Release Notes for Citrix ADM 13.0-67.42 Release

This release notes document describes the enhancements and changes,fixed and known issues that exist for the Citrix ADM release Build 13.0-67.42.

Notes

  • This release notes document does not include security related fixes. For a list of security related fixes and advisories, see the Citrix security bulletin.
  • When you upgrade the ADM software to image version 13.0 67.xx, your ADM database is also migrated. For more information, see NSADM-40196 in this release notes.
  • Build 67.42 replaces Build 67.39

What's New

The enhancements and changes that are available in Build 13.0-67.42.

Analytics

  • Feature: Networks

    View network reporting data by applying aggregation filters

    You can now apply aggregation to the network performance data and view application performance on the dashboard. You can also export the results based on your requirement. Using these aggregations applied to the data, you can analyze and ensure all resources are utilized optimally. Navigate to Network > Network Reporting and select the time duration 1 day or later to get the View By option.

    In the existing average data, you can apply aggregations by selecting the option from the View By list. When you apply aggregation, the data is updated for each metric in the dashboard. Click Settings and select Aggregation Filters.

    For more information, see https://docs.citrix.com/en-us/citrix-application-delivery-management-software/current-release/networks/network-reporting.html

    [ NSADM-56494 ]
  • Feature: Analytics

    In Gateway Insight, you can now view a search bar that enables you to filter results based on the user name. Navigate to Analytics > Gateway Insight > Users to view the search bar for Users and Active Users. Place the mouse pointer on the search bar, select User Name, and type a user name to filter results.

    [ NSADM-55506 ]
  • Feature: Analytics

    Geo map support for Gateway Insight

    In Gateway Insight, you can now visualize a geo map view that displays the users information based on the users geographical location. As an administrator, this geo map enables you to view the summary of total users, total apps, and total sessions for a specific location.
    1. Navigate to Analytics > Gateway Insight to view the geo map
    2. Click a country. For example, United States
    The geo map displays the details such as users list, active sessions, terminated sessions, applications for the selected country.

    You can also visualize a geo map for gateways that enables you to filter users based on a particular location.
    1. Navigate to Analytics > Gateway Insight > Gateways
    2. Select a gateway domain name to view the geo map
    3. Click a country. For example, United States
    The geo map displays the details such as users list, active sessions, terminated sessions, applications for the selected country.

    [ NSADM-55504 ]
  • Feature: Analytics

    Security Insight - JSON Command Injection

    In Security Insight, you can now view a new violation type, JSON Command Injection. To generate the JSON Command Injection violation in Security Insight, you must configure the following command in Citrix ADC instance:

    add appfw profile abc_js -type JSON -startURLaction none -starturlclosure off -jsoncmdinjectionaction block log stats -jsoncmdinjectiontype cmdkeyword

    After you configure, you can view the JSON Command Injection attack in Security Insight.

    [ NSADM-52869 ]
  • Feature: Applications

    Improvements to Global Service Graph

    In Global Service Graph, you can now use the search bar to filter results. As an administrator, this search bar enables you to narrow-down quickly to a particular instance/client/application/data center, when you have:

    • A large enterprise with many data centers
    • Configured many Citrix ADC instances for each data center
    • Configured many applications deployed or accessed through each Citrix ADC instance
    • Clients accessing the application from different locations

    Place the mouse pointer on the search bar and select the category that you want to create the filter.

    For more information, see https://docs.citrix.com/en-us/citrix-application-delivery-management-software/current-release/application-analytics-and-management/holistic-view-sg.html

    [ NSADM-52149 ]

Management and Monitoring

Miscellaneous

StyleBooks

  • Feature: StyleBooks
    Improvements to StyleBook built-in functions

    When creating StyleBook definitions, now you use the following built-in functions with their improved capabilities:

    • replace() Replaces the characters or strings specified in the list. Earlier, you were not able to provide a list input to this function.
    • ip() - Accepts an integer value and converts that into an equivalent IP address. It also supports IP address addition and subtraction.
    • int() - Accepts an IPv4 address and returns its equivalent integer value.
      The following new StyleBooks built-in functions are added:
    • distinct() - Extracts the unique items from an input list.
    • split() - Splits an input string into lists.

