Bloggarkiv

Setting up a secure XenApp enviroment– Netscaler

Now I had the pleasure of talking PCI-DSS compliant XenApp enviroment for a customer. Now after working with it for the last couple of days there are lot of usefull information that I thought I would share.

Now PCI-DSS compliance is needed for any merchant who accepts credit cards for instance an e-commerce size. Or using some sort of application. So this includes all sorts of

* Different procedures for data shredding and logging

* Access control

* Logging and authorization

Now the current PCI-DSS standard is in version 3 –> https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf

The different requirements and assesment procedures can be found in this document. Now Citrix has also created a document for how to setup a compliant XenApp enviroment https://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/pci-dss-success-achieving-compliance-and-increasing-web-application-availability.pdf you can also find some more information here –> http://www.citrix.com/about/legal/security-compliance/security-standards.html

Now instead of making this post a pure PCI-DSS post I decided to do a more “howto secure yout XenApp enviroment” and what kind of options we have and where a weakness might be.

Now a typical enviroment might looks like this.

image

So let’s start by exploring the first part of the Citrix infrastructure which is the Netscaler, in a typical enviroment it might be located in the DMZ. Where the front-end firewall has statefull packet inspection to see what traffic goes back and forth. The best way to do a secure setup of Netscaler is one-armed mode and use routing to backend resources and then have another Firewall in between to do deep packet inspection.

First thing we need to do with Netscaler when setting up Netscaler Gateway for instance is to disable SSL 3.0 and default (We should have MPX do to TLS 1.1 and TLS 1.2 but with VPX we are limited to TLS 1.0

Also important to remember th use TRUSTED third party certificates from known vendors, without any known history. Try to avoid SHA-1 based certificates, Citrix now supports SHA256.

Important to setup secure access to management only (since it by default uses http)

image

This can be done by using SSL profiles which can be attached to the Netscaler Gateway

image

Also define NONSECURE SSL renegotiation. Also we need to define some TCP parameters. Firstly make sure that TCP SYN Cookie is enabled, this allows for protection against SYN flood attacks and that SYN Spoof Protection is enabled to protect against spoofed SYN packets.

image

Under HTTP profiles make sure that the Netscaler drops invalid HTTP requests

image

Make sure that ICA proxy migration is enabled, this makes sure that there is only 1 session at a time established for a user via the Netscaler

image

Double hop can also be an option if we have multiple DMZ sones or a private and internal zone.

Specify a max login attempts and a timeout value, to make sure that your services aren’t being hammered by a dictonary attack

image

Change the password for the nsuser!!!

image

Use an encrypted NTP source which allows for timestamping when logging. (Running at version 4 and above) and also verify that the timezones are running correctly.

image

Sett up a SNMP monitoring based solution or Command Center to get monitoring information from Netscaler, or use a Syslog as well to get more detailed information. Note that you should use SNMP v3 which gives both Authentication and encryption.

Use LDAPS based authetication against the local active directory server, since LDAP is pure-text based, and use TLS not SSL, and make sure that the Netscaler verifies the server certificate on the LDAP server

image

It also helps to setup two-factor authentication to provide better protection against user thefts. Make sure that if you are using a two factor authentication vendor that it uses CHAP authentication protocol instead of PAP. Since CHAP is much more secure authentication protocol then PAP

Use NetProfiles to control traffic flow from a particular SNIP to backend resources (This allows for easier management when setting up firewall rules for Access.

image

Enable ARP spoof validation, so we don’t have any forging ARP requests where the Netscaler is placed (DMZ Zone)

image

Use a DNSSEC based DNS server, this allows for signed and validated responses. This way you cannot its difficult to hijack a DNS or do MITM on DNS queries.  Note that this requires that you add a nameserver with both TCP and UDP enabled. (Netscaler can function as both a DNSSEC enabled authoritative DNS server and proxy mode for DNSSEC)

If you wish to use Netscaler as an VPN access towards the first DMZ zone, first things you need to do is

1: Update the SWOT library

image

Create a preauthetnication policy to check for updated antivirus software

image

Same goes for Patch updates

image

In most cases try to use the latest firmware, Citrix does release a new Netscaler firmware atleast one every three months which contains bug fixes and security patches as well.

