Release Notes for Citrix ADM 13.0-71.40 Release

This release notes document describes the enhancements and changes,fixed and known issues that exist for the Citrix ADM release Build 13.0-71.40.

Notes

  • This release notes document does not include security related fixes. For a list of security related fixes and advisories, see the Citrix security bulletin.

What's New

The enhancements and changes that are available in Build 13.0-71.40.

Analytics

  • Feature: Analytics
    Gateway Insight Improvements to view all users active and terminated sessions

    In Analytics > Gateway Insight > Users > Gateway Users, you can now visualize a consolidated view of all users active and terminated sessions.

    As an administrator, this improvement enables you to:

    • View all users details in a single-pane visualization.
    • Eliminate the complexity in selecting each user and seeing the active and terminated sessions.
    [ NSADM-60800 ]

  • Improvements to service graph

    In Applications > Service Graph, you can now view the following enhancements:

    1. The service graph page has three tabs:

    Global: Displays the service graph for applications across all Citrix ADC instances

    Web Apps: Displays the service graph for 3-tier web applications (load balancing, content switching, and GSLB)

    Microservices: Displays the service graph for Kubernetes microservices

    Click each tab to view the respective service graph.

    2. From the global service graph, you can access the microservice details. Clicking a service and selecting the option redirects to its respective GUI.

    3. The microservices service graph has a search bar where you can place the mouse pointer and select the following categories to filter the results:

    • Client Geo Location: Displays the ingress and its services that the client is accessing
    • Ingress-IP: Displays all services associated with the ingress
    [ NSADM-57696 ]

  • Feature: Analytics
    HDX Insight Improvements to view all users active and terminated sessions

    In Analytics > HDX Insight > Users, you can now visualize a consolidated view of all users active and terminated sessions.

    As an administrator, this improvement enables you to:

    • View all users details in a single-pane visualization.
    • Eliminate the complexity in selecting each user and seeing the active and terminated sessions.
    [ NSADM-57685 ]

  • Improvements to App Dashboard

    You can now view the following enhancements in App Dashboard:

    • In the search bar, you can filter results based on the virtual server IP address.
    • You can get a list of applications impacted with a specific issue, by choosing the issue type (Performance, Instance Health, Config, and System Resources) from the filter.
    • The tabular view enables you to select a 500 rows or 1000 rows option to display maximum number of applications. Note: If you select a 500 rows or 1000 rows option, Citrix ADM takes approximately 20 seconds to display all applications. After all applications get loaded, you can select the graph view option.
    • By default, you can view applications that are in Critical, Review, and Good status. To view applications that are in N/A status, you must select Not Applicable under the filter.
    • In the Server Response Time issue, you can view anomaly details, after selecting the virtual server.
    [ NSADM-57049 ]

  • Feature: Networks
    Network Functions - Addition of App Security column

    In Networks > Network Functions > Load Balancing and Content Switching, you can now view the App Security column. As an administrator, you can analyze if the virtual servers are bound with:

    • WAF Virtual server is configured with App Firewall policy and displays the WAF related security violations.
    • Bot Virtual server is configured with bot policy and displays the bot related security violations.
    • Bot, WAF Virtual server is configured with both bot and App Firewall policies, and displays both bot and WAF related security violations.
    • None Virtual server is not configured with either App Firewall or bot policies.
    [ NSADM-54300 ]

  • Feature: Analytics

    Security Insight View SQL Injection Grammar violation

    In Security Insight, you can now view a new violation type, SQL Injection Grammar. To generate the SQL Injection Grammar violation in Security Insight, you must configure the following commands in the Citrix ADC instance:

    1. add ns ip <IP> <subnet mask> -type SNIP

    2. add lb vs http_vs http <VS_IP> 80

    3. add service http_svc <SVC_IP> http 80

    4. bind lb vs http_vs http_svc

    5. add appfw profile abc -startURLAction none -SQLInjectionGrammar ON -SQLInjectionType None

    6. set appfw settings -defaultProfile abc

    For more information, seehttps://docs.citrix.com/en-us/citrix-application-delivery-management-software/current-release/analytics/security-insight.html

    [ NSADM-52870 ]

  • Feature: Applications
    App dashboard Select the App Score components and configure thresholds

    In App Dashboard, as an administrator, you can now decide to select the app score components and configure thresholds for app score calculation. App Score is the scoring system that defines:

    • How well an application is performing
    • Whether the application is performing well in terms of responsiveness

    Navigate to Applications > Dashboard and then select the settings icon. In the Configure App Score page, you can select the components and configure thresholds to determine the final app score.

