Citrix Application Delivery Management service

Install an agent on Amazon Web Services (AWS)

The Citrix ADM agent works as an intermediary between the Citrix ADM and the discovered instances in the data center or on the cloud.


To launch a Citrix ADM agent AMI within an Amazon Web Services (AWS) Virtual Private Cloud (VPC) by using the Amazon GUI, you need:

  • An AWS account

  • An AWS virtual private cloud (VPC)

  • An IAM account


  • Before you provision a Citrix ADM agent virtual machine, Citrix recommends creating security group, virtual private network, key pair, subnet, and other entities. So, the network information is available during provisioning.

  • For a Citrix ADM agent to communicate with the Citrix ADM, and the Citrix ADC instances, ensure that the recommended ports are open. For complete details about the port requirements for a Citrix ADM agent, see Ports.

To install the Citrix ADM agent on AWS:

  1. Log on to the AWS marketplace by using your AWS credentials.

  2. In the search field, type Citrix ADM agent to search for the Citrix ADM agent AMI, and click Go.

  3. On the search result page, click the Citrix ADM External agent AMI from the available list.

  4. On the Citrix ADM External Agent AMI page, click Continue to Subscribe.

    Citrix ADM external agent

  5. After the subscription is successful, click Continue to Configuration.

    Continue configuration

  6. On the Configure this software page:

    1. Select the AMI from the Fulfillment option list.

    2. Select the latest Citrix ADM agent version from the Software Version list.

    3. Select your region from the Region list.

    4. Click Continue to Launch

      Continue to launch

  7. On the Launch this software page, you have two options to register the Citrix ADM agent:

    1. Launch from Website

    2. Launch with EC2

      Launch with EC2

Launch from a Website

To launch from a Website, select:

  1. An EC2 instance type from the EC2 Instance Type list

  2. A VPC from the VPC Settings list. Click Create a VPC in EC2 to create a VPC for your software.

  3. A Subnet from the Subnet Settings list. Click Create a subnet in EC2 to create a subnet after you selected the VPC.

  4. A security group for the firewall from the Security Group Settings list. Click Create New Based On Seller Settings to create a security group.

  5. A key pair to ensure access security from the Key Pair Settings list. Click Create a key pair in EC2 to create a key pair for your software.

  6. Click Launch

    Launch a website

  7. The launch from a Website is successful.

    Launch from a website is successful


    The deployment process might take approximately 10–15 minutes. After the deployment is successfully completed, you can view your Citrix ADM agent virtual machine on your AWS account.

  8. Once the agent is deployed, assign a name for your Citrix ADM agent.

  9. Once the agent is up and running, assign an elastic IP address for your Citrix ADM agent.


    Elastic IP address enables Citrix ADM agent to communicate with Citrix ADM. But, an elastic IP address might not be required if you have configured NAT Gateway to route the traffic to the Internet.

  10. Using an SSH client, log on to your Citrix ADM agent.


    You can log on to the Citrix ADM agent using one of the following ways:

    • Use nsrecover as the user name and AWS instance ID as the password.

    • Use nsroot as the user name and a valid keypair as the password.

  11. Enter the following command to invoke the deployment screen:

  12. Enter the Service-URL and the Activation code that you had copied and saved from the Set Up Agents page in Citrix ADM as instructed in Getting Started. The agent uses the service URL to locate the service and the activation code to register with the service.

    Citrix ADM deployment

After agent registration is successful, the agent restarts to complete the installation process.

After the agent has restarted, access Citrix ADM and on the Set Up Agent page, under Discovered Agents, verify the status of the agent.

Launch with EC2

To launch with EC2, select Launch through EC2 from the Choose Action list, and then click Launch.

  1. On the Choose an Instance Type page, select the instance, and click Next: Configure Instance Details.

    Configure instance details

  2. On the Configure Instance Details page, specify the required parameters.

    Under the Advanced Details section, you can enable a zero-touch agent by specifying authentication details or a script in the User data field.

