Configuration

Citrix ADM manages all the Citrix ADC VPX clusters in Microsoft Azure. Citrix ADM accesses the Azure resources using Cloud Access Profile.

The following flow diagram explains the steps involved in creating and configuring autoscale group:

Configuration workflow

Prerequisites

This section describes the prerequisites that you must complete in Microsoft Azure and Citrix ADM before you autoscale Citrix ADC VPX instances.

This document assumes the following:

  • You possess a Microsoft Azure account that supports the Azure Resource Manager deployment model.

  • You have a resource group in Microsoft Azure.

For more information on how to create an account and other tasks, see Microsoft Azure Documentation.

Set up Microsoft Azure components

Perform the following tasks in Azure before you autoscale Citrix ADC VPX instances in Citrix ADM.

  1. Create a virtual network.

  2. Create security groups.

  3. Create subnets.

  4. Subscribe to the Citrix ADC VPX license in Microsoft Azure.

  5. Create and register an application.

  6. Set up a Citrix ADM service agent.

Create a virtual network

  1. Log on to your Microsoft Azure portal.

  2. Select Create a resource.

  3. Select Networking and click Virtual Network.

  4. Specify the required parameters.

    • In Resource group, you must specify the resource group where you want to deploy a Citrix ADC VPX product.

    • In Location, you must specify the locations that support availability zones such as:

      • Central US

      • East US2

      • France Central

      • North Europe

      • Southeast Asia

      • West Europe

      • West US2

    Note

    The application servers are present in this resource group.

  5. Click Create.

For more information, see Azure Virtual Network in Microsoft Documentation.

Create security groups

Create three security groups in your virtual network (VNet) - one each for the management, client, and server connections. Create a security group to control inbound and outbound traffic in the Citrix ADC VPX instance. Create rules for incoming traffic that you want to control in the Citrix autoscale groups. You can add as many rules as you want.

  • Management: A security group in your account dedicated for management of Citrix ADC VPX. Citrix ADC has to contact Azure services and requires Internet access. Inbound rules are allowed on the following TCP and UDP ports.
    • TCP: 80, 22, 443, 3008–3011, 4001
    • UDP: 67, 123, 161, 500, 3003, 4500, 7000

    Note

    Ensure that the security group allows the Citrix ADM agent to be able to access the VPX.

  • Client: A security group in your account dedicated for a client-side communication of Citrix ADC VPX instances. Typically, inbound rules are allowed on the TCP ports 80, 22, and 443.

  • Server: A security group in your account dedicated for a server-side communication of Citrix ADC VPX.

For more information on how to create a security group in Microsoft Azure, see Create, change, or delete a network security group.

Create subnets

Create three subnets in your virtual network (VNet) - one each for the management, client, and server connections. Specify an address range that is defined in your VNet for each of the subnets. Specify the availability zone in which you want the subnet to reside.

  • Management: A subnet in your Virtual Network (VNet) dedicated for management. Citrix ADC has to contact Azure services and requires internet access.

  • Client: A subnet in your Virtual Network (VNet) dedicated for the client side. Typically, Citrix ADC receives client traffic for the application via a public subnet from the internet.

  • Server: A subnet where the application servers are provisioned. All your application servers are present in this subnet and receives application traffic from the Citrix ADC through this subnet.

Note

Specify an appropriate security group to the subnet while creating a subnet.

For more information on how to create a subnet in Microsoft Azure, see Add, change, or delete a virtual network subnet.

Subscribe to the Citrix ADC VPX license in Microsoft Azure

  1. Log on to your Microsoft Azure portal.

  2. Select Create a resource.

  3. In the Search the marketplace bar, search for the Citrix ADC VPX Premium or Advanced edition.

    Search Azure Marketplace for Citrix ADC VPX

  4. Select Want to deploy programmatically.

    Deploy Citrix ADC VPX programmatically

  5. In Choose the subscriptions, select Enable to deploy the selected Citrix ADC VPX edition programmatically.

    Enable programmatic deployment

    Important

    Enabling the programmatic deployment is required to autoscale Citrix ADC VPX instances in Azure.

Create and register an application

Citrix ADM uses this application to autoscale Citrix ADC VPX instances in Azure.

To create and register an application in Azure:

  1. In Azure portal, select Azure Active Directory. This option displays your organization’s directory.

  2. Select App registrations:
    1. In Name, specify the name of the application.

    2. Select the Application type from the list.

    3. In Sign-on URL, specify the application URL to access the application.

  3. Click Create.

For more information on App registrations, see Microsoft Documentation.

Azure assigns an application ID to the application. The following is an example application registered in Microsoft Azure:

The registered application in Microsoft Azure for Citrix ADC VPX

Copy the following IDs and provide these IDs when you are configuring Cloud Access Profile in Citrix ADM. For steps to retrieve the following IDs, see Microsoft Documentation:

  • Application ID

  • Directory ID

  • Key

    Client secret key of registered application

  • Subscription ID: Copy the subscription ID from your storage account.

Assign the role permission to an application

Citrix ADM uses the application-as-a-software principle to autoscale Citrix ADC instances in Microsoft Azure. This permission is applicable only to the selected resource group.

To assign a role permission to your registered application, you have to be the owner of the Microsoft Azure subscription.

  1. In Azure portal, select Resource groups.

  2. Select the resource group to which you want to assign a role permission.

  3. Select Access control (IAM).

  4. In Role assignments, click Add.

  5. Select Owner from the Role list.

  6. Select the application that is registered for autoscaling Citrix ADC instances.

  7. Click Save.

Assign role permission in Microsoft Azure

Set up a Citrix ADM service agent

Install a Citrix ADM service agent in the management subnet. This agent works as an intermediary between the Citrix Application Delivery Management (Citrix ADM) and the managed instances in Microsoft Azure. Ensure that you have installed Citrix ADM agent in Azure. Add a route in Azure ADM agent so that ADM can reach the agent after you establish the layer 3 connectivity.

Follow these steps to add a route in the agent installed in Azure:

  1. Access the console of the ADM agent installed on Azure.

  2. Execute the following command at the prompt:

    route add –net \<DMZ network> \<gateway to ADM agent>
    
    

For example, route add –net 10.x.x.0/24 21.1.1.10

Note

The route is removed after the agent restarts. This behavior is specific to Azure agent images where network settings are skipped.

For more information on how to install Citrix ADM service agent on Micros oft Azure, see Installing a Citrix ADM agent on the Microsoft Azure cloud.

Set up Citrix ADM components

Perform the following tasks in Azure before you autoscale Citrix ADC VPX instances in Citrix ADM:

  1. Create a site.

  2. Attach the site to a Citrix service agent.

Create a site

Create a site in Citrix ADM and add the VNet details associated with your Microsoft Azure resource group.

  1. In Citrix ADM, navigate to Networks > Sites.

  2. Click Add.

  3. In the Select Cloud pane,

    1. Select Data Center as a Site type.

    2. Choose Azure from the Type list.

    3. Check the Fetch VNet from Azure check box.

      This option helps you to retrieve the existing VNet information from your Microsoft Azure account.

    4. Click Next.

  4. In the Choose Region pane,

    1. In Cloud Access Profile, select the profile created for your Microsoft Azure account. If there are no profiles, create a profile.

    2. To create a cloud access profile, click Add.

    3. In Name, specify a name to identify your Azure account in Citrix ADM.

    4. In Tenant Active Directory ID / Tenant ID, specify the Active Directory ID of the tenant or the account in Microsoft Azure.

    5. Specify the Subscription ID.

    6. Specify the Application ID/Client ID.

    7. Specify the Application Key Password / Secret.

    8. Click Create.

      For more information, see Create and register an application and Mapping cloud access profile to the Azure application.

      Create cloud Access Profile

    9. In VNet, select the virtual network containing Citrix ADC VPX instances that you want to manage.

    10. Specify a Site Name.

    11. Click Finish.

Mapping Cloud Access Profile to the Azure application
Citrix ADM Term Microsoft Azure Term
Tenant Active Directory ID / Tenant ID Directory ID
Subscription ID Subscription ID
Application ID/Client ID Application ID
Application Key Password / Secret Keys or Certificates or Client Secrets

Attach the site to a Citrix ADM service agent

  1. In Citrix ADM, navigate to Networks > Agents.

  2. Select the agent for which you want to attach a site.

  3. Click Attach Site.

  4. Select the site from the list that you want to attach.

  5. Click Save.

Step 1: Initialize autoscale configuration in Citrix ADM

  1. In Citrix ADM, navigate to Networks > AutoScale Groups.

  2. Click Add to create autoscale groups.

    The Create AutoScale Group page appears.

  3. Select Microsoft Azure and click Next.

  4. In Basic Parameters, enter the following details:

    • Name: Type a name for the autoscale group.

    • Site: Select the site that you have created to autoscale the Citrix ADC VPX instances on Microsoft Azure. If you have not created a site, click Add to create a site.

    • Agent: Select the Citrix ADM agent that manages the provisioned instances.

    • Cloud Access Profile: Select the cloud access profile. You can also add or edit a Cloud Access Profile.

    • Device Profile: Select the device profile from the list. Citrix ADM uses the device profile when it requires to log on to the Citrix ADC VPX instance.

      Note

      Ensure the selected device profile conforms to Microsoft Azure password rules.

    • Traffic Distribution Mode: The Load Balancing using Azure LB option is selected as the default traffic distribution mode. You can also choose the DNS using Azure DNS mode for the traffic distribution.

    • Enable AutoScale Group: Enable or disable the status of the ASG groups. This option is enabled, by default. If this option is disabled, autoscaling is not triggered.

    • Availability Zones: Select the zones in which you want to create the autoscale groups. Depending on the cloud access profile that you have selected, availability zones specific to that profile are populated.

    • Tags: Type the key-value pair for the autoscale group tags. A tag consists of a case-sensitive key-value pair. These tags enable you to organize and identify the autoscale groups easily. The tags are applied to both Microsoft Azure and Citrix ADM.

    Create an autoscale group

  5. Click Next.

Step 2: Configure autoscale parameters

  1. In the AutoScale Parameters tab, enter the following details.

  2. Select one or more than one of the following threshold parameters whose values must be monitored to trigger a scale-out or a scale-in.

    • Enable CPU Usage Threshold: Monitor the metrics based on the CPU usage.

    • Enable Memory Usage Threshold: Monitor the metrics based on the memory usage.

    • Enable Throughput Threshold: Monitor the metrics based on the throughput.

      Note

      • Default minimum threshold limit is 30 and the maximum threshold limit is 70. However, you change to modify the limits.

      • Minimum threshold limit must be equal or less than half of the maximum threshold limit.

      • You can select more than one threshold parameters for monitoring. Scale-out is triggered if at least one of the threshold parameters is above the maximum threshold. However, a scale-in is triggered only if all the threshold parameters are operating below their normal thresholds.

      autoscale parameters

    • Minimum Instances: Select the minimum number of instances that need to be provisioned for this autoscale group.

      The default minimum number of instances is equal to the number of zones selected. You can only increment the minimum instances in the multiples of specified number of zones.

      For example, if the number of availability zones is 4, the minimum instances are 4 by default. You can increase the minimum instances by 8, 12, 16.

    • Maximum Instances: Select the maximum number of instances that need to be provisioned for this autoscale group.

      The maximum number of instances must be greater than or equal to the value of the minimum instances. The maximum number of instances cannot exceed the number of availability zones multiplied by 32.

      Maximum number of instances = number of availability zones * 32

    • Watch-Time (minutes): Select the watch-time duration. The time for which the scale parameter’s threshold has to stay breached for scaling to happen. If the threshold is breached on all the samples collected in this specified time then a scaling happens.