    For more information, see https://docs.citrix.com/en-us/citrix-application-delivery-management-software/current-release/application-analytics-and-management/app-score.html

    [ NSADM-52142 ]

Management and Monitoring

  • SavetheADCconfigurationbefore an upgrade

    When you create an upgrade job for an ADC instance, you can now save the running ADC configuration before upgrading the instance.SelecttheSaveADCconfigurationbeforestartingtheupgrade optionunderthe CreateJobtab.

    [ NSADM-52470 ]

  • MaintainthestatusofADChigh-availabilitynodesafterupgrade

    When you create an upgrade job for an ADC high-availability pair, a new option Maintain the primary and secondary status of HA nodes after upgrade appears. This option appears under the Create Job tab. Select this option if you want the upgrade job to initiate a failover after upgrading each node. Earlier, there was no GUI option, and the upgrade job initiated the failover by default, after upgrading each node.

    [ NSADM-47736 ]

Miscellaneous

  • When you navigate to the Networks > Licenses > Bandwidth Licenses > Pooled Capacity page, the Dashboard tab now displays the license grace period of ADC instances.

    [ NSADM-60744 ]

  • GUI option to synchronize database

    If database streaming between the nodes in an HA deployment fails, now you can click the Sync Database tab under System > Deployment > High Availability Deployment in the ADM GUI, to restore the database. Previously, you were able to synchronize database only by running a script in the ADM secondary node.

    [ NSADM-56889 ]

  • Configure an ADM server only as a pooled license server

    As an administrator, you can now configure an ADM server only as a pooled license server. This configuration helps when you have regulatory mandates to restrict the ADC data within a zone. As a global license server, ADM receives only licensing data from your ADC instances. Using ADM, you can dynamically allocate pooled capacity licenses across your globally deployed ADC instances.

    [ NSADM-47930 ]

StyleBooks

  • Feature: StyleBooks

    WAF StyleBooks support a new attribute inADC appfwprofile

    The Web Application Firewall StyleBooks now support the appfwprofile_crosssitescripting_binding object in ADC appfwprofile. This option appears under the URL option when you create a configuration pack.

    [ NSADM-58975 ]

  • Export or import configuration packs

    You can now export or import configuration packs as files on your local machine. With this feature, you can readily share the StyleBook configuration to another ADM server or archive it for the future use.

    When you export a configuration pack, a `tgz` or `zip` bundle downloads to your local machine. This bundle includes a JSON file with all the parameters defined in the configuration pack. It also contains target ADC instances' information if specified during the export. For the configuration pack of a custom StyleBook, you can also include the custom StyleBook and its dependencies in the export bundle. You can optionally specify a passphrase to encrypt the export bundle. This passphrase secures the sensitive data of the configuration pack.

    You can import a configuration pack from your local machine to the same or different ADM server. To import a configuration pack, use the passphrase if you have specified during the export.

    [ NSADM-57935 ]

User Interface

  • GrantnewStyleBook permissionstousers
    As an administrator, whenyoucreateanaccesspolicy,youcannowgrantnewStyleBook permissionsto users suchasimport,delete,download,andmore.Todoso,navigatetoSystem>UserAdministration>AccesspoliciesandclickAdd.Earlier,youwere abletoselect only viewandeditpermissions.

    [ NSADM-57672 ]

  • Run custom scripts at the different ADC upgrade stages
    The custom scripts are used for validations before and after an ADC instance upgrade.These scripts help you make sure the upgrade has not affected the ADC configuration or traffic patterns. The execution report includes the output of these scripts. And, it is sent to the configured email distribution list.
    An instance upgrade has multiple stages. You can now specify these scripts to run in the following stages:

    • Pre upgrade: The specified script runs before upgrading an instance.
    • Post upgrade pre failover (applicable for HA): This stage only applies to the high-availability deployment. The specified script runs after upgrading the nodes, but before their failover.
    • Post upgrade (applicable for standalone) / Post upgrade post failover (applicable for HA): The specified script runs after upgrading an instance in the standalone deployment. In the high-availability deployment, the script runs after upgrading the nodes and their failover.

    With this feature, you can check the changes occurred at every instance upgrade stages. Ensure to enable script execution at the required stages. Otherwise, the specified scripts do not run.

    You can import a script file or type commands directly in the ADM GUI. In the post upgrade stages, you can also use the same script specified in the pre-upgrade stage.

    [ NSADM-56649 ]

  • Feature: Analytics

    Improvements to Gateway Insight

    In theGateway Insight > Users page, the license information is now removed.

    [ NSADM-53494 ]

Fixed Issues

The issues that are addressed in Build 13.0-71.40.

Analytics

  • When you generate a report in Analytics > HDX Insight > Applications > <App Name>, the report displays incorrect total launched users for the selected duration.

    [ NSHELP-25483 ]

Management and Monitoring

  • When you upgrade Citrix ADM to 13.0 67.42 build, the disk consumption increases and the Postgres stops.

