Hitesh Mistry

The growth in Internet of Things (IoT) devices has been tremendous over the last 10 years, with an estimated 10 billion to 15 billion IoT devices active as of 2022. Every major industry either actively uses or is considering using IoT technologies to better equip, deliver, manage, or monitor their solutions. Connected cars, smart home devices, smart warehousing, and human health monitoring are a few use cases for IoT, some of which are documented by the MQTT organization. There are several protocols to establish communication with IoT devices. At the application layer, Message Queue Telemetry Transport (MQTT), Advanced Message Queuing Protocol (AMQP), and Constrained Application Protocol (CoAP) are among the most common options. MQTT is the most popular solution for secure IoT data communication because of its reliability, fast response time, and support for a large number of devices. The MQTT protocol provides a publish/subscribe model where clients (IoT devices) connect to message brokers over a network to either publish or subscribe to information under specific topics. With many devices active at any given time, each generating data, and a system that enables many-to-many communication, scalability is often a major challenge. Citrix ADC can help unburden message brokers by evenly distributing the load and offload TLS operations from the broker servers while ensuring secure communication. In a typical IoT deployment, the broker (the cluster of servers) manages the group of IoT devices (the IoT clients). The Citrix ADC appliance load balances the MQTT traffic to the brokers based on various parameters, such as client ID, topic, and username. Deploy MQTT solutions with Citrix ADC Customers using Citrix ADCs for MQTT configurations can leverage its advanced features to build more scalable IoT solutions. Key benefits include: App Configuration: Customers can choose to configure an MQTT or MQTT_TLS vserver based on whether TLS operations need to be offloaded to Citrix ADC. Improved Security: With MQTT security based on message parameters, you can block malicious clients sending large messages to overload servers or large number of connections. Leverage Citrix ADC Policy Infrastructure: Advanced policy infrastructure enables you to make MQTT-aware decisions using policies and actions for MQTT-specific headers, types of connection, and quality of service (QoS) flags. File Store for Bulk Operations: As the number of devices increases, Citrix ADC provides a method (file store) to define lists of identifiers outside the ADC that can be referenced through an HTTP callout. You can then use policy definitions and actions to perform bulk operations based on these identifiers. Protocol-specific Logging: Citrix ADC can log MQTT-specific information at the application layer. App Visibility: Citrix ADC provides you with MQTT-aware application monitoring. Offload AAA Operations: You can offload authentication, authorization, and accounting (AAA) operations to the Citrix ADC. With such a wide range of options, Citrix ADCs can offer your organization a comprehensive solution to deploy and manage your MQTT app. Check out our Citrix ADC documentation for MQTT for details, and learn more about Citrix ADC.

Citrix ADCs support critical application infrastructure that is essential to operations at many organizations. The first five seconds of a web page load has a high impact on user experience and, ultimately, business revenue. Capabilities such as high availability and connection failover offer a layer of assurance that there will be no interruptions in your data flow and app delivery. By keeping your Citrix ADCs updated with the latest software, you get access to new features, critical security patches, and important bug fixes. However, when it comes to software upgrades for your Citrix ADC, admins need to plan accordingly to ensure there is no interruption to business continuity. Candidate software versions need to be tested, traffic patterns need to be analyzed for downtime, and IT teams must be available to ensure a successful upgrade. The new In-Service Software Upgrade (ISSU) for high availability for Citrix ADC pairs helps you upgrade to the latest software version without disrupting your apps. A high availability (HA) deployment of two Citrix ADC appliances can provide uninterrupted operation where one appliance is configured as the primary node and the other as the secondary or backup node. The primary node actively processes traffic while the secondary node monitors the primary and takes over (failover) if the primary node becomes unhealthy. When an HA pair needs upgrading, the secondary node is upgraded, a force failover is executed where the upgraded node takes over, and the remaining node is upgraded. This way, one node is always actively processing traffic, keeping the application alive. Upgrading a Citrix ADC HA pair For an HA pair to truly function to its fullest potential, both nodes must run the same version of the Citrix ADC software. Features such as connection failover only function in this format. During the upgrade process, there is a time right after upgrading the secondary node and prior to upgrading the remaining node when there is a version mismatch. When a failover occurs at this stage, all existing connections are lost, leading to downtime. This is where ISSU can help. It introduces a migration function that honors existing connections during the failover process, resulting in zero downtime. When the migration function is executed, the upgraded node (new primary) receives traffic for the existing connection but then steers it back to the node that was previously serving traffic for these connections (old primary). The old primary then processes the traffic and sends it to the destination. The migration is complete when all existing connections are closed. Then, a user can upgrade the remaining node. This migration step ensures that all active connections are fulfilled and results in a zero-loss upgrade process. The migration can be initiated from the UI or CLI, and its status can be monitored. SNMP traps are also supported to alert users when migration begins and completes. Information pertaining to the respective sessions can be viewed as well. The ISSU statistics displays the following information: Current status of ISSU migration operation Start time of the ISSU migration operation End time of the ISSU migration operation Start time of the ISSU rollback operation Total number of connections that are processed as part of ISSU migration operation Number of remaining connections that are being processed as part of ISSU migration operation Information on connections that were migrated. If an end user sees issues after the upgrade or has concerns regarding the health of the system, the admin can always rollback using the ISSU rollback capability. The rollback stops the migration process and triggers a failover on the node now processing new connections. The system is brought back to the state before the initial migration began. Even during the rollback, the system honors all connections — old and new — and continues to process them. A user with an active connection prior to or during the upgrade will not experience disruption, regardless of whether the upgrade was successful or unsuccessful. It’s a truly transparent experience for the end user. Check out our product documentation for more information and a detailed walkthrough on the new ISSU capability.