Licencing is boring. A necessary evil. Why can’t we just be more trusting? Regardless of how important licencing is, discussing it has long been the quickest way to clear a room. But things are changing. Well, they are for Citrix Networking at least.
In this current state of application delivery flux, the purchase of networking software, be it ADC, Gateway or Security is a conundrum. CIOs are trying to drive forward with the implementation of their ‘tomorrow,’ but today (and often even yesterday) have a habit of complicating matters. This manifests itself as a lengthy period of transition where tactical solutions are sought to address short-term challenges en route to Utopia 2.0.
The net result here is sprawl. Apps are being delivered from an on-premises DC in the traditional manner, in parallel apps are being consumed directly by Line of Business as SaaS and there is also the rapid adoption of PaaS and IaaS from the big boys up in the sky. Plus things are more transient. Organisations are increasingly using disposable ‘one-use’ IT. Spin it up, use it, throw it away. This then brings automation and orchestration into the conversation.
So where does Citrix Networking and licencing fit in with all of this you ask? It’s simple. Flexibility.
Citrix Networking is your Flexible Friend
Flexibility becomes paramount in this state of flux and sprawl. Organisations that have a cloud strategy (I mean a genuine cloud strategy that they intend on executing!) will be loath to make a 5 year capital investment on some new ADC hardware when they will be migrating to Azure within 2 years. Or will it be AWS? Will it be all of their services or just some? What about SaaS? What if they acquire a competitor? What if something totally leftfield comes along and changes their strategy altogether?
Flexible licencing that allows customers to navigate through the choppy waters of Digital Transformation becomes essential. And this is where Citrix Networking comes into its own.
Since its inception, Citrix NetScaler has taken a software first philosophy. Sure, we need a big lump of tin to provide the horsepower, but at its heart, it’s all about the software. This has enabled NetScaler to flourish across its many form-factors be it MPX (tin), VPX on-prem, VPX in Public Cloud, SDX (kind of virtual tin) and more recently CPX. This uniformity of software across the board has always been central to the Citrix Networking strategy, but now with the plethora of licencing options to overlay this, things really start to get interesting.
A lot has changed in the last 12-18 months around Citrix Networking (NetScaler) licencing and packaging so I wanted to share with you an overview of whats-what to help cut through the noise. There will be some refreshers too for anyone that needs them. So here goes….
Perpetual Licencing: NetScaler MPX
(Quick reminder — The MPX is a physical appliance running a single instance of a NetScaler)
This is the classic way of consuming NetScaler. Buy some hardware with a licence based on throughput. Select your software edition (Standard, Enterprise or Platinum) to unlock the necessary features you need and buy some support (typically 3 or 5 years). Pay for all of this up-front and you’re done for the duration of your support agreement.
What if you run out of bandwidth or need to deal with seasonal traffic spikes in the interim? That’s where Pay As You Grow (PAYG) and Burst Packs come into the mix. These can be purchased as add-ons without the need for procuring new hardware. PAYG gives you a permanent upgrade to a higher level of capacity inside your MPX (by unlocking unused CPU Cores). Burst Packs provide you with a temporary hike in bandwidth to cover things like a retail spike during Black Friday. These options provide peace of mind that a purchasing decision made 2 years ago doesn’t handcuff you if your needs change.
Perpetual Licencing: NetScaler VPX
(Quick reminder – The VPX is a virtual appliance that runs on the ‘usual’ hypervisors and also in Azure and AWS. Remember, it’s the same software as the MPX but in a virtual form)
As with the MPX, the VPX is licenced perpetually based on throughput. The VPX scales from a modest VPX 10 (Mbps) all the way up to a gargantuan VPX 100GB! As with the MPX, you simply choose the VPX size, the edition and add support. The key difference with VPX over the physical MPX is the obvious fact there is no hardware appliance permanently tied to the software. As you know, hardware depreciates and eventually transitions to End of Life, which renders it out of support. Without this constraint, a VPX can remain evergreen so long as support is maintained.
