NetScaler ADC and Amazon Web Services Validated Reference Design Part 9

September 21, 2022

Author: Luis Ugarte, Beth Pollack, Dave Potter

Provision NetScaler ADC VPX instances using Citrix ADM Service

The Citrix ADM Service is a cloud based solution that affords the ability to monitor NetScaler ADC instances and gain visibility into the health, performance, and security of applications. Additionally, by leveraging the provisioning tool to auto create instances in public clouds, such as AWS, it also simplifies the management of ADC instances in multiple locations whether they are on premises or in the cloud.

Prerequisites

Provisioning NetScaler ADC instances on AWS using the Citrix ADM Service requires some steps to be taken that are summarized in the prerequisite documentation. For more information, see Provisioning NetScaler ADC VPX instances on AWS.

These steps include performing the following tasks on AWS before you provision NetScaler ADC VPX instances in Citrix ADM:

Create subnets
Create security groups
Create IAM role and define a policy

The IAM role must be configured with permissions that allow the Citrix ADM Service to access the AWS account. After setting everything up, you can leverage the Citrix ADM service to provision the VPX instances on AWS.

Provision NetScaler ADC VPX instances using the Citrix ADM Service

Sign in to the Citrix Cloud ADM Service and navigate to Networks > Instances > NetScaler ADC. Then under the Select Action tab, click Provision in Cloud.

This prompts you to define information about the instance that you would like to provision.

Specifically you have to define the following:

Type of Instance: Standalone Instance is selected here.
Name: A name you would like the instance to adopt when it is provisioned.
Site: The site defines which area or region you will be doing the deployment in.
Agent: The agent dictates which ADM agent will be available within the site. This will have to be set up prior to doing the auto-provisioning. You will need to create both a site and an agent belonging to that site prior to beginning this exercise.
Device Profile: A device profile that has “nsroot” as the user name and a desired password. Once NetScaler ADC is provisioned by Citrix ADM, the ADC’s nsroot user’s password will be set to the password mentioned in the profile. Further on, this profile will be used by Citrix ADM whenever it needs to login to the instance.
Tags: Optional tag for the instances or group of instances.

Then select the Cloud Access Profile for your AWS account. This is the profile that Citrix ADM uses to sign in your AWS account to fetch entities and perform operations like provisioning and de-provisioning. Using that profile the Citrix ADM Service fills in the rest of the fields with objects related to your account.

In this scenario, there is an IAM role predefined that is used by the Citrix ADM service to provision the VPX instances, but you can create other roles.

You must then select the product edition of the VPX instance you want to deploy based on the desired throughput.

Note:

VPX Express is included for you to deploy a VPX instance without a license.

Version

Determine which release of software you would like to run selecting the major and minor release.

Security groups

Security groups should have pre-defined permissions for accessing different Virtual Private Clouds (VPCs). Because each instance requires three network interfaces or vNICs, you need to apply three different security groups to the service that you deploy, including:

One for remote management (role NSIP)
One for client side access (role VIP)
One for server side communication (role SNIP)

Also, you should be selecting the necessary number of IPs that are required for scalability of this solution.

Finally, you must choose which availability zone you want the deployment to be in and define the coinciding VPC subnet information for each subnet:

One for the management interface (NSIP)
One for clients to access (VIP)
One for SNIPs to access back end servers (SNIP)

After you click Finish, the deployment begins. When the deployment completes successfully, you receive a notification that your VPX is deployed.

Once the deployment is complete, you can see the NetScaler ADC VPX instances in Citrix ADM for all management and deployment purposes.

You can then navigate to the EC2 console to see the new instance that were created with the name we established in the Citrix ADM settings. It is all synchronized for management in Citrix ADM and ready for deployment of your applications to NetScaler ADC.

AWS deployment

To deprovision these instances, navigate back to the Citrix Cloud ADM Service and go to Networks > Instances > NetScaler ADC. Under the Select Action tab, click Deprovision.