I’ve been thinking about writing this blog from past couple weeks, but NetScaler 10.5 kept us busy with the uptake we saw as the GA build was released. The NetScaler Product Group brings out a major release every year and there is always lots of excitement around the major releases. This release has excited as well wowed our customers and partners with its new capabilities and ease of use.

Mobility is playing a critical role in business today and every enterprise is looking at enabling their users with services available across mobile devices. Mobility increases user’s effectiveness, but at the same time can add network overhead as the user is not at a single location or connected all the time. Thus mobile users can experience slowness and connectivity issues which might not be acceptable for the business.

NetScaler 10.5 introduces MobileStream technology, which helps improve the end user experience in terms of availability, performance, optimized delivery and security. It also helps the IT organization consolidate mobile usage through single end point in the network. Citrix is a thought and product leader in mobile workstyles and NetScaler MobileStream improves the experience multiple times. To learn more about NetScaler MobileStream, please refer to my prior blog posts about mobile app performance and security 

Needless to say, it is yet another release with over 200 features across various modules. Every single module has significant changes and enhancements which will help you further in your deployment use cases. There is something exciting for everyone, as you’ll see in this quick overview of the major modules:



NetScaler 10.5 will end the era of Java in NetScaler User Interface and the transformation to HTML5 is a mind blowing experience. Thousands of pages and views have been converted from Java to HTML, which improved the performance factor by at least 2X to 5X for over WAN use cases. Load time for most of the views came down by over 50% as HTML is so light and all advance browsers handle it efficiently. There are bunch of other functional and usability improvements as well which makes the UI much more fun to work with. For the automation lovers, there is also good news as there are bunch of new APIs and the NITRO interface can now handle file based operations as well as interact with the ZebOS engine. We have also included the NITRO SDK package for Python, as demand for Python based automation is growing significantly.


Traffic Management

The traffic management module is core to the system and it brings out multiple enhancements which will help the global customer base. For core protocols there is better parsing and policy support with ability to Rewrite, invoke Responder and even Content Switch. Our DNS module is also enhanced to support different type of records caching in DNS caching infra which improves overall processing and response time in proxy mode deployment. There are bunch of enhancements to the SSL module as well, including SSL profiles which are on the lines of TCP and HTTP profiles making it much simpler to reuse the settings. Content Switching module is also enhanced on the infrastructure side to accept multiple ports or * port on a vserver, thus reducing the need to configure individual vserver for every port. Here is a quick list of core features in this area:

  • Service groups scalability to 8K
  • CNAME record caching
  • DNS NAPTR record support
  • GSLB Static Proximity Sync
  • Diameter Rewrite
  • Diameter Responder
  • Diameter Content Switch
  • Diameter Rate Limiting
  • ECC Cipher Support
  • Common Name Check
  • SSL Profiles
  • SSL Cert Chaining
  • Multi-port Content Switch
  • DNS_TCP Content Switch

Authentication (AAA-TM)

Authentication is becoming a mainstream use case for every enterprise and as NetScaler sits at the edge connecting end users to the infrastructure it makes all the sense to offload authentication requirements at this point. There are multiple enhancements done at the infrastructure and feature level enabling better SSO use cases and increasing native Kerberos performance multi-fold. NetScaler can now act as SAML Identity Provider, while as of release 10.1 we were only acting as Service Provider. Other usability enhancements like configuring AAA servers with FQDN and maintaining session stickiness make it easier to embed the solution in existing networks. Here is a quick list of core features in this area:

  • SAML IDP Support
  • Distinguish commands
  • AAA session stickiness
  • External Auth with FQDN
  • Customizing error strings
  • Client Certificate Pass-through
  • Forms Based SSO – Relative URLs
  • Support for Web Authentication
  • Force Timer / OWA session timeout
  • Kerberos Performance Enhancements
  • Strong Encryption Support in KCD/Kerberos



Networking is critical infrastructure of the system and there are many exciting features here which increase the usefulness of Traffic Domains and broader networking layer. Features like LLDP support help with overall network structuring and physical topology mapping. Jumbo Frame support would enable several use cases of large file transfer over the network and we could even act as a gateway in between Jumbo and non-jumbo environment. Link Redundancy is critical for network planning and ensuring there are redundant links to NetScaler to mitigate the failure risk. We have also upgraded the ZebOS stack for dynamic routing which brings in several functional and usability features for all DR protocols like OSPF, BGP and IS-IS. Here is a quick list of core features in this area.

  • LLDP Support
  • Jumbo Frames
  • Link Redundancy
  • IPv6 Fwd Session
  • Dynamic Routing ZebOS Upgrade
  • API Access to Dynamic Routing
  • SNMP Alarm for Port Alloc Failure
  • Traffic Domain Rate Limiting
  • Traffic Domain Inter Domain Binding
  • Traffic Domain VMAC Based Support



DataStream has been a unique feature which truly increases the Database performance and reliability by having NetScaler ADC frontend them. There are many enhancements done for both MYSQL and MSSQL database LB. The ability to handle special queries for MSSQL will ensure that backend connections are reutilized effectively. End to end NTLM based authentication is important where Kerberos is not available in the mix. MYSQL can now be deployed in transparent mode adding auditing and visibility benefits. Here is a quick list of core features in this area:

  • END to END NTLM Support
  • MSSQL Special Query Handling
  • Transparent Deployment Mode-MYSQL
  • Database-Specific-LB for MYSQL
  • HA Group Deployment Support for MSSQL


Front End Optimization

Optimization historically was focused on optimizing and reducing load from backend servers, thus features like compression and caching were mostly used. With the current trend of mobility where every device is unique in every single property and most of the web page processing is pushed to the client browser, it is important that optimization techniques focus on front end as well. This module is totally integrated in our core Traffic Management engine, thus if you are using NetScaler for HTTP/S processing through any module then FEO can add amazing values to it. The overall improvement for web page delivery to client end could range between 20% to 50% based on which optimization techniques are used. This is a must try feature for all the Web enthusiasts. Here is a quick list of core optimization features in this module:

  • Domain Sharding
  • JavaScript
  • Inline
  • Minify
  • Move to the end
  • Cascading Style Sheets
    • Inline
    • Minify
    • Combine
    • Image Inline
    • Move to the head
    • Convert Imports to link
  • Image
    • Inline
    • Lazy Load
    • GIF to PNG
    • JPG Optimize
    • Shrink to attributes


    System and Protocols

    System and core protocol processing layer also have multiple enhancements on the list. We have added 2 new TCP congestion control protocols BIC and CUBIC which help with long distance data delivery and ensuring that bandwidth is utilized to its best as available. Our SPDY module is also enhanced to include the next-gen SPDYv3 protocol which improves the effectiveness of SPDY on client side transaction. The policy variables bring out many use cases where you had to save some context for future processing and you can now do all such use cases on regular traffic flow through NetScaler.


    SDX Platform

    SDX as a platform has added many enhancements on core manageability, usability and functionality track. SDX has become the platform which can be integrated into any enterprise use case with all kind of AAA features and manageability enhancements like console access and CLI access to the system. Through the SVM layer you can now take multiple actions on group of NetScaler instances within same SDX providing better control and group level control.

    • Console Access
    • VM state change
    • Jumbo Frames Support
    • Management Service Stats
    • SSL Cert/Key Management
    • FTU Setup wizard for SVM
    • NetScaler config audit
    • SVM Password Mgmt
    • Entity Monitoring
    • CallHome Support
    • Fault Management
    • SVM CLI Access
    • SVM File management
    • Palo Alto VM Support
    • AAA (External) Support


    NetScaler Gateway

    NetScaler Gateway is the core component of NetScaler platform which is used for all remote access needs across Citrix products and technologies. Gateway is responsible for delivering the remote access experience to end users, providing security for the communication channel. This component is part of the solution we offer with Citrix XenApp, XenDesktop, XenMobile and Sharefile. To know more details on 10.5 Gateway features, please refer to this blog post.



    NetScaler Insight Center

    NIC has proven to be a product with wide acceptance in our customer bases, thanks to the given visibility values it brings to the table. We have carefully looked through key customer asks and developed those functional and manageability features which can help NIC become part of every single deployment. There are features added on both Web and HDX Insight modules and some of the platform level enhancements like ability to configure threshold and then trigger alarms based on that will be of great use. Visibility certainly has become a key use case today and thus we will continue to spend time on developing this product with more features. Some of the key features:

    • External Auth
    • GeoMap Support
    • TCP Retransmits
    • TCP Zero Window
    • Adaptive Threshold
    • Session level Corelation
    • Customizable Table/Graph
    • Cache Redirection Insight


    Cluster Infrastructure

    With every release we improve our cluster infrastructure and reduce the parity with non-cluster or the nCore feature set. With 10.5 we have reduced the gap much further and have also added new features to improve the core cluster infrastructure. Now you can run the cluster without having the limitation of n/2 + 1 nodes UP all the time. Similarly, many other useful infrastructure layer features are included too. Here is a quick list of additional features supported:

    • VRRP
    • MPTCP
    • L2 mode
    • Net Profile
    • Link Redundancy
    • Traffic Domains
    • AGEE spotted VIP
    • Link Load Balancing
    • Failover Interface Set
    • Relaxing majority requirement


    This is just the list for you to have an overview of how the new release looks like. In all reality, there are many more exciting features and you would be well served to read through our online documentation to get all the value. You can get started with this article from our support site. You can also look forward to more blog posts from me on the NetScaler 10.5 release, discussing these features in more depth.

    Happy Reading!!