Citrix ADC

Deploy a Citrix ADC VPX instance on the Google Cloud Platform

You can deploy a Citrix ADC VPX instance on the Google Cloud Platform (GCP). A VPX instance in GCP enables you to take advantage of GCP cloud computing capabilities and use Citrix load balancing and traffic management features for your business needs. You can deploy VPX instances in GCP as standalone instances. Both single NIC and multi NIC configurations are supported.

Supported features

A VPX instance running in GCP supports the following features:

  • Load Balancing
  • ICA Proxy
  • Content Switching
  • Authentication, authorization, and auditing
  • Rewrite
  • Responder
  • RDP Proxy
  • nFactor
  • LDAP
  • VPN (CVPN/Full)
  • GSLB

Limitation

  • IPv6 isn’t supported.

Hardware requirements

VPX instance in GCP must have minimum of 2 vCPUs and 4 GB RAM.

Prerequisites

  1. Install the “gcloud” utility on your device. You can find the utility at this link: https://cloud.google.com/sdk/install

  2. Download the NSVPX-GCP image from the Citrix download site.

  3. Upload the file(for example, NSVPX-GCP-12.1-50.9_nc_64.tar.gz) to a storage bucket on Google by following the steps given at https://cloud.google.com/storage/docs/uploading-objects.

  4. Run the following command on the gcloud utility to create an image.

gcloud compute images create <IMAGE_NAME> --source-uri=gs://<STORAGE_BUCKET_NAME>/<FILE_NAME>.tar.gz --guest-os-features=MULTI_IP_SUBNET
<!--NeedCopy-->

It might take a moment for the image to be created. After the image is created, it appears under Compute > Compute Engine in the GCP console.

Instance image

Points to note

Consider the following GCP-specific points before you begin your deployment.

  • After creating the instance, you cannot add or remove any network interfaces.
  • For a multi-NIC deployment, create separate VPC networks for each NIC. One NIC can be associated with only one network.
  • For a single-NIC instance, the GCP console creates a network by default.
  • Minimum 4 vCPUs are required for an instance with more than two network interfaces.
  • If IP forwarding is required, you must enable IP forwarding while creating the instance and configuring the NIC.

Scenario: Deploy a multi-NIC, multi-IP standalone VPX instance

This scenario illustrates how to deploy a Citrix VPX standalone instance in GCP. In this scenario, you create a standalone VPX instance with multiple NICs. The instance communicates with back-end servers (the server farm).

GCP deployment scenario

Create three NICs to serve the following purposes.

NIC Purpose Associated with VPC network
NIC 0 Serves management traffic (Citrix ADC IP) Management network
NIC 1 Serves client-side traffic (VIP) Client network
NIC 2 Communicates with back-end servers (SNIP) Back-end server network

Also, set up the required communication routes between the instance and the back-end servers, and between the instance and the external hosts on the public internet.

Summary of deployment steps

  1. Create three VPC networks for three different NICs.
  2. Create firewall rules for ports 22, 80, and 443
  3. Create an instance with three NICs

Note: Create an instance in the same region where you’ve created the VPC networks.

Step 1. Create VPC networks.

Create three VPC networks that is associated with management NIC, client NIC, and server NIC. To create a VPC network, log on to Google console > Networking > VPC network > Create VPC Network. Complete the required fields, as shown in the screen capture, and click Create.

VPC networks for scenario

Similarly, create VPC networks for client and server-side NICs.

Note: All three VPC networks must be in the same region, which is asia-east1 in this scenario.

Step 2. Create firewall rules for ports 22, 80, and 443.

Create rules for SSH (port 22), HTTP (port 80), and HTTPS (port 443) for each VPC networks. For more information about firewall rules, see Firewall Rules Overview.

GCP firewall rules for scenario

Step 3. Create the VPX instance.

  1. Log on to the GCP console.
  2. Under Compute, hover over Compute Engine, and select Images.
  3. Select the image, and click Create Instance.

    Create GCP instance

  4. Select an instance with 4 vCPUs, to support multiple NICs.
  5. Click the networking option from Management, security, disks, networking, sole tenancy to add the additional NICs.

    Note: Container image is not supported on VPX instances on GCP. Add GCP NICs

  6. Under Networking interfaces, click the edit icon to edit the default NIC. This NIC is the management NIC.
  7. In the Network interfaces window, under Network, select the VPC network you created for the management NIC.

  8. For the management NIC, create a static external IP address. Under the External IP list, click Create IP address.

  9. In the Reserve a new static IP address window, add a name and description and click Reserve.

  10. Click Add network interface to create NICs for a client and server-side traffic.

GCP extra NICs

After you’ve created all the NICs, click Create to create the VPX instance.

Create a GCP instance

The instance appears under VM instances.

GCP instance

Use the GCP SSH or the serial console to configure and manage the VPX instance.

GCP SSH console

Scenario: Deploy a single-NIC, standalone VPX instance

This scenario illustrates how to deploy a Citrix VPX standalone instance with a single NIC in GCP. The alias IP addresses are used to achieve this deployment.

GCP standalone deployment with single NIC

Create a single NIC (NIC0) to serve the following purposes:

  • Handle management traffic (Citrix ADC IP) in the management network.
  • Handle client-side traffic (VIP) in the client network.
  • Communicate with back-end servers (SNIP) in the back-end server network.

Set up the required communication routes between the following:

  • Instance and the back-end servers.
  • Instance and the external hosts on the public internet.

Summary of deployment steps

  1. Create a VPC network for NIC0.
  2. Create firewall rules for ports 22, 80, and 443.
  3. Create an instance with a single NIC.
  4. Add Alias IP addresses to VPX.
  5. Add VIP and SNIP on VPX.
  6. Add a load balancing virtual server.
  7. Add a service or service group on the instance.
  8. Bind the service or service group to the load balancing virtual server on the instance.

Note:

Create an instance in the same region where you’ve created the VPC networks.

Step 1. Create one VPC network.

Create one VPC network to associate with NIC0.

To create a VPC network, do these steps:

  1. Log on to GCP console > Networking > VPC network > Create VPC Network
  2. Complete the required fields, and click Create.

Create a VPC network

Step 2. Create firewall rules for ports 22, 80, and 443.

Create rules for SSH (port 22), HTTP (port 80), and HTTPS (port 443) for the VPC network. For more information about firewall rules, see Firewall Rules Overview.

Create firewall rules

Step 3. Create an instance with single NIC.

To create an instance with single NIC, do these steps:

  1. Log on to the GCP console.
  2. Under Compute, hover over Compute Engine, and select Images.
  3. Select the image, and click Create Instance.

    Create GCP instance

  4. Select an instance type with two vCPUs (minimum requirement for ADC).

    Two vCPUs instance

  5. Click the Networking tab from the Management, security, disks, networking window.
  6. Under Network interfaces, click the Edit icon to edit the default NIC.
  7. In the Network interfaces window, under Network, select the VPC network that you created.
  8. You can create a static external IP address. Under the External IP addresses, click Create IP address.
  9. In the Reserve a static address window, add a name and description and click Reserve.
  10. Click Create to create the VPX instance. The new instance appears under VM instances.

Step 4. Add alias IP addresses to the VPX instance.

Assign two alias IP addresses to the VPX instance to use as VIP and SNIP addresses.

Note:

Do not use the primary internal IP address of the VPX instance to configure the VIP or SNIP.

To create an alias IP address, perform these steps:

  1. Navigate to the VM instance and click Edit.
  2. In the Network interface window, edit the NIC0 interface.
  3. In the Alias IP range field, enter the alias IP addresses.

    GCP Network interface

  4. Click Done, and then Save.
  5. Verify the alias IP addresses in the VM instance details page.

    VM instance details

Step 5. Add VIP and SNIP on the VPX instance.

On the VPX instance, add client alias IP address and server alias IP address.

  1. On the Citrix ADC GUI, navigate to System > Network > IPs > IPv4s, and click Add.

    Add IPv4 address

  2. To create a client alias IP (VIP) address:

    • Enter the client-alias IP address and netmask configured for the VPC subnet in the VM instance.
    • In the IP Type field, select Virtual IP from the drop-down menu.
    • Click Create.
  3. To create a server alias IP (SNIP) address:

    • Enter the server-alias IP address and netmask configured for the VPC subnet in the VM instance.
    • In the IP Type field, select Subnet IP from the drop-down menu.
    • Click Create.

Step 6. Add load balancing virtual server.

  1. On the Citrix ADC GUI, navigate to Configuration > Traffic Management > Load Balancing > Virtual Servers, and click Add.
  2. Add the required values for Name, Protocol, IP Address Type (IP Address), IP Address (client alias IP), and Port.
  3. Click OK to create the load balancing virtual server.

Create load balancing virtual server

Step 7. Add a service or service group on the VPX instance.

  1. From the Citrix ADC GUI, navigate to Configuration > Traffic Management > Load Balancing > Services, and click Add.
  2. Add the required values for Service Name, IP Address, Protocol, and Port, and click OK.

Step 8. Bind the service/service group to the Load Balancing Virtual Server on the instance.

  1. From the GUI, navigate to Configuration > Traffic Management > Load Balancing > Virtual Servers.
  2. Select the load balancing virtual server configured in Step 6, and click Edit.
  3. In the Service and Service Groups window, click No Load Balancing Virtual Server Service Binding.
  4. Select the service configured in Step 7, and click Bind.

Points to note after you’ve deployed the VPX instance on GCP

  • Log on to the VPX with user name nsroot and instance ID as password. At the prompt, change the password and save the configuration.

  • For collecting a technical support bundle, run the command shell /netscaler/showtech_cloud.pl instead of the customary show techsupport.

  • After deleting a Citrix ADC VM from GCP console, delete the associated Citrix ADC internal target instance also. To do so, go to gcloud CLI and type the following command:

     gcloud compute -q  target-instances delete <instance-name>-adcinternal --zone <zone>
     <!--NeedCopy-->
    

    Note: <instance-name>-adcinternal is the name of the target instance that must be deleted.

Citrix ADC VPX licensing

A Citrix ADC VPX instance on GCP requires a license. The following licensing options are available for Citrix ADC VPX instances running on GCP.

  • Subscription-based licensing: Citrix ADC VPX appliances are available as paid instances on the GCP marketplace. Subscription-based licensing is a pay-as-you-go option. Users are charged hourly. The following VPX models and license editions are available on the GCP marketplace.

    VPX model License editions
    VPX10 Standard, Advanced, Premium
       
  • Bring your own license (BYOL): If you bring your own license (BYOL), see the VPX Licensing Guide at http://support.citrix.com/article/CTX122426. You have to:
    • Use the licensing portal within the Citrix website to generate a valid license.
    • Upload the license to the instance.
  • Citrix ADC VPX Check-In/Check-Out licensing: For more information, see Citrix ADC VPX Check-In/Check-Out Licensing.

VPX Express for on-premises and cloud deployments does not require a license file. For more information on Citrix ADC VPX Express see the “Citrix ADC VPX Express license” section in Citrix ADC licensing overview.

GDM templates to deploy a Citrix ADC VPX instance

You can use a Citrix ADC VPX Google Deployment Manager (GDM) template to deploy a VPX instance on GCP. For details, see Citrix ADC GDM Templates.

Citrix ADC marketplace images

You can use the images in GDM templates to bring up the Citrix ADC appliance.

The following table lists the images that are available on GCP marketplace.

