By John Meek
Citrix ADM Overview
Recently, I completed the design and deployment of Citrix Application Delivery Management 12.1 (ADM), formerly Management Analytics Service (MAS). Following discussions, the client chose Citrix ADM after determining it would be an ideal solution for managing Citrix Application Delivery Controllers (ADC) appliances in four environments. As an added bonus, Citrix ADM offered excellent monitoring and insight capabilities.
Need for a central GUI to manage all the NetScaler instances
After meeting with the client, we learned that the consistent configuration of NetScaler instances was a challenge. With so many appliances to manage, the client regularly identified instances configured with different SSL ciphers and security settings. This was leading to failed security audits and resulting in more “after hours” changes to correct these issues. Further, load balancer configurations differed slightly between environments.
This provided evidence that a central GUI could be of benefit, as it can manage all NetScaler instances and configuration templates to ensure consistency. The client was also intrigued by the SSL Dashboard because it easily determines what SSL certificates in the environment are expiring. Further, the SSL Dashboard can centrally manage the certificates and generate automated reports, which helps the client proactively renew certificates.
Deployment options include virtual appliance and a cloud-based solution with on-premise agents
Similar to the former MAS product, Citrix ADM deployment options include local virtual appliance and a cloud-based solution with on-premise agents. In this particular instance, the client opted to use locally deployed Citrix ADM virtual appliances.
We selected two highly available pairs of Citrix ADM appliances (4 total) in a primary site. This supported two logically separated sets of infrastructure, spread over two datacenters. Additionally, each of the sites and datacenters had their own NetScaler SDX appliances. This made for a robust solution due to the Citrix ADM’s highly available pairs supporting and use of HDX Insight analytics to monitor up to 40,000 HDX users.
This was an exciting project, as it allowed me to expand my knowledge around more advanced Citrix ADM design and configuration. It also offered me the chance to take a deep dive into features and benefits that aren’t normally leveraged. Prior to this project, I had implemented some Citrix ADM deployments. But, they tended to be exploratory with net new Citrix ADCs. Many prior engagements were also aimed at getting Citrix ADM deployed with their new Citrix ADCs and Citrix Gateways. As such, the customers could initially learn the more basic configurations.
Enhancements to HA
Instead of mirroring two appliances for redundancy, Citrix recently determined it would use a Citrix ADC type design for high availability (HA). This was one of the reasons we selected a new version of Citrix ADM. In the more recent 12.1 version, Citrix ADCs have “Floating IPs,” similar to the Subnet IP’s owned by the primary appliance. This method has its advantages. For example, when the Citrix ADM secondary becomes the primary, Citrix ADCs don’t require reconfiguration to continue sending AppFlow and SNMP data. And, as they point to the Citrix ADC Floating IP, which becomes owned by the secondary node during failover, all communication persists without manual intervention or data interruption.
During this project we found several issues causing concern and headaches. Stay tuned for Part 2 of my blog. I will provide more detail on these issues; some of the resolutions and workarounds; and, recommended next steps.