Convert NetScaler ADC Perpetual Licenses to the Pooled Capacity Model
Contributed By: Zheng Wang, Neeharika Kambhalur, Stanley Nitkowski
This document covers the NetScaler ADC use cases for implementing and configuring the Pooled Capacity model on the NetScaler ADC appliances.
This document summarizes the Citrix pooled capacity implementation and configuration for Solutions and Sales Architects, Engineering and Design teams, NetScaler ADC Administrators, and Consultants.
Citrix Pooled capacity has several different methods to convert legacy perpetual license use cases to the Citrix pooled capacity model. This document consolidates the conversion and implementation process in a single document and references online documentation for reference to specific topics and content.
Business Advantages of Citrix Pooled Capacity Licensing
The NetScaler ADC pooled capacity allows you to share bandwidth or instance licenses across different ADC form factors. For virtual CPU subscription-based instances, you can share virtual CPU license across instances. Use this pooled capacity for the instances that are in the data center or public clouds. When an instance no longer requires the resources, it checks the allocated capacity back into the common pool. Reuse the released capacity to other ADC instances that need resources.
You can use pooled licensing to maximize the bandwidth utilization by ensuring the necessary bandwidth allocation to an instance and not more than is needed. Increase or decrease the bandwidth allocated to an instance at run time without affecting the traffic. With the pooled capacity licenses, you can automate the instance provisioning.
The Solution – Citrix Pooled Capacity Licensing
- Minimum order quantities required for HW ADCs and SW ADCs to qualify for Pooled Capacity
- Subscriptions for Pooled Capacity bandwidth and instances are available for 1, 3 or 5-year terms
- Qualified HW ADC models can be upgraded/converted from perpetual licenses to Pooled Capacity
- Citrix ADM is required as a licensing server for Pooled Capacity
How NetScaler ADC pooled capacity licensing works NetScaler ADC pooled capacity has the following components:
- NetScaler ADC instances, which can be categorized into:
- Zero-capacity hardware
- Standalone VPX instances or CPX instances
- Bandwidth pool
- Instance pool
- Citrix ADM configured as a license server
License allocation must be completed through the citrix.com website to fulfill and download the required license files for both perpetual and pooled licensing models. The two main requirements for pooled licensing that must be completed for providing NetScaler ADC appliances are license allocation and license download.
When you allocate licenses, you apportion purchased licenses by product and License Server so you can split them among multiple environments or use cases. For example, your organization might own 1,000 licenses for the same product. You might want to use 800 in 1 location and 200 in another location. You can allocate 800 licenses to a License Server in the first location today, and allocate the remaining 200 later to a different License Server.
Allows for pooled capacity mode on the platform. Required to use pooled capacity and is the first license installed.
The instance pool defines the number of VPX instances or CPX instances that can be managed through NetScaler ADC pooled capacity or the number of VPX instances in an SDX-Z instance. When checked out from the pool, a license unlocks the MPX-Z, SDX-Z, VPX, and CPX instance’s resources, including CPUs/PEs, SSL cores, packets per second, and bandwidth.
The bandwidth pool is the total bandwidth that can be shared by NetScaler ADC instances, both physical and virtual. The bandwidth pool comprises separate pools for each software edition (Standard, Enterprise, and Platinum). A given NetScaler ADC instance cannot have bandwidth from different pools checked out concurrently. The bandwidth pool from which it can check out bandwidth depends on its software edition for which it is licensed.
|Z-platform, Instance, Bandwidth
|vCPU license (VPX, BLX, CPX platforms)
NetScaler ADC Platforms
The NetScaler ADC comes in several form factors and all require an entitlement license to function. Following is a summary of the NetScaler ADC platforms.
MPX - Purpose built for cloud scale and performance for SSL needs.
SDX - Fully isolated, multitenant support for application workloads and groups
VPX - Deploy on your preferred hypervisor and achieve high SSL performance with no hardware acceleration.
CPX - Supporting containerized applications within different environments, such as Kubernetes and OpenShift.
BLX - Run software-based application delivery and load balancing functionality as a Linux process, without a hypervisor or container overhead, on your choice of hardware.
