Citrix NetScaler an overview
This article will be a review of Citrix NetScaler, One of Citrix most successful products in the market. It will be a high level overview of NetScaler where I will focus on models, licenses and use cases. It won’t be a bake-off as such perhaps that will be the case in another article. Why a NetScaler article you might wonder, well I’ve been involved in numerous design projects and since a decade or more the remote access scenario’s are growing more complex.
A lot has changed in a decade, at times it seems we all work from home, a restaurant, the airport, well just anywhere we can find a spot to sit and do our job. but working from home is not the only thing you want to enable these days, load balancing, offloading and so much more. There are several solutions on the market but there is, for me, one that stands out. Citrix NetScaler I think has been the leader in this market segment for a long time. I’ve been working with VMware solutions a lot and if we compare VMware and Citrix, Citrix far exceeds VMware in this field. It’s one of the biggest holes in the VMware stack a NetScaler-like solution. VMware Access Point is nice but not even close to what NetScaler offers.
I thought it is time to shed a little light on Citrix NetScaler, just a good article that will show the awesomeness of the product, the models, the features, the licenses and what possibilities there are. For me it’s also a bit of a learning blog as I’m not that familiar with NetScaler and I need to get updated. What better way than to write a blog and experience. So let’s get started.
#0 – virtual or physical
First you have to realize there are two option when you select a Citrix NetScaler, you either go virtual or you go physical. The virtual appliances are of course less powerful and often used to enable remote access to Citrix desktops and applications. The physical ones are used for offloading SSL and solutions like that. The virtual one is the VPX, hence the name. The physical ones are the MPX and the SDX where the SDX is running XenServer and therefor can host NetScaler VPX appliances (do you get this, you have a physical model on which you run the virtual appliance). Pretty cool I think that is. What is more cool even is that the VPX appliances on the SDX can use the SDX hardware and therefore the Cavium SSL Chips.
#1 – various models
So now you know there are two options, virtual or physical but let’s dive a bit deeper into the different models to get a better understanding.
There are several models, if we look at what Citrix is offering here we see that there is a range from very small virtual appliances to high end physical models for high throughput. Today there are also possibilities to deploy NetScaler on Microsoft Azure or AWS. So if we look at the models we see the following differences;
- NetScaler VPX – the virtual appliances that is used most for internal load balancing, the NetScaler Gateway VPX is used as ICA proxy to Citrix XenApp/XenDesktop environments
A NetScaler VPX can manage up to 1500 users concurrently which is a high number and not one seen that much on this side of the ocean. Not sure if there are companies with more than 1500 concurrent remote users, it seems like a lot to me.
- NetScaler MPX – the physical model that is used for the high power, high traffic environments. Not just for XenApp/XenDesktop but for many more services that are enabled these days for employees. I will go into this a bit further on in this article.
As the VPX still could do some throughput the MPX is laughing at those number, it easily does 14 to 34Gbps ssl throughput, making it very suitable for offering access and loadbalancing for website and so much more. With 8 to 12 cores these models have the power to preform.
- NetScaler SDX – the physical model that is even more powerful than the one mentioned before.
With a ssl throughput from 6 to 56Gbps this is a extremely powerful beast in your access layer of your datacenter. These models are used when you have a high ssl transaction ratio that you need to manage.
So we have three different models, and after you know what use case you can select the best one by the specifications, to see the different specifications for the each model Citrix has provided a comprehensive overview, see all info here – link. There is one more model, the CPX (container) but it’s to new to talk about here right now, keep your eye on it, more will be known with Citrix Synergy coming up.
There is actually one more model to discuss here, you have the ability to deploy a Citrix NetScaler on Microsoft Azure or on AWS. What you deploy of course is a VPX model, the virtual appliance. The difference in the original VPX models is that here you can’t scale to 3Gbps but are stuck at maximum 1Gbps, which for the use cases in the cloud will be more than enough I think but more about that later on.
#2 – licensing
There are three editions, Standard, Enterprise and Platinum each with their possibilities. In this part I will show you what the possibilities per license are. The editions that come after the standard version will, of course, have the features that see in the standard edition and so forth. If you buy the NetScaler Gateway VPX you get the Gateway license and not the load balancing license, that’s something to keep in mind. The licenses below are the NetScaler licenses and not the NetScaler Gateway licenses.
The standard edition has the following features;
- NetScaler Gateway (ICA Proxy and SSL VPN)
- Load Balancing
- Citrix XenMobile NetScaler connector
- Load Balancing
- High Availability
- URL rewrite
- TCP Optimization
- Secure Remote Access
- Traffic Domains
This is quite a list already that works for many organizations world wide that have internal Citrix desktops or apps and need to enable secure remote access and load balance internal StoreFront servers.
The Enterprise editions, as said before, of course comes with the whole list mentioned before and next to that;
- Centralized management
- GSLB (Global Server Load Balancing)
- Browser compression
- Cache redirect
- Advanced server offload
- Surge protection
- AAA for traffic management
Again a vast list and one thing we see a lot with customers is the GSLB where you built a NetScaler solution where if one fails traffic will go through the other one that is perhaps in another datacenter. GSLB creates a logical NetScaler solution over multiple datacenters.
