NetScaler Technical Aspects

L4-7 Traffic Management  |   Application Acceleration  |   Network Integration
Application Security  |   Simplified Installation & Management

L4-7 traffic management

Layer 4 load balancing (LB)

• Protocols supported: TCP, UDP, FTP, HTTP, HTTPS, DNS (TCP and UDP), SIP (over UDP), RTSP, RADIUS
• Algorithms: Round Robin, Least Packets, Least Bandwidth, Least Connections, Response Time, Hashing (URL, Domain, Source IP, Destination IP, and CustomID), SNMP-provided metric, Server Application State Protocol (SASP)
• Session persistence: Source IP, cookie, server, group, SSL session, SIP CALLID, Token-based, JSESSIONID
• Session protocols: TCP, UDP, SSL_TCP
• Server monitoring: Ping, TCP, URL, ECV, scriptable health checks, Dynamic Server Response Time
• Link load balancing Layer 7 content switching
• Policies: URL, URL Query, URL Wildcard, Domain, Source/Destination IP, HTTP Header, Custom, HTTP and TCP Payload Values, UDP Rate-based policy enforcement
• Trigger NetScaler policies based upon connections per second, packets per second, or bandwidth used
• Source or destination-based upon header or payload information Global server load balancing (GSLB)
• Algorithms: site health, geographic proximity, network proximity, connections, bandwidth, AG-E SSL VPN users
• Site health checking on status, connection load, packet rate, SNMP-provided metrics Content rewriting and response control
• Policy-based bidirectional rewriting of HTTP header and payload elements
• Policy-based redirection of incoming requests
• Body URL rewrite
• Responder module
• Custom responses and redirects
• Policy-based routing
• Network aware policies

Application acceleration

TCP optimization

• Multiplexing, Buffering, Connection Keep-alive, Windows Scaling, Selective Acknowledgement, Fast Ramp AppCompress
• Gzip-based compression for HTTP traffic AppCache1
• Caching for static and dynamic application content
• HTTP GET and POST method support
• Policies defined based upon HTTP header and body values

Application security

DoS attack defense

• Continue service to legitimate users while protecting against attacks such as: SYN Flood, HTTP DoS, and Ping of Death
• ICMP and UDP rate control Surge protection and priority queuing1
• Adaptive rate control for TCP connections and HTTP requests
• Prioritized transaction dispatch for critical application requests Packet filtering
• Layer 3 and 4 Access Control Lists (ACL)
• Network Address Translation (NAT)
• Positive security via denial of nonconfigured services

Citrix Application Firewall1

• Positive security model protects against:Buffer Overflow, CGI-BIN Parameter Manipulation, Form/Hidden Field Manipulation, Forceful Browsing, Cookieor Session Poisoning, Broken ACLs,Cross-Site Scripting (XSS), Command Injection, SQL Injection, Error Triggering Sensitive Information Leak, Insecure Use of Cryptography, Server Misconfiguration, Back Doors and Debug Options, Rate-based Policy Enforcement, Well-known Platform Vulnerabilities, Zero-day Exploits, Cross Site Request Forgery (CSRF), credit card and other sensitive data leakage prevention
• XML security: XML Denial of Service (xDoS)
• XML SQL injection and cross site scripting, XML message validation, format checks, WS-I basic profile compliance, XML, xPath injection attachment check
• WSDL scan prevention
• Attachment checks
• URL transformation

Secure access

• Integrated Citrix Access Gateway Enterprise Edition SSL VPN
• Endpoint analysis
• Two-factor and client certificate authentication
• Client-side cache cleanup
• Security certifications
• Layer 7 content filtering
• AAA traffic management
• Active Directory, LDAP, RADIUS, TACACS +, OCSP

Network integration

• Static routes, monitored static routes, weighted static routes
• OSPF, RIP1/2, BGP1
• VLAN 802.1Q3
• Link Aggregation 802.3ad
• IPv6/ IPv4 gateway

High availability

• Active/Passive
• Active/Active
• VRRP
• ECMP
• Connection Mirroring

Simplified installation and management

User interface

• Graphical application visualizer
• Secure web-based GUI
• CLI, Telnet, SSH, Console
• Real-time performance dashboard
• LB, GSLB and EdgeSight for NetScaler configuration wizards
• Citrix® XenAppâ„¢ configuration wizards

Policy management

• AppExpert Visual Policy Builder
• Policy extensibility via HTTP service callouts
• AppExpert templates
• AppExpert Visualizers

Citrix Command Center1

• Centralized configuration and management of over 200 NetScaler appliances.

EdgeSight for NetScaler1

• Real-time and historical user experience monitoring
• Trending and reporting for web application performance service level management

Third party management support

• SNMPv1, SNMPv2 and SNMPv3: NetScaler MIB and MIB-II support
• Microsoft System Center Operations Management (SCOM) support
• Microsoft System Center Virtual Machine Manager (SCVMM) support
• XML/SOAP API for automated application driven configuration

Real-time consolidated logging

• Offloads logging from application server to central location

Native Web Interface

Integrated Web Interface Server for Citrix XenApp and XenDesktop

Supports JAVA environments with MPX and VPX platforms running NetScaler nCore OS

Authentication methods include: LDAP, RADIUS, NTLM, TACACS+, Client Certificate

Manage HTTPS requests via included SSL VPN

Wizards-based configuration through NetScaler GUI

Includes Smart Access, smooth roaming, STA server redundancy, and session reliability

Notes:

1. Available in NetScaler Enterprise and Platinum Editions only
2. Using 3DES algorithm. Up to 1,000 concurrent users using RC4 algorithm
3. Not supported on NetScaler VPX
4. Maximum system throughput for VPX running on XenServer is less than 3 Gbps