NetScaler Times newsletter for Week 48 - 2024

A 13.1 build update and new face for Console Service. What about Conditional auth?

Hello Everyone

It’s Andrew again over at Cloud Software Group. This NetScaler Times update aims to provide you with valuable pointers to keep you up-to-date! 🚀

I would greatly appreciate your continued engagement and feedback, my contact details are at the bottom of this newsletter. I say this as I sometimes make assumptions about what people know and that can lead to gaps in the notes below. :-)

High level agenda

• The NetScaler Times newsletter provides updates on the latest firmware builds, security bulletins, and upcoming events.

• The latest build versions for NetScaler include 13.1-56.18 with enhanced features in the Express license.

• NetScaler Console 13.1 56.18 update includes bug fixes and an enhanced user experience in the GUI.

• The newsletter also discusses Conditional Authentication (Tech Preview), a new streamlined service for authentication.

• A recent security bulletin addresses CVE-2024-8534 and CVE-2024-8535.

• The newsletter concludes with a call for feedback and a link to access previous newsletters and articles.

1. The latest firmware builds.

The details for the various builds have been listed below, as this helps plan for new releases in your environment. This support document has a lot more details on the various release cycles.

The NetScaler has multiple form factors to support different environments. NetScaler is built on a single operating system with a software-based architecture, so the behaviour will be the same no matter which is used — hardware, virtual machine, bare metal, or container.

Latest Build Versions:

It looks like an updated 13.1 build came out just after the last edition! The big ticket item is likely the Express edition for 13.1. Always handy if you need to build a lab and don’t have any licenses.

NetScaler 13.1-56.18 code updates.

1. Build 56.18 | NSPLAT-29729

   Enhanced features in NetScaler VPX Express license

   The NetScaler VPX Express license includes all the ADC features available with the NetScaler Premium license.

   For more information, see NetScaler VPX Express license.

2. Build 56.18 | NSPLAT-29596

   LOM version 3.11.0

   LOM version 3.11.0 is now available for the following platforms. This version addresses multiple functional issues.

   • MPX 9100

   • MPX 9100...

The Release notes are here

NetScaler Console 13.1 56.18 update

Looks like no changes, just bugs fixes. Release notes are here

NetScaler Console Sevrice

Enhanced user experience in NetScaler Console GUI

The NetScaler Console service now offers an improved Graphical User Interface (GUI) for a better user experience. I was just trying this out today and thought it is easier to navigate around now as the menus don’t jump around too much now.

Key improvements include:

• Hover-to-Display menu: The primary menu tree structure is replaced with a hover-to-display feature for easier navigation. Secondary menu items appear when hovered over, displaying a submenu for quicker selection.

• Streamlined menu hierarchy: The menu hierarchy is now limited to a maximum of three levels, simplifying access to key options.

• Updated submenu labels: Submenu names are revised for options previously nested beyond the third level.

• Collapsible menu: The entire menu can now be collapsed or expanded by clicking an icon in the pane, providing more screen space.

• Sidebar toggle: A new toggle button on the breadcrumb allows you to hide or show the sidebar, optimizing the workspace.

• Set home page: You can now set a displayed page as your homepage by clicking the icon next to the submenu name.

• Pin favourite items: Easily pin your favourite menu items for faster access.

For more information, see Enhanced Graphical User Interface.

Which release should I use?

The release families are designed such that 14.1 has more elements changing with each update, hence the feature phase designation. There will be less changing in 13.1, so unless you need a capability only available in the 14.1 release, the advice is to choose 13.1 for most production deployments.

End Of Sale Appliances

These appliances are End of Sale (unavailable to buy new now), they will live and run for 5 more years from 2023, so four more from this year. The 26k-50s and 15k-50G FIPS will be EOS soon..:-(

End of sale appliances..

EOL Appliances

Here is a table showing the significant EOL appliance events for the next 12 months. A common question about EOL is ‘Can I offer you some $ to extend this?’ Unfortunately, EOL is an absolute, there are no extensions.

End of Life appliances.

2. Conditional Authentication (Tech preview)

I had a customer ask about some authentication challenges that they were trying to solve. I was thinking that the NetScaler nfactor module tied to auth would solve most of what they wanted, one way or another. As I have a hammer (a NetScaler) everything looks like a nail!

Of course this request was a Citrix access one, so there are some service options as part of Citrix Cloud Platform for trying to identify users when they come into a Citrix. A few years ago Citrix came up with Adaptive Authentication (link). This was a pair of NetScaler appliances that were managed by Citrix for a customer. This could allow a number of auth options. The thing is, this would be a complete NetScaler running in the cloud. Which is a bit over kill if you only need the authentication bit.

On the 12th November, Citrix came out with a Tech Preview of ‘Conditional Authentication’. This looks like a replacement for Adaptive Auth (my opinion- nothing official).

This is the docs link & blog. This looks like a more stream lined service than Adaptive Auth, but crucially provides a link to a number of common services that pretty much everyone would want. Thanks to Helge for helping point me in this direction, as I had completely missed the memo.

