Release Notes for Citrix ADM 13.0-64.35 Release

Analytics

• Title: View Ingress details for troubleshooting issues
  
  In service graph, you can now view:
  * Ingress metrics
  * Ingress details (drill down)
  * The type of ingress used
  ** *Tier 1 ingress* – Citrix Ingress Controller inside the Kubernetes cluster configures a Citrix ADC instance (VPX/MPX/SDX/BLX) outside the Kubernetes cluster.
  ** *Tier 2 ingress* – Citrix Ingress Controller running as a sidecar along with Citrix ADC CPX instance inside the Kubernetes cluster.
  
  *Note*: You can view Tier 1 ingress and Tier 2 ingress only if you have configured two-tier architecture (tier 1 ADC as MPX/VPX/SDX/BLX and tier 2 ADC as CPX) in the Kubernetes cluster. For any other configuration, you can view only a single ingress.
  
  For more information, see [https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/application-analytics-and-management/ingress-details.html]
  
  [ NSADM-53755 ]

• Title: View Post Body violation report in Security Insight
  
  In *Security Insight*, you can now view Post Body Limit violation report. If the Post Body limit exceeds the limit for a particular request that is configured in ADC Appfw profile, Citrix ADM generates a report.
  
  [ NSADM-52943 ]

• Title: Active sessions, terminated sessions, and logout reasons information in Gateway Insight
  
  In Gateway Insight, you can now view the following enhancements for the gateway users. As an administrator, these enhancements enable you to get a complete user information when you export the report. Navigate to *Analytics > Gateway Insight > Users* and select a user to view:
  * The user *Active Sessions* and *Terminated Sessions*.
  * The gateway domain name and gateway IP address in *Active Sessions*.
  * The user login duration.
  * The reason for the user logout session. The logout reasons can be:
  ** Session timed out
  ** Logged out because of internal error
  ** Logged out because of inactive session timed out
  ** User has logged out
  ** Administrator has stopped the session
  
  [ NSADM-52764 ]

• Title: View metrics in Gateway Insight
  
  In *Gateway Insight*, you can now view the following enhancements:
  * *User details* - You can view insights for each user associated with the ADC Gateway appliances. Navigate to *Analytics* > *Gateway Insight* > *Users* and click a user to view insights for the selected user such as Session Mode, Operating System, and Browsers.
  * *Users and applications for the selected gateway* - Navigate to *Analytics* > *Gateway Insight* > *Gateway* and click a gateway domain name to view the top 10 applications and top 10 users that are associated with the selected gateway.
  * *View more option for applications and users* – For more than 10 applications and users, you can click the more icon in Applications and Users to view all users and applications details that are associated with the selected gateway.
  * *View details by clicking the bar graph* – When you click a bar graph, you can view the relevant details. For example, navigate to *Analytics > Gateway Insight > Gateway* and click the gateway bar graph to view the gateway details.
  
  [ NSADM-52763 ]

• Title: App Security Violations - Network
  
  In *App Security Violations,* you can now view *Bleichenbacher Attack* under the *Network* violation category. For more information, see [https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/analytics/security/network-violations.html%23bleichenbacher-attack]
  
   
  
  [ NSADM-49468 ]

• Title: App Security Violations - Network
  
  In *App Security Violations,* you can now view *HTTP Desync Attack* under the *Network* violation category. For more information, see [https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/analytics/security/network-violations.html%23http-desync-attack]
  
  [ NSADM-46460 ]

• Title: Bot insight - TPS based detection
  
  In Bot insight, you can now view bot traffic occurred through TPS based detection. Navigate to *Analytics > Security > Bot Insight* to view the following TPS Bot categories:
  * SourceIP
  * Geo Location
  * Host
  * URL
  
  For more information, see https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/analytics/bot-insight.html%23view-bots
  
  [ NSADM-37461 ]

Management and Monitoring

• Title: Autoscale group applications in Azure support UDP traffic
  The Autoscale group applications that are in Azure can now receive UDP traffic. When you configure an application to the Autoscale group, select the UDP protocol and port value to allow UDP traffic.
  
