Citrix Application Delivery Management service

What’s new

This topic lists the new features, enhancements to existing features, and fixes available in a release.

The Citrix Application Delivery Manager (ADM) agents are, by default, automatically upgraded to Citrix ADM latest build. You can view the agent details on the Networks > Agents page. You can also specify the time when you want the agent upgrades to happen. For more information, see Configuring Agent Upgrade Settings.

October 14, 2020

Grant new StyleBook permissions to users

As an administrator, when you create an access policy, you can now grant new StyleBook permissions to users such as import, delete, download, and more. To do so, navigate to Accounts > User Administration > Access policies and click Add. Earlier, you were able to select only view and edit permissions. For more information, see Grant StyleBook permissions to users.

Permissions

[NSADM-57672]

Edit a configuration pack to change its StyleBook

You can now edit a configuration pack to change its StyleBook. Earlier, you were able to do this using the Migrate ConfigPack option. For more information, see Change the StyleBook of a configuration pack.

Change the StyleBook of a configuration pack

[NSADM-58245]

Network Functions: Addition of App Security column

In Networks > Network Functions > Load Balancing and Content Switching, you can now view the App Securityx column.

App security

As an administrator, you can analyze if the virtual servers are bound with:

  • WAF – Virtual server is configured with App Firewall policy and displays the WAF security violations.

  • Bot – Virtual server is configured with bot policy and displays the bot security violations.

  • Bot, WAF – Virtual server is configured with both App Firewall and bot policies and displays both WAF and Bot security violations.

  • None – Virtual server is not configured with either App Firewall or bot policies.

For more information, see View application security violation details.

[NSADM-54300]

HDX Insight: Improvements to view all users active and terminated sessions

In Analytics > HDX Insight > Users, you can now visualize a consolidated view of all users active and terminated sessions.

HDX Insight improvements

As an administrator, this improvement enables you to:

  • View all users details in a single-pane visualization

  • Eliminate the complexity in selecting each user and seeing the active and terminated sessions

[NSADM-57685]

Gateway Insight: Improvements to view all users active and terminated sessions

In Analytics > Gateway Insight > Users > Gateway Users, you can now visualize a consolidated view of all users active and terminated sessions.

Gateway Insight improvements

As an administrator, this improvement enables you to:

  • View all users details in a single-pane visualization

  • Eliminate the complexity in selecting each user and seeing the active and terminated sessions

[NSADM-60800]

Security Insight – View SQL Injection Grammar violation

In Security Insight, you can now view a new violation type, SQL Injection Grammar. To generate the SQL Injection Grammar violation in Security Insight, you must configure the following commands in the Citrix ADC instance:

  1. add ns ip <IP> <subnet mask> -type SNIP
  2. add lb vs http_vs http <VS_IP> 80
  3. add service http_svc <SVC_IP> http 80
  4. bind lb vs http_vs http_svc
  5. add appfw profile abc -startURLAction none -SQLInjectionGrammar ON -SQLInjectionType None
  6. set appfw settings -defaultProfile abc

For more information, see Security Insight.

App dashboard: Select the App Score components and configure thresholds

In App Dashboard, as an administrator, you can now decide to select the components and configure thresholds for app score calculation. App Score is the scoring system that defines:

  • How well an application is performing

  • Whether the application is performing well in terms of responsiveness

Navigate to Applications > Dashboard and then select the settings icon to view the app score components.

App score setting

For more information, see Select App Score components and set thresholds.

[NSADM-52870]

App Security Violations: Visualize predictions based on the traffic patterns

In Analytics > Security > Security Violations, for all security violations (WAF and Bot), apart from violation details, you can now visualize a 3-week traffic prediction based on the machine learning algorithm. As an administrator, this 3-week prediction enables you to:

  • Analyze the traffic pattern even if no violations are observed
  • Take troubleshooting actions for any unusual traffic patterns observed from the predictions
  • Observe that Citrix ADM is processing data, apart from the anomalies

In the Security Violations page, click the Behavior checks with no violation tab to view the 3-week traffic prediction.

No violation

For more information, see App Security Violations.

[NSADM-58721]

Improvements to service graph

In Applications > Service Graph, you can now view the following enhancements:

  • The service graph page has three tabs:
    • Global – Displays the service graph for applications across all Citrix ADC instances

    • Web Apps – Displays the service graph for 3-tier web applications (Load balancing, Content Switching, and GSLB)

    • Microservices – Displays the service graph for Kubernetes microservices

    Click each tab to view the respective service graph.

    Service graph improvements-1

  • From the global service graph, you can access the microservice details. Clicking a service and selecting the option redirects to its respective GUI.

    Service graph improvements-2

  • The microservices service graph has a search bar, where you can mouse pointer and select the following categories to create the filter:

    Service graph improvements-3

    • Client Geo Location – Displays the ingress and its services that the client is accessing

    • Ingress-IP – Displays all services associated with the ingress

[NSADM-57696]

September 29, 2020

Improvements to WAF learning engine

In WAF learning engine, you can now view the following enhancements:

  • WAF Learning > Dashboard is replaced with WAF Learning > Actions Summary

    Action summary

  • The Action By option enables you to understand if the learned rules are auto-deployed by Citrix ADM or if the administrator has selected the Deploy or Skip option manually.

    Action by

  • If a deployed learn rule has failed, you can view the failure reason in the Actions Summary page.

    Failed rule

  • For each configured learned profile, you can view up to 1 million learned rules.

    [NSADM-57220]

HDX insight – Search using city name

In HDX insight, you can now filter results based on the city name.

City name

[NSADM-57366]

Infrastructure Analytics – Search attributes

In Infrastructure Analytics, you can now place the mouse cursor on the search bar and select the following search attributes to filter the results:

  • Host name

  • IP address

  • Type

  • Version

  • Site

    Infra analytics search

[NSADM-59453]

Improvements to Gateway Insight

In Gateway Insight > Users, the license information is now removed.

Earlier:

Gateway insight earlier

Now:

Gateway insight now

[NSADM-53494]

Migrate ADC configuration to an Autoscale group using StyleBook configuration builder

In StyleBooks configuration builder, you can now migrate ADC configuration to an Autoscale group. To do so, select the required Autoscale group as a target instance.

Autoscale group using StyleBook

[NSADM-51470]

Fixed issues

Deployment

ADM agent image does not work in AWS M5 instance type. With this fix, supported drivers are added for ADM agent image to work in M5 instance types.

[NSHELP-24250]

Networks

When you run a configuration job with “<” character, the job fails.

[NSADM-53465]

September 16, 2020

Low-touch onboarding of ADC instances using ADM service connect

Now you can use the new Citrix ADM service onboarding workflow, which provides a faster way to onboard ADC instances to ADM service and get visibility into your hybrid multi-cloud deployment. The auto onboarding feature in this workflow leverages the new ADM service connect feature in ADC instances, which enables ADC instances to be connected to ADM service. For more information, see Low-touch onboarding of Citrix ADC instances using Citrix ADM service connect.

Note

This workflow is rolled out (GA) in a phased manner, through canary release. You will receive an email when this feature is available in your ADM service environment.

[NSADM-51952]

Kubernetes service graph - Client transaction summary

In Kubernetes service graph, you can now view the detailed transactions logs for all clients from a specific location. Using this feature, you can view:

  • Response time > 500 ms
  • 5xx errors

Note

You can view only a few sample 2xx and 4xx transactions for the selected client.

This feature not only enables you to look into the detailed transactions, but also understand the metrics (such as Client RTT, SSL metrics, and server response time) split across the client, ADC, and server visually.

For more information, see View client metrics.

Maintain the status of ADC high-availability nodes after upgrade

When you create an upgrade job for an ADC high-availability pair, a new option Maintain the primary and secondary status of HA nodes after upgrade appears. This option appears under the Create Job tab. Select this option if you want the upgrade job to initiate a failover after upgrading each node. Earlier, there was no GUI option, and the upgrade job initiated the failover by default, after upgrading each node.

Maintain the primary and secondary status of HA nodes after upgrade

[NSADM-47736]

Save the ADC configuration before an upgrade

When you create an upgrade job for an ADC instance, you can now save the running ADC configuration before upgrading the instance. Select the Save ADC configuration before starting the upgrade option under the Create Job tab.

Save ADC configuration before starting the upgrade

[NSADM-52470]

Fixed issue

Analytics

Unable to resize columns in the Analytics > HDX Insight > Users page.

[NSHELP-24288]

September 02, 2020

Modify the access type of an Autoscale application

You can now modify the access type of an Autoscale application. When you modify the access type, you can also modify the following:

  • FQDN type
  • Domain name
  • Zone of the domain.

[NSADM-52810]

Improvements to API Gateway

The API Gateway feature is now improved with the following capabilities:

  • API Analytics: When you click See more to expand a tile, you can search API instances and endpoints by their partial names. See, View API analytics.

  • Deployments: Enable analytics for an API deployment. See, Enable the API analytics.

  • Policies: Configure WAF and BOT policies for an API deployment. See, Add policies to an API definition.

    Note

    Before you configure WAF and BOT policies, ensure to create a profile in ADM using StyleBooks. The following default StyleBooks are newly added to create profiles:

    api-waf-profile

    api-bot-profile

    For more information, see Create WAF and BOT profiles using StyleBook.

[NSADM-52804]

Include icons in the StyleBooks bundle

When you import multiple StyleBooks from a bundle, you can now include icons to each StyleBook. Upload the icons and the icon_mapping.json file to the resources folder. If the icon file name and StyleBook name are matching, the icons are automatically mapped to the StyleBooks. Otherwise, map StyleBooks and icons in the icon_mapping.json file as follows:

<StyleBook file name> : <icon file name>

If you only specify the defaulticon entry, all StyleBooks in the bundle are mapped to the specified icon.

defaulticon: <icon file name>

In Application > StyleBooks, the imported StyleBooks appear with the mapped icons.

