NetScaler SDX

Consolidation When the Management Service and the Citrix ADC instances are in Different Networks

In certain cases, the appliance administrator might allow other administrators to perform administration tasks on individual instances. This can be safely done by giving an individual instance administrator login rights to just that instance. But, for security reasons, the appliance administrator might not want to allow the instance to be on the same network as the Management Service. This is a very common scenario in service provider environments, and it is becoming increasingly common in enterprises as they adopt virtualization and cloud architectures.

In the following example, the Management Service is in the 10.1.1.x network and the Citrix ADC instances are in the 10.1.2.x network. Interfaces 0/1 and 0/2 are the management interfaces, 1/1 to 1/8 are 1G data interfaces, and 10/1 to 10/4 are 10G data interfaces. Each instance has its own dedicated administrator and its own dedicated physical interface. Therefore, the number of instances is limited to the number of physical interfaces available on the appliance. VLAN filtering is not required, because each instance has its own dedicated interface. Optionally, disable VLAN filtering to configure up to 4096 VLANs per instance per interface. In this example, you do not need to configure an NSVLAN, because instances are not sharing a physical interface and there are no tagged VLANs. For more information about NSVLANs, see the Add a Citrix ADC instance section in Provisioning Citrix ADC instances.

The following figure illustrates the above use case.

Figure 1. Network topology of an SDX appliance with Management Service and NSIPs for Instances in different networks

topology3

As the appliance administrator, you have the option to keep the traffic between the Management Service and the NSIP addresses on the SDX appliance, or to force the traffic off the device if, for example, you want traffic to go through an external firewall or some other security intermediary and then return to the appliance.

The following table lists the names and values of the parameters used for provisioning Citrix ADC instance 1 in this example.

Parameter Name Values for Instance 1
Name vpx1
IP Address 10.1.2.2
Netmask 255.255.255.0
Gateway 10.1.2.1
XVA File NS-VPX-XEN-10.0-51.308.a_nc.xva
Feature License Platinum
Admin Profile ns_nsroot_profile
User Name vpx1
Password Sdx
Confirm Password Sdx
Shell/Sftp/Scp Access True
Total Memory (MB) 2048
#SSL Chips 1
Throughput (Mbps) 1000
Packets per second 1000000
CPU Shared
Interface 0/2 and 1/1

To provision Citrix ADC instance 1 as shown in this example

  1. On the Configuration tab, in the navigation pane, expand Citrix ADC Configuration, and then click Instances.
  2. In the Citrix ADC instances pane, click Add.
  3. In the Provision Citrix ADC Wizard follow the instructions in the wizard to set the parameters to the values shown in the above table.
  4. Click Create, and then click Close. The Citrix ADC instance you provisioned appears in the Citrix ADC instances pane.
Consolidation When the Management Service and the Citrix ADC instances are in Different Networks