Design Decision: Features and Licensing Considerations

Citrix Application Delivery Controller (ADC) on Microsoft Azure is a L4-L7 virtual networking appliance. The Citrix ADC provides organizations secure access to applications and assets deployed in Azure. Citrix ADC on Azure provides a foundation for the network infrastructure without any physical limitations. Citrix ADC on Azure comes in two models: VPX (virtualized) or CPX (containerized). Citrix also provides an Ingress Controller based on Kubernetes Ingress. The Ingress Controller can automatically configure the VPX and CPX models based on a defined configuration.

To ensure enterprise-grade reliability and security, Citrix ADC uses advanced traffic management, observability, and comprehensive security features. Selecting the correct model and feature set is beneficial when it comes to planning your architecture. Some questions to answer about model selection and features might include the following:

What use cases are best for the VPX Virtual Appliance?

  • You use virtual appliances on your hypervisor instead of physical appliances

  • You need high SSL performance with no hardware acceleration

  • You have a hybrid cloud scenario

  • You need load-balancing on-premises and in public or private clouds

  • You are replacing MPX or other hardware load-balancers with virtual appliances

  • You need a multitenant infrastructure with full isolation

What use cases are best for the CPX Containerized Appliance?

  • You need to support Kubernetes or OpenShift containerized applications

  • You require load-balancing for microservices traffic within a Kubernetes cluster

  • You want load-balancing as part of a DevOps application development pipeline

What instance sizes and prerequisites are recommended for the Citrix ADC VPX virtual appliance?

  • The compatible networking models with Microsoft Azure are Citrix ADC VPX 10, 200 and 1000. Any Citrix ADC VPX licenses work, including Standard, Advanced, and Premium edition licenses.

  • Models VPX1000 and higher require version 13.0 build 76.x or later AND Accelerated networking be enabled to reach the wanted performance level

  • VPX virtual appliances can be deployed on any instance type that has two or more Intel VT-X cores and more than 2 GB memory. Currently, Citrix ADC supports only Intel processors with the following instance size recommendations:

    • Standard D2s v4 for VPX10 or VPX200
    • Standard D4s v4 for VPX1000 or VPX3000
    • Standard D8s v4 for VPX5000
    • Standard D16s v4 for VPX10000

Do I need a Citrix Ingress Controller?

  • Citrix ADC CPX and Citrix Ingress Controllers are deployed from the Azure Marketplace and used for microservices deployments

  • Azure Kubernetes Engine (AKS), supports deploying a Citrix ADC CPX as an Ingress Controller with either basic or advanced (CNI) networking

  • Citrix Ingress Controllers are used for microservice communication with a Citrix ADC CPX

  • Citrix Ingress Controller can be deployed in a standalone pod as
    • a Tier 1 ADC device to proxy North-South traffic, which supports traffic outside the AKS cluster to microservices inside the cluster
    • a sidecar container to an ADC CPX to load-balance North-South or East-West traffic, which supports microservices traffic inside the AKS cluster
  • Citrix ADC CPX Express is a 20 Mbps container-based ADC that can run on a Docker container and supports up to 250 SSL connections simultaneously

  • Citrix Ingress Controller is freely licensed and has no usage fees, you only pay for the Azure costs

ADC Licensing

Review your licensing options before you choose a particular deployment model so you are aware of the options up front. In some situations, you can run a Citrix ADC for only the costs of the Azure infrastructure. Some ADC licensing questions might include the following:

Can I use the Citrix ADC VPX as an ICA Proxy without buying a license?

  • Citrix ADC in basic mode has the ICAOnly VPN virtual server parameter set to ON and works fully on an unlicensed VPX instance

  • Citrix ADC in Smart-Access mode has the ICAOnly VPN virtual server parameter set to OFF and only supports 5 AAA session users on an unlicensed VPX instance

  • Apply a Premium license to the Citrix ADC VPX instance to license more than 5 AAA sessions

  • Citrix ADC VPX Express version 12.0.56.30 or later does not require a license file

  • Citrix ADC CPX Express is a freely licensed CPX, you only pay the associated Azure costs

How is Citrix ADC licensed in the cloud?

  • Citrix ADC on Azure is available with pay-as-you-go licensing through the Azure Marketplace subscription or using your own perpetual licenses

  • Using your own perpetual license is referred to as Bring Your Own License (BYOL)

  • BYOL requires the MyCitrix licensing portal to generate a valid license for Azure

  • BYOL is the only licensing model available on Azure if you are not using the Azure Marketplace subscription

  • License activation requires access to the public domain internet

Does Citrix ADC support check-in/check-out licensing model under the Citrix Application Delivery Management (ADM) service?

  • Citrix ADC supports Check-in/Check-out licensing from Citrix Application Delivery Management (ADM), which has an automated license provisioning system

  • Requires Citrix ADC VPX running 12.0 or later

  • Requires Citrix ADM running 12.0 or later

  • All licenses must be rehosted to Citrix ADM

  • When Citrix ADC instances are removed or destroyed, licenses are automatically returned for reuse

Occasionally, the Citrix ADC VPX may come online with a default ADC license unexpectedly. To resolve this issue, do a warm restart before making any configuration changes to the ADC VPX instance to allow the Azure Instance Metadata Service (IMDS) to correct the licensing

Choose the right application delivery platform for your needs

Citrix ADC CPX and Ingress Controller on Azure Marketplace

Citrix ADC CPX product documentation

Citrix ADC VPX in High Availability INC mode as ingress for Azure Kubernetes Services

Deploy Citrix ADC CPX an Ingress device in an Azure Kubernetes Cluster

Citrix ADC licensing overview

Citrix ADC VPX check-in and check-out licensing

Design Decision: Features and Licensing Considerations