NetScaler Advanced vs Premium, what do you get with each?

I had a question from a customer this week.

Why can't I get more stats from this NetScaler in the NetScaler Console? It seems to only allow me 1 hour, what gives? I need it to go back further on the analytics!

I had a quick look at the version of NetScaler that they had, it was 'Advanced'. One of the differences between the Advanced bundle and Premium is the options for analytics. They would need to switch to Premium to get more stats.

I have had this question over and over. Typically, that can mean only one thing.

Post something

What are you talking about?

When you buy a NetScaler, you need to understand two things.

1. How much throughput does my workload need? This is related to the performance today and for the future.

2. What kind of features will be needed?

Almost all Application Delivery Controllers are 'measured' on the traffic handling capacity they can process before that traffic gets dropped. When they exceed that rating, the excess traffic needs to go somewhere, hence the use of the 'dropped' term. Dropped traffic is not something you want as an Administrator, as users will get a substandard experience. This is normally addressed by adding some spare capacity to cover those high traffic times.

The second option is related to the traffic handling features, maybe some of the security options that the NetScaler can offer.

This piece will cover the feature differences.

What are the features of both Advanced and Premium, then?

Here is a table showing what is the same for both versions of those feature bundles. This list isn't exhaustive, but it gives the high-level items most customers are interested in.

Common features for both

What does Premium have that Advanced does not have, then (or has set limits)?

Where does Premium have more?

In most cases, the table is enough. However, for more details, see the next section.

What do those features offer in a bit more detail?

What is App Cache? Caching on the NetScaler can make a big difference to the performance of your website, as rather than retrieving the request from the backend web server, the NetScaler can serve the content directly from its 'in-memory cache'. This has a couple of benefits.

• It's FAST!

• It also takes some of the load off the back-end web server, allowing for more scale.

Why serve this from memory? A colleague asked a Product Manager 'Why don't you have the NetScaler store some of this cached content on the local disk subsystem?' The answer was simply that performance is key. We can't wait for the disk, nothing beats memory, baby!

What is a Web Application Firewall? The NetScaler Web App Firewall offers easy-to-configure options to meet a wide range of application security requirements. Web App Firewall profiles, which consist of sets of security checks, can be used to protect both the requests and the responses by providing deep packet-level inspections.

What is IP reputation? The NetScaler has access to a database of bad IP addresses, any address that has been blacklisted for doing bad things. It then allows the administrator to identify the source IP during their connection and then either drop the traffic or offer the backlisted IP an alternative type of connection. Maybe it gets forwarded to a sandbox of some sort. Whatever, you do, it does not get access to the application.

What is BOT protection? Sometimes, the incoming web traffic is comprised of bots, and most organizations suffer from bot attacks. Web and mobile applications are significant revenue drivers for businesses and most companies are under the threat of advanced cyberattacks, such as bots. A bot is a software program that automatically performs certain actions repeatedly at a much faster rate than a human. Bots can interact with webpages, submit forms, run actions, scan texts, or download content. They can access videos, post comments, and tweet on social media platforms. Some bots, known as chatbots, can hold basic conversations with human users. A bot that performs a helpful service, such as customer service, automated chat, and search engine crawlers are good bots. At the same time, a bot that can scrape or download content from a website, steal user credentials, spam content, and perform other kinds of cyberattacks are bad bots.

What is Cloud Connectivity? CloudBridge Connector can be handy if you need to plug a site into a cloud environment. You can do this with NetScaler.

What is Smart Control? SmartControl allows administrators to define granular policies to configure and enforce user environment attributes for Citrix Virtual Apps and Desktops on NetScaler Gateway. SmartControl allows administrators to manage these policies from a single location, rather than at each instance of these server types.

Histrorical Analytics? This is where you can send HDX Analytics for Citrix sessions or Web Analytics(App flow) to the NetScaler Console. Premium allows

Additional gateway features?

There are five add-on features for the NetScaler gateway that get enabled with Premium; they are available in Advanced but limited to a maximum of 1000 users.

Clientless Access: Web application access without the need for a client on the endpoint as the session uses the browser

SSL VPN: Quite a few customers still need to use a full-fat SSL VPN. One of the differences between Advanced and Premium is the option to have a 'platform' limit for SSL VPN connections rather than being artificially limited to 1000 users.

Smart Access: SmartAccess lets you change ICA connection behaviour (e.g. disable client device mappings, hide icons, access to clipboard) based on how users connect to Citrix Gateway. The decisions for what the client gets when they connect are based on the NetScaler Gateway Virtual Server name, Session Policy name, and Endpoint Analysis scan success or failure.

Additional Gateway features.

Micro VPN: Users can connect from an iOS or Android device by using Secure Hub. Users can access their email by using Secure Mail and connect to websites with WorxWeb.

When users connect from a mobile device, the connections route through NetScaler Gateway to access internal resources. If users connect with iOS, you enable Secure Browse as part of the session profile. If users connect with Android, the connection uses Micro VPN automatically. In addition, Secure Mail and WorxWeb use Micro VPN to establish connections through NetScaler Gateway. You do not have to configure Micro VPN on NetScaler Gateway.

End Point Scanning: This allows the client to be scanned for compliance. The output can then be used to set policy behaviour.

What about 'Standard'?

Software bundles for NetScaler come in two flavours now; it used to be three, but that changed last year. The Standard bundle was dropped in 2023. If you have it, it is still possible to renew it, but not buy it new.

How does it compare? The standard edition is compared below. For reference, Standard only includes 500 SSL VPN users on the Gateway by default.

What is in the new 'Universal Hybrid Multi-Cloud’ entitlement?

It is all Premium, therefore, it has all the security options are available to use.

Summary

Hopefully, this has been useful. Let me know if more details are needed