We just raised a $30M Series A: Read our story

Citrix ADC OverviewUNIXBusinessApplication

Citrix ADC is the #4 ranked solution in our list of top Application Delivery Controllers. It is most often compared to F5 BIG-IP Local Traffic Manager (LTM): Citrix ADC vs F5 BIG-IP Local Traffic Manager (LTM)

What is Citrix ADC?

Citrix ADC is an application delivery controller (ADC) that accelerates application performance, enhances application availability with advanced L4-7 load balancing, secures mission-critical apps from attacks and lowers server expenses by offloading computationally intensive tasks.

Citrix ADC is also known as NetScaler, Citrix NetScaler VPX.

Citrix ADC Buyer's Guide

Download the Citrix ADC Buyer's Guide including reviews and more. Updated: October 2021

Citrix ADC Customers

ABB Schweiz, Aer Lingus, AIDS Healthcare Foundation, Amnet Technology Solutions, Aramex International, Ascenty, Atos, Autodesk

Citrix ADC Video

Archived Citrix ADC Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Vitor Arruda
IT Infrastructure Analyst at WEG
Real User
A stable solution that is not missing any features

Pros and Cons

  • "Helped us a lot with load balancing."
  • "Technical support sometimes takes a little longer because of the multilevel ticket priority."

What is our primary use case?

Our primary use case is the hosting and delivering of web applications.

How has it helped my organization?

The product has helped us a lot with load balancing because we had limited experience with it.

What is most valuable?

The most valuable feature is the management and application delivery for Layer 7 traffic.

What needs improvement?

At the current time, the solution is not missing any features that I would like to have implemented.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

This is a stable product that we have used since 2014.

What do I think about the scalability of the solution?

This solution is scalable, and the sizing is defined by the amount of traffic. Our first box supports up to five hundred megabits of traffic, whereas our second box supports traffic of five gigabits. We will consider making use of this solution in any project going forward.

How are customer service and technical support?

We have a contract with the re-seller, who has good expertise. If they cannot fix the issue then they escalate it to Citrix, where the tickets are usually solved. Sometimes this takes a little longer because of the multilevel ticket priority. Ideally, it should be possible for the re-seller to assign it directly to level three.

Which solution did I use previously and why did I switch?

Prior to this, we used the Cisco ACE solution until the product was discontinued.

How was the initial setup?

The initial setup was a little complex. We needed to choose the right partner to assist us with setup and implementation.

What about the implementation team?

We contracted our re-seller to help with installation and setup. The deployment took approximately one month.

What's my experience with pricing, setup cost, and licensing?

We have a yearly licencing fee, and there are no additional costs.

Which other solutions did I evaluate?

We used Cisco ACE, and they were the ones who recommended that we switch to this solution. We took their advice and we are pleased with it.

What other advice do I have?

Customers need to look to the future and purchase the right model for their necessities. A new license can be purchased, rather than additional boxes.

I would rate this solution nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user858369
Assistant Vice President at Nagarro
Consultant
Stable solution that is easy to setup

Pros and Cons

  • "Very stable."
  • "Does not include security. A web application firewall would be a nice addition."

What is our primary use case?

Our primary use case for the product is server load balancing, specifically the application level.

How has it helped my organization?

We are able to offer more support to our customers.

What is most valuable?

The most valuable feature is the capability of performing load balancing in a virtual environment.

What needs improvement?

They need to implement and integrate security solutions. Specifically, a web application firewall.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

I would give this solution nine out of ten for stability. It is not perfect because at times I was faced with an issue where the application was getting a lot more traffic than is desirable, and I can see Citrix having issues with this.

What do I think about the scalability of the solution?

We have close to fourteen hundred clients using this solution. We expect this to increase, but it is dependent on clients' needs in terms of load balancing.

Which solution did I use previously and why did I switch?

Some of our clients use the F5 load balancing solution, but that is only ten to fifteen of approximately fourteen hundred clients.

How was the initial setup?

It is a pretty easy setup. You don't need to change anything related to your IT configuration, MAC addresses, or switching tables.

What about the implementation team?

We implement this solution for our clients. We use a template based approach, so normally it can be deployed in a fraction of minutes. One person is sufficient for the deployment and maintenance of this product.

What's my experience with pricing, setup cost, and licensing?

I recommend this product to customers because they have a ninety day free-trial period. This is a good solution for people who also have a budget constraint.

We have a five year platinum licensing agreement, which does not incur additional costs of any kind.

What other advice do I have?

I would rate this product eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Citrix ADC. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
541,462 professionals have used our research since 2012.
OMKaewsaenchai
Total Solution System Engineer at AMR Asia Co., Ltd.
Real User
Enables us to centralize desktop application management

Pros and Cons

  • "For desktop application management, I recommend the NetScaler edition. This product is like a Swiss army knife. Citrix NetScaler ADC supports the education front-end."
  • "Citrix should improve the documentation. It is not really clear how to set up many features to our advantage. When we setup Citrix NetScaler ADC, we have to figure it out by ourselves without a lot of documentation."

What is our primary use case?

We are a Citrix solution adviser and one of the main Citrix partners in Bangkok, Thailand. We use Citrix NetScaler ADC to get user access to business applications on desktop devices. 

With Citrix NetScaler ADC we can centralize desktop application management for everything.

How has it helped my organization?

For desktop application management, I recommend the NetScaler edition. This product is like a Swiss army knife. Citrix NetScaler ADC supports the education front-end. 

What is most valuable?

It mobilizes everything in and out, leading over bandwidth and manages all of the applications. We use it for front-end crafting.

What needs improvement?

There are a lot of features. It has to keep up with the demands of the network for complete file management. Citrix should improve the documentation. It is not really clear how to set up many features to our advantage. When we setup Citrix NetScaler ADC, we have to figure it out by ourselves without a lot of documentation. 

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

Rules configuration is the key issue for stability. We can get a lot of rule-based configuration and risk management tools with the platform.

What do I think about the scalability of the solution?

Scalability is really cool because NetScaler isn't tied to any complexity or hard time model. It creates a delivery unit and every platform uses it.

Citrix NetScaler ADC is really flexible. We have lots of customers using it. We have banking, financial, software, themes, energy companies, etc. using it. We have from ten to 100+ clients deployed with Citrix NetScaler ADC. 

How are customer service and technical support?

Technical support from Citrix is pretty good and they respond pretty fast, but the issue is that when we have some configurations that are problematic, they don't always know how to fix them.

When we integrate Citrix NetScaler with an app or desktop, the technical support from Citrix doesn't know how to configure NetScaler. They don't collaborate well. Their communication is sometimes lacking. They speak too fast. Overall, though, Citrix provides good support.

Which solution did I use previously and why did I switch?

We started as a Citrix client at first. We used NetScaler in the very beginning. For a long time, we have only used this one product.

How was the initial setup?

The installation and deployment of Citrix NetScaler ADC are easier than the competitors. It is not complex. It can be complex, but you can decide to make it not complex. 

The deployments for each project depends on customer requirements. Some take one month, others resolve in two to four months.

For the deployment of Citrix NetScaler ADC, about two or three people is enough. Wiring is simple but the hard part is the orchestration. 

What about the implementation team?

We completed the integration by ourselves.

What's my experience with pricing, setup cost, and licensing?

Licensing is adequate. I wanted to have a more prominent license, but until I do they don't give enough support. The additional cost would be too much. 

If NetScaler is broken, we can open tickets very quickly and request shipment for the new unit or a spare part replacement.

What other advice do I have?

Citrix NetScaler already has tons of features, already too many. We want any new advanced features that they release. One thing that scares me is that with existing products, Citrix does not have detailed documentation ready before they release. Otherwise, it would be better. From my experience, when Citrix launches something new there are a lot of bugs, a lot of errors, required patches, and no documentation. You have to get help. 

Citrix needs to create better documentation. Sometimes when I enable NetScaler, it makes the box crash randomly. I have to wait for three or four release cycles to fix it. The introduction of new features from Citrix for NetScaler always has a lot of problems. 

I would rate Citrix NetScaler eight or nine out of 10. To make the product better, Citrix needs to provide full documentation for each user with video tutorials. Configuration scenarios and demos would also be helpful. We have a lot of customer demand for this better documentation and setting up Citrix NetScaler is really complicated.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
FM
User at a logistics company with 1,001-5,000 employees
Reseller
Has the ability to turn on features without owning a license to test them out and use for a while

Pros and Cons

  • "I can turn on features without actually owning a license. I can test them out, I can use them for a while, and then I can be licensed up. That's awesome. I don't have to have a license immediately before I can start to deploy things rapidly, rapid deployment is a plus."
  • "I would like to see them make it easier to do some of the more complex things. For example, a web re-direct requires two pieces to it. You have two ports and when people want to go to a web page, they just type in the webpage that on the backend it will redirect them to a secure link. The initial setup of that is cumbersome because you have to do it twice. There are things that can be replicated. The IP address, for example, is the same. This change would go a long way. Don't make me do it twice and don't make me have to read tons of documentation to figure out how to do it. Ease of configuration for some of the more complex processes would be a good improvement."

