consolidation without compromise - citrix.com · netscaler vpx was the one of the industry’s...

www.citrix.com

Consolidation White Paper

Consolidation without compromise

2


Executive summary Virtualization of compute, storage and infrastructure is enabling the transformation of enterprise datacenters into private clouds. The impact is an unprecedented ability to consolidate infrastructure without compromise: no change to service level agreements (SLAs), no loss of performance or scale, and no regression in the organization’s overall security posture. Such wholesale consolidation drives meaningful reduction in operating and capital costs, and allows datacenter managers to demonstrate a dramatic ROI for a myriad of virtualization technologies within the datacenter.

While server and storage virtualization have become mainstream elements of modern datacenter designs, emerging virtual application delivery controllers (ADC) promise to extend the benefits of virtualization into the core of the networking infrastructure. Citrix Systems is leading the way in virtualizing ADCs with its NetScaler® product line, including its new NetScaler SDX service delivery platform. This paper outlines the compelling benefits of consolidating networking services, and details why competing efforts pursued by F5® with its new virtual Cluster Multi-Processing (vCMP™) technology come up short for critical ADC consolidation projects.

NetScaler SDX offers a superior ADC consolidation platform when compared to F5 VIPRION® with vCMP. These advantages span key deployment criteria, including:

2.5x Density – NetScaler enables more ADC instances to run concurrently on a single platform, providing 2.5 times greater consolidation density than F5.

Complete ADC Isolation – Unlike F5, NetScaler SDX solutions fully isolate ADC system resources per instance—including SSL and compression processing—so that one instance never impacts the performance of another.

100% ADC Functionality – Only NetScaler supports all ADC features so that ADC devices can be consolidated without a loss of functionality.

Pay-As-You-Grow Scaling – NetScaler SDX can uniquely increase overall ADC capacity without having to add additional hardware.

Transforming datacenters and enabling consolidationThe value of virtualization derives primarily from two core capabilities:

1. Abstraction provides deployment flexibility and portability by enabling higher-layer services to be de-coupled from underlying resources.

2. Multi-tenancy provides more efficient utilization and consolidation of resources by enabling a single physical instance of a resource to be shared simultaneously by multiple consumers.

Summary

Consolidation reduces costs

Virtualization enables consolidation

NetScaler leads in virtualization technology

3


For example, with server virtualization, it is abstraction that allows decoupling of the operating system from hardware, enabling virtual servers to be migrated from one physical server to another. The related capability, multi-tenancy, is what makes it possible for a single physical server to run multiple virtual servers at once.

It is the presence of one or both of these capabilities across a range of technologies and solutions that provides organizations with a multitude of attractive consolidation benefits when transforming their enterprise datacenter into a private cloud.

For server infrastructure:

Extensive consolidation can be achieved with server virtualization since robust isolation and resource allocation capabilities enable workloads for different tenants to securely and efficiently run on the same physical server.

Further simplification of datacenter infrastructure is made possible as leading server virtualization solutions enable virtual pools of server resources to be used for high availability, disaster recovery and automatic workload scaling.

Unified computing platforms that leverage virtualization technology to enable integrated server, switch and storage modules provide another option for architecting the access layer and achieving yet another degree of physical consolidation.

For storage infrastructure:

Storage area network solutions eliminate the need for dedicated disks or direct-attached storage.

Unified communications fabrics enable convergence of LAN data and storage protocols, thereby reducing the need for a completely separate set of network infrastructure for storage (i.e., adapters, links and switches).

For network infrastructure:

Virtual switches that run as virtual machines (VM), or as an integral feature of a hypervisor, introduce the potential to completely eliminate the access tier of conventional three-tier network designs, at least from a physical perspective.

Alternatives to the Spanning Tree Protocol—such as virtual PortChannel (vPC) technology from Cisco and IETF-TRILL—are enabling a shift from highly scalable Layer 3 network designs to highly scalable Layer 2 networks that are better suited to meet the performance requirements of a virtualized computing infrastructure. Combined with the availability of high-capacity, non-blocking switches, this introduces the potential for “flatter” datacenter designs that do not include a distinct aggregation tier.

