Configuration

Citrix ADM manages all the Citrix ADC VPX clusters in Google Cloud. Citrix ADM accesses the Google Cloud resources using the Cloud Access Profile.

The following flow diagram explains the steps involved in creating and configuring an Autoscale group:

Prerequisites

This section describes the prerequisites that you must complete in Google Cloud and Citrix ADM before you Autoscale Citrix ADC VPX instances.

This document assumes you possess a Google Cloud account. For more information on how to create an account, seeGoogle Cloud Documentation.

Set up Google Cloud components

Before provisioning Citrix ADC VPX instances in Citrix ADM, do the following tasks in Google Cloud:

1. Enable APIs
2. Create a Service Account
3. Create a VPC network
4. Create a firewall

Enable APIs

Citrix ADM requires programmatic access to deploy and provision the required resources in Google Cloud. So, enable the following APIs on your Google Cloud project:

• Compute Engine API

• Cloud DNS API

• Identity and Access Management (IAM) API

For more information about how to enable APIs in Google Cloud, seeEnabling APIs.

Create a Service Account

The ADM uses a Service Account to access your Google Cloud resources. Do the following to create a service account:

1. Log in to your Google Cloud account.

2. Go toIAM & Admin > Service Accounts.

3. Click+CREATE SERVICE ACCOUNT.

   Create two service accounts, one service account is used for ADM. And, another is used for ADC instances. Do the following steps to create a service account.

   1. Specify the name, ID, and description and click Create.

   2. Assign the following predefined roles:

      • IAM roles required for ADM

        roles/iam.serviceAccountUser roles/compute.instanceAdmin.v1 roles/compute.networkAdmin roles/dns.admin 

      • IAM roles required for the ADC instances that are created by ADM:

        roles/compute.instanceAdmin.v1 roles/compute.networkAdmin 

      These roles allow your service account to access Google Cloud resources.

   3. ClickDone.

After you create a service account, add a key to it.

1. Select the service account to which you want to add a key.

2. SelectAdd key > Create new key.

3. Select JSON key type and clickCreate.

Create a VPC network

Create three subnets in your VPC network - one each for the management, client, and server connections. Select the custom option to create a subnet. Specify an address range for each of the subnets. Specify the region in which you want the subnet to reside.

• Management:一个子网管理VPC网络奉献d for management. Citrix ADC has to contact Google Cloud services and requires internet access.

• Client: A subnet in your client VPC network dedicated for the client side. Typically, Citrix ADC receives client traffic for the application via a public subnet from the internet.

• Server: A subnet where the application servers are provisioned. All your application servers are present in this subnet and receives application traffic from the Citrix ADC through this subnet. For more information on how to create a subnet in Google Cloud, seeVPC network overview.

Create a firewall

The firewall has rules that control the inbound and outbound traffic in the Citrix ADC VPX instance. You can add as many rules as you want. To Autoscale Citrix ADC instances, you must create three firewalls:

• Management: A firewall is dedicated for the management of Citrix ADC VPX. Citrix ADC has to contact Google Cloud services and requires internet access. Inbound rules are allowed on the following TCP and UDP ports.

  • TCP: 80, 22, 443, 3008–3011, 4001, 27000, 7279
  • UDP: 67, 123, 161, 500, 3003, 4500, 7000

  Configure Cloud NAT to allow internet access from this subnet. For more information, seeUsing Cloud NAT.

  Note

  Ensure that the firewall allows the Citrix ADM agent to be able to access the VPX.

• Client: A firewall is dedicated for client-side communication of Citrix ADC VPX instances. Typically, inbound rules are allowed on the TCP ports 80 and 443. And, the 60000 port is required to monitor the health of ADC instances.

• Server: A firewall is dedicated for server-side communication of Citrix ADC VPX. For more information on how to create a firewall in Google Cloud, seeVPC firewall rules overview.

Set up Citrix ADM components

Before provisioning Citrix ADC VPX instances in Citrix ADM, do the following tasks in Citrix ADM:

1. Create a site.

2. Provision Citrix ADM agent on Google Cloud.

3. Attach the site to a Citrix ADM service agent.

Create a site

Create a site in Citrix ADM and add the client VPC details associated with your Google Cloud.

1. In Citrix ADM, navigate toInfrastructure > Sites.

2. ClickAdd.

3. In theSelect Cloudpane,

   1. SelectData Centeras a Site type.

   2. ChooseGoogle Cloudfrom the Type list.

   3. Check theFetch regions from the Google Cloudcheck box.

      This option helps you to retrieve the existing regions information from your Google Cloud account.

   4. ClickNext.

4. In theChoose Regionpane,

   1. InCloud Access Profile, select the profile created for your Google Cloud account. If there are no profiles, create a profile.

   2. To create a cloud access profile, clickAdd.

   3. InName, specify a name to identify your Google Cloud account in Citrix ADM.

   4. InKey of the Service Account, specify the Service Account JSON created in Google Cloud.

   5. ClickCreate.

      For more information, seeCreate a Service Account.

   6. InRegions, select the region that contains the VPC network containing Citrix ADC VPX instances that you want to manage.

   7. Specify aSite Name.

   8. ClickFinish.

Provision Citrix ADM agent on Google Cloud

The Citrix ADM service agent works as an intermediary between the Citrix ADM and the discovered instances in the data center or on the cloud.

1. Navigate toInfrastructure > Instances > Agents.

2. ClickProvision.

3. SelectGoogle Cloudand clickNext.

4. In theProvision Parameterstab, specify the following:

   • Name- specify the Citrix ADM agent name.

   • Site- select the site you have created to provision an agent and ADC VPX instances.

   • Cloud Access Profile- select the cloud access profile from the list.

   • Zones- Select the zones in which you want to create the Autoscale groups. Depending on the cloud access profile that you have selected, the zones of that profile are populated.

   • Network- Select the VPC network where you want to create Autoscale groups.

   • Subnet- Select the management subnet to provision an agent.

   • Labels- Type the key-value pair for the Autoscale group labels. A tag consists of a case-sensitive key-value pair. These labels enable you to organize and identify the Autoscale groups easily. The labels are applied to both Google Cloud and Citrix ADM.

5. ClickFinish.

Alternatively, you can install the Citrix ADM agent from Google Cloud. For more information, seeInstalling a Citrix ADM agent on the Google Cloud.

Attach the site to a Citrix ADM service agent

1. In Citrix ADM, navigate toInfrastructure > Instances > Agents.

2. Select the agent for which you want to attach a site.

3. ClickAttach Site.

4. Select the site from the list that you want to attach.

5. ClickSave.

Step 1 - Initialize Autoscale configuration in Citrix ADM

1. In Citrix ADM, navigate toInfrastructure > Public Cloud > Autoscale Groups.

2. ClickAddto create Autoscale groups.

   TheCreate AutoScale Grouppage appears.

3. SelectGoogle Cloudand click Next.

4. InBasic Parameters, enter the following details:

   • Name: Type a name for the Autoscale group.

   • Site: Select the site that you have created to Autoscale the Citrix ADC VPX instances on Google Cloud. If you have not created a site, click Add to create a site.

   • Cloud Access Profile: Select the cloud access profile. You can also add or edit a Cloud Access Profile.

   • Citrix ADC Profile: Select the ADC profile from the list. Citrix ADM uses the device profile when it requires to log on to the Citrix ADC VPX instance.

   • Traffic Distribution Mode: Google Cloud supports only one traffic distribution, the Load Balancing using Google Network Load Balancer.

   • Enable AutoScale Group: Enable or disable the status of the ASG groups. This option is enabled, by default. If this option is disabled, autoscaling is not triggered.

   • Zone: Select the regions in which you want to create the Autoscale groups. Depending on the cloud access profile that you have selected, regions appear on the list.

   • Labels: Type the key-value pair for the Autoscale group labels. A tag consists of a case-sensitive key-value pair. These labels enable you to organize and identify the Autoscale groups easily. The labels are applied to both Google Cloud and Citrix ADM.

5. ClickNext.

Step 2: Configure Autoscale parameters

In theAutoScale Parameterstab, enter the following details:

1. Select one or more than one of the following threshold parameters whose values must be monitored to trigger a scale-out or a scale-in.

   • Enable CPU Usage Threshold: Monitor the metrics based on the CPU usage.

   • Enable Memory Usage Threshold: Monitor the metrics based on the memory usage.

   • Enable Throughput Threshold: Monitor the metrics based on the throughput.

     Note

     • Default minimum threshold limit is 30 and the maximum threshold limit is 70. However, you change to modify the limits.

     • 必须等于或小于最小阈值限制half of the maximum threshold limit.

     • You can select more than one threshold parameters for monitoring. Scale-out is triggered if at least one of the threshold parameters is above the maximum threshold. However, a scale-in is triggered only if all the threshold parameters are operating below their normal thresholds.

   • Minimum Instances: Select the minimum number of instances that must be provisioned for this Autoscale group.

     默认的最小数量的实例等于to the number of zones selected. You can only increment the minimum instances in the multiples of the specified number of zones.

     For example, if the number of zones is 4, the minimum instances are 4 by default. You can increase the minimum instances by 8, 12, 16.

   • Maximum Instances: Select the maximum number of instances that must be provisioned for this Autoscale group.

     The maximum number of instances must be greater than or equal to the value of the minimum instances. The maximum number of instances cannot exceed the number of zones multiplied by 32.

     Maximum number of instances = number of zones * 32

   • Watch-Time (minutes): Select the watch-time duration. The time for which the scale parameter’s threshold has to stay breached for scaling to happen. If the threshold is breached on all the samples collected in this specified time then a scaling happens.

   • Cooldown period (minutes): Select the cooldown period. During scale-out, the cooldown period is the time for which evaluation of the statistics has to be stopped after a scale-out occurs. This period ensures the organic growing of instances of an Autoscale group. Before triggering the next scaling decision, it waits for the current traffic to stabilize and average out on the current set of instances.

   • Time to wait during Deprovision (minutes): Select the drain connection timeout period. During scale-in action, an instance is identified to de-provision. Citrix ADM restricts the identified instance from processing new connections until the specified time expires before de-provision. In this period, it allows existing connections to this instance to be drained out before it gets de-provisioned.

2. ClickNext.

Step 3 - Configure licenses

Citrix ADM provisions the ADC instances with the desired version & license. ADC images can either be customer licensed (BYOL) or licensed from Google Cloud.

Select one of the following modes to apply license to an ADC instance:

• Allocate from Citrix ADM: The instance that you want to provision checks out the licenses from the Citrix ADM.

• Allocate from Google Cloud: TheAllocate from Cloudoption uses the Citrix product licenses available in Google Cloud. The instance that you want to provision uses the licenses from the Google Cloud.

  If you choose to use licenses from Google Cloud, specify the product or license in theProvision Parameterstab.

For more information, seeLicensing Requirements.

Allocate licenses from Citrix ADM

1. In theLicensetab, selectAllocate from ADM.

2. InLicense Type, select one of the following options from the list:

   • Bandwidth Licenses:You can select one of the following options from theBandwidth License Typeslist:

     • Pooled Capacity:Specify the capacity to allocate to an instance.

       From the common pool, the ADC instance checks out one instance license and only as much bandwidth is specified.

     • VPX Licenses:When a Citrix ADC VPX instance is provisioned, the instance checks out the license from the Citrix ADM.

   • Virtual CPU Licenses:The provisioned Citrix ADC VPX instance checks out licenses depending on the number of CPUs running in the instance.

   Note

   When the provisioned instances are removed or destroyed, the applied licenses return to the Citrix ADM license pool. These licenses can be reused to provision new instances.

3. InLicense Edition, select the license edition. The ADM uses the specified edition to provision instances.

4. ClickNext.

Step 4: Configure provision parameters

1. In theProvision Parameterstab, specify the following:

   • ADC Service Account: Select the service account that you have created in Google Cloud. The ADM uses a Service Account to access your Google Cloud resources.

   • Machine types: Select the required machine type from the list.

   • Image: Select the required Citrix ADC version image. Click Add New to add a Citrix ADC image.

   • Configuration Template——选择你想要的配置模板to use to deploy on the ADC instances.

   • IPs in Server Subnet per instance– Specify how many SNIP addresses each instance can have in the server subnet.

   In this tab, you can also specify and configure the required NICs. Each NIC contains a dedicated firewall and subnet.

   For more information, seeCreate a VPC networkandCreate a firewall.

2. ClickFinish.

Step 5: Configure an application for the Autoscale group

1. In Citrix ADM, navigate toInfrastructure > Public Cloud > Autoscale groups.

2. Select the Autoscale group that you created and clickConfigure.

3. InConfigure Application, specify the following details:

   • Application Name- Specify the name of an application.

   • Access Type- You can use the ADM autoscaling solution to both external and internal applications. Select the required application access type.

   • FQDN Type- Select a mode of assigning domain and zone names.

     If you want to specify manually, selectUser-Defined. To automatically assign domain and zone names, selectAuto-generated.

   • Domain Name- Specify the domain name of an application. This option is applicable only when you select User-Defined FQDN type.

   • Zone of the Domain- Select the zone name of an application from the list. This option is applicable only when you select User-Defined FQDN type.

     This domain and zone name redirects to the virtual servers in Google Cloud. For example, if you host an application inapp.example.com, theappis the domain name andexample.comis the zone name.

   • Protocol- Select the protocol type from the list. The configured application receives the traffic depending on the selected protocol type.

   • Port- Specify the port value. The specified port is used to establish a communication between the application and the Autoscale group.

   • Auto Redirect HTTP traffic to HTTPS- Select this option to receive secured traffic to the application. Specify the HTTP port that you want to redirect.

   • ADC Configuration mode- Select the mode how you want to configure the application. You can either select StyleBooks or ADC CLI commands.

   Note

   Change the access type of an application if you want to modify the following details in the future:

   • FQDN Type
   • Domain Name
   • Zone of the domain

Configure the application using StyleBooks

When you select StyleBooks to configure an application for the Autoscale group, do the following:

1. Choose the required StyleBook that you want to deploy configurations for the selected Autoscale group.

   If you want to import StyleBooks, clickImport New StyleBook.

2. Specify the values for all the parameters.

   The configuration parameters are pre-defined in the selected StyleBook.

3. Check theApplication Server Group Type CLOUD复选框来指定应用程序服务器效果able in the virtual machine scale set.

   1. InApplication Server Fleet Name, specify theAutoscale setting nameof your virtual machine scale set.

   2. Select theApplication Server Protocolfrom the list.

   3. InMember Port, specify the port value of the application server.

      Note

      EnsureAutoDisable Graceful shutdownis set toNoand theAutoDisable Delayfield is blank.

   4. If you want to specify the advanced settings for your application servers, check theAdvanced Application Server Settingscheck box. Then, specify the required values listed underAdvanced Application Server Settings.

4. If you have standalone application servers in the virtual network, check theApplication Server Group Type STATICcheck box:

   1. Select theApplication Server Protocolfrom the list.

   2. InServer IPs and Ports, click+to add an application server IP address, port, and weight, then clickCreate.

5. ClickCreate.

Modify the Autoscale groups configuration

You can modify an Autoscale group configuration or delete an Autoscale group. You can modify only the following Autoscale group parameters:

• Maximum and minimum limits of the threshold parameters

• Minimum and maximum instance values

• Drain connection period value

• Cooldown period value

• Watch duration value

You can also delete the Autoscale groups after they are created.

When an Autoscale group is deleted, all the domains and IP addresses are deregistered from DNS and the cluster nodes are de-provisioned.