NetScaler VPX

Deploy a Citrix ADC VPX instance on Microsoft Azure

When you deploy a Citrix ADC VPX instance on Microsoft Azure Resource Manager (ARM), you can use both of the following feature sets to achieve your business needs:

  • Azure cloud computing capabilities
  • Citrix ADC load balancing and traffic management features

You can deploy Citrix ADC VPX instances on ARM either as standalone instances or as high availability pairs in active-standby modes.

You can deploy a Citrix ADC VPX instance on the Microsoft Azure in two ways:

  • Through Azure Marketplace. The Citrix ADC VPX virtual appliance is available as an image in the Microsoft Azure Marketplace.

  • Using the Citrix ADC Azure Resource Manager (ARM) json template available on GitHub.For more information, see the GitHub repository for Citrix NetScaler solution templates.

The Microsoft Azure stack is an integrated platform of hardware and software that delivers the Microsoft Azure public cloud services in a local data center to let organizations construct hybrid clouds. You can now deploy the Citrix ADC VPX instances on the Microsoft Azure stack.

Prerequisite

You need some prerequisite knowledge before deploying a Citrix VPX instance on Azure.

  • Familiarity with Azure terminology and network details. For information, see Azure terminology.

  • Knowledge of a Citrix ADC appliance. For detailed information the Citrix ADC appliance, see Citrix ADC

  • Knowledge of Citrix ADC networking. See the Networking topic.

How a Citrix ADC VPX instance works on Azure

In an on-premises deployment, a Citrix ADC VPX instance requires at least three IP addresses:

  • Management IP address, called NSIP address
  • Subnet IP (SNIP) address for communicating with the server farm
  • Virtual server IP (VIP) address for accepting client requests

For more information, see Network architecture for Citrix ADC VPX instances on Microsoft Azure.

Note:

VPX virtual appliances can be deployed on any instance type that has two or more Intel VT-X cores and more than 2 GB memory. For more information on system requirements, see Citrix ADC VPX data sheet. Currently, Citrix ADC VPX instance supports only the Intel processors.

In an Azure deployment, you can provision a Citrix ADC VPX instance on Azure in three ways:

  • Multi-NIC multi-IP architecture
  • Single NIC multi IP architecture
  • Single NIC single IP

Depending on your need, you can use any of these supported architecture types.

Multi-NIC multi-IP architecture

In this deployment type, you can have more than one network interfaces (NICs) attached to a VPX instance. Any NIC can have one or more IP configurations - static or dynamic public and private IP addresses assigned to it.

For more information, see the following use cases:

Note:

To avoid MAC moves and interface mutes on Azure environments, Citrix recommends you to create a VLAN per data interface (without tag) of ADC VPX instance and bind the primary IP of NIC in Azure. For more information, see CTX224626 article.

Single NIC multi IP architecture

In this deployment type, one network interfaces (NIC) associated with multiple IP configurations - static or dynamic public and private IP addresses assigned to it. For more information, see the following use cases:

Single NIC single IP

In this deployment type, one network interfaces (NIC) associated with a single IP address, which is used to perform the functions of NSIP, SNIP, and VIP.

For more information, see the following use case:

Note:

The single IP mode is available only in Azure deployments. This mode is not available for a Citrix ADC VPX instance on your premises, on AWS, or in other type of deployment.

Citrix ADC VPX licensing

A Citrix ADC VPX instance on Azure requires a license. The following licensing options are available for Citrix ADC VPX instances running on Azure.

  • Subscription-based licensing: Citrix ADC VPX appliances are available as paid instances on Azure Marketplace. Subscription-based licensing is a pay-as-you-go option. Users are charged hourly.

    Note:

    For subscription-based license instances, your subscription billing applies throughout the license period for a particular license model. Due to cloud restrictions, Azure does not support changing or removing the license model applicable for your subscription. To change or remove a subscription license, delete the existing ADC VM, and recreate a new ADC VM with desired license.

    Citrix provides technical support for subscription-based license instances. To file a support case, see Support for Citrix ADC on Azure – Subscription license with hourly price.

  • Bring your own license (BYOL): If you bring your own license (BYOL), see the VPX Licensing Guide at http://support.citrix.com/article/CTX122426. You have to:
    • Use the licensing portal within Citrix website to generate a valid license.
    • Upload the license to the instance.

    Note:

    In an Azure stack environment, BYOL is the only available licensing option.

