netscaler 11 update
TRANSCRIPT
![Page 1: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/1.jpg)
NetScaler 11 Update
![Page 2: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/2.jpg)
NetScaler Application Delivery ControllerWhat is NetScaler?
NetScaler is an enterprise grade application delivery controller, or ADC. So, what does that mean?
NetScaler is the appliance that sits between external users and your back-end resources. The list of features and use cases for the NetScaler is so long, it would be easier to explain what it doesn’t do. But where’s the fun in that?
Let’s start off with the basics.
The primary features of the appliance are load balancing, AAA traffic management, traffic optimization, SSL offload and security.
![Page 3: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/3.jpg)
Load BalancingWhat is NetScaler?
Load balancing is the primary function of the NetScaler.
NetScaler routes traffic to back end resources using a designated set of rules so that those back end servers are not overloaded.
Several methods of load balancing available, including:• Least Connection• Least Response time• Round Robin• SNMP based• Hash based• ….
![Page 4: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/4.jpg)
AAA Traffic ManagementWhat is NetScaler?
AAA provides security for a distributed Internet environment by allowing any client with the proper credentials to connect securely to protected application servers from anywhere on the Internet.
This feature incorporates the three security features of authentication, authorization, and auditing.
![Page 5: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/5.jpg)
Traffic OptimizationWhat is NetScaler?
Traffic optimization is a feature set on the NetScaler that includes:
• Integrated Caching• HTTP Compression• Front End Optimization• TCP Optimization
![Page 6: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/6.jpg)
SSL Offload and AccelerationWhat is NetScaler?
A Citrix NetScaler appliance configured for SSL acceleration transparently accelerates SSL transactions by offloading SSL processing from the server.
To configure SSL offloading, you configure a virtual server to intercept and process SSL transactions, and send the decrypted traffic to the server (unless you configure end-to-end encryption, in which case the traffic is re-encrypted).
Upon receiving the response from the server, the appliance completes the secure transaction with the client.
From the client's perspective, the transaction seems to be directly with the server. A NetScaler configured for SSL acceleration also performs other configured functions, such as load balancing.
![Page 7: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/7.jpg)
InternetWeb App Users
Legitimate traffic allowed through
Application Attacks Blocked
Citrix NetScalerApplicationInfrastructure
Network Firewalls
• Blocks dozens of day zero attack vectorso Includes CSRF, xPath Injection, XML attachment checks
• Bi-directional inspection: advanced attack prevention • SSL traffic supported• Sustained protection to 40 Gbps• ICSA certified• OWASP 10
Web Application Firewall
![Page 8: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/8.jpg)
NetScaler TriScale TechnologyWhat is NetScaler?
Citrix TriScale technology revolutionizes enterprise cloud networks by providing unrivaled capabilities that smartly and affordably scale application and service delivery infrastructures without additional complexity.
![Page 9: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/9.jpg)
NetScaler ADC Use CasesWhat is NetScaler
Use cases for the NetScaler ADC include:• Web application management• Load balancing• Web application security• Server offloading• Remote access• Data Base optimization• Traffic optimization• Web Application Firewall• DOS/DDOS protection• ……
![Page 10: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/10.jpg)
NetScaler Flexible Deployment Options
![Page 11: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/11.jpg)
NetScaler OfferingsLicensing
Comprehensive L4-7 load balancing and optimizes
expensive server and network resources to reduce
cost
Web application delivery solution providing advanced
traffic management and powerful application
acceleration
Web application delivery solution designed to deliver mission-critical applications with web application firewall
security, fastest performance, and lowest cost
StandardEdition
EnterpriseEdition
PlatinumEdition
![Page 12: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/12.jpg)
VirtualRun
Anywhere
VPX
Platform
SDX
PhysicalPrice-Performance
MPX
Multi-TenantMulti-Service
![Page 13: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/13.jpg)
80
40
15
5
1 20 80Maximum Tenants per Platform
1
Multi-tenant Capable
FIPS Platforms
Single-tenant
MPX/SDX 22040-2212040Gbps – 120Gbps
80 Instances
160
Platform Lineup: NetScaler
MPX 5550-5650500Mbps-1 Gbps
120
5
MPX/SDX 24100-24150100Gbps – 150Gbps
80 Instances
40
Per
form
ance
