NetScaler

This depends on several factors. Cloud-hosted Citrix Gateway service and Adaptive Authentication service are great replacements for secure access to Citrix resources within your network without the need to deploy and maintain NetScalers yourselves. However, the this does come with potential drawbacks which customer managed NetScalers are better suited to handle:

• Security teams need to see the details of Citrix sessions traversing the edge of the network via audit logs, which are not as easily available in the cloud solution.
• You need control over encryption keys (SSL/TLS certificates), ciphers, require the ability to tune TCP profiles to optimize for certain network conditions, or get value from HDX Insight analytics (detailed network-level performance metrics on Citrix sessions).
• Your use cases require zero downtime and cannot tolerate the 99.95% SLA of Citrix Gateway service, or the fact that Adaptive Authentication service is not geo-redundant cannot be tolerated.

If none of these considerations are deal breakers, then Gateway service may be right for you. If using Citrix Workspace service, you can also use both customer-managed Gateways and Citrix Gateway service on a per-Resource Location basis for maximum flexibility. Our field experience has shown that enterprise customers and those with mission critical use cases tend to always use their own managed NetScalers, even if using other Citrix Cloud services such as Citrix DaaS.

This is a common misconception for those not deeply familiar with NetScaler.

The long version: NetScaler’s largest use case has been traffic management for many of the largest .COMs and Internet-powered services worldwide. Whether you’re paying online via credit card or PayPal, using Apple products such as iPhone or Samsung phones, or making purchases on Amazon, Walmart, or eBay, using major trading platforms, you’re using NetScaler. NetScaler also powers two of the world’s leading public cloud platforms: AWS and Azure. They handle an estimated 75% of the Internet’s traffic. This makes NetScaler arguably the most battle proven platform of its kind and is why 90% of Fortune 500 companies have NetScalers in their datacentres and cloud regions to manage, optimize, render highly available, and secure their web and Citrix apps. NetScalers are prominent in most Citrix customer environments as it’s the only supported platform outside of Citrix Gateway service for securely proxying the ICA protocol, with its history rooted in the legacy Citrix Access Gateway appliance being ported into NetScaler over a decade ago.

The short version: Citrix is but one of many use cases NetScaler is known for and is commonly found where Citrix is found as it is the only supported method of securely proxying Citrix traffic to remote users (other than Citrix Gateway service). It is but a feature of NetScaler, not even an original one. NetScaler technology runs much of the modern Internet with an estimated 75% of Internet traffic touching a NetScaler at one point. 90% of Fortune 500 companies entrust NetScalers to deliver, secure, and optimize their web apps and Citrix apps.

NetScaler uses a single code base across all its platform versions, simplifying administration. Its software-driven and single-pass architecture result in significant performance advantages over F5. NetScaler has a significantly more mature management and analytics control plane, NetScaler Console (ADM), to centrally manage and orchestrate fleets of appliances, while providing advanced performance and observability analytics on both appliances and the apps hosted upon them. This differs greatly from F5 which requires numerous tools to manage different types of appliances and with less capability in most cases. Furthermore, NetScaler’s total cost of ownership is often superior.

NetScalers are available for on-premises deployments in physical or virtual form and on major public clouds in virtual form. While many public clouds offer load balancing as part of their network stack, they lack advanced features and intelligent application-level monitors which can result in failures going undetected. They are basic load balancers at best with no traffic management, acceleration, or request/response transformation features. Security features are also add-on services further increasing costs. In large deployments, we have even found the volume-based pricing of these services surpass the costs of NetScaler altogether. NetScaler provides far more capabilities than the native load balancing services on offer, all for one predictable price in one place.

NetScaler security and infrastructure assessments (also known as health checks) are one of our hallmark services, which we’ve even helped standardize for the vendor’s consulting organization. Continually updated as features, code, and standards change, our 260+ point NetScaler inspections provide customers actionable insights into their risk areas and areas for optimization in the realms of security, availability, performance, and supportability of their NetScaler configuration and architecture. Book a chat with us, we’d love to discuss further. For those who prefer a little more self-sufficiency, we have authored a book which covers the basic foundations of a securely configured NetScaler appliance, complete with context, checklists, and things to watch out for.

NetScaler offers several key security features, including:

• The industry’s fastest web application firewall for protecting against common web vulnerabilities both known and unknown
• SSL offloading and encryption for secure data transmission that offloads processing and protects your back-end servers, enforces strict SSL/TLS settings, and allows other security inspection features to function
• DDoS Protection and rate limiting to maintain service availability by thwarting a range of denial-of-service attacks
• Robust Authentication and Authorization controls for secure access to sensitive web apps and Citrix resources including device posture checking and contextual access controls
• Policy-based firewall rules, geo-blocking, and traffic filtering to restrict traffic from unauthorized or authorized networks and other conditions
• Real-time IP reputation filtering to block traffic from known malicious IPs to reduce attack vectors and bandwidth wasting traffic
• Bot management to protect web apps from site scraping and wasting bandwidth/resources of your servers
• Micro-segmentation for enhanced virtual environment security
• Secure Remote Access via Citrix Gateway for secure ICA proxy to Citrix resources, RDP-based servers, and various VPN solutions
• API Gateway to protect API-driven software from related security attacks, which have been on the rise in recent years

These features collectively strengthen the security of network and application infrastructures, doing so within one form factor to save on both costs and performance.

NetScaler Console (ADM), available as an on-premises platform or cloud service is the centralized management and monitoring control plane for your suite of NetScalers. This powerful platform handles orchestration, event monitoring and logging, automated backups, automated appliance upgrades, custom reporting, advanced traffic analytics and observability, security analytics, and more from one pane of glass and across your fleet. ADM simplifies NetScaler administration significantly, saving organizations time and money.

NetScaler Console (ADM) powers autoscale and orchestration capabilities, allowing NetScalers to be auto deployed and configured to align with dynamic app load demands. NetScaler integrates with Kubernetes architecture and can be deployed and configured via Terraform. Collectively, these capabilities enable seamless integration of NetScaler to many DevOps workflows and infrastructure-as-code initiatives to automate and scale your deployments.

Absolutely. NetScaler’s nFactor engine allows for advanced authentication flows that allow decision-based and conditional authentication flows. With support for multiple authentication methods from legacy to modern, group and network-based decision making, endpoint posture, and more, the combinations are endless. nFactor’s flow visualizer makes it easy to assemble and modify authentication workflows keeping administration simple.

NetScaler’s Global Server Load Balancing (GSLB) capability leverages intelligent DNS resolution with condition-based decision making to route client requests to the most appropriate datacentre. Scalable from a mere two sites to dozens, GSLB can route traffic based on load, proximity, and availability. And by configuring intelligent L7 monitors, condition logic can be used to determine health of a given service in the mesh, including its dependencies to ensure users are not directed to a “black hole” service that impacts their productivity, your brand perception, or your losing revenue.

We would love the opportunity to chat with you about the possibilities. Our skilled sales and engineering team will take the time to understand your needs, your current appliance footprint and their utilization, and your business objectives to determine the most suitable options that balance your business, technical, and budgetary objectives.

Ferroque’s team of talented architects, consultants, and engineers service a wide range of professional services engagements and business outcomes built on the foundation of our time-tested consulting methodology and deep expertise on NetScaler platforms in a broad range of industries, scales, and use cases. Our NetScaler managed services team is highly skilled, SOC2 compliant, and supports ongoing maintenance, monitoring, and change control. Our team provides customers peace of mind in the security, availability, and performance of both their NetScalers and the critical applications depending on them.