- This release notes document does not include security related fixes. For a list of security related fixes and advisories, see the Citrix security bulletin.
- When you upgrade the ADM software to image version 13.0 67.xx, your ADM database is also migrated. For more information, see NSADM-40196 in this release notes.
- Build 67.42 replaces Build 67.39
View network reporting data by applying aggregation filters
You can now apply aggregation to the network performance data and view application performance on the dashboard. You can also export the results based on your requirement. Using these aggregations applied to the data, you can analyze and ensure all resources are utilized optimally. Navigate to Network > Network Reporting and select the time duration 1 day or later to get the View By option.
In the existing average data, you can apply aggregations by selecting the option from the View By list. When you apply aggregation, the data is updated for each metric in the dashboard. Click Settings and select Aggregation Filters.[ NSADM-56494 ]
In Gateway Insight, you can now view a search bar that enables you to filter results based on the user name. Navigate to Analytics > Gateway Insight > Users to view the search bar for Users and Active Users. Place the mouse pointer on the search bar, select User Name, and type a user name to filter results.[ NSADM-55506 ]
Geo map support for Gateway Insight
In Gateway Insight, you can now visualize a geo map view that displays the users information based on the users geographical location. As an administrator, this geo map enables you to view the summary of total users, total apps, and total sessions for a specific location.
1. Navigate to Analytics > Gateway Insight to view the geo map
2. Click a country. For example, United States
The geo map displays the details such as users list, active sessions, terminated sessions, applications for the selected country.
You can also visualize a geo map for gateways that enables you to filter users based on a particular location.
1. Navigate to Analytics > Gateway Insight > Gateways
2. Select a gateway domain name to view the geo map
3. Click a country. For example, United States
The geo map displays the details such as users list, active sessions, terminated sessions, applications for the selected country.[ NSADM-55504 ]
Service mesh topology support in service graph
You can now view service graph for the Kubernetes applications deployed using the service mesh architecture. For more information, see https://developer-docs.citrix.com/projects/citrix-istio-adaptor/en/latest/istio-integration/architecture/[ NSADM-52964 ]
Security Insight - JSON Command Injection
In Security Insight, you can now view a new violation type, JSON Command Injection. To generate the JSON Command Injection violation in Security Insight, you must configure the following command in Citrix ADC instance:
add appfw profile abc_js -type JSON -startURLaction none -starturlclosure off -jsoncmdinjectionaction block log stats -jsoncmdinjectiontype cmdkeyword
After you configure, you can view the JSON Command Injection attack in Security Insight.[ NSADM-52869 ]
Improvements to Web Insight
You can now view an improved Web Insight feature that provides visibility into detailed metrics for web applications, clients, and Citrix ADC instances. This improved Web Insight enables you to evaluate and visualize the complete application from the perspectives of performance and usage together. As an administrator, you can view Web Insight for:
- An application. Navigate to Applications > Dashboard, click an application, and select Web Insight tab to view the detailed metrics. For more information, see https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/application-analytics-and-management/web-insight-data.html
- All applications. Navigate to Applications > Web Insight and click each tab (Applications, Clients, Instances) to view the metrics.
This single pane visualization also enables you to drill down further to view details. For more information, see https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/application-analytics-and-management/web-insight.html[ NSADM-52232 ]
Improvements to Global Service Graph
In Global Service Graph, you can now use the search bar to filter results. As an administrator, this search bar enables you to narrow-down quickly to a particular instance/client/application/data center, when you have:
- A large enterprise with many data centers
- Configured many Citrix ADC instances for each data center
- Configured many applications deployed or accessed through each Citrix ADC instance
- Clients accessing the application from different locations
Place the mouse pointer on the search bar and select the category that you want to create the filter.[ NSADM-52149 ]
Network Denial of Service (DoS) - Segment Smack Attack detection and visualization
In App Security Violations, you can now view the Segment Smack Attack as part of the network violations in App Security Violations. For more information, see https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/analytics/security/network-violations.html[ NSADM-46025 ]
Network Denial of Service (DoS) - Small Window Attack detection and visualization
In App Security Violations, you can now view Small Window Attack under the Network violation category. For more information, see https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/analytics/security/network-violations.html[ NSADM-46023 ]
Network Denial of Service (DoS): SYN Flood Attack detection and visualization
In App Security Violations, you can now view SYN Flood attack under the Network violation category. For more information, see https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/analytics/security/network-violations.html[ NSADM-46021 ]
Management and Monitoring
Support for In-Service-Software-Upgrade
You can now select the In-Service-Software-Upgrade (ISSU) option while creating an upgrade job. ISSU ensures the zero downtime upgrade on an ADC high-availability pair. The ISSU feature provides a migration functionality that honors the existing connections during upgrade. So, you can upgrade an ADC HA pair without downtime. For more information, see https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/networks/configuration-jobs/how-to-upgrade-netscaler-instances.html[ NSADM-43357 ]
Deploy Citrix ADM agent as a microservice
You can now install a Citrix ADM agent as a microservice in your Kubernetes cluster. Using agent as an intermediary between the Citrix ADM software and the discovered instances has many benefits such as faster data processing and lesser bandwidth consumption. For more information, see https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/deploy/install-agent-as-microservice.html[ NSADM-51372 ]
Improvements to StyleBook built-in functions
When creating StyleBook definitions, now you use the following built-in functions with their improved capabilities:
[ NSADM-56972 ]
- replace() Replaces the characters or strings specified in the list. Earlier, you were not able to provide a list input to this function.
