Archive

Posts Tagged ‘SDX’

#Citrix and Palo Alto Networks Team to Deliver Consolidated, Multi-tenant Network Security and #ADC Services on #NetScaler SDX

February 4, 2014 Leave a comment

This is really interesting!!

With the myriad of features that we launched in PAN-OS 6.0, you may have missed a new deployment option for Palo Alto Networks VM-Series in your data center. In addition to the support of VM-Series for VMware environments, you can now deploy the VM-Series on the Citrix NetScaler SDX platform. We launched this with Citrix officially today.

Virtualized and cloud environments require the secure and efficient delivery of the right applications to the right users using any device and from any location. To do this, you need an infrastructure that supports all aspects of application delivery (security, availability, performance and visibility) and embraces the key characteristics of cloud:

  • Multi-tenancy – the ability to support differing needs of new application owners, business units or service provider customers
  • Agility – the services must have the ability to be provisioned and de-provisioned on demand, with support for automation and orchestration
  • Scalability – the services must have the ability to flexibly scale up, scale out capacity to meet the needs of the business

Citrix NetScaler SDX is an open, multi-services platform that addresses these requirements. The NetScaler SDX platform consolidates NetScaler application delivery controller (ADC), and best-in-class network and security services required for application delivery. Now, with the introduction of VM-Series on Citrix NetScaler, you’ll be able to provide dedicated instances of security and ADC for per application load balancing with dedicated firewalling. You now also have a complete, integrated security and availability solution for Citrix XenApp XenDesktop deployments – from secure remote access, high-availability…

Continue reading here!

//Richard

#Citrix #NetScaler #SDX Installation Overview Video

This is a pretty good “quick” video of the SDX installation! Have a look at it, and remember not to use 1Gbps interfaces only if you want to run more than 7 VPX’s on the SDX! Then go for 10Gbps interfaces or many channels/interfaces of 1Gbps to not hit the SR-IOV limit of 7/1Gbps interface! 😉

Description
12:45 screen capture with PPT overview on IP Addressing, and walking through install, IP Change for SDX’s SVM and XS IPs, licenses, and then the install of a NetScaler instance with NSIP and SNIP. This is intended to be a quick overview before you set out on a first SDX install, and is in compliment with the SDX Quick Install Guide.

See the video here!

//Richard

How does #Citrix #NetScaler SDX isolate its instances?

Ok, I received this question the other day and this article is really spot on! Get a cup of coffee and enjoy! 😉

And remember this: YOU CAN ONLY HAVE 7 INSTANCES/1Gbps NIC!!!! So if you intend to host more than 7 VPX’s on your SDX then ensure that you plan your network design if you use 1Gbps otherwise go for the 10Gbps ports and SPFS.

NetScaler SDX Appliance with SR-IOV and Intel-VTd

This article contains information about the Single Root I/O Virtualization (SR-IOV) and Intel Virtualization Technology for Directed I/O (Intel-VTd) technology and how NetScaler appliance uses this technology to achieve fully isolated high performance NetScaler instances.

NetScaler SDX Appliance with SR-IOV and Intel-VTd

Server Virtualization presents both a tremendous opportunity and a major challenge for Enterprise Data Centers and Cloud Computing infrastructure. Current Hypervisors already facilitate the consolidation of many servers that are not utilized efficiently to a smaller number of physical servers delivering better space utilization, lower power consumption, and reduced overhead costs.

Virtualization architectures are built on a virtualization layer called a Virtual Machine Monitor or Domain 0 that becomes the primary interface between a virtual machine and the physical hardware. Even though virtualization allows multiple virtual machines to share the same hardware, it also creates additional overhead and can lower server performance as it becomes the bottleneck between a virtual machine and input/output (I/O) hardware as the number of virtual machines increase.

The NetScaler SDX appliance breaks through these performance bottlenecks by leveraging next generation of I/O virtualization technology called SR-IOV as defined by the PCI-Special Interest Group (SIG). SR-IOV enabled Intel chips along with Intel VT-d enable the NetScaler SDX appliance to significantly reduce virtualized network processing overheads, and provide more secure and predictable mechanisms for sharing I/O device among multiple virtual machines.