What is our primary use case?

From a NetScaler perspective, in terms of LTM, not GSLB, NetScasler has performed very well. In comparison to F5, it holds its own.

How has it helped my organization?

For some of my deployments, NetScaler has been strictly a replacement to get something new in. It was cheaper than F5. We took a chance on it. The return on investment is the fact that we spent less money on it. It does do its job and it holds well against F5.

What is most valuable?

I can turn on features without actually owning a license. I can test them out, I can use them for a while, and then I can be licensed up. That's awesome. I don't have to have a license immediately before I can start to deploy things rapidly, rapid deployment is a plus.

When I compare it to F5 from a hardware or software perspective, they both have their glitches. From a software perspective, either one is not without code bugs.

What needs improvement?

From an SDX perspective, having the ability to spin up a VPX, the way we spin up our regular features, quickly and have a 60-day trial while we spin up VPXs will give us the opportunity to do more proof of concept work quickly without having to buy the license and download the VPX. A feature like this would be helpful. 

I would also like to have video tutorials so that when you click the help link, you have the option to go to the Citrix forum and get information and help from other people and other users. Something that points you out to a tutorial video link that is a general overview. 

I liked the fact that is NetScaler out-of-the-box is intuitive. You can catch on fairly quickly. Especially when you're doing an advanced alert. You cannot do a re-direct quickly without going through some documentation and if nobody's done it before, they don't know what you're talking about. That is when a help link would be useful that could direct you to the right tutorial video and then it could point you directly after that video to further direction and explanation. Straight to the meat of things. Something like a quick video tip tutorial would be great. Whereas if you're an F5 customer, you don't get something like this and you do have DevCentral that you can go to get information, but it requires you to read through many documents and comb through trying to configure something that is complex. They should deliver the information quickly to end users to make it even faster and more efficient to deliver our own applications and services to customers.

Video files can be large, they don't necessarily have to be on the box itself, but even through a link that quickly goes to their website or YouTube, whatever platform, could work. 

I would like to see them make it easier to do some of the more complex things. For example, a web re-direct requires two pieces to it. You have two ports and when people want to go to a web page, they just type in the webpage that on the backend will redirect them to a secure link. The initial setup of that is cumbersome because you have to do it twice. There are things that can be replicated. The IP address, for example, is the same. This change would go a long way. Don't make me do it twice and don't make me have to read tons of documentation to figure out how to do it. Ease of configuration for some of the more complex processes would be a good improvement. 

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

It has high stability. I deployed these in hospitals where lives matter. The contention was whether or not to go with F5 because it's the leader in the marketplace and they have 70% of the market shares. Even though NetScaler is big, it still doesn't hold the fair market share. NetScaler is the underdog but it is very stable. I've seen it in hospital environments where lives matter, it's held its own, it does what it says it's going to do and it does it well. It's certainly a top contender, if not an equal contender with its counterpart, F5. 

What do I think about the scalability of the solution?

Scalability is very impressive. The way it works is that you can collapse everything on to a couple of platforms, small, medium, and large. The small one is obviously an initial buy-in. The mid one is fairly powerful and is bigger than an 8920. You are limited on the hardware. You get 64 and you get 32 out of the box, which is what you paid for but you can license up the 64. On the other platform, you can start off at 32 with the initial buy-in and then license up from there for a max of around 256 gig. The way they have it is that you are locked in from a hardware perspective.

How are customer service and technical support?

Their technical support is decent. It could use some improvement. Help desks and technical support are good but you can tell that there's been turnover. We'll have complex issues that we're trying to work through and we would like somebody who's more experienced and not somebody who had just gone through training. Employee retention on the help desk would go a long way. 

Which solution did I use previously and why did I switch?

NetScaler does the same thing as an F5 and it's cheaper.

How was the initial setup?

There was some trepidation regarding the initial setup because it's new equipment and nobody has had training for it. We were able to figure it out and stand it up. It took some reading and some calls to tech support, but they were helpful when we were first setting it up.

What's my experience with pricing, setup cost, and licensing?

There are the regular license costs and you also have to pay for licenses if you want more DPXs or whatever. A standard DPX is fairly cheap. It's around $7,000. 

What other advice do I have?

I would rate it an eight out of ten because nobody is a ten. I would give it a nine if it was a little easier to pick up. Out of the box it's easy. Anybody who's an engineer can usually pick it up or if they've had previous load balancing experience, it's easy. Obviously, not everybody has that kind of experience. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Shejoor Kulangara
Solution Architect at Diyar United Company
Real User
Has helped us to increase the resiliency and performance of the application

Pros and Cons

  • "It has helped us to increase the resiliency of the application and the performance."
  • "The technical support has room for improvement."

What is our primary use case?

We primarily use it for load balancers. 

How has it helped my organization?

It has helped us to increase the resiliency and performance of the application.

What is most valuable?

There are multiple features that I have found to be valuable including load balancing, supply authentication, web for application firewall, and the reverse proxy.

What needs improvement?

The technical support has room for improvement. 

What do I think about the stability of the solution?

Stability is amazing. 

What do I think about the scalability of the solution?

Scalability is amazing. There are 1,000 plus employees that are using it. Anybody from the CEO to the technicians or the receptionists.

How was the initial setup?

The initial setup was straightforward. We only required one staff member for the deployment. 

What's my experience with pricing, setup cost, and licensing?

You get the value for your money. There aren't any hidden fees. 

What other advice do I have?

It's one of the best application delivery controllers available in the market and it requires very minimal administrative effort to manage it.

I would rate it a ten out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
АШ
Software Engineer at a tech services company with 51-200 employees
Real User
This product is stable. It is the best product out there.

What is our primary use case?

This product helps with load balancing. As an engineer, I help implement this for our company.

How has it helped my organization?

It helps with load balancing. 

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The product is stable. 

How was the initial setup?

It can be a complex setup in some cases. 

What's my experience with pricing, setup cost, and licensing?

I do not have any experience with the pricing of the product. 

Which other solutions did I evaluate?

In comparison to F5 BIG-IP, this is the best solution. It is the best product out there. 

What is our primary use case?

This product helps with load balancing. As an engineer, I help implement this for our company.

How has it helped my organization?

It helps with load balancing. 

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The product is stable. 

How was the initial setup?

It can be a complex setup in some cases. 

What's my experience with pricing, setup cost, and licensing?

I do not have any experience with the pricing of the product. 

Which other solutions did I evaluate?

In comparison to F5 BIG-IP, this is the best solution. It is the best product out there. 

Disclosure: My company has a business relationship with this vendor other than being a customer: I am a distributor, but I have vast experience with personal use of this product for the past two years.
Berk Sadik
Solution consultant at Demsistem Bilgi ve Teknolojileri Ltd. Sti.
Real User
Rewriting and redirection are key features for us

Pros and Cons

  • "Enables a Web service that offers persistent client-server connections, IP restriction, URL rewrite (such as remove "/assets/" path from client-side URL path), and cache for CSS or JS files... You can easily use the GUI to set up all these requirements on the same network device within 20-30 minutes. (If you do the same steps on CLI, it might take less time.)"
  • "If you need PCI-compliance and have high security requirements, WAF is the most valuable feature. If you need to monitor your load-balancing services with complex types of monitoring, make sure everything is alright, and load balancing is important, Content Switching and Monitoring features are the keys to your needs. If you want to provide a lot of static images or data, the Caching feature works best for you."
  • "I would say the rewriting and redirection functions are must-have's for us."
  • "We had some bugs in the previous firmware. These were not big issues, but more testing on the firmware would be key to happier customers."

What is our primary use case?

Internal Load Balancing and Content switching features are the main reasons for selecting this product.

How has it helped my organization?

Imagine providing a brand new Web service that offers persistent client-server connections, IP restriction, URL rewrite (such as remove "/assets/" path from client-side URL path), cache for CSS or JS files and requires security features to be enabled. And do not forget that this service runs on a custom port, but you must publish it using the standard HTTP port, and you only have a public IP address and it's already in use on the NetScaler. You can easily use the GUI to set up all these requirements on the same network device within 20-30 minutes. (If you do the same steps on CLI, it might take less time.)

What is most valuable?

It depends on your needs. 

  • If you need PCI-compliance and have high security requirements, WAF is the most valuable feature. 
  • If you need to monitor your load-balancing services with complex types of monitoring, make sure everything is alright, and load balancing is important, Content Switching and Monitoring features are the keys to your needs.
  • If you want to provide a lot of static images or data, the Caching feature works best for you.

We have used all the functions. I would say the rewriting and redirection functions are must-have's for us.

What needs improvement?

We had some bugs in the previous firmware. These were not big issues, but more testing on the firmware would be key to happier customers.

For how long have I used the solution?

More than five years.

Which solution did I use previously and why did I switch?