- ip() - Accepts an integer value and converts that into an equivalent IP address. It also supports IP address addition and subtraction.
- int() - Accepts an IPv4 address and returns its equivalent integer value.
The following new StyleBooks built-in functions are added:
- distinct() - Extracts the unique items from an input list.
- split() - Splits an input string into lists.
User authorization improvements to StyleBooks and configuration packs
As an administrator, you can authorize specific Stylebooks and configuration packs to a user in the Account > User Administration > Groups page. The StyleBooks and Configpacks sections are now enhanced with the following changes:
StyleBooks A custom filter query now supports both And and Or operation to search StyleBooks.
name=lb-mon|lb AND namespace=com.citrix.adc.stylebooks AND version=1.0
This query lists the StyleBooks that meet the following conditions:
- StyleBook name is either lb-mon or lb.
- StyleBook namespace is com.citrix.adc.stylebooks.
- StyleBook version is 1.0.
Configuration packs You can authorize the configurations that belong to the selected StyleBooks. To do so, select All configurations of the selected StyleBooks in the Configpacks section.[ NSADM-52334 ]
Display radio buttons during the configuration pack creation
When you author a StyleBook definition, you can now set the layout attribute to radio in the parameter section of a StyleBook definition. This attribute is newly added as a gui sub-attribute. It applies to the parameter that has the allowed-values attribute. So, when a user creates a configuration pack, the values in the allowed-values list appear as radio buttons. For more information, see https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/stylebooks/stylebooks-grammar/parameters-section.html[ NSADM-52333 ]
Include icons in the StyleBooks bundle
When you import StyleBooks as a bundle, you can now include icons to each StyleBook. Ensure to have the resources folder that contains icons in the PNG, GIF, or JPEG formats. If the icon file name matches the StyleBook name, the icons are automatically mapped to the StyleBooks. Otherwise, do the following:
1. Add the icon_mapping.json file in the resources folder.
2. Map StyleBooks and icons in the icon_mapping.json file as follows:
<StyleBook file name> : <icon file name>
If you specify the defaulticon entry, the StyleBooks are mapped to the default icon unless they are mapped to a different icon.
defaulticon: <icon file name>
In Application > StyleBooks, the imported StyleBooks appear with the mapped icons. For more information, see https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/stylebooks/how-to-create-custom-stylebooks/how-to-use-custom-stylebooks.html[ NSADM-52330 ]
Service graph for Kubernetes application View app details in App dashboard
In service graph, when you click a service and select View in App Dashboard, the details for the selected app is displayed in the App dashboard.[ NSADM-56583 ]
Service Graph - View client metrics for troubleshooting issues
In Service Graph, you can now view from which location the client is accessing the service. As an administrator, you can visualize the client metrics and analyze the issues that occur from the client.[ NSADM-54335 ]
Improvements to the Pooled Capacity page
The Pooled Capacity page is now improved with the following GUI changes:
Unmanaged instances - A new tab added in this page. It displays the instances that are discovered but not managed in Citrix ADM. Earlier, these instances were listed in the Dashboard tab with the Not Managed license status.
License Status - In this column, the following statuses are removed:
- Not Managed
- Sync in progress
The Allocation Details column is now removed from the instances list.