There are also SKU’s to upgrade a VPX. For example if you realise a VPX 200 is just not big enough after a year, you can move up to a VPX 1000 without having to procure a brand new VPX licence from scratch.
VPX Licence Portability – Even in the Cloud
VPX licences can be used with on-premises virtual deployments on infrastructure such as VMware and Hyper-V, but they can also be used in our Public Cloud based deployments in Azure, AWS (and coming soon to Google Cloud Platform). We call this BYOL (Bring Your Own Licence). This means if you do migrate any existing workloads into the cloud you can move your ‘on-prem’ VPX licence with it.
While we are talking about Azure and AWS, it’s also worth noting that it is possible to provision NetScaler natively from the respective Marketplace’s and simply pay on a consumption basis without the need for a separate licence file. However, check the economics here as it’s not always the most cost-effective way of consuming NetScaler.
Check in Check out
If frequent VPX portability is your thing, you might be interested to look at a NetScaler MAS feature called Check In-Check Out (CICO) licencing. This was introduced in MAS 12.0 and allows you to use MAS as a license server for your VPX estate. You simply upload and associate your existing VPX licences with MAS and then you can centrally distribute them to the various NetScaler instances in your environment. This is great if you regularly recycle your VPX instances for things like test and staging environments. It removes the need to manage licences on a per-NetScaler basis providing you with a centralised dashboard to control the allocation. CICO can be driven through the MAS GUI, CLI or even the NITRO API to unlock some pretty cool automation use-cases.
VPX Express is our free version of NetScaler that allows end users to play with and test NetScaler functionality with no commitment or cost.
Starting from NetScaler 12.0 build 56.20, you can download and spin up a VPX and it will work out of the box (with no licence!) for up to 20Mbps with the Standard Edition feature set (minus the Gateway functionality). This is a great way to assess the suitability of NetScaler in your own environment without having to mess around with trial licences. Furthermore, you can also browse directly to the respective marketplace’s in Azure and AWS and provision a VPX Express there and then. Again, no licence files needed. It (should) go without saying that you cannot log support tickets against VPX Express. Therefore, please do not use one in a production environment. You have been warned!
NetScaler CPX and CPX Express
(Quick reminder – The CPX is a container-based NetScaler that can be provisioned on a Docker host).
For those of a DevOps persuasion, NetScaler CPX is an interesting proposition. Built from the same code base as the NetScaler ADC, CPX provides the NetScaler web and application load balancing, acceleration, security and offload feature set in a simple, easy-to-install container. Enterprises, cloud and eBiz service providers can deploy CPX in Docker containers managed by popular container management systems such as Kubernetes.
CPX is available perpetually and comes in one edition. A single CPX instance provides throughput of up to 1 Gbps. As with VPX, there is a free edition – CPX Express! It supports up to 20 Mbps and 250 SSL connections. CPX Express supports most of the CPX feature set, with the exception of TCP optimisation and L7 DDoS.
Perpetual Licencing: NetScaler SDX
(Quick reminder – The SDX is a physical appliance running XenServer providing the ability to run multiple individual NetScaler instances for true multi-tenancy).
As with the MPX and VPX, the SDX appliance can be licenced perpetually. Buy the hardware and add support. However, there are some distinct differences which need to be called out.
The SDX comes with a number of bundled ‘instances’. These instances are essentially individual NetScaler virtual appliances (note how I don’t call then VPX’s). For example, the SDX14030 comes with 10 bundled instances meaning you can provision 10 independent virtual NetScaler appliances on the hardware. Each SDX also has a maximum number of supported instances (25 for the SDX14030). Therefore, you can buy instance packs to top up in the event you need more. On some older SDX appliances, there are disk constraints and thus additional SSD’s are included in some upgrade SKU’s.
Another key thing to note is the fact the SDX only has one edition which is Platinum. Therefore, when you buy an SDX you get all of the Platinum features available including the likes of Web App Firewall and IP Reputation to use across all of the virtual NetScaler instances.
