Citrix ADC Monitoring
Citrix ADC (Citrix Application Delivery Controller; formerly NetScaler ADC) monitoring is a new feature introduced with uberAgent 5.2. The endpoint agent needs to be installed on a machine from where it can reach the physical or virtual Citrix ADC appliance(s). uberAgent then collects metrics such as appliance and gateway performance, as well as Citrix ADC inventory. On Citrix Delivery Controllers (DDCs) the collection of these metrics is enabled by default. Of course, this information can also be retrieved from other machines, according to your preference.
Citrix ADC monitoring is activated by default only on Citrix delivery controllers, as explained above. You can modify this behavior through the configuration setting [CitrixADC_Config] in uberAgent’s configuration.
To completely disable collecting Citrix ADC metrics, disable the following metrics in the configuration:
If you have uberAgent already installed on one or more DDCs for Citrix site monitoring, it makes sense to also collect Citrix ADC metrics there. Make sure that the DDCs can communicate with the Citrix ADC management interface (NSIP) either through port 80 or, if you enabled Secure Access Only for the NSIP, through port 443.
While DDCs are the ideal place for most customers to capture Citrix ADC data, it may not be for other customers. As written above, you can overwrite the setting CollectADCInformation in the stanza [CitrixADC_Config] to collect Citrix ADC metrics from any installed uberAgent endpoint. Make sure that this setting is only distributed to the machines that are intended for this purpose. If you distribute it to all machines where uberAgent is installed, every endpoint will communicate with the Citrix ADC appliance(s) which could cause problems on your appliances because of too much load.
Besides network access, uberAgent also needs credentials to be able to login into the Citrix ADC appliances. It only needs to read information, hence using a user with the command policy read-only bound is the recommended option. Users with more privileges are also supported, but not recommended from a security perspective.
Create a user with the command policy read-only bound from CLI:
add system user nsread Password -externalAuth DISABLED -timeout 900 -maxsession 20 bind system user nsread read-only 100
In the following, we show the configuration on the basis of the uberAgent configuration file. The configuration via GPO works accordingly.
Use the stanza [CitrixADC_Config] to tell uberAgent how to connect to your appliances. If multiple [CitrixADC_Config] stanzas are specified, the configured metrics will be determined for each of them. Use one [CitrixADC_Config] stanza for each of your Citrix ADC pairs.
Here are some examples of valid Citrix ADC configurations. More information on the parameters is available in the configuration file itself. Note that passwords can be encrypted.
Example 1: one Citrix ADC appliance manageable through HTTP (port 80). Data collection happens on DDCs only.
[CitrixADC_Config] Server = 10.1.1.21 Username = nsread Password = Password Https = false CollectADCInformation = DDCOnly
Example 2: a Citrix ADC high-availability pair manageable through https (port 443). Data collection happens not on a DDC.
- If HTTPS is used, the entries in the setting Server must match those in the certificate bound to the NSIP.
- uberAgent collects performance information for the primary appliance only. So for best collection performance list the primary appliance first.
[CitrixADC_Config] Server = CitrixADC1.domain.local,CitrixADC2.domain.local Username = nsread Password = Password Https = True CollectADCInformation = True
Please see the system requirements page for details.