Data Governance

Citrix App Delivery and Security (CADS) service is a part of Citrix Cloud services, and it uses Citrix Cloud as the platform for signup, onboarding, authentication, administration, and licensing. Citrix collects and stores data in Citrix Cloud as part of the CADS service. This document describes what data is collected and methods of data collection, storage, and transmission. The information supplements, Citrix Cloud Services Data Protection Overview.

This information is for Security Officers, Compliance Officers, Information Auditors, Network Infrastructure and Operations administrators, and line-of-business owners.

Customer Content


CADS service stores the following data provided by you:

  • User information (email, user name, and region).
  • IAM roles, VPC networks, Zones, Route53 zones, and application servers.
  • Application delivery configurations. It includes Origin Server IP addresses, SSL certificates, and keys.

Multi-site Applications

CADS service consumes data from the Citrix Intelligent Traffic Management (ITM) service using APIs. For more information about data collection, storage, and retention on ITM service, see Citrix Intelligent Traffic Management.


CADS service collects L3-L7 details from the Citrix instances provisioned in your premises as follows:

  • Application Dashboard - Applications’ URL, request method, response code, total bytes, web app server details, virtual server IP addresses, client details, browser, client OS, client device, SSL protocol, SSL cipher strength, SSL key strength, ADC instance IP address, timestamp of server flaps, response content type.

  • Application DNS - FQDN, site IP or FQDN, client subnet or resolver details.

  • Web Insight - Virtual server IP address, clients, URLs, browsers, operating systems, requests methods, response statuses, domains, Web app server IP address, SSL certificates, SSL cipher negotiated, SSL key strength, SSL protocol, SSL failure front end.

  • Security Insight - Client IP, URL, security violations, attack geolocation, attack timestamp, transaction ID, WAF, and ADC security configuration status.

You can view and use this information to troubleshoot the applications that are delivered through the CADS service.


For troubleshooting Citrix instances that are provisioned by CADS service, the following data are periodically collected from Citrix instances:

  • Tech-support bundle from Citrix instances.

  • SNMP traps providing alerts on the state and performance of the Citrix instances.

  • Syslog of Web transactions traversing through Citrix instances and network state information.

  • SMTP server details for email configuration.

  • SSL certificates, SSL key, SSL CSR, CA issuer, signature algorithms of the Web apps optimized by the CADS service.

  • Data Tracking for Citrix ADC Configuration Audit changes pertaining to the ADC instances, which include Web app server IP address and Citrix ADC IP address details.

  • Citrix ADC configurations stored as a template, which includes Web app server IP address details.

  • IP address of the Citrix instances, instance type, config backup, critical events, number of apps associated, geolocation of the data center where the Citrix instances are deployed.

  • Citrix Analytics logs. For more information, see Data Governance in Citrix Analytics.

How do we collect, store, and transmit data?

CADS service collects data from the Citrix instances (CADS ADC and agent instances). These instances are deployed in your virtual private cloud (VPC) and data is transmitted from the instances securely over an SSL channel encrypted using the TLS 1.2 protocol to the cloud service.

Data is stored in the Relational database and as files in an Elastic File System (EFS) hosted in the AWS cloud. For more information on the commercial regions that Citrix Cloud uses and the presence of the CADS service within each region, see Geographical Considerations.

Passwords, SNMP community strings, SSL certificates, and ADC config backup are encrypted using an AES 256 key.


Data Governance