- Release Notes
- How-to Articles
- About NetScaler MAS
- NetScaler MAS Licensing
- Getting Started with NetScaler MAS
- System Requirements
Deploying NetScaler MAS
- NetScaler MAS with Citrix XenServer
- NetScaler MAS with Microsoft Hyper-V
- NetScaler MAS with VMware ESXi
- NetScaler MAS with Linux KVM server
- Deploy NetScaler MAS in high availability mode
- Migrate a single-server deployment to a high availability deployment
- Migrate from NetScaler Insight Center to NetScaler MAS
- Migrate Command Center configurations to NetScaler MAS
- Integrate NetScaler MAS with Citrix XenDesktop Director
- Attach an additional disk to NetScaler MAS
- Setting up NetScaler MAS
- Upgrading NetScaler MAS
- Managing NetScaler SD-WAN instances
Managing and Monitoring HAProxy instances
- Adding HAProxy instances to NetScaler MAS
- HAProxy Applications in Application Dashboard
- Third-party licensing
- Role Based Access Control in NetScaler MAS for HAProxy Instances
- How to Use the NetScaler MAS Dashboard to Monitor an HAProxy Instance
- How to Display the Details of the Frontends Configured on HAProxy Instances
- How to Display the Details of the Backends Configured on HAProxy Instances
- How to Display the Details of the Servers Configured on HAProxy Instances
- How to Use the Application Dashboard to View the HAProxy Instances That Have the Highest Number of Frontends or Servers
- How to Restart an HAProxy Instance From NetScaler MAS
- How to Back Up and Restore an HAProxy Instance by Using NetScaler MAS
- How to Edit the HAProxy Configuration File by Using NetScaler MAS
Application Analytics and Management
- Application Performance Analytics
- Application Security Analytics
- How to create an application definition in NetScaler MAS
- How to Enable or Disable Entities in NetScaler MAS
- How to Disable Entities in NetScaler MAS
- How to View the Effective State of a Virtual Server on NetScaler MAS
- How to Search for Entities in NetScaler MAS
- StyleBook groups
- Use default StyleBooks
- How to Create Your Own StyleBooks
- How to Use User-Defined StyleBooks in NetScaler MAS
- Use API to create configurations from StyleBooks
- Retrieve private StyleBooks
- Enable analytics and configure alarms on a virtual server defined in a StyleBook
- Create a StyleBook to upload files
- Create a StyleBook to upload SSL certificate and certificate key files
- SSO Google Apps StyleBook
- Microsoft Skype for Business StyleBook
- Microsoft Exchange StyleBook
- Microsoft SharePoint StyleBook
- How to use the SSO Office 365 StyleBook
- Import StyleBooks
- Parameters-Default-Sources Construct
- Helper Components
- Optional Properties
- Properties-Default-Sources Construct
- Nested Components
- Condition Construct
- Repeat Construct
- Repeat-Condition Construct
- Nested Repeats
- Parameter Reference
- Parent Reference
- Components Reference
- Substitutions Reference
- Variable Reference
- In-place Interpolations
- Built-in Functions
- Dependency Detection
- How to Monitor Globally Distributed Sites
- How to Manage Admin Partitions of NetScaler Instances
- How to Add Instances to NetScaler MAS
- How to Back Up and Restore NetScaler Instances Using NetScaler MAS
- How to Configure Sites for Geomaps in NetScaler MAS
- How to Force a Failover to the Secondary NetScaler Instance by Using NetScaler MAS
- How to Force a Secondary NetScaler Instance to Stay Secondary by Using NetScaler MAS
- How to Create Instance Groups on NetScaler MAS
- How to Rediscover Multiple NetScaler VPX Instances
- How to Poll NetScaler Instances and Entities in NetScaler MAS
- How to Unmanage an Instance on NetScaler MAS
- How to Trace the Route to an Instance from NetScaler MAS
- How to Set Event Age for Events on NetScaler MAS
- How to Schedule an Event Filter by Using NetScaler MAS
- How to Set Repeated Email Notifications for Events from NetScaler MAS
- How to Suppress Events by Using NetScaler MAS
