Using High Availability

A high availability deployment of two Citrix Gateway appliances can provide uninterrupted operation in any transaction. When you configure one appliance as the primary node and the other as the secondary node, the primary node accepts connections and manages servers while the secondary node monitors the primary. If, for any reason, the primary node is unable to accept connections, the secondary node takes over.

The secondary node monitors the primary by sending periodic messages (often called heartbeat messages or health checks) to determine whether the primary node is accepting connections. If a health check fails, the secondary node retries the connection for a specified period, after which it determines that the primary node is not functioning normally. The secondary node then takes over for the primary (a process called failover).

After a failover, all clients must reestablish their connections to the managed servers, but the session persistence rules are maintained as they were before the failover.

With Web server logging persistence enabled, no log data is lost due to the failover. For logging persistence to be enabled, the log server configuration must carry entries for both systems in the log.conf file.

The following figure shows a network configuration with a high availability pair.

Figure 1. Citrix Gateway Appliances in a High Availability Configuration

HA failover

The basic steps to configure high availability are as follows:

  1. Create a basic setup, with both nodes in the same subnet.
  2. Customize the intervals at which the nodes communicate health-check information.
  3. Customize the process by which nodes maintain synchronization.
  4. Customize the propagation of commands from the primary to the secondary.
  5. Optionally, configure fail-safe mode to prevent a situation in which neither node is primary.
  6. Configure virtual MAC addresses if your environment includes devices that do not accept Citrix Gateway gratuitous ARP messages.

When you are ready for a more complex configuration, you can configure high availability nodes in different subnets.

To improve the reliability of your high availability setup, you can configure route monitors and create redundant links. In some situations, such as when troubleshooting or performing maintenance tasks, you might want to force a node to fail over (assign primary status to the other node), or you might want to force the secondary node to stay secondary or the primary node to stay primary.

Using High Availability

In this article