What’s new

This topic lists the new features, enhancements to existing features, and fixes available in a release.

The Citrix Application Delivery Manager (ADM) agents are, by default, automatically upgraded to Citrix ADM latest build. You can view the agent details on the Networks > Agents page. You can also specify the time when you want the agent upgrades to happen. For more information, see Configuring Agent Upgrade Settings.

July 24, 2020

App Security Violations - Network

You can now view the Segment Smack Attack as part of the network violations in App Security Violations. For more information, see App Security Violations.

[NSADM-46025]

Service Graph for Kubernetes applications - View client metrics for troubleshooting issues

In Service Graph for Kubernetes applications, you can now view from which location the client is accessing the service. As an administrator, you can visualize the client metrics and analyze the issues that occur from the client.

For more information, see View details in service graph.

[NSADM-54335]

Support for In-Service-Software-Upgrade

You can now select the In-Service-Software-Upgrade (ISSU) option while creating an upgrade job. ISSU ensures the zero downtime upgrade on an ADC high-availability pair. The ISSU feature provides a migration functionality that honors the existing connections during upgrade. So, you can upgrade an ADC HA pair without downtime.

ISSU upgrade option

[NSADM-43357]

Dynamically list the ADM IP address Management (IPAM) networks in StyleBooks

You can now build a StyleBook that allows a user to select an ADM IPAM network from which it auto-allocates an IP address. The IPAM networks list is dynamically retrieved from ADM. Earlier, you were able to select the IPAM networks that are mentioned in the StyleBook definition.

A new attribute dynamic-allocation is now added in the parameter definition of type:ipaddress. It can take true or false as an input. When you set its value to true, a user can select a network from the list of the IPAM networks found in ADM. Then, the ADM auto-allocates an IP address from the selected network.

Example:

  -
    name: virtual-ip
    label: "Load Balancer IP Address"
    type: ipaddress
    dynamic-allocation: true
    required: true

In this example, the virtual-ip field lists the IPAM networks that are in ADM. Select a network from the list to auto-allocate an IP address from the network. The IP address is released back to the network when the configuration is deleted.

[NSADM-54246]

User authorization improvements to StyleBooks and configuration packs

As an administrator, you can now have a better control on authorizing specific Stylebooks and configuration packs to user groups in the Account > User Administration > Groups page. The StyleBooks and Configpacks sections in Authorization Settings are now improved with the following changes:

  • StyleBooks – You can now specify the authorized list of StyleBooks using a filter expression that can contain regular expressions.

    Example:

    name=lb-mon|lb AND namespace=com.citrix.adc.stylebooks AND version=1.0

    This query lists the StyleBooks that meet the following conditions:

    • StyleBook name is either lb-mon or lb.

    • StyleBook namespace is com.citrix.adc.stylebooks.

    • StyleBook version is 1.0.

  • Configuration packs – You can now authorize the user for configuration packs that belong to the selected StyleBooks. To do so, select All configurations of the selected StyleBooks in the Configpacks section.

    New option to select configuration packs

[NSADM-52334]

July 15, 2020

Export ADM reports in a tabular format

You can now export ADM reports in a tabular format or a snapshot. You can also choose how many data records to export in a tabular format. Earlier, you were able to export reports only as a snapshot.

ADM reports in tabular format

For more information, see Export or schedule export reports.

[NSADM-52461]

Generate network reports for load-balancing service groups

You can now create a network-reporting dashboard for both load-balancing service groups and services. Earlier, you were able to create a dashboard for load-balancing services only.

Network reports for load-balancing service groups

This dashboard can display the following reports for the selected service groups:

  • Connections: for the client and server connections counters.
  • Throughput: for request and response bytes counters.
  • Time to First Byte (TTFB): for the average time taken to send a request packet to a service group and receive the first packet from the service group. This response time is called as TTFB.

For more information, see Network reporting.

[NSADM-51596]

Support for authentication, authorization, and auditing polling and network reports

Citrix ADM now polls authentication, authorization, and auditing (Citrix ADC AAA) events from an ADC instance and allows you to visualize their trend in Network Reporting. The ADM GUI includes the following Citrix ADC AAA network reports to create a dashboard:

  • HTTP Authentication Success vs Failures
  • Non-HTTP Authentication Success vs Failures
  • AAA Sessions
  • Current AAA Sessions
  • Current ICAOnly Sessions
  • Current ICAOnly Connections
  • Current ICA(SmartAccess) Connection
  • Authentication Success and Failures

For more information, see Network Reporting.

[NSADM-51372]

Associate StyleBook tags with their configuration

In StyleBooks, the Label term is renamed to Tag. You can now associate the StyleBook tags with their configuration pack. So, you can search the configuration packs using the StyleBook tags itself. When you create a configuration pack, use one the following options in the Tag Association section:

  • Associate all present and future StyleBook tags with the configuration – This option associates all the StyleBook tags to a configuration pack. It also makes sure to associate the new tags that you might add to the StyleBooks in future.
  • Select tags – This option displays the tags of the selected StyleBook. You can select the required StyleBook tags and associate with a configuration pack.

    StyleBook tags and configuration

For more information, see Create a tag for the StyleBook.

[NSADM-53600]

StyleBooks support conditional parameters

You can now dynamically control a parameter’s appearance or its initial value in the StyleBook configuration form based on the value specified in another parameter. To do so, use the dependent-parameters attribute in the parameter definition. This attribute is newly added as a new gui subattribute. Specify this attribute on a source parameter that controls the parameter’s behavior on the form. In this attribute, you can include multiple conditions that control other parameters. For example, a source parameter protocol can have a dependent-parameter certificate, which only appears if the protocol parameter value is SSL. Each condition can have the following attributes:

  • target-parameter: Specify the target parameter to which this condition applies.
  • matching-values: Specify the list of values of the source parameter that trigger the action.
  • action: Specify one of the following actions on the targeted parameter:
    • read-only: The parameter is made read-only.
    • show: The parameter appears in the form if it is hidden.
    • hide: The parameter is removed from the form.
    • set-value: The parameter value is set to the value specified in the value attribute
  • value: The value of the target parameter if the action is set-value

When a user input matches the specified values on the source parameter, the target parameter’s appearance or value changes according to the specified action.

For more information, see dependent-parameters.

[NSADM-52329]

View users who created or updated a StyleBook configuration

In StyleBook > Configurations, a new column is added that display users who created or last updated the configuration pack. If you want to filter configuration packs by users, select the Created By option from the properties list to filter configuration packs.

[NSADM-52336]

Use a script to enable zero-touch agent in AWS

When you launch an ADM agent in AWS, you can now specify an agent auto-registration script as user data. An example script is provided in Install Citrix ADM agent on AWS. This script fetches the authentication details from the AWS secrets manager and runs the deployment.py script to register the agent with the ADM service. Alternatively, you can still do any of the following:

  • Specify the actual authentication details in user data that auto-registers the agent during boot-up.
  • Use the deployment_type.py script to register an agent after it boots up successfully. For more information, see Install Citrix ADM agent on AWS.

