NetScaler 10.1 – the major NetScaler release enabling Mobile, Cloud, Multi-tenancy and Visibility as the core was released this week with great momentum. Several download and queries in just few days shows the interest which is driven by the huge number of features delivered in this release. In total there are over 200 net new features which are driving the momentum across all the customers we have. There is something new and exciting for everyone whether they belong to Enterprise, Telco, Internet, ISP, Cloud, Financial or any other segment. We ensured to add value to all core modules we have while adding net new modules for this release.
It is difficult to bring out all the value or even touch upon all core features we have added, in a single write-up. In this blog we aim to touch upon areas which will be of interest to most of our customers. Then we follow this up with specific blogs on those individual features.
Let us begin with the core stuff on the plate…
Simpler Multi-tenancy with Traffic Domain
NetScaler has been the leader in Multi-tenancy initiative from many years with our SDX platform. While SDX provides you the best possible multi-tenant solution with absolute isolation, it works at the ADC layer. Traffic Domain enables simple multi-tenancy within a single ADC where the focus is to separate out routing and allow IP reuse. Traffic Domains enable our customers to create logical separation within a NetScaler appliance where multiple tenants co-exist without having any visibility of each other. Traffic Domains have the visibility to Layer 7 features and modules thus most of the Application requirements can be met within a domain.
Mobile and Mobility
Mobile is the way business is done today and we realized this fact couple year back and worked on some of the building blocks in our last release with support of TCP Westwood algorithm for mobile use cases. With 10.1 we have added support for Multipath TCP and SPDY which makes us the preferred choice for any kind of Mobile acceleration. Other aspect of Mobility is where we have enabled deep integration of NetScaler with Citrix XenMobile solution. We have added simplified configuration wizard to enable quick deployment of NetScaler in XenMobile use cases.
Better connectivity and experience with Multipath TCP
Think of Mobile and TCP and you suddenly start wondering how TCP will keep up with Mobile devices changing networks so frequently. TCP failure causes bad end user experience of the service and causes major latency. Also Mobile devices can have multiple paths to connect to resources today and there is no good way to utilize the paths efficiently. This is where Multipath TCP focuses on and brings in the best of multiple paths to the end user while reducing latency and bad end user experience.
Faster delivery of content with SPDY
SPDY is a new protocol introduced for lightweight HTTP processing. It is aimed to reduce the bandwidth utilization and making the communication faster on internet. Most browsers support SPDY today but Servers and Apps in the Datacenter runs on HTTP only thus we require a Gateway device which can transform the messages. NetScaler SPDY proxy ensures that NetScaler can talk to clients and servers in HTTP as well as SPDY and also transform messages. Most of the Mobile browsers will support SPDY and NetScaler can ensure that when it transmits the HTTP responses from App servers, it is sending it in SPDY format which is lightweight and faster in processing.
We have all understood that visibility is key in this big data world and the ways to get end to end visibility is limited in datacenters today. NetScaler 10.1 release has support of NetScaler Insight Center which is our visibility front-end for various use cases. We have focused on 2 key factors for now.
Insight into HTTP/S with Web Insight
Web Insight is the core component which delivers end-to-end insight into what is going through the critical applications in your datacenter. It relates the runtime information on Web layer with client and server information as well and gives you complete visibility.
Insight into ICA with HDX Insight
ICA is the native protocol for XenApp/XenDesktop environments and it is proprietary such that there is no generic visibility solution available. Many times in the virtual infrastructure clients complain of slowness which could be really attributed because of the underlying network. While NetScaler becomes the front-end for XenApp/XenDesktop deployments, we have all the ICA sessions passing through. Here by opening up the ICA protocol and relating the underneath network elements we are able to add huge value to such deployments.
IPv6 transitioning with NAT64/DNS64
IPv6 usage has really picked up across all customers and businesses. There is real need for transitioning solution which can let IPv6 clients connect to IPv4 resources on the fly. NAT64 combined with DNS64 delivers the value where the transitioning happens seamlessly and is of great use. NetScaler would be one of the few ADCs having this integrated solution in the same box.
Application layer control with AppQoE
AppQoE is a traffic shaping feature that allocates resources based on configured priority and protects actual physical resources by enforcing admission control at Application/vserver level. This layer is intelligent enough to set page level priority in Application and also maintain same order of priority across all connections. Provides dynamic response generation ability and also handles DoS situation against the App. The DoS module can also use captcha for interaction based challenge response.
Enterprise ready Clustering
The Cluster infrastructure is improved in 10.1 release to meet most of the enterprise customer requirements. Net new features added to this infrastructure are:
- Spotted VIP Support
- Load Balancing
- SSL Acceleration
- Content Switching
- Cache Redirection
- Content Switching Action
- DB location commands
- ISIS routing for IPv6 and IPv6
- Bandwidth based Spillover
- Rate Limiting
- Action Analytics
- IP-IP Tunneling
- Cloud Bridge (BR) LB
These were some of the biggies in the release and now let us get to other functional and usability enhancements. Going to be a long list 🙂
Traffic Management Enhancements:
- Policy based Spillover
- LB session limit increased to 1M
- Stats to show # services up/down
- Per second rate counters in Stats
- DNSSEC Offload to Cavium
- User defined Cookie name
- Radius Accounting Monitor
- TLSv1.1 and 1.2 support in SSL
- NPN TLS extension for SPDY
- Renaming CS policy and policylabels
- Restrict Root CA’s DN sent by NetScaler
- Control for sending Close-Notify at vserver
- Loading and linking certificate bundles
- SNIP as source IP for AppFlow exporter
- Exporting X-Forwarded-For header field
- Exporting multiple Set-cookie header in AppFlow
- System queues at Application/vserver layer
Traffic management module is core to the whole system and gets lot of focused enhancements. Policy based spillover could be a very useful feature for all type of Cloud deployments. Increased LB session limit gives much better scale at vserver layer. Stats enhancements are key from runtime visibility perspective. Other key enhancements increases the usefulness of the product overall.
