Service Graph for cloud native (Kubernetes) apps

Using the Service Graph feature in Citrix ADM, you can:

  • Ensure end-to-end observability of your application overall performance

  • Identify bottlenecks created by inter-dependency of different components of your applications

  • Gather insights into the dependencies of different components of your applications

  • Monitor services within the Kubernetes cluster

  • Monitor which service has issues

  • Check the factors contributing to performance issues

  • View detailed visibility of service HTTP transactions

  • Analyze the following metrics:

    • Total number of hits

    • Service Response time

    • Data volume

    • Errors

By visualizing these metrics in Citrix ADM, you can analyze the root cause of issues and take necessary troubleshooting actions faster. Service Graph displays your applications into various component services. These services running inside the Kubernetes cluster can communicate with various components within and outside the application.

Software requirements

Kubernetes Distribution Kubernetes Version Container Network Interfaces (CNI) CPX version CIC version Citrix ADM version Citrix ADM Agent Version
Open source v1.16.3 Flannel 13.0-41.28 1.5.25 13.0-47.22 13.0-47.22

Before you begin

To use service graph in Citrix ADM, ensure you have:

  • Kubernetes cluster with Citrix ADC CPX as a proxy.

  • Added required parameters in CPX yaml file to ensure successful CPX registration with Citrix ADM.

  • Static routes configured on Citrix ADM to enable communication between Citrix ADM and Citrix ADC CPX.


If you have configured Citrix ADM agent in your remote datacenter, ensure you configure static routes in Citrix ADM agent.

  • Kubernetes cluster added on Citrix ADM.

  • Auto-select Virtual Servers enabled to license the virtual servers.

Add parameters in CPX yaml file

You must include the following parameters in the CPX yaml file to ensure CPX registration with Citrix ADM:

- name: "NS_MGMT_SERVER"
  value: ""
  value: "E3:3A:2B:F7:CC:A6:3D:72:8F:3E:3E:4F:0D:C3"
- name: "NS_HTTP_PORT"
  value: "9080"
- name: "NS_HTTPS_PORT"
  value: 9443"
  value: ""

  • NS_MGMT_SERVER – Indicates the Citrix ADM agent IP address

  • NS_MGMT_FINGER_PRINT – Indicates the authentication for CPX in Citrix ADM. To get the fingerprint:

    1. In Citrix ADM, navigate to System

    2. Under System Settings, click View ADM Fingerprint


  • NS_HTTP_PORT – Indicates the HTTP port for communication

  • NS_HTTPS_PORT – Indicates the HTTPS port for communication

  • LOGSTREAM_COLLECTOR_IP – Indicates the Citrix ADM agent IP address, where Logstream protocol must be enabled to transfer log data from CPX to ADM

Configure static routes in Citrix ADM

Inside the Kubernetes cluster, all containerized pods use an overlay network. Establishing the communication using those private IP addresses directly is not possible. To enable communication from Citrix ADM to Kubernetes cluster, you need to configure static routing in Citrix ADM.

Consider that you have the following IP addresses for your Kubernetes cluster:

  • Kubernetes master –

  • Kubernetes worker 1 –

  • Kubernetes worker 2 –

  1. Using an SSH client, log on to Citrix ADM

  2. On the Console tab, configure the static routing using the command route add -net <public IP address range> <Kubernetes IP address>

    For example:

    route add -net

    route add -net

    route add -net

  3. Verify the configuration by using netstat -rn

    static routing

  4. Append these route commands in /mpsconfig/svm.conf file (in Citrix ADM).

Add Kubernetes cluster in Citrix ADM

After you configure a Citrix ADM agent and configure static routes, you must add the Kubernetes cluster in Citrix ADM.

To add the Kubernetes cluster:

  1. Log on to Citrix ADM with administrator credentials.

  2. Navigate to Orchestration > Kubernetes > Cluster. The Clusters page is displayed.

  3. Click Add.

  4. In the Add Cluster page, specify the following parameters:

    1. Name - Specify a name of your choice.

    2. API Server URL - You can get the API Server URL details from the Kubernetes Master node.

      1. On the Kubernetes master node, run the command kubectl cluster-info.

        API Server URL

      2. Enter the URL that displays for “Kubernetes master is running at.”

    3. Authentication Token - Specify the authentication token. The authentication token is required to validate access for communication between Kubernetes cluster and Citrix ADM. To generate an authentication token:

      1. On the Kubernetes master node, run the following commands:

        kubectl get secrets | grep ^default

        kubectl describe secret <SECRET_NAME>


        You can also create RBAC role and service account yamls for your Kubernetes cluster, and create an authentication token for the admin user.

      2. Copy the token that is generated.

        For more information, see Kubernetes documentation.

    4. Select the agent from the list.

    5. Click Create.

      add cluster

      You can view data in Service Graph, after enabling the auto-select virtual servers for licensing.

