Citrix goes virtual with more appliances

Gets physical with web app firewall

Secure remote control for conventional and virtual desktops

The profit margin on a virtual appliance is a lot higher than on a physical one, and when you own your own hypervisor, as Citrix Systems does, then that's two reasons to promote the running of appliance applications inside virtual machines. And so, after some dabbling last year, when it put its NetScaler network acceleration code inside of a Xen VM, Citrix is going all the way with the idea.

At the same time, the company is breaking the key code in what used to be called its WANscaler product (and which was rebranded as Branch Repeater) into separate access gateway and Branch Repeater WAN acceleration modules and selling them separately as virtual appliances running atop XenServer 5.5.

None of this means that Citrix will not sell companies the physical appliances it has been selling for years. If you want to pay the premium or need more bandwidth than the virtual appliances can deliver, then by all means, get physical. And according to Greg Smith, director of the Cloud and Network Products group at Citrix, when it comes to security appliances in particular, some companies still feel more comfortable with a physical appliance. Which is why the NetScaler physical appliances are now being supplemented with five new pieces of gear.

For more than four years, the NetScaler physical appliances, which accelerate applications and provide caching for applications running on the internal network, have included a Web application firewall. This firewall is designed to protect HTML and XML applications from denial of service, SQL injection, and cross-site scripting attacks, and it also secures data and works in conjunction with virtual private networks that give employees remote access to applications. The NetScaler application firewall is the belt that goes alone with the network firewall suspenders. And until now, you had to buy a whole NetScaler appliance (at the Platinum Edition level) if you wanted the firewall.

With today's announcement, Citrix is putting out five models of NetScaler physical appliances that just have the application firewall running on them. These boxes are cheaper than the full NetScaler appliances, obviously. The five machines, which are multicore, Intel-based servers, run a hardened version of BSD Unix. Pricing on the NetScaler appliances range according to the amount of network bandwidth they can handle.

The MPX 5500 application firewall costs $20,000 and it's rated at 500 Mb/sec, the MPX 7500 costs $35,000 and has twice the bandwidth. If you double the bandwidth again to 2 Gb/sec, the MPX 9500 only costs $45,000, and bumping it up to the MPX 10500 and its 3 Gb/sec of bandwidth raises the price to $55,000. The top-end MPX 12500 application firewall is rated at 5 Gb/sec and costs $85,000.

Net-cost software upgrades are available to move from the MPX 7500 to the MPX 9500 and from the MPX 10500 to the MPX 12500. You can also upgrade the software running on the box to get the full NetScaler software stack (acceleration and caching), not just the application firewall. The pricing for that upgrade is basically the net cost between the app firewall and the full NetScaler appliance plus a little premium on top for the hassle.

On the virtual appliance front, Citrix is adding two different products, both of which are derived from the WANscaler product. Branch Repeater VPX encapsulates the WAN caching and acceleration code in a XenServer 5.5 virtual machine and can support 2 Mb/sec, 10 Mb/sec, or 45 Mb/sec of bandwidth depending on the version you buy.

The base Branch Repeater VPX-2 virtual appliance is rated at 2 Mb/sec and costs $4,000. The base Branch Repeater MPX physical appliance is rated at the same throughput and costs $6,000. Basically, you are paying for your own server and saving a little on top. Branch Repeater VPX ships on March 12.

The Access Gateway VPX virtual appliance is a just what it says it is, a virtual private network gateway to allow remote offices to get access to applications running back in the data center. The Access Gateway VPX costs $995 and supports 500 concurrent users. The hardware version of the gateway from Citrix rated at the same number of users costs $3,500. Citrix actually started shipping the Access Gateway VPX on February 3, but didn't tell anyone.

The NetScaler VPX virtual appliance that went into beta last May and became generally available in September also runs atop XenServer 5.5; it costs $2,000 for a virtual appliance rated at 10 Mb/sec.

According to Sai Allavarpu, senior director of product marketing at Citrix, companies can put all three virtual appliances on a single server if they want all three functions and push them out into the network as easily as deploying any other server-based workload. With hardware-based appliances, you need to figure out what you need ahead of time, by the physical appliance, and install it.

When you need more bandwidth or to support more users, you need to do a procurement for new hardware. This takes time, and usually meets with some resistance. What Allavarpu envisions is that companies will deploy physical appliances in their data centers for basic needs and use virtual appliances to augment this capability and to push some of this acceleration and caching function out to the branch offices as well.

All three of the virtual appliances - NetScaler VPX, Branch Repeater VPX, and Access Gateway VPX - come with freebie Express variants that have crimped bandwidth and user support so you can test the code out before shelling out cash. The virtual appliances also support XenServer HA clustering for failover and load balancing. Service providers can get pay-as-you-go utility pricing on the virtual appliances and enterprises can get annual licenses if they don't want to pay for a perpetual license and annual support fees.

Citrix is well aware that XenServer is not the only hypervisor for x64 machines and plans to support Branch Repeater VPX on Microsoft's Hyper-V sometime in the second half of 2010, with an Amazon EC2 image coming out before year's end. VMware's ESX Server hypervisor will be supported at some unnamed later date. Access Gateway VPX will get an Amazon AMI later in 2010, and it will have the same future ESX Server support. No word on Hyper-V for this one. NetScaler VPX is already in tech preview for ESX Server, and it would be surprising if Hyper-V support didn't make it to market ahead of ESX Server. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Fat fingered geo-block kept Aussies in the dark
NASA launches new climate model at SC14
75 days of supercomputing later ...
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
Don't worry about that cable, it's part of the config
Stop the IoT revolution! We need to figure out packet sizes first
Researchers test 802.15.4 and find we know nuh-think! about large scale sensor network ops
SanDisk vows: We'll have a 16TB SSD WHOPPER by 2016
Flash WORM has a serious use for archived photos and videos
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story


Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.