Citrix Application Delivery Management service

What’s new

September 27, 2022

Analytics

WAF security violations - View analytics for Block Keyword

In Security > Security Violations, under WAF, you can now view logs and analytics for Block Keyword violation.

For more information, see:

[NSADM-86225]

Configure bot management on the platinum ADC instances

In Citrix ADM, you can now:

  • Configure bot detection techniques and deploy them on the ADC instances build 13.0 36.27 or later with premium license.

  • View bot analytics by enabling the Bot Security Violations option for the existing virtual servers configured with bot detection techniques either through StyleBook or directly from the ADC instance.

Along with the existing StyleBook configuration, this enhancement further simplifies the process to configure the bot detection techniques and deploy on the ADC instances.

For more information, see Configure bot detection techniques in Citrix ADM.

[NSADM-80413]

Infrastructure

New option to create a configuration job for Autoscale applications

In Autoscale Groups > Configurations, you can now navigate to configuration jobs by selecting an Autoscale application. In the Create Job page, sample commands appear based on the configuration details of the selected application. You can edit values or commands. Also, add or remove commands.

Note

You can use configuration jobs only for the applications created using the ADC CLI Commands mode.

For more information, see Deploy an Autoscale application using configuration jobs.

[NSADM-85939]

Citrix ADM reschedules the jobs when unforeseen events occur

Sometimes, while running a configuration or an upgrade job, you might face the events like:

  • Upgrade of Citrix ADM service is in progress.

  • An ADM agent goes down. It can happen if the agent upgrade is in progress.

In such events, Citrix ADM reschedules the jobs to the following hour.

Earlier, Citrix ADM was not able to identify the ADM service upgrade or the agent state. As a result, jobs were failing after the time-out.

[NSADM-85554]

View usage and license information for unmanaged CICO ADC instances

You can now navigate to Infrastructure > Pooled Licensing > Bandwidth Licenses > CICO to view the usage and license information for unmanaged CICO ADC instances on ADM Service.

[NSADM-85452]

Management and Monitoring

Generate a tech-support bundle for the secondary ADC instance

In an ADC high-availability pair, you can now generate a tech-support bundle for the secondary node as well, from the ADM GUI. Earlier, you were able to generate a tech-support bundle only for the primary node.

[NSADM-88905]

View network reporting data points for each day of the month

In Infrastructure > Network Reporting, when you select one month duration in the dashboard, it shows the data points for each day. Earlier, it was showing the data points for each week.

[NSADM-88875]

StyleBooks

StyleBooks support Citrix ADC BLX instances

While creating a configuration pack, you can now choose Citrix ADC BLX instances as the target instances. Earlier, StyleBooks supported Citrix ADC MPX, SDX, VPX, and CPX instances.

[NSADM-86253]

September 13, 2022

StyleBooks

Improved default StyleBooks to configure a load-balancing virtual server

With the improved default StyleBooks, you can now configure all supported options in ADC for a load-balancing virtual server. For example, you can now set IP pattern, IP mask, IP range, and more. Earlier, you were able to configure only fewer options from StyleBooks. We added the following StyleBooks in Citrix ADM with their improved versions:

Name Version
lb 2.0
lb-mon 2.0

[NSADM-80663]

Fixed Issues

The issues that are addressed in Build September 13, 2022.

  • While inviting an IAM group by selecting Azure AD as the identity provider, the ADM roles do not appear under Custom Access if they have whitespaces.

    [NSHELP-32557]

  • Users from Azure AD cannot log in to ADM if an administrator added them to DAAS or other Citrix products before ADM.

    [NSHELP-32556]

August 29, 2022

Auto-enabling Gateway Insight and Account Takeover for Citrix Gateway

All the licensed Citrix Gateway virtual servers are now automatically enabled with Account Takeover for Citrix Gateway and Gateway Insight. In Citrix ADM, this enables you to view insights for:

  • Account takeover attacks for Citrix Gateway in Security > Security Violations. Citrix Gateway login page availability becomes an easy target for malicious bots to steal user credentials and perform cyberattacks such as credential stuffing and password spraying. As an administrator, you might want to analyze if malicious bots have attempted to take over the Citrix Gateway account. For more information, see Account Takeover for Citrix Gateway.

