Consolidation
Consolidation without
compromise
www.citrix.com
White Paper
Consolidation
White Paper
Executive summary
Virtualization of compute, storage and infrastructure is enabling the
transformation of enterprise datacenters into private clouds. The impact is
an unprecedented ability to consolidate infrastructure without compromise:
no change to service level agreements (SLAs), no loss of performance or
scale, and no regression in the organization’s overall security posture. Such
wholesale consolidation drives meaningful reduction in operating and capital
costs, and allows datacenter managers to demonstrate a dramatic ROI for a
myriad of virtualization technologies within the datacenter.
While server and storage virtualization have become mainstream elements of
modern datacenter designs, emerging virtual application delivery controllers
(ADC) promise to extend the benefits of virtualization into the core of the
networking infrastructure. Citrix Systems is leading the way in virtualizing
ADCs with its NetScaler® product line, including its new NetScaler SDX
service delivery platform. This paper outlines the compelling benefits of
consolidating networking services, and details why competing efforts
pursued by F5® with its new virtual Cluster Multi-Processing (vCMP™)
technology come up short for critical ADC consolidation projects.
NetScaler SDX offers a superior ADC consolidation platform when
compared to F5 VIPRION® with vCMP. These advantages span key
deployment criteria, including:
UÊ 2.5x Density – NetScaler enables more ADC instances to run
concurrently on a single platform, providing 2.5 times greater
consolidation density than F5.
UÊ Complete ADC Isolation – Unlike F5, NetScaler SDX solutions
fully isolate ADC system resources per instance—including SSL
and compression processing—so that one instance never impacts
the performance of another.
UÊ 100% ADC Functionality – Only NetScaler supports all ADC
features so that ADC devices can be consolidated without a loss of
functionality.
UÊ Pay-As-You-Grow Scaling – NetScaler SDX can uniquely increase
overall ADC capacity without having to add additional hardware.
Transforming datacenters and
enabling consolidation
Summary
s Consolidation reduces costs
s Virtualization enables
consolidation
s NetScaler leads in virtualization
technology
2
The value of virtualization derives primarily from two core capabilities:
1. Abstraction provides deployment flexibility and portability by enabling
higher-layer services to be de-coupled from underlying resources.
2. Multi-tenancy provides more efficient utilization and consolidation of
resources by enabling a single physical instance of a resource to be shared
simultaneously by multiple consumers.
Consolidation
White Paper
For example, with server virtualization, it is abstraction that allows
decoupling of the operating system from hardware, enabling virtual servers
to be migrated from one physical server to another. The related capability,
multi-tenancy, is what makes it possible for a single physical server to run
multiple virtual servers at once.
It is the presence of one or both of these capabilities across a range of
technologies and solutions that provides organizations with a multitude
of attractive consolidation benefits when transforming their enterprise
datacenter into a private cloud.
For server infrastructure:
UÊ Extensive consolidation can be achieved with server virtualization
since robust isolation and resource allocation capabilities enable
workloads for different tenants to securely and efficiently run on
the same physical server.
UÊ Further simplification of datacenter infrastructure is made possible
as leading server virtualization solutions enable virtual pools of
server resources to be used for high availability, disaster recovery
and automatic workload scaling.
UÊ Unified computing platforms that leverage virtualization
technology to enable integrated server, switch and storage modules
provide another option for architecting the access layer and
achieving yet another degree of physical consolidation.
For storage infrastructure:
UÊ Storage area network solutions eliminate the need for dedicated
disks or direct-attached storage.
UÊ Unified communications fabrics enable convergence of LAN data
and storage protocols, thereby reducing the need for a completely
separate set of network infrastructure for storage (i.e., adapters,
links and switches).
For network infrastructure:
UÊ Virtual switches that run as virtual machines (VM), or as an
integral feature of a hypervisor, introduce the potential to
completely eliminate the access tier of conventional three-tier
network designs, at least from a physical perspective.
Summary
s Decouple services from physical
s Go beyond server virtualization
s Virtualize network infrastructure
3
UÊ Alternatives to the Spanning Tree Protocol—such as virtual
PortChannel (vPC) technology from Cisco and IETF-TRILL—are
enabling a shift from highly scalable Layer 3 network designs
to highly scalable Layer 2 networks that are better suited to
meet the performance requirements of a virtualized computing
infrastructure. Combined with the availability of high-capacity,
non-blocking switches, this introduces the potential for “flatter”
datacenter designs that do not include a distinct aggregation tier.
