Release Notes for Citrix ADM 13.0-67.39 Release

This release notes document describes the enhancements and changes,fixed and known issues that exist for the Citrix ADM release Build 13.0-67.39.

Notes

  • This release notes document does not include security related fixes. For a list of security related fixes and advisories, see the Citrix security bulletin.
  • When you upgrade the ADM software to image version 13.0 67.xx, your ADM database is also migrated. For more information, see NSADM-40196 in this release notes.

What's New

The enhancements and changes that are available in Build 13.0-67.39.

Analytics

  • View network reporting data by applying aggregation filters
    You can now apply aggregation to the network performance data and view application performance on the dashboard. You can also export the results based on your requirement. Using these aggregations applied to the data, you can analyze and ensure all resources are utilized optimally. Navigate to Network > Network Reporting and select the time duration 1 day or later to get the View By option.

    In the existing average data, you can apply aggregations by selecting the option from the View By list. When you apply aggregation, the data is updated for each metric in the dashboard. Click Settings and select Aggregation Filters.

    For more information, see [https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/networks/network-reporting.html]
    [ NSADM-56494 ]
  • In Gateway Insight, you can now view a search bar that enables you to filter results based on the user name. Navigate to Analytics > Gateway Insight > Users to view the search bar for Users and Active Users. Place the mouse pointer on the search bar, select User Name, and type a user name to filter results.
    [ NSADM-55506 ]
  • Geo map support for Gateway Insight
    In Gateway Insight, you can now visualize a geo map view that displays the users information based on the users geographical location. As an administrator, this geo map enables you to view the summary of total users, total apps, and total sessions for a specific location.
    1. Navigate to Analytics > Gateway Insight to view the geo map
    2. Click a country. For example, United States
    The geo map displays the details such as users list, active sessions, terminated sessions, applications for the selected country.

    You can also visualize a geo map for gateways that enables you to filter users based on a particular location.
    1. Navigate to Analytics > Gateway Insight > Gateways
    2. Select a gateway domain name to view the geo map
    3. Click a country. For example, United States
    The geo map displays the details such as users list, active sessions, terminated sessions, applications for the selected country.
    [ NSADM-55504 ]
  • Security Insight - JSON Command Injection
    In Security Insight, you can now view a new violation type, JSON Command Injection. To generate the JSON Command Injection violation in Security Insight, you must configure the following command in Citrix ADC instance:

    add appfw profile abc_js -type JSON -startURLaction none -starturlclosure off -jsoncmdinjectionaction block log stats -jsoncmdinjectiontype cmdkeyword

    After you configure, you can view the JSON Command Injection attack in Security Insight.
    [ NSADM-52869 ]
  • Improvements to Web Insight
    You can now view an improved Web Insight feature that provides visibility into detailed metrics for web applications, clients, and Citrix ADC instances. This improved Web Insight enables you to evaluate and visualize the complete application from the perspectives of performance and usage together. As an administrator, you can view Web Insight for:
    * An application. Navigate to Applications > Dashboard, click an application, and select Web Insight tab to view the detailed metrics. For more information, see [https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/application-analytics-and-management/web-insight-data.html]

    * All applications. Navigate to Applications > Web Insight and click each tab (Applications, Clients, Instances) to view the metrics.

    This single pane visualization also enables you to drill down further to view details. For more information, see [https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/application-analytics-and-management/web-insight.html] 
    [ NSADM-52232 ]
  • Improvements to Global Service Graph
    In Global Service Graph, you can now use the search bar to filter results. As an administrator, this search bar enables you to narrow-down quickly to a particular instance/client/application/data center, when you have:
    * A large enterprise with many data centers
    * Configured many Citrix ADC instances for each data center
    * Configured many applications deployed or accessed through each Citrix ADC instance
    * Clients accessing the application from different locations

    Place the mouse pointer on the search bar and select the category that you want to create the filter.

    For more information, see [Link to be updated later]
    [ NSADM-52149 ]

Management and Monitoring

Miscellaneous

StyleBooks

  •  Improvements to StyleBook built-in functions
    When creating StyleBook definitions, now you use the following built-in functions with their improved capabilities:
    - replace() – Replaces the characters or strings specified in the list. Earlier, you were not able to provide a list input to this function.
    - ip() - Accepts an integer value and converts that into an equivalent IP address. It also supports IP address addition and subtraction.
    - int() - Accepts an IPv4 address and returns its equivalent integer value.
    The following new StyleBooks built-in functions are added:
    - distinct() - Extracts the unique items from an input list.
    - split() - Splits an input string into lists.

    For more information, see https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/stylebooks/stylebooks-grammar/built-in-functions.html
    [ NSADM-56972 ]
  • User authorization improvements to StyleBooks and configuration packs
    As an administrator, you can authorize specific Stylebooks and configuration packs to a user in the Account > User Administration > Groups page. The StyleBooks and Configpacks sections are now enhanced with the following changes:
    StyleBooks – A custom filter query now supports both “And” and “Or” operation to search StyleBooks.
    Example:
    name=lb-mon|lb AND namespace=com.citrix.adc.stylebooks AND version=1.0
    This query lists the StyleBooks that meet the following conditions:
    - StyleBook name is either lb-mon or lb.
    - StyleBook namespace is com.citrix.adc.stylebooks.
    - StyleBook version is 1.0.

    Configuration packs –You can authorize the configurations that belong to the selected StyleBooks. To do so, select All configurations of the selected StyleBooks in the Configpacks section.

    For more information, see https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/access-control/role-based-access-control/rbac-configuring-groups.html%23create-a-user-group
    [ NSADM-52334 ]
  • Include icons in the StyleBooks bundle
    When you import StyleBooks as a bundle, you can now include icons to each StyleBook. Ensure to have the resources folder that contains icons in the PNG, GIF, or JPEG formats. If the icon file name matches the StyleBook name, the icons are automatically mapped to the StyleBooks. Otherwise, do the following:
    1.  Add the icon_mapping.json file in the resources folder.
    2.  Map StyleBooks and icons in the icon_mapping.json file as follows:
       <StyleBook file name> : <icon file name>

    If you specify the defaulticon entry, the StyleBooks are mapped to the default icon unless they are mapped to a different icon.
    defaulticon: <icon file name>

    In Application > StyleBooks, the imported StyleBooks appear with the mapped icons. For more information, see https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/stylebooks/how-to-create-custom-stylebooks/how-to-use-custom-stylebooks.html
    [ NSADM-52330 ]

User Interface

  • Service graph for Kubernetes application – View app details in App dashboard
    In service graph, when you click a service and select View in App Dashboard, the details for the selected app is displayed in the App dashboard.

    For more information, see [https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/application-analytics-and-management/app-details-k8s.html]
    [ NSADM-56583 ]
  • Improvements to the Pooled Capacity page
    The Pooled Capacity page is now improved with the following GUI changes:

    Unmanaged instances - A new tab added in this page. It displays the instances that are discovered but not managed in Citrix ADM. Earlier, these instances were listed in the Dashboard tab with the Not Managed license status.

    License Status - In this column, the following statuses are removed:
    - Not Managed
    - Sync in progress

    The Allocation Details column is now removed from the instances list.

    License Server Usage - A new indicator added to the usage chart. It displays the pooled capacity consumption of the license server.

    For more information, see https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/license-server/adc-pooled-capacity/configuring-adc-pooled-capacity.html
    [ NSADM-52770 ]
  • Improvements to App Dashboard
    In App Dashboard, you can now view the following enhancements.
    a. In the Manage Applications page:
    - You can view the total service groups and the service groups status that are Up, Down, or Out of Status
    - You can place the mouse pointer on the search bar and select the category to refine the search

    b. In the App Dashboard page, the scroll bar is replaced with a carousel slider that enables you an ease of access to all options.
    [ NSADM-52759 ]
  • New threshold types for critical system resources
    Now you configure the following five new score threshold types for critical system resources:
    - PE CPU Limit
    - PPS Limit
    - Throughput Limit
    - SSL Throughput Limit
    - SSL TPS Limit

    With these threshold types, you have greater control over the thresholds for the ADC instances, using which the instance score is calculated. You can also configure notifications for the score threshold breaches.
    [ NSADM-47453 ]
  • Database migration with ADM image upgrade
    When you upgrade the ADM software to image version 13.0 67.xx, your ADM database is also migrated. This data migration happens because ADM now uses PostgreSQL version 10.11.
    If the version you are upgrading from is previous to 13.0 61.xx, Citrix recommends you first upgrade to 13.0 61.xx and then to 13.0 67.xx, for better user experience. The upgrade process might take time due to database upgrade. For details, see the Upgrade topic: https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/upgrade.html
    [ NSADM-40196 ]
  • New search capability for Event Messages
    In Networks > Events > Event Messages, now you can use logical operators such as AND/OR to search. You can also filter data using custom time periods. Also, the events summary panel provides a count of each event category and severity.

    [ NSADM-39942 ]

Fixed Issues

The issues that are addressed in Build 13.0-67.39.

Analytics

  • Sometimes, the key metrics do not appear in the Applications > Dashboard page.
    [ NSHELP-24728 ]
  • ADM checks if metrics collector is enabled on ADC instance at regular intervals. If metrics collector is not enabled, ADM enables it. If some reason, metrics collector configuration fails, then ADM keeps trying to enable and causes unnecessary NITRO calls to ADC instance.
    With this fix, ADM tries to enable the metrics collector for only once.
    [ NSHELP-24573 ]
  • When ADM receives high traffic from the ADC instances, ADM CPU consumption increases to 25 percent.
    [ NSHELP-24534 ]
  • When ADM is integrated with Desktop Director, and very high number of users from Desktop Director is accessing HDX Insight report, users experience a slowness in report accessibility. 

    As part of the fix, several improvements have been made to provide the HDX Insight report faster.
    [ NSHELP-24319 ]
  • Web Insight reports are not available for users, who do not have full admin rights. 
    [ NSHELP-24226 ]
  • In lstreamd.conf, NGS, SWG, VPN, and ICA must be set to none by default, to avoid high memory and CPU consumption.
    [ NSADM-61408 ]

High Availability

  • In a Citrix ADM HA pair, after upgrading from 13.0 47.22 to 13.0 52.24, when the failover occurs, ADM uses primary node IP address for the AppFlow collector instead of floating IP address.
    [ NSHELP-23027 ]
  • Database streaming between the ADM HA nodes breaks when SSL certificate expires, and the join_streaming_replication.sh" command does not restore the streaming.


    1.  Run "/var/mps/db_pgsql/data/pg_hba.conf" on the ADM primary node to verify if the following entries are present.

              hostssl replication masrepuser <ADM Primary IP address>/32 cert clientcert=1

              hostssl replication masrepuser <ADM Secondary IP address>/32 cert clientcert=1

    2.  If any of these entries is missing, run "su -l mpspostgres /mps/scripts/pgsql/reloadpgsql.sh" to add these entries with a valid IP address.

    3. Verify the SSL certificate is expired or is valid < 30 days. You can validate the certificate expiry date using:

        openssl x509 -enddate -noout -in /var/mps/pg_certs/client/masrepuser/pg_masrepuser.crt

    If the certificate has already expired, log on to Citrix ADM primary node using an SSH client and perform the following steps:

    1.  printf "[ req ] \n distinguished_name = req_distinguished_name \n prompt = no \n\n [ req_distinguished_name ] \n C = US \n ST = California \n L = San Jose \n O = Citrix ADC SDX \n OU = Internal \n CN = masrepuser \n" > /var/mps/pg_certs/client/masrepuser/pg_masrepuser_csr.config ;

    2.  openssl genrsa -out /var/mps/pg_certs/client/masrepuser/pg_masrepuser.key 2048 ;

    3.  openssl req -days 1000000 -new -key /var/mps/pg_certs/client/masrepuser/pg_masrepuser.key -out /var/mps/pg_certs/client/masrepuser/pg_masrepuser.csr -config /var/mps/pg_certs/client/masrepuser/pg_masrepuser_csr.config ;

    4.  openssl x509 -req -days 1000000 -in /var/mps/pg_certs/client/masrepuser/pg_masrepuser.csr -CA /var/mps/pg_certs/server/root.crt -CAkey /var/mps/pg_certs/server/pg_server.key -out /var/mps/pg_certs/client/masrepuser/pg_masrepuser.crt -CAcreateserial ;

    5.  rm /var/mps/pg_certs/client/masrepuser/pg_masrepuser.csr;

    6.  rm /var/mps/pg_certs/client/masrepuser/pg_masrepuser_csr.config;

    7.  cp -R /var/mps/pg_certs/client /var/mps/db_pgsql/data/;

    8.  chown -R mpspostgres:nobody /var/mps/db_pgsql/data/client;

    9.  chmod 700 /var/mps/db_pgsql/data/client;

    10.  chmod 600 /var/mps/db_pgsql/data/client/masrepuser/*key;

    11.  chmod 600 /var/mps/db_pgsql/data/client/pg_rewind/*key;

    12.  touch /var/mps/adm_upgrade_pg_generate_certs;

    13.  masd restart

      
    [ NSADM-61363 ]

Management and Monitoring

  • The backup (*System > Backup*) option is not visible to the user, even though the user has admin access.
    [ NSHELP-24972 ]
  • 1. Navigate to Networks > Network Functions > Load balancing
    2. Select the ServiceGroup and click Bound Members

    When you try to click the Enable/Disable/Poll Now option of the bound members, Citrix ADM GUI hangs and the nitro fails with Not Authorized.
    [ NSHELP-24779 ]
  • When you upgrade Citrix ADM to13.0 61.48, the upgrade does not complete and still remains in the same ADM build.
    [ NSHELP-24745 ]
  • In some cases, ADM does not send email alerts for cleared events if the “Repeat Email notification until the event is cleared” option is selected.
    [ NSHELP-24585 ]
  • After the DR node has become the primary node, the roll back from DR node to original primary site is not working as expected.
    [ NSHELP-24529 ]
  • When you upgrade ADM to version 13.0 61.xx, association of peer servers with configured NTP servers in ADM is lost.


    1. Delete the NTP server.

    2. Add the NTP server
    [ NSHELP-24520 ]
  • When you attempt to increase the ADM secondary disk size, the process fails and "Swap partition cannot be deleted" error message appears.
    [ NSHELP-23878 ]
  • ADC pre-upgrade check for free flash space always passes even if the free space is low.
    [ NSADM-60092 ]
  • The configuration job fails to execute if it has an angle bracket (<) symbol in the configuration command. 
    [ NSADM-53465 ]

Miscellaneous

  • Pooled license information for ADC cluster nodes is not displayed correctly in the ADM dashboard.
    [ NSHELP-24359 ]
  • After you upgrade ADM to 13.0.64.35, database synchronization between the ADM standalone server and the disaster recovery node fails.
    [ NSADM-60395 ]

StyleBooks

  • When you import a private StyleBook with an icon, the ADM GUI does not display the icon for the imported StyleBook.  
    [ NSADM-60506 ]
  • The "Error while adding tags" message appears when you do any of the following:

    -  Add tags to a StyleBook.

    -  Add tags to a configuration pack.

    -  Associate StyleBook tags to a configuration pack. 

     
    [ NSADM-60298 ]
  • When you deploy ADM for the first time, the ADM GUI fails to display the default StyleBooks.


    Upgrade ADM to the same build version.
     
    [ NSADM-58681 ]

User Interface

  • After you upgrade to 13.0 61.48, ADM integration with Director might not display Network Analytics (HDX) and User sessions.
    [ NSHELP-24832 ]
  • In Networks > Instances, even if you enable the pooled licensing mode for the Citrix ADC MPX instance, it appears under the Not Licensed section.
    [ NSHELP-24509 ]
  • Citrix Director fails to integrate with Citrix ADM.
    [ NSADM-60878 ]

Known Issues

The issues that exist in release 13.0-67.39.

Analytics

  • The CPU usage is high when Citrix ADM triggers app score calculation.

     
    [ NSADM-61404 ]

Management and Monitoring

  • Memory consumption of an ADM primary node crosses 80% because of the ADM high-availability monitoring process "mas_hb_monit".
    [ NSHELP-22071 ]
  • If the database synchronization lag with the ADM disaster recovery node is more than 10 MB, ADM generates alert every five minutes.
    [ NSADM-60545 ]
  • When you export a dashboard or schedule an export report on the Network Reporting Dashboard page, the report is generated based on the duration and not the start and end time.
    [ NSADM-20017 ]

Miscellaneous

  • After upgrading ADM to version 13.0 67.x, the ADM GUI displays the "Page not found" error.
    Workaround: Re-load the ADM GUI.
    [ NSADM-61600 ]

Orchestration

  • When you create a member on OpenStack Lbaas using ADM orchestration, the member creation fails on OpenStack intermittently. This issue happens when a proxy request from ADM to orchestration services times out after 30 seconds.

    With this fix, the request timeout for orchestration APIs has increased to 120 seconds.
    [ NSHELP-21490 ]
  • If you are using OpenStack Queens for LBaas workflow, the Load Balancing virtual server is not bound to Content Switching virtual server. This issue impacts the traffic.
    Workaround:
    1. Create a pool with Load Balancing virtual server.
    2. Create a listener with the pool ID.
    If you already have a listener, update the listener with the pool ID.
    [ NSADM-36631 ]

StyleBooks

  • When you edit a configuration pack to replace a signature file on an ADC instance, the ADM fails to update the changes. This issue occurs if you manually delete the signature file from the ADC instance.  
    [ NSADM-60226 ]

User Interface

  • The Export Now option or Export Report > Scheduled Report does not generate the PDF and CSV report with the selected time duration. By default, the report generates the last 30 days logs.
    [ NSHELP-25019 ]
  • When you allocate licenses to unmanaged instances, license allocation percentage appears incorrectly in the donut chart.
    [ NSADM-60798 ]

Top

What's New