Skip to main content

I am sure you have seen plenty of “why you should” move articles in the past. And I don’t like posts that work to scare you into choosing one product over another (see my LinkedIn Article “Scare Tactics as a Sales Play.” ) We are going to go through the multitude of reasons why the NetScaler is the better choice to handle the workloads it is given and why right now is the best time ever to move your workloads to NetScaler.

First, let me start with some information about NetScaler. This product was acquired by Citrix in 2005. They are less well-known than some of their competitors in the industry, but that does not reflect how popular they are. Over 90% of the Fortune 500 use NetScalers. Their customers include the two largest public cloud platforms, the two largest smartphone networks, the largest online retailers, many of the largest banks and financial institutions, and the largest healthcare providers. It is estimated that 75% of all internet traffic passes through a NetScaler daily.

You might think all providers are alike, but you would be wrong. NetScaler offers many differentiators that F5 cannot compete with. Let’s look at a few of the biggest ones.

First, the NetScaler management solution is the NetScaler Console Service. This console allows you to manage all forms, versions, and implementations of the NetScaler product line. To manage F5 products, you would need to open BIG IQ Controller, Silver Line Portal, Aspen Mesh Controller, Nginx Controller, BEACON, or iWorkflow, depending on what changes need to be made and where they need to be made.

This is due primarily to the multiple different codes used on F5 products. There is one code for Big IP North-South traffic running on physical hardware. There is a second code for the Big IP Virtual Edition. If you need support for Cloud Native functions, you must use the Nginx code (provided you wanted the F5 version and not the free version of Nginx Ingress). This dilemma stems in no small part from F5’s ASIC-defined architecture whereas NetScaler has been a software-first platform since its inception, leveraging continuous advancements in Intel processors and enabling the same code base to be deployed on both physical and virtual appliances. These appliance options include:

  • MPX – NetScaler hardware running the NetScaler code natively on the hardware and equipped with SSL acceleration cards. They are available in standard and FIPS-compliant options.
  • VPX – The NetScaler virtual appliance. This appliance is built to run on most virtualization platforms (VMware ESX, XenServer, Nutanix AHV, KVM) and the top three Cloud Providers (Azure, AWS, and GCP). SSL acceleration occurs in packet processing engines (PPEs) of the appliances. These instances are offered in standard and FIPS-compliant options as well.
  • SDX – NetScaler hardware running multiple versions of the virtualized appliance permitting separation of networking and the ability to grant permissions granularly. This hardware also includes SSL acceleration cards that can be mapped to the VPX instances.
  • BLX – Use any commercially available hardware running many of the most popular flavors of Linux and run the NetScaler code on top of it.
  • CPX – The Containerized version that handles traffic inside of a pod or multiple pods for Cloud Native functions.
Source: TechValidate. TVID: C60-C4C-F84


Cloud-native functionality is one of NetScaler’s strongest differentiators. The container version provides all of the NetScaler features to any pod running the CPX version for East-West traffic. Included is the Ingress Controller, which can be configured to modify the external NetScalers, whether they are SDX, MPX, VPX, or BLX, and enable traffic to the cloud-native applications. The Ingress Controller can enable this automation for any pod, whether it has a NetScaler CPX or uses Nginx, HAProxy, etc. This gives the developers the ability to enable ingress to their applications without needing to know anything about how to modify a NetScaler. In addition, it enables the ability to have Red/Green deployments and easily switch between deployments as development progresses. If you want to enable a ”canary” deployment, the Ingress Controller can help you send a small percentage of the traffic to the new code while maintaining most of the traffic on the old code.

Licenses are truly portable. They can be utilized on all versions of NetScaler. For developers, there is a free CPX version that has all the NetScaler features enabled and permits up to 100 MB of throughput, so they can write and test everything locally without needing to apply a license. Once the code is ready to deploy, the license can be applied to the container. F5 virtual edition licensing applies only to F5 virtual edition. If those are running on an F5 hardware appliance, they can be moved. However, hardware running the native code cannot share licensing with the virtual edition. It also cannot share it with other hardware appliances. And obviously, Nginx appliances have to have their licenses.

Citrix recently announced some changes to their licensing, which can prove to be very lucrative for customers. Their Hybrid Multi-cloud (HMC) license now includes unlimited instances of NetScaler and 1,000 GB of throughput as part of the license. If you are an existing Citrix customer looking at or have already obtained the HMC license, you could run as many NetScalers as you want! The Platform license they also announced permits unlimited instances and unlimited bandwidth!

Now is the ideal time to switch from F5 to NetScaler, seizing the opportunity to benefit from a more sophisticated and flexible platform architecture, while also achieving considerable cost savings as F5 refresh expenses increase. – Michael Shuster, CEO – Ferroque Systems

NetScalers do everything they do in a single-pass architecture regardless of the number of features enabled. As the traffic passes through the NetScaler, it acts on the traffic in flight. Many of the capabilities of F5 require that the traffic be sent via rules (iRules) to a function like web application firewall running on the hardware, and then it can return to the network to get passed on to the next function in a linear fashion, adding latency. This has allowed NetScaler to consistently outperform F5 in handling the same amount of traffic. A Tolly Group study showed:

  • 1/5th the latency under stress in data throughput.
  • 1/2 the latency under stress in transactions.
  • 10% greater transactions.
  • Lower latency in all tests with the WAF enabled.

Ferroque Systems has a truly talented staff that works with NetScaler every day. Our team has consulted on a broad range of NetScaler use cases including appliance fleets numbering in the hundreds. Our personnel can assist with obtaining NetScaler licensing and moving your workloads from the F5 over to NetScaler. It is even possible we can do the work at no cost to you. Ask our team today for a NetScaler demo or for more information on how you can take advantage of the best application delivery available!

To learn more about the ins and outs of F5 to NetScaler migrations and how the new license changes benefit customers, join us on March 28th 2024 for our TECH TALK: Trade Legacy for Legendary – Migrating to NetScaler from F5.

Redefine Your Approach to Technology and Innovation

Schedule a call to discover how customized solutions crafted for your success can drive exceptional outcomes, with Ferroque as your strategic ally.
Would love your thoughts, please comment.x