UÊ The availability of virtual device instances for core switching
platforms introduces the possibility of both vertical and
horizontal consolidation. Vertical consolidation can be achieved
by optionally replacing physical aggregation-tier switches with
Consolidation
White Paper
virtual instances running on a core switching device. Horizontal
consolidation can be accomplished by “absorbing” into the
core switching platform any separate switches that might
otherwise operate in parallel. Switches may operate in parallel to
accommodate testing and development, support a newly acquired
business unit, or isolate a business unit that is being divested.
UÊ VLANs and virtual routing tables can logically maintain
isolation and individualized treatment for different tenants as
physical boundaries are eliminated in favor of consolidation and
simplification.
A major impetus for organizations to embrace virtualization is the
tremendous degree of consolidation it enables. The need for less
infrastructure not only reduces equipment costs and demand for precious
datacenter resources such as power, cooling, and space, it also helps trim a
wide range of operational expenses—including those associated with initial
deployment and integration, ongoing administration, and maintenance and
support contracts. Add in the strategic advantages of better application
performance, improved reliability, and superior responsiveness to changing
business conditions and it’s easy to understand why it is only a matter of
time before the vast majority organizations transform their datacenters using
virtualization technologies.
The need to virtualize other
datacenter services
What IT managers need to realize, however, is that other important pieces
to the datacenter virtualization puzzle remain. Specifically, the deployment
flexibility and multi-tenancy capabilities enabled by virtualization must be
supported for more than just server, storage and networking infrastructure.
To truly maximize available gains, similar capabilities should also be present
for other key elements of datacenter infrastructure, including ADCs. Further,
it is imperative these capabilities be available in sufficient variety and
capacity to support the broadest spectrum of potential datacenter designs.
Virtualizing ADCs
Summary
s Data center switching being
virtualized
s Horizontal and vertical
consolidation possibilities
s ADC is next data center element
to be virtualized
4
Successful ADC virtualization encompasses multiple technologies and
methods. First, the basic configurations for individual ADC tenants require
that traffic flows are completely isolated to ensure data and network
security. An inability to separate and isolate traffic between tenants will
fail to meet even the most lenient security requirements. Additionally, as
ADCs themselves get virtualized into software-based virtual appliances, the
resulting virtual form factors must deliver the same feature set, performance
and configuration flexibility as their physical counterparts. Feature parity
is an absolute must since it gives organizations the freedom to shift ADC
policies and workloads between physical and virtual appliances. Finally, new
generations of multi-tenant ADCs with native virtualization complete this
continuum by delivering an integrated platform to effectively consolidate
multiple discrete ADC devices.
Consolidation
White Paper
When investigating emerging technologies, enterprise IT professionals are
well advised to develop a strict set of evaluation criteria in order to select
the most suitable solution for the organization. For virtualized multitenant ADCs, datacenter managers should establish the following as hard
requirements:
UÊ High consolidation density – Enabling a large number of ADC
instances to run on a single platform, each with its own policy,
configuration and dedicated system resources.
UÊ Complete isolation of ADC resources – 100% isolation of
compute, memory and ADC processing resources (including SSL
acceleration and data compression) ensures that the performance
of one ADC instance never impacts another.
UÊ Full ADC feature support – Consolidation requires that all
existing ADC footprints can be consolidated without a loss of
functionality.
UÊ Pay-As-You-Grow Scalability – Datacenter managers must have
the ability to scale overall ADC capacity on-demand without
adding additional hardware.
How NetScaler provides a
superior consolidation solution
Citrix NetScaler is a fully integrated ADC that is deployed in front of web
and database servers. It optimizes application availability through advanced
layer 4-7 (L4-7) load balancing and traffic management, accelerates
performance, increases security with an integrated application firewall and
substantially lowers costs by increasing server efficiency.
NetScaler Virtualization
Keenly aware of both the trend toward highly virtualized datacenters and the
inevitable diversity of resulting datacenter designs, Citrix is leading the way
in the ADC market with three powerful options for meeting multi-tenancy,
virtualization and consolidation requirements.
Summary
s Meet strict ADC consolidation
requirements
s NetScaler embodies virtualization
s NetScaler is clear leader in cloud
5
NetScaler Traffic Domains. NetScaler has long offered the ability to associate
different sets of policies for load balancing, traffic management and other
application delivery functions with different virtual IP addresses (VIPs). All
NetScaler solutions support Traffic Domains., which builds on this capability
by supporting multiple tenants on an ADC platform so that communication
traffic is prevented from illegally crossing one tenant’s domain to another,
unless it is first routed to an external gateway and evaluated by an
appropriate security policy. This eliminates the need to create and maintain
static routes for each domain.
