Citrix NetScaler Competitive OverviewRob Chen, NetScaler Product Marketing
Citrix Confidential - Do Not Distribute
Gartner ADC Magic Quadrant
Citrix Confidential - Do Not Distribute
Best in class…
Functionality Performance Flexibility
Citrix Confidential - Do Not Distribute
Functionality
Functionality
• Leading feature set• DataStream• AppFlow• XD/XA integration• Application firewall• SSL VPN
Citrix Confidential - Do Not Distribute
Performance
Performance
• 10 Mbps – 50 Gbps• 4.4 Million HTTP requests/sec• Industry leading performance for 2048-bit – 90,000 TPS• 12 Gbps AppFW throughput• Best price/performance
Citrix Confidential - Do Not Distribute
Flexibility
Flexibility
• Choice of form factors: MPX, SDX, VPX• All features available on all platforms• Pay-as-You-Grow & Burst Licensing• AppExpert Policy Engine• Cloud Ready (CloudBridge, CloudGateway, CloudConnectors)
Citrix Confidential - Do Not Distribute
1. Pay-as-You Grow elasticity2. 2x faster 2048-bit SSL performance3. Higher density ADC consolidation solutions4. 100% feature parity for virtual appliances5. Innovative cloud bridging and cloud gateway functionality 6. Open, standards based application visibility7. SQL-intelligent load balancing and offloading8. Simple, highly intuitive policy engine
8 Reasons Why NetScaler Beats F5
Citrix Confidential - Do Not Distribute
Pay-as-You-Grow
Citrix Confidential - Do Not Distribute
Citrix Confidential - Do Not Distribute
NetScaler delivers better price/performance
Citrix Confidential - Do Not Distribute
Better ADC Consolidation
F5 Module Restrictions by PlatformF5 Platform OS Support VE VE Lab 1600 3600 3900 6900 8950 11050 VIP 4400 VCM
B4200 VIP 2400 VCMP B2100
TMOS FeaturesLTM Enterprise package ---- ---- 9.4.6 9.4.6 9.4.8 9.4.6 10.2.0 10.2.0 +PX 11.0 +PX 11.0
Add-on features: routing, ACA, SSL, CMP, IPv6, RS, caching
11.0 11.0 9.4.6 9.4.6 9.4.8 9.4.6 10.2.0 10.2.0 9.6.1 11.0 ---- ----
Analytics (AVR) 11.0 11.0 11.0 11.0 11.0 11.0 11.0 11.0 ---- ---- ---- ----DNSSEC (req. GTM) 11.0 11.0 10.1.0 10.1.0 10.1.0 10.1.0 10.2.1 10.2.1 11.0 11.0 11.0 11.0FIPS Hardware ---- ---- ---- ---- ---- 9.4.8 ---- 11.0 ---- ---- ---- ----
Dual Product ComboLTM + LC ---- ---- 9.4.6 9.4.6 9.4.8 9.4.6 10.2.0 10.2.0 ---- ---- ---- ----LTM + GTM 11.0 11.0 9.4.6 9.4.6 9.4.8 9.4.6 10.2.0 10.2.0 11.0 11.0 11.0 11.0LTM + WBA ---- ---- 11.0 9.4.6 9.4.8 9.4.6 10.2.0 10.2.0 ---- ---- ---- ----LTM + WA Bundle ---- ---- 11.0 9.4.8 10.2.0 10.2.0 ---- ---- ---- ----LTM + ASM 11.0 11.0 11.0 9.4.6 9.4.8 9.4.6 10.2.0 10.2.0 10.0.1 11.0 11.0 11.0LTM + APM 11.0 11.0 10.2.1 10.1.0 10.1.0 10.1.0 10.2.0 10.2.0 ---- ---- ----LTM + WOM 11.0 11.0 10.1.0 10.1.0 10.1.0 10.1.0 10.2.0 10.2.0 ---- ---- ----LTM + WOM Bundle ---- 11.0 10.1.0 10.1.0 10.1.0 10.2.0 10.2.0 Triple Product ComboLTM + WBA + ASM ---- ---- ---- 11.0 10.1.0 10.0.1 10.2.0 10.2.0 ---- ---- ---- ----LTM + WBA + WOM ---- ---- ---- 11.0 10.1.0 10.0.1 10.2.0 10.2.0 ---- ---- ---- ----LTM + APM + WBA ---- ---- ---- 11.0 10.1.0 10.1.0 10.2.0 10.2.0 ---- ---- ---- ----LTM + APM + ASM ---- 11.0 ---- 11.0 10.1.0 10.1.0 10.2.0 10.2.0 ---- ---- ---- ----LTM + ASM + WOM ---- 11.0 ---- 11.0 11.0 11.0 11.0 11.0 ---- ---- ---- ----LTM + GTM + ASM ---- 11.0 ---- 11.0 10.1.0 10.0.1 10.2.0 10.2.0 ---- ---- ---- ----LTM + GTM + WBA ---- ---- ---- 11.0 11.0 11.0 11.0 11.0 ---- ---- ---- ----LTM + GTM + WOM ---- 11.0 ---- 11.0 11.0 11.0 11.0 11.0 ---- ---- ---- ----LTM + GTM + APM ---- 11.0 ---- 11.0 11.0 11.0 11.0 11.0 ---- ---- ---- ----LTM + WOM + APM ---- 11.0 ---- 11.0 11.0 11.0 11.0 11.0 ---- ---- ---- ----LTM + ASM+LC ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ----LTM + LC+ other module ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ----
Citrix Confidential - Do Not Distribute
ADC Capability F5 NetScaler
Virtual ADC software Virtual Edition: Does not support full ADC feature set as BIG-IP appliances
NetScaler VPX: 100% feature parity with NetScaler MPX appliances
Cloud Bridging: secure and
transparent network connectivityLimited
Yes, with Cloud Bridge: Includes site-site VPN, routing and WAN optimization
Single point of control for SaaS, web and enterprise apps
No support NetScaler Cloud Gateway
Citrix NetScaler vs. F5 Cloud-ready Networking
• Democratizes application visibility• True open standard open format• Delivers choice to the market• Leverages existing footprints• Cloud-ready – no span port
required
Citrix NetScaler is AppFlow-ready.
AppFlow ™
F5 TCP LB vs Custom Scripts vs NetScaler SQL LB
Feature/Benefit F5 TCP LB Custom
Scripts
DataStreamTM
SQL LB
Scale-up TCP connections
SQL connection offload
Native SQL LB
Scale out read-only servers
High Availability
Intelligent monitors
SQL content SwitchingRead/Write split & Sharding
Citrix Confidential - Do Not Distribute
ADC Capability F5 NetScaler
Policy creation and management Limited policy creation available in GUI.
Requires iRules and TCL scripting for
most L7 policies
AppExpert Visual Policy Builder. Intuitive framework
with no programming requirement.
Open, standards-based application visibility Not supported. Proprietary reporting only.
Supports Citrix AppFlow standard with broad
ecosystem support.
Graphical visualization tools Limited offerings in v11Multiple policy visualization facilities (network, global
load balancing, and application infrastructure)
Centralized management and
configuration
Enterprise Manager (additional
purchase)
Command Center (included with Enterprise and Platinum editions)
Real-time and historical user experience monitoring
Third-party support only NetScaler EdgeSight
Integrated Web Interface support for XenApp & XenDesktop No Full integration
URL and content rewrite Yes. Content rewrite for any TCP Yes. Content rewrite on any HTTP
Citrix NetScaler vs. F5Policy Management
• F5 illegally modifies settings in XenDesktop’s underlying protocol, ICA, so that BIG‐IP can act as forward proxy for XenDesktop clients• Exposes the internal network and host information to potential hackers• XenDesktop clients can’t validate that a particular file originated from a trusted source• May prevent users from accessing their XenDesktop when behind an actual proxy server
• Lacks Secure Ticketing Authority (STA) so hackers can emulate F5’s approach and gain access
• No support for Citrix SmartAccess policies
• No support for ICA signing, preventing XenDesktop from validating that an ICA file originated from a trusted source
Only NetScaler Offers True XD/XA Support
• Not a long‐term solution ‐ F5 has reverse engineered Citrix’s client authentication methods in their Access Policy Manager (APM). Any Citrix revision to methods will break XenDesktop.
• F5 deployment guide violate Citrix best practices by instructing that non‐secure ports be used for XML broker services and Web Interface traffic – potentially compromising user credentials
• Requires that IT managers closely adhere to 100+ pages of detailed deployment guides and modify unsupported iRules (TCL‐based scripts). No configuration wizards to avoid errors.
Only NetScaler Offers True XD/XA Support (cont.)