Release Image name Image location
13.0 citrix-adc-vpx-1000-advanced-13-0-61-48 projects/citrix-master-project/global/images/citrix-adc-vpx-1000-advanced-13-0-61-48
13.0 citrix-adc-vpx-1000-advanced-13-0-latest projects/citrix-master-project/global/images/citrix-adc-vpx-1000-advanced-13-0-latest
13.0 citrix-adc-vpx-1000-premium-13-0-61-48 projects/citrix-master-project/global/images/citrix-adc-vpx-1000-premium-13-0-61-48
13.0 citrix-adc-vpx-1000-premium-13-0-latest projects/citrix-master-project/global/images/citrix-adc-vpx-1000-premium-13-0-latest
13.0 citrix-adc-vpx-1000-standard-13-0-61-48 projects/citrix-master-project/global/images/citrix-adc-vpx-1000-standard-13-0-61-48
13.0 citrix-adc-vpx-1000-standard-13-0-latest projects/citrix-master-project/global/images/citrix-adc-vpx-1000-standard-13-0-latest
13.0 citrix-adc-vpx-5000-enterprise-13-0-58-32 projects/citrix-master-project/global/images/citrix-adc-vpx-5000-enterprise-13-0-58-32
13.0 citrix-adc-vpx-5000-enterprise-13-0-latest projects/citrix-master-project/global/images/citrix-adc-vpx-5000-enterprise-13-0-latest
13.0 citrix-adc-vpx-5000-platinum-13-0-58-32 projects/citrix-master-project/global/images/citrix-adc-vpx-5000-platinum-13-0-58-32
13.0 citrix-adc-vpx-5000-platinum-13-0-latest projects/citrix-master-project/global/images/citrix-adc-vpx-5000-platinum-13-0-latest
13.0 citrix-adc-vpx-5000-standard-13-0-58-32 projects/citrix-master-project/global/images/citrix-adc-vpx-5000-standard-13-0–58-32
13.0 citrix-adc-vpx-5000-standard-13-0-latest projects/citrix-master-project/global/images/citrix-adc-vpx-5000-standard-13-0-latest
13.0 citrix-adc-vpx-3000-enterprise-13-0-58-32 projects/citrix-master-project/global/images/citrix-adc-vpx-3000-enterprise-13-0-58-32
13.0 citrix-adc-vpx-3000-enterprise-13-0-latest projects/citrix-master-project/global/images/citrix-adc-vpx-3000-enterprise-13-0-latest
13.0 citrix-adc-vpx-3000-platinum-13-0-58-32 projects/citrix-master-project/global/images/citrix-adc-vpx-3000-platinum-13-0-58-32
13.0 citrix-adc-vpx-3000-platinum-13-0-latest projects/citrix-master-project/global/images/citrix-adc-vpx-3000-platinum-13-0-latest
13.0 citrix-adc-vpx-3000-standard-13-0-58-32 projects/citrix-master-project/global/images/citrix-adc-vpx-3000-standard-13-0–58-32
13.0 citrix-adc-vpx-3000-standard-13-0-latest projects/citrix-master-project/global/images/citrix-adc-vpx-3000-standard-13-0-latest
13.0 citrix-adc-vpx-200-enterprise-13-0-58-32 projects/citrix-master-project/global/images/citrix-adc-vpx-200-enterprise-13-0-58-32
13.0 citrix-adc-vpx-200-enterprise-13-0-latest projects/citrix-master-project/global/images/citrix-adc-vpx-200-enterprise-13-0-latest
13.0 citrix-adc-vpx-200-platinum-13-0-58-32 projects/citrix-master-project/global/images/citrix-adc-vpx-200-platinum-13-0-58-32
13.0 citrix-adc-vpx-200-platinum-13-0-latest projects/citrix-master-project/global/images/citrix-adc-vpx-200-platinum-13-0-latest
13.0 citrix-adc-vpx-200-standard-13-0-58-32 projects/citrix-master-project/global/images/citrix-adc-vpx-200-standard-13-0–58-32
13.0 citrix-adc-vpx-200-standard-13-0-latest projects/citrix-master-project/global/images/citrix-adc-vpx-200-standard-13-0-latest
13.0 citrix-adc-vpx-10-enterprise-13-0-58-32 projects/citrix-master-project/global/images/citrix-adc-vpx-10-enterprise-13-0-58-32
13.0 citrix-adc-vpx-10-enterprise-13-0-latest projects/citrix-master-project/global/images/citrix-adc-vpx-10-enterprise-13-0-latest
13.0 citrix-adc-vpx-10-platinum-13-0-58-32 projects/citrix-master-project/global/images/citrix-adc-vpx-10-platinum-13-0-58-32
13.0 citrix-adc-vpx-10-platinum-13-0-latest projects/citrix-master-project/global/images/citrix-adc-vpx-10-platinum-13-0-latest
13.0 citrix-adc-vpx-10-standard-13-0-58-32 projects/citrix-master-project/global/images/citrix-adc-vpx-10-standard-13-0-58-32
13.0 citrix-adc-vpx-10-standard-13-0-latest projects/citrix-master-project/global/images/citrix-adc-vpx-10-standard-13-0-latest
13.0 citrix-adc-vpx-express-13-0-58-32 projects/citrix-master-project/global/images/citrix-adc-vpx-express-13-0-58-32
13.0 citrix-adc-vpx-express-13-0-latest projects/citrix-master-project/global/images/citrix-adc-vpx-express-13-0-latest
13.0 citrix-adc-vpx-byol-13-0-58-32 projects/citrix-master-project/global/images/citrix-adc-vpx-byol-13-0-58-32
13.0 citrix-adc-vpx-byol-13-0-latest projects/citrix-master-project/global/images/citrix-adc-vpx-byol-13-0-latest

Resources