OpenStack: Integrating Citrix ADC instances

The Cloud Orchestration feature of Citrix Application Delivery Management (ADM) enables integration of Citrix Citrix ADC products with OpenStack platform. By using this feature with OpenStack platform, the OpenStack users are able to avail the load balancing feature (LBaaS) of the Citrix ADC. After this, the OpenStack users can deploy their load balancer configurations from OpenStack in Citrix ADC instance.

The following sections provide a brief description of the features in Citrix ADM and OpenStack integration workflow.

Citrix ADC Driver for OpenStack Neutron LBaaS

OpenStack Neutron LBaaS plugin includes a Citrix ADC driver that enables OpenStack to communicate with the Citrix ADM. OpenStack uses this driver to forward any load balancing configuration done through LBaaS APIs, to the Citrix ADM, which creates the load balancer configuration on the desired Citrix ADC instances. OpenStack also uses the driver to call Citrix ADM at regular intervals to retrieve the status of different entities (such as VIPs and Pools) of all load balancing configurations from the Citrix ADCs. Citrix ADC driver software for OpenStack platform is bundled along with the Citrix ADM. To download and install the drivers, you have to first install Citrix ADM and launch the application.

Registering Citrix ADM and OpenStack with each other

You have to first register OpenStack information on the Citrix ADM. Specify the OpenStack controller IP address and cloud administrative user credentials, and also the OpenStack Citrix ADC driver user credentials. You can later specify the same login credentials in the Citrix ADC_driver section of the Neutron configuration file (neutron.conf ) so that Citrix ADC driver in OpenStack can connect to Citrix ADM during LB configurations.

After OpenStack and Citrix ADM are registered with each other, both can talk to each other. Also, OpenStack users can use their existing credentials in OpenStack to log on to the Citrix ADM user interface to check how their LB configurations are performing in Citrix ADCs.

Tenants in OpenStack

In OpenStack a tenant is also called a project. A tenant is a group of users; a tenant or a project can also be defined as a set of resources (compute, network, storage, and so on) assigned to an isolated group of users.

Placement policies

Placement policies provide the flexibility to decide on the Citrix ADC instance that is used in each load balancer configuration created by users. Alternatively, the Citrix ADM also provides an option to assign a Citrix ADC instance based on OpenStack tenants.

Service packages

Service packages are bundles that tie together policies/SLAs, devices or auto-provision configuration specifications, and tenants/placement-policies. A service package is usually defined in terms of the isolation policies that are provided to the tenant.

The following are some points related to service packages:

  • A tenant cannot be part of more than one service package.

  • Multiple tenants can be associated with the same service package.

  • In a service package that is set for auto-provisioning, virtual Citrix ADC instances can be created from only one platform type (on SDX platform or on OpenStack Compute platform).

Features Supported on LBaaS V1 and LBaaS V2

While LBaaS V1 driver in OpenStack supports operations from OpenStack Horizon user interface, LBaaS V2 driver supports only command line operations.

The following list shows the features supported on both LBaaS V1 and LBaaS V2 on OpenStack:

  • LBaaS V1

    • Load Balancing
  • LBaaS V2

    • Load Balancing

    • SSL Offload with certificates managed by Barbican, the Key Manager in OpenStack

    • Certificate Bundles (includes intermediary Certification Authorities)

    • SNI support

This document provides information about:

Use Case Scenario

The following use-case scenario explains the workflow of intergrating Citrix ADM with the OpenStack platform:

An enterprise, Example-Cloud-Provider, has used OpenStack components to set up a cloud to provide infrastructure to its tenants. Steve is the administrator of this cloud provider, while Tom is a tenant of the Example-Cloud-Provider’s cloud infrastructure. Tom’s organization, Example-SportsOnline.com, requires two servers S1 and S1, and Tom also requires a dedicated Citrix ADC device to load balance the traffic between servers S1 and S2 on OpenStack platform.

To meet this requirement, Steve has to install and configure both OpenStack and Citrix ADM, and prepare them to work with each other. Steve has to create a tenant account named Example-SportsOnline in OpenStack, and then allocate resources to the tenant account. Steve also has to create different log-on credentials (users) for Example-SportsOnline for managing its resources and configuration. Tom can now create the two servers S1 and S2 on OpenStack to manage the traffic in his organization.  

Steve has to register OpenStack details with Citrix ADM, and configure the Citrix ADC LBaaS driver in OpenStack networking component, Neutron. After the registration is complete, Citrix ADM displays the details of all tenants from the OpenStack. Steve can select Example-SportsOnline from the list who wants the Citrix ADC LBaaS features and configure Tom to get a dedicated Citrix ADC allotted for his load balancer configurations in Citrix ADM.

For this, Steve can either provision a Citrix ADC VPX instance on the computing layer (Nova) of OpenStack using Citrix ADM user interface or enable MAS to auto-provision a Citrix ADC VPX instance on demand, when Tom does his LB configuration in OpenStack. In either case, Citrix ADM manages the VPX instance. For achieving this, Steve creates a service package in Citrix ADM, and defines the conditions in the service package that were agreed in the SLA with Tom. For example, Steve selects the ‘dedicated’ isolation policy to provide a dedicated instance for providing load balancer configurations to Tom. That is, Steve selects a non-shared instance for Tom in the service package. He then assigns many Citrix ADC VPX instances to the service package, and associates Example-SportsOnline, along with other tenants, who require a dedicated Citrix ADC with the service package. As a result, when Tom performs his first load balancer configuration, Citrix ADM allots one of the Citrix ADC VPX instances in the service package to Example-SportsOnline and also deploys his configuration in that Citrix ADC.

Tom can now create load balancing configurations, by creating pools, virtual IPs (VIP), and health monitors using OpenStack LBaaS/UI. Pools and the VIPs in OpenStack get deployed as service groups and virtual servers on the Citrix ADC instance. Tom can also create health monitors to monitor the servers, and send application traffic to only those servers which are UP at any point of time and reachable from Citrix ADC.

The load balancing configuration created in OpenStack is now implemented on the Citrix ADC instance. Once fully configured, the Citrix ADC VPX instance then takes over the load balancing functionality and starts accepting application traffic and load balances the traffic between the servers S1 and S2 created by Tom.  

Citrix ADM Integration with OpenStack Workflow

The following flowchart depicts the workflow that you need to follow when you are configuring LBaaS V1 and LBaaS V2.

localized image