Do not activate enhanced authentication feedback, this enabled hackers to learn more about lockout policies and or if the user is non existant or locked out, disabled and so on.

image

Set up STA communication using HTTPS (Which requires a valid certificate and that Netscaler trusts the root CA) You also need to setup Storefront using a valid certificate from a trusted Root CA. This should not be a internal PKI root CA since third party vendors have a much higher form a physical security.

If you for some reason cannot use SSL/TLS based communication with backend resources you can use MACSec which is a layer 2 feature which allows for encrypted traffic between nodes on ethernet.

Citrix XenMobile and Microsoft Cloud happily ever after ?

There is no denying that Microsoft is moving more and more focus into their cloud offerings, even with solution such as Office365, EMS (Enterprise Mobility Suite) and of course their Azure platform.

EMS being the latest product bundle in the suite gives customers Intune, Azure Rights Management and Azure Active Directory Premium. So if a customer already has Office365 (their users are already placed with Azure AD and can then easily be attached to EMS for more features)

We are also seeing that Microsoft is adding more and more management capabilities against Office365 into their Intune suite (Which is one of the keypoints which no other vendors have yet) but is this type of management something we need ? or is it just to give it a “key” selling point?

Now Microsoft has added alot of MDM capabilities to Intune, but they are nowhere close to the competition yet. Of course they have other offerings in the EMS pack, like Azure Rights Management, which are quite unique on the way it functions and integrates with Azure AD and Office365. As of 2014 Microsoft isn’t even listed on the Gartner quadrant for EMM (which they stated would be the goal for 2015)

But it will be interesting to se if Microsoft’s strategy is to compete head-to-head on the other vendors or if they wish to give the basic features and dvelve more into the part of Azure AD and identity management across clouds and SaaS offerings.

Citrix on the other hand, have their XenMobile offering which is a more complete EMM product suite (MDM and MAM, Follow me data with Sharefile, and so on) Now Citrix has a lot of advantages for instance over using Sharefile against OneDrive.  Sharefile has encryption of data even thou it is locally and running on a sandboxed application( on a mobile device), while the only option that OneDrive has is using as a part of Rights Management Service (of course OneDrive has extensive data encryption in-transit and at rest https://technet.microsoft.com/en-us/library/dn905447.aspx

Citrix also has MicroVPN functionality and secure browser access running VPN access using Netscaler, while Microsoft also has a secure browser application which is much more limited to restricting which URLs to open and what content can be viewed from that browser.

So from a customer side you need to ask yourself.

  • what kind of requirement does my buisness have?
  • Do I use Office365 or a regualr on-premise setup?
  • Do I need the advanced capabilities ?
  • How are my users actually working ?

Is there a best of both worlds using both of these technologies ?

While yes!

Now of course there are some feature that overlaps using Offic365 and EMS + XenMobile, but there are also some features which are important to be aware of.

* Citrix has Sharefile storage controller templates in Azure (Meaning that if a customer has an IaaS in Azure, they can setup a Sharefile connector in Azure and use that to publish files and content without using OneDrive)

* Citrix has a Sharefile connector to Office365 (Which allows users to use Sharefile almost as a file aggregrator for communicating between Office365 and their regular fileservers) which allows for secure editing directly from ShareFile.

* Citrix XenMobile has alot better MDM features for Windows Phone that Intune has at the moment.

* Azure AAD has a lot of built-in SSO access to many of Citrix web based applications (Sharefile, GTM, GTA and so on) since users are already in Azure AD premium it can be used to grant access to the different applications using SSO)

* Netscaler and SAML iDP (If we have an on-premise enterprise solution we can use the Netscaler to operate as an SAML identity provider against Office365 which allows for replacement for ADFS which is required for full SSO of on-premise AD users to Office365

* Office365 ProPlus with Lync is supported on XenApp/XD with Lync optimization pack (Note that this is not part of XenMobile but of Workspace suite)

* Netscaler and Azure MFA (We can use Azure MFA against Netscaler to publish web based applications with traffic optimization)

* Netscaler will also soon be available in Azure which allows for setting up a full Citrix infrastructure in Azure

But in the future I would be guessing that Microsoft is moving forward with the user collaboration part, it is going to become the heart of identity management with Azure AD directory and rights management, while Citrix on the other hand will focus more and enabling mobility using solutions like EMM ( MAM ) and follow me data aggregator and secure file access and devices. Citrix will also play an important part in hybrid setup using Netscaler with Cloud bridge and as an identity provider on-premise

“New” Netscaler book project in the making

Now the last couple of months I’ve again been involved with a Netscaler book project with Packt. This is a more advanced book then my previous book with was a more introduction to Citrix Netscaler.

This new book is called Mastering Netscaler which has more in-depth information regarding load balancing, appfirewall and such.

But… I kinda feel that this book just covers a fragement on what users want to read about when they buy a book about Netscaler.

Therefore in order to get things right, I was thinking about creating a third book about Netscaler which covers all the subjects, stuff you want to read about. Therefore this post is merely for you to give feedback to me Smilefjes

If you could please give me a few senteces about what YOU would want to include in a Netscaler book ? Please drop a comment below this post.

and if you are willing to help me form and maybe contribute to the outline and possibly help me write the book as well that would be great, just send me email to msandbu@gmail.com

Upcoming events and stuff

There’s alot happening lately and therefore there has been a bit quiet here on this blog. But to give a quick update on what’s happening!

In february I just recently got confirmation that I am presenting two session at NIC conference (Which is the largest IT event for IT-pros in scandinavia) (nicconf.com) Here I will be presenting 2 (maybe 3) sessions.

* Setting up and deploying Microsoft Azure RemoteApp
* Delivering high-end graphics using Citrix, Microsoft and VMware

One session will be primarly focused on Microsoft Azure RemoteApp where I will be showing how to setup RemoteApp in both Cloud and Hybrid and talk a little bit about what kind of use cases it has. The second session will focus on delivering high-end graphics and 3d applications using RemoteFX (using vNext Windows Server), HDX and PCoIP and talk and demo abit about how it works, pros and cons, VDI or RDS and endpoints so my main objective is to talk about how to deliver applications and desktops from cloud and on-premise…

And on the other end, I have just signed a contract with Packt Publishing to write another book on Netscaler, “Mastering Netscaler VPX” which will be kind of a follow up of my existing book http://www.amazon.co.uk/Implementing-Netscaler-Vpx-Marius-Sandbu/dp/178217267X/ref=sr_1_1?ie=UTF8&qid=1417546291&sr=8-1&keywords=netscaler

Which will focus more in depth of the different subjects and focused on 10.5 features as well.

I am also involved with a community project I started, which is a free eBook about Microsoft Azure IaaS where I have some very skilled norwegians with me to write this subject. Takes some time since Microsoft is always adding new content there which needs to be added to the eBook as well.

So alot is happening! more blogsposts coming around Azure and Cloudbridge.

Using Netscaler with UPN and Storefront

Had a case earlier today where a customer wanted to configure Netscaler to authenticate with UPN instead of SamAccountName. And using UPN instead of SamAccountName makes sense in many cases, since it easier for users to remember their email-address instead of their username.  So in this scenario my samAccoutName is msandbu and my UPN is marius.sandbu@demo.no

Now by default Netscaler is setup with samAccoutName under server logon name attribute. This defines what kind of account name you are allowed to logon with using Netscaler.

If you try to logon with UPN when SamAccountName is defined you will get this kind of error message on the StoreFront Server.

image

So Storefront strips the domain info sent from the Netscaler and tries to validate the credentials to Active Directory.

So how to fix this ?

You have to define the SSO name attribute in the LDAP credential, to samAccountName.

image

Then the Netscaler firstly validates the UPN, get the SamAccountName of the user and then forwards that to Storefront and logs in.

Important to remember that Storefront always tried to revalidate the info from Netscaler

image

XenDesktop 7.5 and Windows Azure Pack Gallery Image

Yesterday Citrix announced a Tech Preview of a XenDesktop 7.5 Gallery image for Azure Pack.
For those so not familiar with Azure Pack, this is a portal which builds upon System Center (and some other tools) do deliver an Azure-like portal where you can setup some of the features like Azure does. I’ve blogged about it before if you want to know more about it here –> https://msandbu.wordpress.com/2013/06/28/azure-pack-configuration-for-windows-server-2012-r2/

Now a Gallery Image is where a end-user want to provision a new-service, he can either choose custom create of choose a finished Image from the gallery.
(A copy from the Azure Gallery)
image

Now imaging giving customers the ability to provision XenDestkop resources as they need it. Or just for the IT-guys to have a streamlined process of doing it. This is where the XenDesktop gallery image comes in.

Now what do we need to setup this image ?

