Product Documentation

Upgrading a NetScaler VPX instance on AWS

Apr 22, 2014

You can upgrade the EC2 instance type, throughput, software edition, and the system software of a NetScaler VPX running on AWS. For certain types of upgrades, Citrix recommends using the High Availability Configuration method to minimize downtime.

Note:
  • NetScaler software release 10.1.e-124.1308.e or later for a NetScaler VPX AMI (including both utility license and customer license) does not support the M1 and M2 instance families.
  • Because of changes in NetScaler instance support, downgrading from 10.1.e-124 or a later release to 10.1.123.x or an earlier release is not supported.
  • Most of the upgrades do not require the launch of a new AMI, and the upgrade can be done on the current NetScaler AMI instance. If you do want to upgrade to a new NetScaler AMI instance, use the high availability configuration method.

Changing the EC2 Instance Type of a NetScaler VPX Instance on AWS

Updated: 2014-04-22

If your NetScaler VPX instances are running release 10.1.e-124.1308.e or later, you can change the EC2 instance type from the AWS console as follows:
  1. Stop the VPX instance.
  2. Change the EC2 instance type from the AWS console.
  3. Start the instance.

You can also use the above procedure to change the EC2 instance type for a release, earlier than 10.1.e-124.1308.e, unless you want to change the instance type to M3. In that case, you must first follow the standard NetScaler upgrade procedure, at , to upgrade the NetScaler software to 10.1.e-124 or a later release, and then follow the above steps.

Upgrading the Throughput or Software Edition for a NetScaler VPX Instance on AWS

Updated: 2014-04-22

To upgrade the software edition (for example, to upgrade from standard to platinum edition) or throughput (for example, to upgrade from 200 mbps to 1000mbps), the method depends on the instance’s license.

Using a customer license (Bring-Your-Own-License)

If you are using a customer license, you can purchase and download the new license from the Citrix Licensing portal (MyCitrix), and then install the license on the VPX instance. For more information about downloading and installing a license from the MyCitrix portal, see the VPX Licensing Guide.

Using a utility license (Utility license with hourly fee)

AWS does not support direct upgrades for fee-based instances. To upgrade the software edition or throughput of a fee based NetScaler VPX instance, launch a new AMI with the desired license and capacity and migrate the older instance configuration to the new instance. This can be achieved by using a NetScaler high availability configuration as described in “Upgrading to a New NetScaler AMI Instance by Using a NetScaler High Availability Configuration.”

Upgrading the System Software of a NetScaler VPX Instance on AWS

Updated: 2014-04-22

If you need to upgrade a NetScaler instance running 10.1.e-124.1308.e or a later release, follow the standard NetScaler upgrade procedure at .

If you need to upgrade a NetScaler instance running a release older than 10.1.e-124.1308.e to 10.1.e-124.1308.e or a later release, first upgrade the system software, and then change the instance type to M3 as follows:
  1. Stop the VPX instance.
  2. Change the EC2 instance type from the AWS console.
  3. Start the instance.

Upgrading to a New NetScaler AMI Instance by Using a NetScaler High Availability Configuration

Updated: 2014-04-22

To use the high availability method of upgrading to a new NetScaler AMI instance, perform the following tasks:
  • Create a new instance with the desired EC2 instance type, software edition, throughput, or software release from the AWS marketplace.
  • Configure high availability between the old instance (to be upgraded) and the new instance. After high availability is configured between the old and the new instance, configuration from the old instance is synchronized to the new instance.
  • Force an HA failover from the old instance to the new instance. As a result, the new instance becomes primary and starts receiving traffic.
  • Stop, and reconfigure or remove the old instance from AWS.
Prerequisites and Points to Consider
  • Make sure you understand how high availability works between two NetScaler VPX instances on AWS. For more information about high availability configuration between two NetScaler VPX instances on AWS, see High Availability.
  • You must create the new instance in the same availability zone as the old instance, having the exact same security group and subnet.
  • High availability setup requires access and secret keys associated with the user's AWS Identity and Access Management (IAM) account for both instances. If the correct key information is not used when creating VPX instances, the HA setup fails. For more information about creating an IAM account for a VPX instance, see Creating an IAM Account.
  • You must use the EC2 console to create the new instance. You cannot use the AWS 1-click launch, because it does not accept the access and secret keys as the input.
  • The new instance should have only one ENI interface.
To upgrade a NetScaler VPX Instance by using a high availability configuration
  1. Configure high availability between the old and the new instance. To configure high availability between two NetScaler VPX instances, at the NetScaler command prompt of each intance, type:
    • add ha node <nodeID> <IPaddress of the node to be added>
    • save config