Conditional Auth

3. Recent security bulletin

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-8534 and CVE-2024-8535

CTX Number: CTX691608

Article Type: Security Bulletin: Created Date: 12/Nov/2024

Last Modified Date: 14/Nov/2024: Severity: High

Pre-requisites for CVE-2024-8534

The appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR The appliance must be configured as a Gateway (VPN Vserver) and RDP Proxy Server Profile is created and set to Gateway (VPN Vserver) OR The appliance must be configured as a Auth Server (AAA Vserver) with RDP Feature enabled

Pre-requisites for CVE-2024-8535

The appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR The appliance must be configured as an Auth Server (AAA Vserver)  with KCDAccount configuration for Kerberos SSO to access backend resources

WAF Signatures

4. Events

It looks like there are six webinars for November! A bumper month…

Community Live Demo : Integrate the NetScaler Next-Gen API with your existing CLI and/or Nitro API workflows

13 November 2024, 4:00 PM      4:30 PM

With the NetScaler Next-Gen API, an application-centric method of interacting with NetScaler was introduced. Adopting a new approach to NetScaler management requires time, and there will inevitably be individuals who favor utilizing the traditional system for system configuration and management.In this session, we will explore how to seamlessly integrate the NetScaler Next-Gen API with your existing CLI and/or Nitro API workflows. We will delve deeper into the Next-Gen API features that have been introduced with the latest NetScaler version.

The NetScaler experts will cover the following key areas:

1. Next-Gen with the Classic System (CLI, Nitro): Understanding the option to switch between Classic and Next-Gen configuration views.

2. Application Management Enhancements:

   • Exploring HTTP Callout support at the application level, allowing you to send HTTP or HTTPS requests to external servers or applications.

   • Investigating selective/custom logging, enabling message actions at the application level.

We will provide a live demonstration showcasing real-world scenarios and use cases where the Next-Gen API offers significant advantages.

Event page

Community Live Demo: Citrix Secure Private Access and Enterprise Browser

19 November 2024, 4:00 PM  4:30 PM

Agenda:

• Introductions

• Citrix Enterprise Browser (CEB) and Secure Private Access (SPA) Overview

• End User Experience Demo

• Admin Experience Demo

• Q&A

Speakers:

• Christian Watson

• Daniel Larkin

The event page is here

Community Live Demo: Technical deep dive of NetScaler integration for Cisco Duo Universal prompt using oauth

20 November 2024, 4:00 PM      4:30 PM

As a valued customer of Duo and NetScaler, you can now benefit from NetScaler’s native support for the Duo Universal Prompt. This new integration enhances your security experience by seamlessly incorporating Duo’s authentication prompt into your NetScaler environment, eliminating the need for a separate FAS deployment.

Join the NetScaler Live Demo, where the NetScaler experts will provide comprehensive insights and practical guidance on:

• Configuration Steps for Cisco Duo Universal Prompt: Learn how to set up and configure the Duo Universal Prompt within your Cisco Duo environment to ensure a smooth integration with NetScaler.

• Related Configuration on NetScaler: Understand the necessary configurations on NetScaler to fully support and optimize the Duo Universal Prompt integration.

• Live Demonstration: Watch a live demo showcasing the integration in action, highlighting key features and providing a step-by-step walkthrough of the setup process.

Event page

Community Live | What's new with NetScaler-APJ/EMEA | Nov 21

Community Live | What's new with NetScaler-Americas | Nov 21

21 November 2024, 8:30 AM      9:30 AM

21 November 2024, 4:00 PM      5:00 PM

In this monthly webinar, the NetScaler experts will cover:

1. Support Assist: Ability to add an extra management CPU  for a VPX hosted on SDX

2. WAF signature and binary fingerprinting

3. HTTP/3: QUIC Performance and Security Enhancements for the Modern Web

EMEA/APJ page

Americas page

Scaling and Protecting Red Hat OpenShift Deployments with NetScaler.

21 November 2024, 5:00 PM      6:00 PM

Unlock High Availability and Resilience for Your OpenShift Applications with NetScaler

Modern OpenShift® applications must be highly available and resilient to meet the demands of your business. NetScaler, a certified Red Hat® partner, seamlessly integrates with Red Hat OpenShift to provide advanced load balancing, security, and traffic management for optimal performance, high availability, and secure access.

Join our webinar to discover how to:

• Simplify Multi-Cluster Ingress: Provide a single, consistent Virtual IP to apps across multiple OpenShift clusters using NetScaler Multicluster Ingress.

• Ensure Global Application Access: Distribute traffic to apps across geographically separated OpenShift clusters with NetScaler GSLB and Ingress Controller.

• See It in Action: Watch a live demo of NetScaler's powerful Multicluster Ingress solution.

• Maximize OpenShift Performance: Learn how NetScaler BLX on RHEL enhances your OpenShift environment.

The Event page is here

Labs

Go here for the hands-on labs. Link

5. Feedback for this newsletter

Naturally, if something you feel should be added/removed or called out, drop me a note; Andrew.Scott@cloud.com. All mistakes are mine.

I would happily get feedback on what you could do with seeing more of or what you find hard to set up. You can get all the previous newsletters plus other articles here:

Have a great week!