Jump to content
Welcome to our new Citrix community!
  • Configure NetScaler ADM Service with VPX On-Premises


    cugcblogs

    raydavis22rnd.jpg by Ray Davis, CTA & Jacksonville CUGC Leader

    Summary

    I wanted to sync my NetScaler up with the ADM service, and I have personally never done this before with the ADM service. I have done this many times with an on-prem ADM setup. I figured I would make a quick blog on how to do this. It doesn't look complicated, and sharing it with the community would be good. Note: I have set this up in a lab, and it's not running in a live production setup. The steps will be the same but around your company's policies and security guidelines.

    Citrix ADM Agent, the virtual appliance, is available for XenServer, VMWare ESX, Microsoft Hyper-V and Linus KVM. Nutanix AHV is based on KVM. Running the ADM Agent on AHV seems possible to me. I overlooked that KVM works on AHV. Not sure why, as I now have a couple of NetScalers running on the AHV lab. Jarian Gibson reminded me of that. Thanks, man.

    Let's get started.

    Open the required ports for communications between Citrix ADC instances and Citrix ADM agent or Citrix SD-WAN instances and Citrix ADM agent.

    Support Ports

    ADM Agents

    Log into your Citrix cloud account, navigate to the "Application Delivery Management" tile, and click Manage.

    image-3.png.d857095d047bfe5367c196cf88bd549a.png

    Select "Get Started"

    image-4.png.10ad7ba5db6fb678468a759af233fbe1.png

    Select "Custom deployment"

    image-5.png.67a8b6165db0fbbb4f35f507ac187448.png

    The VPX is on-premises.

    image-6.png.895c530b5ea88f94e62eb3a0cc263bac.pngimage-7.png.146afb40dd8e59847aa9bb31355b0220.pngimage-8.png.aa4a862d5684cf96bc1eb00e0762e4c5.png

    Extract the MAS-Agent-KVM.tgz file.

    image-9.png.3407155095fc37b0a91e2f26791957f0.png

    It will then output a MAS-Agent-KVM.tar.

    image-10.png.df2607b7e9bad03cb617e5fd1665793b.png

    Now Extract that to get the "MASAGENT-KVM-13.1-36.23.qcow2"

    image-11.png.7016e479254d59073101fb5ac75723ba.png

    I am doing this on AHV, which will not cover other hypervisors.

    Now, hit the Gear sign in the top right side.

    Click Image configuration, and upload the Image.

    image-12.png.265d99d83baa10cfbaebfe1c9683a490.png

    Browse.

    image-13.png.d39efbe089677bb6d86a4fadd747a8ed.png

    KVM is now uploaded.

    image-14.png.e8080516bb2bb62f16a7cd819a0a9b83.png

    Create a new VM. On the Disk area, click the plus sign and select. Add a disk by cloning from Image Services and selecting your uploaded disk image. Add your NIC for whatever VLAN you use. I have two cores and two sockets, with 4GB of RAM.

    image-15.png.563ced638fe837d38df242d246e86220.png

    Now, I remember when I did this for the VPX, I had to run a command to make it bootable.

    • acli vm.serial_port_create <VM Name> type=kServer index=0
    • acli vm.serial_port_create ADMAgent type=kServer index=0

    Putty into the CVM, then paste this:

    • acli vm.serial_port_create ADMAgent type=kServer index=0
    image-16.png.2a3a62bd3b9ee7bc130d1ea126b7e3dc.png

    Now boot it up, connect with the console from AHV(Prism Element).

    image-17.png.225e76d56f12d54a102f213c798e1f30.png

    At the login, enter the default login.

    • nsrecover and nsroot

    Once logged in, run the networkconfig command.

    The menu is straightforward. Please enter all the information to get it configured and on the network.

    image-18.png.7de053766715c487cafecd5a24c93c43.png

    Navigate to mps directory.

    Run the deployment_type.py

    It will output the Service URL and activation code.

    image-19.png.12104ab5920aac4d40165267b9e37fe7.pngimage-20.png.5a8c90aeb4d4e8aeb92641b884aee829.png

    Enter the Service URL and Activation Code from the ADM Service wizard. It will display under "select the type of  HyperVisor"

    image-21.png.8967c97e406c898e4e608bc088b8943c.png

    Now go back and click register Agent after completing the CLI part. The ADM Agent will reboot. Please give it about 5 minutes to reboot and come online.

    image-22.png.d78019ada485c9d14465dcdaa6ed8a4f.png

    You will notice your Agent IP address will appear.

    image-23.png.39aae0322dd8412150da1b533dcf6c36.png

    Enable communication by adding the NetScaler Information.

