How to upgrade a standalone Citrix ADC appliance firmware

Table of Contents

Case #

You need to upgrade the firmware version of your standalone Citrix ADC appliance to a specific version or to the latest version. Running the same procedure for a Citrix ADC triscale cluster (active-active) or an HA pair (active-passive cluster) is different. Consult the Citrix official documentation on how to proceed with a Netscaler ADC cluster upgrade.

Due to various Citrix security CVEs, you should be considering an upgrade of the Citrix ADC from old versions (such as version 11.1) to latest version. Version 11.1 (all builds) is now considered legacy as per https://www.citrix.com/support/product-lifecycle/legacy-product-matrix.html (Citrix Netscaler ADC).

As per Citrix official product support lifecycle (https://www.citrix.com/support/product-lifecycle/product-matrix.html) , all Netscaler ADC 11.1 versions are end-of-life and end-of-support.

To upgrade the Citrix ADC appliances, the recommended approach is a phased upgrade, i.e. upgrade from 11.1 to latest 12.1 build and then upgrade the latest 12.1 to latest 13.1 build. There are various challenges and considerations involved in such an upgrade project, due to the fact that there are product features which have been deprecated or changed between 11.x to 13.x and a configuration change is likely to be required. Testing the two-phase upgrade process in a lab environment first, and creating an upgrade plan is highly recommended.

Solution #

  1. Use an SSH client, such as PuTTy, to open an SSH connection to the appliance.
  2. Log on to the appliance by using the administrator credentials. Save the running configuration. At the prompt, type: save config
  3. Switch to the shell prompt by running the following command: shell
  4. Create a copy of the ns.conf file. At the shell prompt, type:
    • cd /nsconfig
    • cp ns.conf ns.conf.NS<currentreleasenumber><currentbuildnumber>You should backup the configuration file to another computer.
  5. (Optional) If you have modified some of the following files in the /etc directory, and copied them to /nsconfig to maintain persistency, any updates that are pushed to the /etc directory during the upgrade might be lost:
    • ttys
    • resolv.conf
    • sshd_config
    • host.conf
    • newsyslog.conf
    • host.conf
    • httpd.conf
    • rc.conf
    • syslog.conf
    • crontab
    • monitrcTo avoid losing these updates, create a /var/nsconfig_backup directory, and move the customized files to this directory. That is, move any files that you modified in /etc directory and copied to /nsconfig by running the following command: cp /nsconfig/<filename> /var/nsconfig_backup Example: cp /nsconfig/syslog.conf /var/nsconfig_backup
  6. Create a location for the installation package. At the shell prompt type:
    • cd /var/nsinstall
    • cd <releasenumber> Note:If the desired release number directory is not present, create one using the following command:mkdir <releasenumber>Example:mkdir 13.0
    • mkdir build_<targetbuildnumber>
    • cd build_<targetbuildnumber>
  7. Copy the already downloaded Citrix ADC firmware to the build directory that you have created in the above step, by using any file transferring method such as WinSCP. See the Before You Begin section for more information about downloading the Citrix ADC firmware.
  8. Extract the contents of the installation package. Example: tar –xvzf build-13.0-37.2_nc_64.tgz
  9. Run the installns script to install the new version of the system software. ./installns

Let the installer script run all the way to the end, as shown in the example below.

  1. When prompted, restart the Citrix ADC.
  1. (Optionally) If you’ve created a copy of the ns.conf file in the Before You Begin section, do the following:
    1. Manually compare the files in /var/nsconfig_backup and /etc and make appropriate changes in /etc.
    2. To maintain persistency, move the updated files in /etc to /nsconfig.
    3. Restart the appliance to put the changes into effect.

The same firmware upgrade process can be carried out using the following alternative ways:

  1. Using Citrix ADC HTTP management console.
  2. Using Citrix ADC Nitro API from an external client/application.
  3. Using Citrix ADM to automate Citrix ADC firmware updates by scheduling jobs.

After the Citrix ADC appliance is upgraded, verify the status of the following entities:

  • Virtual servers are in UP state
  • Monitors are in UP state
  • GSLB sites synchronise without any issues
  • All certificates are present on the appliance
  • All the licenses are present on the appliance

Sources #

https://docs.citrix.com/en-us/citrix-adc/current-release/upgrade-downgrade-citrix-adc-appliance/upgrade-standalone-appliance.html

Powered by BetterDocs