Citrix Netscaler 10

Citrix systems recently announced the release of Citrix Netscaler 10. I am excited about several of the new features that Netscaler has to offer. This major release has over 160 new features.

Triscale is perhaps the most compelling and interesting feature announced in Netscaler 10 allowed you to scale up and out at will. Netscalers have thus far been a HA Active/Passive configuration and done well but can now work as a cluster. It introduces the 3 key factors around scalability which addresses all your needs immaterial of what nature of business you have and what is your deployment model.

  • Scale UP – on demand growth up to 5x on single hardware
  • Scale IN – consolidation of 40 appliances in single unit
  • Scale Out – capacity scale by adding nodes up to 32x

The Clustering technology which enables Scale Out factor by 32x is just wonderful as it works seamlessly on all hardware and software NetScaler appliances. NetScaler 10 introduces this biggest infrastructure change where you can Cluster NetScaler nodes together to drive through any kind of performance and scalability requirement. It focuses on how easily you can transition from multiple nodes working in isolation to logical Cluster of nodes without any physical hardware requirement. It also has a simplified extension model where you can keep adding nodes based on your scale requirements without disrupting the production traffic. It helps reduce the power usage and rack space consumption from Datacenter/Cloud point of view and can be huge for a large deployment.
Here are quick facts on Cluster:

  • Cluster of NetScaler nodes
  • Can be formed with 2 to 32 nodes
  • Single system image for end user
  • Built on NetScaler nCore architecture
  • No Chassis or new hardware required
  • Dynamic changes permitted

Cluster Benefits:

  • Provides linear scalability
  • Higher Throughput
  • Configuration Scalability
  • In-built Fault Tolerance
  • Active-active Support
  • Active-standby Support

Let us get to other functional and usability enhancements in NetScaler 10.

Traffic Management Enhancements:

  • TCP Westwood support
  • Dynamic TCP receive buffer size
  • Advance policy support for SSL
  • Ability to flush Surge Queue
  • Rule Based Persistence for TCP/SSL_TCP
  • TXT record support in DNS
  • DBS Auto-scaling
  • Responder action for Timeout
  • Better Entity Scalability
  • String based custom server id persistence
  • Preferred backup list for GSLB Proximity
  • Rewriting NX domain responses
  • Slow Start fine tuning at Vserver layer
  • Multiple firewall LB vserver support
  • NetScaler Based persistent ETag
  • NetScaler tracing enhancements
  • Set-cookie header logging for Weblogs
  • Custom Client-IP header logging for Weblogs
  • Multiple Binding for Content Switching Policies
  • SIP Expression Support
    • Content Switching
    • Rewrite
    • Responder
    • Rate Limiting

Lots of new features and capabilities, increasing the overall value of NetScaler solution. TCP Westwood can act really well in wireless environments. Entity scalability is critical for the larger deployments with huge number of entities around. SIP expression support makes us SIP aware at layer 7 and you can do all kind of layer 7 processing for SIP traffic… technically acting as a SIP firewall :)

DataStream Enhancements:

  • Responder for DataStream
  • Rate Limiting for DataStream
  • Token LB for DataStream
  • AppFlow for DataStream
  • Logaction for DataStream
  • Caching for DataStream

DataStream was the biggest innovation in ADC world recently and was introduced with previous release in NetScaler. Now with NetScaler 10 you have all the layer 7 feature modules supporting Database traffic, which add value to HTTP/TCP flows today. So it is completely integrated into the system with advance policy support. The advantages from DataStream Caching and AppFlow would be huge and a real game changer…
AAA Enhancements:

  • SAML 2.0 Consumer Support
    • Service Provider Initiated
    • Identity Provider Initiated
  • NTLMv2 Session Support
  • NTLMv2 Signing Support

NetScaler has the strong AAA module and adding further support for NTLMv2 protocol helps with seamless integration into the Microsoft environment. The real game changer here is SAML which is becoming standard authentication and SSO protocol for the Cloud services and deployments. Having SAML 2.0 consumer support is excellent because it enables us to work with various Identity providers. Along with providing other ADC services in Cloud, SAML support will make us de-facto choice for Cloud deployments.
XA/XD (WIonNS) Enhancements:

  • Client Plugin Download options
  • Login Page Customization
  • Mobile Receiver client support
  • Handling Case sensitivity
  • Multiple Client Access Methods
  • Address Translation

In order to ease up XenApp/XenDesktop deployments, one of the major step was to have the capacity to host Web Interface on NetScaler. It has huge benefits and to further increase the value proposition multiple enhancements are done to this module.
Visibility Enhancements:

  • Action Analytics
  • AppFlow
    • New HTTP Export Parameters
    • Support for MySQL and MSSQL
    • EdgeSight record templates

Visibility became the mainstream focus for us in last release where AppFlow was launched. AppFlow made it possible to see the statistics all the way from layer 2 to layer 7 which was not possible with older standards. As we get deeper into Cloud deployment and even within Enterprise, Visibility requirements are becoming more important and this release enhances the core AppFlow standard to add end to end application visibility.
NetScaler 10 brings out another exciting feature called “Action Analytics” which is a runtime analytic engine generating all kind of visibility into the applications. It brings in the on-board analytic ability which can be fed back into the policy evaluation cycle. Think of the use case of Caching responses for only Top 10 URLs flowing through the system at any point in time…
AppExpert Enhancements:

  • Ability to import Responder page
  • Support for HTML5 content parsing
  • New advance expression support

AppExpert layer has been driving many exciting features in last many releases. This release addresses both functional and usability features for AppExpert.
Optimization Enhancements:

  • Dynamic Cache Memory
  • Multi Part byte range support
  • Metadata optimization
  • Seek streaming

NetScaler 10 adds substantial functional features to the optimization layer and brings out the benefits of Cache engine. With these core architectural enhancements the Cache engine can store more objects, process responses faster and handle multi part HTTP requests.
Application Firewall Enhancements:

  • CEF Logging
  • CSRF learning
  • Click to Rule AppFw
  • Sessionless security
  • AppFw policy manager
  • Signatures for Response side checks

On Security front as well the AppFw module comes with bunch of exciting enhancements. Click to Rule could be very handy and useful while you want to relax the protection rules. CEF logging can help integration with 3rd party security products. Sessionless security helps with reducing memory usage significantly on the NetScaler platform while resulting into better security.
Networking Enhancements:

  • Network Profiles
  • Logical grouping of IPs
  • IPv6 Support
    • SNMP
    • LLB
    • PBR
    • DSR
    • RNAT
    • Route with VLAN as nexthop
    • Extension Header parsing
    • IS-IS Routing
    • Monitoring gateway health
    • ACL Enhancements
      • Increased Extended ACL              
      • Better ACL Flush support
      • Rename support for extended ACL and ACL6

Networking infrastructure bucket has several useful enhancements and specifically the IPv6 support has come through a long way. This is a blockbuster release reducing IPv6 parity with IPv4 features and bringing them on same ground. Network Profile as a feature will be loved by everyone as it helps in several use cases. ACL enhancements are again very useful and would apply to most of the use cases.
Other Security Focused Enhancements:

  • Configurable SYN cookie protection
  • Runtime detection of SYN attack
  • Protection against TLS Reneg attack
  • Adaptive request timeout for HTTP DoS

Security has remained our focus and with every release NetScaler adds value to the core protection layer. With NetScaler 10 we have introduced better SYN attack protection ability with runtime detection engine. TLS renegotiation MITM attack was under heavy focus last year and we have core protection added with multiple options as well. NetScaler 10 also addresses the popular Slowloris and Slowpost kind of attacks which troubled many Application and Web deployments worldwide.
Manageability Enhancements:

  • Lightweight GUI
  • Most pages moved to HTML
  • Pagination support on UI
  • Easy user navigation support
  • Load Balancing Templates
  • Deployment Wizard for BR LB
  • NITRO Enhancements
    • Exception handling
    • Accept header support
    • Content-Type header support
    • HTTP Error code utilization
    • Login auth token support
    • Authentication using HTTP headers
    • Allow warning in NITRO responses
    • Cluster support with NITRO

Netscaler 10 Documentation