  • Issues related to Citrix Gateway virtual servers in Gateway > Gateway Insight. As an administrator, you might want to monitor the gateway instances for insights such as user logon activity, logon failure reasons, active users, available users, bot attacks, and so on. For more information, see Gateway Insight.

Note

  • The auto-enablement for Gateway Insight and Account Takeover for Citrix Gateway functionality will be released to customers in phases.
  • Your Citrix ADM must have one or more external Citrix ADM agents configured and have one or more Premium or Advanced Gateway devices.
  • After this functionality is released in your Citrix ADM, all the existing licensed Citrix Gateway virtual servers and the subsequent licensed Citrix Gateway virtual servers will be automatically enabled with Gateway Insight and Account Takeover for Citrix Gateway.
  • For all Citrix Gateway virtual servers that are manually disabled with Gateway Insight option, the Gateway Insight will not be auto-enabled to those virtual servers.
  • To disable the Gateway Insight option:

    1. Navigate to Settings > Licensing & Analytics Configuration.
    2. Under Virtual Server Analytics Summary, click Configure Analytics.
    3. In the All Virtual Servers page, select the Citrix Gateway virtual server and click Edit Analytics.
    4. Deselect the Gateway Insight option and click Save.
  • The Account Takeover for Citrix Gateway is automatically disabled, after the Gateway Insight option is disabled.

[NSADM-82732]

Improvements to the unified dashboard

The Unified Dashboard in Overview > Dashboard is now added with smaller widgets for all key metrics under each category. When you click Edit dashboard, you can:

  • Remove the whole widget (Applications, ADC Infrastructure, Gateway, or Application Security).

  • Remove the smaller widgets present under each widget.

  • Click Add widget and select the required key metrics that you want to view under each widget.

This enhancement enables you to customize the dashboard view by adding or removing the required widgets under each category.

[NSADM-86337]

Choose a country from the selected region

When you’re logging in to the Citrix ADM service for the first time, you can now choose a country that suits your business need. The countries appear based on your selected region. Earlier, you were able to select only regions.

For example, if you select the EMEA region, the GUI lists the following countries:

  • France
  • United Kingdom
  • Germany

Similarly, you can choose a suitable country from other regions.

[NSADM-83643]

In Applications > Web Insight, under SSL Errors, you can now drill down the Cipher Mismatch to view details such as the SSL cipher name, the recommended actions, and the details of the affected applications and clients.

For more information, see Web Insight.

SNMP version 3 support for SDX configuration on ADM

You can now create SNMP v3 profile for the Citrix ADC SDX instance from the ADM GUI. Navigate to Infrastructure > Instances > Citrix ADC > SDX tab and then click Profiles. You can add all the profile parameters, select v3 as SNMP profile type, and then click Create to create a Citrix ADC SDX Profile.

[NSADM-84828]

August 16, 2022

Analytics

App Dashboard - View detailed insights to troubleshoot the application issues

In App Dashboard, when you drill down an application, you can now view the Recommended Actions for the following application issues that enable you to view detailed insights to troubleshoot the issues:

  • Response Time

  • Active Services

  • Unstable Server

  • Service Flaps

For more information, see Performance indicators (issues).

[NSADM-84811]

Infrastructure

Dual NIC support for ADM agent

You can configure a second NIC on ADM agent to manage access to Citrix ADM. Using the Dual NIC architecture, ADM agent will now be able to:

  • Establish communication between ADM agent and ADC instances

  • Establish communication between ADM agent and ADM service

For more information, see Dual NIC support on Citrix ADM.

[NSADM-85781]

Recreate a cluster that is part of Google Cloud Autoscale group

To view and troubleshoot the ADC clusters that are part of a Google Cloud (GCP) Autoscale group, you can now navigate to Infrastructure > Public Cloud > Autoscale Group, and click View Clusters.

You can select the GCP cluster and click Recreate to delete the existing cluster and replace it with a new cluster. All the application configurations are transferred to the new ADC cluster.

For more information, see View and troubleshoot ADC clusters.

[NSADM-75731]

Management and Monitoring

View ADM agent details in the unified dashboard

In the unified dashboard, you can now visualize an overview of ADM agent details. In Overview > Dashboard, next to the ADM Agent Status, you can view the agents that are available/unavailable.

Click View Details to visualize an overview of ADM agent details such as total in-built agents, total external agents, agent IP, status, system usage, diagnostic checks, and so on.