* Windows Azure Pack
* Server 2012 R2 image sysprepped
* XenDesktop 7.5 Media
* The XenDesktop Gallery Image

Then we need to do alot of changes, first we need to create a new VHD which will contain the setup files. First go into disk management and create a new VHD (Which needs to be 4GB) which is called XenDesktop.vhd
image

image

After you created the VHD, mount it using Explorer and copy the content from the 7.5 ISO to the VHD file.
When you are done with this, go into the Virtual Machine Manager console, the into the library node and then click import physical resources.

image

Then choose “add resources”, select the XenDesktop.vhd then select which library server and destionation to store the VHD file. After it is finished importing right-click on it and choose properties. The set Famility to CitrixXenDesktopMedia, and then set the release to 7.5.0.0 and lastly set the operating system type to “none”

image

Then Click OK, after we are done with this we need to modify our operating system disk image. Does this need to be VHD ? YES! Azure Pack does not support VHDX. ) and it needs to be fixed)

Right-click on the sysprepped VHDX file and choose Properties, from there alter the Famility to which type of operating system it is running, in my case its
”Windows Server 2012 R2 Datacenter”

and set the release to 1.0.0.0 and then of course change the Operating System to Windows Server 2012 R2 Datacenter as well.

image

Click OK after you are done. Next we need to “tag” the virtual disks so that the gallery item can use to find the vhds.

Open up Virtual Machine Manager PowerShell console. Run the following command,

$myVhd = Get-SCVirtualHardDisk | where {$_.Name -match ‘sysprepped’} “Make sure that the name matches the name of your VHD file)

$tags = $myvhd.tag
$tags += «WindowsServer2012″
Set-scvirtualharddisk -virtualharddisk $myVHD -Tag $tags

$myVhd.Tag (This spits out the info so you can see that the tag is applied)

image

Now we need to import the Gallery image extention to the Library share, this can either be done by using the GUI or the PowerShell.

PowerShell

$libraryShare = Get-SCLibraryShare | Where-Object {$_.Name -eq ‘MSSCVMMLibrary’}
$resextpkg = «C:\Users\administrator.CONTOSO\Downloads\XenDesktopRole.resextpkg» (Here the path needs to be changed to where the resextpkg is located)
Import-CloudResourceExtension -ResourceExtensionPath $resextpkg -SharePath $libraryShare

image

Next we need to enter Azure Pack – admin site. Go into VM Clounds and Gallery and choose Import.

image

From here add the XenDesktopRole.resdefpkg, and verifies that it actually imports.

image

Next we need to make this item, public and add it do some different plans.
image

Go into the item and choose Make Public, then assign to some plans. If you don’t have any plans you need to create some from the plans menu pane within the Admin site.

So what now ? Open the Azure Pack site as and tenant which is enabled for the plan and choose from Gallery and see for yourself.

image

 

Then click next (From here the OS “sysprepped” image should appear and you need to have a virtual network in place before you can continue on here .

image

Next we can define which role this VM should have, and we can setup a XenDeskTop Controller but we still need to create the site after VM creation. But we can also deploy StoreFront, LicenseServer, Session Host and Desktop Director

image

Pretty cool!

Storefront monitor not working properly for HTTPS services in 10.5

Now I just recently became aware from Twitter that the 10.5 Netscaler monitor for Storefront is not working properly for HTTPS enabled Storefront servers.

image 

The problem with the monitor is that it uses an IP based check (and not a hostname based check) which would allow the monitor to work properly since the digital certificate it presents does not match its IP-address.

NOTE: This only fails if the monitor is matched against a SSL based service and you have configured the monitor with secure

image

Now in older versions of the monitor it had an own “hostname” parameter, but that is now deprecated. Now all we have is a Store name setting there.

There is a workaround which was listed on the Citrix forums by a member there.

Here’s a workaround:

  1. Edit the file /netscaler/monitors/nssf.pl
  2. At line 23, insert the following before the current ENV line:

$ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0;

So let’s see if Citrix fixes this issue in the next release! Smilefjes

Citrix Connector for System Center Configuration manager 7.5 walkthrough

Earlier today, Citrix released their updated System Center Configuration Manager connector to XenDesktop 7.5. It can be downloaded from here –> http://www.citrix.com/downloads/xendesktop/product-software/xendesktop-and-xenapp-75-connector-for-sccm.html note that it requires an mycitrix account in order to download it.

