Product Documentation

Configure on-prem agents for multisite deployment

In the earlier versions of NetScaler MAS, NetScaler instances deployed in remote data center(s) could be managed and monitored from NetScaler MAS running in a primary data center. NetScaler instances sent data directly to the primary NetScaler MAS that resulted in consumption of WAN (Wide Area Network) bandwidth. Additionally, processing of analytics data utilizes CPU and memory resources of primary NetScaler MAS.

Customers have their data centers located across the globe. Agents play a vital role in following scenarios where the customers can choose:

  • to install agents in remote data centers so that there is reduction in WAN bandwidth consumption.

  • to limit the number of instances directly sending traffic to primary NetScaler MAS for data processing.

Note

Installing agents for instances in remote data center is recommended but not mandatory. If required, users can directly add NetScaler instances to primary NetScaler MAS.

In NetScaler MAS 12.1, instances can be configured with agents to communicate with the primary NetScaler MAS located in a different data center.

Note

On-prem agents for multisite deployment is supported only with NetScaler MAS high availability deployment.

Agents work as an intermediary between the primary NetScaler MAS and the discovered instances across different data centers. Following are the benefits of installing agents:

  • The instances are configured to agents so that the unprocessed data is sent directly to agents instead of primary NetScaler MAS. Agents do the first level of data processing and send the processed data in compressed format to the primary NetScaler MAS for storage.

  • Agents and instances are co-located in the same data center so that the data processing is faster.

  • Clustering the agents provides redistribution of NetScaler instances on agent failover. When one agent in a site fails, traffic from NetScaler instances is switched to another available agent in the same site.

Note

The number of agents to be installed per site depends on the traffic being processed. Currently, Citrix has validated two agents per site for agent failover scenario. Citrix recommends that you install at least two agents per site, so that the traffic flows to another agent in case of an agent failover.

Architecture

The following figure shows NetScaler instances in two data centers and NetScaler MAS high availability deployment using multisite agent-based architecture.

localized image

The primary site has the NetScaler MAS nodes deployed in a high availability configuration. The NetScaler instances in the primary site are directly registered with the NetScaler MAS.

In the secondary site, agents are deployed and registered with the NetScaler MAS server in the primary site. These agents work in a cluster to handle continuous flow of traffic in case an agent failover occurs. The NetScaler instances in the secondary site are registered with the primary NetScaler MAS server through agents located within that site. The instances send data directly to agents instead of primary NetScaler MAS. The agents process the data received from the instances and send it to the primary NetScaler MAS in a compressed format. Agents communicate with the NetScaler MAS server over a secure channel and the data sent over the channel is compressed for bandwidth efficiency.

Getting started

  • Install the agent in a data center

    • Registering the agent

    • Adding the agent

  • Adding NetScaler instances

    • Adding new instance

    • Updating an existing instance

Installing the agent in a data center

You can install and configure the agent, to enable communication between the primary NetScaler MAS and the managed NetScaler instances in another data center.

You can install an agent on the following hypervisors in your enterprise data center:

  • Citrix XenServer

  • VMware ESXi

  • Microsoft Hyper-V

  • Linux KVM Server

Note

On-prem agents for multisite deployment is supported only with NetScaler MAS high availability deployment.

Before you begin installing the agent, ensure you have the required virtual computing resources that the hypervisor must provide for each agent.

Component Requirement
RAM 8 GB
  Note: Citrix recommends that you increase the default value to 32 GB for better performance.
Virtual CPU 2 CPUs
  Note: Citrix recommends that you increase the default value to 8 CPUs for better performance.
Storage space 30 GB
Virtual Network Interfaces 1
Throughput 1 Gbps

Ports

For communication purposes, the following ports must be open between the agent and NetScaler MAS on-prem server.

Type Port Details
TCP 8443, 7443, 443  For outbound and inbound communication between agent and the NetScaler MAS on-prem server.

The following ports must be open between the agent and NetScaler Instances.

Type Port Details        
TCP 80 For NITRO communication between agent and NetScaler or NetScaler SD-WAN instance.        
TCP 22 For SSH communication between agent and NetScaler or NetScaler SD-WAN instance. For synchronization between NetScaler MAS servers deployed in high availability mode.        
UDP 4739 For AppFlow communication between agent and NetScaler or NetScaler SD-WAN instance.        
ICMP No reserved port To detect network reachability between NetScaler MAS and NetScaler instances, SD WAN instances, or the secondary NetScaler MAS server deployed in high availability mode.   SNMP 161, 162 To receive SNMP events from NetScaler instance to agent.
Syslog 514 To receive syslog messages from NetScaler or NetScaler SD-WAN instance to agent.        
TCP 5557 For logstream communication between agent and NetScaler instances.         