  For more information, see the following links:
  
  AWS - https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/hybrid-multi-cloud-deployments/autoscale-for-aws/autoscale-for-aws-configuration.html%23configure-application-using-stylebooks
  
  Microsoft Azure - https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/hybrid-multi-cloud-deployments/autoscale-for-azure/autoscale-for-azure-configuration.html%23step-5-configure-an-application-for-the-autoscale-group
  
  [ NSADM-53288 ]

• Title: Support for Authentication, authorization, and auditing polling and network reports
  Citrix ADM now polls authentication, authorization, and auditing event counters from an ADC instance and allows you to visualize their trend on the Network Reporting dashboard.The ADM GUI includes the following Authentication, authorization, and auditing network reports to create the dashboard:
  - HTTP Authentication Success vs Failures
  - Non-HTTP Authentication Success vs Failures
  - Authentication, authorization, and auditing Sessions
  - Current Authentication, authorization, and auditing Sessions
  - Current ICAOnly Sessions
  - Current ICAOnly Connections
  - Current ICA(SmartAccess) Connection
  - Authentication Success and Failures
  
  Select the required reports in the Select Reports tab when you create a network dashboard.
  
  [ NSADM-52769 ]

Orchestration

• Title: Support for OpenStack Rocky
  Citrix ADM now supports OpenStack version Rocky.
  
  [ NSADM-34232 ]

StyleBooks

• Title: Associate StyleBook tags with their configuration pack
  In StyleBooks, labels are now called tags and they come with added functionalities. You can associate the tags with their configuration pack and search the configuration pack using the tags.
  When you create a configuration pack, use one the following options in the Tag Association section:
  - Associate all present and future StyleBook tags with the configuration: this option associates all the StyleBook tags to a configuration pack. It also associates the new tags that you might add to the StyleBook in the future.
  - Select tags: this option displays the tags of a selected StyleBook. You can select the required StyleBook tags and associate them with a configuration pack.
  
  For more information, see [https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/stylebooks/how-to-view-stylebooks.html%23create-a-tag-for-the-stylebook]
  
  [ NSADM-53600 ]

• Title: View users who created or updated a StyleBook configuration
  IIn StyleBooks > Configurations, a new column is added that displays the user who created or last updated the configuration pack. If you want to filter configuration packs by users, select the Created By option from the properties list to filter configuration packs.
  
  [ NSADM-52336 ]

• Title: StyleBooks support conditional parameters
  
  You can now dynamically control a parameter’s appearance or its initial value in the StyleBook configuration form based on the value specified in another parameter. To do so, use *dependent-parameters* attribute in the parameter definition. This attribute is newly added as a new *gui* sub-attribute. Specify this attribute on a source parameter that controls the parameter’s behavior on the form. You can include multiple conditions. For example, a source parameter _protocol_ can have a dependent-parameter _certificate_, which only appears if _protocol_ parameter value is _SSL_.
  
  Each condition can have the following attributes:
  * *target-parameter*: Specify the target parameter to which this condition applies.
  * *matching-values*: Specify the list of values of the source parameter that trigger the action.
  * *action*: Specify one of the following actions on the targeted parameter:
  ** ‘read-only`: The parameter is made read-only.
  ** ‘show’: The parameter appears in the form if it is hidden.
  ** ‘hide’: The parameter is removed from the form.
  ** ‘set-value’: The parameter value is set to the value specified in the value attribute
  * *value*: The value of the target parameter if action is ‘set-value’.
  
  When a user input matches the specified values on the source parameter, the target parameter’s appearance or value changes according to the specified action.
  
  For more information, see https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/stylebooks/stylebooks-grammar/parameters-section.html%23dependent-parameters
  
  [ NSADM-52329 ]

• Title: Select multiple target instances at one time
  When you create a configuration pack, you can select multiple target instances at one time. Earlier, you could select only one instance at one time.
  
  [ NSADM-50115 ]

User Interface

• Title: Export ADM reports in a tabular format
  You can now export ADM reports in a tabular format or a snapshot. You can also choose how many data records to export in a tabular format. Earlier, you could export reports only as a snapshot.
  
  For more information, see [https://docs.citrix.com/en-us/citrix-application-delivery-management-service/setting-up/export-or-schedule-export-reports.html]
  
  [ NSADM-52461 ]

• Title: Generate network reports for load-balancing service groups
  You can now create a network-reporting dashboard for both load-balancing service groups and services. Earlier, you were able to create a dashboard for load-balancing services only.
  This dashboard can display the following reports for the selected service groups:
  - Connections: for the client and server connections counters.
  - Throughput: for request and response bytes counters.
  - Time to First Byte (TTFB): for average time taken to send a request packet to a service group and receive the first packet from the service group. This response time is called as TTFB.
  
