Citrix Application Delivery Management service

Provisioning Citrix ADC VPX instances on Google Cloud

Applications or services hosted on Google Cloud require secure traffic management and efficient optimization of network resources along with cloud benefits. Citrix ADC VPX instances provisioned on Google Cloud provide secure traffic management, optimized resource consumption, and reduced web application ownership costs.

Citrix ADM allows you to automate the deployment, setup, and management of the ADC VPX instances on Google Cloud. Provisioning Citrix ADC VPX instances using ADM combines the elasticity and flexibility of cloud with the control features of Citrix ADC.

Citrix ADM Deployment Architecture

The following image provides an overview of how Citrix ADM connects with Google Cloud to provision Citrix ADC VPX instances in Google Cloud.

Citrix ADM deployment architecture

You require three Virtual Private Cloud (VPC) networks to provision and manage the Citrix ADC VPX instance in Google Cloud. A VPC network contains a subnet and firewall. The firewall has rules that govern the incoming and outgoing traffic to a subnet.

Citrix ADM service agent helps you to provision and manage the Citrix ADC VPX instance.

Prerequisites

This section describes the prerequisites that you must complete in Google Cloud and Citrix ADM before you provision Citrix ADC VPX instances.

This document assumes you possess a Google Cloud account. For more information on how to create an account, see Google Cloud Documentation.

Set up Google Cloud components

Before you provision Citrix ADC VPX instances in Citrix ADM, do the following tasks in Google Cloud:

  1. Enable APIs
  2. Create a Service Account
  3. Create a VPC network
  4. Create a firewall
  5. Subscribe to the Citrix ADC VPX license in Google Cloud

Enable APIs

Citrix ADM requires programmatic access to deploy and provision the required resources in Google Cloud. So, enable the following APIs on your Google Cloud project:

For more information about how to enable APIs in Google Cloud, see Enabling APIs.

Create a Service Account

The ADM uses a Service Account to access your Google Cloud resources. Do the following to create a service account:

  1. Log in to your Google Cloud account.

  2. Go to IAM & Admin > Service Accounts.

  3. Click +CREATE SERVICE ACCOUNT.

    Create two service accounts, one service account is used for ADM. And, another is used for ADC instances. Do the following steps to create a service account.

    1. Specify the name, ID, and description and click Create.

    2. Assign the following predefined roles:

      • IAM roles required for ADM

         roles/iam.serviceAccountUser
         roles/compute.instanceAdmin.v1
         roles/compute.networkAdmin
         roles/dns.admin
        
      • IAM roles required for the ADC instances that are created by ADM:

         roles/compute.instanceAdmin.v1
         roles/compute.networkAdmin
        

      These roles allow your service account to access Google Cloud resources.

    3. Click Done.

Create a VPC network

Create three subnets in your VPC network - one each for the management, client, and server connections. Select the custom option to create a subnet. Specify an address range for each of the subnets. Specify the region in which you want the subnet to reside.

  • Management: A subnet in your management VPC Network dedicated for management. Citrix ADC has to contact Google Cloud services and requires internet access.

  • Client: A subnet in your client VPC network dedicated for the client side. Typically, Citrix ADC receives client traffic for the application via a public subnet from the internet.

  • Server: A subnet where the application servers are provisioned. All your application servers are present in this subnet and receives application traffic from the Citrix ADC through this subnet. For more information on how to create a subnet in Google Cloud, see VPC network overview.

Create a firewall

The firewall has rules that control the inbound and outbound traffic in the Citrix ADC VPX instance. You can add as many rules as you want. To Autoscale Citrix ADC instances, you must create three firewalls:

  • Management: A firewall is dedicated for the management of Citrix ADC VPX. Citrix ADC has to contact Google Cloud services and requires internet access. Inbound rules are allowed on the following TCP and UDP ports.

    • TCP: 80, 22, 443, 3008–3011, 4001, 27000, 7279
    • UDP: 67, 123, 161, 500, 3003, 4500, 7000

    Note

    Ensure that the firewall allows the Citrix ADM agent to be able to access the VPX.

  • Client: A firewall is dedicated for client-side communication of Citrix ADC VPX instances. Typically, inbound rules are allowed on the TCP ports 80, 22, and 443.

  • Server: A firewall is dedicated for server-side communication of Citrix ADC VPX. For more information on how to create a firewall in Google Cloud, see VPC firewall rules overview.

Subscribe to the Citrix ADC VPX license in Google Cloud

  1. Log on to your Google Cloud portal.

  2. In Marketplace, search Citrix ADC and select the required product version.

  3. Select one of the following license types:

    • Customer Licensed
    • Enterprise
    • Platinum

    Note

    If you select the Customer Licensed option, the Autoscale group checks out the licenses from the Citrix ADM while provisioning Citrix ADC instances.

Set up Citrix ADM components

Before provisioning Citrix ADC VPX instances in Citrix ADM, do the following tasks in Citrix ADM:

  1. Create a site.

  2. Provision Citrix ADM agent on Google Cloud.

  3. Attach the site to a Citrix ADM service agent.

Create a site

Create a site in Citrix ADM and add the VNet details associated with your Google Cloud.

  1. In Citrix ADM, navigate to Networks > Sites.

  2. Click Add.

  3. In the Select Cloud pane,

    1. Select Data Center as a Site type.

    2. Choose Google Cloud from the Type list.

    3. Check the Fetch regions from the Google Cloud check box.

      This option helps you to retrieve the existing regions information from your Google Cloud account.

    4. Click Next.

  4. In the Choose Region pane,

    1. In Cloud Access Profile, select the profile created for your Google Cloud account. If there are no profiles, create a profile.

