Net scaler competitive deck 12oct11

Citrix NetScaler Competitive OverviewRob Chen, NetScaler Product Marketing

Citrix Confidential - Do Not Distribute

Gartner ADC Magic Quadrant


Best in class…

Functionality Performance Flexibility


Functionality

Functionality

• Leading feature set• DataStream• AppFlow• XD/XA integration• Application firewall• SSL VPN


Performance

Performance

• 10 Mbps – 50 Gbps• 4.4 Million HTTP requests/sec• Industry leading performance for 2048-bit – 90,000 TPS• 12 Gbps AppFW throughput• Best price/performance


Flexibility

Flexibility

• Choice of form factors: MPX, SDX, VPX• All features available on all platforms• Pay-as-You-Grow & Burst Licensing• AppExpert Policy Engine• Cloud Ready (CloudBridge, CloudGateway, CloudConnectors)


1. Pay-as-You Grow elasticity2. 2x faster 2048-bit SSL performance3. Higher density ADC consolidation solutions4. 100% feature parity for virtual appliances5. Innovative cloud bridging and cloud gateway functionality 6. Open, standards based application visibility7. SQL-intelligent load balancing and offloading8. Simple, highly intuitive policy engine

8 Reasons Why NetScaler Beats F5


Pay-as-You-Grow



NetScaler delivers better price/performance


Better ADC Consolidation

F5 Module Restrictions by PlatformF5 Platform OS Support VE VE Lab 1600 3600 3900 6900 8950 11050 VIP 4400 VCM

B4200 VIP 2400 VCMP B2100

TMOS FeaturesLTM Enterprise package ---- ---- 9.4.6 9.4.6 9.4.8 9.4.6 10.2.0 10.2.0 +PX 11.0 +PX 11.0

Add-on features: routing, ACA, SSL, CMP, IPv6, RS, caching

11.0 11.0 9.4.6 9.4.6 9.4.8 9.4.6 10.2.0 10.2.0 9.6.1 11.0 ---- ----

Analytics (AVR) 11.0 11.0 11.0 11.0 11.0 11.0 11.0 11.0 ---- ---- ---- ----DNSSEC (req. GTM) 11.0 11.0 10.1.0 10.1.0 10.1.0 10.1.0 10.2.1 10.2.1 11.0 11.0 11.0 11.0FIPS Hardware ---- ---- ---- ---- ---- 9.4.8 ---- 11.0 ---- ---- ---- ----

Dual Product ComboLTM + LC ---- ---- 9.4.6 9.4.6 9.4.8 9.4.6 10.2.0 10.2.0 ---- ---- ---- ----LTM + GTM 11.0 11.0 9.4.6 9.4.6 9.4.8 9.4.6 10.2.0 10.2.0 11.0 11.0 11.0 11.0LTM + WBA ---- ---- 11.0 9.4.6 9.4.8 9.4.6 10.2.0 10.2.0 ---- ---- ---- ----LTM + WA Bundle ---- ---- 11.0 9.4.8 10.2.0 10.2.0 ---- ---- ---- ----LTM + ASM 11.0 11.0 11.0 9.4.6 9.4.8 9.4.6 10.2.0 10.2.0 10.0.1 11.0 11.0 11.0LTM + APM 11.0 11.0 10.2.1 10.1.0 10.1.0 10.1.0 10.2.0 10.2.0 ---- ---- ----LTM + WOM 11.0 11.0 10.1.0 10.1.0 10.1.0 10.1.0 10.2.0 10.2.0 ---- ---- ----LTM + WOM Bundle ---- 11.0 10.1.0 10.1.0 10.1.0 10.2.0 10.2.0 Triple Product ComboLTM + WBA + ASM ---- ---- ---- 11.0 10.1.0 10.0.1 10.2.0 10.2.0 ---- ---- ---- ----LTM + WBA + WOM ---- ---- ---- 11.0 10.1.0 10.0.1 10.2.0 10.2.0 ---- ---- ---- ----LTM + APM + WBA ---- ---- ---- 11.0 10.1.0 10.1.0 10.2.0 10.2.0 ---- ---- ---- ----LTM + APM + ASM ---- 11.0 ---- 11.0 10.1.0 10.1.0 10.2.0 10.2.0 ---- ---- ---- ----LTM + ASM + WOM ---- 11.0 ---- 11.0 11.0 11.0 11.0 11.0 ---- ---- ---- ----LTM + GTM + ASM ---- 11.0 ---- 11.0 10.1.0 10.0.1 10.2.0 10.2.0 ---- ---- ---- ----LTM + GTM + WBA ---- ---- ---- 11.0 11.0 11.0 11.0 11.0 ---- ---- ---- ----LTM + GTM + WOM ---- 11.0 ---- 11.0 11.0 11.0 11.0 11.0 ---- ---- ---- ----LTM + GTM + APM ---- 11.0 ---- 11.0 11.0 11.0 11.0 11.0 ---- ---- ---- ----LTM + WOM + APM ---- 11.0 ---- 11.0 11.0 11.0 11.0 11.0 ---- ---- ---- ----LTM + ASM+LC ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ----LTM + LC+ other module ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ----


