Virtualization Forum 2015, Praha, 7.10.2015 sál Citrix Jestliže SlideShare nezobrazí prezentaci korektně, můžete si ji stáhnout ve formátu .ppsx nebo .pdf.

1. NetScaler 11 Update

2. NetScaler Application Delivery Controller
What is NetScaler?
NetScaler is an enterprise grade application
delivery controller, or ADC. So, what does that
mean?
NetScaler is the appliance that sits between
external users and your back-end resources. The
list of features and use cases for the NetScaler is
so long, it would be easier to explain what it doesn’t
do. But where’s the fun in that?
Let’s start off with the basics.
The primary features of the appliance are load
balancing, AAA traffic management, traffic
optimization, SSL offload and security.

3. Load Balancing
What is NetScaler?
Load balancing is the primary function of
the NetScaler.
NetScaler routes traffic to back end
resources using a designated set of rules so
that those back end servers are not
overloaded.
Several methods of load balancing
available, including:
• Least Connection
• Least Response time
• Round Robin
• SNMP based
• Hash based
• ….

4. AAA Traffic Management
What is NetScaler?
AAA provides security for a distributed Internet environment by allowing any client
with the proper credentials to connect securely to protected application servers
from anywhere on the Internet.
This feature incorporates the three security features of authentication,
authorization, and auditing.

5. Traffic Optimization
What is NetScaler?
Traffic optimization is a feature set on the NetScaler that includes:
• Integrated Caching
• HTTP Compression
• Front End Optimization
• TCP Optimization

6. SSL Offload and Acceleration
What is NetScaler?
A Citrix NetScaler appliance configured for SSL acceleration transparently
accelerates SSL transactions by offloading SSL processing from the server.
To configure SSL offloading, you configure a virtual server to intercept and
process SSL transactions, and send the decrypted traffic to the server (unless you
configure end-to-end encryption, in which case the traffic is re-encrypted).
Upon receiving the response from the server, the appliance completes the secure
transaction with the client.
From the client's perspective, the transaction seems to be directly with the server.
A NetScaler configured for SSL acceleration also performs other configured
functions, such as load balancing.

7. Internet
Web App Users
Legitimate traffic
allowed through
Application
Attacks Blocked
Citrix NetScaler
Application
Infrastructure
Network
Firewalls
• Blocks dozens of day zero attack vectors
o Includes CSRF, xPath Injection, XML attachment checks
• Bi-directional inspection: advanced attack prevention
• SSL traffic supported
• Sustained protection to 40 Gbps
• ICSA certified
• OWASP 10
Web Application Firewall

8. NetScaler TriScale Technology
What is NetScaler?
Citrix TriScale technology
revolutionizes enterprise cloud
networks by providing unrivaled
capabilities that smartly and affordably
scale application and service delivery
infrastructures without additional
complexity.

9. NetScaler ADC Use Cases
What is NetScaler
Use cases for the NetScaler ADC
include:
• Web application management
• Load balancing
• Web application security
• Server offloading
• Remote access
• Data Base optimization
• Traffic optimization
• Web Application Firewall
• DOS/DDOS protection
• ……

10. NetScaler Flexible Deployment Options

11. NetScaler Offerings
Licensing
Comprehensive L4-7 load
balancing and optimizes
expensive server and
network resources to reduce
cost
Web application delivery
solution providing advanced
traffic management and
powerful application
acceleration
Web application delivery
solution designed to deliver
mission-critical applications
with web application firewall
security, fastest performance,
and lowest cost
Standard
Edition
Enterprise
Edition
Platinum
Edition