For more information, see Unified dashboard overview.

[NSADM-83096]

Fixed Issues

  • After you enable analytics or when you edit analytics for Citrix Gateway virtual servers configured from the HA pair, the Instance level options under Advanced Settings (optional) appear disabled, even after these options are enabled.

    [NSHELP-32188]

  • In Gateway > HDX Insight > Users, when you select a user, instead of showing details for the selected user, ADM shows details for all the users.

    [NSHELP-32181]

  • In Gateway > HDX Insight > Instances, when you click a country to drill down for further details, the data under Current Sessions are not displayed.

    [NSHELP-32125]

July 13, 2022

Management and Monitoring

Support for identification and remediation of CVE-2022-27509

Citrix ADM security advisory now supports the identification and remediation of CVE-2022-27509.

Identification of CVE-2022-27509 requires a combination of version scan and custom scan, and remediation requires an upgrade of the vulnerable ADC instances to a release and build that has the fix. If your vulnerable ADC instance(s) have the /etc/httpd.conf file copied to the /nsconfig directory, see Upgrade considerations for customized ADC configurations before planning ADC upgrade .

You can also opt out of these Security Advisory custom scans. For more information on Custom Scan Settings and opting out of custom scans, see the Configure Custom Scan settings section on the Security Advisory page.

For more information about how ADM identifies ADCs vulnerable to CVE-2022-27509 and steps to remediation, see Identify and remediate vulnerabilities for CVE-2022-27509.

Note

It might take a couple of hours for the security advisory system scan to conclude and reflect on the impact of CVE-2022-27509 in the security advisory module. To see the impact sooner, you may start an on-demand scan by clicking Scan Now.

[NSADM-85549]

Configure an access policy for Upgrade Jobs

As a super administrator, you can now configure an access policy, set the permissions (View/Edit) for the Upgrade Jobs, and apply the policy to your Citrix ADM users. In Settings > Users & Roles > Access Policies, click Add to configure an access policy by selecting Infrastructure > Upgrade Jobs under Permissions.

For more information, see Configure access policies on Citrix ADM.

[NSADM-82494]

Support for configuration audit in Citrix ADC BLX instances in shared mode

You can now create Configuration Audit templates with certain configurations and monitor the configuration changes in Citrix ADC BLX instances in shared mode. For more information, see Create audit templates.

[NSADM-82323]

Support for CSV format and schedule export in Web transaction analytics

In Web transaction analytics, you can now view the following enhancements when you click the Export icon:

  • In Export Now, you can export data in CSV format.

  • The Schedule Export option is introduced that enables you to schedule and export the data in CSV format through email and Slack.

For more information, see Web transaction analytics.

Fixed Issue

In Citrix ADM Service, when you navigate to Infrastructure > Instances > Agents, and click Settings to change the agent upgrade settings, a confirmation message Modified Agent Upgrade Settings is displayed once the settings are changed.

[NSHELP-32099]

June 29, 2022

Applications

Configure and associate an application to multiple custom applications

In Application Dashboard, you can now configure an application and associate it to multiple custom applications. Using this feature, you can reuse the same application for multiple custom applications, rather than creating a separate application for each custom app.

For more information, see Configure and associate an application to multiple custom applications.

[NSADM-82040]

Management and Monitoring

Supported browsers to access Citrix ADM GUI

Citrix ADM GUI is now accessible only from the following compatible browser versions:

Web browser Version
Microsoft Edge 79 and later
Google Chrome 51 and later
Safari 10 and later
Mozilla Firefox 52 and later

[NSADM-83943]

June 15, 2022

Infrastructure

Monitor the Citrix ADM agent system parameters usage and remediate issues using the self-heal daemon

The Citrix ADM agent now monitors its system resources (CPU, Memory, and disk) by automatically running the self-heal daemon in the background. The self-heal daemon checks for thresholds and applies actions automatically during the following scenarios:

  • If the disk usage exceeds 80% or more for a specific duration, clean-up space (logs, backup logs, core files, crash files, and so on) action is applied to reclaim the disk space.

  • If the memory and CPU usage exceeds 90% or more for a specific duration, ADM processes are restarted to reclaim the CPU and memory.

