Configure NetScaler ADM Service with VPX On-Premises

by Ray Davis, CTA & Jacksonville CUGC Leader

Summary

I wanted to sync my NetScaler up with the ADM service, and I have personally never done this before with the ADM service. I have done this many times with an on-prem ADM setup. I figured I would make a quick blog on how to do this. It doesn’t look complicated, and sharing it with the community would be good. Note: I have set this up in a lab, and it’s not running in a live production setup. The steps will be the same but around your company’s policies and security guidelines.

Citrix ADM Agent, the virtual appliance, is available for XenServer, VMWare ESX, Microsoft Hyper-V and Linus KVM. Nutanix AHV is based on KVM. Running the ADM Agent on AHV seems possible to me. I overlooked that KVM works on AHV. Not sure why, as I now have a couple of NetScalers running on the AHV lab. Jarian Gibson reminded me of that. Thanks, man.

Let’s get started.

Open the required ports for communications between Citrix ADC instances and Citrix ADM agent or Citrix SD-WAN instances and Citrix ADM agent.

Support Ports

ADM Agents

Log into your Citrix cloud account, navigate to the “Application Delivery Management” tile, and click Manage.

ADM Tile

Select “Get Started”

ADM Get Started

Select “Custom deployment”

Custom Deployment

The VPX is on-premises.

Deployment Environment
Select App Type
Enable ADC Instance Communication with ADM

Extract the MAS-Agent-KVM.tgz file.

MAS agent extraction

It will then output a MAS-Agent-KVM.tar.

MAS Agent output

Now Extract that to get the “MASAGENT-KVM-13.1-36.23.qcow2”

Extract

I am doing this on AHV, which will not cover other hypervisors.

Now, hit the Gear sign in the top right side.

Click Image configuration, and upload the Image.

NTX Cluster

Browse.

Create Image

KVM is now uploaded.

ADM Agent

Create a new VM. On the Disk area, click the plus sign and select. Add a disk by cloning from Image Services and selecting your uploaded disk image. Add your NIC for whatever VLAN you use. I have two cores and two sockets, with 4GB of RAM.

Add Disk

Now, I remember when I did this for the VPX, I had to run a command to make it bootable.

  • acli vm.serial_port_create <VM Name> type=kServer index=0
  • acli vm.serial_port_create ADMAgent type=kServer index=0

Putty into the CVM, then paste this:

  • acli vm.serial_port_create ADMAgent type=kServer index=0
CVM

Now boot it up, connect with the console from AHV(Prism Element).

Booting

At the login, enter the default login.

  • nsrecover and nsroot

Once logged in, run the networkconfig command.

The menu is straightforward. Please enter all the information to get it configured and on the network.

ADM Agent on Network

Navigate to mps directory.

Run the deployment_type.py

It will output the Service URL and activation code.

MPS Directory
MPS Directory

Enter the Service URL and Activation Code from the ADM Service wizard. It will display under “select the type of  HyperVisor”

Setup Agent

Now go back and click register Agent after completing the CLI part. The ADM Agent will reboot. Please give it about 5 minutes to reboot and come online.

ADC communication

You will notice your Agent IP address will appear.

ADC Communication

Enable communication by adding the NetScaler Information.

ADC host name

Under the authentication profile, click edit. The page will be directed to another area to configure the credentials.

instance authentication profile

Input your information accordingly to your environment.

create profile

Note: I had to create another profile so the ADM could talk to this. It did not like the default one, which makes sense to me.

select profile
connecting
adding instances
finish

As you can see, it is now two within the ADM service.

ADM service

Adding another NetScaler will be a bit simpler.

Have more NetScalers to add? Navigate to Infrastructure > Citrix ADC > Add

add more NetScalers
ADC VPX
Agents
Add Citrix ADC VPX
Modify device config
ADC Instances

As you can see, the firmware is different. Let’s fix that.

Firmware mismatch
Infrastructure menu

Click on “Create Job.”

Upgrade Jobs - create
Create maintenance job
upgrade citrix adc
ADM upgrade ADC
ADC images
ADC software image select
validation in progress
pre-upgrade validation
custom scripts
schedule task
create job

It will take you back to the “upgrade jobs” page.

upgrade jobs list

If you want to see what it is doing, click on the circle and click Execution Summary.

upgrade jobs check status
execution summary

You will see the progress of what is happening. You don’t need to watch it unless you are curious. I set up an email profile to send a report once completed. Note: This is a lab. However, this has been done in a production environment and works well.

execution history
execution history
command log
command log
command log

The code is now the same.

firmware now the same

After some time, I let the VPX instance bake. I did this because I wanted to show the neat feature of ADM service for CVEs.

Navigate to > Infrastructure> Instance Advisory>Security Advisory. As you can see below, it picked up that the current VPX I have needs to be patched based on the Low CVE it is reporting on.

security advisory

It gives you information on the CVEs.

current cves
cve repository

Another cool feature, it shows you the EOL on different NetScaler builds.

upgrade advisory

That concludes the setup for now. I hope you enjoyed it.

Leave a Reply