ADC Capability F5 NetScaler

Virtual ADC software Virtual Edition: Does not support full ADC feature set as BIG-IP appliances

NetScaler VPX: 100% feature parity with NetScaler MPX appliances

Cloud Bridging: secure and

transparent network connectivityLimited

Yes, with Cloud Bridge: Includes site-site VPN, routing and WAN optimization

Single point of control for SaaS, web and enterprise apps

No support NetScaler Cloud Gateway

Citrix NetScaler vs. F5 Cloud-ready Networking

• Democratizes application visibility• True open standard open format• Delivers choice to the market• Leverages existing footprints• Cloud-ready – no span port

required

Citrix NetScaler is AppFlow-ready.

AppFlow ™

F5 TCP LB vs Custom Scripts vs NetScaler SQL LB

Feature/Benefit F5 TCP LB Custom

Scripts

DataStreamTM

SQL LB

Scale-up TCP connections

SQL connection offload

Native SQL LB

Scale out read-only servers

High Availability

Intelligent monitors

SQL content SwitchingRead/Write split & Sharding


ADC Capability F5 NetScaler

Policy creation and management Limited policy creation available in GUI.

Requires iRules and TCL scripting for

most L7 policies

AppExpert Visual Policy Builder. Intuitive framework

with no programming requirement.

Open, standards-based application visibility Not supported. Proprietary reporting only.

Supports Citrix AppFlow standard with broad

ecosystem support.

Graphical visualization tools Limited offerings in v11Multiple policy visualization facilities (network, global

load balancing, and application infrastructure)

Centralized management and

configuration

Enterprise Manager (additional

purchase)

Command Center (included with Enterprise and Platinum editions)

Real-time and historical user experience monitoring

Third-party support only NetScaler EdgeSight

Integrated Web Interface support for XenApp & XenDesktop No Full integration

URL and content rewrite Yes. Content rewrite for any TCP Yes. Content rewrite on any HTTP

Citrix NetScaler vs. F5Policy Management

• F5 illegally modifies settings in XenDesktop’s underlying protocol, ICA, so that BIG‐IP can act as forward proxy for XenDesktop clients• Exposes the internal network and host information to potential hackers• XenDesktop clients can’t validate that a particular file originated from a trusted source• May prevent users from accessing their XenDesktop when behind an actual proxy server

• Lacks Secure Ticketing Authority (STA) so hackers can emulate F5’s approach and gain access

• No support for Citrix SmartAccess policies

• No support for ICA signing, preventing XenDesktop from validating that an ICA file originated from a trusted source

Only NetScaler Offers True XD/XA Support

• Not a long‐term solution ‐ F5 has reverse engineered Citrix’s client authentication methods in their Access Policy Manager (APM). Any Citrix revision to methods will break XenDesktop.