(HTT
P)/
Gbp
s
MPX 9700-15500 FIPS3Gbps – 15Gbps
VPX10Mbps –
3Gbps
MPX/SDX 8005-80155Gbps – 15Gbps
5 Instances
MPX/SDX11515-1154215Gbps – 42Gbps
20 Instances
MPX 25100T-25160T100Gbps – 160Gbps
No HW SSL
MPX 14060-14080 (40G)60Gbps – 80Gbps
180MPX 25160-25180 (40G)
160Gbps – 180Gbps
![Page 14: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/14.jpg)
What’s new
![Page 15: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/15.jpg)
© 2015 Citrix | Confidential
Graphical User Interface
![Page 16: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/16.jpg)
New in 11.0• No Java, completely on HTML5
• Visualizers • Networking• Load Balancing• Content Switching• App Firewall• Application Templates
• Customer experience program
• Authentication Dashboard• Single Pane to Configure-Monitor-Maintain
• Unified Gateway• CSV Server for Unified Gateway• Portal customization• Smart Access
• Admin Partitioning
• Diagnostics using web-sockets
![Page 17: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/17.jpg)
Visualizers
![Page 18: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/18.jpg)
![Page 19: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/19.jpg)
Authentication GUI Enhancements
![Page 20: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/20.jpg)
Logs
![Page 21: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/21.jpg)
© 2015 Citrix | Confidential
NetScaler Admin Partitions
![Page 22: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/22.jpg)
New Features – Admin Partitioning
![Page 23: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/23.jpg)
User Plane
Data Plane
Network Plane
Logical Partitioning
Adm
in Part 1
Adm
in Part 2
Adm
in Part 3
Adm
in Part 4
Adm
in Part 5
Adm
in Part N
![Page 24: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/24.jpg)
User Plane
Data Plane
Network Plane
Complete Separation
Adm
in Part
Ns.conf
Auditlogs
SNMP
Debugging
File System
![Page 25: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/25.jpg)
© 2015 Citrix | Confidential
SDX Platform Improvements
![Page 26: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/26.jpg)
Simplified Image Upgrade
![Page 27: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/27.jpg)
Instance Back up and Restore
![Page 28: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/28.jpg)
New Dashboard
![Page 29: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/29.jpg)
© 2015 Citrix | Confidential
NetScaler Unified Gateway
![Page 30: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/30.jpg)
Consolidation(& Flexibility)Experience Security
• Full SSL VPN tunnel and per app VPN tunnel for iOS and Android improves security
• SmartCompliance allows centralized management
• Support for iOS, Android and Linux VPN Clients
• Highly customizable portal• GUI – Usability Simplification
and Dashboard
Future-proof architecture Granular and Dynamic security policies One click access to all apps
• One URL provides consolidation
• Content Switching allows One URL for all applications
• Flexibility to chose any device type from any location
SaaSGateway
ICA Proxy
SSL VPN
NetworkVisibility+ Control
Threats
Access
QoS Optimized
SLAs
Video
What’s new in NetScaler with Unified GatewayWhat’s new in NetScaler Unified Gateway
![Page 31: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/31.jpg)
Unified Gateway provides One URL to any application
ONE URL
![Page 32: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/32.jpg)
CS V-Server
LB V-Server(Reverse Proxy)
Gateway V-Server
SSO
SSO
SaaS
One URL, Login Once
Citrix Apps OWA SharePointEnterprise
AppsMobileApps
Unified Gateway provides One URL to any application
Web Apps
![Page 33: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/33.jpg)
New homepage for Greenbubble theme
![Page 34: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/34.jpg)
Portal Customization Wizard flow
![Page 35: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/35.jpg)
VPN Plugin EPA Plugin
VPN plug-in upgrade control
![Page 36: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/36.jpg)
© 2015 Citrix | Confidential
Security and Traffic
![Page 37: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/37.jpg)
NetScaler Security Announcements
After the NSS labs report – Code changes in AppFW drove a performance increase of 100-200%
Available now in latest 10.5.e build and 11.0.
Other enhancements include location based detection and protection plus request capturing (trace) for blocked requests.
![Page 38: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/38.jpg)
New Cipher Support
AES-GCM/SHA-2• Front-end on MPX, SDX (PX, N3)• TLSv1.2 only.
ECDHE • Back-end on MPX, SDX (PX, N3)• Note: ECDHE on front-end GA’ed in 10.1, 10.5
Support on other platforms (FIPS, VPX) coming soon.
![Page 39: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/39.jpg)
DEFAULT Cipher Alias Re-ordering (Front-end) Give preference to AES/AES-GCM/ECDHE ciphers.
De-prioritize RC4 ciphers.
No ciphers dropped.
New Cipher Re-Order List
TLS1-AES-256-CBC-SHA (0x0035)TLS1-AES-128-CBC-SHA (0x002f)TLS1.2-AES-256-SHA256 (0x003d)TLS1.2-AES-128-SHA256 (0x003c)TLS1.2-AES256-GCM-SHA384 (0x009d)TLS1.2-AES128-GCM-SHA256 (0x009c)TLS1-ECDHE-RSA-AES256-SHA (0xc014)TLS1-ECDHE-RSA-AES128-SHA (0xc013)…………......……………………………… 28 ciphers…
Old Cipher Re-Order List
SSL3-RC4-MD5 (0x0004)
SSL3-RC4-SHA (0x0005)SSL3-DES-CBC3-SHA (0x000a)TLS1-AES-256-CBC-SHA (0x0035)TLS1-AES-128-CBC-SHA (0x002f)SSL3-EDH-DSS-DES-CBC3-SHA (0x0013)TLS1-DHE-DSS-RC4-SHA (0x0066)TLS1-DHE-DSS-AES-256-CBC-SHA (0x0038)…………......………………………………28 ciphers…
![Page 40: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/40.jpg)
DTLS Enhancement
Support for PFS cipher• DHE
DTLS used for Framehawk support• XA/XD attach.• NS Gateway, TURN protocol.
![Page 41: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/41.jpg)
SSL Profile…
New Changes..• Cipher setting on a profile.
• Cipher Alias, User-defined Cipher Group, Single Cipher.• Default profile will have - “DEFAULT” or “FIPS” cipher-alias on Front-end profile, “ALL” or “FIPS” cipher-
alias on Back-end profile.
• Different ciphers or cipher group/alias with priority settings.•While choosing a cipher suite
a. First the cipher suites in the highest priority cipher group would be checked.b. The cipher suites inside the cipher group would be considered according to their relative priority inside the group
![Page 42: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/42.jpg)
Qualys SSL Labs Report: NetScaler MPX/SDX/VPX
http://blogs.citrix.com/2015/05/22/scoring-an-a-at-ssllabs-com-with-citrix-netscaler-the-sequel/
![Page 43: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/43.jpg)
NS integration with Thales HSM
Thales HSM can be used to provide FIPS solution for Non FIPS MPX/SDX/VPX appliances.
Releases: 11, 10.5.e (rs_105_e 53_9008_e+)
NW SWITCH SWITCH
Thales HSM
Remote File Server(RFS)
BS
![Page 44: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/44.jpg)
Web Server
Web Server
HTTP/2 Gateway
![Page 45: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/45.jpg)
HTTP/2 HTTP/1/1
Web Server
Web Server
Enables L7 optimizationTransitional path for infrastructure
HTTP/2 Gateway
![Page 46: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/46.jpg)
HTTP/2 Configuration in Netscaler
One Step Config to enable HTTP/2
![Page 47: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/47.jpg)
TCP Nile Congestion Control
•We introduce a new congestion control algorithm for high speed networks, called TCP-Nile. •TCP-Nile uses packet loss information to determine whether the window size should be increased or decreased, and uses queueing delay information to determine the amount of increment or decrement. •TCP-Nile achieves high throughput, allocates the network resource fairly, and is incentive compatible with standard TCP
![Page 48: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/48.jpg)
© 2015 Citrix | Confidential
Programmable Traffic Management
![Page 49: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/49.jpg)
Simple and powerful customizations using scripting
Policy is the first NS feature to support NS Extensions
Policy extensions are called Extension Functions
Citrix Confidential - Do Not Distribute
NetScaler Extensions
![Page 50: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/50.jpg)
Citrix Confidential - Do Not Distribute
![Page 51: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/51.jpg)
© 2015 Citrix | Confidential
Cloud & SDN integration
![Page 52: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/52.jpg)
Public Cloud IntegrationAWS
![Page 53: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/53.jpg)
Public Cloud IntegrationAZURE
![Page 54: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/54.jpg)
![Page 55: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/55.jpg)
NetScaler Orchestration in a Cloud
NetScaler Control Center
Per-tenant ADC
Automation
Centralized Visibility.
NetScaler ADCaaSNetScaler ADCaaS
VDC VDC
NetScaler ADCaaS
VDC
![Page 56: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/56.jpg)
1
CISCO ACI - Application Centric Infrastructure
Nexus 9500
Nexus 9300 and 9500
Physical Networking Compute Multi DC WAN and Cloud
L4–L7Services Storage
Integrated WAN Edge
Hypervisors and Virtual Networking
Nexus 2K
Nexus 7K
APIC
![Page 57: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/57.jpg)
Most advanced ADC integration with Cisco ACI
![Page 58: NetScaler 11 Update](https://reader037.vdocuments.mx/reader037/viewer/2022102322/58acfc5f1a28abca0c8b5f85/html5/thumbnails/58.jpg)
WORK BETTER. LIVE BETTER.