Citrix NetScaler Management & Analytics System

By 18 juli 2016 No Comments


Citrix NetScaler Management & Analytics System

This year at Citrix Synergy in Las Vegas. Citrix introduced there new product NetScaler Management & Analytics Systemà NetScaler MAS for short.

So what is NetScaler MAS.

NetScaler MAS is a solution to bring Operational Efficiency, Visibility & DevOps through Management & Analytics. NetScaler MAS is a centralized network management, analytics, and orchestration solution that can support applications deployed across bimodal IT infrastructures. From a single platform, administrators can view, automate, and manage network services for applications deployed on-premise, in the cloud or in containers.

So you may think why NetScaler MAS…

Here are some of the features.

  • Unifies all source of information into a single device;
  • Intergrated. Single touch point for managing inventory, analysing traffic and integrating with orchestration or SDN solutions;
  • Time. Saves time and efforts of administrators by not having to login different consoles to gather the right information for troubleshooting or problem solving;
  • Summarized. Summarized dashboard based theme makes it easy to find the data you want;
  • Automate. Helps IT Staff to automate operational tasks for better efficiency;
  • Isolate. Enables isolation of Application & Network Admin Roles;
  • Consolidate. Provides ways to consolidate your application network functions;
  • Simplifies ways to configure application network functions;
  • Anomalies. Identify configuration anomalies and suggest associated actions;
  • Weak Config. Brings out weak configuration as potential threats for the infrastructure;
  • Trends. Identifies trends over traffic patterns and system events;
  • Granular. Granular HTTP & ICA Analytics
  • Associate. Associate threat exposure to protection deployed.


In my opinion this product is a nice step up for Citrix combining NetScaler Insight and Citrix Command Center into 1 product. If you think about it, Enterprises are really looking for way to manage there on premise private/hybrid clouds and off-premise private/hybrid clouds. They need integration with other industry leading cloud orchestration frameworks to make this happen. So with Citrix NetScaler MAS, Citrix has built this up from scratch and is really the way to go to manage an infrastructure with any NetScaler (MPX, SDX, VPX, CPX) across multi/hybrid clouds deployments.  And if have been told that management of other open-source load balancers is part of the roadmap.










What about licensing.

NetScaler MAS is licensed based on the number of vServers. With the free version 30 vServers are allowed.

The following table lines out the limitations for the free version

Management Capabilities Free Subscription required for >30 vServers
Fleet Management – configuration X  
Schedule device upgrades X  
SSL certificate management, policy enforcement X  
Application configuration jobs and Stylebooks X  
Orchestration with third party systems X  
Geo-mapping of instances deployed*   X
Fleet Management – visibility   X
Role based access based on application groups   X
Application specific analytics   X
Advanced analytics for anomaly detection   X


So if we compare the differences with Citrix Command Center;

Management Capabilities Command Center NetScaler MAS
Manage device configurations and upgrades X  
Geo-mapping of instances deployed X  
Schedule device upgrades   X
SSL certificate management   X
SSL certificate policy creation and enforcement   X
Role-based access based on application groups   X


What about scaling.

NetScaler MAS is designed to scale.  There are 3 ways to scale the NetScaler MAS.


  • Single Management Node. This is recommended for small customers, Proof of Concepts or DTAP enviroments (DevOps)
  • HA Pair Management Nodes. This recommended for small customers with the need for redundancy
  • Scale-out Management Infrastructure. This is recommended for medium to large scale customers.














A full deployment with a Scale-out Management Infrastructure will look something like this picture;










Let’s take a look at some uses cases for the NetScaler MAS

Automate NetScaler in a Software Defined Datacenter.

A organization wants to migrate their datacentre using Software Defined technology. Provisioning of services on NetScaler needs to be automated. NetScaler MAS leverages an open API to intergrate with OpenStack, NSX etc… therefore admins can continue to use their preffered orchestration platform leveraging NetScaler MAS to broker services.

Multisite Management

Maintaining devices across multiple site, becomes a hell of a job and is complex and time consuming. NetScaler MAS provides centralized management for NetScaler instances.

  • Upgrades can be scheduled in advance.
  • Central dashboard and insights for end-to-end visibility and troubleshooting.


App Centric Lifecycle Management

Application owners have to rely on other teams that manage infrastructure and other systems who have no intimate knowledge of the application to configure NetScaler to support their apps. Application owners lack similar expertise on NetScaler to configure. This often leads to longer deployment cycles. NetScaler MAS provides app focused capabilities to empower app owners.

  • Role-based access based on application groups
  • Stylebooks is an app-developer friendly format for configuring NetScaler functionalities to support apps
  • Application dashboards that provide visibility and insight into app configurations and performance.


SSL Certificate Management

SSL certificates have to be individually managed per device, and administrators aren’t able to see which certificates are nearing expiration or not being used. There is no centralized mechanism on NetScaler to view or renew a batch of certs ahead of expiration on multiple devices. Admins only become aware of expired certs once they expire and users encounter authentication issues. NetScaler MAS provides visibility into all certificates deployed across multiple devices.

  • Administrators can select which certificates are expiring and automate cert renewals
  • Policies can be set and enforced around types of certificates and signing authorities that are permitted


Installing the product.

First we start to download the from the following URL;









You can use either the vSphere Web Client or the vSphere Client to deploy the OVF file. At this point in time i am still using the traditional vSphere client.

Start by logging on to your vSphere Client and then select File à Deploy OVF Template.












Select the previously downloaded package from the Citrix Portal.

















Click on Next to Continue.

You can change the name if you want to fulfil your naming standards. I am going to leave this with the default name.














Select the appropriate VMware host in which you want to deploy this Virtual Appliance. In my case i only have one ESX host in my home lab. So i don’t have any choice.














Next you will get a warning. This is because we are using the vSphere Client to deploy. If you use vSphere Web Client this warning won’t be displayed.










Select the appropiate DataStore and continue













Select the Disk Format you will be using.








At this point you will get a overview of all the setting you made during this wizard. Also select the “Power on after deployment” option. So the Virtual Appliance will be powered on after creation.



























Next step is to configure the Virtual Appliance with the correct IP address etc…

Open the console of your virtual machine.







Fill in the correct IP’s







Press 7 when you are done.

The next configuration setting we must do is the “NetScaler MAS Deployment Configuration”

Because this is the first appliance we are going to select “NetScaler MAS Server”










Next question is if we want standalone deployment. If you want to use HA pair of NetScaler MAS Appliances select the option “No”. In my case i am going to select “Standalone Deployment”




Restart à yes





After the system has rebooted, we log in with a browser to the NetScaler MAS Ip address. And login with nsroot/nsroot





















You can choose to enable or skip the “ CUXIP, Citrix User Experience Improvement Program”










Select “Get Started









Select the deployment type










At this point NetScaler MAS needs to discover NetScaler instances in your network before they can be managed.








Enter the NSIP address of your NetScaler












Next click on the “Pencil Button”

Fill in the correct settings and press. You can choose to fill in the SNMP community string. At this point i am using “public”














Click on OK..

Instances will be added to the NetScaler MAS.










In my homelab I have to NetScalers configured in HA. So both are applied…

Click on “Finish” to continue










At this point I don’t have any configuration done on my NetScalers. So further integration will be shown in next blog articles.