The following second part of the Citrix Cloud ADM service is about setting up the ADM agent. There are significant differences in the deployment and the ADM agents used for this. First, there is the built-in ADM agent, which is already part of Netscaler 12.x, and second, the ADM agent appliance. Here, the ADM appliance is integrated as a standalone system, usually on-prem and linked to Netscaler. I want to explain the exact difference and how these agents are used in the following article.
The deployment start
As this is the Citrix Cloud, the first step is to log in to the Citrix Cloud with a Citrix user and multifactor authentication (MFA). Application Delivery Management is then selected from the available services
and run through the initial setup. The setup is about the region to be used (EMEA, Americas, etc.) and the permissions, whereby everything is selected here. Since no ADM agent has been set up, the "Get Started" - Set Up Agent appears immediately.
After that, the following should be selected: Custom Deployment: Custom Deployment | On-premises | Traditional/Tiered and then selecting the desired agent.
Agent type differences
- On a Hypervisor (On Premises)
This ADM agent appliance provides the highest level of functionality, including read and write capabilities to the Netscaler via the ADM cloud. In addition, the ADM agent appliance can also connect to the ADM cloud via a proxy server. - Built-In ADM-Agent
As of Netscaler version 12.x, there is the ADM Built-In Agent, part of the Netscaler firmware. However, this agent only provides read-only access to the Netscaler and cannot be used via a proxy server.
The question about the agent is the question about trust in the Citrix Cloud (and thus Cloud in general). If I trust the Citrix Cloud and want maximum functionality, then only the ADM agent appliance comes into question. Otherwise, I use the Built-In Agent and thus only get notices of security problems and expiring certificates. For me, only the ADM Agent appliance makes sense, so I'll go into more detail since it covers the built-in deployment.
The ADM Agent appliance is integrated into the hypervisor, and the network setup is run after startup. After restarting the ADM agent, one has to log in to the console with nsrecover/nsroot
. Then go to the directory /mps
and one of the two following scripts is executed: deployment_type.py
or register_agent_cloud.py
The service URL and the activation code are required for registration with the ADM Cloud. Of course, I can get both from the Citrix ADM Cloud afterwards. After successful registration, it takes at least 15 min. until the agent fully works. Essential for the use of the ADM agent is the communication with the cloud, and here it may require appropriate activations at the firewall if no proxy is used. This configures the ADM agent, and we get data in the Citrix Cloud ADM service.
What else needs to be configured in the ADM cloud and what data I get will be explained in part three.
Summary
There are only two ADM agents: Read and write mode or read-only mode. However, only the ADM agent appliance offers the most powerful functionality, and also only here can the agent be used via a proxy server. The agent configuration is simple as long as the agent can communicate with the Citrix Cloud.
Notes
- ADM-Cloud - Getting started
https://docs.citrix.com/en-us/citrix-application-delivery-management-service/getting-started.html - Install agent on-premises
https://docs.citrix.com/en-us/citrix-application-delivery-management-service/getting-started/install-agent-on-premises.html - Citrix ADM Ports and URL's That Need To Be Opened for Communication
https://support.citrix.com/article/CTX269531/citrix-adm-ports-and-urls-that-need-to-be-opened-for-communication