Deploy a Citrix ADC VPX instance on Microsoft Azure
When you deploy a Citrix ADC VPX instance on Microsoft Azure Resource Manager (ARM), you can use the Azure cloud computing capabilities and use Citrix ADC load balancing and traffic management features for your business needs. You can deploy Citrix ADC VPX instances on Azure Resource Manager either as standalone instances or as high availability pairs in active-standby modes.
You can deploy a Citrix ADC VPX instance on the Microsoft Azure in two ways:
-
Through Azure Marketplace. The Citrix ADC VPX virtual appliance is available as an image in the Microsoft Azure Marketplace.
-
Using the Citrix ADC Azure Resource Manager (ARM) json template available on GitHub.For more information, see the GitHub repository for Citrix ADC solution templates.
Prerequisite
You need some prerequisite knowledge before deploying a Citrix VPX instance on Azure.
-
Familiarity with Azure terminology and network details. For information, see Azure terminology.
-
Knowledge of a Citrix ADC appliance. For detailed information the Citrix ADC appliance, see Citrix ADC
-
Knowledge of Citrix ADC networking. See the Networking topic.
How a Citrix ADC VPX instance works on Azure
In an on-premises deployment, a Citrix ADC VPX instance requires at least three IP addresses:
- Management IP address, called NSIP address
- Subnet IP (SNIP) address for communicating with the server farm
- Virtual server IP (VIP) address for accepting client requests
For more information, see Network architecture for Citrix ADC VPX instances on Microsoft Azure.
Note:
VPX virtual appliances can be deployed on any instance type that has two or more Intel VT-X cores and more than 2 GB memory. For more information on system requirements, see Citrix ADC VPX data sheet. Currently, Citrix ADC VPX instance supports only the Intel processors.
In an Azure deployment, you can provision a Citrix ADC VPX instance on Azure in three ways:
- Multi-NIC multi-IP architecture
- Single NIC multi IP architecture
- Single NIC single IP
Depending on your need, you can use any of these supported architecture types.
Multi-NIC multi-IP architecture
In this deployment type, you can have more than one network interfaces (NICs) attached to a VPX instance. Any NIC can have one or more IP configurations - static or dynamic public and private IP addresses assigned to it.
For more information, see the following use cases:
-
Configure a high-availability setup with multiple IP addresses and NICs
-
Configure a high-availability setup with multiple IP addresses and NICs by using PowerShell commands
Note:
To avoid MAC moves and interface mutes on Azure environments, Citrix recommends you to create a VLAN per data interface (without tag) of ADC VPX instance and bind the primary IP of NIC in Azure. For more information, see CTX224626 article.
Single NIC multi IP architecture
In this deployment type, one network interfaces (NIC) associated with multiple IP configurations - static or dynamic public and private IP addresses assigned to it. For more information, see the following use cases:
- Configure multiple IP addresses for a Citrix ADC VPX standalone instance
- Configure multiple IP addresses for a Citrix ADC VPX standalone instance by using PowerShell commands
Single NIC single IP
In this deployment type, one network interfaces (NIC) associated with a single IP address, which is used to perform the functions of NSIP, SNIP, and VIP.
For more information, see the following use case:
Note:
The single IP mode is available only in Azure deployments. This mode is not available for a Citrix ADC VPX instance on your premises, on AWS, or in other type of deployment.
Citrix ADC VPX licensing
A Citrix ADC VPX instance on Azure requires a license. The following licensing options are available for Citrix ADC VPX instances running on Azure.
- Subscription-based licensing: Citrix ADC VPX appliances are available as paid instances on Azure Marketplace. Subscription-based licensing is a pay-as-you-go option. Users are charged hourly. The following VPX models and license types are available on Azure Marketplace.
VPX model | License Type |
---|---|
VPX10 | Standard, Advanced, Premium |
VPX200 | Standard, Advanced, Premium |
VPX1000 | Standard, Advanced, Premium |
VPX3000 | Standard, Advanced, Premium |
Citrix provides technical support for subscription-based license instances. To file a support case, see Support for Citrix ADC on Azure – Subscription license with hourly price.
-
Bring your own license (BYOL): If you bring your own license (BYOL), see the VPX Licensing Guide at http://support.citrix.com/article/CTX122426. You have to:
- Use the licensing portal within Citrix website to generate a valid license.
- Upload the license to the instance.
-
Citrix ADC VPX Check-In/Check-Out licensing: For more information, see Citrix ADC VPX Check-In/Check-Out Licensing.
Starting with Citrix ADC release 12.0 56.20, VPX Express for on-premises and cloud deployments does not require a license file. For more information on Citrix ADC VPX Express see the “Citrix ADC VPX Express license” section in Citrix ADC Licensing Overview.
Note:
Regardless of the subscription-based hourly license bought from Azure Marketplace, in rare cases, the Citrix ADC VPX instance deployed on Azure might come up with a default Citrix ADC license. This happens due to issues with Azure Instance Metadata Service (IMDS).
Do a warm restart before making any configuration change on the Citrix ADC VPX instance, to enable the correct Citrix ADC VPX license.
Limitations
Running the Citrix ADC VPX load balancing solution on ARM imposes the following limitations:
-
The Azure architecture does not accommodate support for the following Citrix ADC features:
- Clustering
- IPv6
- Gratuitous ARP (GARP) - L2 Mode
- Tagged VLAN
- Dynamic Routing
- Virtual MAC (VMAC)
- USIP
- Jumbo Frames
-
If you expect that you might have to shut down and temporarily deallocate the Citrix ADC VPX virtual machine at any time, assign a static Internal IP address while creating the virtual machine. If you do not assign a static internal IP address, Azure might assign the virtual machine a different IP address each time it restarts, and the virtual machine might become inaccessible.
-
In an Azure deployment, only the following Citrix ADC VPX models are supported: VPX 10, VPX 200, VPX 1000, and VPX 3000. For for information, see the Citrix ADC VPX Data Sheet.
If you use a Citrix ADC VPX instance with a model number higher than VPX 3000, the network throughput might not be the same as specified by the instance’s license. However, other features, such as SSL throughput and SSL transactions per second, might improve.
-
The “deployment ID” that is generated by Azure during virtual machine provisioning is not visible to the user in ARM. You cannot use the deployment ID to deploy Citrix ADC VPX appliance on ARM.
-
The Citrix ADC VPX instance supports 20 Mb/s throughput and standard edition features when it’s initialized.
-
Citrix ADC VPX instances lower than D16sv3 that are configured for ICA Proxy can experience a high degree of latency. Hence, Citrix recommends you to use the instance size of D16sv3 or D32sv3.
-
For Citrix Virtual Apps and Citrix Virtual Desktops deployment, a VPN virtual server on a VPX instance can be configured in the following modes:
- Basic mode, where the ICAOnly VPN virtual server parameter is set to ON. The Basic mode works fully on an unlicensed Citrix ADC VPX instance.
- SmartAccess mode, where the ICAOnly VPN virtual server parameter is set to OFF. The SmartAccess mode works for only 5 Citrix ADC AAA session users on an unlicensed Citrix ADC VPX instance.
Note:
To configure the SmartControl feature, you must apply a Premium license to the Citrix ADC VPX instance.