2 24773 datacenter consolidation without compromise

7/29/2019 2 24773 Datacenter Consolidation Without Compromise

1/12

www.citrix.com

Consolidation White Paper

Consolidation withoutcompromise


2/12

2


Executive summaryVirtualization of compute, storage and infrastructure is enabling thetransformation of enterprise datacenters into private clouds. The impact is

an unprecedented ability to consolidate infrastructure without compromise:no change to service level agreements (SLAs), no loss of performance orscale, and no regression in the organizations overall security posture. Suchwholesale consolidation drives meaningful reduction in operating and capitalcosts, and allows datacenter managers to demonstrate a dramatic ROI for amyriad of virtualization technologies within the datacenter.

While server and storage virtualization have become mainstream elements ofmodern datacenter designs, emerging virtual application delivery controllers(ADC) promise to extend the benefits of virtualization into the core of thenetworking infrastructure. Citrix Systems is leading the way in virtualizingADCs with its NetScaler product line, including its new NetScaler SDXservice delivery platform. This paper outlines the compelling benefits of

consolidating networking services, and details why competing effortspursued by F5 with its new virtual Cluster Multi-Processing (vCMP)technology come up short for critical ADC consolidation projects.

NetScaler SDX offers a superior ADC consolidation platform whencompared to F5 VIPRION with vCMP. These advantages span keydeployment criteria, including:

U2.5x Density NetScaler enables more ADC instances to runconcurrently on a single platform, providing 2.5 times greaterconsolidation density than F5.

UComplete ADC Isolation Unlike F5, NetScaler SDX solutionsfully isolate ADC system resources per instanceincluding SSLand compression processingso that one instance never impactsthe performance of another.

U100% ADC Functionality Only NetScaler supports all ADCfeatures so that ADC devices can be consolidated without a loss offunctionality.

UPay-As-You-Grow Scaling NetScaler SDX can uniquely increaseoverall ADC capacity without having to add additional hardware.

Transforming datacenters and

enabling consolidationThe value of virtualization derives primarily from two core capabilities:

1. Abstraction provides deployment flexibility and portability by enablinghigher-layer services to be de-coupled from underlying resources.

2. Multi-tenancy provides more efficient utilization and consolidation ofresources by enabling a single physical instance of a resource to be sharedsimultaneously by multiple consumers.

Summary

s Consolidation reduces costs

s Virtualization enablesconsolidation

s NetScaler leads in virtualizationtechnology


3/12

3


For example, with server virtualization, it is abstraction that allowsdecoupling of the operating system from hardware, enabling virtual serversto be migrated from one physical server to another. The related capability,multi-tenancy, is what makes it possible for a single physical server to runmultiple virtual servers at once.

It is the presence of one or both of these capabilities across a range oftechnologies and solutions that provides organizations with a multitudeof attractive consolidation benefits when transforming their enterprisedatacenter into a private cloud.

For server infrastructure:

UExtensive consolidation can be achieved with server virtualizationsince robust isolation and resource allocation capabilities enableworkloads for different tenants to securely and efficiently run onthe same physical server.

UFurther simplification of datacenter infrastructure is made possible

as leading server virtualization solutions enable virtual pools ofserver resources to be used for high availability, disaster recoveryand automatic workload scaling.

UUnified computing platforms that leverage virtualizationtechnology to enable integrated server, switch and storage modulesprovide another option for architecting the access layer andachieving yet another degree of physical consolidation.

For storage infrastructure:

UStorage area network solutions eliminate the need for dedicateddisks or direct-attached storage.

UUnified communications fabrics enable convergence of LAN dataand storage protocols, thereby reducing the need for a completelyseparate set of network infrastructure for storage (i.e., adapters,links and switches).

For network infrastructure:

UVirtual switches that run as virtual machines (VM), or as anintegral feature of a hypervisor, introduce the potential tocompletely eliminate the access tier of conventional three-tiernetwork designs, at least from a physical perspective.

UAlternatives to the Spanning Tree Protocolsuch as virtualPortChannel (vPC) technology from Cisco and IETF-TRILLareenabling a shift from highly scalable Layer 3 network designsto highly scalable Layer 2 networks that are better suited tomeet the performance requirements of a virtualized computinginfrastructure. Combined with the availability of high-capacity,non-blocking switches, this introduces the potential for flatterdatacenter designs that do not include a distinct aggregation tier.

