NetScaler 11.1 what’s new?

NOTE: More detailes to come during the day! Smilefjes

So for some time now I have been part of the NetScaler 11.1 Beta, and as part of that I’ve been able to dig deep into the new features which are part of the GA release which came out earlier today.

So what’s new? There are some LARGE features which I have been looking forward to, and there are also some minor changes which are very welcome to the release! I can also take note that the upgrade from 11.0 to 11.1 in the beta firmware worked flawless.

New slick and improved interface, which is blaazing fast! I’m not kidding it is alot faster then the older 11.0 HTML 5 based web UI.

image

Even though you might think that there wasn’t much to be done there, but the interface is extremly fast now! and makes it a snap to do things in the UI.

It also includes Google like search to make it easier to navigate and locate different objects and policies.

image

and of course the simplest things are often the best, the save icon will now notify if there are unsaved changes on the appliance.

image

Simpler redirect of ports and HTTP to HTTPS from within the load balancing settings of a virtual server. This is only available on regular Load balancing virtual server.

image

New Theme portal which incorperates Unified Gateway look and feel. SO now the Unified Experience theme from Storefront is not included in NetScaler Gateway as its own theme. Bye bye old file share UI.

image

Which can now be configured from within the Virtual server

image

Now the coolest feature with 11.1 is the NetScaler Gateway feature and Always On! Which is an alternative to Direct Access and allows for the VPN client to start at boot-time and establish a connection with the NetScaler Gateway vServer at login.

This setting can be configured from within the session policy (Always ON = EaseofUse means that the client will try to connect automatically) and client control specifies if the user is allowed to disconnect the session or not.

image

But note that this feature like other VPN features requires a universal license for the enduser. Now as part of that the endpoint client also gotten a fresh new UI

image

With some better looking options pane as well,

image

HTTP/2 support for HTTP profiles for VPX! (This makes implementing HTTP/2 even easier! from a Microsoft point of view you need IIS 2016 to get HTTP/2 support, but if you are fronting a webpage with Netscaler you can just active this in HTTP profile! (Most web sites use HTTP/2 today so its a simple as a check box)

image

Easier managment of SSL (Certs, Keys and so on)! Doing certificate managmenet on a NetScaler hasn’t always been the easiest thing to do, sure it has gotten alot better! and with the 11.1 release its even easier, with an own menu option to list out the different stuff. We can also see that files are sorted based upon if they are keys /CSRs or certs.

image

VLAN to VXLAN bridge (This is more for MPX support but it allows us to map an VNI to a VLAN on the physical network, which allows to do ( clearlyhardware vTEP) support which is great!

image

Generate SAML Metadata to For instance Microsoft Azure or import the metadata into ADFS makes it even easier to set it up.

image

Configure HA heartbeat monitor on each Interface on NetScaler yay!

image

ICA latency profiles! Which can be bound to an ICA policy, which can be instance be used to determine if Drive mapping should be allowed if latency is above <40 MS latency for instance. ICA latency profiles is attached with an ICA policy and action. Which can then be sorted based upon different expressions as well.

image

Now at the end there are only two things that I need to know more about which is (Pooled licensing and delta compression) Which I would love to know more about but I haven’t been able to get alot of information about it yet.

image

Also some other mentions about new features that are included.

  • SNI support for backend resources
  • Support for TCP fast open in TCP Profiles
  • TCP Hystart is disabled in the TCP profile ( this gives you better throughput in high-speed networks with high packet loss)
  • New API called Install which can be used to update/downgrade appliances
  • You can use a bulk GET API to fetch bindings of all the entities of a given entity type.
  • The «start nstrace» command has a new parameter, -capsslkeys, with which you can capture the SSL master keys for all SSL sessions. If the capsslkeys option is enabled, a file named nstrace.sslkeys is generated along with the packet trace and imported into Wireshark to decrypt the SSL traffic in the trace file.

Think that is most of the updates from 11.1 stay tuned for our upcoming webinar from the MYCUGC Networking SIG to a little bit more deep dive on the 11.1 release, more information here –> http://bit.ly/2993ifP

New whitepaper–Comparison between Liquidware Labs FlexApp and Vmware AppVolumes

So I’ve been working for this for some time after I had a presentation about Application layering a couple on months back at NIC conference and on Citrix User Group here in Norway. There are alot of products/vendors in this space, so this time I decided to focus on VMware and Liquidware Labs and more detailed on their application layering technology describing their architecture, strenghts / weaknesses and a feature comparison and my initial conclusion from each product.

