System requirements
Before you install NetScaler Application Delivery Management (ADM), you must understand the software requirements, browser requirements, port information, license information, and limitations.
Requirements for NetScaler ADM
| Component | Requirement |
|---|---|
| RAM | 32 GB |
| Virtual CPU | 8 CPUs |
| Note: Citrix recommends using solid-state drive (SSD) technology for NetScaler ADM deployments. | |
| Storage space | The default storage space required is 120 GB. Actual storage requirement depends on NetScaler ADM sizing estimation. Use the sizing calculator mentioned in the Maximum limits section (page number 7) in the NetScaler ADM HA Deployment Guide. This guide is available at our download site, under NetScaler MAS Release 12.1 > Earlier Versions. Note: you need a Citrix account to access the deployment guide and sizing calculator. |
| If your NetScaler ADM storage requirement exceeds 120 GB, you to have to attach an additional disk. You can add only one additional disk. | |
| Citrix recommends you to estimate storage and attach additional disk at the time of initial deployment. | |
| For more information, see How to Attach an Additional Disk to NetScaler ADM. | |
| Virtual network interfaces | 1 |
| Throughput | 1 Gbps or 100 Mbps |
Requirements for NetScaler ADM on-prem agent
| Component | Requirement |
|---|---|
| RAM | 32 GB |
| Virtual CPU | 8 CPUs |
| Storage space | 30 GB |
| Virtual network interfaces | 1 |
| Throughput | 1 Gbps |
Note
AMD processor is supported in:
NetScaler ADM 13.1 build 4.43 or later.
NetScaler agent 13.1 build 17.42 or later.
Minimum NetScaler version required for NetScaler ADM features
Important
The NetScaler ADM version and build should be equal to or higher than your NetScaler version and build. For example, if you have installed NetScaler ADM 12.1 Build 50.39, then ensure you have installed NetScaler 12.1 Build 50.28/50.31 or earlier.
| NetScaler ADM Feature | NetScaler Software Version |
|---|---|
| StyleBooks | 10.5 and later |
| OpenStack/CloudStack Support | 11.0 and later, if a partition is required |
| 11.1 and later, if partition on shared virtual LAN is required | |
| NSX Support | 11.1 Build 47.14 and later (VPX) |
| Mesos/Marathon Support | 10.5 and later |
| Backup/Restore | For NetScaler, 10.1 and later |
| For NetScaler SDX, 11.0 and later | |
| Monitoring/Reporting and Configuration using Jobs | 10.1 and later |
| Analytics Features | |
| Web Insight | 10.5 and later |
| HDX Insight | 10.1 and later |
| WAF Security Violations | 11.0.65.31 and later |
| Gateway Insight | 11.0.65.31 and later |
| Cache Insight | 10.5 and later* |
| SSL Insight | 12.0 and later |
* Integrated Cache Metrics are not supported in NetScaler ADM with NetScaler instances running version 11.0 build 66.x.
Requirements for NetScaler ADM analytics
Minimum Citrix Virtual Apps and Desktops versions required for NetScaler ADM features
| NetScaler ADM Feature | Citrix Virtual Apps and Desktops Version |
|---|---|
| HDX Insight | Citrix Virtual Apps and Desktops 7.0 and later |
Note
The NetScaler Gateway feature (branded as Access Gateway Enterprise for versions 9.3 and 10.x) must be available on the NetScaler instance. NetScaler ADM does not support standalone Access Gateway Standard appliances.
NetScaler ADM can generate reports for applications that are published on Citrix Virtual Apps or Citrix Virtual Desktops and accessed through Citrix Workspace. However, this capability depends on the operating system on which Workspace is installed. Currently, a NetScaler does not parse ICA traffic for applications or desktops that are accessed through Citrix Workspace running on iOS or Android operating systems.
Thin clients supported for HDX insight
-
Dell Wyse Windows based Thin Clients
-
Dell Wyse Linux based Thin Clients
-
Dell Wyse ThinOS based Thin Clients
-
10ZiG Ubuntu based Thin Clients
-
IGEL UD3 W7+ (M340)
-
IGEL UD3 W7 (M340C)
NetScaler instance license required for HDX insight
The data collected by NetScaler ADM for HDX Insight depends on the version and licenses of the NetScaler instances being monitored. HDX Insight reports are displayed only for NetScaler Premium and Advanced appliances running release 10.5 and later.
| NetScaler License/Duration | 5 Minutes | 1 Hour | 1 Day | 1 Week |
|
|---|---|---|---|---|---|
| Standard | No | No | No | No | No |
| Advanced | Yes | Yes | No | No | No |
| Premium | Yes | Yes | Yes | Yes | Yes |
Supported hypervisors
The following table lists the hypervisors supported by NetScaler ADM.
| Hypervisor | Versions |
|---|---|
| Citrix Hypervisor | 7.1 and 7.4 |
| VMware ESX | 6.0, 6.5, 6.7, and 7.0 |
| Microsoft Hyper-V | 2012 R2 and 2016 |
| Generic KVM | RHEL 7.4, RHEL 8.0, Ubuntu 16.04, and Ubuntu 18.04 |
Supported operating systems and Workspace versions
The following table lists the operating systems supported by NetScaler ADM, and the Citrix Workspace versions currently supported with each system:
| Operating System | Workspace Version |
|---|---|
| Windows | 4.0 Standard Edition |
| Linux | 13.0.265571 and later |
| Mac | 11.8, build 238301 and later |
| HTML5 | 1.5 |
| Chrome App | 1.5 |
Supported browsers
The following table lists the web browsers supported by NetScaler ADM:
| Web Browser | Version |
|---|---|
| Microsoft Edge | 79 and later |
| Google Chrome | 51 and later |
| Safari | 10 and later |
| Mozilla Firefox | 52 and later |
Supported ports
NetScaler ADM uses the NetScaler IP (known as NSIP) address to communicate with NetScaler. You can use ADM agent as an intermediary between the ADC instance and ADM. To establish a communication with these servers, open the required ports.
Note
If you have configured NetScalers in High Availability mode, NetScaler ADM uses NSIP to communicate with NetScaler and the required ports remain the same.
Network port diagram for agentless deployment:
Network port diagram for the deployment that includes ADM agent:
The following sections explain the required ports and their purpose:
Ports for the ADM server
The following table explains the required ports that must be open on the ADM server.
| Port | Type | Details | Direction of communication |
|---|---|---|---|
| 80/443/5454/22 | TCP | Default port for communication, and database synchronization in between NetScaler ADM nodes in high availability mode. Note: This port is also used for NetScaler telemetry. | NetScaler ADM primary node to NetScaler ADM secondary node |
| 443/8443/7443 | TCP | Port for communication between NetScaler agent and NetScaler ADM. | NetScaler agent initiates the communication with NetScaler ADM. Then, NetScaler ADM and agent interact with each other. |
| 27000 and 7279 | TCP | License ports for communication between NetScaler ADM license server and ADC instance. These ports are also used for ADC pooled licenses. | NetScaler to NetScaler ADM |
| 5005 | UDP | Port to exchange heartbeats between HA nodes. | NetScaler ADM primary node to secondary node. NetScaler ADM secondary node to primary node. |
| 5140 | UDP | Port to receive NetScaler Gateway telemetry data. | NetScaler to NetScaler Console |
If the ADM and ADC instances are not using an agent for communication, ensure to open the following ports on the ADM server:
| Port | Type | Details | Direction of communication |
|---|---|---|---|
| 80/443 | TCP | For NITRO communication from NetScaler ADM to NetScaler instance. | NetScaler agent to NetScaler and NetScaler to NetScaler agent |
| 4739 | UDP | For AppFlow communication from NetScaler instance to NetScaler ADM. | NetScaler to NetScaler agent |
| 162 | UDP | To receive SNMP events from NetScaler instance to NetScaler ADM. | NetScaler to NetScaler agent |
| 514 | UDP | To receive syslog messages from NetScaler instance to NetScaler ADM. | NetScaler to NetScaler agent |
| 5557/5558 | TCP | For logstream communication (for WAF Security Violations, Web Insight, and HDX Insight) from NetScaler to NetScaler ADM. | NetScaler to NetScaler ADM |
| 5563 | TCP | To receive ADC metrics (counters), system events, and Audit Log messages from NetScaler instance to NetScaler ADM | NetScaler to NetScaler ADM |
Ports for the ADM agent
The following table explains the required ports that must be open on the ADM agent.
| Port | Type | Details | Direction of communication |
|---|---|---|---|
| 80/443 | TCP | For NITRO communication from NetScaler ADM to NetScaler instance. | NetScaler agent to NetScaler and NetScaler to NetScaler agent |
| 4739 | UDP | For AppFlow communication from NetScaler instance to NetScaler ADM. | NetScaler to NetScaler agent |
| 162 | UDP | To receive SNMP events from NetScaler instance to NetScaler ADM. | NetScaler to NetScaler agent |
| 514 | UDP | To receive syslog messages from NetScaler instance to NetScaler ADM. | NetScaler to NetScaler agent |
| 5557/5558 | TCP | For logstream communication (for WAF Security Violations, Web Insight, and HDX Insight) from NetScaler to NetScaler ADM. | NetScaler to NetScaler ADM |
Ports for ADC instances
The following table explains the required ports that must be open on NetScaler instances.
| Port | Type | Details | Direction of communication |
|---|---|---|---|
| 80/443 | TCP | For NITRO communication from NetScaler ADM to NetScaler instance. For NITRO communication between NetScaler ADM servers in high availability mode. | NetScaler ADM to NetScaler and NetScaler to NetScaler ADM |
| 22 | TCP | For SSH communication from NetScaler ADM to NetScaler instance. For synchronization between NetScaler ADM servers deployed in high availability mode. And, this port is required for the SSH communication between the ADM agent and NetScaler. | NetScaler ADM to NetScaler. Or, NetScaler agent to NetScaler. |
| No reserved port | ICMP | To detect network reachability between NetScaler ADM and NetScaler instances, or the secondary NetScaler ADM server deployed in high availability mode. | NetScaler ADM to NetScaler |
| 161 | UDP | To poll events from ADC instances. | NetScaler ADM to NetScaler |
Ports for ADC built-in agent
The following table explains the required ports that must be open for NetScaler built-in agent.
| Port | Type | Details | Direction of communication |
|---|---|---|---|
| 443 | TCP | For all communication from NetScaler ADM to NetScaler built-in agent | NetScaler ADM to NetScaler built-in agent and NetScaler built-in agent to NetScaler ADM |
Note:
In ADM high-availability deployment, all communications from ADM use the primary node IP address.
Ports for external servers
The following table explains the required ports that must be open on external servers:
| Port | Type | Details | Direction of communication |
|---|---|---|---|
| 25 | TCP | To send SMTP notifications from NetScaler ADM to users. | NetScaler ADM to users. |
| 389/636 | TCP | Default port for authentication protocol. For communication between NetScaler ADM and LDAP external authentication server. | NetScaler ADM to LDAP external authentication server |
| 123 | UDP | Default NTP server port for, synchronizing with multiple time sources. | NetScaler ADM to NTP server |
| 1812 | RADIUS | Default port for authentication protocol. For communication between NetScaler ADM and RADIUS external authentication server. | NetScaler ADM to RADIUS external authentication server |
| 49 | TACACS | Default port for authentication protocol. For communication between NetScaler ADM and TACACS external authentication server. | NetScaler ADM to TACACS external authentication server |
Limitations
From NetScaler ADM 12.1 or later, the following features support IPv6 format of IP addresses:
-
Management access for NetScaler ADM GUI
-
Management access for NetScaler
-
Registration and inventory
-
Network dashboard
-
SSL dashboard
-
Config jobs
-
Config audit
-
Network functions
-
Network reporting
-
Backup and restore of ADC instances
-
SNMP events from NetScalers
The following features do not support IPv6:
-
High availability floating IP
-
Syslogs received from ADCs that support IPv6
-
StyleBooks on ADCs that support IPv6
-
Analytics
-
Pooled licensing