NetScaler VPX. A second option supported by Citrix is virtualization of the
ADC itself. NetScaler VPX was the one of the industry’s first ADC virtual
appliances and has become the clear leader in both public and private cloud
architectures. Since NetScaler VPX leverages the same software as Citrix’s
popular NetScaler MPX networking appliances, the two solutions maintain
100% functional parity.
Consolidation
White Paper
Unlike many competing virtual appliance implementations, NetScaler
VPX is:
UÊ A full-featured solution incorporating all ADC functionality,
including L4-7 load balancing, application firewall security,
dynamic content caching, application performance monitoring
and a robust SSL VPN capability
UÊ A high-performance solution capable of handling traffic up to
3 Gbps or more
UÊ An open solution capable of operating not only on Citrix®
XenServer®, but also on Microsoft® Hyper-V™ and VMware®
ESX/ESXi
NetScaler SDX. NetScaler Traffic Domains and NetScaler VPX are essential
because they enable ADCs to support datacenters with a high degree
of virtualization and consolidation of other infrastructure components
such as servers, storage and switches. The next logical step, however, is a
solution that also consolidates the ADC itself. NetScaler SDX represents
the third option for meeting multi-tenancy, virtualization and consolidation
requirements.
It has long been common practice to deploy dedicated ADC appliances
for each application in order to ensure maximum availability and avoid
jeopardizing performance SLAs. Unfortunately, this approach also led to
expensive and difficult to manage application silos. Now, as these silos
crumble in favor of shared but logically isolated infrastructure, there is a
distinct opportunity for horizontal consolidation of ADCs across multiple
applications. This is particularly true for application delivery infrastructures
that were intentionally over provisioned and that have ADCs operating well
below their rated capacity.
Also present is the opportunity for vertical consolidation. Facilitated by the
steady dissolution of the network perimeter and widespread availability
of numerous network-based isolation techniques, organizations might
also decide to bring together ADCs used at different tiers of a multi-tier
application. This way a single ADC can support the DMZ, web application
and database tiers.
Summary
s Leading NetScaler VPX virtual
appliance
s New NetScaler SDX platform
s Complete ADC consolidation
solution
6
Consolidation
White Paper
DMZ
F5 BIG-IP
F5 BIG-IP
Consolidated Services
Delivery Platform
Web / Application Servers
F5 BIG-IP
Web / Application Servers
NetScaler SDX
F5 BIG-IP
F5 BIG-IP
Data
Data
Figure 1: ADC Consolidation Opportunities
Citrix’s new NetScaler SDX is uniquely suited to accommodate either type
of consolidation initiative. An innovative solution for consolidating ADCs,
NetScaler SDX enables multiple, independent, full-featured NetScaler
instances to run on a single physical appliance. NetScaler SDX is an
optimized combination of two proven solutions in their own right, NetScaler
VPX and Citrix XenServer. It enables today’s organizations to reduce their
ADC footprint and total cost of ownership (TCO) by pursuing opportunities
for both horizontal and vertical consolidation of discrete, standalone
ADC devices.
NetScaler SDX squarely meets the four fundamental requirements for
a natively virtualized ADC consolidation solution.
1. Density – Up to 40 NetScaler ADC instances can run independently on a
single NetScaler SDX platform. This impressive level of density supports
the most ambitious consolidation projects.
2. Isolation – All critical system resources, including memory, CPU and SSL
processing capacity are assigned to individual NetScaler instances. This
is essential to ensuring that resource demands made by one tenant do not
negatively impact other tenants running on the same physical system. It
also provides greater security for each ADC instance by providing full
separation of traffic flows.
Summary
s Built with Xen virtualization
s Consolidate up to 40 ADCs
s Maintain isolation and
functionality
7
3. Full ADC Functionality – NetScaler SDX supports 100 percent of the
ADC functionality available with both hardware-based NetScaler MPX
appliances and software-based NetScaler VPX virtual appliances. This
enables NetScaler SDX to consolidate all existing ADC deployments
without any policy constraints.
Consolidation
White Paper
4. Pay-As-You-Grow – The Pay-As-You-Grow option delivers on-demand
elasticity enabling organizations to easily scale ADC capacity to keep
pace with application traffic growth. And because it leverages a softwarebased architecture, NetScaler SDX can scale performance and capacity
with a simple software key, eliminating expensive hardware purchases
and upgrades.
NetScaler MPX
NetScaler VPX
NetScaler SDX
Form factor
Hardened network
appliance
Software-based
virtual appliance
Hardened network
appliance
ADC density
1
1
Up to 40
Performance
Up to 50 Gbps
Up to 3 Gbps
Up to 50 Gbps
Full ADC functionality
Pay-As-You-Grow
Table 1: Comparative summary of NetScaler solutions
How F5 Stacks Up
Similar to Citrix, F5 has recognized the market need to consolidate ADC
footprints. The company’s new virtual Cluster Multi-Processing (vCMP)
technology promises to consolidate up to 16 separate BIG-IP “guests” into
a single system. vCMP-based consolidation is supported in VIPRION 2400
and 4400 chassis-based systems, and can provide impressive raw throughput
capabilities. Further, systems equipped with vCMP technology can run
F5’s Global Traffic Manager (GTM) module for global load balancing
capabilities, as well as the company’s Application Security Module (ASM)
for web application firewall security.
While vCMP enables a step towards consolidation, F5’s core architectural
approach leads to various deployment shortcomings. For example, reliance
on third-party virtualization technology that is both immature and lacking
a proven track record in major cloud infrastructures significantly limits the
number of ADC instances that can run concurrently on a single platform.
Additionally, vCMP technology is supported only on VIPRION chassisbased systems, putting it out of the reach of mainstream enterprise customers
who prefer network appliance solutions. Further, vCMP does not support all
F5 modules, such as WebAccelerator, or all ADC features, such as SSL VPN
capability. Consequently, vCMP will significantly limit the consolidation of
new or existing ADC deployments.
Citrix NetScaler SDX provides a more complete solution with greater
tangible value for customers.
Summary
s F5 VIPRION with vCMP
s Basic ADC consolidation device
s Significant architectural
shortcomings
8
Consolidation
ADC density (max
instances per platform)
White Paper
NetScaler SDX
F5 VIPRION with vCMP
40
16
Basic system isolation
(CPU and memory)
Isolation of core ADC
processing (SSL
acceleration and
compression)
ADC functionality
supported
Not supported
Missing key capabilities
(E.g. dynamic caching and SSL VPN)
All
Pay-As-You-Grow
elasticity
No (requires additional hardware purchase)
Table 2: Comparative summary of ADC consolidation solutions
Real world ADC Consolidation
Customer Requirement – Consolidate eight (8) individual ADC appliances into a single platform. Performance
requirements: 1 Gbps throughput and 500 Mbps SSL throughput per ADC.
Citrix NetScaler SDX 11500
F5 vCMP VIPRION 2400
$90,000
$0
Chassis
$0
$9,995
Additional hardware
$0
$119,990
(VIPRION 2100 blades)
Performance pack
license
$0
$59,995
Consolidation license
(8 instance minimum)
$20,000
$19,995
Total solution cost
$110,000
$209.975
Appliance
NetScaler savings
advantage
$99,975 savings
48% less expensive than F5
Table 3: Real world consolidation example with NetScaler SDX and F5 vCMP
Understanding F5 vCMP
Limitations
Summary
s NetScaler SDX beats F5 vCMP
s Meets all consolidation
requirements
s More cost effective
9
Short on ADC Density – From the perspective of protecting an organization’s
investment, successful consolidation requires a platform that not only
absorbs the existing number of ADC devices in the network, but also has
the headroom to handle future needs. Even with a fully populated VIPRION
chassis, F5 vCMP customers are unable to consolidate more than 16 guests.
In comparison, NetScaler SDX offers a 2.5x advantage by supporting a
maximum of 40 guests.
Consolidation
White Paper
Maximum Number of ADCs per Platform
ADC Consolidation Density
40
16
Citrix NetScaler SDX
F5 VIPRION
Figure 2: Comparing ADC consolidation density
Much of the NetScaler SDX advantage derives from the use of industrygrade XEN virtualization technology by Citrix, which powers cloud and
data center infrastructures at massive scale. Leveraging proven virtualization
technology is critical, as any issue occurring at the virtualization layer has
the potential to impact all ADC tenants running on the platform.
Limited Functionality – vCMP does not support the complete set of ADC
functionality delivered on F5’s BIG-IP hardware appliances. For example,
neither WebAccelerator nor Access Policy Manager (APM) features are
supported. Consequently, a vCMP guest cannot support core functionality
such as caching of dynamically generated web content or SSL VPN security.
This limitation alone may prevent customers from consolidating existing
ADC devices. At the very least, they may have to reduce their ADC policy to
fit the resulting constraints of vCMP.
