NetScaler
Why choose NetScaler for delivering all your applications?
NetScaler provides seamless application delivery and secure remote access for both internal- and external-facing applications. Not only can you use NetScaler for delivering Citrix virtual desktop infrastructure and enterprise applications to your workforce, but you can also use NetScaler for delivering customer-facing monolithic and microservices applications.
The NetScaler advantage
By using NetScaler to deliver all your applications, you gain operational consistency, cost efficiency, and so much more:
Operational consistency
- NetScaler uses a single code base and a software-based architecture across all form factors, so no matter how you choose to deploy your applications — on-premises, in public cloud, or across both — the features and behavior will be exactly the same
- NetScaler’s single management plane, NetScaler Console, gives you one place for orchestrating and managing NetScaler application delivery controllers (ADCs), implementing security policies, and accessing analytics and observability capabilities to ensure consistent application delivery across hybrid and multi-cloud environments
- NetScaler provides feature parity — including configuration management — across its ADC form factors that allows for portability of services when migrating deployments between environments
Comprehensive security
NetScaler comes with built-in enterprise-grade security features so you can consolidate and simplify your infrastructure, eliminating the need to purchase multiple point solutions:
- Uniform protection for applications across environments with no compromise on performance
- Web application firewall and volumetric bot protection at massive scale
- Zero trust network access (ZTNA) access to internal applications
- Native and integrated authentication and single sign-on experience to protect corporate data
- API endpoint protection for securing microservices applications
Cost efficiency
- NetScaler offloads SSL/TLS encryption and decryption from application servers, reducing the computational expense of server processing while also improving application performance and security
- NetScaler is included in the Citrix platform, making it simple to reallocate throughput to NetScaler ADC instances across application environments as your business requirements and deployment models change — so you always get the most out of your investment in NetScaler
High-performance application delivery
Designed from inception to be software focused and hardware agnostic, NetScaler uses x86 commodity hardware to allow for cost-effective performance and scaling:
- NetScaler’s proprietary one-pass architecture for load balancing processes security and other ADC functions in a single pass for the lowest latency — as well as the reduced costs that come with optimal CPU utilization
- NetScaler enables dynamic scaling of internet traffic for hybrid and multi-cloud workloads to achieve clustering of up to 8 Tbps of L7 throughput for traffic destined for a single IP and port on up to 32 nodes
- Superior proxy performance for TLS processing results in an average latency advantage of ~100ms
End-to-end observability
NetScaler observability goes beyond simple monitoring to not only alert you that something is wrong but to also tell you exactly where to find the issue — the client, the server, or the internet connection in between — so you can fix it faster:
- The most granular real-time insights for application and API traffic, application and API security, and network and infrastructure performance
- Integrations with with popular data visualization tools, including Splunk, Prometheus, Grafana, and more
- NetScaler surfaces only the most valuable telemetry data — including metrics, events, logs, and traces — to significantly reduce your ingress and data storage costs
Did you know?
NetScaler provides high-performance and secure application delivery for many types of workloads, not just Citrix deployments: Some of the world’s largest e-commerce websites rely on NetScaler to ensure that their customers can transact reliably and securely.
NetScaler for Citrix
Key NetScaler features for Citrix deployments
NetScaler is the only ADC that is fully interoperable with Citrix and that provides the most capabilities — including optimal performance and enterprise-grade security — for delivering Citrix virtual desktop infrastructure and enterprise applications to your workforce.
