-
-
Citrix ADC automation using Citrix ADM in Cisco ACI hybrid mode
-
Citrix ADC device package in Cisco ACI's cloud orchestrator mode
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
SSL Insight
SSL Insight provides visibility into secure web transactions (HTTPS) and allows IT administrators to monitor all the secure web applications being served by the Citrix ADC by providing integrated and real-time and historic monitoring of secure web transactions. With this visibility the administrator can assess following:
-
Determine Configuration Change Impact on Customer Usage: The administrator can understand the impact on clients for making a configuration change like turning off SSLv3 or removing a cipher like RC4-MD5. This can be done by assessing the historic transaction data on this protocol and cipher.
-
Quantify client performance: Administrator can understand the impact on Application Response Time based on the SSL ciphers/protocol used or the certificates negotiated.
-
Application Security: Assess if any of the applications have transactions running on low security protocols, ciphers, or weak key strength.
When SSL Analytics is enabled on a Citrix ADC instance, SSL statistics are recorded and logged for every SSL transaction. The statistics show the details of the SSL flow. Also, every successful connection is logged and displayed by Citrix Application Delivery Management (ADM) Analytics.
SSL Insight provides the following critical information, which is displayed by Citrix ADM Analytics:
-
SSL Protocol version negotiated
-
Cipher negotiated, and the cipher strength
-
Signature Hash algorithm of the certificate used
-
Certificate Type & Size
-
SSL Frontend and Backend errors
Note
For successful SSL connections, SSL AppFlow logging happens at the end of every transaction.
Prerequisites
- The Citrix ADC instance on which you intend to configure SSL Insight must be running Citrix ADC software release 11.1 51.21 and higher. Run the following commands on the ADC instance running 11.1 51.21 to enable Logstream as a transport type for SSL Insight.
-
enable ns mode ulfd -
add ulfd server <IP Address of the ADM>For ADC instances running version 12.0 and above, select Logstream as the transport type while enabling AppFlow from ADM.
- The Citrix ADM version and build must be equal to or higher than the Citrix ADC version and build. For example, if you have installed Citrix ADM 11.1 build 61.7, then ensure you have installed Citrix ADC 11.1 build 60.14 or earlier.
Configuring SSL Insight
SSL Insight Metrics are included in Web Insight reports if you enable the following elements:
-
Enable AppFlow for Web Insight on each Citrix ADC instance.
-
Enable ULFD mode on each Citrix ADC instance.
-
Enable required AppFlow parameters on each Citrix ADC instance.
Enabling the AppFlow feature
Note
You can enable the AppFlow feature either from Citrix ADM or from each Citrix ADC instance.
To enable the AppFlow feature from Citrix ADM:
-
Navigate to Networks > Instances, and select the Citrix ADC instance on which you want to enable analytics.
-
From the Select Action list, select Configure Analytics.
-
Select the virtual servers, and click Enable AppFlow.
-
In the Enable AppFlow field, type true, and select Web Insight.
-
Repeat steps 3 through 6 on each Citrix ADC instance.
-
Click OK.
Note
You cannot enable data collection on a virtual server if the operational state of the virtual server is other than UP.
To enable the AppFlow feature by using the Citrix ADC GUI:
In a Citrix ADC instance’s GUI, navigate to Configuration > System > Settings, click Configure Advanced Features, and select AppFlow.
Enabling SSL Insight parameters
On each Citrix ADC instance, you have to enable some HTTP parameters to display SSL Insight records in Citrix ADM.
To enable SSL Insight parameters from the Citrix ADC configuration utility:
-
Navigate to Configuration > System > AppFlow, and click Change AppFlowSettings.
-
Select the following check boxes: HTTP Domain, HTTP Host, HTTP Method, HTTP URL, HTTP User-Agent, HTTP Content-Type.
-
Click OK.
Viewing the SSL Insight metrics
SSL Insight metrics in Citrix ADM provide a detailed view of the performance of the SSL transactions served by the Citrix ADC instances. You can view the SSL Insight metrics at the client, server, or application level, and the SSL success and failure transactions’ metrics. With the help of these metrics, you can analyze and optimize your Citrix ADC HTTPS settings and SSL-certificate settings, and track performance issues.
To monitor SSL Insight Metrics in Citrix ADM:
-
On the Analytics tab, navigate to Web Insight and click the Client, Server, or Application node to display the metrics about clients, the server, or the applications, respectively.
-
In the top-left pane, from the period list, select the time frame whose metrics you want to display. You can customize the time frame by using the time-frame slider. Click Go.
-
The SSL Insight metrics appear as pie charts, which you can click for more details.
Note
The pie charts display the metrics of all the applications, clients, or servers.
-
To display details for a specific application, client, or server, click the corresponding value on the bar graph.
-
To View the Failed SSL transactions, on the SSL section, select the radio button on the SSL section.
Use case: Obtain an overview of the SSL transactions of applications, clients, or servers
The following use case describes how you can use SSL Insight to assess the usage of various SSL Parameters in applications, clients and servers, and improve security measures.
Consider that you have a set of applications that are using SSL transactions (HTTPS) for communication, and you have configured Citrix ADM to monitor the SSL components. You might need to frequently review the applications so that you can focus first on the applications that need the most attention. The SSL insight dashboard provides a summary of various SSL parameters used by your applications over a time period of your choosing, and for a selected Citrix ADC device. They are:
-
SSL Certificates
-
SSL Protocols
-
SSL Cipher Negotiated
-
SSL Key Strength
-
SSL Failure – Frontend
-
SSL Failure – Backend
In the following example, you can see list of clients (identified by their IP addresses) and the SSL hits per client. Also, at the right, you can view the SSL Parameters for all the clients.
To display SSL details for a client, select the client on the bar graph or in the table below the graph. In the following example, the selected client’s transactions use an SHA1 SSL certificate and four major protocols: TSLv1.2, TSLv1.1, TSLv1, and SSLv3. You can also see that ciphers of various strengths were negotiated. The color code indicates the strength of the SSL protocol, which gives you information about weak ciphers and strong ciphers.
Similarly, to view the information about the failed SSL transactions, select the radio button on the SSL section. SSL front end and back-end failures are displayed separately in two pie charts. In the following example, you can view that the major back-end SSL errors are Handshake failures and major front-end SSL errors are Illegal parameters.
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select Do Not Agree to exit.