Citrix Application Delivery Manger Service
Citrix ADM service is a cloud-based solution that helps you manage, monitor, orchestrate, automate, and troubleshoot your NetScaler ADC SDX appliances. It also provides analytical insights and curated machine learning based recommendations for your applications health, performance, and security. For more information, see Citrix ADM service.
Citrix Application Delivery Manager on-premises
Citrix ADM Software virtual appliances can be deployed in several deployment modes and provide the flexibility to integrate within your existing Citrix networking design. The following are some of the deployment scenarios implemented by using ADM Software appliances.
- Single Server
- High Availability (Recommended)
- Disaster Recovery Mode
- ADM Agent Deployment (for adding remote Sites)
Pooled Capacity Provisioning with ADM
Configure pooled capacity
You can configure Citrix ADM as a license server for ADC instances. You can perform the following tasks using Citrix ADM as a license server:
- Upload the pooled capacity license files (bandwidth pool or instance Pool) to the license server.
- Allocate licenses from the license pool to NetScaler ADC instances on demand.
- Check out the licenses from NetScaler ADC instances (MPX-Z /SDX-Z/VPX/CPX/BLX) based on the minimum and maximum capacity of the instance.
- Configure pooled capacity for NetScaler ADC FIPS instances to check in or check out licenses.
Configure ADM as License Server
Citrix Application Delivery Management (ADM) requires a verified Citrix ADM license to manage and monitor the NetScaler ADC instances.
|The following are the license types supported for Citrix ADM for Service:
|10 virtual servers and 5 GB storage per license
|5 GB per license
|Citrix ADM Express account is a default account to manage ADM resources
You can configure the ADM as a License Server for the pooled capacity. With this configuration, you can allocate licenses to a NetScaler ADC instance in two ways:
- An ADC instance sends a check-out request to Citrix ADM to obtain its bandwidth and instance licenses.
- The licenses are allocated to the ADC instance through ADM.
The following are the operating modes of the instances that are using the pooled capacity:
- Optimum: Instance is running with proper license capacity.
- Capacity mismatch: Instance is running with a capacity less than the amount configured in Citrix ADM for pooled licenses.
- Grace: Instance is running on grace license.
- Grace & Mismatch: Instance is running on grace but the capacity is less than the amount configured.
- Not available: Instance is not registered with ADM for management, or NITRO communication from ADM to the instances is not working.
- Not allocated: License is not allocated in the instance.
Install license files on ADM
In Citrix ADM, navigate to Networks > Licenses.
In the License Files section, select Add License File and select one of the following options:
- Upload license files from a local computer. If a license file is already present on your local computer, you can upload it to ADM.
- Use license access code. Specify the license access code for the license that you have purchased from Citrix and select Get Licenses. Then click Finish.
Allocate pooled capacity licenses from ADM
Log in to NetScaler ADC GUI.
Navigate to System > Licenses > Manage Licenses.
Click Add New License.
Select Use remote licensing and select the remote licensing mode from the list.
In Server Name/IP address, Specify the host name or IP address of Citrix ADM which you have configured as a License Server.
Check the Register with Citrix ADM check box and click Continue.Note:If you have not registered the instance with ADM, you can check out licenses from ADM, but you cannot allocate from ADM to the pooled capacity enabled instance.In the user name and password fields on the previous screen, enter your ADM credentials.
Select the license edition and specify the required bandwidth.
Click Get Licenses.
After the instance is registered with the License Server, allocate the licenses from Citrix ADM as follows:
Log in to Citrix ADM.
Navigate to Networks > Licenses > Bandwidth Licenses > Pooled Capacity. If you want to allocate licenses to ADC FIPS instances, navigate to Networks > Licenses > Bandwidth Licenses > FIPS Pooled Capacity.
Click the license pool that you want to manage.
Select an ADC instance from the list of available instances by clicking the > button.
The License status column displays corresponding license allocation status messages.
If you want to change or release a license allocation, click Change allocation or Release allocation.
A pop-up window with the available licenses in the License Server appears.
You can choose the bandwidth or instance allocation to the instance by setting the Allocate list options. After making your selections, click Allocate.
You can also change the allocated license edition from the list options in the Change
License Allocation window:
Pooled Capacity Visibility with ADM Licensing Server
ADM Licensing Operations and Grace Periods
ADM is used as the licensing server for pooled capacity.