[NSADM-55322]

WAF learning in Citrix ADM

As an administrator, you can now configure learning profiles to generate the relaxation rules list:

  • Only for the selected web applications
  • Only for the selected profile names

For more information, see Configure the learning profile.

[NSADM-49494]

App security violations - Network

Apart from the existing app security violations, you can now view the following violations as part of the Network violations:

  • HTTP desync attack
  • Bleichenbacher attack

For more information, see Application security violation details.

[NSADM-49468], [NSADM-46460]

View ingress metrics and ingress details for troubleshooting

In service graph, you can now view:

  • Ingress metrics
  • Ingress details (drill down)
  • The type of ingress used
    • Tier 1 ingress – Citrix Ingress Controller inside the Kubernetes cluster configures a Citrix ADC instance (VPX/MPX/SDX/BLX) outside the Kubernetes cluster.
    • Tier 2 ingress – Citrix Ingress Controller running as a sidecar along with Citrix ADC CPX instance inside the Kubernetes cluster.

      Note: You can view Tier 1 ingress and Tier 2 ingress only if you have configured a two-tier architecture (Tier 1 ingress using ADC as MPX/VPX/SDX/BLX and Tier 2 ingress using ADC as CPX) in the Kubernetes cluster.

For more information, see View ingress details for troubleshooting issues

[NSADM-53755]

Improvements to 3-tier web applications service graph

The 3-tier web applications service graph is now improvised with the following changes:

  • The services are grouped and only the top four low scored services are displayed.

    3-tier web applications service graph

    Click More Services to view all services based on its status such as Critical, Review, and Good.

    More services in service graph

  • The Hits and Errors bar graph is not visible.

    Earlier

    Previous Hits and Errors bar graph

    Now

    New Hits and Errors bar graph

  • The network functions metrics are updated.

    Earlier

    Previous network functions metrics

    Now

    New network functions metrics

[NSADM-52147]

Improvements to Gateway Insight

In Gateway Insight, you can now view the following enhancements for the gateway users. As an administrator, these enhancements enable you to get a complete user information when you export the report. Navigate to Analytics > Gateway Insight > Users and select a user to view:

  • The user Active Sessions and Terminated Sessions.

    Gateway Insight active and terminated sessions

  • The gateway domain name and gateway IP address in Active Sessions.

    Gateway Insight active session

  • The user login duration.

    Gateway Insight login duration

  • The reason for the user logout session. The logout reasons can be:

    • Session timed out
    • Logged out because of internal error
    • Logged out because of inactive session timed out
    • User has logged out
    • Administrator has stopped the session

      Gateway Insight logout session

[NSADM-52763], [NSADM-52767], [NSADM-52764], [NSADM-53496]

Support for built-in agent for SDX instances

Citrix ADM built-in agents are now available on SDX instances. Further, you can initiate the built-in agent by using MASTools. For more information, see Configure the ADC built-in agent to manage instances.

Fixed issues

Analytics

When ADM collects the ADC metric information, CPU usage becomes high.

[NSADM-56374]

Systems

When you enable Prompt Credentials for Instance Login in the System Settings page, the ADM GUI doesn’t display the license information in the Instance dashboard.

[NSHELP-23944]

Networks

Under Networks > Licenses, the ADM GUI displays incorrect license information for managed instances, if the number of managed instances is more than the maximum limit of 58 instances. With the fix, the limit for maximum instances is increased to 1000.

[NSHELP-23956]

June 30, 2020

App security violations – Excessive Unique IPs per Geo

The Excessive Unique IPs per Geo indicator now enables you to view a Geo map that displays the total anomalies based on regions. The graph indicates the relevant violation details from the selected region.

Excessive unique IPs per geo

For more information, see Excessive Unique IPs per Geo.

[NSADM-52555]

Improvements to Gateway Insight

In Gateway Insight, you can now view the following enhancements:

  • User details - You can view insights for each user associated with the ADC Gateway appliances. Navigate to Analytics > Gateway Insight > Users and click a user to view insights for the selected user such as Session Mode, Operating System, and Browsers.

    User details

  • Users and applications for the selected gateway - Navigate to Analytics > Gateway Insight > Gateway and click a gateway domain name to view the top 10 applications and top 10 users that are associated with the selected gateway.

    User and application

  • View more option for applications and users – For more than 10 applications and users, you can click the more icon in Applications and Users to view all users and applications details that are associated with the selected gateway.

    View more

  • View details by clicking the bar graph – When you click a bar graph, you can view the relevant details. For example, navigate to Analytics > Gateway Insight > Gateway and click the gateway bar graph to view the gateway details.

    Bar graph

[NSADM-53489], [NSADM-53508], [NSADM-53906], [NSADM-52768]

Ability to add an ADC instance without valid credentials

When you add an instance in Citrix ADM for the first time, you can now add the instance even without valid credentials. After the instance is added, it appears in the DOWN state in the Networks > Instance > Citrix ADC page, with a Login Failed warning. Specify the correct credentials to manage the instance in ADM.

Add an instance without credentials

If the instance is unlicensed, the License option appears when you select the instance. Click License to apply the license to an instance from the license pool.

[NSADM-44856]

View ADC FIPS instance pool under the Pooled Capacity page

The ADC FIPS instances can now check out licenses from the FIPS instance pool. Therefore, the ADM GUI displays the allocated pooled licenses to FIPS instances under Networks > Licenses > Bandwidth Licenses > Pooled Capacity page.

[NSADM-51207]

Autoscale group applications in Azure support UDP traffic

The Autoscale group applications that are in Azure can now receive UDP traffic. When you configure an application to the Autoscale group, select the UDP protocol and port value to allow UDP traffic.

Autoscale group applications support UDP traffic

With this feature, the following Autoscale group Stylebooks are newly added to configure an application:

  • lb-mon-autoscale-v1.4
  • cs-lb-mon-autoscale-v1.3

[NSADM-53288]

Fixed issues

Licensing

The instance license status appears as Sync-In-Progress instead of Managed when the following conditions are met:

  1. The multiple licenses belong to the same edition and pool.
  2. An ADC instance checks out the license from the pool.

[NSADM-55928]

System

  • Syslog messages do not appear in the ADM GUI.

    [NSADM-55822]

  • When you change the user’s group, the password complexity error appears.

    [NSHELP-23497]

June 22, 2020

Select multiple target instances at one time

When you want to deploy the same configuration pack to multiple ADC instances, you can now select the required ADC instances at one time. Earlier, you had to select the instances one by one to deploy the configuration pack. With this feature, you can also filter instances to select the required instances.

Multiple target instances

[NSADM-50115]

View the instance distribution by their minor versions

The Instance Dashboard now displays the managed instances’ distribution by their minor versions. The Version graph helps you visualize the device count for every minor version.

