Onboard Citrix ADC instances using Citrix ADM service connect
Following is a step-by-step guide to help you get started with ADM service. Before you start, read how the Citrix ADM service launches a new onboarding workflow, which provides you a faster way to get complete visibility into your hybrid multi-cloud (HMC) deployment. See Low-touch onboarding of Citrix ADC instances using Citrix ADM service connect.
Step 1: Get started
You receive an email from ADM service showing some key insights of your ADC infrastructure and inviting you to get started with ADM service.
- In the email, click Get Started to initiate the onboarding process.
- Sign in to Citrix Cloud using your My Citrix/Citrix Cloud credentials.
In the Citrix ADM service landing page, take a moment to read why you are there and the benefits of using ADM.
The security advisory insights in the email are based on ADC build version scan only. You can see more conclusive and exhaustive security advisory insights after onboarding your ADC instances to ADM.
- Click Next. The Insights on your ADC and Gateway instances page opens.
The next few steps act as a guided workflow to give you a preview into what ADM can offer and help you onboard your ADC instances onto ADM service seamlessly.
Step 2: Insights on your ADC and Gateway instances
This insights page uses the data collected through Call Home or ADM service connect or both Call Home and ADM service connect to provide insights on your ADC instances. This page gives you insights into your overall ADC infrastructure including security advisory (advice on current Citrix CVEs), upgrade advisory (advice based on EOM/EOL timelines) , key metrics, trends, and highlights the issues affecting ADC performance and health and recommends way to mitigate the issues. These insights and recommendations are only a small preview of the plethora of benefits and value-add that ADM service has to offer. To get many more benefits, detailed insights and to be able to run the recommended actions, you need to onboard the ADC instances onto ADM.
The insights and recommendations are categorized into the following types:
- Security advisory: onboard ADC instances to get the CVE impact details on your ADC instances and run the recommended remediations or mitigations.
- Upgrade advisory: onboard ADC instances onto ADM and upgrade your ADC instances that have reached or are reaching EOM/EOL or are on older releases/builds.
- Recent events: onboard ADC instances to ADM to monitor 200+ events on a regular basis, and create rules to get notified over email, PagerDuty, Slack, ServiceNow, take appropriate action.
- Resource utilization - trends and anomalies: onboard ADC instances to ADM to get a comprehensive view of ADC instance health, performance issues, and recommendations to mitigate those issues. You can also assess predicted CPU and memory usage for your ADC instances.
- ADC deployment guidance: onboard ADC instances to ADM and configure them as HA pair, using configuration jobs on ADM.
Security advisory: Citrix ADM Security Advisory alerts you about vulnerabilities putting your ADC instances at risk and recommends mitigations and remediations.
Security advisory insights in the onboarding email and guided workflow are based on ADC build version scan only. You can see conclusive and exhaustive security advisory insights after onboarding your ADC instances to ADM Example: If a CVE needs both version scan and config scan for vulnerability assessment, the onboarding email and guided workflow shows the results based on version scan. So, there might be false positives. To know a more conclusive and accurate assessment of the impact, onboard ADC to ADM. After onboarding, ADM security advisory shows the impact assessment, which vulnerable ADC assessment, based on versions scan and config scan.
You can check the CVE ID, vulnerability type, and affected ADC instances. The CVE ID link takes to the security bulletin article.
The recommendation guides you to onboard your ADC instances to ADM Service to get more details of the CVE impact on your ADC instances and run the recommended mitigation or remediation. Click the affected ADC instances to see the IP addresses of the impacted instances.
Upgrade advisory: Use this advisory to check which ADC instances are nearing EOM/EOL or are on older builds.
Based on these insights, ADM recommends you to plan a timely upgrade before EOM/EOL or to benefit from the latest features and fixes.
To perform the upgrade, you need to onboard your ADC instances on to ADM service.
Recent events: Get details of some critical errors that have happened on the ADC instances and a list of ADC instances on which the errors have occurred.
Resource utilization - trends and anomalies: Find insights about high resource utilization for CPU, memory, HTTP throughput, and SSL throughput. For each insight, ADM suggests recommended action. To have more visibility into these insights and recommendations, you need to onboard your ADC instances onto ADM. Some benefits after onboarding are:
- CPU: Predict CPU utilization for the next 24 hours on ADM.
- Memory: Predict memory utilization for the next 24 hours on ADM.
- SSL throughput: View SSL real time optimization with intelligent App Analytics on ADM.
- HTTP Throughput: Troubleshoot ADC throughput capacity issues with Infrastructure Analytics.
