Citrix Application Delivery Management service

What’s new

This topic lists the new features, enhancements to existing features, and fixes available in a release.

The Citrix Application Delivery Manager (ADM) agents are, by default, automatically upgraded to Citrix ADM latest build. You can view the agent details on the Networks > Agents page. You can also specify the time when you want the agent upgrades to happen. For more information, see Configuring Agent Upgrade Settings.

March 30, 2021

Bot insight - View log message for bot management

In Analytics > Security > Security Violations > Application Overview, under Bot, when you select an application and click Logs to view bot details, you can now view the bot category identified as signature and the signature ID. The signature ID enables you to analyze if the detected bot is a good bot or a bad bot. For any other bot category, the signature ID displays N/A.

For more information about signature category and ID, see Bot signature update.

[NSADM-63099]

App Security Violation - Bot

In Analytics > Security > Security Violations > All Violations, you can now view Keystroke and Mouse dynamic based bot detection under the BOT violation category. For more information, see App Security Violation.

[NSADM-61855]

Fixed issues

  • In Infrastructure Analytics, the UI term “Packet dropped” for SSL violation counters (PE CPU Limit, PPS Limit, Throughput Limit, SSL Throughput Limit, SSL TPS Limit) is now changed to “rate limit breaches”.

    [NSADM-69007]

  • ADM generated tech-support bundle fails to unzip.

    [NSHELP-26726]

March 17, 2021

Protect your organization by using security advisory

Citrix ADM Security Advisory helps you identify ADC instances impacted by Citrix Common Vulnerabilities and Exposures (CVEs) and apply appropriate remediation. The advisory highlights Citrix CVEs putting your ADC instances at risk and recommends mitigations and remediations. You can review the recommendations and take appropriate actions, by using ADM service to apply the mitigations and remediations.

The following are the security advisory features:

  • Scan: includes default system scan and on-demand scan.
    • System scan: scans all managed instances by default once a week. ADM decides the date and time of system scans, and you cannot change them.
    • On-demand scan: enables you to manually scan the instances when required. If the time elapsed after the last system scan is significant, you can run on-demand scan to assess the current security posture. Or scan after a remediation or mitigation has been applied, to assess the revised posture.
  • CVE impact analysis: shows results of all CVEs impacting your infrastructure and all the ADC instances getting impacted and suggests remediation and mitigation. Use this information to apply mitigation and remediation to fix security risks.

  • CVE reports: stores copies of the last five scans. You can download these reports and analyze them.

  • CVE repository: gives a detailed view of all the ADC-related CVEs that Citrix has announced since December 2019, that might have an impact on your ADC infrastructure. You can use this view to understand the CVEs in Security Advisory scope and to learn more about the CVE.

For more information, see Security advisory.

[NSADM-69280]

New features added to Citrix low-touch onboarding workflow

The new Citrix low-touch onboarding workflow comes with an enhanced GUI with several new features and better user experience. Two new tabs, Security Advisory and Upgrade Advisory, are introduced. Citrix ADM Security Advisory alerts you about vulnerabilities putting your ADC instances at risk and recommends mitigations and remediations. You can use the Upgrade Advisory to check ADC instances that are nearing end of life (EOL) or on older versions. We can upgrade these ADCs to latest releases and benefit from the latest enhancements and fixes. To know more, see Low-touch onboarding of Citrix ADC instances using Citrix ADM service connect.

[NSADM-69280]

Monitor ADC instance lifecycle using Citrix ADM upgrade advisory

Citrix ADM upgrade advisory helps you monitor the lifecycle of your ADC instances. As a network administrator, you might manage many instances running on different ADC releases in Citrix ADM. Monitoring the lifecycle of each ADC instance can be a cumbersome task. To ease this process, ADM upgrade advisory provides the following information:

  • Identifies instances reaching or reached EOL or EOM. So, you can plan ADC upgrades ahead of EOL or EOM date.

  • Highlights the instances that are not on latest release or build. You can upgrade these instances to latest release or build to benefit from new features and bug fixes.

  • Highlights the instances that are not on preferred ADC builds. Some organizations might have a preferred ADC builds for their instances. In ADM, you can set the preferred build for your organization depending on features, fixed issues, and other considerations. Then, review and upgrade the instances that are not on preferred builds. Instances running the preferred builds are indicated with a star icon.

  • Highlights instances running on the most popular releases or builds. Instances running the popular builds are indicated with a ribbon icon.

After you review the abovementioned points, you can proceed to create a maintenance job to upgrade ADC instances from the Upgrade Advisory page.

Important

Upgrade advisory only monitors EOM or EOL of ADC software versions. It doesn’t check the EOL of ADC hardware appliances.

Upgrade Advisory page

For more information, see Upgrade Advisory.

[NSADM-56646]

Analyze the root cause for application slowness

Application slowness is a major concern for any organization because it results in business impact or productivity. In Applications > Web Insight, you can now view a new metric, Applications with Response Time Anomalies. Using this metric, as an administrator, you can analyze if the application slowness arises from:

  • Client network latency

  • Server network latency

  • Server processing time

For more information, see Analyze the root cause for application slowness.

[NSADM-63170]

March 03, 2021

Discover API endpoints in ADM

You can now discover the API endpoints that are in your organization using API gateway. In Citrix ADM, the Applications > API Gateway > API Discovery page displays the API endpoints that are part of ADC instances and API deployments.

In API Discovery, when you select a virtual server or API deployment, the ADM GUI displays the API endpoints and their details such as:

  • Method - It displays the method used in an API endpoint. For example, GET and POST methods
  • Total requests - It displays the count of API requests on the API endpoint.
  • Response statuses - It displays the count for each response status. For example, 2xx, 3xx, 4xx, and 5xx.
  • Found in Spec - This column appears only for API deployments. Sometimes, the internal APIs that are not part of the API definition might receive traffic from outside. This column helps you identify whether the API endpoint and observed method are part of the API definition.

Virtual servers:

API endpoints in the virtual server

API deployments:

API endpoints in the virtual server

[NSAPISEC-1234]

Grant API gateway configuration and management permissions

As an administrator, you can create an access policy to grant user permissions for API gateway configuration and management. The user permissions can be view, add, edit, and delete. To do so, navigate to Account > User Administration > Access policies.

Grant API gateway management permissions

[NSADM-63097]

Improvements to global service graph

In Applications > Service Graph > Global, you can now view:

  • The microservices based on the cluster name.

    Note

    You can view microservices for only three clusters.

    Microservice cluster name

  • The enhanced view of the discrete virtual servers and custom apps

    Discrete virtual servers

    Custom apps

Venafi integration in Citrix ADM

To maintain digital security, you must automate the management of SSL certificates in your environment. Expired SSL certificates can lead to security risk. Now you can configure Venafi Trust Protection Platform servers to manage SSL certificates from the ADM service GUI.

With Venafi integration, you can reissue certificates and automate renewal of certificates installed on the ADC instances, through ADM service GUI. For more information, see Automate SSL certificate management.

[NSADM-58047]

Fixed issues

  • When you a create a job in Networks > Configuration Jobs and select the Execution Frequency as specific day of a week or date of a month, the scheduled job does not run according to the specified time.

    [NSHELP-26034]

  • ADM fails to register or update without a DNS server, when a proxy server is enabled and the agent fails to get its IP address.

    [NSHELP-25835]

  • For non-admin users, GSLB Services data takes more than a minute to appear under Networks > Network Functions > GSLB in the ADM GUI.

    [NSHELP-25740]

  • You receive email notifications on license pool thresholds, even when it is not configured.

    [NSHELP-25723]

  • In Gateway Insight, when you schedule a report (Export Reports > Schedule Export), the generated report displays Page Not Found.

    [NSHELP-25496]

  • Sometimes, the ADM GUI fails to display instance licenses.

    [NSADM-67697]

February 11, 2021

Reconcile your StyleBook configuration

When you audit the ADC configuration with the StyleBook configuration pack, you can now reconcile any changes or drifts detected on the ADC instance. This action restores the ADC configuration to match the configuration pack version on ADM.

Reconcile confirmation message

Consider that you created an object on the ADC instance using the StyleBook configuration. If that object is deleted from the ADC instance, the Configuration Audit page identifies the change and allows you to reconcile it. The Reconcile action restores the deleted object on the ADC instance as defined in the configuration pack.

If any changes or drifts detected during the configuration pack update, a confirmation message appears to reconcile the changes.

Reconcile confirmation message

[NSADM-62742]

Update custom StyleBook definitions in the GUI

You can now update a custom StyleBook definition from the ADM GUI itself.

Note

Before you update the StyleBook definition from the ADM GUI, ensure the following:

  • The StyleBook definition has no dependent StyleBooks.
  • There are no configuration packs created from the StyleBook definition.

Update custom StyleBook

Earlier, you had to do the following:

  1. Download the StyleBook.
  2. Delete it from ADM.
  3. Update the definition offline.
  4. Import it back to ADM.

With this feature, you can update the definition in place.

[NSADM-67726]

New data type and built-in IP functions to StyleBook definition

The ADM StyleBooks now support the ipnetwork data type to facilitate new IP functions. This data type has two parts. First part is the IP address and second part is the netmask.

The netmask is represented using a netmask length (netmask-len) or netmask IP address (netmask_ip). The netmask length is an integer between 0-32 and 0–128 for an IPv6 address. It is used to determine the IP addresses count in a network.

Following are the new built-in IP functions:

  • ip_network(): Returns an IP network notation when it receives the IP address and netmask length as the input.
  • network_ip(): Returns the first IP address of the specified IP network.
  • subnets(): Returns the list of subnets from the specified IP network and netmask length.
  • netmask_ip(): Returns the netmask IP address for the specified IP network.
  • broadcast_ip(): Returns the broadcast IP address for the specified IP network.
  • cidr(): Returns a CIDR notation for the specified IP network.
  • is_cidr(): This function accepts an ipnetwork value. And, it returns True if the specified value matches the CIDR notation of the IP network.
  • is_in_network(): This function accepts ipnetwork and ipaddress values. And, it returns True if the specified IP address exists in the specified IP network.

[NSADM-56083]

Introduced an advanced option while you import a StyleBook configuration

In StyleBooks > Configurations, the Import Configuration option now includes an advanced option. This option is useful when you import the configuration pack that already has the configuration objects on the ADC instance.

Advanced option to import StyleBook configuration

Consider that the same ADC instance is added on two ADM servers. And, one of the ADM servers has deployed a configuration pack on that ADC instance. If you want to migrate that configuration pack to another server (or to the ADM Service), export it to your local computer. Then, use this option on the ADM server where you want to import the configuration pack. This option imports it without redeploying the configuration objects on the ADC instance.

[NSADM-62743]

View API analytics for all API traffic

The API Gateway > API Analytics page now displays all the API requests and responses. Earlier, this page only displayed the API traffic that configured the rate limit or authentication policy.

[NSADM-62936]

Improvements to service graph

In the Microservices service graph, as an administrator, you can now analyze:

  • The number of hits between the services based on the edge width.
  • The reasons for the services in review or critical status.
Service icon Description
Service graph edge detection The edge width indicates the number of hits. The greater or more the edge width, indicates the number of hits is higher.
Service graph errors Service with a warning icon indicates that the service has errors.
Service graph latency Service with a stopwatch icon indicates that the service has latency or response time issues.
Service graph latency Service with both stopwatch and warning icons indicate that the service has both errors and latency/response time issues.

Note

If a service has no warning or stopwatch icon, it indicates that the service has anomalies or threshold breach for Hits.

[NSADM-65798]

Fixed issues

  • In Gateway Insight, when you schedule a report (Export Reports > Schedule Export), the generated report displays “Page Not Found”.

    [NSHELP-25496]

  • While you add an ADC instance in ADM, if you select SNMP v2 as the Citrix ADC profile, the ADM IP address is added as the SNMP manager.

    [NSHELP-26245]

  • In Networks > Configuration Jobs, the scheduled configuration job does not run according to the specified time when the Execution Frequency is set as follows:

    • Specific day of a week.
    • Specific date of a month.

    [NSHELP-26034]

  • ADM fails to register or update without a DNS server when the following conditions are met:

    • A proxy server is enabled.
    • The agent fails to obtain its IP address.

    [NSHELP-25835]

  • Sometimes, the ADM GUI fails to display instance licenses.

    [NSADM-67697]

January 29, 2021

IPAM displays the resources of the allocated IP address

You can now view more details about allocated IP addresses from an IPAM network:

  • Module: Displays the ADM module that reserved the IP address. For example, if the IP address is reserved by StyleBooks, this column displays StyleBooks as the module.

  • Resource Type: Displays the resource type in that module. For the StyleBooks module, only the configurations resource type uses the IPAM network. So, it displays Configurations under this column.

  • Resource ID: Displays the exact resource id with a link. Click this link to access the resource that is using the IP address. For the configuration resource type, it displays the configuration pack ID as the resource ID.

[NSADM-62751]

Fixed issues

You cannot remove a Citrix ADC SDX instance from Citrix ADM if the instance is configured as an FQDN and contains a hyphen (“-“) in the name. [NSHELP-26022]

ADM fails to register or update without a DNS server, when a proxy server is enabled and the agent fails to get its IP address. [NSHELP-25835]

January 13, 2021

In service graph, you can now use the tabular view to see:

  • Key metrics for the service

  • Key metrics between a source service to a destination service

    Key metrics

As an administrator, using these key metrics, you can analyze the trends of golden signals for the selected time duration. For more information, see View service details.