    Note

    The self-heal daemon does not monitor the thresholds configured in Infrastructure > Instances > Agents > Settings > Notification.

[NSADM-82558]

June 07, 2022

Analytics

View Bot and WAF analytics for custom apps

In Security > Security Violations, under WAF and Bot, you can now select a custom app and view the consolidated applications details that are applicable for a custom app. You can also select an application from the list and view details for a particular application of the custom app.

For more information, see Security violations.

[NSADM-77375]

Management and Monitoring

Import and install the SSL certificate bundle (with certificate chain) through the Certificate Store

In Infrastructure > SSL Dashboard, when you select Manage Certificate Store from the list available next to Settings, you can:

  • Click Import ADC Certificates > Start Polling and the SSL certificate bundle along with the certificate chain that links the server certificate to its issuer (the intermediate CA) is imported from the ADC instance to the Certificate Store.

  • View the certificates in the Certificate Store, select a certificate, and click Install to install the certificate along with the certificate chain on the selected ADC instances.

[NSADM-82727]

Upgrade support for Citrix ADC BLX instances

In Infrastructure > Upgrade Jobs, you can now create a job to upgrade Citrix ADC BLX instances. You must select the appropriate build image (applicable for Ubuntu or Red Hat) for a successful upgrade. For more information, see Maintenance jobs.

[NSADM-82324]

Fixed Issue

In Infrastructure > Event Summary > Syslog Messages, the data was displayed only for the last 30 days. With this fix, the data is displayed for up to 180 days.

[NSHELP-30961]

May 10, 2022

Analytics

Export realtime data to Splunk

The integration of Citrix ADM with Splunk now enables you to export realtime data to Splunk. In the ADM GUI, when you select the Realtime Export option and configure, the selected violations in Citrix ADM are pushed to Splunk immediately.

For more information, see Integration with Splunk.

[NSADM-84529]

Improvements to WAF learning engine

In Citrix ADM, you can now configure a learning profile and deploy or skip the relaxation rules for the following additional security checks:

  • JSON SQL

  • JSON Command Injection

  • JSON XSS

    Note

    To configure a learning profile using these security checks, the Citrix ADC instance must be 13.1–14.10 or later.

For more information, see WAF learning engine.

[NSADM-80921]

Applications

Improvements to the unified dashboard

The unified dashboard in Overview > Dashboard now enables you to customize it based on your choice. Using the Edit dashboard option, you can:

  • Drag widgets

  • Remove widgets

  • Add widgets

  • Reset to default

After making changes, click Save.

Note

By default, all widgets are displayed. If you have customized the dashboard, saved the changes, and use the Reset to default option, the last saved customized dashboard is restored.

[NSADM-52144]

Infrastructure

Improvements to ADM GUI

You can now expand or collapse the ADM GUI navigation menu individually. This improvement enables you to view all options in each section.

[NSADM-85480]

Support for identification and remediation of CVE-2022-27507 and CVE-2022-22508

Citrix ADM security advisory now supports the identification and remediation of two new CVEs: CVE-2022-27507 and CVE-2022-22508.

  • Identification of CVE-2022-27507 requires a combination of a version scan and config scan, and remediation requires an upgrade of the vulnerable ADC instances to a release and build that has the fix.

    ADM Security Advisory does not support mitigation. If you have applied mitigation (temporary workaround) to the ADC instance, ADM will still identify the ADC as vulnerable until you have completed remediation.

    For CVE-2022-27507, even if you have applied mitigation and temporarily disabled HDX Insight for EDT traffic, (see Security Bulletin), ADM Security Advisory will still identify the ADC as vulnerable until you have completed remediation (upgrade to a release and the build that has the fix).

  • Identification of CVE-2022-27508 requires a combination of a version scan and config scan, and remediation requires an upgrade of the vulnerable ADC instances to a release and build that has the fix.

    For more information about how to remediate CVE-2022-27507 and CVE-2022-22508, see Security Advisory.

    Note

    It might take a couple of hours for the security advisory system scan to conclude and reflect the impact of CVE-2022-27507 and CVE-2022-27508 in the security advisory module. To see the impact sooner, you may start an on-demand scan by clicking Scan Now.

[NSADM-85673]

Fixed Issue

In Infrastructure > Instances > Citrix ADC, when you change an admin profile password and include % in the password, an error message is displayed.

