This article contains information about securing communication between NetScaler appliances.

Background

By default, communication between the NetScaler appliances are not secure. This includes the propagation and synchronization communications between the NetScaler appliances in a high availability pair and the Metric Exchange Protocol (MEP) propagation between the appliances involved in the Global Server Load Balancing setup.

The RPC page of the network node contains information about how to communicate with other NetScaler appliances on the network. This includes the password used to authenticate on each instance.

Instructions

To secure the communication between NetScaler appliances on a network, complete the following procedure from the command line interface of an appliance:

1. Run the following command to verify if the RPC nodes are already secured:
   show rpcNode

   1)IPAddress: 10.16.1.100 Password: 8a7b474124957776a0cd31b862cbe4d72b5cbd59868a136d4bdeb56cf03b28
   Retry: 1 SrcIP: 10.16.1.100
   Secure: OFF

2. If the value for Secure parameter is "OFF" as highlighted in bold face in the preceding output, then run the following command to make the RPC node secure:
   set rpcnode <IP_Address> -secure YES

3. Run the following command to verify if the RPC node is secured:
   show rpcnode

   1)IPAddress: 10.16.1.100 Password: 8a7b474124957776a0cd31b862cbe4d72b5cbd59868a136d4bdeb56cf03b28
   Retry: 1 SrcIP: 10.16.1.100
   Secure: ON

By default, the NetScaler appliance uses a NetScaler-owned subnet IP (SNIP) address or mapped IP (MIP) address as the source IP address for an RPC node, but you can configure the appliance to use a specific SNIP address or MIP address. For more information refer to Citrix Documentation - Configuring Site-to-Site Communication