Incomplete ADC isolation – Although F5’s vCMP technology isolates CPU
and memory resources between guests, it does not allow customers to
dedicate SSL processing resources per guest. Consequently, a single vCMP
guest can potentially starve adjacent tenants of SSL resources, resulting
in much higher application latency or dropped sessions. In fact, F5’s own
vCMP customer guidelines warn customers against implementing the
strongest level of SSL security for any single application for this very reason.
Summary
s F5 consolidation limits ADC
functionality
s No isolation of SSL processing
s Expensive to scale up
10
No Pay-As-You-Grow – F5 BIG-IP and VIPRION solutions do not
allow customers to scale performance on-demand without the purchase
of additional hardware. While this limitation persists throughout the
F5 product line, vCMP further complicates deployment decisions by
unnecessarily making ADC density and performance interdependent. To
add more vCMP guests, for example, F5 requires customers to purchase
additional hardware blades—the same way they would buy more blades to
increase aggregate performance. A better-designed solution would enable
customers to separate investments in density and overall performance.
Limited Platform Options – Consolidation of ADC functionality is attractive
to organizations of all sizes. Putting this capability within reach of the
Consolidation
White Paper
broadest range of customers demands both affordability and choice of
platforms. With NetScaler SDX, organizations can choose among nine
different appliance platforms to best accommodate their price/performance
requirements. In contrast, F5’s approach to ADC consolidation requires
investment in relatively expensive chassis-based products.
Two Chassis Systems
No Appliance Solutions
u-G
row
42 Gbps
18 Gbps
-Yo
-As
-As
-Yo
24 Gbps
50 Gbps
35 Gbps
Pay
u-G
row
36 Gbps
Pay
Density and Performance
Multiple Price-Performance Options
12 Gbps
VIPRION 2400
VIPRION 4400
20 Gbps
8 Gbps
Citrix NetScaler SDX
F5 vCMP
Figure 3: Platform options for ADC consolidation
Conclusion
ADC consolidation within next-generation datacenter architectures brings
step-function improvements in overall IT agility and drives lower operational
and capital costs. For real-world ADC consolidation projects NetScaler
SDX beats F5 VIPRION running vCMP technology in meeting key customer
requirements. These advantages include:
UÊ NetScaler provides 2.5 times greater density to consolidate more
ADC workloads.
UÊ Unlike F5, NetScaler isolates key ADC processing resources for
individual instances to ensure the performance of each ADC
instance.
UÊ Only NetScaler SDX is capable of consolidating 100% of ADC
functionality offered in standalone appliances.
UÊ NetScaler Pay-As-You-Grow provides a 5x capacity increase with
no additional hardware.
Summary
s Multiple NetScaler deployment
options
s Multiple price-performance
choices
s NetScaler SDX beats F5 vCMP
11
Worldwide Headquarters
Citrix Systems, Inc.
851 West Cypress Creek Road
Fort Lauderdale, FL 33309, USA
T +1 800 393 1888
T +1 954 267 3000
Americas
Citrix Silicon Valley
4988 Great America Parkway
Santa Clara, CA 95054, USA
T +1 408 790 8000
Europe
Citrix Systems International GmbH
Rheinweg 9
8200 Schaffhausen, Switzerland
T +41 52 635 7700
Asia Pacific
Citrix Systems Hong Kong Ltd.
Suite 6301-10, 63rd Floor
One Island East
18 Westland Road
Island East, Hong Kong, China
T +852 2100 5000
Citrix Online Division
6500 Hollister Avenue
Goleta, CA 93117, USA
T +1 805 690 6400
www.citrix.com
About Citrix
Citrix Systems, Inc. (NASDAQ:CTXS) is a leading provider of virtual computing solutions that help companies deliver IT as an
on-demand service. Founded in 1989, Citrix combines virtualization, networking, and cloud computing technologies into a full
portfolio of products that enable virtual workstyles for users and virtual datacenters for IT. More than 230,000 organizations
worldwide rely on Citrix to help them build simpler and more cost-effective IT environments. Citrix partners with over 10,000
companies in more than 100 countries. Annual revenue in 2010 was $1.87 billion.
©2011 Citrix Systems, Inc. All rights reserved. Citrix®, Citrix XenDesktop™, Citrix XenApp™, Citrix XenClient™, Citrix
GoToMeeting® and Citrix GoToAssist® are registered trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries
and may be registered in the U.S. Patent and Trademark Office and in other countries. All other trademarks and registered
trademarks are property of their respective owners.
0911/PDF