UThe availability of virtual device instances for core switchingplatforms introduces the possibility of both vertical andhorizontal consolidation. Vertical consolidation can be achievedby optionally replacing physical aggregation-tier switches with

Summary

s Decouple services from physical

s Go beyond server virtualization

s Virtualize network infrastructure


4/12

4


virtual instances running on a core switching device. Horizontalconsolidation can be accomplished by absorbing into thecore switching platform any separate switches that mightotherwise operate in parallel. Switches may operate in parallel toaccommodate testing and development, support a newly acquired

business unit, or isolate a business unit that is being divested.

UVLANs and virtual routing tables can logically maintainisolation and individualized treatment for different tenants asphysical boundaries are eliminated in favor of consolidation andsimplification.

A major impetus for organizations to embrace virtualization is thetremendous degree of consolidation it enables. The need for lessinfrastructure not only reduces equipment costs and demand for preciousdatacenter resources such as power, cooling, and space, it also helps trim awide range of operational expensesincluding those associated with initialdeployment and integration, ongoing administration, and maintenance andsupport contracts. Add in the strategic advantages of better application

performance, improved reliability, and superior responsiveness to changingbusiness conditions and its easy to understand why it is only a matter oftime before the vast majority organizations transform their datacenters usingvirtualization technologies.

The need to virtualize otherdatacenter servicesWhat IT managers need to realize, however, is that other important piecesto the datacenter virtualization puzzle remain. Specifically, the deploymentflexibility and multi-tenancy capabilities enabled by virtualization must besupported for more than just server, storage and networking infrastructure.

To truly maximize available gains, similar capabilities should also be presentfor other key elements of datacenter infrastructure, including ADCs. Further,it is imperative these capabilities be available in sufficient variety andcapacity to support the broadest spectrum of potential datacenter designs.

Virtualizing ADCsSuccessful ADC virtualization encompasses multiple technologies andmethods. First, the basic configurations for individual ADC tenants requirethat traffic flows are completely isolated to ensure data and networksecurity. An inability to separate and isolate traffic between tenants will

fail to meet even the most lenient security requirements. Additionally, asADCs themselves get virtualized into software-based virtual appliances, theresulting virtual form factors must deliver the same feature set, performanceand configuration flexibility as their physical counterparts. Feature parityis an absolute must since it gives organizations the freedom to shift ADCpolicies and workloads between physical and virtual appliances. Finally, newgenerations of multi-tenant ADCs with native virtualization complete thiscontinuum by delivering an integrated platform to effectively consolidatemultiple discrete ADC devices.

Summary

s Data center switching beingvirtualized

s Horizontal and verticalconsolidation possibilities

s ADC is next data center elementto be virtualized


5/12

5


When investigating emerging technologies, enterprise IT professionals arewell advised to develop a strict set of evaluation criteria in order to selectthe most suitable solution for the organization. For virtualized multi-tenant ADCs, datacenter managers should establish the following as hardrequirements:

UHigh consolidation density Enabling a large number of ADCinstances to run on a single platform, each with its own policy,configuration and dedicated system resources.

UComplete isolation of ADC resources 100% isolation ofcompute, memory and ADC processing resources (including SSLacceleration and data compression) ensures that the performanceof one ADC instance never impacts another.

UFull ADC feature support Consolidation requires that allexisting ADC footprints can be consolidated without a loss offunctionality.

UPay-As-You-Grow Scalability Datacenter managers must havethe ability to scale overall ADC capacity on-demand withoutadding additional hardware.

How NetScaler provides asuperior consolidation solutionCitrix NetScaler is a fully integrated ADC that is deployed in front of weband database servers. It optimizes application availability through advancedlayer 4-7 (L4-7) load balancing and traffic management, acceleratesperformance, increases security with an integrated application firewall and

substantially lowers costs by increasing server efficiency.

NetScaler VirtualizationKeenly aware of both the trend toward highly virtualized datacenters and theinevitable diversity of resulting datacenter designs, Citrix is leading the wayin the ADC market with three powerful options for meeting multi-tenancy,virtualization and consolidation requirements.

NetScaler Traffic Domains. NetScaler has long offered the ability to associatedifferent sets of policies for load balancing, traffic management and otherapplication delivery functions with different virtual IP addresses (VIPs). AllNetScaler solutions support Traffic Domains., which builds on this capability

by supporting multiple tenants on an ADC platform so that communicationtraffic is prevented from illegally crossing one tenants domain to another,unless it is first routed to an external gateway and evaluated by anappropriate security policy. This eliminates the need to create and maintainstatic routes for each domain.