    • Authentication details - Specify the Service-URL and Activation code that you copied from the Set Up Agents page in Citrix ADM as instructed in Getting Started. Enter the details in the following format.

       registeragent -serviceurl <apigatewayurl> -activationcode <activationcodevalue>

      Agent uses this information to auto-register with the Citrix ADM during boot-up.

    • Script - Specify an agent auto-registration script as user data. The following is an example script:

       import os
       import requests
       import json
       import time
       import re
       import logging
       import logging.handlers
       import boto3
       Overview of the Script:
       The script helps to register a Citrix ADM agent with Citrix ADM. Pass it in userdata to make Citrix ADM agent in AWS to autoregister on bootup. The workflow is as follows
       1)  Fetch the Citrix ADM API credentials (ID and secret) from AWS secret store (NOTE: you have to assign IAM role to the Citrix ADM agent that will give permission to fetch secrets from AWS secret store)
       2)  Login to Citrix ADM with credentials fetched in step 1
       3)  Call Citrix ADM to fetch credentials (serviceURL and token) for agent registration
       4)  Calls registration by using the credentials fetched in step 3
       These are the placeholders which you need to replace according to your setup configurations
       aws_secret_id: Id of the AWS secret where you have stored Citrix ADM Credentials
       The secrets value should be in the following json format
       { "adm_user_id_key": "YOUR_ID", " adm_user_secret_key": "YOUR_SECRET"}
       aws_secret_id = "<AWS_secret_id>"
       adm_ip_or_hostname = "<YOUR_ADM_POP>"
       Set up a specific logger with your desired output level and log file name
       log_file_name_local = os.path.basename(__file__)
       LOG_FILENAME = '/var/log/' + 'bootstrap' + '.log'
       LOG_MAX_BYTE = 50*1024*1024
       LOG_BACKUP_COUNT = 20
       logger = logging.getLogger(__name__)
       logger_handler = logging.handlers.RotatingFileHandler(LOG_FILENAME, maxBytes=LOG_MAX_BYTE, backupCount=LOG_BACKUP_COUNT)
       logger_fortmater = logging.Formatter(fmt='%(asctime)-2s:%(funcName)30s:%(lineno)4d: [%(levelname)s] %(message)s', datefmt="%Y-%m-%d %H:%M:%S")
       class APIHandlerException(Exception):
           def __init__(self, error_code, message):
               self.error_code = error_code
               self.message = message
           def __str__(self):
               return self.message + ". Error code '" + str(self.error_code) + "'"
       def parse_response(response, url, print_response=True):
           if not response.ok:
               if "reboot" in url:
                   logger.debug('No response for url: reboot')
                   resp = {"errorcode": "500", "message": "Error while reading response."}
                   return resp
               if print_response:
                   logger.debug('Response text for %s is %s' % (url, response.text))
               response = json.loads(response.text)
               logger.debug("ErrorCode - " + str(response['errorcode']) + ". Message -" + str(response['message']))
               raise APIHandlerException(response['errorcode'], str(response['message']))
           elif response.text:
               if print_response:
                   logger.debug('Response text for %s is %s' % (url, response.text))
               result = json.loads(response.text)
               if 'errorcode' in result and result['errorcode'] > 0:
                   raise APIHandlerException(result['errorcode'], str(result['message']))
               return result
       def _request(method, url, data=None, headers=None, retry=3, print_response=True):
               response = requests.request(method, url, data=data, headers=headers)
               result = parse_response(response, url, print_response=print_response)
               return result
           except [requests.exceptions.ConnectionError, requests.exceptions.ConnectTimeout]:
               if retry > 0:
                   return _request(method, url, data, headers, retry-1, print_response=print_response)
                   raise APIHandlerException(503, 'ConnectionError')
           except requests.exceptions.RequestException as e:
               raise APIHandlerException(500, str(e))
           except APIHandlerException as e:
               logger.debug("URL: %s, Error: %s, Message: %s" % (url, e.error_code, e.message))
               raise e
           except Exception as e:
               raise APIHandlerException(500, str(e))
           '''Get the AWS Region'''
           client = boto3.client('s3')
           my_region = client.meta.region_name
           logger.debug("The rgion is %s" % (my_region))
           '''Creating a Boto cleint session'''
           session = boto3.session.Session()
           client = session.client(
           '''Getting the values stored in the secret with id: <aws_secret_id>'''
           get_id_value_response = client.get_secret_value(
               SecretId = aws_secret_id
           adm_user_id = json.loads(get_id_value_response["SecretString"])["adm_user_id_key"]
           adm_user_secret = json.loads(get_id_value_response["SecretString"])["adm_user_secret_key"]
       except Exception as e:
           logger.debug("Fetching of Citrix ADM credentials from AWS secret failed with error: %s" % (str(e)))
           raise e
       Initializing common Citrix ADM API handlers
       mas_common_headers = {
           'Content-Type': "application/json",
           'Accept-type': "application/json",
           'Connection': "keep-alive",
           'isCloud': "true"
       API to login to the Citrix ADM and fetch the Session ID and Tenant ID
       url = "https://" + str(adm_ip_or_hostname) + "/nitro/v1/config/login"
       payload = 'object={"login":{"ID":"' + adm_user_id + '","Secret":"' + adm_user_secret + '"}}'
           response = _request("POST", url, data=payload, headers=mas_common_headers)
           sessionid = response["login"][0]["sessionid"]
           tenant_id = response["login"][0]["tenant_name"]
       except Exception as e:
           logger.debug("Login call to the Citrix ADM failed with error: %s" % (str(e)))
           raise e
       API to fetch the service URL and Token to be used for registering the agent with the Citrix ADM
       mas_common_headers['Cookie'] = 'SESSID=' + str(sessionid)
       url = "https://" + str(adm_ip_or_hostname) + "/nitro/v1/config/trust_preauthtoken/" + tenant_id +"?customer="+ tenant_id
       logger.debug("Fetching Service URL and Token.")
           response = _request("GET", url, data=None, headers=mas_common_headers)
           service_name  = response["trust_preauthtoken"][0]["service_name"]
           token = response["trust_preauthtoken"][0]["token"]
           api_gateway_url = response["trust_preauthtoken"][0]["api_gateway_url"]
       except Exception as e:
           logger.debug("Fetching of the Service URL Passed with error. %s" % (str(e)))
           raise e
       Running the register agent command using the values we retrieved earlier
           registeragent_command = "registeragent -serviceurl "+api_gateway_url+" -activationcode "+service_name+"\;"+token
           file_run_command = "/var/python/bin/python2.7 /mps/ "+registeragent_command
           logger.debug("Executing registeragent command: %s" % (file_run_command))
       except Exception as e:
           logger.debug("Agent Registeration failed with error: %s" % (str(e)))
               raise e

      This script fetches the authentication details from the AWS secrets manager and runs the script to register the agent with the Citrix ADM.

    Configure instance details


    While you can auto-assign public IP address, you can also assign elastic IP address. Assigning an elastic IP address is required when NAT Gateway is not configured.

    If the elastic IP address is not set in this step, you can still do it on the EC2 console. You can create a new elastic IP address and associate that with the Citrix ADM agent using the instance ID or ENI-ID.

    Click Add Storage.

  3. On the Add Storage page, configure the storage device settings for the instance, and click Next: Add Tags.

    Add tags

  4. On the Add Tags page, define the tag for the instance, and click Next: Configure Security Group.

    Configure security group

  5. On the Configure Security Group page, add rules to allow specific traffic to your instance and click Review and Launch.

    Review and launch

  6. On the Review Instance Launch page, review the instance settings and click Launch.

  7. In the Select an existing key pair or create a new key pair dialog box, create a key pair. You can also select from the existing key pairs.

    Accept the acknowledgment and click Launch Instances.

    Launch instances

The deployment process might take approximately 10–15 minutes. After the deployment is successfully completed, you can view your Citrix ADM agent virtual machine on your AWS account.

Install an agent on Amazon Web Services (AWS)