    image-24.png.da7cdb5e7b410e3a59f47aea0cf4fe22.png

    Under the authentication profile, click edit. The page will be directed to another area to configure the credentials.

    image-25.png.c167e6471db6526f3ff70c7af597b9fc.png

    Input your information accordingly to your environment.

    image-26.png.eed52c4cf6939e4cad47f3655964ed45.png

    Note: I had to create another profile so the ADM could talk to this. It did not like the default one, which makes sense to me.

    image-27.png.0b059bc006c6f94af0657605a9f1ff30.pngimage-28.png.0ede2871a4bd927a481599cc9acbeb7b.pngimage-29.png.a79e6e14d6720c21465efc40b06131f1.pngimage-30.png.9e283b63061b6c5324ce105891bfe998.png

    As you can see, it is now two within the ADM service.

    image-31.png.922a796772d8823bed8cb58257f5a580.png

    Adding another NetScaler will be a bit simpler.

    Have more NetScalers to add? Navigate to Infrastructure > Citrix ADC > Add

    image-32.png.063f9be63f4ff8e2c844f60fd72df1ad.pngimage-33.png.8406c5068a3890fd201619cdd38988df.pngimage-34.png.dfe7a5ef973f8b0e3dd0f56094d118f3.pngimage-35.png.4e981d5ec42b21d85d1ea7d227296e98.pngimage-36.png.c897742eda62180a06ea53593154b6bc.pngimage-37.png.e21b987da143bb876006444a513e94c6.png

    As you can see, the firmware is different. Let's fix that.

    image-38.png.acc097c94d3af71f9029ac443f0eb65a.pngimage-39.png.687e63985b7b8beb4feb33241a796dad.png

    Click on "Create Job."

    image-40.png.d1a4b61381e898d0c573f6e3b4d216a3.pngimage-41.png.e6aacc44bbd62d323fa72b0811f30335.pngimage-42.png.62717b736e421592ea4e9ce7b0651de1.pngimage-43.png.a636c98e3ea871673451250d32dda669.pngimage-44.png.b8345b53eb23b6ad64c7481c83311ca6.pngimage-45.png.d92b30625f792e9518fe2c6d40656b53.pngimage-46.png.c769f2b727b0c3dc20d7db3d119f5f6a.pngimage-47.png.10e183b25d34b7bf757264acde6d3b57.pngimage-48.png.c980f79f87dc5e66f41be16e0932413e.pngimage-49.png.d7d9ba7dc52a32a0588c9b5c59cade1b.pngimage-50.png.962bd0243d7299dac4ea07b7a479a106.png

    It will take you back to the "upgrade jobs" page.

    image-51.png.a0c44171ead974a116cba84877455eb2.png

    If you want to see what it is doing, click on the circle and click Execution Summary.

    image-52.png.f5495b9e9b489654896629b8b76bfca3.pngimage-53.png.4c1b243d2ff87807c564bdd6bf9c560e.png

    You will see the progress of what is happening. You don't need to watch it unless you are curious. I set up an email profile to send a report once completed. Note: This is a lab. However, this has been done in a production environment and works well.

    image-54.png.148c834a75b0fb384463d43fcaafb435.pngimage-55.png.c8d812d9a7bde7d85e6c7521191b92ff.pngimage-56.png.8e8800c8a12cb3dd7c883832c13ac05d.pngimage-57.png.d08864fc50796ce80f3dda643f30cb02.pngimage-58.png.524c35a8663b5a1875f0e2e4344c4c22.png

    The code is now the same.

    image-59.png.aa186dd85e4ddecf54d42e80172eb58e.png

    After some time, I let the VPX instance bake. I did this because I wanted to show the neat feature of ADM service for CVEs.

    Navigate to > Infrastructure> Instance Advisory>Security Advisory. As you can see below, it picked up that the current VPX I have needs to be patched based on the Low CVE it is reporting on.

    image-60.png.7b4587e6dca8019e4e99df8d1f201500.png

    It gives you information on the CVEs.

    image-61.png.1a9872b1c0f7708f11aa925891072c8e.pngimage-62.png.bc77491a3acd4217089f4eda32bbcb30.png

    Another cool feature, it shows you the EOL on different NetScaler builds.

    image-63.png.ed3d9e7c453a4a50f81f486926ec168c.png

    That concludes the setup for now. I hope you enjoyed it.

    image-2.png.4fef354f3ad9b102a48cd25e1eddcd64.png


    User Feedback

    Recommended Comments

    There are no comments to display.



    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

×
×
  • Create New...