We deployed NSX on our infrastructure last year. It was great, except for the standard load balancer. We were already using Netscaler MPX on our physical level and expected almost the same features from NSX load balancer. But it was really hard to even monitor the services on it, and we did not have time to wait for it to be improved. So we downloaded and tested the trial version of Netscaler VPX. We've already gotten to know the product, have made comparisons with products from other brands, but it did not take long to select it. For now, it is the best solution for us.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PM
Security Specialist at a energy/utilities company with 51-200 employees
Real User
Provides us with high-security access to our internal applications

What is our primary use case?

We are using it for two-factor authentication for our Citrix architecture, for secure access to our internal applications. It is mostly for admins who use it for remote access, as well as some users. We do not use it as a web application firewall. We are running a virtual edition, not an appliance.

What is most valuable?

The most valuable feature, absolutely, is its high-security. This product is based on Unix and there have been no problems since we started using it in 2015.

What needs improvement?

Occasionally, our admin has to use the command line. If they could only use the Web GUI it would be better.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

There have been no issues…

What is our primary use case?

We are using it for two-factor authentication for our Citrix architecture, for secure access to our internal applications. It is mostly for admins who use it for remote access, as well as some users.

We do not use it as a web application firewall. We are running a virtual edition, not an appliance.

What is most valuable?

The most valuable feature, absolutely, is its high-security. This product is based on Unix and there have been no problems since we started using it in 2015.

What needs improvement?

Occasionally, our admin has to use the command line. If they could only use the Web GUI it would be better.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

There have been no issues with stability.

How is customer service and technical support?

We have created two support tickets and our problems were successfully solved. The support is very good.

How was the initial setup?

Set up was done by our partner and there was no problem with configuration. And most of our upgrades are done by our local partner and there have been no problems.

What's my experience with pricing, setup cost, and licensing?

We are quite happy with price. It's not too high.

What other advice do I have?

I give it a nine out of 10 because there have been no problems since 2015, from a security point of view. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user848784
Solution Architect with 10,001+ employees
Real User
Scalability is great. One of the best features is that it can scale out.

Pros and Cons

  • "Scalability is great. One of the best features of NetScaler is that it can scale out."
  • "I would like to see more integration for single sign-on."

What is our primary use case?

The primary use case is a low balancing geo failover. However, there are a lot of use cases that we use it for.

How has it helped my organization?

We use it for Citrix NetScaler MPX deployments. It is being used for publishing Citrix XenApp, mostly for load balancing, but we have been evaluating solutions for deploying it in multi-data centers. 

What is most valuable?

  • Global servers
  • Load balancing

We need multi-site and DNS failover.

What needs improvement?

It is difficult to customize. It is more difficult to customize than F5, for example. They have custom iRules that you can write for customized situations. 

I would like to see more integration for single sign-on on the Citrix side. F5 has done a lot of work on single sign-on capabilities, and it seems that NetScaler might be lacking a bit compared to F5.

What do I think about the stability of the solution?

We have had very good luck with stability. However, we have always deployed in an HA configuration.

What do I think about the scalability of the solution?

Scalability is great. One of the best features of NetScaler is that it can scale out.

How are customer service and technical support?

Technical support seems very knowledgeable if we have any problems. Support had been good when we needed it. We have not needed it that much, but they are good to work with.

Which solution did I use previously and why did I switch?

We used Windows Network Low Balancing.

What about the implementation team?

We had a consulting service help us with the setup.

What's my experience with pricing, setup cost, and licensing?

We have been evaluating F5, Citrix, and other ADC products. Citrix is the most expense of all of them.

What other advice do I have?

You need to have somebody who understands application delivery controllers and all their features. If you don't have someone, I would highly recommend training in professional services to help out with it.

We are sort of in the evaluation process of replacing everything with one solution.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
CP
Workplace Virtualisation Senior Analyst at AXA
User
Allows the user to easily scale out application delivery, and provides secure remote access

Pros and Cons

  • "This solution allows the user to easily scale out application delivery, and provides secure remote access."
  • "Should offer more flexible cost-effective licensing for small to medium sized organizations."

What is our primary use case?

  • Load balancing business web applications
  • Load balancing core infrastructure services e.g. App-V, Ivanti UWM, Citrix Storefront and Director
  • Application firewall features WAF for more secure application access
  • XenApp/XenDesktop application gateway with two factor authentication
  • Use of MAS for analytics and centralised management

How has it helped my organization?

  • Allows the user to easily scale out application delivery.
  • Provides secure remote access.
  • Ease of management and business continuity support.
  • Powerful, reliable, and feature rich solution all in one appliance.

What is most valuable?

NetScaler MAS centralised management and analytics makes it is easy to support, manage, monitor, and maintain a NetScaler solution.

What needs improvement?

It should offer more flexible cost-effective licensing for small to medium sized organizations i.e. a pooled licensing option on entry level MPXs like 5901s.

For how long have I used the solution?

Still implementing.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
RH
Solutions Architect, Virtualization
Real User
SSL VPN works very well; it's easy to set up and you can go very granular with it

Pros and Cons

  • "One feature that works really well is the SSL VPN. It's very easy to set up and you can go very granular with it. You can define what user groups get what kind of access and the management overhead is very low."
  • "The customization has always been a key area where some improvements are required. In the beginning, everything was for customizing the outer shell of it. You had to use the command-based utility and you had to do a lot of manual work. They have improved it a little bit and now there are some GUI-based functionalities that can be used. However, more can be done that doesn't require a lot of intervention. Right now there are some features, there are some customizations that can be done, but it's still very tedious, very cumbersome, a lot of work. So that could be simplified."
  • "In every release - and it doesn't matter if it's a minor release or a major release - they keep moving things around and they keep changing the mechanism. So certain things can work in one version one way, and everything works really well, then when you upgrade it to the next version, it breaks everything because they have a new way of doing it."

What is our primary use case?

There have been several uses, but mostly in a data center where security is required and where they can utilize a lot of load-balancing services.

What is most valuable?

As an architect, I have deployed it in so many areas. Some like to use the SSL portion of it, others, they use the load-balancing. It does a lot more than what people use it for. The one feature that works really well is the SSL VPN. It's very easy to set up and you can go very granular with it. You can define what user groups get what kind of access and the management overhead is very low.

What needs improvement?

The customization has always been a key area where some improvements are required. In the beginning, everything was for customizing the outer shell of it. You had to use the command-based utility and you had to do a lot of manual work. They have improved it a little bit and now there are some GUI-based functionalities that can be used. However, more can be done that doesn't require a lot of intervention. Right now there are some features, there are some customizations that can be done, but it's still very tedious, very cumbersome, a lot of work. So that could be simplified.

There is one other thing that I would like to address. In every release - and it doesn't matter if it's a minor release or a major release - they keep moving things around and they keep changing the mechanism. So certain things can work in one version one way, and everything works really well, then when you upgrade it to the next version, it breaks everything because they have a new way of doing it. I don't know what can be done in that regard. I have seen it many times: A solution is working fine and then, all of a sudden, you upgrade and bam, now you have to redo everything a different way.

In addition, if they could make the following improvement they would push out more NetScaler. The industry needs to know, or people need to know that NetScaler is not designed just for Citrix products like XenApp and XenDesktop, it can be utilized for everything.

Other than that, the core of the product, or the engine, fits really well. It works well, it's doing really well so I don't see any improvements that are required there.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

In connection with what I mentioned in the "Room For Improvement" section, you can go ahead and create some VPN policies that may work really well, just the way you want. For example in version 10.1, the solutions were working just fine. As soon as you upgraded to 11, those solutions were no longer working. You had to go back and redo everything and change the priorities and such.

What do I think about the scalability of the solution?

As long as you choose the right model for a certain use case, you're good to go.

How are customer service and technical support?

Surprisingly, tech support for NetScaler has been amazing. I have always been able to find, say 95 percent of the time, really good engineers and have been able to get good support. In that regard, there has been much improvement.

In the past, two years back and before that, the support was really not great. Every now and then you would run into some good engineer but the rest of them were pretty basic. They would waste your time. For about a year, a year and a half now, I have been getting really good support.

Which solution did I use previously and why did I switch?

It's not that I have used other solutions, it's just that in most environments where I have had to do my job or to come up with solutions as a solutions architect, the preferred technology was NetScaler; if not, I would suggest they use it.

However, if they had anything else, for example, F5 or A10 - if that was their preferred method - I have used those as well. So it's not up to me. But for a new customer, for a new build, my suggestion has been to go with NetScaler even if they didn't have Citrix.

The biggest misconception in the industry is that you need NetScaler if you have Citrix in your environment. And if you have any other solution, let's says VMware Horizon View, you want to use something else. But they don't realize you can use NetScaler regardless of whether you have Citrix or not.

It's not that I have switched, I have always used many different technologies, but this happens to be one of my favorites and it's one of the technologies I've been working with for a long time.

How was the initial setup?

