Oldie but goldie! Reminder that this feature still applies to latest Citrix ADC (formerly NetScaler ADC) versions.
Hypervisor, at least VMware and Citrix Hypervisors, might be reporting high CPU for the Citrix ADC or Gateway VPX instances.
If you check actual CPU on the Citrix ADC Dashboard, the CPU shows normal. But newly deployed VPX instance without real load on hypervisor shows high CPU and spikes to 90% and above on the hypervisor.
This is an expected behavior with latest Citrix ADC builds. With version NetScaler 11.1 and earlier VPX was sharing CPU with other VMs. From Citrix ADC 12.0 and later version, VPX will not share CPU by default.
In case you want to over-ride it, you can use CLI command to enable yield:
Display the current vpxparam settings:
show ns vpxparam
Allow each VM to use CPU resources that have been allocated to another VM but are not being used:
set ns vpxparam -cpuyield yes
YES: Allow allocated but unused CPU resources to be used by another VM. NO: Reserve all CPU resources for the VM to which they have been allocated. This option shows higher percentage in hypervisor for VPX CPU usage. DEFAULT: NO
Sometimes, especially when NetScaler appliance has been upgraded from previous much older version, could happen that ssh daemon won’t start anymore. This leads to the issue, that you can’t connect to NetScaler management console via SSH or SFTP anymore. Troublehooting this, log in to the NetScaler virtual appliance console from hypervisor or if physical appliance using console port and go to NetScaler Shell. Let’s see if sshd is running or not;
Run: root@NSVPX01# ps ax | grep sshd
If daemon is running, you’ll see ( my example):
5889 ?? Is 0:00.01 /usr/sbin/sshd -f /etc/sshd_config 5910 ?? Ss 0:00.10 sshd: nsroot@pts/0 (sshd) 5931 ?? Ss 0:20.92 sshd: nsroot@notty (sshd)
But, if you can’t see it running, let’s start to troubleshoot it…
In my case I got an error (yours might be different, but sshd config file still could be faulty):
“/etc/ssh/sshd_config line 10: Deprecated option UsePrivilegeSeparation“
So, I need to edit ssh daemon configuration file in etc/sshd_config, because of NetScaler and not normal Linux OS, we have to use lovely VI editor 🙂
Run: root@NSVPX01# cd /etc/ Run: root@NSVPX01# vi sshd_config
In my case I commented out line: “UsePrivilegeSeparation no” to “#UsePrivilegeSeparation” because The UsePrivilegeSeparation is no longer supported (recent SSHD always runs with previlege separation), so I removed this option from the default config and saved configuration file.
Citrix Cloud Service On-boarding and Cloud Connectors Guide
I delivered project to consolidate global multi-site on-premises environments
in to one and migrate it to the Citrix Cloud Services. This time it included
multiple different vendor’s Enterprise Mobile Management solutions (XenMobile,
Workspace ONE, etc.) and Citrix ADCs (NetScalers). Multiple different MDM
solutions migrated in to Citrix Endpoint Management service in to Citrix Cloud.
not going to go any more technical details regarding different vendor’s
products as this time this is not meant to be technical post, (that will come
later!), but rather I walkthrough process how to get on-boarded in to Cloud
Service and install Citrix Cloud Connector.
Cloud services simplify the delivery and management of Citrix technologies,
helping you to extend existing on-premises software deployments or move one
hundred percent to the cloud. Create and
deploy secure digital workspaces in hours, not weeks, while placing your
sensitive app, desktop and data resources on any cloud or hybrid cloud.
There is two different approach for Citrix
Cloud Services, Transition and Migration. I’m focusing now on this post in to
Transition approach, as the Migration approach always requires to engage Citrix
Sales and Professional Services who helps to migrate databases etc. from
Migration advantages are to copy current
configuration, databases, etc. as it is and like for XenMobile, users are not
required to re-enroll their devices again in to cloud service. Migration will
be seamless for the users.
Transition approach is a clean new services
will be created in Citrix Cloud from scratch and users will be migrated to use
the new cloud based services. It has advantages like housekeep and inventory of
current environment, but also current on-premises environment and cloud
services parallel during user migration. Disadvantage could be require to build
a new/similar environment from the scratch, which still is not always disadvantage.