12. Virtual
RunAnywhere
PlatformPhysical
Price-Performance Multi-TenantMulti-Service

13. 80
40
15
5
1 20 80
Maximum Tenants per Platform
1
Multi-tenant Capable
FIPS Platforms
Single-tenant
MPX/SDX 22040-22120
40Gbps – 120Gbps
80 Instances
160
Platform Lineup: NetScaler
MPX 5550-5650
500Mbps-1 Gbps
120
5
MPX/SDX 24100-24150
100Gbps – 150Gbps
80 Instances
40
Performance(HTTP)/Gbps
MPX 9700-15500 FIPS
3Gbps – 15Gbps
VPX
10Mbps –
3Gbps
MPX/SDX 8005-8015
5Gbps – 15Gbps
5 Instances
MPX/SDX11515-11542
15Gbps – 42Gbps
20 Instances
MPX 25100T-25160T
100Gbps – 160Gbps
No HW SSL
MPX 14060-14080 (40G)
60Gbps – 80Gbps
180
MPX 25160-25180 (40G)
160Gbps – 180Gbps

15. © 2015 Citrix | Confidential
Graphical User Interface

16. New in 11.0
• No Java, completely on HTML5
• Visualizers
• Networking
• Load Balancing
• Content Switching
• App Firewall
• Application Templates
• Customer experience program
• Authentication Dashboard
• Single Pane to Configure-Monitor-Maintain
• Unified Gateway
• CSV Server for Unified Gateway
• Portal customization
• Smart Access
• Admin Partitioning
• Diagnostics using web-sockets

17. Visualizers

19. Authentication GUI Enhancements

20. Logs

21. © 2015 Citrix | Confidential
NetScaler Admin Partitions

22. New Features – Admin Partitioning

23. User Plane
Data Plane
Network Plane
Logical Partitioning
AdminPart1
AdminPart2
AdminPart3
AdminPart4
AdminPart5
AdminPartN

24. User Plane
Data Plane
Network Plane
Complete Separation
AdminPart
Ns.conf
Auditlogs
SNMP
Debugging
File System

25. © 2015 Citrix | Confidential
SDX Platform Improvements

26. Simplified Image Upgrade

27. Instance Back up and Restore

28. New Dashboard

29. © 2015 Citrix | Confidential
NetScaler Unified Gateway

30. Consolidation
(& Flexibility)
Experience Security
• Full SSL VPN tunnel and per
app VPN tunnel for iOS and
Android improves security
• SmartCompliance allows
centralized management
• Support for iOS, Android and
Linux VPN Clients
• Highly customizable portal
• GUI – Usability Simplification
and Dashboard
Future-proof architecture Granular and Dynamic security policies One click access to all apps
• One URL provides
consolidation
• Content Switching allows One
URL for all applications
• Flexibility to chose any device
type from any location
SaaS
Gateway
ICA
Proxy
SSL
VPN
Network
Visibility
+ Control
Threats
Access
QoS Optimized
SLAs
Video
What’s new in NetScaler with Unified GatewayWhat’s new in NetScaler Unified Gateway

31. Unified Gateway provides One URL to any application
O
N
E
U
R
L

32. CS
V-Server
LB V-Server
(Reverse Proxy)
Gateway V-Server
SSO
SSO
SaaS
One URL,
Login Once
Citrix Apps OWA SharePoint
Enterprise
Apps
Mobile
Apps
Unified Gateway provides One URL to any application
Web Apps

33. New homepage for Greenbubble theme

34. Portal Customization Wizard flow

35. VPN Plugin EPA Plugin
VPN plug-in upgrade control

36. © 2015 Citrix | Confidential
Security and Traffic

37. NetScaler Security Announcements
After the NSS labs report – Code changes in AppFW drove a performance increase
of 100-200%
Available now in latest 10.5.e build and 11.0.
Other enhancements include location based detection
and protection plus request capturing (trace) for
blocked requests.

38. New Cipher Support
AES-GCM/SHA-2
• Front-end on MPX, SDX (PX, N3)
• TLSv1.2 only.
ECDHE
• Back-end on MPX, SDX (PX, N3)
• Note: ECDHE on front-end GA’ed in 10.1, 10.5
Support on other platforms (FIPS, VPX) coming soon.