Intel Implementation of Single Root I/O Virtualization

Intel has worked with the PCI-SIG to define the SR-IOV specification. As shown in the following image, SR-IOV provides dedicated I/O to virtual machines bypassing the software virtual switch in the Virtual Machine Manager (VMM) completely, and Intel Ethernet Controllers improve data isolation among virtual machines. Another feature of SR-IOV is a feature called Virtual Functions. These are Lightweight PCIe functions that allow a single physical port to look like multiple ports. Therefore, multiple virtual machines can now have direct assignment on the same port. This increases the scalability of the number of virtual machines on the machine through more efficient I/O device sharing.

Intel VT-d Technology

Intel VT-d is a hardware enhancement for I/O virtualization that is implemented as part of core logic chipset. Intel VT-d defines an architecture for DMA remapping that improves system reliability, enhances security and…

Continue reading here!

//Richard

Why only Platinum version of NetScaler SDX VPX Package? – #NetScaler #SDX #Citrix

December 4, 2012 Leave a comment

Why does Citrix only sell Platinum versions in bundles of 5 for the SDX platform? Wouldn’t it be great to be able to purchase for instance Enterprise or Standard for the VPX’s you want to setup for capabilities provided by the Enterprise version of NetScaler?

NetScaler_SDX_Platinum_Only

 

I’d like to buy that instead… what about you guys? Or does this model exist?

Citrix NetScaler DataSheet

//Richard

#NetScaler #SDX design and best practise

November 7, 2012 Leave a comment

Ok, I understand that this is something that I’ve touched upon before as well and received some comments on (NetScaler MPX vs. SDX dilemma). But I’ll still continue the reasoning behind why I think that the NetScaler SDX architecture is great, and that is needs to be offered on all the different platforms/appliance types/sizes!

To kick off the reasoning I recommend that you read this post; #NetScaler #AAA on NS 10.00 Build 70.7 = watch out!. When you’ve read both previous posts I hope that you see where I’m now going with all of this…

Just have a look at this picture where I’m trying to illustrate two design options for how you could build your NetScaler service for a tenant;

And if you then keep in mind about the AAA bug that caused the whole NetScaler engine to crash, what happens in the top scenario if this VPX had been affected? Think about if that NetScaler hosted network connectivity to you public cloud services with workloads, all SSL VPN users connected to the enterprise, all ICA/HDX proxy users into XenApp/XenDesktop, and also provided AAA features to the enterprise web apps used by customers and partners etc.? Wow, that would actually mean that one single 401 basic authentication could have taken down EVERYTHING!

But; if you would have separated your capabilities/features into separate VPX’s then you wouldn’t have had that issue. The “only” thing that would have happened if you ran into an issue that caused the NetScaler to crash then it would only affect that VPX (AAA VPX in the scenario above).

So my personal view is that it’s great that Citrix provides all the features on one appliance/instance. But it also adds quality and test efforts on Citrix to ensure that they perform testing of ALL features and functions before releasing a new build. And that may affect the lead-time to get fixes and new builds released and quality may also be impacted… and that’s what I’m afraid of is happening. So a little word of advice; separate workloads/features when you can and when you don’t want this big of a risk, and prey that Citrix soon delivers the SDX architecture on all appliances! And they would of course perhaps not just sell the larger boxes like they force us into today even if the bandwidth capabilities of that box isn’t required. But they would instead sell more VPX’ on top of the HW, that’s at least what I think.

Comments?

Cheers!

//Richard

NetScaler SDX – value add, #CitrixSynergy #NetScaler

October 16, 2012 Leave a comment

Sitting here listening to the SDX model and its capabilities etc. And I must agree that the concept is great in terms of isolation, flexibility, density and other added values that the platform provides…

But I still see the need for the same SDX model on the smaller appliances where you may need the capabilities of feature isolation etc but where you don’t need the performance/throughput etc. of the larger appliances where the SDX model starts.

If you look at the NetScaler data sheet I can’t understand why you don’t get the SDX model option on for instance the 8200 box and why not down to the 5500?

More on my thoughts on this from my previous blog can be found here.

