So, what does Citrix ADC Premium do?
The Citrix ADC Premium (Application Delivery Controller) is a multi-faceted tool that can be placed into many application delivery scenarios.
To get the best value on investment, Citrix offers the platform in multiple Editions with features to suit different deployment types and scenarios dependant on need. These are grouped into Standard, Advanced and Premium, with each Edition having a common set of features, with more advanced elements added as you go up the range.
Understanding what features are available to you and what is included in each licence edition can be a challenge as the Citrix published data sheets can be ambiguous, so we have created the following feature matrix:
| Feature | Standard | Advanced | Premium |
| AppFlow | YES | YES | YES |
| BGP Routing | YES | YES | YES |
| Cache Redirection | YES | YES | YES |
| Call Home | YES | YES | YES |
| Content Filtering | YES | YES | YES |
| Content Switching | YES | YES | YES |
| Dynamic Routing | YES | YES | YES |
| HTML Injection | YES | YES | YES |
| IPv6 Protocol Translation | YES | YES | YES |
| ISIS Routing | YES | YES | YES |
| Load Balancing | YES | YES | YES |
| OSPF Routing | YES | YES | YES |
| Responder | YES | YES | YES |
| Rewrite | YES | YES | YES |
| RIP Routing | YES | YES | YES |
| SSL Offloading | YES | YES | YES |
| SSL VPN | YES | YES | YES |
| Web Interface on NS | YES | YES | YES |
| Web Logging | YES | YES | YES |
| AAA | NO | YES | YES |
| Appflow for ICA | NO | YES | YES |
| AppQoE | NO | YES | YES |
| Clustering | NO | YES | YES |
| Compression Control | NO | YES | YES |
| Front End Optimization | NO | YES | YES |
| Global Server Load Balancing | NO | YES | YES |
| GSLB Proximity | NO | YES | YES |
| Http DoS Protection | NO | YES | YES |
| Large Scale NAT | NO | YES | YES |
| NetScaler Push | NO | YES | YES |
| Priority Queuing | NO | YES | YES |
| RDP Proxy | NO | YES | YES |
| Remote Content Inspection | NO | YES | YES |
| Sure Connect | NO | YES | YES |
| Surge Protection | NO | YES | YES |
| RISE | NO | NO | YES |
| Content Inspection | NO | NO | YES |
| Adaptive TCP | NO | NO | YES |
| API Gateway | NO | NO | YES |
| Application Firewall | NO | NO | YES |
| Bot Management | NO | NO | YES |
| CloudBridge | NO | NO | YES |
| Connection Quality Analytics | NO | NO | YES |
| Content Accelerator | NO | NO | YES |
| Forward Proxy | NO | NO | YES |
| Integrated Caching | NO | NO | YES |
| Reputation | NO | NO | YES |
| SSL Interception | NO | NO | YES |
| Video Optimisation | NO | NO | YES |
| Delta Compression* | NO | NO | NO |
| URL Filtering** | NO | NO | NO |
Take a look at our NetScaler FAQs page to learn more.
It is worth noting that there is also a ‘NetScaler Gateway’ Edition, which has a small subset of features that enable remote access to a Citrix Virtual Apps and Desktops infrastructure, commonly known as ICA Proxy. This is not included in this comparison as it has a specific purpose.
*Delta Compression is no longer used.
**URL Filtering is a subscription service to add functionality to the Forward Proxy feature.
The additional Citrix ADC Premium options over and above the Advanced Edition licence can broadly be classified into areas of security, performance, connectivity and telecoms. For many businesses, once a decision has been made to deliver an application to the user, the focus returns to security and how the application can be delivered with the minimum of risk to both the user device and the enterprise. The Premium Edition licence offers many features that can mitigate against the exposure of the application and delivery risk.
Security
This forms the majority of benefits for most enterprise applications, with powerful application and user protection features for both forward and reverse proxy scenarios.