    • Cooldown period (minutes): Select the cooldown period. During scale-out, the cooldown period is the time for which evaluation of the statistics has to be stopped after a scale-out occurs. This period ensures the organic growing of instances of an autoscale group. Before triggering the next scaling decision, it waits for the current traffic to stabilize and average out on the current set of instances.

    • Time to wait during Deprovision (minutes): Select the drain connection timeout period. During scale-in action, an instance is identified to de-provision. Citrix ADM restricts the identified instance from processing new connections until the specified time expires before de-provision. In this period, it allows existing connections to this instance to be drained out before it gets de-provisioned.

    • DNS Time To Live (seconds): Select the time (in seconds). In this period, a packet is set to exist inside a network before router discards the packet. This parameter is applicable only when the traffic distribution mode is DNS using Microsoft Azure traffic manager.

      Autoscale parameters

  3. Click Next.

Step 3: Configure cloud parameters

  1. In the Cloud Parameters tab, enter the following details:

    • Resource Group: Select the resource group in which Citrix ADC instances are deployed.

    • Product / License: Select the Citrix ADC product version that you want to provision. Ensure that programmatic access is enabled for the selected type. For more information, see Subscribe to the Citrix ADC VPX license in Microsoft Azure.

    • Azure VM Size: Select the required VM size from the list.

      Note

      Ensure that the selected Azure VM Size has a minimum of three NICs. For more information, see Supported Azure virtual images for autoscaling.

    • Cloud Access Profile for ADC: Citrix ADM logs in to your Azure account using this profile to provision or de-provision ADC instances. It also configures Azure LB or Azure DNS.

    • Image: Select the required Citrix ADC version image. Click Add New to add a Citrix ADC image.

    • Security Groups: Security groups control the inbound and outbound traffic in a Citrix ADC VPX instance. Select a security group for Management, Client, and Server traffic. For more information on management, client, and server security groups, see Security Groups.

    • Subnets: You must have three separate subnets such as Management, client, and server subnet to autoscale Citrix ADC subnets. Subnets contain the required entities for autoscaling. Select For more information, see Subnets.

      Autoscale cloud configuration

  2. click Finish.

Step 4: Configure an application for the autoscale group

  1. In Citrix ADM, navigate to Networks > Autoscale Groups.

  2. Select the autoscale group that you created and click Configure.

    The Choose StyleBook page is displayed.

  3. Choose the required StyleBook that you want to deploy configurations for the selected autoscale group.

    If you want to import StyleBooks, click Import New StyleBook.

  4. Specify the values for all the parameters.

    The configuration parameters are pre-defined in the selected StyleBook.

  5. Check the Application Server Group Type CLOUD check box to specify the application servers available in the virtual machine scale set.

    1. In Application Server Fleet Name, specify Autoscale setting name of your virtual machine scale set.

    2. Select the Application Server Protocol from the list.

    3. In Member Port, specify the port value of the application server.

    Note

    Ensure AutoDisable Graceful shutdown is set to No and AutoDisable Delay field is blank.

    1. If you want to specify the advanced settings for your application servers, check the Advanced Application Server Settings check box. Then, specify the required values listed under Advanced Application Server Settings.

    configure the application for an autoscale group cloud

  6. If you have standalone application servers in the virtual network, check the Application Server Group Type STATIC check box:

    1. Select the Application Server Protocol from the list.

    2. In Server IPs and Ports, click + to add an application server IP address, port, and weight, then click Create.

    configure the application for an autoscale group static

  7. Click Create.

Modify the autoscale groups configuration

You can modify an autoscale group configuration or delete an autoscale group. You can modify only the following autoscale group parameters:

  • Maximum and minimum limits of the threshold parameters

  • Minimum and maximum instance values

  • Drain connection period value

  • Cooldown period value

  • Watch duration value

You can also delete the autoscale groups after they are created.

When an autoscale group is deleted, all the domains and IP addresses are deregistered from DNS and the cluster nodes are de-provisioned.