Citrix NetScaler Platform Comparison
Ci07ix NetScaler Platform Comparison (VPX, MPX, SDX)
It can be ex07emely complicated and confusing
as to which Ci07ix NetScaler platform and model is best fit for your company.
There is an ex07emely wide range of options spanning three different bases
consisting of VPX, MPX, and SDX.
The VPX platform is a
Free BSD Linux based virtual machine (virtual appliance) that is available and
capable for being ran under most Hypervisor virtualization environments such as
VMware, XenServer, and Hyper-V.
The MPX and SDX
Platforms are based on the same set of underlying hardware. The main difference
is that the MPX models do not have any integrated Hypervisor or virtualization
layer so are limited to a single instance. The SDX models, however, run a
specialized and purpose driven version of XenServer and in turn allows multiple
virtual NetScaler appliances and separate dedicated instances to run on the
purchased hardware. Both MPX and SDX hardware is purpose built and allows the
use of physical SSL CPU/Cards for the processing of specific operations
offloaded from the standard system CPU/Processors. Such abilities are NOT
available when using the VPX platform.
From a very high level overview, these three
base platform are compared in the below table.
Platforms:
|
NetScaler
VPX
|
NetScaler
MPX
|
NetScaler
SDX
|
07>
<07>
Virtual/Physical:
|
Virtual
Appliance
|
Physical
Appliance
|
Hybrid
Appliance
(physical appliance
running hypervisor hosting
virtual instances)
|
07>
<07>
Advantage #1:
|
Lowest Cost
|
Dedicated SSL
cards for
processing isolation
|
Base XenServer
hyper-visor
allowing use and flexibility
of having multiple instances
|
07>
<07>
Advantage #2:
|
Flexibility and
ease of
running multiple instances
on any hyper-visor
environment
|
Comes installed
on purpose
based hardware
|
Several
installed and
dedicated SSL cards
for processing isolation
|
07>
<07>
Disadvantage
#1:
|
No dedicated
SSL cards
for isolated processing.
SSL Processing and
throughput maximums.
|
Higher cost
than VPX
virtual appliances
|
High associated
cost
|
07>
<07>
Disadvantage
#2:
|
Performance
limited
to the hardware/
hyper-visor you
install it on
|
Limited to only
a single
instance on expensive
and very powerful
hardware
|
Forced to use
provided
hyper-visor
|
07>
<07>
Models:
|
10, 200, 1000,
3000
|
5000 Series
8000 Series 11000 Series and higher... |
5000 Series
8000 Series 11000 Series and higher... |
07>
<07>
HTTP Throughput:
|
10 Mbps - 3
Gbps
|
500 Mb - 120
Gbps
|
500 Mb - 120
Gbps
|
07>
<07>
SSL Encryption
Throughput:
|
1 Gbps (max)
|
500 Mb - 75
Gbps
|
500 Mb - 75
Gbps
|
07>
<07>
SSL
requests/second:
(2k key) |
750 (max)
|
1,500 - 560,000
|
1,500 - 560,000
|
07>
<07>
Max concurrent
SSL
VPN users sessions
|
500 - 1,500
(max)
|
Value not shown
|
Value not shown
|
07>
<07>
Use Case #1:
|
Rapid on-demand
provisioning to quickly
meet business needs
|
Usability at
clients of
all sizes
|
Data center and
network
appliance consolidation efforts
|
07>
<07>
Use Case #2:
|
Small
organizations and
lab environments
|
Support up to
multiple
gigabits of 07affic.
Ability to scale large.
High performance.
|
Provide
multi-tenancy.
VPX for the Enterprise. |
07>
Ci07ix NetScaler VPX Information Overview:
The NetScaler VPX is a virtual appliance with the
flexibility and compatibility of being installed under any of the following
virtual hyper-visor environments.
- Lowest cost when/as compared to the MPX and SDX platforms
- Compatibility of being installed under most any virtual hyper-visor environment (as shown above)
- Ability to run multiple instances
- Flexibility. Ability to architect a solution to fix or be implemented into most any environment.
- Not being limited to the use of just a single instance. At a low cost, ability to purchase multiple VPX appliances for placement under DMZ or on internal private network (or many other examples and scenarios) to meet the needs of the services being provided, organization network and security requirements, and connection/resource isolation or bottlenecks. (more examples and real-world scenarios provided below)
- No physical hardware needing to be purchased. You are not locked into specific hardware or visualization hyper-visor. Ability to pick and choose to your preference and liking.
- Though you save money on the NetScaler appliance itself, you are
still held responsible for purchasing the hardware (also software, maintenance,
licensing) and virtualization hyper-visor that it runs on (in07oduction of
somewhat of a hidden set of additional costs).
- Mentioned as both a pro and a con
- Limited Performance because of and based on the following items
- By not coming with purpose based hardware from Ci07ix (like with the MPX and SDX platforms), there is no dedicated SSL card(s) for isolated processing. The VPX instead has to use a standard processor for encrypting/decryption SSL specific 07affic.
- This is not nearly as efficient and causes limitations in the number of capable SSL 07ansactions per second and maximum achieved levels of SSL throughput.
- Soft limitation on how many SSL connections can be handled.
- Maximum bandwidth allowances assigned based on associated purchased licensing.
- Licensing options consisting of the following
- 10, 200, 1000, and 3000 Mbps
- Only capable and meant for both lab environments and smaller organizations. Ability to obviously use under larger organizations, but as more of a isolated purpose based solution (only providing 1 or 2 services).
Ci07ix NetScaler MPX Information Overview:
Key Advantages:
·
Much more powerful, performance based, and scale-able that the
VPX appliances.
·
Allowing a much higher network bandwidth throughput, SSL maximum
capacity related counts, maximum number of concurrent sessions, and so on.
