Configure a hybrid NetScaler Management and Analytics Service(MAS) environment in Citrix Cloud to manage NetScalers located on-premises.

In this article, we will review how to configure a hybrid NetScaler Management And Analytics Service environment in Citrix Cloud to manage NetScalers located on-premises. With this setup, no need to have a local MAS infrastructure, except the agent.

Make sure to catch up this series' previous posts first!

 

What is NetScaler MAS in Citrix Cloud?

NetScaler Management and Analytics System (MAS) is a centralized network management, analytics, and orchestration solution. It is available on-premises as a standalone product but also as a service in Citrix Cloud. You can use this cloud solution to manage, monitor, and troubleshoot the entire global application delivery infrastructure from a single, unified, and centralized cloud-based console.

More details here: https://docs.citrix.com/en-us/netscaler-mas/netscaler-management-and-analytics-service.html.

NetScaler MA Service periodically polls managed instances to collect information.

The following feature are not available in NetScaler MA Service:

  • Deployment
    • Migrating from NetScaler Insight Center to NetScaler MA Service
    • Integrating NetScaler MA Service with Citrix XenDesktop Director
  • Networks
    • Support for NetScaler SD-WAN EE
    • Backup and Restore of NetScaler Instances
    • Physical downloads of backups from NetScaler instances
    • Physical download of SSL Cert/Key Download from NetScaler instances
    • NetScaler VPX CICO Licensing
    • NetScaler Pooled Capacity
  • Analytics: TCP Insight, Video Insight, and WAN Insight
  • Limited System Settings
  • Orchestration
    • Integration with OpenStack and VMware NSX Manager
    • NetScaler Automation in Cisco ACI’s Hybrid Mode
    • Container Orchestration: Integration with Mesos/Marathon and Kubernetes

Source: https://docs.citrix.com/en-us/netscaler-mas/netscaler-management-and-analytics-service/features-and-solutions.html.

Architecture

hybrid NetScaler Management and Analytics Service(MAS) environment in Citrix Cloud
hybrid NetScaler Management and Analytics Service(MAS) environment in Citrix Cloud

Requirements

To be able to use MAS in Citrix Cloud, you have to install the agent either in the Cloud (Azure, AWS, etc) or on-premises.

MAS agent requires the following ports in your infrastructure.

Citrix Management and Analytics Service - Ports
Citrix Management and Analytics Service – Ports

For Citrix Cloud communication, you also need to open 443 from the agent to NetScaler MA Service (agent.netscalermgmt.net).

Note: MAS agent does not rely on Citrix Cloud Connector to communicate with Citrix Cloud.

Full list of requirements: https://docs.citrix.com/en-us/netscaler-mas/netscaler-management-and-analytics-service/system-requirements.html

Configure Citrix NetScaler MAS in Citrix Cloud?

Create the agent in Microsoft Azure

Note: only if your NetScalers are located in Azure.

Go to cloud.com and logon. In the left menu, select NetScaler Management and Analytics Service.

Citrix Management and Analytics Service - Menu Selection
Citrix Management and Analytics Service – Menu Selection

Select Get Started.

Citrix Management and Analytics Service - Get Started
Citrix Management and Analytics Service – Get Started

Select “On Public Cloud

Citrix Management and Analytics Service -  Where to install the agent?
Citrix Management and Analytics Service – Where to install the agent?

On the next screen, you will see the management URL and the activation code required when you will setup MAS.

Citrix Management and Analytics Service - Azure or AWS provisioning
Citrix Management and Analytics Service – Azure or AWS provisioning

Now go to Microsoft Azure and look for Citrix NetScaler MA Service Agent 12.0.

Citrix Management and Analytics Service - Install MA agent from Azure
Citrix Management and Analytics Service – Install MA agent from Azure

Configure your new virtual machine as below.

Note: the default password will be nsroot.

Citrix Management and Analytics Service - Create MA Agent on Azure
Citrix Management and Analytics Service – Create MA Agent on Azure

You can configure a public IP here if you want to connect directly.

Citrix Management and Analytics Service - MA Agent settings on Azure
Citrix Management and Analytics Service – MA Agent settings on Azure

Select your configuration (Ex: 2vCPU 8G Ram).

Citrix Management and Analytics Service - MA Agent configuration
Citrix Management and Analytics Service – MA Agent configuration

Summary of the MAS virtual machine.

Citrix Management and Analytics Service - MA Agent configuration summary
Citrix Management and Analytics Service – MA Agent configuration summary

Connect to the appliance with Putty or similar.