NetScaler VPX. A second option supported by Citrix is virtualization of theADC itself. NetScaler VPX was the one of the industrys first ADC virtualappliances and has become the clear leader in both public and private cloudarchitectures. Since NetScaler VPX leverages the same software as Citrixspopular NetScaler MPX networking appliances, the two solutions maintain100% functional parity.

Summary

s Meet strict ADC consolidationrequirements

s NetScaler embodies virtualization

s NetScaler is clear leader in cloud


6/12

6


Unlike many competing virtual appliance implementations, NetScalerVPX is:

UA full-featured solution incorporating allADC functionality,including L4-7 load balancing, application firewall security,

dynamic content caching, application performance monitoringand a robust SSL VPN capability

UA high-performance solution capable of handling traffic up to3 Gbps or more

UAn open solution capable of operating not only on CitrixXenServer, but also on Microsoft Hyper-V and VMwareESX/ESXi

NetScaler SDX. NetScaler Traffic Domains and NetScaler VPX are essentialbecause they enable ADCs to support datacenters with a high degreeof virtualization and consolidation ofother infrastructure componentssuch as servers, storage and switches. The next logical step, however, is asolution that also consolidates the ADC itself. NetScaler SDX representsthe third option for meeting multi-tenancy, virtualization and consolidationrequirements.

It has long been common practice to deploy dedicated ADC appliancesfor each application in order to ensure maximum availability and avoidjeopardizing performance SLAs. Unfortunately, this approach also led toexpensive and difficult to manage application silos. Now, as these siloscrumble in favor of shared but logically isolated infrastructure, there is adistinct opportunity for horizontal consolidation of ADCs across multipleapplications. This is particularly true for application delivery infrastructuresthat were intentionally over provisioned and that have ADCs operating wellbelow their rated capacity.

Also present is the opportunity for vertical consolidation. Facilitated by thesteady dissolution of the network perimeter and widespread availabilityof numerous network-based isolation techniques, organizations mightalso decide to bring together ADCs used at different tiers of a multi-tierapplication. This way a single ADC can support the DMZ, web applicationand database tiers.

Summary

s Leading NetScaler VPX virtualappliance

s New NetScaler SDX platform

s Complete ADC consolidationsolution


7/12

7


Consolidated Services

Delivery Platform

NetScaler SDX

F5 BIG-IP

F5 BIG-IP

F5 BIG-IP

Web / Application Servers

Data

F5 BIG-IP

F5 BIG-IP

Web / Application Servers

Data

DMZ

Figure 1: ADC Consolidation Opportunities

Citrixs new NetScaler SDX is uniquely suited to accommodate either typeof consolidation initiative. An innovative solution for consolidating ADCs,NetScaler SDX enables multiple, independent, full-featured NetScalerinstances to run on a single physical appliance. NetScaler SDX is anoptimized combination of two proven solutions in their own right, NetScalerVPX and Citrix XenServer. It enables todays organizations to reduce theirADC footprint and total cost of ownership (TCO) by pursuing opportunitiesfor both horizontal and vertical consolidation of discrete, standaloneADC devices.

NetScaler SDX squarely meets the four fundamental requirements fora natively virtualized ADC consolidation solution.

1. Density Up to 40 NetScaler ADC instances can run independently on asingle NetScaler SDX platform. This impressive level of density supportsthe most ambitious consolidation projects.

2. Isolation All critical system resources, including memory, CPU and SSLprocessing capacity are assigned to individual NetScaler instances. Thisis essential to ensuring that resource demands made by one tenant do notnegatively impact other tenants running on the same physical system. Italso provides greater security for each ADC instance by providing full

separation of traffic flows.3. Full ADC Functionality NetScaler SDX supports 100 percent of the

ADC functionality available with both hardware-based NetScaler MPXappliances and software-based NetScaler VPX virtual appliances. Thisenables NetScaler SDX to consolidate all existing ADC deploymentswithout any policy constraints.

Summary

s Built with Xen virtualization

s Consolidate up to 40 ADCs

s Maintain isolation andfunctionality


8/12

8


4. Pay-As-You-Grow The Pay-As-You-Grow option delivers on-demandelasticity enabling organizations to easily scale ADC capacity to keeppace with application traffic growth. And because it leverages a software-based architecture, NetScaler SDX can scale performance and capacitywith a simple software key, eliminating expensive hardware purchases

and upgrades.

