Netscaler adm

Netscaler adm DEFAULT

Navigation

The older 12.1 version of Citrix ADM is detailed in a different post.

ūüí° = Recently Updated

Change Log

Planning

Why ADM?

Citrix Application Delivery Management (ADM), formerly known as NetScaler Management and Analytics System (MAS), enables every Citrix ADC (formerly known as NetScaler) administrator to achieve the following:

  • Alert notifications – Receive email alerts whenever something goes down. For example, if a Load Balancing service goes down, you can receive an email alert.
    • ADM can email you for any SNMP trap produced by any ADC appliance.
  • Automatically backup all Citrix ADC instances.
    • ADM can even transfer the backups to an external system, which is then backed up by a normal backup tool.
  • SSL Certificate Expiration – Alert you when SSL certificates are about to expire.
    • Show you all SSL certificates across all ADC appliances.
  • Configuration Record and Play – Use the Configuration Recorder to configure one ADC appliance, and then push out the same configuration changes to additional appliances. This is the easiest method of managing ADC appliances in multiple datacenters.
  • AppFlow Reporting – Receive ICA AppFlow traffic from ADC and show it in graphs.
    • Integrate ADM with Citrix Director so Help Desk can see the AppFlow data.

Everything listed above is completely free, so there’s no reason not to deploy ADM.

ADM Overview

For an overview of ADM, see Citrix’s YouTube video¬†Citrix NetScaler MAS: Application visibility and control in the cloud.

Citrix Tech Zone Citrix Application Delivery Management (ADM) Overview Cheat Sheet

Cloud vs on-prem

ADM is available both on-premises, and as a Cloud Service. For the Cloud Service, you import a ADM Agent appliance to an on-prem hypervisor, or deploy a ADM Agent to AWS or Azure. The ADM Agent is the broker between the Cloud Service and the on-prem (or cloud hosted) Citrix ADC appliances. For more info on the ADM Cloud Service, see the following:

The rest of this article focuses on the on-premises version, but much of it also applies to the Cloud Service.

On-premises ADM Licensing:

  • Instance management is free (unlimited). This includes Configuration Jobs, Instance Backups, Network Functions/Reporting. Basically everything in the Networks node is free.
  • Analytics and Application monitoring are free for up to 30 Virtual Servers (Load Balancing, Citrix Gateway, Content Switching, etc.).

ADM version – The version/build of Citrix ADM must be the same or newer than the version/build of the Citrix ADC appliances being monitored. ADM 13 can monitor many ADC appliance versions including version 11.1, version 12.1, and version 13.0.

HDX Insight

See CTX239748 for a list of HDX Insight Quality Improvements in Citrix Gateway 12.1 and newer. These include:

  • NSAP protocol for reduced performance impact on ADC
  • EDT support

HDX Insight Requirements (aka AppFlow Analytics for Citrix ICA traffic):

  • Your ADC appliance must be running Enterprise Edition or Platinum Edition.
  • ADC must be 10.1 or newer.
  • HDX Insight works with the following Receivers:
    • Receiver for Windows must be 3.4 or newer. Or upgrade to Workspace app.
    • Receiver for Mac must be 11.8 or newer. Or upgrade to Workspace app.
    • Receiver for Linux must be 13 or newer. Or upgrade to Workspace app.
    • No mobile Receivers. See the Citrix Receiver Feature Matrix for the latest details.
  • For ICA Session Reliability with AppFlow: NetScaler 10.5 build 54 and newer.
    • For ICA Session Reliability, AppFlow, and ADC High Availability: NetScaler 11.1 build 49 and newer.
  • For EDT (UDP-based ICA), Citrix ADC must be 12.1 build 49 or newer.
  • AppFlow statistics are only generated when ICA traffic flows through a Citrix Gateway. Internally, when a user clicks an icon from StoreFront, an ICA connection is established directly from¬†Receiver to¬†the VDA, thus bypassing the internal ADC. Here are some methods of getting ICA traffic to flow through an internal ADC:
    • Implement Citrix Gateway ICA Proxy (SSL) internally.
    • Route ICA traffic (TCP/UDP 1494 and TCP/UDP 2598) through a ADC SNIP, and ADC routes it to the VDAs.
    • ADC 11 and newer can proxy ICA traffic through a¬†SOCKS protocol Cache Redirection vServer.
    • Citrix Docs¬†How NetScaler Insight Center is Deployed in a Network¬†and Enabling HDX Insight Data Collection¬†detail additional ICA routing/proxy considerations ‚Äď Transparent Mode, Citrix Gateway Single-Hop and Double-Hop, LAN User Mode (ADC as SOCKS Proxy), CloudBridge, Multi-Hop (ADC and CloudBridge with connection chaining)
  • A new Receiver / Workspace app Virtual Channel named¬†NetScaler App Experience or NSAP can dramatically reduce the CPU needed on the ADC to process AppFlow. Details at Citrix Blog Post¬†HDX Insight 2.0. NSAP requires the following:
    • VDA 7.17 or newer, including VDA 1903. VDA 7.15 (LTSR) does not include the NSAP functionality.
    • Workspace app or Receiver 4.10 and newer.
    • ADC 12.0 build 57.24 or newer, including ADC 12.1 and ADC 13.
  • For ICA round trip time calculations, in a Citrix Policy, enable the following settings:
    • ICA > End User Monitoring > ICA Round Trip Calculation
    • ICA > End User Monitoring > ICA Round Trip Calculation Interval
    • ICA > End User Monitoring > ICA Round Trip Calculation for Idle Connections
  • Citrix¬†CTX215130¬†HDX Insight Diagnostics and Troubleshooting Guide¬†contains the following contents:
    • Introduction
    • Prerequisites for Configuring HDX Insight
    • Troubleshooting
      • Issues Related to ICA parsing
      • Error Counter details
    • Checklist before Contacting Citrix Technical Support
    • Information to collect before Contacting Citrix Technical support
    • Known Issues

Citrix CTX204274 How ICA RTT is calculated on NetScaler Insight: ICA RTT constitutes the actual application delay. ICA_RTT = 1 + 2 + 3 + 4 +5 +6:

  1. Client OS introduced delay
  2. Client to NS introduced network delay (Wan Latency)
  3. NS introduced delay in processing client to NS traffic (Client Side Device Latency)
  4. NS introduced delay in processing NS to Server (XA/XD) traffic (Server Side Device Latency)
  5. NS to Server network delay (DC Latency)
  6. Server (XA/XD) OS introduced delay (Host Delay)

Multi-Datacenter Deployment Architecture

In a main datacenter, import two Citrix ADM appliances into the same subnet and configure them as an HA pair with a Floating IP address.

In a DR datacenter, import a DR node Citrix ADM appliance, and configure it to replicate with the main datacenter.

For Citrix ADC appliances in additional datacenters, import two ADM Agent appliances into each datacenter. Remote ADC instances are discovered and managed through remote ADM agents.

  • The virtual appliance for ADM Agent is different than the normal ADM appliance.
  • Documentation at¬†Configure multisite deployment at Citrix Docs, and will be detailed later in this post.

Import ADM Appliance

If you are upgrading an existing ADM or MAS, skip to the Upgrade section.

There are two different ADM appliances:

  • ADM appliance for the main datacenter, including High Availability, and for the DR node.
  • ADM Agent appliance for remote datacenters

To import a ADM Appliance into vSphere, do the following:

  1. Download Citrix ADM Image for ESX.
    • The download page for ADM has two different images: one called ADM Image, and one called ADM Agent Image. The first image should be the non-agent image.
  2. Extract the downloaded .zip file for the non-agent image.
  3. In vSphere Web Client, right-click a cluster, and click Deploy OVF Template.
  4. In the Select an OVF Template page, select Local file, and browse to the Citrix ADM .ovf files. If vCenter 6.5 or newer, select all three files. Click Next.

  5. In the Select name and folder page, enter a name for the virtual machine, and select an inventory folder. Then click Next.
  6. In the Select a resource page, select a cluster or resource pool, and click Next.
  7. In the Review details page, click Next.
  8. In the Select storage page, select a datastore. Due to high IOPS requirement, SSD is recommended.
  9. Change the virtual disk format to Thin Provision. Click Next.
  10. In the Select networks page, choose a valid port group, and click Finish.
  11. In the Ready to Complete page, click Finish.
  12. Before powering on the appliance, you can review its specs. Right-click the virtual machine, and click Edit Settings.
  13. Review the specs. Citrix Docs VMware ESXi Hardware Requirements has recommended specs.
  14. The OVF defaults to 8 vCPU and 32 GB of RAM.
  15. You can add a second hard disk at this time.
  16. Citrix Docs Attach an additional disk to Citrix ADM says that an additional disk must be added before initial deployment.
    • Use the ADM storage calculator to determine the recommended size of the disk. Ask your Citrix Partner for the tool.
    • The new disk must be larger than 120 GB.
    • In ADM 13, the new disk can be larger than 2 TB.
    • In ADM 13, the new disk can be grown later, and ¬†can resize the partition, but only up to 2 TB. If you need more than 2 TB, the initial disk should be larger than 2 TB.
  17. Power on the Virtual Machine.

Appliance IP Address Configuration

  1. Open the console of the virtual machine.
  2. Configure IP address information.
  3. Enter 7 when done.

Second Disk

  1. SSH to the appliance and login as nsrecover/nsroot.
  2. Enter 
  3. Enter to see that there are no existing partitions on the second disk.
  4. Enter  to create partitions on the second disk. A reboot is required.
  5. During the reboot, the database is moved to the second disk.
  6. After the reboot, the Disk Partition Tool info command shows the partition on the second disk.
  7. If you need to increase the size of the disk, reboot the ADM appliance so it detects the larger size. Then use the Disk Partition Tool  command.

Deployment Modes

HA Pair in the Main Datacenter

First Node:

  1. SSH to the first node and login as nsrecover/nsroot.
  2. Enter deployment_type.py.
  3. Enter 1 for Citrix ADM Server.
  4. Enter no when prompted for Citrix ADM Standalone deployment.
  5. For the First Server Node prompt, enter yes.
  6. Enter yes to Restart the system.

Second Node:

  1. Import another ADM appliance to the same subnet, and configure an IP address.
    • Latency to the HA node must not exceed 10 ms.
    • The HA nodes must be on the same subnet.
  2. If you added a second disk to the first ADM appliance, then you must add the same size second disk to the second ADM appliance.
  3. Configure¬†the new nodes’ IP address.
  4. SSH to the second appliance, login as nsrecover/nsroot, and run the Disk Partition tool.
  5. SSH to the second appliance, login as nsrecover/nsroot, and run deployment_type.py.
  6. Enter 1 for Citrix ADM Server.
  7. Enter no when prompted for Citrix ADM Standalone deployment.
  8. Enter no when prompted is this is First Server Node.
  9. Enter the IP address of the first ADM node.
  10. Enter the nsroot password of the first node. The default password is nsroot.
  11. Enter a new Floating IP address.
  12. Enter yes to restart the system.

