Citrix ADC License

Citrix ADC License
Citrix ADC License

Citrix ADC MPX/SDX

Citrix ADC Hardware Platforms Enabling high performance application delivery with hardware appliances and multi-tenant support.

Citrix Application Delivery Controller (ADC) is the most comprehensive application delivery and load balancing solution for multi-cloud environments. Because its software and hardware form factors are all built on a single code base, Citrix ADC provides operational and feature consistency with comprehensive security for monolithic and microservices-based applications onpremises and in the cloud.

With pooled capacity licensing, you can easily move capacity across Citrix ADC form factors, clouds, and geographies to meet growing demand with no issues. Citrix Application Delivery Management (ADM) helps you achieve holistic visibility, management, and troubleshooting for your entire Citrix ADC fleet through a single, easy to use console

Citrix ADC Hardware Platforms Citrix ADC MPX Citrix ADC MPX is a physical appliance that provides powerful hardware-based application delivery and load balancing with options for high performance web application security and SSL offload support.

Citrix ADC SDX Citrix ADC SDX introduces fully isolated multi-tenant support on a single appliance for application workloads and groups. Deploying multiple virtual instances of Citrix ADC License on one hardware appliance allows for the consolidation of multiple load balancers and application rollout. Citrix ADC FIPS Platforms Citrix ADC offers specific physical and virtual platforms with FIPS 140-2 compliance to meet the strict compliance mandates of high security businesses and organizations. Learn more about the specific Citrix ADC FIPS platforms by visiting the

 

Citrix ADC License

Citrix ADC License

Technical Aspects

Citrix Gateway

  • Provides consolidation of secure remote access infrastructure with one URL
  • Provides SAML 2.0 federated identity to provide single sign-on (SSO) across all applications, whether in a data center or in a cloud
  • One URL to access any application
  • AlwaysON allows auto-reconnect of SSL VPN session when users are moving between networks
  • AlwaysON VPN allows to establish a VPN connection before Windows logon that help admin manage the laptop remotely
  • Integration with StoreFront allows importing UI changes from StoreFront to Gateway portal and vice versa
  • Gateway Insight for monitoring and troubleshooting all Gateway traffic for issues like authentication, EPA, single sign-on failures, etc.
  • nFactor authentication for all applications
  • Stateless RDP proxy
  • Support for Linux (Ubuntu 18 and 16.04)
  • Support for Mac (OS X 10.14, OS X 10.15)
  • Support for Windows 10, 8, 8.1 and 7 (32bit / 64bit)
  • Support for iOS 12 or later. Compatible with iPhone, iPad, and iPod touch.
  • Support for Android 7.0 and later Secure Access
  • Citrix Virtual Apps and Desktops and Citrix Endpoint Management, formerly XenMobile, integration
  • Device certificate scanning
  • Single sign-on using NTLM/Kerberos/SAML, etc.
  • SmartAccess: Adaptive application and action control enforced on Citrix Virtual Apps and Desktops servers
  • SmartControl: Adaptive application and action control enforced on Citrix Gateway, thereby providing centralized policy management and security at the edge
  • Integrated Citrix Gateway SSL VPN

For ADC versions after 11.1, the Standard edition includes (500) Universal licenses, Enterprise or Advanced editions include (1000) Universal licenses, and there are no Universal license requirements with Platinum or Premium editions. For versions previous to Citrix ADC 11.1, the Standard and Enterprise editions include (5) Universal licenses, and the Platinum edition includes (100) Universal licenses.

  • Endpoint analysis of user device
  • SAML 2.0 and nFactor; passwords for single sign on to appications running behind Citrix Gateway
  • AAA traffic management
  • SAML 2.0 and NTLMv1/2 support for configuring ADC with single sign-on (SSO)
  • Support for Active Directory, LDAP, RADIUS, TACACS +, OCSP, Diameter, etc.

L4-7 Traffic Management

Layer 4 Load Balancing (LB)

  • Protocols supported: TCP, UDP, FTP, HTTP, HTTPS, DNS (TCP and UDP), SIP (over UDP), RTSP, RADIUS, Diameter, SQL, RDP, IS-IS, SMPP
  • Algorithms: Round Robin, Least Packets, Least Bandwidth, Least Connections, Response Time, Hashing (URL, Domain, Source IP, Destination IP, and CustomID), SNMP-provided metric, Server Application

State Protocol (SASP)

  • Session persistence: Source IP, cookie, server, group, SSL session, SIP CALLID, Token-based, SESSIONID, Diameter AVP
  • Session protocols: TCP, UDP, SSL_TCP, Multi-path TCP, SPDY
  • Server monitoring: Ping, TCP, URL, ECV, scriptable health checks, Dynamic Server Response Time
  • Link load balancing Layer 7 Content Switching
  • Policies: URL, URL Query, URL Wildcard, Domain, Source/ Destination IP, HTTP Header, Custom, HTTP and TCP Payload Values, UDP, Diameter AVP
  • Switch requests based on protocol of incoming Packets

