“Citrix” and “Networking”, the terms which go hand in hand today are because of the fact that Citrix owns great Networking portfolio with the core Application delivery and WAN optimization products like NetScaler and Branch Repeater. These are huge product lines to cover in single blog thus we will focus on NetScaler aspect for now.
The NetScaler product line set very high bar in terms of performance for Application Delivery over 10 years back when we designed our architecture to be the best in terms of performance and scalability working closely with Intel chip architecture. We were the ones who helped scale the internet in those low bandwidth and high latency networks. In year 2008 we redefined performance benchmarks with our nCore architecture and ability to run multiple packet engines together on single system. With every software release and platform introduction we have gained in terms of overall performance and today we have some of the best numbers ranging from handling over 20 million SYN per second to processing 220K SSL transactions per second. While industry was changing the SSL certificate and key standards from 1K to 2K key size in early 2011, NetScaler was the first device to bring in unparalleled SSL processing capabilities for the 2K key and certificate size. Anytime you think of a performance requirement for today’s Application and Internet deployments, NetScaler is the answer.
Application visibility is huge value add to what NetScaler provides in terms of core feature sets. Every deployment today requires better understanding of Application and without having insight into Application characteristics it is impossible to provide end to end solution. We were the first in this game as well to bring in the notion of Application centric deployments with introduction of AppExpert Application Templates. The Application Templates let you define your application infrastructure on NetScaler with the core insight into how a particular Application behaves and processes traffic. We have provided several ready to use templates for popular applications which can be downloaded from the community site. The AppExpert layer provides excellent set of features like Rewrite, Responder, Rate Limiting and tools like HTTP Callout, Patset, Stringmaps which can go deep into the Application payload and perform various actions. These features and tools let you define your own policies to look into the request/response stream right from layer 2 to layer 7. As an end user you have great ability to control your application behavior and how it is processed through NetScaler.
Security has always been the key focus area for us and anything we add to NetScaler product line always goes through the security review channel. While sitting on edge networks and Internet we cannot afford to be insecure as there are consistent attacks and malicious patterns seen on such deployments. Most of the time customers use inherent security features on NetScaler every moment but they are not aware of what NetScaler is doing in terms of protecting and securing their network and applications. NetScaler provides security from layer 2 to layer 7 of the stack starting with protection against various kinds of DoS and DDoS attacks. NetScaler provides best protection against the TCP SYN flood attack to start with and goes all the way to layer 7 HTTP DDoS attack protection. We have many features which are focused to provide security to the infrastructure and application like RBAC, ACL, Access Gateway, AAA, AAA-TM, SSL, AppFw, Responder, Rate Limiting and AppFw. In the core application context we have the best performance oriented implementation of Web Application Firewall feature which protects against all known and unknown application layer attacks. It provides huge value by marrying the positive and negative security aspects and bringing up layered security approach. Our WAF implementation takes care of all HTTP and XML vulnerabilities and payloads. Thus at any point in time your application and network deployment is secured by NetScaler by effectively using the core features.
There are several posts and other form of information available on these topics for NetScaler, some of the useful blogs are:
Application Security with Templates – /blogs/2011/07/09/secure-your-appexpert-teamplates-using-application-firewall/
Application Visibility and Deployment – /blogs/2011/07/01/dynamic-deployment-using-application-templates/
Protecting Server Farms – /blogs/2010/06/12/protecting-servers-from-traffic-surges/
NetScaler WAF Installation – /blogs/2011/06/10/installing-netscaler-web-appfw-is-as-easy-as-1-2-3/
NetScaler WAF certification – /blogs/2011/08/31/netscaler-9-3-software-release-now-icsa-labs-certified-huh-what-it-means/
Security in Cloud – /blogs/2011/08/18/securing-the-cloud-with-netscaler-mpx-vpx-and-sdx/
Cenzic and AppFw Integration – /blogs/2011/08/10/whats-the-best-way-to-show-cenzic-vulnerability-tool-output-to-netscaler-appfw-rules/
Be sure to attend this session at Synergy, Barcelona to get deep insight into this valuable and super exciting topic 🙂 See you soon!