NetScaler ADM FAQs
NetScaler Application Delivery Manager (ADM) centralises the management, orchestration, and service visibility across all of your NetScaler ADC instances from the micro-service container to the global cloud ingress point. This comprehensive list of NetScaler ADM FAQs has been compiled by our in-house experts to answer the most common questions we get asked by our customers.
NetScaler ADM is a centralised solution for the management, monitoring and troubleshooting of all your NetScaler appliances. It provides a single pane of glass view where you can perform all the management tasks. Such as adding new devices, edit configurations, backup/restore configurations, monitor traffic, report, alert and more.
NetScaler ADM can also be configured for AppFlow reporting, receiving HDX/ICA AppFlow traffic from NetScaler devices.
NetScaler ADM is a virtual appliance that runs on NetScaler Hypervisor, VMware ESXi, and Linux KVM.
It collects the following information about web applications and virtual desktop traffic and provides visibility of:
- User session level information
- Webpage performance data
- Database information flowing through the NetScaler instances and provides actionable reports.
NetScaler ADM enables IT administrators to troubleshoot and proactively monitor customer issues in a matter of minutes.
Once the NetScaler ADM server is installed and licenced appropriately you can connect using a supported browser over port 80 or 443. From this browser, you can perform all the management, monitoring and troubleshooting you need.
For example, you can add instances (NetScaler appliances ) to the ADM server by adding their management IPs (for NetScalers this is the NSIP).
Once these devices are added and discovered by the ADM server, it uses NITRO calls, SNMP, SSH, and SCP protocols to initiate the transfer of information such as appliance inventory, licence, certificate details etc. It can also perform configurations and firmware updates.
All the information is processed by the NetScaler ADM server and stored in the internal database for current and future reporting/use.
NetScaler ADM is a virtual appliance that can be installed on the following hypervisors, NetScaler Hypervisor, Microsoft Hyper-V, VMware ESXi and Generic KVM
The requirements for an install are 32GB memory, 8 vCPU’s and at least 120 GB disk storage depending on what you want to record and how long you want to keep it.
The recommendation is that you add a second disk for your data storage at the initial time of installation. The size of this storage is dependent on several factors such as the number of instances, type of traffic, NetScaler licences etc.
Installation of NetScaler ADM depends on your needs, what you want to record, how long you want to keep it, and the available hypervisor. The basic requirement for an on-premises install is 32GB memory, 8 vCPU’s and at least 120 GB disk storage. It is recommended that you add a second disk for your data storage at the initial time of installation. NetScaler ADM can be deployed as either a single server or in an HA (High Availability) pair.
For full details on how to start the installation process can be found in the product documentation.
Configuration of NetScaler ADM can only be done via the GUI, accessed using a supported browser. Once logged on, the GUI enables you to add, manage and monitor instances, it also allows you to set up alerts, view analytics and configure the instances.
A NetScaler ADM agent is an intermediary ADM device between the main NetScaler ADM server (either on-premises or in the cloud) and the discovered instances at different datacentres or sites.
The agent is used when remote instances require management and it collects the local instances information and passes the data back to the main NetScaler ADM
The agent is used when remote instances require management. The agent collects appropriate information from the local instances and passes the data back to the main NetScaler ADM server.
The NetScaler ADM agent provides a local communication point for instances which in turn communicates with the main ADM Server. This means only the agent communicates with the main ADM server minimising WAN traffic and firewall port configurations.
The application delivery dashboard is an overview of the licenced and discovered applications monitored by the ADM server. It shows the security attack information these applications have endured, such as sync attacks, DNS flood attacks and more.
The upgrade process for NetScaler ADM is performed using the GUI (graphical user interface) and is accessed via the “System” tab in the options menu.
The simple process is to download the latest version of firmware from the NetScaler download website to your local machine and then using the GUI upload the new version to the ADM server and initiate the upgrade process. Once started the upgrade process is automatic and requires no further user interaction.
NetScaler Console service is the new name for NetScaler ADM service. This is a web-based service and you need to sign up for it via your Citrix account. For more information see our NetScaler Console service FAQs.
Kubernetes is an open-source platform designed to automate deploying, scaling, and operating application containers.
NetScaler supports the deployment of the NetScaler CPX in Kubernetes. NetScaler ADM can be used to manage, configure, and report on all forms of NetScaler (VPX, MPX, SDX, BLX and CPX).
Yes. Kubernetes cluster must be the following version or above:
- Server version v1.20
- Client version v1.20
To install NetScaler ADM on a Kubernetes cluster, download the NetScaler ADM Helm Chart for Kubernetes from the NetScaler download website. Extract the Helm Chart tarball into the /var directory of the main node of the Kubernetes cluster.
Then follow the instructions detailed within the online NetScaler documentation.
NetScaler ADM analytics provides NetScaler insights to analyse and improve application performance.
NetScaler ADM analytics features are:
- Web insight – visibility into web applications/real-time monitoring
- HDX insight – end-to-end visibility into NetScaler HDX/ICA traffic passing through the NetScaler
- Gateway insight – visibility into failures encountered by users while trying to log onto the NetScaler Gateway
- Security insight – visibility into application security status and take corrective actions to secure those applications
- SSL insight – visibility into secure web applications, see real-time and historical data
- TCP insight- visibility into the statistics of traffic flow through the NetScaler
A NetScaler ADM on-premises is when the virtual appliance is installed on the consumer’s physical hypervisor located at their site or datacentre. It is not web-based.
NetScaler Console is the web-based service.
For NetScaler ADM to manage and monitor the NetScaler’s that they discover through the HTTPS protocol each NetScaler MUST have a verified NetScaler licence.
NetScaler ADM supports two licence editions – Express and Advanced.
- The Express edition is the default edition licence applied on install. You can manage and monitor any number of NetScaler instances.
- The Advanced edition licence allows you to manage discovered applications and view analytics for the purchased and free virtual servers.
Please note the number of free discovered applications:
- For Build 13.1-9.x or earlier you can manage up to 30 discovered applications or virtual servers without buying an advanced edition licence.
- For Build 13.1-12.x or later you can manage up to two discovered applications or virtual servers without buying an advanced edition licence.
NetScaler ADM HA is when two NetScaler ADM servers are configured to run as an active and passive pair. The primary device will run as the main device communicating with the NetScaler instances and the secondary device will shadow the primary, replicating its database and configuration. The secondary server can seamlessly take over the role of the primary should it fail.
The Azure and AWS options allow you to either purchase an appliance licence from the cloud vendor or alternatively you can bring your own licence (BYOL). In ALL cases a NetScaler ADM Agent will need to be installed in close proximity to the instances that you require managing be they on-premises or in the cloud.
NetScaler ADM is also available from the NetScaler Cloud as a Service.
With NetScaler ADMaaS you gain visibility into the health, performance, and security of your applications. You can automate the setup, deployment, and management of your application delivery infrastructure across hybrid multi-cloud environments.
Only the NetScaler ADM agent is available as an image in the Microsoft Azure marketplace, not NetScaler ADM.
With the installation of an ADM agent in Azure you gain visibility into the health, performance, and security of your Azure based NetScaler appliances. You can automate the setup, deployment, and management of your application delivery infrastructure across hybrid multi-cloud environments.
Only the NetScaler ADM agent is available as an image in the Amazon Web Service (AWS) Cloud, not NetScaler ADM.
With the installation of an ADM agent in AWS you gain visibility into the health, performance, and security of your AWS based NetScaler appliances. You can automate the setup, deployment, and management of your application delivery infrastructure across hybrid multi-cloud environments.
Only the NetScaler ADM agent is available as an image in the GCP, not NetScaler ADM.
With the installation of ADM agent in GCP you gain visibility into the health, performance, and security of your AWS based NetScaler appliances. You can automate the setup, deployment, and management of your application delivery infrastructure across hybrid multi-cloud environments.
NetScaler ADM (Application Delivery Manager) is the new name for NetScaler Management and Analytics Service (MAS)
NetScaler ADM (Application Delivery Manager) and NetScaler ADC (Application Delivery Controller) are two separate and different devices from NetScaler.
NetScaler is an Application Delivery Controller that accelerates application performance, enhances application availability with advanced load balancing (L4-7) and provides security.
NetScaler ADM is a virtual device that provides centralised management, reporting, troubleshooting and configuration of your NetScaler instances.
NetScaler ADM communicates with NetScaler instances. The following ports need to be open between the NetScaler instances and either the NetScaler ADM server or NetScaler ADM agent:
- TCP Port 80 for NITRO communication
- TCP Port 22 for SSH communication
- UDP Port 4739 for AppFlow communication
- ICMP for initial instance detection
- SNMP Port 161, 162 to receive SNMP events
- Syslog Port 514 to receive Syslog messages
- TCP Port 5557 for log stream communication
- TCP Ports 8443, 7443 and 443 need to be open between NetScaler ADM Server and NetScaler ADM Agent
NetScaler ADM stylebook is a template that can be used to create and manage your NetScaler instances. They are either shipped with NetScaler ADM or you can create them for your specific needs using NetScaler ADM GUI.
The default username and password for NetScaler Application Delivery Manager is nsroot/nsroot.
Note: Best practices are to change this password at first login to always ensure secure authorised access.
Yes. You can migrate your NetScaler Command Centre configuration to the NetScaler ADM without losing the existing data, settings, or configuration.
Note: Must be NetScaler Command Centre v5.2 build 48.2 or later.
Yes. There are detailed instructions in the NetScaler online documentation that will guide you through the migration process.
Note that for migration you must be running NetScaler ADM v13.0 64.35 or later. If you are not running this version or later then you must first upgrade the on-premises deployment to v13.0 64.35 or later.
NetScaler ADM security advisory is a feature within NetScaler ADM that notifies you of NetScaler common vulnerabilities and exposures (CVE) when they are announced. These alert you to new risks to your NetScaler environments and recommends mitigations and remediations.
NetScaler ADM provides RBAC allowing you to configure fine-grained access control for users through the definition of policies, roles, groups, and users.
- Policies are a list of access permissions (view, edit and enable/disable) to ADM applications and features (licence management, analytics, networks, load balancing, GSLB etc.).
- Roles are a way of binding one or more policies together.
- Groups then bring this all together, binding Roles and users allowing you to define their authorisation settings.
- Authorisation settings allow you to configure access to such things as which instances and applications/services within those instances.
- Users can be locally authenticated or authenticated through external servers such as Radius/Tacacs/LDAP.
NetScaler Director is a central console for the monitoring and troubleshooting of NetScaler Virtual Apps and Desktops. The integration of NetScaler ADM with NetScaler Director allows it to obtain the NetScaler HDX insight reports (network analysis and performance management).
NetScaler ADM has a feature called record and play, which allows NetScaler administrators to record the changes they make to the configuration of their NetScaler. This can be imported into NetScaler ADM and executed against any other NetScaler instance managed by NetScaler ADM.
The recording can be edited so that NetScaler specific settings can be converted to “variables” and then prompt for input when executed against other NetScaler instances. The recording can be saved as a template and used in the future.
NetScaler ADM can perform NetScaler backups which can be stored in NetScaler ADM or downloaded for offsite storage. The backup file contains a full copy of the nsconfig directory which includes the ns.conf files, the licence and certificates (SSL) directory.
Restore of the NetScaler can be performed from this backup feature.
Within the NetScaler ADM Configuration Audit feature is the Configuration Advice option. This allows you to import and analyse the configuration of a NetScaler instance. This creates reports on the running configuration of PCI Compliance v3.0 and best practices.
Yes, NetScaler ADM supports external authentication, including Radius, LDAP and TACACS servers.
Users can be authenticated against an internal user base or NetScaler ADM can be configured to support external authentication. You can set up authentication as external and fall back to local should external authentication fail.
AppFlow is the mechanism which NetScaler uses Internet protocol information export (IPFIX) to transmit performance and database information to remote reporting and analytic engines. NetScaler ADM Server can be configured as an AppFlow collector.