Post going thought this article one will be able to understand on how to:
- Create an ADC LB configuration Template with required set of configuration command.
- Convert Configuration Template with variables.
- Push the configuration to one or more Citrix ADC using the said configuration template.
Before we start with the main content of this article, let us understand some basics on configuration Job, Citrix ADM Service and its onboarding.
What is a Configuration Job?
A configuration job is a feature in ADM Service which allows users to create a configuration template that can be run across one or multiple managed Citrix ADC instances.
What is Citrix ADM Service?
Citrix Application Delivery Management (ADM) Service is a central control and visibility SaaS solution for managing all Citrix deployments that includes Citrix ADC MPX/ VPX/ SDX/ CPX/ BLX and Citrix Gateway appliances that are deployed on-premises or on the cloud. To read and understand more on what all are benefits and features can be leveraged from Citrix ADM service, kindly follow the link below:
How to Quickly onboard on ADM service?
If you are new to Citrix ADM service, you can easily onboard the Citrix ADM service in three easy steps:
- Create account in Citrix Cloud.
- Click ADM service tile on Citrix Cloud to select built-in agent mode.
- Use the service URL and the activation code to add Citrix ADC on ADM service.
Here is the link to a small YouTube video which guide through above mentioned steps:
And more details over same can be found here at our Citrix Documentation:
Let’s create a basic configuration example wherein one wants to load balance and send a secure end to end TLS traffic to its backend server along with Source IP accounting, based on request URL path's content via Citrix ADC. In order to achieve this, we will follow given steps:
- Add a service group with two services with Client IP forwarding to backend.
- Disable SSL v3 protocol to deny any SSLV3 request towards backend servers.
- Bind server to service group.
- Add a non-addressable load balancing virtual server.
- Disable SSL v3 protocol to deny any SSLV3 request towards load balancing virtual server.
- bind the service group to the virtual server.
- Add a content switch action with target as a load balancing virtual server
- Add a content switch policy which contains expression rule to direct the request to a load balancing virtual server based on request URL path's content.
- Add a content switch virtual server.
- Disable SSL v3 protocol to deny any SSLV3 request for content switch virtual server
- bind the content switch policy to the content switch virtual server.
As stated at start that configuration job is a set of configuration commands that can be run on one or more managed ADC instances. When one runs the same configuration on multiple instances, they might want to use different values for the parameters used in the configuration. One can define variables that enables to assign different values for these parameters or run a job across multiple instances. Variables usually are the IP address, entity name etc in the configuration.
Create an ADC configuration Template with required set of configuration command
Below is the sample CLI command which we are going to use for configuration of ADC using ADM service Configuration Job feature.
add serviceGroup mylb_SVG:443 SSL -maxClient 0 -maxReq 0 -cip ENABLED X-Forwarded-For
set ssl serviceGroup mylb_SVG:443 -ssl3 DISABLED
bind serviceGroup mylb_SVG:443 10.11.12.13 443
bind serviceGroup mylb_SVG:443 10.14.15.16 443
add lb vserver mylb_VS:443 SSL 0.0.0.0 0 -persistenceType COOKIEINSERT -cltTimeout 180
set ssl vserver mylb_VS:443 -ssl3 DISABLED
bind ssl vserver mylb_VS:443 -certkeyName servercert_Mar2022
bind lb vserver mylb_VS:443 mylb_SVG:443
add cs action mylb_cs_action_443 -targetLBVserver mylb_VS:443
add cs policy mylb_cs_policy_443 -rule "HTTP.REQ.URL.PATH_AND_QUERY.STARTSWITH (\"/test\") || HTTP.REQ.URL.PATH_AND_QUERY.STARTSWITH (\"/default\")" -action mylb_cs_action_443
add cb vserver mylb_CSVS:443 SSL 10.17.18.19 443
bind ssl vserver mylb_CSVS:443 -certkeyName servercert_Mar2022
set ssl vserver mylb_CSVS:443 -ssl3 DISABLED
bind cs vserver mylb_CSVS:443 -policyName mylb_cs_policy_443 -priority 100
Note: In the above example for command number Seven (7) and (12), I am binding a certificate already present on Citrix ADC. Please follow the “Install SSL certificate on Citrix ADC Instance” section on Citrix ADM documentation covering steps on how to install a Server certificate on a managed Citrix ADC using Citrix ADM service.