    2. To create a cloud access profile, click Add.

    3. In Name, specify a name to identify your Google Cloud account in Citrix ADM.

    4. In Key of the Service Account, specify the Service Account JSON created in Google Cloud.

      Access the Google Cloud account from ADM

    5. Click Create.

      For more information, see Create a Service Account.

    6. In Regions, select the region that contains the VPC network containing Citrix ADC VPX instances that you want to manage.

    7. Specify a Site Name.

    8. Click Finish.

Provision Citrix ADM agent on Google Cloud

The Citrix ADM service agent works as an intermediary between the Citrix ADM and the discovered instances in the data center or on the cloud.

  1. Navigate to Networks > Agents.

  2. Click Provision.

  3. Select Google Cloud and click Next.

  4. In the Provision Parameters tab, specify the following:

    • Name - specify the Citrix ADM agent name.

    • Site - select the site you have created to provision an agent and ADC VPX instances.

    • Cloud Access Profile - select the cloud access profile from the list.

    • Zone - Select the zones in which you want to create the Autoscale groups. Depending on the cloud access profile that you have selected, the zones of that profile are populated.

    • Network- Select the VPC network where you want to create Autoscale groups.

    • Subnet - Select the management subnet to provision an agent.

    • Tags - Type the key-value pair for the Autoscale group tags. A tag consists of a case-sensitive key-value pair. These tags enable you to organize and identify the Autoscale groups easily. The tags are applied to both Google Cloud and Citrix ADM.

  5. Click Finish.

Alternatively, you can install the Citrix ADM agent from Google Cloud Marketplace. For more information, see Installing a Citrix ADM agent on the Google Cloud.

Attach the site to a Citrix ADM service agent

  1. In Citrix ADM, navigate to Networks > Agents.

  2. Select the agent for which you want to attach a site.

  3. Click Attach Site.

  4. Select the site from the list that you want to attach.

  5. Click Save.

Configuration tasks

To provision a standalone ADC VPX instance on Google Cloud, do the following steps:

  1. In Citrix ADM, navigate to Networks > Instances > Citrix ADC.

  2. Click Provision.

  3. Select Google Cloud and click Next. Specify the required parameters to provision an instance.

  4. Specify the basic parameters, licenses, and provision parameters.

Configure basic parameters

  1. In the Basic Parameters tab, specify the following:

    • Name - Specify the name of an ADC VPX instance.

    • Site - Select the site that you created earlier.

    • Agent - select the agent that is created to manage the Citrix ADC VPX instance.

    • Cloud Access Profile - Select the cloud access profile created during site creation.

    • Citrix ADC Profile - Select the profile to provide authentication.

      Citrix ADM uses the device profile when it requires to log on to the Citrix ADC VPX instance.

  2. Click Next.

Provisioning Citrix ADC VPX basic parameters

Configure licenses

Select one of the following modes to apply license to an ADC instance:

  • Using Citrix ADM: The instance that you want to provision checks out the licenses from the Citrix ADM.

  • Using Google Cloud: The Allocate from Cloud option uses the Citrix product licenses available in the Google Cloud Marketplace. The instance that you want to provision uses the licenses from the marketplace.

    If you choose to use licenses from Google Cloud Marketplace, specify the product or license in the Provision Parameters tab.

For more information, see Licensing Requirements.

Use licenses from Citrix ADM

To use this option, ensure that you have subscribed to the Citrix ADC product with the Bring your own license software plan in Google Cloud. See, Subscribe to the Citrix ADC VPX license in Google Cloud.

  1. In the License tab, select Allocate from ADM.

  2. In License Type, select one of the following options from the list:

    • Bandwidth Licenses: You can select one of the following options from the Bandwidth License Types list:

      • Pooled Capacity: Specify the capacity to allocate to an instance.

        From the common pool, the ADC instance checks out one instance license and only as much bandwidth is specified.

      • VPX Licenses: When a Citrix ADC VPX instance is provisioned, the instance checks out the license from the Citrix ADM.

    • Virtual CPU Licenses: The provisioned Citrix ADC VPX instance checks out licenses depending on the number of CPUs running in the instance.

    Note

    When the provisioned instances are removed or destroyed, the applied licenses return to the Citrix ADM license pool. These licenses can be reused to provision new instances.

  3. In License Edition, select the license edition. The ADM uses the specified edition to provision instances.

  4. Click Next.

Configure provision parameters

  1. In the Provision Parameters tab, specify the following:

    • ADC Service Account: Select the service account that you have created in Google Cloud. The ADM uses a Service Account to access your Google Cloud resources.

    • Product / License: Select the Citrix ADC product version that you want to provision. For more information, see Subscribe to the Citrix ADC VPX license in Google Cloud.

    • Machine types: Select the required machine type from the list.

    • Image: Select the required Citrix ADC version image. Click Add New to add a Citrix ADC image.

    • Configuration Template – Select the configuration template that you want to use to deploy on the ADC instances.

    • IPs in Server Subnet per instance – Specify how many SNIP addresses each instance can have in the server subnet.

    Provision parameters for ADC instance

    In this tab, you can also specify and configure the required NICs. Each NIC contains a dedicated firewall and subnet.

    For more information, see Create a VPC network and Create a firewall.

    NICs for an ADC instance

  2. Click Finish.

View the provisioned Citrix ADC VPX instances

To view in Citrix ADM:

  1. In Citrix ADM, navigate to Networks > Instances > Citrix ADC.

  2. Select the Citrix ADC VPX tab.

    The Citrix ADC VPX instance provisioned in Google Cloud is listed here.

To view in Google Cloud:

  1. Log on to your Google Cloud portal.

  2. Navigate to the Resources tab that displays the provisioned Citrix ADC VPX instance.

Note

The name of the Citrix ADC VPX instance is the same that you provided while provisioning an instance in the Citrix ADM.

Provisioning Citrix ADC VPX instances on Google Cloud