[NSADM-65163]

Service graph - Use the Poll Now option to get the pod status

In service graph, you can now use the Poll Now option to get the latest pod status. The Poll Now option fetches the latest pod status from the cluster.

  1. Click a node and select View Details

  2. In the Pods tab, click Poll Now

    Poll Now

[NSADM-62963]

New StyleBook attribute to add a dynamic list

In the StyleBook definition, you can now add the allow-new-values attribute to add a dynamic list for a parameter. When a user selects this StyleBook to create a configuration, the user can add new values to the list.

You can use the allow-new-values and allowed-values attributes in a combination. This combination allows you to define a list of valid values for a parameter and also accept new values.

Example:

-
      name: port
      type: tcp-port
      allowed-values:
            - 80
            - 81
            - 8080
      allow-new-values: true

In this example, a user can either select from 80, 81, 8080, or enter a new value for the parameter port while creating/updating a configuration pack. For more information, see allow-new-values.

[NSADM-62749]

Invite users with a custom access to ADM service

As a super administrator, you can now invite new users with the custom access to use the ADM service. This option allows you to limit the user access only to ADM service in Citrix Cloud. Earlier, you were not able to invite users to access only ADM service. So, you had to send an invitation with the full access.

To invite new users in Citrix Cloud, navigate to Identity Access Management > Administrators. In the Custom access option, select Application Delivery Management. By default, the Administrator role is selected.

Inviter users with a custom access

The invitation link is sent to the specified user email address. And, the user can log on to Citrix ADM with this link as an administrator. With an administrative access, the user can do the following:

  • Add and manage ADC instances in ADM.
  • Deploy configurations on ADC instances using StyleBook.
  • Configure pooled capacity licenses for ADC instances.
  • Create and configure Autoscale groups.

Note

The administrator can access the ADM GUI from Citrix Cloud. However, the Account > User Administration page is restricted. A super administrator can grant access to this page if needed.

For more information about how to send an invite and configure the users, see Configure Users on Citrix ADM.

[NSADM-55384]

Fixed issues

  • In Gateway Insight, the total count displayed under Gateway is incorrect.

    [NSHELP-25729]

  • When you select Record and Play under Configuration Source in Networks > Configuration Jobs > Create Job, the following error message appears:

    Unable to get config diff for: <instance IP>

    [NSADM-63986]

  • If you provide invalid regex in application for a group and select few applications manually, the manually selected applications are not visible if the regex is invalid.

    [NSHELP-25739]

December 17, 2020

Switch tabs of an existing configuration job

When you edit an existing configuration job, you can now switch to any tab. For example, if you are in the Select Configuration tab, you can switch to the Job Preview tab. Earlier, you were able to go only linearly to the next tab. For example, from the Select Configuration tab, you were only able to go to the Select Instances tab.

Switch tabs of a configuration job

[NSADM-42944]

Create a CSR with Subject Alternate Names

You can now create a Certificate Signing Request (CSR) with Subject Alternate Names. With this feature, you can secure multiple domains with a single certificate.

During a CSR creation of the selected SSL certificate, you can now include multiple Subject Alternate Names. These values can be domain names and IP addresses. For more information, see Create a Certificate Signing Request (CSR).

Include SAN in the CSR

[NSADM-51556]

App Security Violation - Bot

In Security Violations, you can now view Account Takeover for Citrix Gateway under the Bot violation category. For more information, see Violation categories.

[NSADM-57698]

Bot insight - View bot categories for mobile (Android) applications

In Bot insight, you can now view the following bot categories that are detected through a mobile network:

  • Web Client Rate Limit

  • Android Rate Limit

  • Web Client Device

  • Android Device

For more information, see Bot insight.

[NSADM-57724]

Fixed issues

  • In Networks > Events > Event Summary, when you click any Citrix ADC SDX-related events, the GUI redirects to the Event page but does not display any data.

    [NSHELP-25630]

  • The ADM service does not honor login session expiry timeout and logout API. As a result, the user session remains valid.

    [NSADM-63819]

  • When you delete the users from Citrix Cloud, the deleted user names continue to appear in Citrix ADM in Settings > User Administration > Users.

    [NSADM-5882]

December 02, 2020

View anomalies in application usage

As an administrator, you must ensure how the application is getting utilized. The application key metrics can help you identify the application usage. Since the traffic range to the application is unpredictable, some unusual application performance deviations might occur for a specific duration. In such scenarios, as an administrator, you might want to view such sudden anomalies and ensure that if any immediate troubleshoot is required. Citrix ADM detects such anomalies and provides necessary details.

For more information, see Application usage and anomalies.

[NSADM-54677]

Choose the sensitivity levels for security violations

For Excessive Client Connections and Website Scanning violations, you can now create a behavior check profile and choose the sensitivity level as Low, Medium, and High. By creating a profile, you can decide how you want Citrix ADM to report the total number of anomalies for these violations.

For more information, see Configure behavior check profiles.

[NSADM-59536]

Application CPU usage to calculate app score

As an administrator, you can now monitor the CPU utilized by an application. You can also configure thresholds for the app CPU usage to determine the final app score. The Configure App Score page enables you to select App CPU Usage and configure the low and high threshold values.

For more information, see Application average CPU usage and Select app score components and set thresholds.

[NSADM-57468]

Configure thresholds in service graph

In service graph, you can now select and configure thresholds for the following metrics to calculate the service score and status:

  • High Response Time (Average, P99, and P99.9)
  • High Errors
  • High Hits

Configure thresholds in service graph

Note

Citrix ADM calculates the service final score and status based on the selected metrics. For example, if you select only High Hits for the threshold configuration, Citrix ADM uses the default threshold (response time = 200 ms and error count = 0) and high hits to calculate the service score.

For more information, see Configure thresholds in service graph.

[NSADM-59731]

View events history in security violations

In security violations, you can now view events history for bot insight and security insight. Navigate to Analytics > Security > Security Violations and click the Events tab to view the bot and WAF events.

View events history in security violations

[NSADM-62684]

Improvements to Infrastructure Analytics

In Infrastructure Analytics, a few thematic updates are made to the UI that improves the user experience.

[NSADM-57697]

Change the StyleBook of multiple configuration packs at once

You can now change the StyleBook of multiple configuration packs at once. When you replace an existing StyleBook with a new one, you can change the StyleBook of all or multiple associated configuration packs in one operation. Earlier, you had to select each configuration packs one by one to change their StyleBook.

Note

Ensure to select the configuration packs that are associated with the same StyleBook. Otherwise, the Change StyleBook option becomes unavailable.

Select the configuration packs associated to the same StyleBook

For the selected configuration packs, the ADM successfully changes the StyleBook when the following conditions are met:

  • All the configuration parameters of the existing StyleBook must be present in the selected StyleBook.
  • The new parameters from the selected StyleBook are optional.

To see the progress of the selected configuration packs, select Configurations in Progress/Failed in the Configurations page.

Configuration pack progress status

For more information, see Change the StyleBook that has multiple configuration packs.

[NSADM-57941]

Modify the access type of any Autoscale application

The ADM now supports the access type modification for the Autoscale applications that have DNS or Route 53 traffic distribution. So, you can modify the access type for all Autoscale applications. Earlier, the access type modification was supported only for the applications that had ALB or NLB traffic distribution.

[NSADM-57029]

Download a consolidated diff report of an ADC upgrade job

You can now download a consolidated diff report of an ADC upgrade job. This report contains the differences between the outputs of the pre-upgrade and post-upgrade script. So, you can determine what changes occurred on the ADC instance post upgrade.

Note

The diff report is generated only if you specify the same script in the pre-upgrade and post-upgrade stages. Therefore, ensure to select Use same script as Pre-upgrade in the post-upgrade stages.

Download a diff report of an ADC upgrade job

You can download the following types of diff reports:

  • Pre vs Post upgrade pre failover diff report
  • Pre vs. Post upgrade diff report

For more information, see Download a consolidated diff report of an ADC upgrade job.

[NSADM-50200]

Select an ADC image without uploading it

When you create an ADC upgrade job, you can now select an ADC image without uploading it. This option lists all ADC images that are available in the Citrix Downloads website. The selected ADC image is downloaded from the Citrix Download service.

ADC images

For more information, see Use jobs to upgrade Citrix ADC instances.

[NSADM-52471]

Fixed issue

When a user navigates to the Subscription page and clicks License, the Not authorized error appears, even if the user has view or edit permissions to the Subscription page.

[NSHELP-25351]

The ADM service does not honor login session expiry timeout and logout API. As a result, the user session remains valid.

[NSADM-63819]

In Analytics > Security > Security Violations, the Excessive Client Connections indictor does not display anomalies even when high volume of client connections is received.

[NSADM-64548]

November 11, 2020

Service graph – View all associated back-end pod details

In service graph, when you hover the mouse pointer on a service, you can now view total pods associated with the service.

Back-end pods

For more information, see View service details.

[NSADM-47395]

Improvements to WAF learning engine

In WAF learning engine, you can now view the following enhancements:

  • In the Learn Profiles page, you can view the Total Learned Rules and Total Deployed Rules.

    Learn deploy

  • The Rules page is no longer available. The Manage Rules option is added to the Learn Profiles page. The relevant information about learned rules, idle rules, and deployed rules are accessible by selecting the profile name and clicking the Manage Rules button.

    Earlier:

    Earlier GUI

    Now:

    Present GUI

  • After you click Manage Rules, you can view the total rules, total learned rules, total deployed rules, and total idle rules for the selected profile.

    Manage rules

  • In the Actions Summary page, you can filter results by selecting the options under Actions Summary.

    Actions summary

For more information, see WAF Learning Engine.

Service graph – View Pxx value for service response time

In service graph, when you hover the mouse point on a service, you can now view the Pxx value for the response time.

PXX value

Response Time (p99) – Denotes that the 99% of the service response time for the selected duration is less than p99 value.

When you drill down to view the service details, you can also view the 99th percentile and 99.9th percentile of the response time for the selected duration.

99 percentile

As an administrator, using the pxx value, you can understand the service response time better. For more information, see View service details.

[NSADM-57729]

App security violations – Visualize applications with security insight and bot insight details

In Analytics > Security > Security Violations, you can now visualize applications with full visibility into the threat details associated in both security insight and bot insight. The Security Violations page now has All Violations and Application Overview options.

  • All Violations – Displays the application security violation details.

  • Application Overview – Displays an overview with information such as total violations, total WAF and Bot violations, top applications, violation by country, and so on.

    App overview

For more information, see View application security violation details.

[NSADM-57174]

Service graph - Monitor Kubernetes services using the golden signal metrics

The golden signal metrics for services running in a Kubernetes cluster refer to a set of metrics that enable you to detect potential anomalies for a specific duration. When you have 100s of microservices in the Kubernetes cluster, identifying a service that has frequent issues might be difficult. The following three key metrics are the golden signal metrics that Citrix ADM service graph can help you identify potential anomalies for a Kubernetes service:

  • Hits

  • Response Time (Avg) and Response Time (P99)

  • Errors

As an administrator, using these metrics, you can:

  • Identify the service status

    • Critical – Service has anomalies or threshold breach in multiple metrics

    • Review – Service has anomalies or threshold breach in any one of the metrics

    • Good – Service with no anomalies or no threshold breach

  • Analyze how many anomalies are identified in each metric

  • Troubleshoot the issue and avoid any major impact

For more information, see View service details.

[NSADM-56399]

Fixed issue

StyleBooks

  • In StyleBooks, the existing configuration packs display an invalid date in the Created At field.

[NSADM-62160]

October 27, 2020

Export or import a StyleBook configuration pack

You can now export or import a configuration pack like StyleBooks. With this feature, you can readily share the StyleBook configuration to another ADM server. Earlier, you had to download a StyleBook, import it to another ADM server, and then create a configuration from it.

When you export a configuration pack, a tgz or zip bundle downloads to your local computer. This bundle includes a JSON file with all the parameters defined in a configuration pack. It also contains target instances’ information if specified. For the configuration pack of a custom StyleBook, you can include the StyleBook in the export bundle. Specify a passphrase to encrypt the export bundle. This passphrase secures the sensitive data of a configuration pack.

You can import a configuration pack from your local computer to a different ADM server. To import a configuration pack, use the passphrase that you have specified during export. For more information, see Export or import configuration packs.

Export Configuration

Import Configuration

[NSADM-57935]

Configure an ADM server only for the pooled license feature

As an administrator, you can now configure an ADM server only for the pooled license feature. This configuration helps when you have the regulatory mandates to restrict the ADC data within a zone. The ADM service only receives licensing data from your ADC instances. And, allow you to dynamically allocate pooled capacity licenses across your globally deployed ADC instances. For more information, see Configure the ADM service only as a license server.

[NSADM-47930]

Enable or disable an Autoscale group without editing it

You can now enable or disable an Autoscale group without editing it. The enable or disable options now appear in the Networks > AutoScale groups page. And, you can still enable or disable an Autoscale group in the Edit option.

