Many organizations are building private cloud platforms as a way to increase the agility of IT infrastructure and to increase the efficiency of operations to support their business critical applications. Over the past few years we have seen an increasing move towards deploying OpenStack, which is an open source cloud management platform, in production environments.

As organizations use OpenStack to automate the deployment of servers, storage and networking, they are also looking to automate the provisioning of L4 – L7 services. To do this, they need their networking equipment vendors to provide integration of their devices with OpenStack in a way that addresses deployment challenges involved in offering infrastructure-as-a-service. These challenges include scalability, elasticity, performance and flexibility/control over resource allocation.

To enable the automated deployment of application delivery services with OpenStack, Citrix has built NetScaler Control Center as a way to integrate with the LBaaS service in OpenStack. The Citrix LBaaS solution enables IT organizations to guarantee performance and availability service level assurances (SLAs) as well as provide redundancy and seamless elasticity while rapidly deploying line of business applications in OpenSack.

The Challenge with Resource Deployment

OpenStack has come a long way in simplifying the provisioning of computer, storage and networking resources as part of an application deployment workflow. Neutron, which is the networking project for OpenStack, automates the creation and management of L2/L3 networks, as well as the associated L4/L7 network services such as firewalling, load balancing and VPN services. While Neutron has made rapid advancements in enabling a self-service consumption model for networking, there are still operational gaps that need to be addressed for successfully deploying business critical workloads. Some of these gaps include providing for service-aware resource allocation, resource elasticity on demand, monitoring and visibility, fault tolerance and high availability. It is important that cloud providers have complete control over policies that control these operational characteristics, even in fully automated environments.

The Citrix NetScaler Solution for OpenStack

Citrix’s OpenStack LBaas solution has been designed to be a production-grade system for running business-critical applications at scale. It has been built to address the operational concerns around running infrastructure-as-a-service, without the need for relinquishing flexibility and control. Citrix’s solution is based on a purpose-built orchestration product called NetScaler Control Center. NCC simplifies the operational complexity involved in deploying LBaaS in OpenStack by providing a number of functions necessary for value added ADC services. This solution makes it easy for cloud providers to offer any NetScaler ADC or security function as a cloud service.

Key Benefits of NetScaler Control Center

NetScaler’s advanced ADC services coupled with NCC’s automation capabilities provides a number of benefits for OpenStack LBaaS deployments. These include:

  • Full investment protection through the ability to leverage the current NetScaler installed base (across all NetScaler appliance types) for powering LBaaS in an OpenStack cloud.
  • Automated provisioning of both physical and virtual NetScaler instances reduces time to deploy new NetScaler ADC services from hours/days to minutes. NetScaler virtual appliances can be spun up as Nova instances, further simplifying operational complexity of deploying new NetScaler instances.
  • A flexible isolation model allows administrators to provide differentiated SLAs to cloud tenants ranging from fully dedicated NetScaler instances per tenant to dedicated Admin partitions for high-density multi-tenancy.
  • Resource hard-walling support for each isolation model guarantees performance and reliability and eliminates noisy neighbor problems due to shared resources thereby enhancing the user experience.
  • Administrators can reserve CPU, memory, throughput and SSL capacity for dedicated NetScaler instances and throughput, memory and connections for dedicated Admin Partitions which guarantee resources for each tenant.
  • Advanced placement algorithms provide full control over the placement ADC functions in a distributed deployment that potentially spans across multiple availability-zones, data centers and regions ensuring service availability.
  • NCC simplifies management by providing a single pane of glass for centralized visibility and monitoring, as well as for ease of trouble-shooting and granular per-tenant metrics for reporting and charge back.

Key Features of NetScaler Control Center

Capacity pooling across all NetScaler infrastructure – Pooling of infrastructure is the first step in offering infrastructure as a service and forms the underpinning of the economic advantages of the cloud model. NCC is designed to efficiently pool and manage capacity across all NetScaler appliances including physical (MPX), virtual (VPX) and multi-tenant (SDX) form factors. With no platform restrictions and compatibility with multiple NetScaler firmware versions, NCC based orchestration provides full investment protection to customers with existing NetScaler installed base.