A single centralized ADM serves all licensing requests. If multiple licensing servers are needed for any reasons, it is best to divide bandwidth and instances as part of the order.
ADM licensing supports an active-standby HA ADM pair over a local LAN (not between remote sites).
No reboot is required when increasing or decreasing capacity.
There is a heartbeat message exchanged between ADC and ADM for health monitoring.
License Server behavior scenarios
ADM license server stops responding. The license Server is not responding. NetScaler ADC continues to operate with the current capacity for 30 days. After 30 days, if the connectivity to the license server is not restored, the NetScaler ADC loses its current capacity and stops processing traffic.
NetScaler ADC pooled-capacity enabled instance stops responding. If the NetScaler ADC pooled-capacity enabled instance stops responding and the license server is in a healthy state, the license server checks in all the NetScaler ADC instance’s licenses after 10 minutes. When the instance reboots, it sends a request to check out all the licenses from the licensing server.
Both the license server and NetScaler ADC pooled-capacity enabled instance stop responding. If both the license server and the NetScaler ADC pooled-capacity enabled instance restarts and reestablishes the connection, the license server checks-in all its licenses after 10 minutes, and the NetScaler ADC pooled capacity enabled instances automatically check out the licenses after the reboot is completed.
The NetScaler ADC pooled-capacity enabled instance shuts down gracefully. During a graceful shutdown, you can choose to check the licenses in or keep the licenses that were allocated before the graceful shutdown. If you choose to check the licenses in, the NetScaler ADC pooled-capacity enabled instance is unlicensed after it restarts. If you choose to keep the licenses, they are checked in to the licensing server when the instance shuts down. After the instance restarts, it reestablishes the connection with the licensing server and checks out the licenses as specified in the saved configuration. If the system reboots and the check-out fails due to no capacity available in the pool, the NetScaler ADC checks the inventory of Citrix Application Delivery Management (ADM) pool licenses and will check out any available capacity. An SNMP alarm is raised to notify this condition to the user if the NetScaler ADC is not running with full capacity as per configuration. If no capacity is available in the bandwidth pool, the pool capacity enabled instance becomes unlicensed.
Network loses connectivity error:
ERROR MESSAGE (SYSLOG)License Server is not responding.
If the license server and NetScaler ADC pooled-capacity enabled instances are in healthy states but network connectivity is lost, the instances continue to operate with their current capacity for 30 days. After 30 days, if the connectivity to the license server is not restored, the instances lose their capacity and stop processing traffic, and the license server checks-in all its licenses. After the license server reestablishes connectivity with the NetScaler ADC instances, the instances check the licenses out again.
How to delete a license
Under Networks -> LicensesSelect the license and click “Delete” the license anytimeADM automatically checks out the requested license for ADC from the new pool available
Useful links for Pooled Capacity
Converting Perpetual MPX Platform to the Pooled Model
Configure pooled capacity on ADC MPX-Z instances
MPX-Z is the pooled-capacity enabled ADC MPX appliance. MPX-Z supports bandwidth pooling for Premium, Advanced, or Standard edition licenses.
MPX-Z requires platform licenses before it can connect to the License Server. You can install the MPX-Z platform license by either uploading the license file from a local computer or using the instance’s hardware serial number, or the License Access Code from System > Licenses section of the instance’s GUI. If you remove the MPX-Z platform license, the pooled-capacity feature is disabled and all the checked-out licenses are checked in to the License Server.
You can dynamically modify the bandwidth of an MPX-Z instance without a restart. A restart is required only if you want to change the license edition.
Example of the MPX-Z License for Pooled on the MPX platform
Allocate pool licenses to ADC MPX-Z or ADC VPX instances from NetScaler ADC to allocate your licenses:
Navigate to System > Licenses > Manage Licenses, click Add New License, and select Use Pooled Licensing.
Enter the details of the License Server in the Server Name/IP Address field.
If you want to manage your instance’s pool licenses through ADM, select the Register with Citrix ADM check box and enter the ADM credentials.
Select the license edition and the required bandwidth, click Get Licenses.
You can change or release the license allocation by selecting Change allocation or Release allocation.