[NSHELP-31392]

April 27, 2022

Management and Monitoring

ADC downgrade through ADM GUI with the correct ns.conf file

In Infrastructure > Upgrade Jobs, when you create an upgrade job to upgrade the ADC instance to a lower version, ADM now selects the compatible ns.conf file from which the configuration is applied to the ADC instance. The selected ns.conf file must be of the same version or lower than the version selected by the user. If there is no suitable ns.conf file present in the ADC instance, downgrade is not allowed and the appropriate error message is displayed.

[NSADM-81421]

Fixed Issues

  • When you enable Advanced Security Analytics, apply profile with one or more behavior-based violations, and click Save, the details in the table are not displayed in Settings > Licensing & Analytics Configuration > All Virtual Servers.

    Note: The behavior-based violations are Excessive Client Connections, Unusually Large Upload Transactions, Unusually Large Download Transactions, and Unusually High Request Rate.

    [NSADM-85020]

  • In Infrastructure > Event Summary > Syslog Messages, the data was displayed only for the last 30 days. With this fix, the data is displayed for up to 180 days.

    [NSHELP-30961]

April 12, 2022

Analytics

New violations added for rate limiting bot violations

The rate limiting rule detects multiple requests coming from the same client. In Security > Security Violations > Application Overview, under Bot, you can now view the following violation details:

  • URL

  • Source IP

  • Geo Location

  • Session

Click Logs to view details such as time, client IP, bot type, bot detection, and so on. For more information, see View bot violation details.

[NSADM-80925]

Headless Browser violation support in bot violation

In Security > Security Violations > Application Overview, under Bot, you can now view Headless Browser violation details. Click Logs to view details such as time, client IP, bot type, bot detection, and so on.

For more information, see View bot violation details.

[NSADM-89027]

Management and Monitoring

CVE-2022-21827 not in scope of Citrix ADM Security Advisory

The CVE-2022-21827 impacts Citrix Gateway plug-in for Windows supported versions prior to 21.9.1.2.

The detection and remediation of vulnerabilities impacting the Citrix Gateway plug-in for Windows is not supported by the Citrix ADM. Also, Citrix Gateway plug-in vulnerabilities cannot be assessed by performing any checks on ADC side, verifying the ADC version, or by checking the ADC configuration. The detection and remediation for this CVE can only be assessed based on the version of the Citrix Gateway plug-in for Windows deployed on the client.

As a result, the detection and remediation of this vulnerability is out of Citrix ADM Security Advisory scope.

For more information, see Unsupported CVEs in Security Advisory.

Unsubscribe option available in product emails sent to customer

Customers (New customers and Inactive) now have the option to unsubscribe to all the email notifications within the product emails sent by Citrix ADM. For more information to subscribe or unsubscribe, see Email subscriptions.

[NSADM-83272]

Retain filters in app dashboard

In Applications > Dashboard, when you apply filters through the search bar and key metrics, the filters are now retained. You can view the same filters even if:

  • You return to Applications > Dashboard from a different navigation within the ADM GUI.

  • You close the browser and open a new session from the same browser.

    Note

    The filters are not retained if you open a new session from a different browser or in an incognito mode.

[NSADM-82038]

StyleBooks

Auto-update of configuration packs

When an SSL certificate is updated in the Citrix ADM certificate store, the configuration packs associated with the SSL certificate are automatically updated.

[NSADM-80694]

March 31, 2022

Analytics

Improvements to Advanced Security Analytics in Security Violations

As an improvement to the Advanced Security Analytics feature, the process to first enable Advanced Security Analytics and then create a profile by using the Settings icon is now simplified. You can now enable Advanced Security Analytics, create a profile, and assign the profile to the virtual servers in a single workflow.

For more information, see Enable Advanced security analytics.

[NSADM-81383]

Improvements to the unified dashboard

In Overview > Dashboard, you can now view the following improvements:

  • You can click the key metric counts under all categories to view details of the affected ADC instance/application/Gateway.

  • Under Applications, minor GUI changes made in SSL key metrics to visualize more information.

  • Under Gateway, the Users Geo Distribution displays the top 3 countries based on the user counts.

[NSADM-82758]

Management and Monitoring

Support for ECDSA algorithm in SSL dashboard

When you configure an enterprise policy in SSL dashboard > Settings > Enterprise Policy, you can now select ECDSA in the Recommended Signature Algorithm.

For more information on ECDSA, see ECDSA cipher suites support.

For more information on enterprise policy configuration, see Configure an enterprise policy.

[NSADM-71321]

Onboarding

ADM support for Kubernetes version 1.23

Citrix ADM now supports adding and managing clusters with Kubernetes version 1.23.

[NSADM-83683]

March 16, 2022

Onboarding

Test Onboarding Readiness of ADC instances

When you want to onboard an ADC instance on to Citrix ADM using the default built-agent option, you can perform a test run to ensure that the ADC instance is ready to onboard. For more information, see Test onboarding readiness of ADC instances.

[NSADM-80502]

March 01, 2022

Management and Monitoring

Invite users or groups to ADM from the Azure AD

As a super administrator, you can now invite users or groups to Citrix ADM from the connected Azure AD to Citrix ADM. Before doing so, ensure that the Azure AD is connected to Citrix Cloud, see Connect Azure Active Directory to Citrix Cloud. Earlier, you were only able to invite users with Citrix Identity.

When you select Azure AD as the identity provider, you can specify only Custom Access for the selected user or group. The users can log in to Citrix ADM using their Azure AD credentials. With this feature, you don’t require to create a Citrix Identity for the users who are part of the selected Azure AD. If a user is added to the invited group, you don’t require to send an invite for the newly added user. This user can access Citrix ADM using the Azure AD credentials.

[NSADM-81039]

Certificates and Key files uploaded to ADC are saved by ADM and the information is stored in the ADM database

When you upload certificates and Key files to Cert Store using the SSL Dashboard in the ADM Service GUI, only the metadata and the encrypted contents of the certificate file are saved in ADM Database. The key and password used to decrypt the content are saved in Cloud Wallet.

[NSADM-72475]

New network reports in ADM

The following new network reports are added as the total counters:

  • Authentication Success vs Failures

  • HTTP Authentication Success vs Failures

  • Non-HTTP Authentication Success vs Failures

  • AAA Sessions

  • Current AAA Sessions

  • Current ICAOnly Sessions

  • Current ICAOnly Connections

  • Current ICA(Smart Access) Connections

You can use these counters to add thresholds and receive notifications. For more information see Network reporting.

[NSADM-62239]

Action policy - Configure Bot and WAF notifications with transaction details

In Action Policies, when you configure an action policy, you can now select Bot Violation per Client and WAF Violation per Client options. These options enable you to configure and receive notifications with transaction details such as client IP, total attacks, violation type, and so on.

For more information, see Configure an action policy to receive application event notifications.

[NSADM-80630]

Opt out of Security Advisory Custom Scans

Citrix Application Delivery Management Service UI now allows you to opt out of security advisory custom scans. When you opt out of these Security Advisory Custom scans, the impact of the CVEs that need a custom scan will not be evaluated for your ADC instances in the Security Advisory.

To opt out of Security Advisory Custom Scans, see Custom Scan settings.

[NSADM-80288]

StyleBooks

Use HTML formatting tags in the StyleBook description and header

In the StyleBook definition, you can now include a header field and use HTML formatting tags for the text. You can also include images as part of the header and it will be rendered at the top of the configuration form. This feature allows you to add infographics for the StyleBook users that help in understanding the StyleBook configuration. If you use images in the header, ensure to use base64 encoded image format in the image tag.

name: app-stylebook-with-HTML-tags
namespace: com.examples.stylebooks
version: `1.0`
display-name: `Example App StyleBook`
header: 'This <b> StyleBook </b> defines all the app configuration for <i>Load Balanced Application </i>. The following image describes the target deployment for the app <img id=`b64img` src=`data:image/png;base64,` />'
<!--NeedCopy-->

[NSADM-80699]

Deliver Autoscale applications that are outside of ADC instances’ virtual network or VPC

When application servers and ADC instances are situated on different Virtual networks, VPC Networks, and Subnets, provide the CIDR block of a subnet or VPC where you have application servers. Specify the CIDR block in the Origin Server field while configuring the provision parameters. This way you can deliver apps from the application servers that are situated outside of the ADC instances’ virtual network or VPC network.

Earlier, this feature was available only for the Autoscale groups in AWS, now you can use this feature in Azure and Google Cloud also.

