Citrix Application Delivery Management 13.0

Autoscale configuration

To start autoscaling of Citrix ADC VPX instances in AWS, you must complete the following steps:

Autoscale-configuration1

  1. Complete all the pre-requisites on AWS

  2. Complete all the pre-requisites on Citrix ADM

  3. Create Autoscale groups

    1. Initialize Autoscale configuration

    2. Configure Autoscale parameters

    3. Configure provision parameters

  4. Deploy the application

Pre-requisites for AWS

Autoscale-configuration2

Ensure to complete all the pre-requisites on the AWS to use the Autoscale feature. This document assumes that you already possess an AWS account.

The next few sections assist you in performing all the necessary tasks in AWS before you create Autoscale groups in Citrix ADM. The tasks that you must complete are as follows:

  1. Subscribe to the required Citrix ADC VPX instance on AWS.
  2. Create the required Virtual Private Cloud (VPC) or select an existing VPC.
  3. Define the corresponding subnets and security groups.
  4. Create two Identity Access Management (IAM) roles, one for Citrix ADM and one for Citrix ADC VPX instance.
  5. Create a user for Citrix ADM and assign the role created for Citrix ADM to the user.
  6. Generate the Access Key ID and Secure Access Key for the user.

For more information on how to create VPC, subnet and security groups, see AWS documentation.

Subscribe to Citrix ADC VPX license in AWS

  1. Go to AWS marketplace.
  2. Log on with your credentials.
  3. Search for Citrix ADC VPX Customer Licensed, Premium, or Advanced edition.

    CitrixADClicenses1

  4. Subscribe to either Citrix ADC VPX Customer Licensed, Premium Edition, or Advanced Edition licenses.

Note

If you choose the Customer Licensed edition, the Autoscale group checks out the licenses from the Citrix ADM while provisioning Citrix ADC instances.

Create subnets

Create three subnets in your VPC - one each for the management, client, and server connections. Specify an IPv4 CIDR block from the range that is defined in your VPC for each of the subnets. Specify the availability zone in which you want the subnet to reside. Create all the three subnets in each of the availability zones where servers are present.

  • Management. Existing subnet in your Virtual Private Cloud (VPC) dedicated for management. Citrix ADC contacts AWS services, which requires internet access. Configure a NAT gateway and add a route table entry to allow internet access from this subnet.
  • Client. Existing subnet in your Virtual Private Cloud (VPC) dedicated for the client side. Typically, Citrix ADC receives client traffic for the application via a public subnet from the internet. Associate the client subnet with a route table which has a route to an Internet gateway. This subnet allows Citrix ADC to receive application traffic from the internet.
  • Server. A server subnet where the application servers are provisioned. All your application servers are present in this subnet and receive application traffic from the Citrix ADC through this subnet.

Create security groups

Create a security group to control inbound and outbound traffic in the Citrix ADC VPX instance. Create rules for both incoming and outgoing traffic that you want to control in the Citrix Autoscale groups. You can add as many rules as you want.

  • Management. Existing security group in your account dedicated for management of Citrix ADC VPX. Inbound rules must be allowed on the following TCP and UDP ports.

    • TCP: 80, 22, 443, 3008–3011, 4001
    • UDP: 67, 123, 161, 500, 3003, 4500, 7000

    Ensure that the security group allows the Citrix ADM agent to be able to access the VPX.

  • Client. Existing security group in your account dedicated for client side communication of Citrix ADC VPX instances. Typically, inbound rules are allowed on the TCP ports 80, 22, and 443.

  • Server. Existing security group in your account dedicated for server-side communication of Citrix ADC VPX.

Create IAM roles

Along with creating an IAM role and defining a policy, you must also create an instance profile in AWS. IAM roles allow Citrix ADM to provision Citrix ADC instance, create, or delete Route53 entries.

While roles define “what can I do?” they do not define “who am I?” AWS EC2 uses an instance profile as a container for an IAM role. An instance profile is a container for an IAM role. You can use this profile to pass role information to an EC2 instance when the instance starts.

When you create an IAM role using the console, the console automatically creates an instance profile with the same name as the role it corresponds to. Roles provide a mechanism to define a collection of permissions. An IAM user represents a person and an instance profile represents the EC2 instances. If a user has a role “A,” and an instance has an instance profile attached to “A,” these two principals can access the same resources in the same way.