Instance distribution

[NSADM-42183]

Improvements to global service graph

As an administrator, the single-pane view in the global service graph might be difficult for you to monitor the infrastructure to application views, when you have:

  • A large enterprise with many data centers

  • Configured many Citrix ADC instances for each data center

  • Configured many applications deployed or accessed through each Citrix ADC instance

The improved global service graph now eliminates the disorganized view and enables you to view:

  • The data center grouped with its total Citrix ADC instances

  • Only the top four low-scored Citrix ADC instances from each data center

    ADC group

Click More ADCs to view all Citrix ADC instances by selecting the respective status (Critical, Review, Good, and Not Applicable) tabs. Click the instance IP address to view the instance details such as instance score, key metrics, and issues associated with the ADC instance.

Note

You can also click the instance from the global service graph to view the Citrix ADC instance details.

More ADCs

[NSADM-53249]

Fixed issues

Analytics

  • In Web Transaction Analytics, the saved searches are not displayed after a page refresh.

    [NSADM-53722]

  • In Analytics > Web Insight, the expected data is not displayed for all metrics pages (Client, Server, URLs, Request methods, Response status , User agents, and Operating systems)

    [NSADM-53632]

  • Even after configuring the right RBAC, the applications in Applications > App Dashboard and the virtual servers in Network Function > Load Balancing are not displaying the expected data, once a new stylebook/configpack is added by the user of the group.

    [NSHELP-23101]

GUI

  • In a VPN connection, ADM is unable to connect to the ADC GUI using SSO (Single Sign On).

    [NSHELP-23099]

June 04, 2020

Deliver your AWS application in three steps at your first login

When you log on to the ADM GUI for the first time, you can deliver an application that is in AWS using ADC instances in just three steps:

  1. Register your AWS account with the Citrix ADM service by creating a Cloud Access Profile.

  2. Prepare your AWS environment by specifying the AWS region, VPC details, and ADC licenses.

    The AWS environment comprises of AWS infrastructure, ADM agent, and ADM Autoscale group. In this step, the ADM creates the following:

    • A CloudFormation stack in AWS to create the required infrastructure that includes subnets, security groups, NAT gateways, and so on.

    • An ADM Agent in the VPC to manage ADC instances.

    • An ADC Autoscale group. You can customize this group later in the Networks > Autoscale Group page.

  3. After successful environment preparation, configure applications using StyleBooks to deliver your application.

After the first logon, if you want to Autoscale ADC instances, see Autoscaling of Citrix ADC using Citrix ADM.

For more information, see Getting started.

[NSADM-47626]

Maintain a spare node in your Autoscale group

When you specify parameters to create an Autoscale group, you can now choose to maintain a spare node to achieve faster scale-out.

ADM provisions a spare node before the scale-out action occurs and shuts it down. When the scale-out action occurs for the Autoscale group, the ADM starts the spare node that is already provisioned. As a result, it reduces the time taken for scale-out.

Spare node in Autoscale

For more information, see Configure Autoscale parameters.

[NSADM-48191]

Configure an Autoscale group application using auto-generated FQDN

When you configure an application for the Autoscale group, you can now select auto-generated FQDN type. This option automatically generates the domain and zone name.

If you choose user-defined FQDN type, you must specify the domain and zone name to configure an application. For more information, see configure applications using StyleBooks.

[NSADM-51494]

Monitor API instances and endpoints in ADM

As an administrator, you can add and deploy API definitions on an API Gateway in Citrix Application Delivery Management (ADM). With this feature, you can add policies to define the traffic selection criteria to authenticate incoming API requests. The API Analytics page displays the following metrics of API instances and endpoints:

  • Distribution of application and server response time for API endpoints.
  • API endpoints that have high application and server response time.
  • API endpoints that have more requests and bandwidth.
  • Locations from where the endpoints receive API requests.
  • The trend of total and dropped API requests to an endpoint.
  • HTTPS response status.
  • API endpoint bandwidth consumption.
  • SSL errors and usage on an API endpoint.

API dashboard overview

For more information, see Manage API definitions.

[NSADM-47869]

Improvements to service graph

Service graph is updated with a few thematic changes. You can also experience a few minor UI updates:

  • FAQs’ link – To view more troubleshooting scenarios for service graph that display partial and no data issue.

Service graph FAQ link

  • Change in ADC processing time metric – This metric displays 0, instead of < 1 ms. This change is applicable only for ADC instances that are in Out of Service or Down status.

  • Hexagon to represent a microservice application – Service graph now displays a microservice application in the hexagon symbol.

Service graph hexagon

  • View ADC instance details – Click an ADC instance from service graph for applications (Applications > [app name] > Service Graph). This page displays ADC instance details such as instance score, key metrics, and issues.

  • Global service graph to display microservice applications – The microservice applications appear based on the configured thresholds.

Depending upon the score, you can view the microservice applications in red (critical), orange (review), and green (good).

  • Namespace filter to display corresponding services – The service graph now displays the corresponding services along with client and ingress.

Service graph namespace filter

[NSADM-51973]

View applications from the Infrastructure Analytics page

When you select an instance in the Infrastructure Analytics page, you can view the number of applications deployed on the instance. Click the applications link to view those applications.

Infra analytics applications link

[NSADM-43848]

A new UI text for SNMP V2

While adding an ADC instance in the ADM GUI, under SNMP, if you select SNMP V2 now the following message appears: “SNMP V3 is more secure and recommended.” By default, SNMP V3 is selected.

SNMP v2 UI text

For more information, see Adding instances.

[NSADM-51179]

Agent as a new search property

Under Networks > Instances > Citrix ADC, now you can search instances by the associated agent. Click the search icon and select Properties > Agent.

Search property agent

For more information, see How to search instances using values of tags and properties. [NSADM-47424]

Change agent default password

To ensure security of your infrastructure, now you can change the default password of an agent. To change the password, from the GUI, navigate to Networks > Agents and click Select Action and select Change Password.

Change agent default password

For more information, see Getting started.

[NSADM-47521]

Use ADM to provision ADC instances on SDX

You can now provision one or more Citrix ADC instances on the SDX appliance, by using ADM. The ADM service implicitly deploys the Citrix ADC instance on the SDX appliance and then downloads configuration details of the instance.

Use ADM to provision instances on SDX

For more information, see Provision ADC VPX instances on SDX using ADM.

[NSADM-23845]

Fixed issues

Analytics

In Gateway Insight, the export report for CSV format is not working as expected.

[NSHELP-22780]

GUI

The save favorites menu sometimes displays a javascript error.

[NSADM-52856]

Licensing

The unhandled timeout exceptions and deadlock conditions cause pooled licensing feature not working as expected.

[NSHELP-22729]

May 15, 2020

View diagnostic details for partial or no data in service graph

After you complete the required service graph configuration and add the Kubernetes cluster in Citrix ADM, the service graph starts to populate data. In some scenarios, you might observe that service graph displays either partial data or no data. Some of the possible reasons for the partial data or no data in service graph are:

  • Static route is not configured
  • Kubernetes cluster status is down
  • CPX registration is failed
  • CPX virtual servers are not licensed
  • The required analytics configuration is not set that prevents service graph to load all data

As an administrator, you might find it difficult to analyze the reasons when you see the service graph feature displaying partial data or no data.

