Summary

This document contains information about converting NetScaler MPX appliances to NetScaler SDX appliances.

Requirements

You can use a field conversion kit to migrate a NetScaler MPX appliance to a NetScaler SDX appliance. The following table lists the details of the SDX
Field Replaceable Unit (FRU) Kits:

Background

With the new NetScaler SDX appliance models 17500, 19500, and 21500, you can deploy multiple virtualized NetScaler instances on a single purpose-built physical appliance with full multi-service and multi-tenant support. The NetScaler SDX appliance uses the service delivery performance and SSL encryption throughput of the NetScaler MPX appliance models 17500, 19500, and 21500.

You can convert a NetScaler MPX appliance to a NetScaler SDX appliance by upgrading the software through a new Solid State Drive (SSD) and a new Hard
Disk Drive (HDD). The conversion process modifies the Basic Input-Output System (BIOS), installs XenServer hypervisor and a Service Virtual Machine image, and copies an image with extension .xva for the NetScaler nCore virtual appliance 9.3 to the hard disk. However, you need to re-license the appliance, and then the appliance can provision the VPX instances as defined by the administrator through the Service VM on the NetScaler SDX appliance.

Read the full knowledge article on HOWTO Convert a NetScaler MPX Appliance to NetScaler SDX Appliance here

Redefining traditional Application Delivery Controllers (ADCs)

Citrix Systems have announced NetScaler® SDX, a groundbreaking new virtualized networking platform designed from the ground up to serve as the “front door” for virtual datacenters and clouds. With the new NetScaler SDX platform, customers can now run numerous virtualized NetScaler instances on a single purpose-built physical appliance with full multi-service, multi-tenant support. This innovative new architecture helps customers move from traditional application delivery to far richer “service delivery” required by the adoption of cloud computing, and growing user demand for new services delivered to a wide range of consumer devices.

Creating a service delivery fabric requires understanding and redefining traditional application delivery controllers (ADCs), such as Citrix® NetScaler®, in a services context. For example, application availability becomes service availability, while application optimization becomes service optimization.

More than just a name change, the transition to a service delivery fabric needs infrastructure and user-centric delivery capabilities that enable the delivery of services as well as applications. Since this fabric will become the foundation of enterprise IT and an essential element of an organization’s competitive differentiation, it needs enterprise-class power, flexibility and manageability too.

In some instances developers will be able to meet the new requirements by transforming an existing capability, typically by extending its scope of coverage. In other cases, though—such as with the need for broader and deeper visibility—developers are likely to have to create entirely new capabilities.

Highlights

• NetScaler SDX is a groundbreaking new platform that uses advanced hardware and software virtualization to run multiple “virtual NetScaler instances” on a single hardware appliance – each optimized for different apps, services, sites and customers.
• Each virtual instance is a complete NetScaler environment, incorporating all the functions needed to deliver apps and services with the best performance, security and reliability, including load balancing, caching, compression, SSL VPN, SSL offload, federated identity and app firewall.
• NetScaler SDX provides full network, CPU, memory and SSL acceleration isolation for each virtual NetScaler instance, as well as per-instance (rather than per-appliance) high availability, version control and lifecycle management.
• NetScaler SDX incorporates SR-IOV (single root I/O virtualization) capabilities from Intel to provide fast, multi-tenant, multi-service appliance capable of running at native wire speeds.
• The next-generation NetScaler SDX architecture provides the foundation for further consolidation of adjacent service delivery capabilities such as WAN optimization, network security and virtual desktop delivery.
• A single control plane within the NetScaler SDX platform provides unified provisioning, monitoring and management of all virtual NetScaler instances, while also enabling administrative privileges to be delegated per instance.
• The NetScaler SDX 17500, 19500 and 21500 models share a common hardware platform with the existing NetScaler MPX 17500, 19500 and 21500 models, enabling MPX appliances to be easily upgraded in the field to all the new NetScaler SDX functionality.

Availability

NetScaler SDX platforms include the SDX-17500, SDX-19500 and SDX-21500, offering performance up to 50Gbps, and will be available in April 2011.

Overview

Architecture

Whitepapers:

• How NetScaler supports Multi-Tenancy datacenters
• NetScaler Service Delivery
• Transform from application to service delivery
• Compare NetScaler editions
• Data sheet over NetScaler SDX, MPX, VPX editions

Learn more about NetScaler

• NetScaler SDX Overview
• Pay-as-you-grow
• Burst packs
• Try NetScaler

Fred Donovan from Citrix have updated the whitepaper - Communication Ports Used by Citrix Technologies to version 1.5 (April 2011)

Overview

This document provides an overview of ports that are used by Citrix components and must be considered as part of Virtual Computing architecture, especially if communication traffic traverses network components such as firewalls or proxy servers, where ports must be opened to ensure communication flow.

