Application Delivery Management

Migrate on-premises NetScaler ADM to Citrix Cloud

You can migrate on-premises NetScaler ADM 13.0 64.35 or a later version to Citrix Cloud. If your ADM has 12.1 or an earlier version, you must first upgrade to 13.0 64.35 or a later version and then migrate to Citrix Cloud. For more information, see the Upgrade section.

ADM service through Citrix Cloud enables you to get:

  • Faster releases, approximately every two weeks with latest feature updates.

  • Machine-learning based analytics for application security and bot, performance, and usage.

  • Various other features that are currently supported only in ADM service, such as peak and lean period analytics, machine-learning based analytics for application security and bot, application CPU analytics, and many more.

For a successful migration, you must:

  • Ensure to have internet connection in on-premises ADM for Citrix Cloud accessibility

  • Configure the ADM service agent

  • Get the client and secret CSV file from Citrix Cloud

  • Validate the ADM service licensing

  • Migrate using a script

After you migrate from on-premises ADM to ADM service, if you want to again continue with on-premises ADM, you can use the rollback script. For more information, see Roll back to onpremises ADM.

Configure the ADM service agent

To enable communications between NetScaler instances and NetScaler ADM, you must configure an agent. NetScaler agents are, by default, automatically upgraded to latest build. You can also select a specific time for the agent upgrade. For more information, see Configuring agent upgrade settings.

  • If your existing on-premises ADM (standalone or HA pair) has no on-premises agents configured, you must configure at least one agent for ADM service.

  • If your existing on-premises ADM (standalone or HA pair) has configured with on-premises agents for multisite deployments, you must configure the same number of agents for ADM service.

For more information on configuring an agent, see the Getting Started section.

Get the client and secret CSV file from Citrix Cloud

After you configure the agent, get the client and secret CSV file from the Citrix Cloud page:

  1. Log on to citrix.cloud.com

  2. Click the Home icon and select Identity and Access Management

  3. From the API Access tab, enter a secure client name and click Create Client.

  4. ID and Secret is generated. Click Download and save the CSV file in the on-premises ADM.

    For example, save the CSV file to the /var directory.

Validate the ADM service licenses

You must obtain licenses for ADM service.

  • The VIP licenses in ADM service must be more than or equal to the on-premises VIP licenses.

    Note

    If VIP licenses are lesser, then virtual servers are selected randomly and the VIP-level configuration for ADM service fails.

  • If you use ADM on-premises deployment as a license server, reallocate your licenses to ADM Service before migration. For more information, see Configure an ADM server only as the pooled license server and How to reallocate a license file.

  • If you are using the pooled licenses in on-premises ADM, you must obtain the pooled licenses for ADM service and then allocate licenses to the ADC instances. For more information, see Configure Pooled Licensing. The following supported ADC versions enable you to modify the license allocation from ADM:

    • NetScaler SDX: 13.0 74.11 or later versions.

    • NetScaler VPX and MPX: 13.0 47.24 or later versions, 12.1 58.14 or later versions, and 11.1 65.10 or later versions.

Migrate using a script

  • Using the ADM 82.x build, you can select the feature and then migrate.

  • For ADM 76.x or later builds, the migration scripts (servicemigrationtool.py and config_collect_onprem.py) are available as part of the build, available at cd /mps/scripts.

  • For ADM earlier than 76.x builds, you must download the migration scripts and copy the scripts in on-premises ADM.

    Note

    Ensure that the on-premises ADM has internet connectivity during migration.

  1. Using an SSH client, log on to the on-premises ADM.

    Note

    For an ADM HA pair, log on to the primary node.

  2. Type shell and press Enter to switch to bash mode.

  3. Copy the client ID and secret CSV file. For example, copy the file to the /var directory.

    After you copy the CSV file, you can validate if the CSV file is present.

    Add CSV

    Note

    For an ADM HA pair, copy the CSV file in the primary node.

  4. For ADM 13.0 82.xx version, run the following commands to complete the migration:

    1. cd /mps/scripts

    2. python servicemigrationtool.py <path of ClientID/Secret File in on-premises NetScaler ADM VM>

    For example, python servicemigrationtool.py /var/secureclient.csv

    After you run the migration script, the tool displays the following options:

    Feature wise migration options

    Based on the choice you provide, only that feature gets migrated to ADM service.

    In the example, option 1 is selected. The tool completes the Management and Monitoring (M&M) migration and displays the following message:

    Migration completion

    The Management and Monitoring (M&M) feature includes:

    • ADC Instances, tags, instance groups, profiles, custom apps, config jobs, SNMP, syslog configurations.

    • Sites, IP blocks, network reporting, analytics thresholds, notification settings, data pruning settings.

    • Config audit templates, polling intervals, event rules and settings.

    • RBAC groups, roles, and policies

    The Analytics feature includes:

    • Appflow configuration per vserver from ADC instances.

    • Appflow configuration per SDWAN device.

    Note:

    • The Management and Monitoring (M&M) feature is automatically migrated, even if you select any other feature (2, 3, or 4).

    • You can specify only one feature at a time.

    • After you complete migrating any feature, if you want to migrate any other feature later, the feature that is already migrated is not shown in the list. For example, if you complete migrating the Analytics feature first, the next time you run the migration script, you can see only the StyleBooks, Pooled Licensing, and All options.

    • When you migrate pooled licensing, it migrates all types including vservers.

  5. For ADM 13.0 76.xx version, run the following commands to complete the migration:

    1. cd /mps/scripts

    2. python servicemigrationtool.py <path of ClientID/Secret File in on-premises NetScaler ADM VM>

    For example, python servicemigrationtool.py /var/secureclient.csv

  6. For ADM earlier than 13.0 76.xx version:

    1. Download the migration script from the following location: https://download.citrixnetworkapi.net/root/download/v1/public/software?product=admonprem&build=migrationtool&model=servicemigrationtool_27.tgz

      The downloaded file comprises two bundle scripts, servicemigrationtool_27.py and config_collect_onprem_27.py.

    2. Save the two scripts in on-premises ADM. For example, save in the /var directory

    3. Run the following commands to migrate:

      1. cd /var

      2. servicemigrationtool_27.py <path of ClientID/Secret File in on-premises ADM VM>

        For example, python servicemigrationtool_27.py /var/secureclient.csv

After you run the script, it checks the prerequisites and then proceeds with the migration. The script first checks for the license availability. The following message is displayed only if you have lesser ADM service license than the on-premises license.

Lesser on-premises licenses

If you select Y, the migration continues by licensing the VIP randomly. If you select N, the script stops the migration.

If you have the unsupported ADC instance version for the pooled license server, the following message is displayed:

Unsupported ADC version

If you select Y, the migration process continues by changing the license server. If you select N, the script prompts if you want to proceed with rest of the migration. The script stops the migration if you select N.

Depending upon the on-premises configuration, the approximate time for the migration to complete is between a few minutes and a few hours. After the migration is complete, you see the following message:

Migration complete status

The migration is successful once all the ADC instances and their respective configurations are successfully moved to ADM service. After successful migration, the on-premises NetScaler ADM stops processing the following instance events:

  • SSL certificates

  • Syslog messages

  • Backup

  • Agent cluster

  • Performance reporting

  • Configuration audit

  • Emon scheduler

Roll back to onpremises ADM

If you want to roll back to on-premises ADM, ensure that the prerequisites are met.

Prerequisites

If your on-premises ADM (before migrating to ADM service) is:

  • Used as a pooled license server, ensure you have the required pooled licenses in the on-premises ADM.

  • Configured with on-premises ADM agents, ensure the agents are available in “UP” status.

Use the rollback script

Note

After rollback, the same configurations (before migration) in Analytics, SNMP, pooled licensing are again available in on-premises ADM. If you have made any changes to these configurations after migration, these changes are not reflected in on-premises ADM.

  • For ADM 82.xx or later builds, the rollback script is available as part of the build and accessible at /mps/scripts.

  • For ADM earlier than 79.xx builds, you can either upgrade to 82.x build and use the rollback script or you can download the rollback script and copy the script in on-premises ADM.

  1. Using an SSH client, log on to the on-premises ADM.

  2. Type shell and press Enter to switch to bash mode.

  3. For ADM 13.0 82.xx build, run the following commands to complete the rollback:

    1. cd /mps/scripts

    2. python rollback_to_onprem.py <path of ClientID/Secret File in ADM on-prem VM>

      For example, python rollback_to_onprem.py /var/ secureclient.csv.csv

      The tool initiates the rollback operation and a prompt asks if you want to proceed. Type Y to proceed.

      Rollback proceed

      You can see the following message after the rollback gets completed.

      Rollback complete

  4. For ADM earlier than 82.xx build:

    1. Download the rollback script from the following location:

      https://download.citrixnetworkapi.net/root/download/v1/public/software?product=admonprem&build=migrationtool&model=servicemigrationtool_27.tgz

    2. For ADM 79.xx and 76.xx builds, save the script in /mps/scripts and run the following commands to roll back:

      1. cd /mps/scripts

      2. python rollback_to_onprem.py < path of client/secret csv file in ADM on-prem>

        For example, python rollback_to_onprem.py /var/ secureclient.csv

    3. For ADM earlier than 76.xx builds, save the script in on-premises ADM. For example, save it in the /var location and run the following commands to roll back:

      1. cd /var

      2. python rollback_to_onprem_27.py < path of client/secret csv file in ADM on-prem>

        For example, python rollback_to_onprem_27.py /var/secureclient.csv

      The tool initiates the rollback operation and a prompt asks if you want to proceed. Type Y to proceed.

Migrate on-premises NetScaler ADM to Citrix Cloud