The service graph page now enables you to view the possible reasons and required actions to troubleshoot the partial data or no data issue. For more information, see View diagnostic details.

[NSADM-47865]

A simplified process to view errors in service graph

In service graph, the process to view the HTTP and SSL errors is simplified. You can now view the total errors by hovering the mouse pointer on an erroneous service and clicking the error count.

View service graph errors

[NSADM-47864]

View microservice applications in app dashboard

In App Dashboard, you can view the microservice applications details that are configured from Citrix ADC CPX instance in the Kubernetes cluster. The App Type filter has a new K8s_Discrete option that enables you to apply filter and view the microservice application details.

Filter for microservice

For more information, see View microservice app details.

[NSADM-47863]

WAF learning in Citrix ADM

Citrix Web App Firewall (WAF) protects your web applications from malicious attacks such as SQL injection and cross-site scripting (XSS). To prevent data breaches and provide the right security protection, you must monitor your traffic for threats and real-time actionable data on attacks. Sometimes, the attacks reported might be false-positive and those attacks need to be provided as an exception. The learning engine on Citrix ADM is a repetitive pattern filter that enables WAF to learn the behavior (the normal activities) of your web applications. Based on monitoring, the engine generates a list of suggested rules or exceptions for each security check applied on the HTTP traffic. As an administrator, you can then view those violations list in Citrix ADM and decide to deploy or skip. For more information, see WAF learning in Citrix ADM.

[NSADM-44341]

App security violations - Excessive Unique IPs per Geo

Apart from the existing app security violations, you can now view Excessive Unique IPs per Geo as part of the Bot category. The Excessive Unique IPs per Geo indicator enables you to analyze and block the bad bots making more visits to a web application from a particular location. For more information, see Excessive unique IPs per geo.

[NSADM-43982]

Application usage analytics

Application owners must have the ability to evaluate and visualize the complete application from the perspectives of performance and usage.

The improvised App Dashboard enables you to view all the application performances and usage metrics together. When you click an application, alongside the existing application performance metrics, the Usage tab displays the metrics details that help you:

  • Understand your application usage.

  • Correlate any performance deviations with the usage metrics.

If the application has two or more virtual servers, select the virtual server from the list.

Usage app dashboard

Using the App Dashboard, as an administrator, you can visualize a single-pane view for the following metrics:

  • Clients
  • Servers
  • Geo locations
  • URLs
  • HTTP Response Status
  • Operating system
  • Browsers
  • SSL errors
  • SSL usage

For more information, see Application usage analytics.

Global service graph: A holistic visualization of users, infrastructure, and applications

Note

This feature is in preview.

The global service graph feature enables you to get a holistic visualization of the clients to infrastructure to application view. From this single-pane service graph view, as an administrator, you can:

  • Understand from which region the users are accessing the specific applications (3-tier Web apps and microservices app)
  • Visualize the infrastructure (Citrix ADC instance) view that the client request is processed
  • Understand if the issues are occurring from the client, infrastructure, or application
  • Further drill down to troubleshoot the issue

Navigate to Applications > Service Graphs > Global Service Graph to view:

  • End-to-end details of all applications connected from client to back end servers.
  • All Citrix ADC instances that are connected to its respective data centers. Note: You can view data centers only if you have GSLB apps.
  • The client metrics information.
  • The Citrix ADC metrics information.
  • All Citrix ADC instances that have discrete applications, custom applications, and discrete microservice applications.
  • The top four low-scored applications that belong to custom apps, discrete apps, and microservices apps.
  • The metrics information for the top four low-scored virtual servers.
  • The applications (discrete apps, custom apps, and microservices apps) status such as Critical, Review, Good, and Not Applicable.

For more information, see Holistic view of all applications in service graph.

[NSADM-47425]

Customize StyleBooks filter to provide user authorization

As an administrator, you can authorize specific Stylebooks to a user in the Account > User Administration > Groups page. You can now use a custom Filter query to search StyleBooks. A query is a string of key-value pairs where keys are as follows:

  • Name
  • Namespace
  • Version

For example: name=lb-mon OR namespace=com.citrix.adc.stylebooks OR version=1.0

The search result lists the StyleBooks based on the specified key-value pair. Based on the specified query, the ADM provides user access to those StyleBooks.For more information, see Configure groups on Citrix ADM.

[NSADM-49446]

Import StyleBooks with an icon

When you import a StyleBook, you can now include an icon with it. In Applications > StyleBook, the imported StyleBook appears with an icon.

StyleBook icon

For more information, see Import custom StyleBooks

[NSADM-45810]

Use new built-in functions in StyleBooks

When creating StyleBook definitions, ADM StyleBooks now supports the following built-in functions:

  • startswith() – Determines whether a string begins with a given prefix. Learn more.
  • contains() – Determines whether a string contains a given substring. Learn more.
  • endswith() – Determines whether a string ends with a given suffix. Learn more.](/en-us/citrix-application-delivery-management-service/stylebooks/stylebooks-grammar/built-in-functions.html#endswith)
  • substring() – Extracts a substring from a string. Learn more.](/en-us/citrix-application-delivery-management-service/stylebooks/stylebooks-grammar/built-in-functions.html#substring)

[NSADM-45889]

StyleBook configuration builder supports ADC WAF feature

The StyleBook configuration builder now recognizes and supports WAF feature in an ADC source configuration. For more information about supported ADC features, see Migrate Citrix ADC application configuration using StyleBooks Configuration Builder.

[NSADM-48941]

Confirm license consumption before application deployment

When you create an application using StyleBooks, you can confirm the required license consumption before deploying the application. The following message appears after you complete the steps to create an application:

Confirm license consumption

Click Yes to the confirmation message. The ADM allocates the required licenses to an application. Earlier, you had to enable the Auto licensed virtual servers option to create an application using StyleBooks. Now, you can still create an application even if the Auto licensed virtual servers option is disabled.

For more information, see Create an application using StyleBook.

[NSADM-51306, NSADM-47184]

Fixed issues

Networks

When you export a CSV report for all performance reports including load balancing virtual servers report, the exported report appears blank.

[NSHELP-22465]

Under Networks > Configuration Audit > Audit Reports, for any selected ADC instance, the following actions do not work:

  • Revision history diff
  • Pre vs. Post upgrade diff
  • Download configuration

[NSADM-51310]

Upgrade scripts fail to download, and the “File not Found” error message appears. This issue occurs when you download the scripts after a maintenance upgrade job is successfully completed.

[NSADM-48809]

Analytics

The unusually large upload and download transaction indicators in Citrix ADM GUI do not display analytics data as expected.

NSADM-50930]

April 28, 2020

View application security violation details

Apart from the existing network violations, you can now view violations for bot and WAF categories. The following are the violations that you can visualize in Citrix ADM:

BOT WAF
Excessive Client Connections Unusually High Upload Transactions
Account Takeover Unusually High Download Transactions
Unusually High Upload Volume Excessive Unique IPs
Unusually High Request Rate  
Unusually High Download Volume  

For more information, see View application security violation details.