For more information, see Import custom StyleBooks.

[NSADM-52330]

Improvements to the Pooled Capacity page

The Pooled Capacity page is now improved with the following GUI changes:

  • Unmanaged instances – This is a new tab. It displays the instances that are discovered but not managed in Citrix ADM. Earlier, these instances were listed in the Dashboard tab with the Not Managed license status.

    Unmanaged instances

  • License Status - In this column, the following statuses are removed:

    • Not Managed
    • Sync in progress

    The Allocation Details column is now removed from the instances list.

  • License Server Usage - A new indicator added to the usage chart. It displays the pooled capacity consumption of the license server.

    License server usage

[NSADM-52770]

WAF Learning Engine - Support for removing rules

You can now modify the learning behavior to remove the relaxation rules, if no incoming traffic with security checks is received in the Citrix ADC instance. Navigate to Analytics > Security > WAF Learning > Learn Profiles and click Add to view the Learn Behavior options.

Removing tools

  • Generate Rule – Generates the exception rule and enables the administrator to either deploy or skip the rule.

  • Remove Rule – Removes the exception rule, when the configured idle time exceeds the threshold.

  • Both – Generates the exception rules and removes the rule when there is no incoming traffic.

You can apply the remove rule option only for the following security checks:

  • Start URL

  • Deny URL

  • HTML Cross-Site Scripting

  • HTML SQL Injection

When a rule is removed, a notification is generated in Slack, SMS, Email, and ServiceNow. You can also view details in the WAF Learning Dashboard.

For more information, see Configure the Learning Profile.

[NSADM-52871]

App Security Violations - Bot

In App Security Violations, you can now view Website Scanners under the BOT violation category. For more information, see App Security Violation.

[NSADM-53289]

App Security Violations - Network

In App Security Violations, you can now view Small Window Attack under the Network violation category. For more information, see App Security Violation.

[NSADM-46023]

Improvements to App Dashboard

In App Dashboard, you can now view the following enhancements:

  • In the Manage Applications page:
    • You can view the total service groups and the service groups status that are Up, Down, or Out of Status.

      Dashboard improvements

    • You can place the mouse pointer on the search bar and select the category to refine the search.

      Dashboard improvements-2

  • In the App Dashboard page, the scroll bar is replaced with a carousel slider that enables you an ease of access to all options.

    Dashboard improvements-3

[NSADM-52759]

Web Insight dashboard

You can now view an improved Web Insight feature that provides visibility into detailed metrics for web applications, clients, and Citrix ADC instances. This improved Web Insight enables you to evaluate and visualize the complete app information from the perspectives of performance and usage together. As an administrator, you can view Web Insight for:

  • An application. Navigate to Applications > Dashboard, click an application, and select the Web Insight tab to view the detailed metrics. For more information, see Application Usage Analytics.

  • All applications. Navigate to Applications > Web Insight and click each tab (Applications, Clients, Instances) to view the following metrics:

Applications Clients Instances
Application Clients Instance Metrics
Servers Geo Loocations Applications
Domains HTTP Request Methods Domains
Geo Locations HTTP Response Status URLs
URLs URLs HHTP Request Methods
HTTP Request Methods Operating System HTTP Response Status
HTTP Response Status Browsers Clients
SSL Errors SSL Errors Servers
SSL Usage SSL Usage Operating System
- - Browsers

For more information, see Web Insight dashboard.

Support for ADM agent on GCP

Citrix ADM agents are now supported on Google Cloud Platform (GCP). For more information, see Install Citrix ADM agent on GCP

[NSADM-31980]

New search capability for event messages

In Networks > Events > Event Messages, now you can use logical operators such as AND/OR to search. You can also filter data using custom time periods. Also, the events summary panel provides a count of each event category and severity.

Search event messages

Fixed issues

Analytics

The analytics report in Citrix ADM displays only 14 to 28 days data, even after the time duration is selected as 1-month

[NSHELP-23836]

System

ADM does not generate the agent technical support bundle if the file size is big. [NSHELP-24620]

Licensing

When installing a license file on the ADM GUI using a license access code (Networks >Licenses >Add License File), the “Fail to parse the License info” message appears. The issue occurs if the license files are stored on a Jazz server, which is not supported. With this fix, Jazz servers are supported for adding license files to ADM.

[NSADM-59338]

August 17, 2020

Select target instance groups to deploy a configuration pack

When you add a new configuration in the StyleBooks > Configurations page, you can now select an ADC instance group to deploy a configuration pack. And, this configuration applies to all instances in the group. To do so, select Instance Groups in the Target Instances section.

Target instance

[NSADM-56605]

Specify an IP address from the IPAM network

When you set the dynamic-allocation attribute value to true in the StyleBook definition, a user can now specify an IP address from the selected IPAM network. The ADM allocates the specified IP address to a virtual server.

[NSADM-56068]

Manage user authorization to IPAM

As an administrator, you can now select IPAM providers and networks and grant access to a user or group.

  1. Navigate to the System > User Administration page.

  2. Add IPAM providers and networks in the Authorization Settings tab.

    User authorization

[NSADM-54377]

Improvements to StyleBook built-in functions

When creating StyleBook definitions, use the following built-in functions with their improved capabilities:

  • replace() – Now replaces the characters or strings specified in the list. Earlier, you were not able to provide a list input to this function.

  • ip() – Now accepts an integer value and converts that into an equivalent IP address. It also supports IP address addition and subtraction.

  • int() – Now accepts an IPv4 address and returns its equivalent integer value.

[NSADM-56310], [NSADM-55209]

Use new StyleBook built-in functions

When creating StyleBook definitions, ADM StyleBooks now supports the following built-in functions:

  • distinct() - Extracts the unique items from an input list.

  • split() - Splits an input string into lists.

[NSADM-56103], [NSADM-55958]

Configure an Autoscale group application without StyleBooks

You can now configure an application on an ADC Autoscale group without selecting StyleBooks. However, if you want to use StyleBooks in future, edit and resubmit this application, select Yes in the confirmation window.

Earlier, StyleBook selection was mandatory to configure an Autoscale group application.

[NSADM-52814]

Improvements to Gateway Insight

In Gateway Insight, you can now view:

  • A search bar that enables you to filter results based on the user name. Navigate to Analytics > Gateway Insight > Users to view the search bar for Users and Active Users. Place the mouse pointer on the search bar, select User Name, and type a user name to filter results.

    Search bar

  • A geo map that displays the users information based on the users geographical location. As an administrator, this geo map enables you to view the summary of total users, total apps, and total sessions for a specific location.

    1. Navigate to Analytics > Gateway Insight to view the geo map

    2. Click a country. For example, United States The geo map displays the details such as users list, active sessions, terminated sessions, applications for the selected country.

  • A geo map for gateways that enables you to filter users based on a particular location.

    1. Navigate to Analytics > Gateway Insight > Gateways

    2. Select a gateway domain name to view the geo map

    3. Click a country. For example, United States

      The geo map displays the details such as users list, active sessions, terminated sessions, applications for the selected country.

[NSADM-55504], [NSADM-55506]

App Security Violations – Network

In App Security Violations, you can now view SYN Flood Attack under the Network violation category. For more information, see App Security Violations.

[NSADM-46021]

Improvements to Global Service Graph

In Global Service Graph, you can now use the search bar to filter results. As an administrator, this search bar enables you to narrow-down quickly to a particular instance/client/application/data center, when you have:

  • A large enterprise with many data centers

  • Configured many Citrix ADC instances for each data center

  • Configured many applications deployed or accessed through each Citrix ADC instance

  • Clients accessing the application from different locations

For more information, see Service Graph - Holistic view of all applications

[NSADM-52149]

Log message enhancement for cross-site script violation

The WAF Learning dashboard with cross-site script violation deployed now enables you to view a new attribute. This new attribute specifies the cross-site script violation location. The violation location can be Form Field, URL, Header, Cookie, or Other Locations.

WAF location

[NSADM-52941]

Security Insight – JSON Command Injection

In Security Insight, you can now view a new violation type, JSON Command Injection. To generate the JSON Command Injection violation in Security Insight, you must configure the following command in Citrix ADC instance:

add appfw profile abc_js -type JSON -startURLaction none -starturlclosure off -jsoncmdinjectionaction block log stats -jsoncmdinjectiontype cmdkeyword

After you configure, you can view the JSON Command Injection attack in Security Insight.

JSON command injection

[NSADM-52869]

Service graph for Kubernetes application – View app details in App dashboard

In service graph, when you click a service and select View in App Dashboard, the details for the selected app is displayed in the App dashboard.

Service in app dashboard

For more information, see Application details for microservices applications.