It is complex technology and it has always been that way. You really have to know NetScaler well in order for you to capitalize on it. Even though they have given you installation wizards to make things easy, it is still like a hybrid of network and systems all in one package. So you have to know a lot about networking and a lot about systems. In my case, I have been installing this for a long time so for me, it's really not that big of a deal. But for new users, even when they come back after training or even if I have trained them, it takes them a long time before they can get comfortable with it because, as I said earlier, it's a beast of a technology, it has so much in it.

What's my experience with pricing, setup cost, and licensing?

It is true that it is a bit pricey compared to newer technologies coming to the market. For example, A10 is a load balancer that does everything that Citrix can and it does a lot more than what NetScaler does when it comes to the security space, and their prices are so cheap. Every box comes with its own license and support built into it.

When you compare that with NetScaler, you have to buy licenses separately, you have to buy a support agreement that is going to be separate. A small NetScaler, even if it is a VPX which is a virtual server, could cost you close to $150,000 to $200,000 dollars. So the pricing is really high.

The pricing has to come down. They usually have three-year or five-year subscriptions. I sold one to a hospital and the model that they went with cost them $500,000. That's ridiculous. It doesn't have to be so expensive because then a lot of people shy away from buying it. Their budgets are not that huge and so they have to look for financing options. A10 comes with the licenses. I don't know if they can come up with a model that every NetScaler comes with its license. Maybe, depending on however many users people want to put on it, they can have a different type of license and it can be cheaper.

Which other solutions did I evaluate?

As a solutions architect, when I go to a customer and they tell me: these are the things that we want to do and this is the budget we have, depending upon their budget, I have to choose what is available and what they can afford. In some cases, if they can not afford NetScaler, I have to choose another load balancer for them.

There are SSL offloading options, you have your URL redirects, VPN, SSL VPN. These are the four major options. A lot of people use web traffic so the rewrite and such, those are all part of their web filtering or enhancement.

What other advice do I have?

Every product keeps improving every day and every year. The reason this has been a big technology piece in most data centers is because of the uniqueness of what it does. It's a beast of a technology but most companies, most organizations, they only use maybe 10 percent of it. But it's very popular and it's getting even more popular now that Cisco has started using this product in their UCS.

It's a very heavy-duty product, so if you have a lot of utilization, or if you can use at least half of it, then it's worth buying. It's a very robust and solid product but it really depends upon what the use case is and, of course, the budget.

Once you set it up correctly you never have to go back to change anything ever again. It works as it's supposed to and it's very dependable.

Disclosure: My company has a business relationship with this vendor other than being a customer: A company with which I'm associated as a contractor is a Citrix partner.
it_user873417
Senior Virtualization Engineer at a tech services company with 11-50 employees
Real User
Monitoring feature allows me to identify when a load-balanced resource is having issues

What is our primary use case?

Provides secure remote access to, as well as intelligent load-balancing for, internal resources.

How has it helped my organization?

Implemented dual-factor authentication on Outlook Web Access, making it well-protected.

What is most valuable?

I like the monitoring ability as it enables me to identify when an internal (load-balanced) resource is having issues before it becomes a problem in production.

What needs improvement?

The policies on the NetScaler can be a bit tricky at times.

For how long have I used the solution?

More than five years.

What is our primary use case?

Provides secure remote access to, as well as intelligent load-balancing for, internal resources.

How has it helped my organization?

Implemented dual-factor authentication on Outlook Web Access, making it well-protected.

What is most valuable?

I like the monitoring ability as it enables me to identify when an internal (load-balanced) resource is having issues before it becomes a problem in production.

What needs improvement?

The policies on the NetScaler can be a bit tricky at times.

For how long have I used the solution?

More than five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
ChiragMehta
Network & Security Lead at a tech vendor with 201-500 employees
Real User
Content Switching provides flexibility for routing traffic but development team's response time could be better

Pros and Cons

  • "Content Switching provides flexibility for routing traffic as desired to designated real servers. It also provides good geo capabilities through its GSLB feature."
  • "Development team's response time could be better."

What is our primary use case?

We used it to manage a data center hosting environment and had more than 250 HA pairs of Citrix NetScalers (both physical and virtual) to maintain/manage customer environments. Each environment was different, each was a customer-dedicated environment.

How has it helped my organization?

This was a standard load-balancing solution provided to our customers. They didn't have many complaints about the way their traffic was being managed. We were able to handle specific requirements for persistence/stickiness.

What is most valuable?

Content Switching since it provides flexibility for routing traffic as desired to designated real servers. It also provides good geo capabilities through its GSLB feature.

What needs improvement?

Development team's response time could be better.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

No major issues with stability.

What do I think about the scalability of the solution?

Scalability is good with the virtual appliance, where you can easily scale using the appropriate license and match up with the appropriate virtual machine.

Which solution did I use previously and why did I switch?

We had a mix of makes/models, as we supported a large customer base, such as F5, Cisco CSS. We have never had a case where we had to switch NetScaler out for another make.

How was the initial setup?

Initial setup is straightforward if you know basic networking concepts. It doesn't take a lot of reading to set one up.

What other advice do I have?

I would rate NetScaler as a seven out of 10 for good technical support on routine issues, but any issues that needed the development team's involvement took a long time.

If you don't have very specific requirements such as the ASM that F5 offers, this would do almost all tasks as far as load-balancing is concerned (geo load-balancing as well).

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user873411
Network Consultant at a tech services company
Consultant
The load-balancing provides high-availability and resiliency for business servers

What is our primary use case?

I implemented this solution for customers who were looking to achieve high-availability and resiliency of their business servers, through load balancing.

How has it helped my organization?

It has improved my customers' base functionality by providing resiliency to their applications that reside on servers, as well as connectivity to remote applications.

What is most valuable?

Load balancing Netscaler Gateway

What needs improvement?

Some configuration processes like disabling LB VIPs, automatically disabling the IPs used.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

No stability issues. Provides great performance.

What do I think about the scalability of the solution?

What is our primary use case?

I implemented this solution for customers who were looking to achieve high-availability and resiliency of their business servers, through load balancing.

How has it helped my organization?

It has improved my customers' base functionality by providing resiliency to their applications that reside on servers, as well as connectivity to remote applications.

What is most valuable?

  • Load balancing
  • Netscaler Gateway

What needs improvement?

Some configuration processes like disabling LB VIPs, automatically disabling the IPs used.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

No stability issues. Provides great performance.

What do I think about the scalability of the solution?

No issues other than, if you want to scale, you pay for more licenses.

How is customer service and technical support?

Great staff. I have never had an issue with them. They’ve been helpful.

How was the initial setup?

Straightforward. Simple steps to follow.

What other advice do I have?

Implement it fully, utilizing all of its features.

Disclosure: My company has a business relationship with this vendor other than being a customer: Citrix partner.
JC
System Administrator at a healthcare company with 501-1,000 employees
Real User
Content Switching enables us to use one IP and leverage various back-end web app servers

Pros and Cons

  • "HTTP analysis and action. We have a lot of custom web applications that sometimes require custom header insertions. Some of these custom apps are external and, via the content switching, we can use one IP and leverage various back-end web app servers."
  • "Getting to use some of the advanced tools, even with the assistance of Citrix support, can be challenging."

What is our primary use case?

SSL offloading, load balancing, HTTP analysis and manipulation (HTTP rewrites, inserts, redirects) for web applications. Load balancing other ERP applications and Exchange.

How has it helped my organization?

We have a lot of custom web applications that sometimes require custom header insertions.  Some of these apps are externally accessible. In our current network design, we were using a routable address for every external resource that we presented. Via the Content Switching, we are using one routable IP for various systems, preserving our number of allocated public addresses.

What is most valuable?

HTTP analysis and action. We have a lot of custom web applications that sometimes require custom header insertions. Some of these custom apps are external and, via the Content Switching, we can use one IP and leverage various back-end web app servers.

What needs improvement?

For the most part, I don’t have complaints about the system and its solution. One of my prior gripes was that documentation and knowledge base articles were disjointed and/or were not complete. Citrix has done a great job over the last two and a half years of enhancing their support material.

For how long have I used the solution?

Three to five years.

What other advice do I have?

I would give the product a nine out of 10. The product is solid and truly is a Swiss army knife. However, getting to use some of the advanced tools, even with the assistance of Citrix support, can be challenging.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user872688
Head of IT Infrastructure at a financial services firm with 51-200 employees
Real User
Load Balancing and SSL offloading are key features for us

What is our primary use case?

Load balancing Application gateway SSL offloading

How has it helped my organization?

It helped many internal websites to expose online use with single star certificates.

What is most valuable?

Load Balancing and SSL offloading are key features.

What needs improvement?

The GUI should be improved.

For how long have I used the solution?

One to three years.

What is our primary use case?

  • Load balancing
  • Application gateway
  • SSL offloading

How has it helped my organization?

It helped many internal websites to expose online use with single star certificates.

What is most valuable?

Load Balancing and SSL offloading are key features.

What needs improvement?

The GUI should be improved.