- DB Profiles
- Kerberos for SQL
- Caching for Stored Procedures
- MSSQL Transparent mode deployment
We continue to add more value to the DataStream module which is still key differentiator for us. Kerberos support allows DataStream to be tightly integrated in any kind of Microsoft MSSQL deployment.
- LDAP referral chasing
- Authentication Profiles
- SAML 2-factor authentication
- Passphrase less authentication
- Authentication failure feedback
- Group extraction from 3rd Auth server
NetScaler has very strong AAA module and we are adding further value with core features here.
- HDX Insight
- Built-in StoreFront Monitor
- WIonNS Branding changes
- XA/XD Farm settings in WIonNS
The game changer enhancement for XenApp/XenDesktop world is the visibility provided by HDX Insight which we briefly covered in the beginning. StoreFront is now the default mode of deployment and having built-in monitor is great because it is doing monitoring at 3 states ensuring the service is up and also serving the correct content.
- CS Action
- Action Groups
- IPv6 Callout
- HTTPS Callout
- Caching for Callout
- TCP level Expressions
- Additional Hashing functions
- Advance Diameter Expressions
- Body expression for Callout
- Token LB and rule based persistence
- Real-time bandwidth and Smooth RTT
- Additional expressions as parameters
- Several new AppExpert functions
- Import/Export of Symmetric Crypto Keys
AppExpert layer is critical to any NetScaler deployment because the advance policies and expressions are used by all core modules. Any enhancement on this layer provides the benefits to all the associated modules. Callouts in particular have been very useful and this release adds further value by enabling callouts to work with IPv6 and https natively. Huge number of new expressions added to Diameter and TCP protocols which will help with all kind of Telco and other deployments.
Application Firewall Enhancements:
- Automatic Signature Updates
- IBM AppScan integration
- WhiteHat Integration
- TrendMicro Integration
On Security front as well the AppFw module comes with bunch of exciting enhancements. The external integration with AppScan, WhiteHat and TrendMicro is important from deployment perspective. Automatic signature updates simplifies the life for administrators. AppFw can also be used in Spotted VIP mode in Cluster which would address all kind of scalability requirements for AppFw deployments.
- TFTP Support
- Multiple Link Local IPv6 SNIPs
- IPv6 Router Advertisement
- IPv6 Stateless connection mirroring
Networking infrastructure bucket has several useful enhancements beyond the major ones like Traffic Domains and NAT64 based transitioning. Stateless NAT46 is also very useful in the IPv4 to IPv6 world which can be simply defined using INATs. Rest of the IPv6 enhancements bring us closer to the IPv6 conformance requirements.
- Clear stats
- SSL Policy Manager
- Licensing simplification
- First Time User wizard
- Breadcrumbs based navigation
- Advance search / filter options
- Simplification of navigation Tree
- Configuration Summary for FIPS
- GSLB LDNS Entries on overview page
- View Cache Objects on overview page
- Multiple Endpoints in AppTemplate
- Persistency Groups in AppTemplate
- Unlicensed feature handling for AppTemplate
- Fetching all vserver for a Service though API
With NetScaler 10.1 the manageability of the system is improved both functionally and from usability point of view. Clearing the statistics is very important to several deployments which make the automation and monitoring easy. The UI has most of the components in HTML form which makes it easier to load and simpler to process at client side. Left hand tree navigation is simplified and grouped logically making it easier to navigate through. Many of the enhancements geared towards AppTemplates are going to enable better and simpler Application focused deployments for Enterprises.
- SDX Tools
- Rome on SDX
- SNMP Support
- VLAN Whitelisting
- VLAN on NS Instance
- VLAN for Management Network
- Cluster for VPX instances on SDX
- Link aggregation support
- Configurable MAC per interface
- SVM logs are now well formatted for parsing
- Alarm notification through Syslog, SMS/Email
SDX platform is much in demand for all kind of service provider, Cloud and even Enterprise deployments. We have done several enhancements to the platform itself to ensure that it can be used in any network and manageability of the whole platform is simplified.
ByteMobile focused Enhancements:
- NS Sync VLAN
- Tunable L2 Conn
- Symmetric RSS in nCore
- Retaining client VLAN
- MaxFlip Route monitor
- Vserver state update based on health threshold
NetScaler gets deployed with Citrix ByteMobile solution in Telco environments thus this list of features are focused on closer and better integration in between NetScaler and ByteMobile.
As always there is much more than one can expect out of a single release. This list is still not complete as there are many more features which we can talk about but this is a lot for this single blog 🙂
Stay tuned and we will be writing frequent detailed blogs on 10.1 features….