[NSADM-56583]

View Security insight and bot insight attack details in App Security Violations

In App Security Violation, you can now view security insight and bot insight attack details under WAF and Bot categories respectively. Navigate to Analytics > Security > Security Violations to view the following violations:

WAF Bot
Buffer Overflow Crawler
Content Type Feed Fetcher
Cookie Consistency Link Checker
CSRF Form Tagging Marketing
Deny URL Scraper
Form Field Consistency Screenshot Creator
Field Formats Search Engine
Maximum Uploads Service Agent
Referrer Header Site Monitor
Safe Commerce Speed Tester
Safe Object Tool
HTML SQL Inject Uncategorized
Start URL Virus Scanner
XSS Vulnerability Scanner
XML DoS DeviceFP Wait Exceeded
XML Format Invalid DeviceFP
XML WSI Invalid Captcha Response
XML SSL Captcha Attempts Exceeded
XML Attachment Valid Captcha Response
XML SOAP Fault Captcha Client Muted
XML Validation Captcha Wait Time Exceeded
Others Request Size Limit Exceeded
IP Reputation Rate Limit Exceeded
HTTP DOS Block list (IP, subnet, policy expression)
TCP Small Window Allow list (IP, subnet, policy expression)
Signature Violation Zero Pixel Request
File Upload Type Source IP
JSON XSS Host
JSON SQL Geo Location
JSON DOS URL
Command Injection  
Infer Content Type XML  
Cookie Hijack  

[NSADM-54296]

Peak usage and lean period analytics - Assess app scale limits and identify top 5 app maintenance window

As an administrator, you must analyze the traffic and find a right time to decide:

  • When you want to scale up the application in the production environment

  • When you want to schedule the application downtime

The peak usage and lean period analytics feature in Citrix ADM enables you to analyze the key metrics for a selected time duration. From these metrics, you can analyze the traffic and take decision on when you want to scale up the web application or plan a scheduled downtime.

For more information, see Application peak usage and lean period analytics.

[NSADM-52167], [NSADM-52140]

View network reporting data by applying aggregations

You can now apply aggregations to the network performance data and view application performance on the dashboard. You can also export the results based on your requirement. Using these aggregations applied to the data, you can analyze and ensure all resources are utilized optimally. Navigate to Network > Network Reporting and select the time duration 1 day or later to get the View By option.

View by

In the existing data, you can apply aggregations by selecting the option from the View By list. For more information, see View networking reporting data by applying aggregation filters

[NSADM-56494]

Select the evaluation license type in smart deployment

You can now experience the ADM Autoscale solution using the evaluation license. When you choose the Smart Deployment option to deploy ADC instances in AWS, you can now select the Evaluation license type. This option allows you to deploy the Citrix ADC VPX Express product. And, it can Autoscale up to three instances.

[NSADM-52143]

Fixed issues

Licensing

The licenses in Citrix ADM are disabled due to the agent restart.

[NSHELP-23539]

Networks

The Citrix ADM agent status shows reset:requested, even after the agent registration is successful.

[NSHELP-23413]

StyleBooks

When you configure an Autoscale group application using default StyleBooks, it does not support the DNS and UDP monitor types. With this fix, the versions of the following Autoscale group StyleBooks are updated:

  • lb-mon-autoscale-v1.5

  • cs-lb-mon-autoscale-v1.4

[NSADM-55982]

July 24, 2020

App Security Violations - Network

You can now view the Segment Smack Attack as part of the network violations in App Security Violations. For more information, see App Security Violations.

[NSADM-46025]

Service Graph for Kubernetes applications - View client metrics for troubleshooting issues

In Service Graph for Kubernetes applications, you can now view from which location the client is accessing the service. As an administrator, you can visualize the client metrics and analyze the issues that occur from the client.

For more information, see View details in service graph.

[NSADM-54335]

Support for In-Service-Software-Upgrade

You can now select the In-Service-Software-Upgrade (ISSU) option while creating an upgrade job. ISSU ensures the zero downtime upgrade on an ADC high-availability pair. The ISSU feature provides a migration functionality that honors the existing connections during upgrade. So, you can upgrade an ADC HA pair without downtime.

ISSU upgrade option

[NSADM-43357]

Dynamically list the ADM IP address Management (IPAM) networks in StyleBooks

You can now build a StyleBook that allows a user to select an ADM IPAM network from which it auto-allocates an IP address. The IPAM networks list is dynamically retrieved from ADM. Earlier, you were able to select the IPAM networks that are mentioned in the StyleBook definition.

A new attribute dynamic-allocation is now added in the parameter definition of type:ipaddress. It can take true or false as an input. When you set its value to true, a user can select a network from the list of the IPAM networks found in ADM. Then, the ADM auto-allocates an IP address from the selected network.

Example:

  -
    name: virtual-ip
    label: "Load Balancer IP Address"
    type: ipaddress
    dynamic-allocation: true
    required: true

In this example, the virtual-ip field lists the IPAM networks that are in ADM. Select a network from the list to auto-allocate an IP address from the network. The IP address is released back to the network when the configuration is deleted.

[NSADM-54246]

User authorization improvements to StyleBooks and configuration packs

As an administrator, you can now have a better control on authorizing specific StyleBooks and configuration packs to user groups in the Account > User Administration > Groups page. The StyleBooks and Configpacks sections in Authorization Settings are now improved with the following changes:

  • StyleBooks – You can now specify the authorized list of StyleBooks using a filter expression that can contain regular expressions.

    Example:

    name=lb-mon|lb AND namespace=com.citrix.adc.stylebooks AND version=1.0

    This query lists the StyleBooks that meet the following conditions:

    • StyleBook name is either lb-mon or lb.

    • StyleBook namespace is com.citrix.adc.stylebooks.

    • StyleBook version is 1.0.

  • Configuration packs – You can now authorize the user for configuration packs that belong to the selected StyleBooks. To do so, select All configurations of the selected StyleBooks in the Configpacks section.

    New option to select configuration packs

[NSADM-52334]

July 15, 2020

Export ADM reports in a tabular format

You can now export ADM reports in a tabular format or a snapshot. You can also choose how many data records to export in a tabular format. Earlier, you were able to export reports only as a snapshot.

ADM reports in tabular format

For more information, see Export or schedule export reports.

[NSADM-52461]

Generate network reports for load-balancing service groups

You can now create a network-reporting dashboard for both load-balancing service groups and services. Earlier, you were able to create a dashboard for load-balancing services only.

Network reports for load-balancing service groups

This dashboard can display the following reports for the selected service groups:

  • Connections: for the client and server connections counters.
  • Throughput: for request and response bytes counters.
  • Time to First Byte (TTFB): for the average time taken to send a request packet to a service group and receive the first packet from the service group. This response time is called as TTFB.

For more information, see Network reporting.

[NSADM-51596]

Support for authentication, authorization, and auditing polling and network reports

Citrix ADM now polls authentication, authorization, and auditing (Citrix ADC AAA) events from an ADC instance and allows you to visualize their trend in Network Reporting. The ADM GUI includes the following Citrix ADC AAA network reports to create a dashboard:

  • HTTP Authentication Success vs Failures
  • Non-HTTP Authentication Success vs Failures
  • AAA Sessions
  • Current AAA Sessions
  • Current ICAOnly Sessions
  • Current ICAOnly Connections
  • Current ICA(SmartAccess) Connection
  • Authentication Success and Failures

For more information, see Network Reporting.

[NSADM-51372]

Associate StyleBook tags with their configuration

In StyleBooks, the Label term is renamed to Tag. You can now associate the StyleBook tags with their configuration pack. So, you can search the configuration packs using the StyleBook tags itself. When you create a configuration pack, use one the following options in the Tag Association section:

  • Associate all present and future StyleBook tags with the configuration – This option associates all the StyleBook tags to a configuration pack. It also makes sure to associate the new tags that you might add to the StyleBooks in future.
  • Select tags – This option displays the tags of the selected StyleBook. You can select the required StyleBook tags and associate with a configuration pack.

    StyleBook tags and configuration

For more information, see Create a tag for the StyleBook.

[NSADM-53600]

StyleBooks support conditional parameters

You can now dynamically control a parameter’s appearance or its initial value in the StyleBook configuration form based on the value specified in another parameter. To do so, use the dependent-parameters attribute in the parameter definition. This attribute is newly added as a new gui subattribute. Specify this attribute on a source parameter that controls the parameter’s behavior on the form. In this attribute, you can include multiple conditions that control other parameters. For example, a source parameter protocol can have a dependent-parameter certificate, which only appears if the protocol parameter value is SSL. Each condition can have the following attributes:

  • target-parameter: Specify the target parameter to which this condition applies.
  • matching-values: Specify the list of values of the source parameter that trigger the action.
  • action: Specify one of the following actions on the targeted parameter:
    • read-only: The parameter is made read-only.
    • show: The parameter appears in the form if it is hidden.
    • hide: The parameter is removed from the form.
    • set-value: The parameter value is set to the value specified in the value attribute
  • value: The value of the target parameter if the action is set-value

When a user input matches the specified values on the source parameter, the target parameter’s appearance or value changes according to the specified action.

For more information, see dependent-parameters.

[NSADM-52329]

View users who created or updated a StyleBook configuration

In StyleBook > Configurations, a new column is added that display users who created or last updated the configuration pack. If you want to filter configuration packs by users, select the Created By option from the properties list to filter configuration packs.

[NSADM-52336]

Use a script to enable zero-touch agent in AWS

When you launch an ADM agent in AWS, you can now specify an agent auto-registration script as user data. An example script is provided in Install Citrix ADM agent on AWS. This script fetches the authentication details from the AWS secrets manager and runs the deployment.py script to register the agent with the ADM service. Alternatively, you can still do any of the following:

  • Specify the actual authentication details in user data that auto-registers the agent during boot-up.
  • Use the deployment_type.py script to register an agent after it boots up successfully. For more information, see Install Citrix ADM agent on AWS.

[NSADM-55322]

WAF learning in Citrix ADM

As an administrator, you can now configure learning profiles to generate the relaxation rules list:

  • Only for the selected web applications
  • Only for the selected profile names

For more information, see Configure the learning profile.

[NSADM-49494]

App security violations - Network

Apart from the existing app security violations, you can now view the following violations as part of the Network violations:

  • HTTP desync attack
  • Bleichenbacher attack

For more information, see Application security violation details.