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user173682
Sr. Network Systems Engineer at a manufacturing company with 51-200 employees
Vendor
GSLB allows me to do active/active or active/passive deployment of services

Pros and Cons

  • "The GSLB feature allows us to move services between data centers. We can do this in either a planned or unplanned manner. We have experienced service provider outages at our primary data center and GSLB will kick in to automatically modify DNS records to point to a secondary data center (active/passive). We also make use of GeoIP information to point clients to the closest data center for accessing applications."
  • "Unified Gateway allows me to provide secure external access to applications for suppliers and customers while requiring Multi-Factor Authentication."
  • "The main areas for improvement would be around documentation and support. If a feature can be used in two or three ways, show that feature being used in all of those ways. Documentation seems to only cover the primary use case and leaves you to either run through trial and error or consult the user community. In terms of support, I have never actually had them solve any of my issues. I have always solved them myself and then provided the resolution to support."

What is our primary use case?

We use the NetScaler ADC in three primary use cases. The first is to provide load balancing services for our internal applications. The second is for Global Server Load Balancing (GSLB) to provide data center resiliency and failover of our externally accessible services, as well as proximity-based access. The third is for the Unified Gateway to securely provide external access to some of our key applications. We deploy VPX appliances running in our VMware environment.

How has it helped my organization?

The GSLB feature allows us to move services between data centers. We can do this in either a planned or unplanned manner. We have experienced service provider outages at our primary data center and GSLB will kick in to automatically modify DNS records to point to a secondary data center (active/passive). We also make use of GeoIP information to point clients to the closest data center for accessing applications.

What is most valuable?

The features I find most useful are 

  • Load Balancing
  • GSLB
  • Unified Gateway.

I love being able to terminate connections to the boxes and look at all of the packet headers to determine which way I want to send the traffic next. GSLB provides amazing ability to do active/active or active/passive deployment of services. Unified Gateway allows me to provide secure external access to applications for suppliers and customers while requiring Multi-Factor Authentication.

What needs improvement?

The main areas for improvement would be around documentation and support. If a feature can be used in two or three ways, show that feature being used in all of those ways. Documentation seems to only cover the primary use case and leaves you to either run through trial and error or consult the user community. In terms of support, I have never actually had them solve any of my issues. I have always solved them myself and then provided the resolution to support.

For how long have I used the solution?

More than five years.

What other advice do I have?

I would rate the NetScaler a nine out of 10. It is a fantastic platform to work with and the features/functionality are top-notch. The only ding would be for the documentation, but the user community is fantastic.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user845064
EUC Architect with 1,001-5,000 employees
User
Provides customers with greater high availability for their enterprise applications within a single site and across multiple locations

Pros and Cons

  • "The MAS integration for HDX Insight has provided teams with significant visibility into network performance of the user's connection."
  • "The NetScaler appliance has provided a lot of customers with greater high availability for their enterprise applications within a single site and across multiple locations."
  • "Reducing the overhead required for AppFlow data collection, specifically for HDX Insight, would be a huge improvement."

What is our primary use case?

The NetScaler is used for front-end enterprise applications as well as Citrix deployments. We generally see deployments for secure remote access. In some cases, global load balancing is used in multi-data center deployments.

How has it helped my organization?

The NetScaler appliance has provided a lot of customers with greater high availability for their enterprise applications within a single site and across multiple locations. The largest, and potentially main reason to use Netscaler over the competition, is in Citrix environments. There is complete integration through the stack, and it has features which make it simple to securely provide access to enterprise data and applications.

What is most valuable?

The NetScaler Gateway has been extremely valuable for many reasons. We make use of the load balancing capabilities, including SSL offload and GSLB for high availability. The MAS integration for HDX Insight has provided teams with significant visibility into network performance of the user's connection.

What needs improvement?

Citrix has made steady improvements over the years. Personally, reducing the overhead required for AppFlow data collection, specifically for HDX Insight, would be a huge improvement.

For how long have I used the solution?

More than five years.
Disclosure: My company has a business relationship with this vendor other than being a customer: I work for a solutions advisor that partners with Citrix and many other vendors.
it_user824772
Solutions Architect at a manufacturing company with 1,001-5,000 employees
Real User
The most valuable feature would be the permanent server

Pros and Cons

    • "There are some features which are missing.​"

    What is our primary use case?

    The primary use for using it is the wholesale application and VDIs.

    I have been working the cost factors, while the performance and application are good, the factory cost brought back to you is not. Therefore, we are currently comparing the product with Microsoft RemoteApp.

    What is most valuable?

    The most valuable feature would be the Citrix permanent server.

    It is cost-effective, if you consider the permanent server. Also, the management is easy with no downtimes. 

    What needs improvement?

    There are some features which are missing.

    What I am looking for is something like OneDrive. We are facing an issue with OneDrive on the XenApp and XenDesktop. We can't use OneDrive with what we have. So, a fully, operational OneDrive support is what I am looking for.

    For how long have I used the solution?

    Trial/evaluations only.

    What do I think about the stability of the solution?

    Stability is good.

    What do I think about the scalability of the solution?

    Scalability is good.

    How are customer service and technical support?

    We like working with Citrix technical support.

    Which solution did I use previously and why did I switch?

    I have been working with Citrix technology for the last 10 to 13 years. We have not switched solutions during this time. 

    How was the initial setup?

    From a Citrix perspective, it was straightforward. From the application perspective, there are some tweaks that we need to do. So, we are working on those tweaks.

    Which other solutions did I evaluate?

    Currently, we are evaluating the cost prospective from the BDA cost prospective. We are evaluating Microsoft and Citrix as they are the leaders in this solution. If you compare Citrix and Microsoft RemoteApp, Citrix is the best compared to RemoteApp. RemoteApp is basically meant for a small business use case.

    What other advice do I have?

    We are using Citrix XenApp and XenDesktop, but we are planning to now expand into the same product. 

    Most important criteria when selecting a vendor: 

    • Cost
    • Performance
    • Stability
    • Scalability
    • High availability.
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    ITCS user
    System Administrator with 501-1,000 employees
    Vendor
    Easily integrates with other Citrix products

    Pros and Cons

    • "Global load balancing between data centers."
    • "I think there is always room for improvement in this type of solutions. For example, I think the GUI should be easy to understand."

    What is most valuable?

    There are a lot of them: 

    • Load balancing in communications 
    • Global load balancing between data centers 
    • The management 
    • Easy integration with other Citrix products. 

    In the management topic, there are three levels: 

    1. 1st Level, most user-friendly, the GUI, in this level we can configures all the features and inclusive test the implementations. 
    2. 2nd Level Console, very helpful for easy access to all settings and troubleshooting problems, deep level in settings. 
    3. 3rd Level Shell, essential to troubleshooting. Direct access to all logging in the components.

    Easy integration with Citrix Solution, NetScaler has wizards to help implementation of Citrix solutions, like XenApp/XenDesktop and Xenmobile.

    How has it helped my organization?

    In the organization, we have three systems based in Citrix technology, so there was logic to add a solution which give us security and a focal point of access. With Netscaler, we have a solution divided in two data centers, a secure and unique point of access, and balanced traffic between all the critical components in the Citrix solutions. For the last, we have a mature, solid, and secure component to complete the Citrix environment.

    What needs improvement?

    I think there is always room for improvement in this type of solutions. For example, I think the GUI should be easy to understand.

    For how long have I used the solution?

    I have used this version about one year, but Netscaler for about three years.

    What do I think about the stability of the solution?

    No, this is a Citrix product. This means there are gobs of documentation, and the support given by CItrix, it's very good.

    What do I think about the scalability of the solution?

    No. We have four virtual appliances working. If we need to increase, it's a simple process.

    Which solution did I use previously and why did I switch?

    No, the whole solution is based in Citrix technology.

    How was the initial setup?

    The system was easy, but the GSLB function was more difficult to configure and test.

    What's my experience with pricing, setup cost, and licensing?

    It all depends on the features that will be used and the number of accesses. 

    Which other solutions did I evaluate?

    No.

    What other advice do I have?

    It is important, almost crucial, to have some network knowledge. Have the technical design made, it is very simple to overcomplicate when using this product.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    ITCS user
    Citrix / Virtualization Pre-Sales and Implementation Engg. at a tech vendor with 501-1,000 employees
    Vendor
    Content Redirection Works With Most Of The Web Application And Has Good Logics Behind It To Configure It

    Pros and Cons

    • "Content Redirection and SSO integration with Citrix XenApp/XenDesktop. The GUI was wonderful."
    • "Scripting and writing expressions need to be improved by putting logic behind the rules and improve policies involving some of the scripting part, which is a tedious task to do."

    What is most valuable?

    Content Redirection and SSO integration with Citrix XenApp/XenDesktop. The GUI was wonderful. Content Redirection based on application data is a wonderful feature which works absolutely fine with most of the web application, and it has good logics behind it to configure it, and secondly, Single sign-on with Citrix's own applications, like XenApp and XenDesktop.

    How has it helped my organization?