The availability of virtual device instances for core switching platforms introduces the possibility of both vertical and horizontal consolidation. Vertical consolidation can be achieved by optionally replacing physical aggregation-tier switches with

Summary

Decouple services from physical

Go beyond server virtualization

Virtualize network infrastructure

4


virtual instances running on a core switching device. Horizontal consolidation can be accomplished by “absorbing” into the core switching platform any separate switches that might otherwise operate in parallel. Switches may operate in parallel to accommodate testing and development, support a newly acquired business unit, or isolate a business unit that is being divested.

VLANs and virtual routing tables can logically maintain isolation and individualized treatment for different tenants as physical boundaries are eliminated in favor of consolidation and simplification.

A major impetus for organizations to embrace virtualization is the tremendous degree of consolidation it enables. The need for less infrastructure not only reduces equipment costs and demand for precious datacenter resources such as power, cooling, and space, it also helps trim a wide range of operational expenses—including those associated with initial deployment and integration, ongoing administration, and maintenance and support contracts. Add in the strategic advantages of better application performance, improved reliability, and superior responsiveness to changing business conditions and it’s easy to understand why it is only a matter of time before the vast majority organizations transform their datacenters using virtualization technologies.

The need to virtualize other datacenter servicesWhat IT managers need to realize, however, is that other important pieces to the datacenter virtualization puzzle remain. Specifically, the deployment flexibility and multi-tenancy capabilities enabled by virtualization must be supported for more than just server, storage and networking infrastructure. To truly maximize available gains, similar capabilities should also be present for other key elements of datacenter infrastructure, including ADCs. Further, it is imperative these capabilities be available in sufficient variety and capacity to support the broadest spectrum of potential datacenter designs.

Virtualizing ADCsSuccessful ADC virtualization encompasses multiple technologies and methods. First, the basic configurations for individual ADC tenants require that traffic flows are completely isolated to ensure data and network security. An inability to separate and isolate traffic between tenants will fail to meet even the most lenient security requirements. Additionally, as ADCs themselves get virtualized into software-based virtual appliances, the resulting virtual form factors must deliver the same feature set, performance and configuration flexibility as their physical counterparts. Feature parity is an absolute must since it gives organizations the freedom to shift ADC policies and workloads between physical and virtual appliances. Finally, new generations of multi-tenant ADCs with native virtualization complete this continuum by delivering an integrated platform to effectively consolidate multiple discrete ADC devices.

Summary

Data center switching being virtualized

Horizontal and vertical consolidation possibilities

ADC is next data center element to be virtualized

5


When investigating emerging technologies, enterprise IT professionals are well advised to develop a strict set of evaluation criteria in order to select the most suitable solution for the organization. For virtualized multi-tenant ADCs, datacenter managers should establish the following as hard requirements:

High consolidation density – Enabling a large number of ADC instances to run on a single platform, each with its own policy, configuration and dedicated system resources.

Complete isolation of ADC resources – 100% isolation of compute, memory and ADC processing resources (including SSL acceleration and data compression) ensures that the performance of one ADC instance never impacts another.

Full ADC feature support – Consolidation requires that all existing ADC footprints can be consolidated without a loss of functionality.

Pay-As-You-Grow Scalability – Datacenter managers must have the ability to scale overall ADC capacity on-demand without adding additional hardware.

How NetScaler provides a superior consolidation solution Citrix NetScaler is a fully integrated ADC that is deployed in front of web and database servers. It optimizes application availability through advanced layer 4-7 (L4-7) load balancing and traffic management, accelerates performance, increases security with an integrated application firewall and substantially lowers costs by increasing server efficiency.

NetScaler VirtualizationKeenly aware of both the trend toward highly virtualized datacenters and the inevitable diversity of resulting datacenter designs, Citrix is leading the way in the ADC market with three powerful options for meeting multi-tenancy, virtualization and consolidation requirements.

NetScaler Traffic Domains. NetScaler has long offered the ability to associate different sets of policies for load balancing, traffic management and other application delivery functions with different virtual IP addresses (VIPs). All NetScaler solutions support Traffic Domains., which builds on this capability by supporting multiple tenants on an ADC platform so that communication traffic is prevented from illegally crossing one tenant’s domain to another, unless it is first routed to an external gateway and evaluated by an appropriate security policy. This eliminates the need to create and maintain static routes for each domain.

