NetScaler was the first  to provide support for true multi-tenant environments.  I am not talking about some rudimentary approach employing Role Based Administration (RBA). Rather full scale total isolation of up to forty independent power packed instances running on SDX appliances. To this date no alternative vendor has this capability with complete separation of compute, memory, hardware-backed SSL and I/O with no limits on simultaneous module use. But the thought did occur to me that not every one of you needs a Tesla S with the performance option when a good old Volt will do the job. The same applies to Application Delivery Controllers (ADCs). So who should rev it up with SDX and when do you tone it down with NetScaler with traffic domains ?

The table below shows how SDX is still the king of complete multi-tenant capable ADCs. Enterprise IT organizations of all kinds typically require the strong isolation provided by SDX. Specifically, the version and high availability independence is required to support the different lifecycle needs of different application groups. Also they value the strong resource isolation, especially if they want to place different instances in different security zones. While some of these operations may opt to start with traffic domains (and this may suffice for the near term) every NetScaler MPX appliance with traffic domains can be converted into a SDX model on site when needed; and probably take much less time than charging an electric vehicle with a 240V/40A outlet. Still, even though traffic domains are not for everyone they do have their place.

Service Providers with SP management

In this deployment option NetScaler traffic domains with their simpler configuration procedures can make the most sense. The capability to segment and isolate network traffic with duplicate IP support enables the service provider to spin up virtual IPs for each tenant. All the while not having to worry about whether one tenant’s private IP space will conflict with another. Generally the lack of RBA and configuration isolation with traffic domains isn’t an issue, since the service provider itself is managing the service. In most cases the service is exposed via the provider’s portal. The provider will use the NetScaler Nitro API to automate VIP creation, and then expose algorithm selection and service creation via its portal.

Service Providers with “commodity” environments

Traffic domains can be a viable solution for service providers that need to deliver commoditized, “Layer 4 load balancing-as-a-service”. These plans are typically known as a “VIP per tenant” model and in this situation the service provider also provides management support. Customers are typically of smaller size and do not need their own instance.

Service Providers with app level support or tenant-managed networks

For those service providers providing high value-add offerings or allowing customers to manage the network, I suggest you stick with SDX. These NetScaler appliances enable end-customers to leverage the high-value Layer 7 capabilities of NetScaler and will give each tenant their own dedicated instance. The strong isolation prevents “noisy neighbor” overruns. Version and HA independence is key to meeting service-level expectations around change management. Most of these customers, typically of larger size, also place high value in having their own dedicated instance as well.

SDX and Traffic Domains not mutually exclusive

Many service providers and some enterprise operations will actually need both. NetScaler SDX instances (or VPX virtual appliances) provide dedicated instances to high value/large customers. Simultaneously, NetScaler traffic domains (either on MPX or within an SDX instance) provide a commodity, L4 load-balancing-as-a-service offering. Service providers benefit by making the most efficient use of their available networking infrastructure while providing completely private per-tenant networks. End customers are happy as they can determine their own private IP address spaces in both cases.

So there you go, deploy both. And while you’re at it buy a Tesla for the long drives in the country AND a Volt for daily commutes. And double your $7,500 federal tax credit! No, I do not moonlight as a new car salesmen.