Design Decision: Features and Licensing Considerations
Citrix Application Delivery Controller (ADC) on Microsoft Azure is a L4-L7 virtual networking appliance. The Citrix ADC provides organizations secure access to applications and assets deployed in Azure. Citrix ADC on Azure provides a foundation for the network infrastructure without any physical limitations. Citrix ADC on Azure comes in two models: VPX (virtualized) or CPX (containerized). Citrix also provides an Ingress Controller based on Kubernetes Ingress. The Ingress Controller can automatically configure the VPX and CPX models based on a defined configuration.
To ensure enterprise-grade reliability and security, Citrix ADC uses advanced traffic management, observability, and comprehensive security features. Selecting the correct model and feature set is beneficial when it comes to planning your architecture. Some questions to answer about model selection and features might include the following:
What use cases are best for the VPX Virtual Appliance?
You use virtual appliances on your hypervisor instead of physical appliances
You need high SSL performance with no hardware acceleration
You have a hybrid cloud scenario
You need load-balancing on-premises and in public or private clouds
You are replacing MPX or other hardware load-balancers with virtual appliances
You need a multitenant infrastructure with full isolation
What use cases are best for the CPX Containerized Appliance?
You need to support Kubernetes or OpenShift containerized applications
You require load-balancing for microservices traffic within a Kubernetes cluster
You want load-balancing as part of a DevOps application development pipeline
What instance sizes and prerequisites are recommended for the Citrix ADC VPX virtual appliance?
The compatible networking models with Microsoft Azure are Citrix ADC VPX 10, 200 and 1000. Any Citrix ADC VPX licenses work, including Standard, Advanced, and Premium edition licenses.
Models VPX1000 and higher require version 13.0 build 76.x or later AND Accelerated networking be enabled to reach the wanted performance level
VPX virtual appliances can be deployed on any instance type that has two or more Intel VT-X cores and more than 2 GB memory. Currently, Citrix ADC supports only Intel processors with the following instance size recommendations:
- Standard D2s v4 for VPX10 or VPX200
- Standard D4s v4 for VPX1000 or VPX3000
- Standard D8s v4 for VPX5000
- Standard D16s v4 for VPX10000
Do I need a Citrix Ingress Controller?
Citrix ADC CPX and Citrix Ingress Controllers are deployed from the Azure Marketplace and used for microservices deployments
Azure Kubernetes Engine (AKS), supports deploying a Citrix ADC CPX as an Ingress Controller with either basic or advanced (CNI) networking
Citrix Ingress Controllers are used for microservice communication with a Citrix ADC CPX
- Citrix Ingress Controller can be deployed in a standalone pod as
- a Tier 1 ADC device to proxy North-South traffic, which supports traffic outside the AKS cluster to microservices inside the cluster
- a sidecar container to an ADC CPX to load-balance North-South or East-West traffic, which supports microservices traffic inside the AKS cluster
Citrix ADC CPX Express is a 20 Mbps container-based ADC that can run on a Docker container and supports up to 250 SSL connections simultaneously
- Citrix Ingress Controller is freely licensed and has no usage fees, you only pay for the Azure costs
ADC Licensing
Review your licensing options before you choose a particular deployment model so you are aware of the options up front. In some situations, you can run a Citrix ADC for only the costs of the Azure infrastructure. Some ADC licensing questions might include the following:
Can I use the Citrix ADC VPX as an ICA Proxy without buying a license?
Citrix ADC in basic mode has the ICAOnly VPN virtual server parameter set to ON and works fully on an unlicensed VPX instance
Citrix ADC in Smart-Access mode has the ICAOnly VPN virtual server parameter set to OFF and only supports 5 AAA session users on an unlicensed VPX instance
Apply a Premium license to the Citrix ADC VPX instance to license more than 5 AAA sessions
Citrix ADC VPX Express version 12.0.56.30 or later does not require a license file
Citrix ADC CPX Express is a freely licensed CPX, you only pay the associated Azure costs
How is Citrix ADC licensed in the cloud?
Citrix ADC与pay-as-you-g Azure是可用的o licensing through the Azure Marketplace subscription or using your own perpetual licenses
Using your own perpetual license is referred to as Bring Your Own License (BYOL)
BYOL requires the MyCitrix licensing portal to generate a valid license for Azure
在蓝色BYOL是唯一许可模型可用e if you are not using the Azure Marketplace subscription
License activation requires access to the public domain internet
Does Citrix ADC support check-in/check-out licensing model under the Citrix Application Delivery Management (ADM) service?
Citrix ADC supports Check-in/Check-out licensing from Citrix Application Delivery Management (ADM), which has an automated license provisioning system
Requires Citrix ADC VPX running 12.0 or later
Requires Citrix ADM running 12.0 or later
All licenses must be rehosted to Citrix ADM
When Citrix ADC instances are removed or destroyed, licenses are automatically returned for reuse
Occasionally, the Citrix ADC VPX may come online with a default ADC license unexpectedly. To resolve this issue, do a warm restart before making any configuration changes to the ADC VPX instance to allow the Azure Instance Metadata Service (IMDS) to correct the licensing
Links to Other Resources
Choose the right application delivery platform for your needs
Citrix ADC CPX and Ingress Controller on Azure Marketplace
Citrix ADC CPX product documentation
Citrix ADC VPX in High Availability INC mode as ingress for Azure Kubernetes Services
Deploy Citrix ADC CPX an Ingress device in an Azure Kubernetes Cluster