Welcome to the first chapter of this book. Throughout the course of this book, we will cover most of the different areas where NetScaler serves its purpose. The first chapter will cover a little introduction of what NetScaler is and some of its features. Throughout this book, we will be focusing mostly on how to set up and deploy a NetScaler VPX in a Hyper-V and System Center environment. This is because in the Nordic market, most of the deployments run on Hyper-V; however, the process is not so different for other hypervisors. So to sum it up, here's what we will cover throughout this chapter:
- Introduction to NetScaler
- The definition of Application Delivery Controller
- NetScaler Gateway
- Differences between VPX, MPX, and SDX
- Editions and models
- Setup and configuring the basics
- Some deployment scenarios
NetScaler was an acquisition that Citrix made back in 2005, and it is one of the best selling products in their portfolio today and is pivotal in many large enterprises. Today, many of the largest IT organizations, such as Microsoft, Google, and eBay to mention a few, are using NetScaler in front of their websites and services to ensure availability.
Note
We can check the kind of solution an organization is using on their website by using a free web tool from www.netcraft.com. For example, for eBay, go to http://searchdns.netcraft.com/?restriction=site+contains&host=ebay.com.
NetScaler can be defined as a network appliance with the primary role of delivering services to the end clients who are connecting to it. It does this through the use of different features, such as load balancing, proxy, gateway solutions, and so on. The commonly used term for it is Application Delivery Controller (ADC), as users in many cases connect to their services through, for example, a load-balanced web service such as NetScaler. It also has many features to optimize network traffic, such as web caching, compression, and SSL offloading, to give a service optimal performance. It also includes features such as application firewall, URL rewrite and responder, global server load balancing, and gateway function for XenApp/XenDesktop to name a few. We will cover some of these features in greater detail in a later chapter.
So its whole purpose is to ensure that a service or an application is delivered through different availability and performance features. The following diagram is an example of some of the different uses of NetScaler, and how users can access their different applications and services:
As we can see in the diagram, there are many ways in which we can deliver and ensure content is delivered to the users. Also, there are features that allow us to bridge different infrastructures such as public cloud providers. We will delve into some of the features throughout the rest of the chapters.
There are a variety of features included in NetScaler; some information about the different features and the product itself can be found in the Citrix eDocs available at http://support.citrix.com/proddocs/topic/netscaler/ns-gen-netscaler-wrapper-con.html. eDocs is an ideal place for knowledge and support documentation about setup and configuration of the different features included in NetScaler.
NetScaler comes in three different types of appliances. They are:
- MPX
- SDX
- VPX
The MPX is a physical appliance of the NetScaler, which again comes in different models. As an example, the MPX 5550 is the starting platform that consists of an Intel CPU with 8 GB of RAM, and can handle up to 5,000 concurrent SSL VPN sessions and up to 175,000 HTTP requests every second. The MPX 5550 has a maximum throughput of 0.5 Gbps, but it can be upgraded to the 5650 which has 1 Gbps throughput. This only requires a change of license as it still runs on the same hardware. There is a long list of different models that suit most business needs depending on how many users, what kind of services, and what kind of bandwidth are required. The largest physical appliance available is the MPX 21550, which has up to 50 Gbps of throughput.
Note
One of the benefits of NetScaler is that if we need better performance or more bandwidth, we can, in many cases, just upgrade the platform license to the next edition. You can refer to the NetScaler datasheet to see which platforms can be upgraded and also check the specifications of the different platforms at http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/netscaler-data-sheet.pdf.
All of the MPX models come with special SSL chips, which are specifically used to handle encrypted traffic (SSL traffic). The NetScaler uses an architecture called nCore, which allows it to intelligently load balance the SSL operations among the chips available on the hardware. This allows for faster handling of the SSL traffic on the regular load balancers. Also, an important point to remember is that each platform has a limit on how many SSL-based operations and throughput it can handle each second, which can be viewed in the earlier mentioned datasheet.
The SDX is a special kind of platform available on many of the same models as the MPX as it uses the same underlying hardware. The difference is that the SDX itself cannot do load balancing or any other NetScaler functions as it is just a virtualization platform that runs a virtual NetScaler (VPX) on top of itself. By default, when purchasing an SDX, it ships with five VPXs. SDX runs a customized version of XenServer at the bottom of the appliance, and there we can create multiple VPX instances running on top of it, which have the NetScaler features. This platform is better suited for multitenant environments or when we want to isolate the traffic into separate instances.
The VPX is the virtual edition of NetScaler. It has the same features as the MPX; the only difference is that it runs as a virtual appliance instead of as a hardware appliance. There are four different editions of this platform, VPX 10, VPX 200, VPX 1000, and VPX 3000, where the number stands for the throughput of the device in Mbps.
Note
There is also a free edition of the VPX called VPX Express. The VPX Express has the same functionality as VPX standard, but has a limit of 5 Mbps of throughput and is valid for one year at a time. It also gives you access to running up to five users with NetScaler Gateway, which we will go through in the next chapter.
The VPX is available for XenServer, VMware, and Hyper-V, or as an instance on the SDX platform. There is a minor difference between running VPX in a regular virtual environment or as a part of an SDX environment. In an SDX environment, the VPX has access to the onboard SSL chips and is able to handle SSL traffic accordingly. In a regular virtual environment, the VPX can handle only limited SSL traffic as it is dependent on the virtualization host CPUs. Regular CPUs are not designed to handle SSL offload very well as compared to SSL chips; therefore, they have a soft limit on how many SSL connections they can handle. This can be seen in the NetScaler datasheet mentioned earlier.
Barry Schiffer has written an excellent article regarding NetScaler sizing and what model to choose, which I would recommend taking a look at if you are unsure of what to use. It is available at http://www.barryschiffer.com/citrix-NetScaler-platform-sizing-guide/.
NetScaler also has different types of editions, and depending on the level will grant access to the different features. The three editions are Standard, Enterprise, and Platinum.
Standard is the most basic edition, and contains most of the basic features, such as load balancing, SQL load balancing, NetScaler Gateway (formerly known as Access Gateway), network optimization, HTTP/URL rewrite, and more. The Enterprise edition gives us Global Server Load Balancing (GSLB), HTTP compression, AAA management, and surge protection. Lastly, the Platinum edition gives us CloudBridge, full NetScaler Insight Center functionality, application firewall, and more. An important point to note here is that on an SDX appliance, all the VPX appliances have Platinum edition features.
Now, many of these features may be unfamiliar to you, but these will be covered throughout the later chapters.
Note
The complete feature set of NetScaler and its different editions can be found in the NetScaler datasheet available at http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/netscaler-data-sheet.pdf?accessmode=direct. There is also another edition called NetScaler Gateway VPX, which is a virtual appliance containing only the gateway feature.
One of the things that I mentioned earlier was that in case we needed more bandwidth or better performance, we could just upgrade the license to another platform. The same goes for features as well; if we need features that are available in the Enterprise edition and we have only the Standard edition, we just have to buy a license upgrade to access those features. If, for example, we are in a situation where we need more bandwidth for a period of time, we can also purchase something called burst licenses. Burst licenses allow us to extend our bandwidth on the appliance, for example, for 90 days.