Release Notes for Citrix ADM 13.0-71.40 Release
Notes
- This release notes document does not include security related fixes. For a list of security related fixes and advisories, see the Citrix security bulletin.
What's New
Analytics
Improvements to App Dashboard
You can now view the following enhancements in App Dashboard:
- In the search bar, you can filter results based on the virtual server IP address.
- You can get a list of applications impacted with a specific issue, by choosing the issue type (Performance, Instance Health, Config, and System Resources) from the filter.
- The tabular view enables you to select a 500 rows or 1000 rows option to display maximum number of applications. Note: If you select a 500 rows or 1000 rows option, Citrix ADM takes approximately 20 seconds to display all applications. After all applications get loaded, you can select the graph view option.
- By default, you can view applications that are in Critical, Review, and Good status. To view applications that are in N/A status, you must select Not Applicable under the filter.
- In the Server Response Time issue, you can view anomaly details, after selecting the virtual server.
[ NSADM-57049 ]
Network Functions - Addition of App Security column
In Networks > Network Functions > Load Balancing and Content Switching, you can now view the App Security column. As an administrator, you can analyze if the virtual servers are bound with:
- WAF Virtual server is configured with App Firewall policy and displays the WAF related security violations.
- Bot Virtual server is configured with bot policy and displays the bot related security violations.
- Bot, WAF Virtual server is configured with both bot and App Firewall policies, and displays both bot and WAF related security violations.
- None Virtual server is not configured with either App Firewall or bot policies.
[ NSADM-54300 ]
Security Insight View SQL Injection Grammar violation
In Security Insight, you can now view a new violation type, SQL Injection Grammar. To generate the SQL Injection Grammar violation in Security Insight, you must configure the following commands in the Citrix ADC instance:
1. add ns ip <IP> <subnet mask> -type SNIP
2. add lb vs http_vs http <VS_IP> 80
3. add service http_svc <SVC_IP> http 80
4. bind lb vs http_vs http_svc
5. add appfw profile abc -startURLAction none -SQLInjectionGrammar ON -SQLInjectionType None
6. set appfw settings -defaultProfile abc
For more information, see https://docs.citrix.com/en-us/citrix-application-delivery-management-software/current-release/analytics/security-insight.html
[ NSADM-52870 ]
App dashboard Select the App Score components and configure thresholds
In App Dashboard, as an administrator, you can now decide to select the app score components and configure thresholds for app score calculation. App Score is the scoring system that defines:
- How well an application is performing
- Whether the application is performing well in terms of responsiveness
Navigate to Applications > Dashboard and then select the settings icon. In the Configure App Score page, you can select the components and configure thresholds to determine the final app score.
For more information, see https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/application-analytics-and-management/app-score.html
[ NSADM-52142 ]
Infrastructure
When you navigate to the Networks > Licenses > Bandwidth Licenses > Pooled Capacity page, the Dashboard tab now displays the license grace period of ADC instances.
[ NSADM-60744 ]
GUI option to synchronize database
If database streaming between the nodes in an HA deployment fails, now you can click the Sync Database tab under System > Deployment > High Availability Deployment in the ADM GUI, to restore the database. Previously, you were able to synchronize database only by running a script in the ADM secondary node.
[ NSADM-56889 ]
Configure an ADM server only as a pooled license server
As an administrator, you can now configure an ADM server only as a pooled license server. This configuration helps when you have regulatory mandates to restrict the ADC data within a zone. As a global license server, ADM receives only licensing data from your ADC instances. Using ADM, you can dynamically allocate pooled capacity licenses across your globally deployed ADC instances. For more information, see https://docs.citrix.com/en-us/citrix-application-delivery-management-software/current-release/license-server/adc-pooled-capacity/adm-as-a-global-license-server.html
[ NSADM-47930 ]
Management and Monitoring
Save the ADC configuration before an upgrade
When you create an upgrade job for an ADC instance, you can now save the running ADC configuration before upgrading the instance. Select the Save ADC configuration before starting the upgrade option under the Create Job tab.
[ NSADM-52470 ]
Maintain the status of ADC high-availability nodes after upgrade
When you create an upgrade job for an ADC high-availability pair, a new option Maintain the primary and secondary status of HA nodes after upgrade appears. This option appears under the Create Job tab. Select this option if you want the upgrade job to initiate a failover after upgrading each node. Earlier, there was no GUI option, and the upgrade job initiated the failover by default, after upgrading each node.
[ NSADM-47736 ]
StyleBooks
WAF StyleBooks support a new attribute in ADC appfwprofile
The Web Application Firewall StyleBooks now support the appfwprofile_crosssitescripting_binding object in ADC appfwprofile. This option appears under the URL option when you create a configuration pack.
[ NSADM-58975 ]
Export or import configuration packs
You can now export or import configuration packs as files on your local machine. With this feature, you can readily share the StyleBook configuration to another ADM server or archive it for the future use.
When you export a configuration pack, a `tgz` or `zip` bundle downloads to your local machine. This bundle includes a JSON file with all the parameters defined in the configuration pack. It also contains target ADC instances' information if specified during the export. For the configuration pack of a custom StyleBook, you can also include the custom StyleBook and its dependencies in the export bundle. You can optionally specify a passphrase to encrypt the export bundle. This passphrase secures the sensitive data of the configuration pack.
You can import a configuration pack from your local machine to the same or different ADM server. To import a configuration pack, use the passphrase if you have specified during the export.
[ NSADM-57935 ]
User Interface
Gateway Insight Improvements to view all users active and terminated sessions
In Analytics > Gateway Insight > Users > Gateway Users, you can now visualize a consolidated view of all users active and terminated sessions.
As an administrator, this improvement enables you to:
- View all users details in a single-pane visualization.
- Eliminate the complexity in selecting each user and seeing the active and terminated sessions.
[ NSADM-60800 ]
Improvements to service graph
In Applications > Service Graph, you can now view the following enhancements:
1. The service graph page has three tabs:
Global: Displays the service graph for applications across all Citrix ADC instances
Web Apps: Displays the service graph for 3-tier web applications (load balancing, content switching, and GSLB)
Microservices: Displays the service graph for Kubernetes microservices
Click each tab to view the respective service graph.
2. From the global service graph, you can access the microservice details. Clicking a service and selecting the option redirects to its respective GUI.
3. The microservices service graph has a search bar where you can place the mouse pointer and select the following categories to filter the results:
- Client Geo Location: Displays the ingress and its services that the client is accessing
- Ingress-IP: Displays all services associated with the ingress
[ NSADM-57696 ]
HDX Insight Improvements to view all users active and terminated sessions
In Analytics > HDX Insight > Users, you can now visualize a consolidated view of all users active and terminated sessions.
As an administrator, this improvement enables you to:
- View all users details in a single-pane visualization.
- Eliminate the complexity in selecting each user and seeing the active and terminated sessions.
[ NSADM-57685 ]
Grant new StyleBook permissions to users
As an administrator, when you create an access policy, you can now grant new StyleBook permissions to users such as import, delete, download, and more. To do so, navigate to System > User Administration > Access policies and click Add. Earlier, you were able to select only view and edit permissions.[ NSADM-57672 ]
Run custom scripts at the different ADC upgrade stages
The custom scripts are used for validations before and after an ADC instance upgrade. These scripts help you make sure the upgrade has not affected the ADC configuration or traffic patterns. The execution report includes the output of these scripts. And, it is sent to the configured email distribution list.
An instance upgrade has multiple stages. You can now specify these scripts to run in the following stages:- Pre upgrade: The specified script runs before upgrading an instance.
- Post upgrade pre failover (applicable for HA): This stage only applies to the high-availability deployment. The specified script runs after upgrading the nodes, but before their failover.
- Post upgrade (applicable for standalone) / Post upgrade post failover (applicable for HA): The specified script runs after upgrading an instance in the standalone deployment. In the high-availability deployment, the script runs after upgrading the nodes and their failover.
With this feature, you can check the changes occurred at every instance upgrade stages. Ensure to enable script execution at the required stages. Otherwise, the specified scripts do not run.
You can import a script file or type commands directly in the ADM GUI. In the post upgrade stages, you can also use the same script specified in the pre-upgrade stage.
[ NSADM-56649 ]
Improvements to Gateway Insight
In the Gateway Insight > Users page, the license information is now removed.
[ NSADM-53494 ]
Fixed Issues
Analytics
When you generate a report in Analytics > HDX Insight > Applications > <App Name>, the report displays incorrect total launched users for the selected duration.
[ NSHELP-25483, NSADM-63652 ]
Infrastructure
ADM GUI page disappear if refresh during ADM Database configuration migration.
Deleted old database from secondary ADM (/var/mps/db_pgsql9)
[ NSADM-61600 ]
Management and Monitoring
When you upgrade Citrix ADM to 13.0 67.42 build, the disk consumption increases and the Postgres stops.
[ NSHELP-25563 ]
When you upgrade ADM to 13.0 67.42 build, the upgrade process fails and the GUI is not accessible.
[ NSHELP-25449 ]
Citrix ADM sends multiple email notifications if some virtual servers are not licensed.
[ NSHELP-25266 ]
In System > User Administration > Groups, if an external user is part of multiple groups and no application is selected for one or more groups, the external user is unable to view the virtual server or other entities.
[ NSHELP-25181 ]
In Citrix ADM, the Citrix ADC backup files transfer through external windows SFTP server is not working as expected.
[ NSHELP-25177 ]
In System > User Administration > Groups, when you add or edit a group with SDX instances, it takes a longer than usual to create or modify the group.
[ NSHELP-25081 ]
Citrix ADM inventory process in agent stops to respond while sending data to the ADM server.
[ NSHELP-24944 ]
If the database synchronization lag with the ADM disaster recovery node is more than 10 MB, ADM generates alert every five minutes.
[ NSADM-60545 ]
Miscellaneous
On the Citrix ADM GUI, the checked out licenses for a Citrix ADC SDX appliance are not displayed in the pooled capacity dashboard if the following conditions are met:
- Citrix ADM is configured as the pooled licensing server on the SDX appliance.
- The SDX appliance is running software version earlier to 13.0-61.x.
[ NSHELP-25299 ]
Citrix ADM sends undesired traffic to AWS because of a dummy client.
With this fix, the creation of the dummy client is disabled.[ NSHELP-24006 ]
StyleBooks
When you apply two different SSL certificates to the same SSL virtual server in an ADC instance, the last applied certificate overrides the first certificate. Therefore, the configuration audit fails in the ADM GUI.
[ NSHELP-24912 ]
After you upgrade ADM from the 13.0.47.xx to 13.0.64.xx version, the existing configuration packs display an invalid date in the "Created At" field.
[ NSADM-62160 ]
When you edit a configuration pack to replace a signature file on an ADC instance, the ADM fails to update the changes. This issue occurs if you manually delete the signature file from the ADC instance.
[ NSADM-60226 ]
User Interface
In Networks > Events > Event Summary, when you click any Citrix ADC SDX-related events, the GUI redirects to the Event page but does not display any data.
[ NSHELP-25630 ]
User sessions view in Desktop Director shows server timezone. With this fix, the timezone displays according to the user configured timezone.
[ NSHELP-25576 ]
In Networks > Syslog messages, when you apply filter in the search bar and export the report in CSV format, the report displays all syslog messages.
[ NSHELP-25524 ]
In Network> SSL Dashboard> SSL Files on Citrix ADC, the Download option is disabled.
[ NSHELP-25394 ]
In Networks > Infrastructure Analytics, for some instances, the value for Throughput displays 0.
[ NSADM-62521 ]
When you allocate licenses to unmanaged instances, license allocation percentage appears incorrectly in the donut chart.
[ NSADM-60798 ]
Known Issues
Analytics
When you enable HDX Insight, the mas_afdecoder process stops responding and fails generating HDX analytics.
[ NSHELP-26754, NSHELP-27397 ]
Management and Monitoring
In Citrix ADM, when you enable Perform Audit on receiving netScalerConfigChange event, ADM polls the ADC instances for every configuration change. However, if there are multiple changes in the ADC configuration at the same time, the configuration audit polling fails. For more information to enable configuration audit polling, see Set configuration audit notifications.
[ NSHELP-29855 ]
If the mas_hb_monit.conf file is corrupted, all the processes in ADM do not start. As a result, the ADM start-up fails.
With this fix, if the mas_hb_monit.conf file is corrupt, all the processes will now search for the clean file in all the directories and recover it before accessing the file.
[ NSHELP-29543 ]
When you upgrade an ADC instance by using ADM maintenance jobs, after the instance restarts, under the Citrix ADC instance page, the upgraded ADC image version does not appear. The GUI still shows the old image version.
[ NSADM-60824 ]
Miscellaneous
When you enable analytics on a virtual server, some required information might be lost between ADC and ADM. As a result, the transaction data becomes invalid and is unavailable on the ADM reports.
[ NSHELP-26545 ]
Orchestration
- When you create a member on OpenStack Lbaas using ADM orchestration, the member creation fails on OpenStack intermittently. This issue happens when a proxy request from ADM to orchestration services times out after 30 seconds.
With this fix, the request timeout for orchestration APIs has increased to 120 seconds.
[ NSHELP-21490 ]
- If you are using OpenStack Queens for LBaas workflow, the Load Balancing virtual server is not bound to Content Switching virtual server. This issue impacts the traffic.
Workaround:
1. Create a pool with Load Balancing virtual server.
2. Create a listener with the pool ID.
If you already have a listener, update the listener with the pool ID.[ NSADM-36631 ]