If you click Change allocation, a pop-up window shows the licenses available on the License Server.Note:A restart is not required if you change the bandwidth allocation, but a warm restart is required if you change the license edition.
You can allocate bandwidth or instances to the instance from the Allocate list. Then click Get Licenses.
You can choose the license edition and the bandwidth required from the drop-down lists in the pop-up window.
MPX Conversion Impacts
Only certain selected MPX/SDX platforms are qualified for upgrade to pooled capacity.
For some older platforms, the upgrade from perpetual to pool is a one-off offering. Renewal of pooled subscription on the original HW is not supported after the upgrade subscription term expires
|Supported Platforms for conversion
|Renewal allowed after conversion term expires?
Minimal order quantity applies (same as MPX/SDX new purchase)
- AMER: 4 units and 40 Gbps
- Rest of world: 2 units and 20 Gbps
You only need one SKU for upgrade/conversion. The SKU includes all the following:
- Zero-capacity Hardware license (perpetual)
- Gold hardware maintenance for zero-capacity hardware for the duration
- Convert the existing bandwidth in the perpetual model to Pooled
- Convert the existing instance (if SDX) in the perpetual model to Pooled
Transition from MPX/SDX Pool to Cloud or SW ADCs
Pooled bandwidth and instances on ADM can be used in any place (on-premises or cloud), for any form factors (MPX/SDX/VPX/CPX/BLX).
Each MPX/SDX appliance has a system requirement for minimum bandwidth and minimum instances (if SDX) to operate, for example:
MPX 14000z requires 20 Gbps minimum. If the MPX has more than the minimum, the amount above the minimum can be used in the cloud.
As part of the Q3 2019 release, we have reduced the SDX system requirement for minimum bandwidth and minimum instances by half.
The updated table on minimum system requirement on bandwidth and instances can be found here
MPX Conversion Reboot Scenarios
Any change in Edition (Standard, Advanced, Premium) requires an appliance reboot.
Converting Perpetual SDX Platform to the Pooled Model
Applying the SDX Platform licenses
SDX-Z requires platform licenses before it can connect to the License Server. You can install the SDX-Z platform license by either uploading the license file from a local computer or using the instance’s hardware serial number, or the License Access Code from System > Licenses section of the SVM GUI. If you remove the SDX-Z platform license, the pooled-capacity feature is disabled and all the checked-out licenses are checked in to the License Server.
Applying the SDX Pooled License
A NetScaler ADC SDX appliance with perpetual license can be upgraded to NetScaler ADC Pooled Capacity license. Upgrading to NetScaler ADC Pooled Capacity license enables you to allocate licenses from the license pool to NetScaler ADC appliances on demand. You can also configure the ADC Pooled Capacity license for NetScaler ADC instances configured in high availability mode.
Log into the SDX appliance using the SVM console and navigate to Configuration>System > Licenses. Select add license file.
Select upload license file from local computer.
Browse to the SDX-Z license to unlock pooled capacity.
Select the SDX-Z license that was downloaded from the license portal.
Add the license file and complete the ADM agent values.
Applying the SDX Bandwidth and Instance License in ADM license
Converting Perpetual VPX Platform to the Pooled Model
Configure pooled capacity on ADC VPX instances
VPX Conversion from Perpetual to vCPU A pooled-capacity enabled ADC VPX instance can check out licenses from a bandwidth pool (Premium/Advanced/Standard editions). You can use the ADC GUI to check out licenses from the License Server.
You can dynamically modify the bandwidth of a VPX instance without a restart. A restart is required only if you want to change the license edition or convert a perpetual license to vCPU licenses.
SDX Conversion Impacts from Perpetual to Pooled
- You can dynamically modify the bandwidth of an SDX-Z instance without a restart. A restart is required only if you want to change the license edition.
SDX Conversion Reboot Scenarios
Single Bundle upgrades require a reboot of the SDX appliance.
Conversion from Perpetual to Pooled does not require a reboot.
A VPX on SDX gets a license from the SDX SVM.
Reboot Scenario Summary
VPX requires 1 warm reboot for conversion from perpetual to pooled.
MPX requires 2 reboots, a warm reboot for license conversion, and full reboot for edition changes.