NetScaler MPX NetScaler VPX NetScaler SDX

Form factorHardened network

applianceSoftware-basedvirtual appliance

Hardened networkappliance

ADC density 1 1 Up to 40

Performance Up to 50 Gbps Up to 3 Gbps Up to 50 Gbps

Full ADC functionality

Pay-As-You-Grow

How F5 Stacks UpSimilar to Citrix, F5 has recognized the market need to consolidate ADCfootprints. The companys new virtual Cluster Multi-Processing (vCMP)technology promises to consolidate up to 16 separate BIG-IP guests intoa single system. vCMP-based consolidation is supported in VIPRION 2400and 4400 chassis-based systems, and can provide impressive raw throughputcapabilities. Further, systems equipped with vCMP technology can runF5s Global Traffic Manager (GTM) module for global load balancingcapabilities, as well as the companys Application Security Module (ASM)for web application firewall security.

While vCMP enables a step towards consolidation, F5s core architecturalapproach leads to various deployment shortcomings. For example, relianceon third-party virtualization technology that is both immature and lackinga proven track record in major cloud infrastructures significantly limits thenumber of ADC instances that can run concurrently on a single platform.Additionally, vCMP technology is supported only on VIPRION chassis-based systems, putting it out of the reach of mainstream enterprise customerswho prefer network appliance solutions. Further, vCMP does not support allF5 modules, such as WebAccelerator, or all ADC features, such as SSL VPNcapability. Consequently, vCMP will significantly limit the consolidation ofnew or existing ADC deployments.

Citrix NetScaler SDX provides a more complete solution with greatertangible value for customers.

Table 1: Comparative summary of NetScaler solutions

Summary

s F5 VIPRION with vCMP

s Basic ADC consolidation device

s Significant architecturalshortcomings


9/12

9


NetScaler SDX F5 VIPRION with vCMP

ADC density (maxinstances per platform)

40 16

Basic system isolation

(CPU and memory)

Isolation of core ADCprocessing (SSLacceleration andcompression)

Not supported

ADC functionalitysupported

AllMissing key capabilities

(E.g. dynamic caching and SSL VPN)

Pay-As-You-Growelasticity

No (requires additional hardware purchase)

Real world ADC ConsolidationCustomer Requirement Consolidate eight (8) individual ADC appliances into a single platform. Performancerequirements: 1 Gbps throughput and 500 Mbps SSL throughput per ADC.

Citrix NetScaler SDX 11500 F5 vCMP VIPRION 2400

Appliance $90,000 $0

Chassis $0 $9,995

Additional hardware $0$119,990

(VIPRION 2100 blades)

Performance packlicense

$0 $59,995

Consolidation license(8 instance minimum) $20,000 $19,995

Total solution cost $110,000 $209.975

NetScaler savingsadvantage

$99,975 savings48% less expensive than F5

Understanding F5 vCMPLimitationsShort on ADC Density From the perspective of protecting an organizationsinvestment, successful consolidation requires a platform that not onlyabsorbs the existing number of ADC devices in the network, but also hasthe headroom to handle future needs. Even with a fully populated VIPRIONchassis, F5 vCMP customers are unable to consolidate more than 16 guests.In comparison, NetScaler SDX offers a 2.5x advantage by supporting amaximum of 40 guests.

Table 3: Real world consolidation example with NetScaler SDX and F5 vCMP

Table 2: Comparative summary of ADC consolidation solutions

Summary

s NetScaler SDX beats F5 vCMP

s Meets all consolidationrequirements

s More cost effective


10/12

10


F5 VIPRION

16

Citrix NetScaler SDX

40

MaximumN

umberofADCsperPlatform

ADC Consolidation Density

Figure 2: Comparing ADC consolidation density

Much of the NetScaler SDX advantage derives from the use of industry-grade XEN virtualization technology by Citrix, which powers cloud anddata center infrastructures at massive scale. Leveraging proven virtualizationtechnology is critical, as any issue occurring at the virtualization layer hasthe potential to impact all ADC tenants running on the platform.

Limited Functionality vCMP does not support the complete set of ADCfunctionality delivered on F5s BIG-IP hardware appliances. For example,neither WebAccelerator nor Access Policy Manager (APM) features aresupported. Consequently, a vCMP guest cannot support core functionalitysuch as caching of dynamically generated web content or SSL VPN security.This limitation alone may prevent customers from consolidating existing

ADC devices. At the very least, they may have to reduce their ADC policy tofit the resulting constraints of vCMP.