Enable or disable an Autoscale group without editing it

[NSADM-57802]

Run custom scripts at the different ADC upgrade stages

The custom scripts are used to check the changes before and after an ADC instance upgrade. An instance upgrade has multiple stages. You can now specify these scripts to run in the following stages:

  • Pre upgrade: The specified script runs before upgrading an instance.

  • Post upgrade pre failover (applicable for HA): This stage only applies to the high-availability deployment. The specified script runs after upgrading the nodes, but before their failover.

  • Post upgrade (applicable for standalone) / Post upgrade post failover (applicable for HA): The specified script runs after upgrading an instance in the standalone deployment. In the high-availability deployment, the script runs after upgrading the nodes and their failover.

With this feature, you can check the changes occurred at every instance upgrade stage.

Note

Ensure to enable script execution at the required stages. Otherwise, the specified scripts do not run.

You can import a script file or type commands directly in the ADM GUI. In the post upgrade stages, you can use the same script specified in the pre-upgrade stage. For more information, see Use jobs to upgrade Citrix ADC instances.

Run custom scripts at the different ADC upgrade stages

[NSADM-56649]

Improvements to the Application Dashboard

You can now view the following enhancements in the App Dashboard:

  • In the search bar, you can filter results based on the virtual server IP address.

    Search based on Virtual server IP address

  • You can obtain a list of applications impacted with a specific issue, by choosing the issue type (Performance, Instance Health, Config, and System Resources) from the filter.

    List applications impacted with a specific issue

  • The tabular view enables you to select 500 rows and 1000 rows option to display maximum number of applications.

    Increased number of rows in the tabular view

    Note

    If you select 500 row or 1000 row option, Citrix ADM takes approximately 20 seconds to display all applications.

    After all applications get loaded, you can select the graph view option.

  • By default, you can view applications that are in Critical, Review, and Good status. To view applications that are in N/A status, you must select Not Applicable under the filter.

    Filter applications by their statuses

  • In the Server Response Time issue, you can view anomaly details, after selecting the virtual server.

[NSADM-57049]

Fixed issues

System

  • In Account > User Administration > Groups, if an external user is part of multiple groups and no application is selected for one or more groups, the external user is unable to view the virtual server or other entities.

    [NSHELP-25181]

  • In Account > User Administration > Groups, when you add or edit a group with SDX instances, it takes a longer than usual to create or modify the group.

    [NSHELP-25081]

Licensing

When you allocate licenses to unmanaged instances, license allocation percentage appears incorrectly in the donut chart.

[NSADM-60798]

October 14, 2020

Grant new StyleBook permissions to users

As an administrator, when you create an access policy, you can now grant new StyleBook permissions to users such as import, delete, download, and more. To do so, navigate to Accounts > User Administration > Access policies and click Add. Earlier, you were able to select only view and edit permissions. For more information, see Grant StyleBook permissions to users.

Permissions

[NSADM-57672]

Edit a configuration pack to change its StyleBook

You can now edit a configuration pack to change its StyleBook. Earlier, you were able to do this using the Migrate ConfigPack option. For more information, see Change the StyleBook of a configuration pack.

Change the StyleBook of a configuration pack

[NSADM-58245]

Network Functions: Addition of App Security column

In Networks > Network Functions > Load Balancing and Content Switching, you can now view the App Securityx column.

App security

As an administrator, you can analyze if the virtual servers are bound with:

  • WAF – Virtual server is configured with App Firewall policy and displays the WAF security violations.

  • Bot – Virtual server is configured with bot policy and displays the bot security violations.

  • Bot, WAF – Virtual server is configured with both App Firewall and bot policies and displays both WAF and Bot security violations.

  • None – Virtual server is not configured with either App Firewall or bot policies.

For more information, see View application security violation details.

[NSADM-54300]

HDX Insight: Improvements to view all users active and terminated sessions

In Analytics > HDX Insight > Users, you can now visualize a consolidated view of all users active and terminated sessions.

HDX Insight improvements

As an administrator, this improvement enables you to:

  • View all users details in a single-pane visualization

  • Eliminate the complexity in selecting each user and seeing the active and terminated sessions

[NSADM-57685]

Gateway Insight: Improvements to view all users active and terminated sessions

In Analytics > Gateway Insight > Users > Gateway Users, you can now visualize a consolidated view of all users active and terminated sessions.

Gateway Insight improvements

As an administrator, this improvement enables you to:

  • View all users details in a single-pane visualization

  • Eliminate the complexity in selecting each user and seeing the active and terminated sessions

[NSADM-60800]

Security Insight – View SQL Injection Grammar violation

In Security Insight, you can now view a new violation type, SQL Injection Grammar. To generate the SQL Injection Grammar violation in Security Insight, you must configure the following commands in the Citrix ADC instance:

  1. add ns ip <IP> <subnet mask> -type SNIP
  2. add lb vs http_vs http <VS_IP> 80
  3. add service http_svc <SVC_IP> http 80
  4. bind lb vs http_vs http_svc
  5. add appfw profile abc -startURLAction none -SQLInjectionGrammar ON -SQLInjectionType None
  6. set appfw settings -defaultProfile abc

For more information, see Security Insight.

App dashboard: Select the App Score components and configure thresholds

In App Dashboard, as an administrator, you can now decide to select the components and configure thresholds for app score calculation. App Score is the scoring system that defines:

  • How well an application is performing

  • Whether the application is performing well in terms of responsiveness

Navigate to Applications > Dashboard and then select the settings icon to view the app score components.

App score setting

For more information, see Select App Score components and set thresholds.

[NSADM-52870]

App Security Violations: Visualize predictions based on the traffic patterns

In Analytics > Security > Security Violations, for all security violations (WAF and Bot), apart from violation details, you can now visualize a 3-week traffic prediction based on the machine learning algorithm. As an administrator, this 3-week prediction enables you to:

  • Analyze the traffic pattern even if no violations are observed
  • Take troubleshooting actions for any unusual traffic patterns observed from the predictions
  • Observe that Citrix ADM is processing data, apart from the anomalies

In the Security Violations page, click the Behavior checks with no violation tab to view the 3-week traffic prediction.

No violation

For more information, see App Security Violations.

[NSADM-58721]

Improvements to service graph

In Applications > Service Graph, you can now view the following enhancements:

  • The service graph page has three tabs:
    • Global – Displays the service graph for applications across all Citrix ADC instances

    • Web Apps – Displays the service graph for 3-tier web applications (Load balancing, Content Switching, and GSLB)

    • Microservices – Displays the service graph for Kubernetes microservices

    Click each tab to view the respective service graph.

    Service graph improvements-1

  • From the global service graph, you can access the microservice details. Clicking a service and selecting the option redirects to its respective GUI.

    Service graph improvements-2

  • The microservices service graph has a search bar, where you can mouse pointer and select the following categories to create the filter:

    Service graph improvements-3

    • Client Geo Location – Displays the ingress and its services that the client is accessing

    • Ingress-IP – Displays all services associated with the ingress

[NSADM-57696]

September 29, 2020

Improvements to WAF learning engine

In WAF learning engine, you can now view the following enhancements:

  • WAF Learning > Dashboard is replaced with WAF Learning > Actions Summary

    Action summary

  • The Action By option enables you to understand if the learned rules are auto-deployed by Citrix ADM or if the administrator has selected the Deploy or Skip option manually.

    Action by

  • If a deployed learn rule has failed, you can view the failure reason in the Actions Summary page.

    Failed rule

  • For each configured learned profile, you can view up to 1 million learned rules.

    [NSADM-57220]

HDX insight – Search using city name

In HDX insight, you can now filter results based on the city name.

City name

[NSADM-57366]

Infrastructure Analytics – Search attributes

In Infrastructure Analytics, you can now place the mouse cursor on the search bar and select the following search attributes to filter the results:

  • Host name

  • IP address

  • Type

  • Version

  • Site

    Infra analytics search

[NSADM-59453]

Improvements to Gateway Insight

In Gateway Insight > Users, the license information is now removed.

Earlier:

Gateway insight earlier

Now:

Gateway insight now

[NSADM-53494]

Migrate ADC configuration to an Autoscale group using StyleBook configuration builder

In StyleBooks configuration builder, you can now migrate ADC configuration to an Autoscale group. To do so, select the required Autoscale group as a target instance.

Autoscale group using StyleBook

[NSADM-51470]

Fixed issues

Deployment

ADM agent image does not work in AWS M5 instance type. With this fix, supported drivers are added for ADM agent image to work in M5 instance types.

[NSHELP-24250]

Networks

When you run a configuration job with “<” character, the job fails.

[NSADM-53465]

September 16, 2020

Low-touch onboarding of ADC instances using ADM service connect

Now you can use the new Citrix ADM service onboarding workflow, which provides a faster way to onboard ADC instances to ADM service and get visibility into your hybrid multi-cloud deployment. The auto onboarding feature in this workflow leverages the new ADM service connect feature in ADC instances, which enables ADC instances to be connected to ADM service. For more information, see Low-touch onboarding of Citrix ADC instances using Citrix ADM service connect.

Note

This workflow is rolled out (GA) in a phased manner, through canary release. You will receive an email when this feature is available in your ADM service environment.

[NSADM-51952]

Kubernetes service graph - Client transaction summary

In Kubernetes service graph, you can now view the detailed transactions logs for all clients from a specific location. Using this feature, you can view:

  • Response time > 500 ms
  • 5xx errors

Note

You can view only a few sample 2xx and 4xx transactions for the selected client.

This feature not only enables you to look into the detailed transactions, but also understand the metrics (such as Client RTT, SSL metrics, and server response time) split across the client, ADC, and server visually.

For more information, see View client metrics.

[NSADM-58342]

Maintain the status of ADC high-availability nodes after upgrade

When you create an upgrade job for an ADC high-availability pair, a new option Maintain the primary and secondary status of HA nodes after upgrade appears. This option appears under the Create Job tab. Select this option if you want the upgrade job to initiate a failover after upgrading each node. Earlier, there was no GUI option, and the upgrade job initiated the failover by default, after upgrading each node.

Maintain the primary and secondary status of HA nodes after upgrade

[NSADM-47736]

Save the ADC configuration before an upgrade

When you create an upgrade job for an ADC instance, you can now save the running ADC configuration before upgrading the instance. Select the Save ADC configuration before starting the upgrade option under the Create Job tab.

Save ADC configuration before starting the upgrade

[NSADM-52470]

Fixed issue

Analytics

Unable to resize columns in the Analytics > HDX Insight > Users page.

[NSHELP-24288]

September 02, 2020

Modify the access type of an Autoscale application

You can now modify the access type of an Autoscale application. When you modify the access type, you can also modify the following:

  • FQDN type
  • Domain name
  • Zone of the domain.

[NSADM-52810]

Improvements to API Gateway

The API gateway feature is now improved with the following capabilities:

  • API Analytics: When you click See more to expand a tile, you can search API instances and endpoints by their partial names. See, View API analytics.

  • Deployments: Enable analytics for an API deployment. See, Enable the API analytics.

  • Policies: Configure WAF and BOT policies for an API deployment. See, Add policies to an API definition.

    Note

    Before you configure WAF and BOT policies, ensure to create a profile in ADM using StyleBooks. The following default StyleBooks are newly added to create profiles:

    api-waf-profile

    api-bot-profile

    For more information, see Create WAF and BOT profiles using StyleBook.

[NSADM-52804]

Include icons in the StyleBooks bundle

When you import multiple StyleBooks from a bundle, you can now include icons to each StyleBook. Upload the icons and the icon_mapping.json file to the resources folder. If the icon file name and StyleBook name are matching, the icons are automatically mapped to the StyleBooks. Otherwise, map StyleBooks and icons in the icon_mapping.json file as follows:

<StyleBook file name> : <icon file name>

If you only specify the defaulticon entry, all StyleBooks in the bundle are mapped to the specified icon.

defaulticon: <icon file name>

In Application > StyleBooks, the imported StyleBooks appear with the mapped icons.

For more information, see Import custom StyleBooks.

[NSADM-52330]

Improvements to the Pooled Capacity page

The Pooled Capacity page is now improved with the following GUI changes:

  • Unmanaged instances – This is a new tab. It displays the instances that are discovered but not managed in Citrix ADM. Earlier, these instances were listed in the Dashboard tab with the Not Managed license status.

    Unmanaged instances

  • License Status - In this column, the following statuses are removed:

    • Not Managed
    • Sync in progress

    The Allocation Details column is now removed from the instances list.

  • License Server Usage - A new indicator added to the usage chart. It displays the pooled capacity consumption of the license server.

    License server usage

[NSADM-52770]

WAF Learning Engine - Support for removing rules

You can now modify the learning behavior to remove the relaxation rules, if no incoming traffic with security checks is received in the Citrix ADC instance. Navigate to Analytics > Security > WAF Learning > Learn Profiles and click Add to view the Learn Behavior options.

Removing tools

  • Generate Rule – Generates the exception rule and enables the administrator to either deploy or skip the rule.

  • Remove Rule – Removes the exception rule, when the configured idle time exceeds the threshold.

  • Both – Generates the exception rules and removes the rule when there is no incoming traffic.