Note

Ensure that the role names start with “Citrix-ADM-“ and the instance profile name starts with “Citrix-ADC-.”

To create an IAM role for Citrix ADM

Create an IAM role so that you can establish a trust relationship between users and the Citrix trusted AWS account. Then, create a policy with Citrix permissions.

  1. In AWS, click Services. In the left side navigation pane, select IAM > Roles, and click Create role.

  2. You are connecting your AWS account with the AWS account in Citrix ADM. So, select Another AWS account to allow Citrix ADM to perform actions in your AWS account.

  3. Type in the 12-digit Citrix ADM AWS account ID. The Citrix ID is 835822366011. You can also find the Citrix ID in Citrix ADM when you create the cloud access profile.

  4. Click Permissions.

  5. In Attach permissions policies page, click Create policy.

  6. You can create and edit a policy in the visual editor or by using JSON.

    The list of permissions from Citrix for Citrix ADM is provided in the following box:

    JSON
    {
    "Version": "2012-10-17",
    "Statement": [
      {
        "Sid": "VisualEditor0",
        "Effect": "Allow",
        "Action": [
          "ec2:DescribeInstances",
          "ec2:UnmonitorInstances",
          "ec2:MonitorInstances",
          "ec2:CreateKeyPair",
          "ec2:ResetInstanceAttribute",
          "ec2:ReportInstanceStatus",
          "ec2:DescribeVolumeStatus",
          "ec2:StartInstances",
          "ec2:DescribeVolumes",
          "ec2:UnassignPrivateIpAddresses",
          "ec2:DescribeKeyPairs",
          "ec2:CreateTags",
          "ec2:ResetNetworkInterfaceAttribute",
          "ec2:ModifyNetworkInterfaceAttribute",
          "ec2:DeleteNetworkInterface",
          "ec2:RunInstances",
          "ec2:StopInstances",
          "ec2:AssignPrivateIpAddresses",
          "ec2:DescribeVolumeAttribute",
          "ec2:DescribeInstanceCreditSpecifications",
          "ec2:CreateNetworkInterface",
          "ec2:DescribeImageAttribute",
          "ec2:AssociateAddress",
          "ec2:DescribeSubnets",
          "ec2:DeleteKeyPair",
          "ec2:DisassociateAddress",
          "ec2:DescribeAddresses",
          "ec2:DeleteTags",
          "ec2:RunScheduledInstances",
          "ec2:DescribeInstanceAttribute",
          "ec2:DescribeRegions",
          "ec2:DescribeDhcpOptions",
          "ec2:GetConsoleOutput",
          "ec2:DescribeNetworkInterfaces",
          "ec2:DescribeAvailabilityZones",
          "ec2:DescribeNetworkInterfaceAttribute",
          "ec2:ModifyInstanceAttribute",
          "ec2:DescribeInstanceStatus",
          "ec2:ReleaseAddress",
          "ec2:RebootInstances",
          "ec2:TerminateInstances",
          "ec2:DetachNetworkInterface",
          "ec2:DescribeIamInstanceProfileAssociations",
          "ec2:DescribeTags",
          "ec2:AllocateAddress",
          "ec2:DescribeSecurityGroups",
          "ec2:DescribeHosts",
          "ec2:DescribeImages",
          "ec2:DescribeVpcs",
          "ec2:AttachNetworkInterface",
          "ec2:AssociateIamInstanceProfile"
        ],
        "Resource": "*"
      },
      {
        "Sid": "VisualEditor1",
        "Effect": "Allow",
        "Action": [
          "iam:GetRole",
          "iam:PassRole"
        ],
        "Resource": "*"
      },
      {
        "Sid": "VisualEditor2",
        "Effect": "Allow",
        "Action": [
          "route53:CreateHostedZone",
          "route53:CreateHealthCheck",
          "route53:GetHostedZone",
          "route53:ChangeResourceRecordSets",
          "route53:ChangeTagsForResource",
          "route53:DeleteHostedZone",
          "route53:DeleteHealthCheck",
          "route53:ListHostedZonesByName",
          "route53:GetHealthCheckCount"
        ],
        "Resource": "*"
      },
      {
        "Sid": "VisualEditor3",
        "Effect": "Allow",
        "Action": [
          "iam:ListInstanceProfiles",
          "iam:ListAttachedRolePolicies",
          "iam:SimulatePrincipalPolicy"
        ],
        "Resource": "*"
      },
      {
        "Sid": "VisualEditor4",
        "Effect": "Allow",
        "Action": [
          "ec2:ReleaseAddress",
          "elasticloadbalancing:DeleteLoadBalancer",
          "ec2:DescribeAddresses",
          "elasticloadbalancing:CreateListener",
          "elasticloadbalancing:CreateLoadBalancer",
          "elasticloadbalancing:RegisterTargets",
          "elasticloadbalancing:CreateTargetGroup",
          "elasticloadbalancing:DeregisterTargets",
          "ec2:DescribeSubnets",
          "elasticloadbalancing:DeleteTargetGroup",
          "elasticloadbalancing:ModifyTargetGroupAttributes",
          "ec2:AllocateAddress"
        ],
        "Resource": "*"
      }
    ]
    }
    }
    
  7. Copy and paste the list of permissions in the JSON tab and click Review policy.
  8. In Review policy page, type a name for the policy, enter a description, and click Create policy.

    Note

    Ensure that the name starts with “Citrix-ADM-.”

  9. In the Create Role page, enter the name of the role.

    Note

    Ensure that the role name starts with “Citrix-ADM-.”

  10. Click Create Role.

To create an IAM role for Citrix ADC instances

Similarly, create an IAM role for Citrix ADC. The Citrix ADC can then log on to your AWS account and perform the following actions:

  • reassigning management IP address during node failures
  • listen to AWS Autoscale events of back-end servers, and so on.

Attach the policy with permissions provided by Citrix for AWS to access the Citrix ADC instances.

  1. In AWS, click Services. In the left side navigation pane, select IAM > Roles, and click Create role.

  2. Ensure that you select AWS service > EC2, and then click Permissions to create an instance profile.

    Create an IAM role

  3. Click Permissions.

  4. In Attach permissions policies page, click Create policy.

  5. You can create and edit a policy in the visual editor or by using JSON.

The list of permissions from Citrix for Citrix ADC instances is provided in the following box:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "iam:GetRole",
        "iam:SimulatePrincipalPolicy",
        "autoscaling:*",
        "sns:*",
        "sqs:*",
        "cloudwatch:*",
        "ec2:AssignPrivateIpAddresses",
        "ec2:DescribeInstances",
        "ec2:DescribeNetworkInterfaces",
        "ec2:DetachNetworkInterface",
        "ec2:AttachNetworkInterface",
        "ec2:StartInstances",
        "ec2:StopInstances"
      ],
      "Resource": "*"
    }
  ]
}

Register the DNS domain

Ensure that you have registered the DNS domain for hosting your applications.

Assess the number of elastics IPs (EIP) required in your network.

The number of EIPs required varies based on whether you are deploying DNS based autoscaling or NLB based autoscaling. To increase the number of EIPs, create a case with AWS.

  • For DNS based autoscaling, the number of EIPs required per availability zone is equal to the number of applications multiplied by the maximum number of VPX instances you want to configure in the Autoscale groups.
  • For NLB based autoscaling, the number of EIPs required is equal to the number of applications multiplied by the number of availability zones in which the applications are getting deployed.

Assess the instance limit requirements

When assessing instance limits, ensure that you consider space requirements for Citrix ADC instances also.

Install Citrix ADM agent on AWS

The Citrix ADM agent works as an intermediary between the Citrix ADM and the discovered instances in the data center or on the cloud. Ensure that you have installed a Citrix ADM agent in AWS. Add a route in the AWS ADM agent so that ADM can reach the agent after you establish the layer 3 connectivity.

Follow these steps to add a route in the agent installed in AWS:

  1. Access the console of the ADM agent installed on AWS.

  2. Run the following command at the prompt:

    route add –net <DMZ network> <gateway to ADM agent>

For example, “route add –net 10.x.x.0/24 21.1.1.10”

Note

The route is removed after the agent restarts. This behavior is specific to AWS/Azure agent images where network settings are skipped.

