App Delivery Controller
Deploying the Citrix ADC/Gateway on GCP is different than deploying it on-premises, though in the end you’re managing them yourself. Fortunately deploying Citrix ADC/Gateway on GCP is thoroughly documented. We recommend reviewing the following resources before you solidify your design and begin implementation:
- Citrix ADC VPX on GCP in Citrix Docs: Provides a comprehensive overview of Citrix ADC on GCP, including supported VPX models, GCP regions, Computer Engine instance types, and other resource references.
- Citrix ADC VPX GCP Marketplace Deployments: All available Citrix networking deployment solutions available in the GCP Marketplace. Functional and relevant for Citrix Gateway deployments with CVAD/CVADS also.
- Citrix ADC GDM Templates: A GitHub repository for Citrix ADC GDM templates. This is an excellent reference for a repository that hosts Citrix ADC templates for deploying a Citrix ADC VPX instance on the Google Cloud Platform.
As discussed in Citrix ADC VPX on GCP on Citrix Docs, there are two primary deployment options available. They are:
- Standalone: Individual instances of Citrix ADC/Gateway can be deployed and managed as separate entities. This is commonly used for smaller scale or POC deployments where high availability is not a requirement.
- High Availability: This is the most commonly deployed model for production environments: pairs of Citrix ADC/Gateway VPX instances can be deployed using an HA configuration within the same zone or across multiple zones in the same region. We dig into this option more deeply later in this section.
When you deploy Citrix ADC/Gateway appliances on GCP, we recommend using Premium tier (regional) external IP addresses. When using premium tier external IP’s, traffic ingresses and egresses at the Edge network location nearest the user. Traffic then traverses Google’s private network to get to the region where the resource is deployed. This provides better throughput, lower latency, and more consistent performance (lower jitter) as compared to Standard tier external IP addresses. For more information, see Google Cloud Network Service tiers.
While Citrix ADC VPX generally supports single, dual, or multiple NIC deployment types, Citrix recommends using at least three VPC networks for each ADC when deployed on GCP, with a network interface in each VPC for optimum throughput and data separation. When deployed to support Citrix Virtual Apps and Desktops, the management interface (NSIP) is typically attached to the “Private Citrix Infrastructure Subnet,” the subnet IP (SNIP) is attached to the “Private Citrix VDA Subnet,” and the Citrix Gateway virtual IP (VIP) to the “Public Subnet.” The following simplified conceptual diagram depicts this configuration. It shows a single VPX instance in a single zone - this design pattern would be duplicated (likely in a second zone) for a High Availability configuration:
The following is a table showcasing the purpose of each NIC along with the associated VPC network:
|NIC||Purpose||Associated VPC network|
|NIC 0||Serves management traffic (NSIP)||(❶) Management network|
|NIC 1||Serves client-side traffic (VIP)||(❷) Public network|
|NIC 2||Communicates with back-end servers (SNIP)||(❸) Back-end server network|
Citrix ADC VPX instances with three NICs require a minimum of 4 vCPUs when running on GCP. See maximum number of network interfaces for more information.
ADC High Availability across Zones
As mentioned earlier, this is the most common deployment model for Citrix virtualization systems. This model uses a pair of Citrix ADC VPXs in a single region deployed across multiple zones. High availability (active/passive) can be achieved multiple ways. You can use a GCP HTTPS Load Balancer with the ADCs configured independent of each other or by using Citrix ADCs HA configured in Independent Network Configuration (INC) mode. The latter option/architecture is expected to be popular for public cloud deployments, so we focus on that here.
While there are potential variants for a Citrix ADC/Gateway VPX architecture on GCP, the following diagram depicts a three NIC Citrix ADC HA solution. This solution can be deployed by the Google Deployment Manager template with pre-configured VPC networks and subnets:
When using the Google Deployment Manager template, you must configure the VPC networks before deploying the Citrix ADC appliances. The three VPC networks ought to consist of the (❶) management network, (❷) public network, and (❸) backend-server network and appropriate subnets within each VPC network.
In the preceding diagram, we can see that each ADC has a different Gateway virtual IP (VIP). This is a characteristic of an Independent Network Configuration (INC). When VPXs in an HA pair reside in different zones, the secondary ADC must have an INC, as they cannot share mapped IP addresses, virtual LANs, or network routes. The NSIP and SNIP are different for each ADC in this configuration, while the Citrix Gateway VIP uses a Citrix ADC feature called IPset, or Multi-IP virtual servers. This feature can be used for clients in different subnets to connect to the same set of servers. With IPset, you can associate a private IP to each of the primary and secondary instances. A public IP can then be mapped to the primary ADC in the pair. In the case of failover, the public IP mapping changes dynamically to the new primary.
For more information on adding a remote node to an ADC to create an INC-based HA pair, see Citrix docs. For general HA deployment information for ADC on Google cloud, see Deploy a VPX high-availability pair on Google Cloud Platform.