[NSADM-40227], [NSADM-43969], [NSADM-43974], [NSADM-43977], [NSADM-43980], [NSADM-43984]

View reports for bot signature updates

In Bot insight, you can now view the bot signature updates in the Events History, when:

  • New bot signatures are added in Citrix ADC instances.

  • Existing bot signatures are updated in Citrix ADC instances.

Navigate to Analytics > Security > Bot Insight and view the signature update summary under Events History.

For more information, see Bot insight.

[NSADM-40228]

Install an agent certificate

To meet your security requirements, now you can upload a certificate to the ADM agent by using the ADM GUI. To install the certificate, from the GUI navigate to Networks > Agents and click Select Action and select Install Certificate.

For more information, see Getting Started.

Certificate

[NSADM-47904]

Specify verbatim type strings in a new format

The verbatim strings can take complex inputs like PI Expressions in their original format without escape characters (for example, \\).

To include PI expressions in a StyleBook definition and to retain its format in the output, you can now specify them using the following syntax:

  • The new syntax:

     ~{<pi-expression>}~
    
     Example:
    
     ~{"HTTP.REQ.COOKIE.VALUE(\"jsessionid\") ALT HTTP.REQ.URL.BEFORE_STR(\"=\").AFTER_STR(\";jsessionid=\") ALT HTTP.REQ.URL.AFTER_STR(\";jsessionid=\")"}~
    
  • The old syntax:

     “\<pi-expression>\””
    
     Example:
    
     "\"HTTP.REQ.COOKIE.VALUE(\\\"jsessionid\\\") ALT HTTP.REQ.URL.BEFORE_STR(\\\"=\\\").AFTER_STR(\\\";jsessionid=\\\") ALT HTTP.REQ.URL.AFTER_STR(\\\";jsessionid=\\\")\""
    
    

The specified PI expressions do not alter their format in the output.

[NSADM-45888]

StyleBooks configurations - list view

The ADM GUI displays the StyleBooks configurations in the list view. Earlier, it was displayed in a tile view.

With this change, you can sort StyleBook configurations by column headers. For example, you can sort configurations by LAST MODIFIED TIME.

Configuration view

[NSADM-48918]

Migrate multiple virtual servers using the configuration builder

In the StyleBooks configuration builder, you can now select one or more virtual servers that you want to migrate from the configuration source to the target instance. Earlier, you were able to select only one virtual server to migrate at one time.

With this feature, you can select and migrate the necessary virtual servers that makes an application to the target instance.

Multiple virtual servers

[NSADM-49602]

Fixed issues

Analytics

  • In Security Insight, when you use the time slider, the Application Summary is displayed blank.

[NSADM-50809]

Applications

  • When you select an application from the App dashboard, the value for Response Time metric under Key Metrics is displayed in an incorrect format.

    [NSADM-50274]

  • The Manage Applications page is displayed blank, when:

    • You delete a custom app. Only after clicking the Refresh button displays the other apps

    • You modify the number of rows to be displayed

    • You click the next page in case of more than one page is available

    [NSADM-50224]

  • In Service Graph for Applications, the end-to-end transaction details from client to service is not populated in case the transaction occurs through servers with IPv.6

    [NSADM-50201]

Networks

  • In Configuration Job, when you select Instance from the Configuration Source list, and select Running Configuration or Saved Configuration option, an error message “Please provide Citrix ADC IP Address” is displayed.

    [NSADM-50810]

  • Indentation issue results in agent registration failure

    [NSADM-50596]

  • In Configuration Audit, when you export the report in CSV format, no data is displayed. Citrix ADM GUI also hangs sometimes, when you do multiple exports.

    [NSADM-48322]

StyleBooks

  • Incorrect error message is rendered while compiling a StyleBook dependency.

    [NSADM-50466]

Infra

  • Log information for any activity on mpsgroup to be displayed in Citrix ADM.

    [NSHELP-22370]

April 14, 2020

Support for IPAM in ADM

ADM supports IP address management (IPAM) to auto-assign and release IP addresses in ADM managed configurations. You can assign IPs from networks or IP ranges defined using the following IP providers:

  • ADM built-in IPAM provider.
  • Infoblox IPAM solution. For more information, see Infoblox DDI.

Currently, you can use ADM IPAM in:

  • StyleBooks: Auto-Allocate IPs to virtual servers when you create configurations.
  • Kubernetes Ingress: Auto-assign a virtual IP address to an Ingress configuration in a Kubernetes cluster.

You can also track the allocated and available IP addresses in each network or IP range managed by ADM. For more information, see Configure IPAM.

[NSADM-48377]

Deploy internal applications in an Autoscale group

You can now deploy both internal and external applications in an Autoscale group to use ADM autoscaling solution. Earlier, you could deploy only external applications. To deploy an internal application in Autoscale group, see Autoscale configuration in AWS and Autoscale configuration in Azure.

[NSADM-47520]

New columns added in SSL Dashboard

New columns are added to the following tabs in SSL Dashboard:

  • SSL Certificates – The Key Strength column is added. You can filter SSL certificates using the Key Strength value.
  • SSL Protocols – The Protocol Type column is added. You can filter SSL protocols using the protocol type.

[NSADM-42191]

View application security violation details

Web applications that are exposed to the internet have become vulnerable to attacks drastically. Citrix ADM enables you to visualize actionable violation details to protect applications from attacks. Navigate to Security > Security Violations for a single-pane solution to:

  • Access the following application security violations:

    • HTTP Slow Loris

    • DNS Slow Loris

    • HTTP Slow Post

    • NXDomain Flood Attack

  • Take corrective actions to secure the applications

For more information, see View application security violation details.

[NSADM-48069]

Deploy Citrix ADM agent as a microservice

You can now deploy a Citrix ADM agent as a microservice in Kubernetes cluster. In Citrix ADM,

  1. Navigate to Networks > Agents, and click Set Up Agent

  2. Click Get Started, select the As a Microservice option, and click Next

    Microservice agent

  3. Specify the following parameters:

    1. Application ID – A string id to define the service for the agent in the Kubernetes cluster and distinguish this agent from other agents in the same cluster

    2. Agent Password – Specify a password for CPX to use this password to onboard CPX to ADM service through the agent

    3. Confirm Password – Specify the same password for confirmation

    4. Click Submit

  4. After you click Submit, you can download the YAML or Helm Chart

    Microservice download agent

  5. In the Kubernetes master, save the YAML file and use the command kubectl create -f <yaml file>

    For more information, see Getting Started

[NSADM-43971]

March 31, 2020

View multiple clusters and more filters in service graph

In service graph, you can now view:

  • Services that are associated with each cluster.

    Multiple clusters

  • More filters for:

    • Cluster – Displays all services applicable for the selected cluster or clusters.

    • Namespace – Displays all services applicable for the selected namespace.

      Note

      Depending upon the labels configured for the service in Kubernetes service definition YAML, you might also view more filter options.

