Feeds

Citrix goes virtual with more appliances

Gets physical with web app firewall

Internet Security Threat Report 2014

The profit margin on a virtual appliance is a lot higher than on a physical one, and when you own your own hypervisor, as Citrix Systems does, then that's two reasons to promote the running of appliance applications inside virtual machines. And so, after some dabbling last year, when it put its NetScaler network acceleration code inside of a Xen VM, Citrix is going all the way with the idea.

At the same time, the company is breaking the key code in what used to be called its WANscaler product (and which was rebranded as Branch Repeater) into separate access gateway and Branch Repeater WAN acceleration modules and selling them separately as virtual appliances running atop XenServer 5.5.

None of this means that Citrix will not sell companies the physical appliances it has been selling for years. If you want to pay the premium or need more bandwidth than the virtual appliances can deliver, then by all means, get physical. And according to Greg Smith, director of the Cloud and Network Products group at Citrix, when it comes to security appliances in particular, some companies still feel more comfortable with a physical appliance. Which is why the NetScaler physical appliances are now being supplemented with five new pieces of gear.

For more than four years, the NetScaler physical appliances, which accelerate applications and provide caching for applications running on the internal network, have included a Web application firewall. This firewall is designed to protect HTML and XML applications from denial of service, SQL injection, and cross-site scripting attacks, and it also secures data and works in conjunction with virtual private networks that give employees remote access to applications. The NetScaler application firewall is the belt that goes alone with the network firewall suspenders. And until now, you had to buy a whole NetScaler appliance (at the Platinum Edition level) if you wanted the firewall.

With today's announcement, Citrix is putting out five models of NetScaler physical appliances that just have the application firewall running on them. These boxes are cheaper than the full NetScaler appliances, obviously. The five machines, which are multicore, Intel-based servers, run a hardened version of BSD Unix. Pricing on the NetScaler appliances range according to the amount of network bandwidth they can handle.

The MPX 5500 application firewall costs $20,000 and it's rated at 500 Mb/sec, the MPX 7500 costs $35,000 and has twice the bandwidth. If you double the bandwidth again to 2 Gb/sec, the MPX 9500 only costs $45,000, and bumping it up to the MPX 10500 and its 3 Gb/sec of bandwidth raises the price to $55,000. The top-end MPX 12500 application firewall is rated at 5 Gb/sec and costs $85,000.

Net-cost software upgrades are available to move from the MPX 7500 to the MPX 9500 and from the MPX 10500 to the MPX 12500. You can also upgrade the software running on the box to get the full NetScaler software stack (acceleration and caching), not just the application firewall. The pricing for that upgrade is basically the net cost between the app firewall and the full NetScaler appliance plus a little premium on top for the hassle.

On the virtual appliance front, Citrix is adding two different products, both of which are derived from the WANscaler product. Branch Repeater VPX encapsulates the WAN caching and acceleration code in a XenServer 5.5 virtual machine and can support 2 Mb/sec, 10 Mb/sec, or 45 Mb/sec of bandwidth depending on the version you buy.

The base Branch Repeater VPX-2 virtual appliance is rated at 2 Mb/sec and costs $4,000. The base Branch Repeater MPX physical appliance is rated at the same throughput and costs $6,000. Basically, you are paying for your own server and saving a little on top. Branch Repeater VPX ships on March 12.

The Access Gateway VPX virtual appliance is a just what it says it is, a virtual private network gateway to allow remote offices to get access to applications running back in the data center. The Access Gateway VPX costs $995 and supports 500 concurrent users. The hardware version of the gateway from Citrix rated at the same number of users costs $3,500. Citrix actually started shipping the Access Gateway VPX on February 3, but didn't tell anyone.

The NetScaler VPX virtual appliance that went into beta last May and became generally available in September also runs atop XenServer 5.5; it costs $2,000 for a virtual appliance rated at 10 Mb/sec.

According to Sai Allavarpu, senior director of product marketing at Citrix, companies can put all three virtual appliances on a single server if they want all three functions and push them out into the network as easily as deploying any other server-based workload. With hardware-based appliances, you need to figure out what you need ahead of time, by the physical appliance, and install it.

When you need more bandwidth or to support more users, you need to do a procurement for new hardware. This takes time, and usually meets with some resistance. What Allavarpu envisions is that companies will deploy physical appliances in their data centers for basic needs and use virtual appliances to augment this capability and to push some of this acceleration and caching function out to the branch offices as well.

All three of the virtual appliances - NetScaler VPX, Branch Repeater VPX, and Access Gateway VPX - come with freebie Express variants that have crimped bandwidth and user support so you can test the code out before shelling out cash. The virtual appliances also support XenServer HA clustering for failover and load balancing. Service providers can get pay-as-you-go utility pricing on the virtual appliances and enterprises can get annual licenses if they don't want to pay for a perpetual license and annual support fees.

Citrix is well aware that XenServer is not the only hypervisor for x64 machines and plans to support Branch Repeater VPX on Microsoft's Hyper-V sometime in the second half of 2010, with an Amazon EC2 image coming out before year's end. VMware's ESX Server hypervisor will be supported at some unnamed later date. Access Gateway VPX will get an Amazon AMI later in 2010, and it will have the same future ESX Server support. No word on Hyper-V for this one. NetScaler VPX is already in tech preview for ESX Server, and it would be surprising if Hyper-V support didn't make it to market ahead of ESX Server. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
NASA launches new climate model at SC14
75 days of supercomputing later ...
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
You think the CLOUD's insecure? It's BETTER than UK.GOV's DATA CENTRES
We don't even know where some of them ARE – Maude
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
Don't worry about that cable, it's part of the config
Stop the IoT revolution! We need to figure out packet sizes first
Researchers test 802.15.4 and find we know nuh-think! about large scale sensor network ops
DEATH by COMMENTS: WordPress XSS vuln is BIGGEST for YEARS
Trio of XSS turns attackers into admins
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Seattle children’s accelerates Citrix login times by 500% with cross-tier insight
Seattle Children’s is a leading research hospital with a large and growing Citrix XenDesktop deployment. See how they used ExtraHop to accelerate launch times.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?