References

The assignments are listed by the Internet Assigned Numbers Authority (IANA), updated regularly, and revised when new information is available and new assignments are made. The specific location of the port numbers list is available at the following Web site: http://www.iana.org/assignments/port-numbers.

Microsoft Article “Network Ports Used by Key Microsoft Server Products”.

Microsoft Article ID 832017 “Service overview and network port requirements for the Windows Server system”.

Download WhitePaper - Communication Ports Used by Citrix Technologies here

NetScaler With Unlimited ICA Connections

Craig Ellrod from Citrix have posted this great blog post about previously “how to get 1-Year Licenses for NetScaler” and followed up with a post on how to get Licenses for other Citrix Products through the Citrix Ready program. Starting with NetScaler release 9.2, all MPX’s and VPX’s include a platform license for unlimited AGEE access to XenApp and XenDesktop. However, some customers have trouble finding the unlimited access license for the ICA Proxy in their MPX or VPX. Even the SE-issued license doesn’t show the unlimited access for ICA.

Background

The reason this license exists is because the AGEE functionality counts ICA proxy only connections against the CCUs. The traditional Secure-Gateway (on IIS Server) never had a concept of CCUs to count against and the legacy Net6 – Access-Gateway Standard and Advanced also did not count the ICA proxy only connections against any CCU count. The resolution for the NetScaler version of Access-Gateway (AGEE) was to create this license to make the ICA proxy only connection’s “free” in the sense that you do not have to pay for the CCUs with any kind of access license (it’s a compatibility thing to match the other products). This is why the license is separate from the platform license and the feature license. For the record, the NetScaler still does count these connections, the limit is just set to 10,000, assuming I guess that an individual NetScaler will not exceed that count (nor be needed), although I suspect it might be possible on larger platforms to better than 10,000 in which case the NS will throttle connections until it falls below 10,000.

There are four licenses that the customer may have

1. NetScaler Platform: Proper retail NetScaler (physical box) license (which is responsible for enabling all necessary features + 5 SSL VPN connections) is allocated by default to Hostname “ANY” in MyCitrix website and you cannot change this allocation. This is different from internal licenses (see 2).
2. NetScaler Features: The remainder of NetScaler licenses (Internal/Partner USE/DEMO/EVALUATION or VPX) need to be allocated to Host ID (MAC) of the appliance (articles CTX121062 page 11 and 16 and article CTX122426 page 9 and 22). The function (AGEE) is licensed/enabled by the MAC or HostID of the NetScaler. Two licenses are required for HA.
3. Access Gateway CCU license: To increase SSL VPN concurrent usage, CCUs, you must upload an AG Universal License. This license floats across HA pairs. This license needs to be allocated to the NetScaler Licensing Hostname, which is configured in /nsconfig/rc.conf file. This is NOT necessarily the same hostname as the created by ‘set ns hostname’ unless specifically made so by the customer. By default the hostname in /nsconfig/rc.conf is “ns”.
4. Access Gateway ICA license: To increase connections for ICA Connections you must upload an AG Platform License (to increase ICA connections up to 10000). This license floats across HA. This license needs to be allocated to the NetScaler Licensing Hostname, which is configured in /nsconfig/rc.conf file. This is NOT necessarily the same hostname as the created by ‘set ns hostname’ unless specifically made so by the customer. By default the hostname in /nsconfig/rc.conf is “ns”. Please reference article http://support.citrix.com/article/CTX125567.

   If you have an issue with hostname allocated for AG Platform License, you will see something like34 (CITRIX) Wrong hostid on SERVER line for license file: In /var/log/license.log.

Frequently asked questions

Q: Is it possible to know whether the unlimited access has already been included in the NETSCALER Platform license (like license of VPX-3000, MPX-7500, etc…)? Or, we (or our partners/customers) need to do

anything to retrieve that license?”
A: Unlimited remote ICA access is an entitlement of all Access Gateway or NetScaler appliance purchases (MPX or VPX). It is not included in the NetScaler Platform license. You need to retrieve the Access Gateway Platform license separately which enables the entitlement. This is in addition to the NetScaler Platform license. Both need to be present on the appliance.

Q: Do I need to install the AGEE platform license into a NetScaler?
A: Yes, you need to install the Access Gateway Platform license on NetScaler .

Q: If I set up the AGEE Vserver in BASIC MODE, there is no need for any AGEE license (platform or CCU) installed in that NetScaler?
A: If you create an AGEE vServer in Basic Mode without the Access Gateway Platform license, it will consume Access Gateway Universal Licenses. (Note: NS Standard and Enterprise come with 5 AGEE Universal CCUs per appliance and NS Platinum comes with 100 AGEE Universal CCUs per appliance.)

Q: Can I ignore the “show license” information, stating that “Maximum ICA User=0″?
A: You cannot ignore the ‘Show License’ information if it shows ‘Maximum ICA User=0′. If that is the case you have not applied an Access Gateway Platform license or the Access Gateway Platform license was not recognized by the system and any Access Gateway vServers will use AG Universal CCUs.

Q: If AGEE platform license is needed specifically in the NetScaler, is it the “CNS_AGEE_Server_Retail.lic”?
A: The confusion here may be because prior to AGEE / NS 8.1, there was an Access Gateway Platform license that enabled the base Access Gateway functionality on NetScaler. However, this older ‘Platform’ license is no longer required because all editions of NetScaler now ship with the base AG functionality already enabled. However, you need to apply the new Access Gateway Platform license if you plan to use ‘Basic’ (ICA Proxy / SG Mode-only) vServers. If you plan to use ‘SmartAccess’ (SSL VPN, SmartAccess, Clientless VPN, etc) vServers you need to apply an Access Gateway Universal CCU license.

I am proudly to presents that Citrix have released Netscaler 9.3 and the WebInterface is now integrated and updated to v. 5.4 bye bye black interface welcome white interface with desktops =O)

Citrix® NetScaler® 9.3 Classic and nCore
IT is transforming from an app-centric, physical-based model to a service-oriented, virtualized delivery model. The impact of this transformation is driving consolidation of datacenter infrastructure with demands for greater device functionality, performance and flexibility. NetScaler 9.3 meets this challenge by delivering a service delivery architecture that enables consolidation of adjacent services, like desktop delivery, data optimization, application visibility, network bridging and identity management.

Key New Features in NetScaler 9.3
• Database load balancing for Oracle MySQL
• AppFlowTM – open, IPFIX standards-based application flow visibility
• New dynamic XenDesktop/XenApp health monitors
• Load balancing for Branch Repeater
• Application Firewall signatures

Integrated Web Interface on NetScaler

Web Interface for NetScaler is available as a General Availability feature in NetScaler Release 9.3.The solution requires the use of NetScaler MPX or VPX
models with nCore.The WI version supported for this is WI 5.4.

NetScaler 9.3 Enhancements

AAA

The following AAA feature enhancements are available in this release.

• Kerberos Support for AAA
• AAA and Microsoft SharePoint

Access Gateway
The following Access Gateway enhancement is available in this release.

• Idle Time-Out

Advanced Policies
The following policy enhancements are available in this release.

• Virtual Server-Based Expressions
• Named Expressions
• Support for Unsigned Long and Double Data Types
• Modifying (Corrupting) HTTP Headers
• Pattern Set Name Length
• Encryption and Decryption of Payloads
• Policy-Based Logging for Responder Policies
• Support for the UTF-8 Character Set
• Matching Text by Using a String Map
• Rules for Names in Identifiers Used in Policies
• Stripping Characters From a String
• Tool for Converting Classic Expressions to the Newer
• Default Expression Syntax
• Identifying a Response That is Associated with anHTTP
• Redirect
• Expressions for Generating the Day of the Week, as Strings,
• in Short and Long Formats
• Enhancements to Expressions That Process Binary Strings
• Rewriting TCP Payloads

AppExpert
The following AppExpert enhancements are available in this release.

• Deployment Files for AppExpert Applications
• Roll Back Support for AppExpert Application Import
• Creating Application Templates from Content Switching
• Virtual Servers

Application Firewall
The following Application Firewall enhancements are available in this release.

• Document Type Definitions (DTD) Support for XML Security
• Checks
• Audit Server Configuration for Application Firewall
• Learning Visualizer for Deployed Application Firewall Rules
• SNMP Traps for Application Firewall Security Checks
• Application Firewall Custom Variables for HTML/XML Error
• Objects
• Cookie Encryption, Cookie Proxying, and Adding Flags to
• Cookies
• Limiting the Number of Files Uploaded to a Web Site
• New Signatures Feature
• Configuration Wizard Added to Application Firewall
• Excluding XML Elements and Attributes from Security
• Checks
• Inverse Regular Expressions
• Adding XQuery Injection Patterns to XPath
• Web-Based GUI Editor for Imported Files
• XML SOAP Array Rule Added to XDOS Check
• Application Firewall/XML Signature Updates
• Importing Cenzic Scan Results as XML File

Compression
The following compression feature enhancements are available in this release.

• Policy Manager for Compression

Configuration Utility
The following configuration utility enhancements are available in this release.

• EdgeSight Monitoring
• IP Address Type Identification in VLAN Configuration
• Dialog Boxes
• Default Policy Format for NetScaler Features
• Viewing SYSLOG Event IDs
• IP Address Range Support
• Customized System User Prompt
• UTF-8 Support in Regular Expression Editors

Documentation
The following documentation enhancements are available in this release.