      Filters

[NSADM-43985]

Distributed Tracing

In service graph, you can now use the trace information to:

  • Analyze the overall service performance

  • Visualize the communication flow between the selected service and its inter-dependent services

  • Identify which service indicates errors and troubleshoot the erroneous service

  • View transaction details between the selected service and its inter-dependent service. For more information, see Distributed Tracing

[NSADM-43976]

Validate the StyleBook contents before you import to ADM

When you compose a StyleBook in ADM YAML editor, you can now check for the StyleBook grammar errors without importing to ADM.

If there are errors in the StyleBook content, the ADM GUI displays the error details. You can correct the indicated errors and continue to edit, or import the StyleBook.

StyleBook validate

[NSADM-47978]

Improved StyleBooks error message display

The ADM GUI displays an error message if you import a StyleBook that has StyleBook grammar errors. Some error messages are now organized to display the error details. The error details include Error, Fix, Code, Name, and more depending on the error types. The Fix field provides information to resolve an issue.

StyleBook error

[NSADM-44274]

Import StyleBooks from any folder in a GitHub repository

You can now synchronize StyleBook files to ADM from any folder in a GitHub repository. Earlier, you were able to only import or synchronize StyleBook files that are present at the GitHub repository root folder.

For more information, see Import and synchronize stylebooks from GitHub repository

[NSADM-46147]

Audit ADC configuration against configuration pack

In StyleBooks > Configurations, you can now explicitly compare the changes made by a StyleBook configuration pack to the current ADC configuration. With this feature, you can do the following:

  • Detect the configuration drift between StyleBook configuration pack and ADC configuration.

  • Identify any modified and deleted objects on the ADC that do not reflect the changes made by the configuration pack.

To compare the configuration pack changes to the ADCs config, click Configuration Audit on the desired configuration pack.

For more information, see Audit ADC configuration against configpack.

[NSADM-45866]

Support for Citrix annotations to deploy an Ingress configuration

When you add content routing rules to an Ingress Configuration, you can now include the following Citrix annotations in the ADM GUI:

  • LB Method – Select the preferred load-balancing method to the selected Kubernetes service.

  • Persistence Type – Select the preferred load-balancing persistence type to the selected Kubernetes service.

After adding the content routing rules, you can view the selected LB method and persistence type in the Ingress specification. Review and deploy the Ingress configuration.

For more information, see Deploy Ingress configuration.

Citrix annotations

[NSADM-48414]

Instances indicate the deployment type with a notation

In ADM GUI, the instance IP addresses now indicate the deployment type. The following notations describe the deployment type:

  • In high-availability pair, P – Primary server and S – Secondary server.

  • C-Cluster

  • A-Autoscale Group

If an Instance has no notation, it indicates the standalone deployment.

[NSADM-41859]

March 03, 2020

Edit the deployment attributes in the StyleBooks Configuration Builder

Note

This feature is in preview.

The StyleBooks Configuration Builder helps you create an application configuration StyleBook and config pack from an existing ADC configuration. The configuration builder also automates the application configuration migration from one ADC instance to another instance.

The configuration builder wizard now allows you to edit deployment attributes for the selected application before it creates a StyleBook and config pack. You can now edit the IP address and port value of the virtual servers, services, and service group members in the original configuration.

After the application creation and migration is complete, a ConfigPack is created in Citrix ADM along with its corresponding StyleBook. This configuration pack has the new IP addresses and ports values. To view the created ConfigPack, navigate to Applications > StyleBooks > Configurations.

Edit deployment attributes

For more information, see Migrate ADC application configuration using StyleBooks Configuration Builder.

[NSADM-44197]

Ability to view all applications but edit only a subset of applications

When an administrator adds a user to a group that has different access policy settings, the user is mapped to more than one authorization scopes and access policies.

In this case, the ADM grants the user access to the applications depending on the specific authorization scope.

Consider a user who is assigned to a group that has two policies Policy-1 and Policy-2.

  • Policy-1 – View only permission to applications.

  • Policy-2 – View and Edit permission to applications.

Now, the user can view applications specified in Policy-1. Also, this user can view and edit the applications specified in Policy-2. The edit access to Group-1 applications are restricted as it is not under Group-1 authorization scope.

User access changes with authorization scopes

Earlier, the ADM considered the union of all group permissions to authorize a user. Based on the abovementioned example, the user was able to view and edit all the applications from Group-1 and Group-2. Because of this permission, the user was able to edit the resources that were not primarily authorized by the access policy.

For more information, see How user access changes based on the authorization scope

[NSHELP-5854]

Provision the Citrix ADM agent on Azure

You can now provision an ADM agent on Azure using the ADM GUI. The ADM agent on Azure automatically registers with Citrix ADM, you can view the registered agent in the Networks > Agents page. To provision an ADM agent on Azure, see Provision the Citrix ADM agent on Azure.

Provision agent on Azure

Alternatively, you can install the Citrix ADM agent from Azure Marketplace. For more information, see Installing Citrix ADM agent on Azure.

Select Australia region to set up the ADM service

You can now select Australia (ANZ) region to set up the ADM service. The Citrix ADM now supports the following regions:

  • United States (US)
  • Europe (EU)
  • Australia (ANZ)

Set up ADM service in Australia region

For more information, see Getting Started.

[NSADM-44447]

Run custom scripts before and after the upgrade maintenance job

When you upgrade your ADC instance by creating a maintenance job, ADM performs pre-validation check on the instances that you want to upgrade. The Pre-upgrade validation tab checks the following on the selected instances:

  • Checks for customizations.

  • Checks the disk usage and displays an error if the disk space is low.

  • Checks for disk hardware issues.

You can remove the failed instances and proceed to create an upgrade maintenance job.

In Custom Scripts, specify custom scripts to run before and after an instance upgrade. Use one of the following ways to run the commands:

  • Import commands from a file.
  • Type commands directly on the Citrix ADM GUI.

These scripts help you check the changes before and after upgrade. For example:

  • The instance version before and after upgrade.
  • The status of interfaces, high-availability nodes, virtual servers, and services before and after upgrade.
  • The statistics of virtual servers and services.
  • The dynamic routes.

Custom scripts to run before and after upgrade job

For more information, see Use jobs to upgrade Citrix ADC instances.

[NSADM-40534]

Upload the upgrade image to an instance during job execution

If you schedule an upgrade maintenance job, you can decide when you want to upload an upgrade image to an ADC instance. In Create Job, choose one of the following:

  • Upload Now – This option uploads the image to an instance immediately.

  • Upload at the time of execution – This option uploads the image to an ADC instance when the ADM runs the scheduled upgrade maintenance job.

Upload image at execution time

For more information, see Schedule upgrading of Citrix ADC instances.

[NSADM-44855]

The ADM Autoscale groups support C5, M5, and C5n AWS instance types

If you choose to create ADM Autoscale groups on AWS cloud, you can now provision ADC instances with C5, M5, and C5n AWS instance types. You can select these instance types to achieve high performance ADM autoscaling.

Note

The ADM GUI auto-populates the recommended AWS instance types for the selected ADC version. See, Create Autoscale groups.

For more information on AWS instance types, see AWS instance types.