- Key Metrics: Get details of key metrics related to CPU, memory, HTTP throughput, SSL throughput, and uncover anomalous trends in metrics.
Deployment guidance: Have visibility into ADC instances that are deployed as a standalone ADC. ADM gives recommendation to configure these ADC instances as an HA pair for better resiliency. This requires you to onboard your ADC instances to ADM and then use maintenance jobs to configure the instances as an HA pair.
Step 3: Select ADC and Gateway instances to onboard
This page displays all the ADC and Gateway instances in your environment. View and select the ADC and Gateway instances you want to onboard to ADM service and click Next.
View and select the ADC instances you want to onboard to ADM service.
If you need details about any instance such as device information, ADC configuration, ADC features available, or license information, click the instance IP address under the ADC instance.
If your instance is not listed, use the Don’t find ADC in the list on the upper-right corner.
You can proceed in three ways:follow the steps given under Get ADC into the list or use the Find my ADC option. If these two steps do not help, click Use conventional method option, which skips the workflow and takes you through the traditional way of onboarding ADC instances.
For the Find my ADC option, enter the details in the mandatory fields (serial ID, ADC instance IP address, license serial number, and fulfillment ID) and search.
Step 4: Onboard ADC instances to ADM
You can onboard your instances using the built-agent (default option) or an external agent.
Onboard ADC instances using a built-in agent
Auto- and script-based onboarding use the built-in agent, which is set by default.
Auto-onboarding: it is supported only on the following ADC versions:
- Citrix ADC MPX and VPX image version 12.1 57.18 and later and 13.0 61.48 and later
- SDX version image 13.0 61.48 and later and 12.1 58.14 and later
To select a different ADC instance, click Change selection.
Out of the total selected ADC instances, some instances might qualify for auto-onboarding (based on minimum version criteria). You can see the instances that qualify for auto-onboarding.
Enter the ADC user name and password. These credentials must be ADC user admin credentials, and ADM uses these credentials to onboard ADC. Click Start onboarding to onboard your ADC instances on ADM.
Auto-onboarding might take up to 2-5 minutes to complete.
If you don’t want the ADC instances to auto-onboard to ADM, you can disable auto-onboarding and you use the script-based option for on onboarding.
Script-based onboarding: after auto-onboarding completes, you can onboard the rest of the instances using the script-based onboarding. Use one of the following options:
Option 1: download the script, extract the tar file, and run it on any one of the ADC instances, using the command given on the UI. Ensure that the ADC instance on which you run this script has network connectivity to all the other selected ADC instances.
Option 2: Log in to the CLI console of each ADC instance and run the commands given on the UI. For more details, refer to step 7 in the doc Configure the ADC built-in agent to manage instances. Ensure that you generate a new unique activation code for each of the ADC instances.
After you’ve onboarded all your instances, click Go to ADM to go to the ADM instance management UI dashboard and explore the different features.
If you are a new customer on ADM service without an ADM license, your Citrix service account by default is an Express account. For more information about the ADM account entitlement, see Manage Citrix ADM resources using Express account.
Onboard ADC instances using an external agent
You can use external agent-based onboarding if you want to use pooled licensing or the complete analytics suite in ADM service or both use pooled licensing and the complete analytics suite.
Complete the following steps:
Select a device profile.
For security reasons, you can’t use the default ADC credentials (nsroot/nsroot) for onboarding.
Select an external agent and click Setup new agent.
Select any of the following environments:
- Amazon Web Services
- Microsoft Azure
- Google Cloud Platform
Install an agent on your on-premises hypervisor
If you select On-premises, you can install the agent on the following hypervisors: Citrix Hypervisor, VMware ESXi, Microsoft Hyper-V, Linux KVM Server.
Select On a Hypervisor (On Premises) and click Next.
Select the hypervisor type and download the image, for example, VMware ESXi.
Use the service URL and activation code to configure the agent.
The agent uses the service URL to locate the service and the activation code to register with the service. For detailed instructions about installing an agent on your on-premises hypervisor, see Install Citrix ADM agent on-premises
Click Register Agent. When completed, and click Done to return to the ADC onboarding ADM service page.
Click Start onboarding. After you’ve onboarded all your instances, click View instance dashboard to go to the ADM instance management UI dashboard and explore the different features.
Install an agent on a public cloud
You can install the agent in one of the following cloud environments:
- Amazon Web Services
- Microsoft Azure
- Google Cloud Platform
For more information, see the following documents: