White Paper
Citrix Application Delivery Management Simplify operations, gain insight and improve troubleshooting of application delivery infrastructure Citrix | Citrix Application Delivery Management 2
New applications come quickly and application Citrix Application delivery infrastructure is constantly changing. Delivery Management For all the potential benefits that cloud provides, including agility, scalability, security, and cost savings, Simplify operations, gain insight and the truth remains that it can be difficult or impossible to get visibility into your workloads—let alone effectively improve troubleshooting of application manage them—when you are running applications delivery infrastructure across cloud and on-premises.
There is a desperate need to unify application delivery consistently across all environments. This is the only Cloud is transforming way to achieve the desired outcome of “define once and application delivery deploy everywhere” that will help business reach the speed and agility it needs to transform. Applications are at the heart of the modern business. They control everything that happens in the business. We effectively live in an application economy and the Citrix Application Delivery application is synonymous with productivity, growth strategy and user experience. Management (ADM): A single pane
Users are changing the way that applications are of glass for end-to-end Application consumed. Customers want the application and data Delivery Management across hybrid delivered to them when it is convenient. They want it on the device they choose and they want it fast. This multi-cloud environments is driving the importance of customer experience and An effective Application Delivery Management system hence the importance of application delivery. must do more than provide monitoring of application delivery controllers (ADCs). It must bring together As business embraces digital transformation, all the aspects of the application and its delivery workloads and applications are being modernized. end-to-end into a single place to provide: Applications are moving into the cloud and businesses are becoming “application first”. But this journey • Orchestration to application first is filled with silos which create • Configuration complexity and fragmentation, which slows the ability • Automation to innovate and respond to changing market conditions. • Actionable Insight • Faster Troubleshooting • Infrastructure silos: Different infrastructure • Machine Learning Enabled Analytics environments have varying approaches to architectures • Cloud silos: Private clouds differ from public and each Configuration must take an application-first public cloud has a distinctive set of services approach and be made easier, faster, consistent • Applications silos: Applications themselves are and automated, wherever possible. Insight must widely disparate in architectures—e.g. 3-tier web, help you understand the health and performance of, microservices-based not only your ADC estate, but the applications Citrix | Citrix Application Delivery Management 3 themselves and the experience of the users that Orchestration consume your applications. It should cover their security posture and show how you can improve user When deploying new applications or adapting to change experience. Troubleshooting should be proactive and via scaling there is frequently a need to orchestrate let you know of challenges before they become an network services on the ADC. Citrix ADM allows issue. Any tool must allow administrators to identify orchestration through integration with many of the anomalies easily and be interactive so that it is possible common cloud and SDN platforms, including: to drill down to remediate more quickly. • VMware vCenter/vSphere, Cisco Application Centric Only Citrix ADM provides an intuitive, comprehensive Infrastructure (ACI) platform that gives you a single pane of glass to • OpenStack holistically view and manage your application delivery • Cloud native ecosystem: integration with Mesos/ infrastructure across: Marathon and Kubernetes
• Any application: Three-tier web and cloud native Cisco ACi • Any data center environment: On-premises, public, Citrix ADM integration with Cisco’s Application Centric private, and hybrid architecture allows L4-7 functionality for application • Any ADC form factor: Physical, virtual, cloud, delivery to be automated and handled by Citrix ADC to and containerized speed up configuration and reduce errors. With Citrix ADM you can license, configure, manage, and analyze all your Citrix ADCs wherever they VMware vCenter/vSphere reside and proactively monitor the health, usage, Citrix ADM integrates with VMware vCenter and vSphere and performance of your applications, troubleshoot virtualization platform to automate the deployment, problems faster and gain intuitive insights from configuration, and management of Citrix ADC services. a single place. This allows the VMware admin to deploy Citrix ADC services faster.
Cloud-like agility with OpenStack Citrix ADM enables OpenStack users to use Neutron enterprise-grade control LBaaS on the OpenStack platform to configure load balancing services and implement them on Citrix ADC. Adapting to change is vital to the modern business. This means deploying new applications when required Cloud native ecosystem (Mesos/Marathon or scaling with demand. Until now, configuration has and Kubernetes) been a manual process that is time consuming and error-prone. It has been fraught with uncertainty–has Citrix ADM integrates with the popular container the config saved? Is it backwardly compatible? Will it orchestration systems (Mesos/Marathon and survive an upgrade? Can I push similar configurations Kubernetes) to allow the rapid deployment and across multiple ADC instances? Citrix ADM brings clarity configuration of Citrix ADC CPX instances as containers and control and automation to the process of application in your container clusters. delivery configuration. Citrix | Citrix Application Delivery Management 4
Make ADC configuration easy, StyleBooks are application-centric and composable. That is, you can re-use StyleBooks as components consistent and error free in other StyleBooks to build complex configs from Instead of directly configuring your ADCs, Citrix ADM simple building blocks. This makes application delivery allows you to define logical configuration jobs and configuration faster and easier. have them pushed to the ADCs that require them, Single touch config across hybrid multi-cloud wherever they reside in your infrastructure. This way, you know your config is committed successfully, Application configurations can be abstracted by saved, backed up and can be restored. This reduces defining parameters, which Citrix ADM prompts you to config errors and gives you confidence your input at deployment time. This means you can deploy applications will be delivered correctly. applications across multiple infrastructures quickly, easily and consistently or migrate applications from Config jobs on-prem to a cloud when necessary.
You can create config jobs as a file by inputting a The flexible nature of StyleBooks and their versioning set of CLI commands or, more simply, by recording capability mean that you can speed up deployments, an ADC config session. This can then be saved and reduce mistakes and maintain tighter control across reused. It makes configuration easier and dramatically all your applications no matter their architecture or reduces mistakes. deployment environment. This is a significant step towards single touch, “define once, deploy everywhere”. Config audit Centralization of configs mean that you can easily audit Automated scale on demand—save them for compliance against defined corporate policies. money by only deploying resources With Config audit you can stay ahead of deviations. For when you need them example, you can: To meet customer demand, it is important to scale • Monitor for missing security checks up and down automatically. Citrix ADM Autoscale • Assess the SSL settings are in scope with functionality continually assesses the load on the Citrix corporate policies ADCs and scales the resources accordingly. Citrix ADM • Ensure that there are no ADC instances with incorrect autoscaling enables: cipher settings • High availability of applications: Auto-scaling ensures Citrix ADM will also automatically inform you of any that your application always has the correct number config drift that might occur so you can stay ahead of of Citrix ADCs to handle traffic demand and to stay up issues from unauthorized or incorrect changes. and running at all times • Zero-touch configuration: Citrix ADM continuously These and other tools combine on Citrix ADM to monitors your application and adds or removes Citrix help promote a simpler management environment ADCs instances and the corresponding configurations for your ADCs. and licenses dynamically depending on the demand. This scenario typically takes weeks to accomplish in a Logical, composable StyleBooks for non-autoscale environment faster, automated configuration • Better cost management: Dynamic Citrix ADC provisioning and deprovisioning with Citrix ADM helps Citrix ADM StyleBooks are simple tools that allow you you save money by launching ADC instances only to logically define a configuration for your Citrix ADCs. when they are needed Citrix | Citrix Application Delivery Management 5
This ensures that you always have the right resources Pooled capacity license management deployed to meet the actual demand caused by fluctuations in the business Keeping track of your licensing efficiently is a detail that should not be overlooked. The flexible Pooled Stay on top of what you’re running Capacity licensing model from Citrix is designed to help you move Citrix ADC capacity to where it is Keeping abreast of the things you manage is key to required across clouds, data centers and applications. understanding your application delivery. Citrix ADM Citrix ADM enables you to monitor and manage this collects telemetry from all of the ADC instances under process easily. management. The ADC Instance dashboard puts all the information in a single place. From the Citrix ADM Citrix ADM allows you to: Instance Dashboard, you can quickly: • Visualize the total ADC capacity: How much is • See how many ADCs are in the inventory used, how much remains, the different types of • Determine which devices have issues or capacity and when it expires are unreachable • See where capacity is being used: Which Citrix ADCs • Assess the status of your SSL certificates across have capacity assigned, which edition and how much your estate—which ones have expired and which will • Allocate capacity: Add or remove capacity expire soon so you can prioritize activity for updates licenses as your needs changes across your • Be alerted to config issues and determine where you hybrid multi-cloud infrastructure need to intervene Taking tighter control of your Citrix ADC licensing • Visualize events by severity and prioritize enables you to make smarter decisions about capacity your responses planning and manage OPEX more effectively. The data is presented intuitively so it is easy to see the status of your entire estate across all your environments and Citrix ADC form factor and stay ahead of things before they become issues.
Figure 1: Pooled Capacity license management made easy
�icen�e type� availa�le an� t�eir ��age
��ic� ADC� �ave licen�e allocation� �o� m�c� capacity i� applie� Citrix | Citrix Application Delivery Management 6
Set enterprise-wide SSL policy and Additionally, you are able to run “what-if” scenarios on historical data to see the impact ensure it is enforced across your hybrid to the transactions of changing, SSL Policies, multi-cloud environment key strengths, ciphers etc.
SSL is fundamental to application data transport security and also for securing access to business assets. Setting the right policies and ensuring their Comprehensive analytics enforcement is the best way to protect your users, bring deeper understanding data and applications. of your application and Traditional, manual methods used to monitor SSL certificates and operations were slow and complex. delivery environment Citrix ADM SSL Dashboard offers a centralized view Knowing what’s happening in your environments is of the SSL posture across your entire application crucial to making changes when the business needs environment, making it easy to maintain compliance. them. You can’t adjust things if you can’t see them and SSL Dashboard allows you to: simply collecting this data is not enough. Manually • Set your SSL policies in one place and ensure that cross-referencing log files will not give the business the they are enforced agility it needs to stay ahead and innovate. • Monitor all the secure applications being served Citrix ADM collates telemetry across the whole stack by your Citrix ADCs with real-time and historic (L2-7) about the health, performance and security monitoring of secure web transactions across your entire application, network and delivery • Manage and renew your SSL certificates from infrastructure. Citrix ADM analyzes this data to offer one console actionable insights that allow you to make data-driven • See the key strengths in use to ensure compliance business decisions about application delivery quickly. with enterprise SSL policy
Figure 2: SSL Dashboard
SSL Certificate information Signature algorithms
Install certificate
SSL virtual server information
SSL Protocols in use
Usage stats and key strengths SSL Certificate issuers Citrix | Citrix Application Delivery Management 7
Intuitive ADC health score to identify ADC health score is calculated from the problems faster following data:
Infrastructure analytics delivers a detailed view of the • ADC system resource indicators: health and status of your entire ADC estate across all CPU/memory/disk usage; SSL card failures, your platforms. It enables you to see at a glance all NIC discards your devices (physical, virtual, cloud, containerized), their health and any critical events that you need to • ADC critical events indicators: HA sync failures, respond to. HA version mismatches, cluster issues
A health score for each Citrix ADC instance is calculated • SSL configuration indicators: Key strength, based on the system resources and events. This simple SSL algorithms, certificates summary makes it possible to summarize the estate in • Configuration deviation indicators: a single view which make spotting anomalies as easy as Configuration drift looking for a color change.
The Infrastructure Analytics dashboard enables you to: • Visualize entire estate: Spot availability issues across your entire hybrid multi-cloud environment Intuitive application dashboard for easy • Easily identify health of your Citrix ADCs: Identify application status monitoring problems faster with color coded ADC instance scores Keeping your applications up and running is crucial • Display a user defined ADC hierarchy: Logical to the success of the business. This is impossible grouping of your ADC estate to see where without solid application visibility. Citrix ADM collects problems occur information about the health and performance of each • See high level view of estate-wide SSL status: application and, as with the Infrastructure, summarizes Expired certificates, nonrecommended issuers etc., it to a single application score. low key strengths for rapid detection of issues • Monitor configuration issues: Spot config drift and A comprehensive dashboard provides easy visualization of correct it before it becomes a problem application status across the whole estate. This can be any
Figure 3: Infrastructure Analytics Dashboard
ADCs grouped by geography Monitoring config issues and environment
Spot SSL problems quickly ADC health is color coded Citrix | Citrix Application Delivery Management 8 type of application (3-tier web; microservices-based), in Assess the security status of your any location (data center, cloud). Citrix ADM automatically applications to determine their creates applications based on vServers but also allows you to define your own. The creation of custom applications vulnerabilities and how well they lets you holistically monitor applications that might span are protected multiple environments. It should go without saying that securing your • Determine application usage: Based on the size of the applications is vitally important. Understanding your application box, you can see which apps are most used applications’ vulnerabilities helps you start protecting by the business them. Citrix ADM turns the deluge of security data into • Easily spot application anomalies: Quickly determine simple to understand and easy to view indications of your application issues and start remediation applications security postures in a single dashboard.
The application security dashboard shows: Application score is calculated based on the following information: • Threat index of an application: Quickly assess how vulnerable your applications are • Performance score: Apdex conforming • Safety index: Determines if your configuration is score derived from the response time variation of the application offering as much protection as possible • Violation type and volume: An analysis of the violations • Application server resources: Inactive against your applications and how many there have services, Surge queue requests been to see where you need to apply protections • ADC instance health: System resources, • Geo-location data: Where the violations are coming Critical SNMP events, configuration issues from and how they trend with time—to understand if Apdex is an open standard for measuring this is a sustained attack and how to deal with it application performance. It essentially collects multiple response time measurements and calculates an overall score that represents user satisfaction.
Figure 4: Application Dashboard
Application �core� color co�e� ��reat in�ex li�te�
��are�oint
�i�e o� �ox � Color o� �ox � ��are�oint application ��age application �ealt� per�orming poorly Citrix | Citrix Application Delivery Management 9
You can use the application security dashboard to The data let you analyze the performance of all your monitor your application via a single view or drill down to ADCs, applications and servers in your environment look at the security posture of any individual application and helps you pinpoint issues quickly. in your hybrid multi-cloud environment. Web Insight lets you:
Threat index is a digital rating system (1-7) • Analyze WAN latency, data center latency and that indicates the criticality of attacks on an application server response time to see whether an application. It is calculated based on attack issue is related to the network or the app related information such as • Determine the usage of your application URLs to plan which might need more resources • Violation type • Understand which applications or servers give most • Attack category errors so you can investigate why • Attack location • Client details • Volume of attacks Faster responses to application issues Get the most comprehensive picture of your application usage To maintain application availability and performance it is important to be able to react quickly when things go Without visibility of your applications you cannot make wrong. Troubleshooting is a daily responsibility for every informed decisions about where to focus resources application administrator, but as applications become or even begin to troubleshoot issues. Citrix ADM Web more complex and reside in the cloud, visibility and Insight offers integrated, real-time monitoring of all your understanding of issues is restricted. web applications as they pass through your ADCs.
Figure 5: Application Security Dashboard
��reat in�ex an� tren� ��m�er o� violation� Application� at mo�t ri��
�ype� o� attac�� �eing la�nc�e� Map ��o�ing ��ere �i�e in�icate� vol�me � �ren� �it� time attac�� originate Citrix | Citrix Application Delivery Management 10
Citrix ADM makes troubleshooting intuitive and While Citrix ADM is flexible in what you can define, proactive. Citrix ADM dashboards cover your typical dashboards include the following: applications, networks and delivery infrastructure • Application owner: Gives the owner full visibility of across all your environments and put actionable insights application health, performance and security posture at your fingertips. They are designed to be intuitive • IT operations: Visibility and ownership of the ADC to show issues immediately. Their interactive nature estate and related applications infrastructure across enables you to easily drill down into issues and find the the entire hybrid multi-cloud environment root cause quickly. There are specific tools that help the • Security admin: Security focused analytics across the troubleshooting process. whole estate. Help ensure security compliance and certificate administration Give the right people the right visibility, when they need it Troubleshooting example: “My Dashboards in Citrix ADM can be customized to suit applications are running slowly. Why?” specific roles. This helps isolate problems in certain When a help desk call comes in with a vague description areas where admins have expertise enabling the best it can be hard to work out why. Nevertheless, this is how people to identify issues quickly. Involving the right many things start. With Citrix ADM, the job of tracking people right away can help speed up resolution. performance issues is reasonably straight forward. Different stakeholders have different requirements for insight and troubleshooting. That might be restricted to an application or a particular function across all applications of some other combination.
You can start with an analysis of the infrastructure where the user is trying to access. In this example, the Analytics show there to be SSL Capacity issues:
Figure 6 Citrix | Citrix Application Delivery Management 11
Clicking on the vServers with the issues opens details on the app scores for those vServers.
Figure 7
In this case troubleshooting has led quickly to a resolution that SSL capacity needs to be added. However, even after fixing the SSL issues, the score on one of the applications remains low.
Figure 8
Clicking on the app score opens more detailed analysis. Citrix | Citrix Application Delivery Management 12
Figure 9
It shows how the app performance has changed over time and tells you quickly that the problem with performance is related to a number of errors.
Figure 10
The problems are clearly seen to be associated Troubleshooting example: “I see a low with server delay. Citrix ADM tells you what app score. What caused it?” happened and when. It also offers suggestions for remedial action—change the load balancing There is nothing worse than an intermittent fault that algorithm, look for connectivity issues or increase causes slow applications. In this example an application server capacity. owner uses Application dashboard to get an overall view of his particular applications. He notices a low Once this is completed then the application is performing application with a score of 60. The dashboard back to performing normally. says that all the networking functions are OK. Citrix | Citrix Application Delivery Management 13
Figure 11
The virtual servers, the services and the servers are all green so it indicates things are healthy.
The application activity investigation shows that the response time is above the acceptable threshold for some time and there are 5xx internal server errors
Figure 12
Drilling into the server error—5xx takes the application administrator to the detailed web transactions allowing them to search for servers with high latency and identify which servers have this issue. Citrix | Citrix Application Delivery Management 14
Figure 13
Clicking on an individual server highlights more details. And allows for faster remediation.
Figure 14
Similar principles apply when finding the servers with 5xx internal errors. Citrix | Citrix Application Delivery Management 15
Figure 15
In this example, it is clear that with Citrix ADM to give deeper analysis of the networking part of troubleshooting is much faster and problematic servers the Citrix session. Users will call in with the vague, can be identified quickly and remediation work can “My Citrix is not working” description. begin sooner. Using the HDX Insight dashboard, it is easy to drill into the sessions and find out if the slowness in the Troubleshooting example: session is due to WAN network latency, DC network “My Citrix sessions are slow” latency or due to VDI environment slowness. The diagram in this case clearly indicates user jayden is Citrix ADC fronts a lot of Citrix farms as is to facing slowness in his sessions indicated by the high be expected and Citrix takes a holistic view of ICA round trip time. It is apparent that this being troubleshooting the Citrix environments. caused by the high data center latency. HDX Insight was specifically created as a tool
Figure 16
This immediate visibility can prevent needless investigations and finger pointing between network admins and Citrix administrators. Citrix | Citrix Application Delivery Management 16
Complete end-to-end visibility of your • Connection number: The node size indicates the number of connections so you can assess microservices application environment resources easily The Service Graph feature in Citrix ADM enables you to • Service communication: The size and color of the links decompose applications into their component services between the service indicate the level of traffic and the and use a graphical display to unify all aspects of your health of the link microservices into a single view. Service graphs build • Monitoring metrics: Monitor latency, traffic load, errors on the health score philosophy for the services and and application saturation at a glance communication pathways within microservices and help This helps you troubleshoot and quickly determine you identify issues very quickly. Service graphs show: which services need attention. It also highlights when • Service health score: Displayed and color-coded so and where network issues occur so that you can find you can readily spot performance anomalies andresolve issues related to connectivity.
Figure 17: Service Graph showing microservices based application
Link Node size �ran�action� �et�een �ervice� ��m�er o� connection�
Link color �ealt� o� connection
Link width ����e �it� �ervice �e��e�t vol�me
Figure 17 shows an example of a service graph of a hovering over it shows its service score to be only 40 microservices-based application. You can clearly see and there are 20 errors per second. There also appears how the application is broken up into its components and to be an issue in the communication between “FrontEnd mapped out to help spot anomalies and identify issues. Hot Drinks” and the “Payment GW”. Bringing these data points to the fore so quickly help you investigate the In this example it is apparent that the service “FrontEnd causes further and remediate more quickly. Hot Drinks” has an issue. It is highlighted in red and Citrix | Citrix Application Delivery Management 17
Services graphs are a very powerful tool for troubleshooting microservices, where there are so many things happening and multiple communication pathways, as they provide a simple intuitive view of the whole environment at a glance and enable administrators to identify anomalies quickly for further investigation.
Getting started with Citrix ADM
With Citrix ADM monitoring your Citrix ADC instances, you gain visibility into the health, performance, and security of your applications. And you can automate the setup, deployment, and management of your application delivery infrastructure across hybrid multi-cloud environments.
Citrix ADM is available as a Citrix cloud service or as a stand-alone virtual machine for deployment on-premises. The Citrix ADM service is the easiest way to get started. A simple agent for secure communications between your environments and the service is all that is required. Even subsequent upgrades to the agent is done by the Citrix ADM service. With Citrix ADM service, you do not need to worry about upgrades, reboots, backup, disaster recovery, system pruning high availability and data management. Simply subscribe and point your Citrix ADC estate at the service for management and analytics. To make it even easier to kick things off there is even a free, Express version of the service. It is limited in scale but clearly shows the benefits of Citrix ADM right away.
Try Citrix ADM for free today
Enterprise Sales North America | 800-424-8749 Worldwide | +1 408-790-8000
Locations Corporate Headquarters | 851 Cypress Creek Road, Fort Lauderdale, FL 33309, United States Silicon Valley | 4988 Great America Parkway, Santa Clara, CA 95054, United States
©2020 Citrix Systems, Inc. All rights reserved. Citrix, the Citrix logo, and other marks appearing herein are property of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered with the U.S. Patent and Trademark Office and in other countries. All other marks are the property of their respective owner(s).