Core-Logic is becoming a serious enhancement on NetScaler implementations. Especially large implementations and multi-tenant implementations do benefit from the structure Core-Logic provides. We at SAM Office have found that Core-Logic improves manageability of complex NetScaler implementations and we are working on further improvements for our customers.
We believe that the base-code for Core-Logic should be available in public, confirming the support ability of the code by Citrix and experts world wide. Getting the basecode and deeper insights of Core-Logic 10.3 is free of charge; just send an email to email@example.com, we will send you a copy of the code and some additional whitepapers.
In respect to questions we get from the field, here is a preview on changes made in our latest Core Logic version 10.3:
Core-Logic Version 10.3 has a couple of changes and enhancements in respect to the previous released version 9. Most important change is a switch from “_” to “;” as a delimiter in the stringmaps. This is caused by Jan (firstname.lastname@example.org), who is busy working on automation tooling for Core-Logic (Netscaler in common). He found it difficult to analyse the stringmap since the “_” is used massively in the naming conventions.
Second change is we no longer support entries for both HTTP and SSL contentswitches in the SM_CS_CONTROL stringmap. This implies when migrating from 9.0 to 10.3 some entries might translate into two new entries. It was rarely used and we decided to make room a more applicable feature; the LAN setting.
For each contentswitch, in version 10.3 you can define a segment called “LAN”. Based on these subnets, you than can decide what the Core Logic should do with it;
- A specific (subpath of the) application is only available from this LAN segment, and should be blocked from the internet.
- In some situations, we found the LAN segment useful to define 3rd Party IPs that were allowed to connect to a B2B servicebus
- In some cases it is used to connect to the development version of the website.
Version 9.0 checks WILDCARD-DOMAIN, FQDN and FQDN+FIRSTPATH. Version 10.3 also checks FULL-URL (without query).
Some smaller changes:
- if an entry on HTTP is found, but the refered VServer is down, you now get the ” Sorry page” (thank you Jason to point this one out).
- integration with AAA is made more predictable (see simple-aaa-logon-cs-policy)
Core-Logic 10.3 has “enhancement” packs available; this is code that further enhances functionality yet was deemed over-engineered for normal implementations:
- Authorisation on AAA enabled VServers; to get authorisation tables in a stringmap, we needed LUA (enhanced policy expressions). This code, how simple it actualy is, brings the NetScaler configuration in a grey area for support ability by Citrix.
- Common white-listing / black-listing on the contentswitches / loadbalancing.
- Contentswitching TCP / UDP ports
- A TCP or UDP application now can be made available through what we call the “AUTOLB”-mechanism; the name of the loadbalancing VServer determins the publishing contentswitch/port combination.
- Each TCP Loadbalancer needs to be ” blacklisted” for a global publication or “whitelisted” to only allow specific subnets to use this loadbalancing vserver.
- For white/blacklisting UDP, we need responder policies on UDP; this is a feature request we made to Citrix.
Here is a slide-deck we use in our presentation on Core-Logic-10.3: Slide-Deck
The SAM Office NetScaler team.