NetScaler Gateway
NetScaler functions as a gateway to provide a single, externally available log-in portal to allow different levels of user access to Citrix Virtual Apps and Desktops (on-premises) and Citrix DaaS (cloud):
- You can use the same log-in portal to identify and provide network-level access to corporate devices using device certificates, and you can allow third parties external to your organization to access sanctioned applications
- NetScaler Gateway combines multi-factor authentication, policy control, and single sign-on with SAML 2.0 for streamlined user access
- NetScaler also provides clientless SSL VPN access, supports Microsoft Intune integration, and offers a customizable web portal
- Additionally, NetScaler Gateway includes specialized proxies for ICA and RDP traffic to ensure secure and stateless connections, along with traffic monitoring
Application acceleration
NetScaler optimizes application performance of applications by leveraging TCP optimization, which fine-tunes the TCP stack to enhance data flow efficiency over the network:
- TCP optimization reduces latency, minimizes packet loss, and improves the speed of content delivery, ensuring a faster and more reliable application end-user experience
- By optimizing the TCP protocol, which is fundamental for most internet communication, NetScaler ensures that applications are not only accelerated but also consistently available and responsive to user requests
Access control
When using NetScaler Gateway for Citrix Virtual Apps and Desktops, you gain granular control over your users’ access:
- SmartControl enables you to manage user-access policies from a single location rather than at each application delivery controller (ADC) instance for every server
- SmartAccess knows each user's identity, location, device, and authentication mechanism and uses this information to give you control over the user's actions, such as disabling access and preventing downloading, printing, and screen capturing
- SmartAccess allows you to provide differentiated access to your users based on their needs
L4-7 traffic management
NetScaler includes advanced Layer 4-7 traffic management for optimal network performance and reliability:
- NetScaler Global Server Load Balancing (GSLB) distributes traffic across geographic locations, resulting in improved application responsiveness and reduced latency
- NetScaler clustering capabilities allow for scalability and high availability
- NetScaler connection multiplexing reuses connections to avoid the overhead on a server when establishing new connections for each request, ensuring that server connections are efficiently reused. This results in dramatically reduced SSL/TLS load on backend servers
Application security
Only NetScaler uses a one-pass architecture to process security and other ADC functions in a single pass to reduce latency and provide optimal CPU utilization for super-fast application performance:
- NetScaler comes with advanced security features including an industry-leading web application firewall (WAF), bot mitigation, SSL encryption/decryption, and more
- NetScaler WAF protects applications and APIs from both known and unknown attacks and is complemented by an IP Reputation Service that proactively blocks threats
- NetScaler Bot Mitigation detects, blocks, and mitigates bad bot traffic while offering control over good bot access to applications by using geolocation, IP address, bot signatures and device fingerprinting
- NetScaler seamlessly integrates with Citrix Endpoint Management (MDM) for mobile device security
Application insights and observability
Because NetScaler collates telemetry from every user session, you can quickly detect whether an issue originates with the client, the network, or the data center:
- Only NetScaler can parse high-definition experience (HDX) traffic and provide details via NetScaler HDX Insight reports on individual streams within each session
- NetScaler Gateway Insight reports provide instant visibility into authentication failures as well as granular details on end points, single sign-on, session launch and termination, and more
- NetScaler provides end-to-end observability capabilities to assess the health, performance, and behavior of applications so you can quickly identify and resolve application performance and security issues, which in turn improves the application end-user experience
NetScaler for all other applications
Key NetScaler features for monolithic and microservices deployments
NetScaler abstracts the complexities of networking configuration for monolithic and microservices application delivery and works the same across hybrid and multi-cloud environments, empowering your team to move faster to deliver new products and services.