Deploy HA Configuration:

  1. After both appliances are fully booted, point your browser to the first appliance’s IP address, and login as nsroot/nsroot. It will take several minutes after booting before the ADM appliance is ready.
  2. If you see Customer User Experience Improvement Program, click Enable, or click Skip.
  3. In the What is Application Delivery Management page, click the blue Get Started button.
  4. On the Instances page, click Add Instance. This wizard will keep appearing at logon until you add an instance.
    1. Enter IP Address or FQDN of one of your ADC instances.
    2. The Profile Name contains the password for your ADC nsroot account. To specify the password, you can Edit the built-in ns_nsroot_profile, or you can create a new Profile.
    3. Check the box next to¬†Change Password and enter the ADC’s nsroot password.
    4. Scroll down and click OK to close the ADC Profile window.
    5. Click OK to close the Add Instances window and begin the discovery process.
    6. Click¬†Close when Operation completed successfully. If there’s an error, switch to the Error tab to see more details.
    7. You can add more instances, or just click Next.
  5. In the Customer Identity page, make your choices, and then scroll down and click Next.

  6. In the System Notifications page, check the box next to Send Email and then click Add.
    1. In the Create Email Distribution List page, next to Email Servers, click Add.
    2. Enter your email server details and then click Create to close the Create Email Server window.
    3. Back in the Create Email Distribution List window, enter a From address, enter a To address, and then click Create.
    4. Back in the Getting Started wizard, click Next.
  7. On the Done page, click Finish.
  8. If you want to make any network changes (e.g. DNS servers) to either node, then you must make those changes before you deploy the HA pair. Click the menu icon on the top left. Then go to System > Administration > IP Address, Host Name and Proxy Server.
    1. Enter an Alternate DNS and then click Save.
  9. On the top left, click the menu (hamburger) icon, expand System, and then click Deployment.
  10. In the top right, click Deploy.
  11. Click Yes to reboot.
  12. It takes around 10 minutes to restart.
  13. After deployment, you can now use the Floating IP to manage the appliance.
  14. The System > Deployment page should show both nodes as UP.

Afterwards, you can manage High Availability.

  1. System > Deployment lets you see the HA nodes.
  2. You can Force Failover from here. Note: HA failover only occurs after three minutes of no heartbeats.
  3. On the top right is a HA Settings button that lets you change the Floating IP.

DR Node

Requirements for the DR node:

  • The main datacenter must have an HA pair of ADM appliances. Standalone in the main datacenter is not supported.
  • Latency from the main datacenter HA pair to the DR node must not exceed 200 ms.
  • Ports 5454 and 22 open between the ADM nodes.

To configure a DR node:

  1. Import another ADM appliance into a remote datacenter, and configure an IP address.
  2. If you added a second disk to the main datacenter ADM appliances, then you must add the same size second disk to the DR ADM  appliance.
  3. After configuring the new nodes’ IP address, SSH to the DR appliance and login as¬†nsrecover/nsroot.
  4. Enter deployment_type.py.
  5. Enter 2 for Remote Disaster Recovery Node.
  6. Enter the Floating IP address of the HA pair in the main datacenter.
  7. Enter the nsroot password, which is nsroot by default.
  8. The DR node registers with the ADM HA Pair.
  9. You can change the password of the DR node by running the following command: ./mps/change_freebsd_password.sh <username> <password>
  10. Point your browser to the Floating IP Address and login.
  11. Go to System > Administration.
  12. On the right, in the right column, click Disaster Recovery Settings.
  13. The Registered Recovery Node should already be filled in. Click Deploy DR Node.
  14. Click Yes to enable DR.
  15. A System Backup is performed and replicated to the DR appliance. Click Close when done.
  16. The status of the DR node is displayed. You can click the Refresh icon on the top right to update the display.
  17. ADM 13.0 build 71 and newer have a Sync DR Node button in case it gets out of sync.
  18. Disaster Recovery is not automatic. See the manual DR procedure at at Citrix Docs. Docs also shows how to fail back.

    ADM Agents

    ADM Agents help ADM discover and manage instances on the other side of a high latency WAN link.

    The virtual appliance for ADM Agent is different than the normal ADM appliance.

    1. Download the ADM Agent from the main ADM download page. On the ADM download paged for a particular build, scroll down the page to find the ADM Agent images.
    2. Extract the downloaded .zip file.
    3. Import the .ovf to vSphere.

    4. Edit the settings of the virtual machine to see the allocated CPU and Memory.
    5. There’s no need to add a disk to the Agent.
    6. Power on the ADM Agent virtual machine.
    7. At the virtual machine’s console, configure an IP address.
    8. Login as nsrecover/nsroot.
    9. Run 
    10. Enter the floating IP address of the main ADM HA Pair. Enter nsroot credentials.
    11. The Agent will be registered and services restarted.
    12. To change the nsrecover password on ADM Agents, putty (SSH) to the ADM Agent appliance, login as nsrecover and then run the script at /mps/change_agent_system_password.py
    13. Login to the ADM Floating IP.
    14. Go to Networks > Agents.
    15. On the right, select the ADM Agent, and then click Attach Site.
    16. In the Site drop-down, if you don’t see your site, then you can click the Add button to create a new site.
      1. Enter a name and other location information.
      2. Make sure you enter the coordinates. Google can find coordinates for various locations. If Longitude is West, then the value is negative.
      3. Click Create when done.
    17. Click Save to attach the Site to the Agent. Any ADC instance discovered through this Agent will be attached to the configured Site.
    18. For Agent HA, import two ADM Agents into your hypervisor and attach both Agents to the same Site.
    19. ADM 13.0 build 61 and newer let you change the nsrecover password from the ADM GUI.

    ADM Appliance Maintenance

    Add Instances

    Citrix ADM must discover Citrix ADC instances before they can be managed. Citrix Docs How Citix ADM discovers instances.

    1. Once you’ve built all of the nodes, point your browser to the Citrix ADM Floating IP address, and login as nsroot/nsroot.

    Before adding more instances, ADM needs to know the nsroot password for the new instances. You create Admin Profiles to specify the nsroot passwords.

    1. To edit, or create new Admin Profiles, on the top left, click the hamburger menu icon, and then go to Networks > Instances > Citrix ADC.
    2. On the right, open the menu named Select Action, and click Profiles.
    3. Click the Add button to create an Admin Profile.
    4. In the top half, give the Profile a name and enter the password for the instance’s nsroot account. Create a separate Admin Profile for each unique nsroot password.
    5. In the bottom, make up some SNMP settings. You can do SNMP v3.
    6. Click Continue when done.

    To add more instances:

    1. Click the top left hamburger icon.
    2. Go to Networks > Instances > Citrix ADC.
    3. On the right, select a tab (e.g. MPX), and then click Add.
    4. The Add instance screen is the same as shown during the getting started wizard. To authenticate to the ADC using nsroot, select an existing Profile or create a new one. If you have Sites or Agents, you can select one.

    Tags:

    1. You can assign Tags to instances. See How to create tags and assign to instances at Citrix Docs.

    2. You can then search instances based on the Tags.

    Instance Authentication from ADM

    By default, when you click the blue link for one of the instances, ADM will do single sign-on to the instance using nsroot credentials. This is probably a security risk, or certainly an auditing risk.

    To prevent ADM from doing single sign-on to instances:

    1. In ADM, go to System > Administration.
    2. On the right, click System, Time zone, Allowed URLs and Message of the day.
    3. In the Basic Settings page, check the box next to Prompt Credentials for Instance Login and click Save.

    Citrix ADC SDX

    1. At Networks > Instances > Citrix ADC, on the SDX tab, you can click¬†Add to discover a SDX appliance plus all VPXs on that SDX appliance. You don’t have to discover the VPXs separately.
    2. In the Add Citrix ADC SDX page, click the Add button next to the Profile Name drop-down to create an SDX profile. Note: SDX profiles are different than VPX profiles.
      1. Enter the credentials for the SDX SVM Management Service.
      2. For¬†Citrix ADC Profile, select an admin profile that has nsroot credentials for the VPX instances. After the SDX’s VPX instances are discovered, ADM uses this ADC Profile to login to each VPX. If you don’t have a VPX Admin Profile in your drop-down list, click the Add button. Note: You can only select one ADC Profile. If each VPX instance has different nsroot credentials, you can fix it after SDX discovery has been performed. The ADC Profile is different than the SDX Profile.
      3. Back in the Configure ADC SDX Profile page, enter a new Community string for the SDX SVM. This appears to be SNMP v2 only.
      4. If you need the communication to be http instead of https, then you can uncheck the box for Use global settings for SDX communication.
      5. Click OK when done.
    3. Back in the Add Citrix ADC SDX page, select a Site, and optionally an Agent.
    4. Click OK to start discovery.
    5. After discovery is complete, switch to the VPX tab. You should automatically see the VPX instances.
    6. To specify the nsroot credentials for a VPX, right-click the VPX, and click Edit.
      1. In the Modify Citrix ADC VPX page, either select an existing Profile Name, or click the Add button to create a new one. Click OK when done. It should start rediscovery automatically.
    7. After fixing the nsroot credentials, right-click the VPX instance, and click Configure SNMP. ADM will configure the VPX to send SNMP Traps to ADM.

    Instance management

    • REST API proxy – Citrix ADM can function as a REST API proxy server for its managed instances. Instead of sending API requests directly to the managed instances, REST API clients can send the API requests to Citrix ADM. See¬†Citrix¬†CTX228449¬†Citrix ADM as an API Proxy Server
    • Citrix ADC VPX Check-In/Check-Out Licensing – You can allocate VPX licenses to Citrix ADC instances on demand from Citrix ADM. The Licenses are stored and managed by Citrix ADM, which has a licensing framework that provides scalable and automated license provisioning. A Citrix ADC VPX instance can check out the license from the Citrix ADM when a Citrix ADC VPX instance is provisioned, or check back in its license to Citrix ADM when an instance is removed or destroyed. See Citrix¬†CTX228451¬†Citrix ADC VPX check-in and check-out licensing

    Licenses

    Virtual Server License Packs

    Without Virtual Server licenses, you can enable analytics features on only 30 Virtual Servers. You can install additional licenses in 100 Virtual Server packs. More info at Licensing at Citrix Docs.

    1. On the left menu, go to Networks > Licenses.
    2. On the right, notice the Host ID. You will need this ID when allocating licenses at https://www.citrix.com/account.
    3. At https://www.citrix.com/account, allocate your Citrix ADM licenses to this Host ID.
    4. Then use the Browse button to upload the allocated license file.
    5. Click Finish after uploading the license file to apply it.
    6. The License Expiry Information section shows you the number of installed licenses and when they expire.
    7. You can use the Notification Settings section to email you when licenses are almost fully consumed or about to expire.
    8. Check the box next to Email and select a distribution list.¬†If you don’t have an Email server setup yet, click the Add button to create one.
    9. Click Save when done.

    Allocate licenses to Virtual Servers

    ADM tries to automatically allocate all licenses to Virtual Servers in the order the Virtual Servers are discovered. If you don’t have enough licenses for every Virtual Server that ADM discovers, then you can manually unassign an automatically-allocated ADM Virtual Server license and reassign the license to a different Virtual Server.

    1. Go to System > Licensing & Analytics to see the number of currently installed (Entitled) licenses, and the number of Licensed virtual servers.
    2. By default, Auto Licensed Virtual Servers is enabled. If you disable this setting, then the Configure License button appears.
    3. Click the Configure License button.
    4. The top right shows you the number of licensed vs Entitled Virtual Servers.
    5. You can sort by Type. Or use the search box to filter the list of Virtual Servers.
    6. The Licensed column shows you the Virtual Servers that are licensed. You can select a Licensed Virtual Server and Unlicense it.
    7. Select a Virtual Server you want to license, and then click the License button.
    8. You can also Enable Analytics from here.

    All licensed Virtual Servers are shown on the Applications > Dashboard page.

    Enable AppFlow / Insight / Analytics

    Citrix ADC 12.1 and newer have an additional port TCP 5563 from ADC SNIP to ADM for Metrics Collector.

    You can only enable Analytics (i.e. AppFlow) on Virtual Servers that are licensed.

    1. Go to Networks > Instances > Citrix ADC.
    2. On the right, switch to one of the instance type tabs (e.g. VPX).
    3. Select an instance, open the Select Action menu, and click Configure Analytics.
    4. Select one or more Virtual Servers. If they are not licensed, then click the License button.
    5. After licensing, select one or more Virtual Servers and then click the button labelled Enable Analytics.
    6. Different options are available for different types of Virtual Servers.
      • For ICA Proxy Gateways, you want HDX Insight. Gateway Insight provides AAA and EPA info for the Gateway. Leave it set to ICA unless you are doing double-hop ICA.
      • For HTTP Load Balancing Virtual Servers, you want Web Insight. If you are licensed for ADC Premium Edition, then you can also enable Security Insight for Web App Firewall and Bot Protection monitoring.
    7. For appliances that have Gateway Virtual Servers, expand Advanced Options and select Citrix Gateway.
    8. Click OK to enable AppFlow on the Virtual Servers.
    9. Click Close when configuration is complete.
    10. Enable Analytics on more Virtual Servers.
    11. Login to the Citrix ADC (not ADM), and go to System > Settings.
    12. On the right, click Configure Modes.
    13. If you are using LogStream, then make sure ULFD is checked. Click OK.
      enable mode ulfd
    14. On the right, click Change Global System Settings.
    15. Scroll down to ICA port(s) and add 1494 and 2598 to the list. Click OK. (Source = Citrix Discussions)
      set ns param -icaPort 1494 2598
    16. On the right, click Change HTTP Parameters.
    17. At the top, add 80 and 443 to the Http Ports list. Click OK. (Source = Citrix Discussions)
      set ns param -httpPort 80 443
    18. By default, with AppFlow enabled, if an ADC High Availability pair fails over, then all Citrix connections will drop and users must reconnect manually. NetScaler 11.1 build 49 and newer have a feature to replicate Session Reliability state between both HA nodes.
      1. From Session Reliability on NetScaler High Availability Pair at Citrix Docs: Enabling this feature will result in increased bandwidth consumption, which is due to ICA compression being turned off by the feature, and the extra traffic between the primary and secondary nodes to keep them in sync.
      2. On a NetScaler 11.1 build 49 and newer ADC appliance, go to System > Settings.
      3. On the right, in the Settings section, click Change ICA Parameters.
      4. Check the box next to Session Reliability on HA Failover, and click OK.
    19. In a NetScaler 12 or newer instance, at System > AppFlow > Collectors, you can see if the Collector (ADM) is up or not. However, older ADC uses SNIP to verify connectivity, but AppFlow is sent using NSIP, so being DOWN doesn’t necessarily mean that AppFlow isn’t working. Citrix CTX227438 After NetScaler Upgrade to Release 12.0 State of AppFlow Collector Shows as DOWN.
    20. When AppFlow is enabled on a Gateway vServer, an AppFlow policy is bound to the twice to the Gateway: once for Request Policies (i.e. HTTP), and once for ICA Request Policies. You might want to verify that these bindings are actually configured.
    21. On the ADM appliance, AppFlow for ICA (HDX Insight) information can be viewed under the Analytics > HDX Insight node.

    Citrix Blog Post – NetScaler Insight Center ‚Äď Tips, Troubleshooting and Upgrade

    Enable Syslog on Instance

    ADM can configure ADC instances to send Syslog to ADM. Note: this will increase disk space consumption on the ADM appliances.

    1. Go to Networks > Instances > Citrix ADC. On the right, select one of the tabs containing your ADC instance.
    2. On the right, select an instance, open the Select Action drop-down, and click Configure Syslog.
    3. At the top, check the Enable box.
    4. In ADM 13, the Log Level should already be set to Custom with some boxes selected. Feel free to check other boxes while keeping in mind the disk space requirements.
    5. Click OK.

    ADM nsroot Password

    Changing ADM’s nsroot password also changes ADM’s nsrecover password.

    1. In ADM , go to System > User Administration.
    2. On the right, on the tab named Users, select the nsroot account, and click Edit.
    3. Check the box next to Change Password and enter a new password.
    4. You can also specify a session timeout by checking the box next to Configure Session Timeout.
    5. Click OK.

    ADM Agent nsrecover Password

    ADM 13.0 build 61 and newer let you change the nsrecover password from the ADM GUI.

    In older ADM, putty (SSH) to the ADM Agent appliance, login as nsrecover and then run the script at /mps/change_agent_system_password.py

    ADM Management Certificate

    1. The certificate to upload must already be in PEM format. If you have a .pfx, you must first convert it to PEM (Base64 certificate and key files). You can use a ADC’s Import PKCS#12 feature to convert the .pfx to PEM, and then download the converted certificate from the appliance.
      1. On any Citrix ADC, go to Traffic Management > SSL.
      2. On the right, click Import PKCS#12.
      3. Enter a name for a new file that will contain the PEM certificate and PEM key.
      4. Browse to the .pfx file and enter the password.
      5. You can optionally encrypt the PEM key by selecting an Encoding Format and entering an encryption key.
      6. Click OK.
      7. To download the PEM file, go to Manage Certificates / Keys / CSRs.
      8. Scroll to the bottom of the list, right-click the new file, and click Download.
    2. Back in ADM, go to System > Administration.
    3. On the right, in the SSL Settings section, click Install SSL Certificate.
    4. Click Choose File to browse to the PEM format certificate and key files. If the PEM certificate and PEM key are in the same file, then browse to the same file for both fields.
    5. If the keyfile is encrypted, enter the password.
    6. Click OK.
    7. Click Yes to reboot the system.

    8. To force users to use https when accessing the ADM management page, go to System > Administration. On the right, click System, Time zone, Allowed URLs and Message of the day.
    9. On the Basic Settings page, check the box next to Secure Access Only and click Save.

    System Configuration

    1. Go to System > Administration.
    2. On the right, click System, Time zone, Allowed URLs and Message of the day.
      1. Check the box next to Enable Session Timeout, and specify a value.
      2. By default, at Networks > Instances > Citrix ADC , if you click a blue IP address link, ADM does single sign on to the instance using the nsroot credentials. If you want to force ADM users to login using non-nsroot credentials, then in check the bottom box for Prompt Credentials for Instance Login.

      3. Click Save.
      4. On the Time Zone page, configure Time Zone, and then click Save.
      5. On the left, click the Message of the day tab.
      6. On the right, check the box next to Enable Message.
      7. Enter a message, and then click Save.
      8. Click the back arrow when done.
      9. When you login to ADM, you’ll be shown the message.
    3. Configure SSL Settings lets you disable TLS 1 and TLS 1.1.
      1. On the right, click the Protocol Settings section in the Edit Settings section on the right side of the screen.
      2. On the left, uncheck TLSv1 and TLSv1.1. Then click OK.
      3. Click Yes when asked to confirm the restart.

    Prune Settings

    1. At System > Administration, on the right, in the left column, is System and Instance Data Pruning.
    2. System Pruning defaults to deleting System Events, Audit Logs, and Task Logs after 15 days. System events are generated by the ADM appliance, which is different than Instance events (SNMP traps) that are generated by ADC appliances.
      1. If you change anything on these pages, click the Save button before switching to a different tab/node/page.
      2. ADM can initiate a purge automatically as the database starts to get full.
      3. To see the current database disk usage, go to System > Performance and wait a few seconds.
    3. Instance Events page controls when instance SNMP traps are pruned, which defaults to 40 days.
    4. If you are sending Syslog from instances to ADM, then Instance Syslog page controls when the log entries are purged.

    Backup Settings

    1. In System > Administration, in the middle column, under Backup, click Configure System and Instance backup.
    2. System Backup Settings defines how many ADM backups you want to keep. These are ADM backups, not ADC backups.
      1. There’s an option for External Transfer.
      2. System backups (not Instance Backups) are at System > Backup Files.
    3. The Instance page lets you configure how often the instances are backed up.
      1. You probably want to increase the number of instance backups, or decrease the backup interval. The backups are quite small (e.g. 700 KB).
      2. There is an option to perform a backup whenever the ADC configuration is saved.
      3. The Enable External Transfer checkbox lets you transfer the backups to an external system so it can be backed up by your backup tool.
      4. Instance backups can be found at Networks > Instances > Citrix ADC. Right-click an instance, and click Backup/Restore.
      5. You can Restore a backup, Download the backup, or Transfer it to an external system.

    Analytics Settings

    1. There are more settings at Analytics > Settings.
    2. ICA Session Timeout can be configured by clicking the link.
      • If ADM doesn’t receive AppFlow records for a session, it will consider that session has got terminated in ADC and stops monitoring that session further. The time for which ADM needs to wait before considering a session terminated is ICA session timeout. This is configurable in ADM, by default it is set to 15 minutes. (source = Citrix Discussions)
    3. You can configure how the App Score (Application Dashboard) is calculated.

    4. Analytics > Settings > Data Persistence lets you configure how long Analytics data is retained. Adjusting these values could dramatically increase disk space consumption. See CTX224238 How Do I Increase Granularity of Data Points Stored on NetScaler MAS Analytics?.

      • To see the current database disk usage, go to System > Performance and wait a few seconds.

    NTP Servers

    1. On the left, click System > Administration.
    2. On the right, click NTP Servers.
    3. Click Add.
    4. Enter an NTP server, and click Create.

    5. After adding NTP servers, click the NTP Synchronization button.
    6. Check the box next to Enable NTP Synchronization, and click OK.
    7. Click Yes to restart.

    Syslog

    This is for syslog entries generated by ADM server, and not for syslog entries generated by the instances.

    1. Go to System > Audit Log Messages > Syslog Servers.
    2. On the right, click Add.
    3. Enter the syslog server IP address, and select Log Levels. Click Create.
    4. You can click Syslog Parameters to change the timezone and date format.

    Email Notification Server

    1. Go to System > Notifications.
    2. On the right, on the Email tab, click the button named Email Servers.
      1. Click Add.
      2. Enter the SMTP Email server address, and click Create.
    3. In the breadcrumb, click Notifications.
    4. On the right, on the Email tab, and click Add.
      1. Enter an information for a destination distribution list, and click Create.
    5. You can highlight a Distribution List and click the Test button.


    6. On the left, click System > Administration.
    7. On the right, click Change Event Notification and Digest.
      1. Move notification categories (e.g. UserLogin) to the right.
      2. Check the box next to Send Email. Select a notification distribution list. Then click Save.

    Authentication

    1. Go to System > Authentication.
    2. On the right, switch to the tab named LDAP.
    3. Click Add.
    4. This is configured identically to ADC.
      1. Enter a Load Balancing VIP for LDAP.
      2. Change the Security Type to SSL, and Port to 636. Scroll down.
      3. Enter the Base DN in LDAP format.
      4. Enter the bind account credentials.
      5. Check the box for Enable Change Password.
      6. Click Retrieve Attributes, and scroll down.
    Sours: https://www.carlstalhood.com/citrix-application-delivery-management-adm-13/

    Navigation

    The older 12.0 version of NetScaler MAS is detailed in a different post.

    ūüí° = Recently Updated

    Change Log

    Planning

    Why ADM?

    Citrix Application Delivery Management (ADM), formerly known as NetScaler Management and Analytics System (MAS), enables every Citrix ADC (formerly known as NetScaler) administrator to achieve the following:

    • Alert notifications – Receive email alerts whenever something goes down. For example, if a Load Balancing service goes down, you can receive an email alert.
      • ADM can email you for any Major SNMP trap produced by any ADC appliance.
    • Automatically backup all Citrix ADC instances.
      • ADM can even transfer the backups to an external system, which is then backed up by a normal backup tool.
    • SSL Certificate Expiration – Alert you when SSL certificates are about to expire.
      • Show you all SSL certificates across all ADC appliances.
    • Configuration Record and Play – Use the Configuration Recorder to configure one ADC appliance, and then push out the same configuration changes to additional appliances. This is the easiest method of managing ADC appliances in multiple datacenters.
    • AppFlow Reporting – Receive ICA AppFlow traffic from ADC and show it in graphs.
      • Integrate ADM with Citrix Director so Help Desk can see the AppFlow data.

    Everything listed above is completely free, so there’s no reason not to deploy ADM.

    ADM Overview

    For an overview of ADM, see Citrix’s YouTube video¬†Citrix NetScaler MAS: Application visibility and control in the cloud.

    Cloud vs on-prem

    ADM is available both on-premises, and as a Cloud Service. For the Cloud Service, you import a ADM Agent appliance to an on-prem hypervisor, or deploy a ADM Agent to AWS or Azure. The ADM Agent is the broker between the Cloud Service and the on-prem (or cloud hosted) Citrix ADC appliances. For more info on the ADM Cloud Service, see the following:

    The rest of this article focuses on the on-premises version, but much of it also applies to the Cloud Service.

    On-premises ADM Licensing:

    • Instance management is free (unlimited). This includes Configuration Jobs, Instance Backups, Network Functions/Reporting. Basically everything in the Networks node is free.
    • Analytics and Application monitoring are free for up to 30 Virtual Servers (Load Balancing, Citrix Gateway, Content Switching, etc.).

    ADM version¬†–¬†The version/build of Citrix ADM must be the same or newer than the version/build of the Citrix ADC appliances being monitored. ADM 12.1 can monitor 12.0 and older ADC appliances.

    HDX Insight

    See CTX239748 for a list of HDX Insight Quality Improvements in Citrix Gateway 12.1. These include:

    • NSAP protocol for reduced performance impact on ADC
    • EDT support

    HDX Insight Requirements (aka AppFlow Analytics for Citrix ICA traffic):

    • Your ADC appliance must be running Enterprise Edition or Platinum Edition.
    • ADC must be 10.1 or newer.
    • HDX Insight works with the following Receivers:
      • Receiver for Windows must be 3.4 or newer. Or upgrade to Workspace app.
      • Receiver for Mac must be 11.8 or newer. Or upgrade to Workspace app.
      • Receiver for Linux must be 13 or newer. Or upgrade to Workspace app.
      • Notice no mobile Receivers. See the Citrix Receiver Feature Matrix for the latest details.
    • For ICA Session Reliability with AppFlow: NetScaler 10.5 build 54 and newer.
      • For ICA Session Reliability, AppFlow, and ADC High Availability: NetScaler 11.1 build 49 and newer.
    • For EDT (UDT-based ICA), Citrix ADC must be 12.1 build 49 or newer.
    • AppFlow statistics are only generated when ICA traffic flows through a Citrix Gateway. Internally, when a user clicks an icon from StoreFront, an ICA connection is established directly from¬†Receiver to¬†the VDA, thus bypassing the internal ADC. Here are some methods of getting ICA traffic to flow through an internal ADC:
      • Implement Citrix Gateway ICA Proxy (SSL) internally.
      • Route ICA traffic (TCP/UDP 1494 and TCP/UDP 2598) through a ADC SNIP, and ADC routes it to the VDAs.
      • ADC 11 and newer can proxy ICA traffic through a¬†SOCKS protocol Cache Redirection vServer.
      • Citrix Docs¬†How NetScaler Insight Center is Deployed in a Network¬†and Enabling HDX Insight Data Collection¬†detail additional ICA routing/proxy considerations ‚Äď Transparent Mode, Citrix Gateway Single-Hop and Double-Hop, LAN User Mode (ADC as SOCKS Proxy), CloudBridge, Multi-Hop (ADC and CloudBridge with connection chaining)
    • A new Receiver / Workspace app Virtual Channel named¬†NetScaler App Experience or NSAP can dramatically reduce the CPU needed on the ADC to process AppFlow. Details at Citrix Blog Post¬†HDX Insight 2.0. NSAP requires the following:
      • VDA 7.17 or newer, including VDA 1903. VDA 7.15 (LTSR) does not include the NSAP functionality.
      • Workspace app or Receiver 4.10 and newer.
      • ADC 12.0 build 57.24 or newer, including ADC 12.1.
    • For ICA round trip time calculations, in a Citrix Policy, enable the following settings:
      • ICA > End User Monitoring > ICA Round Trip Calculation
      • ICA > End User Monitoring > ICA Round Trip Calculation Interval
      • ICA > End User Monitoring > ICA Round Trip Calculation for Idle Connections
    • Citrix¬†CTX215130¬†HDX Insight Diagnostics and Troubleshooting Guide¬†contains the following contents:
      • Introduction
      • Prerequisites for Configuring HDX Insight
      • Troubleshooting
        • Issues Related to ICA parsing
        • Error Counter details
      • Checklist before Contacting Citrix Technical Support
      • Information to collect before Contacting Citrix Technical support
      • Known Issues

    Citrix CTX204274 How ICA RTT is calculated on NetScaler Insight: ICA RTT constitutes the actual application delay. ICA_RTT = 1 + 2 + 3 + 4 +5 +6:

    1. Client OS introduced delay
    2. Client to NS introduced network delay (Wan Latency)
    3. NS introduced delay in processing client to NS traffic (Client Side Device Latency)
    4. NS introduced delay in processing NS to Server (XA/XD) traffic (Server Side Device Latency)
    5. NS to Server network delay (DC Latency)
    6. Server (XA/XD) OS introduced delay (Host Delay)

    Multi-Datacenter Deployment Architecture

    In a main datacenter, import two Citrix ADM appliances into the same subnet and configure them as an HA pair with a Floating IP address.

    In a DR datacenter, import a Citrix ADM appliance, and configure it to replicate with the main datacenter.

    For Citrix ADC appliances in additional datacenters, import two ADM Agent appliances into each datacenter, and configure them as remote agents to the main datacenter. Two ADM Agents per datacenter enables HA. The virtual appliance for ADM Agent is different than the normal ADM appliance.

    Import ADM Appliance

    If you are upgrading an existing MAS, skip to the Upgrade section.

    To import a ADM Appliance into vSphere, do the following. The same process is used for DR ADM appliance. The ADM Agent appliance is different from the normal ADM appliances that are detailed in this section.

    1. Go to the ADM 12.1 download page. Expand NetScaler MAS Release 12.1. Expand Product Software. Click the latest release of 12.1.
    2. Download the Citrix ADM image for ESX.
    3. Then extract the .zip file.
    4. In vSphere Web Client, right-click a cluster, and click Deploy OVF Template.
    5. In the Select an OVF Template page, select Local file, and browse to the Citrix ADM .ovf files. If vCenter 6.5+, select all three files. Click Next.

    6. In the Select name and folder page, enter a name for the virtual machine, and select an inventory folder. Then click Next.
    7. In the Select a resource page, select a cluster or resource pool, and click Next.
    8. In the Review details page, click Next.
    9. In the Select storage page, select a datastore. Due to high IOPS requirement, SSD or Flash is recommended.
    10. Change the virtual disk format to Thin Provision. Click Next.
    11. In the Select networks page, choose a valid port group, and click Finish.
    12. In the Ready to Complete page, click Finish.
    13. Before powering on the appliance, you can review its specs. Right-click the virtual machine, and click Edit Settings.
    14. Review the specs. Citrix Docs VMware ESXi Hardware Requirements has recommended specs.
    15. The OVF defaults to 8 vCPU and 32 GB of RAM.
    16. You can add a second hard disk at this time.
    17. Citrix Docs Attach an additional disk to Citrix ADM says that an additional disk must be added before initial deployment.
      • Use the ADM storage calculator to determine the recommended size of the disk. Ask your Citrix Partner for the tool.
      • The new disk must be larger than 120 GB.
      • In ADM 12.1, the new disk can be larger than 2 TB.
      • In ADM 12.1, the new disk can be grown later, and¬†¬†can resize the partition, but only up to 2 TB. If you need more than 2 TB, the initial disk should be larger than 2 TB.
    18. Power on the Virtual Machine.

    Appliance IP Address Configuration

    1. Open the console of the virtual machine.
    2. Configure IP address information.
    3. Enter 7 when done.

    Second Disk

    1. SSH to the appliance and login as nsrecover/nsroot.
    2. Enter 
    3. Enter to see that there are no existing partitions on the second disk.
    4. Enter to create partitions on the second disk. A reboot is required.
    5. During the reboot, the database is moved to the second disk.
    6. After the reboot, the Disk Partition Tool info command shows the partition on the second disk.
    7. If you need to increase the size of the disk, reboot the ADM appliance so it detects the larger size. Then use the Disk Partition Tool command.

    Deployment Modes

    HA Pair in the Main Datacenter

    First Node:

    1. SSH to the first node and login as nsrecover/nsroot.
    2. Enter deployment_type.py.
    3. Enter 1 for Citrix ADM Server.
    4. Enter no when prompted for Citrix ADM Standalone deployment.
    5. For the First Server Node prompt, enter yes.
    6. Enter yes to Restart the system.

