Application Delivery Management

Manage admin partitions of Citrix ADC instances

You can configure admin partitions on your Citrix Application Delivery Controller (ADC) instances so that different groups in your organization are assigned different partitions on the same Citrix ADC instance. A network administrator can be assigned to manage multiple partitions on multiple Citrix ADC instances.

Citrix Application Delivery Management (ADM) provides a seamless way of managing all partitions owned by an administrator from a single console. You can manage these partitions without disrupting other partition configurations.

To allow multiple users to manage different admin partitions, you have to create groups and then, assign users and partitions to those groups. Each user can view and manage only the partitions in the group to which the user belongs. Each admin partition is considered as an instance in Citrix ADM. When you discover a Citrix ADC instance, the admin partitions configured on that Citrix ADC instance get added to the system automatically.

Consider that you have two Citrix VPX instances with two partitions configured on each instance. For example, Citrix ADC instance 10.102.216.49 has Partition_1, Partition_2, and Partition_3, and Citrix ADC instance 10.102.29.120 has p1 and p2 as shown in the following image.

To view the partitions, navigate to Networks > Instances > Citrix ADC > VPX, and then click Partitions.

You can assign user-p1 the following partitions: 10.102.29.120-p1 and 10.102.216.49-Partition_1. And, you can assign user-p2 to manage partitions 10.102.29.80-p2, 10.102.216.49-Partition_2, and 10.102.216.49-Partition_3.

Then , you have to create the two users, user-p1 and user-p2, and you have to assign the users to the groups that you created for them.

First, you have to create two groups with appropriate permissions (example: admin permissions) and include the required admin partition instances in each group. For example, create system group partition1-admin and add Citrix ADC admin partitions 10.102.29.120-p1 and 10.102.216.49-Partition_1 to this group. Also create system group partition2-admin and add Citrix ADC admin partitions 10.102.29.120-p2, 10.102.216.49-Partition_2, and 10.102.216.49-Partition_3 and to this group.

After you have created the admin partition, you can also use the revision history difference feature and the audit template for admin partition feature for auditing purposes

Revision history difference for admin partition allows you to view the difference between the five latest configuration files for a partitioned Citrix ADC instance. You can compare the configurations files against each other (example Configuration Revision - 1 with Configuration Revision -2) or against the current running/saved configuration with Configuration Revision. Along with the differences in configuration, the correction configurations are also shown. You can export all the corrective commands to your local folder and correct the configurations.

To view the revision history difference:

  1. Navigate to Networks > Configuration Audit. Click inside the donut chart that represents the instance config status. In the Audit Reports page that opens, click the partitioned Citrix ADC instance.

    View audit reports

  2. From the Action menu, click Revision History Diff.

    View revision history difference

  3. On the Revision History Diff page, select the files that you want to compare. For example, compare the Saved Configuration with Configuration Revision -1 and then, click Show configuration difference.

    View configuration difference

  4. You can then view the difference between the five latest configuration files for the selected partitioned Citrix ADC instance as shown below. You can also view the corrective configuration commands and export these corrective commands to your local folder. These corrective commands are the commands that need to be run on the base file in order to get the configuration to the desired state (configuration file that is being used for comparison).

    Configuration difference report

Audit templates for partition allow you to create a custom configuration template and associate it with a partition instance. Any variation in the running configuration of the instance with the audit template is shown in the Template vs Running diff column of the Audit Reports page. Along with the differences in configuration, the correction configurations are also shown. You can also export all the corrective commands to your local folder and correct the configurations.

To view the template vs running difference:

  1. From the Audit Reports page, click the partitioned Citrix ADC instance.

    View template and running difference

  2. If there is any difference between the audit template and the running difference, the difference is shown as a hyperlink. Click the hyperlink to view the differences if there is any. Along with the differences in configuration, the correction configurations are also shown. You can also export all the corrective commands to your local folder and correct the configurations.

To create groups:

  1. Navigate to System > User Administration > Groups, and then click Add.

  2. In the Create System User page, specify the following:

    • Group Settings tab: Enter the group name and role permissions. To allow access to specific instances, clear the All Instances check box, and then choose your instances on the Select Instances page.

    • Applications and Templates tab: You can choose to use this group across all applications and configuration templates.

    • Select Users tab: Select users that you’d like to add to this group. You can click the New link in the Available table to create new users. Optionally, configure the session timeout, where you can configure the time period for how long a user can remain active.

  3. Click Finish.

    Create groups

To create users:

  1. Navigate to System > User Administration > Users, and then click Add.

  2. On the Create System User page, specify the user name and password. Optionally, you can enable external authentication and configure the session timeout.

  3. Assign the user to a group by adding the group name from the Available list to the Configured list.

  4. Click Create.

Now log out and log on with user-p1 credentials. You can view and manage only the admin partitions assigned to you to manage and monitor.

Manage admin partitions of Citrix ADC instances