For details on how to install the Citrix ADM agent on AWS, see Installing Citrix ADM agent on AWS

Create a Route Table in AWS

Add a route table to establish a communication from Citrix ADC instances to Citrix ADM deployed on your data center.

  1. Log in to AWS and navigate to Route Tables.

  2. In Create route table, specify the Name tag and select the VPC where you want to deploy ADC instances. See Create a route table.

  3. On Subnet Associations, associate the management subnet with the route table where you deploy ADC instances. Associating a subnet with a Route Table.

  4. In Routes, select Edit Routes and specify the following details:

    • Destination: Specify the Citrix ADM network. You can specify either the Citrix ADM IP address or Citrix ADM subnet.

    • Target: Select Network Interface and specify Subnet of Citrix CloudBridge Connector.

    For more information, see Add routes.

Prerequisites for Citrix ADM

Ensure that you have completed all the pre-requisites on the Citrix ADM to use the Autoscale feature.

Autoscale-configuration2

Create a site

Create a site in Citrix ADM and add the details of the VPC associated with your AWS role.

  1. In Citrix ADM, navigate to Networks > Sites.
  2. Click Add.
  3. Select the service type as AWS and enable Use existing VPC as a site.
  4. Select the cloud access profile.
  5. If the cloud access profile doesn’t exist in the field, click Add to create a profile.

    1. In the Create Cloud Access Profile page, type the name of the profile with which you want to access AWS.

    2. Type the Access Key ID that is associated with the role that you have created in AWS.

    3. Type the Secret access Key generated while creating an IAM role for Citrix ADM in AWS.

      Cloud-access-profile

      The details of the VPC, such as the region, VPC ID, name and CIDR block, associated with your IAM role in AWS are imported in Citrix ADM.

    4. Click Create.

  6. Again click Create to create the site.

Configure NTP server

Ensure to configure an NTP server on Citrix ADM, so that the Citrix ADM clock has the same date and time settings as the Citrix ADCs deployed on AWS. For more information on how to configure NTP servers, see Configure NTP server.

Configure domain name server

The Citrix ADM requires internet connectivity to connect to the ADC instances deployed on the AWS. Configure DNS IP address on ADM to allow internet connectivity.

  1. In Citrix ADM, navigate to System > Set Up Citrix ADM, and select Network Configuration.

  2. In Network Configuration page, enter the IP address of the DNS configured in your network.

  3. Click OK.

Configure Layer 3 connectivity

Establish Layer 3 connectivity between Citrix ADM and the ADC VPX instances deployed on the public cloud. To establish the Layer 3 connectivity, you can use solutions such as Citrix CloudBridge Connector, Citrix SD-WAN, Direct Connect to AWS, VPN in Azure, or third-party connectors such as Equinix and so on.

For more information on how to create Layer 3 connectivity, see Add VPX Instances deployed in cloud to Citrix ADM.

Install Citrix ADM agent on AWS

The Citrix ADM agent works as an intermediary between the Citrix ADM and the discovered instances in the data center or on the cloud. For details on install the Citrix ADM agent on AWS, see Installing Citrix ADM agent on AWS.

Create Autoscale groups

Initialize Autoscale configuration

Autoscale-configuration4

  1. In Citrix ADM, navigate to Networks > AutoScale Groups.
  2. Click Add to create Autoscale groups. The Create AutoScale Group page appears.
  3. Enter the following details.

    • Name. Type a name for the Autoscale group.
    • Site. Select the site that you have created to provision the Citrix ADC VPX instances on AWS.
    • Agent. Select the Citrix ADM agent that manages the provisioned instances.
    • Cloud Access Profile. Select the cloud access profile.

    Note

    If the cloud access profile does not exist in the field, click Add to create a profile.

    • Type the ARN associated with the role that you have created in AWS.
    • Type the external ID that you provided while creating an Identity and Access Management (IAM) role in AWS. Depending on the cloud access profile that you select, the availability zones are populated.
    • Device Profile. Select the device profile from the list. Citrix ADM uses this device profile whenever ADM must log on to the instance.

    • Traffic Distribution Mode. The Load Balancing using NLB option is selected as default traffic distribution mode. If applications are using UDP traffic, then select DNS using AWS route53.

      Create-autoscale-group1

      Note

      After the Autoscale configuration is set up, new availability zones cannot be added or existing availability zones cannot be removed.

