com/.
  • A NetScaler appliance modifies the URL to https://webmail.example.com/ before sending the data back to the user.
  • A cookie is set on the client with the value of mailbox1.
  • When the Web browser requests https://webmail.example.com/ with the cookie mailbox1, a NetScaler appliance content switches this request to the mailbox1 server.

The NetScaler appliance must set a cookie for the mailbox server. Therefore, the clients must support cookies.

Features Required

The following features must be enabled on a NetScaler appliance:

  • Load Balancing
  • Content Switching
  • SSL
  • Rewrite

Configuration

To configure a NetScaler appliance to load balance the IBM Domino Webmail Servers, complete the following steps:

  • Run the following command in the command line interface of the appliance to enable the required features:
    enable ns feature LB CS SSL REWRITE
  • Run the following commands to add the mailbox servers:
    add server mailbox1 1.2.3.1
    add server mailbox2 1.2.3.2
    add server mailbox3 1.2.3.3
    add server mailbox4 1.2.3.4
  • Run the following command add the logon server:
    add server login 1.2.3.10
  • Run the following commands to add the content switching policies:
    add cs policy “Mailbox A” -rule “HTTP.REQ.HEADER(\”Cookie\”).SET_TEXT_MODE(IGNORECASE).CONTAINS(\”mailbox1\”)”
    add cs policy “Mailbox B” -rule “HTTP.REQ.HEADER(\”Cookie\”).SET_TEXT_MODE(IGNORECASE).CONTAINS(\”mailbox2\”)”
    add cs policy “Mailbox C” -rule “HTTP.REQ.HEADER(\”Cookie\”).SET_TEXT_MODE(IGNORECASE).CONTAINS(\”mailbox3\”)”
    add cs policy “Mailbox D” -rule “HTTP.REQ.HEADER(\”Cookie\”).SET_TEXT_MODE(IGNORECASE).CONTAINS(\”mailbox4\”)”
  • Run the following commands to add services for the mailbox servers:
    add service mailbox1-http mailbox1 HTTP 80 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp ON -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES
    add servicemailbox2-http mailbox2 HTTP 80 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp ON -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES
    add service mailbox3-http mailbox3 HTTP 80 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp ON -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES
    add service mailbox4-http mailbox4 HTTP 80 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp ON -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES
  • Run the following command to add a service for the logon server:
    add service login-http login HTTP 80 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp ON -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES
  • Run the following command to add rewrite actions:
    add rewrite action “Webmail – Internal” replace http.REQ.HOSTNAME.SERVER “\”login.example.com\””

    add rewrite action “Webmail – Change Location” replace “http.RES.HEADER(\”Location\”)” “\”https://webmail.example.com\” + http.RES.HEADER(\”Location\”).AFTER_STR(\”example.com\”)”
    Note    : The logon server returns a URL redirect based on its internal name, such as login.example.com.

    add rewrite action “Body Replace” replace “http.RES.BODY(1000).AFTER_STR(\”http://\”).BEFORE_STR(\”/\”)” “\”webmail.example.com\””

    add rewrite action “Insert Cookie” insert_http_header Set-Cookie “http.RES.BODY(1000).AFTER_STR(\”http://\”).BEFORE_STR(\”/\”)”
    Note    : This action sets the mailbox server information cookie on the client.

    add rewrite action “Webmail – Cookie Domain” replace “http.RES.HEADER(\”Set-Cookie\”).AFTER_STR(\”domain=\”).BEFORE_STR(\”;\”)” “\”.example.com\””

  • Run the following command to add rewrite policies:
    add rewrite policy “Webmail – Policy” “http.REQ.HOSTNAME.SERVER.EQ(\”webmail.example.com\”)” “Webmail – Internal”
    Note    : This policy changes the external URL to the internal URL to access the logon server.

    add rewrite policy “Webmail – Host Change” “http.RES.HEADER(\”Location\”).CONTAINS(\”http://webmail.example.com\”)” “Webmail – Change Location”

    add rewrite policy “Webmail-Insert Cookie” “http.REQ.URL.CONTAINS(\”IntRedirMail.nsf\”)” “Insert Cookie”
    Note    : This policy sets the mailbox server information cookie on the client.

    add rewrite policy “Webmail-Replace Body” “http.REQ.URL.CONTAINS(\”IntRedirMail.nsf\”)” “Body Replace”
    Note    : This policy modifies the URL to be an external URL used by users, when the user requests IntReditMail.nsf from the logon server.

    add rewrite policy “Webmail-Replace Cookie Domain” “http.RES.HEADER(\”Set-Cookie\”).CONTAINS(\”example.com\”)” “Webmail – Cookie Domain”
    Note    : This is policy is required, if the internal domain name is different from the external domain name.

  • Run the following commands to add load balancing Virtual Servers:
    add lb vserver mailbox1-lb HTTP 0.0.0.0 0 -persistenceType NONE -cltTimeout 180
    add lb vserver mailbox2-lb HTTP 0.0.0.0 0 -persistenceType NONE -cltTimeout 180
    add lb vserver mailbox3-lb HTTP 0.0.0.0 0 -persistenceType NONE -cltTimeout 180
    add lb vserver mailbox4-lb HTTP 0.0.0.0 0 -persistenceType NONE -cltTimeout 180
    add lb vserver login-lb HTTP 0.0.0.0 0 -persistenceType NONE -cltTimeout 180
    add lb vserver “webmail redirect” HTTP 10.10.10.1 80 -persistenceType NONE -redirectURL “https://webmail.example.com” -cltTimeout 180
  • Run the following command to add the content switching Virtual Server:
    add cs vserver Webmail SSL 10.10.10.1 443 -cltTimeout 180
  • Run the following commands to bind the load balancing Virtual Server to the services:
    bind lb vserver mailbox1-lb mailbox1-http
    bind lb vserver mailbox2-lb mailbox2-http
    bind lb vserver mailbox3-lb mailbox3-http
    bind lb vserver mailbox4-lb mailbox4-http
    bind lb vserver login-lb login-http
  • Run the following commands to bind the content switching policies to the Virtual Server:
    bind cs vserver Webmail -policyName “Webmail – Policy” -priority 100 -gotoPriorityExpression NEXT -type REQUEST
    bind cs vserver Webmail -policyName “Webmail – Host Change” -priority 1 -gotoPriorityExpression NEXT -type RESPONSE
    bind cs vserver Webmail -policyName “Webmail-Replace Cookie Domain” -priority 10 -gotoPriorityExpression NEXT -type RESPONSE
    bind cs vserver Webmail -policyName “Webmail-Insert Cookie” -priority 20 -gotoPriorityExpression NEXT -type RESPONSE
    bind cs vserver Webmail -policyName “Webmail-Replace Body” -priority 30 -gotoPriorityExpression NEXT -type RESPONSE
    bind cs vserver Webmail login-lb
    bind cs vserver Webmail mailbox1-lb -policyName “Mailbox A” -priority 100
    bind cs vserver Webmail mailbox2-lb -policyName “Mailbox B” -priority 90
    bind cs vserver Webmail mailbox3-lb -policyName “Mailbox C” -priority 80
    bind cs vserver Webmail mailbox4-lb -policyName “Mailbox D” -priority 70
  • Run the following command to bind the SSL certificate to the content switching Virtual Server:
    bind ssl vserver Webmail -certkeyName webmail.example.com

This document applies to: