NetScaler Console Cloud Connect
NetScaler Console Cloud Connect establishes a secure, outbound connection from NetScaler Console on-prem to NetScaler Console service through Citrix Cloud™ to enable cloud‑delivered capabilities on NetScaler Console on-prem.
You can configure Cloud Connect to use the following feature in NetScaler Console on-prem:
-
LAS‑Based Licensing (Entitlement Delivery) - When Cloud Connect is enabled on NetScaler Console on-prem and the deployment is running LAS‑compatible versions, LAS is automatically enabled. Licensing entitlements are retrieved and renewed automatically. For more information, see License Activation Service.
-
Asset Delivery - Asset delivery provides encrypted signature updates and encrypted schema updates for inbuilt WAF profiles defined to secure incoming request for authentication, authorization, auditing, VPN, and GUI components. Asset delivery is enabled by default when Cloud Connect is enabled and if necessary administrators can disable. For more information, see Web App Firewall protection for VPN virtual servers and authentication virtual servers.
-
Upgrade Advisory - To use upgrade advisory on NetScaler Console on-prem, Cloud Connect must be enabled. Enabling Cloud Connect allows NetScaler Console to retrieve the latest build information and compare it with the builds of managed NetScaler instances, helping identify EOL, EOM, and instances running older builds of NetScaler instances on NetScaler Console on-prem. For more information, see Upgrade advisory.
-
ServiceNow Integration - This integration uses Citrix ITSM connector to communicate between NetScaler Console and the ServiceNow instance. The ServiceNow integration with NetScaler Console uses the ITSM Adapter service for token based authentication. For more information, see Integrate NetScaler Console with the ServiceNow instance.
Prerequisites
Before you configure Cloud Connect, ensure that you have the following prerequisites:
-
Ensure to have internet connection or have a proxy server configured in NetScaler Console on-prem for Citrix Cloud accessibility.
-
The laptop or the machine used to access NetScaler Console for Cloud Connect configuration must have internet connectivity during the initial setup.
-
Ensure that NetScaler Console service account is available.
-
Step 1: Create a Citrix Cloud account or sign in using an existing Citrix Cloud account. For more information on how to create a Citrix Cloud account, see Create a Citrix Cloud account.
-
Step 2: Create NetScaler Console service tenant by managing NetScaler Console service. For more information on how manage NetScaler Console service, see Getting started.
-
-
Ensure that you have allowed access for the following endpoint URLs:
Service URLs for APAC, EU, and US regions URLs for Japan Why is it needed? Trust Service trust.citrixnetworkapi.nettrust.citrixworkspacesapi.jpUsed to establish trust between NetScaler Console on-prem and Citrix Cloud services. Service URLs
*.agent.adm.cloud.com*.agent.adm.citrixcloud.jpThese are the NetScaler Console service endpoints used for Cloud Connect operations. NetScaler Console on-prem initiates outbound communication to these endpoints for cloud‑delivered capabilities.
*.adm.cloud.com*.citrixnetworkapi.jpadm.cloud.com*.adm.citrixcloud.jpnetscalermas.cloud.comadm.citrixcloud.jpUsed to fetch customer details like endpoint, pop name. Citrix Cloud™ connectivity
Citrix.cloud.comcitrix.citrixcloud.jpRequired for authentication and tenant selection during Cloud Connect onboarding.
Accounts.cloud.comaccounts.citrixcloud.jp -
Ensure that you disable the pop-up blocker in the browser from where you access NetScaler Console on-prem GUI.
- (Only applicable to Japan Cloud users) Perform the following steps on NetScaler Console on-prem to connect to Japan region endpoints.
-
On the shell of NetScaler Console on-prem, run the commands:
cd /mps/python/util/ python consoleService.py --region japan <!--NeedCopy-->Notes:
The command restarts the NetScaler Console processes.
-
-
Configure the following ports:
- 443 (NetScaler Console on-prem/proxy to Cloud) - 80 (NetScaler Console on-prem to proxy) - Disable the browser pop‑up blocker for NetScaler Console GUI host used to configure Cloud Connect.
Configure Cloud Connect
Workflow 1 – New User (No Citrix Cloud Account and no NetScaler Console service tenant)
-
Create a Citrix Cloud account. For more information, see Create a Citrix Cloud account.
-
Sign into Citrix Cloud account and click the NetScaler Console service tile. Upon successful login, the page redirects to the NetScaler Console service tenant creation steps.
-
Select a region that suits your business needs and click Done.
-
Select a role and finish the setup. For more information, see Getting started.
-
-
Login to NetScaler Console on-prem, click the Cloud icon > Get Started.
-
Click Connect to NetScaler Console service.
-
Log in to your Citrix Cloud account.
-
Select your account name to complete the login.
-
You are greeted with a “Login Successful” message.
-
The Cloud Connect configuration is complete, Cloud Connect shows a Connected status. You can proceed further to enable integrations such as ServiceNow from the Cloud Connect configuration page.
Workflow 2 – Citrix Cloud account exists but NetScaler Console service tenant does not exist
-
Sign into Citrix Cloud account and click the NetScaler Console service tile. Upon successful login, the page redirects to the NetScaler Console service tenant creation steps.
-
Select a region that suits your business needs and click Done.
-
Select a role and finish the setup. For more information, see Getting started.
-
-
In NetScaler Console, click the Cloud icon > Get Started.
-
Click Connect to NetScaler Console service.
-
Log in to your Citrix Cloud account.
-
Select your account name to complete the login.
-
You are greeted with a “Login Successful” message.
-
The Cloud Connect configuration is complete, Cloud Connect shows a Connected status. You can proceed further to enable integrations such as ServiceNow from the Cloud Connect configuration page.
Workflow 3 - Citrix Cloud account and NetScaler Console service tenant exists
-
In NetScaler Console, click the Cloud icon > Get Started.
-
Click Connect to NetScaler Console service.
-
Log in to your Citrix Cloud account.
-
Select your account name to complete the login.
-
You are greeted with a “Login Successful” message.
-
The Cloud Connect configuration is complete, Cloud Connect shows a Connected status. You can proceed further to enable integrations such as ServiceNow from the Cloud Connect configuration page.
Proxy configuration support for Cloud Connect
Cloud Connect supports both unauthenticated and authenticated proxy servers. Proxy server configuration is optional.
Note:
- Starting from NetScaler Console release 14.1-66.x, Cloud Connect supports SSL interception for explicit proxy deployments. Upload the proxy’s CA certificate to establish trusted communication. For information on managing certificates for proxy-enabled configurations with SSL inspection, see Manage CA certificate.
- Basic authentication type is supported.
-
On the Cloud Connect configuration page, click Click to configure proxy server.
-
Enable the proxy and enter the IP/FQDN and port.
-
If necessary, add a
UsernameandPassword.
Data collected through Cloud Connect
Important:
Cloud Connect is not the channel for the NetScaler telemetry program. Telemetry is collected using an auto‑enabled channel. For telemetry related information, see NetScaler telemetry program.
When Cloud Connect is enabled on NetScaler Console on-prem and you are on LAS‑compatible versions, LAS is automatically enabled. For details on information collected as part LAS related workflow, see License Activation Service.
Troubleshooting cloud connect connectivity issues
-
Issue: Pop‑up blocked during sign‑in
Solution: Disable the browser pop‑up blocker and retry Cloud Connect onboarding.
-
Issue: Endpoints blocked
Solution: Verify allow‑listing for the Download/Trust/Service and Citrix Cloud domains (or Japan region equivalents).
-
Issue: LAS grace period warnings
Ensure NetScaler Console on-prem can reach Citrix Cloud (direct or proxy). The entitlement blob auto‑refreshes; repeated failures trigger grace period and alerts.
Other options
After you enable Cloud Connect, you can use the following options:
-
Get Status - Provides a real-time health check of your NetScaler Cloud Connect. Here is what each status indicates:
- Connected - The connection is active.
- Pending - NetScaler Console is fetching the connection status.
- Error - Issues are observed with connectivity.
- Disconnected - Connectivity is turned off.
-
Modify Tenant - Enables you to change the existing tenant. When you click Modify Tenant, you will be redirected to a new tab and you must sign into Citrix Cloud. After successful login, you can select a different tenant.
-
Modify Proxy - Enables you to configure the proxy settings in NetScaler Console on-prem. This action is required when NetScaler Console does not have direct access to the internet through the management network. Click Modify Proxy from the list, update details, and then click Save.
-
Disconnect - Disables the Cloud Connect feature. If you choose to disable, all the features enabled as part of Cloud Connect stops working.
To disable, click Disconnect from the list.
Build‑Specific feature behavior
The following table provides the feature availability through Cloud Connect in different NetScaler Console on-prem builds:
| Build | Feature available in Cloud Connect | Action required | Data collection through Cloud Connect |
|---|---|---|---|
| 14.1 66.x and later
|
LAS-based licensing | Configure Cloud Connect
|
No
|
| ServiceNow Integration | |||
| Asset Delivery | |||
| Upgrade Advisory | |||
| 14.1 56.x and later
|
LAS-based licensing | Configure Cloud Connect
|
No
|
| ServiceNow Integration | |||
| Asset Delivery | |||
| 14.1 51.x and later
|
LAS-based licensing | Configure Cloud Connect
|
No
|
| ServiceNow Integration | |||
| 14.1-25.x and later | ServiceNow Integration | Configure Cloud Connect and enable ServiceNow Integration. | No |
| Between 14.1-8.x and 14.1-21.x | Security Advisory and ServiceNow Integration | Configure Cloud Connect and enable the feature | Yes. After configuring Cloud Connect. For more information, see Data governance for Cloud Connect |
| 14.1-4.x or earlier | NA | NA | NA |
FAQs
-
Does Cloud Connect push configuration to my NetScaler instances?
No. Cloud Connect does not push configuration to NetScaler instances; it only enables cloud‑delivered services to NetScaler Console on-prem and facilitates license or asset delivery.
-
Is there any inbound connectivity from Citrix Cloud to my environment?
No. Cloud Connect uses outbound‑only communication initiated from NetScaler Console on-prem.
-
Is it required to migrate NetScaler instances to NetScaler Console service?
No. You don’t need to migrate instances to NetScaler Console service to use Cloud Connect features.
-
Which proxy authentication types are supported?
Cloud Connect can be used through proxy. We support both Basic authentication or no authentication proxy integration.
-
Is Security Advisory still enabled through Cloud Connect?
Only on specific older 14.1 builds (8.x to 21.x). In later builds, Cloud Connect primarily enables features as described in this topic. From build 14.1 25.x onwards, Security Advisory can be used through an auto-enabled channel. For more information, see Automated telemetry collection mode.