Citrix Management and Analytics Service - Connect to agent via SSH
Citrix Management and Analytics Service – Connect to agent via SSH

Enter deployment_type.py.

Citrix Management and Analytics Service - Deploy agent
Citrix Management and Analytics Service – Deploy agent

Enter the management address and Citrix Activation Code.

Citrix Management and Analytics Service - Deploy agent
Citrix Management and Analytics Service – Deploy agent

Back in Citrix Cloud. The agent is configured.

Citrix Management and Analytics Service - Agent is deployed and connected to Citrix Cloud
Citrix Management and Analytics Service – Agent is deployed and connected to Citrix Cloud

Create the MAS agent on-premises

Note: only if your NetScalers are located in your local network.

Select On A Hypervisor (On-Premises).

Citrix Management and Analytics Service - Install MA Service agent on premises
Citrix Management and Analytics Service – Install MA Service agent on premises

Then select your configuration. Here we are using Hyper-V.

Citrix Management and Analytics Service - Download Agent image
Citrix Management and Analytics Service – Download Agent image

Then install the virtual machine in your environment and boot it up.

Configure the MAS agent with your own configuration.

Citrix Management and Analytics Service - Configure MA service agent
Citrix Management and Analytics Service – Configure MA service agent

Note: the agent must be able to communication with the MAS service (agent.netscalermgmt.net) and with your local appliances.

With the network configured, type deployment_type.py.

Enter the configuration provided from Citrix Cloud.

Citrix Management and Analytics Service - Enter activation code and URL
Citrix Management and Analytics Service – Enter activation code and URL

Once the configuration is applied, the agent will reboot.

Citrix Management and Analytics Service - Agent is rebooting
Citrix Management and Analytics Service – Agent is rebooting

The new agent will show up in the Citrix Cloud configuration.

Citrix Management and Analytics Service - Agent is installed and connected to Citrix Cloud
Citrix Management and Analytics Service – Agent is installed and connected to Citrix Cloud

Citrix Management and Analytics

Welcome to the MAS dashboard.

Citrix Management and Analytics Service - Dashboard
Citrix Management and Analytics Service – Dashboard

You can find your agent in Networks -> Agents.

Citrix Management and Analytics Service - Agents
Citrix Management and Analytics Service – Agents

We will use the agent located on-premises for the rest of the article.

Next step is to add our NetScaler VPX HA Pair located on-premises. Go to Networks -> Instances -> NetScaler ADC.

Citrix Management and Analytics Service - Instances
Citrix Management and Analytics Service – Instances

Select ADD. 192.168.1.199 is the NSIP of the primary NS in our lab.

Citrix Management and Analytics Service - Add instance
Citrix Management and Analytics Service – Add instance
  • IP Address: local IP of the primary NetScaler in the HA pair (MAS will automatically detect the secondary)
  • Profile name: select the default profile if you kept the default nsroot password
  • Site: keep the default site
  • Agent: select the previously installed (on-premises) and added MAS agent

You can edit the default NetScaler profile if needed.

Citrix Management and Analytics Service - NetScaler profile
Citrix Management and Analytics Service – NetScaler profile

Click OK to submit.

Citrix Management and Analytics Service - Adding Instance
Citrix Management and Analytics Service – Adding Instance

When you add an instance to NetScaler MA Service, it implicitly adds itself as a trap destination and collects inventory of the instance. You can connect to your Netscaler and check the Traps configuration.

Citrix Management and Analytics Service - Traps configuration
Citrix Management and Analytics Service – Traps configuration

When the instance is created, you can see the status.

Citrix Management and Analytics Service - Netscaler instance added
Citrix Management and Analytics Service – Netscaler instance added

You can select the pair and go to dashboard.

Citrix Management and Analytics Service - Netscaler instance dashboard
Citrix Management and Analytics Service – Netscaler instance dashboard

Many dashboards are available.

Citrix Management and Analytics Service - Netscaler instance dashboard
Citrix Management and Analytics Service – Netscaler instance dashboard

The one about SSL/TLS certificates is particularly useful.

Citrix Management and Analytics Service - Netscaler SSL dashboard
Citrix Management and Analytics Service – Netscaler SSL dashboard

You can see the expiration of all certificates across all your NetScalers in the same location.

Citrix Management and Analytics Service - Netscaler certificates dashboard
Citrix Management and Analytics Service – Netscaler certificates dashboard

You can see pretty much everything you have configuration on NetScalers in a centralized view. See below with the virtual servers.

