Product

  documentation  EN  

 | Citrix ADC | Citrix ADC 13.1

System base operations

 May 10, 2022

Contributed C S  
by:
S

IN THIS ARTICLE
How to restart or shut down appliance for unsaved Citrix ADC configurations

How to synchronize system clock with servers on the network

How to configure session timeout for idle client connections

How to set system date and time to synchronize the clock with a time server

How to configure HTTP and HTTPS management ports for internal services

Configure the internal HTTP GUI service by using Citrix ADC GUI, or Citrix ADC CLI, or
Citrix ADC NITRO APIs

Trigger memory recovery by using the command interface

How to allocate extra management CPU for data processing and monitoring

How to backup and restore your appliance to recover lost configuration

How to generate technical support bundle for resolving appliance issues

How to collect the technical support bundle from SDX and VPX appliances for insight
analysis

More Resources

The following configurations enable you to perform system base

operations on a Citrix ADC appliance.

How to view, save, and clear Citrix ADC configuration

Citrix ADC configurations are stored in the /nsconfig/ns.conf

directory . For configurations to be available across sessions, you

must save the configuration after every configuration change.

View running configuration by using the command interface

At the command prompt, type:

Copy 

show ns runningConfig

View running configuration by using the GUI

1. Navigate to System > Diagnostics and, in the View Configuration

group, click Running Configuration.

View the difference between the two configuration files by

using the command interface

At the command prompt, type:

Copy 

diff ns config <configfile> <configfile2>

View the difference between the two configuration files by

using the GUI

1. Navigate to System > Diagnostics and, in the View Configuration

group, click Configuration difference.

Save Citrix ADC configurations by using the command

interface

At the command prompt, type:

Copy 

save ns config

Save Citrix ADC configurations by using the GUI

1. On the Configuration tab, in the top-right corner, click the Save

icon.

View saved configurations by using the command interface

At the command prompt, type:

Copy 

show ns ns.conf

View saved configurations by using the GUI

Navigate to System > Diagnostics and, in the View Configuration

group, click Saved Configuration.

Clear Citrix ADC configuration by using the command

interface

You have the following three options for clearing the Citrix ADC
configuration.

Basic level. Clearing your configuration at the basic level clears all
settings except the following:

Nsroot password

Time Zone

NTP server

ADM server connect

License fie information

NSIP, MIP(s), and SNIP(s)

Network settings (Default Gateway, VLAN, RHI, NTP, and DNS

settings)

HA node definitions

Feature and mode settings

Default administrator password ( nsroot )

Extended level. Clearing your configuration at the extended level clears

all settings except the following:

NSIP and SNIP(s)

Network settings (Default Gateway, VLAN, RHI, NTP, and DNS

settings)

HA node definitions

Feature and mode settings revert to their default values.

Full level. Clearing your configuration at the full level returns all
settings to their factory default values. However, the NSIP and default
gateway are not changed, because changing them can cause the
appliance to lose network connectivity.

At the command prompt, type:

Copy 

clear ns config -force

Example: To forcefully clear the basic configurations on an appliance.

Copy 

clear ns config -force basic

Clear Citrix ADC configuration by using the GUI

Navigate to System > Diagnostics and, in the Maintenance group, click

Clear Configuration and select the configuration level to be cleared
from the appliance.

How to restart or shut down appliance for unsaved

Citrix ADC configurations

The Citrix ADC appliance can be remotely restarted or shut down from
the available user interfaces. When you restart or shut down a
standalone Citrix ADC appliance, the unsaved configurations
(configurations performed since the last save ns config command was
issued) are lost.

In a high availability setup, when the primary appliance is rebooted or

shut down, the secondary appliance takes over and becomes the
primary. The unsaved configurations from the old primary are available
on the new primary appliance.

You can also restart the appliance by only rebooting the Citrix ADC
software and not rebooting the underlying operating system. This is
called a warm reboot. For example, when you add a new license or
change the IP address, you can warm reboot the Citrix ADC appliance
for these changes to take place.

NOTE:

You can perform warm reboot only on a standalone Citrix ADC

appliance.

Restart the appliance by using the command interface

At the command prompt, type:

Copy 

reboot [-warm]

Restart a Citrix ADC appliance by using the GUI

1. In the configuration page, click Reboot.

2. When prompted to reboot, select Save configuration to make sure

that you do not lose any configurations.

NOTE:

You can perform a warm reboot by selecting Warm reboot.

Shut down an appliance by using the command interface

At the shell prompt, type:

shutdown –p now: Shuts down the software and switches

off the Citrix ADC. To restart Citrix ADC MPX, press the AC power
switch. To Restart Citrix ADC VPX, restart the VPX instance.

shutdown –h now: Shuts down the software and leaves the

Citrix ADC switched on. Press any key to restart the Citrix ADC. This
command does not switch off the Citrix ADC. Therefore, do not
switch off the AC power or remove the AC power cables.

NOTE:

You cannot shut down an appliance through the Citrix ADC GUI.

How to synchronize system clock with servers on the

network

You can configure your Citrix ADC appliance to synchronize its local
clock with a Network Time Protocol (NTP) server. This ensures that its
clock has the same date and time settings as the other servers on your
network.

You can configure clock synchronization on your appliance by adding

NTP server entries to the ntp.conf file from either the GUI or the
command line interface, or by manually modifying the ntp.conf file and
then starting the NTP daemon (NTPD). The clock synchronization
configuration does not change if the appliance is restarted, upgraded,
or downgraded. However, the configuration does not get propagated to
the secondary Citrix ADC in a high availability setup.

Citrix ADC GUI allows you to configure the time zone and the NTP
server IP address required for clock synchronization on the first-time-
user (FTU) screen.

NOTE:

If you do not have a local NTP server, you can find a list of public,
open access, NTP servers at the official NTP site,
<http://www.ntp.org> , under Public Time Servers List.
Before configuring your Citrix ADC to use a public NTP server, be
sure to read the Rules of Engagement page (link included on all
Public Time Servers pages).

In Citrix ADC release 11, the NTP version has been updated from
4.2.6p3 to 4.2.8p2.

Pre-requisite

To configure clock synchronization, you must configure the following

entities:

1. NTP servers

2. NTP synchronization.

Add an NTP server by using the command interface

At the command prompt, type the following commands to add an NTP

server and verify the configuration:

add ntp server (<serverIP> | <serverName>)

[-minpoll <positive_integer>] [-maxpoll
<positive_integer>]

show ntp server

Example:

Copy 

add ntp server 10.102.29.30 -minpoll 6 -m

Add an NTP server by using the GUI

Navigate to System > NTP Servers, and create the NTP server.

Enable NTP synchronization by using the command

interface

When you enable NTP synchronization, the Citrix ADC starts the NTP
daemon and uses the NTP server entries in the ntp.conf file to
synchronize its local time setting. If you do not want to synchronize the
appliance time with the other servers in the network, you can disable
NTP synchronization, which stops the NTP daemon (NTPD).

At the command prompt, type one of the following commands:

Copy 

enable ntp sync

Enable NTP synchronization by using the GUI

Navigate to System > NTP Servers, click Action and select NTP
Synchronization.

Configure clock synchronization to edit a ntp.conf file by

using the GUI

1. Log on to the command line interface.

2. Switch to the shell prompt.

3. Copy the /etc/ntp.conf file to

/nsconfig/ntp.conf , unless the /nsconfig

directory already contains an ntp.conf file.

4. For each NTP server you want to add, you must add the following
two lines to the /nsconfig/ntp.conf file:

Copy 

server <IP address for NTP server> ibur

restrict <IP address for NTP server> ma

NOTE:

For security reasons, there should be a corresponding restrict

entry for each server entry.

Example

In the following example, an administrator has inserted # characters

to “comment out” an existing NTP entry, and then added an entry:

Copy 

#server 1.2.3.4 iburst

#restrict 1.2.3.4 mask 55.255.255.255 n

server 10.102.29.160 iburst

restrict 10.102.29.160 mask 255.255.255

5. If the /nsconfig directory does not contain a file named

rc.netscaler , create the file.

6. Add the following entry to /nsconfig/rc.netscaler:

/bin/sh /etc/ntpd_ctl full_start

This entry starts the ntpd service, checks the ntp.conf file, and
logs messages in the /var/log directory.

This process runs every time the Citrix ADC is restarted.

7. Restart the Citrix ADC appliance to enable clock synchronization. Or,

to start the time synchronization process without restarting the
appliance, enter the following commands at the shell prompt:

Copy 

rm /etc/ntp.conf
ln -s /nsconfig/ntp.conf /etc/ntp.conf
/bin/sh /etc/ntpd_ctl full_start

How to configure session timeout for idle client

connections

A session timeout interval is provided to restrict the time duration for

which a session (GUI, CLI, or API) remains active when not in use. For the
Citrix ADC, the system session timeout can be configured at the
following levels:

User level timeout. Applicable to the specific user.

Interface
Time out configuration
type

Navigate to System > User Administration

GUI > Users, select a user, and edit the user’s
timeout setting.

At the command prompt, enter the following

CLI command: set system user <name> -
timeout <secs>

User group level timeout. Applicable to all users in the group.

Interface
Time out configuration
type

Navigate to System > User Administration

GUI > Groups, select a group, and edit the
group’s timeout setting.

At the command prompt, enter the following

CLI command: set system group
<groupName> -timeout <secs>

Global system timeout. Applicable to all users and users from

groups who do not have a timeout configured.

Interface
Time out configuration
type

Navigate to System > Settings, click

GUI Change global system settings, and
update the timeout value as required.

At the command prompt, enter the

CLI following command: set system
parameter -timeout <secs>

The timeout value specified for a user has the highest priority. If
timeout is not configured for the user, the timeout configured for a
member group is considered. If timeout is not specified for a group
(or the user does not belong to a group), the globally configured
timeout value is considered. If timeout is not configured at any level,
the default value of 900 seconds is set as the system session
timeout.

Additionally, you can specify timeout durations for each of the

interfaces you are accessing. However, the timeout value specified
for a specific interface is restricted to the timeout value configured
for the user that is accessing the interface. For example, let us
consider an user “publicadmin” who has a timeout value of 20
minutes. Now, when accessing an interface, the user must specify a
timeout value that is within 20 minutes.

NOTE:

You can choose to keep a check on the minimum and

maximum timeout values by specifying the timeout as
restricted (in CLI by specifying the restrictedTimeout
parameter). This parameter is provided to account for previous
Citrix ADC versions where the timeout value was not
restricted.

When enabled, the minimum configurable timeout value is 5 minutes

(300 secs) and the maximum value is 1 day (86400 secs). If the
timeout value is already configured to a value larger than 1 day,
when this parameter is enabled, you are prompted to change it. If
you do not change the value, the timeout value will automatically be
reconfigured to the default timeout duration of 15 minutes (900
secs) on the next reboot. The same will happen is the configured
timeout value is less than 5 minutes.

When disabled, the configured timeout durations are considered.

Timeout duration at each interface:

Interface
Time out configuration
type

Specify the timeout value on the command

CLI prompt by using the following command:
set cli mode -timeout <secs>

Specify the timeout value in the login

API
payload.

How to set system date and time to synchronize the

clock with a time server

To change the system date and time, you must use the shell interface to
the underlying FreeBSD OS. However, to view the system date and time,
you can use the command line interface or the GUI.

View system date and time by using the command interface

At the command prompt, type:

Copy 

show ns config

View system date and time by using the GUI

Navigate to System and select the System Information tab to view the
system date.

