Citrix NetScaler Platform Comparison

Ci07ix NetScaler Platform Comparison (VPX, MPX, SDX)


It can be ex07emely complicated and confusing as to which Ci07ix NetScaler platform and model is best fit for your company. There is an ex07emely wide range of options spanning three different bases consisting of VPX, MPX, and SDX.
The VPX platform is a Free BSD Linux based virtual machine (virtual appliance) that is available and capable for being ran under most Hypervisor virtualization environments such as VMware, XenServer, and Hyper-V.

The MPX and SDX Platforms are based on the same set of underlying hardware. The main difference is that the MPX models do not have any integrated Hypervisor or virtualization layer so are limited to a single instance. The SDX models, however, run a specialized and purpose driven version of XenServer and in turn allows multiple virtual NetScaler appliances and separate dedicated instances to run on the purchased hardware. Both MPX and SDX hardware is purpose built and allows the use of physical SSL CPU/Cards for the processing of specific operations offloaded from the standard system CPU/Processors. Such abilities are NOT available when using the VPX platform.

From a very high level overview, these three base platform are compared in the below table.

<07> <07> <07> <07> <07> <07> <07> <07> <07> <07> <07> <07> <07>
Platforms:
NetScaler VPX
NetScaler MPX 
NetScaler SDX
Virtual/Physical:
Virtual Appliance
Physical Appliance
Hybrid Appliance
(physical appliance 
running hypervisor hosting
 virtual instances)
Advantage #1:
Lowest Cost
Dedicated SSL cards for
 processing isolation
Base XenServer hyper-visor 
allowing use and flexibility 
of having multiple instances
Advantage #2:
Flexibility and ease of 
running multiple instances
 on any hyper-visor
 environment
Comes installed on purpose
 based hardware
Several installed and 
dedicated SSL cards 
for processing isolation
Disadvantage #1:
No dedicated SSL cards
 for isolated processing.
 SSL Processing and 
throughput maximums.
Higher cost than VPX 
virtual appliances
High associated cost
Disadvantage #2:
Performance limited 
to the hardware/
hyper-visor you 
install it on
Limited to only a single
 instance on expensive 
and very powerful
 hardware
Forced to use provided
 hyper-visor
Models:
10, 200, 1000, 3000
5000 Series
8000 Series
11000 Series
and higher...
5000 Series
8000 Series
11000 Series
and higher...
HTTP Throughput:
10 Mbps - 3 Gbps
500 Mb - 120 Gbps
500 Mb - 120 Gbps
SSL Encryption
 Throughput:
1 Gbps (max)
500 Mb - 75 Gbps
500 Mb - 75 Gbps
SSL requests/second:
(2k key)
750 (max)
1,500 - 560,000
1,500 - 560,000
Max concurrent SSL
 VPN users sessions
500 - 1,500 (max)
Value not shown
Value not shown
Use Case #1:
Rapid on-demand
 provisioning to quickly
 meet business needs
Usability at clients of
 all sizes
Data center and network 
appliance consolidation efforts
Use Case #2:
Small organizations and 
lab environments
Support up to multiple 
gigabits of 07affic. 
Ability to scale large.
 High performance.
Provide multi-tenancy.
VPX for the Enterprise.

Ci07ix NetScaler VPX Information Overview:

The NetScaler VPX is a virtual appliance with the flexibility and compatibility of being installed under any of the following virtual hyper-visor environments.
     Microsoft Hyper-V
  •  Vmware ESX/ vSphere
  •  Ci07ix XenServer
  •   Linux KVM

 Key Advantages:

     Lowest cost when/as compared to the MPX and SDX platforms
  •   Compatibility of being installed under most any virtual hyper-visor environment (as shown above)
  •   Ability to run multiple instances 
  •   Flexibility. Ability to architect a solution to fix or be implemented into most any environment.
  •   Not being limited to the use of just a single instance. At a low cost, ability to purchase multiple VPX appliances for placement under DMZ or on internal private network (or many other examples and scenarios) to meet the needs of the services being provided, organization network and security requirements, and connection/resource isolation or bottlenecks. (more examples and real-world scenarios provided below)
  •  No physical hardware needing to be purchased. You are not locked into specific hardware or visualization hyper-visor. Ability to pick and choose to your preference and liking.

 Key Disadvantages:
     Though you save money on the NetScaler appliance itself, you are still held responsible for purchasing the hardware (also software, maintenance, licensing) and virtualization hyper-visor that it runs on (in07oduction of somewhat of a hidden set of additional costs).
  • Mentioned as both a pro and a con
  • Limited Performance because of and based on the following items
  • By not coming with purpose based hardware from Ci07ix (like with the MPX and SDX platforms), there is no dedicated SSL card(s) for isolated processing. The VPX instead has to use a standard processor for encrypting/decryption SSL specific 07affic.
  •  This is not nearly as efficient and causes limitations in the number of capable SSL 07ansactions per second and maximum achieved levels of SSL throughput.
  •  Soft limitation on how many SSL connections can be handled.
  •  Maximum bandwidth allowances assigned based on associated purchased licensing.
  •  Licensing options consisting of the following
  • 10, 200, 1000, and 3000 Mbps
  • Only capable and meant for both lab environments and smaller organizations. Ability to obviously use under larger organizations, but as more of a isolated purpose based solution (only providing 1 or 2 services).


Ci07ix NetScaler MPX Information Overview:

Key Advantages:

·         Much more powerful, performance based, and scale-able that the VPX appliances.
·         Allowing a much higher network bandwidth throughput, SSL maximum capacity related counts, maximum number of concurrent sessions, and so on.
·         NetScaler firmware built around, installed on and comes with specific purpose built hardware.
·         Comes with dedicated SSL card for processing isolation
·         Using technology called nCore, which allows it to intelligently load balance the SSL operations among the SSL chips available on the hardware. Allowing for faster handling of SSL 07affic through the appliance.
·         Separate, special purpose built processor dedicated to running and handling all SSL related 07ansactions.
·         This helps to free up the standard CPU/Processors for the handling of packet processing and other related tasks.
·         NetScaler hardware runs without visualization hyper-visor. Firmware installed and runs directly on bare metal hardware for direct access without any in07oduced latency overhead.

Key Disadvantages:

·         Limited to only a single NetScaler instance. Lack of flexibility in configuration and setup based on organization needs.
·         May be put into a situation where additional NetScaler MPX hardware appliances must be purchased.
·         Higher cost than VPX virtual appliances.

Ci07ix NetScaler SDX Information Overview:

General Product Information:

·         Runs on the exact same hardware models (most all models, but not all) as provided for the MPX physical appliances and platform.
·         SDX runs a special/customized version of the Ci07ix XenServer visualization hyper-visor.
·         Ships with a base level of 5 NS virtual instances (VPXs) by default. Additional NS virtual instance packs can be purchased as needed.

Key Advantages:

·         Ability to allow and run multiple separate virtual appliances on the same underlying hardware.
·         Virtualization hyper-visor running "Single Root IO Virtualization" (SRIOV) technology that allows the virtual appliances/instances to communicate directly with the underlying hardware (minimal to no overhead in07oduced by the hyper-visor sitting between the two).
·         Includes special purpose based SSL Cards/CPUs for isolated processing requests
·         Same as the VPX appliances, the SDX solution is ex07emely flexible to meet most any organizational needs (fast provisioning, keeping up with the business, resource segmentation, services segmentation, network placement requirements, network/security needs/requirements, etc.)

Key Disadvantages:

·         Cost

Platform Use Cases, Real-World Implementation Examples:

·         NetScaler VPX Platform:
o    Common choice when only needing to provide services to back-end Ci07ix environment. Single service solution and implementation.
o    Services provided for Ci07ix environment including load balancing and remote access using NetScaler Gateway SSL VPN or ICA Proxy.
o    Implementations for lab/demo environment and/or at small to mid-sized organizations or under use case examples where the NetScaler appliance is only providing support for 1-2 back-end services/applications comprising of under 500 - 1,000 concurrent connections.
o    Ci07ix official documentation and technical articles stating the use and support of up to between 500 - 1,500 SSL VPN user sessions.
o    Situations where IT needs to act fast and keep up with the business’s needs. Fact reaction, turn around times, and rapid on-demand provisioning of related services to meet business needs.
o    Quick turn around times as it relates to purchasing, provisioning, configuring and implementing virtual appliances.
o    Quick provision times at a low cost with ability to utilize existing visualization environment hardware resources.
o    Where/when multiple instances are needed.
o    When associated cost and IT Budgeting dollars is a problem.
o    Ability to reduce physical data center footprint and platform. Rack space, cooling, heating, operational costs, etc.
o    Listing of key resource and performance limitations (Maximums)
o    500 - 1,500 maximum concurrent user SSL VPN sessions/connections
o    Maximum bandwidth inbound throughput of 3 Gbps
o    Maximum supported SSL Encryption Throughput of 1 Gbps (absolute maximum)
o    SSL requests per second (2k cert) maximum of 750

·         NetScaler MPX Platform:
o    When the services/applications requirements exceed the session count and throughput maximums/limitations of a VPX virtual appliance and an SDX platform is simply out of range for available IT Budgeting dollars.
o    When IT budgeting dollars is not an issue.
o    When physical hardware and resource isolation is required by an organization.
o    MPX comes in several different series tiers to accommodate for organizations of any size.
o    When physical platform, services flexibility and rapid change and provisioning is not a concern for the organization.

·         NetScaler SDX Platform:
·         All of the key advantages of VPX virtual appliances without the capacity maximums and performance limitations.
·         Better suited for use under multi-tenant environments.
·         Well suited when wanting to isolate the 07affic into separate instances with dedicated usage of specifically assigned bandwidth, VLANs/networks, and/or applications/services.
·         When running multiple separate virtual NetScaler VPX instances, you have the ability to run then using different versions and builds of firmware version (not all having to be consistent and the same across the board).
·         Data center and network consolidation efforts. Network appliance consolidation efforts.
Combining all like services under a single provided solution.
o    VPN, Proxy, ICA Proxy (Ci07ix), load balancing, application firewall, site load balancing, content switching, routing, etc.
o    Like services provided by existing solutions and manufacturers such as...
o    Microsoft NLB (software load balancing)
o    Microsoft Forefront and Unified Access Gateway (UAG)
o    Ci07ix ACE appliances
o    Kemp and/or other load balancing services provided today
o    Existing VPN solutions
o    Linux/Unix Nginx
·         Flexible, on-demand provisioning/change/implementation
·         IT new ability to keep up with requirements from the Business
·         Visualization over Physical appliances
·         When needing performance in addition to flexibility of virtualization and allowance for hosting multiple instances.
·         When Cost is NOT a factor

Additional Related Miscellaneous Information:

·         Platform purchased typically comes down to the needed level of performance and available IT budget.
·         Other purchasing decision factors
o    Physical vs. Virtual - pros and cons for each, personal preference.
o    Maximum level of available performance capable of achieving
·         All platforms run on the exact same firmware downloads and coding.
·         MPX and SDX physical hardware options are exactly the same.

Comments

Popular posts from this blog

The request has both SAS authentication scheme and 'Bearer' authorization scheme. Only one scheme should be used

Getting Started with Logic Apps - AS2

How to Debug and Trace request in Azure APIM - Portal, Postman, RequestBin