    For more information, see https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/stylebooks/stylebooks-grammar/built-in-functions.html

    [ NSADM-56972 ]
  • Feature: StyleBooks
    User authorization improvements to StyleBooks and configuration packs

    As an administrator, you can authorize specific Stylebooks and configuration packs to a user in the Account > User Administration > Groups page. The StyleBooks and Configpacks sections are now enhanced with the following changes:
    StyleBooks A custom filter query now supports both And and Or operation to search StyleBooks.
    Example:
    name=lb-mon|lb AND namespace=com.citrix.adc.stylebooks AND version=1.0
    This query lists the StyleBooks that meet the following conditions:

    • StyleBook name is either lb-mon or lb.
    • StyleBook namespace is com.citrix.adc.stylebooks.
    • StyleBook version is 1.0.

    Configuration packs You can authorize the configurations that belong to the selected StyleBooks. To do so, select All configurations of the selected StyleBooks in the Configpacks section.

    For more information, see https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/access-control/role-based-access-control/rbac-configuring-groups.html

    [ NSADM-52334 ]
  • Feature: StyleBooks
    Include icons in the StyleBooks bundle

    When you import StyleBooks as a bundle, you can now include icons to each StyleBook. Ensure to have the resources folder that contains icons in the PNG, GIF, or JPEG formats. If the icon file name matches the StyleBook name, the icons are automatically mapped to the StyleBooks. Otherwise, do the following:
    1. Add the icon_mapping.json file in the resources folder.
    2. Map StyleBooks and icons in the icon_mapping.json file as follows:
    <StyleBook file name> : <icon file name>

    If you specify the defaulticon entry, the StyleBooks are mapped to the default icon unless they are mapped to a different icon.
    defaulticon: <icon file name>

    In Application > StyleBooks, the imported StyleBooks appear with the mapped icons. For more information, see https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/stylebooks/how-to-create-custom-stylebooks/how-to-use-custom-stylebooks.html

    [ NSADM-52330 ]

User Interface

  • Feature: Licensing
    Improvements to the Pooled Capacity page

    The Pooled Capacity page is now improved with the following GUI changes:

    Unmanaged instances - A new tab added in this page. It displays the instances that are discovered but not managed in Citrix ADM. Earlier, these instances were listed in the Dashboard tab with the Not Managed license status.

    License Status - In this column, the following statuses are removed:

    • Not Managed
    • Sync in progress

    The Allocation Details column is now removed from the instances list.

    License Server Usage - A new indicator added to the usage chart. It displays the pooled capacity consumption of the license server.

    For more information, see https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/license-server/adc-pooled-capacity/configuring-adc-pooled-capacity.html

    [ NSADM-52770 ]
  • Feature: Applications

    Improvements to App Dashboard

    In App Dashboard, you can now view the following enhancements.
    a. In the Manage Applications page:

    • You can view the total service groups and the service groups status that are Up, Down, or Out of Status
    • You can place the mouse pointer on the search bar and select the category to refine the search

    b. In the App Dashboard page, the scroll bar is replaced with a carousel slider that enables you an ease of access to all options.

    [ NSADM-52759 ]
  • New threshold types for critical system resources

    Now you configure the following five new score threshold types for critical system resources:

    • PE CPU Limit
    • PPS Limit
    • Throughput Limit
    • SSL Throughput Limit
    • SSL TPS Limit

    With these threshold types, you have greater control over the thresholds for the ADC instances, using which the instance score is calculated. You can also configure notifications for the score threshold breaches.

    [ NSADM-47453 ]
  • Database migration with ADM image upgrade

    When you upgrade the ADM software to image version 13.0 67.xx, your ADM database is also migrated. This data migration happens because ADM now uses PostgreSQL version 10.11.
    If the version you are upgrading from is previous to 13.0 61.xx, Citrix recommends you first upgrade to 13.0 61.xx and then to 13.0 67.xx, for better user experience. The upgrade process might take time due to database upgrade. For details, see the Upgrade topic: https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/upgrade.html

    [ NSADM-40196 ]
  • Feature: Networks
    New search capability for Event Messages

    In Networks > Events > Event Messages, now you can use logical operators such as AND/OR to search. You can also filter data using custom time periods. Also, the events summary panel provides a count of each event category and severity.

    [ NSADM-39942 ]

Fixed Issues

The issues that are addressed in Build 13.0-67.42.

Analytics

  • When you upgrade Citrix ADM to 13.0 67.39, the Web Insight data migration is stopped.