License Server Usage - A new indicator added to the usage chart. It displays the pooled capacity consumption of the license server.[ NSADM-52770 ]
Improvements to App Dashboard
In App Dashboard, you can now view the following enhancements.
a. In the Manage Applications page:
- You can view the total service groups and the service groups status that are Up, Down, or Out of Status
- You can place the mouse pointer on the search bar and select the category to refine the search
b. In the App Dashboard page, the scroll bar is replaced with a carousel slider that enables you an ease of access to all options.[ NSADM-52759 ]
New threshold types for critical system resources
Now you configure the following five new score threshold types for critical system resources:
- PE CPU Limit
- PPS Limit
- Throughput Limit
- SSL Throughput Limit
- SSL TPS Limit
With these threshold types, you have greater control over the thresholds for the ADC instances, using which the instance score is calculated. You can also configure notifications for the score threshold breaches.[ NSADM-47453 ]
Database migration with ADM image upgrade
When you upgrade the ADM software to image version 13.0 67.xx, your ADM database is also migrated. This data migration happens because ADM now uses PostgreSQL version 10.11.
If the version you are upgrading from is previous to 13.0 61.xx, Citrix recommends you first upgrade to 13.0 61.xx and then to 13.0 67.xx, for better user experience. The upgrade process might take time due to database upgrade. For details, see the Upgrade topic: https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/upgrade.html[ NSADM-40196 ]
New search capability for Event Messages
In Networks > Events > Event Messages, now you can use logical operators such as AND/OR to search. You can also filter data using custom time periods. Also, the events summary panel provides a count of each event category and severity.[ NSADM-39942 ]
When you upgrade Citrix ADM to 13.0 67.39, the Web Insight data migration is stopped.[ NSHELP-25259 ]
Citrix ADM generates high CPU events periodically.[ NSHELP-25146 ]
Sometimes, the key metrics do not appearin the Applications > Dashboard page.[ NSHELP-24728 ]
ADM checks if metrics collector is enabled on ADC instance at regular intervals. If metrics collector is not enabled, ADM enables it. If some reason, metrics collector configuration fails, then ADM keeps trying to enable and causes unnecessary NITRO calls to ADC instance.
With this fix, ADM tries to enable the metrics collector for only once.[ NSHELP-24573 ]
When ADM receives high traffic from the ADC instances, ADM CPU consumption increases to 25 percent.[ NSHELP-24534 ]
When ADM is integrated with Desktop Director, and very high number of users from Desktop Director is accessing HDX Insight report, users experience a slowness in report accessibility.
As part of the fix, several improvements have been made to provide the HDX Insight report faster.[ NSHELP-24319 ]
Web Insight reports are not available for users, who do not have full admin rights.[ NSHELP-24226 ]
The App dashboard does not display application analytics because the virtual server license information is unavailable during metrics processing.[ NSADM-61800 ]
In lstreamd.conf, NGS, SWG, VPN, and ICA must be set to none by default, to avoid high memory and CPU consumption.[ NSADM-61408 ]
In a Citrix ADM HA pair, after upgrading from 13.0 47.22 to 13.0 52.24, when the failover occurs, ADM uses primary node IP address for the AppFlow collector instead of floating IP address.[ NSHELP-23027 ]
Database streaming between the ADM HA nodes breaks when SSL certificate expires, and the join_streaming_replication.sh" command does not restore the streaming.
1. "cat /var/mps/db_pgsql/data/pg_hba.conf" on the ADM primary node to verify if the following entries are present.
hostssl replication masrepuser <ADM Primary IP address>/32 cert clientcert=1
hostssl replication masrepuser <ADM Secondary IP address>/32 cert clientcert=1
2. If any of these entries are missing, Add those missing entries to /var/mps/db_pgsql/data/pg_hba.confand run "su -l mpspostgres /mps/scripts/pgsql/reloadpgsql.sh" .
