Mastering NetScaler Console: Zero to hero in 31days - Day 8.5

Config Jobs with audit

Hello, my name is Andrew and I tend to get a lot of questions about NetScaler Console. The purpose of this series is to offer some pointers on what it is, what it can offer and why you should take some notice. This is the eight and a bit post in a set which is designed to cover the top topics that will get you trained up.

Knowledge is power, right? 📖📖📖📖

31 days seems an arbitrary number. Naturally, I need to complete this before you all head off on holiday!

Today is all about NetScaler Console Config Jobs with audit! You might be wondering why we have half days now? Config jobs was a bit longer than expected so I have split out Config Audit.

How does this normally come up?

I spoke with Customer X, we talked at length about the various NetScaler’s they will be deploying. During the discussion, I typically ask something like this:

As you have a few NetScaler’s in this setup, what tools do you have to help with the management of the firmware configurations?

The answer is NetScaler Console. The next question might require a focus on the options to track specific types of setup on specific appliances across an estate, and how to manage that. This piece will show you how that can be achieved with NetScaler Console, whichever flavour you have( on-premises or service).

Who would be interested in this?

Any Network Admin with multiple NetScaler’s deployed, or any customer looking at the new Universal hybrid Multi-cloud (UHMC from now on) offering from Cloud Software Group.

UHMC needs NetScaler Console to provide the licensing function to the NetScaler appliances. It is not optional, it's a requirement. One of the big benefits of UHMC is that customers can take a look outside the Citrix bubble and maybe look at new use cases for NetScaler.

Mastering sounds 'heavy'?

Ultimately, this is substack, who would be crazy enough to write technical content on this platform? 

What are the key configuration tasks that I need to be able to do?

When doing deployments and the configuration changes, what are the key things to know?

• Having a good handle on the difference between saved and running would be handy. As you never know when there might be a power outage and take systems out, which might mean that config changes are lost. The NetScaler operates a bit like any networking device, where the config is stored in a file that is read at boot. Changes can be made on the fly, but if the admin does not save the ‘revised’ config, those changes could be lost if the power is removed - traumatically.

• Config Drift is another factor, as changes get made over time, is the config still right for you setup?

• Having a way to pull out the differences between saved and running and export it to a file?

• What about having a template that defines what ‘Acme’s’ approach for a certain setup and checking against the live boxes?

Auditing can help get a grip on all of these.

Main View

This gives an over view of the environment that the Console sees with hyper links to all the key metrics that then show more data.

Main screen

Differences

This breaks out running and saved configs, it shows the various things and offers a set of commands to ‘correct’ the config.

Diff

Audit reports

What about a view of where the differences exist and if there are template violations

Reports

Not saved config

A simple one this, when config has changed but hasn’t been saved, it could be a factor..

Save me!

What about Kari in Finland?

I have a friend who is a wizz on NetScaler. He was using the NetScaler Console Service Audit module to see what changes get made to an appliance when Appflow is enabled. He needed to create a change control for a larger company and this module helped him identify those changes. It also identified some other changes that he wasn’t aware of.

You don’t want CAB finding you were changing stuff without telling them! It could get unpleasant.

If it is not clear, here is a scenario.

Bob and Alice have been using NetScaler Console Service in the scenarios for the last few days. 

Alice wants Acme to have a common config on all the new appliances, she thinks that using standard templates will help ensure that appliances are setup in the same way

She uses Config jobs to define some templates and lets Bob know how to make use of them. Any new boxes can be built quickly and have a consistent Acme template. Alice can also track the Acme setup and see if there is config drift.

Alice lets Bob know that the London HA pair has a whole load of setting(s) that have not been saved to the ns.conf. Good to know, as if there is a reboot on those applinces that config would have been lost. Happy days, as this allows Bob and Alice to focus time on other tasks that are important to Acme.

The Call to Action

Let me know if this piece raises any questions/comments, drop them into the space below. I will endeavour to answer directly or update the post to better address the question(s).

Summary

Buckle up. The NetScaler Console is the best tool for many different jobs when working in conjunction with the NetScaler Appliance. They are the perfect tag team. 🤼. The NetScaler Console can offer a one-stop shop to see all your appliances from one place, and deploy and update them and track those updates in a consistent way

Let me show you how to make the most of it!

Have a good one.