SDX does not require reboot for conversion from perpetual to pooled.
Bandwidth and Instance Pooled Behavior
You can dynamically modify the bandwidth of an -Z license instance without a restart. A restart is required only if you want to change the license edition.
Increase or decrease the bandwidth allocated to an instance at run time without affecting the traffic.
Change allocation or Release allocation action The bandwidth change takes effect after the ADC warm restart.
- NetScaler ADC HA with pooled capacity works the same way as NetScaler ADC HA with a perpetual license. Each NetScaler ADC appliance in a HA pair needs its own and similar license. Pooled capacity licenses are bound to the primary Citrix ADM Node. If that node goes down, all the instances which received capacity from it move into a grace period. It is necessary for the original primary Citrix ADM node to be brought back into service so the NetScaler ADC instance return to the normal state.
VPX and CPX license entitlement
All VPX models up to 100 Gbps throughput are supported.
CPX single core/Multi-core are supported.
vCPU pool for SW ADCs only In the virtual CPU-usage-based licensing feature, the license specifies the number of CPUs that a particular NetScaler ADC VPX is entitled to. So, the NetScaler ADC VPX can check out licenses for only the number of virtual CPUs running on it from the license server. NetScaler ADC VPX checks out licenses depending on the number of CPUs running in the system. NetScaler ADC VPX does not consider the idle CPUs while checking out the licenses.
BLX Pooled Bandwidth
|Supported Linux Distribution
|CentOS, Oracle Linux, Ubuntu Linux,
|Red Hat Linux
|CentOS, Oracle Linux, Ubuntu Linux,
|Red Hat Linux
FAQ's and Troubleshooting Pooled Licenses
Renewing Pooled License for Existing Customers
- Pooled customer is Expired and wants to add a license to ADM.
- No reboot required.
Pooled License Upgrade Process
Pooled Capacity licenses take precedent and the instance come back with Pooled Capacity licensing.
Upgrading or Converting to pooled license, the Citrix account shows the perpetual as inactive and pooled as active.
Redundancy Concerns for Pooled Capacity
The appliance establishes a heartbeat connection with the license server and poll it periodically. If the connection is lost, a 30-day grace period goes into effect at the licensed capacity. There is no impact to ADC functionality within the grace period. After 30 days, the ADC will perform a warm reboot & be unlicensed.
ADM merges 2 capacity pools into one if the expiry date is the same. If the expiry date is not then they are considered as 2 different pools.
Timeout Issues to Address
Exposed SNMP Traps from NetScaler ADC
Pooled License Alarms
* Configure POOLED-LICENSE-CHECKOUT-FAILURE Alarm* Configure POOLED-LICENSE-ONGRACE Alarm* Configure POOLED-LICENSE-PARTIAL Alarm
Troubleshooting with Citrix NSCONMSG
* allnic_err_rl_cpu_pkt_drops : aggregate (all nics) packet drops after CPU limit was reached* allnic_err_rl_pps_pkt_drops : aggregate packet drops system wide after pps limit* allnic_err_rl_rate_pkt_drops : aggregate rate drops system wide* allnic_err_rl_pkt_drops : Cumulative rate limiting drops due to rate, pps and cpu* rl_tot_ssl_rl_enforced : # of times SSL RL was applied (on new SSL connections)* rl_tot_ssl_rl_data_limited : # of times SSL throughput limit was reached* rl_tot_ssl_rl_sess_limited : # of times SSL TPS limit was reached
Troubleshooting with Citrix ADM Event Filters
When you choose the Run Command Action event action, you can create a command or a script that can be run on Citrix ADM for events matching a particular filter criterion.
You can also set the following parameters for the Run Command Action script:
Parameter / Description
$source - This parameter corresponds to the source IP address of the received event.$category - This parameter corresponds to the type of traps defined under the category of the filter$entity - This parameter corresponds to the entity instances or counters for which an event has been generated. It can include the counter names for all threshold-related events, entity names for all entity-related events, and certificate names for all certificate-related events.$severity - This parameter corresponds to the severity of the event.$failureobj - The failure object affects the way an event is processed and ensures that the failure object reflects the exact problem as notified. This can be used to track down problems quickly and to identify the reason for failure, instead of simply reporting raw events.