Transcription

Data SheetCitrix NetScaler 1000VProduct OverviewCitrix NetScaler is the industry's leading web application delivery solution. It increases the performance andavailability of all applications and data. Citrix NetScaler 1000V brings together Citrix NetScaler with Cisco Nexus 1000V Switch vPath technology for policy-based service insertion and chaining. As of Citrix NetScaler 1000VRelease 10.1-124.14, vPath can be disabled to load-balance physical servers or load-balance workloads runningon any hypervisor. Consequently, the Cisco Nexus 1000V virtual distributed switch is also optional when you arenot using vPath technology.Figure 1 shows Citrix NetScaler 1000V running on the Cisco Nexus 1110-X Cisco Cloud Services Platform (CSP).An SSL offload card is also available for the Cisco Nexus 1110-X platform when high performance is needed. CitrixNetScaler 1000V also supports virtual appliances on VMware ESXi and Kernel-based Virtual Machine (KVM)hypervisors.Figure 1.Citrix NetScaler 1000V Running on the Cisco Nexus 1110-X CSPCitrix NetScaler 1000V Editions and LicensesCitrix NetScaler 1000V is available in three editions, listed in Table 1.Table 1.Citrix NetScaler 1000V EditionsEditionDescriptionStandardProvides comprehensive Layer 4 to 7 load balancing and optimizes expensive server and network resources toreduce costs.EnterpriseOffers a web application delivery solution providing advanced traffic management and powerful applicationacceleration.PlatinumOffers a web application delivery solution designed to deliver mission-critical applications with web applicationfirewall security, fast performance, and low cost.Citrix NetScaler 1000V offers the following throughput licenses: 10, 200, and 500 Mbps, and 1, 2, 3, 4, and 5 Gbps(5 Gbps is offered only on the Cisco Nexus 1110 and 1010 hardware platforms). 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 1 of 11

Table 2 lists the main features of each edition.Table 2.Citrix NetScaler 1000V Feature MatrixApplication AvailabilityPlatinum EditionEnterprise EditionStandard EditionLayer 4 load balancing and Layer 7 content switchingYesYesYesDatabase load balancingYesYesYesCitrix NetScaler AppExpert rate controlsYesYesYesIPv6 supportYesYesYesTraffic domainsYesYesYesGlobal server load balancing (GSLB)YesYesDynamic routing protocolsYesYesSurge protection and priority queuingYesYesCitrix TriScale clustering(2 to 32 physical or virtual instances)OptionOptionOptionApplication AccelerationPlatinum EditionEnterprise EditionStandard EditionClient and server TCP optimizationsYesYesYesCitrix AppCompress for HTTPYesYesCitrix AppCacheYesApplication SecurityPlatinum EditionEnterprise EditionStandard EditionLayer 4 denial-of-service (DoS) defensesYesYesYesLayer 7 content filtering and HTTP and URL rewriteYesYesYesCitrix XenMobile NetScaler ConnectorYesYesYesSecurity Assertion Markup Language (SAML) 2 supportYesYesYesLayer 7 DoS defensesYesYesYesAuthentication, authorization, and accounting (AAA) fortraffic managementYesYesCitrix NetScaler Application Firewall with XML securityYesSimple ManageabilityPlatinum EditionEnterprise EditionStandard EditionCitrix NetScaler Insight Center and AppFlowYesYesYesCitrix NetScaler AppExpert visual policy builderYesYesYesCitrix NetScaler ActionAnalyticsYesYesYesCitrix NetScaler AppExpert service callouts, templates,and visualizersYesYesYesRole-based administration and AAA for administrationYesYesYesConfiguration wizardsYesYesYesNative Citrix web interfaceYesYesYesCitrix Command CenterYesYesCitrix EdgeSight for NetScalerYesWeb 2.0 OptimizationPlatinum EditionEnterprise EditionStandard EditionComprehensive Internet application support and XMLXPath supportYesYesYesAdvanced server offloadYesYesLower Total Cost of Ownership (TCO)Platinum EditionEnterprise EditionStandard EditionTCP bufferingYesYesYesTCP and SQL multiplexingYesYesYesSSL offload and accelerationYesYesYesCache redirection including multilayer supportYesYes 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 2 of 11

Note:All features of Citrix NetScaler are included except CloudConnectors (IPsec VPN) and NetScaler Gateway(SSL VPN).Platform PerformanceTable 3 lists the performance characteristics of the Citrix NetScaler 1000V solution.Table 3.PerformancePlatformCisco Nexus 1110-X with SSL Card(5-Gbps License)Virtual Appliance(VMware ESXi or KVM)System throughput (Gbps)5Up to 4HTTP requests per second325,000Up to 100,000SSL transactions per second(2048-bit key certificates)32,000Up to 750SSL throughput (Gbps)5Up to 1.0Compression throughput (Gbps)2.6Up to 0.75Maximum number of instances8-Resource RequirementsTable 4 lists the resource requirements for the Citrix NetScaler 1000V solution.Table 4.Resource RequirementsLicenseThroughput10 Mbps200 Mbps500 Mbps1 Gbps2 Gbps3 Gbps4 Gbps5 GbpsProcessor2 virtual CPUs(vCPUs)2 vCPUs2 vCPUs3 vCPUs4 vCPUs4 vCPUs5 vCPUs5 vCPUsMemory4 GB4 GB4 GB8 GB12 GB12 GB16 GB16 GBHard drive20 GB20 GB20 GB20 GB20 GB20 GB20 GB20 GBSystem RequirementsTable 5 lists the system requirements for the Citrix NetScaler 1000V solution.Table 5.System RequirementsProductRequirementsHypervisor supportVMware ESXi 4.0 or later; KVMPlatform supportCisco Nexus 1010, 1010-X, 1110-S, and 1110-X (SSL card and 10-Gbps networking are supported only onthe Cisco Nexus 1110-X platform)Cisco Nexus 1100 Series CloudServices Platforms (CSPs) and1010 Virtual Services Appliance(VSA) Minimum software release: Release 4.2(1)SP1(6.2) Recommended software release: Release 5.2(1)SP1(7.2) or laterCisco Nexus 1000V Switch forVMware vSphere Minimum software release: Release 4.2(1)SV2(2.1a) Recommended software release: Release 4.2(1)SV2(2.2) or later Cisco Nexus 1000V virtual distributed switch is optional if vPath technology is disabledVMware vSphere and ESXiCitrix NetScaler 1000V VMware vSphere 4.0 or later; not required when deploying the Citrix NetScaler 1000V on the CiscoNexus 1110 or 1010 VMware vSphere Enterprise Plus is required when using the Cisco Nexus 1000V; if not using the CiscoNexus 1000V, then a lesser version of VMware vSphere can be usedRecommended software release: Release 10.5-52.11 or later 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 3 of 11

Technical SpecificationsTable 6 lists the technical specifications for the Citrix NetScaler 1000V.Table 6.SpecificationsItemSpecificationLayer 4 to 7 Traffic ManagementLayer 4 load balancing Protocols supported: TCP, User Datagram Protocol (UDP), FTP, HTTP, HTTPS, Domain NameSystem (DNS) (TCP and UDP), Session Initiation Protocol (SIP) over UDP, Real-Time StreamingProtocol (RTSP), RADIUS, DIAMETER, SQL, Remote Discovery Protocol (RDP), and IntermediateSystem–to–Intermediate System (IS-IS) Protocol Algorithms: Round Robin, Least Packets, Least Bandwidth, Least Connections, Response Time,Hashing (URL, Domain, Source IP, Destination IP, and CustomID), Simple Network ManagementProtocol (SNMP)-provided metric, and Server Application State Protocol (SASP) Session persistence: Source IP, cookie, server, group, SSL session, SIP CALLID, token based, andJSESSIONID Session protocols: TCP, UDP, SSL/TCP, multipath TCP, and SPDY Server monitoring: Ping, TCP, URL, ECV, scriptable health checks, and dynamic server response time Link load balancingLayer 7 content switching Policies: URL, URL query, URL wildcard, domain, source and destination IP, HTTP header, custom,HTTP and TCP payload values, and UDP Switch requests based on protocol of incoming packetsDatabase load balancing Support for Microsoft SQL Server and MySQL Switching algorithms, including SQL query parameters such as user and database names andcommand parameters Token-based load balancing, providing advanced configuration for persistence and fault-tolerantdeploymentsCitrix TriScale clustering Scale-out clustering of up to 32 Citrix NetScaler appliances in a single system image Configuration coordinator node for centralized management and synchronization Compatible with “pay-as-you-grow” deployment Traffic distribution mechanisms include Equal Cost Multiple Path (ECMP), linksets, and Cluster LinkAggregation Group (CLAG) Available on Citrix NetScaler 1000V virtual appliances (VMware ESXi and KVM) and physicalappliances (Cisco Nexus 1110 and 1010) and with all editions (standard, enterprise, and platinum) Modules can be configured on all nodes in a cluster or using spotted virtual IP addresses, added onlyto a selected subset of nodesRate-based policy enforcement Trigger Citrix NetScaler policies based on connections per second, packets per second, or bandwidthused Source or destination based on header or payload informationTraffic domains Allows overlapping IP addresses Provides separate routing flows within a single appliance Enables basic multitenancy implementationsGlobal server load balancing (GSLB) Algorithms: site health, geographic proximity, network proximity, connections, and bandwidth Site health checking on status, connection load, packet rate, and SNMP-provided metricsSurge protection and priority queuing Adaptive rate control for TCP connections and HTTP requests Prioritized transaction dispatch for critical application requests Available in Citrix NetScaler Enterprise and Platinum Editions only 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 4 of 11

ItemSpecificationApplication AccelerationTCP optimization Multiplexing, buffering, connection keep-alive, window scaling, selective acknowledgment, Citrix FastRamp, and TCP WestwoodCitrix AppCompress Gzip-based compression for HTTP traffic Citrix AppCache Caching for static and dynamic application content HTTP GET and POST method support Policies defined based on HTTP header and body valuesApplication SecurityDoS attack defense Continue service to legitimate users while protecting against attacks such as: SYN flood, HTTP DoS,and ping of death Internet Control Message Protocol (ICMP) and UDP rate controlContent rewriting and response control Policy-based bidirectional rewriting of HTTP header and payload elements Policy-based redirection of incoming requests Body URL rewrite Responder module Custom responses and redirects Policy-based routing Network-aware policiesDNSSec DNS proxy Authoritative DNS DNS signingPacket filtering Layer 3 and 4 access control lists (ACLs) Network Address Translation (NAT) IPv4/IPv6 NATCitrix NetScaler Application Firewall with hybrid security model Positive security model protects against buffer overflow, CGI-BIN parameter manipulation, form andhidden field manipulation, forceful browsing, cookie or session poisoning, broken ACLs, cross-sitescripting (XSS), command injection, SQL injection, error-triggering sensitive information leak, insecureuse of cryptography, server misconfiguration, back doors and debug options, rate-based policyenforcement, well- known platform vulnerabilities, zero-day exploits, cross-site request forgery (CSRF),and credit card and other sensitive data leakage Negative security model with automatically updated signatures to protect against Layer 7 and HTTPapplication vulnerabilities Integration with third-party scanning tools Common event format (CEF) logs XML security: XML DoS (xDoS) XML SQL injection and cross-site scripting, XML message validation, format checks, WS-I basic profilecompliance, XML, xPath injection attachment check, and XQuery Injection protection WSDL scan prevention Attachment checks URL transformation Cookie proxying and encryption Simple Object Access Protocol (SOAP) array attack protection Available in Citrix NetScaler Enterprise and Platinum Editions onlySecure access Endpoint analysis SAML 2-factor and client certificate authentication; passwords for single sign-on (SSO) to back-endservices stored on Citrix NetScaler Client-side cache cleanup Security certifications Layer 7 content filtering AAA traffic management SAML 2 and Microsoft Windows NT LAN Manager (NTLM) v1 and 2 support for configuring CitrixNetScaler with SSO Active Directory, Lightweight Directory Access Protocol (LDAP), RADIUS, TACACS , and OnlineCertificate Status Protocol (OCSP) 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 5 of 11

ItemSpecificationSupport for Citrix XenMobile mobile-device management (MDM) Front-end optimization scalable to more than 100,000 concurrent users Citrix XenMobile NetScaler Connector (XNC), which provides device-level authorization service Application-level policy-controlled SSL VPN tunneling for mobile clientsNetwork Integration Static routes, monitored static routes, and weighted static routes Open Shortest Path First (OSPF), Routing IP (RIP) v1 and v2, and Border Gateway Protocol (BGP);BGP available only in Enterprise and Platinum Editions VLAN IEEE 802.1Q Link aggregation IEEE 802.3ad Stateful IPv6-to-IPv4 network address translation and DNS-64 Static and stateless network address translation from IPv4 to IPv6High availability Active-passive Active-active Virtual Router Redundancy Protocol (VRRP) ECMP Connection mirroringSimplified Installation andManagementUser interface Graphical application visualizer Secure web-based GUI Command-line interface (CLI), Telnet, SSH, and console Real-time performance dashboard Load balancing, GSLB application firewall, and Citrix EdgeSight NetScaler configuration wizards XenApp configuration wizardsPolicy management Citrix AppExpert visual policy builder Policy extensibility through HTTP service callouts Citrix AppExpert templates Citrix AppExpert visualizersCitrix Command Center Centralized configuration and management of more than 200 Citrix NetScaler appliances Available as a license upgrade on all editionsCitrix NetScaler Insight Center and AppFlow Citrix NetScaler Insight Cen