To create a configuration template:
- Select the section which the service group name “mylb_SVG:443” to convert it to a variable.
- Once the dollar sign appears enclosing the variable’s value, bring cursor over green dollar enclosed variable and click on it to edit.
- On righthand side small window under “Define Variable” section, edit and add in Name, Display Name and Keep “Type” field as “Text Field” and click on Done.
- Similarly, as per step 6 convert the Service Group name into variable for first 4 command with reference to service group name.
- Change the backend service IP address into variable with a unique names and the field “Type” to be set as “IP Address Field”.
- Follow the same steps to define the variable for load balancing virtual sever, Content switch action, content switch policy and content switch virtual server
PS: Please find below location to download the config template’s json file created for this configuration job workflow here:
This can be used as reference template by importing it on ADM service Configuration template page. In order to upload a template, navigate to Infrastructure > Configuration > Configuration Jobs > Configuration Template and Click on “Import” to upload the configuration json file by navigating to file’s saved location from the local desktop/laptop.
Push the configuration to one or more Citrix ADC using the said configuration template
- Navigate to Infrastructure > Configuration > Configuration Jobs.
- Click on “Create Job” if this is your first time to this page.
and if already have other configuration jobs, then click on “Create Job” as shown below.
- On the Create Job page, select the custom job parameters such as the name of the job, the instance type, and the configuration type.
- Within Configuration Editor, the “Configuration Source” will by default be showing “Configuration Templates” which further shows all the custom configuration templates created. Drag and drop the configuration template “CSVserver_Template” created earlier or Click on “+” sign to add it.
- Click on “Preview Variable” to see all the eight (8) variables that has been defined so far.
- Click on “Next” button.
- Under “Select Instances” tab, click on “Add Instance” to add the ADC Instance(s) where the selected configuration needs to be pushed.
- Click on “Next” button.
- In the “Specify Variable Values”, one need to add the values for all the variables that are part of configuration template. In our configuration sample as quoted earlier eight variable (step#5) needs to have their values filled in. To perform this step, select the “Upload input file for variable values” and click on “Download Input Key File” to download a csv file which needs to be filled with values and uploaded back.
- Above step will download the following csv file with all the variable for which values needs to be filed in.
- Define the values for all variables against the instance(s) and save the file.
Note: In case of multiple instances selected for which same configuration need to be pushed one need to input values for respective variable.
- Go back to ADM service page and on the “Specify Variable Values” tab upload the csv file by navigating to file’s saved location on local desktop/laptop.
PS: If the file upload has all the required fields filled up a success message will pop-up on top of ADM service web browser stating: “Input key file “CSVIP_config_job_variable_input_key_file_csv” uploaded successfully.”
- Click on “Next” button and briefly one can see “Fetching Job Preview” message on screen
- On the “Job Preview” one can select the individual Instance from “Select an Instance to preview” to view the config that will pushed under this configuration job.
- Click on “Next” button.
- Under “Execute” Tab, once can select to execute the “Now” or schedule it for “Later” by selecting under “Execution Mode”. One can also choose what action Citrix ADM service must take if the command fails “On Command Failure” and if one would like to send an Email/Slack notification regarding the success or failure of the job along with other details.
- Click on “Finish”.
PS: In this workflow, job is selected to be executed immediately by ignoring errors.
- Citrix ADM Service will take back to “Jobs” page and there it will the live progress in percentage.
- Once the job is executed successfully you will see the “Completed” status under “EXECUTION STATUS”
- On the “Jobs” page click on “Details” button and then on “Variable Details” to view the details of variables added to the selected Job
- Details of configuration job executed can be downloaded by clicking on “Download” under “ACTIONS”