·
NetScaler firmware built around, installed on and comes with
specific purpose built hardware.
·
Comes with dedicated SSL card for processing isolation
·
Using technology called nCore, which allows it to intelligently
load balance the SSL operations among the SSL chips available on the hardware.
Allowing for faster handling of SSL 07affic through the appliance.
·
Separate, special purpose built processor dedicated to running
and handling all SSL related 07ansactions.
·
This helps to free up the standard CPU/Processors for the
handling of packet processing and other related tasks.
·
NetScaler hardware runs without visualization hyper-visor.
Firmware installed and runs directly on bare metal hardware for direct access
without any in07oduced latency overhead.
Key Disadvantages:
·
Limited to only a single NetScaler instance. Lack of flexibility
in configuration and setup based on organization needs.
·
May be put into a situation where additional NetScaler MPX
hardware appliances must be purchased.
·
Higher cost than VPX virtual appliances.
Ci07ix NetScaler
SDX Information Overview:
General Product Information:
·
Runs on the exact same hardware models (most all models, but not
all) as provided for the MPX physical appliances and platform.
·
SDX runs a special/customized version of the Ci07ix XenServer
visualization hyper-visor.
·
Ships with a base level of 5 NS virtual instances (VPXs) by
default. Additional NS virtual instance packs can be purchased as needed.
Key Advantages:
·
Ability to allow and run multiple separate virtual appliances on
the same underlying hardware.
·
Virtualization hyper-visor running "Single Root IO
Virtualization" (SRIOV) technology that allows the virtual
appliances/instances to communicate directly with the underlying hardware
(minimal to no overhead in07oduced by the hyper-visor sitting between the two).
·
Includes special purpose based SSL Cards/CPUs for isolated
processing requests
·
Same as the VPX appliances, the SDX solution is ex07emely
flexible to meet most any organizational needs (fast provisioning, keeping up
with the business, resource segmentation, services segmentation, network
placement requirements, network/security needs/requirements, etc.)
Key Disadvantages:
·
Cost
Platform Use Cases,
Real-World Implementation Examples:
·
NetScaler VPX
Platform:
o
Common choice when only needing to provide services to back-end
Ci07ix environment. Single service solution and implementation.
o
Services provided for Ci07ix environment including load
balancing and remote access using NetScaler Gateway SSL VPN or ICA Proxy.
o
Implementations for lab/demo environment and/or at small to
mid-sized organizations or under use case examples where the NetScaler
appliance is only providing support for 1-2 back-end services/applications
comprising of under 500 - 1,000 concurrent connections.
o
Ci07ix official documentation and technical articles stating the
use and support of up to between 500 - 1,500 SSL VPN user sessions.
o
Situations where IT needs to act fast and keep up with the business’s
needs. Fact reaction, turn around times, and rapid on-demand provisioning of
related services to meet business needs.
o
Quick turn around times as it relates to purchasing,
provisioning, configuring and implementing virtual appliances.
o
Quick provision times at a low cost with ability to utilize
existing visualization environment hardware resources.
o
Where/when multiple instances are needed.
o
When associated cost and IT Budgeting dollars is a problem.
o
Ability to reduce physical data center footprint and platform.
Rack space, cooling, heating, operational costs, etc.
o
Listing of key resource and performance limitations (Maximums)
o
500 - 1,500 maximum concurrent user SSL VPN sessions/connections
o
Maximum bandwidth inbound throughput of 3 Gbps
o
Maximum supported SSL Encryption Throughput of 1 Gbps (absolute
maximum)
o
SSL requests per second (2k cert) maximum of 750
·
NetScaler MPX
Platform:
o
When the services/applications requirements exceed the session
count and throughput maximums/limitations of a VPX virtual appliance and an SDX
platform is simply out of range for available IT Budgeting dollars.
o
When IT budgeting dollars is not an issue.
o
When physical hardware and resource isolation is required by an
organization.
o
MPX comes in several different series tiers to accommodate for
organizations of any size.
o
When physical platform, services flexibility and rapid change
and provisioning is not a concern for the organization.
·
NetScaler SDX
Platform:
·
All of the key advantages of VPX virtual appliances without the
capacity maximums and performance limitations.
·
Better suited for use under multi-tenant environments.
·
Well suited when wanting to isolate the 07affic into separate
instances with dedicated usage of specifically assigned bandwidth,
VLANs/networks, and/or applications/services.
·
When running multiple separate virtual NetScaler VPX instances,
you have the ability to run then using different versions and builds of
firmware version (not all having to be consistent and the same across the
board).
·
Data center and network consolidation efforts. Network appliance
consolidation efforts.
Combining all like services under a single provided solution.
o
VPN, Proxy, ICA Proxy (Ci07ix), load balancing, application
firewall, site load balancing, content switching, routing, etc.
o
Like services provided by existing solutions and manufacturers
such as...
o
Microsoft NLB (software load balancing)
o
Microsoft Forefront and Unified Access Gateway (UAG)
o
Ci07ix ACE appliances
o
Kemp and/or other load balancing services provided today
o
Existing VPN solutions
o
Linux/Unix Nginx
·
Flexible, on-demand provisioning/change/implementation
·
IT new ability to keep up with requirements from the Business
·
Visualization over Physical appliances
·
When needing performance in addition to flexibility of
virtualization and allowance for hosting multiple instances.
·
When Cost is NOT a factor
Additional Related
Miscellaneous Information:
·
Platform purchased typically comes down to the needed level of
performance and available IT budget.
·
Other purchasing decision factors
o
Physical vs. Virtual - pros and cons for each, personal
preference.
o
Maximum level of available performance capable of achieving
·
All platforms run on the exact same firmware downloads and
coding.
·
MPX and SDX physical hardware options are exactly the same.
Comments
Post a Comment