Data Governance
NetScaler App Delivery and Security service is a part of Citrix Cloud services, and it uses Citrix Cloud as the platform for signup, onboarding, authentication, administration, and licensing. We collect and store data in Citrix Cloud as part of the NetScaler App Delivery and Security service. This document describes what data is collected and methods of data collection, storage, and transmission. The information supplements Citrix Cloud services Data Protection Overview.
This information is for Security Officers, Compliance Officers, Information Auditors, Network Infrastructure and Operations administrators, and line-of-business owners.
Customer Content
Configuration
NetScaler App Delivery and Security service stores the following data provided by you:
- User information (email, user name, and region).
- IAM roles, VPC networks, and Route 53 zones in an AWS environment.
- Azure service principal, VNets, and Azure DNS zones in an Azure environment.
- Application delivery configurations. It includes origin server IP addresses, SSL certificates and keys.
Multi-site Applications
NetScaler App Delivery and Security service consumes data from the (ITM) service using APIs. For more information about data collection, storage, and retention on ITM service, see .
Analytics
NetScaler App Delivery and Security service collects L3-L7 details from the NetScaler instances provisioned in your premises as follows:
-
Application Dashboard - Applications’ URL, request method, response code, total bytes, web app server details, virtual server IP addresses, client details, browser, client OS, client device, SSL protocol, SSL cipher strength, SSL key strength, ADC instance IP address, timestamp of server flaps, response content type.
-
Application DNS - FQDN, site IP or FQDN, client subnet or resolver details.
-
Web Insight - Virtual server IP address, clients, URLs, browsers, operating systems, requests methods, response statuses, domains, Web app server IP address, SSL certificates, SSL cipher negotiated, SSL key strength, SSL protocol, SSL failure front end.
-
Security Insight - Client IP, URL, security violations, attack geolocation, attack timestamp, transaction ID, WAF, and ADC security configuration status.
You can view and use this information to troubleshoot the applications that are delivered through the NetScaler App Delivery and Security service.
Logs
For troubleshooting NetScaler instances that are provisioned by NetScaler App Delivery and Security service, the following data are periodically collected from NetScaler instances:
-
Tech-support bundle from NetScaler instances.
-
SNMP traps providing alerts on the state and performance of the NetScaler instances.
-
Syslog of Web transactions traversing through NetScaler instances and network state information.
-
SMTP server details for email configuration.
-
SSL certificates, SSL key, SSL CSR, CA issuer, signature algorithms of the Web apps optimized by the NetScaler App Delivery and Security service.
-
Data Tracking for NetScaler Configuration Audit changes pertaining to the ADC instances, which include Web app server IP address and NetScaler IP address details.
-
NetScaler configurations stored as a template, which includes Web app server IP address details.
-
IP address of the NetScaler instances, instance type, config backup, critical events, number of apps associated, geolocation of the data center where the NetScaler instances are deployed.
-
Citrix Analytics logs. For more information, see Data Governance in Citrix Analytics.
How do we collect, store, and transmit data?
NetScaler App Delivery and Security service collects data from the NetScaler instances (NetScaler App Delivery and Security ADC and agent instances). These instances are deployed in your virtual private cloud (VPC) and data is transmitted from the instances securely over an SSL channel encrypted using the TLS 1.2 protocol to the cloud service.
Data is stored in the Relational database and as files in an Elastic File System (EFS) hosted in the AWS cloud. For more information on the commercial regions that Citrix Cloud uses and the presence of the NetScaler App Delivery and Security service within each region, see Geographical Considerations.
Passwords, SNMP community strings, SSL certificates, and ADC config backup are encrypted using an AES 256 key.
References
-
For more information on how we access the collected data, see Citrix Services Security Exhibit.
-
For more information on how long the collected data is kept, see Citrix Cloud services Data Protection Overview.
-
Citrix Cloud Technical and organizational data security measures.