- Release notes
- All how to articles
- Data governance
- System requirements
- Get started
- Prerequisites for installing Citrix ADM
- Citrix ADM with Citrix XenServer
- Citrix ADM with Microsoft Hyper-V
- Citrix ADM with VMware ESXi
- Citrix ADM with Linux KVM server
- Configure high availability deployment
- Configure disaster recovery for high availability
- Configure on-prem agents for multisite deployment
- Migrate Citrix ADM single-server deployment to a high availability deployment
- Migrate from NetScaler Insight Center to Citrix ADM
- Migrate Command Center configurations to Citrix ADM
- Integrate Citrix ADM with Citrix XenDesktop Director
- Attach an additional disk to Citrix ADM
- Access control
- StyleBook groups
- Importing and synchronizing StyleBooks from GitHub repository
- Use default StyleBooks
- Business application StyleBooks
Create and use custom StyleBooks
- StyleBook to create a load balancing virtual server
- StyleBook to create a basic load balancing configuration
- Create a composite StyleBook
- Use GUI attributes in a custom StyleBook
- Use custom StyleBooks
- Create a StyleBook to upload files to Citrix ADM
- Create a StyleBook to upload SSL certificate and certificate key files to Citrix ADM
- Enable analytics and configure alarms on a virtual server defined in a StyleBook
- Instance roles
- Create a Stylebook to perform non-CRUD operations
- Use API to create configurations from StyleBooks
- Import StyleBooks
- Parameters-default-sources construct
- Helper components
- Optional properties
- Properties-default-sources construct
- Nested components
- Condition construct
- Repeat construct
- Repeat-condition construct
- Nested repeats
- Parameter reference
- Parent reference
- Components reference
- Substitutions reference
- Variable reference
- In-place interpolations
- Built-in functions
- Dependency detection
- Monitor globally distributed sites
- How to create tags and assign to instances
- How to search instances using values of tags and properties
- Manage admin partitions of Citrix ADC instances
- Back up and restore Citrix ADC instances
- Force a failover to the secondary Citrix ADC instance
- Force a secondary Citrix ADC instance to stay secondary
- Create instance groups
- Rediscover multiple Citrix ADC VPX instances
- Poll Citrix ADC instances and entities
- Unmanage an instance
- Trace the route to an instance
- Use events dashboard
- Set event age for events
- Schedule an event filter
- Set repeated email notifications for events
- Suppress events
- Create event rules
- Modify the reported severity of events that occur on Citrix ADC instances
- View events summary
- Display event severities and SNMP trap details
- Export syslog messages
- Suppress syslog messages
- Configure prune settings for instance events
- Use the SSL dashboard
- Set up notifications for SSL certificate expiry
- Update an installed certificate
- Install SSL certificates on a Citrix ADC instance
- Create a Certificate Signing Request (CSR)
- Link and unlink SSL certificates
- Configure an enterprise policy
- Poll SSL certificates from Citrix ADC instances
- Create a configuration job
- Use record-and-play to create configuration jobs
- Use configuration jobs to replicate configuration from one instance to multiple instances
- Use variables in configuration jobs
- Create configuration jobs from corrective commands
- Replicate running and saved configuration from one Citrix ADC instance to another
- Reuse executed configuration jobs
- Schedule jobs created by using built in templates
- Use maintenance jobs to upgrade Citrix ADC SDX instances
- Create configuration jobs for Citrix SD-WAN WO instances
- Use the master configuration template
- Use jobs to upgrade Citrix ADC instances
- Use configuration templates to create audit templates
- Use SCP (put) command in configuration jobs
- Reschedule jobs configured by using built in templates
- Reuse configuration audit templates in configuration jobs
- Import and export configuration templates
- Maintenance jobs
- Configuration audit
- Network functions
- Network reporting
- Instance management
- License requirements
- Logstream overview
- Self-service diagnostics for Analytics
- Web Insight
- HDX Insight
- Gateway Insight
- Security Insight
- SSL Insight
- TCP Insight
- WAN Insight
- View network efficiency
- Compare the data volume used by optimized and unoptimized ABR videos
- View the type of videos streamed and data volume consumed from your network
- Compare optimized and unoptimized play time of ABR videos
- Compare bandwidth consumption of optimized and unoptimized ABR videos
- Compare optimized and unoptimized number of plays of ABR videos
- View peak data rate for a specific time frame
- Secure Web Gateway Analytics
OpenStack - integrating Citrix ADC instances
- Pre-configuration tasks in Citrix ADM and OpenStack
- Configure LBaaS V1 using Horizon
- Configure LBaaS V2 using command line
- Configure layer 7 content switching
- Manual provisioning of Citrix ADC VPX instance on OpenStack
