What’s new in Citrix NetScaler ADC 12.1?
There’s way too much going on in Citrix NetScaler ADC 12.1 to fit in a single blog post. Believe us, we tried but when the word count hit 2,000 we thought it was time for a different plan. This year, we’re breaking our review of the new major firmware release in to a series.
In Part one, cloudDNA Co-founder Al Taylor looks at the key developments around the popular Unified Gateway feature, SAML authentication and some of the other cool new features that caught his eye.
The delivery landscape is changing and while the traditional Application Delivery Controller (ADC) in the corporate data will continue for the foreseeable future, more and more of us are moving to public, multi and hybrid clouds to deliver services to our users. We’re now increasingly also seeing the same application delivered simultaneously from both private and public clouds which in turn creates a need for better management, more flexible licensing, better analytics and automation. Lots to talk about in 12.1 for these scenarios but first.
These days, a full featured ADC is as much about security as it is about balancing loads so it’s no surprise that there’s been a huge amount of development in this area. Back in 2015, the NetScaler 11.0 release introduced Unified Gateway, which has had rapid and sustained adoption by those looking to provide a single point of access for the VDI, enterprise, web and SaaS services that make up today’s virtual workspace. Headlines for Unified Gateway 12.1 include OPSWATv4 support, end to end capabilities for the recently introduced Enlightened Data Transport (EDT) protocol which is baked in to the latest versions of the Citrix desktop virtualisation products (Citrix over UDP if you’re not familiar). New RDP proxy features like connection redirection that uses a single URL to connect to an RDP farm (previously a unique URL per client connection which was admin intensive) plus more SAML features to simplify authentication across the widening delivery infrastructure.
SAML authentication has grown in popularity over the last 18 months or so and while the idea of passing credentials around clouds to authenticate users (and keep data safe) has been well received in theory, in practice it can be a bit of a pig to configure. Bring out the trumpets for the first fanfare for 12.1 with Unified Gateway now providing deep dive analytic data to a new SAML Insight tab in the Management and Analytics System (MAS). It’s a small addition but greater visibility in to federated authentication and AAA use cases will significantly improve the lives of thousands of admins as they look to provide a seamless user experience, regardless of origins of the service.
Historically, the authentication needs of each of these SaaS applications needed to be understood and configured one by one. Thing is, many of these services are common across the industry, with each organisation re-inventing the wheel to figure out how to get the right attributes in the right places. It’s been a real head scratcher and the cause of much frustration but not any more! The new App Catalogue feature simplifies the set up of single sign on to common SaaS applications such as Office 365, Salesforce, Sharefile and a bunch of other popular services available now, with more promised in future releases. Integration to these services is achieved in half a dozen clicks or less, so this little addition will slash days off deployment effort and rapidly accelerate ROI. Nice.
Back in the XenApp/Desktop world, HDX Insight has given admins greater visibility in to user experience for a few years now but anyone who’s deployed at even modest scale will know about the massive hit the NetScaler CPU takes while it decrypts the users ICA session, finds the relevant metrics to push to the MAS appliance and then re-encrypts the session to send on to the user. NetScaler 12.1 introduces support for NSAP for HDX which is a new channel in the ICA flow that allows NetScaler to collect the relevant information without the heavy lifting for much better performance and scale. Why does this performance hit exist in the first place? It’s the increasingly common scenario of very small packets of data but an awful lot of them, each of which needs to be delivered securely and each adding their own encryption overhead on a packet by packet basis. Don’t be fooled in to thinking this is a problem that is exclusive to ‘Citrix’ traffic. It’s common across an increasing number of services and it’s the reason why SSL optimisation continues to feature on the release notes year after year which, is where we’ll be starting in part two of our look at NetScaler 12.1.
© NetScaler Taylor & cloudDNA 2018