Mastering NetScaler Console: Zero to hero in 31days - Day 5

SSL Dashboard

Hello, my name is Andrew and I tend to get a lot of questions about NetScaler Console. The purpose of this series is to offer some pointers on what it is, what it can offer and why you should take some notice. This is the sixth post(I started at zero) in a set which is designed to cover the top topics that will get you skilled up on the NetScaler Console.

Knowledge is power, right? 📖📖📖📖

31 days seems an arbitrary number. Naturally, I need to complete this before you all head off on holiday!

Today is all about SSL Dashboard(s).

How does this normally come up?

I spoke with Customer X, we talked at length about the various NetScaler’s they will be deploying. During the discussion, I typically ask something like this:

As you have a few NetScaler’s in this setup, what tools do you have to help with the management of the instances in this design? Do you have something that shows SSL Certificates across you estate?

Could that be important?

This piece will show you how that can be achieved with NetScaler Console, whichever flavour you have( on-premises or service).

Who would be interested in this?

Any Network Admin with multiple NetScaler’s deployed, or any customer looking at the new Universal hybrid Multi-cloud (UHMC from now on) offering from Cloud Software Group. UHMC needs NetScaler Console to provide the licensing function to the NetScaler appliances. It is not optional, it's a requirement.

Therefore, the key question is, what else can it offer me?

Mastering sounds 'heavy'?

Ultimately, this is Substack, who would be crazy enough to write technical content on this platform? 

What are the key tasks I need to keep tabs on?

The last piece was one about Infrastructure analytics, in the tab for the instance details, there is a SSL tab. This tab has a customised SSL Dashboard for this specific NetScaler appliance and the certificates that it holds. This test box does not have a lot of use, hence the numbers are quite small. It looks like this:

What kind of details can this offer?

There are two Vservers running TLS 1.0

There are another two Vserver are running TLS 1.1

Finally, there are five that are on TLS 1.2

There is also some self signed certificates in use, and some ‘not recommended’ - what turkey is running this appliance!

Plus a number of other certificate specific details about Ciphers and key strength. This can be helpful as the vulnerability status of Certificate types and the associated ciphers can change, having a good handle on what you have setup can be powerful.

What is the significance of these stats?

Certificate expiry is a real thing for some companies, they possibly don’t have good processes around their replacement and try to keep on top of things. This view is very useful to see what expiry events are happening in the near future. From this I can see that the next 90 days are clear, the Green colour is a clue! I do have three events that will take place at some point past that.

I can click on the Expiring after 90 days text and get some details exactly when those events are.

I know that, when there is change within a business, some of the day to day task can be hard to track.

Ok, but that is just one appliance, I run 20!

NetScaler Console can also give you the same view, only consolidated one of all the Certificates across all the NetScaler Appliances that it manages, a bit like this:

In this case, this NetScaler Console is managing 15 NetScaler instances. Now when I look at expiring Certificates, I can see that I need to have a chat with Avinash.

SSL Dashboards can be forgotten, when we talk about NetScaler Console, however it has some useful data.

If it is not clear, here is a scenario.

Bob and Alice have been using NetScaler Console Service in the scenarios for the last few days. 

Bob provisions 3 HA pairs of NetScaler in the three EMEA DCs for Acme incorporated. In addition to Bob, Alice is doing the same in their US sites (another two - Denver and New York). Alice is the Certificate expert and provisions all the certificates that Acme needs for their appliances.

Bob can verify that Alice has got the correct ciphers based on Acme’s certificate policy across the estate from one console. Between them, these two admins can get notified of Certificate events and plan any updates around those.

Happy days, as this allows Bob and Alice to focus time on other tasks that are important to Acme.

The Call to Action

Let me know if this piece raises any questions/comments, drop them into the space below. I will endeavour to answer directly or update the post to better address the question(s).

Summary

Buckle up. The NetScaler Console is the best tool for many different jobs when working in conjunction with the NetScaler Appliance. They are the perfect tag team. 🤼. The NetScaler Console can offer a one-stop shop to see all your Certificates from one place, which of those might need updates.

Let me show you how to make the most of it!

Have a good one.