Citrix Confidential - Do Not Distribute
•ACE is not “best-in-class”•ACE is not a strategic product for Cisco•ACE lacks advanced ADC features•ACE provides poor price/performance•ACE is NOT suited for cloud deployments•ACE does not provide integration with XenDesktop/XenApp
Cisco Ace: Executive Summary
Citrix Confidential - Do Not Distribute
•ACE30 Module for Cisco Catalyst 6500 and Cisco 7600•ACE 4710 appliance•ACE GSS 4492R Global Site Selector•ACE Web Application Firewall (EOS: Aug 2010)•ACE XML Gateway (EOS: Aug 2010)
Cisco ACE Product Line
Citrix Confidential - Do Not Distribute
Key ACE Limitations
•No IPv6 support•No ACE module for Nexus 7000•No optimization for 2048-bit SSL certificates•No 10G interfaces on ACE 4710 appliance•No stateful HA•No virtual appliance
5 Reasons Why ACE Is Being Replaced
Fails to Meet SSL Requirements
• No optimization for 2048-bit SSL• Dramatically behind industry in SSL transaction/sec performance• ACE appliance maxes out at only 1 Gbps SSL (No Pay-Grow for SSL)
No ADC Innovation
• Lacks most basic ADC functions (e.g. app firewall, caching and GSLB)• Years away from advanced ADC features (e.g. database LB, app visibility)• Expensive Catalyst or 7600 required to achieve performance > 4 Gbps
Primitive Management
• No pre-defined policies or configurations • No application templates for popular enterprise apps• Graphical UI missing visualization and basic policy definition tools
Zero XD/XA Integration
• No awareness or visibility of XenDesktop/XenApp infrastructure• Unable to monitor critical XD/XA services to ensure 100% availability• Cannot support secure access to XD/XA (no SSL VPN)
Not Ready for the Cloud
• No virtual appliance option• No multi-tenancy – lacks software and resource isolation• Management plane does not scale for multiple tenants
No Multi-tenancy. No Consolidation. No Scalability. No Dice.
No virtualization = No multi-tenancy
• ACE architecture does not support true virtualization• Contexts aren’t separate instances, but partitions of a shared instance• Cannot directly allocate and hardwall CPU and memory per context
Wrong Platform for ADC
Consolidation
• No context-level lifecycle independence. All or nothing for entire device. • No context-level version independence. All or nothing for entire device.• No context-level HA. All or nothing for the entire device.
Does Not Scale
• All contexts share a single management plane• All management entities are shared across system – no isolation• Lack of resource hardwalling means one context can overrun another
Citrix Confidential - Do Not Distribute
•ACE has lost nearly half of its ADC market share in 3 years•2007: 32%•2010: 17.4%
•Current execution issues forcing Cisco to focus on core routing and switching business and deprecate others
•ACE is not currently a strategic product for Cisco•Application delivery and security is not a focus for Cisco•Three years behind - last major ACE software release was in 2008•EOS’d complementary products (Web Application FW and XML Gateway)
Cisco ACE is a laggard…
Citrix Confidential - Do Not Distribute
Cisco’s steep decline in market share says it all…
1 2 3 40%
5%
10%
15%
20%
25%
30%
35%32%
31%
24%
17%
Cisco ACE – ADC Market Share
2007 2008 2009 2010
Source: Gartner
Citrix Confidential - Do Not Distribute
Cisco ACE Feature Analysis – Load BalancingFeature NetScaler ACE 30 Module ACE 4710 Appliance
L4 load balancing ✔ ✔ ✔
L7 content switching ✔ ✔ ✔
Database load balancing DataStream X X
XML content switching ✔ X X
Rate limiting ✔ BW only; no PPS limiting;no alerting or responder
BW only; no PPS limiting;no alerting or responder
IPv6 support ✔ X X
Global load balancing ✔ Requires Cisco GSS Requires Cisco GSS
Dynamic routing protocols
✔ ✔ ✔
Surge protection ✔ X X
Priority queuing ✔ X X
Health Monitoring Limited scale and functionality
Limited scale and functionality
Citrix Confidential - Do Not Distribute
Cisco ACE Feature Analysis– App Acceleration
Feature Category NetScaler ACE 30 Module ACE 4710 Appliance
Client and server TCP optimizations
✔ ✔ ✔
Compression ✔ ✔ ✔
Caching ✔ X ✔
Pre-fetch cache invalidation
✔ X X
Citrix Confidential - Do Not Distribute
Cisco ACE Feature Analysis – Offload
Feature NetScaler ACE 30 Module ACE 4710 Appliance
TCP buffering ✔ ✔ ✔
TCP multiplexing ✔ ✔ ✔
SQL multiplexing ✔ X X
SSL offload ✔ ✔ ✔
2048-bit SSL Optimization
✔ X X
Cache redirection including multi-layer support
✔ X X
Citrix Confidential - Do Not Distribute
Cisco ACE Feature Analysis – Security
Feature NetScaler ACE 30 Module ACE 4710 Appliance
L4 DoS defenses ✔ ✔ ✔
L7 content filtering ✔ ✔ ✔
HTTP/ URL rewrite ✔ Headers only Headers only
SSL VPN ✔ X X
L7 DoS defenses ✔ X X
AAA for traffic management
✔ X X
Application firewall ✔ X X
XML security ✔ X X
Citrix Confidential - Do Not Distribute
Cisco ACE Feature Analysis – Management
Feature NetScaler ACE 30 Module ACE 4710 Appliance
App visual policy builder ✔ X X
App service callouts ✔ X X
App templates ✔ X X
App visualizer ✔ X X
Role-based admin. ✔ ✔ ✔
AAA for administration ✔ ✔ ✔
Configuration wizards ✔ X X
Native Citrix Web Interface
✔ X X
Unified management ✔ ✔ ✔
Application performance monitoring
✔ X X
Citrix Confidential - Do Not Distribute
Cisco ACE30 Module Price/Performance Analysis
CategoryCisco
ACE 30NetScaler
MPX 14500
Throughput (Gbps) 16 16
L7 CPS (k) 200 1600
Max Conn Capacity (M) 4 25
SSL TPS (k) 30 95
SSL Bulk (Gbps) 6 7
Compression (Gbps) 6 4.5
Pricing $130K (w/GSLB) $125K – EE
MPX 14500 offers up to 8X greater performance than ACE 30 for $5K less
8X
6X
3X
Citrix Confidential - Do Not Distribute
Cisco ACE 4710 Price/Performance AnalysisCategory ACE 4710
(500 Mbps)NetScalerMPX 5500
ACE 4710(1 Gbps)
NetScalerMPX 7500
ACE 4710(2 Gbps)
NetScalerMPX 9500
ACE 4710(4 Gbps)
NetScalerMPX 9700
Throughput (Gbps) .500 .500 1 1 2 3 4 4
L7 CPS (k) 30 50 30 100 30 200 30 450
Max Conn Capacity (M) 1 1.5 1 5 1 5 1 10
SSL TPS 7500 5000 7500 10000 7500 20000 7500 20000
SSL Bulk (Gbps) 1 .500 1 1 1 3 1 4
Compression (Gbps) .500 .500 1 1 2 2 2 4
Pricing:4710 vs SE
$16K $12K $30K $22K $40K $32K $50K $37K
Pricing:4710+GSS vs. EE+Cache
$36K $26K $50K $36K $60K $50K $70K $55K
MPX Delivers 3X – 10X Greater Performance for Less $$$ than ACE 4710
Citrix Confidential - Do Not Distribute
•ACE is not an ADC market leader•ACE is not a strategic product for Cisco•ACE offers poor price/performance•ACE product is missing key functionality and support• IPv6•2048-bit SSL optimization•No 10G support for 4710 appliance and no module for Nexus 7000
•No ACE virtual appliance•Zero XenDesktop/XenApp support
Summary
On-boarded Alteon installed base• WW share grew to 9%• Added to presence in EMEA and APAC
Good tactical sales execution• Link load balancing (LinkProof)• OEM of Imperva (AppWall)
Telco Focus• SIP opportunities
Compelling vision for virtual ADCs• Virtual App Delivery Infrastructure (VADI) • Multi-tenant solution (ADC-VX)• Soft ADC