    • Enable AutoScale Group. Enable or disable the status of the ASG groups. This option is enabled, by default. If this option is disabled, autoscaling is not triggered.

    • Availability Zones. Select the zones in which you want to create the Autoscale groups. Depending on the cloud access profile that you have selected, availability zones specific to that profile are populated.

    • Tags. Type the key-value pair for the Autoscale group tags. A tag consists of a case-sensitive key-value pair. These tags enable you to organize and identify the Autoscale groups easily. The tags are applied to both AWS and Citrix ADM.

      Create-autoscale-group2

  4. Click Next.

Configuring Autoscale parameters

Autoscale-configuration5

  1. In the AutoScale Parameters tab, enter the following details.
  2. Select one or more than one of the following threshold parameters whose values must be monitored to trigger a scale-out or a scale-in.
    • Enable CPU Usage Threshold: Monitor the metrics based on the CPU usage.
    • Enable Memory Usage Threshold: Monitor the metrics based on the memory usage.
    • Enable Throughput Threshold: Monitor the metrics based on the throughput.

      Note

      • Default minimum threshold limit is 30 and maximum threshold limit is 70. However, you change modify the limits.
      • Minimum threshold limit must be equal or less than half of the maximum threshold limit.
      • More than one threshold parameters can be selected for monitoring. In such cases, a scale-in is triggered if at least one of the threshold parameters is above the maximum threshold. However, a scale-in is triggered only if all the threshold parameters are operating below their normal thresholds.

      Create-autoscale-group3

    • Keep a Spare Node for faster Scale Out: This option helps to achieve faster scale-out. ADM provisions a spare node in the inactive state.

      When ADM triggers the scale-out action, the spare node becomes active immediately. So, it saves the node provisioning time node during scale-out.

    • Minimum Instances. Select the minimum number of instances that must be provisioned for this Autoscale group.
    • By default, the minimum number of instances is equal to the number of zones selected. You can increment the minimum instances by multiples of the number of zones.
    • For example, if the number of availability zones is 4, the minimum instances is 4 by default. You can increase the minimum instances by 8, 12, 16.
    • Maximum Instances. Select the maximum number of instances that must be provisioned for this Autoscale group.
    • The maximum number of instances must be greater than or equal to the minimum instances value. The maximum number of instances that can be configured is equal to the number of availability zones multiplied by 32.
    • Maximum number of instances = number of availability zones * 32
    • Drain Connection Timeout (minutes). Select the drain connection timeout period. During scale-in, once an instance is selected for deprovisioning, Citrix ADM removes the instance from processing new connections to the Autoscale group and waits until the specified time expires before deprovisioning. This option allows existing connections to this instance to be drained out before it gets deprovisioned.
    • Cooldown period (minutes). Select the cooldown period. During scale-out, the cooldown period is the time for which evaluation of the statistics has to be stopped after a scale-out occurs. This period ensures organic growing of instances of an Autoscale group by allowing current traffic to stabilize and average out on the current set of instances before the next scaling decision is made.
    • DNS Time To Live(seconds). Select the amount of time (in seconds) that a packet is set to exist inside a network before being discarded by a router. This parameter is applicable only when the traffic distribution mode is DNS using AWS route53.
    • Watch-Time (minutes). Select the watch-time duration. The time for which the scale parameter’s threshold has to stay breached for a scaling to happen. If the threshold is breached on all the samples collected in this specified time then a scaling happens.

      Create-autoscale-group4

  3. Click Next.

Configure licenses for provisioning Citrix ADC instances

Select one of the following modes to license Citrix ADC instances that are part of an Autoscale Group:

  • Using Citrix ADM: While provisioning Citrix ADC instances, the Autoscale group checks out the licenses from the Citrix ADM.

  • Using AWS Cloud: The Allocate from Cloud option uses the Citrix product licenses available in the AWS marketplace. While provisioning Citrix ADC instances, the Autoscale group uses the licenses from the marketplace.

    If you choose to use licenses from the AWS marketplace, specify the product or license in the Cloud Parameters tab.

For more information, see Licensing Requirements.

Use licenses from Citrix ADM

  1. In the License tab, select Allocate from ADM.

  2. In License Type, select one of the following options from the list:

    • Bandwidth Licenses: You can select one of the following options from the Bandwidth License Types list:

      • Pooled Capacity: Specify the capacity to allocate for every new instance in the Autoscale group.

        From the common pool, each ADC instance in the Autoscale group checks out one instance license and only as much bandwidth is specified.

      • VPX Licenses: When a Citrix ADC VPX instance is provisioned, the instance checks out the license from the Citrix ADM.

    • Virtual CPU Licenses: The provisioned Citrix ADC VPX instance checks out licenses depending on the number of active CPUs running in the Autoscale group.

    Note

    When the provisioned instances are removed or destroyed, the applied licenses return to the Citrix ADM license pool. These licenses can be reused to provision new instances during the next Autoscale.

  3. In License Edition, select the license edition. The Autoscale group uses the specified edition to provision instances.

  4. Click Next.

Configure cloud parameters

Autoscale-configuration6

  1. In the Provision Parameters tab, enter the following details.

    • IAM Role: Select the IAM role that you have created in AWS. An IAM role is an AWS identity with permission policies that determine what the identity can and cannot do in AWS.

    • Product: Select the Citrix ADC product version that you want to provision.

    • Version: Select the Citrix ADC product release version and the build number. The release versions and build numbers are auto-populated based on the product that you have selected.

    • AWS AMI ID: Enter the AMI ID specific to the region that you have selected.

    • Instance Type: Select the EC2 instance type.

      Note

      The recommended instance type for the selected product is auto-populated, by default.

    • Security Groups: Security groups control the inbound and outbound traffic in the Citrix ADC VPX instance. You create rules for both incoming and outgoing traffic that you want to control. Select appropriate values for the following subnets:

    • Management. Existing security group in your account dedicated for management of Citrix ADC VPX instances. Inbound rules are allowed on the following TCP and UDP ports.

      TCP: 80, 22, 443, 3008–3011, 4001 UDP: 67, 123, 161, 500, 3003, 4500, 7000

      Ensure that the security group allows the Citrix ADM agent to be able to access the VPX.

    • Client. Existing security group in your account dedicated for client side communication of Citrix ADC VPX instances. Typically, inbound rules are allowed on the TCP ports 80, 22, and 443.

    • Server. Existing security group in your account dedicated for server side communication of Citrix ADC VPX.

    • IPs in server subnet per node: Select the number of IP addresses in the server subnet per node for the security group.

      Create-autoscale-group5

    • Zone: The number of zones that are populated is equal to the number of availability zones that you have selected. For each zone, select the appropriate values for the following subnets:

    • Management. Existing subnet in your Virtual Private Cloud (VPC) dedicated for management. Citrix ADC contacts AWS services, and it requires internet access. Configure a NAT gateway and add a route table entry to allow internet access from this subnet.

    • Client. Existing subnet in your Virtual Private Cloud (VPC) dedicated for the client side. Typically, Citrix ADC receives client traffic for the application via a public subnet from the internet. Associate the client subnet with a route table which has a route to an Internet gateway. This subnet allows Citrix ADC to receive application traffic from the internet.

    • Server. Application servers are provisioned in a server subnet. All your application servers are present in this subnet and receive application traffic from the Citrix ADC via this subnet.

      Create-autoscale-group6

  2. Click Finish.

    A progress window with the status for creating an Autoscale group appears. It might take several minutes for the creation and provisioning of Autoscale groups.

    Autoscale-configuration-step7

Configure application using StyleBooks

Autoscale-configuration7

  1. In Citrix ADM, navigate to Networks > Autoscale Groups.

  2. Select the Autoscale group that you created and click Configure.

  3. In Configure Application, specify the following details:

    • Application Name - Specify the name of an application.

    • Access Type - You can use the ADM autoscaling solution to both external and internal applications. Select the required application access type.

    • FQDN Type - Select a mode of assigning domain and zone names.

      If you want to specify manually, select User-Defined. To automatically assign domain and zone names, select Auto-generated.

    • Domain Name - Specify the domain name of an application. This option is applicable only when you select User-defined FQDN type.

    • Zone of the Domain - Select the zone name of an application from the list. This option is applicable only when you select User-defined FQDN type.

      This domain and zone name redirects to the virtual servers in AWS. For example, if you host an application in app.example.com, the app is the domain name and example.com is the zone name.

    • Protocol - Select the protocol type from the list. The configured application receives the traffic depending on the selected protocol type.

    • Port - Specify the port value. The specified port is used to establish a communication between the application and the Autoscale group.

    Configure ASG applications

    If you want to configure an application using StyleBooks, select Yes in the confirmation window.

    Configure an application using StyleBooks

    Note

    Change the access type of an application if you want to modify the following details in the future:

    • FQDN Type
    • Domain Name
    • Zone o the domain
  4. The Choose StyleBook page displays all the StyleBooks available for your use to deploy configurations in the Autoscale clusters.

    • Select the appropriate StyleBook. For example, you can use the HTTP/SSL Load balancing StyleBook. You can also import new StyleBooks.
    • Click the StyleBook to create the required configuration. The StyleBook opens as a user interface page on which you can enter the values for all the parameters defined in this StyleBook.
    • Enter values for all the parameters.
    • If you are creating back-end servers in AWS, select Backend Server Configuration. Further select AWS EC2 Autoscaling > Cloud and enter the values for all the parameters.

      Configure an Autoscale application

    • There might be a few optional configurations required depending on the StyleBook that you have chosen. For example, you might have to create monitors, provide SSL certificate settings, and so on.
    • Click Create to deploy the configuration on the Citrix ADC cluster.

Note

  • The FQDN of an application or a virtual server cannot be modified after it is configured and deployed.

    The FQDN of the application is resolved to the IP address using DNS. As this DNS record might be cached across various name servers, changing the FQDN might cause the traffic to be blackholed.

  • SSL session sharing work as expected within an availability zone but across availability zones, requires reauthentication.

    SSL sessions are synchronized within the cluster. As the Autoscale group spanning across availability zones has separate clusters in each zone, SSL sessions cannot be synchronized across zones.

  • Shared limits such as max client and spill-over are set statically based on the number of availability zones. Set this limit after calculating it manually. Limit = <Limit required>/<number of Zones>.

    Shared limits are distributed automatically across nodes within a cluster. As the Autoscale group spanning across availability zones has separate clusters in each zone, these limits have to be calculated manually.

Upgrade Citrix ADC clusters

Upgrade the cluster nodes manually. You first upgrade the image of existing nodes and then update AMI from the Citrix ADM.

Important

Ensure the following during an upgrade:

  • No scale-in or scale-out is triggered.
  • No configuration changes must be performed on the cluster in the Autoscale group.
  • You keep a backup of the ns.conf file of the previous version. In case an upgrade fails, you can fall back to the previous version.

Perform the following steps to upgrade the Citrix ADC cluster nodes.

  1. Disable the Autoscale group on the MAS ASG portal.
  2. Select one of the clusters within the Autoscale groups for upgrade.
  3. Follow the steps documented in the topic Upgrading or downgrading the Citrix ADC cluster.

    Note

    • Upgrade one node in the cluster.
    • Monitor the application traffic for any failures.
    • If you encounter any issues or failures, downgrade the node that was previously upgraded. Else, continue with the upgrade of all nodes.
  4. Continue upgrading the nodes in all the clusters in the Autoscale group.

    Note

    If the upgrade for any cluster fails, downgrade all the clusters in the Autoscale group to the previous version. Follow the steps documented in the topic Upgrading or downgrading the Citrix ADC cluster.

  5. After successful upgrade of all clusters, update AMI on MAS ASG Portal. AMI must be of the same version as the image used for the upgrade.
  6. Edit the Autoscale group and type the AMI that corresponds to the upgraded version.
  7. Enable the Autoscale group on the ADM portal.

Modify Autoscale groups configuration

  • You can modify an Autoscale group configuration or delete an Autoscale group. You can modify only the following Autoscale group parameters.

    • Traffic distribution mode
    • Maximum and minimum limits of the threshold parameters
    • Minimum and maximum instance values
    • Drain connection period value
    • Cooldown period value
    • Time to live value – If the traffic distribution mode is DNS
    • Watch duration value
  • You can also delete the Autoscale groups after they are created.

    When you delete an Autoscale group, all the domains and IP addresses are deregistered from DNS/NLB and the cluster nodes are deprovisioned.