- Provisioning of Citrix ADM VPX instance on OpenStack using StyleBooks
- Citrix ADC VPX check-in and check-out license and pooled license support for OpenStack environment
- Shared VLAN support for admin partitions
- Trial licensing workflow
- Integrate with OpenStack Heat services
- Service package isolation policies
- Flexible policy-based device allotment
- NSX Manager - manual provisioning of Citrix ADC instances
- NSX Manager - auto provisioning of Citrix ADC instances
- Citrix ADC automation using Citrix ADM in Cisco ACI hybrid mode
- Citrix ADC device package in Cisco ACI's cloud orchestrator mode
- OpenStack - integrating Citrix ADC instances
- Licenses for Citrix ADM License server in high availability
Citrix ADC pooled capacity
- Configure Citrix ADC pooled capacity
- Upgrade a perpetual license in ADC VPX to ADC pooled capacity
- Upgrading a Perpetual License in ADC MPX to ADC Pooled Capacity
- Upgrade a perpetual license in ADC SDX to ADC pooled capacity
- Citrix ADC pooled capacity on ADC instances in cluster mode
- Health monitoring
- Expected behaviors when issues arise
- Configure expiry checks for pooled capacity licenses
- Citrix ADC VPX check-in and check-out licensing
- Citrix ADC virtual CPU licensing
- Manage Citrix SD-WAN instances
Manage HAProxy instances
- Add HAProxy instances to Citrix ADM
- HAProxy app dashboard
- Third-party licensing
- Role-based access control for HAProxy instances
- Monitor HAProxy instances
- View the details of frontends configured on HAProxy instances
- View the details of backends configured on HAProxy instances
- View the details of servers configured on HAProxy instances
- View the HAProxy Instances with the highest number of frontends or servers
- Restart an HAProxy instance
- Back up and restore an HAProxy instance
- Edit the HAProxy configuration file
Manage system settings
- Configure system backup settings
- Configure a NTP Server
- Upgrade Citrix ADM
- How to reset the password for Citrix ADM
- Configure syslog purging interval
- Configure system prune settings
- Enable shell access for non-default users
- Recover inaccessible Citrix ADM servers
- Assign a host name to a Citrix ADM server
- Back up and restore your Citrix ADM server in a single-server deployment
- View auditing information
- Configure SSL settings
- Monitor CPU, memory, and disk usage
- Configure system notification settings
- Generate a tech support file
- Diagnose and troubleshoot Citrix ADC instances
- Back Up and restore a Citrix ADM configuration in an HA pair
- Configure a cipher group
- Create SNMP traps, managers, and users
- Configure and view system alarms
- Citrix ADM as an API proxy server
- Hybrid and Multi-cloud Deployments
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
이 기사는 기계 번역되었습니다.
Este artigo foi traduzido automaticamente.
Microsoft ADFS proxy StyleBook
Microsoft™ ADFS proxy plays a significant role by giving single sign-on access for both internal federation-enabled resources and cloud resources. One such example of cloud resources is Office 365. The purpose of the ADFS proxy server is to receive and forward requests to ADFS servers that are not accessible from the internet. ADFS proxy is a reverse proxy and typically resides in your organization’s perimeter network (DMZ). The ADFS proxy plays a critical role in remote user connectivity and application access.
Citrix ADC has the precise technology to enable secure connectivity, authentication, and handling of federated identity. Using Citrix ADC as ADFS proxy avoids the need to deploy an extra component in the DMZ.
The Microsoft ADFS Proxy StyleBook in Citrix Application Delivery Management (ADM) allows you to configure an ADFS proxy server on a Citrix ADC instance.
The following image shows the deployment of a Citrix ADC instance as an ADFS proxy server in the enterprise DMZ.
- Caters to both load balancing and ADFS proxy needs
- Supports both internal and external user access scenarios
- Supports rich methods for pre-authentication
- Provides a single sign-on experience for users
- Supports both active and passive protocols
- Examples of active protocol apps are – Microsoft Outlook, Microsoft Skype for Business
- Examples of passive protocol apps are –Microsoft Outlook web app, web browsers
- Hardened device for DMZ-based deployment
- Adds value by using additional core Citrix ADC ADC features
- Content Switching
- SSL offload
- Security (Citrix ADC AAA)
For active protocol-based scenarios, you can connect to Office 365 and provide your credentials. Microsoft Federation Gateway contacts the ADFS service (through ADFS Proxy) on behalf of the active protocol client. The gateway then submits the credentials using basic authentication (401). Citrix ADC handles the client authentication before access to ADFS service. Post authentication, the ADFS service provides a SAML token to the Federation Gateway. The Federation Gateway, in turn, submits the token to Office 365 to provide client access.
For passive clients, the ADFS Proxy StyleBook creates Kerberos Constrained Delegation (KCD) user account. The KCD account is necessary for Kerberos SSO authentication to connect to the ADFS servers. The StyleBook also generates an LDAP policy and a session policy. These policies are later bound to the Citrix ADC AAA virtual server that handles the authentication for passive clients.
The StyleBook can also ensure that the DNS servers on the Citrix ADC are configured for ADFS.
The configuration section below describes how to set up Citrix ADC for handling both active and passive protocol-based client authentication.
The table below lists the minimum required software versions for this integration to be deployed successfully.
|Product||Minimum Required Version|
|Citrix ADC||11.0, Enterprise/Platinum License|
The following instructions assume that you have already created the appropriate external and internal DNS entries.
Deploying Microsoft ADFS proxy StyleBook configurations from Citrix ADM
The following instructions assist you when implementing the Microsoft ADFS proxy StyleBook in your business network.
To deploy Microsoft ADFS proxy StyleBook
In Citrix ADM, navigate to Applications > StyleBooks. The StyleBooks page displays all the StyleBooks available for your use in Citrix ADM.
Scroll down and find the Microsoft ADFS proxy StyleBook. Click Create Configuration. The StyleBook opens as a user interface page on which you can type the values for all the parameters defined in this StyleBook.
- Type values for the following parameters:
- ADFS Proxy Deployment Name. Select a name for the ADFS proxy configuration deployed in your network.
- ADFS Servers FQDNs or IPs. Type the IP addresses or FQDNs (domain names) of all ADFS servers in the network.
- ADFS Proxy Public VIP IP. Type the public virtual IP address on the Citrix ADC that performs as an ADFS proxy server.
In the ADFS Proxy Certificates section, type the details of the SSL certificate and the certificate key.
This SSL certificate is bound to all the virtual servers created on the Citrix ADC instance.
Select the respective files from your local storage folder. You can also type in the private key password to load encrypted private keys in .pem format.
You can also enable Advanced Certificate Settings check box. Here you can type details such as certificate expiry notification period, enable, or disable the certificate expiry monitor.
Optionally, you can select SSL CA Certificate check box if the SSL certificate requires a CA public certificate to be installed on Citrix ADC. Ensure that you select Is a CA Certificate in the Advanced Certificate Settings section.
Enable authentication for active and passive clients. Type the DNS Domain Name used in Active Directory for user authentication. You can then configure authentication either for active or passive clients, or both.
Type the following details to enable authentication for active clients:
It is optional to configure support for active clients.
ADFS Proxy Active Authentication VIP. Type the virtual IP address of the virtual authentication server on the Citrix ADC instance where the active clients are redirected for authentication.
Service Account Username. Type the service account user name used by Citrix ADC to authenticate your users to the active directory.
Service Account Password. Type the password used by Citrix ADC to authenticate your users to the active directory.
Configure authentication for passive clients by enabling the corresponding option and configuring the LDAP settings.
It is optional to configure support for passive clients.
Type the following details to enable authentication for passive clients:
LDAP (Active Directory) Base. Type the base domain name for the domain in which the user accounts reside within the active directory (AD) to allow authentication. For example, dc=netscaler,dc=com
LDAP (Active Directory) Bind DN. Add a domain account (using an email address for ease of configuration) that has privileges to browse the AD tree. For example, cn=Manager,dc=netscaler,dc=com
LDAP (Active Directory) Bind DN Password. Type the password of the domain account for authentication.
A few other fields that you must type in the values in this section are as follows:
LDAP Server (Active Directory) IP. Type the IP address of the active directory server for AD authentication to work correctly.
LDAP Server FQDN name. Type the FQDN name of the active directory server. FQDN name is optional. Provide the IP address as in step 1 or the FQDN name.
LDAP Server Active Directory port. By default, the TCP and UDP ports for LDAP protocol are 389, whereas the TCP port for Secure LDAP is 636.
LDAP (Active Directory) login username. Type the username as “sAMAccountName.”
ADFS Proxy Passive Authentication VIP. Type the IP address of the ADFS proxy virtual server for passive clients.
The fields marked with “*” are mandatory.
Optionally, you can also configure a DNS VIP for your DNS servers.
Click Target Instances and select the Citrix ADC instances to deploy this Microsoft ADFS proxy configuration. Click Create to create the configuration and deploy the configuration on the selected Citrix ADC instances.
Citrix recommends that before executing the actual configuration, you select Dry Run. You can first view the configuration objects that are created on the target Citrix ADC instances by the StyleBook. You can then click Create to deploy the configuration on the selected instances.
Several configuration objects are created when the ADFS proxy configuration is deployed on the Citrix ADC instance. The following image displays the list of objects created.