Once set up, Citrix Application Delivery Management offers a flood of information with analytics enabled, but can the administrator or business do anything with it? The last part of the Citrix ADM Cloud Service deals with this question and the information on how and where to get the data in the first place.
The additional function Analytics of the ADM requires a licence. Still, each Citrix Cloud ADM instance receives two free licences for the Analytics and, thus, for two vServers within the Netscaler. Therefore, the Analytics has to be configured first so that we can enjoy the functions.
Configuration of the Cloud ADM
By default, licensing is set to automatic, and anyone who has configured more than two vServers (gateway, load balancer, content switch) will quickly have licensed the wrong vServers. Therefore, the first step should be to disable automatic licensing.
After that, specific vServers can be licensed for Analytics. Gateway vServers are particularly suitable for Analytics and thus the activation of HDX Insight (ICA) and/or Gateway Insight, but ultimately any vServer can be configured for Analytics. After enabling Analytics for the vServer, the configuration is transferred to the Netscalers via the ADM agent. This is primarily the AppFlow integrated into Netscaler with policies, profiles, etc., and these are automatically created on the Netscaler and bound with the vServer in the process.
With HDX Insight active, the ADM agent collects a mass of data, which can be found under Gateway | HDX Insight. Here, all users, as well as all possible technical details about each user, are listed. This way, high latency and high bandwidth usage of individual virtual channels can be quickly detected. In the following example image, the Remote Screen consumes the most bandwidth, followed by the Pure ICA.
The total consumption in the previously selected time window and many other details, such as the ICA Round Trip Time (RTT), can be evaluated for each user.
The SSL dashboard provides a quick view of the certificates in use when certificates expire, and what encryption vServers have configured. This makes it easy to identify vServers that are not configured to the highest security standards and reconfigure them as needed.
To receive syslog messages in the ADM cloud, this must be configured for the Netscaler beforehand. After that, these messages are stored in the cloud and can be searched with filters. It would be nice if Citrix would also introduce rules here on which notifications are sent, e.g., in the event of an incorrect login.
If the usernames do not match the schema in Active Directory or if the users are unknown, then obviously an attack is attempted by, e.g., Brutforce or the like.
The Analytics function offers excellent added value, and the two free licences should be used sensibly. Gateway vServers with HDX-Insight are particularly recommended here because this can be very helpful when troubleshooting. Notifications should be enabled so that notifications about expiring certificates and necessary security updates are also sent. In addition, syslog can be activated if a syslog server is not already used on-prem for this purpose.
All this is available free of charge, which is why everyone should use the Citrix Cloud ADM service.