What exactly is Netscaler and why do I need it?

[steinooo]

Hi all,

I have a large Citrix farm which is showing its age, it has a Web interface 4. something and I'm being asked to upgrade it to a newer version of the web interface to support some recent two factor authentication.

I started looking up upgrading the web interface and saw Netscaler. I read this article as to it's features, and it all sounds very impressive, but I'm just wondering, can anyone describe to me please do I need Netscaler AND a web interface?

One of the main features I can see that we would benefit from is the fact that you can maintain access to Citrix apps when outside of the network as it does some authentication wizardry.....so am I right that if I bought a netscaler as well as upgrading the web interface, the main benefits would be that one and possibly some better performance of the Citrix apps?

 

[steinooo]

that's a lot of money. I'm even more glad I asked the question now

Essentially I was wondering if it's possible to still just use a web interface or storefront without a netscaler gateway

 

[steinooo]

Caged - don't really want VDI, i'm on about current Xenapp

Xez and Deathwish - Up to ~400 concurrent, 1500 total. I tried the free version once and managed to integrate our RSA but wondering if it is really necessary if I can just use like you say, CAG as a web interface. Running a mix of farms I want to aggregate through the same WI 4.5, 6 and 6.5.

 

[steinooo]

thanks for that Deviant.

Yes we have a single DMZ, when I tried Netscaler using the free license I remember it was configured as just one virtual machine and it worked.

The reason I'm confused is that I don't need any of the features you mentioned, simply to provide remote access to the Citrix farm (I don't think it can offer access to SMB, Sharepoint etc....) Imo the one feature which may be worth the cash is the SSL VPN it creates giving access to Citrix apps from outside of your corporate network

I thought as much regarding Storefront, and thanks for clarifying. I am happy to replace WI with Storefront, but wondered whether it was necessary to have a Netscaler in front of it.

 

[steinooo]

they lack the dedicated SSL offload hardware of a physical appliance, the SSL encryption/decryption must be handled by the CPU, the result is that a VPX will exhaust its CPU with as few as 50 connections.

That could be the dealbreaker for an appliance over the VM then, there will be many more than 50 connections concurrently. Thanks for that, I didn't know that.

Storefront is a bit flaky iis 40 mbyte http server running on windows server that is one of the reasons why people use netscaler and not just stick storefront on the wan. Netscaler is made on freebsd.

I see what you mean that having a Windows server on a WAN is more of a security flaw than a hardened appliance like Netscaler, but what do you mean about 40 mbyte?

 

[steinooo]

If you want to allow remote access to Citrix, Netscaler Gateway is the best option, VPX will only support up to 500 Ica connections though.

I just checked and it says 1500 on their datasheet.

Not sure an absolute is the best in this reference. We run VPX's (10.5) in our ESXi estate with SSL offloading on 2000+ connections and they don't break a sweat.

I thought this may be the case. Do you just use the hypervisor layer to do your HA for you?