    I have given this solution to many customers of NetScaler. It helped many businesses to gain high availability for their particular web application tiers.

    What needs improvement?

    Scripting and writing expressions need to be improved by putting logic behind the rules and improve policies involving some of the scripting part, which is a tedious task to do.

    For how long have I used the solution?

    Almost two to three years.

    What do I think about the stability of the solution?

    Not as such, their Support Team and R&D Team were not able to give a solution in one case.

    What do I think about the scalability of the solution?

    No.

    How are customer service and technical support?

    An eight out of 10.

    Which solution did I use previously and why did I switch?

    I worked with KEMP and NetScaler.

    How was the initial setup?

    No, it is complicated and there is limited expertise in market for deployment.

    What's my experience with pricing, setup cost, and licensing?

    Costly product and complicated licensing.

    Which other solutions did I evaluate?

    I tried KEMP.

    What other advice do I have?

    Check the solution provided by Citrix twice and get a PoC done.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Maksim Sataev
    network specialist at a pharma/biotech company with 1,001-5,000 employees
    Real User
    Load Balancing, Cache Redirection, Content Switching, All Connected With Traffic Management.

    What is most valuable?

    Load balancing, cache redirection, content switching, all connected with traffic management.

    How has it helped my organization?

    We have removed all NLB clusters on web applications, increased HA for some applications and now we have possibilities such as rewrite and response with more flexible tools.

    What needs improvement?

    Maybe creating policies with simple regular expressions.

    For how long have I used the solution?

    This is my second year.

    What do I think about the stability of the solution?

    I had some problems with HA node movements.

    What do I think about the scalability of the solution?

    No, I had a small deployment with two nodes of NS.

    How are customer service and technical support?

    Very quick every time, even with Severity 4, with…

    What is most valuable?

    Load balancing, cache redirection, content switching, all connected with traffic management.

    How has it helped my organization?

    We have removed all NLB clusters on web applications, increased HA for some applications and now we have possibilities such as rewrite and response with more flexible tools.

    What needs improvement?

    Maybe creating policies with simple regular expressions.

    For how long have I used the solution?

    This is my second year.

    What do I think about the stability of the solution?

    I had some problems with HA node movements.

    What do I think about the scalability of the solution?

    No, I had a small deployment with two nodes of NS.

    How are customer service and technical support?

    Very quick every time, even with Severity 4, with successful results.

    Which solution did I use previously and why did I switch?

    NGNX, but it was not my solution.

    How was the initial setup?

    It was very easy, the NetScaler community is very big. The GUI is very user friendly and not cumbersome.

    What's my experience with pricing, setup cost, and licensing?

    It's not for startups or SOHO.

    Which other solutions did I evaluate?

    We considered F5 Networks.

    What other advice do I have?

    It's a good choice for ADC; no marketing.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    ITCS user
    Engineer at a tech services company with 10,001+ employees
    Consultant
    Some of the valuable features are Load balancing, SSL offload, and content switching.

    Pros and Cons

    • "SSL Offload"
    • "I would like to see support for scripting, like "iRule", which gives you the option to implement any configuration which is not available out of the box."

    What is most valuable?

    • LB - Load balancing
    • SSL Offload
    • Content Switching
    • Responder
    • Re-write
    • App Firewall

    How has it helped my organization?

    Our company provides Managed Services and does Service Integration for our customers. We have deployed Citrix NetScaler for many customers. It has helped them to increase application up-time, scalability, and enhanced application performance and security.

    What needs improvement?

    I would like to see support for scripting, like "iRule", which gives you the option to implement any configuration which is not available out of the box. I would also like to see support for OCSP stapling.

    For how long have I used the solution?

    We have used this solution for five years.

    What do I think about the stability of the solution?

    Sometimes there are stability issues with certain releases.

    What do I think about the scalability of the solution?

    I did not encounter any issues with scalability.

    How are customer service and technical support?

    I would rate the level of technical support as excellent.

    Which solution did I use previously and why did I switch?

    We work with multiple ADC vendors.

    How was the initial setup?

    The initial setup had very few steps involved and the network settings were simple.

    Which other solutions did I evaluate?

    We work with all OEMs.

    Disclosure: My company has a business relationship with this vendor other than being a customer: We are channel partners.
    Vitor Arruda
    IT Infrastructure Analyst at WEG
    Real User
    Some of the valuable features are load balancing, reverse proxy, and AAA authentication.

    Pros and Cons

    • "NetScaler Gateway: Why? Availability/Security: We delivered more than 200 applications thru Xenapp. This feature give us the possibility to deliver the applications anywhere. Currently, 30% of access is made through our NetScaler Gateway (Internet connections)."
    • "The product provides some templates to integrate with applications like MS Exchange, MS SharePoint, SAP Enterprise Portal, and others. However, the last update for these templates was 2013 (lots of applications are running on versions newer then 2013)."

    What is most valuable?

    • Load Balancing: Why? Availability/Performance: Those are the core features of the product and the main reason for the purchase of an ADC in my company. These features bring a lot of resources that improve the experience of the users.
    • NetScaler Gateway: Why? Availability/Security: We delivered more than 200 applications thru Xenapp. This feature give us the possibility to deliver the applications anywhere. Currently, 30% of access is made through our NetScaler Gateway (Internet connections).
    • Global Server Load Balancing: Why? Availability: Bring us the possibility to load balance our ISPs links, delivering DNS responses thru available ISP providers.
    • Reverse Proxy/AAA Authentication: Why? Availability/Security: Many local websites/applications are now available through the internet, with NetScaler acting as reverse proxy, and through AAA authentication in order to authenticate only necessary users.

    How has it helped my organization?

    We are replacing the necessity of any kind of load balance software/components (like Microsoft NLB, SAP Web Dispatcher, DNS Round Robin) and begin to centralize all Load Balancing necessities in the same NetScaler Hardware.

    What needs improvement?

    The product provides some templates to integrate with applications like MS Exchange, MS SharePoint, SAP Enterprise Portal, and others. However, the last update for these templates was 2013 (lots of applications are running on versions newer then 2013).

    For how long have I used the solution?

    We have used this solution for four years.

    What do I think about the stability of the solution?

    We deployed this solution in a two-node cluster. In the beginning, we struggled to make it work properly. We also felt a lack of documentation for complex environments like ours. After some time and with external help, we make it work as it was supposed to function.

    What do I think about the scalability of the solution?

    I did not encounter any issues with scalability.

    How is customer service and technical support?

    I would give technical support a rating of 7/10.

    How was the initial setup?

    The initial setup was complex. Usually, NetScaler implementations are made using the HA feature. We adopted the cluster feature. We noticed that there was a lack of knowledge from the community and Citrix support in this area. Our complex environment of network made the initial setup more difficult.

    Which other solutions did I evaluate?

    We evaluated F5 and Brocade.

    What other advice do I have?

    Be careful in the choice of a partner to implement this product.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    ITCS user
    Senior Systems Administrator at a financial services firm with 51-200 employees
    Vendor
    Deployment of NetScalers on our DMZ enables our organization to implement a secured gateway.

    What is most valuable?

    Web Application Firewall Content Switching Applications SSL Handling

    How has it helped my organization?

    Deployment of NetScalers on our DMZ enables our organization to implement a secured gateway for our Web Portal, Inbound/Outbound application web service calls across our partners/clients, security, and Traffic Management.

    What needs improvement?

    The web management console uses a Java plugin. Some improvements are needed on the web management console.

    For how long have I used the solution?

    6 years.

    What do I think about the stability of the solution?

    We only encountered hardware issues in which were addressed with a firmware upgrade.

    What do I think about the scalability of the solution?

    None.

    How are customer service and technical support?

    What is most valuable?

    • Web Application Firewall
    • Content Switching Applications
    • SSL Handling

    How has it helped my organization?

    Deployment of NetScalers on our DMZ enables our organization to implement a secured gateway for our Web Portal, Inbound/Outbound application web service calls across our partners/clients, security, and Traffic Management.

    What needs improvement?

    The web management console uses a Java plugin. Some improvements are needed on the web management console.

    For how long have I used the solution?

    6 years.

    What do I think about the stability of the solution?

    We only encountered hardware issues in which were addressed with a firmware upgrade.

    What do I think about the scalability of the solution?

    None.

    How are customer service and technical support?

    Customer Service:

    Good. Citrix has been very supportive.

    Technical Support:

    Good.

    Which solution did I use previously and why did I switch?

    None were previously used.

    How was the initial setup?

    The appliance's initial setup was very easy and seamless.

    What about the implementation team?

    We have our own competency pool for this appliance. Though we have direct support services from Citrix.

    What's my experience with pricing, setup cost, and licensing?

    Consider the sizing first before purchasing the appliance.

    Which other solutions did I evaluate?

    Yes, BigF5.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    ITCS user
    Infrastructure Specialist at a tech services company with 10,001+ employees
    Consultant
    Easy to configure and operate. The vendor team was not great.

