Post to Twitter
New NetScaler Technology Speeds Applications that Push Data to Users, Achieving Greater Real-time Interactivity with Fewer Servers Required
This groundbreaking new capability was specifically designed to address the demands that today's interactive Web 2.0 applications are placing on server infrastructures. While Web 2.0 applications are ushering in a new era of enhanced functionality and responsiveness for end users, they are highly inefficient when it comes to server computing resources. In order to create a rich interactive experience, Web 2.0 applications need to maintain a one-to-one user connection to backend servers for extended periods, which severely taxes datacenter resources and adversely impacts performance and scalability. NetScaler is the first application delivery controller to streamline this process by "pushing" data directly to thousands of users concurrently, offloading web servers from this burdensome task. As a result, server costs for delivering Web 2.0 applications can be reduced by five to ten times.
Rich Web Experience at a Fraction of the Cost
These new capabilities allow NetScaler to free up backend servers from inefficient connection management tasks, thus shrinking the number of servers needed. This reduced server footprint in the datacenter improves server utilization and allows a smaller set of servers to accomplish the same business tasks, cutting server costs by up to 90 percent by decreasing power, cooling and operational overhead.
Its powerful - AppExpert!
SharePoint Template
AppExpert Templates are nothing new for NetScaler. However, with a new release of NetScaler comes an updated, new and improved NetScaler AppExpert Template for use with Microsoft SharePoint applications.
AppExpert Templates are a simple approach to configuration management for complex enterprise applications. In one simple view, you can view what is most important to you in terms of application delivery. No more confusing and complex rules to define, reducing the time to deploy, easing management and improving the bottom line.
Improvements to the template include additional optimizations for Image Management, Scripts, SOAP and FrontPage. Caching and Compression policies have been optimized, along with the addition of a section for rewrite. There is a redirect policy for converting HTTP to HTTPS on the fly, to enable secure traffic to/from the Microsoft SharePoint applications.
All of these improvements can be found in the new Microsoft SharePoint template, and a description of the template can be found in the updated SharePoint Deployment Guide.
Download the updated Microsoft SharePoint AppExpert Template here (NS v9.0 b66 required).
Download the updated Microsoft SharePoint Deployment Guide here.
Its Powerful - AppExpert!
Load Balancing Auto-Configuration for SAP using Workflow Studio and NetScaler
At the tail end of our certification process at SAP, Citrix engaged in a unique opportunity to make use of the SAP APIs, using Workflow Studio to auto-configure the Citrix NetScaler for Load Balancing. The way it works is, Workflow Studio polls the SAP API, reads the response, and then based on the results in the response, configures the NetScaler Load Balancing groups that map directly to the SAP servers running in the server farm.
SAP has a community group dedicated to the development of their APIs, please reference the latest blog post Catching Up with Deployment and Operations Automation, describes the SAP APIs.
The SAP Community Definition Group (CDG) - titled "PCDG 97 NetWeaver Infrastructure APIs for Network Solutions" - is focused on automation of network-application integrated configuration and operation. As the group title implies, the SAP NetWeaver technology platform includes APIs, which are used by the NetScaler ADCs (load balancers) to auto-configure themselves as proxies for multi-instance SAP application systems. Using Citrix Workflow Studio, the SAP APIs are polled on a regular basis so that the NetScaler ADCs can react to SAP application instance changes during production runtime.
If another application instance is brought up, let's say for providing more computing capacity for an increasing end-user load, or if an instance is brought down temporarily for maintenance, Workflow Studio communicates with the NetScaler ADC to adjust load balancing automatically without any manual administrator intervention. There is no more wait, or lengthy change management required to provision applications.
Workflow Studio, NetScaler and SAP API Use Cases:
Use Case 1: (auto-configure new SAP services).
Workflow Studio sends a URL request to the SAP Message Server, and receives a response. Workflow Studio parse's the response, looking for specific SAP generated patterns. WFS then uses this information to configure a Load Balancing Virtual Server inside of the Citrix NetScaler.
Use Case 2: (dynamic configuration).
Workflow Studio repeatedly queries the SAP API. WFS studio can determine hostnames, ip addresses, port numbers, and whether an SAP server is coming online or going down. When a SAP server comes online/goes down - WFS detects this change, and then takes action on the Citrix NetScaler, to add/remove the SAP service from the Load Balancing group - automatically.