You can apply the remove rule option only for the following security checks:

  • Start URL

  • Deny URL

  • HTML Cross-Site Scripting

  • HTML SQL Injection

When a rule is removed, a notification is generated in Slack, SMS, Email, and ServiceNow. You can also view details in the WAF Learning Dashboard.

For more information, see Configure the Learning Profile.

[NSADM-52871]

App Security Violations - Bot

In App Security Violations, you can now view Website Scanners under the BOT violation category. For more information, see App Security Violation.

[NSADM-53289]

App Security Violations - Network

In App Security Violations, you can now view Small Window Attack under the Network violation category. For more information, see App Security Violation.

[NSADM-46023]

Improvements to App Dashboard

In App Dashboard, you can now view the following enhancements:

  • In the Manage Applications page:
    • You can view the total service groups and the service groups status that are Up, Down, or Out of Status.

      Dashboard improvements

    • You can place the mouse pointer on the search bar and select the category to refine the search.

      Dashboard improvements-2

  • In the App Dashboard page, the scroll bar is replaced with a carousel slider that enables you an ease of access to all options.

    Dashboard improvements-3

[NSADM-52759]

Web Insight dashboard

You can now view an improved Web Insight feature that provides visibility into detailed metrics for web applications, clients, and Citrix ADC instances. This improved Web Insight enables you to evaluate and visualize the complete app information from the perspectives of performance and usage together. As an administrator, you can view Web Insight for:

  • An application. Navigate to Applications > Dashboard, click an application, and select the Web Insight tab to view the detailed metrics. For more information, see Application Usage Analytics.

  • All applications. Navigate to Applications > Web Insight and click each tab (Applications, Clients, Instances) to view the following metrics:

Applications Clients Instances
Application Clients Instance Metrics
Servers Geo Loocations Applications
Domains HTTP Request Methods Domains
Geo Locations HTTP Response Status URLs
URLs URLs HHTP Request Methods
HTTP Request Methods Operating System HTTP Response Status
HTTP Response Status Browsers Clients
SSL Errors SSL Errors Servers
SSL Usage SSL Usage Operating System
- - Browsers

For more information, see Web Insight dashboard.

Support for ADM agent on GCP

Citrix ADM agents are now supported on Google Cloud Platform (GCP). For more information, see Install Citrix ADM agent on GCP

[NSADM-31980]

New search capability for event messages

In Networks > Events > Event Messages, now you can use logical operators such as AND/OR to search. You can also filter data using custom time periods. Also, the events summary panel provides a count of each event category and severity.

Search event messages

Fixed issues

Analytics

The analytics report in Citrix ADM displays only 14 to 28 days data, even after the time duration is selected as 1-month

[NSHELP-23836]

System

ADM does not generate the agent technical support bundle if the file size is large. [NSHELP-24620]

Licensing

When installing a license file on the ADM GUI using a license access code (Networks >Licenses >Add License File), the “Fail to parse the License info” message appears. The issue occurs if the license files are stored on a Jazz server, which is not supported. With this fix, Jazz servers are supported for adding license files to ADM.

[NSADM-59338]

August 17, 2020

Select target instance groups to deploy a configuration pack

When you add a new configuration in the StyleBooks > Configurations page, you can now select an ADC instance group to deploy a configuration pack. And, this configuration applies to all instances in the group. To do so, select Instance Groups in the Target Instances section.

Target instance

[NSADM-56605]

Specify an IP address from the IPAM network

When you set the dynamic-allocation attribute value to true in the StyleBook definition, a user can now specify an IP address from the selected IPAM network. The ADM allocates the specified IP address to a virtual server.

[NSADM-56068]

Manage user authorization to IPAM

As an administrator, you can now select IPAM providers and networks and grant access to a user or group.

  1. Navigate to the System > User Administration page.

  2. Add IPAM providers and networks in the Authorization Settings tab.

    User authorization

[NSADM-54377]

Improvements to StyleBook built-in functions

When creating StyleBook definitions, use the following built-in functions with their improved capabilities:

  • replace() – Now replaces the characters or strings specified in the list. Earlier, you were not able to provide a list input to this function.

  • ip() – Now accepts an integer value and converts that into an equivalent IP address. It also supports IP address addition and subtraction.

  • int() – Now accepts an IPv4 address and returns its equivalent integer value.

[NSADM-56310], [NSADM-55209]

Use new StyleBook built-in functions

When creating StyleBook definitions, ADM StyleBooks now supports the following built-in functions:

  • distinct() - Extracts the unique items from an input list.

  • split() - Splits an input string into lists.

[NSADM-56103], [NSADM-55958]

Configure an Autoscale group application without StyleBooks

You can now configure an application on an ADC Autoscale group without selecting StyleBooks. However, if you want to use StyleBooks in future, edit and resubmit this application, select Yes in the confirmation window.

Earlier, StyleBook selection was mandatory to configure an Autoscale group application.

[NSADM-52814]

Improvements to Gateway Insight

In Gateway Insight, you can now view:

  • A search bar that enables you to filter results based on the user name. Navigate to Analytics > Gateway Insight > Users to view the search bar for Users and Active Users. Place the mouse pointer on the search bar, select User Name, and type a user name to filter results.

    Search bar

  • A geo map that displays the users information based on the users geographical location. As an administrator, this geo map enables you to view the summary of total users, total apps, and total sessions for a specific location.

    1. Navigate to Analytics > Gateway Insight to view the geo map

    2. Click a country. For example, United States The geo map displays the details such as users list, active sessions, terminated sessions, applications for the selected country.

  • A geo map for gateways that enables you to filter users based on a particular location.

    1. Navigate to Analytics > Gateway Insight > Gateways

    2. Select a gateway domain name to view the geo map

    3. Click a country. For example, United States

      The geo map displays the details such as users list, active sessions, terminated sessions, applications for the selected country.

[NSADM-55504], [NSADM-55506]

App Security Violations – Network

In App Security Violations, you can now view SYN Flood Attack under the Network violation category. For more information, see App Security Violations.

[NSADM-46021]

Improvements to Global Service Graph

In Global Service Graph, you can now use the search bar to filter results. As an administrator, this search bar enables you to narrow-down quickly to a particular instance/client/application/data center, when you have:

  • A large enterprise with many data centers

  • Configured many Citrix ADC instances for each data center

  • Configured many applications deployed or accessed through each Citrix ADC instance

  • Clients accessing the application from different locations

For more information, see Service Graph - Holistic view of all applications

[NSADM-52149]

Log message enhancement for cross-site script violation

The WAF Learning dashboard with cross-site script violation deployed now enables you to view a new attribute. This new attribute specifies the cross-site script violation location. The violation location can be Form Field, URL, Header, Cookie, or Other Locations.

WAF location

[NSADM-52941]

Security Insight – JSON Command Injection

In Security Insight, you can now view a new violation type, JSON Command Injection. To generate the JSON Command Injection violation in Security Insight, you must configure the following command in Citrix ADC instance:

add appfw profile abc_js -type JSON -startURLaction none -starturlclosure off -jsoncmdinjectionaction block log stats -jsoncmdinjectiontype cmdkeyword

After you configure, you can view the JSON Command Injection attack in Security Insight.

JSON command injection

[NSADM-52869]

Service graph for Kubernetes application – View app details in App dashboard

In service graph, when you click a service and select View in App Dashboard, the details for the selected app is displayed in the App dashboard.

Service in app dashboard

For more information, see Application details for microservices applications.

[NSADM-56583]

View Security insight and bot insight attack details in App Security Violations

In App Security Violation, you can now view security insight and bot insight attack details under WAF and Bot categories respectively. Navigate to Analytics > Security > Security Violations to view the following violations:

WAF Bot
Buffer Overflow Crawler
Content Type Feed Fetcher
Cookie Consistency Link Checker
CSRF Form Tagging Marketing
Deny URL Scraper
Form Field Consistency Screenshot Creator
Field Formats Search Engine
Maximum Uploads Service Agent
Referrer Header Site Monitor
Safe Commerce Speed Tester
Safe Object Tool
HTML SQL Inject Uncategorized
Start URL Virus Scanner
Cross site scripting (XSS) Vulnerability Scanner
XML DoS DeviceFP Wait Exceeded
XML Format Invalid DeviceFP
XML WSI Invalid Captcha Response
XML SSL Captcha Attempts Exceeded
XML Attachment Valid Captcha Response
XML SOAP Fault Captcha Client Muted
XML Validation Captcha Wait Time Exceeded
Others Request Size Limit Exceeded
IP Reputation Rate Limit Exceeded
HTTP DOS Block list (IP, subnet, policy expression)
TCP Small Window Allow list (IP, subnet, policy expression)
Signature Violation Zero Pixel Request
File Upload Type Source IP
JSON cross site scripting (XSS) Host
JSON SQL Geo Location
JSON DOS URL
Command Injection  
Infer Content Type XML  
Cookie Hijack  

[NSADM-54296]

Peak usage and lean period analytics - Assess app scale limits and identify top 5 app maintenance window

As an administrator, you must analyze the traffic and find a right time to decide:

  • When you want to scale up the application in the production environment

  • When you want to schedule the application downtime

The peak usage and lean period analytics feature in Citrix ADM enables you to analyze the key metrics for a selected time duration. From these metrics, you can analyze the traffic and take decision on when you want to scale up the web application or plan a scheduled downtime.

For more information, see Application peak usage and lean period analytics.

[NSADM-52167], [NSADM-52140]

View network reporting data by applying aggregations

You can now apply aggregations to the network performance data and view application performance on the dashboard. You can also export the results based on your requirement. Using these aggregations applied to the data, you can analyze and ensure all resources are utilized optimally. Navigate to Network > Network Reporting and select the time duration 1 day or later to get the View By option.

View by

In the existing data, you can apply aggregations by selecting the option from the View By list. For more information, see View networking reporting data by applying aggregation filters

[NSADM-56494]

Select the evaluation license type in smart deployment

You can now experience the ADM Autoscale solution using the evaluation license. When you choose the Smart Deployment option to deploy ADC instances in AWS, you can now select the Evaluation license type. This option allows you to deploy the Citrix ADC VPX Express product. And, it can Autoscale up to three instances.

[NSADM-52143]

Fixed issues

Licensing

The licenses in Citrix ADM are disabled due to the agent restart.

[NSHELP-23539]

Networks

The Citrix ADM agent status shows reset:requested, even after the agent registration is successful.

[NSHELP-23413]

StyleBooks

When you configure an Autoscale group application using default StyleBooks, it does not support the DNS and UDP monitor types. With this fix, the versions of the following Autoscale group StyleBooks are updated:

  • lb-mon-autoscale-v1.5

  • cs-lb-mon-autoscale-v1.4

[NSADM-55982]

July 24, 2020

App Security Violations - Network

You can now view the Segment Smack Attack as part of the network violations in App Security Violations. For more information, see App Security Violations.

[NSADM-46025]

Service Graph for Kubernetes applications - View client metrics for troubleshooting issues

In Service Graph for Kubernetes applications, you can now view from which location the client is accessing the service. As an administrator, you can visualize the client metrics and analyze the issues that occur from the client.

For more information, see View details in service graph.

[NSADM-54335]

Support for In-Service-Software-Upgrade

You can now select the In-Service-Software-Upgrade (ISSU) option while creating an upgrade job. ISSU ensures the zero downtime upgrade on an ADC high-availability pair. The ISSU feature provides a migration functionality that honors the existing connections during upgrade. So, you can upgrade an ADC HA pair without downtime.

ISSU upgrade option

[NSADM-43357]

Dynamically list the ADM IP address Management (IPAM) networks in StyleBooks

You can now build a StyleBook that allows a user to select an ADM IPAM network from which it auto-allocates an IP address. The IPAM networks list is dynamically retrieved from ADM. Earlier, you were able to select the IPAM networks that are mentioned in the StyleBook definition.

A new attribute dynamic-allocation is now added in the parameter definition of type:ipaddress. It can take true or false as an input. When you set its value to true, a user can select a network from the list of the IPAM networks found in ADM. Then, the ADM auto-allocates an IP address from the selected network.

Example:

  -
    name: virtual-ip
    label: "Load Balancer IP Address"
    type: ipaddress
    dynamic-allocation: true
    required: true

In this example, the virtual-ip field lists the IPAM networks that are in ADM. Select a network from the list to auto-allocate an IP address from the network. The IP address is released back to the network when the configuration is deleted.

[NSADM-54246]

User authorization improvements to StyleBooks and configuration packs

As an administrator, you can now have a better control on authorizing specific StyleBooks and configuration packs to user groups in the Account > User Administration > Groups page. The StyleBooks and Configpacks sections in Authorization Settings are now improved with the following changes:

  • StyleBooks – You can now specify the authorized list of StyleBooks using a filter expression that can contain regular expressions.

    Example:

    name=lb-mon|lb AND namespace=com.citrix.adc.stylebooks AND version=1.0

    This query lists the StyleBooks that meet the following conditions:

    • StyleBook name is either lb-mon or lb.

    • StyleBook namespace is com.citrix.adc.stylebooks.

    • StyleBook version is 1.0.

  • Configuration packs – You can now authorize the user for configuration packs that belong to the selected StyleBooks. To do so, select All configurations of the selected StyleBooks in the Configpacks section.

