NetScaler Times newsletter for Week 26 - 2024

A big week! With changes to both 14.1 (NetScaler, Console and Console Service), plus a new 13.1 build for the NetScaler Console. Telemetry changes too....

Hello Everyone

It’s Andrew again over at Cloud Software Group. This NetScaler Times update aims to provide you with valuable pointers to keep you up-to-date! 🚀

I would greatly appreciate your continued engagement and feedback, my contact details are at the bottom of this newsletter.

Agenda for this week:

1. Build status and updates

2. Lightweight Console for Console licensing

3. Support and Security Bulletins.

4. NetScaler Community & Labs site

5. Feedback on this newsletter

1. Build status and updates

The details for the various builds have been listed below, as this helps plan for new releases in your environment. Starting from 2023 for 14.1 there will be the following:

1. Firmware will have a 3-year upgrade cycle, where new features are added, called the ‘Feature Phase’.

2. The ‘Maintenance Phase’ then starts, and it is then supported for another 3 years with bug fixes and security updates.

3. There will then be 1 year of extended support with security fixes only. The expectation is to use this time to move off before the EOL for the firmware.

As shown below, 13.1 and 13.0 are now in the Maintenance phase.

Typically, the guidance for NetScaler & NetScaler Console(ADM) build releases is that the Management platform needs to be the same or newer than the NetScaler(s) that it manages. I typically, go with the latest for NetScaler Console.

The NetScaler has multiple form factors to support different environments. NetScaler is built on a single operating system with a software-based architecture, so the behaviour will be the same no matter which is used — hardware, virtual machine, bare metal, or container.

Current Build Versions:

Changes and updates, there seems quite a bit of red….

NetScaler firmware update 14.1-25.53

Authentication, authorization, and auditing

• Support to modify binding type for metadata configuration.

Load Balancing

• Empty Down Response support for priority order-based GSLB virtual server. 

• DNS ECS insertion support. 

NetScaler SDX Appliance

• Rediscover multiple instances in NetScaler SDX. 

• Option to delete NetScaler events. 

NetScaler Web App Firewall

• Field Format protection to specify the maximum number of instances for a form field. 

• Deny or bypass the request based on header name or value. 

Platform

• Support for OpenSSH version 9.x. 

• Automatic recovery option for the virtual interfaces on NetScaler SDX.

• Support for cloud sanity checker tool on AWS. 

• The high availability (HA) feature is no longer supported on any CPX release versions. 

• Mellanox ConnectX-6 and Mellanox ConnectX-4 NICs now support the BLX DPDK (Data Plane Development Kit. 

• BLX Support for NetScaler Gateway.

SSL

• Extend support for larger DH key sizes on NetScaler. 

• X25519 key exchange support for SSL service and service group. 

The full release notes are here

NetScaler Console firmware update 14.1-25.54

Analytics

• Support to export periodic data for custom NetScaler instances. 

• Observability Integration - Export of NetScaler metrics and Audit logs to Splunk. 

• Bulk upgrade SSL virtual servers using the SSL A+ rating upgrade task.

Infrastructure

• Lightweight NetScaler Console only for Pooled or Flexed licensing. 

• NetScaler telemetry program. 

• Access NetScaler GUI through host name.

• Additional event alert for disk utilization. 

Licensing

• Actual usage details in Flexed license reporting. 

Miscellaneous

• Removal of Upgrade Advisory (preview). 

• Changes to Cloud Connect

  • Telemetry data is no longer collected through Cloud Connect. For more information, see NetScaler telemetry program.

  • You can continue to leverage the ServiceNow Integration feature in NetScaler Console on-prem when you configure Cloud Connect. For more information, see Integrate NetScaler Console with the ServiceNow instance.

  • Security Advisory feature is no longer available as part of Cloud Connect. For more information, see Security Advisory.

Security

• Export the WAF Scanner Report in a Tabular Format. 

StyleBooks

• UI revamp in StyleBooks.

• UI categorization for NetScaler NITRO resources in a config pack. 

Full release notes are here

NetScaler Console Firmware update 13.1-53.23, 14.1-25.53 & Console Service

As an existing NetScaler Console customer, you are now required to be compliant with the NetScaler telemetry program that requires license and feature usage telemetry data to be uploaded. To remain compliant, the number of days since the last successful upload must not be greater than 90 days. Citrix collects basic license telemetry data and NetScaler deployment and feature usage telemetry data for its legitimate interests, including license compliance. NetScaler Console configuration and feature usage data is also collected to manage, measure, and improve Citrix products and services.

The NetScaler telemetry program is enabled in release 14.1 build 25.53 and release 13.1 build 53.22 and later builds. We recommend that you upgrade to one of these builds within 3 months starting from 18th June, 2024. You can choose to upload the required telemetry data either automatically or manually to remain compliant with the NetScaler telemetry program. After upgrade, one of the telemetry collection modes (automatic or manual) must be chosen and utilized. By default, the automated telemetry mode is enabled.

• For more information, see NetScaler telemetry program.

• For more information about the telemetry parameters collected, see Data Governance.

Full release notes are here for 13.1 Console . 14.1 RL are listed above.

Full release notes for Console Service are here

2. Lightweight Console for licensing only

I see that 14.1 now has Lightweight NetScaler Console only for Pooled or Flexed licensing.

This could be handy if you need to support an enclave of NetScaler’s with a local copy of Console just for licensing. Docs link here

3. Support and Security bulletins

These are the latest articles on the support portal knowledge base, sorted by modified date. Here are the 3 most recent security articles plus 4 recent support docs. The site is located here.

Security updates:

• NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549

  NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549

  Modified: 09 May 2024 | NetScaler, NetScaler Gateway

  Anil Shetty added a Blog with some extra details: That follow-up is here

• Citrix Secure Access client for Windows Security Bulletin for CVE-2023-24491

  Citrix Secure Access client for Windows Security Bulletin for CVE-2023-24491

  Modified: 09 Feb 2024 | NetScaler, NetScaler Gateway

• Citrix Secure Access client for Ubuntu Security Bulletin for CVE-2023-24492

  Citrix Secure Access client for Ubuntu Security Bulletin for CVE-2023-24492

  Modified: 09 Feb 2024 | NetScaler, NetScaler Gateway

Support Docs

• SSH communication between Netscaler Console nodes and/or Netscaler/Netscaler-SDX instance(s) fails

  SSH communication between Netscaler Console nodes and/or Netscaler/Netscaler-SDX instance(s) fails due to customizations done earlier by the ADM/NS/SDX admin.

  Modified: 21 Jun 2024 | NetScaler,Citrix Application Delivery Management

• NTP time sync issue on VPX running on VMware platform

  NTP time sync issue on VPX running on VMware platform. It seems that ACPI emulation from VMware 7.0 onwards has some issues, which I’m sure they will patch…

  Modified: 20 Jun 2024 | NetScaler

• Support Services Program Terms and Guidelines

  This article is part of the Worldwide Support Services Delivery Guide, which focuses on support services program terms and guidelines. It is very handy to have the small print clearly listed when it comes to support.

  Modified: 18 Jun 2024 | NetScaler,Citrix Licensing,Citrix Application Delivery Management

• Signature Auto Update Feature of Application Firewall

  This article contains information about the Signature Auto Update feature of Application Firewall. This is a big doc!

  Modified: 18 Jun 2024 | NetScaler

4. Events & Labs

Events

5 Webinars for June.

5 June: NetScaler Live Demo | Session hijack protection for NetScaler Gateway/AAA deployments

4:00 PM - 4:30 PM BST

Session hijacking involves an attacker using captured, brute-forced or reverse-engineered session IDs to seize control of a legitimate user’s session while that session is still in progress. Once session ID/Cookie is compromised, an attacker can bypass even multi-factor authentication to impersonate a victim thereby getting elevated or unauthorised access to internal resources. Protecting against session hijacking within NetScaler Gateway/AAA deployments becomes crucial in today's digital era to protect high-value targets and sensitive resources hosted on Citrix infrastructure.

In this live demo, the NetScaler experts will demonstrate how to prevent Bad Actors from hijacking Sessions for NetScaler Gateway/AAA deployments through simple Regular Expressions

• How to configure NetScaler policies and apply regular expressions to identify suspicious session activity.

• Showcase of how to create custom regex patterns tailored to specific session hijacking threats.

The event page is here. Including a watch on demand link

20th June: Automating your network for operational excellence

6:00 PM - 7:00 PM BST

Harnessing the potential of cloud technology can drive innovation and agility within organisations. Getting in the way are cumbersome workflows, manual tasks and human errors. 

Automation emerges as a solution, working to eliminate repetition, reduce errors, streamline workflows, and bolster security measures. From testing to production, enterprise IT teams are embracing automation technologies. NetScaler and Red Hat® Ansible® stand out as key enablers, offering supported solutions that pave the way for future-ready automation, empowering businesses to thrive in the digital landscape.

Join us in this webinar where we will talk to you about:

1. Importance of Network Automation for DevOps & Platform Engineering.

2. Why use NetScaler with Ansible Automation Platform?

3. Benefits of NetScaler and RedHat integrations

The event page is here.

26 June 2024:NetScaler Live Demo : Advanced traffic management using Citrix NetScaler policies

4:00 PM - 4:30 PM BST

This session will provide a comprehensive understanding of how to leverage Citrix NetScaler policies for advanced traffic management. Participants will learn about the policy engine, how to create, test and deploy policies, and the specific features that benefit from policy-based management. 

In this session, the NetScaler experts will cover:

1. Introduction to Policies and Policy Engine

2. Creating and Managing Policies using the Expression Evaluator

3. Features Leveraging Policies (such as Load Balancing, Content Switching, SSL Offloading, etc.)

4. Demonstrate setting up and applying policies for specific use cases

The event page is here

June 27: NetScaler Virtual Connect Monthly Webinar-APJ/EMEA

APJ/EMEA 9:30 AM      10:30 AM BST

Americas 4:00 PM      5:00 PM BST (11.00-12:00 EST)

In this webinar, the NetScaler experts will cover:

1. Tech preview announcements: Nutanix VPX on Nutanix AHV (Acropolis hypervisor) tech preview

2. Public cloud marketplace update

3. NetScaler flexed licensing overview

4. Get the most out of your NetScaler policies: Migrate from Classic to Advanced (13.0 to 13.1) - always a good session!

APJ/EMEA page is here

Americas page is here

Labs

Go here for the hands-on labs. Link

5. Feedback for this newsletter

Naturally, if something you feel should be added/removed or called out, drop me a note; Andrew.Scott@cloud.com. All mistakes are mine.

I would happily get feedback on what you could do with seeing more of or what you find hard to set up. You can get all the previous newsletters plus other articles here:

Have a great week!