Both approaches have its advantages and
challenges and needs to be carefully chosen based on customer requirements,
scenarios and products to be migrated.
Everything starts from the assessment, gather
current on-premises environment details, use cases, expectations, prerequisites
and limitations. Then decide right on-boarding method for the customer.
Next step is to subscribe the Cloud Service
platform and get it up and running, ready to be for a new service or for
migration of current services.
Go to the Citrix Cloud On-boarding website:
https://onboarding.cloud.com/ and use current citrix.com account details or
register there depending if it is a new or existing customer.
Other helpful method is to get in contact to
Citrix Sales Engineer in your region and ask them to advice.
After successfully registration customer are
able log in to: https://cloud.citrix.com/ and request service trials. This is
the portal in where to manage all Citrix Cloud Services, open service tickets,
Customer can click Request Trial
to formally request a trial for the services. Once the customer
requests the trial it must be approved by the Cloud Services Rapid Deployment
Team or Cloud Product manager.
Citrix Cloud Connector
After successfully requested trials and got
them up and running, first thing probably would be to connect Cloud Services to
on-premises for Active Directory user authentication etc.
The Citrix Cloud Connector is a Citrix
component that serves as a channel for communication between Citrix Cloud and
on-premises resource locations, enabling cloud management without requiring any
complex networking or infrastructure configuration. This removes all the hassle
of managing delivery infrastructure. It enables customer to manage and focus on
the resources that provide value to your users. E.g. Active Directory
authentication from Cloud Services to on-premises domain. Cloud Connectors also
replaces Virtual Apps and Desktops Desktop Delivery Controllers (DDC) role and
acts as the control point for the VDA’s on-premises.
The Virtual Apps and Desktops and Citrix
Endpoint Management services requires the Cloud Connector for enterprise connectivity
to the Endpoint Management service.
Cloud Connector is a small software
cwcconnector.exe to be installed to domain joined on-premises Windows Server.
Two servers are recommended to be installed for sake of High-Availability.
Download Cloud Connector software from the
Cloud Portal Resource Locations page.
NOTE: Do not install the Cloud Connector, or any
other Citrix components, on an Active Directory domain controller.
Do not install the Cloud Connector on
machines that are part of other Citrix deployments (for example, Delivery
Controllers in a Virtual Apps and Desktops deployment).
Controller Technical Requirements
Supported on Windows Server
2012 R2 and Windows Server 2016.
.NET Framework 4.5.1 or
Active Directory (AD): Join
the machine to an AD domain that contains the resources and/or users for the
workspaces (Active Directory schema versions 2008 R2 and later are supported).
Networking: Connect the
machine to a network that can contact the resources in the Resource Location.
These resources provide the services of the cloud workspace. The machine must
have a connection to the internet.
Make sure the clock on the
server has the correct time. Otherwise, you cannot connect to the cloud.
The connector requires
outbound connectivity on port HTTPS 443.
Cloud Connector Install Instructions
Log on as an administrator to the machine where
you will install the Cloud Connector. The machine should have Windows Server
2012 R2 or Windows Server 2016 installed, be joined to a domain, and have
outbound Internet access. (HTTPS 443)
From the menu button in the upper left corner,
On the Resource Locations page, click Download to
download the Cloud Connector software.
Launch the Cloud Connector installer. The
installer performs an initial connectivity check to ensure you can connect to
When prompted, sign in to Citrix Cloud.
Follow the wizard to install and configure the
Cloud Connector. When the installation finishes, the installer performs a final
connectivity check to verify Connector-to-Cloud communication.
Repeat these steps on additional machines you
want to use as Cloud Connectors.
After installation go back to the Cloud Portal
and Resource Locations, you should see the Cloud Connector successfully
The Cloud Connector
authenticates and encrypts all communication between Citrix Cloud and on-premises
resource locations. Once installed, the Cloud Connector initiates communication
with Citrix Cloud through an outbound connection. All connections are established
from the Cloud Connector to the cloud using the standard HTTPS port (443) and
the TCP protocol. No incoming connections are accepted.