Lab: Part 35 – Configure a Hybrid NetScaler MA Service environment in Citrix Cloud

Configure a hybrid NetScaler Management and Analytics Service(MAS) environment in Citrix Cloud to manage NetScalers located on-premises.

In this article, we will review how to configure a hybrid NetScaler Management And Analytics Service environment in Citrix Cloud to manage NetScalers located on-premises. With this setup, no need to have a local MAS infrastructure, except the agent.

More from the Lab!

 

What is NetScaler MAS in Citrix Cloud?

NetScaler Management and Analytics System (MAS) is a centralized network management, analytics, and orchestration solution. It is available on-premises as a standalone product but also as a service in Citrix Cloud. You can use this cloud solution to manage, monitor, and troubleshoot the entire global application delivery infrastructure from a single, unified, and centralized cloud-based console.

More details here: https://docs.citrix.com/en-us/netscaler-mas/netscaler-management-and-analytics-service.html.

NetScaler MA Service periodically polls managed instances to collect information.

The following feature are not available in NetScaler MA Service:

• Deployment
  • Migrating from NetScaler Insight Center to NetScaler MA Service
  • Integrating NetScaler MA Service with Citrix XenDesktop Director
• Networks
  • Support for NetScaler SD-WAN EE
  • Backup and Restore of NetScaler Instances
  • Physical downloads of backups from NetScaler instances
  • Physical download of SSL Cert/Key Download from NetScaler instances
  • NetScaler VPX CICO Licensing
  • NetScaler Pooled Capacity
• Analytics: TCP Insight, Video Insight, and WAN Insight
• Limited System Settings
• Orchestration
  • Integration with OpenStack and VMware NSX Manager
  • NetScaler Automation in Cisco ACI’s Hybrid Mode
  • Container Orchestration: Integration with Mesos/Marathon and Kubernetes

Source: https://docs.citrix.com/en-us/netscaler-mas/netscaler-management-and-analytics-service/features-and-solutions.html.

Architecture

Requirements

To be able to use MAS in Citrix Cloud, you have to install the agent either in the Cloud (Azure, AWS, etc) or on-premises.

MAS agent requires the following ports in your infrastructure.

For Citrix Cloud communication, you also need to open 443 from the agent to NetScaler MA Service (agent.netscalermgmt.net).

Note: MAS agent does not rely on Citrix Cloud Connector to communicate with Citrix Cloud.

Full list of requirements: https://docs.citrix.com/en-us/netscaler-mas/netscaler-management-and-analytics-service/system-requirements.html

Configure Citrix NetScaler MAS in Citrix Cloud?

Create the agent in Microsoft Azure

Note: only if your NetScalers are located in Azure.

Go to cloud.com and logon. In the left menu, select NetScaler Management and Analytics Service.

Select Get Started.

Select “On Public Cloud”

On the next screen, you will see the management URL and the activation code required when you will setup MAS.

Now go to Microsoft Azure and look for Citrix NetScaler MA Service Agent 12.0.

Configure your new virtual machine as below.

Note: the default password will be nsroot.

You can configure a public IP here if you want to connect directly.

Select your configuration (Ex: 2vCPU 8G Ram).

Summary of the MAS virtual machine.

Connect to the appliance with Putty or similar.

Enter deployment_type.py.

Enter the management address and Citrix Activation Code.

Back in Citrix Cloud. The agent is configured.

Create the MAS agent on-premises

Note: only if your NetScalers are located in your local network.

Select On A Hypervisor (On-Premises).

Then select your configuration. Here we are using Hyper-V.

Then install the virtual machine in your environment and boot it up.

Configure the MAS agent with your own configuration.

Note: the agent must be able to communication with the MAS service (agent.netscalermgmt.net) and with your local appliances.

With the network configured, type deployment_type.py.

Enter the configuration provided from Citrix Cloud.

Once the configuration is applied, the agent will reboot.

The new agent will show up in the Citrix Cloud configuration.

Citrix Management and Analytics

Welcome to the MAS dashboard.

You can find your agent in Networks -> Agents.

We will use the agent located on-premises for the rest of the article.

Next step is to add our NetScaler VPX HA Pair located on-premises. Go to Networks -> Instances -> NetScaler ADC.

Select ADD. 192.168.1.199 is the NSIP of the primary NS in our lab.

• IP Address: local IP of the primary NetScaler in the HA pair (MAS will automatically detect the secondary)
• Profile name: select the default profile if you kept the default nsroot password
• Site: keep the default site
• Agent: select the previously installed (on-premises) and added MAS agent

You can edit the default NetScaler profile if needed.

Click OK to submit.

When you add an instance to NetScaler MA Service, it implicitly adds itself as a trap destination and collects inventory of the instance. You can connect to your Netscaler and check the Traps configuration.

When the instance is created, you can see the status.

You can select the pair and go to dashboard.

Many dashboards are available.

The one about SSL/TLS certificates is particularly useful.

You can see the expiration of all certificates across all your NetScalers in the same location.

You can see pretty much everything you have configuration on NetScalers in a centralized view. See below with the virtual servers.

To have a better view of your infrastructure, you can create sites and IP blocks.

Then you can assign this site to NetScaler instances.

See below how to configure IP blocks

Here is a nice dashboard if you have multiples sites.

Enable HDX Insights

To be able to use that feature, you need to enable App Flow in MAS (Citrix Cloud).

Right Click on your instance, Configure Insights.

Then select VPN in the application list at the bottom.

Select the NetScaler Gateway where you want to enable App Flow.

Configure as below.

You may get the following error in MAS.

To fix it, open your NetScaler configuration. Select NetScaler Gateway. You will see that SSLV3 is unchecked.

Check it and it will resolve the issue.

Redo the App Flow configuration in MAS and this time it will work and you will see that App Flow is enabled.

HDX Insights is going to take up to 1 hour to collect data.

Then the dashboards are going to get populated with useful information such as ICA RTT, WAN latency, bandwidth, etc.

Session details are available in MAS. Here were can see how long the app took the start.

Bandwidth usage.

ICA RTT.

You can get a list of all current sessions.

The next view is pretty cool!

Citrix MAS Configuration Job in Citrix Cloud

MAS in Citrix Cloud has a Job feature that allows you to schedule actions on multiple Netscalers at the same time.

Create jobs to make configuration changes across devices, upgrade firmware, and replicate a device’s configuration to other devices on your network.

Citrix MAS Configuration Audit in Citrix Cloud

You can compare the configuration between appliances with Configuration Audit.

You can also poll the configuration from the appliances to view it in MAS.

Polling configuration audit.

MAS also integrates configuration recommendations.

This feature analyzes your configuration and make suggestions.

You can also change how long Citrix Cloud will keep the data.

That’s all for Citrix Management and Analytics Service in Citrix Cloud. You can do the same if your Netscalers are located in a public cloud like Amazon AWS or Microsoft Azure.

More from the Lab!