Citrix user? Time to seriously consider an f5 to NetScaler migration

Citrix user? Time to seriously consider an f5 to NetScaler migration

As thousands of global Citrix customers transition to Universal HMC and Citrix Platform licences, the availability of unlimited NetScaler instances has raised questions from those organisations running f5 to do what appears to be a very similar job. In other words, if NetScaler can do what f5 does, and it eliminates the f5 cost, is now the time for an f5 to NetScaler migration?

First off though, a bit of NetScaler FUD busting. NetScaler isn’t just for the delivery of Citrix for remote users. Yes, it is packed with features that assist with secure remote access of apps and services, but it’s way more than that. NetScaler has been the backbone of the internet for decades, we lost count at around 4,000 individual features to improve the performance, security, efficiency and observability of digital service delivery.

This feature density (the amount of functionality squeezed in to the appliance footprint) is one of its core advantages over f5 and one of the reasons NetScaler is used by the worlds largest search engines, eCommerce sites, social networks, banks, governments and literally thousands of other sectors serving an estimated 75% of the world’s global internet users every day. It’s fast, efficient and a classic IT industry example of doing more with less.

It’s important at this point to recognise that not all Application Delivery Controllers (ADCs) are the same. While there are plenty of budget options that do a bit of load balancing with bells on, the whole idea around ADC’s is consolidating as much functionality in to as small a footprint as possible, and this ability get so many features into a single codebase is the foundation for another key NetScaler vs f5 differentiator. It’s become known as the ‘Power of One’ but before we describe what it is, we need to take a moment to understand why it’s important.

The power of one – codebase

When considering an end to end f5 solution, there’s usually multiple components to build and manage independently – like BigIP hardware and BigIP virtual appliances that live on 3^rd party hypervisors or in the public cloud. While they are similar, they have different functionality and capabilities which need to be factored into service planning decisions, sometime years in advance, potentially reducing service agility and having cost implications in the process.

Now if you’ve seen an f5 BoM recently, you’ll be aware there are typically multiple modules to provide discreet pieces of functionality, LTM, DNS, ASM etc. often with NGNIX and a couple of other offerings thrown in for good measure. They’re all great at what they do but remember, if we’re trying to work efficiently, we’re trying to squeeze more functionality into a tighter footprint, not add more machines to the stack.

Despite those 4,000 or so features, the NetScaler ADC has a single codebase across all appliance form factors including dedicated hardware, virtual, bare metal, public cloud and container. This enables full functionality in all locations from the global cloud ingress point to the container, which in turn has some significant implications.

• A single codebase provides operational consistency across all HMC deployment scenarios.
• Security posture is the same for all services.
• One skill set is required to manage and maintain the fleet.
• Interdependency of individual components is no longer relevant as all nodes do everything.
• Administration and automation is standardised and simplified.

The power of one – management plane

When we last counted, from controllers to portals and workflows, there were around half a dozen management consoles to run an end-to-end f5 solution. Each of these needs configuring (with peer awareness), managing, monitoring and maintaining to keep things in good order, and if automation is in scope, there’s potentially a completely different set of APIs for each of them too.

This component and admin GUI sprawl, combined with the inherent complexity of iRules, all contribute to operational effort and the risk of manual configuration error. It’s not necessarily a nightmare, but it’s not what dreams are made of either.

With a single codebase, NetScaler only needs one console to manage the entire global app delivery control estate. Out of the box automations slash admin time for BAU tasks, SSL certificate management is dramatically simplified, service agility is enhanced, and security posture is presented in real time for effective risk awareness.

In addition to management functions, NetScaler Console aggregates service data from all nodes to provide a full picture of service health and user experience for affective SLA management, with detailed end to end observability capabilities as standard.

The power of one – single pass architecture

We need to talk about latency, the #1 service success measurement and the elephant in the BigIP room. When you look under the covers at how an f5 BigIP ADC works, a packet flows through the machine, passing through each module activated on the appliance sequentially. When traffic flows are low everything works well but as soon as the load increases, the constant need to pass traffic in an out of those functionality modules affectively slows the traffic down as it passes through the appliance.

This becomes a problem when security or traffic manipulation is provided by the appliance, both of which are computationally heavy loads but both pretty common from the web service to the enterprise. As the box gets busier, the service slows down, and UX suffers, so the only f5 option is to buy a bigger appliance or buy another appliance, far from ideal.

NetScaler is a software-based solution which was designed to be fast from the ground up. It features a single pass architecture so rather than getting delayed in queues, a packet is opened once, actions are taken in a single pass and the packet is delivered. This results in industry leading performance and some significant advantages when comparing virtual BigIP and Virtual NetScaler efficiency and performance under load.

The Tolly Report #224128, published in 2024 delivered some thought-provoking results,

• NetScaler achieves 300% higher throughput for similar CPU usage – This means you need 3x more f5 appliances to deliver the same volume of traffic.
• F5 consumes 300% more CPU under load – Leading to increased service cost and diminished user experience.
• F5 adds up to 9x latency when preforming multiple tasks on traffic – Application experience suffers, users abandon checkouts, service levels drop.

The power of one – The NetScaler Flex licence

With many f5 customers facing a hardware refresh, often running in to the £100k’s, and the huge potential value of the unlimited NetScaler instance entitlement in the Universal HMC and Platform licence delivers, there’s a very compelling commercial argument to consider the move from f5 to NetScaler, but what about operational consideration?

The NetScaler Console ‘single pane of glass’ also acts at the licence server, providing complete licence agility and portability across all nodes without restrictions and at least 1,000 Gb of Premium Edition throughput to complement the unlimited instances available in the licence bundle. Use any licence, any size, anywhere for unbeatable agility and value.

Making the move

Historically, many organisations have decided against moving from f5 to NetScaler as the actual migration process has been considered too disruptive and the effort too great to justify the activity. While the NetScaler Power of One presents plenty of technical and commercial advantages, it can’t do the migration for you, but there is some good news here too.

Citrix has been developing an iRules to NetScaler conversion tool to dramatically reduce the effort and complexity of migrating from one platform to the other. In addition, we’re here to help not just de-risk the lift and shift from old to new, but to help enhance configurations to work more efficiently, and develop the utilisation of more of those 4,000 NetScaler features to boost service levels and RoI. Learn more about our f5 to NetScaler migration services here > https://clouddnagroup.com/netscaler-services/f5-to-netscaler-migration-services/

Better still, as a Citrix Platinum Partner with specialist NetScaler accreditation, we’re able to tap into a fund made available by the Citrix to either part or fully fund the cost of the migration for qualifying Citrix customers. Sound interesting? Book an f5 to NetScaler migration discovery workshop using the form below to start your journey to faster, more efficient service delivery.