StrengthsWhat They’re Doing Right
Still Missing Key ADC Capabilities
• SSL VPN• Performance monitoring (EdgeSight)• Large-size cache (750 MB max)• Rewrite• Call-outs• Cache redirection• Responder• Flexible cache and compression policies• Usable Pay-as-you-Grow model
AppWall $20,000 Imperva OEM
AppXML $41,000 Open Systems OEM
AppDirector $33,900
1Gbps Radware Solution Total Cost
$94,900
NetScaler 7500 Platinum$45000
1Gbps NetScaler Solution Total Cost
$45,000
Radware - Point Solution Approach Citrix NetScaler - Integrated ADC Solution
Fragmented & Expensive Portfolio
Load balancer
App Firewall
XML Delivery
AppWall $20,000 Imperva OEM
AppXML $41,000 Open Systems OEM
AppDirector $33,900
1Gbps Radware Solution Total Cost
$117,900
NetScaler 7500 Platinum$45000
1Gbps NetScaler Solution Total Cost
$45,000
Radware - Point Solution Approach Citrix NetScaler - Integrated ADC Solution
Fragmented & Expensive Portfolio
Load balancer
App Firewall
XML Delivery
App Acceleration AppXcel $23,000
• Native Load Balancing support for Branch Repeater • Integrated end-to-end Citrix solution
• Enables large scale datacenter deployment of Branch Repeater• 20X increase on max. users/concurrent active TCP connections using MPX 5500 • 100X increase on max. bandwidth using MPX 21500• 10G aggregated link with MPX
• Supports normal HTTP processing along with WAN Optimization in NS
• Enables DC to DC disaster recovery BR deployments
Load Balancing for Branch Repeater
Increases scalability and enables BR to address large scale opportunities
F5 Networks Low to Mid Range Comparison
Citrix Confidential - Do Not Distribute
NS MPX 5500
F5 1600
NS MPX 7500
F53600
NS MPX 9500
F53900
F5 6900
NS MPX 11500
L4/L7 Throughput-Gbps 0.5 1.0 1.0 2 3 4 6 8
HTTP RPS (K) 50 100 100 135 200 400 600 800
TCP CPS (K) 115 60 170 115 335 175 220 1000
TCP Sessions 1.5M 1M 5M 4M 5M 8M 8M 13M
SSL Throughput-Gbps 0.5 1 1 2 3 2.4 4 6
SSL TPS (K)-1K/2K 5/1 5/1 10/3 10/2 20/5 15/3 25/5 54/11
Compression (Gbps) 0.5 1 1 1 2 3.8 5 2.5
Module limits NO Two NO Three NO Four Six No
Price-Enterprise $22,000 $30,500 $32,000 $42,500 $42,000 $53,000 $75,000 $65,000
Rated Power /quantity 300W/1 300W/1+1 450W/1+1 300W/1+1 450W/1+1 300W/1+1 850W/2 650W/2
Memory 4 GB 4GB 8 GB 4GB 8 GB 8GB 8GB 48GB
Ports 4x1G 6x1G 8x1G 10x1G 8x1G 12x1G 24x1G 4x10G+8xG
Multi-tenancy ready No No No No No No No Yes-20
Pay-As-You-Grow No No Yes to 3G No No No No Yes to 42G
F5 Networks Mid/High Range Comparison
Citrix Confidential - Do Not Distribute
NS MPX 13500
F5 8900
NS MPX 14500
F58950/S
NS MPX 16500
NS MPX 18500
F5 11050
NSMPX
20500
L4/L7 Throughput-Gbps 12 12 18 20 24 36 42 42
HTTP RPS (K) 1400 1200 1600 1900 2000 2500 2500 2600
TCP CPS (K) 1300 400 2700 800 3600 4100 1000 4300
TCP Sessions 20M 16M 25M 16M 30M 40M 32M 52M
SSL Throughput-Gbps 6.5 9.6 7 9.6 9 10.5 15 11
SSL TPS (K)-1K/2K 80/17 58/11.6 107/23 56/11.2100/20-S
133/28 158/34 100/20 200/45
Compression (Gbps) 3.5 8 4.5 8 5.5 7 12 8
Module limits NO No NO No NO NO No No
Price-Enterprise(F5 add $31K GTM/LC)
$95,000 $120,000 $125,000 $120,000$140,000-S*
$150,000 $185,000 $150,000 $210,000
Rated Power /quantity 650W/2 850W/2 650W/2 850W/2 650W/2 650W/2 850W/2 650W/2U
Memory 48GB 16 GB 48GB 16GB 48GB 48GB 32 GB 48GB
Ports 4x10G+8xG 2x10G+24xG
4x10G+8xG 2x10G+24xG
4x10G+8xG 4x10G+8xG 10x10G 4x10G+8xG
Multi-tenancy ready Yes-20 No Yes-20 No Yes-20 Yes-20 No Yes-20
Pay-As-You-Grow Yes to 42G No Yes to 42G No Yes to 42G Yes to 42G No No
*Estimate