[NSADM-40089]

Apply license to virtual servers using a policy

In Subscriptions, you can now configure a policy to apply license to virtual servers. Earlier, you were able only apply licenses to virtual servers either manually or automatically. You can now apply license by using a policy or manual or automatic.

By using policy, you can control the number of virtual servers you want to auto-license. And, apply license to selected instances’ virtual servers only.

When you edit a policy, you can specify the following:

  • Set virtual servers limit on CPX instances separately to apply licenses. The ADM applies license to virtual servers on CPX instances up to a specified limit.

  • Set virtual servers limit on selected ADC instances (MPX/VPX/BLX) to apply licenses. The ADM applies licenses to virtual servers on ADC instances up to a specified limit.

  • Select the priority ADC instances to apply virtual server licenses. Therefore, the ADM can apply license to selected instances’ virtual servers only.

    Virtual server licensing

The Auto licensed virtual servers and Auto-select non addressable virtual servers options are now independent. Earlier, you were able to enable Auto-select non addressable virtual servers only if you enable Auto licensed virtual servers.

[NSADM-35724]

View ADC capacity issues in ADM

When an ADC instance has consumed most its available capacity, packet-drop may occur while processing the client traffic. This issue causes low performance in an ADC instance. By understanding such ADC capacity issues, you can allocate more licenses proactively to steady the ADC performance.

To view ADC capacity issues,

  1. Navigate to Networks > Infrastructure Analytics.
  2. Expand the instance for which you want to view capacity issues.

The ADM polls these events every five minutes from the ADC instance and displays the packet drops or rate-limit counter increments if exists. The issues are categorized on the following capacity parameters:

  • Throughput Limit Reached – The number of packets dropped in the instance after the throughput limit is reached.
  • PE CPU Limit Reached - The number of packets dropped on all NICs after the PE CPU limit is reached.
  • PPS Limit Reached – The number of packets dropped in the instance after PPS limit is reached.
  • SSL Throughput Rate Limit – The number of times the SSL throughput limit reached.
  • SSL TPS Rate Limit – The number of times the SSL TPS limit reached.

The ADM calculates the instance score on the defined capacity threshold.

  • Low threshold – 1 packet drop or rate-limit counter increment

  • High threshold – 10000 packets drop or rate-limit counter increment

Therefore, when an ADC instance breaches the capacity threshold the instance score is impacted.

When packets drop or rate-limit counter increments, an event is generated under the ADCCapacityBreach category. To view these events, navigate to Accounts > System Events.

Capacity breach

If you want to view the ADC rate limit statistics for the selected period (hour/day/week/month), navigate to Network > Network Reporting.

[NSADM-40183]

View service details in Service Graph

In Service Graph, hover the mouse pointer on a service and click a service to view the following options:

  • View Details

  • Transaction Logs - Enables you to view the HTTP and SSL over HTTP transaction details. For more information, see View Web transaction logs.

The View Details option enables you to view:

  • The cluster name where the service is hosted

  • The namespace and service labels of the service

  • All associated incoming and outgoing services connected with the selected service

  • Service key metrics in a graph format such as Hits, Service response time, HTTP errors, Data Volume, SSL front-end errors, SSL back-end errors, TCP front-end errors, and TCP back-end errors

Using these key metrics trends, you can analyze how the service is performing for the selected time duration.

For more information, see View service details.

[NSADM-41297]

View Service Graph for applications (GSLB)

Note

This feature is in preview.

You can now view GSLB applications in Service Graph to view:

  • How the application is configured (with GSLB application, data center, ADC instance, CS, and LB virtual servers)

  • End-to-end views from client to services

  • The data center name where the client requests are processed and the associated data center Citrix ADC metrics

  • The GSLB virtual server status such as Critical, Review, and Good. Citrix ADM displays the virtual server status based on the app score.

  • Critical (red) - Indicates when app score < 40

  • Review (orange) - Indicates when app score is between 40 and 75

  • Good (green) - Indicates when app score is > 75

For more information, see Service Graph.

[NSADM-43967]

View 4xx and SSL metrics in Transaction Summary panel

The web transaction analytics Transaction Summary panel now enables you to view:

  • 4xx errors
  • SSL Frontend and SSL Backend metrics

    Transaction Summary

For more details, see View analytics for web transaction.

[NSADM-43841]

View SSL metrics in Web transaction analytics

When you click a transaction in web transaction analytics, you can now view more metrics for SSL transactions. From these metrics, you can analyze if the SSL errors occur from client or server.

The following metrics are displayed for client and server:

SSL

For more details, see View analytics for web transaction.

[NSADM-43844]

The advanced search option in the web transaction analytics now enables you to save the search queries. You can then click the saved search query from the list, instead of using the suggestions and operators again. To save a search query, click the bookmark icon, specify a name of your choice, and click Save.

Save search

For more details, see View analytics for web transaction.

[NSADM-43843]

Fixed issues

Applications

  • The Application dashboard does not display applications from ADC HA pair and cluster.

[NSADM-47668]

  • Citrix ADM displays an error message in Application dashboard if no agent is added.

[NSADM-47444]

  • Application dashboard is displayed blank in IE 11 browser.

[NSADM-47812]

Analytics

  • If you enable Client Side Measurement on ADC instances AppFlow, the Citrix ADM AppFlow decoder log file process fails.

[NSHELP-21462]

Networks

  • The ADC host name is not displayed in Network Functions > GSLB.

[NSADM-47335]

  • The Network Reporting Dashboard does not display complete data for 1-month duration.

[NSHELP-21731]

February 11, 2020

New and enhanced features

StyleBooks configuration displays a new column

In Applications > StyleBooks > Configurations, a StyleBook Configuration (config pack) now displays the last updated time on the configuration tile.

Last updated time config pack

[NSADM-45811]

Fixed issues

Analytics

  • The weekly reports for Web insight and HDX insight are not displayed.

    [NSADM-46149]

Applications

  • The default duration in the Application Dashboard to view app analytics is changed to 15 minutes.

    [NSADM-46980]

  • When you create a custom application using the StyleBook configuration, the edit and delete options do not work as expected.

    [NSADM-46821]

Licensing

  • The pooled capacity option does not appear under Bandwidth License type at the first time.

    Workaround:

    1. Select Virtual CPU Licenses from the License Type list.

    2. Change the selection to Bandwidth License to select the Pooled Capacity option.

    [NSADM-40129]

Networks

  • When you create a configuration job with many commands, the Abort option is not displayed in Action tab.

    [NSADM-47041]

February 03, 2020

New and enhanced features

Service Graph for applications

Using the service graph feature from the application dashboard, you can view:

  • Details on how the application is configured (with content switching virtual server and load balancing virtual server)
  • End-to-end views from clients to services
  • The location from where the client is accessing the application
  • Metrics details for client, service, and virtual servers
  • If the errors are from the client or from the service
  • The service, virtual server, and client status such as Critical, Review, and Good.

For more information, see Service Graph.

