What is Citrix ADM?
Citrix Application Delivery Management (ADM) is a single pane of glass solution that is deployed to manage all Citrix Networking product platforms. The Citrix Application Delivery Controller (ADC) SDX, MPX, VPX, BLX, CPX, Gateway, Secure Web Gateway, and SD-WAN can all be managed, configurations deployed, or services reported on via the appliance whether they are cloud based or on-prem.
The latest version of ADM can run as a virtual machine on a hypervisor platform or as a service available through Citrix Cloud.
Both versions offer similar functionality, collecting performance information about the applications and services running through the devices. Administration information is also collected to manage and centrally configure all ADC instances on one web-based portal.
The information collected is diverse and dependant on the types of services running through the ADC or Gateway but can include:
- Web page performance data.
- User-level ICA connection performance data.
- User browsing behaviour reports.
- Configuration audits.
- SSL Certificate reports & Cipher usage.
The benefits of accessing this information in one place is clear. As environments become more complex and split across enterprise data centre and third-party cloud locations, it becomes harder to keep track of configurations; and reporting on disparate outlying pieces of technology gets left behind.
ADM provides the capability to centrally manage the infrastructure that presents services to end users all from the one portal. This creates a solution that can be handed to a central IT Support function; or the ADM can split the managed devices into a multi-tenanted solution giving individual departments access and visibility to their own devices or services only.
The Application Delivery Management appliance features are broadly split into the following categories:
- Applications: Health and Usage of Applications.
- Networks: Configuration and status reporting from an Application perspective.
- Analytics: Network and data reporting.
- Orchestration: Integration of the Citrix ADC product with cloud orchestration platforms.
Applications provides an overview of all applications presented across multiple ADC’s with an indication of Status and Health. You can manage up to 30 discovered applications without requiring a specific licence, but beyond that you must purchase and apply a license. However, if you have more than 30 applications you can choose not to manage some. The features are broken down into the following:
Provides a summary view of all services passed through the ADC, including Gateway, Load Balancing and Websites. Provides an at a glance table to investigate any issues:
Reports on configured Application Health and provides the capability of adding or removing Applications to report on; with details of any failures, broken down into Service and Server.
App Security Dashboard
Partnered with AppFirewall, provides an overview of discovered security attack information such as DNS floods, Sync Attacks and SQL Injections against the applications the Web App Firewall is protecting. Also provides an indication of Threat and Safety indexing as a guide to administrators.
Users & Endpoints
When the ADC is configured as an SSL Forward proxy or a Secure Web Gateway is managed, there are comprehensive user reports to enable insights into the behaviour of users, and whether URL’s are hitting corporate policies of Blocked sites, or sites that are deemed High Risk.
Traffic by Browser, Traffic by Reputation Score, URL Category, Count of users, Data Volume, and Top Users/Endpoints are all reported.
A pre-defined set of template configurations for common applications. There are multiple scenarios covered; from Load Balancing to Single Sign On. Used when creating new services, they go through all settings required and show all the Objects that will be created on the ADC prior to the implementation.
This provides an ease of deployment for tasks that may be new to an administrator. These can then be remotely deployed to single or multiple devices, or just used as a point of reference.
Existing ADC configurations can also be used to create new StyleBooks for ease of ADC migration.
Networks contains the infrastructure detail managed by the ADM outside of Applications or Analytics and is broken down into features including:
Provides a single point of reference of all devices managed by the ADM with a summary of system resource use.
Provides the administrator a single solution to view and manage the SSL Certificates installed across multiple devices, all from the single web-based portal.
Alerts for certificates expiring in the near-term and the capability to centrally update those certificates are available, along with overviews of certificate configuration and health.
Similar to StyleBooks, but user created, Configuration Jobs provide a method of recording a set of configuration commands to repeat multiple times, or over multiple Instances. Jobs can be created to make configuration changes across devices, upgrade firmware, and replicate a device’s configuration to other devices in the enterprise.
To ensure configurations stay as designed, audits are taken at scheduled intervals and report on ‘Configuration Drift’. This is especially important for compliance and security to ensure applications stay as designed. Any changes to the original recorded configuration are raised and alerts can be created.
Recommendations against best practice are also available here similar to those available in cis.citrix.com
Provides the capability for the administrator to configure the ADM as a licence server for the ADC’s. This creates a flexible Pooled Licensing model where licences based on platform edition and bandwidth can be assigned and removed as necessary. This is particularly useful for changing an ADC’s bandwidth allocation or Orchestrating new devices on demand.
Reporting on the State of each Virtual Server and throughput statistics. This also provides a visual map of each Virtual Server to assist the administrator in understanding the configuration. Maintenance tasks to bring services Up or Down can also be centrally controlled from here.
This is the reporting and presentation of the network and traffic data that flows through a managed device. You can view analytics data for a maximum of 30 Virtual Servers before requiring a licence, but length of data retention may depend upon managed device platform edition. Beyond 30 vServers requires a specific ADM license. The features are split into different categories as follows:
Provides visibility of enterprise web applications served through the ADC. Information provided includes Server and Client Network Latency, Application response times, SSL Ciphers Negotiated, and bandwidth utilised per web application. This enables enterprises to identify bottle necks in application performance.
Monitors the metrics used for video optimisation techniques used by the Citrix ADC through the AppFlow feature. Reports on Optimised vs Non-Optimised traffic, giving the enterprise the capability to see data volume and type of traffic passing through the ADC. This gives a measure of optimisation efficiency.
Reports on the users flowing through the ADC or Gateway utilising the ICA protocol. Data on WAN vs data centre traffic latency, and Round Trip Time show performance delays, and whether any improvements can be managed by the IT Enterprise. HDX Insight also reports on Licence usage, Top Applications launched and Published Desktop usage over multiple ADC Instances for an aggregated view.
Enables administrators to view reports on why applications failed to launch, providing the user credential and the Gateway the user was connected to. This is useful for user troubleshooting. Gateway Insight also provides an aggregated view of active users/sessions across multiple Gateways/ADC’s.
Monitors the accelerated vs non-accelerated traffic through the SD-WAN between branches and the data centre. WAN Insight also reports on client traffic performance including packets sent/received and data compression ratios.
Based on Web App Firewall and ADC system security settings, Security Insight gives a per application Safety and Threat Index based on how each application is protected against external threats and vulnerabilities.
Reports on the ratio of human vs Bot access to each exposed application; and working with AppFirewall will give an indication of the risk of the Bot behaviour (blacklisted Bot access attempts vs Whitelisted Bot access).
Orchestration enables the integration of Citrix ADM with the cloud platforms OpenStack, Accelerite, Kubernetes and SDN Orchestration to allocate ADC resources.
Citrix ADC integrates with LBaaS and OpenStack Heat to allocate either Neutron drivers, or ADC services to tenants using Heat StyleBooks.
ADM integrates with the Cloud Infrastructure to create private cloud resources through Service Packages. These communicate with ADM to allocate the requested resources and deploy configurations to allocated ADCs.
ADC instances can act as the Ingress to applications running inside a Kubernetes cluster exposing it to external traffic. ADM can be specified to integrate with Kubernetes at the Cluster, Policy and Configuration level to manage Kubernetes and assign ADC resources.
Provides integration with Cisco ACI and VMware NSX Manager. For Cisco, L2-L3 automation is performed by Cisco APIC, and L4-L7 automation is performed by the ADM to create a Hybrid solution. VMware NSX uses Service Packages to create definitions that can be applied to Edge Gateway services by ADM
Citrix Application Delivery Management is a powerful single pane of glass solution enabling you to manage and report on many Citrix networking device requirements. To start this with minimal outlay and no licence fee is a significant benefit.
It can be complex and requires some time to understand all it’s features but is of great value, especially as the enterprise grows and multiple devices of different type, edition and location appear on the network.
FIND OUT MORE
If you would like to discuss the benefits of Application Delivery Management or Citrix networking products in general and how they help address user and enterprise requirements call 0330 010 3443 or email firstname.lastname@example.org.