Registering the agent

  1. Use the agent image file downloaded from the Citrix download site and import it in to your hypervisor. The naming pattern of the agent image file is as follows, MASAGENT-<HYPERVISOR>-<Version.no>. For example: MASAGENT-XEN-12.1-xy.xva

  2. From the Console tab, configure NetScaler MAS with the initial network configurations as displayed in the following image.

    localized image

  3. Enter the NetScaler MAS host name, IPv4 address, and gateway IPv4 address. Select option 7 to save and quit the configuration.

  4. To register the agent, enter /mps/register_agent_onprem.py. The NetScaler MAS agent registration credentials are displayed as shown in the following image.

  5. Enter the NetScaler MAS floating IP address and the user credentials.

    localized image

After the registration is successful, the agent restarts to complete the installation process.

After the agent restarts, access the NetScaler MAS GUI, from the main menu go to Networks > Agents page to verify the status of the agent. The newly added agent is displayed in Up state.

localized image

Note

The NetScaler MAS displays the version of the agent and also checks if the agent is on the latest version. The download icon signifies that the agent is not on the latest version and needs to be upgraded. Citrix recommends that you upgrade the agent version to the NetScaler MAS version.

Adding agent to site

  1. Select the agent and click Attach Site.

  2. In the Attach site page, select a site from the list or create a new site using the plus (+) button.

  3. Click Save.

Note

  • By default, all newly registered agents are added to the default datacenter.
  • It is important to associate the agent with the correct site. In the event of an agent failure, the NetScaler instances assigned to it are automatically switched to other functioning agents in the same site.

localized image

Adding NetScaler instances

Instances are Citrix appliances or virtual appliances that you want to discover, manage, and monitor from NetScaler MAS through agents. You can add the following Citrix appliances and virtual appliances to NetScaler MAS or agents:

  • NetScaler MPX

  • NetScaler VPX

  • NetScaler SDX

  • NetScaler CPX

  • NetScaler Gateway

  • NetScaler Secure Web Gateway

  • NetScaler SD-WAN WO

Adding a new instance

  1. Navigate to Networks > Instances and select the instance type. For example, NetScaler ADC.

  2. Click Add to add a new instance.

    localized image

  3. Check Enter Device IP Address and enter the IP address.

  4. From Profile Name, select the appropriate instance profile, or create a new profile by clicking the + icon.

    Note: For each instance type, a default profile is available. For example, the ns-root-profile is the default profile for NetScaler instances.

  5. Select the Site with which you want to associate the instance.

    Note

    Based on the site selected, the list of agents  associated to that site is displayed. Ensure you select the Site with which you want to associate the instance.

    localized image

  6. Click to select the agent. From Agent page, Select the agent with which you want to associate the instance and then click OK.

    localized image

Updating an existing instance to attach it to an agent

If an instance is already added to primary NetScaler MAS, you can attach it to an agent by editing the adding instances workflow and selecting an agent.

  1. Navigate to Networks > Instances and select the instance type. For example, NetScaler ADC.

  2. Click Edit button to edit an existing instance.

  3. Click to select the agent.

  4. From Agent page, select the agent with which you want to associate the instance and then click OK.

Note: Ensure you select the Site with which you want to associate the instance.

Accessing the GUI of an instance to validate events

After the instances are added and agent is configured, access the GUI of an instance to check if the trap destination are configured.

In NetScaler MAS, navigate to Networks > Instances. Under Instances, select the type of instance you want to access (for example, NetScaler VPX), and then click the IP address of a specific instance.

localized image

The GUI of the selected instance appears in a pop-up window.

By default, the agent is configured as the trap destination on the instance. To confirm, log in to the GUI of the instance and check the trap destinations.

Important

Adding an agent for NetScaler instances in remote datacenters is recommended but not mandatory.

In case you want to add the instance directly to the primary MAS, do not select an agent while adding instances.

Clustering the agent

The term Agent cluster refers to a mechanism wherein agents attached to a site are logically grouped, so that if one of the agents fails, the NetScaler devices sending traffic to it are automatically reconfigured to start sending traffic to the other healthy agent(s) in that group or site.

The advantage of having agents clustered in a remote site is that if one agent fails, it is detected by NetScaler MAS and implicitly all the instances are redistributed to other available agents in that cluster.

For example, we have two agents 10.106.1xx.2x and 10.106.1xx.7x that are attached and operational in the Bangalore site as shown below.

localized image

If one agent goes down, NetScaler MAS will detect it and displays the state as down.

The instances attached to that agent are automatically reconfigured to use the other agent from the same cluster for trap destination, syslog server, and so on.

Note: There will be some delay while reconfiguring the instances.

Configure on-prem agents for multisite deployment