Jump to content
Welcome to our new Citrix community!

Automated Provisioning of VPX on SDX with Terraform

Sumanth Lingappa
  • Validation Status: Validated
    Summary: Solution guide to provision VPX on SDX using Terraform automation

NetScaler SDX is a hardware-based Application Delivery Appliance for enterprise and cloud datacenters. It supports hosting multiple NetScaler instances on a single hardware and can thus be used for Multi-tenancy.

More on NetScaler SDX HERE

In this article, I will explain how using terraform, you can configure SDX to -

  1. provision VPX on SDX
  1. start/reboot/force-reboot VPX

Intro to Terraform

Terraform is an open-source infrastructure as a code software tool that enables you to safely and predictably create, change, and improve infrastructure.

More on terraform HERE


Pre-requisites to Terraform Automation for SDX

  • SDX to be present
  • 1 available IP to be present to provision VPX


  • I highly recommend you to watch the below demo videos first.
  • You can find all the video demos in this page

Demo Video: Provision a VPX on SDX with Terraform


Demo Video: Stop, Start, Reboot, Forcestop, Forcereboot VPX

Provision VPX on SDX

For this article, let us get ready with two files

  1. provider.tf contains citrixsdx terraform provider information
  1. resource.tf contains the actual citrixsdx terraform resources which help provisioning a new VPX



Terraform does not mandate to have two separate files. We can have all the configuration in one .tf file. However, for logical separation, it is recommended to have two files — one for provider configuration and the other for resource configuration

Defining SDX details in provider.tf

# provider.tf -- full contentsterraform {  required_providers {    citrixsdx = {      source = "citrix/citrixsdx"    }  }}provider "citrixsdx" {  host       = "" # Optionally use CITRIXSDX_HOST env var  username   = "nsroot"              # Optionally use CITRIXSDX_USERNAME env var  password   = "secretpassword"      # Optionally use CITRIXSDX_PASSWORD env var  ssl_verify = false                 # Optionally use CITRIXSDX_SSL_VERIFY env var}

# provider.tfterraform {  required_providers {    citrixsdx = {      source = "citrix/citrixsdx"    }  }}

The first terraform {...} block tells the terraform software to download citrixsdx terraform plugin from the citrix namespace.

Terraform software by default searches in it’s registry. Since our citrixsdx provider is not yet part of the terraform registry, we need to download the plugin manually.

  • The process to download the plugin to our local computer can be found here.
  • Once installed validate your installation. The process to validate can be found here


# provider.tf provider "citrixsdx" {  host       = "" # Optionally use CITRIXSDX_HOST env var  username   = "nsroot"              # Optionally use CITRIXSDX_USERNAME env var  password   = "secretpassword"      # Optionally use CITRIXSDX_PASSWORD env var  ssl_verify = false                 # Optionally use CITRIXSDX_SSL_VERIFY env var}


The second provider "citrixsdx" {...} block contains the initialisation of the citrixsdx provider.

We need to provide citrixsdx host, username, password and an optional ssl_verify flag.


Initialising provider.tf using environment variables

  • If we do not intend to give all these information in plain text form, we can define respective environment variables as below. In that case the provider block will be
    provider "citrixsdx" {}


    Copy-paste the below commands to define the environment variables as per your working shell.

    • If you are using bash or zsh shell
    export CITRIXSDX_HOST="YOUR SDX HOSTNAME OR IP ADDRESS"export CITRIXSDX_USERNAME="SDX USERNAME"export CITRIXSDX_PASSWORD="SDX PASSWORD"export CITRIXSDX_SSL_VERIFY=true/false # Whether to verify the untrusted certificate on the Citrix SDX when the Citrix SDX host is https

    • If you are a windows user, and using powershell
    $env:CITRIXSDX_HOST = "YOUR SDX HOSTNAME OR IP ADDRESS"$env:CITRIXSDX_USERNAME = "SDX USERNAME"$env:CITRIXSDX_PASSWORD = "SDX PASSWORD"$env:CITRIXSDX_SSL_VERIFY = true/false # Whether to verify the untrusted certificate on the Citrix SDX when the Citrix SDX host is https


Defining SDX configuration in resource.tf

citrixsdx_provision_vpx is the terraform resource which helps in configuring SDX to provision VPX.

Above below terraform script shows how to use the citrixsdx_provison_vpx to provision a VPX on SDX.

The below example script is to provision a VPX with the below details. You can change them as per your need. You can find more detailed documentation HERE

  • Static IP as
  • VPX name to be visible in SDX as device1
  • 2 Gb of RAM —> tm_memory_total = 2048
  • 2 Network interfaces


You can find Citrix SDX NITRO API documentation HERE
# resource.tfresource "citrixsdx_provision_vpx" "device1" {  name                       = "device1"  ip_address                 = ""  if_internal_ip_enabled     = false  config_type                = 0  ipv4_address               = ""  netmask                    = ""  gateway                    = ""  nexthop                    = ""  image_name                 = "NSVPX-XEN-13.1-17.42_nc_64.xva"  profile_name               = "nsroot_Notnsroot250"  description                = "from tf"  throughput_allocation_mode = "0"  throughput                 = "1000"  max_burst_throughput       = "0"  burst_priority             = "0"  license                    = "Standard"  number_of_acu              = 0  number_of_scu              = "0"  vm_memory_total            = "2048"  pps                        = "1000000"  number_of_cores            = "0"  l2_enabled                 = "false"  if_0_1                     = true  vlan_id_0_1                = ""  if_0_2                     = true  vlan_id_0_2                = ""  network_interfaces {    port_name       = "LA/1"    mac_address     = ""    mac_mode        = "default"    receiveuntagged = "true"  }  network_interfaces {    port_name       = "LA/2"    mac_address     = ""    mac_mode        = "default"    receiveuntagged = "true"  }  nsvlan_id         = ""  vlan_type         = 1  nsvlan_tagged     = "false"  nsvlan_interfaces = []}

Steps to run terraform

  1. Change the directory containing resource.tf and provider.tf
  1. terraform init
    1. This will initialise/download the required plugins. Please refer to above section to download and validate citrixsdx-terraform-provider
  1. terraform plan
    1. This will layout the plan of action which terraform wants to configure.
  1. terraform apply
    1. when given yes this will push the configuration to SDX (in this case, initiates the VPX provisioning)
  1. terraform destroy — optional
    1. Optionally, if you want to destroy/delete the provisioned VPX, you can do so by this command.
    • Use destroy command carefully, this will destroy all the resources present in all the .tf in the current folder.

The second part of the particle will be published soon. Second part will contain how to `start`, `stop`, `reboot` VPXs managed by SDX with Terraform.


I hope this article helped you to provision VPX on SDX with Terraform.
I am happy to answer any of your questions. 
Please let me know your views in the comment section.
Thank you

User Feedback

Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...