Use Case 3: (graceful shutdown).
Workflow Studio queries the SAP API, determines a SAP server is going down, and based on the response, waits until all existing sessions have been retired, before removing the server from the Load Balancing group . During the shutdown period, no new sessions are added to that SAP server, providing a graceful shutdown of the SAP service. This way, there are no TCP resets sent to existing sessions. New logins are routed to a different server.
Read the SAP article here.
Tap into the power of AppExpert!
Canonical Hostnames
The Citrix NetScaler can be placed in front of a webserver farm that is running Apache. The same re-write rules that run on Apache, can be implemented on the Citrix NetScaler.
The goal of the following rule is to force the use of a particular hostname, in preference to other hostnames which may be used to reach the same site. For example, if you wish to force the use of www.example.com instead of example.com, you might use a variant of the following rules.
Example : changing example.com to www.example.com
Apache rewrite:
RewriteCond %{HTTP_HOST} !^www.example.com
RewriteCond %{HTTP_HOST} !^$
RewriteCond %{SERVER_PORT} !^80$
RewriteRule ^/(.*) http://www.example.com:%{SERVER_PORT}/$1 [L,R]
RewriteCond %{HTTP_HOST} !^www.example.com
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/(.*) http://www.example.com/$1 [L,R]
AppExpert rewrite:
add responder action act1 redirect '"http://www.example.com:"+CLIENT.TCP.DSTPORT+HTTP.REQ.URL' -bypassSafetyCheck yes add responder policy pol1 '!HTTP.REQ.HOSTNAME.CONTAINS("www.example.com")&&!HTTP.REQ.HOSTNAME.EQ("")&&!HTTP.REQ.HOSTNAME.PORT.EQ(80)&&HTTP.REQ.HOSTNAME.CONTAINS("example.com")' act1 bind responder global pol1 100 END
add responder action act1 redirect '"http://www.example.com"+HTTP.REQ.URL' -bypassSafetyCheck yes add responder policy pol1 '!HTTP.REQ.HOSTNAME.CONTAINS("www.example.com")&&!HTTP.REQ.HOSTNAME.EQ("")&&HTTP.REQ.HOSTNAME.PORT.EQ(80)&&HTTP.REQ.HOSTNAME.CONTAINS("example.com")' act1 bind responder global pol1 100 END
Tap into the power of AppExpert!
Canonical URLs
The Citrix NetScaler can be placed in front of a webserver farm that is running Apache. The same re-write rules that run on Apache, can be implemented on the Citrix NetScaler. On some Apache web servers there is more than one URL for a resource. Usually there are canonical URLs (which should be used and distributed as a best practive) and those which are just shortcuts, internal ones, etc. Independent of which URL was supplied with the request, the user should only see the canonical one URL in the response.
Example : converting URL /~user to /u/user.
Apache rewrite:
RewriteRule ^/~([^/]+)/?(.*) /u/$1/$2[R]
AppExpert rewrite:
Add responder action act1 redirect '"/u/"+HTTP.REQ.URL.AFTER_STR("/~")' -bypassSafetyCheck yes Add responder policy pol1 'HTTP.REQ.URL.STARTSWITH("/~") && HTTP.REQ.URL.LENGTH.GT(2)' act1 Bind responder global pol1 100
Tap into the power of AppExpert!
SAP certifies NetScaler v9.0 and Branch Repeater/WANScaler v4.5 solution
On 3/31/2009, SAP certified Citrix NetScaler v9.0 and Citrix Branch Repeater/WANScaler v4.5 as an integral solution to improve the delivery of the SAP applications. For SAP Portal, the Citrix NetScaler & Branch Repeater/WANScaler solution improved response time to clients. For downloads and backend operations from SAP Composite and ERP servers, response time was also improved.
SAP customers have hundreds of branch offices with a mixture of small and large offices, and a global distribution. It is important to have a solution which optimizes, simplifies and accelerates the delivery of the SAP applications. During certification testing it was proven that the NetScaler and Branch Repeater/WANScaler products improve performance of SAP applications through acceleration, provide security through HTTPS connections, and provide reliability & high availability through load balancing.
Read more about NetScaler here.
Read more about Branch Repeater/WANScaler here.
