As a certified Citrix Network Engineer my experience of Citrix NetScaler load balancing (now known as Citrix ADC) has changed over the years. I was first introduced into Citrix technologies when the product was in its infancy and Citrix Metaframe XP was cutting edge technology controlling multi RDS sessions. Back then, the only real way to publish core services to the outside world was to use a separate N Fuse server sitting within the DMZ.
Fast forward to 2021 and NetScaler is typically the chosen load balancing solution for Citrix services on premise or within the cloud. This is mainly due to its tight integration into core components of the Citrix Flex cast architecture. That said, there are alternate more cost-effective solutions are now available. I have detailed a summary of my thoughts and recommendations that should be considered when selecting a load balancer.
Challenges with Citrix NetScaler:
For anyone who has deployed Citrix Netscaler both virtual or physical, they will know just how much time planning and effort is needed. While wizard-driven publishing of services have been embedded in the UI, the average IT technician needs to have attended an official training course to be competent in successfully publishing, monitoring, and administering the product. For me this is one of the core drawbacks of the product. It is complicated to configure and manage.
IT teams are already stretched thin while accommodating the demanding needs of a post-COVID technology landscape. This is why I believe the proper solution needs a much more intuitive learning process and can be quickly adopted and implemented.
Specific Citrix Netscaler concerns:
- Cost vs Functionality:I don’t think anyone can argue that Citrix provides a feature rich load balancing solution; but typical organisations only utilise 5-10% of its core functionality. A premium product comes with a premium price tag. This for me is a key reason to consider alternatives available in the marketplace.
- Licensing: Host Name/MAC AddressWhile Citrix and other vendors shift to a consumption-based licensing model MAC address or Host name changes can take your core external services offline.
- Certificates:Certificates are a challenge for every vendor. Ensuing you can optimise offload workloads this requires fully linked certificate chains to ensure website security and availability.
- Security:Over the years the NetScaler product has been exposed to many major security vulnerabilities. Recently, there was one that allowed an unauthenticated attacker to perform arbitrary code execution allowing for local user creation and potential traffic interception.
Alternatives to consider:
When I’m talking to my clients about securely publishing Citrix and Microsoft applications, I now recommendKemp as a viable alternative. With Kemp’s recent announcement in support for Citrix Storefront for virtualized desktop infrastructure (VDI), this for me is a game changer.
Kemp offers a fully flexible licensing model with hardware and software options at a better price point. Simple, easy to use templates for almost any service, including Citrix workloads exist and within 10 minutes you can go from deployment to live publishing of services. Support from the global team is second to none with a vast expertise of skills and technical resources They are always happy to help 24/7/365 for all of your load balancing questions.
Reach out to the Kemp team or Fortem IT today to discuss your options further.