    New option to select configuration packs

[NSADM-52334]

July 15, 2020

Export ADM reports in a tabular format

You can now export ADM reports in a tabular format or a snapshot. You can also choose how many data records to export in a tabular format. Earlier, you were able to export reports only as a snapshot.

ADM reports in tabular format

For more information, see Export or schedule export reports.

[NSADM-52461]

Generate network reports for load-balancing service groups

You can now create a network-reporting dashboard for both load-balancing service groups and services. Earlier, you were able to create a dashboard for load-balancing services only.

Network reports for load-balancing service groups

This dashboard can display the following reports for the selected service groups:

  • Connections: for the client and server connections counters.
  • Throughput: for request and response bytes counters.
  • Time to First Byte (TTFB): for the average time taken to send a request packet to a service group and receive the first packet from the service group. This response time is called as TTFB.

For more information, see Network reporting.

[NSADM-51596]

Support for authentication, authorization, and auditing polling and network reports

Citrix ADM now polls authentication, authorization, and auditing (Citrix ADC AAA) events from an ADC instance and allows you to visualize their trend in Network Reporting. The ADM GUI includes the following Citrix ADC AAA network reports to create a dashboard:

  • HTTP Authentication Success vs Failures
  • Non-HTTP Authentication Success vs Failures
  • AAA Sessions
  • Current AAA Sessions
  • Current ICAOnly Sessions
  • Current ICAOnly Connections
  • Current ICA(SmartAccess) Connection
  • Authentication Success and Failures

For more information, see Network Reporting.

[NSADM-51372]

Associate StyleBook tags with their configuration

In StyleBooks, the Label term is renamed to Tag. You can now associate the StyleBook tags with its configuration pack. So, you can search the configuration packs using the StyleBook tags itself. When you create a configuration pack, use one the following options in the Tag Association section:

  • Associate all present and future StyleBook tags with the configuration – This option associates all the StyleBook tags to a configuration pack. It also makes sure to associate the new tags that you might add to the StyleBooks in future.
  • Select tags – This option displays the tags of the selected StyleBook. You can select the required StyleBook tags and associate with a configuration pack.

    StyleBook tags and configuration

For more information, see Create a tag for the StyleBook.

[NSADM-53600]

StyleBooks support conditional parameters

You can now dynamically control a parameter’s appearance or its initial value in the StyleBook configuration form based on the value specified in another parameter. To do so, use the dependent-parameters attribute in the parameter definition. This attribute is newly added as a new gui subattribute. Specify this attribute on a source parameter that controls the parameter’s behavior on the form. In this attribute, you can include multiple conditions that control other parameters. For example, a source parameter protocol can have a dependent-parameter certificate, which only appears if the protocol parameter value is SSL. Each condition can have the following attributes:

  • target-parameter: Specify the target parameter to which this condition applies.
  • matching-values: Specify the list of values of the source parameter that trigger the action.
  • action: Specify one of the following actions on the targeted parameter:
    • read-only: The parameter is made read-only.
    • show: The parameter appears in the form if it is hidden.
    • hide: The parameter is removed from the form.
    • set-value: The parameter value is set to the value specified in the value attribute
  • value: The value of the target parameter if the action is set-value

When a user input matches the specified values on the source parameter, the target parameter’s appearance or value changes according to the specified action.

For more information, see dependent-parameters.

[NSADM-52329]

View users who created or updated a StyleBook configuration

In StyleBook > Configurations, a new column is added that display users who created or last updated the configuration pack. If you want to filter configuration packs by users, select the Created By option from the properties list to filter configuration packs.

[NSADM-52336]

Use a script to enable zero-touch agent in AWS

When you launch an ADM agent in AWS, you can now specify an agent auto-registration script as user data. An example script is provided in Install Citrix ADM agent on AWS. This script fetches the authentication details from the AWS secrets manager and runs the deployment.py script to register the agent with the ADM service. Alternatively, you can still do any of the following:

  • Specify the actual authentication details in user data that auto-registers the agent during boot-up.
  • Use the deployment_type.py script to register an agent after it boots up successfully. For more information, see Install Citrix ADM agent on AWS.

[NSADM-55322]

WAF learning in Citrix ADM

As an administrator, you can now configure learning profiles to generate the relaxation rules list:

  • Only for the selected web applications
  • Only for the selected profile names

For more information, see Configure the learning profile.

[NSADM-49494]

App security violations - Network

Apart from the existing app security violations, you can now view the following violations as part of the Network violations:

  • HTTP desync attack
  • Bleichenbacher attack

For more information, see Application security violation details.

[NSADM-49468], [NSADM-46460]

View ingress metrics and ingress details for troubleshooting

In service graph, you can now view:

  • Ingress metrics
  • Ingress details (drill down)
  • The type of ingress used
    • Tier 1 ingress – Citrix Ingress Controller inside the Kubernetes cluster configures a Citrix ADC instance (VPX/MPX/SDX/BLX) outside the Kubernetes cluster.
    • Tier 2 ingress – Citrix Ingress Controller running as a sidecar along with Citrix ADC CPX instance inside the Kubernetes cluster.

      Note: You can view Tier 1 ingress and Tier 2 ingress only if you have configured a two-tier architecture (Tier 1 ingress using ADC as MPX/VPX/SDX/BLX and Tier 2 ingress using ADC as CPX) in the Kubernetes cluster.

For more information, see View ingress details for troubleshooting issues

[NSADM-53755]

Improvements to 3-tier web applications service graph

The 3-tier web applications service graph is now improvised with the following changes:

  • The services are grouped and only the top four low scored services are displayed.

    3-tier web applications service graph

    Click More Services to view all services based on its status such as Critical, Review, and Good.

    More services in service graph

  • The Hits and Errors bar graph is not visible.

    Earlier

    Previous Hits and Errors bar graph

    Now

    New Hits and Errors bar graph

  • The network functions metrics are updated.

    Earlier

    Previous network functions metrics

    Now

    New network functions metrics

[NSADM-52147]

Improvements to Gateway Insight

In Gateway Insight, you can now view the following enhancements for the gateway users. As an administrator, these enhancements enable you to get a complete user information when you export the report. Navigate to Analytics > Gateway Insight > Users and select a user to view:

  • The user Active Sessions and Terminated Sessions.

    Gateway Insight active and terminated sessions

  • The gateway domain name and gateway IP address in Active Sessions.

    Gateway Insight active session

  • The user login duration.

    Gateway Insight login duration

  • The reason for the user logout session. The logout reasons can be:

    • Session timed out
    • Logged out because of internal error
    • Logged out because of inactive session timed out
    • User has logged out
    • Administrator has stopped the session

      Gateway Insight logout session

[NSADM-52763], [NSADM-52767], [NSADM-52764], [NSADM-53496]

Support for built-in agent for SDX instances

Citrix ADM built-in agents are now available on SDX instances. Further, you can initiate the built-in agent by using MASTools. For more, see Configure the ADC built-in agent to manage instances

Fixed issues

Analytics

When ADM collects the ADC metric information, CPU usage becomes high.

[NSADM-56374]

Systems

When you enable Prompt Credentials for Instance Login in the System Settings page, the ADM GUI doesn’t display the license information in the Instance dashboard.

[NSHELP-23944]

Networks

Under Networks > Licenses, the ADM GUI displays incorrect license information for managed instances, if the number of managed instances is more than the maximum limit of 58 instances. With the fix, the limit for maximum instances is increased to 1000.

[NSHELP-23956]

June 30, 2020

App security violations – Excessive Unique IPs per Geo

The Excessive Unique IPs per Geo indicator now enables you to view a Geo map that displays the total anomalies based on regions. The graph indicates the relevant violation details from the selected region.

Excessive unique IPs per geo

For more information, see Excessive Unique IPs per Geo.

[NSADM-52555]

Improvements to Gateway Insight

In Gateway Insight, you can now view the following enhancements:

  • User details - You can view insights for each user associated with the ADC Gateway appliances. Navigate to Analytics > Gateway Insight > Users and click a user to view insights for the selected user such as Session Mode, Operating System, and Browsers.

    User details

  • Users and applications for the selected gateway - Navigate to Analytics > Gateway Insight > Gateway and click a gateway domain name to view the top 10 applications and top 10 users that are associated with the selected gateway.

    User and application

  • View more option for applications and users – For more than 10 applications and users, you can click the more icon in Applications and Users to view all users and applications details that are associated with the selected gateway.

    View more

  • View details by clicking the bar graph – When you click a bar graph, you can view the relevant details. For example, navigate to Analytics > Gateway Insight > Gateway and click the gateway bar graph to view the gateway details.

    Bar graph

[NSADM-53489], [NSADM-53508], [NSADM-53906], [NSADM-52768]

Ability to add an ADC instance without valid credentials

When you add an instance in Citrix ADM for the first time, you can now add the instance even without valid credentials. After the instance is added, it appears in the DOWN state in the Networks > Instance > Citrix ADC page, with a Login Failed warning. Specify the correct credentials to manage the instance in ADM.

Add an instance without credentials

If the instance is unlicensed, the License option appears when you select the instance. Click License to apply the license to an instance from the license pool.

[NSADM-44856]

View ADC FIPS instance pool under the Pooled Capacity page

The ADC FIPS instances can now check out licenses from the FIPS instance pool. Therefore, the ADM GUI displays the allocated pooled licenses to FIPS instances under Networks > Licenses > Bandwidth Licenses > Pooled Capacity page.

[NSADM-51207]

Autoscale group applications in Azure support UDP traffic

The Autoscale group applications that are in Azure can now receive UDP traffic. When you configure an application to the Autoscale group, select the UDP protocol and port value to allow UDP traffic.

Autoscale group applications support UDP traffic

With this feature, the following Autoscale group StyleBooks are newly added to configure an application:

  • lb-mon-autoscale-v1.4
  • cs-lb-mon-autoscale-v1.3

[NSADM-53288]

Fixed issues

Licensing

The instance license status appears as Sync-In-Progress instead of Managed when the following conditions are met:

  1. The multiple licenses belong to the same edition and pool.
  2. An ADC instance checks out the license from the pool.

[NSADM-55928]

System

  • Syslog messages do not appear in the ADM GUI.

    [NSADM-55822]

  • When you change the user’s group, the password complexity error appears.

    [NSHELP-23497]

June 22, 2020

Select multiple target instances at one time

When you want to deploy the same configuration pack to multiple ADC instances, you can now select the required ADC instances at one time. Earlier, you had to select the instances one by one to deploy the configuration pack. With this feature, you can also filter instances to select the required instances.

Multiple target instances

[NSADM-50115]

View the instance distribution by their minor versions

The Instance Dashboard now displays the managed instances’ distribution by their minor versions. The Version graph helps you visualize the device count for every minor version.

Instance distribution

[NSADM-42183]

Improvements to global service graph

As an administrator, the single-pane view in the global service graph might be difficult for you to monitor the infrastructure to application views, when you have:

  • A large enterprise with many data centers

  • Configured many Citrix ADC instances for each data center

  • Configured many applications deployed or accessed through each Citrix ADC instance

The improved global service graph now eliminates the disorganized view and enables you to view:

  • The data center grouped with its total Citrix ADC instances

  • Only the top four low-scored Citrix ADC instances from each data center

    ADC group

Click More ADCs to view all Citrix ADC instances by selecting the respective status (Critical, Review, Good, and Not Applicable) tabs. Click the instance IP address to view the instance details such as instance score, key metrics, and issues associated with the ADC instance.

Note

You can also click the instance from the global service graph to view the Citrix ADC instance details.

More ADCs

[NSADM-53249]

Fixed issues

Analytics

  • In Web Transaction Analytics, the saved searches are not displayed after a page refresh.

    [NSADM-53722]

  • In Analytics > Web Insight, the expected data is not displayed for all metrics pages (Client, Server, URLs, Request methods, Response status , User agents, and Operating systems)

    [NSADM-53632]

  • Even after configuring the right RBAC, the applications in Applications > App Dashboard and the virtual servers in Network Function > Load Balancing are not displaying the expected data, once a new stylebook/configpack is added by the user of the group.

    [NSHELP-23101]

GUI

  • In a VPN connection, ADM is unable to connect to the ADC GUI using SSO (Single Sign On).

    [NSHELP-23099]

June 04, 2020

Deliver your AWS application in three steps at your first login

When you log on to the ADM GUI for the first time, you can deliver an application that is in AWS using ADC instances in just three steps:

  1. Register your AWS account with the Citrix ADM service by creating a Cloud Access Profile.

  2. Prepare your AWS environment by specifying the AWS region, VPC details, and ADC licenses.

    The AWS environment comprises AWS infrastructure, ADM agent, and ADM Autoscale group. In this step, the ADM creates the following:

    • A CloudFormation stack in AWS to create the required infrastructure that includes subnets, security groups, NAT gateways, and so on.

    • An ADM Agent in the VPC to manage ADC instances.

    • An ADC Autoscale group. You can customize this group later in the Networks > Autoscale Group page.

  3. After successful environment preparation, configure applications using StyleBooks to deliver your application.

After the first logon, if you want to Autoscale ADC instances, see Autoscaling of Citrix ADC using Citrix ADM.

