Citrix goes virtual with more appliances

Gets physical with web app firewall

HP ProLiant Gen8: Integrated lifecycle automation

The profit margin on a virtual appliance is a lot higher than on a physical one, and when you own your own hypervisor, as Citrix Systems does, then that's two reasons to promote the running of appliance applications inside virtual machines. And so, after some dabbling last year, when it put its NetScaler network acceleration code inside of a Xen VM, Citrix is going all the way with the idea.

At the same time, the company is breaking the key code in what used to be called its WANscaler product (and which was rebranded as Branch Repeater) into separate access gateway and Branch Repeater WAN acceleration modules and selling them separately as virtual appliances running atop XenServer 5.5.

None of this means that Citrix will not sell companies the physical appliances it has been selling for years. If you want to pay the premium or need more bandwidth than the virtual appliances can deliver, then by all means, get physical. And according to Greg Smith, director of the Cloud and Network Products group at Citrix, when it comes to security appliances in particular, some companies still feel more comfortable with a physical appliance. Which is why the NetScaler physical appliances are now being supplemented with five new pieces of gear.

For more than four years, the NetScaler physical appliances, which accelerate applications and provide caching for applications running on the internal network, have included a Web application firewall. This firewall is designed to protect HTML and XML applications from denial of service, SQL injection, and cross-site scripting attacks, and it also secures data and works in conjunction with virtual private networks that give employees remote access to applications. The NetScaler application firewall is the belt that goes alone with the network firewall suspenders. And until now, you had to buy a whole NetScaler appliance (at the Platinum Edition level) if you wanted the firewall.

With today's announcement, Citrix is putting out five models of NetScaler physical appliances that just have the application firewall running on them. These boxes are cheaper than the full NetScaler appliances, obviously. The five machines, which are multicore, Intel-based servers, run a hardened version of BSD Unix. Pricing on the NetScaler appliances range according to the amount of network bandwidth they can handle.

The MPX 5500 application firewall costs $20,000 and it's rated at 500 Mb/sec, the MPX 7500 costs $35,000 and has twice the bandwidth. If you double the bandwidth again to 2 Gb/sec, the MPX 9500 only costs $45,000, and bumping it up to the MPX 10500 and its 3 Gb/sec of bandwidth raises the price to $55,000. The top-end MPX 12500 application firewall is rated at 5 Gb/sec and costs $85,000.

Net-cost software upgrades are available to move from the MPX 7500 to the MPX 9500 and from the MPX 10500 to the MPX 12500. You can also upgrade the software running on the box to get the full NetScaler software stack (acceleration and caching), not just the application firewall. The pricing for that upgrade is basically the net cost between the app firewall and the full NetScaler appliance plus a little premium on top for the hassle.

On the virtual appliance front, Citrix is adding two different products, both of which are derived from the WANscaler product. Branch Repeater VPX encapsulates the WAN caching and acceleration code in a XenServer 5.5 virtual machine and can support 2 Mb/sec, 10 Mb/sec, or 45 Mb/sec of bandwidth depending on the version you buy.

The base Branch Repeater VPX-2 virtual appliance is rated at 2 Mb/sec and costs $4,000. The base Branch Repeater MPX physical appliance is rated at the same throughput and costs $6,000. Basically, you are paying for your own server and saving a little on top. Branch Repeater VPX ships on March 12.

The Access Gateway VPX virtual appliance is a just what it says it is, a virtual private network gateway to allow remote offices to get access to applications running back in the data center. The Access Gateway VPX costs $995 and supports 500 concurrent users. The hardware version of the gateway from Citrix rated at the same number of users costs $3,500. Citrix actually started shipping the Access Gateway VPX on February 3, but didn't tell anyone.

The NetScaler VPX virtual appliance that went into beta last May and became generally available in September also runs atop XenServer 5.5; it costs $2,000 for a virtual appliance rated at 10 Mb/sec.

According to Sai Allavarpu, senior director of product marketing at Citrix, companies can put all three virtual appliances on a single server if they want all three functions and push them out into the network as easily as deploying any other server-based workload. With hardware-based appliances, you need to figure out what you need ahead of time, by the physical appliance, and install it.

When you need more bandwidth or to support more users, you need to do a procurement for new hardware. This takes time, and usually meets with some resistance. What Allavarpu envisions is that companies will deploy physical appliances in their data centers for basic needs and use virtual appliances to augment this capability and to push some of this acceleration and caching function out to the branch offices as well.

All three of the virtual appliances - NetScaler VPX, Branch Repeater VPX, and Access Gateway VPX - come with freebie Express variants that have crimped bandwidth and user support so you can test the code out before shelling out cash. The virtual appliances also support XenServer HA clustering for failover and load balancing. Service providers can get pay-as-you-go utility pricing on the virtual appliances and enterprises can get annual licenses if they don't want to pay for a perpetual license and annual support fees.

Citrix is well aware that XenServer is not the only hypervisor for x64 machines and plans to support Branch Repeater VPX on Microsoft's Hyper-V sometime in the second half of 2010, with an Amazon EC2 image coming out before year's end. VMware's ESX Server hypervisor will be supported at some unnamed later date. Access Gateway VPX will get an Amazon AMI later in 2010, and it will have the same future ESX Server support. No word on Hyper-V for this one. NetScaler VPX is already in tech preview for ESX Server, and it would be surprising if Hyper-V support didn't make it to market ahead of ESX Server. ®

Reducing security risks from open source software

More from The Register

next story
Sysadmin Day 2014: Quick, there's still time to get the beers in
He walked over the broken glass, killed the thugs... and er... reconnected the cables*
SHOCK and AWS: The fall of Amazon's deflationary cloud
Just as Jeff Bezos did to books and CDs, Amazon's rivals are now doing to it
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
BlackBerry: Toss the server, mate... BES is in the CLOUD now
BlackBerry Enterprise Services takes aim at SMEs - but there's a catch
The triumph of VVOL: Everyone's jumping into bed with VMware
'Bandwagon'? Yes, we're on it and so what, say big dogs
Carbon tax repeal won't see data centre operators cut prices
Rackspace says electricity isn't a major cost, Equinix promises 'no levy'
prev story


Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.