    [ NSHELP-25259 ]
  • Citrix ADM generates high CPU events periodically.

    [ NSHELP-25146 ]
  • Sometimes, the key metrics do not appearin the Applications > Dashboard page.

    [ NSHELP-24728 ]
  • ADM checks if metrics collector is enabled on ADC instance at regular intervals. If metrics collector is not enabled, ADM enables it. If some reason, metrics collector configuration fails, then ADM keeps trying to enable and causes unnecessary NITRO calls to ADC instance.
    With this fix, ADM tries to enable the metrics collector for only once.

    [ NSHELP-24573 ]
  • When ADM receives high traffic from the ADC instances, ADM CPU consumption increases to 25 percent.

    [ NSHELP-24534 ]
  • When ADM is integrated with Desktop Director, and very high number of users from Desktop Director is accessing HDX Insight report, users experience a slowness in report accessibility.

    As part of the fix, several improvements have been made to provide the HDX Insight report faster.

    [ NSHELP-24319 ]
  • Web Insight reports are not available for users, who do not have full admin rights.

    [ NSHELP-24226 ]
  • The App dashboard does not display application analytics because the virtual server license information is unavailable during metrics processing.

    [ NSADM-61800 ]
  • In lstreamd.conf, NGS, SWG, VPN, and ICA must be set to none by default, to avoid high memory and CPU consumption.

    [ NSADM-61408 ]

High Availability

  • In a Citrix ADM HA pair, after upgrading from 13.0 47.22 to 13.0 52.24, when the failover occurs, ADM uses primary node IP address for the AppFlow collector instead of floating IP address.

    [ NSHELP-23027 ]
  • Database streaming between the ADM HA nodes breaks when SSL certificate expires, and the join_streaming_replication.sh" command does not restore the streaming.

    1. "cat /var/mps/db_pgsql/data/pg_hba.conf" on the ADM primary node to verify if the following entries are present.

    hostssl replication masrepuser <ADM Primary IP address>/32 cert clientcert=1

    hostssl replication masrepuser <ADM Secondary IP address>/32 cert clientcert=1

    2. If any of these entries are missing, Add those missing entries to /var/mps/db_pgsql/data/pg_hba.confand run "su -l mpspostgres /mps/scripts/pgsql/reloadpgsql.sh" .

    3. Verify the SSL certificate is expired or is valid < 30 days. You can validate the certificate expiry date using:

    openssl x509 -enddate -noout -in /var/mps/pg_certs/client/masrepuser/pg_masrepuser.crt

    If the certificate has already expired, log on to Citrix ADM primary node using an SSH client and perform the following steps:

    1. printf "[ req ] \n distinguished_name = req_distinguished_name \n prompt = no \n\n [ req_distinguished_name ] \n C = US \n ST = California \n L = San Jose \n O = Citrix ADC SDX \n OU = Internal \n CN = masrepuser \n" > /var/mps/pg_certs/client/masrepuser/pg_masrepuser_csr.config ;

    2. openssl genrsa -out /var/mps/pg_certs/client/masrepuser/pg_masrepuser.key 2048 ;

    3. openssl req -days 1000000 -new -key /var/mps/pg_certs/client/masrepuser/pg_masrepuser.key -out /var/mps/pg_certs/client/masrepuser/pg_masrepuser.csr -config /var/mps/pg_certs/client/masrepuser/pg_masrepuser_csr.config ;

    4. openssl x509 -req -days 1000000 -in /var/mps/pg_certs/client/masrepuser/pg_masrepuser.csr -CA /var/mps/pg_certs/server/root.crt -CAkey /var/mps/pg_certs/server/pg_server.key -out /var/mps/pg_certs/client/masrepuser/pg_masrepuser.crt -CAcreateserial ;

    5. rm /var/mps/pg_certs/client/masrepuser/pg_masrepuser.csr;

    6. rm /var/mps/pg_certs/client/masrepuser/pg_masrepuser_csr.config;

    7. cp -R /var/mps/pg_certs/client /var/mps/db_pgsql/data/;

    8. chown -R mpspostgres:nobody /var/mps/db_pgsql/data/client;

    9. chmod 700 /var/mps/db_pgsql/data/client;

    10. chmod 600 /var/mps/db_pgsql/data/client/masrepuser/*key;

    11. chmod 600 /var/mps/db_pgsql/data/client/pg_rewind/*key;

    12. touch /var/mps/adm_upgrade_pg_generate_certs;

    13. masd restart

    [ NSADM-61363 ]

Management and Monitoring

  • The backup (System > Backup) option is not visible to the user, even though the user has admin access.