So to go get the whitepaper, you can get it here –> http://bit.ly/290DhMM

If you have ANY feedback or if you find spelling errors, wrong information, feedback please let me know at msandbu@gmail.com

Is Windows Server 2016 the last version of Windows Server?

Having been on vacation the last week, I get a lot of time to think among all the kids and theme parks we visit… It truly makes we belive that we guys are capable of multi tasking… Well enough of that. back to the point!

Thinking back about the development that has been done on Microsoft Azure the last couple of years is truly astonishing, going from a  PaaS solution to integrating IaaS features and now having a large Container ecosystem, load balancing, firewalls, a large third party ecosystem, identity management and much more… Just over a couple of years . While on the other hand we have Windows Server, which has a predetermined release cycle, with updates coming with each release, where it seems to be like there is less development done then being on the Azure side of things.

Now in Windows Server 2016, we see that much of the new stuff which is coming is Nework virtualized functions, Enhancements to Storage (Software-defined), enhancements to Hyper-V, DDA, Identity and so on.. Alot of these features are also the same as their counter-parts in Azure. For instance DDA is a new feature which came because of the need of N-series in Azure (or the other way around) but more features are added to remove the dependency on hardware.

Now many conclude with the same fact that most larger organizations will have some form of hybrid IT now or in the future. Because many services are cost-effective and of course the addition that new services are constantly being added that can make buisnesses more agile and effective. While on the same time having their on-premises solutions where they have controll of data and the custom solutions that needs to run locally.

When looking back at the development being done in Windows Server with 2016 it seems like the feature set is mostly ported from Azure. Also with the release coming from Microsoft around Azure Stack it seems to me like they want to have Windows Server look and feel more like Azure as well. Having that consistent platform vision that Microsoft has been speaking so much about over the last couple of years. The only problem with that vision is the feature gap between Windows Server + Azure Stack and Microsoft Azure by alot! and that is not going to change with the development cycle that is being made to Windows Server.

Should Microsoft move away from Windows Server and make their server operatingsystem a portable Azure hypervisor core where their additional services are just addons that can be added on the top?

When Microsoft released Windows 10 they envisioned a common code platform across different devices (Mobile and Desktop) What if Microsoft did the same with Windows Server?

Having the same code base between the infrastructure running on Azure and the same as on-premises, and when the Azure team releases an addon, being able to use it cross cloud from Microsoft and implementing in locally. That would be pure Hybrid Cloud…

image

Well this was just some random thoughts, it is not  something that is easily done because of the way Microsoft is structured and how they have done development so far. They state that Azure runs on Hyper-V but its a long way to go to having that consistent platform vision that they want to have.

Webinar on the future of NetScaler!

So as part of the admin group of the Networking SIG (Special Interest Group) on MYCUGC I try to get stuff out to the members, now is has only been a couple of months since we launched the group, but with the amount of updates happening in the NetScaler space the last couple of months and what is about to happen, we decided to arrange a webinar.

So we have an webinar (our first!) on the 13th July! Hopefully we can see alot of people there!

The agenda for the webinar is

  • Quick introduction to the SIG from the SIG leaders.
  • Recap of Networking news from Synergy
  • What’s coming in NetScaler 11.1
  • Deep-dive on Netscaler Management and Analytics
  • Overview of Microservices, containers and NetScaler CPX

So there is alot of stuff we need to cover in one hour, but since this is our first attempt we are allowed to adjust-as-we-go Smilefjes

If it sounds interesting for you, sign up here –> http://bit.ly/2993ifP
If not, let us know if there are any particular subjects or features you would like to be discussed, also if you don’t have time to look at the webinar it will be recorded and uploaded somewhere.

CUGC User Share: This webinar will focus on the latest Citrix NetScaler 11.1 release, CPX, Management and Analytics and the latest NetScaler announcements from Citrix Synergy.

Who: CTP Jason Samuel, Dave Brett, and Marius Sandbu; all CUGC Members and Networking SIG Leaders, as well as active bloggers and «NetScaler Enthusiasts»

What: With Citrix Synergy out of the way and the release of NetScaler 11.1, CPX and NetScaler Management and Analytics System we will give you a high level look at what NetScaler CPX is and what it can mean for you, how NetScaler Management and Analytics System will change your management and visibility plus get all the latest NetScaler announcements from Citrix Synergy!  This will be a jam packed hour with Overviews, technical information and demos of the latest NetScaler release. Presentation will include participant Q&A.