Tap into the power of AppExpert!
Rate Based Policy Enforcement:
New in NetScaler 9.0 are Rate-Based policies which can be used to control, limit and throttle traffic to various servers. Rate Based Policies use the advanced expression syntax found in the Policy Infrastructure (PI) format of the NetScaler, which is also new for 9.0.
You can monitor the rate of traffic that flows through virtual servers or other User defined entities that are associated with different virtual servers, including URLs, domains, and combinations of URLs and domains.
You can control Citrix NetScaler behavior based on the traffic rate, including throttling the traffic flow if it is too high, caching information based on the traffic rate, and redirecting traffic to a new load balancing virtual server based on the traffic rate. You can apply rate-based monitoring to HTTP and DNS requests. You configure traffic rate limit identifiers to monitor the rate of traffic. These identifiers can include filters, known as rate limit selectors, to restrict monitoring (for example, based on IP addresses or subnets). You specify traffic rate limit identifiers in rules for advanced policies in any feature where these identifiers may be useful, including Rewrite, Responder, DNS, and Integrated Caching.
Rate-based monitors can be based on the number of HTTP or DNS requests, number of packets, transactions or amount of bandwidth being used. This is useful for preventing overloads on a network, preventing security attacks, and diverting traffic once it reaches a certain watermark.
More on Rate-Based Policy Enforcement can be found in the NetScaler Traffic Management Guide.
Tap into the power of AppExpert!
The Reporting tool of Citrix NetScaler provides built-in reports that display statistics collected by the nscollect utility. You can also create and customize reports. The reports use charts to display the statistics. You can modify the charts and add new charts. You can also modify the operation of the nscollect utility and stop or start its operation.
You can import log data from a different NetScaler, or from a previous time period on the same NetScaler, across different software releases.
Read more about Reporting in the NetScaler Administration Guide.
Compression
TCP Connections
SSL Offload
Bandwidth
CPU & Memory
Tap into the power of AppExpert!
Cost Savings, Green Benefits and Improved Server Management.
Citrix Systems, Inc. (NASDAQ: CTXS), the global leader in application delivery, recently announced that leading enterprise resource planning (ERP) manufacturer SAP AG will be virtualizing an estimated 500 servers with Citrix® XenServer™ by the middle of 2009. SAP has also deployed Citrix® XenApp™ application virtualization technology to deliver applications to both SAP employees and external partners. In addition, SAP expects to receive the benefits that a combined XenServer and XenApp solution provides - such as streaming standardized workload images and superior management functionality - which the company anticipates will generate a 35 percent savings in terminal server costs.
SAP was looking to consolidate its server infrastructure and also wanted to create a much more flexible and dynamic computing architecture. Following an extensive test of XenServer, the company decided to move forward with a multi-stage roll-out of the server virtualization solution onto 500 servers, initially in the company's Saint Leon Rot, Germany office. In the next phase of the project, the servers that power the worldwide training centers will be virtualized, followed by the project management division with several hundred development, test, and support environments. After the server virtualization project in Germany is complete, the roll-out will continue at the end of 2009 to SAP's offices in Asia and the United States.
SAP has also deployed Citrix XenApp application virtualization technology to deliver more than 40 applications, including Microsoft Office and the SAP Business Suite software, to its entire user base. In total, there are more than 50,000 end users who access the XenApp infrastructure to work on tasks such as product development and support.
Its powerful AppExpert!
Entity Templates
An entity template simplifies configuration by providing a set of configured defaults for a policy, service, action, or other configuration entity. After you create an entity template, it can be reused with specific instances of entities of the same type. For example, an entity template created for Load Balancing, can be used to create the same load balancing configuration on the same load balancer, or can be used on a different NetScaler or NetScalers to create the same load balancing configuration.
Entity Templates are most helpful when you have built your configuration for an entity such as load balancing and want to duplicate it across the organization's load balancers without having to re-type all of the configuration commands. In fact, the entity template manager, will allow you to prompt for certain configuration parameters to be input by the user, such as IP Address and port number, at the time of import, which might be specific to a certain locality.
Application Templates
The NetScaler includes the ability to create and manage application templates that provide the administrator a way to configure the NetScaler to handle application-specific traffic without directly configuring NetScaler entities. An application template is a reusable bundle of application's configuration information and can be exported after creation for use on other NetScalers. Also, these templates can be created once and then re-used across multiple NetScalers.