    Example

    At the NetScaler command prompt of the old instance, type:  
    > add ha node 30 192.0.2.30 
    Done 
    At the NetScaler command prompt of the new instance, type:  
    > add ha node 10 192.0.2.10 
    Done
    
    Note the following:
    • In the HA setup, the old instance is the primary node and the new instance is the secondary node.
    • The NSIP IP address is not copied from the old instance to the new instance. Therefore, after the upgrade, your new instance has a different management IP address from the previous one.
    • The nsroot account password of the new instance is set to that of the old instance after HA synchronization.

    For more information about high availability configuration between two NetScaler VPX instances on AWS, see High Availability.

  2. Force an HA failover. To force a failover in a high availability configuration, at the NetScaler command prompt of either of the instances, type:
    • force HA failover

    As the result of forcing a failover, the ENIs of the old instance are migrated to the new instance and traffic flows through the new instance (the new primary node). The old instance (the new secondary node) restarts.

    If the following warning message appears, type N to abort the operation:

    WARNING]:Force Failover may cause configuration loss, peer health not optimum. Reason(s): 
    HA version mismatch 
    HA heartbeats not seen on some interfaces 
    Please confirm whether you want force-failover (Y/N)?
    

    The warning message appears because the system software of the two VPX instances is not HA compatible. As a result, the configuration of the old instance cannot be automatically synced to the new instance during a forced failover.

    Following is the workaround for this issue:
    1. At the NetScaler shell prompt of the old instance, type the following command to create a backup of the configuration file (ns.conf):
      • copy /nsconfig/ns.conf to /nsconfig/ns.conf.bkp
    2. Remove the following line from the backup configuration file (ns.conf.bkp):
      • set ns config -IPAddress <IP> -netmask <MASK>

        For example, set ns config -IPAddress 192.0.2.10 -netmask 255.255.255.0

    3. Copy the old instance’s backup configuration file (ns.conf.bkp) to the /nsconfig directory of the the new instance.
    4. At the NetScaler shell prompt of the new instance, type the following command to load the old instance’s configuration file (ns.conf.bkp) on the new instance:
      • batch -f /nsconfig/ns.conf.bkp
    5. Save the configuration on the new instance.
      • Save conifg
    6. At the NetScaler command prompt of either of the nodes, type the following command to force a failover, and then type Y for the warning message to confirm the force failover operation:
      • force ha failover

      Example

      > force ha failover 
       
      WARNING]:Force Failover may cause configuration loss, peer health not optimum.  
      Reason(s): 
      HA version mismatch 
      HA heartbeats not seen on some interfaces 
      Please confirm whether you want force-failover (Y/N)? Y
      
  3. Remove the HA configuration, so that the two instances are no longer in an HA configuration. First remove the HA configuration from the secondary node and then remove the HA configuration from the primary node.

    To remove an HA configuration between two NetScaler VPX instances, at the command prompt of each instance, type:

    • remove ha node <nodeID>
    • save config

    For more information about high availability configuration between two NetScaler instances on AWS, see High Availability.

    Example

    At the NetScaler command prompt of the old instance (new secondary node), type:  
    > remove ha node 30 
      Done 
    > save config 
      Done 
    At the NetScaler command prompt of the new instance (new primary node), type: 
    > remove ha node 10 
      Done 
    > save config 
      Done