[NSADM-41898]

An improved application dashboard

Using the application dashboard, you can now view the following new features:

  • Application status (Critical, Fair, Good, and Not Applicable)
  • Details of the application (load balancing or content switching) configuration
  • Details of services associated with the selected application
  • Metrics details for the selected application, such as application response time, throughput, requests per second, error percentage, total connections, and data volume in the form of graph
  • All issues applicable for the selected application

For more information, see Applications.

[NSADM-32894]

Performance indicators in App Analytics

Citrix ADM now shows the following new application performance indicators that occur in Citrix ADC web application:

  • Improper Persistence Type
  • Unstable Server (5xx)
  • Session Reuse Recommendation (SSL)
  • SSL Real Time Traffic
  • Unusually large HTTP headers
  • TCP reassembly queue limit hits
  • SurgeQueue Buildup

You can view these application issues by navigating to Applications > Dashboard and then by selecting an application.

For more information, see Performance indicators for application analytics.

[NSADM-39779]

Web Application Firewall support in Citrix ADM

The following new Web Application Firewall (WAF) protection policies are enabled in Security Insight, which highlight violation patterns for WAF:

  • APPFW_BUFFEROVERFLOW_QUERY
  • APPFW_BUFFEROVERFLOW_TOTAL_HDR

[NSADM-43541]

StyleBooks configuration display ADC instance host name

A StyleBooks configuration (config pack) now displays the ADC instance host name along with the IP address on the configuration tile. You can now search StyleBook configurations by using either the host name or its IP address.

[NSADM-42517]

Remove unreachable Kubernetes clusters

You can now remove Kubernetes Ingresses from ADM service even when the cluster is unreachable or no longer exists. After you delete the Ingresses on the cluster, you can also delete the parent cluster regardless of its reachability.

[NSADM-45612]

Process Ingress events with Citrix Ingress class

The Citrix ADM ServiceNow processes the Ingress events that have Citrix Ingress class annotation (kubernetes.io/ingress.class: Citrix) only. Also, Ingress specifications generated by ADM service contain Citrix Ingress class annotation.

[NSADM-45613]

Configure pooled capacity license on Citrix ADC FIPS instances

Now you can configure pooled capacity license on Citrix ADC MPX and VPX FIPS license. For more information, see Configure pooled capacity.

[NSADM-31742]

New default polling time for network function entities

The default polling time of network function entities is changed from 30 to 60 minutes. By default, Citrix ADM service automatically polls configured network function entities every 60 minutes.

For more information, see How Citrix ADM polls managed instances and entities.

[NSADM-44078]

Advanced filter with regex pattern matching

You can now filter failure objects, configuration commands, and messages by using regular expression pattern matching. Earlier, you were able to use only asterisk (*) pattern matching to filter events.

For more information, see Define an event rule.

Enable advanced filter with regex matching

[NSADM-43614]

View and edit feature-specific export reports

Citrix ADM displays feature-specific scheduled export reports under individual ADM features, which you can view, edit, or delete. For example, to view the export reports of Citrix ADC instances, navigate to Network > Instances > Citrix ADC and click the export icon. The Export Reports page displays all the export reports of ADC instances. Earlier, ADM scheduled export reports were listed under Account > Export Schedules.

For more information, see Export or schedule export reports.

[NSADM-43329]

View and download Citrix ADC SSL certificates

The Citrix ADM GUI displays all SSL certificates of the discovered Citrix ADC instances. To view and download SSL certificates of ADC instances, navigate to Networks > SSL Dashboard > SSL Certificate files on Citrix ADC.

[NSHELP-6556]

Rename configuration jobs and templates

You can now rename custom configuration jobs and custom audit templates in Citrix ADM.

Rename custom configuration jobs

[NSADM-42945, NSHELP-6488]

A new column for secondary instance status

In the Citrix ADM GUI, now you can check the status of the secondary instance of a high-availability pair, under Networks > Instances. For example, when you click Citrix ADC, you see a new column for secondary instance status. The Citrix ADM GUI displays the secondary instance status on the instance overview page. Now you can view the status under the Secondary Node State column and Dashboard.

Secondary node state

[NSHELP-6236]

Fixed issues

  • In App Dashboard, when you define a custom application using StyleBooks the StyleBooks appear at the bottom of the page which was difficult to navigate.

    With this fix, the StyleBooks appear on the new page. After you specify the details for the selected StyleBook, the new application appears on the App Dashboard.

    [NSADM-45241]

  • If you upload a file that has multiple periods (.) in the file name to create a configuration job, the Citrix ADM GUI displays an error. As a result, no configuration job is created.

    [NSADM-45748]

December 17, 2019

New and enhanced features

Support for Citrix ADM agent failover

The agent failover can occur in a site that has two or more registered agents. When an agent becomes inactive (DOWN state) in the site, the Citrix ADM service redistributes the ADC instances of the inactive agent with other active agents.

To achieve an agent failover, select the required Citrix ADM agents one by one and attach to the same site. For more information, see Configure Citrix ADM agents for multisite deployment.

[NSADM-30048]

View the Citrix ADC configuration drift in two modes

In the Citrix ADM GUI, you can now view the configuration drift in two modes.

  1. Template vs running: The ADM service compares the audit template configuration with the running configuration on the instance.

  2. Template vs Running and Running vs Template: The ADM service compares the configuration from both ways:

    • Compares the audit template configuration with the running configuration on the instance.

    • Compares the running configuration on the instance with the audit template.

After comparison, the Citrix ADM GUI displays the difference between the audit template and the running configuration. Also, it displays the commands to correct the running configuration to the audit template.

By default, the Template vs running drift setting is selected. To modify the drift setting, from the ADM GUI, select Settings in the Configuration Audit page.

Bidirectional config drift setting

For more information, see Template vs Running Diff.

[NSHELP-6463]

Execute a configuration job on a Citrix ADC secondary node

In a Citrix ADC high-availability pair, now you can select either the primary node or the secondary node or both the nodes to execute a configuration job. If you don’t specify the node, the configuration job executes automatically on the primary node.

Earlier, you were able to execute configuration jobs only on the primary node. For more information, see How to create a configuration job.

[NSHELP-6567]

Expiry notification for check-in check-out license

When you log on to the ADM service, a system alert message is displayed if your check-in check-out license is about to expire. To get the alert, you must configure license notification. For more information about how to configure, see Expiry checks for virtual server licenses.

Expiry notification for CICO licenses

[NSADM-42655]

Bandwidth details in pooled capacity licensing notification

Expiry notification for ADM pooled capacity licensing now includes bandwidth details. You can see the bandwidth that is about to expire out of the total pool. Previously, the bandwidth details were available only in the GUI. To get expiry notification, you must configure the ADM service. For more information, see Expiry checks for virtual server licenses.

[NSADM-39332]

View instance details in Infrastructure Analytics

In infrastructure analytics, when you click an instance IP address, you can now view the following details in the Overview tab:

  • Instance score, issue categories affecting the instance score, and other instance details.

  • Key metrics of the instance such as CPU usage, memory usage, throughput, HTTPs requests/sec, TCP connections, and SSL transactions.

  • Details of all issues that affect the instance score.

For more information, see Infrastructure Analytics.

[NSADM-42276]