How to configure HTTP and HTTPS management

ports for internal services

In a single-IP mode deployment of a Citrix ADC appliance, a single IP

address is used as NSIP, SNIP, and VIP addresses. This single IP address
uses different port numbers to function as NSIP, SNIP, and VIP
addresses.

Port numbers 80 and 443 are well-known ports for HTTP and HTTPS
services. Earlier, port 80 and 443 of the Citrix ADC IP address (NSIP)
were dedicated ports for internal HTTP and HTTPS management
services. Because these ports were reserved for internal services, you
cannot use these well-known ports for providing HTTP and HTTPS data
services from a VIP address, which has the same address as the NSIP
address in a single-IP mode deployment.

To address this requirement, you can now configure ports for internal
HTTP and HTTPS management services (of the NSIP address) other
than port 80 and 443.

The following lists the default port numbers for internal HTTP and
HTTPS management services in Citrix ADC MPX, VPX, and CPX
appliances:

Citrix ADC MPX and VPX appliances: 80 (HTTP) and 443 (HTTPS)

Citrix ADC CPX appliances: 9080 (HTTP) and 9443 (HTTPS)

Configure HTTP and HTTPS management ports by using

the command interface

You can configure an HTTP and an HTTPS port to any value on the Citrix
ADC appliance to support the HTTP and HTTPS management service.
However, by default, the Citrix ADC appliance uses 80 and 443 ports for
HTTP and HTTPS connection.

At the command prompt, type:

Copy 

set ns param –mgmtHttpPort<port>

Example:

Copy 

set ns param -mgmtHttpPort 2000

To configure an HTTPS port by using the command interface

At the command prompt, type:

Copy 

set ns param –mgmtHttpsPort<port>

Example:

Copy 

set ns param -mgmtHttpsPort 3000

Configure HTTP and HTTPS management ports by using

the GUI

Follow the steps given below to configure HTTP and HTTPS port values:

1. Navigate to System > settings > Change global system settings.

2. In Configure Global System Settings Parameters page, under

Other Setting section, set the following parameters.

a. Management HTTP Port. set port value to 2000. Default = 80,

Min = 1, Max = 65534.

b. Management HTTPS Port. set port value to 3000. Default = 443,

Min = 1, Max = 65534.

Configure the internal HTTP GUI service by using

Citrix ADC GUI, or Citrix ADC CLI, or Citrix ADC
NITRO APIs

On a Citrix ADC appliance, the /etc/httpd.conf is the

configuration file for the internal HTTP GUI service that manages
connections to the Citrix ADC GUI.

Instead of using the httpd.conf file for configuring the internal

HTTP GUI service, you can now use Citrix ADC GUI, or Citrix ADC CLI, or
Citrix ADC NITRO APIs. For example, you can use the Citrix ADC CLI to
modify the maximum number of clients that can connect to the internal
HTTP GUI service at a time.

The internal HTTP GUI service has the following name format: nshttpd-
gui-<loop back IP address>-80

Use the Citrix ADC service command operations to configure the

internal HTTP GUI service.

To modify the internal HTTP GUI service by using the CLI:

Use the set service command. For more information, see set
service.

Use the show service command to verify the configuration.

For more information, see show service.

Sample configuration:

In the following sample configuration, the maxClient parameter is

set to 300 for the internal HTTP GUI service.

Copy 

> sh service nshttpd-gui-127.0.0.1-80

nshttpd-gui-127.0.0.1-80
State: UP
Last state change was at
Time since last state cha
Server Name: #ns-internal
Server ID : None
Max Conn: 0 Max Req
Use Source IP: NO
Client Keepalive(CKA): NO
Monitoring Owner: 0
Access Down Service: NO
TCP Buffering(TCPB): NO
HTTP Compression(CMP): NO
Idle timeout: Client: 180
Client IP: ENABLED cip-he
Cacheable: NO
SC: ???