Application Firewall – The Citrix hybrid Web Application Firewall prevents security breaches, data loss and unauthorised modifications to published resources. The functionality includes both signatures of known published exploits (e.g. the WAF signature released in March 2021 mitigated against the Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2021-26855), and learnt behaviour of how a web application should function under normal use. This additional functionality reduces the security burden and attack surface from unknown or unfamiliar applications in particular.
IP Reputation – Using the third party security firm Webroot, IP Reputation identifies and blocks unwanted IP addresses attempting a connection to your network. The IP list contains the identities of malicious sources such as known anonymous proxies, bot nets and known spammers which is updated centrally and does not require much configuration on the ADC, placing the administration burden off the ADC administrator whilst still providing a level of protection to applications exposed through the ADC.
Bot Management – Detects and mitigates against automated software attacks on published web applications. This has broad implications as bot’s have multiple vectors, and therefore the protections offered can provide multiple benefits. From protecting credentials from brute force attacks, to reducing hosting costs and the loss of intellectual property by preventing the generation of bot scraping web traffic.
Forward Proxy – Controls and reports on traffic between internal users and external networks. Can integrate multiple options including external ICAP compatible servers for content inspection, to onboard URL categorisation and reporting (requires separate subscription). The Forward Proxy functionality acts as a traditional web browsing proxy server, servicing internal clients accessing the internet from the enterprise.
SSL Interception – A sub-feature of Forward Proxy, allows the interception and decryption of user-initiated HTTPS and encrypted traffic to enforce compliance and security checks. This can integrate with all the other features of the Forward Proxy service before being re-encrypted and sent onwards.
Content Inspection – Allows inline integration of Next Generation Firewall (NGFW) or Intrusion Protection Server (IPS) devices to inspect traffic as it passes through the ADC. This functionality is not limited to user generated traffic leaving the enterprise but could conversely utilise to protect enterprise networks when content is uploaded.
API Gateway – Combines the ADC traffic management features (e.g. Rewrite/Responder/WAF/Rate Limiting etc) to provide API traffic management, security, discovery and monitoring. In addition to traditional deployment scenarios, API Gateway integrates with Kubernetes Custom Resource Definitions (CRD’s) an ADC Ingress Gateway Service, opening up the ADC functionality to the Kubernetes back end services. This can provide additional functionality to the micro-services cluster.
Performance
The additional features for Citrix ADC Premium Edition include caching performance benefits.
Integrated Caching – Supports caching of static and dynamic HTTP and SQL data in ADC memory to decrease transaction times and reduce ADC to backend server traffic and server load. This also removes the requirement or reliance on external caching servers such as Squid or Varnish.
Content Accelerator – Legacy performance feature to integrate with the Citrix ByteMobile product suite.
Connectivity
The Premium licence includes additional connectivity options to integrate an ADC with other networking infrastructure and secure connectivity to other ADCs to extend a network.
CloudBridge – A GRE/IPSec Virtual Private Network point-to-point connection feature, allowing the extension of an enterprise network to a second data centre or cloud.
RISE – Cisco’s Remote Integrated Services Engine allows a Citrix ADC to appear as an integrated part of a Cisco Nexus switch, whether physical or virtual.
Telecoms Service Provider
The Citrix ADC models also have features that are used by large telecom service provider organisations such as Large Scale NAT and Diameter protocol support and the Premium licence builds on these features and requirements.
Video Optimisation – A feature to improve user experience of Adaptive Bit Rate video traffic over mobile networks.
Adaptive TCP – Dynamic adaptation of TCP Optimisation connection parameters based on the network conditions a mobile network user is experiencing at the time.
Connection Quality Analytics – Enables connection analysis of a mobile network user, used in collaboration with Adaptive TCP. This can then be used to report on general network health as well as end-user network usage and health.
FIND OUT MORE
To find out more about Citrix ADC Premium and how it can help to provide secure access to SaaS and Internet when working from anywhere call 0330 010 3443 or email [email protected].