High-performance load balancing
NetScaler provides the lowest latency to ensure an optimal application end-user experience:
- Only NetScaler uses a one-pass architecture for traffic processing that enables it to perform many functions simultaneously to reduce latency and improve performance
- NetScaler global server load balancing (GSLB) optimizes resource utilization, you can make the most of your existing infrastructure and reduce the need to invest in additional hardware or resources
- Independent benchmarking confirms that NetScaler outperforms its competitors in every test for latency, throughput, and CPU utilization
High availability
Unlike other solutions, NetScaler doesn’t sacrifice high availability for scale — you get both:
- By deploying two NetScaler ADC nodes in active-passive mode with the same configurations, you can prevent interruptions to your operations
- NetScaler uses dynamic traffic routing rather than static routing only to automatically route client requests to the location that is best for a particular user at the time of the request
- With NetScaler priority load balancing, ADC instances across all redundancy levels are associated with a single load-balancing virtual server, so you can easily see the state of the application via a single command or the NetScaler Console
- With NetScaler, you can configure the same zone in AWS and in Azure with IPv6 addresses for failover
Comprehensive application and API security
NetScaler comes with built-in security features so you can consolidate and simplify your infrastructure, eliminating the need to purchase multiple point solutions:
- NetScaler protects your applications against known and unknown vulnerabilities, including zero-day attacks
- NetScaler WAF, unlike next-generation firewalls, protects applications against the OWASP Top 10 vulnerabilities, mitigates bots, and protects APIs
- Use NetScaler WAF to apply signature protections for known vulnerabilities, without having to immediately patch the affected server
- NetScaler provides map visualization, called service graphs, that make it easy to identify application performance issues that may stem from known or unknown attacks. Quickly determine if an issue originates from the client, the ADC, or your application
Kubernetes ingress control
NetScaler's Kubernetes ingress capabilities enable you to secure and accelerate ingress traffic for one or multiple Kubernetes clusters:
- NetScaler Ingress Controller exposes Kubernetes services outside the cluster and supports advanced traffic management capabilities such as SSL offload, load balancing, and content switching
- NetScaler integrates with service mesh technologies such as Istio and Envoy, providing additional traffic management and security capabilities for microservices
- NetScaler functions as an API gateway to manage and secure API traffic and supports advanced API management features such as rate limiting, authentication, and authorization
- NetScaler integrates with the Kubernetes horizontal pod auto-scaler to automatically adjust the number of NetScaler ADC instances based on the demand
Auto-scaling
NetScaler easily processes high traffic throughputs to handle the largest application loads:
- 32 NetScaler hardware ADCs can be clustered to achieve up to 6.4 Tbps L7 throughput
- Software ADCs can be clustered to achieve up to 3.2 Tbps L7 throughput
- A single NetScaler hardware ADC achieves up to 200 Gbps L7 throughput, and a single software ADC achieves up to 100 Gbps L7 throughput
ADC automation
NetScaler’s intent-based application delivery and security capabilities are ideal for full stack engineers and DevOps teams who typically don’t have deep expertise in networking or security:
- NetScaler automates your decision making for you while you maintain full control over your environment
- With NetScaler ADC automation, you can easily configure as code many common tasks such as authentication, rate limiting, rewrite/responder policies, content routing, WAF, bot management, Kubernetes CRDs, and more
- The NetScaler Automation Toolkit contains everything you need for automated ADC and network configuration: SDKs, public cloud deployment templates, NetScaler APIs, and integrations with IaC tools
- NetScaler comes with declarative templates called StyleBooks that automate the creation and management of NetScaler ADC configurations
- NetScaler integrates with the most popular infrastructure-as-code (IaC) tools like Terraform, Consul-Terraform-Sync, and Ansible
- NetScaler uses a common code base for all ADC form factors, making it easy to share and reuse your NetScaler configurations across on-premises and public cloud environments
ApEnd-to-end observability
NetScaler helps you pinpoint whether an issue is originating from the application or network:
- No other application delivery solution offers more granular metrics, events, logs, and traces while surfacing only the relevant insights to help you pinpoint issues faster
- NetScaler surfaces only the most relevant telemetry data for you to ingest and save, so you can significantly reduce ingress and data storage costs
- NetScaler gives you the flexibility to access observability insights via command line, through the NetScaler Console, with the NetScaler Next-Gen API, or by exporting NetScaler data into popular observability endpoint tools like Splunk, Prometheus, Grafana, Elasticsearch, New Relic, Kibana, Kafka, and Zipkin
Stateless persistence in microservices environments
The jumptable assisted ring hash (JARH) load balancing algorithm is based on the principle of consistent hashing:
- NetScaler’s JARH load balancing algorithm offers stateless persistence for applications
- Improves CPU utilization by up to 5x
- Improves application performance and reduces operational costs
NetScaler vs F5
Because NetScaler is already built into the Citrix platform, you can take advantage of its capabilities to deliver highly performant and secure applications to your customers as well as your workforce. This eliminates the need for a separate application delivery solution like F5 — especially when NetScaler is straightforward to use and it’s included with your Citrix subscription.