[NSADM-49468], [NSADM-46460]

View ingress metrics and ingress details for troubleshooting

In service graph, you can now view:

  • Ingress metrics
  • Ingress details (drill down)
  • The type of ingress used
    • Tier 1 ingress – Citrix Ingress Controller inside the Kubernetes cluster configures a Citrix ADC instance (VPX/MPX/SDX/BLX) outside the Kubernetes cluster.
    • Tier 2 ingress – Citrix Ingress Controller running as a sidecar along with Citrix ADC CPX instance inside the Kubernetes cluster.

      Note: You can view Tier 1 ingress and Tier 2 ingress only if you have configured a two-tier architecture (Tier 1 ingress using ADC as MPX/VPX/SDX/BLX and Tier 2 ingress using ADC as CPX) in the Kubernetes cluster.

For more information, see View ingress details for troubleshooting issues

[NSADM-53755]

Improvements to 3-tier web applications service graph

The 3-tier web applications service graph is now improvised with the following changes:

  • The services are grouped and only the top four low scored services are displayed.

    3-tier web applications service graph

    Click More Services to view all services based on its status such as Critical, Review, and Good.

    More services in service graph

  • The Hits and Errors bar graph is not visible.

    Earlier

    Previous Hits and Errors bar graph

    Now

    New Hits and Errors bar graph

  • The network functions metrics are updated.

    Earlier

    Previous network functions metrics

    Now

    New network functions metrics

[NSADM-52147]

Improvements to Gateway Insight

In Gateway Insight, you can now view the following enhancements for the gateway users. As an administrator, these enhancements enable you to get a complete user information when you export the report. Navigate to Analytics > Gateway Insight > Users and select a user to view:

  • The user Active Sessions and Terminated Sessions.

    Gateway Insight active and terminated sessions

  • The gateway domain name and gateway IP address in Active Sessions.

    Gateway Insight active session

  • The user login duration.

    Gateway Insight login duration

  • The reason for the user logout session. The logout reasons can be:

    • Session timed out
    • Logged out because of internal error
    • Logged out because of inactive session timed out
    • User has logged out
    • Administrator has stopped the session

      Gateway Insight logout session

[NSADM-52763], [NSADM-52767], [NSADM-52764], [NSADM-53496]

Support for built-in agent for SDX instances

Citrix ADM built-in agents are now available on SDX instances. Further, you can initiate the built-in agent by using MASTools. For more information, see Configure the ADC built-in agent to manage instances.

Fixed issues

Analytics

When ADM collects the ADC metric information, CPU usage becomes high.

[NSADM-56374]

Systems

When you enable Prompt Credentials for Instance Login in the System Settings page, the ADM GUI doesn’t display the license information in the Instance dashboard.

[NSHELP-23944]

Networks

Under Networks > Licenses, the ADM GUI displays incorrect license information for managed instances, if the number of managed instances is more than the maximum limit of 58 instances. With the fix, the limit for maximum instances is increased to 1000.

[NSHELP-23956]

June 30, 2020

App security violations – Excessive Unique IPs per Geo

The Excessive Unique IPs per Geo indicator now enables you to view a Geo map that displays the total anomalies based on regions. The graph indicates the relevant violation details from the selected region.

Excessive unique IPs per geo

For more information, see Excessive Unique IPs per Geo.

[NSADM-52555]

Improvements to Gateway Insight

In Gateway Insight, you can now view the following enhancements:

  • User details - You can view insights for each user associated with the ADC Gateway appliances. Navigate to Analytics > Gateway Insight > Users and click a user to view insights for the selected user such as Session Mode, Operating System, and Browsers.

    User details

  • Users and applications for the selected gateway - Navigate to Analytics > Gateway Insight > Gateway and click a gateway domain name to view the top 10 applications and top 10 users that are associated with the selected gateway.

    User and application

  • View more option for applications and users – For more than 10 applications and users, you can click the more icon in Applications and Users to view all users and applications details that are associated with the selected gateway.

    View more

  • View details by clicking the bar graph – When you click a bar graph, you can view the relevant details. For example, navigate to Analytics > Gateway Insight > Gateway and click the gateway bar graph to view the gateway details.

    Bar graph

[NSADM-53489], [NSADM-53508], [NSADM-53906], [NSADM-52768]

Ability to add an ADC instance without valid credentials

When you add an instance in Citrix ADM for the first time, you can now add the instance even without valid credentials. After the instance is added, it appears in the DOWN state in the Networks > Instance > Citrix ADC page, with a Login Failed warning. Specify the correct credentials to manage the instance in ADM.

Add an instance without credentials

If the instance is unlicensed, the License option appears when you select the instance. Click License to apply the license to an instance from the license pool.

[NSADM-44856]

View ADC FIPS instance pool under the Pooled Capacity page

The ADC FIPS instances can now check out licenses from the FIPS instance pool. Therefore, the ADM GUI displays the allocated pooled licenses to FIPS instances under Networks > Licenses > Bandwidth Licenses > Pooled Capacity page.

[NSADM-51207]

Autoscale group applications in Azure support UDP traffic

The Autoscale group applications that are in Azure can now receive UDP traffic. When you configure an application to the Autoscale group, select the UDP protocol and port value to allow UDP traffic.

Autoscale group applications support UDP traffic

With this feature, the following Autoscale group StyleBooks are newly added to configure an application:

  • lb-mon-autoscale-v1.4
  • cs-lb-mon-autoscale-v1.3

[NSADM-53288]

Fixed issues

Licensing

The instance license status appears as Sync-In-Progress instead of Managed when the following conditions are met:

  1. The multiple licenses belong to the same edition and pool.
  2. An ADC instance checks out the license from the pool.

[NSADM-55928]

System

  • Syslog messages do not appear in the ADM GUI.

    [NSADM-55822]

  • When you change the user’s group, the password complexity error appears.

    [NSHELP-23497]

June 22, 2020

Select multiple target instances at one time

When you want to deploy the same configuration pack to multiple ADC instances, you can now select the required ADC instances at one time. Earlier, you had to select the instances one by one to deploy the configuration pack. With this feature, you can also filter instances to select the required instances.

Multiple target instances

[NSADM-50115]

View the instance distribution by their minor versions

The Instance Dashboard now displays the managed instances’ distribution by their minor versions. The Version graph helps you visualize the device count for every minor version.

Instance distribution

[NSADM-42183]

Improvements to global service graph

As an administrator, the single-pane view in the global service graph might be difficult for you to monitor the infrastructure to application views, when you have:

  • A large enterprise with many data centers

  • Configured many Citrix ADC instances for each data center

  • Configured many applications deployed or accessed through each Citrix ADC instance

The improved global service graph now eliminates the disorganized view and enables you to view:

  • The data center grouped with its total Citrix ADC instances

  • Only the top four low-scored Citrix ADC instances from each data center

    ADC group

Click More ADCs to view all Citrix ADC instances by selecting the respective status (Critical, Review, Good, and Not Applicable) tabs. Click the instance IP address to view the instance details such as instance score, key metrics, and issues associated with the ADC instance.

Note

You can also click the instance from the global service graph to view the Citrix ADC instance details.

More ADCs

[NSADM-53249]

Fixed issues

Analytics

  • In Web Transaction Analytics, the saved searches are not displayed after a page refresh.

    [NSADM-53722]

  • In Analytics > Web Insight, the expected data is not displayed for all metrics pages (Client, Server, URLs, Request methods, Response status , User agents, and Operating systems)

    [NSADM-53632]

  • Even after configuring the right RBAC, the applications in Applications > App Dashboard and the virtual servers in Network Function > Load Balancing are not displaying the expected data, once a new stylebook/configpack is added by the user of the group.

    [NSHELP-23101]

GUI

  • In a VPN connection, ADM is unable to connect to the ADC GUI using SSO (Single Sign On).

    [NSHELP-23099]

June 04, 2020

Deliver your AWS application in three steps at your first login

When you log on to the ADM GUI for the first time, you can deliver an application that is in AWS using ADC instances in just three steps:

  1. Register your AWS account with the Citrix ADM service by creating a Cloud Access Profile.

  2. Prepare your AWS environment by specifying the AWS region, VPC details, and ADC licenses.

    The AWS environment comprises of AWS infrastructure, ADM agent, and ADM Autoscale group. In this step, the ADM creates the following:

    • A CloudFormation stack in AWS to create the required infrastructure that includes subnets, security groups, NAT gateways, and so on.

    • An ADM Agent in the VPC to manage ADC instances.

    • An ADC Autoscale group. You can customize this group later in the Networks > Autoscale Group page.

  3. After successful environment preparation, configure applications using StyleBooks to deliver your application.

After the first logon, if you want to Autoscale ADC instances, see Autoscaling of Citrix ADC using Citrix ADM.

For more information, see Getting started.

[NSADM-47626]

Maintain a spare node in your Autoscale group

When you specify parameters to create an Autoscale group, you can now choose to maintain a spare node to achieve faster scale-out.

ADM provisions a spare node before the scale-out action occurs and shuts it down. When the scale-out action occurs for the Autoscale group, the ADM starts the spare node that is already provisioned. As a result, it reduces the time taken for scale-out.

Spare node in Autoscale

For more information, see Configure Autoscale parameters.

[NSADM-48191]

Configure an Autoscale group application using auto-generated FQDN

When you configure an application for the Autoscale group, you can now select auto-generated FQDN type. This option automatically generates the domain and zone name.

If you choose user-defined FQDN type, you must specify the domain and zone name to configure an application. For more information, see configure applications using StyleBooks.