- How to Use the Events Dashboard to Monitor Events
- Creating Event Rules
- How to Modify the Reported Severity of Events that Occur on NetScaler Instances
- How to View Events Summary in NetScaler MAS
- How to Display Event Severities and SNMP Traps Details on NetScaler MAS
- Using NetScaler MAS to Export Syslog Messages
- How to Suppress Syslog Messages in NetScaler MAS
- How to Configure Prune Settings for Instance Events
NetScaler Certificate Management
- How to Set Up Notifications for SSL Certificate Expiry from NetScaler MAS
- How to Install SSL Certificates on a NetScaler Instance
- How to Update an Installed Certificate from NetScaler MAS
- How to Link and Unlink SSL Certificates by Using NetScaler MAS
- How to Create a Certificate Signing Request (CSR) using NetScaler MAS
- How to Configure an Enterprise Policy on NetScaler MAS
- How to Use the SSL Dashboard on NetScaler MAS
- How to Poll SSL Certificates from NetScaler Instances
- How to Create a Configuration Job on NetScaler MAS
- How to Use Record-and-Play to Create Configuration Jobs
- How to Use Configuration Jobs to Replicate Configuration from One Instance to Multiple Instances
- How to Use Variables in Configuration Jobs on NetScaler MAS
- How to Create Configuration Jobs from Corrective Commands on NetScaler MAS
- How to Use Configuration Templates to Create Audit Templates on NetScaler MAS
- How to Create Configuration Jobs for SD-WAN WO Instances in NetScaler MAS
- How to Use the Master Configuration Template on NetScaler MAS
- How to Replicate Running and Saved Configuration Commands from One NetScaler Instance to Another on NetScaler MAS
- How to Upgrade NetScaler SDX Instances by Using NetScaler MAS
- How to Schedule Jobs Created by Using Built-in Templates in NetScaler MAS
- How to Reschedule Jobs That Were Configured by Using Built-in Templates in NetScaler MAS
- How to Reuse Executed Configuration Jobs
- How to Upgrade NetScaler Instances
- How to Use SCP (put) Command in Configuration Jobs
- How to Reuse Configuration Audit Templates in Configuration Jobs
- Creating Maintenance Tasks
- How to Import and Export Configuration Templates
- Configuration Audit
- Network Functions
- Network Reporting
- License requirements
- Understanding Logstream
- Web Insight
- HDX Insight
- Gateway Insight
- Security Insight
- SSL Insight
- TCP Insight
- WAN Insight
- Viewing the Type of Videos Streamed and the Data Volume Consumed from your Network
- Viewing the Peak Data Rate for a Particular Time Frame
- Comparing the Optimized and Un-Optimized Number of Plays of ABR Videos
- Compare the Optimized and Unoptimized Play Time of ABR Videos
- Comparing Bandwidth Consumption of Optimized and Un-Optimized ABR Videos
- Comparing the Data Volume Used by Optimized and Unoptimized ABR Videos
- Viewing the Network Efficiency
- Secure Web Gateway Analytics
Integrating NetScaler MAS with OpenStack Platform
- Pre-configuration tasks in NetScaler MAS and OpenStack
- Configure LBaaS V1 using Horizon
- Configure LBaaS V2 using command line
- Configure layer 7 content switching
- Manual provisioning of NetScaler VPX instance on OpenStack
- Shared VLAN support for admin partitions
- Trial licensing workflow
- Integrate with OpenStack Heat services
- Service package isolation policies
- Flexible policy-based device allotment
- Integrating NetScaler MAS with NSX Manager by Manual Provisioning
- Integrating NetScaler MAS with NSX Manager by Auto-provisioning
- NetScaler automation using NetScaler MAS in Cisco ACI hybrid mode
- NetScaler device package in Cisco ACI's cloud orchestrator mode
- Use NetScaler MAS as an Ingress Controller for the Kubernetes Environment
Authentication and Access Control
- Role-based Access Control in NetScaler MAS
- Configuring Authentication in NetScaler MAS
- Multi-Tenancy - Provide Exclusive Management Environment to Your Tenants
Managing NetScaler MAS System Settings
- Configure system backup settings
- Configure a NTP Server
- Upgrade NetScaler MAS
- Configure syslog purging interval
- Configure system prune settings
- Enable shell access for non-default users
- Recover inaccessible NetScaler MAS servers
- Assign a host name to a NetScaler MAS server
- Back up and restore your NetScaler MAS server in a single-server deployment
- View auditing information
- Configure SSL settings
- Monitor CPU, memory, and disk usage
- Configure system notification settings
- Generate a tech support file
- Diagnose and troubleshoot NetScaler instances
- Back Up and restore a NetScaler MAS configuration in an HA pair
- Configure a cipher group
- Create SNMP traps, managers, and users
- Configure and view system alarms
- NetScaler MAS as an API Proxy Server
NetScaler Pooled Capacity
- Configure NetScaler pooled capacity
- Upgrade a perpetual license in NetScaler VPX to NetScaler pooled capacity
- Upgrading a Perpetual License in NetScaler MPX to NetScaler Pooled Capacity
- Upgrade a perpetual license in NetScaler SDX to NetScaler pooled capacity
- NetScaler pooled capacity on NetScaler instances in cluster mode
- Health monitoring
- Expected behaviors when issues arise
- Configure expiry checks for pooled capacity licenses
- NetScaler VPX Check-In and Check-Out licensing
SSL Insight provides visibility into secure web transactions (HTTPS) and allows IT administrators to monitor all the secure web applications being served by the NetScaler ADC by providing integrated and real-time and historic monitoring of secure web transactions. With this visibility the administrator can assess following:
Determine Configuration Change Impact on Customer Usage: The administrator can understand the impact on clients for making a configuration change like turning off SSLv3 or removing a cipher like RC4-MD5. This can be done by assessing the historic transaction data on this protocol and cipher.
Quantify client performance: Administrator can understand the impact on Application Response Time based on the SSL ciphers/protocol used or the certificates negotiated.
Application Security: Assess if any of the application have transactions running on low security protocols, ciphers or weak key strength.
When SSL Analytics is enabled on a NetScaler instance, SSL statistics are recorded and logged for every SSL transaction. The statistics show the details of the SSL flow. Also, every successful connection is logged and displayed by NetScaler MAS Analytics.
SSL Insight provides the following critical information, which is displayed by NetScaler MAS Analytics:
SSL Protocol version negotiated
Cipher negotiated, and the cipher strength
Signature Hash algorithm of the certificate used
Certificate Type & Size
SSL Frontend and Backend errors
For successful SSL connections, SSL appflow logging happens at the end of every transaction.
- The NetScaler instance on which you intend to configure SSL Insight must be running a NetScaler software release no earlier than 11.1 build 51.21.
- The NetScaler MAS version should be no earlier than the NetScaler software version.
SSL Insight Metrics are included in Web Insight reports if you enable the following elements:
- Enable AppFlow for Web Insight on each NetScaler instance.
- Enable ULFD mode on each NetScaler instances.
- Enable required AppFlow parameters on each NetScaler instance.
You can enable the Appflow feature either from NetScaler MAS or from each NetScaler instance.
To enable the AppFlow feature from NetScaler MAS:
In a web browser, type the IP address of the NetScaler MAS virtual appliance (for example, http://192.168.100.1).
In User Name and Password, enter the administrator credentials.
Navigate to Networks > Instances, and select the NetScaler instance on which you want to enable analytics.
From the Action drop-down list, select Enable/Disable Insight.
Select the virtual servers, and click Enable AppFlow.
In the Enable AppFlow field, type true, and select Web Insight.