    [ NSHELP-25563 ]

  • When you upgrade ADM to 13.0 67.42 build, the upgrade process fails and the GUI is not accessible.

    [ NSHELP-25449 ]

  • Citrix ADM sends multiple email notifications if some virtual servers are not licensed.

    [ NSHELP-25266 ]

  • In System > User Administration > Groups, if an external user is part of multiple groups and no application is selected for one or more groups, the external user is unable to view the virtual server or other entities.

    [ NSHELP-25181 ]

  • In Citrix ADM, the Citrix ADC backup files transfer through external windows SFTP server is not working as expected.

    [ NSHELP-25177 ]

  • In System > User Administration > Groups, when you add or edit a group with SDX instances, it takes a longer than usual to create or modify the group.

    [ NSHELP-25081 ]

  • Citrix ADM inventory process in agent stops to respond while sending data to the ADM server.

    [ NSHELP-24944 ]

  • If the database synchronization lag with the ADM disaster recovery node is more than 10 MB, ADM generates alert every five minutes.

    [ NSADM-60545 ]

Miscellaneous

  • On the Citrix ADM GUI, the checked out licenses for a Citrix ADC SDX appliance are not displayed in the pooled capacity dashboard if the following conditions are met:

    • Citrix ADM is configured as the pooled licensing server on the SDX appliance.
    • The SDX appliance is running software version earlier to 13.0-61.x.
    [ NSHELP-25299 ]

  • Citrix ADM sends undesired traffic to AWS because of a dummy client.
    With this fix, the creation of the dummy client is disabled.

    [ NSHELP-24006 ]

  • ADM GUI page disappear if refresh during ADM Database configuration migration.

    Deleted old database from secondary ADM (/var/mps/db_pgsql9)

    [ NSADM-61600 ]

StyleBooks

  • WhenyouapplytwodifferentSSLcertificatestothesameSSLvirtualserver in an ADC instance,thelastappliedcertificateoverridesthefirstcertificate.Therefore,theconfigurationauditfails in the ADM GUI.

    [ NSHELP-24912 ]

  • AfteryouupgradeADMfromthe13.0.47.xxto13.0.64.xxversion,theexistingconfigurationpacksdisplayaninvalid dateinthe"CreatedAt"field.

    [ NSADM-62160 ]

  • When you edit a configuration pack to replace a signature file on an ADC instance, the ADM fails to update the changes. This issue occurs if you manually delete the signature file from the ADC instance.

    [ NSADM-60226 ]

User Interface

  • In Networks > Events > Event Summary, when you click any Citrix ADC SDX-related events, the GUI redirects to the Event page but does not display any data.

    [ NSHELP-25630 ]

  • User sessions view in Desktop Director shows server timezone. With this fix, the timezone displays according to the user configured timezone.

    [ NSHELP-25576 ]

  • In Networks > Syslog messages, when you apply filter in the search bar and export the report in CSV format, the report displays all syslog messages.

    [ NSHELP-25524 ]

  • In Network> SSL Dashboard> SSL Files on Citrix ADC, the Download option is disabled.

    [ NSHELP-25394 ]

  • In Networks > Infrastructure Analytics, for some instances, the value for Throughput displays 0.

    [ NSHELP-25360 ]

  • In Networks > Infrastructure Analytics, for some instances, the value for Throughput displays 0.

    [ NSADM-62521 ]

  • When you allocate licenses to unmanaged instances, license allocation percentage appears incorrectly in the donut chart.

    [ NSADM-60798 ]

Known Issues

The issues that exist in release 13.0-71.40.

Management and Monitoring

  • When you create or edit an email distribution list, the "Invalid email address" error appears after entering the email address.

    [ NSHELP-25905 ]

  • The ADM GUI displays the removed cluster node if the following conditions are met:

    • The cluster node is removed manually.
    • The cluster is rediscovered in ADM.

    Remove the whole cluster in ADM and add it again.

    [ NSADM-61445 ]

Orchestration

  • Feature: Orchestration
    When you create a member on OpenStack Lbaas using ADM orchestration, the member creation fails on OpenStack intermittently. This issue happens when a proxy request from ADM to orchestration services times out after 30 seconds.

    With this fix, the request timeout for orchestration APIs has increased to 120 seconds.

    [ NSHELP-21490 ]

  • Feature: Orchestration
    If you are using OpenStack Queens for LBaas workflow, the Load Balancing virtual server is not bound to Content Switching virtual server. This issue impacts the traffic.

    1. Create a pool with Load Balancing virtual server.
    2. Create a listener with the pool ID.
    If you already have a listener, update the listener with the pool ID.

    [ NSADM-36631 ]

Top