Lead Image © Mellimage, 123RF.com

Lead Image © Mellimage, 123RF.com

Citrix NetScaler steps in for Microsoft TMG/ISA

Into the Breach

Article from ADMIN 18/2013
By
Since Microsoft announced the discontinuation of its Threat Management Gateway (TMG) – successor to the Internet Security and Acceleration (ISA) Server – companies have been looking for an adequate replacement. Citrix jumps into the breach with its various NetScaler products.

NetScaler is a network product that works as an application accelerator and firewall. In other words, integration of the product into the enterprise is best handled by networking experts, because that's where network traffic is directly influenced and controlled. The complexity of NetScaler far exceeds the requirements for managing Citrix products like XenDesktop or XenApp, so you should not underestimate the product despite its apparent simplicity.

Citrix claims that its NetScaler products are the best replacement for Microsoft TMG. The manufacturer has published a corresponding white paper [1] to support this claim. The main advantages of TMG were the built-in wizards that helped admins provide Exchange services, SharePoint, and Lync efficiently on the Internet. Citrix fills the void created by the withdrawal of TMG with its NetScaler products, which are said to offer the full feature set of TMG. NetScaler also has integrated wizards and templates to keep the configuration as simple as possible (Figure 1). However, that's not all.

Figure 1: Citrix NetScaler uses wizards to help you provide Exchange, SharePoint, and Lync on the web.

What NetScaler Offers

Citrix NetScaler can safely provide web-based services such as Exchange, Lync, and SharePoint to users of the public Internet via the internal network. You could also say that NetScaler publishes these services on the Internet. NetScaler also provides load balancing and Layer 4 connection management, content filtering, and URL filtering and rewriting (Figure 2). Additionally, NetScaler offers network access protection, VPN, and more. Administrators also can integrate and set up programs such as antivirus scanners. Different editions and versions support different network bandwidths.

Figure 2: The NetScaler management interface is web based, where you configure all the required settings.

NetScaler, the successor to Citrix Access Gateway, goes by the name of Citrix NetScaler Access Gateway. It supports safe publishing of XenDesktop and XenApps on the Internet and insecure networks. The management of these publications is handled in the same web interface that controls firewall functions.

NetScaler Products Compared

NetScaler is available in several versions and editions. Citrix offers the solution as a hardware appliance, but also as virtual software for VMware, XenServer, and Hyper-V. The hardware-based appliances are labeled NetScaler MPX and offer a throughput of 500Mbps to 120Gbps (according to the manufacturer). Different devices are targeted at different applications and performance levels [2].

According to Citrix, the software-based appliances, called NetScaler VPX, can handle data at 10Mbps to 3Gbps. They can be virtualized with VMware, Hyper-V (Figure 3), and XenServer. Citrix provides test versions based on virtual servers for downloading. NetScaler officially supports XenServer 5.6 or newer, VMware ESX(i) version 3.5 or newer, and Windows Server 2008 R2. In our lab, I was able to import NetScaler VPX on servers running Windows Server 2012 and Hyper-V. The performance of VPX versions, of course, depends greatly on the underlying physical server.

Figure 3: You can also test and virtualize Citrix NetScaler with Hyper-V.

The other editions are SDX and AWS. NetScaler SDX is designed for very large networks; it also consists of a hardware-based appliance but offers virtualization and up to 40 parallel NetScaler instances with a throughput up to 50Gbps. SDX is thus intended mainly for Internet providers and cloud service providers. AWS relies on Amazon Web Services and is a fully web-based service.

Many companies rely on the inexpensive, virtual VPX environment. It has the same functionality as the MPX models, although large data volumes cannot be processed as quickly. The biggest advantage of the VPX version is rapid deployment via virtual machines. However MPX models have advantages in terms of data encryption, such as in SSL offloading. On top of this, the hardware models feature special encryption cards. For VPX models, virtual servers perform encryption, which is significantly slower.

Management of these editions is almost identical. Admins can use the web-based graphical user interface or issue commands from the command line via SSH.

The manufacturer offers Standard, Platinum, and Enterprise levels of the MPX, VPX, SDX, and AWS versions. Citrix provides the data sheet outlining the differences between the various editions [3].

NetScaler VPX [2] has many variants that differ mainly in speed. Companies can also easily switch from smaller to larger VPX models. Additional licensing of other functions can be managed in the web interface or via SSH. The settings for this are available in the System | Licenses section of the web interface.

NetScaler VPX Testing

For your own tests, you can download installation images, including servers based on Hyper-V, VMware, or Citrix XenServer [4]. Even the free versions of the virtualizer are supported. After unpacking the archive, you only need to import the image into the virtual environment. To learn what you need to watch out for when using Hyper-V, check out the movie on Citrix TV [5]; the NetScaler VPX Express version is a free download [6].

During the installation of NetScaler (i.e., after importing the virtual servers), you can log in to the web interface on http://<IP address of the virtual server> . After entering the login name and password, both nsroot, you can then access the Citrix NetScaler web interface.

If the server is not visible on the network, you need to add a virtual network adapter to the settings of the virtual server. Log in to the virtual machine using SSH, again as nsroot. Then, run ping to determine whether the virtual server has a connection to the network. After that, you can work with the web interface.

Online documentation [7] has instructions on how to set up NetScaler. NetScaler has a wizard for setting up the server, which you can launch via the Configuration tab by clicking on Setup Wizard at the bottom of the right window. After setting up the system, you can modify the settings for the IP addresses in the Network section. The username and password for logging into the web interface are found in the System | Users section. At the bottom, you can create additional users with different roles and change the passwords of existing user accounts.

Citrix NetScaler not only integrates local users and administrators but also Active Directory user accounts. This integration is handled by virtual servers in VPX. To manage them, go to System | Authentication | LDAP | Servers . To integrate Active Directory, you need a name for the virtual server, the IP address of a domain controller, an OU, and the username of an administrator in the domain. Policies for authentication via Active Directory are set in System | Authentication | LDAP | Policies

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus