NetScaler VPX

Upgrade a Citrix ADC VPX instance on AWS

You can upgrade the EC2 instance type, throughput, software edition, and the system software of a Citrix ADC VPX running on AWS. For certain types of upgrades, Citrix recommends using the High Availability Configuration method to minimize downtime.

Note:

  • Citrix ADC software release 10.1.e-124.1308.e or later for a Citrix ADC VPX AMI (including both utility license and customer license) does not support the M1 and M2 instance families.
  • Because of changes in VPX instance support, downgrading from 10.1.e-124 or a later release to 10.1.123.x or an earlier release is not supported.
  • Most of the upgrades do not require the launch of a new AMI, and the upgrade can be done on the current Citrix ADC AMI instance. If you do want to upgrade to a new Citrix ADC AMI instance, use the high availability configuration method.

Change the EC2 instance type of a Citrix ADC VPX instance on AWS

If your Citrix ADC VPX instances are running release 10.1.e-124.1308.e or later, you can change the EC2 instance type from the AWS console as follows:

  1. Stop the VPX instance.
  2. Change the EC2 instance type from the AWS console.
  3. Start the instance.

You can also use the above procedure to change the EC2 instance type for a release, earlier than 10.1.e-124.1308.e, unless you want to change the instance type to M3. In that case, you must first follow the standard Citrix ADC upgrade procedure, at, to upgrade the Citrix ADC software to 10.1.e-124 or a later release, and then follow the above steps.

Upgrade the throughput or software edition of a Citrix ADC VPX instance on AWS

To upgrade the software edition (for example, to upgrade from Standard to Premium edition) or throughput (for example, to upgrade from 200 Mbps to 1000mbps), the method depends on the instance’s license.

Using a customer license (Bring-Your-Own-License)

If you are using a customer license, you can purchase and download the new license from the Citrix website, and then install the license on the VPX instance. For more information about downloading and installing a license from the Citrix website, see the VPX Licensing Guide.

Using a utility license (Utility license with hourly fee)

AWS does not support direct upgrades for fee-based instances. To upgrade the software edition or throughput of a fee based Citrix ADC VPX instance, launch a new AMI with the desired license and capacity and migrate the older instance configuration to the new instance. This can be achieved by using a Citrix ADC high availability configuration as described in Upgrade to a new Citrix ADC AMI instance by using a Citrix ADC high availability configuration subsection in this page.

Upgrade the system software of a Citrix ADC VPX instance on AWS

If you need to upgrade a VPX instance running 10.1.e-124.1308.e or a later release, follow the standard Citrix ADC upgrade procedure at Upgrade and downgrade a Citrix ADC appliance.

If you need to upgrade a VPX instance running a release older than 10.1.e-124.1308.e to 10.1.e-124.1308.e or a later release, first upgrade the system software, and then change the instance type to M3 as follows:

  1. Stop the VPX instance.
  2. Change the EC2 instance type from the AWS console.
  3. Start the instance.

Upgrade to a new Citrix ADC AMI instance by using a Citrix ADC high availability configuration

To use the high availability method of upgrading to a new Citrix ADC AMI instance, perform the following tasks:

  • Create a new instance with the desired EC2 instance type, software edition, throughput, or software release from the AWS marketplace.
  • Configure high availability between the old instance (to be upgraded) and the new instance. After high availability is configured between the old and the new instance, configuration from the old instance is synchronized to the new instance.
  • Force an HA failover from the old instance to the new instance. As a result, the new instance becomes primary and starts receiving traffic.
  • Stop, and reconfigure or remove the old instance from AWS.

Prerequisites and points to consider

  • Ensure you understand how high availability works between two Citrix ADC VPX instances on AWS. For more information about high availability configuration between two Citrix ADC VPX instances on AWS, see Deploy a high availability pair on AWS.
  • You must create the new instance in the same availability zone as the old instance, having the exact same security group and subnet.
  • High availability setup requires access and secret keys associated with the user’s AWS Identity and Access Management (IAM) account for both instances. If the correct key information is not used when creating VPX instances, the HA setup fails. For more information about creating an IAM account for a VPX instance, see Prerequisites.
    • You must use the EC2 console to create the new instance. You cannot use the AWS 1-click launch, because it does not accept the access and secret keys as the input.
    • The new instance must have only one ENI interface.

To upgrade a Citrix ADC VPX Instance by using a high availability configuration, follow these steps:

  1. Configure high availability between the old and the new instance. To configure high availability between two Citrix ADC VPX instances, at the command prompt of each instance, type:

    • add ha node <nodeID> <IPaddress of the node to be added>
    • save config

    Example:

    At the command prompt of the old instance, type:

    add ha node 30 192.0.2.30
    Done
    <!--NeedCopy-->
    

    At the command prompt of the new instance, type:

    add ha node 10 192.0.2.10
    Done
    <!--NeedCopy-->
    

    Note the following:

    • In the HA setup, the old instance is the primary node and the new instance is the secondary node.
    • The NSIP IP address is not copied from the old instance to the new instance. Therefore, after the upgrade, your new instance has a different management IP address from the previous one.
    • The nsroot account password of the new instance is set to that of the old instance after HA synchronization.

    For more information about high availability configuration between two Citrix ADC VPX instances on AWS, see Deploy a high availability pair on AWS.

  2. Force an HA failover. To force a failover in a high availability configuration, at the command prompt of either of the instances, type:

    force HA failover
    <!--NeedCopy-->
    

    As the result of forcing a failover, the ENIs of the old instance are migrated to the new instance and traffic flows through the new instance (the new primary node). The old instance (the new secondary node) restarts.

    If the following warning message appears, type N to abort the operation:

    [WARNING]:Force Failover may cause configuration loss, peer health not optimum. Reason(s):
    HA version mismatch
    HA heartbeats not seen on some interfaces
    Please confirm whether you want force-failover (Y/N)?
    <!--NeedCopy-->
    

    The warning message appears because the system software of the two VPX instances is not HA compatible. As a result, the configuration of the old instance cannot be automatically synced to the new instance during a forced failover.

    Following is the workaround for this issue:

    1. At the Citrix ADC shell prompt of the old instance, type the following command to create a backup of the configuration file (ns.conf):

      copy /nsconfig/ns.conf to /nsconfig/ns.conf.bkp

    2. Remove the following line from the backup configuration file (ns.conf.bkp):

      • set ns config -IPAddress <IP> -netmask <MASK>

      For example, set ns config -IPAddress 192.0.2.10 -netmask 255.255.255.0

    3. Copy the old instance’s backup configuration file (ns.conf.bkp) to the /nsconfig directory of the new instance.

    4. At the Citrix ADC shell prompt of the new instance, type the following command to load the old instance’s configuration file (ns.conf.bkp) on the new instance:

      • batch -f /nsconfig/ns.conf.bkp
    5. Save the configuration on the new instance.

      • save conifg
    6. At the command prompt of either of the nodes, type the following command to force a failover, and then type Y for the warning message to confirm the force failover operation:

      • force ha failover

    Example:

            > force ha failover
    
    WARNING]:Force Failover may cause configuration loss, peer health not optimum.
            Reason(s):
            HA version mismatch
            HA heartbeats not seen on some interfaces
            Please confirm whether you want force-failover (Y/N)? Y
    <!--NeedCopy-->
    
  3. Remove the HA configuration, so that the two instances are no longer in an HA configuration. First remove the HA configuration from the secondary node and then remove the HA configuration from the primary node.

    To remove an HA configuration between two Citrix ADC VPX instances, at the command prompt of each instance, type:

        > remove ha node \<nodeID\>
        >  save config
    <!--NeedCopy-->
    

    For more information about high availability configuration between two VPX instances on AWS, see Deploy a high availability pair on AWS.

    Example:

At the command prompt of the old instance (new secondary node), type:

        > remove ha node 30
          Done
        > save config
          Done
<!--NeedCopy-->

At the command prompt of the new instance (new primary node), type:

        > remove ha node 10
          Done
        > save config
          Done
<!--NeedCopy-->