For more information, see:

February 10, 2022

Management and Monitoring

Support for the ShowConfiguration template

In the Configuration Editor, when you select Batch Configuration, you can now use the ShowConfiguration template. Drag the ShowConfiguration template to the right pane and enter the show commands to run on Citrix ADC instances.

For example, you can enter commands such as sh ns info, sh node, sh ns stats, and sh interface, shell ls /var/tmp and view the output.

You can download the output of the commands as a text file.

[NSADM-66132]

Configure an action policy to receive application event notifications

Apart from the existing analytics view of application events, you can configure an action policy to get application event notifications through Slack, Email, PagerDuty, or ServiceNow. The application events include performance issues, bot and WAF violations, and service graph violations. As an administrator, using the action policy, you can get event notifications in real time.

Using the action policy, you can:

  • Predefine certain conditions for the application events.

  • Get notified for the following events through Slack, Email, PagerDuty, and ServiceNow:

    • WAF SQL Violation

    • WAF XSS Violation

    • WAF Infer XML Violation

      Note

      To receive the WAF violation notification, the minimum violation transactions must be 20%. For example, out of 100 transactions, minimum 20 must be violation transactions.

    • Top 3 WAF violations

      (Total violations contributed by SQL, XSS, XML together must be 30%. For example, out of 100 transactions, 30 or more transactions must be a combination of SQL, XSS, Infer XML violations.)

    • Bot violations

      (For more information on the list of bot violation, see violation categories.)

    • App score violation

    • Client network latency

    • Server network latency

    • Server processing time

    • Service graph violation

For more information, see Configure an action policy to receive application event notifications.

[NSADM-70968], [NSADM-76588], [NSADM-72799]

Applications

Improvements to service graph

In global service graph and microservices service graph, you can now view the legend that provides the description for symbols available in service graph.

Legends

[NSADM-82077]

Onboarding

Configure settings for low-touch onboarding workflow emails

As a part of ADM Service Connect based low-touch onboarding workflow, you receive product initiated emails from Citrix ADM Service. You can configure and manage the emails that you receive as part of this workflow in the following ways:

  • Enable emails for all admins

  • Enable / disable emails for selected admins

  • Disable emails for all admins

For more information to configure and manage emails, see Email Settings.

[NSADM-80289]

View Citrix ADM agent diagnostics and receive alerts for endpoint verification

Citrix ADM now performs a periodic (every one hour) diagnostic check for Citrix ADM agent and provides the following information:

  • Endpoint reachability

  • Health check probe

  • Agent proxy

If the agent endpoint reachability status changes (from OK to Needs Review), the super administrator receives an email notification comprising the issue details.

For more information, see View agent diagnostics and receive alerts for endpoint verification.

[NSADM-69407]

StyleBooks

Updates of the StyleBook configuration pack are automatically reconciled

Sometimes, updating a StyleBook configuration pack that is deployed on an ADC instance can have differences from its deployed state. In such cases, the configuration pack update fails. The StyleBook engine now automatically reconciles these differences and updates the configuration pack. Earlier, a message appeared on the GUI that needed your confirmation to reconcile the changes before updating the configuration pack.

[NSADM-80660]

Manage data sources in ADM

Defining a data source in Citrix ADM helps you to use data from external sources as an input while creating or updating StyleBook configurations. Otherwise, you have to explicitly supply each input required by the StyleBook. In Citrix ADM, you can use any managed ADC instance as a data source for the input to a StyleBook configuration. In Citrix ADM, you can use the managed ADC instances as data sources. You can also define custom data sources which can serve as input when creating or updating configurations. To view custom data sources, go to Applications > Configuration > Data Sources.

Use the datum built-in type in the StyleBook definition to define a data source.

Example:

parameters:
  -
    name: selected-lb
    label: Select an existing ADC
    type: datum
    required: true
    data-source:
      type: managed-adc
<!--NeedCopy-->

In this example, the datum parameter is used to define the managed-adc data source. This data source allows you to retrieve data from the ADC instances managed by Citrix ADM.

[NSADM-80659]

Check the StyleBook compatibility for a configuration pack

When you are changing the StyleBook for a configuration pack in the ADM GUI, you can now determine the changes from the newly selected StyleBook definition. And, how these changes affect the configuration pack. With this information, you can make necessary updates to the StyleBook definition before changing it. Or, you can decide to continue with the existing StyleBook.

