Configure StoreFront With Netscaler 10.1

In a few steps I’ll try to describe how I’ve configured StoreFront on the Citrix Netscaler with build 10.1. I suppose you already have a Netscaler running, a running XenApp environment, but no StoreFront installed and configured. Many things can be done by the commandline, but I choosed the easy with the GUI. So I guess, just watch ;–)


Installing Storefront

  • Download StoreFront from

  • Accept the agreement:

  • Next:

  • Install:

  • Finish:


Make sure you request an internal IP-address for the loadbalancing StoreFront vServer. In my case there are 2 Netscalers (HA) available in a two-arm configuration, separate VLANs, and a range 172.16.16.x for the Netscaler internal IP-addresses; I will use Also arrange a few more IP-addresses ( and if you have more stores like me (ASP and CLOUD XenApp 6/6.5 stores) with translation to a public IP.


  • Add a DNS record:

  • Add a public DNS record which points your URL to the public IP for storefront (for example

Configure StoreFront

  • Add the delivery controller(s), choose type and enter a store name:

  • Next:

  • Select no VPN tunnel and press add:

  • Now enter a name for the Netscaler Gateway, URL and choose the logon type:

  • Add STA URLs:

  • Create:

  • Finalize:

Configure StoreFront 2

  • Don’t forget to enter the correct internal beacon ( and correct external beacon(s) per gateway/store
  • Enable Remote Access
  • Enable Domain Pass Through
  • Propagate settings to 2nd StoreFront server


You can SSL offload your StoreFront, in my case I choosed an HTTPS Base URL so I need to have a SSL certificate (internal)

  • Generate a CSR for the base URL on your CA

  • Open IIS and enable HTTPS and bind the certificate you received


  • On Storefront server 1 (dependable on how many you have) open an elevated notepad and enter the following:

  • On Storefront server 2 (dependable on how many you have) open an elevated notepad and enter the following:

Now we will continue the steps on the Netscaler



  • Add the 2 server on the Netscaler (under Servers):


  • Now add for each server a monitor (select StoreFront type and add store name):


  • Configure for each server a service by entering a name and select SSL:

  • In advanced select Client IP and enter X-Forwarded-For:

  • Import (tutorial here) SSL certificate (internal SF) and select it:

StoreFront loadbalancing vServer

  • Configure loadbalancing vServer, select the services and enter the loadbalancing StoreFront IP:

  • Method Least Connection, Source IP and backup persistence (if needed):

  • Bind the SSL certificate (internal SF) and select it:

Netscaler Gateway

  • Create New Netscaler Gateway:

  • Enter the name and IP-address, select SSL and FQDN of the gateway:

  • Choose the correct certificate for your URL (supposingly you’ve already imported it on your Netscaler):

  • Now grab the preferred authentication from the dropdown list (I’ve already configured LDAP in the past):

  • Enter the Enterprise Store Settings (XenApp/StoreFront) like you see here:

  • Finish the installation (session profile and policy will be made and bind immediately)


Yeah, you’re damn ready!