[NSADM-51494]

Monitor API instances and endpoints in ADM

As an administrator, you can add and deploy API definitions on an API Gateway in Citrix Application Delivery Management (ADM). With this feature, you can add policies to define the traffic selection criteria to authenticate incoming API requests. The API Analytics page displays the following metrics of API instances and endpoints:

  • Distribution of application and server response time for API endpoints.
  • API endpoints that have high application and server response time.
  • API endpoints that have more requests and bandwidth.
  • Locations from where the endpoints receive API requests.
  • The trend of total and dropped API requests to an endpoint.
  • HTTPS response status.
  • API endpoint bandwidth consumption.
  • SSL errors and usage on an API endpoint.

API dashboard overview

For more information, see Manage API definitions.

[NSADM-47869]

Improvements to service graph

Service graph is updated with a few thematic changes. You can also experience a few minor UI updates:

  • FAQs’ link – To view more troubleshooting scenarios for service graph that display partial and no data issue.

Service graph FAQ link

  • Change in ADC processing time metric – This metric displays 0, instead of < 1 ms. This change is applicable only for ADC instances that are in Out of Service or Down status.

  • Hexagon to represent a microservice application – Service graph now displays a microservice application in the hexagon symbol.

Service graph hexagon

  • View ADC instance details – Click an ADC instance from service graph for applications (Applications > [app name] > Service Graph). This page displays ADC instance details such as instance score, key metrics, and issues.

  • Global service graph to display microservice applications – The microservice applications appear based on the configured thresholds.

Depending upon the score, you can view the microservice applications in red (critical), orange (review), and green (good).

  • Namespace filter to display corresponding services – The service graph now displays the corresponding services along with client and ingress.

Service graph namespace filter

[NSADM-51973]

View applications from the Infrastructure Analytics page

When you select an instance in the Infrastructure Analytics page, you can view the number of applications deployed on the instance. Click the applications link to view those applications.

Infra analytics applications link

[NSADM-43848]

A new UI text for SNMP V2

While adding an ADC instance in the ADM GUI, under SNMP, if you select SNMP V2 now the following message appears: “SNMP V3 is more secure and recommended.” By default, SNMP V3 is selected.

SNMP v2 UI text

For more information, see Adding instances.

[NSADM-51179]

Agent as a new search property

Under Networks > Instances > Citrix ADC, now you can search instances by the associated agent. Click the search icon and select Properties > Agent.

Search property agent

For more information, see How to search instances using values of tags and properties. [NSADM-47424]

Change agent default password

To ensure security of your infrastructure, now you can change the default password of an agent. To change the password, from the GUI, navigate to Networks > Agents and click Select Action and select Change Password.

Change agent default password

For more information, see Getting started.

[NSADM-47521]

Use ADM to provision ADC instances on SDX

You can now provision one or more Citrix ADC instances on the SDX appliance, by using ADM. The ADM service implicitly deploys the Citrix ADC instance on the SDX appliance and then downloads configuration details of the instance.

Use ADM to provision instances on SDX

For more information, see Provision ADC VPX instances on SDX using ADM.

[NSADM-23845]

Fixed issues

Analytics

In Gateway Insight, the export report for CSV format is not working as expected.

[NSHELP-22780]

GUI

The save favorites menu sometimes displays a javascript error.

[NSADM-52856]

Licensing

The unhandled timeout exceptions and deadlock conditions cause pooled licensing feature not working as expected.

[NSHELP-22729]

May 15, 2020

View diagnostic details for partial or no data in service graph

After you complete the required service graph configuration and add the Kubernetes cluster in Citrix ADM, the service graph starts to populate data. In some scenarios, you might observe that service graph displays either partial data or no data. Some of the possible reasons for the partial data or no data in service graph are:

  • Static route is not configured
  • Kubernetes cluster status is down
  • CPX registration is failed
  • CPX virtual servers are not licensed
  • The required analytics configuration is not set that prevents service graph to load all data

As an administrator, you might find it difficult to analyze the reasons when you see the service graph feature displaying partial data or no data.

The service graph page now enables you to view the possible reasons and required actions to troubleshoot the partial data or no data issue. For more information, see View diagnostic details.

[NSADM-47865]

A simplified process to view errors in service graph

In service graph, the process to view the HTTP and SSL errors is simplified. You can now view the total errors by hovering the mouse pointer on an erroneous service and clicking the error count.

View service graph errors

[NSADM-47864]

View microservice applications in app dashboard

In App Dashboard, you can view the microservice applications details that are configured from Citrix ADC CPX instance in the Kubernetes cluster. The App Type filter has a new K8s_Discrete option that enables you to apply filter and view the microservice application details.

Filter for microservice

For more information, see View microservice app details.

[NSADM-47863]

WAF learning in Citrix ADM

Citrix Web App Firewall (WAF) protects your web applications from malicious attacks such as SQL injection and cross-site scripting (XSS). To prevent data breaches and provide the right security protection, you must monitor your traffic for threats and real-time actionable data on attacks. Sometimes, the attacks reported might be false-positive and those attacks need to be provided as an exception. The learning engine on Citrix ADM is a repetitive pattern filter that enables WAF to learn the behavior (the normal activities) of your web applications. Based on monitoring, the engine generates a list of suggested rules or exceptions for each security check applied on the HTTP traffic. As an administrator, you can then view those violations list in Citrix ADM and decide to deploy or skip. For more information, see WAF learning in Citrix ADM.

[NSADM-44341]

App security violations - Excessive Unique IPs per Geo

Apart from the existing app security violations, you can now view Excessive Unique IPs per Geo as part of the Bot category. The Excessive Unique IPs per Geo indicator enables you to analyze and block the bad bots making more visits to a web application from a particular location. For more information, see Excessive unique IPs per geo.

[NSADM-43982]

Application usage analytics

Application owners must have the ability to evaluate and visualize the complete application from the perspectives of performance and usage.

The improvised App Dashboard enables you to view all the application performances and usage metrics together. When you click an application, alongside the existing application performance metrics, the Usage tab displays the metrics details that help you:

  • Understand your application usage.

  • Correlate any performance deviations with the usage metrics.

If the application has two or more virtual servers, select the virtual server from the list.

Usage app dashboard

Using the App Dashboard, as an administrator, you can visualize a single-pane view for the following metrics:

  • Clients
  • Servers
  • Geo locations
  • URLs
  • HTTP Response Status
  • Operating system
  • Browsers
  • SSL errors
  • SSL usage

For more information, see Application usage analytics.

Global service graph: A holistic visualization of users, infrastructure, and applications

Note

This feature is in preview.

The global service graph feature enables you to get a holistic visualization of the clients to infrastructure to application view. From this single-pane service graph view, as an administrator, you can:

  • Understand from which region the users are accessing the specific applications (3-tier Web apps and microservices app)
  • Visualize the infrastructure (Citrix ADC instance) view that the client request is processed
  • Understand if the issues are occurring from the client, infrastructure, or application
  • Further drill down to troubleshoot the issue

Navigate to Applications > Service Graphs > Global Service Graph to view:

  • End-to-end details of all applications connected from client to back end servers.
  • All Citrix ADC instances that are connected to its respective data centers. Note: You can view data centers only if you have GSLB apps.
  • The client metrics information.
  • The Citrix ADC metrics information.
  • All Citrix ADC instances that have discrete applications, custom applications, and discrete microservice applications.
  • The top four low-scored applications that belong to custom apps, discrete apps, and microservices apps.
  • The metrics information for the top four low-scored virtual servers.
  • The applications (discrete apps, custom apps, and microservices apps) status such as Critical, Review, Good, and Not Applicable.

For more information, see Holistic view of all applications in service graph.

[NSADM-47425]

Customize StyleBooks filter to provide user authorization

As an administrator, you can authorize specific StyleBooks to a user in the Account > User Administration > Groups page. You can now use a custom Filter query to search StyleBooks. A query is a string of key-value pairs where keys are as follows:

  • Name
  • Namespace
  • Version

For example: name=lb-mon OR namespace=com.citrix.adc.stylebooks OR version=1.0

The search result lists the StyleBooks based on the specified key-value pair. Based on the specified query, the ADM provides user access to those StyleBooks.For more information, see Configure groups on Citrix ADM.

[NSADM-49446]

Import StyleBooks with an icon

When you import a StyleBook, you can now include an icon with it. In Applications > StyleBook, the imported StyleBook appears with an icon.

StyleBook icon

For more information, see Import custom StyleBooks

[NSADM-45810]

Use new built-in functions in StyleBooks

When creating StyleBook definitions, ADM StyleBooks now supports the following built-in functions:

  • startswith() – Determines whether a string begins with a given prefix. Learn more.
  • contains() – Determines whether a string contains a given substring. Learn more.
  • endswith() – Determines whether a string ends with a given suffix. Learn more.](/en-us/citrix-application-delivery-management-service/stylebooks/stylebooks-grammar/built-in-functions.html#endswith)
  • substring() – Extracts a substring from a string. Learn more.](/en-us/citrix-application-delivery-management-service/stylebooks/stylebooks-grammar/built-in-functions.html#substring)

[NSADM-45889]

StyleBook configuration builder supports ADC WAF feature

The StyleBook configuration builder now recognizes and supports WAF feature in an ADC source configuration. For more information about supported ADC features, see Migrate Citrix ADC application configuration using StyleBooks Configuration Builder.

[NSADM-48941]

Confirm license consumption before application deployment

When you create an application using StyleBooks, you can confirm the required license consumption before deploying the application. The following message appears after you complete the steps to create an application:

Confirm license consumption

Click Yes to the confirmation message. The ADM allocates the required licenses to an application. Earlier, you had to enable the Auto licensed virtual servers option to create an application using StyleBooks. Now, you can still create an application even if the Auto licensed virtual servers option is disabled.

For more information, see Create an application using StyleBook.

[NSADM-51306, NSADM-47184]

Fixed issues

Networks

When you export a CSV report for all performance reports including load balancing virtual servers report, the exported report appears blank.

