NetScaler Times newsletter for Week 10 - 2024

Starting from NetScaler Console service release 14.1-21.x, the concept of licensed VIPs is removed. Golly.

Hello Everyone

It’s Andrew again over at Cloud Software Group. One thing I've noticed in my role is the steady stream of questions about NetScaler. This update aims to provide you with valuable pointers to keep you up-to-date and ahead of the curve! 🚀🚀

I would greatly appreciate your continued engagement and feedback, my contact details are at the bottom of this newletter.

Agenda for this week:

1. Build status and updates

2. Best Practice

3. Support and Security Bulletins.

4. NetScaler Community & Labs site

5. Feedback on this newsletter

1. Build status and updates

The details for the various builds have been summarized below, as this helps plan for new releases in your environment. Starting from 13.1 there will be the following:

1. Firmware will have a 3-year upgrade cycle, where new features are added, called the ‘Feature Phase’.

2. The ‘Maintenance Phase’ then starts, and it is then supported for another 3 years with bug fixes and security updates.

3. There will then be 1 year of extended support with security fixes only. The expectation is to use this time to move off before the EOL for the firmware.

Typically, the guidance for NetScaler & NetScaler Console(ADM) build releases is that the Management platform needs to be the same or newer than the NetScaler(s) that it manages. I typically, go with the latest for NetScaler Console.

The NetScaler has multiple form factors to support different environments. NetScaler is built on a single operating system with a software-based architecture, so the behaviour will be the same no matter which is used — hardware, virtual machine, bare metal, or container.

Current Build Versions:

NetScaler Console Service 14.1. - 21.38 Big changes

Big ticket items? Analytics(4 items), Infrastructure (3) and Stylebooks(2).

Release notes are here

Looking at the release notes and talking to a couple of colleagues there is a big change included with this service release.

Starting from NetScaler Console service release 14.1-21.x, the concept of licensed VIPs is removed.

Hold the front page! What does this mean?

The option to gather analytics with NetScaler Console Service will be only limited by the storage you have available. This is released with the cloud service version of NetScaler Console. This will also be available in a month or two for the On-premise version.

This effectively gives Unlimited Analytics, assuming you have a Premium/Platinum NetScaler. A game changer!

Recently announced as End Of Sale

We will stop selling the 59xx in May and then support it for another 5 years.

End Of Sale Appliances

These appliances are End of Sale (unavailable to buy new), they will live and run for 5 more years.

EOL Appliances

Here is a table showing the significant EOL appliance events for the next 12 months. A common question about EOL is ‘Can I offer you some $ to extend this?’ Unfortunately, EOL is an absolute, there are no extensions, honest. The big one is the 14k in October, swap for a 16K.

Some common questions about EOL

2. Topical from last week?

This is a bit different. I was asked to join a customer call, as the Customer’s Citrix users were getting disconnected. They had been experiencing issues for a few weeks and wanted more eyes on the problem.

We hooked up, and LJ(pre-sales) and David(support) were with me. After looking at what were the typical for these kinds of problems, LJ asked (what I thought) a great question.

‘Do you have an IDS system inspecting the user traffic?’

It turns out they did…

David then provided a blow-by-blow walk-through of the appliance environment. Exactly, how busy the appliances were and how he was seeing a drop in appliance loading when the ‘problem’ cropped up.

It was really interesting as the IDS was inhibiting the user connection, they changed this IDS system and the problem cleared up. Along the way, the customer also had some new advice on the assignment of resources to the NetScaler instances and networking best practise. This was because each core assigned (it was a SDX set-up) needed 4G of memory no matter what. Also, it is good to not have the default route going out of the NSIP. Give it a SNIP, as the management interface isn’t data-rated.

3. Support and Security bulletins

These are the latest articles on the support portal knowledgebase, sorted by modified date. Here are 5 useful articles (IMO). The site is located here.

Security updates:

This is the latest security NetScaler bulletin, it was last updated on the 19th Jan 2024, just recently. Plus I saw a couple on the Secure Access agent also from the 9th, so I thought they would be handy to have sight of those too:

• NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549

  NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549

  Modified: 19 Jan 2024 | NetScaler,NetScaler Gateway

  Anil Shetty added a Blog with some extra details: That follow-up is here

• Citrix Secure Access client for Windows Security Bulletin for CVE-2023-24491

  Citrix Secure Access client for Windows Security Bulletin for CVE-2023-24491

  Modified: 09 Feb 2024 | NetScaler,NetScaler Gateway

• Citrix Secure Access client for Ubuntu Security Bulletin for CVE-2023-24492

  Citrix Secure Access client for Ubuntu Security Bulletin for CVE-2023-24492

  Modified: 09 Feb 2024 | NetScaler,NetScaler Gateway

Support Docs:

• SAML Intermittence on Citrix Gateway: Internal server error 43524

  This article provides a temporary workaround to address intermittent behavior in the SAML configuration on Citrix Gateway. The workaround involves disabling the deserialized context for SAML using a command-line interface. It also offers steps to make the configuration persistent and mentions the expected fix in future firmware versions.

  Could be due to a number of things…a handy doc.

  Modified: 01 Mar 2024 | NetScaler,NetScaler Gateway

• DSR mode- Permanently High packet CPU Usage (100%) is seen in the Primary

  DSR mode- Permanently High packet CPU Usage (100%) is seen in the Primary. Bind another monitor so the NetScaler can learn the Mac address, this is so simple!

  Modified: 26 Feb 2024 | NetScaler,NetScaler Gateway

4. Events & Labs

NetScaler Community and Labs Site

It looks like the main community site is going through some changes, new material will be posted soon!

5. Feedback for this newsletter

Naturally, if something you feel should be added/removed or called out, drop me a note; Andrew.Scott@cloud.com. Any mistakes are all mine.

I would be happy to get feedback on what you could do with seeing more of or what you find hard to set up. You can get all the previous newsletters plus other articles here:

Have a great week!