Jump to content
Welcome to our new Citrix community!

How to tell whether any Platinum features are in use?

Recommended Posts

NS-Permiter-Primary> show ns feature | grep ON
 3)     Load Balancing                 LB                   ON
 4)     Content Switching              CS                   ON
 7)     Compression Control            CMP                  ON
 9)     SSL Offloading                 SSL                  ON
 12)    Content Filtering              CF                   ON
 13)    Integrated Caching             IC                   ON
 14)    SSL VPN                        SSLVPN               ON
 15)    AAA                            AAA                  ON
 19)    Rewrite                        REWRITE              ON
 21)    Application Firewall           AppFw                ON
 22)    Responder                      RESPONDER            ON
 28)    CallHome                       CH                   ON
 31)    Front End Optimization         FEO                  ON
 34)    Reputation                     Rep                  ON

would show features in use. I guess, that would help.


Greetings from sunny Austria


Johannes Norz


my blog

my Citrix ADC test environment

Link to comment
Share on other sites

It's not that straightforward, but a few commands based on features, will show you if you have any features in use.


One, start with seeing which features are ENABLED (as johannes said above):

show ns feature | grep ON


Then, look for dependent configurations.  You can narrow this down to the features that define the big differences between PLAT vs ADV vs STD

MOST features are policy-based, but there are a few exceptions.

To see if you have any features configured in use, try this:

show ns runningconfig | grep policy -i

# this should give you a list of policy features that have been created, you can then use this to identify the main feature categories

# Note: features like IC (caching) and CMP have lots of default policies, but it will give you a starting point.  


You can then also look for "bind commands" to see the policies in use against global or vserver bind points: either:

show ns runningconfig | grep bind -i

show ns runningconfig | grep policy -i  |  grep bind -i   # I think will let you see which policies are bound and in use somewhere.


There are other features that aren't policy based (like Web Logging or Surge Protection that are 1) on by default and 2) available in all license levels, so you don't want to disable them, but it also won't matter.)


For separate, polling of features in use, you can try this:

show ns runningconfig | grep "add .* vserver" -i 

which will return a list of all vservers created and the feature in use, to also see your main features in use.


We could also start looking at stats, but that's probably overkill at this point.


The other approach would be to just focus on these features:

AppFw, AppFlow, Integrated Caching, IP Reputation, AAA for App Traffic (aka authentication vservers):  These are the primary features requiring PREMIUM (former Platinum licensing). If just one feature, you might be okay with ADV + optional feature license.  Watch out, if the vpn vserver (gatway) is in use as historical insight/appflow reporting requires PREMIUM.


If you see dependencies for:  GSLB, CMP,  or AAA integration/nfactor authentication integration for either LB or vpn vserver (* thought this varies) or any of the unified gateway (cs + vpn vserver) features, you'll likely need ADV edition licensing.  GSLB or CMP are optional licenses to STD, but if you need more than one, probably ADV(former Enterprise) licensing is needed.


Finally, Standard Edition doesn't give you access to dynamic routing or advanced network handling/security, but for that you see the feature matrix if you think there is something else that might slip through.  If you just need basic lb/cs with minimal optimizations/security or just the basic vpn vserver, Standard is a starting point.  If you are doing gateway stuff though, this is worth reviewing to make sure you don't need more of the advanced or higher gateway-specific features.


Feature matrix for reference:  https://www.citrix.com/content/dam/citrix/en_us/documents/data-sheet/citrix-adc-hardware-platforms.pdf

Edited by Rhonda Rowland
Added note
Link to comment
Share on other sites

Thank you both.


Based on this I think I am safe to drop the license level. I guess it is not much hassle to drop it and revert if any issues.


This is pretty horrible isn't it. It is ripe for someone to build an offline script runs over an ns.conf to document the features in use and their associated license levels.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...