Does Serv-U MFT supports SFTP Encryption offload at the NetScaler Load Balancer?
2 Serv-U MFT Servers are behind a Citrix Netscaler Load Balancer.
Client connects to netscaler load balancer with the SSH key then netscaler passes the traffic non encrypted traffic directly to the Serv-U server
I cannot confirm if Serv-U supports SFTP encryption offload at a NetScaler Load Balancer, however I can confirm that it can be achieved... Is there any reason why you would want the NetScaler to pass the traffic non-encrypted rather than continuing the encryption all the way through to Serv-U or is that the current situation that you are trying to get away from?
Are you using Serv-U Gateway or any additional software with MFT?
Thanks for the response. I have a customer that would like to implement SFTP over SSH for a new MFT domain.
They are planning to Load Balance their 2 MFT Serv-U Servers behind a Citrix NetScaler Load Balancer
So the client connects to netscaler with the SSH key then netscaler passes the traffic non encrypted traffic directly to the server.
The customer doesn't have Serv-U Gateway. Only the 2 MFT Serv-U servers.
Yes I think this is my support call
I worked with citrix late last week to attempt SSL Offload, spent over 2 hrs with them
This is their response
As discussed yesterday, we could confirm that the requirement to do the SSL Offloading for SFTP over SSH is not feasible requirement (or a feasible use case) to achieve on NetScaler. It is confirmed that we were able to make the Setup working with TCP protocol on port 22. You can also refer to this article for your reference: https://www.ssh.com/ssh/sftp/
Thank you and as discussed, I will archive this case for now.
Hi, I have asked the same question of Citrix and am hoping they can assist (netscaler is their product, another reverse proxy)
The reasoning behind offloading the encryption traffic is to enable accelaration, and have the appliance perform the encryption/decryption rather than server - ie performance
I am testing this concept in a test environment, so far no luck with connecting a client
Citrix article suggest passing through the SSH traffic to the server
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.