End-to-end automation across all NetScaler appliances – NCC is designed to enable a true “as-a-service” model where the complexity of provisioning and deploying ADC functions on a large pool of NetSCaler appliances is completely hidden from both the cloud provider as well as the cloud tenant. NCC’s automation capabilities include:

  • Auto-instantiation of new VPX appliances as Nova instances as well as SDX instances on-demand, without any manual intervention.
  • Automation of license allocation on newly launched VPX instances.
  • Policy-based resource allocation to “right-size” the auto-installed instances (both VPX as well as SDX instances.)
  • Auto provisioning of admin partitions on MPX, SDX and VPX appliances.
  • Data Plane Service Insertion – Native intelligence of Neutron and the ability to dynamically attach both VPX and SDX instances to Neutron networks.

Service Level Assurance: Cloud providers need to guarantee performance and availability SLAs to different cloud tenants. NCC provides granular control over ADC resource allocation policies, giving the provider flexibility in creating differentiated SLAs for cloud tenants based on their application needs.

A simple and intuitive workflow to construct “service packages” for different tenant tiers simplifies the SLA creation process. Service packages can be defined with the following parameters and are customizable per tenant:

  • Appliance type – The target appliance on which a logical NetScaler instance for the tenant is created.
  • Isolation type – Option to choose between fully dedicated instances, shared instances or an individual Admin Partition for each tenant.
  • Resource hard walling – The amount of CPU, memory and SSL capacity to be allocated for each tenant’s dedicated instance.
  • Software version – The specific version of NetScaler firmware for each tenant’s dedicated instance – allows for version and upgrade independence between tenants.
  • HA pair vs single instance – Choice of specifying a single NetScaler instance or an HA pair for each tenant (guarantees availability SLAs for tenants.)

Integration with OpenStack KeyStone for a single-sign-on authentication: NCC integrates natively with Keystone, OpenStack’s authentication service and can retrieve tenant related information directly from KeyStone. This simplifies tenant-specific Polity management and eliminates the overhead and potential security concerns involve with explicitly registering OpenStack tenant credentials with NCC.

Flexible placement algorithms: Cloud providers need to have control over the placement of new ADC policies in a fully automated environment consisting of a potentially large fleet of NetScalers. NCC offers a rich set of options for placement algorithms including the following:

  • Simple round robin
  • Utilization metrics (VIP count, average CPU, SSL, memory, throughput utilization)
  • Affinity – Option to create separate device groups to indicate physical affinity to an availability zone, pod, data center or region.
  • External input – Plug-in mechanism for placement algorithm to be evaluated by provider’s placement algorithm and fed into NCC as input.

Centralized Visibility and Reporting: NCC provides a single pane of glass for deep visibility into the operations of the NetScaler ADC services running in the OpenStack environment. Information regarding status, statistics and health across a rich set of metrics aids in centralized visibility, and monitoring, as well as ease of trouble-shooting. Granular per-tenant usage metrics are made available for reporting and charge back.

High Availability: The NetScaler OpenStack LBaaS solution guarantees redundancy through fully automated deployment of NetScaler HA pairs on both virtual as well as physical appliances. Moreover, NCC itself is available as a fully redundant active-standby HA pair with full state synchronization and fault tolerance.

VPX on Nova: The NetScaler virtual appliance has been optimized for running as a Nova instance, and new VPX instances can be launched on-demand by simply invoking Nova APIs through automation suites such as OpenStack Heat templates. The virtual appliance supports options for auto-bootstrapping the instance, including support for the OpenStack config drive to get bootstrap information.

For More Information:

NetScaler Control Center is available for beta testing now. Please contact your local account team for more information regarding beta enrolment.

For more information on NetScaler Control Center see, “Deliver Production Grade OpenStack LBaaS with Citrix NetScaler”.

For more information on the NetScaler product line please visit, NetScaler Product Page.