by Marius Sandbu, CTP, Norway CUGC
As mentioned in the webinar earlier today, we promised a follow-up containing a Q&A from those that came up during the webinar. Of course we welcome additional questions which might be added to this blog post. But the webinar today went through a lot of deep-dive stuff on the MAS, Configuration Jobs, Stylebooks, CPX and Containers, HA architecture and such.
Also a recording can be found here –> https://www.youtube.com/watch?v=cz-FdOFOP10
Presentation can be found here –>http://bit.ly/2gz2kvf
Interested in the Octoblu flow for MAS. Where can I find that in Octoblu?
This is Dave’s magic, he was just using mail flow to trigger the workflow. I suggest you contact him directly to get a hold of that –> https://twitter.com/dbretty
What about througput in Gateway vServers? Is there a historical throughput in Mbits?
If you are thinking about Insight statistics, then yes.
Are those polling intervals configurable?
Yes as mentioned, you can see more here –> https://docs.citrix.com/en-us/netscaler-mas/11-1/netscaler-mas-architecture-and-communication-process.html
How can it happen when you find appflow hits on the NetScaler, but HDX didn’t show them, while the collector, the and the policy is enabled?
Troubleshoot using trace files, using WireShark and see if the UDP packet is actually coming to the AppFlow Collector (os MAS / Insight) would be the first place to start and then look at the time scope on the HDX insight.
Can you export config jobs to reuse somewhere else?
No, you need to copy out the commands which are run as part of the configuration jobs to, for instance, a text file and rerun in another instance.
What about licensing of functions like configuration management and log parsing. Is it limited in some way?
Yes and no. The number of managed NetScaler instances is not limited, only the number of managed vServers.
What about upgrading with HA pair? Do you select both nodes?
With the record and play… will that work with the XenApp/XenDesktop Setup Wizard?
Yes it will, it looks at the difference in the ns.conf file betore and after the record and play.
Can we select which 30 VIPs the free version will monitor?
Yes, from the latest MAS version you can.
What type of hit does NMAS do on the NetScaler while collecting data, etc. Is it 20% CPU, 80% CPU?
There is no official numbers here, but if an appliance needs to send a high amount of AppFlow packets for every TCP connection it will of course put more stress on the appliances, but its pretty low if you just “add” the appliance to MAS.
Is it possible to customize the dashboard displays? My MAS setup doesn’t display certificates expiring within a week’s time, It only shows certificates that expire between 7 and 90 days.
Not really, you can’t customize the dashboard display but you can see more if you go into the SSL pane of MAS.
In a NMAS HA setup can you place both NMAS devices in the SNMP Traps in the NetScaler config?
Yes, it is possible. The limit of SMNP Traps within NetScaler (VPX|MPX|SDX) is 20.
Will there be a large scale deployment guide inside MAS, like it was once in insight center?
Yes, it is already there.
I have added some of my VPXs to MAS, but it’s not showing VPN, LB or content switching in the Application List to Enable Insight.
Might be that MAS is unable to communicate with the instances using SSH, make sure that MAS has a valid connection to the instances and that you can for instance do other stuff like getting information directly from the appliances.
Can you use it for GET/ sh command to get in for login and logout details for SSL VPN?
Still a better option is to use VPN insight or using a Syslog collector to gather AAA audits.
Why do we need MAS?
It is a good combination of Insight and Command Center with more automation features but you need to consider the licensing model, but more features are coming here.
Where do we store CPX license files? Is it on MAS?
It’s part of the pooled licensing in MAS.
Can we upgrade CPX instances from NMAS?
Not directly, the better way is to use configuration jobs to trigger an SSH command which uses the widget to download the latest image and then to respond to the CPX instances based upon that new image.
Can we use MAS for SDWAN as well?