NetScaler VPX. A second option supported by Citrix is virtualization of the ADC itself. NetScaler VPX was the one of the industry’s first ADC virtual appliances and has become the clear leader in both public and private cloud architectures. Since NetScaler VPX leverages the same software as Citrix’s popular NetScaler MPX networking appliances, the two solutions maintain 100% functional parity.

Summary

Meet strict ADC consolidation requirements

NetScaler embodies virtualization

NetScaler is clear leader in cloud

6


Unlike many competing virtual appliance implementations, NetScaler VPX is:

A full-featured solution incorporating all ADC functionality, including L4-7 load balancing, application firewall security, dynamic content caching, application performance monitoring and a robust SSL VPN capability

A high-performance solution capable of handling traffic up to 3 Gbps or more

An open solution capable of operating not only on Citrix® XenServer®, but also on Microsoft® Hyper-V™ and VMware® ESX/ESXi

NetScaler SDX. NetScaler Traffic Domains and NetScaler VPX are essential because they enable ADCs to support datacenters with a high degree of virtualization and consolidation of other infrastructure components such as servers, storage and switches. The next logical step, however, is a solution that also consolidates the ADC itself. NetScaler SDX represents the third option for meeting multi-tenancy, virtualization and consolidation requirements.

It has long been common practice to deploy dedicated ADC appliances for each application in order to ensure maximum availability and avoid jeopardizing performance SLAs. Unfortunately, this approach also led to expensive and difficult to manage application silos. Now, as these silos crumble in favor of shared but logically isolated infrastructure, there is a distinct opportunity for horizontal consolidation of ADCs across multiple applications. This is particularly true for application delivery infrastructures that were intentionally over provisioned and that have ADCs operating well below their rated capacity.

Also present is the opportunity for vertical consolidation. Facilitated by the steady dissolution of the network perimeter and widespread availability of numerous network-based isolation techniques, organizations might also decide to bring together ADCs used at different tiers of a multi-tier application. This way a single ADC can support the DMZ, web application and database tiers.

Summary

Leading NetScaler VPX virtual appliance

New NetScaler SDX platform

Complete ADC consolidation solution

7


Consolidated ServicesDelivery Platform

NetScaler SDX

F5 BIG-IP

F5 BIG-IP

F5 BIG-IP

Web / Application Servers

Data

F5 BIG-IP

F5 BIG-IP

Web / Application Servers

Data

DMZ

Figure 1: ADC Consolidation Opportunities

Citrix’s new NetScaler SDX is uniquely suited to accommodate either type of consolidation initiative. An innovative solution for consolidating ADCs, NetScaler SDX enables multiple, independent, full-featured NetScaler instances to run on a single physical appliance. NetScaler SDX is an optimized combination of two proven solutions in their own right, NetScaler VPX and Citrix XenServer. It enables today’s organizations to reduce their ADC footprint and total cost of ownership (TCO) by pursuing opportunities for both horizontal and vertical consolidation of discrete, standalone ADC devices.

NetScaler SDX squarely meets the four fundamental requirements for a natively virtualized ADC consolidation solution.

1. Density – Up to 40 NetScaler ADC instances can run independently on a single NetScaler SDX platform. This impressive level of density supports the most ambitious consolidation projects.

2. Isolation – All critical system resources, including memory, CPU and SSL processing capacity are assigned to individual NetScaler instances. This is essential to ensuring that resource demands made by one tenant do not negatively impact other tenants running on the same physical system. It also provides greater security for each ADC instance by providing full separation of traffic flows.

3. Full ADC Functionality – NetScaler SDX supports 100 percent of the ADC functionality available with both hardware-based NetScaler MPX appliances and software-based NetScaler VPX virtual appliances. This enables NetScaler SDX to consolidate all existing ADC deployments without any policy constraints.

Summary

Built with Xen virtualization

Consolidate up to 40 ADCs

Maintain isolation and functionality

8


4. Pay-As-You-Grow – The Pay-As-You-Grow option delivers on-demand elasticity enabling organizations to easily scale ADC capacity to keep pace with application traffic growth. And because it leverages a software-based architecture, NetScaler SDX can scale performance and capacity with a simple software key, eliminating expensive hardware purchases and upgrades.

