Citrix App Delivery and Security Service – Self Managed

System requirements

Before you begin using Citrix App Delivery and Security Service – Self Managed, you must review the software requirements, browser requirements, port information, license information, and limitations.

Supported browsers

To access Citrix App Delivery and Security Service – Self Managed, your workstation must have a supported web browser.

The following browsers are supported.

Web Browser Version
Internet Explorer 11.0 and later
Google Chrome Chrome 19 and later
Safari Safari 5.1.1 and later
Mozilla Firefox Firefox 3.6.25 and later

Agent installation requirements

Install and configure an agent in your network environment to enable communication between Citrix App Delivery and Security Service – Self Managed and the managed instances in your data center. In your data center on-premises, you can install an agent on Citrix XenServer, VMware ESXi, Microsoft Hyper-V, and Linux KVM server.

The agent requirements are the virtual computing resources that the hypervisor must provide for each Citrix App Delivery and Security Service – Self Managed agent. The following table lists the agent requirements to avail all Citrix App Delivery and Security Service – Self Managed features:

Component Requirement
RAM 32 GB
Virtual CPU 8
Storage Space 30 GB
Virtual Network interfaces 1
Throughput 1 Gbps

The agent requirements to avail only the pooled licensing feature, see Lightweight agent for pooled licensing.

You can also install an agent on Microsoft Azure or AWS or Google Cloud. Citrix recommends you use the following virtual machine types from the respective cloud marketplaces to avail all Citrix App Delivery and Security Service – Self Managed features:

Cloud Agent requirements Preferred virtual machine type
AWS 8 virtual CPU, 32 GB RAM, and 30 GB storage space m4.2xlarge
Microsoft Azure 8 virtual CPU, 32 GB RAM, and 30 GB storage space Standard_D8s_v3
Google Cloud 8 virtual CPU, 32 GB RAM, and 30 GB storage space e2-standard-8

For instructions about installing an agent, see the following links:

Lightweight agent for pooled licensing

If you plan to use the Citrix App Delivery and Security Service – Self Managed service only for pooled licensing, you can use an agent with lower specifications, as listed in the following table:

Component Requirement
RAM 8 GB
Virtual CPU 4
Storage Space 30 GB

Such agents with lower specifications (lightweight) are supported only on Citrix App Delivery and Security Service – Self Managed service.

Citrix recommends you use the following virtual machine types from the respective cloud marketplaces to avail only the pooled licensing feature:

Cloud Agent requirements Preferred virtual machine type
AWS 4 virtual CPU, 8 GB RAM, and 30 GB storage space m4.xlarge. This instance type provides 4 virtual CPU, 16 GB RAM, and 30 GB storage space. Citrix recommends this instance type since it matches most of the agent requirements among existing instance types.
Microsoft Azure 4 virtual CPU, 8 GB RAM, and 30 GB storage space Standard_F4s_v2
Google Cloud 4 virtual CPU, 8 GB RAM, and 30 GB storage space e2-standard-4

Note

You must disable the default scheduling jobs by navigating to Settings > Global Settings > Configurable Features.

Ports

For communications between Citrix ADC instances and Citrix App Delivery and Security Service – Self Managed agent,the following ports must be open in a Citrix App Delivery and Security Service – Self Managed agent:

Type Port Details Direction of communication
TCP 80/443 For NITRO communication from Citrix App Delivery and Security Service – Self Managed to Citrix ADC. For NITRO communication between Citrix App Delivery and Security Service – Self Managed servers in high availability mode. to Citrix ADC and Citrix ADC to Citrix App Delivery and Security Service – Self Managed
TCP 22 For SSH communication from Citrix App Delivery and Security Service – Self Managed to Citrix ADC. For synchronization between Citrix App Delivery and Security Service – Self Managed servers deployed in high availability mode. And, this port is required for the SSH communication between the Citrix App Delivery and Security Service – Self Managed agent and Citrix ADC. Citrix App Delivery and Security Service – Self Managed to Citrix ADC and Citrix App Delivery and Security Service – Self Managed agent to Citrix ADC
UDP 4739 For AppFlow communication from Citrix ADC to Citrix App Delivery and Security Service – Self Managed. Citrix ADC to Citrix App Delivery and Security Service – Self Managed
ICMP No reserved port To detect network reachability between Citrix App Delivery and Security Service – Self Managed and Citrix ADC instances, the secondary Citrix App Delivery and Security Service – Self Managed server deployed in high availability mode.  
UDP 161, 162 To receive SNMP events from Citrix ADC instance to Citrix App Delivery and Security Service – Self Managed Port 161 - Citrix App Delivery and Security Service – Self Managed to Citrix ADC
      Port 162 - Citrix ADC to Citrix App Delivery and Security Service – Self Managed
UDP 514 To receive syslog messages from Citrix ADC to Citrix App Delivery and Security Service – Self Managed  
TCP 25 To send SMTP notifications from Citrix App Delivery and Security Service – Self Managed to users.  
TCP 5563 To receive ADC metrics (counters), system events, and Audit Log messages from Citrix ADC instance to Citrix App Delivery and Security Service – Self Managed. Citrix ADC to Citrix App Delivery and Security Service – Self Managed
TCP 5557/5558 For logstream communication (for Security Insight, Web Insight, and HDX Insight) from Citrix ADC to Citrix App Delivery and Security Service – Self Managed Citrix ADC to Citrix App Delivery and Security Service – Self Managed
TCP 5454 Default port for communication, and database synchronization in between nodes in high availability mode. Citrix App Delivery and Security Service – Self Managed primary node to Citrix App Delivery and Security Service – Self Managed secondary node
TCP 27000 and 7279 License ports for communication between Citrix App Delivery and Security Service – Self Managed license server and ADC instance. These ports are also used for ADC pooled licenses. Citrix ADC to Citrix App Delivery and Security Service – Self Managed
TCP 443/8443/7443 Port for communication between Citrix App Delivery and Security Service – Self Managed agent and Citrix App Delivery and Security Service – Self Managed. The Citrix App Delivery and Security Service – Self Managed agent initiates the communication to Citrix App Delivery and Security Service – Self Managed. Citrix App Delivery and Security Service – Self Managed agent to Citrix App Delivery and Security Service – Self Managed

