30 May
APPLICATION DELIVERY CONTROLLER: A KEY TO APP MODERNIZATION

Contemporary methods of application development, like microservices and Function as a Service (FaaS), provide highly efficient ways to bring value to both your organization and its customers.

Microservices enable rapid movement by allowing changes to be made to small segments of your system numerous times throughout the day. Their competitive benefits are so substantial that one might assume most enterprises have already modernized and revamped their applications. Yet, the truth differs significantly. 

The 2023 Gartner CIO and Technology Executive Survey indicates that while the shift to contemporary technology platforms is progressing, it is not yet finished. Gartner's survey in 2023 reveals:

  • 46% of organizations expected to increase their spend on application modernization.
  • 50% planned to increase their spend on cloud platforms.
  • 47% said they would decrease investments in legacy infrastructure and data center technologies.

The main reason application modernization takes time in large enterprises is the complexity of the modern deployment environment. Enterprise IT teams typically deal with their own data centers alongside multiple public clouds — often as a result of mergers and acquisitions — while trying to deliver new ideas to customers quickly and reliably.

The Evolution of NetScaler Application Delivery Controller

Citrix ADCr stands out as a leader in the ADC environment, having begun over 20 years ago as a load balancer. During the late 1990s and early 2000s, it managed the bulk of internet traffic. Following its acquisition by Citrix in 2005, NetScaler incorporated technologies tailored for Citrix workload. However, in 2022 Citrix’s acquisition in 2022, by the Cloud Software group their ADC was re branded as NetScaler

NetScaler has developed into a comprehensive application delivery and security platform over time. It provides various form factors, including virtualized, containerized, and bare-metal ADCs. As a component of the core application architecture, NetScaler facilitates secure, business-critical operations for major financial, retail, healthcare, and public cloud providers globally.

NetScaler serves as the preferred application delivery and security platform for the world's leading enterprises, which depend on NetScaler for robust application delivery, extensive application and API security, and complete observability.

Despite the wide range of supported form factors, NetScaler emphasizes maintaining a single, common codebase, with releases planned and rolled out to ensure feature parity across the different form factors. The interfaces and APIs used by customers are using to manage their applications stay the same — whether in their data center, edge or cloud, thus creating a significant benefit for developers as there is only one set of APIs and user interfaces to learn.

Most ADCs, like NetScaler, possess core networking and switching capabilities to function within a network, yet they are not conventional switches or routers. They operate across OSI layers 3 to 7. whereas NetScaler nodes are designed to distribute the load among multiple servers—ranging from tens to thousands, or even tens of thousands, that users are attempting to access.

Larger enterprises often implement deployments across various locations. NetScaler covers this by offering a feature known as global server load balancing (GSLB), enabling load distribution across on-premises and cloud data centers in multiple locations. Managing operations at such a scale necessitates extensive automation, including infrastructure as code. Enterprises using Terraform and Ansible for their infrastructure management, NetScaler has provided REST APIs, however NetScaler introduced next-generation, declarative APIs. These greatly simplify the management of NetScaler [ADCs] with Infrastructure as Code approaches, as they are centered on application services rather than on networking constructs.

Environment agnostic. Intent based. API driven.
Application delivery for a multi-cloud world courtesy - The Cloud Software Group

NetScaler’s three major pillars - security and observability and performance

API Security

NetScaler's one-pass architecture initiates by decrypting HTTPS traffic. Following this, it engages additional security services like WAF, bot protection, and API security. As most traffic is now controlled by APIs - API security has grown crucial. This importance stems from the need for interservice communication in a microservices-style architecture, which increases security risks for East-West traffic within the data center and to external partner applications.

NetScaler's API protection encompasses rate limiting, authentication, authorization, and content routing. It also employs machine learning to thwart various cyber threats, including excessive client connections through APIs and attempted account takeovers. 

Furthermore NetScaler CPX, a container-based ADC, ensures security within the cluster. NetScaler pioneered the introduction of Mult cluster ingress controllers in the industry. A NetScaler ingress controller, positioned within the Kubernetes cluster, configures a load balancer (or a NetScaler ADC outside the cluster) and communicates back to distribute the load across multiple clusters, facilitating Mult cluster load balancing within the data center, and beyond it, NetScaler utilizes GSLB for load balancing and traffic management. 

Observability

Observability is a key component of a strong security posture. The NetScaler node tracks around 25,000 parameters for each session that passes through the internal and external networks, and this data is made available to operations teams through the NetScaler Console.

Recognizing the importance of this information for security administrators a few years back, admin typically didn't use the NetScaler Console since it wasn't part of their primary responsibilities. However, with the growth of the observability field, which now includes tools like Elasticsearch, Honeycomb, New Relic, Prometheus, and Splunk, NetScaler has developed the ability to export data to these platforms enabling administrators to act quickly to any anomalies.

Performance

Beyond observability and security features, NetScaler excels in high-performance application delivery, gauged by throughput, latency, or total transactions per second. 

In 2021, Citrix engaged Tolly to evaluate NetScaler's (formerly Citrix ADC) performance against F5 BIG-IP Virtual Edition (VE). Conducted in an AWS setting, the tests examined ADC and firewall functions across various encryption protocols. Tolly used latency as a measure of responsiveness, along with transaction throughput and user experience, focusing on P99 latency that captures the slowest 1% of traffic. 

Despite the inherent skepticism towards vendor-sponsored benchmarks, Tolly found Citrix ADC VPX surpassed F5 BIG-IP VE in every test, achieving lower latency and CPU usage for similar throughput. 

This is attributed to NetScaler's superior performance to its one-pass architecture - i.e. after decrypting the packet, NetScaler process all subsequent functions in one go without rerouting. This allows concurrent execution of multiple computing tasks, like network and security checks, offering notable latency and throughput benefits for NetScaler.

Finally, always evaluate the options to meet overall business requirements

In the realm of commercial options like F5's BIG-IP, Open-Source alternatives such as HAProxy also exist. However, OAS always recommends that customers evaluate all options before implementing any technology. For example, Open-source load balancers are excellent for initial innovation and app development however, for enterprise environments, a fully supported solution is likely necessary. 

Platform teams often prefer a single solution to minimize the attack surface, as opposed to any developer-ready download. To assist developers interested in experimenting, NetScaler has introduced NetScaler CPX Express, a complimentary version of its Kubernetes ingress proxy that offers a direct route to production. 

Finally, Citrix has incorporated all of NetScaler's features into its new subscription models, allowing Citrix clients to more affordably extend NetScaler's application delivery and security to hybrid and multi-cloud setups throughout the enterprise. The overall aim is to provide customers with an almost limitless functionality, capability, and capacity to navigate the complexities of contemporary applications.

More from NetScaler and crucial links


Comments
* The email will not be published on the website.