Application vs. Entity Templates
Entity Templates simplify configuration by providing a set of configured default for a specific configuration entity, such as load balancing, rewrite or content switching.
Application Templates simplify configuration by providing configuration details for all entities for an Application, such as Sharepoint, SAP, Oracle, or other web based applications. Application Templates are more comprehensive and contain configuration details for caching, compression, load balancing, ssl offload, rewrite, filtering, responder and application firewall. For one application you might have several policies in each of these categories that are saved into an Application Template.
Both Entity and Application Templates can be exported and imported for ease of use across different NetScalers. All of the configuration policies, including all expressions, pattern sets and policy labels are exported with the Entity or Application Template - once you define your policies, you don't have to define them again.
Watch how easy this is:
Tap into the power of AppExpert!
EasyCall Conferencing
One of the larger expenditures for enterprises is the cost of voice communications, specifically conference calling. Most enterprises use an outside vendor to host the conference calling capabilities for global communications between internal employees and external participants. You can completely do away with that cost with EasyCall Conferencing. Here is how it works...
EasyCall Conferencing, which is a feature of EasyCall, allows EasyCall users to quickly set up ad-hoc conferences by sending participants an EasyCall Conferencing URL. Participants join a conference call simply by clicking a URL instead of having to dial a conference phone number and complex access codes. The calls are hosted on the EasyCall Gateway, providing toll-free access at much lower cost than commercial audio conference services.
To enable external users to join EasyCall Conferences, join requests must be proxied to the EasyCall Gateway from the internet as the EasyCall Gateway is always installed inside the corporate firewall. This is similar to many web applications that require protected external access, and the HTTPS proxy is simple to configure on the Citrix Netscaler to provide the necessary SSL Offloading and Content Filtering.
The Citrix NetScaler System provides continuous service availability through application-level protection by blocking attacks and delivery of the EasyCall application securely. The Citrix NetScaler Content filtering prevents unwanted requests from reaching the EasyCall Gateway.
The EasyCall Conferencing configuration template for the NetScaler policies is provided free of charge right here on our community website. Just import it, and your NetScaler is setup for EasyCall Conferencing.
Together, the EasyCall Gateway and NetScaler provides a low-cost, non-recurring charge, to host global conference calls with your own equipment, making it easy for participants to join just by clicking a URL ... no cryptic meeting codes or passwords.
Download the EasyCall Conferencing / NetScaler Deployment Guide Guide.
Download the EasyCall Conferencing - NetScaler AppExpert Configuration Template.
Watch how easy this is:
How it will look in your network:
Download the EasyCall Virtual Appliance here.
Get the NetScaler here.
Tap into the power of AppExpert!
Now that a new year has begun, it is time to think about change. What did you do well in 2008, that you would repeat in 2009? What will you do differently?
Forecasting bad economic news for 2009 is old, and we all know it is going to be a tough year. I can think of several people I know personally that have already been affected. Among the predictions and forecasts from analysts is that IT spending will slow down. 2009 will be a tough year, and with spending on hold, if I was an IT infrastructure guy or a service provider, with all of the virtualization technology available, I would take more than a few minutes to rethink my strategy.
2009 Forecasts that cloud computing and virtualization will grow. It is not just a prediction that I believe in because I work for a virtualization company, I believe in it because I am an operations guy at heart and this virtualization stuff is real.
One of the things I am going to continue to do in 2009, is make use of XenServer and its tangentially related products. At Citrix, I spend a lot of time with my head buried in a lab working on several projects at a time. At any given time I may need to bring up Windows servers and clients, *nix Servers, install a partners product into a server, or install some enterprise application for testing. All of these I did in 2008 without spending any money on hardware. I had an existing Dell 2950 III that I use for XenServer. I can bring up, bring down any number of hosts at any time, for any purpose, without having to fill a rack with hardware that sucks the power grid dry, and depreciates in value the second I order it.
Not only have I done a great job of saving money on capital expenditures in my lab, I have also saved a lot of energy and rack space. In addition, with faster time-to-deployment and more resources at hand, I have increased my productivity immensely.
I work with our internal Citrix IT and Training departments who both make use of Citrix Virtualization technology – this has proven to increase their productivity as well, while reducing cost.