NetScaler MPX NetScaler VPX NetScaler SDX

Form factor Hardened networkappliance

Software-basedvirtual appliance

Hardened networkappliance

ADC density 1 1 Up to 40

Performance Up to 50 Gbps Up to 3 Gbps Up to 50 Gbps

Full ADC functionality

Pay-As-You-Grow

How F5 Stacks UpSimilar to Citrix, F5 has recognized the market need to consolidate ADC footprints. The company’s new virtual Cluster Multi-Processing (vCMP) technology promises to consolidate up to 16 separate BIG-IP “guests” into a single system. vCMP-based consolidation is supported in VIPRION 2400 and 4400 chassis-based systems, and can provide impressive raw throughput capabilities. Further, systems equipped with vCMP technology can run F5’s Global Traffic Manager (GTM) module for global load balancing capabilities, as well as the company’s Application Security Module (ASM) for web application firewall security.

While vCMP enables a step towards consolidation, F5’s core architectural approach leads to various deployment shortcomings. For example, reliance on third-party virtualization technology that is both immature and lacking a proven track record in major cloud infrastructures significantly limits the number of ADC instances that can run concurrently on a single platform. Additionally, vCMP technology is supported only on VIPRION chassis-based systems, putting it out of the reach of mainstream enterprise customers who prefer network appliance solutions. Further, vCMP does not support all F5 modules, such as WebAccelerator, or all ADC features, such as SSL VPN capability. Consequently, vCMP will significantly limit the consolidation of new or existing ADC deployments.

Citrix NetScaler SDX provides a more complete solution with greater tangible value for customers.

Table 1: Comparative summary of NetScaler solutions

Summary

F5 VIPRION with vCMP

Basic ADC consolidation device

Significant architectural shortcomings

9


NetScaler SDX F5 VIPRION with vCMPADC density (max instances per platform) 40 16

Basic system isolation (CPU and memory)

Isolation of core ADC processing (SSL acceleration and compression)

Not supported

ADC functionality supported All

Missing key capabilities (E.g. dynamic caching and SSL VPN)

Pay-As-You-Grow elasticity No (requires additional hardware purchase)

Real world ADC ConsolidationCustomer Requirement – Consolidate eight (8) individual ADC appliances into a single platform. Performance requirements: 1 Gbps throughput and 500 Mbps SSL throughput per ADC.

Citrix NetScaler SDX 11500 F5 vCMP VIPRION 2400Appliance $90,000 $0

Chassis $0 $9,995

Additional hardware $0$119,990

(VIPRION 2100 blades)

Performance pack license $0 $59,995

Consolidation license (8 instance minimum) $20,000 $19,995

Total solution cost $110,000 $209.975

NetScaler savings advantage

$99,975 savings48% less expensive than F5

Understanding F5 vCMP Limitations Short on ADC Density – From the perspective of protecting an organization’s investment, successful consolidation requires a platform that not only absorbs the existing number of ADC devices in the network, but also has the headroom to handle future needs. Even with a fully populated VIPRION chassis, F5 vCMP customers are unable to consolidate more than 16 guests. In comparison, NetScaler SDX offers a 2.5x advantage by supporting a maximum of 40 guests.

Table 3: Real world consolidation example with NetScaler SDX and F5 vCMP

Table 2: Comparative summary of ADC consolidation solutions

Summary

NetScaler SDX beats F5 vCMP

Meets all consolidation requirements

More cost effective

10


F5 VIPRION

16

Citrix NetScaler SDX

40

Max

imum

Num

ber o

f ADC

s pe

r Pla

tform

ADC Consolidation Density

Figure 2: Comparing ADC consolidation density

Much of the NetScaler SDX advantage derives from the use of industry-grade XEN virtualization technology by Citrix, which powers cloud and data center infrastructures at massive scale. Leveraging proven virtualization technology is critical, as any issue occurring at the virtualization layer has the potential to impact all ADC tenants running on the platform.

Limited Functionality – vCMP does not support the complete set of ADC functionality delivered on F5’s BIG-IP hardware appliances. For example, neither WebAccelerator nor Access Policy Manager (APM) features are supported. Consequently, a vCMP guest cannot support core functionality such as caching of dynamically generated web content or SSL VPN security. This limitation alone may prevent customers from consolidating existing ADC devices. At the very least, they may have to reduce their ADC policy to fit the resulting constraints of vCMP.