[NSHELP-22465]

Under Networks > Configuration Audit > Audit Reports, for any selected ADC instance, the following actions do not work:

  • Revision history diff
  • Pre vs. Post upgrade diff
  • Download configuration

[NSADM-51310]

Upgrade scripts fail to download, and the “File not Found” error message appears. This issue occurs when you download the scripts after a maintenance upgrade job is successfully completed.

[NSADM-48809]

Analytics

The unusually large upload and download transaction indicators in Citrix ADM GUI do not display analytics data as expected.

NSADM-50930]

April 28, 2020

View application security violation details

Apart from the existing network violations, you can now view violations for bot and WAF categories. The following are the violations that you can visualize in Citrix ADM:

BOT WAF
Excessive Client Connections Unusually High Upload Transactions
Account Takeover Unusually High Download Transactions
Unusually High Upload Volume Excessive Unique IPs
Unusually High Request Rate  
Unusually High Download Volume  

For more information, see View application security violation details.

[NSADM-40227], [NSADM-43969], [NSADM-43974], [NSADM-43977], [NSADM-43980], [NSADM-43984]

View reports for bot signature updates

In Bot insight, you can now view the bot signature updates in the Events History, when:

  • New bot signatures are added in Citrix ADC instances.

  • Existing bot signatures are updated in Citrix ADC instances.

Navigate to Analytics > Security > Bot Insight and view the signature update summary under Events History.

For more information, see Bot insight.

[NSADM-40228]

Install an agent certificate

To meet your security requirements, now you can upload a certificate to the ADM agent by using the ADM GUI. To install the certificate, from the GUI navigate to Networks > Agents and click Select Action and select Install Certificate.

For more information, see Getting Started.

Certificate

[NSADM-47904]

Specify verbatim type strings in a new format

The verbatim strings can take complex inputs like PI Expressions in their original format without escape characters (for example, \\).

To include PI expressions in a StyleBook definition and to retain its format in the output, you can now specify them using the following syntax:

  • The new syntax:

     ~{<pi-expression>}~
    
     Example:
    
     ~{"HTTP.REQ.COOKIE.VALUE(\"jsessionid\") ALT HTTP.REQ.URL.BEFORE_STR(\"=\").AFTER_STR(\";jsessionid=\") ALT HTTP.REQ.URL.AFTER_STR(\";jsessionid=\")"}~
    
  • The old syntax:

     “\<pi-expression>\””
    
     Example:
    
     "\"HTTP.REQ.COOKIE.VALUE(\\\"jsessionid\\\") ALT HTTP.REQ.URL.BEFORE_STR(\\\"=\\\").AFTER_STR(\\\";jsessionid=\\\") ALT HTTP.REQ.URL.AFTER_STR(\\\";jsessionid=\\\")\""
    
    

The specified PI expressions do not alter their format in the output.

[NSADM-45888]

StyleBooks configurations - list view

The ADM GUI displays the StyleBooks configurations in the list view. Earlier, it was displayed in a tile view.

With this change, you can sort StyleBook configurations by column headers. For example, you can sort configurations by LAST MODIFIED TIME.

Configuration view

[NSADM-48918]

Migrate multiple virtual servers using the configuration builder

In the StyleBooks configuration builder, you can now select one or more virtual servers that you want to migrate from the configuration source to the target instance. Earlier, you were able to select only one virtual server to migrate at one time.

With this feature, you can select and migrate the necessary virtual servers that makes an application to the target instance.

Multiple virtual servers

[NSADM-49602]

Fixed issues

Analytics

  • In Security Insight, when you use the time slider, the Application Summary is displayed blank.

[NSADM-50809]

Applications

  • When you select an application from the App dashboard, the value for Response Time metric under Key Metrics is displayed in an incorrect format.

    [NSADM-50274]

  • The Manage Applications page is displayed blank, when:

    • You delete a custom app. Only after clicking the Refresh button displays the other apps

    • You modify the number of rows to be displayed

    • You click the next page in case of more than one page is available

    [NSADM-50224]

  • In Service Graph for Applications, the end-to-end transaction details from client to service is not populated in case the transaction occurs through servers with IPv.6

    [NSADM-50201]

Networks

  • In Configuration Job, when you select Instance from the Configuration Source list, and select Running Configuration or Saved Configuration option, an error message Please provide Citrix ADC IP Address is displayed.

    [NSADM-50810]

  • Indentation issue results in agent registration failure

    [NSADM-50596]

  • In Configuration Audit, when you export the report in CSV format, no data is displayed. Citrix ADM GUI also hangs sometimes, when you do multiple exports.

    [NSADM-48322]

StyleBooks

  • Incorrect error message is rendered while compiling a StyleBook dependency.

    [NSADM-50466]

Infra

  • Log information for any activity on mpsgroup to be displayed in Citrix ADM.

    [NSHELP-22370]

April 14, 2020

Support for IPAM in ADM

ADM supports IP address management (IPAM) to auto-assign and release IP addresses in ADM managed configurations. You can assign IPs from networks or IP ranges defined using the following IP providers:

  • ADM built-in IPAM provider.
  • Infoblox IPAM solution. For more information, see Infoblox DDI.

Currently, you can use ADM IPAM in:

  • StyleBooks: Auto-Allocate IPs to virtual servers when you create configurations.
  • Kubernetes Ingress: Auto-assign a virtual IP address to an Ingress configuration in a Kubernetes cluster.

You can also track the allocated and available IP addresses in each network or IP range managed by ADM. For more information, see Configure IPAM.

[NSADM-48377]

Deploy internal applications in an Autoscale group

You can now deploy both internal and external applications in an Autoscale group to use ADM autoscaling solution. Earlier, you were able to deploy only external applications. To deploy an internal application in Autoscale group, see Autoscale configuration in AWS and Autoscale configuration in Azure.

[NSADM-47520]

New columns added in SSL Dashboard

New columns are added to the following tabs in SSL Dashboard:

  • SSL Certificates – The Key Strength column is added. You can filter SSL certificates using the Key Strength value.
  • SSL Protocols – The Protocol Type column is added. You can filter SSL protocols using the protocol type.

[NSADM-42191]

View application security violation details

Web applications that are exposed to the internet have become vulnerable to attacks drastically. Citrix ADM enables you to visualize actionable violation details to protect applications from attacks. Navigate to Security > Security Violations for a single-pane solution to:

  • Access the following application security violations:

    • HTTP Slow Loris

    • DNS Slow Loris

    • HTTP Slow Post

    • NXDomain Flood Attack

  • Take corrective actions to secure the applications

For more information, see View application security violation details.

[NSADM-48069]

Deploy Citrix ADM agent as a microservice

You can now deploy a Citrix ADM agent as a microservice in Kubernetes cluster. In Citrix ADM,

  1. Navigate to Networks > Agents, and click Set Up Agent

  2. Click Get Started, select the As a Microservice option, and click Next

    Microservice agent

  3. Specify the following parameters:

    1. Application ID – A string id to define the service for the agent in the Kubernetes cluster and distinguish this agent from other agents in the same cluster

    2. Agent Password – Specify a password for CPX to use this password to onboard CPX to ADM service through the agent

    3. Confirm Password – Specify the same password for confirmation

    4. Click Submit

  4. After you click Submit, you can download the YAML or Helm Chart

    Microservice download agent

  5. In the Kubernetes master, save the YAML file and use the command kubectl create -f <yaml file>

    For more information, see Getting Started

[NSADM-43971]

March 31, 2020

View multiple clusters and more filters in service graph

In service graph, you can now view:

  • Services that are associated with each cluster.

    Multiple clusters

  • More filters for:

    • Cluster – Displays all services applicable for the selected cluster or clusters.

    • Namespace – Displays all services applicable for the selected namespace.

      Note

      Depending upon the labels configured for the service in Kubernetes service definition YAML, you might also view more filter options.

      Filters

[NSADM-43985]

Distributed Tracing

In service graph, you can now use the trace information to:

  • Analyze the overall service performance

  • Visualize the communication flow between the selected service and its inter-dependent services

  • Identify which service indicates errors and troubleshoot the erroneous service

  • View transaction details between the selected service and its inter-dependent service. For more information, see Distributed Tracing

[NSADM-43976]

Validate the StyleBook contents before you import to ADM

When you compose a StyleBook in ADM YAML editor, you can now check for the StyleBook grammar errors without importing to ADM.

If there are errors in the StyleBook content, the ADM GUI displays the error details. You can correct the indicated errors and continue to edit, or import the StyleBook.

StyleBook validate

[NSADM-47978]

Improved StyleBooks error message display

The ADM GUI displays an error message if you import a StyleBook that has StyleBook grammar errors. Some error messages are now organized to display the error details. The error details include Error, Fix, Code, Name, and more depending on the error types. The Fix field provides information to resolve an issue.

StyleBook error

[NSADM-44274]

Import StyleBooks from any folder in a GitHub repository

You can now synchronize StyleBook files to ADM from any folder in a GitHub repository. Earlier, you were able to only import or synchronize StyleBook files that are present at the GitHub repository root folder.

For more information, see Import and synchronize StyleBooks from GitHub repository

[NSADM-46147]

Audit ADC configuration against configuration pack

In StyleBooks > Configurations, you can now explicitly compare the changes made by a StyleBook configuration pack to the current ADC configuration. With this feature, you can do the following:

  • Detect the configuration drift between StyleBook configuration pack and ADC configuration.

  • Identify any modified and deleted objects on the ADC that do not reflect the changes made by the configuration pack.

To compare the configuration pack changes to the ADCs config, click Configuration Audit on the desired configuration pack.

For more information, see Audit ADC configuration against configpack.