//Richard

Please contribute – What do we expect from Citrix? – Citrix community enhancement list

October 8, 2012 5 comments

Ok, there are a lot of things that I think we all expect Citrix to deliver now in Barcelona when Synergy soon kicks off! But so far I’ve not seen someone that has been combining a community list yet…

And the most important part I feel is that I get more and more information from companies out there that have enhancement requests and issues that they have a hard time expressing and getting into Citrix. The larger enterprises can of course through their channels get more information and also make their voice heard, but the SMB’s have a hard time to do so!

So this is my attempt to start a dialogue with all of U out there on what we expect to see from Citrix in the future! I think it would be interesting to see if the items I’m waiting for a change on is aligned with the rest of the community!

So why don’t we all contribute to a list that we all can share and prioritise over time? I can for a start moderate this list if you comment or send me items that you think should be on the list and then I’ll try to make sure that people within Citrix get the items and I’ll try to follow up! Of course we need help from the CTP’s (just to be clear; I’m not a CTP so don’t get me wrong here) and others as well to put pressure and assist in the governance of this activity.

So this is my first list of items that I think that we can build upon… It’s a first draft and far from the total number of items are there so bear with me! 😉

Please comment below to have your item(s) added to the list and let’s make a change!

ID Product/Area Enhancement request/Issue Status
1 Licensing Ensure that all products supports the license server (NetScaler etc.) Not fullfilled
2 Monitoring & Reporting Ensure that you can get historical concurrent user reports that spans across ALL products (NetScaler/AG, XenApp, XenDesktop etc.) Not fullfilled
3 Monitoring & Reporting Ensure that Citrix provides an end-2-end monitoring and reporting service for the whole Citrix stack. This to ensure that delivery organizations can deliver reports like “Service Availability in %” over time that includes all service components (NetScaler AGEE VIP, StoreFront/WI, PVS/MSC, XenServer, XenApp/VDA, Profile Server, etc. If Citrix isn’t going to do this; then please point on a product that does the job. Not fullfilled
4 Monitoring & Reporting Provide a monitoring solution to ensure health and best practise configurations of all products involved in a traditional “XenDesktop” stacked service. Not fullfilled
5 Cross-product Improve your testing!! There have been to many issues with updates to products in the “Citrix stack” that has caused issues in others, like update to XenServer that caused PVS issues, or updates to a specific NetScaler feature that caused others to fail. Not fullfilled
6 Cross-product Create an central update service for all products that can inform the admin about updates not applied or if components aren’t in synch in terms of SW versions etc. Not fullfilled
7 Cross-product Ensure that the end-user look & feel are the same across the products used in the stack (NetScaler AGEE login page, Web Interface/StoreFront, Receiver etc..). This should not require admins to do and should be a design principle. Not fullfilled
8 Cross-product Come on, simplify the administration of the products in the stack = reduce the number of consoles! Not fullfilled
9 AppController Multi-domain support Not fullfilled
10 AppController Support for multiple setups that can synch the DB. This to ensure that you can have an HA pair setup for instance in Europé and one in the North Americas and have the end-user be logged in against both and have their subscriptions etc follow them (as well as of course reporting, monitoring etc. etc.) Not fullfilled
11 AppController Support for really large AD domains with LARGE # of AD users and AD groups Not fullfilled
12 AppController Support for AD domain structure where the BASE DN is different to where AD users and the AD security groups you want to use for roles Not fullfilled
13 EdgeSight Ensure that EdgeSight or equivalent end-user monitoring and reporting is integrated and that works on both XenApp and XenDesktop VDA’s and that doesn’t increase the IOPS with rediciolous numbers… Not fullfilled
14 NetScaler Create SDX platform to run on all MPX appliances, for more info why see; NetScaler MPX vs. SDX dilemma; https://richardegenas.com/2012/10/03/netscaler-mpx-vs-sdx-dilemma/ Not fullfilled
15 NetScaler Provide out of the box integration with the Single Sign-On product (former CPM) so that Account Self-Service can be made directly from AGEE VIP login page. Not fullfilled