    Second Node:

    1. Import another ADM appliance to the same subnet, and configure an IP address.
      • Latency to the HA node must not exceed 10 ms.
      • The HA nodes must be on the same subnet.
    2. If you added a second disk to the first ADM appliance, then you must add the same size second disk to the second ADM appliance.
    3. Configure¬†the new nodes’ IP address.
    4. SSH to the second appliance, login as nsrecover/nsroot, and run the Disk Partition tool.
    5. SSH to the second appliance, login as nsrecover/nsroot, and run deployment_type.py.
    6. Enter 1 for Citrix ADM Server.
    7. Enter no when prompted for Citrix ADM Standalone deployment.
    8. Enter no when prompted is this is First Server Node.
    9. Enter the IP address of the first MAS node.
    10. Enter the nsroot password of the first node. The default password is nsroot.
    11. Enter a new Floating IP address.
    12. Enter yes to restart the system.

    Deploy HA Configuration:

    1. Point your browser to the first appliance’s IP address, and login as nsroot/nsroot.
    2. If you see Customer User Experience Improvement Program, click Enable, or click Skip.
    3. The System > Deployment page is displayed. In the top right, click Deploy.
    4. Click Yes to reboot.
    5. After deployment, you can now use the Floating IP to manage the appliance.
    6. After the reboot, login again. You’ll see a Wizard to add instances.

    After the add instance wizard is complete, you can manage High Availability.

    1. System > Deployment lets you see the HA nodes.
    2. You can Force Failover from here. Note: HA failover only occurs after three minutes of no heartbeats.
    3. On the top right is a HA Settings button that lets you change the Floating IP.

    DR Node

    Requirements for the DR node:

    • The main datacenter must have an HA pair of ADM appliances. Standalone in the main datacenter is not supported.
    • Latency from the main datacenter HA pair to the DR node must not exceed 200 ms.

    To configure a DR node:

    1. Import another ADM appliance into a remote datacenter, and configure an IP address.
    2. If you added a second disk to the main datacenter ADM appliances, then you must add the same size second disk to the DR ADM  appliance.
    3. After configuring the new nodes’ IP address, SSH to the DR appliance and login as¬†nsrecover/nsroot.
    4. Enter deployment_type.py.
    5. Enter 2 for Remote Disaster Recovery Node.
    6. Enter the Floating IP address of the HA pair in the main datacenter.
    7. Enter the nsroot password, which is nsroot by default.
    8. The DR node registers with the MAS HA Pair.
    9. Point your browser to the Floating IP Address and login.
    10. Go to System > System Administration.
    11. On the right, in the right column, click Disaster Recovery Settings.
    12. The Registered Recovery Node should already be filled in.
    13. Check the box next to Enable Disaster Recovery, and click Apply Settings.
    14. Click Yes to enable DR.
    15. A System Backup is performed and replicated to the DR appliance.
    16. Disaster Recovery is not automatic. See the manual DR procedure at at Citrix Docs.

      ADM Agents

      The virtual appliance for ADM Agent is different than the normal ADM appliance.

      1. Download the ADM Agent from the main ADM download page. Scroll down the page to find the ADM Agent images. Note: The ADM Agent has a newer build number than the ADM image due to a security vulnerability.
      2. Extract the downloaded .zip file.
      3. Import the .ovf to vSphere.

      4. Edit the settings of the virtual machine to see the allocated CPU and Memory.
      5. Power on the ADM Agent virtual machine.
      6. At the virtual machine’s console, configure an IP address.
      7. Login as nsrecover/nsroot.
      8. Run 
      9. Enter the floating IP address of the main ADM HA Pair. Enter nsroot credentials.
      10. The Agent will be registered and services restarted.
      11. Login to the ADM Floating IP.
      12. Go to Networks > Agents.
      13. On the right, select the ADM Agent, and then click Attach Site.
      14. In the Site drop-down, if you don’t see your site, then you can click the Add button to create a new site.
      15. Enter a name, enter a search location, and click Get Location to get the coordinates. Click Create when done.
      16. Click Save to attach the site.
      17. For HA, import two ADM Agents into the same Site.

      ADM Appliance Maintenance

      Add Instances

      Citrix ADM must discover Citrix ADC instances before they can be managed. Citrix Docs How Citix ADM discovers instances.

      1. Once you’ve built all of the nodes, point your browser to the Citrix ADM Floating IP address, and login as nsroot/nsroot.
      2. Deployment should already be done, so click Next.
      3. On the Add New Instances page, click Add Instance near the top right.
      4. Enter the NSIP address of a Citrix ADC appliance.
        • CItrix ADM supports up to 400 ms latency to the instances.
      5. Click Edit next to ns_nsroot_profile.
      6. Check the box next to Change Password.
      7. Type in the nsroot password, and then scroll down.
      8. The Citrix ADC Profile defaults to using https for instance communication. You can change it by unchecking Use global settings for Citrix ADC communication.
      9. Click OK.
      10. Select the Site for the instance. You can click Add to create a Site.
      11. For remote sites, you can optionally choose a ADM Agent.
      12. Then click OK to add the instance.
      13. A progress window will appear. Click Close when complete.
      14. You can add more instances, or just click Next.
      15. In the Customer Identity page, make your choice, then click Next or Skip.
      16. In the Done page, click Finish.

      To add more instances later:

      1. Click the top left hamburger icon.
      2. Go to Networks > Instances > Citrix ADC.
      3. On the right, select a tab (e.g. MPX), and then click Add.
      4. To edit, or create new Admin Profiles, go to Networks > Instances > Citrix ADC, and on the right is a Profiles button.

      5. ADM 12.1 build 49 and newer lets you assign Tags to instances. See How to create tags and assign to instances at Citrix Docs.

      6. You can then search instances based on the Tags.

      Citrix ADC SDX

      1. At Networks > Instances > Citrix ADC, on the SDX tab, you can click¬†Add to discover a SDX appliance, and all VPXs on that SDX appliance. You don’t have to discover the VPXs separately.
      2. In the Add Citrix ADC SDX page, click the Edit button next to the Profile Name drop-down to edit nssdx_default_profile. Or you can click the Add button to create a new SDX Profile. Note: SDX profiles are different than VPX profiles.
      3. Enter the credentials for the SDX SVM Management Service.
      4. For¬†Citrix ADC Profile, select an admin profile that has nsroot credentials for the VPX instances. After the VPXs are discovered, ADM uses the ADC Profile to login to each VPX. If you don’t have a VPX Admin Profile in your drop-down list, click the Add button. Note: You can only select one ADC Profile. If each VPX instance has different nsroot credentials, you can fix it after SDX discovery has been performed. The ADC Profile is different than the SDX Profile.
        1. In the Create Citrix ADC Profile page, enter the nsroot credentials for the VPX instances, and then scroll down.
        2. Enter a new SNMP Security Name or Community String.
        3. Then click Create.
      5. Back in the Configure ADC SDX Profile page, enter a new Community string for the SDX SVM. This appears to be SNMP v2 only.
      6. You can uncheck the box for Use global settings for SDX communication, and change the protocol.
      7. Click OK when done.
      8. Back in the Add Citrix ADC SDX page, select a Site, and optionally an Agent.
      9. Click OK to start discovery.
      10. After discovery is complete, switch to the VPX tab. You should automatically see the VPX instances.
      11. To specify the nsroot credentials for a VPX, right-click the VPX, and click Edit.
        1. In the Modify Citrix ADC VPX page, either select an existing Profile Name, or click the Add button to create a new one. Click OK when done. It should start rediscovery automatically.
      12. After fixing the nsroot credentials, right-click the VPX instance, and click Configure SNMP. ADM will configure the VPX to send SNMP Traps to ADM.

      Instance management

      • REST API proxy – Citrix ADM can function as a REST API proxy server for its managed instances. Instead of sending API requests directly to the managed instances, REST API clients can send the API requests to Citrix ADM. See¬†Citrix¬†CTX228449¬†NetScaler MAS as an API Proxy Server
      • Citrix ADC VPX Check-In/Check-Out Licensing – You can allocate VPX licenses to Citrix ADC instances on demand from Citrix ADM. The Licenses are stored and managed by Citrix ADM, which has a licensing framework that provides scalable and automated license provisioning. A Citrix ADC VPX instance can check out the license from the Citrix ADM when a Citrix ADC VPX instance is provisioned, or check back in its license to Citrix ADM when an instance is removed or destroyed. See Citrix¬†CTX228451¬†NetScaler VPX Check-In/Check-Out Licensing with NMAS

      Licenses

      Virtual Server License Packs

      Without licenses, you can enable analytics features on only 30 Virtual Servers. You can install additional licenses in 100 Virtual Server packs. More info at Licensing at Citrix Docs.

      1. On the left, go to Networks > Licenses.
      2. On the right, notice the Host ID.
      3. At mycitrix.com, allocate your Citrix ADM licenses to this Host ID.
      4. Then use the Browse button to upload the allocated license file.
      5. Click Finish after uploading the license file to apply it.
      6. The License Expiry Information section shows you the number of installed licenses and when they expire.
      7. You can use the Notification Settings section to email you when licenses are almost fully consumed or about to expire.
      8. If you don’t have an Email server setup yet, click the Add button to create one.

      Allocate licenses to Virtual Servers

      You can manually unassign an automatically-allocated ADM Virtual Server license and reassign it to a different Virtual Server.

      1. Go to Networks> Licenses > System Licenses to see the number of currently installed licenses, and the number of managed virtual servers.
      2. By default, Auto-select Virtual Servers is enabled. If you disable this setting, then the Click to select button appears.
      3. Click the Click to select button.
      4. The top right shows you the number of licensed Virtual Servers.
      5. In the left, select the type of Virtual Server you want to unlicense or license.
      6. On the right, the License Type column indicates if the Virtual Server is licensed or not.
      7. Select a Virtual Server you want to license, and then click the Apply Basic License button. Note: you might have to unlicense a different Virtual Server first.
      8. Click Close when done.

      Enable AppFlow / Insight / Analytics

      1. Go to Networks > Instances > Citrix ADC.
      2. On the right, switch to one of the instance type tabs (e.g. VPX).
      3. Select an instance, open the Select Action menu, and click Configure Analytics.
      4. At the top of the page are boxes you can check.
      5. Down the page, in the Application List section, with Load Balancing selected in the View list, select your StoreFront load balancer, and then click Enable AppFlow. If you don’t see your Virtual Server in this list, then you first need to assign a Virtual Server License.
      6. In the Enable AppFlow window, do the following:
        1. In the larger Expression box, type in true.
        2. For newer ADC appliances, change the Transport Mode selection to Logstream instead of IPFIX. Notice the firewall requirement for TCP port 5557.
        3. Select Web Insight.
        4. If App Firewall is enabled on the vServer, then also select Security Insight.
        5. Client Side Measurement injects JavaScript in HTTP responses to measure page load times and can sometimes cause problems in Receiver / Workspace app.
      7. Click OK.
      8. Use the View drop-down to select Citrix Gateway.
      9. Right-click a Citrix Gateway Virtual Server, and click Enable AppFlow.
      10. In the Enable AppFlow window, do the following:
        1. In the Select Expression drop-down, select true.
        2. For newer ADC appliances, change the Transport Mode to Logstream. Notice the firewall warning.
        3. Select both ICA and HTTP. The HTTP option is for Gateway Insight.
        4. The TCP option is for the second appliance in double-hop ICA. If you need double-hop, then you’ll also need to run on both appliances. See Enabling Data Collection for NetScaler Gateway Appliances Deployed in Double-Hop Mode at Citrix Docs for more information.
        5. The AppFlow processing impact on the ADC is much reduced if you run VDA 7.16 or newer (including VDA 1903), Workspace app or Receiver 4.10 and newer, and ADC 12.0 build 57.24 or newer (including NetScaler 12.1). VDA 7.15 (LTSR) does not include the new AppFlow NSAP functionality. Details at Citrix Blog Post HDX Insight 2.0.
      11. Click OK.
      12. Login to the Citrix ADC (not ADM), and go to System > Settings.
      13. On the right, click Configure Modes.
      14. If you are using LogStream, then make sure ULFD is checked. Click OK.
        enable mode ulfd
      15. On the right, click Change Global System Settings.
      16. Scroll down to ICA port(s) and enter 1494 and 2598. Click OK. (Source = Citrix Discussions)
        set ns param -icaPort 1494 2598
      17. On the right, click Change HTTP Parameters.
      18. At the top, add 80 and 443 to the Http Ports list. Click OK. (Source = Citrix Discussions)
        set ns param -httpPort 80 443
      19. By default, with AppFlow enabled, if a ADC High Availability pair fails over, all Citrix connections will drop, and users must reconnect manually. NetScaler 11.1 build 49 and newer have a feature to replicate Session Reliability state between both HA nodes.
        1. From Session Reliability on NetScaler High Availability Pair at Citrix Docs: Enabling this feature will result in increased bandwidth consumption, which is due to ICA compression being turned off by the feature, and the extra traffic between the primary and secondary nodes to keep them in sync.
        2. On a NetScaler 11.1 build 49 and newer ADC appliance, go to System > Settings.
        3. On the right, in the Settings section, click Change ICA Parameters.
        4. Check the box next to Session Reliability on HA Failover, and click OK.
      20. In a NetScaler 12 or newer instance, at System > AppFlow > Collectors, you can see if the Collector (ADM) is up or not. However, ADC uses SNIP to verify connectivity, but AppFlow is sent using NSIP, so being DOWN doesn’t necessarily mean that AppFlow isn’t working. Citrix¬†CTX227438¬†After NetScaler Upgrade to Release 12.0 State of AppFlow Collector Shows as DOWN.

      21. On the ADM appliance, AppFlow for ICA (HDX Insight) information can be viewed MAS under the Analytics > HDX Insight node.

      Citrix Blog Post – NetScaler Insight Center ‚Äď Tips, Troubleshooting and Upgrade

      Enable Syslog on Instance

      ADM can configure ADC instances to send Syslog to ADM. Note: this will increase disk space consumption on the ADM appliances.

      1. Go to Networks > Instances > Citrix ADC. On the right, select a tab..
      2. On the right, select an instance, open the Select Action drop-down, and click Configure Syslog.
      3. Uncheck¬†All and check the other boxes. You probably don’t want¬†Debug or None. Click¬†OK.

      ADM nsroot Password

      Changing the nsroot password also changes the nsrecover password.

      1. In ADM , go to System > User Administration > Users.
      2. On the right, select the nsroot account, and click Edit.
      3. Check the box next to Change Password and enter a new password.
      4. You can also specify a session timeout by checking the box next to Configure Session Timeout.
      5. Click OK.

      Management Certificate

      The certificate to upload must already be in PEM format. If you have a .pfx, you must first convert it to PEM (separate certificate and key files). You can use a ADC to convert the .pfx, and then download the converted certificate from the appliance.

      1. Go to System > System Administration.
      2. On the right, in the Set Up Citrix ADM section, click Install SSL Certificate.
      3. Click Choose File to browse to the PEM format certificate and key files. If the keyfile is encrypted, enter the password. Click OK.
      4. Click Yes to reboot the system.

      System Configuration

      1. Go to System > System Administration.
      2. On the right, modify settings (e.g. Change System Time Zone) as desired.

      3. Click Change System Settings.
        1. Check the box next to Enable Session Timeout, and specify a value.
        2. By default, at Networks > Instances > Citrix ADC , if you click a blue IP address link, it opens the instance in a new web page, and logs in automatically using the nsroot credentials. If you want to force ADM users to login using non-nsroot credentials, in Modify System Settings, check the bottom box for Prompt Credentials for Instance Login.

        3. Click OK when done.
      4. Configure SSL Settings lets you disable TLS 1 and TLS 1.1.
        1. Click the Protocol Settings section in the Edit Settings section on the right side of the screen.
        2. On the left, uncheck TLSv1 and TLSv1.1. Then click OK and Close.
        3. A restart is required.

      Message of the Day

      In ADM 12.1 build 50 and newer, you can configure a Message of the day.

      1. In ADM, on the left, go to System > System Administration.
      2. On the right, in the System Settings section, click Configure message of the day.
      3. Enter a message and click OK.
      4. When you login to ADM, you’ll be shown the message.

      Prune Settings

      1. At System > System Administration, on the left are Prune Settings.
      2. System Prune Settings¬†…
        1. …defaults to deleting System Events, Audit Logs, and Task Logs¬†after¬†15¬†days. System events are generated by the MAS appliance, which is different than¬†Instance events (SNMP traps) that are generated by ADC appliances.
        2. MAS can initiate a purge automatically as the database starts to get full.
        3. If you click the pencil next to the purge threshold value, you can configure an alarm for when the database gets full.

      3. To see the current database disk usage, go to System > Statistics.
      4. Instance Events prune Settings controls when instance SNMP traps are pruned, which defaults to 40 days.

      5. If you are sending Syslog from instances to MAS, Instance Syslog Purge Settings controls when the log entries are purged.

      Backup Settings

      1. In the right column, under Backup Settings, are additional settings.
      2. System Backup Settings defines how many MAS backups you want to keep.

      3. Instance Backup Settings lets you configure how often the instances are backed up.
        1. You probably want to increase the number of instance backups, or decrease the backup interval.
        2. There is an option to perform a backup whenever the ADC configuration is saved.
        3. The Enable External Transfer checkbox lets you transfer the backups to an external system so it can be backed up by your backup tool.

      Analytics Settings

      1. There are more settings at Analytics > Settings.
      2. ICA Session Timeout can be configured by clicking the link.
        • If ADM doesn’t receive AppFlow records for a session, it will consider that session has got terminated in ADC and stops monitoring that session further. The time for which ADM needs to wait before considering a session terminated is ICA session timeout. This is configurable in ADM, by default it is set to 15 minutes. (source = Citrix Discussions)
      3. You can configure how the App Score (Application Dashboard) is calculated.

      4. Analytics > Settings > Data Persistence lets you configure how long Analytics data is retained. Adjusting these values could dramatically increase disk space consumption. See CTX224238 How Do I Increase Granularity of Data Points Stored on NetScaler MAS Analytics?.

        • To see the current database disk usage, go to System > Statistics.

      NTP Servers

      1. On the left, click System > NTP Servers.
      2. On the right, click Add.
      3. Enter an NTP server, and click Create.

      4. After adding NTP servers, click the NTP Synchronization button.
      5. Check the box next to Enable NTP Synchronization, and click OK.
      6. Click Yes to restart.

      Syslog

      This is for log entries generated by ADM, and not for log entries generated by instances.

      1. Go to System > Auditing > Syslog Servers.
      2. On the right, click Add.
      3. Enter the syslog server IP address, and select Log Levels. Click Create.
      4. You can click Syslog Parameters to change the timezone and date format.

      Email Notification Server

      1. Go to System > Notifications > Email.
      2. On the right, on the Email Servers tab, click Add.
      3. Enter the SMTP server address, and click Create.
      4. On the right, switch to the Email Distribution List tab, and click Add.
      5. Enter an address for a destination distribution list, and click Create.
      6. In ADM 12.1 build 49 and newer, you can highlight a Distribution List and click the Test button.


      7. On the left, click System > Notifications.
      8. On the right, click Change Notification Settings.
      9. Move notification categories (e.g. UserLogin) to the right.
      10. Check the box next to Send Email. Select a notification distribution list. Then click OK.

      Authentication

      1. Go to System > Authentication > LDAP.
      2. On the right, click Add.
      3. This is configured identically to ADC.
        1. Enter a Load Balancing VIP for LDAP.
        2. Change the Security Type to SSL, and Port to 636. Scroll down.
        3. Enter the Base DN in LDAP format.
        4. Enter the bind account credentials.
        5. Check the box for Enable Change Password.
        6. Click Retrieve Attributes, and scroll down.
        7. For Server Logon Attribute, select sAMAccountName.
        8. For Group Attribute, select memberOf.
        9. For Sub Attribute Name, select cn.
        10. To prevent unauthorized users from logging in, configure a Search Filter. Scroll down.
        11. If desired, configure Nested Group Extraction.
      4. Click Create.
      5. On the left, go to System > User Administration > Groups.
      6. On the right, click Add.
        1. Enter the case sensitive name of your Citrix ADC Admins AD group.
        2. Move the admin Permission to the right.
        3. The Configure User Session Timeout checkbox lets you configure a session timeout.
        4. Click Next.
        5. On the Authorization Settings page, if you are delegating limited permissions, you can uncheck these boxes and delegate specific entities.
          • All DNS Domain Names¬†(GSLB) is an option for Stylebooks in ADM 12.1 build 49 and newer.
        6. Click Create Group.
        7. In the Assign Users page, click¬†Finish. Group membership comes from LDAP, so there’s no need to add local users.
      7. On the left, go to System > User Administration.
      8. On the right, click User Lockout Configuration.
      9. If desired, check the box next to Enable User Lockout, and configure the maximum logon attempts. Click OK.
      10. On the left, go to System > Authentication.
      11. On the right, click Authentication Configuration.
      12. Change the Server Type to EXTERNAL, and click Insert.
      13. Select the LDAP server you created, and click OK.
      14. Make sure Enable fallback local authentication is checked, and click OK.

      Analytics Thresholds

      1. Go to Analytics > Settings > Thresholds.
      2. On the right, click Add.
      3. Enter a name.
      4. Use the Traffic Type drop-down to select HDX, WEB, SECURITY, or APPANALYTICS.
      5. Use the Entity drop-down to select a category of alerts. What you choose here determines what’s available as Metrics when you click Add Rule.
        1. With HDX as the Traffic Type, to add multiple rules for multiple Entity types, simply change the Entity drop-down before adding a new rule.
        2. If the Traffic Type is HDX, and the Entity drop-down is set to Users, on the bottom in the Configure Geo Details section, you can restrict the rule so it only fires for users for a specific geographical location.

      6. In the Notification Settings section, check the box to Enable Treshold.
      7. Check the box to Notify through Email, and select an existing Email Distribution List.
      8. Click Create.

      Private IP Blocks

      You can define Geo locations for internal subnets.

      1. Go to Analytics > Settings > IP Blocks.
      2. On the right, click Add.
      3. In the Create IP Blocks page:
        1. Enter a name for the subnet.
        2. Enter the starting and ending IP address.
        3. Select a Geo Location (Country, Region, City). As you change the fields, the coordinates are automatically filled in.
      4. Click Create.

      Instance Email Alerts (SNMP Traps)

      You can receive email alerts whenever a ADC appliance sends a critical SNMP trap.

      1. On the left, go to Networks > Events > Rules.
      2. On the right, click Add.
      3. Give the rule a name.
      4. Move Severity filters (e.g. Major, Critical) to the right by clicking the plus icon next to each Severity.
      5. While scrolling down, you can configure additional alert filters. Leaving them blank will alert you for all categories, objects, and instances.
      6. On the bottom of the page, in the Event Rule Actions section, click Add Action.
      7. In the Add Event Action page:
        1. Select an Action Type (e.g. Send e-mail Action).
        2. Select the recipients (or click the Add button to add recipients).
        3. Optionally, enter a Subject and/or Message.
        4. In ADM 12.1 build 49 and newer, if you enter a Subject, you can check Prefix severity, category, and failure object information to the custom email subject.
        5. Emails can be repeated by selecting Repeat Email Notification until the event is cleared.
      8. Click OK.
      9. Then click Create.
      10. See the Event Management section at All how to articles at Citrix Docs.

      Events Digest

      ADM can email you a daily digest (PDF format) of system and instance events

      To enable the daily digest:

      1. Go to System > Notifications.
      2. On the right, click Configure Event Digest Settings.
      3. Uncheck the box next to Disable Event Digest.
      4. Configure the other settings as desired, and click OK.

      Director Integration

      Integrating Citrix ADM with Director¬†adds Network tabs to Director’s¬†Trends and Session Details views. Citrix Blog Post¬†Configure Director with Netscaler Management & Analytics System (MAS)

      Requirements:

      • Citrix Virtual Apps and Desktops (CVAD) must be licensed for¬†Platinum Edition. This is only required for the Director integration. Without Platinum, you can still access the HDX Insight data by going visiting the Citrix ADM website.
      • Director must be 7.11 or newer for Citrix ADM support.

      To link Citrix Director with Citrix ADM:

      1. On the Director server, run C:\inetpub\wwwroot\Director\tools\DirectorConfig.exe /confignetscaler.
      2. Enter the Citrix ADM nsroot credentials.
      3. If HTTPS Connection (recommended), the Citrix ADM certificate must be valid and trusted by both the Director Server and the Director user’s browser.
      4. Enter 1 for Citrix ADM (aka MAS).
      5. Do this on both Director servers.

      Use Citrix ADM

      Networks

      Everything under the Networks node is free.

      At Networks > Instances, select an instance, and view its Dashboard.

      ADM 12.1 adds a series of tabs to the Instance Dashboard.

      Backups are available by selecting an instance, and clicking Backup/Restore.

      Sours: https://www.carlstalhood.com/netscaler-management-and-analytics-system-mas-12-1/
      1. Harlequin paperback books
      2. Samsung smart tv 2017 models
      3. Rustic italian decorating ideas

      Extend Citrix NetScaler ADM for End-to-End Citrix Monitoring

      Citrix Application Delivery Management (ADM) ‚Äď previously called as Citrix NetScaler Management and Analytics System (MAS) – is a centralized management solution that provides administrators with the ability to manage and monitor Citrix application networking products from a single, unified console. Citrix ADM includes a number of modules including Web Insight, HDX Insight, Gateway Insight, Security Insight, SSL Insight, TCP Insight, Video Insight, and WAN Insight. For an organization using¬†Citrix virtual apps¬†or virtual desktops, HDX Insight is the one that is most applicable.

      Simplify Citrix NetScaler Monitoring ¬Ľ

      Citrix ADM collects monitoring information from the network, using the Citrix ADC (NetScaler) ¬†devices as data sources. Hence, the monitoring is 100% agentless ‚Äď no agents are required on the virtual app servers or virtual desktop VMs.

      Citrix ADM and Citrix NetScaler diagramCitrix ADM architecture

      How Citrix ADM Offers Value for Citrix Virtual App and Desktop Monitoring

      Since it takes a network-centric view of performance Citrix ADM complements performance metrics collected from other desktop or server-based monitoring tools. There are two main areas where Citrix ADM value-adds to a Citrix deployment:

      • Network latency from different geographic locations: Citrix deployments are often geographically dispersed. Users connect from remote locations to the server farm. Many a times, if access latency is high, Citrix performance suffers.

        ICA/HDX Round Trip Time (RTT) is the elapsed time from when the user hits a key until the response is displayed back at the end point. This is neither calculated by the Citrix ADC nor by Citrix ADM. This value is calculated in the virtual apps/desktops level, which will be picked up by Citrix ADC and provided to Citrix ADM.

        By monitoring ICA RTT, Citrix ADM provides useful information for troubleshooting Citrix problems. For example, if users from a specific location are having latency problems, administrators can look at multiple user sessions from the same location and conclude that the performance issue is specific to that location.

      • Comparing HDX round-trip time vs. network round-trip time for each and every user session: For long, Citrix admins have believed that many Citrix issues are being caused by poor network connections. With Citrix ADM, they can compare the HDX and network latency. If both latencies are high, it is clearly due to the network (because the HDX protocol operates above the network layer). Citrix ADM also breaks network latency into WAN latency and data center (DC) latency. If the WAN latency is high, it points a problem in the user‚Äôs connection to the Citrix farm. On the other hand, DC latency is attributable to the data center network.
      • How Citrix ADM breaks down WAN latency and DC latencyHow Citrix ADM Breaks Down WAN Latency and DC Latency

      With Citrix ADM, Citrix admins can also track:

      • What sessions are in progress: This can be useful for determining the usage of your Citrix virtual app and desktop services.
      • How HDX virtual channels are being used: Citrix ADCs, the source of Citrix ADMs‚Äô data, can tap into the HDX channels and report on the bandwidth usage over each HDX virtual channel.
      • The health, usage and performance of the individual Citrix ADC/NetScaler devices

      Provided an organization has the necessary licenses, Citrix ADM is a useful tool in a Citrix administrator’s kitty.

      Why Citrix ADM is Not Sufficient for Monitoring Citrix Virtual Apps and Desktops?

      At the same time, Citrix ADM is not sufficient to address all the monitoring needs of a Citrix administrator supporting Citrix XenApp or XenDesktop services. There are many reasons for this:

      • Lacks support for synthetic monitoring of Citrix user experience: Over the years, it has been well established that synthetic monitoring is an effective way of tracking¬†Citrix user experience. One form of synthetic monitoring is the¬†Citrix Logon Simulator, a tool that repeatedly logs into a Citrix farm every few minutes and reports on the success/failure of Citrix logins and the availability of applications.
      • Lacks visibility into all aspects of real user experience: Slow Citrix logins¬†have often been a big problem for Citrix admins. Citrix ADM does not report on Citrix login times. And if Citrix login is slow, Citrix ADM cannot provide insights into why: is it due to Active Directory authentication, GPO processing, logon script processing, etc. These details require¬†insights gleaned¬†from the XenApp servers and XenDesktop VMs. Being a network-centric tool, Citrix ADM does not have this visibility.
      • No server-side view: Citrix ADM has only a network-based view of performance. It has no insights into what is happening on the XenApp servers or XenDesktop VMs. So, consider a case where a memory leak in one of the applications is slowing accesses to XenApp servers. Citrix ADM will report that HDX latency is high, but it cannot diagnose the problem to a memory leak in the specific application. And if you want to plan for capacity growth, the first thing you need to determine is how much more CPU or memory or disk or servers you need to add ‚Äď something you cannot get from Citrix ADM.
      • No visibility into specific Citrix tiers: Citrix architectures today have a multitude of tiers. In-depth insights into the performance of these tiers is required to troubleshoot problems quickly. For example, a Citrix VDA may be in an unregistered state on the delivery controller because of a time synchronization issue. A Citrix PVS server may be causing slowness because of many device retries. Detailed insights and KPIs into each of these tiers is required for effective Citrix performance management.
      • It is not an end-to-end performance monitoring solution: Performance issues in Citrix supporting components ‚Äď virtualization, storage, cloud, Active Directory, profile servers, etc. can result in Citrix slowness. Citrix ADM does not have insight into these components.

      Therefore, even if you have deployed, or are considering deploying, Citrix ADM, you will need to augment this with tools that provide you with the server-side view of the infrastructure. After all, a decade ago, Citrix technologies used to be referred to as ‚ÄúServer-Based Computing‚ÄĚ!

      eG Enterprise¬†for Citrix XenApp and XenDesktop complements Citrix ADM. You have eG Enterprise integrate with Citrix ADM and provide a total end-to-end view of Citrix performance ‚Äď from network to server, from desktop to storage, and from user experience to application process usage.

      Sours: https://www.eginnovations.com/blog/citrix-netscaler-adm/
      How to upgrade Citrix ADC using Citrix ADM Service

      Product Overview

      AMI for the Citrix Application Delivery Management agent software that facilitates the secure remote management of NetScaler instances deployed within the AWS VPC via the Application Delivery Management Service.

      Version

      Citrix ADM Service Agent 13.1-12.32

      Operating System

      Linux/Unix, FreeBSD Other Linux

      Highlights

      • Enables secure channel for configuration, logs and telemetry data between managed NetScaler instances within AWS and the Citrix Application Delivery Management Service.
      • Agent software works as an intermediary between the cloud service and managed NetScaler instances within the AWS VPC.
      • Allows application teams to easily manage their NetScaler instances remotely deployed in AWS VPC and derive application performance, security and application infrastructure analytics.

      Pricing Information

      Usage Information

      Support Information

      Customer Reviews

      Sours: https://aws.amazon.com/marketplace/pp/prodview-wuhs2ryexcf6e

      Adm netscaler

      Citrix ADC & Citrix ADM Ansible modules

      This repository provides Ansible modules for configuring Citrix ADC instances. It uses the NITRO REST API. All form factors of Citrix ADC are supported.

      To learn more about Automation of Citrix ADC, check out the blog here.

      Table of contents

      Module renaming

      Note that as of this commit all modules were renamed to match the new Citrix product names.

      See here for reference.

      All modules which previously started with the prefix have been renamed to to start with the prefix.

      All new modules will follow this convention as well.

      Until these changes are integrated into the Ansible distribution the Citrix ADC module names will differ depending on where they were installed from.

      Documentation

      Extended documentation is hosted at readthedocs.

