Interview with the NetScaler Team: NetScaler is an ADC, SSL VPN and ICA Proxy

by Laure Cetin, Citrix

I still consider myself pretty new at Citrix, having been with the company “only” 18 months, but one thing that strikes me as I talk to community members is how much they like our product NetScaler. One of them even told me once that doing NetScaler implementations is what gets him out of bed every morning! Let’s see if he recognizes himself 😉

Citrix is sometimes better known for its virtualization products than its networking offering, so I thought I would show NetScaler some love in a blog post.

I sat down with Marissa Schmidt last week, she is Director of Product Management in the NetScaler team. I wanted to get some news from the product team and understand how community feedback has helped Citrix improve NetScaler.

Laure Cetin: What new features have you recently implemented based on customer feedback?

Marissa Schmidt:

  • Security Insight was just released with 11.0.65. It provides more application visibility for threats. You can now get insight into application issues and into your users (e.g. configuration changes and giving users access)
  • Gateway Insight was released with 11.0.65. It is used for Unified Gateway and provides visibility into issues related to user authentication and authorization to any application
  • IP reputation: there are millions of malicious IPs out there and we are now able to block them with a third party tool. That came with 11.0.65 as well
  • SSL: we introduced more cipher improvements since security is top of mind. It’s an elliptic curve algorithm for better encryption
  • Admin partition improvements: based on CTP feedback at Summit, we will introduce our web app firewall later this year. 

And earlier this year, my former colleague Alice Goldstein sat down with Akhilesh Dhawan, Principal Product Marketing Manager for NetScaler. They talked about various things such as best practices, innovative use cases and outlook for 2016. Alice didn’t get to finish the interview transcript before she left the team in February, so I am sharing the content with you in this blog post.

Alice Goldstein: How are customers using NetScaler?

Akhilesh Dhawan: Customers are using NetScaler in multiple ways. I think it is important to understand that NetScaler is not only used as an ADC solution but is also used to securely deliver virtual apps and desktops (NetScaler Gateway) and for SSL VPN (Unified Gateway) based remote access to any application. In NetScaler 11.0 released in June 2015, we introduced new features for Unified Gateway. These capabilities allow you to consolidate all of your existing remote access infrastructure – ADCs, SaaS gateways, mobile gateways, and SSL VPN remote access solutions. All of these different application delivery networks/solutions can be combined into a single NetScaler solution. One solution is much easier to manage, is more cost efficient and provides a consistent and better end user experience. As a part of our SSL VPN offering, NetScaler is also used as a single sign-on solution for all enterprise, virtual and cloud applications.

AG: Can you talk more about the concept of Unified Gateway and where it came from?

AD: NetScaler has had SSL VPN offering since a long time but our focus has been on selling NetScaler mainly as an ADC or an ICA Proxy solution for XenApp and XenDesktop. In this time, our customers have implemented multiple point products for remote access from multiple vendors and now are facing operational issues with managing these redundant solutions. We spoke to a lot of customers on this issue and shared our thoughts on Unified Gateway and how it can help consolidate their remote access infrastructure. The feedback we received from our customers was very promising and we decided to release this offering introducing new features and capabilities. Now we are proud to say that our product for SSL VPN is second to none.

Here is a whitepaper that describes how NetScaler with Unified Gateway consolidates your secure Remote Access Delivery Infrastructure with one URL.

AG: What industries are using NetScaler?

AD: NetScaler is used across all industries. Every industry is using virtualized apps and desktops and also have need for allowing remote users to access traditional and cloud based applications.

AG: Are there some use cases that have emerged that you find very innovative?

AD: We have a feature called content switching in Unified Gateway. There is a prevalent use case in SSL VPN world on URL rewrite that works OK for applications that do not use new technologies like HTML5 or are SaaS based. Customers who are using URL rewrite are going to face some problems because when you use HTML5 or build applications in a SaaS environment it is very hard to do the URL rewrite that you have been doing for other enterprise applications in the datacenter. It will break. A new feature called content switching allows Unified Gateway to forward the request to a gateway VIP for an application depending on the content being accessed by a user and is a much better alternative to URL rewrite.

We do also offer URL rewrite for applications like MS SharePoint, OWA etc.

AG: I understand that NetScaler best practices start with knowing how many users you will have on NetScaler. As these users grow, do best practices change and how?