Enable Auto-select virtual servers for licensing

After you add Kubernetes cluster in Citrix ADM, you must ensure to auto-select virtual servers for licensing. Virtual servers need to be licensed to display data in Service Graph. To auto-select virtual servers:

  1. Navigate to System > Licensing & Analytics.

  2. Under Virtual Server License Summary, enable Auto-select Virtual Servers and Auto-select non addressable Virtual Servers.

    Auto-select virtual server

After you add the Kubernetes cluster and enable the auto-select virtual servers, change the Web Transaction Settings to All. To enable this setting:

  1. Navigate to Analytics > Settings.

    The Settings page is displayed.

  2. Click Enable Features for Analytics.

  3. Under Web Transaction Settings, select All and click OK.


View details in Service Graph

Navigate to Application > Service Graph and select the time duration from the list to view the service graph details.


1 - End-to-end network map of your application that shows how your component services are communicating

2 – Graph that indicates hits and errors for a specific time duration

3 – Search bar to search for services

4 – Time list to select the time duration

5 - Apply filters to display services

6 – Setting icon

7 – Zoom in and zoom out view

Based on the selected time duration, the service graph details are displayed. Select the time period from the graph that indicates hits to drill-down further for additional information.


The details are displayed. Consider that you have the following services running in your Kubernetes cluster as shown in the image:


You can view the following status for your services:

  • Critical (red) - Indicates when average service response time > 200 ms AND error count > 0

  • Review (orange) - Indicates when average service response time > 200 ms OR error count > 0

  • Good (green) - Indicates no error and average service response time < 200 ms

Apply filters

You can apply filters to view specific service information. Click No Filters list to get the filter options.

Filter options

For example, if you want to view services that have latency less than 150 ms, then click the bar graph under Service Response Time to display the results.

Filter options

Click Service Labels to view services based on the labels provided to services.


Click Clear All to clear all filters.


Alternatively, you can also use the search text box and type a service name to display the results on the service graph.


Using the settings option


1 – Settings icon

2 – Options to display the service graph as Default, Layer-Based, or Force-Directed views

3 – Select the options from the list to view the services based on categories. After you select a category from the list, click + on the graph to view all services


4 – Zoom in and zoom out the service graph

View transaction details

According to the example shown in the image, you can view an end-to-end network map of your application that shows how your component services are communicating.

When you hover the mouse pointer on the Ecommerce-Service, you can view metrics details for Ecommerce-Service.


Citrix ADM also enables you to view transaction details between Ingress and services. Hover the mouse pointer to view details such as total errors, average service response time, and so on between the Ingress and service.


Hits – Indicates the total number of hits received by the service.

Service Response Time – Indicates the average response time taken from the service to respond for Time To First Byte (TTFB).

Errors – Indicates the total errors such as 4xx, 5xx, and so on.

Data volume – Indicates the total volume of data processed by the service.

Click the arrow between Ingress and service to view the detailed transactions.

View Web transaction logs

The transaction details for the selected service are displayed.


You can select the options available under Transaction Summary.

Transaction summary option

  • Browser - Search transactions based on the browsers used by the users.

  • Client OS - Search transactions based on the operating systems installed by the users.

  • Request Type – Search transactions based on the request from the service.

  • Response Code – Search transactions based on the response from the service. For example: 501, 404, 200.

  • Response content type – Search transactions based on the content type. If the client request is for text/html, then the response from the service must be text/html.

  • SSL protocol – Search transactions based on the protocols used by the users.

  • SSL Cipher Strength – Search transactions based on the status such as high, medium, and low.

  • SSL Key Strength – Search transactions based on the length of the key used for security. For example: 2048.

  • SSL Frontend Failure - Search transactions based on the reason for handshake failure.

The Transaction Summary also has a search text box and time duration list, where you can view the transactions as per your requirement. When you click the search box, the search box gives you a list of search suggestions. You can also use operators in your search queries to narrow the focus of your search.

The following are the operators you can use for your search queries:

Operators Description Example Output
= Equals to some value App-Response Time = 500 Displays all transactions with 500 ms response time
> Greater than some value App-Response-Time > 500 Displays all transactions with more than 500 ms response time
< Lesser than some value App-Response-Time < 300 Displays all transactions with less than 300 ms response time
>= Greater or equal to some value Client-RTT >= 1024 Displays all transactions with client RTT greater or equal to 1024 kb
<= Less or equal to some value Client-RTT <= 1024 Displays all transactions with lesser or equal to 1024 kb
!= Not equal to some value Total-Bytes != 0 Displays all transactions with total bytes, except 0 bytes
~ Contains some value Virtual-Server ~ mas Displays all transactions that are processed with virtual server containing mas as name

View transaction details

You can view detailed information about a particular transaction. Consider that you want to see details for 500 error transactions. Click Response Code from Transaction Summary and select 500 to display the 500 error transactions.


Click to view details that display the information from Ecommerce-Service to Inventory-Service.

From the details, you can analyze the factors that have caused 500 error and take necessary actions to fix the issue faster.