    What is most valuable?

    • Easy to configure the settings
    • Easy to operate
    • A lot of useful network and other great settings
    • A lot of official and unofficial documentations are available on the internet

    How has it helped my organization?

    It is used specially to provide Citrix Access Gateway to customers and their employees.

    What needs improvement?

    I cannot think of any features that should be added because the product has a lot of useful features already.

    For how long have I used the solution?

    Over a year with two customers.

    What was my experience with deployment of the solution?

    No, easy to deploy.

    What do I think about the stability of the solution?

    No, very stable.

    What do I think about the scalability of the solution?

    No, because it can be merged into a cluster.

    Which solution did I use previously and why did I switch?

    Yes, we also use F5 Big-IP LTM and in the past we used Cisco ACE. We didn’t switch specifically to use NetScaler, as we use the most appropriate solution depending on the customers needs.

    How was the initial setup?

    It depends on the customers needs. If they need high availability, if they need Clustering, the number of virtual servers needed and so on.

    What about the implementation team?

    We used both of them, but when we used the vendor team, their skills were bad and rework from our in-house was needed.

    Which other solutions did I evaluate?

    Yes, we use F5 Big-IP LTM and in the past we used Cisco ACE.

    What other advice do I have?

    Yes, two pieces of advice

    1. Do the official training; and 
    2. Use the Citrix documentation

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    ITCS user
    Senior IT Consultant/Program Mgmt at Consultant
    Consultant
    Extremely hard to purchase. Easy to setup core features.

    Valuable Features:

    Load Balancer and Access Gateway

    Improvements to My Organization:

    Allowed secure access to authenticated user not on the network without having to download client side software

    Room for Improvement:

    Alert Management

    Use of Solution:

    2 years

    Deployment Issues:

    Minor issue setting up VeriSign Certificates

    Stability Issues:

    No

    Scalability Issues:

    Not applicable - We were only setting up 4 Virtual Servers

    Customer Service:

    6

    Valuable Features:

    Load Balancer and Access Gateway

    Improvements to My Organization:

    Allowed secure access to authenticated user not on the network without having to download client side software

    Room for Improvement:

    Alert Management

    Use of Solution:

    2 years

    Deployment Issues:

    Minor issue setting up VeriSign Certificates

    Stability Issues:

    No

    Scalability Issues:

    Not applicable - We were only setting up 4 Virtual Servers

    Customer Service:

    6

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    ITCS user
    IT Architect with 11-50 employees
    Vendor
    Choose your NetScaler … wisely
    I spend a lot of my time breaking down the different models of Citrix NetScaler appliances and different Software Editions within the Citrix NetScaler portfolio. I decided to set up a blog about this since the path is usually pretty much (lengthy but) the same. This does not mean the answer is always easy because there are a lot of questions that need to be answered. The first thing I would like to get off my chest is the following: Stop seeing/selling the Citrix NetScaler as a replacement for Secure Gateway. It is so much more than that. I often have discussions with various engineers and consultants telling me that Citrix NetScaler is so expensive for a Remote Access solution because Secure Gateway always used to be free. No offense but a Citrix NetScaler solution…

    I spend a lot of my time breaking down the different models of Citrix NetScaler appliances and different Software Editions within the Citrix NetScaler portfolio.

    I decided to set up a blog about this since the path is usually pretty much (lengthy but) the same. This does not mean the answer is always easy because there are a lot of questions that need to be answered.

    The first thing I would like to get off my chest is the following: Stop seeing/selling the Citrix NetScaler as a replacement for Secure Gateway. It is so much more than that. I often have discussions with various engineers and consultants telling me that Citrix NetScaler is so expensive for a Remote Access solution because Secure Gateway always used to be free. No offense but a Citrix NetScaler solution belongs to the networking department, not the Citrix XenApp sys admin department. Or maybe limited.

    That leads me to the first difficult thing of a Citrix NetScaler project. The adoption of the Citrix NetScaler appliances to the networking guys of an organization. They need to embrace the solution to make this a success. For some reason they too see it as a ‘’Citrix’’ solution. For that reason one of the most important meetings to setup is usually with the networking guys to try to explain the L3-L7 functionality of the Citrix NetScaler solution. When they realize it competes with F5, Juniper, Cisco, etc then we are on the right track.

    NetScaler Gateway or NetScaler Standard Edition

    Usually the first question of a customer is regarding something simple like replacing the Remote Access solution. Since the NetScaler is going to be the main platform for publishing Citrix publications a NetScaler Gateway can be considered as a valid option. This is when I tell a customer it would be wise to spend a little extra on the NetScaler Standard Edition since this would leverage the solution be having full load balancing capabilities (among others). When you compare prices between the NetScaler Gateway and NetScaler Standard Edition you will see that the Standard Edition will be somewhat more expensive but I for one think that it is worth the difference given the feature set that come with the Standard Edition. Of course the NetScaler Gateway can always be upgraded to a NetScaler Standard Edition (or higher) if you will.

    Another feature of Citrix NetScaler Standard Edition is the ability to run Citrix Web Interface on the appliance. Honestly, I do think is not really that important anymore since Citrix Web interface is going to be replaced by Citrix StoreFront and as of yet there are no plans of putting StoreFront on the NetScaler (that I know of). Of course for some situations it can still be a feasible solution. There is still the ability to dismiss multiple Microsoft IIS Servers by using Web Interface on Citrix NetScaler.

    Virtual, Physical or Logical

    I am aware this needs some explanation. Let’s start of with the Virtual.

    Virtual (or VPX)

    I hardly ever, ever, ever, sell the Citrix NetScaler VPX appliance. Only for use of Lab or Testing environment or really small, small, small businesses where the use case is to implement a remote access solution for a small number of users.

    It happens that customers come to me and tell me they are thinking of purchasing a Citrix NetScaler VPX solution and would like my advise on which we will have this breakdown which changes their mindset about going for the VPX solution. I have by no means of interest of selling MPX over VPX, I just give a breakdown of the pro’s and cons for various solutions.

    1. The first common mistake is the idea that VPX is cheaper because it is virtual (yes assumptions, the foundation of every well thought out IT project :-) ), well, there goes the first bubble. Ask your Citrix Solution Advisor for an estimate of a Citrix NetScaler VPX 1000 and a Citrix NetScaler MPX 5550/5560 and you will be amazed.

    2. No hypervisor resources guaranteed. The VPX platform runs on an organization’s hypervisor. Whenever I ask a hypervisor support engineer if they are not overcommitting resources, the answer is hardly ever no. It would not even be of first that I would even have to explain overcommitting in an hypervisor environment. But in an overcommitting environment it means that important hardware resources are shared among multiple virtual instances. Meaning that hardware resources can only be limited or even not guaranteed since it’s shared over multiple virtual instances.

    3. No hardware acceleration. This one is pretty much inline with the above statement, the MPX has hardware accelerator card for encrypting/decrypting SSL connections. Within a VPX you would be dependent of hardware resources of the hypervisor. Of course this one becomes more important when the number of connections are significant.

    4. No need for a HA solution. This one may seem a little strange but it pops up once and awhile. Customers choosing a single Citrix NetScaler VPX appliance because they have VMware HA and DRS and rely on snapshotting of the VM’s making the solution highly available. Agreed, in some cases it might work but it depends on what the accepted downtime is for the given solution. If this is a couple of hours or a day that would be fine. You would have to keep in mind that a single appliance solution could require a full restore of the VM dependent on the issue. This means restore from snapshot/backup but could also be a new installation of the VM and restore of the configuration. This would require the relevant knowledge of how to which is not always present in my opinion. Also keep in mind that Citrix NetScaler VPX does not vMotion well, I’ve seen hanging Citrix NetScaler vMotion VM’s.

    5. Bandwidth. A Citrix NetScaler VPX comes in different (bandwidth) flavors (5, 10, 200, 1000 and 3000). I have done a number of PoC’s with the Citrix NetScaler VPX and see them miserably fail with at least the 5 and 10 by the solution consuming bandwidth (I try to disregard the Express version which is 5 as much as I can). It could be a solution though if you are using DSR (Direct Server Return) Load Balancing solutions (meaning that the traffic is not actually flowing through the NetScaler). The thing to remember is that the Bandwidth of the VPX is end-to-end on all interfaces it has, so if you have a Citrix NetScaler VPX 1000 with 2 virtual interfaces the 1000Mbit is being counted over all interfaces (so no 2 x 1000 Mbit).

    Physical (or MPX)

    Usually when I have given a customer some of the somewhat ‘’drawbacks’’ listed above and convinced the networking guys of the networking features of the appliance they are tending towards the MPX platform.