• NetScaler Documentation on eDocs
• Enhanced Context-Sensitive Online Help

Hardware
The following hardware enhancement is available in this release

• Support for 1G SFP Hot Swap

High Availability
The following high availability enhancements are available in this release.

• Synchronizing Configuration Files in High Availability Setup
• Enhanced Force Failover Warning Message

HTML Injection (EdgeSight Monitoring)
The following HTML Injection enhancement is available in this release.

• Details of Virtual Server and Service

Integrated Cache
The following integrated cache enhancements are available in this release.

• Integrated Cache Support for Single Byte-Range Requests
• Built-in Content Group, Pattern Set, and Policies for the
• Integrated Cache

Monitoring Utility
The following monitoring utility enhancement is available in this release.

• Viewing Dashboard Functionalities on the Monitoring Utility

Domain Name System (DNS)

The following Domain Name System enhancements are available in this release.

• DNS Security Extensions on the NetScaler
• Controlling the Number of Pipeline Requests on an
• Individual Client Connection

NetScaler VPX
Thefollowing NetScaler VPX enhancements are available in this release.

• 3 Gbps Throughput on the NetScaler Virtual Appliance
• (nCore VPX only)
• VMTools Support (nCore VPX only)
• VLAN Tagging (nCore VPX only)

Networking
The following networking enhancements are available in this release.

• RNAT NAT IP Range
• PBR with Multiple Next Hops
• Round Robin Method for Selecting Source IPs for IP Tunnels
• Simple ACL6
• Inbound Network Address Translation (INAT)
• Prefix-Based IPv6-IPv4 Translation
• Pinging Link Local Address from Any VLAN
• Host Name-Based SNMP Managers
• Time-out for Dynamic ARP Entries
• Alias Name for a VLAN
• Option for Tagging or Untagging the NSVLAN
• New vtysh Command

NITRO API

The following NITRO API enhancements are available in this release.

• NITRO API Support for AppExpert Applications
• NITRO API Support for Entity Templates

Secure Sockets Layer (SSL)
The following Secure Sockets Layer enhancements are available in this release.

• SHA-2 Signature Algorithm Support
• Small Records Processing
• Server Name Indication
• Support for IPv6 Addresses in Online Certificate Status
• Protocol
• Inserting Complete Client Certificate in Online Certificate
• Status Protocol
• Advanced Encryption Standard New Instructions
• PUSH Flag-Based Encryption Trigger Mechanism
• Importing an External Key as a FIPS Key (nCore MPX FIPS appliance only)
• SSL Enhancements in the NetScaler Configuration Utility
• Warm Restart Option On 10G FIPS Appliances (nCore only)

System
The following system enhancements are available in this release.

• Enhanced Application Visibility Using AppFlow (nCore and nCore VPX only)
• Rate Limiting Notification (nCore and nCore VPX only)
• Optimizing the TCP Maximum Segment Size for a Virtual
• Server Configuration
• Specifying a TCP Buffer Size Globally and for Virtual
• Servers and Services
• Memory Consumption Statistics for NetScaler Features
• Statistics for Overall System Memory Consumption
• Filtering a NetScaler Trace to Capture Information About an Interface or a VLAN ID
• Time Stamp of the Last Configuration Change
• View System Date in the NetScaler Command Line
• Omitting Device-Specific Information in Output
• Web Interface on NetScaler (nCore and nCore VPX only)

Traffic Management
The following traffic management enhancements are available in this release.

• Load Balancing of Branch Repeaters for WAN Optimization (nCore and nCore VPX only)
• Database Switching (nCore and nCore VPX only)
• XenApp and XenDesktop Load Balancing Wizard Enhancements
• No-Monitor Option for Services and Service Groups
• Hash-Based Load Balancing Method
• Support for Remote Desktop Protocol Load Balancing (nCore and nCore VPX only)
• Policy-Based Routing Domains (nCore and nCore VPX only)
• Graceful Shutdown of Backend Services
• Additional Statistics for Load Balancing Virtual Servers
• Persistence Time-out Option
• Virtual Servers Bound to a Service Group
• Domain-Name-Based Service Groups
• N-tier Cache Redirection
• Sessionless Load Balancing in IP Mode
• Customization of the HTTPONLY Flag (Classic only)
• Enhancement of XenDesktop Monitors
• Link Load Balancing
• Rule-Based Persistence for ANY Type Virtual Servers

Release Notes about NetScaler 9.3
http://support.citrix.com/article/ctx128937

Downloads

Download NetScaler 9.3 Classic or Ncore here (Require MyCitrix ID)
Download Netscaler 9.3 VPX here (Require MyCitrix ID)
Download Webinterface for NetScaler 9.3 here (Require MyCitrix ID)
Download Application Signature Protection for Application Firewall (Require MyCitrix ID)