[NSADM-45866]

Support for Citrix annotations to deploy an Ingress configuration

When you add content routing rules to an Ingress Configuration, you can now include the following Citrix annotations in the ADM GUI:

  • LB Method – Select the preferred load-balancing method to the selected Kubernetes service.

  • Persistence Type – Select the preferred load-balancing persistence type to the selected Kubernetes service.

After adding the content routing rules, you can view the selected LB method and persistence type in the Ingress specification. Review and deploy the Ingress configuration.

For more information, see Deploy Ingress configuration.

Citrix annotations

[NSADM-48414]

Instances indicate the deployment type with a notation

In ADM GUI, the instance IP addresses now indicate the deployment type. The following notations describe the deployment type:

  • In high-availability pair, P – Primary server and S – Secondary server.

  • C-Cluster

  • A-Autoscale Group

If an Instance has no notation, it indicates the standalone deployment.

[NSADM-41859]

March 03, 2020

Edit the deployment attributes in the StyleBooks Configuration Builder

Note

This feature is in preview.

The StyleBooks Configuration Builder helps you create an application configuration StyleBook and config pack from an existing ADC configuration. The configuration builder also automates the application configuration migration from one ADC instance to another instance.

The configuration builder wizard now allows you to edit deployment attributes for the selected application before it creates a StyleBook and config pack. You can now edit the IP address and port value of the virtual servers, services, and service group members in the original configuration.

After the application creation and migration is complete, a ConfigPack is created in Citrix ADM along with its corresponding StyleBook. This configuration pack has the new IP addresses and ports values. To view the created ConfigPack, navigate to Applications > StyleBooks > Configurations.

Edit deployment attributes

For more information, see Migrate ADC application configuration using StyleBooks Configuration Builder.

[NSADM-44197]

Ability to view all applications but edit only a subset of applications

When an administrator adds a user to a group that has different access policy settings, the user is mapped to more than one authorization scopes and access policies.

In this case, the ADM grants the user access to the applications depending on the specific authorization scope.

Consider a user who is assigned to a group that has two policies Policy-1 and Policy-2.

  • Policy-1 – View only permission to applications.

  • Policy-2 – View and Edit permission to applications.

Now, the user can view applications specified in Policy-1. Also, this user can view and edit the applications specified in Policy-2. The edit access to Group-1 applications are restricted as it is not under Group-1 authorization scope.

User access changes with authorization scopes

Earlier, the ADM considered the union of all group permissions to authorize a user. Based on the abovementioned example, the user was able to view and edit all the applications from Group-1 and Group-2. Because of this permission, the user was able to edit the resources that were not primarily authorized by the access policy.

For more information, see How user access changes based on the authorization scope

[NSHELP-5854]

Provision the Citrix ADM agent on Azure

You can now provision an ADM agent on Azure using the ADM GUI. The ADM agent on Azure automatically registers with Citrix ADM, you can view the registered agent in the Networks > Agents page. To provision an ADM agent on Azure, see Provision the Citrix ADM agent on Azure.

Provision agent on Azure

Alternatively, you can install the Citrix ADM agent from Azure Marketplace. For more information, see Installing Citrix ADM agent on Azure.

Select Australia region to set up the ADM service

You can now select Australia (ANZ) region to set up the ADM service. The Citrix ADM now supports the following regions:

  • United States (US)
  • Europe (EU)
  • Australia (ANZ)

Set up ADM service in Australia region

For more information, see Getting Started.

[NSADM-44447]

Run custom scripts before and after the upgrade maintenance job

When you upgrade your ADC instance by creating a maintenance job, ADM performs pre-validation check on the instances that you want to upgrade. The Pre-upgrade validation tab checks the following on the selected instances:

  • Checks for customizations.

  • Checks the disk usage and displays an error if the disk space is low.

  • Checks for disk hardware issues.

You can remove the failed instances and proceed to create an upgrade maintenance job.

In Custom Scripts, specify custom scripts to run before and after an instance upgrade. Use one of the following ways to run the commands:

  • Import commands from a file.
  • Type commands directly on the Citrix ADM GUI.

These scripts help you check the changes before and after upgrade. For example:

  • The instance version before and after upgrade.
  • The status of interfaces, high-availability nodes, virtual servers, and services before and after upgrade.
  • The statistics of virtual servers and services.
  • The dynamic routes.

Custom scripts to run before and after upgrade job

For more information, see Use jobs to upgrade Citrix ADC instances.

[NSADM-40534]

Upload the upgrade image to an instance during job execution

If you schedule an upgrade maintenance job, you can decide when you want to upload an upgrade image to an ADC instance. In Create Job, choose one of the following:

  • Upload Now – This option uploads the image to an instance immediately.

  • Upload at the time of execution – This option uploads the image to an ADC instance when the ADM runs the scheduled upgrade maintenance job.

Upload image at execution time

For more information, see Schedule upgrading of Citrix ADC instances.

[NSADM-44855]

The ADM Autoscale groups support C5, M5, and C5n AWS instance types

If you choose to create ADM Autoscale groups on AWS cloud, you can now provision ADC instances with C5, M5, and C5n AWS instance types. You can select these instance types to achieve high performance ADM autoscaling.

Note

The ADM GUI auto-populates the recommended AWS instance types for the selected ADC version. See, Create Autoscale groups.

For more information on AWS instance types, see AWS instance types.

[NSADM-40089]

Apply license to virtual servers using a policy

In Subscriptions, you can now configure a policy to apply license to virtual servers. Earlier, you were able only apply licenses to virtual servers either manually or automatically. You can now apply license by using a policy or manual or automatic.

By using policy, you can control the number of virtual servers you want to auto-license. And, apply license to selected instances’ virtual servers only.

When you edit a policy, you can specify the following:

  • Set virtual servers limit on CPX instances separately to apply licenses. The ADM applies license to virtual servers on CPX instances up to a specified limit.

  • Set virtual servers limit on selected ADC instances (MPX/VPX/BLX) to apply licenses. The ADM applies licenses to virtual servers on ADC instances up to a specified limit.

  • Select the priority ADC instances to apply virtual server licenses. Therefore, the ADM can apply license to selected instances’ virtual servers only.

    Virtual server licensing

The Auto licensed virtual servers and Auto-select non addressable virtual servers options are now independent. Earlier, you were able to enable Auto-select non addressable virtual servers only if you enable Auto licensed virtual servers.

[NSADM-35724]

View ADC capacity issues in ADM

When an ADC instance has consumed most its available capacity, packet-drop may occur while processing the client traffic. This issue causes low performance in an ADC instance. By understanding such ADC capacity issues, you can allocate more licenses proactively to steady the ADC performance.

To view ADC capacity issues,

  1. Navigate to Networks > Infrastructure Analytics.
  2. Expand the instance for which you want to view capacity issues.

The ADM polls these events every five minutes from the ADC instance and displays the packet drops or rate-limit counter increments if exists. The issues are categorized on the following capacity parameters:

  • Throughput Limit Reached – The number of packets dropped in the instance after the throughput limit is reached.
  • PE CPU Limit Reached - The number of packets dropped on all NICs after the PE CPU limit is reached.
  • PPS Limit Reached – The number of packets dropped in the instance after PPS limit is reached.
  • SSL Throughput Rate Limit – The number of times the SSL throughput limit reached.
  • SSL TPS Rate Limit – The number of times the SSL TPS limit reached.

The ADM calculates the instance score on the defined capacity threshold.

  • Low threshold – 1 packet drop or rate-limit counter increment

  • High threshold – 10000 packets drop or rate-limit counter increment

Therefore, when an ADC instance breaches the capacity threshold the instance score is impacted.

When packets drop or rate-limit counter increments, an event is generated under the ADCCapacityBreach category. To view these events, navigate to Accounts > System Events.

Capacity breach

If you want to view the ADC rate limit statistics for the selected period (hour/day/week/month), navigate to Network > Network Reporting.

[NSADM-40183]

View service details in Service Graph

In Service Graph, hover the mouse pointer on a service and click a service to view the following options:

  • View Details

  • Transaction Logs - Enables you to view the HTTP and SSL over HTTP transaction details. For more information, see View Web transaction logs.

The View Details option enables you to view:

  • The cluster name where the service is hosted

  • The namespace and service labels of the service

  • All associated incoming and outgoing services connected with the selected service

  • Service key metrics in a graph format such as Hits, Service response time, HTTP errors, Data Volume, SSL front-end errors, SSL back-end errors, TCP front-end errors, and TCP back-end errors

Using these key metrics trends, you can analyze how the service is performing for the selected time duration.

For more information, see View service details.

[NSADM-41297]

View Service Graph for applications (GSLB)

Note

This feature is in preview.

You can now view GSLB applications in Service Graph to view:

  • How the application is configured (with GSLB application, data center, ADC instance, CS, and LB virtual servers)

  • End-to-end views from client to services

  • The data center name where the client requests are processed and the associated data center Citrix ADC metrics

  • The GSLB virtual server status such as Critical, Review, and Good. Citrix ADM displays the virtual server status based on the app score.

  • Critical (red) - Indicates when app score < 40

  • Review (orange) - Indicates when app score is between 40 and 75

  • Good (green) - Indicates when app score is > 75

For more information, see Service Graph.

[NSADM-43967]

View 4xx and SSL metrics in Transaction Summary panel

The web transaction analytics Transaction Summary panel now enables you to view:

  • 4xx errors
  • SSL front-end and SSL back-end metrics

    Transaction Summary

For more details, see View analytics for web transaction.

[NSADM-43841]

View SSL metrics in Web transaction analytics

When you click a transaction in web transaction analytics, you can now view more metrics for SSL transactions. From these metrics, you can analyze if the SSL errors occur from client or server.

The following metrics are displayed for client and server:

SSL

For more details, see View analytics for web transaction.

[NSADM-43844]

The advanced search option in the web transaction analytics now enables you to save the search queries. You can then click the saved search query from the list, instead of using the suggestions and operators again. To save a search query, click the bookmark icon, specify a name of your choice, and click Save.

Save search

For more details, see View analytics for web transaction.

[NSADM-43843]

Fixed issues

Applications

  • The Application dashboard does not display applications from ADC HA pair and cluster.

[NSADM-47668]

  • Citrix ADM displays an error message in Application dashboard if no agent is added.

[NSADM-47444]

  • Application dashboard is displayed blank in IE 11 browser.

[NSADM-47812]

Analytics

  • If you enable Client Side Measurement on ADC instances AppFlow, the Citrix ADM AppFlow decoder log file process fails.

[NSHELP-21462]

Networks

  • The ADC host name is not displayed in Network Functions > GSLB.

[NSADM-47335]

  • The Network Reporting Dashboard does not display complete data for 1-month duration.

[NSHELP-21731]

February 11, 2020

New and enhanced features

StyleBooks configuration displays a new column

In Applications > StyleBooks > Configurations, a StyleBook Configuration (config pack) now displays the last updated time on the configuration tile.

Last updated time config pack

[NSADM-45811]

Fixed issues

Analytics

  • The weekly reports for Web Insight and HDX insight are not displayed.

    [NSADM-46149]

Applications

  • The default duration in the Application Dashboard to view app analytics is changed to 15 minutes.

    [NSADM-46980]

  • When you create a custom application using the StyleBook configuration, the edit and delete options do not work as expected.

    [NSADM-46821]

Licensing

  • The pooled capacity option does not appear under Bandwidth License type at the first time.

    Workaround:

    1. Select Virtual CPU Licenses from the License Type list.

    2. Change the selection to Bandwidth License to select the Pooled Capacity option.

    [NSADM-40129]

Networks

  • When you create a configuration job with many commands, the Abort option is not displayed in Action tab.

    [NSADM-47041]

February 03, 2020

New and enhanced features

Service Graph for applications

Using the service graph feature from the application dashboard, you can view:

  • Details on how the application is configured (with content switching virtual server and load balancing virtual server)
  • End-to-end views from clients to services
  • The location from where the client is accessing the application
  • Metrics details for client, service, and virtual servers
  • If the errors are from the client or from the service
  • The service, virtual server, and client status such as Critical, Review, and Good.

For more information, see Service Graph.

[NSADM-41898]

An improved application dashboard

Using the application dashboard, you can now view the following new features:

  • Application status (Critical, Fair, Good, and Not Applicable)
  • Details of the application (load balancing or content switching) configuration
  • Details of services associated with the selected application
  • Metrics details for the selected application, such as application response time, throughput, requests per second, error percentage, total connections, and data volume in the form of graph
  • All issues applicable for the selected application

For more information, see Applications.

[NSADM-32894]

Performance indicators in App Analytics

Citrix ADM now shows the following new application performance indicators that occur in Citrix ADC web application:

  • Improper Persistence Type
  • Unstable Server (5xx)
  • Session Reuse Recommendation (SSL)
  • SSL Real Time Traffic
  • Unusually large HTTP headers
  • TCP reassembly queue limit hits
  • SurgeQueue Buildup

You can view these application issues by navigating to Applications > Dashboard and then by selecting an application.

For more information, see Performance indicators for application analytics.

[NSADM-39779]

Web Application Firewall support in Citrix ADM

The following new Web Application Firewall (WAF) protection policies are enabled in Security Insight, which highlight violation patterns for WAF:

  • APPFW_BUFFEROVERFLOW_QUERY
  • APPFW_BUFFEROVERFLOW_TOTAL_HDR

[NSADM-43541]

StyleBooks configuration display ADC instance host name

A StyleBooks configuration (config pack) now displays the ADC instance host name along with the IP address on the configuration tile. You can now search StyleBook configurations by using either the host name or its IP address.

[NSADM-42517]

Remove unreachable Kubernetes clusters

You can now remove Kubernetes Ingresses from ADM service even when the cluster is unreachable or no longer exists. After you delete the Ingresses on the cluster, you can also delete the parent cluster regardless of its reachability.

[NSADM-45612]

Process Ingress events with Citrix Ingress class

The Citrix ADM ServiceNow processes the Ingress events that have Citrix Ingress class annotation (kubernetes.io/ingress.class: Citrix) only. Also, Ingress specifications generated by ADM service contain Citrix Ingress class annotation.

[NSADM-45613]

Configure pooled capacity license on Citrix ADC FIPS instances

Now you can configure pooled capacity license on Citrix ADC MPX and VPX FIPS license. For more information, see Configure pooled capacity.

[NSADM-31742]

New default polling time for network function entities

The default polling time of network function entities is changed from 30 to 60 minutes. By default, Citrix ADM service automatically polls configured network function entities every 60 minutes.

For more information, see How Citrix ADM polls managed instances and entities.

[NSADM-44078]

Advanced filter with regex pattern matching

You can now filter failure objects, configuration commands, and messages by using regular expression pattern matching. Earlier, you were able to use only asterisk (*) pattern matching to filter events.

For more information, see Define an event rule.

Enable advanced filter with regex matching

[NSADM-43614]

View and edit feature-specific export reports

Citrix ADM displays feature-specific scheduled export reports under individual ADM features, which you can view, edit, or delete. For example, to view the export reports of Citrix ADC instances, navigate to Network > Instances > Citrix ADC and click the export icon. The Export Reports page displays all the export reports of ADC instances. Earlier, ADM scheduled export reports were listed under Account > Export Schedules.

For more information, see Export or schedule export reports.

[NSADM-43329]

View and download Citrix ADC SSL certificates

The Citrix ADM GUI displays all SSL certificates of the discovered Citrix ADC instances. To view and download SSL certificates of ADC instances, navigate to Networks > SSL Dashboard > SSL Certificate files on Citrix ADC.

[NSHELP-6556]

Rename configuration jobs and templates

You can now rename custom configuration jobs and custom audit templates in Citrix ADM.

Rename custom configuration jobs

[NSADM-42945, NSHELP-6488]

A new column for secondary instance status

In the Citrix ADM GUI, now you can check the status of the secondary instance of a high-availability pair, under Networks > Instances. For example, when you click Citrix ADC, you see a new column for secondary instance status. The Citrix ADM GUI displays the secondary instance status on the instance overview page. Now you can view the status under the Secondary Node State column and Dashboard.

Secondary node state

[NSHELP-6236]

Fixed issues

  • In App Dashboard, when you define a custom application using StyleBooks the StyleBooks appear at the bottom of the page which was difficult to navigate.

    With this fix, the StyleBooks appear on the new page. After you specify the details for the selected StyleBook, the new application appears on the App Dashboard.

    [NSADM-45241]

  • If you upload a file that has multiple periods (.) in the file name to create a configuration job, the Citrix ADM GUI displays an error. As a result, no configuration job is created.

    [NSADM-45748]

December 17, 2019

New and enhanced features

Support for Citrix ADM agent failover

The agent failover can occur in a site that has two or more registered agents. When an agent becomes inactive (DOWN state) in the site, the Citrix ADM service redistributes the ADC instances of the inactive agent with other active agents.

To achieve an agent failover, select the required Citrix ADM agents one by one and attach to the same site. For more information, see Configure Citrix ADM agents for multisite deployment.

[NSADM-30048]

View the Citrix ADC configuration drift in two modes

In the Citrix ADM GUI, you can now view the configuration drift in two modes.

  1. Template vs running: The ADM service compares the audit template configuration with the running configuration on the instance.

  2. Template vs Running and Running vs Template: The ADM service compares the configuration from both ways:

    • Compares the audit template configuration with the running configuration on the instance.

    • Compares the running configuration on the instance with the audit template.

After comparison, the Citrix ADM GUI displays the difference between the audit template and the running configuration. Also, it displays the commands to correct the running configuration to the audit template.

By default, the Template vs running drift setting is selected. To modify the drift setting, from the ADM GUI, select Settings in the Configuration Audit page.

Bidirectional config drift setting

For more information, see Template vs Running Diff.

[NSHELP-6463]

Run a configuration job on a Citrix ADC secondary node

In a Citrix ADC high-availability pair, now you can select either the primary node or the secondary node or both the nodes to run a configuration job. If you don’t specify the node, the configuration job runs automatically on the primary node.

Earlier, you were able to run configuration jobs only on the primary node. For more information, see How to create a configuration job.

[NSHELP-6567]

Expiry notification for check-in check-out license

When you log on to the ADM service, a system alert message is displayed if your check-in check-out license is about to expire. To get the alert, you must configure license notification. For more information about how to configure, see Expiry checks for virtual server licenses.

Expiry notification for CICO licenses

[NSADM-42655]

Bandwidth details in pooled capacity licensing notification

Expiry notification for ADM pooled capacity licensing now includes bandwidth details. You can see the bandwidth that is about to expire out of the total pool. Previously, the bandwidth details were available only in the GUI. To get expiry notification, you must configure the ADM service. For more information, see Expiry checks for virtual server licenses.

[NSADM-39332]

View instance details in Infrastructure Analytics

In infrastructure analytics, when you click an instance IP address, you can now view the following details in the Overview tab:

  • Instance score, issue categories affecting the instance score, and other instance details.

  • Key metrics of the instance such as CPU usage, memory usage, throughput, HTTPs requests/sec, TCP connections, and SSL transactions.

  • Details of all issues that affect the instance score.

For more information, see Infrastructure Analytics.

[NSADM-42276]