Configuration

Citrix ADM manages all the Citrix ADC VPX clusters in Microsoft Azure. Citrix ADM accesses the Azure resources using the Cloud Access Profile.

The following flow diagram explains the steps involved in creating and configuring an Autoscale group:

Prerequisites

This section describes the prerequisites that you must complete in Microsoft Azure and Citrix ADM before you configure autoscaling Citrix ADC VPX instances.

This document assumes the following:

• You possess a Microsoft Azure account that supports the Azure Resource Manager deployment model.

• You have a resource group in Microsoft Azure.

For more information on how to create an account and other tasks, see Microsoft Azure Documentation.

Set up Microsoft Azure components

Perform the following tasks in Azure before autoscaling Citrix ADC VPX instances in Citrix ADM.

1. Create a virtual network.

2. Create security groups.

3. Create subnets.

4. Subscribe to the Citrix ADC VPX license in Microsoft Azure.

5. Create and register an application.

Create a virtual network

1. Log on to your Microsoft Azure portal.

2. Select Create a resource.

3. Select Networking and click Virtual Network.

4. Specify the required parameters.

   • In Resource group, you must specify the resource group where you want to deploy a Citrix ADC VPX product.

   • In Location, you must specify the locations that support availability zones such as:

     • Central US

     • East US2

     • France Central

     • North Europe

     • Southeast Asia

     • West Europe

     • West US2

   Note

   The application servers are present in this resource group.

5. Click Create.

For more information, see Azure Virtual Network in Microsoft Documentation.

Create security groups

Create three security groups in your virtual network (VNet) - one each for the management, client, and server connections. Create a security group to control inbound and outbound traffic in the Citrix ADC VPX instance. Create rules for incoming traffic that you want to control in the Citrix Autoscale groups. You can add as many rules as you want.

• Management: A security group in your account dedicated for the management of Citrix ADC VPX. Citrix ADC has to contact Azure services and requires Internet access. Inbound rules are allowed on the following TCP and UDP ports.
  • TCP: 80, 22, 443, 3008–3011, 4001
  • UDP: 67, 123, 161, 500, 3003, 4500, 7000, 27000, 7279

  Note

  Ensure the following:

  The security group has allowed the Citrix ADM agent to access the VPX.

  The 27000 and 7279 ports are opened in Citrix ADM. These ports are used to check out Citrix ADC licenses from Citrix ADM. For more information, see Ports.

• Client: A security group in your account dedicated for a client-side communication of Citrix ADC VPX instances.

  • TCP: 1025-11024, 11025-21024, 21025-31024
  • UDP : 1025-11024
• Server: A security group in your account dedicated for a server-side communication of Citrix ADC VPX.

For more information on how to create a security group in Microsoft Azure, see Create, change, or delete a network security group.

Create subnets

Create three subnets in your virtual network (VNet) - one each for the management, client, and server connections. Specify an address range that is defined in your VNet for each of the subnets. Specify the availability zone in which you want the subnet to reside.

• Management: A subnet in your Virtual Network (VNet) dedicated for management. Citrix ADC has to contact Azure services and requires internet access.

• Client: A subnet in your Virtual Network (VNet) dedicated for the client side. Typically, Citrix ADC receives client traffic for the application via a public subnet from the internet.

• Server: A subnet where the application servers are provisioned. All your application servers are present in this subnet and receives application traffic from the Citrix ADC through this subnet.

Note

Specify an appropriate security group to the subnet while creating a subnet.

For more information on how to create a subnet in Microsoft Azure, see Add, change, or delete a virtual network subnet.

Subscribe to the Citrix ADC VPX license in Microsoft Azure

1. Log on to your Microsoft Azure portal.

2. Select Create a resource.

3. In the Search the marketplace bar, search Citrix ADC and select the required product version.

4. In the Select a software plan list, select one of the following license types:

   • Bring your own license
   • Advanced
   • Premium

   Note

   • If you choose the Bring your own license option, the Autoscale group checks out the licenses from the Citrix ADM while provisioning Citrix ADC instances.
   • In Citrix ADM, the Advanced and Premium are the equivalent license types for Enterprise and Platinum respectively.

5. Ensure the programmatic deployment is enabled for the selected Citrix ADC product.

   1. Beside Want to deploy programmatically?, click Get Started.

      

   2. In Choose the subscriptions, select Enable to deploy the selected Citrix ADC VPX edition programmatically.

      

      Important

      Enabling the programmatic deployment is required to Autoscale Citrix ADC VPX instances in Azure.

   3. Click Save.

   4. Close Configure Programmatic Deployment.

6. Click Create.

Create and register an application

Citrix ADM uses this application to Autoscale Citrix ADC VPX instances in Azure.

To create and register an application in Azure:

1. In the Azure portal, select Azure Active Directory. This option displays your organization’s directory.

2. Select App registrations:

   1. In Name, specify the name of the application.

   2. Select the Application type from the list.

   3. In the Sign-on URL, specify the application URL to access the application.

3. Click Create.

For more information on App registrations, see Microsoft Documentation.

Azure assigns an application ID to the application. The following is an example application registered in Microsoft Azure:

Copy the following IDs and provide these IDs when you are configuring the Cloud Access Profile in Citrix ADM. For steps to retrieve the following IDs, see Microsoft Documentation:

• Application ID

• Directory ID

• Key

  

• Subscription ID: Copy the subscription ID from your storage account.

Assign the role permission to an application

Citrix ADM uses the application-as-a-service principle to Autoscale Citrix ADC instances in Microsoft Azure. This permission is applicable only to the selected resource group.

To assign a role permission to your registered application, you have to be the owner of the Microsoft Azure subscription.

1. In the Azure portal, select Resource groups.

2. Select the resource group to which you want to assign a role permission.

3. Select Access control (IAM).

4. In Role assignments, click Add.

5. Select Owner from the Role list.

6. Select the application that is registered for autoscaling Citrix ADC instances.

7. Click Save.

Set up Citrix ADM components

Perform the following tasks in Azure before you Autoscale Citrix ADC VPX instances in Citrix ADM:

1. Provision an agent on Azure

2. Create a site

3. Attach the site to a Citrix ADM agent

Provision Citrix ADM agent on Azure

The Citrix ADM agent works as an intermediary between the Citrix ADM and the discovered instances in the data center or on the cloud.

1. Navigate to Infrastructure > Instances > Agents.

2. Click Provision.

3. Select Microsoft Azure and click Next.

4. In the Provision Parameters tab, specify the following:

   • Name - specify the Citrix ADM agent name.

   • Site - select the site you have created to provision an agent and ADC VPX instances.

   • Cloud Access Profile - select the cloud access profile from the list.

   • Availability Zone - Select the zones in which you want to create the Autoscale groups. Depending on the cloud access profile that you have selected, availability zones specific to that profile are populated.

   • Security Group - Security groups control the inbound and outbound traffic in the Citrix ADC agent. You create rules for both incoming and outgoing traffic that you want to control.

   • Subnet - Select the management subnet where you want to provision an agent.

   • Tags - Type the key-value pair for the Autoscale group tags. A tag consists of a case-sensitive key-value pair. These tags enable you to organize and identify the Autoscale groups easily. The tags are applied to both Azure and Citrix ADM.

5. Click Finish.

Alternatively, you can install the Citrix ADM agent from Azure Marketplace. For more information, see Installing a Citrix ADM agent on the Microsoft Azure.

Create a site

Create a site in Citrix ADM and add the VNet details associated with your Microsoft Azure resource group.

1. In Citrix ADM, navigate to Infrastructure > Instances > Sites .

2. Click Add.

3. In the Select Cloud pane,

   1. Select Data Center as a Site type.

   2. Choose Azure from the Type list.

   3. Check the Fetch VNet from Azure check box.

      This option helps you to retrieve the existing VNet information from your Microsoft Azure account.

   4. Click Next.

4. In the Choose Region pane,

   1. In Cloud Access Profile, select the profile created for your Microsoft Azure account. If there are no profiles, create a profile.

   2. To create a cloud access profile, click Add.

   3. In Name, specify a name to identify your Azure account in Citrix ADM.

   4. In Tenant Active Directory ID / Tenant ID, specify the Active Directory ID of the tenant or the account in Microsoft Azure.

   5. Specify the Subscription ID.

   6. Specify the Application ID/Client ID.

   7. Specify the Application Key Password / Secret.

   8. Click Create.

      For more information, see Create and register an application and Mapping cloud access profile to the Azure application.

      

   9. In VNet, select the virtual network containing Citrix ADC VPX instances that you want to manage.

   10. Specify a Site Name.

   11. Click Finish.

Mapping Cloud Access Profile to the Azure application

Attach the site to a Citrix ADM agent

1. In Citrix ADM, navigate to Infrastructure > Instances > Agents.

2. Select the agent for which you want to attach a site.

3. Click Attach Site.

4. Select the site from the list that you want to attach.

5. Click Save.

Step 1: Initialize Autoscale configuration in Citrix ADM

1. In Citrix ADM, navigate to Infrastructure > Public Cloud > Autoscale groups.

2. Click Add to create Autoscale groups.

   The Create AutoScale Group page appears.

3. Select Microsoft Azure and click Next.

4. In Basic Parameters, enter the following details:

   • Name: Type a name for the Autoscale group.

   • Site: Select the site that you have created to Autoscale the Citrix ADC VPX instances on Microsoft Azure. If you have not created a site, click Add to create a site.

   • Cloud Access Profile: Select the cloud access profile. You can also add or edit a Cloud Access Profile.

   • Citrix ADC Profile: Select the ADC profile from the list. Citrix ADM uses this profile when it requires to log on to the Citrix ADC VPX instance.

     Note

     Ensure the selected device profile conforms to Microsoft Azure password rules.

   • Traffic Distribution Mode: The Load Balancing using Azure LB option is selected as the default traffic distribution mode. You can also choose the DNS using Azure DNS mode for the traffic distribution.

   • Enable AutoScale Group: Enable or disable the status of the ASG groups. This option is enabled, by default. If this option is disabled, autoscaling is not triggered.

   • Availability Set or Availability Zone: Select the availability set or availability zones in which you want to create the Autoscale groups. Depending on the cloud access profile that you have selected, availability zones appear on the list.

   • Tags: Type the key-value pair for the Autoscale group tags. A tag consists of a case-sensitive key-value pair. These tags enable you to organize and identify the Autoscale groups easily. The tags are applied to both Microsoft Azure and Citrix ADM.

   

5. Click Next.

Step 2: Configure Autoscale parameters

1. In the AutoScale Parameters tab, enter the following details.

2. Select one or more than one of the following threshold parameters whose values must be monitored to trigger a scale-out or a scale-in.

   • Enable CPU Usage Threshold: Monitor the metrics based on the CPU usage.

   • Enable Memory Usage Threshold: Monitor the metrics based on the memory usage.

   • Enable Throughput Threshold: Monitor the metrics based on the throughput.

     Note

     • Default minimum threshold limit is 30 and the maximum threshold limit is 70. However, you change to modify the limits.

     • Minimum threshold limit must be equal or less than half of the maximum threshold limit.

     • You can select more than one threshold parameters for monitoring. Scale-out is triggered if at least one of the threshold parameters is above the maximum threshold. However, a scale-in is triggered only if all the threshold parameters are operating below their normal thresholds.

     

   • Keep a Spare Node for faster Scale Out: This option helps to achieve faster scale-out. Citrix ADM provisions a spare node before the scale-out action occurs and shuts it down. When the scale-out action occurs for the Autoscale group, the Citrix ADM starts the spare node that is already provisioned. As a result, it reduces the time taken for scale-out.

   • Minimum Instances: Select the minimum number of instances that must be provisioned for this Autoscale group.

     The default minimum number of instances is equal to the number of zones selected. You can only increment the minimum instances in the multiples of the specified number of zones.

     For example, if the number of availability zones is 4, the minimum instances are 4 by default. You can increase the minimum instances by 8, 12, 16.

   • Maximum Instances: Select the maximum number of instances that must be provisioned for this Autoscale group.

     The maximum number of instances must be greater than or equal to the value of the minimum instances. The maximum number of instances cannot exceed the number of availability zones multiplied by 32.

     Maximum number of instances = number of availability zones * 32

   • Watch-Time (minutes): Select the watch-time duration. The time for which the scale parameter’s threshold has to stay breached for scaling to happen. If the threshold is breached on all the samples collected in this specified time then a scaling happens.

   • Cooldown period (minutes): Select the cooldown period. During scale-out, the cooldown period is the time for which evaluation of the statistics has to be stopped after a scale-out occurs. This period ensures the organic growing of instances of an Autoscale group. Before triggering the next scaling decision, it waits for the current traffic to stabilize and average out on the current set of instances.

   • Time to wait during Deprovision (minutes): Select the drain connection timeout period. During scale-in action, an instance is identified to de-provision. Citrix ADM restricts the identified instance from processing new connections until the specified time expires before de-provision. In this period, it allows existing connections to this instance to be drained out before it gets de-provisioned.

   • DNS Time To Live (seconds): Select the time (in seconds). In this period, a packet is set to exist inside a network before the router discards the packet. This parameter is applicable only when the traffic distribution mode is DNS using the Microsoft Azure traffic manager.

     

3. Click Next.

Step 3: Configure licenses for provisioning Citrix ADC instances

Select one of the following modes to license Citrix ADC instances that are part of the Autoscale Group:

• Using Citrix ADM: While provisioning Citrix ADC instances, the Autoscale group checks out the licenses from the Citrix ADM.

• Using Microsoft Azure: The Allocate from Cloud option uses the Citrix product licenses available in the Azure Marketplace. While provisioning Citrix ADC instances, the Autoscale group uses the licenses from the marketplace.

  If you choose to use licenses from Azure Marketplace, specify the product or license in the Provision Parameters tab.

For more information, see Licensing Requirements.

Use licenses from Citrix ADM

To use this option, ensure that you have subscribed to the Citrix ADC product with the Bring your own license software plan in Azure. See, Subscribe to the Citrix ADC VPX license in Microsoft Azure.

1. In the License tab, select Allocate from Citrix ADM.

2. In License Type, select one of the following options from the list:

   • Bandwidth Licenses: You can select one of the following options from the Bandwidth License Types list:

     • Pooled Capacity: Specify the capacity to allocate for every new instance in the Autoscale group.

       From the common pool, each ADC instance in the Autoscale group checks out one instance license and only as much bandwidth is specified.

     • VPX Licenses: When a Citrix ADC VPX instance is provisioned, the instance checks out the license from the Citrix ADM.

   • Virtual CPU Licenses: The provisioned Citrix ADC VPX instance checks out licenses depending on the number of CPUs running in the Autoscale group.

   Note

   When the provisioned instances are removed or destroyed, the applied licenses return to the Citrix ADM license pool. These licenses can be reused to provision new instances during the next Autoscale.

3. In License Edition, select the license edition. The Autoscale group uses the specified edition to provision instances.

4. Click Next.

Step 4: Configure cloud parameters

1. In the Provision Parameters tab, enter the following details:

   • Resource Group: Select the resource group in which Citrix ADC instances are deployed.

   • VM Size: Select the required VM size from the list.

     Note

     Ensure that the selected Azure VM Size has a minimum of three NICs. For more information, see Supported Azure virtual images for autoscaling.

   • Accelerated Networking: This option improves the network performance. It helps you when you have a huge traffic that requires a high speed with reliable streaming and lower CPU utilization.

   • Cloud Access Profile for ADC: Citrix ADM logs in to your Azure account using this profile to provision or de-provision ADC instances. It also configures Azure LB or Azure DNS.

   • Image: Select the required Citrix ADC version image. Click Add New to add a Citrix ADC image.

   • Origin Server CIDR: When application servers and ADC instances are situated on different virtual networks, provide the CIDR block of a virtual network where you have application servers.

     Important

     Set up the virtual network peering between the application server and the ADC instance’s virtual networks. For more information, see Virtual network peering.

   • IPs in Server Subnet per instance – Specify how many SNIP addresses each instance can have in the server subnet.

   

   In this tab, you can also specify and configure the required NICs. Select Security Group and Subnet for each NIC.

   • Security Groups: Security groups control the inbound and outbound traffic in a Citrix ADC VPX instance. Select a security group for Management, Client, and Server traffic. For more information on management, client, and server security groups, see Security Groups.

   • Subnets: You must have three separate subnets such as Management, client, and server subnet to Autoscale Citrix ADC subnets. Subnets contain the required entities for autoscaling. Select For more information, see Subnets.

     

2. click Finish.

Step 5: Configure an application for the Autoscale group

1. In Citrix ADM, navigate to Infrastructure > Public Cloud > Autoscale groups.

2. Select the Autoscale group that you created and click Configure.

3. In Configure Application, specify the following details:

   • Application Name - Specify the name of an application.

   • Access Type - You can use the Citrix ADM autoscaling solution to both external and internal applications. Select the required application access type.

   • FQDN Type - Select a mode of assigning domain and zone names.

     If you want to specify manually, select User-Defined. To automatically assign domain and zone names, select Auto-generated.

   • Domain Name - Specify the domain name of an application. This option is applicable only when you select User-Defined FQDN type.

   • Zone of the Domain - Select the zone name of an application from the list. This option is applicable only when you select User-Defined FQDN type.

     This domain and zone name redirects to the virtual servers in Azure. For example, if you host an application in app.example.com, the app is the domain name and example.com is the zone name.

   • Protocol - Select the protocol type from the list. The configured application receives the traffic depending on the selected protocol type.

   • Port - Specify the port value. The specified port is used to establish a communication between the application and the Autoscale group.

   • Auto Redirect HTTP traffic to HTTPS - Select this option to receive secured traffic to the application. Specify the HTTP port that you want to redirect.

   • ADC Configuration mode - Select the mode how you want to configure the application. You can either select StyleBooks or ADC CLI commands.

   

Note

Change the access type of an application if you want to modify the following details in the future:

• FQDN Type
• Domain Name
• Zone of the domain

For more information to use StyleBooks or CLI commands, see Create an application configuration for the Autoscale group.