0

Background on a question: we have a domain (www.example.com) that point to multiple servers with an SSL Wildcard *.example.com aka hitting a VIP (I am not an expert on VIP would love to learn more).

The question is we are performing a Proof of Concept and want to use (newsite.example.com) aka new site. What needs to happen to allow the call from the Internet to be directed to the server hosting the (newsite.example.com). FYI netscaler is being used. All we need is port: 443 opened to use Microsoft Azure, but I am unsure about the VIP (traffic system that can direct the call to the server for (newsite.example.com).

Please comment on something I might have missed. I am not sure what to ask for and what teams to go after where I work. I hate to be restricted to more information, but I am bound to security and privacy. Thank you Server Fault community.

Luca Gibelli
  • 2,731
  • 1
  • 22
  • 30
Moojjoo
  • 87
  • 1
  • 10
  • Are you asking what to open from the NetScaler to the webservers hosting newsite.example.com? Note the wildcard cert is irrelevant - you can put that on any of the web hosts (pending restrictions). Fundamentally you'll need DNS setup to point newsite.example.com to the IP of the VIP, port 443 opened to it and the VIP properly pointing to the web servers behind it hosting the new site. – jouell Apr 08 '18 at 02:20

1 Answers1

1

You want to set up a new context switch for newsite.example.com on the NetScaler, as described here:

https://support.citrix.com/article/CTX124471

From a high level point of view, you must add a policy for newsite:

 HTTP.REQ.HOSTNAME.EQ("newsite.example.com")

and then you need to point it to the webserver hosting newsite.example.com.

You only need to identify who is responsible for your NetScaler at work and ask them for this small config change.

You don't need a new IP and you don't need a new SSL cert.

Luca Gibelli
  • 2,731
  • 1
  • 22
  • 30
  • Luca, thank you for the great response. The new IP is in play because a new Virtual Machine was setup for this Proof of Concept (POC) and the SSL Cert is needed because the POC is to get internal Windows server 2014 R2 running on premises SharePoint 2013 to allow out side emails such as @gmail.com; @yahoo.com, etc. etc. to be housed in the Azure AD and use that with the Azure AD Connector to authenticate these users. I will begin hunting down the NetScaler team and request the change. – Moojjoo Apr 09 '18 at 04:45