16 NetScaler Add support for AG session policies so that ICA proxy can be turned on for specific published apps and desktops and not per session. This for situations where you might have one app or desktop that sits behind an AGEE and others don’t. Not fullfilled
17 NetScaler The NetScaler/Access Gateway HTML/GUI pages used shall be able to be customized per AGEE/AAA Virtual Server. Today they are global pages so that specific modifications/customizations cannot be made and you have to buy an additional NetScaler unless major customizations are done and then life-cycle management becomes an issue. Not fullfilled
18 NetScaler Change so that you can specify different Authentication policies and requirements mapped to Session policies instead of to a Virtual Server, AAA group etc. This could then provide a way so that you could offer ICA proxy mode with single auth and two-factor if you launch/select to open an SSL VPN tunnel Not fullfilled
19 NetScaler It would be good if you on the Receiver could select what authentication you want to perform upon login and not just at setup of the Account. That would mean that you could pass that info the the NS VS and then in AGEE handle that to the authentcaiton policies and session policies. Then a user that has forgotten a hardtoken could still get access but only in ICA proxy mode and have all virtual channels disabled without having to have multiple accounts in the Receiver and admin doesn’t need multiple NS AGEE VS. Not fullfilled
20 Merchandising Server Ensure that it supports larger AD environments and multi-domain support Not fullfilled
21 Merchandising Server Create a central DB for config etc or ensure that MS is migrated into SF asap. Not fullfilled
22 Provisioning Services Improved/simplified support/update functionality for when you use KMS licensing Not fullfilled
23 Provisioning Services Create REAL update msp or msi files for updates, you can’t require admins to go in and replace DLL-files etc in 2012 Not fullfilled
24 Provisioning Services Implement replication of vDisk files (diff-files) etc so that it’s automated within the PVS solution so that you don’t have to rely on DFS-R etc. Not fullfilled
25 ShareFile Ensure that encryption on local devices are available for all device types and OS’s (iOS, Android, Windows Phone, Win XP/7/8, Linux, OS X) Not fullfilled
26 ShareFile Design the product so that you could leverage public storage providers for your storage but encrypt it using your own PKI service and proxy traffic to it through the Storage Center server(s) without having to invest in in-house storage solutions and reduce CAPEX. Not fullfilled
27 ShareFile Design the solution so that you can configure the plygin/Receiver functionality when it comes to StoreFront on groups/roles instead of just for the whole account. Not fullfilled
28 Storefront Support for multiple setups that can synch the DB. This to ensure that you can have an HA pair setup for instance in Europé and one in the North Americas and have the end-user be logged in against both and have their subscriptions etc follow them (as well as of course reporting, monitoring etc. etc.) Not fullfilled
29 Storefront Simplify configuration and branding of the StoreFront for Web sites like most other providers have and they had in Web Interface Not fullfilled
30 Storefront Add all features that where available in Web Interface Not fullfilled
31 StoreFront Design the product to allow the user to select whether he/she can group apps and desktops into folders or tabs in StoreFront for Web Not fullfilled
32 Receiver Ensure that email-enrollment to StoreFront stores can somehow support multidomain support (like if you have multiple users having the same email-address; name@company.com can be linked to different AD domains Not fullfilled
33 Receiver Corporate branding for the Receiver, logo, text etc. Not fullfilled
34 Receiver Ensure that all Receivers have the same look & feel and functionality. Like the secondary and primary password field names should be the same on a Mac and a Windows client, as well as other features. Not fullfilled
35 Receiver Add so that Receiver passes DOMAINNAME to NetScaler/AG VS so that it can be used to determine which AD domain to authenticate with. In todays version you have to either make one VS per domain or cascade through multiple domains on the same VS. And cascading is available as a workaround but triggers failed logins against AD and is not that nice and security/AD teams are not that happy… Not fullfilled
36 XenDesktop Support for Linux VDA’s (Ubuntu for example) Not fullfilled
37 XenApp Support for Linux Terminal Servers (Ubuntu for example) Not fullfilled

I’ll post an excel-spreadsheet as well for download soon, and then let’s see if there is an interest or not! 😉

Cheers!

//Richard

%d bloggers like this: