So, what does Citrix ADC Premium do?

The Citrix ADC Premium (Application Delivery Controller) is a multi-faceted tool that can be placed into many application delivery scenarios.

To get the best value on investment, Citrix offers the platform in multiple Editions with features to suit different deployment types and scenarios dependant on need.  These are grouped into Standard, Advanced and Premium, with each Edition having a common set of features, with more advanced elements added as you go up the range.

Understanding what features are available to you and what is included in each licence edition can be a challenge as the Citrix published data sheets can be ambiguous, so we have created the following feature matrix:

FeatureStandardAdvancedPremium
AppFlowYESYESYES
BGP RoutingYESYESYES
Cache RedirectionYESYESYES
Call HomeYESYESYES
Content FilteringYESYESYES
Content SwitchingYESYESYES
Dynamic RoutingYESYESYES
HTML InjectionYESYESYES
IPv6 Protocol TranslationYESYESYES
ISIS RoutingYESYESYES
Load BalancingYESYESYES
OSPF RoutingYESYESYES
ResponderYESYESYES
RewriteYESYESYES
RIP RoutingYESYESYES
SSL OffloadingYESYESYES
SSL VPNYESYESYES
Web Interface on NSYESYESYES
Web LoggingYESYESYES
AAANOYESYES
Appflow for ICANOYESYES
AppQoENOYESYES
ClusteringNOYESYES
Compression ControlNOYESYES
Front End OptimizationNOYESYES
Global Server Load BalancingNOYESYES
GSLB ProximityNOYESYES
Http DoS ProtectionNOYESYES
Large Scale NATNOYESYES
NetScaler PushNOYESYES
Priority QueuingNOYESYES
RDP ProxyNOYESYES
Remote Content InspectionNOYESYES
Sure ConnectNOYESYES
Surge ProtectionNOYESYES
RISENONOYES
Content InspectionNONOYES
Adaptive TCPNONOYES
API GatewayNONOYES
Application FirewallNONOYES
Bot ManagementNONOYES
CloudBridgeNONOYES
Connection Quality AnalyticsNONOYES
Content AcceleratorNONOYES
Forward ProxyNONOYES
Integrated CachingNONOYES
ReputationNONOYES
SSL InterceptionNONOYES
Video OptimisationNONOYES
Delta Compression*NONONO
URL Filtering**NONONO

Take a look at our Citrix ADC FAQs page to learn more.

It is worth noting that there is also a ‘NetScaler Gateway’ Edition, which has a small subset of features that enable remote access to a Citrix Virtual Apps and Desktops infrastructure, commonly known as ICA Proxy.  This is not included in this comparison as it has a specific purpose.

*Delta Compression is no longer used.

**URL Filtering is a subscription service to add functionality to the Forward Proxy feature.

The additional Citrix ADC Premium options over and above the Advanced Edition licence can broadly be classified into areas of security, performance, connectivity and telecoms.  For many businesses, once a decision has been made to deliver an application to the user, the focus returns to security and how the application can be delivered with the minimum of risk to both the user device and the enterprise.  The Premium Edition licence offers many features that can mitigate against the exposure of the application and delivery risk.

Security

This forms the majority of benefits for most enterprise applications, with powerful application and user protection features for both forward and reverse proxy scenarios.

Application FirewallThe Citrix hybrid Web Application Firewall prevents security breaches, data loss and unauthorised modifications to published resources.  The functionality includes both signatures of known published exploits (e.g. the WAF signature released in March 2021 mitigated against the Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2021-26855), and learnt behaviour of how a web application should function under normal use.  This additional functionality reduces the security burden and attack surface from unknown or unfamiliar applications in particular.

IP ReputationUsing the third party security firm Webroot, IP Reputation identifies and blocks unwanted IP addresses attempting a connection to your network. The IP list contains the identities of malicious sources such as known anonymous proxies, bot nets and known spammers which is  updated centrally and does not require much configuration on the ADC, placing the administration burden off the ADC administrator whilst still providing a level of protection to applications exposed through the ADC.

Bot ManagementDetects and mitigates against automated software attacks on published web applications.  This has broad implications as bot’s have multiple vectors, and therefore the protections offered can provide multiple benefits.  From protecting credentials from brute force attacks, to reducing hosting costs and the loss of intellectual property by preventing the generation of bot scraping web traffic.

Forward Proxy – Controls and reports on traffic between internal users and external networks.  Can integrate multiple options including external ICAP compatible servers for content inspection, to onboard URL categorisation and reporting (requires separate subscription).  The Forward Proxy functionality acts as a traditional web browsing proxy server, servicing internal clients accessing the internet from the enterprise.

SSL InterceptionA sub-feature of Forward Proxy, allows the interception and decryption of user-initiated HTTPS and encrypted traffic to enforce compliance and security checks.  This can integrate with all the other features of the Forward Proxy service before being re-encrypted and sent onwards.

Content Inspection – Allows inline integration of Next Generation Firewall (NGFW) or Intrusion Protection Server (IPS) devices to inspect traffic as it passes through the ADC.  This functionality is not limited to user generated traffic leaving the enterprise but could conversely utilise to protect enterprise networks when content is uploaded.

API GatewayCombines the ADC traffic management features (e.g. Rewrite/Responder/WAF/Rate Limiting etc) to provide API traffic management, security, discovery and monitoring. In addition to traditional deployment scenarios, API Gateway integrates with Kubernetes Custom Resource Definitions (CRD’s)  an ADC Ingress Gateway Service, opening up the ADC functionality to the Kubernetes back end services.  This can provide additional functionality to the micro-services cluster.

Performance

The additional features for Citrix ADC Premium Edition include caching performance benefits.

Integrated CachingSupports caching of static and dynamic HTTP and SQL data in ADC memory to decrease transaction times and reduce ADC to backend server traffic and server load.  This also removes the requirement or reliance on external caching servers such as Squid or Varnish.

Content AcceleratorLegacy performance feature to integrate with the Citrix ByteMobile product suite.

Connectivity

The Premium licence includes additional connectivity options to integrate an ADC with other networking infrastructure and secure connectivity to other ADCs to extend a network.

CloudBridge – A GRE/IPSec Virtual Private Network point-to-point connection feature, allowing the extension of an enterprise network to a second data centre or cloud.

RISE – Cisco’s Remote Integrated Services Engine allows a Citrix ADC to appear as an integrated part of a Cisco Nexus switch, whether physical or virtual.

Telecoms Service Provider

The Citrix ADC models also have features that are used by large telecom service provider organisations such as Large Scale NAT and Diameter protocol support and the Premium licence builds on these features and requirements.

Video Optimisation – A feature to improve user experience of Adaptive Bit Rate video traffic over mobile networks.

Adaptive TCPDynamic adaptation of TCP Optimisation connection parameters based on the network conditions a mobile network user is experiencing at the time.

Connection Quality AnalyticsEnables connection analysis of a mobile network user, used in collaboration with Adaptive TCP.  This can then be used to report on general network health as well as end-user network usage and health.

FIND OUT MORE

To find out more about Citrix ADC Premium and how it can help to provide secure access to SaaS and Internet when working from anywhere call 0330 010 3443 or email hello@clouddnagroup.com.