Migrate on-premises NetScaler ADM to Citrix Cloud
You can migrate on-premises NetScaler ADM 13.0 64.35 or a later version to Citrix Cloud. If your ADM has 12.1 or an earlier version, you must first upgrade to 13.0 64.35 or a later version and then migrate to Citrix Cloud. For more information, see the Upgrade section.
ADM service through Citrix Cloud enables you to get:
-
Faster releases, approximately every two weeks with latest feature updates.
-
Machine-learning based analytics for application security and bot, performance, and usage.
-
Various other features that are currently supported only in ADM service, such as peak and lean period analytics, machine-learning based analytics for application security and bot, application CPU analytics, and many more.
For a successful migration, you must:
-
Ensure to have internet connection in on-premises ADM for Citrix Cloud accessibility
-
Configure the ADM service agent
-
Get the client and secret CSV file from Citrix Cloud
-
Validate the ADM service licensing
-
Migrate using a script
After you migrate from on-premises ADM to ADM service, if you want to again continue with on-premises ADM, you can use the rollback script. For more information, see Roll back to onpremises ADM.
Configure the ADM service agent
To enable communications between NetScaler instances and NetScaler ADM, you must configure an agent. NetScaler agents are, by default, automatically upgraded to latest build. You can also select a specific time for the agent upgrade. For more information, see Configuring agent upgrade settings.
-
If your existing on-premises ADM (standalone or HA pair) has no on-premises agents configured, you must configure at least one agent for ADM service.
-
If your existing on-premises ADM (standalone or HA pair) has configured with on-premises agents for multisite deployments, you must configure the same number of agents for ADM service.
For more information on configuring an agent, see the Getting Started section.
Get the client and secret CSV file from Citrix Cloud
After you configure the agent, get the client and secret CSV file from the Citrix Cloud page:
-
Log on to citrix.cloud.com
-
Click the Home icon and select Identity and Access Management
-
From the API Access tab, enter a secure client name and click Create Client.
-
ID and Secret is generated. Click Download and save the CSV file in the on-premises ADM.
For example, save the CSV file to the /var directory.
Validate the ADM service licenses
You must obtain licenses for ADM service.
-
The VIP licenses in ADM service must be more than or equal to the on-premises VIP licenses.
Note
If VIP licenses are lesser, then virtual servers are selected randomly and the VIP-level configuration for ADM service fails.
-
If you use ADM on-premises deployment as a license server, reallocate your licenses to ADM Service before migration. For more information, see Configure an ADM server only as the pooled license server and How to reallocate a license file.
-
If you are using the pooled licenses in on-premises ADM, you must obtain the pooled licenses for ADM service and then allocate licenses to the ADC instances. For more information, see Configure Pooled Licensing. The following supported ADC versions enable you to modify the license allocation from ADM:
-
NetScaler SDX: 13.0 74.11 or later versions.
-
NetScaler VPX and MPX: 13.0 47.24 or later versions, 12.1 58.14 or later versions, and 11.1 65.10 or later versions.
-
Migrate using a script
-
Using the ADM 82.x build, you can select the feature and then migrate.
-
For ADM 76.x or later builds, the migration scripts (
servicemigrationtool.py
andconfig_collect_onprem.py
) are available as part of the build, available atcd /mps/scripts
. -
For ADM earlier than 76.x builds, you must download the migration scripts and copy the scripts in on-premises ADM.
Note
Ensure that the on-premises ADM has internet connectivity during migration.
-
Using an SSH client, log on to the on-premises ADM.
Note
For an ADM HA pair, log on to the primary node.
-
Type shell and press Enter to switch to bash mode.
-
Copy the client ID and secret CSV file. For example, copy the file to the /var directory.
After you copy the CSV file, you can validate if the CSV file is present.
Note
For an ADM HA pair, copy the CSV file in the primary node.
-
For ADM 13.0 82.xx version, run the following commands to complete the migration:
-
cd /mps/scripts
-
python servicemigrationtool.py <path of ClientID/Secret File in on-premises NetScaler ADM VM>
For example,
python servicemigrationtool.py /var/secureclient.csv
After you run the migration script, the tool displays the following options:
Based on the choice you provide, only that feature gets migrated to ADM service.
In the example, option 1 is selected. The tool completes the Management and Monitoring (M&M) migration and displays the following message:
The Management and Monitoring (M&M) feature includes:
-
ADC Instances, tags, instance groups, profiles, custom apps, config jobs, SNMP, syslog configurations.
-
Sites, IP blocks, network reporting, analytics thresholds, notification settings, data pruning settings.
-
Config audit templates, polling intervals, event rules and settings.
-
RBAC groups, roles, and policies
The Analytics feature includes:
-
Appflow configuration per vserver from ADC instances.
-
Appflow configuration per SDWAN device.
Note:
-
The Management and Monitoring (M&M) feature is automatically migrated, even if you select any other feature (2, 3, or 4).
-
You can specify only one feature at a time.
-
After you complete migrating any feature, if you want to migrate any other feature later, the feature that is already migrated is not shown in the list. For example, if you complete migrating the Analytics feature first, the next time you run the migration script, you can see only the StyleBooks, Pooled Licensing, and All options.
-
When you migrate pooled licensing, it migrates all types including vservers.
-
-
For ADM 13.0 76.xx version, run the following commands to complete the migration:
-
cd /mps/scripts
-
python servicemigrationtool.py <path of ClientID/Secret File in on-premises NetScaler ADM VM>
For example,
python servicemigrationtool.py /var/secureclient.csv
-
-
For ADM earlier than 13.0 76.xx version:
-
Download the migration script from the following location:
https://download.citrixnetworkapi.net/root/download/v1/public/software?product=admonprem&build=migrationtool&model=servicemigrationtool_27.tgz
The downloaded file comprises two bundle scripts,
servicemigrationtool_27.py
andconfig_collect_onprem_27.py
. -
Save the two scripts in on-premises ADM. For example, save in the /var directory
-
Run the following commands to migrate:
-
cd /var
-
servicemigrationtool_27.py <path of ClientID/Secret File in on-premises ADM VM>
For example,
python servicemigrationtool_27.py /var/secureclient.csv
-
-
After you run the script, it checks the prerequisites and then proceeds with the migration. The script first checks for the license availability. The following message is displayed only if you have lesser ADM service license than the on-premises license.
If you select Y, the migration continues by licensing the VIP randomly. If you select N, the script stops the migration.
If you have the unsupported ADC instance version for the pooled license server, the following message is displayed:
If you select Y, the migration process continues by changing the license server. If you select N, the script prompts if you want to proceed with rest of the migration. The script stops the migration if you select N.
Depending upon the on-premises configuration, the approximate time for the migration to complete is between a few minutes and a few hours. After the migration is complete, you see the following message:
The migration is successful once all the ADC instances and their respective configurations are successfully moved to ADM service. After successful migration, the on-premises NetScaler ADM stops processing the following instance events:
-
SSL certificates
-
Syslog messages
-
Backup
-
Agent cluster
-
Performance reporting
-
Configuration audit
-
Emon
scheduler
Roll back to onpremises ADM
If you want to roll back to on-premises ADM, ensure that the prerequisites are met.
Prerequisites
If your on-premises ADM (before migrating to ADM service) is:
-
Used as a pooled license server, ensure you have the required pooled licenses in the on-premises ADM.
-
Configured with on-premises ADM agents, ensure the agents are available in “UP” status.
Use the rollback script
Note
After rollback, the same configurations (before migration) in Analytics, SNMP, pooled licensing are again available in on-premises ADM. If you have made any changes to these configurations after migration, these changes are not reflected in on-premises ADM.
-
For ADM 82.xx or later builds, the rollback script is available as part of the build and accessible at
/mps/scripts
. -
For ADM earlier than 79.xx builds, you can either upgrade to 82.x build and use the rollback script or you can download the rollback script and copy the script in on-premises ADM.
-
Using an SSH client, log on to the on-premises ADM.
-
Type shell and press Enter to switch to bash mode.
-
For ADM 13.0 82.xx build, run the following commands to complete the rollback:
-
cd /mps/scripts
-
python rollback_to_onprem.py
<path of ClientID/Secret File in ADM on-prem VM>
For example,
python rollback_to_onprem.py /var/ secureclient.csv.csv
The tool initiates the rollback operation and a prompt asks if you want to proceed. Type Y to proceed.
You can see the following message after the rollback gets completed.
-
-
For ADM earlier than 82.xx build:
-
Download the rollback script from the following location:
https://download.citrixnetworkapi.net/root/download/v1/public/software?product=admonprem&build=migrationtool&model=servicemigrationtool_27.tgz
-
For ADM 79.xx and 76.xx builds, save the script in
/mps/scripts
and run the following commands to roll back:-
cd /mps/scripts
-
python rollback_to_onprem.py < path of client/secret csv file in ADM on-prem>
For example,
python rollback_to_onprem.py /var/ secureclient.csv
-
-
For ADM earlier than 76.xx builds, save the script in on-premises ADM. For example, save it in the
/var
location and run the following commands to roll back:-
cd /var
-
python rollback_to_onprem_27.py < path of client/secret csv file in ADM on-prem>
For example,
python rollback_to_onprem_27.py /var/secureclient.csv
The tool initiates the rollback operation and a prompt asks if you want to proceed. Type Y to proceed.
-
-