What’s coming from Nutanix? Announcements from .Next

So even though I am on vacation, I needed to take a glimpse of what’s happening on Nutanix the upcoming months. Like other companies they save the good stuff for that time each year that they have their big conferences, and even if this is the second year they are hosting .Next they have about 2500 attendees, which is pretty good. So anyhow… back to the technical stuff of what’s new! sorry about the messy layout but Its gathering info from twitter and other sources.

Nutanix Community Edition test-drive

If you want to test out Nutanix but don’t have the lab or enviroment. you now have the option to do a 2 hour test-drive on a Nutanix public cloud. (This is coming soon!)

ABS ( Acropolis Block Storage) which allows us to present block storage using iSCSI to bare metal solutions, for instance like Oracle or SQL Server. (I’m guessing this is a minor extension of Volume Groups which also use iSCSI to present itself to virtual machines.)

image

Acropolis Container Service
Since everyone else is moving into Microservices and containers, Nutanix wants part of it. therefore they are coming with Docker support for containers on AHV.

Included in the 4.7 release will be the following:

  • DSF and Docker Machine that uses the native Docker API and tooling
  • Easy Install and Support: The DSF Docker Volume Plug-in and the Docker Machine Driver work right out of the box and are fully supported by Nutanix.

ACS is scheduled to be available with the 4.7 release, and natively managing containers using Nutanix Prism is expected to be available in a subsequent release. You can look at a demo for the container service here –> https://t.co/uV05KdL5ko

Nutanix Self-service Portal

Quote Nutanix

One of the core capabilities that developers and business users love in the public cloud is the ability to provision applications and virtual machines without the intervention of IT. Nutanix Self-Service is designed to bring this simplicity to enterprise clouds, so that users can deploy applications at any point in time based on policies set by IT administrators.

Admins can create a catalog of projects and assign users (through AD/LDAP integration) and resources (storage, compute, and network) to these projects. Line-of-business users/developers can then login with their credentials, and based on what they have access to, will see these projects and resources. This will radically simplify application development and delivery, as well as bring a lot of automation to the process. The screenshot below from the user view of the portal shows the VM images that the admin has given access to for a specific user. The user can pick one of these images and can deploy it anytime.

Admin Portal capabilities

  • SelfCreate/Manage Projects
  • Create/Add users and groups
  • Assign Resources
  • Assign Actions
  • Run Show-back reports

Tenant Portal capabilities

  • Deploy Applications from a Catalog (VM Template, vDisk, Images from Docker Hub, App Templates)
  • Monitor Applications
  • Monitor Resource Usage

VMware ESXi Management from Nutanix Prism: The one-click simplicity of Prism will be extended to ESXi as well, and customers will be able to perform common VM operations on ESXi VMs from Nutanix Prism. While this doesn’t obviate the need for vCenter, it eliminates the need to go back and forth for frequent VM CRUD operations. This capability is expected to be available in a subsequent release.

PRISM integration Network configuration for AHV (http://www.joshodgers.com/2016/06/15/whats-next-2016-prism-integrated-network-configuration-for-ahv/)

Acropolis X-fit (http://www.joshodgers.com/2016/06/15/whats-next-2016-acropolis-x-fit/)

Enhanced Compression (http://www.joshodgers.com/2016/06/15/whats-next-2016-acropolis-x-fit/)

Metro availability Witness (http://www.joshodgers.com/2016/06/15/whats-next-2016-metro-availability-witness/)

Self-service restore (http://www.joshodgers.com/2016/06/18/whats-next-2016-self-service-restore/)

Any node can be a storage node (http://www.joshodgers.com/2016/06/15/whats-next-2016-any-node-can-be-storage-only/)

Also took note that for those attending .Next in Europe there is a HUGE ANNOUCEMENT coming there as well! Might be this little teaser from earlier on the Keynote.

New eBook in the making – Securing web applications with Citrix NetScaler

As Ive mentioned before I always have a longer project in the making which was to create a large free eBook on NetScaler, and to make that more achiveable I needed to split it out into multiple projects. So far I’ve created an ebook on Optimization and one book on NetScaler Gateway. This time I wanted to focus on Security, since that is always something that I’ve had a particular interest in. Below is the topics that I’ve had in mind for this eBook. First discuss the security landscape and what kind of different solutions we have and where the fit into the datacenter. Next go into the NetScaler how it can help and the move into different subjects and things to think about.

The security landscape.
How NetScaler can help web applications.
NetScaler basics.
Feature Processing.
NetScaler and traffic flow..
TCP Profiles.
Hardening the NetScaler.
Load balancing basics.
SSL Basics.
SSL Policies in NetScaler.
Troubleshooting SSL configuration.
Working with Certificates.
SNI, SAN & Wildcard certificates.
Limiting reconnaissance information.
Handling L7 attacks.
HTTP DoS.
HTTP QoS with AppQoE.
Handling L4 attacks.
Rate limiting.
Access lists.
Combining ACLs with IP reputation.
Geo based ACLs.
Authentication.
Two-factor.
Enhanced authentication feedback.
Authentication levels.
SSO..
SAML & Oauth Authentication.
nFactor.
Authorization.
Auditing.
Application Firewall
NetScaler Security Insight
.

If you think I’ve missing something obvious from this eBook let me know!

Microsoft Intune vs VMware Airwatch–EMM strategy

Yeah, the subject might be a pretty good indication of what’s coming in this article but no…I have had endless debates of this subject the last couple of years (Yeah years! and you can “insert vendor name” here where most state that they are the best. This article is not to conclude if one is better then the other, but more of things you need to think about when you want to adopt an EMM vendor.
A couple of days ago Gartner posted the EMM Magic Quadrant for 2016

Research image courtesy of Gartner, Inc.

Since 2015 not much has changed especially for Microsoft and VMware. VMware is still the leader in the quadrant, while Microsoft is a bit higher up the chain and moving closer to the leader quadrant. So even though Gartner has it reports which does say alot about Strategy, Execution, Vision and its feature set, how is the market share like ?

IDC also now states the VMware has the biggest marketeshare among the vendors, which also confirms Gartners report that VMware is the market leader in this space. Also VMware has had a growth of <80% the last year.
NOTE: This numbers are from the IDC report and shows stats from 2015 EMM

image

Now while that is impressive, I am more impressed with the numbers that Microsoft has, even though they are not even among the top 3, they are the only one with <100% growth, they actually have 214% growth (from the last year) which is impressive!

While Microsoft might not have the same capabilities AS VMware, they have a couple of advantages which might allow them to grow quickly in this market….And the easiest way to tell you about those is to show them to you.

image

Now if we think about it, the largest advantage here is Office365. Many users are already using Office365 and have their Active Directory synced to Azure AD. Microsoft has Office365 apps with custom MAM policies which can of now only be managed from Intune, and also earlier today I saw that CRM online Apps also came with Intune MAM policies. Which allows for a certain vendor lock-in. Now many are also using Configuration Manager today and to get the MDM and EMM capabilities there in most cases you need to integrate with Intune, and some interesting things to know there is that there are alot of LARGE ConfigMgr deployments. Another thing to think about is that Windows 10 comes with Azure AD Join, which allows buisnesses to join their computer to AzureAD and that also supports auto-enrollment to Intune.

It also makes sense for Microsoft to create a good ecosystem for applications for other platforms, because then they can start to include “Intune” as part of the package for MAM policies.

Alot of buisnesses are also looking into EMS (Enterprise Mobility Suite, which gives them Azure AD Premium, RMS, MFA and Intune) Microsoft is heavily invested into the identity piece, to give SSO to other cloud based services, and since Intune is part of the package it makes sense to use it.

And also in another interesting twist, Microsoft announced multiple integrations coming with Citrix under Synergy this year, which allows NetScaler to integrate with the Intune SDK to allow VPN direct access on applications. Which will also give Intune another advantage in the game. So since then investing heavily with Citrix integration it will allow buisnesses which invest heavily into VDI to make Microsoft the more viable option.

Moving forward we will notice that Microsoft will add more features to the “Microsoft-only” space meaning that more and more stuff will only work in a Microsoft cloud cenviroment and that third-parties will be left out.

So while VMware has a better solution, and a larger feature matrix, I’m guessing Microsoft is going to give them a hard competition in the time moving forward.