Jump to content
Welcome to our new Citrix community!
  • Configure NetScaler ADM Service with VPX On-Premises


    raydavis22rnd.jpg by Ray Davis, CTA & Jacksonville CUGC Leader


    I wanted to sync my NetScaler up with the ADM service, and I have personally never done this before with the ADM service. I have done this many times with an on-prem ADM setup. I figured I would make a quick blog on how to do this. It doesn't look complicated, and sharing it with the community would be good. Note: I have set this up in a lab, and it's not running in a live production setup. The steps will be the same but around your company's policies and security guidelines.

    Citrix ADM Agent, the virtual appliance, is available for XenServer, VMWare ESX, Microsoft Hyper-V and Linus KVM. Nutanix AHV is based on KVM. Running the ADM Agent on AHV seems possible to me. I overlooked that KVM works on AHV. Not sure why, as I now have a couple of NetScalers running on the AHV lab. Jarian Gibson reminded me of that. Thanks, man.

    Let's get started.

    Open the required ports for communications between Citrix ADC instances and Citrix ADM agent or Citrix SD-WAN instances and Citrix ADM agent.

    Support Ports

    ADM Agents

    Log into your Citrix cloud account, navigate to the "Application Delivery Management" tile, and click Manage.


    Select "Get Started"


    Select "Custom deployment"


    The VPX is on-premises.


    Extract the MAS-Agent-KVM.tgz file.


    It will then output a MAS-Agent-KVM.tar.


    Now Extract that to get the "MASAGENT-KVM-13.1-36.23.qcow2"


    I am doing this on AHV, which will not cover other hypervisors.

    Now, hit the Gear sign in the top right side.

    Click Image configuration, and upload the Image.




    KVM is now uploaded.


    Create a new VM. On the Disk area, click the plus sign and select. Add a disk by cloning from Image Services and selecting your uploaded disk image. Add your NIC for whatever VLAN you use. I have two cores and two sockets, with 4GB of RAM.


    Now, I remember when I did this for the VPX, I had to run a command to make it bootable.

    • acli vm.serial_port_create <VM Name> type=kServer index=0
    • acli vm.serial_port_create ADMAgent type=kServer index=0

    Putty into the CVM, then paste this:

    • acli vm.serial_port_create ADMAgent type=kServer index=0

    Now boot it up, connect with the console from AHV(Prism Element).


    At the login, enter the default login.

    • nsrecover and nsroot

    Once logged in, run the networkconfig command.

    The menu is straightforward. Please enter all the information to get it configured and on the network.


    Navigate to mps directory.

    Run the deployment_type.py

    It will output the Service URL and activation code.


    Enter the Service URL and Activation Code from the ADM Service wizard. It will display under "select the type of  HyperVisor"


    Now go back and click register Agent after completing the CLI part. The ADM Agent will reboot. Please give it about 5 minutes to reboot and come online.


    You will notice your Agent IP address will appear.


    Enable communication by adding the NetScaler Information.


    Under the authentication profile, click edit. The page will be directed to another area to configure the credentials.


    Input your information accordingly to your environment.


    Note: I had to create another profile so the ADM could talk to this. It did not like the default one, which makes sense to me.


    As you can see, it is now two within the ADM service.


    Adding another NetScaler will be a bit simpler.

    Have more NetScalers to add? Navigate to Infrastructure > Citrix ADC > Add


    As you can see, the firmware is different. Let's fix that.


    Click on "Create Job."


    It will take you back to the "upgrade jobs" page.


    If you want to see what it is doing, click on the circle and click Execution Summary.


    You will see the progress of what is happening. You don't need to watch it unless you are curious. I set up an email profile to send a report once completed. Note: This is a lab. However, this has been done in a production environment and works well.


    The code is now the same.


    After some time, I let the VPX instance bake. I did this because I wanted to show the neat feature of ADM service for CVEs.

    Navigate to > Infrastructure> Instance Advisory>Security Advisory. As you can see below, it picked up that the current VPX I have needs to be patched based on the Low CVE it is reporting on.


    It gives you information on the CVEs.


    Another cool feature, it shows you the EOL on different NetScaler builds.


    That concludes the setup for now. I hope you enjoyed it.


    User Feedback

    Recommended Comments

    There are no comments to display.

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

  • Create New...