Netscaler Connector

This section details how to configure the Netscaler Connector.

Required By

Netscaler Trigger

Prerequisites

On the Netscaler side, you need to create a technical user for Horizon.

This account should be allowed to manage the API Management interface, and should have the following command policy:

  • Action: ALLOW

  • Command Spec: (^\S+\s+system\s+file\s\S+\s.*)|(^\S+\s+ssl\s+certKey.*)

This allows Horizon to upload and delete certificate files, as well as managing the SSL Cert Key objects.

After performing these steps, you will get the following information, required later:

  • the technical user login/username

  • the technical user password

How to configure Netscaler Connector

1. Log in to Horizon Administration Interface.

2. Access Netscaler Connectors from the drawer or card: Third Parties  Netscaler  Connectors.

3. Click on Add Connector.

4. Fill the mandatory fields.

General

  • Name* (string input):
    Enter a meaningful connector name. It must be unique for each connector. Horizon uses the name to identify the connector.

  • Netscaler hostname* (string input):
    Enter the Netscaler hostname (DNS or IP address).

  • Netscaler credentials* (select):
    Select Login credentials containing the username and password created for Horizon in the Netscaler.

  • Certificate store path* (string input):
    Path where certificates are stored on the Netscaler.

  • Max stored certificates per holder (int):
    When specified, define the maximum number of certificates stored in the third party for a given holder.

  • Prefix (string input):
    Used to filter the certificates managed by Horizon in the Netscaler. hrz- by default.

  • Proxy (string select):
    The HTTP/HTTPS proxy to use.

  • Timeout* (finite duration):
    Set by default at 10 seconds. Must be a valid finite duration.

  • TLS Insecure (boolean):
    If enabled, TLS validation will ignore expired, invalid or untrusted certificates.

This is not recommended for production usage

Actors and renewal management

These configuration elements mainly define the number of authorized interactions with the remote service on a defined period. For example, one needs to ensure that the remote service will not be contacted more than 5 times per 3 seconds. Throttle parallelism defines the number of times and Throttle duration the period of time. Therefore, on the above example, throttle parallelism would be set to 5 and throttle duration would be set to 3 seconds.

  • Throttle duration* (finite duration):
    Set by default at 3 seconds. Must be a valid finite duration.

  • Throttle parallelism* (int):
    Set by default at 3.

  • Renewal period* (finite duration):
    Must be a valid finite duration.

5. Click on the save button.

You can update Edit Connector or delete Delete Connector the Netscaler Connector.

You will not be able to delete an Netscaler Connector if it is referenced in any other configuration element.

Synchronize your third party

Your third-party certificates can be synchronized with Horizon using scheduled tasks.

Scheduled tasks are a functionality of WebRA that allows to synchronize automatic renewal or revocation events with a third party periodically with what occurs on a WebRA profile. To be more specific, it will periodically check whether the certificate has entered the "renewal period" that was defined in the connector’s configuration, and renew it automatically if necessary.

1. Refer to the third party connector documentation to create a third party connector.

2. Ensure you have an existing WebRA Profile: renewal will be automated on the selected profile.

3. Follow the documentation of the WebRA Scheduled Tasks section to properly configure a scheduled task.