Key considerations for choosing NetScaler over F5
Operational consistency
NetScaler Console is the management plane and single place for orchestrating and managing NetScaler application delivery controllers (ADCs), implementing security policies, and accessing analytics and observability capabilities for consistent management of monolithic and microservices application delivery across hybrid and multi-cloud environments.
Unlike NetScaler, F5 requires you to use multiple different management systems because it has not fully integrated its acquisitions. And F5 lacks feature parity — including configuration management — across its ADC form factors, which significantly reduces portability and prevents you from easily moving services when migrating deployments between environments.
Performance
NetScaler VPX, a virtualized ADC, achieves lower (better) latency, better CPU efficiency, and higher throughput compared to F5 BIG-IP. F5’s performance significantly declines when carrying out multiple, common ADC tasks — consuming up to 300 percent more CPU under load.
Scalability
Designed from inception to be software focused and hardware agnostic, NetScaler uses x86 commodity hardware while F5 uses custom ASIC and FPGA hardware — which limits scale and is not optimal for virtualized and cloud deployments. NetScaler enables dynamic scaling of internet traffic for hybrid and multi-cloud workloads to achieve clustering of up to 8 Tbps of L7 throughput for traffic destined for a single IP and port on up to 32 nodes.
NetScaler vs F5 for hybrid cloud application delivery
Unlike F5, NetScaler is a software-defined platform for application delivery that works the same in any environment. You are not required to purchase NetScaler hardware and software together for your on-premises deployments, which gives you maximum flexibility in architecting your environment.
Your Citrix subscription allows you to easily move NetScaler ADC capacity between on-premises and public cloud environments on the fly thanks to NetScaler’s single management plane — F5 requires you to use multiple dashboards. Additionally, NetScaler performs better in public cloud environments than F5.
NetScaler vs F5 for on-premises application delivery
NetScaler offers the same enterprise-grade capabilities at a superior performance and price point than F5, while also offering better scalability through higher tenant and cluster density, without the added cost and complexity of blade chassis hardware.
NetScaler vs F5 Comparison
NetScaler | F5 | |
---|---|---|
Secure access to Citrix virtual desktop infrastructure and enterprise applications for your workforce |
||
HDX traffic support for optimal application end-user experience for Citrix DaaS and Citrix Virtual Apps and Desktops | Limited | |
HDX Insight report for Citrix DaaS and Citrix Virtual Apps and Desktops | ||
Single sign-on with built-in MFA/push authentication | ||
Built-in ZTNA context engine and policy control | Limited | |
High-performance proxy for both your workforce- and customer-facing applications |
||
One code base for all form factors so it works the same and provides feature parity across on-premises and public cloud | ||
Load balancing and traffic shaping | ||
SSL/TLS acceleration | ||
DNS management and load balancing for DR | ||
Rapid application configuration and deployment | ||
Layer 7 application firewall | Limited (high latency) |
|
Bot mitigation | ||
Consistent security policies across on-premises and public cloud | Limited | |
Ingress controller for Kubernetes deployments | ||
Single pane of glass for consistent application delivery management across environments |
||
One console for simplified management | ||
License portability across on-premises and public cloud | Limited | |
Native API-based configuration orchestration and management | ||
Out-of-the box integration with Kubernetes and open source tools | ||
Holistic visibility and analytics across on-premises and public cloud | Limited | |
End-to-end observability with rich telemetry data accessed via NetScaler Console or such visualization tools as Splunk, Prometheus, and Grafana | Limited (less-granular data) |