The Platinum edition comes with all the features named before and the following ones;
- User Experience monitor
- Dynamic content caching
- Day zero attack prevention
- Integrated XML Security
- Dos Shield
- Static and dynamic content cache
The Platinum edition is used if you want to monitor your Citrix environment and measure the user experience. To enable the user experience capabilities in Citrix Director you need the Platinum NetScaler license. Together with Citrix XA/XD Enterprise or Platinum you can enable user experience in Director. The difference sits in the time you can save data. The most common reason to pick Platinum is the application firewall options it has.
Now that you have a good view on what if offered from a device and a license point of view, let’s look at some of the use cases. I think with this overview you have a good understanding on why Citrix NetScaler would be the best choice in your environment.
- Microsoft TMG replacement
- Reverse proxy / load balancing multiple webservers
- Content Switching (single point of access)
- Unified Gateway
- NetScaler AAA (authentication based on SAML, Radius, LDAP etc)
- IPv6 proxy
- Application firewall
Microsoft TMG has many of the features a NetScaler also has, there are however some differences that need to be addressed. Isn’t the TMG EOL already?
The Citrix NetScaler offers three major differences;
- Content Switching
- Load Balancing
- SSL offloading
Load balancing and content switching are explained later on, SSL offloading means that SSL connections are terminated at the NetScaler so that it can investigate the connection before they are passing through to server internally. If SSL offloading is not a feature, SSL offloading is done at the servers which will increase the load there. After the offloading you still can select whether you want the traffic to be send to the server encrypted.
Development and testing
If you are looking for a development and test environment you might end up in the cloud, we end up in the cloud pretty fast these days I think but with a Citrix NetScaler you can deploy on AWS or Azure. With that deployment you have a cloud VPX NetScaler solution that you can use to test a new setup or a pre-production environment without interrupting your datacenter and producten environment.
Citrix NetScalers are used in load balancing scenario’s, this is available from the lowest license level already and in all models including the cloud based ones on AWS and Azure. What more is there to say about this, you can easily load balance different web servers and make sure that traffic is redirected to the one that is operational. Load balancing options like LeastConnection and RoundRobin are available, but more algorithms are possible. The uniqueness of course is that you don’t just do a ping but you really check whether the service is available, we can all do a ping but a ping doesn’t tell you shit.
If you are scarce of public IP addresses you could deploy a Citrix NetScaler to enable different resources behind one IP address. I think this is a powerful feature for it’s something you run into at nearly every project. You install new solutions that need external IP addresses but the customer has none available. With Citrix NetScaler this is no problem as you can redirect the external traffic to a single virtual server.
Triple A’s means that you can manage authentication, access to applications and auditing for one appliance, that saves time and makes management so much easier. If you look at some other vendors you will see that they can do one or two of these the most. If you are interested in reading more on AAA, there is a good blog about it from Citrix – link – here.
A few reasons why you would pick NetScaler over others
There are a few reasons why I think Citrix NetScaler is more preferable than other solutions. If I deploy a VMware environment I don’t deploy a Citrix NetScaler but the minute Citrix will integrate there I will, unfortunately that will never happen. So in a VMware stack we are looking at F5 versus Access point. In a Citrix deployment it’s kinda the same, it is F5 versus NetScaler, so why would you pick NetScaler over F5. Let me give a few of my thoughts on this.
- Total visibility in Citrix ICA channels and the ability to tune there is a very important factor that makes me pick NetScaler.
- Integration with Desktop Director is very important as through that you have a single pane of glass for management.
- Integration with all Citrix products like XenApp, XenDesktop, XenMobile. This is very important, any other product has it limitations in how they integrate and why would you compromise user experience when the best solution is at hand?
- Integration with Citrix XenMobile where you can setup a Micro VPN which as far as I know is not possible with XenMobile and an F5. I even think an F5 is not supported with XenMobile.
The biggest reason why you would pick Citrix NetScaler over anyone else (except if you just need to load balance some things) is the integration with Citrix products you got running inside. There is no other product that comes close to the user experience and ease of management. The only reason one might look for another product might be because of licensing but I can guarantee you that an F5 doesn’t come cheap.
If you want to watch a good video about Citrix Netscaler see the following one, it will give you a good overview of the possibilities.
For more information please visit – link – and this one – link – as there is so much to tell and so little article to show it. and download the datasheet to read more about the nitty gritty details – link -.
Citrix NetScaler is one of the most profound products Citrix has in its portfolio, no wonder Cisco stopped with the ACE series and is now working with Citrix and the NetScalers. Citrix NetScaler is the product no one talks about but silently this product has taken over a huge market share in the past decade. It’s is in fact the backbone of the Internet and many of us will connect to websites hosted behind a NetScaler daily.
I “re-“learned a lot looking at the features of Citrix NetScaler, there were things that I didn’t know or remember. So if you are looking at replacing your current solution please look at Citrix NetScaler, it might just be the solution you’re looking for. There is so much more to write about, the application firewall the gateway both could do with at least one or two articles themselves. This was meant for an overview, perhaps when time permits I do a follow-up.