      List of implemented modules

      Currently the following modules are implemented

      ADC modules

      Included in the collection

      • citrix_adc_appfw_confidfield - Configuration for configured confidential form fields resource
      • citrix_adc_appfw_fieldtype - Configuration for application firewall form field type resource
      • citrix_adc_appfw_global_bindings - Define global bindings for AppFW
      • citrix_adc_appfw_htmlerrorpage - Configuration for configured confidential form fields resource
      • citrix_adc_appfw_jsoncontenttype - Configuration for JSON content type resource
      • citrix_adc_appfw_learningsettings - Configuration for learning settings resource
      • citrix_adc_appfw_policy - Manage Citrix ADC Web Application Firewall policies
      • citrix_adc_appfw_policylabel - Manage Citrix ADC Web Application Firewall policy labels
      • citrix_adc_appfw_profile - Manage Citrix ADC Web Application Firewall profiles
      • citrix_adc_appfw_settings - Manage Citrix ADC Web Application Firewall settings
      • citrix_adc_appfw_signatures - Configuration for configured confidential form fields resource
      • citrix_adc_appfw_wsdl - Configuration for configured confidential form fields resource
      • citrix_adc_appfw_xmlcontenttype - Configuration for XML Content type resource
      • citrix_adc_appfw_xmlerrorpage - Configuration for configured confidential form fields resource
      • citrix_adc_appfw_xmlschema - Configuration for configured confidential form fields resource
      • citrix_adc_cs_action - Manage content switching actions
      • citrix_adc_cs_policy - Manage content switching policy
      • citrix_adc_cs_vserver - Manage content switching vserver
      • citrix_adc_dnsnsrec - Configuration for name server record resource
      • citrix_adc_gslb_service - Manage gslb service entities in Citrix ADC
      • citrix_adc_gslb_site - Manage gslb site entities in Citrix ADC
      • citrix_adc_gslb_vserver - Configure gslb vserver entities in Citrix ADC
      • citrix_adc_lb_monitor - Manage load balancing monitors
      • citrix_adc_lb_vserver - Manage load balancing vserver configuration
      • citrix_adc_nitro_info - Retrieve information from various NITRO API endpoints
      • citrix_adc_nitro_request - Issue Nitro API requests to a Citrix ADC instance
      • citrix_adc_nitro_resource - Create, update, delete resources on Citrix ADC
      • citrix_adc_password_reset - Perform default password reset
      • citrix_adc_save_config - Save Citrix ADC configuration
      • citrix_adc_server - Manage server configuration
      • citrix_adc_service - Manage service configuration in Citrix ADC
      • citrix_adc_servicegroup - Manage service group configuration in Citrix ADC
      • citrix_adc_ssl_certkey - Manage ssl certificate keys
      • citrix_adc_sslcipher - Manage custom SSL ciphers
      • citrix_adc_sslcipher_sslciphersuite_binding - Manage SSL cipher and SSL ciphersuite bindings
      • citrix_adc_sslprofile_sslcipher_binding - Manage SSL profile and SSL cipher bindings
      • citrix_adc_system_file - Upload systemfile to ADC

      ADM modules

      Included in the collection

      • citrix_adm_application - Manage applications on Citrix ADM
      • citrix_adm_dns_domain_entry - Manage Citrix ADM domain names
      • citrix_adm_login - Login to a Citrix ADM instance
      • citrix_adm_logout - Logout from a Citrix ADM instance
      • citrix_adm_mpsgroup - Manage Citrix ADM user groups
      • citrix_adm_mpsuser - Manage Citrix ADM users
      • citrix_adm_ns_facts - Retrieve facts about Citrix ADM managed instances
      • citrix_adm_poll_instances - Force the poll instances network function on the target Citrix ADM
      • citrix_adm_rba_policy - Manage Citrix ADM rba policies
      • citrix_adm_rba_role - Manage Citrix ADM rba roles
      • citrix_adm_stylebook - Create or delete Citrix ADM stylebooks
      • citrix_adm_tenant_facts - Retrieve facts about Citrix ADM tenants

      workflows list

      The following NITRO API endpoints have their workflow dictionaries available for use with the module.

      The workflows yaml file can be found here.

      Pre-requisites

      • NITRO Python SDK
      • Ansible
      • Python 2.7 or 3.x

      Installation

      Setting up prerequisites

      Using (recommended)

      Use of a python virtualenv during installation is recommended.

      • Activate the virtualenv ()
      • Install all dependencies by running from the project checkout.

      Global environment

      • Install Ansible ()
      • Install NetScaler SDK ()

      Installing ADC and ADM modules and plugins

      To install the available collections from the repository directly:

      # ADC modules and connection plugin ansible-galaxy collection install git+https://github.com/citrix/citrix-adc-ansible-modules.git#/ansible-collections/adc # ADM modules ansible-galaxy collection install git+https://github.com/citrix/citrix-adc-ansible-modules.git#/ansible-collections/adm

      To install the available collections from a local checkout of the repository:

      # ADC modules and connection plugincd ansible-collections/adc ansible-galaxy collection build ansible-galaxy collection install citrix-adc-<semver>.tar.gz # ADM modulescd ansible-collections/adm ansible-galaxy collection build ansible-galaxy collection install citrix-adm-<semver>.tar.gz

      Usage

      All modules are intended to be run on the ansible control machine or a jumpserver with access to the Citrix ADC appliance. To do this you need to use the or the options in your playbooks.

      There are sample playbooks in the directory.

      Detailed documentation for each module can be found in the htmldoc directory.

      Documentation regarding the Citrix ADC appliance configuration in general can be found at the following link, http://docs.citrix.com/en-us/netscaler/11-1.html

      Secure variable storage

      Some input variables used by the Citrix ADC ansible modules contain sensitive data.

      Most notably .

      Other variables may also be considered security sensitive depending on the use case. For example a user may not want to expose backend service IPs since it gives an attacker insight into the network topology used.

      In production environments it is recommended to keep the values of these variables encrypted until they are needed by the playbook. Ansible offers the ansible-vault utility which can be used to encrypt individual variables or entire files.

      When the contents are needed the command can take arguments which will point to the encrypted content and decrypt it as needed.

      For more information see the full documentation

      NITRO API TLS

      By default the parameter is set to . This leaves all NITRO API request and response data unencrypted and it is not recommended for production environments.

      Set the to in order to have all NITRO API communication encrypted.

      By default the Citrix ADC comes with a self signed TLS certificate. If you intend to use https with this certificate you need to set the parameter to .

      For production environments it is recommended to use trusted TLS certificate so that is set to .

      Please consult the Citrix ADC secure deployment guide where among other things the usage of trusted TLS certificates is documented.

      Citrix ADM proxied calls

      There is also the ability to proxy module NITRO calls through a Citrix ADM to a target ADC.

      In order to do that you need a NITRO Python SDK that has the MAS proxy calls capability and also follow these 2 steps.

      1. First acquire a nitro authentication token with the use of the operation.
      2. Next all subsequent module invocations should have the option set to , replace the and authentication options with the acquired from the previous step and finally include the option to instruct MAS to which citrix ADC to proxy the calls.

      A sample playbook is provided in the samples directory. mas_proxied_server.yaml

      Citrix ADM service calls

      There is the option for citrix_adm modules to be executed targetting the ADM service instead of an on prem ADM.

      This mode of execution relies on first getting a by logging in the ADM service and using this token for all subsequent module calls.

      Also the option must be set as well as having the .

      Examples can be found in this folder.

      Citrix ADC connection plugin

      The Citrix ADC connection plugin allows the use of standard Ansible modules, such as and , with Citrix ADC.

      Installation

      The connection plugin is included in the citrix.adc collection.

      Usage

      In order for a standard Ansible module to work properly with the Citrix ADC connection plugin the following conditions must hold true.

      • Modify the playbook so that it uses the connection plugin ().
      • Citrix ADC does not have the python interpreter path defined, so one should pass this path when defining the host group ().
      • The plugin works only with ssh key based authentication. The remote Citrix ADC must have the public ssh key of the controlling machine in their authorized_keys file ().
      • In the local ansible.cfg file make sure the following lines exist:

      You can find usage samples in this folder.

      Security notice

      With the connection plugin and the ansible module it is posssible to run nscli commands as show in the example below.

      tasks: - name: Run nscli commandshell: "nscli -s -U :nsroot:{{nitro_pass}} show ns ip"no_log: True

      In order to not expose the actual nsroot password the following rules must be observed

      • Do not hardcode the password in the command string.

        Use a variable which is retrieved from a secure storage.

      • For the task that contains the password set the task option

        This will hide log output from the specified task including the password.

      Citrix ADC and standard Ansible modules in a single playbook

      There are some conflicting configuration options when using a standard Ansible module with a Citrix ADC specific module in the same playbook.

      To have such a playbook execute correctly the following solutions are proposed.

      • Have a single playbook with multiple plays ( sample ).
      • Have a single play configured for standard Ansible modules and define the neeeded overrides in the Citrix ADC specific tasks ( sample ).
      • Have a single play configured for Citrix ADC specific modules and define the needed overrides for the generic Ansible tasks ( sample ).

      What if there is no module for your configuration?

      When there is no module that covers the ADC configuration you want to apply there are a few options that will allow you to still apply the configuration through an ansible playbook.

      Use the citrix_adc_nitro_request module.

      This a module that is a thin wrapper around the NITRO REST API. It provides a number of operations which it then translates into HTTP requests and provides the resulting NITRO API response in a well defined return value.

      You can find examples of using the module in this folder

      Use the citrix_adc_nitro_resource module.

      The module can be used to create, update and delete NITRO objects.

      It has the same base parameters as the other modules for connecting to the ADC.

      Its most important attributes are the parameter which determines the execution of the module with respect to how the NITRO object will be created, updated or deleted and the parameter which contains the actual attributes for the NITRO resource.

      The workflows dictionaries published so far can be found here.

      Examples can be found in this folder.

      Extended documentation can be found here.

      If an endpoint cannot be found in the existing workflows file please open an issue so that we can investigate if this endpoint is covered by the existing workflows and publish its dictionary.

      Use the connection plugin with the Ansible module

      As a last resort the user can user the Ansible module along with the Citrix ADC connection plugin to issue commands to the target ADC.

      This provides the least feedback but it is useful for one off configuration steps or when nothing else is applicable.

      Examples can be found in this folder

      Directory structure

      • Contains all the ansible modules available. These are the files that must be installed on an ansible control node in order for the functionality to be present

      • Contains all the ansible plugins available.

      • Contains the test suite for the modules. It requires some extra dependencies than the plain modules in order to run.

      • Contains some sample playbooks that combine more than one modules together to achieve a desired configuration. Examples of the modules' usage are also contained in the EXAMPLES section of the modules themselves.

      • Contains the html documentation for each module.

      • Contains utilities mainly used for the authoring of the modules and are not relevant to the end user.

      • Contains the Citrix ADC specific documentation files for ansible.

      • . Top level script to run all the tests.

      LICENSE

      GPL V3 See LICENSE

      COPYRIGHT

      COPYRIGHT 2017 CITRIX Systems Inc

      Contributions

      Pull requests and issues are welcome.

      Sours: https://github.com/citrix/citrix-adc-ansible-modules
      What is Citrix ADM? Learn How To Use ADM For Citrix ADC Instance Management - Module 1

      .

      You will also be interested:

      .



      767 768 769 770 771