Looking forward, I know I will be able to keep costs and spending down to almost nothing this year as I make continued use of Citrix Virtualization technology. As an operations guy at heart, nothing brings greater joy in slashing a budget and saving money going into 2009 while increasing productivity.
One of the most requested features from Service Providers and Enterprises is IP Address Management (IPAM). I can't tell you how many times I have listened to customers ask for a platform that manages IP Addresses effectively on a large scale, even to the point of managing disparate classes and subnets. What happens when two companies merge, do you munge spreadsheets or do you have this software yet? It's not only the software that is unique but that it runs as a XenServer VM in Para-Virtualized mode, meaning it is high-performance. Even better is these run in linux. 
Nixu Software specializes in software designed for DNS, DHCP and IP address management. To run Nixu Products in a virtual machine environment, simply download the ISO installation media from their website and boot up a new virtual machine. The installation media auto-installs the entire server stack.
Unlike traditional computing appliances that require specific hardware to run on, Nixu Products provide a quick and cost-efficient way to migrate and consolidate core network services such as DNS and DHCP to virtualized computing environments. By streamlining tedious network and system management routines, Nixu Products offer exceptional availability and ROI.
Here are some of the Highlights of using NIXU DNS and DHCP in a XenServer VM:
- Centralized IP Address Management
- Merge/Join IP Blocks
- Split IP Blocks
- Subnets in use – report
- Subnets free – report
- Addresses in use – report
- Addresses free – report
- Runs in XenServer as a VM, optimized for Para-Virtualization
- Supports pv-ops
- Supports IPv6
- Uses secure communication between secondary name servers, using keys
- Role based administration
- Assign subnets to administrative domains
- Supports BIND syntax
- For the BIND junkies
- Has a configuration checker
- Automated installation and maintenance reducing management overhead
- Centralized management of all nameservers
- Hardened design for security
WATCH this video tip:
Download the Nixu / XenServer Integration Guide.
Read about Nixu Software here.
Read about Citrix XenServer 5.0 here.
Download Citrix XenServer 5.0 here.
Tap into the power of AppExpert!
HTTP Callouts
New in NetScaler 9.0 is the ability to perform a callout using HTTP to an external server. An HTTP Callout is a means to process incoming packets on the NetScaler using an external service that can be a virtual server on the NetScaler itself, a back-end server, or an third party service.
Traditionally, the NetScaler used to verify these packets internally using in-built policies but with specialized services being available for validation, they can be integrated with the NetScaler using this feature.
An HTTP callout will consist of a NetScaler policy expression that can send a simple HTTP request to an external service, wait for the response and then parse the response to produce a simple result. The result will then be used like any other policy expression evaluation result.
The HTTP callout expression:
SYS.HTTP_CALLOUT(<name of HTTP Callout>)
To define the HTTP callout:
set policy httpCallout <name>
[-IPAddress < ip_addr|ipv6_addr>]
[-port <port>]
[-vServer <string>]
[-returnType <returnType>]
[-httpMethod ( GET | POST )]
[-hostExpr <string>]
[-urlStemExpr <string>]
[-headers <name(value)> ...]
[-parameters <name(value)> ...]
[-fullReqExpr <string>]
[-resultExpr <string>]
Where:
-returnType must be one of TEXT, NUM or BOOL.
-IPAddress IP address of the server to which callout is made
-port Port of the server to which callout is made
-vserver must be one of the vservers added using the "add lb/cs/cr vserver" command. The service type of the vserver must be HTTP.
-httpMethod could be GET or POST.
-hostExpr Complex PI string expression for value of the Host header.
-urlStemExpr Complex PI string expression for generating the URL stem.
-headers Every header name must have a corresponding value. These headers will be inserted in the request. Header name is string. Header values are Complex PI Expressions.
-parameters Every parameter name must have a corresponding value. These parameter names are put in the URL query if the request has a GET method or they are put in the body if the request has a POST method. One must not rely on the order in which the parameters are inserted. Parameter name is a string. The parameter values can be computed using Complex PI String expressions. The parameter values will be URL encoded.
-fullReqExpr A complex PI String expressions computes the entire request. It is the user's responsibility to provide a well formed and sane HTTP request. The system will not do any sanity checking. If full request is specified then none of the other arguments can be specified.
