NetScaler was an acquisition that Citrix made back in 2005, and it is one of the bestselling products in their portfolio today, pivotal in many large enterprises. Today, many of the largest IT organizations such as Microsoft, Google, and eBay, to mention a few, use NetScaler in front of their websites and services to ensure availability.
Note
We can check the kind of frontend solution an organization uses in most cases on their website by using a free web tool from http://www.netcraft.com/. For example, for eBay go to http://searchdns.netcraft.com/?restriction=site+contains&host=ebay.com.
NetScaler can be defined as a network appliance with the primary role of delivering services to end clients who connect to it. It does this by using different features, such as load balancing, high availability, gateway solutions, and so on. The commonly used term for it is Application Delivery Controller (ADC), as users in many cases connect to their services through, for example, a load-balanced web service such as NetScaler. It also has many features to optimize network traffic, such as web caching, compression, and SSL offloading, to give a service optimal performance. In addition, it includes features such as an application firewall, URL rewriting, frontend optimization, global server load balancing, and gateway function for XenApp/XenDesktop, to name a few. We will cover some of these features in greater detail in a later chapter.
So, NetScaler's whole purpose is to ensure that a service or an application is delivered through different availability and performance features. The following diagram presents some of the different uses of NetScaler and shows how users can access their different applications and services:
As we can see in the diagram, we can ensure content is delivered to users in many ways. Also, there are features that allow us to bridge different infrastructures, such as public cloud providers. We will delve into some of the features in the rest of the chapters.
NetScaler includes a variety of features; some information about the different features and the product itself can be found in the Citrix eDocs available at http://support.citrix.com/proddocs/topic/netscaler/ns-gen-netscaler-wrapper-con.html. eDocs is an ideal place for knowledge and support documentation about setup and configuration of the different features included in NetScaler.
NetScaler comes in three different flavors:
MPX—Physical appliance
SDX—Physical appliance with hypervisor capabilities
VPX—Virtual appliance
The MPX is a physical appliance of NetScaler, which again comes in different models. As an example, the MPX 5550 is the starting platform that consists of an Intel CPU with 8 GB of RAM, and can handle up to 5,000 concurrent SSL VPN sessions and up to 175,000 HTTP requests every second. The MPX 5550 has a maximum throughput of 0.5 Gbps, but it can be upgraded to the 5650, which has 1 Gbps throughput. This only requires a change of license, as it still runs on the same hardware. A long list of different models that suit most business needs is available, depending on the number of users and the kind of service and bandwidth required. The largest physical appliance available is the MPX 21550, which has up to 50 Gbps of throughput.
Note
One of the benefits of NetScaler is that if we need better performance or more bandwidth, we can in many cases just upgrade the platform license to the next edition. You can refer to the NetScaler datasheet to see which platforms can be upgraded and check the specifications of the different platforms at http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/netscaler-data-sheet.pdf.
All of the MPX models come with special SSL chips, which are specifically used to handle encrypted traffic (SSL traffic). NetScaler uses an architecture called nCore, which allows it to intelligently load balance the SSL operations among the chips available on the hardware. This allows for faster handling of SSL traffic on the platform. Also, an important point to remember is that each platform has a limit to the number of SSL-based operations and throughput it can handle each second, which can be viewed in the datasheet mentioned earlier.
The SDX is a special platform available on many of the same models as the MPX, as it uses the same underlying hardware. The difference is that the SDX itself cannot perform load balancing or any other NetScaler functions, as it is just a virtualization platform that runs a virtual NetScaler (VPX) on top of itself. By default, when purchasing an SDX, it ships with five VPXs. SDX runs a customized version of XenServer, and from there we can create multiple VPX instances running on top of it, which has all of the NetScaler features. This platform is better suited for multitenant environments; it is also suitable when we want to isolate the traffic into separate instances with dedicated bandwidth, VLANs, and/or applications.
Also important to remember is that when we have an SDX, we can have multiple VPX instances running—all with different software versions.
The VPX is available for XenServer, KVM, VMware, and Hyper-V, or as an instance on the SDX platform. The VPX can also be deployed on public cloud providers such as Microsoft Azure or Amazon Web Services.
There is a minor difference between running VPX in a regular virtual environment and as part of an SDX environment. In an SDX environment, the VPX has access to the onboard SSL chips and is able to handle SSL traffic accordingly. In a regular virtual environment, the VPX can handle only limited SSL traffic, as it is dependent on the virtualization host CPUs. Regular CPUs are not designed to handle SSL traffic as well as SSL chips; therefore, they have a soft limit on how many SSL connections they can handle. This can be seen in the NetScaler datasheet mentioned earlier.
Barry Schiffer has written an excellent article on NetScaler sizing and what model to choose, which I would recommend taking a look at if you are unsure of what to use. This article is available at http://www.barryschiffer.com/citrix-NetScaler-platform-sizing-guide/.
NetScaler also has different types of editions, and depending on the level, it will grant access to the different features. The three editions are Standard, Enterprise, and Platinum.
Standard is the most basic edition and contains most of the basic features, such as load balancing, SQL load balancing, NetScaler Gateway (formerly known as Access Gateway), network optimization, HTTP/URL rewrite, and more. The Enterprise edition gives us Global Server Load Balancing (GSLB), HTTP compression, AAA management, frontend optimization and surge protection. Lastly, the Platinum edition gives us CloudBridge, full NetScaler Insight Center functionality, application firewall, and more. An important point to note here is that on an SDX appliance, all the VPX appliances have Platinum edition features.
There is also a dedicated Gateway instance that only has the NetScaler Gateway feature available. This only comes in a VPX 50 instance, which basically means that it has a 50 Mbps bandwidth limit and can only be used for Gateway features such as ICA-proxy, SSL VPN, or VPN. It is also available as a physical unit, the NetScaler Gateway MPX 500, which has the same limitations but up to a 500 Mbps bandwidth and a higher number of concurrent users.
Now, many of these features may be unfamiliar to you, but these will be covered throughout the later chapters.
Note
The complete feature set of NetScaler and its different editions can be found in the NetScaler datasheet available at http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/netscaler-data-sheet.pdf?accessmode=direct.
The datasheet for NetScaler Gateway can be found here https://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-netscaler-gateway-secure-remote-access-from-anywhere-on-any-device.pdf.
One of the things that I mentioned earlier was that in case we needed more bandwidth or better performance, we could just upgrade the license to another platform. The same goes for features as well; if we need features that are available in the Enterprise edition and we have only the Standard edition, we just have to buy a license upgrade to access those features. If, for example, we are in a situation where we need more bandwidth for a period of time, we can also purchase something called burst licenses. Burst licenses allow us to extend our bandwidth on the appliance, for example, for 90 days.
Note
There is also a free edition of the VPX called VPX Express. The VPX Express has the same functionality as VPX standard, but it has a limit of 5 Mbps of throughput and is valid for one year at a time. It also gives you access to running up to five users with NetScaler Gateway, which we will go through in the next chapter.
Many may be familiar with the previous releases of NetScaler and some of its capabilities. Therefore, we decided to add what is new in version 11 of NetScaler OS. Version 11 was released in June 2015, and it introduced a bunch of new features and capabilities, including the following:
Unified gateway
Partition administration
Media classification
Jumbo frames support for VPX
TCP Nile congestion algorithm
Portal theme customization
Web-front
Authentication dashboard
HTTP/2 support
Most of these topics will be covered throughout this book. If you wish for more information about version 11, you can read the release document at https://www.citrix.com/content/dam/citrix/en_us/documents/downloads/netscaler-adc/NS_11_55_20.html.