Are you planning your Citrix ADC deployment in AWS? Want some tips from the field? Make the most of your Citrix ADC VPXs in AWS with these leading practices from Citrix Consulting!
With our introduction of the Citrix ADC VPX AWS Marketplace offering into AWS GovCloud East last year as well as the air-gapped government AWS instantiations, we’ve been all abuzz about ADC deployments in AWS. It has really been a lot of fun learning the ins and outs of AWS networking and the flexibility that it affords when deploying a Citrix ADC. There are tons of possibilities out there and we are working closely with AWS to make them into a reality!
As always, I like to FFF (fail forward fast), figure things out, and share what I’ve learned, so without further ado, here are my Top 5 leading practices for deploying Citrix ADC in AWS.
- Our leading practice in the cloud is to use Citrix ADC version 13.0! If there is a requirement for an earlier version, be aware that there may be compatibility issues with certain instance types. For AWS specifically, only ADC 13.0 has Elastic Network Adapter (ENA) support, which is required for…
- Nitro-based instance types! Essentially, AWS has taken apart their storage and hypervisor and made it all into highly scalable microservices for the new Nitro system. All AWS Outposts, GovCloud East, and any new commercial region worldwide are completely Nitro-based, so keep in mind when expanding a deployment across regions that the instance types may be different. The m5 or c5 instance types are great places to start for VPXs in AWS.
- Use the AWS Quickstart for Citrix ADC VPX to deploy a full HA pair in under 15 minutes! The Quickstart includes the VPC creation as well as the three subnets, all routing, bastion hosts, and Elastic IP (EIP) creation. This is a great way to build out an environment and get up and running in no time! ProTip: make sure you have sufficient resources in your region before running this. If you have other VPCs in your home region, just deploy in a new region — but be sure to make a KeyPair there first. That being said, if you do choose to build out the ADCs manually, use the AWS VPC Wizard to create non-default VPCs with the proper network configuration. Work smarter, not harder!
- Active/Active v. Active/Passive ADC configurations have been a large focus for us, and we’ve come up with two main methods: Active/Active with GSLB or an AWS Network Load Balancer or Active/Passive with IPSets across Availability Zones. The AWS Quickstart for ADC deploys an A/P configuration, but with recent product enhancements, the failover time is near instant. This is a quick and easy way to deploy but will not take full advantage of the secondary instance. An A/A deployment requires more configuration but will enable you to take full advantage of your VPX instances.
- Goldilocks and the three subnets. We recommend that you use the three-subnet configuration to separate out client-side, server-side, and management traffic. This is very easily done manually in AWS and automatically with the Quickstart. Manually, you can create Elastic Network Interfaces (ENIs) and assign private and/or public IPs to them in the AWS console and place them in the appropriate subnet. You can easily add secondary IPs to these ENIs for any SNIPs or LB VIPs necessary. Here’s a pro tip: If you are using the ADC Quickstart nested with the Citrix Virtual Apps and Desktops Quickstart, the Cloud Connectors are automatically placed in the management subnet, which will necessitate the creation of a SNIP in the management subnet.
For more on what we’ve learned lately, check out the Advanced Concepts article on deploying an AMI in AWS SC2S and my last blog post, which shows you how to create an AMI from a launched ADC instance! Also, be on the lookout for the latest version of the AWS Quickstart for Citrix ADC VPX coming soon!