Citrix Management and Analytics Service - Virtual Servers state
Citrix Management and Analytics Service – Virtual Servers state

To have a better view of your infrastructure, you can create sites and IP blocks.

Citrix Management and Analytics Service - Create new site
Citrix Management and Analytics Service – Create new site

Then you can assign this site to NetScaler instances.

Citrix Management and Analytics Service - Add instance into site
Citrix Management and Analytics Service – Add instance into site

See below how to configure IP blocks

Citrix Management and Analytics Service - Add IP Blocks
Citrix Management and Analytics Service – Add IP Blocks

Here is a nice dashboard if you have multiples sites.

Citrix Management and Analytics Service - Map dashboard
Citrix Management and Analytics Service – Map dashboard

Enable HDX Insights

To be able to use that feature, you need to enable App Flow in MAS (Citrix Cloud).

Right Click on your instance, Configure Insights.

Then select VPN in the application list at the bottom.

Select the NetScaler Gateway where you want to enable App Flow.

Citrix Management and Analytics Service - Enable APP FLOW
Citrix Management and Analytics Service – Enable APP FLOW

Configure as below.

Citrix Management and Analytics Service - Enable APP FLOW 2
Citrix Management and Analytics Service – Enable APP FLOW 2

You may get the following error in MAS.

Citrix Management and Analytics Service - Error during App Flow activation
Citrix Management and Analytics Service – Error during App Flow activation

To fix it, open your NetScaler configuration. Select NetScaler Gateway. You will see that SSLV3 is unchecked.

Protocol enabled on NetScaler Gateway virtual server
Protocol enabled on NetScaler Gateway virtual server

Check it and it will resolve the issue.

Enable SSLV3
Enable SSLV3

Redo the App Flow configuration in MAS and this time it will work and you will see that App Flow is enabled.

Citrix Management and Analytics Service - Enable App Flow 3
Citrix Management and Analytics Service – Enable App Flow 3

HDX Insights is going to take up to 1 hour to collect data.

Then the dashboards are going to get populated with useful information such as ICA RTT, WAN latency, bandwidth, etc.

Citrix Management and Analytics Service - HDX Insights Dashboard
Citrix Management and Analytics Service – HDX Insights Dashboard

Session details are available in MAS. Here were can see how long the app took the start.

Citrix Management and Analytics Service - Launch Duration
Citrix Management and Analytics Service – Launch Duration

Bandwidth usage.

Citrix Management and Analytics Service - Bandwidth usage
Citrix Management and Analytics Service – Bandwidth usage

ICA RTT.

Citrix Management and Analytics Service - ICA RTT
Citrix Management and Analytics Service – ICA RTT

You can get a list of all current sessions.

Citrix Management and Analytics Service - Current sessions
Citrix Management and Analytics Service – Current sessions

The next view is pretty cool!

Citrix Management and Analytics Service - Flow view
Citrix Management and Analytics Service – Flow view

Citrix MAS Configuration Job in Citrix Cloud

MAS in Citrix Cloud has a Job feature that allows you to schedule actions on multiple Netscalers at the same time.

Create jobs to make configuration changes across devices, upgrade firmware, and replicate a device’s configuration to other devices on your network.

Citrix Management and Analytics Service - Configuration Job
Citrix Management and Analytics Service – Configuration Job

Citrix MAS Configuration Audit in Citrix Cloud

You can compare the configuration between appliances with Configuration Audit.

Citrix Management and Analytics Service - Configuration Audit
Citrix Management and Analytics Service – Configuration Audit

You can also poll the configuration from the appliances to view it in MAS.

Citrix Management and Analytics Service - Running configuration
Citrix Management and Analytics Service – Running configuration

Polling configuration audit.

Citrix Management and Analytics Service - Polling configuration
Citrix Management and Analytics Service – Polling configuration

MAS also integrates configuration recommendations.

Citrix Management and Analytics Service - Configuration recommendations
Citrix Management and Analytics Service – Configuration recommendations

This feature analyzes your configuration and make suggestions.

You can also change how long Citrix Cloud will keep the data.

Citrix Management and Analytics Service - Retention policy
Citrix Management and Analytics Service – Retention policy

That’s all for Citrix Management and Analytics Service in Citrix Cloud. You can do the same if your Netscalers are located in a public cloud like Amazon AWS or Microsoft Azure.

Make sure to catch up this series' previous posts first!

 

1 COMMENT

Comments are closed.