Netscaler 11 Feature Review

NetScaler 11 – Feature Review

BYGRAHAM HOSKING· JULY 1, 2015

NetScaler 11went GA yesterday: 30thJune 2015, and is available from the Citrix download portal as build: 11.0 – 55.20 (http://www.citrix.com/downloads/netscaler-adc/virtual-appliances/netscaler-vpx-release-110.html) . I’ve been evaluating this release for the past couple of weeks under NDA, so I can finally tell you about it! I’ve been really impressed with Citrix finally implementing features that should have been there from the very start, such as portal customisation from the GUI!

There are a number of changes with NetScaler 11 but I just wanted to cover a few that stick out..

NetScaler Unified Gateway:

Portal Enhancements:

Per virtual server changes to the logon, meaning that would can have different portals that connect to different look and feel to each. These changes are available through the new Portal Themes option within the Gateway admin interface.

Custom Error Messages– You’re also able to add custom EPA error pages with information that users will understand. You can add/modify these to explain what you want the end user to get.

Here you can change the following from an easy to manage UI. No more will NetScaler admins need to manually change code and hack around with files within the NetScaler itself.

Remove Unwanted Options– Options such as Personal Bookmarks and File Shares Tab can de disabled, as a tick option! No more messing around with conf files.

Set a EULA – Can setup and customise and bind different user license agreements per portal. Users need to click through this in order to connect through the portal.

Client choices– page are also changed. The new GUI to explain to users which options they’d like to connect to, such as full VPN or to published applications or websites/portals known as clientless:
Smart Control

Granular control for XenApp/desktop for security blocking such as restrictions with clipboard access, mapped drive access or printer mapping. Because the NetScaler is the defining point where the rules can be checked and restricted against connections and Xenapp/Desktop policies, this allow greater control over the security for your environment.

Dubbed an ICA Firewall: The diagram below is an example of how the restrictions work through the NetScaler and groups of users: (Curiously of Citrix Masterclass 1/07/15)

What can be controlled?

§  Client clipboard redirection

§  Client drive mapping

§  Client USB device redirection

§  Client audio redirection

§  Client COM port redirection

§  Client printer redirection

§  Multi stream

§  File Sharing for Receiver for HTML5

§  Rather than main the admin configure capabilities on multiple backend XenApp/Desktop server, with SmartControl, NetScaler becomes a single port of configuration.

§  Users can be granted access based on EPA checks.

Unified Gateway

To have the ability to connect single portal/URL for end users to connect to other resources not only that reside on premise but in the cloud as well. It allows for single sign-on of authentication to dissimilar services.

This solution basically leverages content filtering features of the NetScaler. This also means that the licensing requirements for the UG is it will only work with Platinum and Enterprise.

Webfront

Webfront is a new web interface where it allows for the Storefront Website to reside on the NetScaler.

Other Enhancements/Updates:

User Interface– No More JAVA! Anywhere. I know that 10.5 still had Java for Firmware upgrades and AppFirewall. You will be glad to know it’s now all gone and is HTML5. Citrix has also added some tweaks to the existing HTML5 interface.

There are also new wizards for Unified Gateway:

New Visualizers also to easier see setup such as response/responded bindings:

Traffic Management–

Secure Cookie Enhancement is now more secure using high encryption so cookies can’t not be hacked and server IP’s for example be found.

Enhancements with load balancing for persistency groups across vServers. The example your shopping cart could be empty while switching vServers, so this allows different persistence rules.

HTTP/2 Support is now available and checks if the end client is capable before using it.

SSL

Now available to get your SSL LABS to an A+!! TLS 1.1 & 1.2 is now available on All NetScaler (VPX, MPX)

SAN certificates are now supported on the backend server.

Citrix have now changed the cipher list. This means that client connecting would negotiate the cipher, unfortunately weaker ciphers where used first, this has now changed.

2048 Bit certificates are now used as default for the NetScaler Management.

Admin Partitions

This was available in e – Enhanced versions of previously 10.5 builds, this has been brought into NetScaler 11 and allows 1 NetScaler to be carved up into individual NetScaler. This normally was only allowed on the SDX (allows virtual NetScalers) however this feature is now available on all versions including VPX.

Enhancements added to Admin Partitions are: AAA Traffic Management Feature support / Each partition can run routing protocols / Integrated caching and web logs.