    1. Bandwidth. The Bandwidth of an MPX is somewhat listed differently then that of it’s VPX variant. Citrix calls this ‘’Kernel Bandwidth” or “L7 Bandwidth”, this last one can be a little bit confusing because it implies that L3 (or Dirty Load Balancing) would not be intermitted to the Bandwidth limit. This is not the case.
    Here a list of the most commonly deployed appliances and there Kernel Bandwidth:
    - MPX 5550 (0.5Gbps) (Upgradeable to an MPX 5560 (1Gbps) by software license);
    - MPX 8200 (2.0Gbps) (Upgradeable to an MPX 8400(4Gbps) by software license);
    - MPX 8400 (4.0Gbps) (Upgradeable to an MPX 8600(6Gbps) by software license).
    More information on the different MPX platform models:
    http://www.citrix.com/content/dam/citrix/en_us/documents/products/netscaler-data-sheet.pdf

    2. Rackspace. Yes, as you might expect an MPX appliance is physical which means it requires Rackspace. Although for the entire 55xx and 8xxx it is 1U per appliance, but still Rackspace.

    Logical (or SDX)

    An Citrix NetScaler SDX is a so-called hypervisor appliance. It runs on Citrix XenServer, but a special server of XenServer (SR-OIV). In a nutshell it means that the Citrix NetScaler VPX that run on this hypervisor has direct access to hardware resources. That’s why the number of virtual appliances on the different models is limited.

    I think the SDX will be the more common appliance for customers to acquire. There are a couple of reasons for this.

    1. A lot of security compliances by companies do not allow machines to have a connection to a perimeter network (like DMZ) and a internal network at the same time. Over time I see that customers are allowing more logical segregation of the network by machines that touch multiple networks. For instance hypervisors that have VM’s in a perimeter network and internal network. This is where a Citrix NetScaler SDX could be really beneficial. On the SDX you could have a Citrix NetScaler VPX for remote access on the perimeter network and a Citrix NetScaler VPX on the internal network for Load Balancing purposes.

    2. Platinum Edition. On Citrix NetScaler SDX you can run multiple instance of Citrix NetScaler and they are licensed with the Platinum Edition of Citrix NetScaler software. This means that L7 App Firewall could/would/should be deployed on all of the Citrix NetScaler VPX appliances.

    3. Upgrade MPX. Citrix has recently announced that even the Citrix NetScaler MPX 8400 can be upgraded to an SDX platform. This used to be from the MPX 11500 which made it far fetched for almost any company that I know. Since the MPX 8200 and 8400 are the same hardware this means that there are upgrade paths from even the MPX 8200. The thing to keep in mind is that on Citrix NetScaler SDX 8400 only 5 virtual appliances can be deployed.

    4. Third party appliances. Citrix has opened up the SDX platform for 3rd party to create appliances for the SDX platform.

    Other decisions that can be of influence

    Copper/Fiber

    If your organization requires fiber connections that you will have to purchase at least the Citrix NetScaler MPX 8200 series or higher. The 8200 comes with options for connecting SFP or SFP+ fiber connections.

    Out of Band Management

    If your organizations requires Out-of-Band Management you will have to purchase at least the Citrix NetScaler MPX 8200 series or higher.

    Replacing Microsoft Forefront TMG

    We do a lot of implementation where we replace Microsoft TMG with Citrix NetScaler as for Reverse Proxy solutions. Since Microsoft has announced the Microsoft TMG to be En-of-Life with no replacement products Citrix NetScaler can come in to place. Microsoft Exchange is such an example of solutions we publish through Citrix NetScaler. A big advantage of Citrix NetScaler is that it can integrate 3rd party token authentication to add that extra layer of security for publishing your mail to users. (Keep in mind, Citrix NetScaler Enterprise Edition minimum requirement for AAA functionality).

    Security, Business and Technical

    One of the first conversation I will have regarding a Citrix NetScaler project is with Security and Business. The reason for this is that they often have conflicting wishes and desires. Often the Business has many progressive plans for making possibilities work to make their users work more productively. Yet, when the Security finds out about these plans they can contradict with Security Compliancy. So, one of the first tasks is to make sure these departments align. If you do not give this the attention it needs it will come back to you. Technical seems to be irrelevant and it sort of is. Technically almost anything is possible with Citrix NetScaler, that’s the reason why they are last in line.

    Network and High Availability

    The last item I would like to point out is network (and High Availability) and the options there are using Citrix NetScaler. The Software Edition of a Citrix NetScaler is very much dependent of the type of network that exist at the customer. If a customer is running a single ISP, single datacenter (or server location) a Citrix NetScaler Standard Edition with HA (High Availability will suffice. It becomes more interesting when a customer has two datacenter locations which uses different ISP’s. Then a Citrix NetScaler Enterprise Edition in a GSLB configuration becomes often/usually) the favor of choice.

    1. Single appliance. This I would never recommend.

    2. HA (High Availability). This is the most common one used. You buy two appliance and they run in an Active/Passive Cluster. They can be in the same subnet, they can be in different subnet (INC mode). Drawback is that you buy 2 appliances and only use one. Available from Standard Edition and up.

    3. GSLB. All appliances run standalone in a GSLB cluster. Very scalable solution. Often used when multiple datacenters are approached active/actively and/or multi-homed (multiple ISP’s). Based on High Level Authorative DNS, for that requires its DNS name (space). All appliance actively participate within the configuration. A drawback could be that all appliances run stand alone, so configuration has to be identical on all appliances. Available from Enterprise Edition and up.

    4. Cluster. Available since version 10. For me I think this kind of implementation uses a rather large footprint because of the demand of a dedicated network for cluster traffic and basically need for master node. This means that minimum recommend appliances is three whereas you actively use two. Requires separate license, not present in any edition.

    5. VRRP. This solution is used a lot in active/passive (core) switch configurations. Since some time available on the Citrix NetScaler. Within this solution all appliances run standalone. The same IP’s are configured on multiple appliances but have a vrID assigned, the highest priority vrID is alive, should that one fail the second priority vrID comes alive. Advantage is that you can use all appliances that you buy, however you cannot load balance a resource over two active Citrix NetScaler appliances.

    Be very aware of the VRRP type of implementations for two reasons:
    - When using VRRP on a VPX you will have to configure the virtual switch in ‘’Promiscuous Mode’’ which makes it a hub. Network Admins will not be happy with you :-) ;
    - When using VRRP and you have to load balance a solution like Microsoft Lync which requires a SSL pass-through configuration (SSL_Bridge), this will lead to asynchronous traffic. A solution would be to have the Lync server use the NetScaler as Gateway but this will not be feasible when the resource fails over to the other NetScaler appliance.

    In my (humble) opinion I would rather see VRRP disappear as an option all together. I have not seen a workable solution based on VRRP yet.

    Conclusion

    As I stated earlier, I have no gain in customers buying one or the other. The outline above is purely based on my experience of advising Citrix NetScaler for years now. The choice of a Citrix NetScaler solutions may look complex but often is logical. Based on security compliance, business needs, datacenter locations, number of ISP’s etc.

    So, this is it. I hope this has some value for you to make some decisions regarding which NetScaler hardware or virtual appliance and software editions to acquire.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    it_user4851
    Infrastructure Expert at a healthcare company with 501-1,000 employees
    Vendor
    Great ADC product

    Valuable Features:

    Does great job on most ADC functions: load balancing, SSL offload, responder policies, etc

    Room for Improvement:

    10.0 version has been buggy. We've had to patch multiple times and had a production outage trying to do App Firewall learning mode.

    Other Advice:

    Overall I would recommend Citrix NetScaler, just be careful with newer versions of the code.

    Valuable Features:

    Does great job on most ADC functions: load balancing, SSL offload, responder policies, etc

    Room for Improvement:

    10.0 version has been buggy. We've had to patch multiple times and had a production outage trying to do App Firewall learning mode.

    Other Advice:

    Overall I would recommend Citrix NetScaler, just be careful with newer versions of the code.
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    it_user3834
    Network Engineer at a insurance company with 1,001-5,000 employees
    Vendor
    Innovative TriScale architecture and SSL offloading capability

    Valuable Features:

    Citrix main strong-point is its flexible deployment model, which can help customers save on acquisition costs at the onset. The TriScale architecture that the Citrix sales guys have been pushing provides a pay as you grow deployment model. It also allows us to consolidate devices with features such as multitenancy and clustering. Other features like SSL offload for 2048-bit and 4096-bit key lenghts and good traffic and application reporting capabilities makes our investment in this product worthwhile.They seem to have pretty competent and responsive technical support.

    Room for Improvement:

    It is somewhat frustrating that there has been less feature innovations from their products. Though I really believe that Citrix’s TriScale architecture is a very innovative and successful strategy, it still lacks features such as asymmetric web content optimization which is an essential for ADCs. Also, the use of templates for ease of configuration and use also makes it a somewhat inflexible system. If you need a more advanced rules creation system then this product is not for you.

    Other Advice:

    I worked with Netscaler in my previous company. Overall, I recommend it. Its innovative TriScale architecture and SSL offloading capability are on par with some of the best products available. It’s a very user-friendly system that is easy to configure and use for a variety of deployment scenarios
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Buyer's Guide
    Download our free Citrix ADC Report and get advice and tips from experienced pros sharing their opinions.