In one of my recent projects, I had to build several Citrix ADCs in a new data center. After consultation with the customer, the same services and functions should be configured as in the old data center. The only difference was that the new data center should use different IP ranges and therefore all network settings of the Citrix ADCs and the connected services had to be adapted.
- Same version and build on all Citrix ADC
- Same Citrix ADC license version on all Citrix ADC
- IP addresses of the new Citrix ADC should be defined and free (NSIP, SNIP & VIP).
- IP addresses of the connected machines should be known (server or server groups)
- Basic configuration of the new Citrix ADC should be done (NSIP, SNIP, DNS, Timezone & License)
It’s important to mention that this manual is to be done at your own risk. You should be aware that you can make the complete machine unusable by editing the ns.conf. Therefore, I recommend, as always, perform a backup of the machines before you start.
Changes to the ns.conf
It always helps me to write down the upcoming changes. For example:
CitrixADC1 (old data center)
NSIP 192.168.1.30 SNIP 192.168.1.31 VIP 192.168.1.32 VIP 192.168.1.33 Server 192.168.1.50 HA active
CitrixADC2 (new data center)
NSIP 192.168.12.30 SNIP 192.168.12.31 VIP 192.168.12.32 VIP 192.168.12.33 Server 192.168.12.50 HA deactivate
I turn off HA in the first step and then configure it clean with the second Citrix ADC in the new data center after the activation of the new ns.conf.
Copy existing certificates
First, we need to migrate the existing certificates to the new Citrix ADC. For this purpose we establish a connection to the source system via WinSCP.
When the connection is established, navigate to the /flash/nsconfig path and mark the ssl folder and download it.
Now connect to the target system and navigate to the same path /flash/nsconfig.
Upload the downloaded ssl folder and overwrite the existing files in the target system.
Now connect to the Citrix ADC web interface to control the successful import.
In the Citrix ADC Navigation Panel, click Traffic Management > SSL > Certificates > Server Certificates and check the display of the certificates
Download & customization of source ns.conf
To make sure all existing configurations in ns.conf are available, go to the Citrix ADC web interface and save the existing configuration again.
Then connect again via WinSCP to the source Citrix ADC to download the existing ns.conf file.
Now navigate to the path /flash/nsconfig in WinSCP and mark ns.conf.
Now copy the selected ns.conf to the local system
In order to prepare the existing ns.conf for import, different lines have to be removed or edited from the file. For this you open the ns.conf with an editor (for example Notepad ++) on your local system.
The following lines must be deleted
set ns config -IPAddress set lacp set ns hostname add ns ip6 All mentions of add route set interface set system user
In order to adapt the IP address to the new conditions, the old IP addresses (NSIP, SNIPs, VIPs & servers) are searched for and replaced by the previously created matrix.
Upload the ns.conf to the target system
Now we can upload and deploy the customized ns.conf to the target system. To do this, connect again to the target Citrix ADC via WinSCP and navigate to the path /var/tmp/ to upload the modified ns.conf file there.
To import the modified configuration you need to connect to the Citrix ADC web interface of the target system and navigate to System > Diagnostics
Click here on Batch configuration.
There click on Choose File and then on Appliance.
Now navigate to the path where you previously saved the modified ns.conf (for example /var/tmp) and mark it. Confirm the selection by clicking on Open.
After that click on Run to start the import process.
When the import process finished, a message appears asking for a system reboot
Then click on Stop.
Navigate to System & click on Reboot.
In the following window mark Save configuration. Then start the restart by clicking on OK.
After a successful restart, log in to the system again and check the successful import.
Under System > Network > IPs > IPV4s
Under Traffic Management > Load Balancing > Virtual Servers
Or under Traffic Management > Content Switching > Virtual Servers