Product Documentation

Provisioning Citrix ADC VPX instances on Microsoft Azure

Applications or services hosted on Azure require secure traffic management and efficient optimization of network resources along with cloud benefits. Citrix ADC VPX instances provisioned on Microsoft Azure provide secure traffic management, optimized resource consumption, and reduced web application ownership costs.

Citrix ADM allows you to automate the deployment, setup, and management of the ADC VPX instances on Azure. Provisioning Citrix ADC VPX instances using ADM combines elasticity and flexibility of cloud with the control features of Citrix ADC.

Supported Citrix ADC Azure virtual machine images for provisioning

Use the Azure virtual machine image that supports a minimum of three NICs. Provisioning Citrix ADC VPX instance is supported only on Platinum and Enterprise edition. For more information on Azure virtual machine image types, see VM types and sizes in Microsoft Documentation.

The following are the recommended VM sizes for provisioning:

  • Standard_DS3_v2

  • Standard_B2ms

  • Standard_DS4_v2

Citrix ADM Deployment Architecture

The following image provides an overview of how Citrix ADM connects with Azure to provision Citrix ADC VPX instances in Microsoft Azure.

Citrix ADM deployment architecture

You require to have three subnets to provision and manage Citrix ADC VPX instance in Microsoft Azure. A security group must be created for each subnet. The rules specified in Network Security Group (NSG) governs the communication across the subnets.

Citrix ADM service agent helps you to provision and manage Citrix ADC VPX instance.

Prerequisites

This section describes the prerequisites that you must complete in Microsoft Azure and Citrix ADM before you provision Citrix ADC VPX instances.

This document assumes the following:

  • You possess a Microsoft Azure account that supports the Azure Resource Manager deployment model.

  • You have a resource group in Microsoft Azure.

For more information on how to create an account and other tasks, see Microsoft Azure Documentation.

Set up Microsoft Azure components

Perform the following tasks in Azure before you provision Citrix ADC VPX instances in Citrix ADM.

  1. Create a virtual network.

  2. Create security groups.

  3. Create subnets.

  4. Subscribe to Citrix ADC VPX license in Microsoft Azure.

  5. Create and register an application.

  6. Set up a Citrix ADM service agent.

Create a virtual network

  1. Log on to your Microsoft Azure portal.

  2. Select Create a resource.

  3. Select Networking and click Virtual Network.

  4. Specify the required parameters.

    In Resource group, you must specify the resource group where you want to deploy Citrix ADC VPX product.

    Note:

    The application servers are present in this resource group.

  5. Click Create.

For more information, see Azure Virtual Network in Microsoft Documentation.

Create security groups

Create three security groups in your virtual network (VNet) - one each for the management, client, and server connections. Create a security group to control inbound and outbound traffic in the Citrix ADC VPX instance. You can add as many rules as you want.

  • Management: A security group in your account dedicated for management of Citrix ADC VPX. Citrix ADC has to contact Azure services and requires internet access. Inbound rules are allowed on the following TCP and UDP ports.
    • TCP: 80, 22, 443, 3008–3011, 4001
    • UDP: 67, 123, 161, 500, 3003, 4500, 7000

    Note:

    Ensure that the security group allows the Citrix ADM agent to be able to access the VPX.

  • Client: A security group in your account dedicated for client-side communication of Citrix ADC VPX instances. Typically, inbound rules are allowed on the TCP ports 80, 22, and 443.

  • Server: A security group in your account dedicated for server-side communication of Citrix ADC VPX.

For more information on how to create a security group in Microsoft Azure, see Create, change, or delete a network security group.

Create subnets

Create three subnets in your virtual network (VNet) - one each for the management, client, and server connections. Specify an address range that is defined in your VNet for each of the subnets. Specify the availability zone in which you want the subnet to reside. Create all the three subnets in each of the availability zones where servers are present.

  • Management: A subnet in your Virtual Network (VNet) dedicated for management. Citrix ADC has to contact Azure services and requires internet access.

  • Client: A subnet in your Virtual Network (VNet) dedicated for client side. Typically, Citrix ADC receives client traffic for the application via a public subnet from the internet.

  • Server: A subnet where the application servers are provisioned. All your application servers are present in this subnet and receives application traffic from the Citrix ADC through this subnet.

Note:

Specify an appropriate security group to the subnet while creating a subnet.

For more information on how to create a subnet in Microsoft Azure, see Add, change, or delete a virtual network subnet.

Subscribe to Citrix ADC VPX license in Microsoft Azure

  1. Log on to your Microsoft Azure portal.

  2. Select Create a resource.

  3. In the Search the marketplace bar, search for Citrix ADC VPX platinum or enterprise edition.

  4. Select Want to deploy programmatically.

    Deploy Citrix ADC VPX programmatically

  5. In Choose the subscriptions, select Enable to deploy the selected Citrix ADC VPX edition programmatically.

    Enable programmatic deployment

    Important:

    Enabling the programmatic deployment is required to provision Citrix ADC VPX instances in Azure.

Create and register an application

Citrix ADM uses this application to provision Citrix ADC VPX instances in Azure.

To create and register an application in Azure:

  1. In Azure portal, select Azure Active Directory. This option displays your organization’s directory.

  2. Select App registrations:
    1. In Name, specify the name of the application.

    2. Select the Application type from the list.

    3. In Sign-on URL, specify the application URL to access the application.

  3. Click Create.

For more information on App registrations, see Microsoft Documentation.

Azure assigns an application ID to the application. The following is an example application registered in Microsoft Azure:

Registered application in Microsoft Azure for Citrix ADC VPX

Copy the following IDs and provide these IDs when you are configuring Cloud Access Profile in Citrix ADM:

  • Application ID: For steps to retrieve the application or client ID, see Microsoft Documentation.

  • Directory ID: For steps to retrieve the directory or tenant or object ID, see Microsoft Documentation.

  • Key: For steps to retrieve the key value or client secrets ID, see Microsoft Documentation.

    Client secret key of registered application

  • Subscription ID: Copy the subscription ID from your storage account.

Assign the role permission to an application

Citrix ADM uses the application-as-a-service principle to provision Citrix ADC instances in Microsoft Azure. This permission is applicable only to the selected resource group.

To assign a role permission to your registered application, you have to be the owner of the Microsoft Azure subscription.

  1. In Azure portal, select Resource groups.

  2. Select the resource group to which you want to assign role permission.

  3. Select Access control (IAM).

  4. In Role assignments, click Add.

  5. Select Owner from the Role list.

  6. Select the application that is registered for provisioning Citrix ADC instances. See, Create and register an application.

  7. Click Save.

Assign role permission in Microsoft Azure

Set up a Citrix ADM service agent

Install a Citrix ADM service agent in the management subnet. This agent works as an intermediary between the Citrix Application Delivery Management (Citrix ADM) and the managed instances in Microsoft Azure. For more information on how to install Citrix ADM service agent on Microsoft Azure, see Installing Citrix ADM agent on Microsoft Azure cloud.

Set up Citrix ADM components

Perform the following tasks in Azure before you provision Citrix ADC VPX instances in Citrix ADM:

  1. Create a site.

  2. Attach the site to a Citrix service agent.

Create a site in Citrix ADM

Create a site in Citrix ADM and add the VNet details associated with your Microsoft Azure resource group.

  1. In Citrix ADM, navigate to Networks > Sites.

  2. Click Add.

  3. In the Select Cloud pane,

    1. Select Data Center as a Site type.

    2. Choose Azure from the Type list.

    3. Check the Fetch VNet from Azure check box.

      This option helps you to retrieve the existing VNet information from your Microsoft Azure account.