Incomplete ADC isolation – Although F5’s vCMP technology isolates CPU and memory resources between guests, it does not allow customers to dedicate SSL processing resources per guest. Consequently, a single vCMP guest can potentially starve adjacent tenants of SSL resources, resulting in much higher application latency or dropped sessions. In fact, F5’s own vCMP customer guidelines warn customers against implementing the strongest level of SSL security for any single application for this very reason.

No Pay-As-You-Grow – F5 BIG-IP and VIPRION solutions do not allow customers to scale performance on-demand without the purchase of additional hardware. While this limitation persists throughout the F5 product line, vCMP further complicates deployment decisions by unnecessarily making ADC density and performance interdependent. To add more vCMP guests, for example, F5 requires customers to purchase additional hardware blades—the same way they would buy more blades to increase aggregate performance. A better-designed solution would enable customers to separate investments in density and overall performance.

Limited Platform Options – Consolidation of ADC functionality is attractive to organizations of all sizes. Putting this capability within reach of the

Summary

F5 consolidation limits ADC functionality

No isolation of SSL processing

Expensive to scale up

11


broadest range of customers demands both affordability and choice of platforms. With NetScaler SDX, organizations can choose among nine different appliance platforms to best accommodate their price/performance requirements. In contrast, F5’s approach to ADC consolidation requires investment in relatively expensive chassis-based products.

F5 vCMP

VIPRION 2400 VIPRION 4400

Citrix NetScaler SDX

Multiple Price-Performance Options Two Chassis SystemsNo Appliance Solutions

Dens

ity a

nd P

erfo

rman

ce

Pay-

As-Y

ou-G

row

Pay-

As-Y

ou-G

row

20 Gbps

35 Gbps

50 Gbps

8 Gbps

12 Gbps

18 Gbps

24 Gbps

36 Gbps

42 Gbps

Figure 3: Platform options for ADC consolidation

ConclusionADC consolidation within next-generation datacenter architectures brings step-function improvements in overall IT agility and drives lower operational and capital costs. For real-world ADC consolidation projects NetScaler SDX beats F5 VIPRION running vCMP technology in meeting key customer requirements. These advantages include:

NetScaler provides 2.5 times greater density to consolidate more ADC workloads.

Unlike F5, NetScaler isolates key ADC processing resources for individual instances to ensure the performance of each ADC instance.

Only NetScaler SDX is capable of consolidating 100% of ADC functionality offered in standalone appliances.

NetScaler Pay-As-You-Grow provides a 5x capacity increase with no additional hardware.

Summary

Multiple NetScaler deployment options

Multiple price-performance choices

NetScaler SDX beats F5 vCMP

0911/PDF

About CitrixCitrix Systems, Inc. (NASDAQ:CTXS) is a leading provider of virtual computing solutions that help companies deliver IT as an on-demand service. Founded in 1989, Citrix combines virtualization, networking, and cloud computing technologies into a full portfolio of products that enable virtual workstyles for users and virtual datacenters for IT. More than 230,000 organizations worldwide rely on Citrix to help them build simpler and more cost-effective IT environments. Citrix partners with over 10,000 companies in more than 100 countries. Annual revenue in 2010 was $1.87 billion.

©2011 Citrix Systems, Inc. All rights reserved. Citrix®, Citrix XenDesktop™, Citrix XenApp™, Citrix XenClient™, Citrix GoToMeeting® and Citrix GoToAssist® are registered trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries and may be registered in the U.S. Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are property of their respective owners.

Worldwide HeadquartersCitrix Systems, Inc. 851 West Cypress Creek Road Fort Lauderdale, FL 33309, USAT +1 800 393 1888 T +1 954 267 3000

AmericasCitrix Silicon Valley 4988 Great America Parkway Santa Clara, CA 95054, USAT +1 408 790 8000

EuropeCitrix Systems International GmbH Rheinweg 9 8200 Schaffhausen, SwitzerlandT +41 52 635 7700

Asia PacificCitrix Systems Hong Kong Ltd.Suite 6301-10, 63rd FloorOne Island East18 Westland RoadIsland East, Hong Kong, ChinaT +852 2100 5000

Citrix Online Division6500 Hollister Avenue Goleta, CA 93117, USAT +1 805 690 6400

www.citrix.com

consolidation without compromise - citrix.com · netscaler vpx was the one of the industry’s...

Documents