  For more information, see https://docs.citrix.com/en-us/citrix-application-delivery-management-software/13/networks/network-reporting.html
  
  [ NSADM-51596 ]

• Title: View ADC FIPS instance pool under the Pooled Capacity page
  The ADC FIPS instances can now check out licenses from the FIPS instance pool. Therefore, the ADM GUI displays the allocated pooled licenses to FIPS instances under Networks > Licenses > Bandwidth Licenses > Pooled Capacity page.
  
  [ NSADM-51207 ]

• Title: View the instance distribution by their minor versions
  
  The Instance Dashboard now displays the managed instances’ distribution by their minor versions. The Version graph helps you visualize the device count for every minor versions.
  
  [ NSADM-42183 ]

Analytics

• The ADM consumes high CPU when the following conditions are met:
  
  -  Enable HDX and Gateway insights on ADC instances.
  -  The ADM server receives a high traffic.
  
  With this fix, logs causing high CPU consumption are disabled by default.
  
  [ NSHELP-23736 ]

• In HDX Insight, sometimes, you might not be able to see the required data. This issue occurs when user details have fields with UTF-8 characters, which results to failure in inserting data to database.
  
  [ NSHELP-23568 ]

• In HDX Insight > Instances, the host name sometimes displays the secondary ADC node host name instead of primary ADC node.
  
  [ NSHELP-23211 ]

Management and Monitoring

• The SDX backup file is corrupted when you repack it. This issue occurs only if the backup file has no password.
  
  [ NSHELP-24168 ]

• When you restore the ADM high-availability deployment, the ADM database fails to restore.
  
  [ NSHELP-23773 ]

StyleBooks

• The ADM GUI fails to display StyleBooks for the users who meet the following conditions:
  -  Log in using an external authentication.
  -  Associate with more than 100 user groups.
  
  [ NSHELP-24242 ]

• In a configuration pack, you cannot specify a CIDR value along with an IP address. This issue occurs for the instance configuration that accepts a CIDR value.
  
  Example: The "trustedlearningclients" parameter of the "appfwprofile_trustedlearningclients_binding" component cannot accept a CIDR value while creating a configuration pack.
  
  [ NSADM-59295 ]

• The update operation on a configuration pack fails if the following conditions are met:
  * The instance used to deploy the configuration pack is removed.
  * The instance is re-added with the same IP address.
  
  [ NSADM-54909 ]

• When you upload a new signature file to a configuration pack, the update operation fails.
  
  [ NSADM-54588 ]

User Interface

• When you poll multiple entities, the ADM GUI incorrectly displays the following message:
  
  "Entity polling initiated successfully."
  
  With this fix, the message is replaced as follows:
  
  "Entity polling completed successfully."
  
  [ NSHELP-24448 ]

• An Onboarding page to add instances to ADM was presented to new users even if the user is not authorized to manage ADC instances. User always has to skip the flow and move forward to use ADM. This behaviour now has been changed to skip the default landing page if the user is not authorized to any instances.
  
  [ NSHELP-24322 ]

Management and Monitoring

• Memory consumption of an ADM primary node crosses 80% because of the ADM high-availability monitoring process "mas_hb_monit".
  
  [ NSHELP-22071 ]

• When the secondary node of a Citrix ADM high-availability pair is down, forced failover is allowed.
  
  [ NSADM-30424 ]

Orchestration

• When you create a member on OpenStack Lbaas using ADM orchestration, the member creation fails on OpenStack intermittently. This issue happens when a proxy request from ADM to orchestration services times out after 30 seconds.
  
  With this fix, the request timeout for orchestration APIs has increased to 120 seconds.
  
  [ NSHELP-21490 ]

• If you are using OpenStack Queens for LBaas workflow, the Load Balancing virtual server is not bound to Content Switching virtual server. This issue impacts the traffic.
  Workaround:
  1. Create a pool with Load Balancing virtual server.
  2. Create a listener with the pool ID.
  If you already have a listener, update the listener with the pool ID.
  
  [ NSADM-36631 ]

StyleBooks

• When you deploy ADM for the first time, the ADM GUI fails to display the default StyleBooks.
  
  Workaround:
  
  Upgrade ADM to the same build version.
   
  
  [ NSADM-58681 ]