So what does it do ? well a couple of things. Mostly it’s about pushing software out to regular clients and servers including XenApp/XenDesktop servers where the clients might get the XD/XA version of an application. You can also use it to publish applications directly to XD/XA from Configuration Manager which makes it easy to maintain a consistant software library.

Now there are a couple of components here that are needed.

* Citrix Connector Service (This does the syncing, publishing and orchestration jobs between Configuration Manager site and the XA/XD site)

* Citrix DT handler (This component is needed on VDA servers/clients and on managed clients which you want to use the integration between) NOTE: There are different DT handlers for clients and VDA agents

image

So in my case I installed the Citrix Connector Service on my site server since it is a demo-enviroment. Now the installation is pretty straight forward.

1

Install both the service and the console extension

2

Enter a service account for the connector serivce

image

New in this release is the ability to define maintance windows, in case you want automated deployment to VDA agents.

image

Now after the installation is finished there are a few things which should be done first.

Make sure that Configuration Manager client is installed on the VDA agents you want to use with this deployment. Now you should create an application of the DT handler and deploy out to all VDA agents.

  • Using the following installation paramters msiexec /i «CitrixDTHandler_x64.msi» /q
  • Also all applications you want to publish should be pre-created and added to Configuration manager.

Now in my case, I have installed the DThandler on 1 VDA server, and have created 7-zip as an application in Configuration Manager. When we open Configuration Manager Console we have some new options. First of under Assets and Complliance we have the machine catalogs listed up

image

First of we need to deploy 7-zip to the machine catalog and VDA agents. After that Configuration Manager has gotten the info that the application has been installed

image

We can go ahead and do a publication action. Go into Software library and into Citrix Applications Publications andchoose Create Publication.

image

Then we run trough the wizard

image

Now the connector has been added a nifty new feature which check if all the prerequistes are in place.

image

So after we have done the wizard and the syncronization is complete the application will appear in the XenDesktop studio.

image

So now we have successfully installed 7-zip on a VDA agent and successfully published it from Configuration Manager. So this means that the application is available as an resource if the user starts up Citrix Receiver or logs into StoreFront.

Now onto the next option, what if we want users to get applications from Software Center or the Application Catalog (But they can start a citrix session if we want them to?) this is part of the DT handler on the managed clients.

Now let’s deploy 7-zip from Configuration Manager to some managed clients, first of we need to create a new deployment type which references the newly published applications. in the the deployment type choose XenApp

image

Under publishing you need to choose the existing Citrix deployment that was published earlier.

image

NOTE: Citrix DT handler needs to be installed on the clients.

Now go trough the wizard and after you are done with the wizard you need to give the XenApp deployment type a lower priority then the other option.

Now after you have created the deployment type and you want to deploy the appliaction you need to choose the clients or the users which are defined in the delivery groups

image

Now if you head over to the application portal on a managed client with a valid user, the application will appear.

image

Now if you click this application the configuration manager agent and the DT components will interact and publish the application in the receiver. If you have a valid single-sign-on deployment working on your Xendesktop enviroment you can see that 7-zip is published on the managed clients desktop

image

this is a quick walkthrough but it gives you the quick overview of what you can use this connector with. You can also integrate it with MCS and PVS, also we can integrate App-V applications. Also important to remember that with XenDesktop 7.5 you can integrate with Configuration Manager for Wake on lan functionality.

Configuring Front-end optimization with Citrix Netscaler

One of the new features in Netscaler 10.5 is called Front-End optimization (which actually is part of Netscaler enterprise and +) which allows Netscaler to optimize the HTTP traffic which is headed back to the client. Now let us take a look at some of the different settings.

image

Now first of we have the JavaScript section.
* Make Inline (This makes JS which are linked to a page to become inline instead, only affects JS which are less then 2 KB)
* Minify (Removes Whitespaces and comments from JS)
* Move to end of body tag (Moves a inline Javascript to the end of a body tag

Images
* Shrink to attributes (Shrinks an image to the specified size as the HTML tag
* Make inline (This makes Images which are linked to a page to become inline instead, only affects images which are less then 2 KB)
* Optimize (Removes non-image data from JPEGs, such as comments)
* Convert GIF to PNG (converts images from GIF to PNG)
* Lazy Load (Downloads images as a user scrolls down to them)

CSS
* Make Inline (This makes CSS files which are linked to a page to become inline instead, only affects CSS files which are less then 2 KB)
* Combine (Converts multiple CSS files into one)
* Move to head tag (Moves CSS defined in the body tag to the head tag)
* Image inline (Makes such as CSS backgrounds referenced in the CSS file as inline)
* Convert Imports to Links (Convert CSS import statements to HTML link tags)
* Minify (Removes Whitespaces and comments from JS)

HTML
* Remove Comments from HTML (Removes comments within the HTML files)

Extend Page Cache (
Enable Client side Measurements

Now you can take a look at how HTML will look after it is parsed trough this feature here –> http://support.citrix.com/proddocs/topic/ns-optimization-10-5-map/ns-feo-working-use-case.html

Now that you have some understanding on what it does, let’s go ahead and configure it. First we need to enable the feature and Integrated caching (since this is a prerequisite)

Enable both features

image

Now by default there are some premade actions, which define what options are enabled. For intance aggresive policy have most of the optimizations enabled.

image

Now for instance, lets say that we have a prefined load balanced server (which in my case is hosting a WordPress site) the vServer is called WEB-IIS in my case, go into Front-End Optimization –> Policy Manager –>

Here choose bind point, and virtual server

image

Next we need to bind a policy to the bind point. Remember that here we need to create a policy using an expression and attach it to the bind point.

image

I used HTTP.REQ.HOSTNAME expression here so in my case when a user accesses demo-webopt the user will be affected by the policy.

After you have added the policy, press OK then DONE and you are good to go.

So try to access the page and watch the statistics.

Now we can see that it has already managed to do some optimization after I tried to access the page a couple of times.

image

So with this feature it allows web-developers to be able to comment inline code without affecting the users, also being able to have a solid structure on CSS and JS without affecting the performance. Note that this feature is not suitable for all web applications, be sure to properly test the feature first.

Netscaler 10.5 review

Now since the release of 10.5 I have been able to test alot of the new features in the latest release. Citrix has also released new versions of Insight and Endpoint clients for Windows & Mac to match the new release.

The upgrades have so far for my part have been non-problematic (in case of a custom GUI you may need to recreate it) from 9.3 and even 10.1 builds. For those that are in a migration plan please refer to the migration document from Citrix http://support.citrix.com/proddocs/topic/ns-faq-map-10-5/ns-faq-migration.html

I have also seen a performance increase in some scenarioes.

There has also been an update on the clustering features, which didn’t caught my eye at first. http://support.citrix.com/proddocs/topic/ns-system-10-map/ns-cluster-feat-supp-ref.html Which allows us to have a Netscaler Gateway vServer running on a local Netscaler node.

Now the new build is 99% pure HTML which is great! there are still some features which still requires JRE, but this is going to be fixed in a future release.

The following features or nodes still require JRE:

  • System
    • Upgrade Wizard
    • Diagnostics
    • User Administration
      • Command Policies
      • Command Policy RegEx Editor
  • Visualizers
    • Network > Network Visualizer
    • Network > TCP/IP connections
    • Traffic Management > Load Balancing > Visualizer
    • Traffic Management > Content Switching > Visualizer
    • Traffic Management > GSLB > Visualizer
  • Security
    • Application Firewall
      • Application Firewall wizard
      • Add/ Edit/ Import profiles
      • Signatures
        • Add
        • Update Version
        • Auto Update Settings

Citrix has also made easier integrations for their own products such as XenDesktop/XenMobile/Sharefile and so on, which makes it easier for consultants to deploy Netscaler solution to provide availability for other products.

Now all of the new features are listed here –> http://support.citrix.com/proddocs/topic/ns-rn-main-release-10-5-map/netscaler-10-5-rn.html

One thing which I find is the most important featue in the latest build (besides the new GUI) is the front-end optimization feature which allows the Netscaler to reduce load and render times on web pages which are rendered on a client browser, after some intials tests with this feature I was able to save 60% of the load time. Since in most cases a web site is not optimized for speed, and therefore Netscaler might be an important piece there.

But to sum it up so far, I’m really impressed with the latest release and how Citrix has made Netscaler even more powerful with more then 100 more features, and makes it a more key component in most datacenters. Looking forward to the later releases to see what Citrix has up their sleeve! Smilefjes som blunker

Følg meg

Få nye innlegg levert til din innboks.

Bli med 60 andre følgere