HTTP callouts are available with HTTP or TCP Content Switching, Responder and Rewrite functionality.
The basic communication flow for HTTP callout is:
1. User sends request
2. Policy sends HTTP request to an external service
3. Result used like any other policy evaluation result
4. Available for multiple features
HTTP Callout Deployment Scenarios
The examples in this section illustrate how to use HTTP callouts to perform various tasks. In all cases, the NetScaler performs a callout to an external server where a callout agent is configured to respond to the request from the NetScaler based on the data that is present on the external server.
This section describes how to configure HTTP callouts in the following scenarios:
1. Filter clients based on an IP blacklist.
2. Fetch and update content on the fly using Edge Side Includes (ESI) markup language.
3. Authenticate users and control access to resources.
4. Filter Outlook Web Access (OWA) spam.
Filtering clients based on an IP blacklist
HTTP callouts can be used to block requests from clients that are blacklisted by the administrator. This list of clients can either be a publicly known blacklist or one that is maintained specifically by the administrator or a combination of both.
The source IP address of the incoming client request is checked against the external pre-configured blacklist and based on whether the IP address has been blacklisted or not, the transaction is either blocked by the NetScaler or the NetScaler continues to process the transaction normally.
The HTTP callout feature facilitates this by allowing the NetScaler to communicate with the external server that maintains a database of such blacklisted IP addresses.
The following outlines the requirements to implement this configuration:
1. Enable Responder on the NetScaler.
2. Create an HTTP callout on the NetScaler and configure it with details about the external server and other required parameters.
3. Create a Responder policy to analyze the response.
4. Bind the Responder policy globally on the NetScaler.
5. Create a callout agent on the remote server.
ESI support for fetching and updating content dynamically
Edge Side Includes (ESI) is a markup language for edge-level dynamic Web content assembly. It helps in accelerating dynamic Web-based applications by defining a simple markup language to describe cacheable and non-cacheable Web page components that can be aggregated, assembled, and delivered at the network edge.
Using HTTP callouts on the NetScaler, you can read through the ESI constructs and aggregate or assemble content dynamically.
The following outlines the requirements to implement this configuration:
1. Enable Rewrite on the NetScaler.
2. Create an HTTP callout on the NetScaler and configure it with details about the external server and other required parameters.
3. Create a Rewrite action to replace the ESI content with the callout response body.
4. Bind the Rewrite action to a Rewrite policy.
5. Bind the Rewrite policy globally on the NetScaler.
Access Control and Authentication
In high security environments, it may be mandatory to externally authenticate a user before a resource is accessed by clients. On the NetScaler, you can use HTTP callouts to externally authenticate a user based on supplied credentials. There are different ways that authentication credentials might be supplied; the client could be sending the user name and password in HTTP headers in the request, or, the credentials could be fetched from the URL or the HTTP body.
The following outlines the requirements to implement this configuration:
1. Enable Responder on the NetScaler.
2. Create an HTTP callout on the NetScaler and configure it with details about the external server and other required parameters.
3. Create a Responder policy to analyze the response.
4. Bind the Responder policy globally on the NetScaler.
5. Create a callout agent on the remote server.
OWA-based spam filtering
Spam filtering is the ability to dynamically block emails that are not from a known or trusted source or has inappropriate content. Spam filtering requires business logic that indicates a particular kind of message is a spam.
Using HTTP callouts, you can take out any portion of the incoming message and check with the configured external callout server that has the rules to detect if the message is a legitimate email or spam. In case of a spam email, the sender will not be notified that the email is marked as spam because it will only alert spammers to modify their messages.
The following outlines the requirements to implement this configuration:
1. Enable Responder on the NetScaler.
2. Create an HTTP callout on the NetScaler and configure it with details about the external server and other required parameters.
3. Create a Responder policy to analyze the response.
4. Bind the Responder policy globally on the NetScaler.
5. Create a callout agent on the remote server.
Read about the Citrix Application Switch with Version 9.0 here.
Try the Citrix Application Switch with Version 9.0 here.
Tap into the power of AppExpert!
An easy step up to IPv6
IPv6 has been available on NetScaler since April 2007, but only to select customers, and with a limited feature set.
Today, with NetScaler version 9.0, the IPv6 feature set is complete, with support for IPv6 communication all the way back to the application servers that the NetScaler is protecting and optimizing. Now that the IPv6 feature has matured, it has been released with the latest version of software! NetScaler version 9.0 includes IPv6 communication to the application servers, and all the usual tools use for troubleshooting will be present, such as ping6, traceroute6, etc.
The "IPv4 Dinosaur" may well be a term used in the future to describe a site which doesn't have an IPv6 representation on the internet. It's not a label one would want if they consider themselves to be keeping up to date with the latest and greatest technologies, as that of the Citrix NetScaler Application Switch.
Do keep in mind, running an IPv6 ONLY network, is probably still an arms length away and not very easy to migrate to. What would be required is a hybrid approach - and this is where NetScaler version 9.0 can provide a quick solution.
It is possible to use IPv6 communication from the internet to your NetScaler, and then use IPv4 from the NetScaler to the application servers. This will provide an IPv6 presence on the internet for your external website, without having to use time, resources, and budget to rebuild your entire environment right away.
Think of this as IPv6 offload, if you will. The fact that the application and back end systems are running IPv4 will be fully hidden from the end user. You can then, in your own time, port your back end infrastructure over to IPv6 step by step, making testing and roll-back a cinch.
Of course, full IPv6 end-to-end communication is equally important, especially for those government accounts which require this box to be checked-off for any new hardware going into the racks. This is the newest part of this feature, which is also now available in NetScaler version 9.0.
Read about the Citrix Application Switch with Version 9.0 here.
Try the Citrix Application Switch with Version 9.0 here.
Tap into the power of AppExpert!
Not very long ago I published a series on how to become an Application Expert. Citrix NetScaler 9.0 makes it easier with AppExpert Templates. NetScaler AppExpert Templates - introduced in NetScaler 9.0 - provide an application-centric view of the NetScaler system's policy configurations. From a single place within the GUI (AppExpert -> Applications) NetScaler administrators can: 1) Configure the various AppExpert features the NetScaler is fronting, 2) View which NetScaler functional modules (e.g., compression, caching, application firewall) are optimized and active for a given application unit.
Additionally, AppExpert Templates allow you to drill down and see which individual NetScaler policies are active, and what policies are inactive but available, by application component and NetScaler module. From this same view, individual policies can be created, activated and deactivated.
AppExpert Templates can be downloaded, imported, modified and exported AppExpert Templates page of the Citrix Community Website. Administrators can download AppExpert Templates built by Citrix, Citrix Partners and members of the NetScaler community from the Citrix Community Website. These templates are easily imported into any NetScaler running NetScaler 9.0 or higher, jump starting the configuration and deployment process. Templates developed in-house can be easily exported and shared within your organization, or posted back to the Citrix Community Website for others to view and improve.
See the new AppExpert Templates page here!
Tap into the power of AppExpert!
Citrix Systems is closing the gap on the Number 1 Load Balancer for Web Applications. They are certainly a leader and not going to relent on the pace. Check out the Gartner Magic Quadrant. Further proving a commitment to Application Delivery, Citrix teamed with Akamai to extend Application Delivery from the datacenter into the cloud. Combining Akamai's efficiency in the cloud with Citrix's efficiency in the datacenter provides the ultimate in global acceleration of applications.
Citrix & Akamai Load Balancing Deployment Guide.
Tap into the power of AppExpert!
Read about the Citrix Load Balancer here.
Buy the Citrix Load Balancer here.
The St.Bernard iPrism works with Citrix's Application Virtualization platform - XenApp, and works quite well. Seen as a perfect complement to each other the Citrix NetScaler and XenApp products were tested with the St.Bernard iPrism Web Filter. Both companies offer architectures of one-arm (out-of-band) and two-arm (in-band) deployments. At Citrixlabs in Santa Clara, CA, USA, we tested both the out-of-band and in-band configuration of the iPrism Web Filter. We loved the fact that the iPrism is auto-discovered by the management software, so no console cable was needed.
With NetScaler:
We deployed the iPrism Web Filter behind the NetScaler in our proof of concept datacenter in Santa Clara, CA, USA, and configured the NetScaler for NAT (Reverse NAT) for outbound connections to the Internet. NAT is often performed by the Firewall. The Web Application Firewall, also part of the Citrix NetScaler, was configured for protection of inbound security threats to websites and web applications.
The iPrism was configured to monitor outbound traffic from the internal subnet of 172.16.104.0/24, and block all traffic to offensive websites, and monitor traffic to all other websites. The Real-Time monitor in iPrism gave us a detailed report on the users and IP Addresses that were going out to which sites on the internet. We could see who was accessing what, and which content was being blocked. Particularly nice, was the fact that the iPrism automatically authenticated each user to the Citrixlabs domain controller, every time they surfed a new website, without them knowing it. This was very useful for keeping a tight grip on security and for compliance reporting.
With XenApp:
The powerful value is in the integration with XenApp. We plugged the iPrism in as an in-line device, and configured it to work with Citrix XenApp©, formerly known as Citrix Presentation Server. One of the key questions that will arise in this situation is with all of those Citrix XenApp thin clients logging into the XenApp and then launching browsers to the internet, how does iPrism keep track of them. By adding the XenApp IP Address to the iPrism configuration, the users are tracked using "Session Based Authentication" - this catches each individual user and IP Address in each browser session and in the reports. We were impressed by this and determined the iPrism to be an excellent fit into a datacenter outfitted with Citrix.
Citrix & St.Bernard Deployment Guide!
Network Diagram:
Watch this video tip:
AppExpert is now a useful tag used by Citrix Systems, Inc., to qualify articles and content on the web as that which pertains to the art of delivering applications to an end user. Becoming an "Application Expert" is not only an art, but as with anything else in the internet industry, takes time to learn. Becoming an Application Expert and using the knowledge takes time, drive and patience. In an effort to make this art easier, Citrix embarked on a series of product enhancements targeted toward the Application Expert, which started with the use of the NetScaler Policy Engine.
The first in many enhancements directed toward making application delivery easier for the individual using the product. Other product nomenclature was created for other features such as "AppCompress" and "AppCache", but "AppExpert" seemed to stick and a community website was born to promote the development of policies and expressions used in the course of business on the NetScaler at customer sites, by partners and in the labs at Citrix Systems.
The concept of the community site grew with favor as a much needed interactive forum for the exchange of ideas, policies, blogs, video tips and information to expand the knowledge of those using the Citrix products. Thus, the AppExpert community site was born to express this direction of growth in knowledge.
In an effort to create a community site that is both practical and useful for our customers, and in keeping aligned with the principles of ease of use and name recognition, the community site formerly named "AppExpert", has been renamed to "NetScaler Developer Network" to allow for a more easier fit among other Citrix product lines, as the Citrix community continues to grow.
NetScaler Developer Network!
The #1 Web Filter by St.Bernard is now Citrix Ready. The Highest Performance Web Application Solution from Citrix Systems can now be deployed with the the #1 Web Filter by St. Berdard. IDC ranked them #1, SC Magazine gives them high ratings, and you will agree when you plug this thing in. The Citrix Web Application Firewall protects inbound traffic destined to Web and Application Servers without degrading throughput or response time. Now, with St.Bernard's iPrism h-Series high performance appliances, you can also do outbound Web filtering, IM/P2P filtering, and antivirus detection. The iPrism Web Filter is optimized for the datacenter infrastructure and sits behind the firewall while it monitors traffic. St. Bernard's platforms are hybrid so that Web filtering, antivirus and IM/P2P filtering are all contained within one box - unlike other point solutions.
St.Bernard's iPrism Web Filter is easy to use and easy to manage. If fact, it's so easy, we had the device up and running in Proxy mode and then in Bridge mode in a matter of seconds. The management software auto-discovers the box, so you don't have to plug in a console cable - very nice!
It is far better than a transparent proxy because St.Bernard has engineered their filtering technology at the kernel level, so their bridge mode really is a bridge between interfaces, and not just a transparent proxy like other solutions in the market.
We deployed the iPrism Web Filter behind our NetScaler, and had the NetScaler perform NAT (Reverse NAT) for outbound connections to the Internet. The iPrism Web Filter adds another level of security that IT organizations sometimes look for to complement their existing base of high-performance Citrix Gear.
Citrix & St.Bernard Deployment Guide!
You can try this product for free.
The product demo is awesome.
As a hybrid unit, this is a steal.
NetScaler Developer Network!