39. DEFAULT Cipher Alias Re-ordering (Front-end)
Give preference to AES/AES-GCM/ECDHE ciphers.
De-prioritize RC4 ciphers.
No ciphers dropped.
New Cipher Re-Order List
TLS1-AES-256-CBC-SHA (0x0035)
TLS1-AES-128-CBC-SHA (0x002f)
TLS1.2-AES-256-SHA256 (0x003d)
TLS1.2-AES-128-SHA256 (0x003c)
TLS1.2-AES256-GCM-SHA384
(0x009d)
TLS1.2-AES128-GCM-SHA256
(0x009c)
TLS1-ECDHE-RSA-AES256-SHA
(0xc014)
TLS1-ECDHE-RSA-AES128-SHA
(0xc013)
…………......
………………
……………… 28 ciphers…
Old Cipher Re-Order List
SSL3-RC4-MD5 (0x0004)
SSL3-RC4-SHA (0x0005)
SSL3-DES-CBC3-SHA (0x000a)
TLS1-AES-256-CBC-SHA (0x0035)
TLS1-AES-128-CBC-SHA (0x002f)
SSL3-EDH-DSS-DES-CBC3-SHA
(0x0013)
TLS1-DHE-DSS-RC4-SHA (0x0066)
TLS1-DHE-DSS-AES-256-CBC-SHA
(0x0038)
…………......
………………
………………28 ciphers…

40. DTLS Enhancement
Support for PFS cipher
• DHE
DTLS used for Framehawk support
• XA/XD attach.
• NS Gateway, TURN protocol.

41. SSL Profile…
New Changes..
• Cipher setting on a profile.
• Cipher Alias, User-defined Cipher Group, Single Cipher.
• Default profile will have - “DEFAULT” or “FIPS” cipher-alias on Front-end profile, “ALL” or “FIPS” cipher-
alias on Back-end profile.
• Different ciphers or cipher group/alias with priority settings.
•While choosing a cipher suite
a. First the cipher suites in the highest priority cipher group would be checked.
b. The cipher suites inside the cipher group would be considered according to their relative priority inside
the group

42. Qualys SSL Labs Report: NetScaler MPX/SDX/VPX
http://blogs.citrix.com/2015/05/22/scoring-an-a-at-ssllabs-com-with-citrix-netscaler-the-sequel/

43. NS integration with Thales HSM
Thales HSM can be used to provide FIPS solution for Non FIPS
MPX/SDX/VPX appliances.
Releases: 11, 10.5.e (rs_105_e 53_9008_e+)
NW SWITCH SWITCH
Thales HSM
Remote File Server(RFS)
BS

44. Web Server
Web Server
HTTP/2 Gateway

45. HTTP/2 HTTP/1/1
Web Server
Web Server
Enables L7 optimization
Transitional path for infrastructure
HTTP/2 Gateway

46. HTTP/2 Configuration in Netscaler
One Step Config to enable HTTP/2

47. TCP Nile Congestion Control
•We introduce a new congestion control algorithm for high speed networks, called TCP-Nile.
•TCP-Nile uses packet loss information to determine whether the window size should be
increased or decreased, and uses queueing delay information to determine the amount of
increment or decrement.
•TCP-Nile achieves high throughput, allocates the network resource fairly, and is incentive
compatible with standard TCP

48. © 2015 Citrix | Confidential
Programmable Traffic Management

49. Simple and powerful customizations using scripting
Policy is the first NS feature to support NS Extensions
Policy extensions are called Extension Functions
Citrix Confidential - Do Not Distribute
NetScaler Extensions

50. Citrix Confidential - Do Not Distribute

51. © 2015 Citrix | Confidential
Cloud & SDN integration

52. Public Cloud Integration
AWS

53. Public Cloud Integration
AZURE

55. NetScaler Orchestration in a Cloud
NetScaler Control Center
 Per-tenant ADC
 Automation
 Centralized Visibility.
NetScaler ADCaaSNetScaler ADCaaS NetScaler ADCaaS

56. 1
CISCO ACI - Application Centric Infrastructure
Nexus 9500
Nexus 9300 and 9500
Physical Networking Compute
Multi DC
WAN and Cloud
L4–L7
Services
Storage
Integrated
WAN Edge
Hypervisors
and Virtual Networking
Nexus 2K
Nexus 7K
APIC

57. Most advanced ADC integration with Cisco ACI

58. WORK BETTER. LIVE BETTER.