It is also possible to run instances of NetScaler Secure Web Gateway (SWG) and SD-WAN on an SDX appliance, but these are licenced separately. I plan to write a few more licensing-related blog posts in the near future, so will cover these in due course.
A final note on the SDX… One question I get asked a lot (and I mean, A LOT) is “Can I convert a stand-alone VPX licence I already own into an SDX virtual NetScaler instance?” The simple answer here is, no. SDX instances are separate from VPX instances from a licencing perspective (even though the underlying software is the same).
Moving into a Subscription world with Pooled Capacity
I mentioned flexibility at the start of this post. As you have already seen, Citrix Networking licencing offers this in abundance. However, we have recently cranked it up to 11! One of the most interesting licencing innovations at the moment is Pooled Capacity. Put simply, Pooled Capacity allows you to subscribe (annually) to a pool of bandwidth and a number of instances. This can then be distributed (from MAS) across any NetScaler form-factor, be it MPX, VPX on-prem, VPX in the cloud, SDX or CPX.
This is extremely powerful and unlocks a whole host of use cases. I’ll give you some examples…
Use Case 1 — Organisation slowly migrating services to multiple cloud providers
Company A has an on-prem DC and is migrating some services into Azure and AWS over a period of 3 years. In this case, they can allocate a portion of their pooled capacity to an on-prem NetScaler, and a portion to their Azure and AWS based VPX’s. As the services are migrated over time, the NetScaler footprint can be reduced on-prem and expanded in the cloud dynamically as required – with no additional NetScaler purchase.
Use Case 2 — Global organisation that is subject to daily utilisation trends
Company B is a global organisation hosting services in multiple geographic locations. The utilisation of these services peaks at different times depending on business hours in a particular region. Rather than having to statically size all NetScaler instances for the peak use in each region, it Is possible to dynamically allocate and de-allocate bandwidth to each of the instances as and when required. This can also be driven via the NITRO API to enable true automated ‘follow-the-sun’ capacity as needed.
Use Case 3 — Managed service provider of Networking infrastructure
An MSP who looks after networking infrastructure for multiple enterprises can procure a pool of capacity and then distribute this accordingly to their customers as required. Onboarding new customers becomes simple without the need to procure and provision new licences. Scaling up (or down) capacity becomes effortless. Coupled with the fact the capacity can be used across all NetScaler form factors means each customer can consume NetScaler how they wish.
The current entry point for a pooled subscription is 20Gbps of bandwidth and 20 instances. If a customer already owns NetScaler appliances perpetually, there are options to convert them to pooled (depending on the appliance model). It is not possible to mix NetScaler editions within the same pool. For more information on pooled capacity, get in touch with your local Citrix Sales team!
In terms of future licencing changes, Citrix made an interesting announcement at Citrix Synergy back in May. Later this year, we plan to start offering a subscription-based option for virtual appliances based on a pool of vCPU cores. Historically, NetScaler has always been sold based on bandwidth. However, it’s clear that this is no longer always the most pertinent way to size a platform. vCPU based licencing is a path some of our competitors have taken in the context of cloud and its something we also felt we should be offering to our customers.
This licencing model allows you to distribute the vCPU’s across multiple VPX and CPX instances depending on sizing requirements. I don’t have the full details of this yet but look out for announcements and pricing later this year. Its further proof that Citrix are evolving in the way we make our products available to our customers in this increasingly Cloud focused world.
I appreciate there is a lot of info to take in here! In an attempt to summarise things, check out the below table…
So, as you can see Licencing within the Citrix Networking portfolio is far from boring! The options and flexibility available make investing in NetScaler a safe bet in the face of spiralling complexity and fluid business requirements. Citrix Networking really does give you a Licence to thrill that will leave you both Shaken and Stirred!
Stay tuned for future licence related blogs on our SD-WAN, Gateway Service, SWG and MAS offerings!
Citrix TechBytes – Created by Citrix Experts, made for Citrix Technologists! Learn from passionate Citrix Experts and gain technical insights into the latest Citrix Technologies.
Want specific TechBytes? Let us know! firstname.lastname@example.org