For example, if you change the StyleBook for a configuration pack, the existing StyleBook can have an allowed port HTTPS whereas the newly selected StyleBook can have SSL. In this case, you may need to edit the same HTTPS values for SSL port as well.

[NSADM-80664]

January 25, 2022

ADC low touch onboarding to ADM – View automated diagnostics

The following information is applicable only for the ADC instances that are connected to ADM Service through ADM service connect feature.

Earlier there was a manual process to use the diagnostic tool to troubleshoot the low touch onboarding issues. Now, you can also view diagnostic information about the ADC instances that have issues in low touch onboarding on the ADM GUI.

When you are in the ADM Service Connect based low touch onboarding workflow, in the Asset Inventory page you can see the newly added Onboarding Readiness option that provides the ADC instance onboarding readiness status such as Needs Review or OK.

You can also see this view by navigating to Infrastructure > Instances > Citrix ADC and clicking the Asset Inventory option.

You can then use this information to understand and resolve the issues.

For more information, see Troubleshoot issues using the diagnostic tool or the ADM GUI.

[NSADM-77245]

Support for low touch onboarding of customers not yet on Citrix cloud

As a part of the Low-touch onboarding of Citrix ADC instances using ADM Service Connect workflow, customers who are not yet on Citrix Cloud will now be able to sign-up to Citrix cloud and onboard their ADC instances onto ADM Service easily. These customers will receive an email from Citrix ADM Service guiding them to Onboard to ADM Service. By clicking on this button, they can then sign up to Citrix Cloud and onboard their ADC instances on to ADM Service using the low touch onboarding workflow. For more information, see Low-touch onboarding of Citrix ADC instances using service connect.

[NSADM-76466]

Infrastructure Analytics - Configure notifications for specific issues

In Infrastructure Analytics, you can now select the required issues, enable notifications for issues that breach the configured thresholds, and receive notifications only for the selected issues. Earlier, notifications were received for all issues. This enhancement enables you to receive notifications only for the selected issues that you want to monitor.

For more information, see Configure notifications.

[NSADM-76361]

January 17, 2022

ADM support for BLX cluster

You can now add the BLX cluster in ADM. In the ADM GUI, the Cluster IP address (CLIP) is added and the count of the cluster nodes is now visible in the dashboard.

[NSADM-78588]

A unified dashboard to view instance key metric details

As an administrator, you can now visualize a dashboard that provides an overview of key metric details based on:

  • Applications

  • ADC Infrastructure

  • Application Security

  • Gateway

This single-pane dashboard enables you to view details for a better monitoring experience of the instance usage and performance. For more information, see A unified dashboard to view instance key metric details.

[NSADM-74075]

Security violation - JSON SQL Injection Grammar

In Security > Security Violations, under WAF, you can now view the JSON SQL Injection Grammar violation for the selected application. For more information, see Violation details.

[NSADM-62909]

Use the StyleBook’s reserved keywords for parameters and expressions

You can now use the reserved keywords when you define parameters and expressions in a StyleBook definition. The reserved keywords are as follows:

"and", "false", "in", "not", "true", "or"
<!--NeedCopy-->

For example, a parameter named not is now a valid parameter ($parameters.not).

[NSADM-80657]

StyleBooks support nested parameter-conditions

In a StyleBook definition, you can now specify a parameter condition within a parameter condition. These conditions are called nested parameter conditions and use a repeat construct to define these conditions. The nested parameter conditions are useful when you want to apply an action to each item of a list parameter.

Example:


parameters-conditions:
  -
    repeat: $parameters.lbvservers
    repeat-item: lbvserver
    parameters-conditions:
      -
        target: $lbvserver.port
        action: set-allowed-values
        condition: $lbvserver.protocol == "HTTPS"
        value: $parameters.ssl-ports
<!--NeedCopy-->

In this example, when the user selects the HTTPS protocol for a load balancing virtual server, the port values are dynamically populated. And, it applies for each load balancing virtual servers in the list.

For more information, see Nested parameter conditions.

[NSADM-62747]

Fixed Issue

In a GSLB setup, when you have the same domain name for multiple ADC instances, the entity polling incorrectly updates the database.

[NSHELP-29885]

What’s new