Incomplete ADC isolation Although F5s vCMP technology isolates CPUand memory resources between guests, it does not allow customers todedicate SSL processing resources per guest. Consequently, a single vCMPguest can potentially starve adjacent tenants of SSL resources, resultingin much higher application latency or dropped sessions. In fact, F5s ownvCMP customer guidelines warn customers against implementing thestrongest level of SSL security for any single application for this very reason.

No Pay-As-You-Grow F5 BIG-IP and VIPRION solutions do notallow customers to scale performance on-demand without the purchaseof additional hardware. While this limitation persists throughout theF5 product line, vCMP further complicates deployment decisions byunnecessarily making ADC density and performance interdependent. Toadd more vCMP guests, for example, F5 requires customers to purchaseadditional hardware bladesthe same way they would buy more blades toincrease aggregate performance. A better-designed solution would enablecustomers to separate investments in density and overall performance.

Limited Platform Options Consolidation of ADC functionality is attractiveto organizations of all sizes. Putting this capability within reach of the

Summary

s F5 consolidation limits ADCfunctionality

s No isolation of SSL processing

s Expensive to scale up


11/12

11


broadest range of customers demands both affordability and choice ofplatforms. With NetScaler SDX, organizations can choose among ninedifferent appliance platforms to best accommodate their price/performancerequirements. In contrast, F5s approach to ADC consolidation requiresinvestment in relatively expensive chassis-based products.

F5 vCMP

VIPRION 2400 VIPRION 4400

Citrix NetScaler SDX

Multiple Price-Performance Options Two Chassis Systems

No Appliance Solutions

DensityandPerformance

Pay-As-Yo

u-Grow

Pay-As-Yo

u-Grow

20 Gbps

35 Gbps

50 Gbps

8 Gbps

12 Gbps

18 Gbps

24 Gbps

36 Gbps

42 Gbps

Figure 3: Platform options for ADC consolidation

ConclusionADC consolidation within next-generation datacenter architectures bringsstep-function improvements in overall IT agility and drives lower operationaland capital costs. For real-world ADC consolidation projects NetScalerSDX beats F5 VIPRION running vCMP technology in meeting key customerrequirements. These advantages include:

UNetScaler provides 2.5 times greater density to consolidate moreADC workloads.

UUnlike F5, NetScaler isolates key ADC processing resources forindividual instances to ensure the performance of each ADCinstance.

UOnly NetScaler SDX is capable of consolidating 100% of ADCfunctionality offered in standalone appliances.

UNetScaler Pay-As-You-Grow provides a 5x capacity increase withno additional hardware.

Summary

s Multiple NetScaler deploymentoptions

s Multiple price-performancechoices

s NetScaler SDX beats F5 vCMP


12/12

0911/PDF

About CitrixCitrix Systems, Inc. (NASDAQ:CTXS) is a leading provider of virtual computing solutions that help companies deliver IT as anon-demand service. Founded in 1989, Citrix combines virtualization, networking, and cloud computing technologies into a fullportfolio of products that enable virtual workstyles for users and virtual datacenters for IT. More than 230,000 organizationsworldwide rely on Citrix to help them build simpler and more cost-effective IT environments. Citrix partners with over 10,000companies in more than 100 countries. Annual revenue in 2010 was $1.87 billion.

2011 Citrix Systems, Inc. All rights reserved. Citrix, Citrix XenDesktop, Citrix XenApp, Citrix XenClient, CitrixGoToMeeting and Citrix GoToAssist are registered trademarks of Citrix Systems, Inc. and/or one or more of its subsidiariesand may be registered in the U.S. Patent and Trademark Office and in other countries. All other trademarks and registeredtrademarks are property of their respective owners.

Worldwide HeadquartersCitrix Systems, Inc.851 West Cypress Creek RoadFort Lauderdale, FL 33309, USAT +1 800 393 1888T +1 954 267 3000

AmericasCitrix Silicon Valley4988 Great America ParkwaySanta Clara, CA 95054, USAT +1 408 790 8000

EuropeCitrix Systems International GmbHRheinweg 98200 Schaffhausen, SwitzerlandT +41 52 635 7700

Asia PacificCitrix Systems Hong Kong Ltd.Suite 6301-10, 63rd FloorOne Island East18 Westland RoadIsland East, Hong Kong, ChinaT +852 2100 5000

Citrix Online Division6500 Hollister AvenueGoleta, CA 93117, USAT +1 805 690 6400

www.citrix.com

2 24773 datacenter consolidation without compromise

Documents