AD: The scalability of NetScaler is a very important factor in deciding which appliance to use in your environment. From a performance and scalability perspective, here are three best practices to keep in mind:

  1. Evaluate the number of concurrent users that you are supporting today, as well as how many users you may have a couple of years down the line. This will provide a buffer, as well as an appliance for better performance for your NetScaler ICA proxy.
  2. Take into account how much data you will need to process. If you are looking at both ICA proxy as well as SSL VPN use cases, then the size of the appliance will vary
  3. Consider if you are looking at enabling AppFlow for getting visibility into your application and network traffic, then have a buffer in mind for the amount of processing power you will need for setting up your NetScaler box 

AG: What NetScaler industry solutions are available out of the box?

AD: NetScaler caters to different industries with different compliance and regulatory requirements. We have 3 form factors of our appliances. A single tenant hardware appliance (MPX) for any size customer, a multi-tenant hardware appliance that can run up to 80 instances of NetScaler as well as our partner solutions, specifically for service providers and large enterprise customers, and a virtual appliance for small to medium sized businesses. The best part is, that NetScaler provides the same features across all the different form factors.

AG: I read in the community that people were looking for policies and components that are recommended for specific industries like government and federal institutions.

AD: We recommend partner solutions that specialize in certain industries and customer sizes. You can find a Citrix Partner here.

As an example, for our Government or Federal customers we have very strong integrations with partners like Thales who provides a FIPS compliant hardware. NetScaler has a FIPS compliant hardware tool but Thales also provides additional compliance in terms of key management based on the FIPS guidelines.

And there is more information about each of the NetScaler out of the box solutions here.

AG: Can you cover the new Citrix NetScaler features that have been released to enable a deeper integration to other Citrix products?

AD: NetScaler 11.0 supports Framehawk. This is a feature of XenApp and XenDesktop. It enables data delivery on high intensity networks. And that gives NetScaler users better performance out of their deployments.

We also have a very close integration with Storefront. For Storefront the integration allows SmartAccess policies to NetScaler for endpoint analysis of end user devices before the start of their session.  SmartAccess can be implanted as your contextual access control policies. For example, if a user is logging in from a remote location or if the user is not using a corporate device, SmartAccess can be used to enforce certain policies to provide limited access for theses users.

And there is another feature that we just released with 11.0. It’s called SmartControl. SmartControl allows enforcing of very granular policies like cut, copy, and drive mappings for XenApp and XenDesktop environments. These policies are enforced and managed through the NetScaler Appliance UI. The user can enforce these policies on the NetScaler box providing security at the edge of the data center.

In addition to this, we provide complete visibility of XenApp and XenDesktop environments. The data can be viewed using NetScaler Insight Center UI but if you are using Desktop Director, we publish the same information for our customers on the same tool.

AG: Why did you decide to make these features a priority?

AD: Security and providing a better user experience are primary focus for NetScaler. We provide the highest level of security for our customers. Tougher security measures are emerging with BYOD, SaaS/Cloud applications and the latest developments in mobility. It is very important for us to consider these use cases and provide the strongest security possible. We wanted our customers to have this extra security built into the NetScaler box where they can enforce the most granular of security policies.

AG: Are there NetScaler certifications that customers can pursue? 

AD: There are multiple certifications for NetScaler. One is Citrix Certified Professional Networking. We also have Citrix Certified Associate for Networking where you can learn more about essential networking skills. Citrix Education provides more information about such certifications.

AG: What is coming up at Synergy as far as networking and NetScaler is concerned?

AD: We have a very strong Networking focus at Synergy this year . You can check out all the sessions in the Synergy session catalog. In addition, we’re planning NetScaler Connect, a deep dive into networking technology. It starts with a welcome reception, then a variety of sessions focused on networking and NetScaler, and the opportunity to meet peers at Tech Chats or personalized Match.Geek sessions.

AG:  Earlier this year CUGC members shared their predictions for 2016. Here is one shared by Tobias Kreidl about NetScaler: “New versions of XenDesktop, XenApp and XenServer will emerge along with even better integration into NetScaler. NetScaler will be able to add or subtract VCPUs and adjust memory automatically for instances, as needed, on its physical appliances.” Will this become true in 2016?

AD: We are working on something very similar and we will be making these announcements very soon.

AG: What do you see as emerging networking themes for 2016?

AD: Improving the product with new functionality and features for SSL VPN, ICA proxies and ADC solutions. And we are also looking at tighter integration with the cloud platforms, DevOps as well as building a stronger partner community. Security is again going to be the main theme for us.

AG: Do you have anything else you would like to share with the community?

AD: One thing I want to mention for customers who are looking to purchase Unified Gateway as their SSL VPN solution, we plan to have some test drives soon. If someone is interested and you are not already a Unified Gateway customer (not using NetScaler as a SSL VPN solution), please reach out to your Citrix sales representative to participate in these Test Drives. These are free 2-day sessions where you will deep dive into the technology and do some hands-on training.

Leave a Reply