SSL and TCP Insight on NetScaler MAS

By | December 30, 2016

With the latest release of NetScaler MAS 11.1 build 51, Citrix now has some cool new enhancements to the Insight Module which allows us for instance to monitor SSL Transactions/Ciphers/Protocol and such under Web Insight so we can see more in detail how SSL is behaving and such.

We also have some new enhancements with TCP Insight which allows us to see more in detail how TCP is behaving, so for instance it will allow us to check in more detail how a TCP profile is affetcing the performance.

So what do we need to have this feature enabled?

Now most of this is automatic setup when you add an instnace to MAS and define Insight for a couple of vServers that are SSL based which we want to monitor.

  • AppFlow enabled for a Virtual Server and make sure they are licensed correctly from within MAS. Have a forwarder defined to MAS
  • UFLD enabled and a forwarder defind, this setting you can find under System –> Auditing –> ULFD Servers and define the MAS
  • The following enabled on AppFlow settings on the MPX/VPX you want to monitor from
    appflow.png
  • Last piece of the puzzle is to enable TCP insight on NetScaler MAS, which is a setting under System –> Analytic Settings –> Configure Features, and mark the checkbox under “Enable TCP Insight”

So now we just have to make some requests to the website and see what happens of AppFlow collection.

appflow2.PNG

SSL Insight looks like this, it displays SSL information inside Web Insight on a server level. But we also have some more stuff stached away in the report pane which allows us to see more SSL transactions based.

And lastly there is TCP insight, which allows us to see TCP bandwidth going between Internet and Radio.

appflow3.PNG

It can also show upstream/downstream of differnet interfaces and VLAN’s. Since this is my lab enviroment there isn’t much information to show.

appflow5.PNG

Now this is a new feature, but I would like for Citrix to implement a form of “Configuration Advice” for TCP insight based upon what kind of traffic, bitrate and latency end-users are expecting. In stead of just showing stats.

 

3 thoughts on “SSL and TCP Insight on NetScaler MAS

  1. ws

    Can’t find tcp insight option at vserver level, is it global ? the product documents are not clear either.
    Is the tcp insight feature for all http vservers which applow enabled? or TCP vserver can also use this feature ?

    Reply
      1. ws

        Thank you! So it’s a global option ? Not only http vserver but tcp vserver insights can be shown ?

        Reply

Leave a Reply

Your email address will not be published. Required fields are marked *