Netscaler express allows now to have affordable third-party solution to protect your AWS cloud. Netscaler licences are free you just need a t2.medium instance, that will cost you like 40$/m. So why is that worth it ?
- Centralized publication of your services
- Security, with SSL Profiles as well as Cipher groups you can ensure you always have on all your service maximum SSL security (Also called SSL Labs A+ ;-))
- Provide from a single IP address all your services for maximum of flexiblity, monitoring and security, one Security Group for your VIP is the central access.
- Don’t expose your web-servers directly. All SSL and requests
- Custom URL rules, allow flexibility on how services are provided to your users.
Enough on why it is cool.
Let’s start on the setup. Prepare 6 Subnet I use /26 so I can have up to 61 instances of Netscaler, that will be more than enough more or less what ever can happend.
So for 2 AZ I created 3 subnets, 1 for SNIP, 1 for VIP and finally 1 for NSIP.
Then I created equivalent Security Groups, for SNIP I allow nothing IN everything OUT, for my webservers I allow nothing out and only SNIPs in on the ports I want to publish. Finally on NSIP I only allow management from my personal machine, that’s it.
Then you can go ahead and do your setup, just remember that the first login is nsroot and the instanceID of the appliance in EC2 but don’t forget to change it.Tags: AWS, Cloud, Netscaler, Security