3. Verify the SSL certificate is expired or is valid < 30 days. You can validate the certificate expiry date using:
openssl x509 -enddate -noout -in /var/mps/pg_certs/client/masrepuser/pg_masrepuser.crt
If the certificate has already expired, log on to Citrix ADM primary node using an SSH client and perform the following steps:
1. printf "[ req ] \n distinguished_name = req_distinguished_name \n prompt = no \n\n [ req_distinguished_name ] \n C = US \n ST = California \n L = San Jose \n O = Citrix ADC SDX \n OU = Internal \n CN = masrepuser \n" > /var/mps/pg_certs/client/masrepuser/pg_masrepuser_csr.config ;
2. openssl genrsa -out /var/mps/pg_certs/client/masrepuser/pg_masrepuser.key 2048 ;
3. openssl req -days 1000000 -new -key /var/mps/pg_certs/client/masrepuser/pg_masrepuser.key -out /var/mps/pg_certs/client/masrepuser/pg_masrepuser.csr -config /var/mps/pg_certs/client/masrepuser/pg_masrepuser_csr.config ;
4. openssl x509 -req -days 1000000 -in /var/mps/pg_certs/client/masrepuser/pg_masrepuser.csr -CA /var/mps/pg_certs/server/root.crt -CAkey /var/mps/pg_certs/server/pg_server.key -out /var/mps/pg_certs/client/masrepuser/pg_masrepuser.crt -CAcreateserial ;
5. rm /var/mps/pg_certs/client/masrepuser/pg_masrepuser.csr;
6. rm /var/mps/pg_certs/client/masrepuser/pg_masrepuser_csr.config;
7. cp -R /var/mps/pg_certs/client /var/mps/db_pgsql/data/;
8. chown -R mpspostgres:nobody /var/mps/db_pgsql/data/client;
9. chmod 700 /var/mps/db_pgsql/data/client;
10. chmod 600 /var/mps/db_pgsql/data/client/masrepuser/*key;
11. chmod 600 /var/mps/db_pgsql/data/client/pg_rewind/*key;
12. touch /var/mps/adm_upgrade_pg_generate_certs;
13. masd restart[ NSADM-61363 ]
Management and Monitoring
The backup (System > Backup) option is not visible to the user, even though the user has admin access.[ NSHELP-24972 ]
Perform the following:
1. Navigate to Networks > Network Functions > Load balancing
2. Select the ServiceGroup and click Bound Members
When you try to click the Enable/Disable/Poll Now option of the bound members, Citrix ADM GUI stops and the nitro fails with Not Authorized.[ NSHELP-24779 ]
When you upgrade Citrix ADM to13.0 61.48, the upgrade does not complete and still remains in the same ADM build.[ NSHELP-24745 ]
In some cases, ADM does not send email alerts for cleared events if the Repeat Email notification until the event is cleared option is selected.[ NSHELP-24585 ]
After the DR node has become the primary node, the roll back from DR node to original primary site is not working as expected.[ NSHELP-24529 ]
When you upgrade ADM to version 13.0 61.xx, association of peer servers with configured NTP servers in ADM is lost.
1. Delete the NTP server.
2. Add the NTP server[ NSHELP-24520 ]
When you attempt to increase the ADM secondary disk size, the process fails and "Swap partition cannot be deleted" error message appears.[ NSHELP-23878 ]
ADC pre-upgrade check for free flash space always passes even if the free space is low.[ NSADM-60092 ]
The configuration job fails to execute if it has an angle bracket (<) symbol in the configuration command.[ NSADM-53465 ]
Pooled license information for ADC cluster nodes is not displayed correctly in the ADM dashboard.[ NSHELP-24359 ]
When you upgrade to ADM software version 13.0 71.x from version 11.1 any build, ADC historical data fails to migrate.[ NSADM-62301 ]
After you upgrade ADM to 220.127.116.11, database synchronization between the ADM standalone server and the disaster recovery node fails.[ NSADM-60395 ]
When you import a private StyleBook with an icon, the ADM GUI does not display the icon for the imported StyleBook.[ NSADM-60506 ]
The "Error while adding tags" message appears when you do any of the following:
- Add tags to a StyleBook.
- Add tags to a configuration pack.
- Associate StyleBook tags to a configuration pack.[ NSADM-60298 ]
When you deploy ADM for the first time,theADMGUIfailstodisplay thedefaultStyleBooks.
Upgrade ADM to the same build version.
[ NSADM-58681 ]
After you upgrade to 13.0 61.48, ADM integration with Director might not display Network Analytics (HDX) and User sessions.[ NSHELP-24832 ]
In Networks > Instances, even if you enable the pooled licensing mode for the Citrix ADC MPX instance, it appears under the Not Licensed section.[ NSHELP-24509 ]
Citrix Director fails to integrate with Citrix ADM.[ NSADM-60878 ]
Management and Monitoring
The ADM GUI displays the removed cluster node if the following conditions are met:
- The cluster node is removed manually.
- The cluster is rediscovered in ADM.
Remove the whole cluster in ADM and add it again.[ NSADM-61445 ]
When you create a member on OpenStack Lbaas using ADM orchestration, the member creation fails on OpenStack intermittently. This issue happens when a proxy request from ADM to orchestration services times out after 30 seconds.
With this fix, the request timeout for orchestration APIs has increased to 120 seconds.[ NSHELP-21490 ]
If you are using OpenStack Queens for LBaas workflow, the Load Balancing virtual server is not bound to Content Switching virtual server. This issue impacts the traffic.
1. Create a pool with Load Balancing virtual server.
2. Create a listener with the pool ID.
If you already have a listener, update the listener with the pool ID.[ NSADM-36631 ]