  • Citrix ADC VPX Check-In/Check-Out licensing: For more information, see Citrix ADC VPX Check-In/Check-Out Licensing.

    Starting with NetScaler release 12.0 56.20, Citrix ADC VPX Express for on-premises and cloud deployments does not require a license file. For more information on ADC VPX Express, see the “Citrix ADC VPX Express license” section in Citrix ADC licensing overview.

The following VPX models and license types are available on Azure Marketplace.

VPX model License type Recommended instances
    VPX 1 NIC/2 NIC VPX 3 NIC VPX upto 8 NIC
VPX200 Advanced Standard_D2s_v4 Standard_DS3_v2 Standard_DS4_v2
VPX1000 Premium Standard_D4s_v4 Standard_DS3_v2 Standard_DS4_v2
VPX5000 Premium Standard_D8ds_v5 Standard_D8ds_v5 Standard_DS4_v2
VPX BYOL
Customer Licensed -
-
-
FIPS - Customer Licensed

Note:

The recommended instances for VPX BYOL depends on the VPX license that you have purchased.

Points to note:

  • You must enable Azure accelerated networking on NetScaler VPX instances to get the optimal performance on the following VPX models:
    • VPX1000
    • VPX5000

    For more information on configuring Accelerated networking, see [Configure a Citrix ADC VPX instance to use Azure accelerated networking] (/en-us/vpx/current-release/deploy-vpx-on-azure/configure-vpx-to-use-azure-accelerated-networking.html)

  • The VPX8000 and VPX10000 licenses are available only as BYOL.

  • Regardless of the subscription-based hourly license bought from Azure Marketplace, in rare cases, the Citrix ADC VPX instance deployed on Azure might come up with a default Citrix ADC license. This happens due to issues with the Azure Instance Metadata Service (IMDS).

  • Do a warm restart, before making any configuration change on the Citrix ADC VPX instance, to enable the correct Citrix ADC VPX license.

Limitations

Running the Citrix ADC VPX load balancing solution on ARM imposes the following limitations:

  • The Azure architecture does not accommodate support for the following NetScaler features:

    • IPv6
    • Gratuitous ARP (GARP)
    • L2 Mode
    • Tagged VLAN
    • Dynamic Routing
    • virtual MAC
    • USIP
    • Jumbo Frames
    • Clustering

    Note:

    With the Citrix Application Delivery Management (ADM) Autoscale feature (cloud deployment), the ADC instances support clustering on all licenses. For information, see Autoscaling of Citrix ADC VPX in Microsoft Azure using Citrix ADM.

  • If you expect that you might have to shut down and temporarily deallocate the Citrix ADC VPX virtual machine at any time, assign a static Internal IP address while creating the virtual machine. If you do not assign a static internal IP address, Azure might assign the virtual machine a different IP address each time it restarts, and the virtual machine might become inaccessible.

  • In an Azure deployment, only the following Citrix ADC VPX models are supported: VPX 10, VPX 200, VPX 1000, and VPX 3000. For for information, see the Citrix ADC VPX Data Sheet.

    If you use a Citrix ADC VPX instance with a model number higher than VPX 3000, the network throughput might not be the same as specified by the instance’s license. However, other features such as SSL throughput and SSL transactions per second might improve.

  • The “deployment ID” that is generated by Azure during virtual machine provisioning is not visible to the user in ARM. You cannot use the deployment ID to deploy Citrix ADC VPX appliance on ARM.

  • The Citrix ADC VPX instance supports 20 Mb/s throughput and standard edition features when it’s initialized.

  • The Citrix ADC VPX instances on Azure with accelerated networking enabled, provides better performance. Azure accelerated networking is supported on Citrix ADC VPX instances from release 13.0 build 76.x onwards. To enable accelerated networking on ADC VPX, Citrix recommends you to use an Azure instance type which supports accelerated networking.

  • For Citrix Virtual Apps and Citrix Virtual Desktops deployment, a VPN virtual server on a VPX instance can be configured in the following modes:

    • Basic mode, where the ICAOnly VPN virtual server parameter is set to ON. The Basic mode works fully on an unlicensed Citrix ADC VPX instance.
    • SmartAccess mode, where the ICAOnly VPN virtual server parameter is set to OFF. The SmartAccess mode works for only five Citrix ADC AAA session users on an unlicensed Citrix ADC VPX instance.

    Note:

    To configure the SmartControl feature, you must apply a Premium license to the Citrix ADC VPX instance.

Deploy a Citrix ADC VPX instance on Microsoft Azure