Product Documentation

Architecture and Communication Process

Dec 15, 2016

The NetScaler MAS datasbase is integrated with the server, and the server manages all the key processes, such as data collection, NITRO calls. In its data store, the server stores an inventory of instance details, such as host name, software version, running and saved configuration, certificate details, entities configured on the instance, and so on. A single server deployment is suitable if you want to process small amounts of traffic or store data for a limited time.

Currently, NetScaler MAS supports two types of NetScaler MAS server deployments: single server and high availability. 

This document includes the following information:

NetScaler MAS Architecture

The following image shows the different subsystems within NetScaler MAS and how communication happens between the NetScaler MAS server and managed instances. 

localized image

The Service subsystem in NetScaler MAS acts as a web server that handles HTTP(s) requests and responses that are sent to subsytems within NetScaler MAS from the GUI or API, using ports 80 and 443. These requests are sent to the subsystems over the message bus (Message Processing System) by using the IPC (Inter-process Communication) mechanism. A request is sent to the Control subsystem, which either processes the information or sends it to the appropriate subsystem. Each of the other subsystems—Inventory, Stylebooks, Data Collector, Configuration, AppFlow Decoder, AppFlow Analytics, Performance, Events, Entities, SLA Manager, Provisioner, and Journal—has a specific role.

Instance plug-ins are shared libraries that are unique to each instance type supported by NetScaler MAS. Information is transferred between NetScaler MAS and managed instances by using NITRO calls, or through the SNMP, Secure Shell (SSH), or Secure Copy (SCP) protocol. This information is then processed and stored in the internal database (Data Store). 

How NetScaler MAS Communicates with Managed Instances

NetScaler MAS polls managed instances to collect information. The following list describes the various kinds of polling that occur between NetScaler MAS and managed instances, the protocols used to collect this information, and whether the polling intervals can be configured on the NetScaler MAS server. 

  • Instance Polling. By default, every minute, NetScaler MAS polls managed NetScaler instances to collect statistical information such as state, HTTP requests per second, CPU usage, memory usage, and throughput. This data collection uses NITRO calls. An instance is pinged if the NITRO call fails. This polling interval is not configurable.
  • Inventory Polling. Every 30 minutes, inventory such as build version, system information, licensed features, and modes is collected from managed instances and updated in the NetScaler MAS database. This communication between NetScaler MAS and managed instances uses NITRO calls (nsconfig, version, route, stat, nsversion, nsnode and so on) and the Secure Shell (SSH) protocol. You can also rediscover instances if you want to collect inventory on a need basis. This polling interval is not configurable.
  • Performance Data Collection. By default, every 5 minutes, performance data collection for network reporting is done by using NITRO calls. This retrieves instance statistics such as counter information and aggregates them on the basis of per minute, per hour, per day, or per week. You can view this aggregated data in pre- defined reports. This polling interval is not configurable.
  • Instance Backup Polling. Every 12 hours, NetScaler MAS backs up the current state of your managed NetScaler instances. This backup is done by using NITRO calls, Secure Shell (SSH) and Secure Copy (SCP) protocols. You can configure this polling interval by navigating to System > System Administration > Policy Administration > Instance Backup Settings.
  • Configuration Audits Polling. Every 10 hours, auditing is performed to look for configuration changes that occur on NetScaler instances (for example, running vs. saved configuration). This enables you to see the difference between various revisions of NetScaler configuration files (ns.conf) and across various NetScaler version changes. NetScaler MAS collects configuration audits by using the Secure Shell (SSH) and Secure Copy (SCP) protocols. Running and saved configuration for auditing can be collected on demand by using NITRO calls. You can configure this polling interval for configuration audits by navigating to Infrastructure > Configuration Audit and clicking on the graph representing the NetScaler Configuration status. On the Audit Reports page, in the Action drop-down list, select Configure Polling Interval



localized image
  • SSL Certificates Polling. Every 24 hours, NetScaler MAS polls SSL certificates by using NITRO calls and the Secure Copy (SCP) protocol. You can configure this polling interval for SSL certificates by navigating to  
    Infrastructure > SSL Dashboard and clicking on the graph representing NetScaler SSL certificates. On the SSL Certificates page, in the Action drop-down list, click Configure Polling Interval.
localized image
  • Entity Polling. Every 30 minutes, entities are polled by NetScaler MAS by using NITRO calls. An entity is either a policy, virtual server, service, or action attached to a NetScaler instance. While this poling interval is configurable, you cannot set it to less than 10 minutes. To configure it, navigate to Applications > Dashboard > Settings > Configure Polling Interval for Entities. You can also poll the entities configuration when required by navigating to Applications > Dashboard > Load Balancing, select the appropriate entities, and click Poll Now
localized image
  • Analytics. By default, every minute, the decoder collects and decodes the data received from all managed NetScaler instances and writes it to the internal database. This polling interval is not configurable.

In addition to polling, events generated by managed NetScaler instances are received by NetScaler MAS through SNMP traps sent the instances. For example, an event is generated when there is a system failure or change in configuration.

During instance backup, SSL files, CA certificate files, NetScaler templates, database information, and so on are downloaded to NetScaler MAS. During a configuration audit, ns.conf files are downloaded and stored in the file system. All information collected from managed NetScaler instances are stored internally within the database. 

How NetScaler MAS Discovers Instances

When you add an instance to NetScaler MAS, it implicitly adds itself as a trap destination for the instance and collects inventory of the instance. 

The following diagram describes how NetScaler MAS implicitly discovers and adds instances.

localized image

As shown in the diagram, the following steps are performed implicitly by NetScaler MAS.

1)  NetScaler MAS sends an Internet Control Message Protocol (ICMP) ping to locate the instance. Then, it uses the instance profile details to log on to the instance. Using a NetScaler NITRO call, NetScaler MAS retrieves the license information of the instance. On the basis of the licensing information received, it determines whether the instance is a NetScaler instance and the type of NetScaler platform (for example, NetScaler MPX, NetScaler VPX, NetScaler SDX, or NetScaler Gateway). On succesful detection of the NetScaler instance, it is added to the NetScaler MAS internal database.

For NetScaler SD-WAN instances, NetScaler MAS does not detect the instance by using licensing information. Instead, after locating the instance by using ICMP ping, it sends a NITRO request to the instance to check for the instance type and version.

This step might fail if the instance profile does not include the correct credentials. For NetScaler MPX, VPX, SDX, and NetScaler Gateway instances, this step might also fail if the licenses are not applied to the instance.

2)  NetScaler MAS adds its IP address to the list of trap destinations on the instance.This allows NetScaler MAS to receive traps generated on the NetScaler instance.

This step might fail if the number of trap destinations on the instance exceeds the maximum limit of trap destinations. The maximum limit on NetScaler instances is 20.

For SD-WAN instances, NetScaler MAS adds its IP address as the SNMP manager on the instance.

3)  NetScaler MAS collects inventory from the instance by sending a NITRO request. It collects instance details such as host name, software version, running and saved configuration, certificate details, entities configured on the instance, and so on.

This step might fail because of network or firewall issues.

For more information about adding instances, see Adding an Instance to NetScaler MAS.