Leveraging NetScaler MAS as a NITRO API Proxy

One of the cool features Citrix MAS which most haven’t seen yet, is the ability to use it as a NITRO API Proxy, So this is something that I spoke about on the MYCUGC Networking webinar, so I decided to write a blogpost on it as well.

So for instance in a fully managed enviroment, we might not be able to communicate directly with each NetScaler appliance and would need to go trough the NetScaler MAS appliance. In this case having the NITRO API Proxy would also allow us to invoke NITRO API code directly to MAS and it will proxy the commands and forward it to another managed endpoint (CPX, VPX, MPX, SDX and so on)

image

But in order to leverage this feature, the instances you want to run the Nitro commands against need to be managed by NetScaler MAS. The simplest way to get started with this feature is to leverage Postman which is useful to be able to build HTTP based commands.

Now the first step we need to do is first authenticate against MAS, this is a simple process and consists of a regular HTTP POST to authenticate to the MAS appliance. So in this example I’m just using Postman directly. I specify the NITRO URL for authentication which is /nitro/v1/config/login and add the user credentials in the body.

object=
{
“login”:
{
“username”:”nsroot”,

“password”:”nsroot”
}
}

image

Now I will get a response from the MAS appliance and from there I need to copy out some information, and that is the session ID, which allows me to send NITRO code to the MAS without needing to autenticate again.

image

So for instnace now I want to create a vServer on a NetScaler VPX which is managed by the MAS. The VPX has the following IP address 192.0.2.10, and I also have the session ID. First of I need to reference the correct URL path for NITRO to create a new load balanced vServer. Which is /nitro/v1/config/lbvserver/nameofvserver

And under HTTP headers, I need to specify content-type and specify the instance I want to run the command against. which needs to be type _MPS_API_PROXY_MANAGED_INSTANCE_IP and SESSID which is the SessionID I got from MAS when I first authenticated

image

And in the body I specify the information of the load balanced vServer

image

So full HTTP Post

URL:
http://MASIP/nitro/v1/config/lbvserver/sample_lbvserver

HTTP HEADERS:
_MPS_API_PROXY_MANAGED_INSTANCE_IP: 192.0.2.10 (The target!)SESSID:##DED298F8372CEF2CD479074F571AE12690FA1C25E41C557AE75682336A8D
Content-type: application/vnd.com.citrix.netscaler.lbvserver+json

Body:
{“lbvserver”:{“name”:”sample_lbvserver”,”servicetype”:”HTTP”,”ipv46″:”10.102.1.11″,”port”:”80″}}

So now when I log into the NetScaler which was specified I can see the vServer created.

Leave a Reply

Scroll to Top