Netscaler Design and Best Practices handbook

[Stefanos Evangelou1709159370]

Hello, 

 

With reference to Citrix XenDesktop VDI handbook (https://docs.citrix.com/content/dam/docs/en-us/xenapp-xendesktop/7-15-ltsr/downloads/Citrix VDI Handbook 7.15 LTSR.pdf), I was wondering if there is any design handbook available (besides docs.citrix.com) with similar design recommendations and best practices from Citrix on all things around Netscaler design?

 

Kind regards, 
Stefanos Evangelou

[Paul Blitz]

There are many knowledge centre articles for netscaler at https://support.citrix.com/en/products/netscaler , you may need to dig a bit, but I have historically seen some "best practices" stuff in there.

[Sam Jacobs]

Stefanos,

 

Here is one on NetScaler implementation: Recommended Settings and Best Practices for Generic Implementation of a NetScaler Appliance

 

Sam

[Rhonda Rowland1709152125]

There are some piecemeal best practices for specific features, but not one all inclusive guide.  

[CarlStalhood]

Most NetScalers configured by server admins have incorrect networking. See https://support.citrix.com/article/CTX226097

 

For SSL, see https://www.citrix.com/blogs/2016/06/09/scoring-an-a-at-ssllabs-com-with-citrix-netscaler-2016-update/

 

I've captured many of the best practices in my articles - http://www.carlstalhood.com/netscaler-menu/netscaler-12/

[Ahmad Irffan1709156583]

Dear Carl,

Could you provide insight on designing and giving appropriate resource to VPX instance if using for Citrix SSL VPN for more than 4000 VPN sessions.

[Paul Blitz]

Carl may have more specific expeience, but reading between the lines of the VPX datasheet, I would say you'll need one of the larger VPX instances, probably with 10 or so CPUs, to give the SSL throughput needed (with the VPX, all SSL is done in software), plus maybe an "improved" network interface

 

(my SSL calculation is based on the fact that a "2CPU" VPX supports 500 users.... Remember that 2 VCPUs is really one management core, plus just ONE packet engine.... so 4000 users would need about 8 packet engines. Add in a bit to be safe, and you end up with 10 cores)

 

So the next question is: cost? An MPX 5901 or 5905 hardware appliance might actually be almost as cheap.... the MPX models have an SSL card, which handles all the SSL (up to 5000 VPN users for the 5xxx range)

 

Any idea what actual total bandwidth is your VPN is going to need?

[Stefanos Evangelou1709159370]

I know this is a rather old post but Citrix has quite recently made available a handful of useful best practice documents in the Citrix Tech Zone and in the product documentation.

See following articles:

https://docs.citrix.com/en-us/tech-zone/build/tech-papers/best-practices-citrix-adc-deployments.html

https://docs.citrix.com/en-us/citrix-adc-secure-deployment.html

https://docs.citrix.com/en-us/tech-zone/build/tech-papers/networking-tls-best-practices.html

 

Thank you all for contributing to this article. I shall be marking this as the final answer and hopefully the above best practice documents will be updated along with the products.