So been a hectic couple of months, with beta testing the latest V11 of Netscaler among other things. Before I post what’s new I can also say that my book, “Implementing Netscaler VPX” is getting a V.2 release which will be updated to cover specific content in V11 also based from feedback on Amazon it will also be including more stuff around GSLB, AAA, security features, optimization and so on.
Now so what’s new in V11 ?
- Jumbo frames for VPX
- Partition Administration (It now fully integrated)
- TCP Nile congestion (Which is based upon TCP illinois
- Support for TCP FACK forward acknowledgement
- Media classification (feature under Front-end optimziation)
- Web Front
- Unified Gateway
- More visualization and an authentication dashboard
- EULA text in Gateway
- Own Portal customization dashboard
- DH Key Optimization
- Support for TLS 1.1 and 1,2
So let us explore… first of, Jumbo frames is not new in Netscaler, but it is for VPX therefore in order to setup Jumbo frames (meaning higher MTU) you need to change the MTU on the physical adapter on the hypervisor layer as well.
Partition Administration is now fully integrated into the new GUI and more features are supported to be delegated using partitions. Except not Netscaler Gateway….
TCP Nile Congestion, is an TCP congestion protocol that Citrix has created based upon TCP illinois. Which gives performance gain on high-speed networks, this is defined using the TCP profiles.
TCP Fack or forward acknowledgement, is a TCP feature which is to be used with SACK, which is a feature which is used to better see how much outstanding data is from the sending end, which decreases the recovery time when packet loss occurs.
Media Classification is a feature which allows the Netscaler to show what kind of media is being sent via the netscaler. For instance it can be MP3, Applevideo, Windows media and so on. But it requires its own license apparently.
Web-front is a new web interface kinda solution, where you basically move the Storefront Website to the Netscaler is only having Stores on the Storefront server, this allows for faster SSO and authentication for native reciever users. Note it cannot be used with Unifed Gateway only native Netscaler Gateway vServers. ¨
The most existing part is the Unified Gateway feature, which in essence is a combination of the old Netscaler Gateway with clientless access activated and with a Content Switching vserver infront of it. This feature is used to deliver all types of apps be it (Saas, Citrix, and other load balanced vservers from within one URL) if you look at my other post about setting up unified gateway you can see more about it there –>
Important to note that when you are doing changes you need to be aware of that you need to change the content swtiching vserver which sits infront of the Netscaler Gateway vServer. And that the content switching vserver can only have one gateway vserver behind it.
Now there is more options to do visualizations as well for many of the services here, because frankly you can often get confused on how the different vservers are attached and how the processes are executed.
Example from a Unified Gateway visualization.
there is also now a authentication dashboard which shows different auth servers and the status of them, we can also drive into the syslog to see authentication attempts.
We can also now specify our own EULA text for people that login to our gateways.
Here I can change some of the GUI customization directly from within the managment console, but I can also still do it from within the tradisional SFTP method.
Also there is alot of new stuff in SSL/TLS, one of which is the ability to define DH key expiration in order to achieve perfect forward secrecy (PFS).
This can be done under SSL parameters of a vServer, by default this is set to 0 apposed to the previous value which was 500.
And of course TLS 1.1 and 1.2 for front end services which was also included in the latest 10.5 build.
What else is new ? There are some minor stuff, first for Image optimization which allows us to convert JPG to JXR format and from