Mastering NetScaler Console: Zero to hero in 31days - Day 6

Upgrade advisor

Hello, my name is Andrew and I tend to get a lot of questions about NetScaler Console. The purpose of this series is to offer some pointers on what it is, what it can offer and why you should take some notice. This is the sixth post in a set which is designed to cover the top topics that will get you trained up.

Knowledge is power, right? 📖📖📖📖

31 days seems an arbitrary number. Naturally, I need to complete this before you all head off on holiday!

Today is all about NetScaler Console Upgrade advisor.

How does this normally come up?

I spoke with Customer X, we talked at length about the various NetScaler’s they will be deploying. During the discussion, I typically ask something like this:

As you have a few NetScaler’s in this setup, what tools do you have to help with the management of the firmware versions that the instances are running in this design?

The answer is NetScaler Console. The next question might require a focus on the options to perform some of the day-to-day management on their instances when they are located in several different DCs a customer has. The more instances that are in play, the more of an overhead this could be. This piece will show you how that can be achieved with NetScaler Console, whichever flavour you have( on-premises or service).

Who would be interested in this?

Any Network Admin with multiple NetScaler’s deployed, or any customer looking at the new Universal hybrid Multi-cloud (UHMC from now on) offering from Cloud Software Group.

UHMC needs NetScaler Console to provide the licensing function to the NetScaler appliances. It is not optional, it's a requirement. One of the big benefits of UHMC is that customers can take a look outside the Citrix bubble and maybe look at new use cases for NetScaler.

Mastering sounds 'heavy'?

Ultimately, this is substack, who would be crazy enough to write technical content on this platform? 

What are the key tasks I need to keep tabs on?

The last few posts have covered Infrastructure analytics and the SSL Dashboard, what else would a NetScaler admin need to know or do? The appliance runs software, typically called ‘firmware’. This needs to be updated and changed from time to time to add new features, provide updates, address security vulnerabilities and bugs. It can get updated every six weeks or so. The updates are less frequent for something like 13.0 (below), as it approaches EOL.

NetScaler has families of firmware versions that have a 3+3+1 year release cycle.

• 3 years for feature additions

• 3 years for maintenance

• 1 year of just security updates

As of today there are three families

• 13.0 - maintenance phase - will be EOL next month

• 13.1 - maintenance phase

• 14.1 - feature phase

For example, if I needed a feature only in 14.1 today, as some things are, then that would be my build to deploy. If that was not the case, I might go with 13.1, as it does all I need it to do. In some cases, 13.1 has fewer changes than an equivalent 14.1 release, as it only has maintenance updates (bugs and security fixes). The fewer the changes tend to drive a higher stability, hence the choice.

The key question is: What do I have deployed?

This is where the upgrade advisory comes in, it can tell you what you have where.

What does it look like?

Upgrade Advisor main screen

It breaks out the various families of firmware and offers links to release notes, some great bedtime reading! Release notes tell you what is new and changed and also what has been fixed. The Release notes link can be handy if there is a feature that is need some some specific capability, the view can show that there are some boxes that need to get updates.

As shown here:

Upgrade Advisor also has a direct big blue button, to give the admin a way to upgrade a number of appliances with a workflow. The small gold markers give the admin an indicator of what is ‘most downloaded’.  There are also some clear dates for end of maintenance and end of life.

There are a few links to choose from, here are instances nearing EOL, just one appliance.

EOL view

Here is a different view: Instance selection for upgrade

Quite a few need updates here.

Tracing what release are deployed and when those builds are coming to a change in status(feature, maintenance or life) allows the admin to keep track of the estate.

If it is not clear, here is a scenario.

Bob and Alice have been using NetScaler Console Service in the scenarios for the last few days. 

Alice wants Acme to have better SSL performance of the following encryption algorithms. She knows this enhanced for NetScalers running on Intel processors that support Intel AVX-512

• RSA 2048/4096

• ChaCha20-Poly1305

• AES-GCM

She asks Bob, which appliances are running 14.1-21.57? Alice is all over the encryption standards. 

Bob confirms that there are some that need a 14.1 update and schedules the necessary work with Console. Happy days, as this allows Bob and Alice to focus time on other tasks that are important to Acme.

The Call to Action

Let me know if this piece raises any questions/comments, drop them into the space below. I will endeavour to answer directly or update the post to better address the question(s).

Summary

Buckle up. The NetScaler Console is the best tool for many different jobs when working in conjunction with the NetScaler Appliance. They are the perfect tag team. 🤼. The NetScaler Console can offer a one-stop shop to see all your appliances from one place, and track which of those need updates and potentially which you can leave alone.

Let me show you how to make the most of it!

Have a good one.