Repeat steps 3 through 6 on each NetScaler instance.
You cannot enable data collection on a virtual server if the operational state of the virtual server is other than UP.
To enable the AppFlow feature from the NetScaler command line:
On a NetScaler instance, at the command prompt, type:
enable ns feature AppFlow
To enable the AppFlow feature by using the NetScaler GUI:
In a NetScaler instance’s GUI, navigate to Configuration > System > Settings, click Configure Advanced Features, and select AppFlow.
After you enable ULFD mode on the NetScaler instances on which the virtual servers are configured, the ULFD server streams the analytics data from the NetScaler instances to NetScaler MAS.
To enable ULFD mode by using the NetScaler command line:
On the NetScaler instance, at the command prompt, type:
enable mode ulfd
Add the NetScaler MAS IP address as the ULFD server on the NetScaler instance by entering the following command:
add ulfd server <your_MAS_IP Address>
On each NetScaler instance, you have to enable some HTTP parameters to display SSL Insight records in NetScaler MAS.
To enable SSL Insight parameters from the NetScaler command line:
At the command prompt, type:
set appflow param -httpDomain ENABLED -httpHost ENABLED -httpMethod ENABLED -httpUrl ENABLED -httpUserAgent ENABLED -httpContentType ENABLED
To enable SSL Insight parameters from the NetScaler configuration utility:
Navigate to Configuration > System > AppFlow, and click Change AppFlowSettings.
Select the following check boxes: HTTP Domain, HTTP Host, HTTP Method, HTTP URL, HTTP User-Agent, HTTP Content-Type.
SSL Insight metrics in NetScaler MAS provide a detailed view of the performance of the SSL transactions served by the NetScaler instances. You can view the SSL Insight metrics at the client, server, or application level, and the SSL success and failure transactions’ metrics. With the help of these metrics, you can analyze and optimize your NetScaler HTTPS settings and SSL-certificate settings, and track performance issues.
To monitor SSL Insight Metrics in NetScaler MAS:
On the Analytics tab, navigate to Web Insight and click the Client, Server, or Application node to display the metrics about clients, the server, or the applications, respectively.
In the top-left pane, from the drop-down list, select the time frame whose metrics you want to display. You can customize the time frame by using the time-frame slider. Click Go.
The SSL Insight metrics appear as pie charts, which you can click for more details.
The pie charts display the metrics of all the applications, clients or servers.
To display details for a specific application, client, or server, click the corresponding value on the bar graph.
To View the Failed SSL transactions, on the SSL section, select the radio button on the SSL section.
The following use case describes how you can use SSL Insight to assess the usage of various SSL Parameters in applications, clients and servers, and improve security measures.
Consider that you have a set of applications that are using SSL transactions (HTTPS) for communication, and you have configured NetScaler MAS to monitor the SSL components. You might need to frequently review the applications so that you can focus first on the applications that need the most attention. The SSL insight dashboard provides a summary of various SSL parameters used by your applications over a time period of your choosing, and for a selected NetScaler device. They are:
SSL Cipher Negotiated
SSL Key Strength
SSL Failure – Frontend
SSL Failure – Backend
In the following example, you can see list of clients (identified by their IP addresses) and the SSL hits per client. Also, at the right, you can view the SSL Parameters for all the clients.
To display SSL details for a client, select the client on the bar graph or in the table below the graph. In the following example, the selected client’s transactions use an SHA1 SSL certificate and four major protocols: TSLv1.2, TSLv1.1, TSLv1, and SSLv3. You can also see that ciphers of various strengths were negotiated. The color code indicates the strength of the SSL protocol, which gives you information about weak ciphers and strong ciphers.
Similarly, to view the information about the failed SSL transactions, select the radio button on the SSL section. SSL Frontend and Backend failures are displayed separately in two pie charts. In the following example, you can view that the major Backend SSL errors are Handshake failures and major Frontend SSL errors are Illegal parameters.