    [ NSHELP-24972 ]
  • Perform the following:

    1. Navigate to Networks > Network Functions > Load balancing

    2. Select the ServiceGroup and click Bound Members

    When you try to click the Enable/Disable/Poll Now option of the bound members, Citrix ADM GUI stops and the nitro fails with Not Authorized.

    [ NSHELP-24779 ]
  • When you upgrade Citrix ADM to13.0 61.48, the upgrade does not complete and still remains in the same ADM build.

    [ NSHELP-24745 ]
  • Feature: Networks
    In some cases, ADM does not send email alerts for cleared events if the Repeat Email notification until the event is cleared option is selected.

    [ NSHELP-24585 ]
  • After the DR node has become the primary node, the roll back from DR node to original primary site is not working as expected.

    [ NSHELP-24529 ]
  • Feature: Upgrade
    When you upgrade ADM to version 13.0 61.xx, association of peer servers with configured NTP servers in ADM is lost.
    1. Delete the NTP server.
    2. Add the NTP server

    [ NSHELP-24520 ]
  • When you attempt to increase the ADM secondary disk size, the process fails and "Swap partition cannot be deleted" error message appears.

    [ NSHELP-23878 ]
  • Feature: System
    ADC pre-upgrade check for free flash space always passes even if the free space is low.

    [ NSADM-60092 ]
  • The configuration job fails to execute if it has an angle bracket (<) symbol in the configuration command.

    [ NSADM-53465 ]

Miscellaneous

  • Feature: Licensing
    Pooled license information for ADC cluster nodes is not displayed correctly in the ADM dashboard.

    [ NSHELP-24359 ]

  • When you upgrade to ADM software version 13.0 71.x from version 11.1 any build, ADC historical data fails to migrate.

    [ NSADM-62301 ]
  • After you upgrade ADM to 13.0.64.35, database synchronization between the ADM standalone server and the disaster recovery node fails.

    [ NSADM-60395 ]

StyleBooks

  • When you import a private StyleBook with an icon, the ADM GUI does not display the icon for the imported StyleBook.

    [ NSADM-60506 ]
  • The "Error while adding tags" message appears when you do any of the following:

    - Add tags to a StyleBook.

    - Add tags to a configuration pack.

    - Associate StyleBook tags to a configuration pack.

    [ NSADM-60298 ]
  • Feature: StyleBooks
    When you deploy ADM for the first time,theADMGUIfailstodisplay thedefaultStyleBooks.

    Upgrade ADM to the same build version.

    [ NSADM-58681 ]

User Interface

  • After you upgrade to 13.0 61.48, ADM integration with Director might not display Network Analytics (HDX) and User sessions.

    [ NSHELP-24832 ]
  • Feature: Licensing

    In Networks > Instances, even if you enable the pooled licensing mode for the Citrix ADC MPX instance, it appears under the Not Licensed section.

    [ NSHELP-24509 ]
  • Citrix Director fails to integrate with Citrix ADM.

    [ NSADM-60878 ]

Known Issues

The issues that exist in release 13.0-67.42.

Management and Monitoring

  • The ADM GUI displays the removed cluster node if the following conditions are met:

    • The cluster node is removed manually.
    • The cluster is rediscovered in ADM.

    Remove the whole cluster in ADM and add it again.

    [ NSADM-61445 ]

Orchestration

  • Feature: Orchestration
    When you create a member on OpenStack Lbaas using ADM orchestration, the member creation fails on OpenStack intermittently. This issue happens when a proxy request from ADM to orchestration services times out after 30 seconds.

    With this fix, the request timeout for orchestration APIs has increased to 120 seconds.

    [ NSHELP-21490 ]
  • Feature: Orchestration
    If you are using OpenStack Queens for LBaas workflow, the Load Balancing virtual server is not bound to Content Switching virtual server. This issue impacts the traffic.

    1. Create a pool with Load Balancing virtual server.
    2. Create a listener with the pool ID.
    If you already have a listener, update the listener with the pool ID.

    [ NSADM-36631 ]

What's New