For communication between Citrix App Delivery and Security Service – Self Managed agent and Citrix App Delivery and Security Service – Self Managed, ensure the following port is open in Citrix App Delivery and Security Service – Self Managed agent:

Type Port Details
HTTPS 443 For communication from Citrix App Delivery and Security Service – Self Managed agent to Citrix App Delivery and Security Service – Self Managed

Note

The endpoint of the Citrix App Delivery and Security Service – Self Managed is the same as the “Service URL” generated while trying to register the agent. The agent uses the service URL to locate Citrix App Delivery and Security Service – Self Managed.

Ensure that the following endpoints are whitelisted:

  • Download Service:

     https://download.citrixnetworkapi.net
     <!--NeedCopy-->
    
  • Trust Service:

     *.citrixnetworkapi.net
     <!--NeedCopy-->
    
  • Service URLs:

     *.agent.appdeliverysecurity.cloud.com
     *.appdeliverysecurity.cloud.com
     appdeliverysecurity.cloud.com
     <!--NeedCopy-->
    
  • ADC backup service:

     ads-self-managed-prod-backup-.*\.s3\..*amazonaws\.com
     <!--NeedCopy-->
    

For communication between Citrix App Delivery and Security Service – Self Managed agent and Citrix Analytics Service, ensure the following endpoints are whitelisted:

Endpoint US region EU region
Event Hub https://cas-eh-ns-alias.servicebus.windows.net https://cas-eh-ns-eu-alias.servicebus.windows.net

Minimum Citrix ADC versions required

Note

Citrix ADC versions 10.5, 11.0, and 12.0 have already reached End Of Life (EOL). For more information, see the Product Matrix. The recommended ADC version is 12.1.

Citrix App Delivery and Security Service – Self Managed Feature Citrix ADC Software Version
StyleBooks 10.5 and later
Monitoring/Reporting and Configuring using Jobs 10.5 and later
Analytics  
HDX Insight 10.1 and later
Gateway Insight 11.0.65.31 and later
Security Insight 11.0.65.31 and later

Requirements for Citrix App Delivery and Security Service – Self Managed Analytics solution

Minimum Citrix Virtual Apps and Desktops versions required

Citrix App Delivery and Security Service – Self Managed Feature Citrix Virtual Apps and Desktops Version
HDX Insight Citrix Virtual Apps and Desktops 7.0 and later

Note

The Citrix Gateway feature (branded as Access Gateway Enterprise for versions 9.3 and 10.x) must be available on the Citrix ADC instance. Citrix App Delivery and Security Service – Self Managed does not support standalone Access Gateway Standard appliances.

Citrix App Delivery and Security Service – Self Managed can generate reports for applications that are published on a Citrix Virtual App or Desktop and accessed through Citrix Receiver. However, this capability depends on the operating system on which the Receiver is installed. Currently, a Citrix ADC does not parse ICA traffic for applications or desktops that are accessed through Citrix Receiver running on iOS or Android operating systems.

Thin clients supported for HDX Insight

Citrix App Delivery and Security Service – Self Managed supports the following thin clients for monitoring Citrix ADC instances running on software version 11.0 Build 65.31 and later:

  • Dell Wyse Windows based Thin Clients
  • Dell Wyse Linux based Thin Clients
  • Dell Wyse ThinOS based Thin Clients
  • 10ZiG Ubuntu based Thin Clients

Citrix ADC instance license required for HDX Insight

The data collected by Citrix App Delivery and Security Service – Self Managed for HDX Insight depends on the version and the installed licenses of the Citrix ADC instances that are monitored. HDX Insight reports are displayed only for Citrix ADC Premium and Enterprise appliances running on software version 10.5 and later.

           
Citrix ADC License/Duration 5 minutes 1 Hour 1 Day 1 Week 1 Month
Standard No No No No No
Advanced Yes Yes No No No
Premium Yes Yes Yes Yes Yes

Supported operating systems and Citrix Receiver versions

The following table lists the operating systems supported by Citrix App Delivery and Security Service – Self Managed, and the Citrix Receiver versions currently supported with each system:

Operating System Receiver Version
Windows 4.0 Standard Edition
Linux 13.0.265571 and later
Mac 11.8, build 238301 and later