Database Load Balancing

  • Support for Microsoft SQL Server and MySQL
  • Switching algorithms include SQL query parameters such as user and database names and command parameters
  • Token-based load balancing provides advanced configuration for persistence and fault-tolerant deployments TriScale Clustering2
  • inScale-Outin with clustering up to 32 Citrix ADC License appliances into single system image and up to 3 Tbps throughput
  • Configuration Coordinator node for centralized management and synchronization
  • Compatible with Pay-As-You-Grow and Burst Pack performance upgrades
  • Traffic distribution mechanisms include: Equal Cost Multiple Path (ECMP), Link- sets, and Cluster Link Aggregation Group (CLAG)
  • Available on Citrix ADC MPX, SDX, and VPX
  • Modules may be configured on all nodes in a cluster or using “spotted VIPS,” in which they are added only to a select subset of nodes e-based Policy Enforcement
  • Trigger ADC policies based upon connections per second, packets per second, or bandwidth used
  • Source or destination-based upon header or payload information Traffic Domains
  • Allows overlapping IP addresses
  • Provides separate routing flows within a single appliance
  • Enables basic multi-tenancy implementations Admin Partitioning
  • Independent instances that share resources on the appliance
  • Maximum number of 512 admin partitions per appliance

Global Server Load Balancing (GSLB)

  • Algorithms: site health, geographic proximity, network proximity, connections, bandwidth, AG-E SSL, VPN users
  • Site health checking on status, connection load, packet rate, SNMP-provided metrics Surge Protection and Priority Queuing2
  • Adaptive rate control for TCP connections and HTTP requests
  • Prioritized transaction dispatch for critical application requests Carrier-grade Network Address Translation2
  • Support for: Full-cone NAT, Deterministic NAT, Endpoint-Independent Mapping and Filtering, Hairpinning
  • Application Layer Gateways: FTP, TFTP, ICMP, SIP, RTSP, PPTP, GRE Subscriber-aware Traffic Steering Policy control interface: Gx, RADIUS

Application Acceleration TCP Optimization

  • Multiplexing, buffering, connection keep-alive, windows scaling, selective acknowledgement, fast ramp, TCP Westwood
  • AppCompress
  • Gzip-based compression for HTTP traffic AppCache3
  • Caching for static and dynamic application content
  • HTTP GET and POST method support
  • Policies defined based upon HTTP header and body values

Application Security

DoS Attack Defense

  • Continue service to legitimate users while protecting against attacks such as SYN Flood, HTTP DoS, and Ping of Death
  • ICMP and UDP rate control Content Rewriting and Response Control
  • Policy-based bidirectional rewriting of HTTP headerand payload elements
  • Policy-based redirection of incoming requests
  • Body URL rewrite
  • Responder module
  • Custom responses and redirects
  • Policy-based routing
  • Network aware policies

SSL Encryption

  • Supports Thales nShield and SafeNet HSM integration

DNSSEC

  • DNS proxy
  • Authoritative DNS
  • DNS signing

Packet Filtering

  • Layer 3 and 4 Access Control Lists (ACL)
  • Network Address Translation (NAT)
  • IPv4/IPv6 Network Address Translation (NAT)

Citrix Web App Firewall with Hybrid Security Model3

  • Positive security model protects against: buffer

overflow, CGI- BIN parameter manipulation, form/ hidden field manipulation, forceful browsing, cookie or session poisoning, broken ACLs, cross-site scripting (XSS), command injection, SQL injection, error triggering sensitive information leak, insecure use of cryptography, server misconfiguration, back doors and debug options, rate-based policy enforcement, well known platform vulnerabilities, zero-day exploits, cross site request forgery (CSRF), credit card and other sensitive data leakage prevention

  • Negative security model with automatically updated

signatures to protect against L7 and HTTP application vulnerabilities

  • Integrates with third-party scanning tools
  • Common event format (CEF) logs
  • XML security: XML denial of service (xDoS)
  • XML SQL injection and cross site scripting, XML
  • message validation, format checks, WS-I basic profile compliance, XML, xPath injection attachment check,

xQuery Injection protection

  • WSDL scan prevention
  • Attachment checks
  • URLtransformation
  • Cookie proxy and encryption
  • SOAP array attack protection
  • IP Reputation Service
  • Enhanced service that provides a continuously updated list of malicious IP addresses in near realtime Cloud Connector for Citrix Networking
  • Network connectivity protection via IPSec security
  • Datacenter extension through GRE-based network bridging  Support for Citrix Endpoint Management MDM5
  • Front end optimization scalable to over 100,000 concurrent users
  • Citrix Gateway connector for Exchange ActiveSync provides a device level authorization service
  • Application level policy controlled SSL VPN tunneling for mobile clients Network Integration
  • Static routes, monitored static routes, weighted static routes
  • OSPF, RIP1/2, BGP2
  • VLAN 802.1Q
  • Link Aggregation 802.3ad
  • Stateful IPv6 to IPv4 network address translation and DNS64
  • Static and stateless network address translation from IPv4 to IPv6

High Availability

  • Active/Passive
  • Active/Active
  • VRRP
  • ECMP
  • Connection mirroring

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

Leave a Reply

Your email address will not be published. Required fields are marked *