For more information, see Getting started.

[NSADM-47626]

Maintain a spare node in your Autoscale group

When you specify parameters to create an Autoscale group, you can now choose to maintain a spare node to achieve faster scale-out.

ADM provisions a spare node before the scale-out action occurs and shuts it down. When the scale-out action occurs for the Autoscale group, the ADM starts the spare node that is already provisioned. As a result, it reduces the time taken for scale-out.

Spare node in Autoscale

For more information, see Configure Autoscale parameters.

[NSADM-48191]

Configure an Autoscale group application using auto-generated FQDN

When you configure an application for the Autoscale group, you can now select auto-generated FQDN type. This option automatically generates the domain and zone name.

If you choose user-defined FQDN type, you must specify the domain and zone name to configure an application. For more information, see configure applications using StyleBooks.

[NSADM-51494]

Monitor API instances and endpoints in ADM

As an administrator, you can add and deploy API definitions on an API Gateway in Citrix Application Delivery Management (ADM). With this feature, you can add policies to define the traffic selection criteria to authenticate incoming API requests. The API Analytics page displays the following metrics of API instances and endpoints:

  • Distribution of application and server response time for API endpoints.
  • API endpoints that have high application and server response time.
  • API endpoints that have more requests and bandwidth.
  • Locations from where the endpoints receive API requests.
  • The trend of total and dropped API requests to an endpoint.
  • HTTPS response status.
  • API endpoint bandwidth consumption.
  • SSL errors and usage on an API endpoint.

API dashboard overview

For more information, see Manage API definitions.

[NSADM-47869]

Improvements to service graph

Service graph is updated with a few thematic changes. You can also experience a few minor UI updates:

  • FAQs’ link – To view more troubleshooting scenarios for service graph that display partial and no data issue.

Service graph FAQ link

  • Change in ADC processing time metric – This metric displays 0, instead of < 1 ms. This change is applicable only for ADC instances that are in Out of Service or Down status.

  • Hexagon to represent a microservice application – Service graph now displays a microservice application in the hexagon symbol.

Service graph hexagon

  • View ADC instance details – Click an ADC instance from service graph for applications (Applications > [app name] > Service Graph). This page displays ADC instance details such as instance score, key metrics, and issues.

  • Global service graph to display microservice applications – The microservice applications appear based on the configured thresholds.

Depending upon the score, you can view the microservice applications in red (critical), orange (review), and green (good).

  • Namespace filter to display corresponding services – The service graph now displays the corresponding services along with client and ingress.

Service graph namespace filter

[NSADM-51973]

View applications from the Infrastructure Analytics page

When you select an instance in the Infrastructure Analytics page, you can view the number of applications deployed on the instance. Click the applications link to view those applications.

Infra analytics applications link

[NSADM-43848]

A new UI text for SNMP V2

While adding an ADC instance in the ADM GUI, under SNMP, if you select SNMP V2 now the following message appears: “SNMP V3 is more secure and recommended.” By default, SNMP V3 is selected.

SNMP v2 UI text

For more information, see Adding instances.

[NSADM-51179]

Agent as a new search property

Under Networks > Instances > Citrix ADC, now you can search instances by the associated agent. Click the search icon and select Properties > Agent.

Search property agent

For more information, see How to search instances using values of tags and properties. [NSADM-47424]

Change agent default password

To ensure security of your infrastructure, now you can change the default password of an agent. To change the password, from the GUI, navigate to Networks > Agents and click Select Action and select Change Password.

Change agent default password

For more information, see Getting started.

[NSADM-47521]

Use ADM to provision ADC instances on SDX

You can now provision one or more Citrix ADC instances on the SDX appliance, by using ADM. The ADM service implicitly deploys the Citrix ADC instance on the SDX appliance and then downloads configuration details of the instance.

Use ADM to provision instances on SDX

For more information, see Provision ADC VPX instances on SDX using ADM.

[NSADM-23845]

Fixed issues

Analytics

In Gateway Insight, the export report for CSV format is not working as expected.

[NSHELP-22780]

GUI

The save favorites menu sometimes displays a javascript error.

[NSADM-52856]

Licensing

The unhandled timeout exceptions and deadlock conditions cause pooled licensing feature not working as expected.

[NSHELP-22729]

May 15, 2020

View diagnostic details for partial or no data in service graph

After you complete the required service graph configuration and add the Kubernetes cluster in Citrix ADM, the service graph starts to populate data. In some scenarios, you might observe that service graph displays either partial data or no data. Some of the possible reasons for the partial data or no data in service graph are:

  • Static route is not configured
  • Kubernetes cluster status is down
  • CPX registration is failed
  • CPX virtual servers are not licensed
  • The required analytics configuration is not set that prevents service graph to load all data

As an administrator, you might find it difficult to analyze the reasons when you see the service graph feature displaying partial data or no data.

The service graph page now enables you to view the possible reasons and required actions to troubleshoot the partial data or no data issue. For more information, see View diagnostic details.

[NSADM-47865]

A simplified process to view errors in service graph

In service graph, the process to view the HTTP and SSL errors is simplified. You can now view the total errors by hovering the mouse pointer on an erroneous service and clicking the error count.

View service graph errors

[NSADM-47864]

View microservice applications in app dashboard

In App Dashboard, you can view the microservice applications details that are configured from Citrix ADC CPX instance in the Kubernetes cluster. The App Type filter has a new K8s_Discrete option that enables you to apply filter and view the microservice application details.

Filter for microservice

For more information, see View microservice app details.

[NSADM-47863]

WAF learning in Citrix ADM

Citrix Web App Firewall (WAF) protects your web applications from malicious attacks such as SQL injection and cross-site scripting. To prevent data breaches and provide the right security protection, you must monitor your traffic for threats and real-time actionable data on attacks. Sometimes, the attacks reported might be false-positive and those attacks need to be provided as an exception. The learning engine on Citrix ADM is a repetitive pattern filter that enables WAF to learn the behavior (the normal activities) of your web applications. Based on monitoring, the engine generates a list of suggested rules or exceptions for each security check applied on the HTTP traffic. As an administrator, you can then view those violations list in Citrix ADM and decide to deploy or skip. For more information, see WAF learning in Citrix ADM.

[NSADM-44341]

App security violations - Excessive Unique IPs per Geo

Apart from the existing app security violations, you can now view Excessive Unique IPs per Geo as part of the Bot category. The Excessive Unique IPs per Geo indicator enables you to analyze and block the bad bots making more visits to a web application from a particular location. For more information, see Excessive unique IPs per geo.

[NSADM-43982]

Application usage analytics

Application owners must have the ability to evaluate and visualize the complete application from the perspectives of performance and usage.

The improvised App Dashboard enables you to view all the application performances and usage metrics together. When you click an application, alongside the existing application performance metrics, the Usage tab displays the metrics details that help you:

  • Understand your application usage.

  • Correlate any performance deviations with the usage metrics.

If the application has two or more virtual servers, select the virtual server from the list.

Usage app dashboard

Using the App Dashboard, as an administrator, you can visualize a single-pane view for the following metrics:

  • Clients
  • Servers
  • Geo locations
  • URLs
  • HTTP Response Status
  • Operating system
  • Browsers
  • SSL errors
  • SSL usage

For more information, see Application usage analytics.

Global service graph: A holistic visualization of users, infrastructure, and applications

Note

This feature is in preview.

The global service graph feature enables you to get a holistic visualization of the clients to infrastructure to application view. From this single-pane service graph view, as an administrator, you can:

  • Understand from which region the users are accessing the specific applications (3-tier Web apps and microservices app)
  • Visualize the infrastructure (Citrix ADC instance) view that the client request is processed
  • Understand if the issues are occurring from the client, infrastructure, or application
  • Further drill down to troubleshoot the issue

Navigate to Applications > Service Graphs > Global Service Graph to view:

  • End-to-end details of all applications connected from client to back end servers.
  • All Citrix ADC instances that are connected to its respective data centers. Note: You can view data centers only if you have GSLB apps.
  • The client metrics information.
  • The Citrix ADC metrics information.
  • All Citrix ADC instances that have discrete applications, custom applications, and discrete microservice applications.
  • The top four low-scored applications that belong to custom apps, discrete apps, and microservices apps.
  • The metrics information for the top four low-scored virtual servers.
  • The applications (discrete apps, custom apps, and microservices apps) status such as Critical, Review, Good, and Not Applicable.

For more information, see Holistic view of all applications in service graph.

[NSADM-47425]

Customize StyleBooks filter to provide user authorization

As an administrator, you can authorize specific StyleBooks to a user in the Account > User Administration > Groups page. You can now use a custom Filter query to search StyleBooks. A query is a string of key-value pairs where keys are as follows:

  • Name
  • Namespace
  • Version

For example: name=lb-mon OR namespace=com.citrix.adc.stylebooks OR version=1.0

The search result lists the StyleBooks based on the specified key-value pair. Based on the specified query, the ADM provides user access to those StyleBooks.For more information, see Configure groups on Citrix ADM.

[NSADM-49446]

Import StyleBooks with an icon

When you import a StyleBook, you can now include an icon with it. In Applications > StyleBook, the imported StyleBook appears with an icon.

StyleBook icon

For more information, see Import custom StyleBooks

[NSADM-45810]

Use new built-in functions in StyleBooks

When creating StyleBook definitions, ADM StyleBooks now supports the following built-in functions:

  • startswith() – Determines whether a string begins with a given prefix. Learn more.
  • contains() – Determines whether a string contains a given substring. Learn more.
  • endswith() – Determines whether a string ends with a given suffix. Learn more.](/en-us/citrix-application-delivery-management-service/stylebooks/stylebooks-grammar/built-in-functions.html#endswith)
  • substring() – Extracts a substring from a string. Learn more.](/en-us/citrix-application-delivery-management-service/stylebooks/stylebooks-grammar/built-in-functions.html#substring)

[NSADM-45889]

StyleBook configuration builder supports ADC WAF feature

The StyleBook configuration builder now recognizes and supports WAF feature in an ADC source configuration. For more information about supported ADC features, see Migrate Citrix ADC application configuration using StyleBooks Configuration Builder.

[NSADM-48941]

Confirm license consumption before application deployment

When you create an application using StyleBooks, you can confirm the required license consumption before deploying the application. The following message appears after you complete the steps to create an application:

Confirm license consumption

Click Yes to the confirmation message. The ADM allocates the required licenses to an application. Earlier, you had to enable the Auto licensed virtual servers option to create an application using StyleBooks. Now, you can still create an application even if the Auto licensed virtual servers option is disabled.

For more information, see Create an application using StyleBook.

[NSADM-51306, NSADM-47184]

Fixed issues

Networks

When you export a CSV report for all performance reports including load balancing virtual servers report, the exported report appears blank.

[NSHELP-22465]

Under Networks > Configuration Audit > Audit Reports, for any selected ADC instance, the following actions do not work:

  • Revision history diff
  • Pre vs. Post upgrade diff
  • Download configuration

[NSADM-51310]

Upgrade scripts fail to download, and the “File not Found” error message appears. This issue occurs when you download the scripts after a maintenance upgrade job is successfully completed.

[NSADM-48809]

Analytics

The unusually large upload and download transaction indicators in Citrix ADM GUI do not display analytics data as expected.

NSADM-50930]

April 28, 2020

View application security violation details

Apart from the existing network violations, you can now view violations for bot and WAF categories. The following are the violations that you can visualize in Citrix ADM:

BOT WAF
Excessive Client Connections Unusually High Upload Transactions
Account Takeover Unusually High Download Transactions
Unusually High Upload Volume Excessive Unique IPs
Unusually High Request Rate  
Unusually High Download Volume  

For more information, see View application security violation details.

[NSADM-40227], [NSADM-43969], [NSADM-43974], [NSADM-43977], [NSADM-43980], [NSADM-43984]

View reports for bot signature updates

In Bot insight, you can now view the bot signature updates in the Events History, when:

  • New bot signatures are added in Citrix ADC instances.

  • Existing bot signatures are updated in Citrix ADC instances.

Navigate to Analytics > Security > Bot Insight and view the signature update summary under Events History.

For more information, see Bot insight.

[NSADM-40228]

Install an agent certificate

To meet your security requirements, now you can upload a certificate to the ADM agent by using the ADM GUI. To install the certificate, from the GUI navigate to Networks > Agents and click Select Action and select Install Certificate.

For more information, see Getting Started.

Certificate

[NSADM-47904]

Specify verbatim type strings in a new format

The verbatim strings can take complex inputs like PI Expressions in their original format without escape characters (for example, \\).

To include PI expressions in a StyleBook definition and to retain its format in the output, you can now specify them using the following syntax:

  • The new syntax:

     ~{<pi-expression>}~
    
     Example:
    
     ~{"HTTP.REQ.COOKIE.VALUE(\"jsessionid\") ALT HTTP.REQ.URL.BEFORE_STR(\"=\").AFTER_STR(\";jsessionid=\") ALT HTTP.REQ.URL.AFTER_STR(\";jsessionid=\")"}~
    
  • The old syntax:

     “\<pi-expression>\””
    
     Example:
    
     "\"HTTP.REQ.COOKIE.VALUE(\\\"jsessionid\\\") ALT HTTP.REQ.URL.BEFORE_STR(\\\"=\\\").AFTER_STR(\\\";jsessionid=\\\") ALT HTTP.REQ.URL.AFTER_STR(\\\";jsessionid=\\\")\""
    
    

The specified PI expressions do not alter their format in the output.

[NSADM-45888]

StyleBooks configurations - list view

The ADM GUI displays the StyleBooks configurations in the list view. Earlier, it was displayed in a tile view.

With this change, you can sort StyleBook configurations by column headers. For example, you can sort configurations by LAST MODIFIED TIME.

Configuration view

[NSADM-48918]

Migrate multiple virtual servers using the configuration builder

In the StyleBooks configuration builder, you can now select one or more virtual servers that you want to migrate from the configuration source to the target instance. Earlier, you were able to select only one virtual server to migrate at one time.

With this feature, you can select and migrate the necessary virtual servers that makes an application to the target instance.

Multiple virtual servers

[NSADM-49602]

Fixed issues

Analytics

  • In Security Insight, when you use the time slider, the Application Summary is displayed blank.

[NSADM-50809]

Applications

  • When you select an application from the App dashboard, the value for Response Time metric under Key Metrics is displayed in an incorrect format.

    [NSADM-50274]

  • The Manage Applications page is displayed blank, when:

    • You delete a custom app. Only after clicking the Refresh button displays the other apps

    • You modify the number of rows to be displayed

    • You click the next page in case of more than one page is available

    [NSADM-50224]

  • In Service Graph for Applications, the end-to-end transaction details from client to service is not populated in case the transaction occurs through servers with IPv.6

    [NSADM-50201]

Networks

  • In Configuration Job, when you select Instance from the Configuration Source list, and select Running Configuration or Saved Configuration option, an error message Please provide Citrix ADC IP Address is displayed.

    [NSADM-50810]

  • Indentation issue results in agent registration failure

    [NSADM-50596]

  • In Configuration Audit, when you export the report in CSV format, no data is displayed. Citrix ADM GUI also hangs sometimes, when you do multiple exports.

    [NSADM-48322]

StyleBooks

  • Incorrect error message is rendered while compiling a StyleBook dependency.

    [NSADM-50466]

Infra

  • Log information for any activity on mpsgroup to be displayed in Citrix ADM.

    [NSHELP-22370]

April 14, 2020

Support for IPAM in ADM

ADM supports IP address management (IPAM) to auto-assign and release IP addresses in ADM managed configurations. You can assign IPs from networks or IP ranges defined using the following IP providers:

  • ADM built-in IPAM provider.
  • Infoblox IPAM solution. For more information, see Infoblox DDI.

Currently, you can use ADM IPAM in:

  • StyleBooks: Auto-Allocate IPs to virtual servers when you create configurations.
  • Kubernetes Ingress: Auto-assign a virtual IP address to an Ingress configuration in a Kubernetes cluster.

You can also track the allocated and available IP addresses in each network or IP range managed by ADM. For more information, see Configure IPAM.

[NSADM-48377]

Deploy internal applications in an Autoscale group

You can now deploy both internal and external applications in an Autoscale group to use ADM autoscaling solution. Earlier, you were able to deploy only external applications. To deploy an internal application in Autoscale group, see Autoscale configuration in AWS and Autoscale configuration in Azure.

[NSADM-47520]

New columns added in SSL Dashboard

New columns are added to the following tabs in SSL Dashboard:

  • SSL Certificates – The Key Strength column is added. You can filter SSL certificates using the Key Strength value.
  • SSL Protocols – The Protocol Type column is added. You can filter SSL protocols using the protocol type.

[NSADM-42191]

View application security violation details

Web applications that are exposed to the internet have become vulnerable to attacks drastically. Citrix ADM enables you to visualize actionable violation details to protect applications from attacks. Navigate to Security > Security Violations for a single-pane solution to:

  • Access the following application security violations:

    • HTTP Slow Loris

    • DNS Slow Loris

    • HTTP Slow Post

    • NXDomain Flood Attack

  • Take corrective actions to secure the applications

For more information, see View application security violation details.

[NSADM-48069]

Deploy Citrix ADM agent as a microservice

You can now deploy a Citrix ADM agent as a microservice in Kubernetes cluster. In Citrix ADM,

  1. Navigate to Networks > Agents, and click Set Up Agent

  2. Click Get Started, select the As a Microservice option, and click Next

    Microservice agent

  3. Specify the following parameters:

    1. Application ID – A string id to define the service for the agent in the Kubernetes cluster and distinguish this agent from other agents in the same cluster

    2. Agent Password – Specify a password for CPX to use this password to onboard CPX to ADM service through the agent

    3. Confirm Password – Specify the same password for confirmation

    4. Click Submit

  4. After you click Submit, you can download the YAML or Helm Chart

    Microservice download agent

  5. In the Kubernetes master, save the YAML file and use the command kubectl create -f <yaml file>

    For more information, see Getting Started

[NSADM-43971]

March 31, 2020

View multiple clusters and more filters in service graph

In service graph, you can now view:

  • Services that are associated with each cluster.

    Multiple clusters

  • More filters for:

    • Cluster – Displays all services applicable for the selected cluster or clusters.

    • Namespace – Displays all services applicable for the selected namespace.

      Note

      Depending upon the labels configured for the service in Kubernetes service definition YAML, you might also view more filter options.

      Filters

[NSADM-43985]

Distributed Tracing

In service graph, you can now use the trace information to:

  • Analyze the overall service performance

  • Visualize the communication flow between the selected service and its inter-dependent services

  • Identify which service indicates errors and troubleshoot the erroneous service

  • View transaction details between the selected service and its inter-dependent service. For more information, see Distributed Tracing

[NSADM-43976]

Validate the StyleBook contents before you import to ADM

When you compose a StyleBook in ADM YAML editor, you can now check for the StyleBook grammar errors without importing to ADM.

If there are errors in the StyleBook content, the ADM GUI displays the error details. You can correct the indicated errors and continue to edit, or import the StyleBook.

StyleBook validate

[NSADM-47978]

Improved StyleBooks error message display

The ADM GUI displays an error message if you import a StyleBook that has StyleBook grammar errors. Some error messages are now organized to display the error details. The error details include Error, Fix, Code, Name, and more depending on the error types. The Fix field provides information to resolve an issue.

StyleBook error

[NSADM-44274]

Import StyleBooks from any folder in a GitHub repository

You can now synchronize StyleBook files to ADM from any folder in a GitHub repository. Earlier, you were able to only import or synchronize StyleBook files that are present at the GitHub repository root folder.

For more information, see Import and synchronize StyleBooks from GitHub repository.

[NSADM-46147]

Audit ADC configuration against configuration pack

In StyleBooks > Configurations, you can now explicitly compare the changes made by a StyleBook configuration pack to the current ADC configuration. With this feature, you can do the following:

  • Detect the configuration drift between StyleBook configuration pack and ADC configuration.

  • Identify any modified and deleted objects on the ADC that do not reflect the changes made by the configuration pack.

To compare the configuration pack changes to the ADCs config, click Configuration Audit on the desired configuration pack.

For more information, see Audit ADC configuration against configuration pack.

[NSADM-45866]

Support for Citrix annotations to deploy an Ingress configuration

When you add content routing rules to an Ingress Configuration, you can now include the following Citrix annotations in the ADM GUI:

  • LB Method – Select the preferred load-balancing method to the selected Kubernetes service.

  • Persistence Type – Select the preferred load-balancing persistence type to the selected Kubernetes service.

After adding the content routing rules, you can view the selected LB method and persistence type in the Ingress specification. Review and deploy the Ingress configuration.

For more information, see Deploy Ingress configuration.

Citrix annotations

[NSADM-48414]

Instances indicate the deployment type with a notation

In ADM GUI, the instance IP addresses now indicate the deployment type. The following notations describe the deployment type:

  • In high-availability pair, P – Primary server and S – Secondary server.

  • C-Cluster

  • A-Autoscale Group

If an Instance has no notation, it indicates the standalone deployment.

[NSADM-41859]

March 03, 2020

Edit the deployment attributes in the StyleBooks Configuration Builder

Note

This feature is in preview.

The StyleBooks Configuration Builder helps you create an application configuration StyleBook and config pack from an existing ADC configuration. The configuration builder also automates the application configuration migration from one ADC instance to another instance.

The configuration builder wizard now allows you to edit deployment attributes for the selected application before it creates a StyleBook and config pack. You can now edit the IP address and port value of the virtual servers, services, and service group members in the original configuration.

After the application creation and migration is complete, a ConfigPack is created in Citrix ADM along with its corresponding StyleBook. This configuration pack has the new IP addresses and ports values. To view the created ConfigPack, navigate to Applications > StyleBooks > Configurations.

Edit deployment attributes

For more information, see Migrate ADC application configuration using StyleBooks Configuration Builder.

[NSADM-44197]

Ability to view all applications but edit only a subset of applications

When an administrator adds a user to a group that has different access policy settings, the user is mapped to more than one authorization scopes and access policies.

In this case, the ADM grants the user access to the applications depending on the specific authorization scope.

Consider a user who is assigned to a group that has two policies Policy-1 and Policy-2.

  • Policy-1 – View only permission to applications.

  • Policy-2 – View and Edit permission to applications.

Now, the user can view applications specified in Policy-1. Also, this user can view and edit the applications specified in Policy-2. The edit access to Group-1 applications are restricted as it is not under Group-1 authorization scope.

User access changes with authorization scopes

Earlier, the ADM considered the union of all group permissions to authorize a user. Based on the abovementioned example, the user was able to view and edit all the applications from Group-1 and Group-2. Because of this permission, the user was able to edit the resources that were not primarily authorized by the access policy.

For more information, see How user access changes based on the authorization scope

[NSHELP-5854]

Provision the Citrix ADM agent on Azure

You can now provision an ADM agent on Azure using the ADM GUI. The ADM agent on Azure automatically registers with Citrix ADM, you can view the registered agent in the Networks > Agents page. To provision an ADM agent on Azure, see Provision the Citrix ADM agent on Azure.

Provision agent on Azure

Alternatively, you can install the Citrix ADM agent from Azure Marketplace. For more information, see Installing Citrix ADM agent on Azure.

Select Australia region to set up the ADM service

You can now select Australia (ANZ) region to set up the ADM service. The Citrix ADM now supports the following regions:

  • United States (US)
  • Europe (EU)
  • Australia (ANZ)

Set up ADM service in Australia region

For more information, see Getting Started.

[NSADM-44447]

Run custom scripts before and after the upgrade maintenance job

When you upgrade your ADC instance by creating a maintenance job, ADM performs pre-validation check on the instances that you want to upgrade. The Pre-upgrade validation tab checks the following on the selected instances:

  • Checks for customizations.

  • Checks the disk usage and displays an error if the disk space is low.

  • Checks for disk hardware issues.

You can remove the failed instances and proceed to create an upgrade maintenance job.

In Custom Scripts, specify custom scripts to run before and after an instance upgrade. Use one of the following ways to run the commands:

  • Import commands from a file.
  • Type commands directly on the Citrix ADM GUI.

These scripts help you check the changes before and after upgrade. For example:

  • The instance version before and after upgrade.
  • The status of interfaces, high-availability nodes, virtual servers, and services before and after upgrade.
  • The statistics of virtual servers and services.
  • The dynamic routes.

Custom scripts to run before and after upgrade job

For more information, see Use jobs to upgrade Citrix ADC instances.

[NSADM-40534]

Upload the upgrade image to an instance during job execution

If you schedule an upgrade maintenance job, you can decide when you want to upload an upgrade image to an ADC instance. In Create Job, choose one of the following:

  • Upload Now – This option uploads the image to an instance immediately.

  • Upload at the time of execution – This option uploads the image to an ADC instance when the ADM runs the scheduled upgrade maintenance job.

Upload image at execution time

For more information, see Schedule upgrading of Citrix ADC instances.

[NSADM-44855]

The ADM Autoscale groups support C5, M5, and C5n AWS instance types

If you choose to create ADM Autoscale groups on AWS cloud, you can now provision ADC instances with C5, M5, and C5n AWS instance types. You can select these instance types to achieve high performance ADM autoscaling.

Note

The ADM GUI auto-populates the recommended AWS instance types for the selected ADC version. See, Create Autoscale groups.

For more information on AWS instance types, see AWS instance types.

[NSADM-40089]

Apply license to virtual servers using a policy

In Subscriptions, you can now configure a policy to apply license to virtual servers. Earlier, you were able only apply licenses to virtual servers either manually or automatically. You can now apply license by using a policy or manual or automatic.

By using policy, you can control the number of virtual servers you want to auto-license. And, apply license to selected instances’ virtual servers only.

When you edit a policy, you can specify the following:

  • Set virtual servers limit on CPX instances separately to apply licenses. The ADM applies license to virtual servers on CPX instances up to a specified limit.

  • Set virtual servers limit on selected ADC instances (MPX/VPX/BLX) to apply licenses. The ADM applies licenses to virtual servers on ADC instances up to a specified limit.

  • Select the priority ADC instances to apply virtual server licenses. Therefore, the ADM can apply license to selected instances’ virtual servers only.

