30 Days of NetScaler: Day 4 Licensing
Who loves licensing?
Hello, it is day 4.
Steve is looking at putting NetScaler into Azure, he knows that taking the conveniently ready licensed appliances from the marketplace will work out expensive over the longer term. Well, actually, not that long at all, the cost is steep. He will get charged $3 an hour on top of the hosting costs. That extra cost does build up quickly...$2000 a month per appliance for a VPX 1000 Premium.
The key question he has is:
What is the difference between the Advanced edition bundle and the Premium edition bundle?
Times are hard, and everyone needs to make savings. The problem is how can you make an informed decision unless you know the details? It’s simple, he knows he needs NetScaler. Which bundled edition will do the job?
You have requested some training; your memory might be a bit hazy as there was a football game at the weekend and the team just didn’t turn up! Who would be a football supporter? Anyway, the plan is to offer some pointers on NetScaler, with a series on all things related to the appliance. The goal is to provide you with enough information to be actually dangerous when talking to a customer or client. The number of days is a bit of an arbitrary number, but I am prepared to give you 2 minutes of material. Can I get 2 minutes of your time?
I have spoken about Load balancing, GSLB, and Content Switching in previous posts, today is all about software bundles.
Honestly, what are you talking about?
When you need an appliance to do a job, there is typically a conversation to be had with someone with some technical skills to work out what the appliance needs to be able to do exactly.
Technical stuff, RUN FOR THE HILLS!
After that, let's be clear
Almost nobody says, 'The sky is the limit! Give me the most expensive appliance you have!''
If you are buying something new, you need to be sure that the key features will be available when you come to set it up. Today will cover the difference in features between editions.
The NetScaler has different modes of operation; to unlock them, you need to have the right bundle.
So what? What problem does it solve?
The problem-solving options are dependent on the bundle. As of today, there are three bundles. Standard, Advanced, and Premium editions
Standard edition is the lowest. The big-ticket items included are:
Load balancing, content switching, dynamic routing, and a gateway with extended gateway modes for 500 users.
Advanced Edition is the middle edition:
In addition to all included with Standard, it adds GSLB, flexible authentication options, HDX analytics, and extended gateway modes for 1000 users.
Premium Edition is the top edition:
In addition to all included with Advanced, this adds IP Reputation, WAF, BOT, Cloud connectivity, Caching, and the ability to ship HDX stats to third-party flow collectors, unlimited retention for HDX stats, and extended gateway modes up to the platform limit.
I believe there are plans to simplify things going forward, but this is what we have today.
Who would be interested in this?
Anyone who runs a network and needs specific capabilities from NetScaler for the right price. It is common for NetScaler to be added for something internet-facing, as it allows the admin to be confident that she/he can have their workloads keep going as things ‘happen’.
Different features give you different options, obviously, it is knowing what is necessary. This can also mean that you need a view of what the setup will look like when you have customers actually accessing it.
What does NetScaler offer?
NetScaler is typically in front of the service that you run, here it is doing its magic in front of a web tier with CS integrated on top of the load balancing service.
1. What features are we using? In this case, Content switching & Load balancing.
Naturally, based on the short details of this use case, any of the licensed editions would be suitable. Therefore, Standard, Advanced, or Premium edition bundles.
2. What happens when we need to have this run across two DCs? On day 2 I talked about GSLB. You will now need to have GSLB on the NetScaler. As shown here:
Naturally, based on the short details of this use case, only two of the licensed editions would be suitable. Therefore Advanced or Premium edition bundles.
As this is a Virtual appliance running in Azure, we would need to swap or upgrade the platform license to Advanced to get access to GSLB.
3. We now have a call from the Security team, they would like to enable IP reputation on the Appliances, which can add a single configuration line to the setup that drops traffic from any known bad IPs. These IP addresses can change in real-time, so using static lists is not really an option. NetScaler has access to a dynamically updated database of bad IP addresses. The real benefit is that the appliance allows your infrastructure to focus on the business-generating users, as bad addresses have their connections dropped. Therefore, no processing time is wasted on bad IPs.
Naturally, based on the short details of this use case, only one of the licensed editions would be suitable. Therefore, the Premium edition bundle.
What else does Premium add over Advanced?
BOT protection
Robots are used extensively on the internet, it is claimed that more than 50% of all internet traffic is bot-based. There are good and bad BOTs. In a similar way to IP reputation, BOTs will take resources and processing time for little or no business benefit for you.
How can I stop them?
BOT protection, of course. Simple to set up and use, and has a big upside in that it drops the need for resources for bots that don’t benefit your service.
IP Reputation
As discussed above, it allows you to filter out all known bad IP addresses from accessing your service. If an IP address has been used for an attack, why would you want to let that access your online service?
You would not...
WAF
Web Application Firewall goes further than BOT protection by looking in detail at what the Web Application is doing. It stops attackers from exploiting weaknesses in your web application and also blocks parts of your website that should not be accessed.
They work well together, though, as a double act!
Caching
The option to cache web content can have a big performance benefit on website hosting, as content does not always need to be retrieved from the server itself. This helps in a couple of ways, pages load quicker as objects don't need to be fetched from the server to make the web page. It drops the server load, too.
NetScaler can also skim down image files in real time based on the connection the client is on. This is called Minification.
Gateway extras
The NetScaler Gateway is popular for Citrix Virtualization access, in addition to HDX access to applications and Desktops that have been virtualized, it is possible to have extras.
VPN access, sometimes a VPN is a good option when you don't want the overhead of a full desktop session.
Endpoint scanning allows you to check the status of the endpoint before it connects.
Smart Access Policies allow you to define a policy and tie it to the NetScaler, so you get end-to-end security.
The different editions bundle a different number of these 'enhanced Gateway connections.
500 for Standard
1000 for Advanced
It is the platform limit (unlimited) for Premium.
I’m going to the cloud, baby! We don’t need that legacy piece of equipment.
I think I have shown that NetScaler can fit into cloud DCs and offer lots of extras to protect your connection.
Summary.
Premium Edition version of NetScaler is another unsung hero of businesses everywhere, It is a perfect fit to add extra layers of security to protect your service. Great to keep your data safe and get users to the right workloads safely.
To be clear Advanced edition is great too, but who needs less security these days?
Ultimately, it is a killer capability that is enabled with NetScaler.
What’s not to like?