Agnostic GSLB – How-to

Before proceeding, a disclaimer: no NetScalers were harmed when writing this post. They were not even used.

Great! No NetScalers, that means cheap as there is no cheap NetScaler. Well, there is a free one, severely bandwidth limited and the NetScaler Gateway SKU that you could buy for USD 995, what I do believe it is still the case. That said, there is still some limitation on the bandwidth but for many environments (Citrix of course if NSG is used) that may suffice.

Knowing that we used no NetScalers, let’s first understand why this is an agnostic solution. The reason is simple: it works with ANYTHING. It can be Microsoft RDS, Parallels RAS, Citrix Virtual Apps/Desktops and even VMware Horizon. For this blog post I used Parallels RAS but again, the exact same idea will apply to any solution. To get this going, this is what you need to do:

  1. Logon to your Azure portal. Yes, this solution relies on Azure Traffic Manager and even though it is not free, it is damn cheap. Once in the portal, create a traffic manager profile. It will ask you the name you want to use. This is the name that will be appended to This means if you choose rds-gslb, your unique name will be

2. In my case I selected ‘Priority’ for the routing method. Once that is done, the next step is to add ‘Endpoints’. In my case, I added two external ones, each one pointing to the external IP addresses of my two Parallels RAS environments:

3. Looking at my traffic manager profile configuration this is now what is seen (note I am using a simple TCP monitoring on port 443 as this is the only port opened from the outside to the RAS Secure Gateways. Of course you can use HTTP/HTTPS and then set the expected path/status code to determine the endpoint as healthy):

4. With everything added, yours should look like this:

5. The final step is to go into the DNS settings for your domain and create a CNAME record for the FQDN you will use for your users (i.e. pointing to the FQDN created for your traffic manager profile (i.e. Simple.

6. As this is a Parallels RAS environment (but again, could be RDS, Citrix or VMware) on my Parallels RAS client, I configured it to connect to my FQDN, When launching it and logging in, this is what I see:

Going into the endpoints in the Azure portal and disabling the top priority one, once I refresh the Parallels RAS client, this is what I get:

This is done by just refreshing the client. No need to do a DNS flush (as the TTL is set to 10 seconds on Azure) or even close the client! It is that simple.

Now the beauty here and what makes this way more powerful than traditional GSLB IMHO is the fact you can use PowerShell to retrieve metrics from the environment, metrics the NetScaler GSLB is not even aware of. For example, total number of ‘Active Sessions’ for the environment, CPU/Memory utilization on any server part of the environment (i.e. a highly loaded file server or database), etc. Anything really. And still, with PowerShell you can easily flip the endpoints on Azure. This is an example of the code required:

To login to Azure (of course assumes the Azure PS Module is there)

To get a subscription:

To set the default subscription:
Select-AzSubscription -Subscription "My Demos"

Adding a profile with two External endpoints:
$profile = New-AzureRmTrafficManagerProfile -Name myprofile -ResourceGroupName MyRG -TrafficRoutingMethod Priority -RelativeDnsName ras-gslb -Ttl 10 -MonitorProtocol TCP -MonitorPort 443
Add-AzureRmTrafficManagerEndpointConfig -EndpointName DC1 -TrafficManagerProfile $profile -Type ExternalEndpoints -Target EnterIP1 -Priority 1 -EndpointStatus Enabled
Add-AzureRmTrafficManagerEndpointConfig -EndpointName DC2 -TrafficManagerProfile $profile -Type ExternalEndpoints -Target EnterIP2 -Priority 2 -EndpointStatus Enabled
Set-AzureRmTrafficManagerProfile -TrafficManagerProfile $profile

Modifying the endpoints:
$profile = Get-AzureRmTrafficManagerProfile -Name myprofile -ResourceGroupName MyRG
$profile.Endpoints[0].Priority = 2
$profile.Endpoints[1].Priority = 1
Set-AzureRmTrafficManagerProfile -TrafficManagerProfile $profile

And as i mentioned on Twitter, if you are running two NetScaler Gateways (the cheap USD 995 ones), one on each datacenter, you can create a GSLB setup using the Azure traffic manager. No need for any SKU that gives you GSLB. Considering how cheap this is on Azure, it will take years and years of Azure charges to make up for the money you save by going with the cheaper SKU.

More than that and as mentioned, this works with RDS Gateways, VMware Horizon Connection Servers and any other solution really.

So give it a try and let me know what you see.