    Virtual server licensing

The Auto licensed virtual servers and Auto-select non addressable virtual servers options are now independent. Earlier, you were able to enable Auto-select non addressable virtual servers only if you enable Auto licensed virtual servers.

[NSADM-35724]

View ADC capacity issues in ADM

When an ADC instance has consumed most its available capacity, packet-drop may occur while processing the client traffic. This issue causes low performance in an ADC instance. By understanding such ADC capacity issues, you can allocate more licenses proactively to steady the ADC performance.

To view ADC capacity issues,

  1. Navigate to Networks > Infrastructure Analytics.
  2. Expand the instance for which you want to view capacity issues.

The ADM polls these events every five minutes from the ADC instance and displays the packet drops or rate-limit counter increments if exists. The issues are categorized on the following capacity parameters:

  • Throughput Limit Reached – The number of packets dropped in the instance after the throughput limit is reached.
  • PE CPU Limit Reached - The number of packets dropped on all NICs after the PE CPU limit is reached.
  • PPS Limit Reached – The number of packets dropped in the instance after PPS limit is reached.
  • SSL Throughput Rate Limit – The number of times the SSL throughput limit reached.
  • SSL TPS Rate Limit – The number of times the SSL TPS limit reached.

The ADM calculates the instance score on the defined capacity threshold.

  • Low threshold – 1 packet drop or rate-limit counter increment

  • High threshold – 10000 packets drop or rate-limit counter increment

Therefore, when an ADC instance breaches the capacity threshold the instance score is impacted.

When packets drop or rate-limit counter increments, an event is generated under the ADCCapacityBreach category. To view these events, navigate to Accounts > System Events.

Capacity breach

If you want to view the ADC rate limit statistics for the selected period (hour/day/week/month), navigate to Network > Network Reporting.

[NSADM-40183]

View service details in Service Graph

In Service Graph, hover the mouse pointer on a service and click a service to view the following options:

  • View Details

  • Transaction Logs - Enables you to view the HTTP and SSL over HTTP transaction details. For more information, see View Web transaction logs.

The View Details option enables you to view:

  • The cluster name where the service is hosted

  • The namespace and service labels of the service

  • All associated incoming and outgoing services connected with the selected service

  • Service key metrics in a graph format such as Hits, Service response time, HTTP errors, Data Volume, SSL front-end errors, SSL back-end errors, TCP front-end errors, and TCP back-end errors

Using these key metrics trends, you can analyze how the service is performing for the selected time duration.

For more information, see View service details.

[NSADM-41297]

View Service Graph for applications (GSLB)

Note

This feature is in preview.

You can now view GSLB applications in Service Graph to view:

  • How the application is configured (with GSLB application, data center, ADC instance, CS, and LB virtual servers)

  • End-to-end views from client to services

  • The data center name where the client requests are processed and the associated data center Citrix ADC metrics

  • The GSLB virtual server status such as Critical, Review, and Good. Citrix ADM displays the virtual server status based on the app score.

  • Critical (red) - Indicates when app score < 40

  • Review (orange) - Indicates when app score is between 40 and 75

  • Good (green) - Indicates when app score is > 75

For more information, see Service Graph.

[NSADM-43967]

View 4xx and SSL metrics in Transaction Summary panel

The web transaction analytics Transaction Summary panel now enables you to view:

  • 4xx errors
  • SSL front-end and SSL back-end metrics

    Transaction Summary

For more details, see View analytics for web transaction.

[NSADM-43841]

View SSL metrics in Web transaction analytics

When you click a transaction in web transaction analytics, you can now view more metrics for SSL transactions. From these metrics, you can analyze if the SSL errors occur from client or server.

The following metrics are displayed for client and server:

SSL

For more details, see View analytics for web transaction.

[NSADM-43844]

The advanced search option in the web transaction analytics now enables you to save the search queries. You can then click the saved search query from the list, instead of using the suggestions and operators again. To save a search query, click the bookmark icon, specify a name of your choice, and click Save.

Save search

For more details, see View analytics for web transaction.

[NSADM-43843]

Fixed issues

Applications

  • The Application dashboard does not display applications from ADC HA pair and cluster.

[NSADM-47668]

  • Citrix ADM displays an error message in Application dashboard if no agent is added.

[NSADM-47444]

  • Application dashboard is displayed blank in IE 11 browser.

[NSADM-47812]

Analytics

  • If you enable Client Side Measurement on ADC instances AppFlow, the Citrix ADM AppFlow decoder log file process fails.

[NSHELP-21462]

Networks

  • The ADC host name is not displayed in Network Functions > GSLB.

[NSADM-47335]

  • The Network Reporting Dashboard does not display complete data for 1-month duration.

[NSHELP-21731]

February 11, 2020

New and enhanced features

StyleBooks configuration displays a new column

In Applications > StyleBooks > Configurations, a StyleBook Configuration (config pack) now displays the last updated time on the configuration tile.

Last updated time config pack

[NSADM-45811]

Fixed issues

Analytics

  • The weekly reports for Web Insight and HDX insight are not displayed.

    [NSADM-46149]

Applications

  • The default duration in the Application Dashboard to view app analytics is changed to 15 minutes.

    [NSADM-46980]

  • When you create a custom application using the StyleBook configuration, the edit and delete options do not work as expected.

    [NSADM-46821]

Licensing

  • The pooled capacity option does not appear under Bandwidth License type at the first time.

    Workaround:

    1. Select Virtual CPU Licenses from the License Type list.

    2. Change the selection to Bandwidth License to select the Pooled Capacity option.

    [NSADM-40129]

Networks

  • When you create a configuration job with many commands, the Abort option is not displayed in Action tab.

    [NSADM-47041]

February 03, 2020

New and enhanced features

Service Graph for applications

Using the service graph feature from the application dashboard, you can view:

  • Details on how the application is configured (with content switching virtual server and load balancing virtual server)
  • End-to-end views from clients to services
  • The location from where the client is accessing the application
  • Metrics details for client, service, and virtual servers
  • If the errors are from the client or from the service
  • The service, virtual server, and client status such as Critical, Review, and Good.

For more information, see Service Graph.

[NSADM-41898]

An improved application dashboard

Using the application dashboard, you can now view the following new features:

  • Application status (Critical, Fair, Good, and Not Applicable)
  • Details of the application (load balancing or content switching) configuration
  • Details of services associated with the selected application
  • Metrics details for the selected application, such as application response time, throughput, requests per second, error percentage, total connections, and data volume in the form of graph
  • All issues applicable for the selected application

For more information, see Applications.

[NSADM-32894]

Performance indicators in App Analytics

Citrix ADM now shows the following new application performance indicators that occur in Citrix ADC web application:

  • Improper Persistence Type
  • Unstable Server (5xx)
  • Session Reuse Recommendation (SSL)
  • SSL Real Time Traffic
  • Unusually large HTTP headers
  • TCP reassembly queue limit hits
  • SurgeQueue Buildup

You can view these application issues by navigating to Applications > Dashboard and then by selecting an application.

For more information, see Performance indicators for application analytics.

[NSADM-39779]

Web Application Firewall support in Citrix ADM

The following new Web Application Firewall (WAF) protection policies are enabled in Security Insight, which highlight violation patterns for WAF:

  • APPFW_BUFFEROVERFLOW_QUERY
  • APPFW_BUFFEROVERFLOW_TOTAL_HDR

[NSADM-43541]

StyleBooks configuration display ADC instance host name

A StyleBooks configuration (config pack) now displays the ADC instance host name along with the IP address on the configuration tile. You can now search StyleBook configurations by using either the host name or its IP address.

[NSADM-42517]

Remove unreachable Kubernetes clusters

You can now remove Kubernetes Ingresses from ADM service even when the cluster is unreachable or no longer exists. After you delete the Ingresses on the cluster, you can also delete the parent cluster regardless of its reachability.

[NSADM-45612]

Process Ingress events with Citrix Ingress class

The Citrix ADM ServiceNow processes the Ingress events that have Citrix Ingress class annotation (kubernetes.io/ingress.class: Citrix) only. Also, Ingress specifications generated by ADM service contain Citrix Ingress class annotation.

[NSADM-45613]

Configure pooled capacity license on Citrix ADC FIPS instances

Now you can configure pooled capacity license on Citrix ADC MPX and VPX FIPS license. For more information, see Configure pooled capacity.

[NSADM-31742]

New default polling time for network function entities

The default polling time of network function entities is changed from 30 to 60 minutes. By default, Citrix ADM service automatically polls configured network function entities every 60 minutes.

For more information, see How Citrix ADM polls managed instances and entities.

[NSADM-44078]

Advanced filter with regex pattern matching

You can now filter failure objects, configuration commands, and messages by using regular expression pattern matching. Earlier, you were able to use only asterisk (*) pattern matching to filter events.

For more information, see Define an event rule.

Enable advanced filter with regex matching

[NSADM-43614]

View and edit feature-specific export reports

Citrix ADM displays feature-specific scheduled export reports under individual ADM features, which you can view, edit, or delete. For example, to view the export reports of Citrix ADC instances, navigate to Network > Instances > Citrix ADC and click the export icon. The Export Reports page displays all the export reports of ADC instances. Earlier, ADM scheduled export reports were listed under Account > Export Schedules.

For more information, see Export or schedule export reports.

[NSADM-43329]

View and download Citrix ADC SSL certificates

The Citrix ADM GUI displays all SSL certificates of the discovered Citrix ADC instances. To view and download SSL certificates of ADC instances, navigate to Networks > SSL Dashboard > SSL Certificate files on Citrix ADC.

[NSHELP-6556]

Rename configuration jobs and templates

You can now rename custom configuration jobs and custom audit templates in Citrix ADM.

Rename custom configuration jobs

[NSADM-42945, NSHELP-6488]

A new column for secondary instance status

In the Citrix ADM GUI, now you can check the status of the secondary instance of a high-availability pair, under Networks > Instances. For example, when you click Citrix ADC, you see a new column for secondary instance status. The Citrix ADM GUI displays the secondary instance status on the instance overview page. Now you can view the status under the Secondary Node State column and Dashboard.

Secondary node state

[NSHELP-6236]

Fixed issues

  • In App Dashboard, when you define a custom application using StyleBooks the StyleBooks appear at the bottom of the page which was difficult to navigate.

    With this fix, the StyleBooks appear on the new page. After you specify the details for the selected StyleBook, the new application appears on the App Dashboard.

    [NSADM-45241]

  • If you upload a file that has multiple periods (.) in the file name to create a configuration job, the Citrix ADM GUI displays an error. As a result, no configuration job is created.

    [NSADM-45748]

December 17, 2019

New and enhanced features

Support for Citrix ADM agent failover

The agent failover can occur in a site that has two or more registered agents. When an agent becomes inactive (DOWN state) in the site, the Citrix ADM service redistributes the ADC instances of the inactive agent with other active agents.

To achieve an agent failover, select the required Citrix ADM agents one by one and attach to the same site. For more information, see Configure Citrix ADM agents for multisite deployment.

[NSADM-30048]

View the Citrix ADC configuration drift in two modes

In the Citrix ADM GUI, you can now view the configuration drift in two modes.

  1. Template vs running: The ADM service compares the audit template configuration with the running configuration on the instance.

  2. Template vs Running and Running vs Template: The ADM service compares the configuration from both ways:

    • Compares the audit template configuration with the running configuration on the instance.

    • Compares the running configuration on the instance with the audit template.

After comparison, the Citrix ADM GUI displays the difference between the audit template and the running configuration. Also, it displays the commands to correct the running configuration to the audit template.

By default, the Template vs running drift setting is selected. To modify the drift setting, from the ADM GUI, select Settings in the Configuration Audit page.

Bidirectional config drift setting

For more information, see Template vs Running Diff.

[NSHELP-6463]

Run a configuration job on a Citrix ADC secondary node

In a Citrix ADC high-availability pair, now you can select either the primary node or the secondary node or both the nodes to run a configuration job. If you don’t specify the node, the configuration job runs automatically on the primary node.

Earlier, you were able to run configuration jobs only on the primary node. For more information, see How to create a configuration job.

[NSHELP-6567]

Expiry notification for check-in check-out license

When you log on to the ADM service, a system alert message is displayed if your check-in check-out license is about to expire. To get the alert, you must configure license notification. For more information about how to configure, see Expiry checks for virtual server licenses.

Expiry notification for CICO licenses

[NSADM-42655]

Bandwidth details in pooled capacity licensing notification

Expiry notification for ADM pooled capacity licensing now includes bandwidth details. You can see the bandwidth that is about to expire out of the total pool. Previously, the bandwidth details were available only in the GUI. To get expiry notification, you must configure the ADM service. For more information, see Expiry checks for virtual server licenses.

[NSADM-39332]

View instance details in Infrastructure Analytics

In infrastructure analytics, when you click an instance IP address, you can now view the following details in the Overview tab:

  • Instance score, issue categories affecting the instance score, and other instance details.

  • Key metrics of the instance such as CPU usage, memory usage, throughput, HTTPs requests/sec, TCP connections, and SSL transactions.

  • Details of all issues that affect the instance score.

For more information, see Infrastructure Analytics.

[NSADM-42276]