    4. Click Next.

  4. In the Choose Region pane,

    1. In Cloud Access Profile, select the profile created for your Microsoft Azure account. If there are no profiles, create a profile.

    2. To create a cloud access profile, click Add.

    3. In Name, specify a name to identify your Azure account in Citrix ADM.

    4. In Tenant Active Directory ID / Tenant ID, specify the Active Directory ID of the tenant or the account in Microsoft Azure.

    5. Specify the Subscription ID.

    6. Specify the Application ID/Client ID.

    7. Specify the Application Key Password / Secret.

    8. Click Create.

      For more information, see Create and register an application and Mapping Cloud access profile to Azure application.

      Create Cloud Access Profile

    9. In VNet, select the virtual network containing Citrix ADC VPX instances that you want to manage.

    10. Specify a Site Name.

    11. Click Finish.

Mapping cloud access profile to Azure application
Citrix ADM Term Microsoft Azure Term
Tenant Active Directory ID / Tenant ID Directory ID
Subscription ID Subscription ID
Application ID/Client ID Application ID
Application Key Password / Secret Keys or Certificates or Client Secrets

Attach the site to a Citrix ADM service agent

  1. In Citrix ADM, navigate to Networks > Agents.

  2. Select the agent for which you want to attach a site.

  3. Click Attach Site.

  4. Select the site from the list that you want to attach.

  5. Click Save.

Configuration tasks

Use the site that you have associated with your Microsoft Azure resource group to provision the Citrix ADC VPX instances. Provide Citrix ADM service agent details to provision those instances that are bound to that agent.

  1. In Citrix ADM, navigate to Networks > Instances > Citrix ADC.

  2. In the VPX tab, click Select Action and select Provision in Public Cloud.

    This option displays the Provision Citrix ADC VPX on Cloud page.

  3. Select Microsoft Azure and click Next.

  4. In Basic Parameters,

    1. Select Standalone from the Type of Instance list.

    2. Specify the name of Citrix ADC VPX instance.

    3. In Site, select the site that you created earlier.

    4. In Agent, select the agent that is created to manage Citrix ADC VPX instance.

    5. In Cloud Access Profile, select the cloud access profile created during site creation.

    6. In Device Profile, select the profile to provide authentication.

      Citrix ADM uses the device profile when it requires to log on to the Citrix ADC VPX instance.

      Note:

      Ensure the selected device profile conforms to Microsoft Azure password rules.

    7. Click Next.

      Provisioning Citrix ADC VPX basic parameters

  5. In Cloud Parameters,

    1. Select the Resource Group in which you want to provision the Citrix ADC VPX instance.

    2. Select the required Product / License from the list.

    3. Select the supported VM size from the list.

      Note:

      For more information on supported products and VM sizes, see Supported Citrix ADC Azure virtual machine images.

    4. Select the Cloud Access Profile for ADC.

    5. Select the Version of Citrix ADC that you want to provision. Select both Major and Minor version of Citrix ADC.

    6. In Security Groups, select the Management, Client, and Server security groups that you have created in your virtual network.

    7. In Subnets, specify the required number of availability zones in Azure.

    8. In Subnets, select the Management, Client, and Server subnets that you have created in your virtual network.

    9. Click Finish.

      Provisioning Citrix ADC VPX basic parameters The Citrix ADC VPX instance is now provisioned on Microsoft Azure.

View the provisioned Citrix ADC VPX instances

To view in Citrix ADM:

  1. In Citrix ADM, navigate to Networks > Instances > Citrix ADC.

  2. Select the Citrix ADC VPX tab.

    The Citrix ADC VPX instance provisioned in Microsoft Azure is listed here.

To view in Microsoft Azure:

  1. Log on to your Azure portal.

  2. Navigate to the resource group that is created to provision Citrix ADC VPX instance.

    This page displays the provisioned Citrix ADC VPX instance.

Note:

The name of the Citrix ADC VPX instance is the same that you provided while provisioning the instance in Citrix ADM.