Citrix NetScaler 9
Citrix has once again proved it is a market leader in full-featured application delivery controller (ADC) technologies with the release of the NetScaler 9 network appliances. Beyond the enhancements to the previous release, NetScaler 9 features AppExpert, a market differentiator that lets administrators create (or import) templates for particular applications, such as SAP, SharePoint or their enterprise’s custom applications.
Network engineers are constantly under pressure to get the most out of the bandwidth they have, but customers and employees want data even more quickly and easily than ever before. NetScaler 9 includes integrated caching and compression to help meet these goals.
First and foremost, NetScaler 9 is a load-balancer. In a simple example, consider two web servers with identical content, with users outside the company’s firewall, as shown in Figure 1. NetScaler 9 keeps track of the current connections to each server, so it knows which server is likely to be less busy than the others, and directs new users to that server. Of course, it also knows if a web server is down. That means that even if one of your server operators accidentally formatted the entire disk of Web Server 1, customers can still get to your application on Web Server 2 without changing anything on their end — in fact, they may not notice you’re having server issues at all!
The integrated cache can store frequently delivered content, either static or dynamic, and deliver it quickly to a large number of users: for example, common headers and footers, your company’s logo or that 10 megabyte document that HR just sent out via e-mail to all 150 remote employees. This relieves the server from doing this repetitive task, letting it concentrate on something else, such as delivering your CIO’s e-mail about your bonus.
NetScaler 9’s compression works with modern browsers, such as Microsoft Internet Explorer, Mozilla Firefox, Safari and even Google’s new Chrome browser. It uses HTML 1.1 specifications to compress HTML and text, thus decreasing the actual amount of data that needs to be transmitted from your company to the user. Less data means faster surfing and happier customers.
In a geographically distributed enterprise environment, NetScaler’s Global Server Load Balancing (GSLB) directs each client to the best-performing site available. On the user side, it responds to Domain Name System (DNS) queries with the IP address of the best-performing location or system. On the back end, NetScaler determines which site is performing the best by using the proprietary Metric Exchange Protocol. MEP allows NetScalers in each location to exchange health information with NetScaler devices in other locations. Hence, users will always get the best-performing application available to them.
NetScaler 9 also makes it easier for users to access the enterprise data they need to be productive, such as file shares and other applications that are not exposed to the Internet for security reasons. Naturally, being a Citrix product, NetScaler 9 integrates with Citrix Presentation Server and XenApp. Using NetScaler's Redirector functions, website requests can be automatically translated to secure requests, forcing secure connections and making it so the user doesn't have to remember whether the site is secure or not. NetScaler can also act as a Secure Sockets Layer virtual private network (SSL VPN) gateway, allowing employees to have secure, remote access to your company's local area network.
With secure, remote access, employees can work from anywhere at any time, enjoying the same access to applications and data protected inside your company's network. This increases their productivity, as they can now work from home on the evenings or weekends without driving into the office.
Why It Works for IT
Our network engineers hear not only from the user side, but also from application developers and IT security folks as well. The SSL Offload feature will make all of them happy — an extremely rare occurrence, I assure you. The secure tunnel that SSL creates between the web user and your application is terminated inside the firewall at your NetScaler 9 appliance. Hence, NetScaler 9 performs all the encryption/decryption tasks required by an SSL or HTTPS connection. Encryption/decryption of web traffic can be a processor-intensive task, yet with NetScaler 9, that process no longer takes place on your servers, freeing them up to do other things such as serve up web pages more quickly.
And because the traffic is still secure from outside users to inside your network, the security guys won’t put the kibosh on the idea, either.
Where Citrix really outshines the competition is in its AppExpert feature, new in NetScaler 9. In the past, the network engineer had to configure each application delivery policy separately. There are dozens of different options — which files to compress, cache, redirect and rewrite — and even for two similar applications, the administrator had to painstakingly copy each configuration detail.
This leads to the possibility of faulty configuration (breaking the app) and a very grouchy admin. AppExpert allows you to create a template for your applications, custom or third-party. Once created or imported, you can apply the template to a particular application and then tweak it. Templates for applications such as Microsoft Outlook Web Access and SharePoint, SAP Enterprise SOA and Oracle E-Business Suite are available, or you can fashion your own. A list of AppExpert templates can be found here.
Citrix NetScaler 9 also has other handy features. It can act as an Authoritative Domain Name Server (ADNS), which is especially useful in conjunction with the GSLB feature. The Application Firewall feature examines traffic for evidence of attacks or misuse, and takes appropriate action to prevent them from succeeding. It can prevent data loss by looking for credit card information or Social Security numbers, and has the ability to prevent cross-site scripting and SQL-injection web-application attacks.
So far, a lot of features have been described, which makes Citrix NetScaler 9 feel like wonder-in-a-box. However, buyers should note that not all of the features are available in each edition of NetScaler 9. My review included a test drive of a premium-licensed device, which meant all features were included.
Citrix slices the licensing in two different cuts: features and number of transactions per second. Features are simply added to an existing device through a license key, which means that as you grow and want more functionality, you simply pay for what you need. There are three editions of Citrix NetScaler 9 available: Standard, Enterprise and Platinum. NetScaler has six different appliances ranging from 50,000 transactions per second to 340,000. System and compression throughput increase with price, so NetScaler grows as you do. Make sure you understand what you need before you buy.
Many applications, especially custom ones, are not necessarily ready for load-balancing. For example, if your developers keep a user’s session state in memory, what happens when they click a link and end up on a different web server? In this case, you need to configure NetScaler with persistence, which means that once a user starts on one web server, they stay there. (Or, you can fight with your application developers to store the session state in a database common to all the web servers.) You’ll need to work closely with your applications teams after deploying NetScaler because you’ve in essence become an extension of the application’s logic!
Persistence is just one many of the complex ideas in the load-balancing arena. AppExpert makes it easy to jump right in. In my lab, I had Outlook Web Access and a SharePoint application configured in less than an hour. However, NetScaler was originally designed to fulfill every need, from the simple to not so simple. Deploying a network device like this can quickly become very complex, depending on your requirements. To remedy this, Citrix sends a sales engineer out with every appliance — even to my house in Ohio, where an SE flew in from San Jose to show me how to use the device.
While it’s great to have so many features in one box, the problem may be that some of them don’t quite meet your network architecture requirements. For example, perhaps you have some requirements that the Application Firewall or DNS server simply doesn’t meet. It might make more sense in these cases to buy a standalone device for this functionality. It’s a philosophical decision every IT department must make: best of breed or a homogeneous environment? But if you’re mainly looking for a load-balancer with Citrix synergy, and those features are just a bonus to you, NetScaler 9 should be on your short list.
Dr. Jeffrey Sheen is the lead enterprise analyst for Grange Insurance of Columbus, Ohio.