NOTE: More detailes to come during the day!
So for some time now I have been part of the NetScaler 11.1 Beta, and as part of that I’ve been able to dig deep into the new features which are part of the GA release which came out earlier today.
So what’s new? There are some LARGE features which I have been looking forward to, and there are also some minor changes which are very welcome to the release! I can also take note that the upgrade from 11.0 to 11.1 in the beta firmware worked flawless.
New slick and improved interface, which is blaazing fast! I’m not kidding it is alot faster then the older 11.0 HTML 5 based web UI.
Even though you might think that there wasn’t much to be done there, but the interface is extremly fast now! and makes it a snap to do things in the UI.
It also includes Google like search to make it easier to navigate and locate different objects and policies.
and of course the simplest things are often the best, the save icon will now notify if there are unsaved changes on the appliance.
Simpler redirect of ports and HTTP to HTTPS from within the load balancing settings of a virtual server. This is only available on regular Load balancing virtual server.
New Theme portal which incorperates Unified Gateway look and feel. SO now the Unified Experience theme from Storefront is not included in NetScaler Gateway as its own theme. Bye bye old file share UI.
Which can now be configured from within the Virtual server
Now the coolest feature with 11.1 is the NetScaler Gateway feature and Always On! Which is an alternative to Direct Access and allows for the VPN client to start at boot-time and establish a connection with the NetScaler Gateway vServer at login.
This setting can be configured from within the session policy (Always ON = EaseofUse means that the client will try to connect automatically) and client control specifies if the user is allowed to disconnect the session or not.
But note that this feature like other VPN features requires a universal license for the enduser. Now as part of that the endpoint client also gotten a fresh new UI
With some better looking options pane as well,
HTTP/2 support for HTTP profiles for VPX! (This makes implementing HTTP/2 even easier! from a Microsoft point of view you need IIS 2016 to get HTTP/2 support, but if you are fronting a webpage with Netscaler you can just active this in HTTP profile! (Most web sites use HTTP/2 today so its a simple as a check box)
Easier managment of SSL (Certs, Keys and so on)! Doing certificate managmenet on a NetScaler hasn’t always been the easiest thing to do, sure it has gotten alot better! and with the 11.1 release its even easier, with an own menu option to list out the different stuff. We can also see that files are sorted based upon if they are keys /CSRs or certs.
VLAN to VXLAN bridge (This is more for MPX support but it allows us to map an VNI to a VLAN on the physical network, which allows to do ( clearlyhardware vTEP) support which is great!
Generate SAML Metadata to For instance Microsoft Azure or import the metadata into ADFS makes it even easier to set it up.
Configure HA heartbeat monitor on each Interface on NetScaler yay!
ICA latency profiles! Which can be bound to an ICA policy, which can be instance be used to determine if Drive mapping should be allowed if latency is above <40 MS latency for instance. ICA latency profiles is attached with an ICA policy and action. Which can then be sorted based upon different expressions as well.
Now at the end there are only two things that I need to know more about which is (Pooled licensing and delta compression) Which I would love to know more about but I haven’t been able to get alot of information about it yet.
Also some other mentions about new features that are included.
- SNI support for backend resources
- Support for TCP fast open in TCP Profiles
- TCP Hystart is disabled in the TCP profile ( this gives you better throughput in high-speed networks with high packet loss)
- New API called Install which can be used to update/downgrade appliances
- You can use a bulk GET API to fetch bindings of all the entities of a given entity type.
- The «start nstrace» command has a new parameter, -capsslkeys, with which you can capture the SSL master keys for all SSL sessions. If the capsslkeys option is enabled, a file named nstrace.sslkeys is generated along with the packet trace and imported into Wireshark to decrypt the SSL traffic in the trace file.
Think that is most of the updates from 11.1 stay tuned for our upcoming webinar from the MYCUGC Networking SIG to a little bit more deep dive on the 11.1 release, more information here –> http://bit.ly/2993ifP