• F5 deployment guide violate Citrix best practices by instructing that non‐secure ports be used for XML broker services and Web Interface traffic – potentially compromising user credentials

• Requires that IT managers closely adhere to 100+ pages of detailed deployment guides and modify unsupported iRules (TCL‐based scripts). No configuration wizards to avoid errors.

Only NetScaler Offers True XD/XA Support (cont.)


•ACE is not “best-in-class”•ACE is not a strategic product for Cisco•ACE lacks advanced ADC features•ACE provides poor price/performance•ACE is NOT suited for cloud deployments•ACE does not provide integration with XenDesktop/XenApp

Cisco Ace: Executive Summary


•ACE30 Module for Cisco Catalyst 6500 and Cisco 7600•ACE 4710 appliance•ACE GSS 4492R Global Site Selector•ACE Web Application Firewall (EOS: Aug 2010)•ACE XML Gateway (EOS: Aug 2010)

Cisco ACE Product Line


Key ACE Limitations

•No IPv6 support•No ACE module for Nexus 7000•No optimization for 2048-bit SSL certificates•No 10G interfaces on ACE 4710 appliance•No stateful HA•No virtual appliance

5 Reasons Why ACE Is Being Replaced

Fails to Meet SSL Requirements

• No optimization for 2048-bit SSL• Dramatically behind industry in SSL transaction/sec performance• ACE appliance maxes out at only 1 Gbps SSL (No Pay-Grow for SSL)

No ADC Innovation

• Lacks most basic ADC functions (e.g. app firewall, caching and GSLB)• Years away from advanced ADC features (e.g. database LB, app visibility)• Expensive Catalyst or 7600 required to achieve performance > 4 Gbps

Primitive Management

• No pre-defined policies or configurations • No application templates for popular enterprise apps• Graphical UI missing visualization and basic policy definition tools

Zero XD/XA Integration

• No awareness or visibility of XenDesktop/XenApp infrastructure• Unable to monitor critical XD/XA services to ensure 100% availability• Cannot support secure access to XD/XA (no SSL VPN)

Not Ready for the Cloud

• No virtual appliance option• No multi-tenancy – lacks software and resource isolation• Management plane does not scale for multiple tenants

No Multi-tenancy. No Consolidation. No Scalability. No Dice.

No virtualization = No multi-tenancy

• ACE architecture does not support true virtualization• Contexts aren’t separate instances, but partitions of a shared instance• Cannot directly allocate and hardwall CPU and memory per context

Wrong Platform for ADC

Consolidation

• No context-level lifecycle independence. All or nothing for entire device. • No context-level version independence. All or nothing for entire device.• No context-level HA. All or nothing for the entire device.

Does Not Scale

• All contexts share a single management plane• All management entities are shared across system – no isolation• Lack of resource hardwalling means one context can overrun another


•ACE has lost nearly half of its ADC market share in 3 years•2007: 32%•2010: 17.4%

•Current execution issues forcing Cisco to focus on core routing and switching business and deprecate others

•ACE is not currently a strategic product for Cisco•Application delivery and security is not a focus for Cisco•Three years behind - last major ACE software release was in 2008•EOS’d complementary products (Web Application FW and XML Gateway)

Cisco ACE is a laggard…


Cisco’s steep decline in market share says it all…

1 2 3 40%

5%

10%

15%

20%

25%

30%

35%32%

31%

24%

17%

Cisco ACE – ADC Market Share

2007 2008 2009 2010

Source: Gartner


Cisco ACE Feature Analysis – Load BalancingFeature NetScaler ACE 30 Module ACE 4710 Appliance

L4 load balancing ✔ ✔ ✔

L7 content switching ✔ ✔ ✔

Database load balancing DataStream X X

XML content switching ✔ X X

Rate limiting ✔ BW only; no PPS limiting;no alerting or responder

BW only; no PPS limiting;no alerting or responder

IPv6 support ✔ X X

Global load balancing ✔ Requires Cisco GSS Requires Cisco GSS

Dynamic routing protocols

✔ ✔ ✔

Surge protection ✔ X X

Priority queuing ✔ X X

Health Monitoring Limited scale and functionality

Limited scale and functionality


Cisco ACE Feature Analysis– App Acceleration

Feature Category NetScaler ACE 30 Module ACE 4710 Appliance

Client and server TCP optimizations

✔ ✔ ✔

Compression ✔ ✔ ✔

Caching ✔ X ✔

Pre-fetch cache invalidation

✔ X X


Cisco ACE Feature Analysis – Offload

Feature NetScaler ACE 30 Module ACE 4710 Appliance

TCP buffering ✔ ✔ ✔

TCP multiplexing ✔ ✔ ✔

SQL multiplexing ✔ X X

SSL offload ✔ ✔ ✔

2048-bit SSL Optimization

✔ X X

Cache redirection including multi-layer support

✔ X X


Cisco ACE Feature Analysis – Security


L4 DoS defenses ✔ ✔ ✔

L7 content filtering ✔ ✔ ✔

HTTP/ URL rewrite ✔ Headers only Headers only

SSL VPN ✔ X X

L7 DoS defenses ✔ X X

AAA for traffic management

✔ X X

Application firewall ✔ X X

XML security ✔ X X


Cisco ACE Feature Analysis – Management


App visual policy builder ✔ X X

App service callouts ✔ X X

App templates ✔ X X

App visualizer ✔ X X

Role-based admin. ✔ ✔ ✔

AAA for administration ✔ ✔ ✔

Configuration wizards ✔ X X

Native Citrix Web Interface

✔ X X

Unified management ✔ ✔ ✔

Application performance monitoring

✔ X X


Cisco ACE30 Module Price/Performance Analysis

CategoryCisco

ACE 30NetScaler

MPX 14500

Throughput (Gbps) 16 16

L7 CPS (k) 200 1600

Max Conn Capacity (M) 4 25

SSL TPS (k) 30 95

SSL Bulk (Gbps) 6 7

Compression (Gbps) 6 4.5

Pricing $130K (w/GSLB) $125K – EE

MPX 14500 offers up to 8X greater performance than ACE 30 for $5K less

8X

6X

3X


Cisco ACE 4710 Price/Performance AnalysisCategory ACE 4710

(500 Mbps)NetScalerMPX 5500

ACE 4710(1 Gbps)

NetScalerMPX 7500

ACE 4710(2 Gbps)

NetScalerMPX 9500

ACE 4710(4 Gbps)

NetScalerMPX 9700

Throughput (Gbps) .500 .500 1 1 2 3 4 4

L7 CPS (k) 30 50 30 100 30 200 30 450

Max Conn Capacity (M) 1 1.5 1 5 1 5 1 10

SSL TPS 7500 5000 7500 10000 7500 20000 7500 20000

SSL Bulk (Gbps) 1 .500 1 1 1 3 1 4

Compression (Gbps) .500 .500 1 1 2 2 2 4

Pricing:4710 vs SE

$16K $12K $30K $22K $40K $32K $50K $37K

Pricing:4710+GSS vs. EE+Cache

$36K $26K $50K $36K $60K $50K $70K $55K

MPX Delivers 3X – 10X Greater Performance for Less $$$ than ACE 4710


•ACE is not an ADC market leader•ACE is not a strategic product for Cisco•ACE offers poor price/performance•ACE product is missing key functionality and support• IPv6•2048-bit SSL optimization•No 10G support for 4710 appliance and no module for Nexus 7000

•No ACE virtual appliance•Zero XenDesktop/XenApp support

Summary

On-boarded Alteon installed base• WW share grew to 9%• Added to presence in EMEA and APAC

Good tactical sales execution• Link load balancing (LinkProof)• OEM of Imperva (AppWall)

Telco Focus• SIP opportunities

Compelling vision for virtual ADCs• Virtual App Delivery Infrastructure (VADI) • Multi-tenant solution (ADC-VX)• Soft ADC

StrengthsWhat They’re Doing Right

Still Missing Key ADC Capabilities

• SSL VPN• Performance monitoring (EdgeSight)• Large-size cache (750 MB max)• Rewrite• Call-outs• Cache redirection• Responder• Flexible cache and compression policies• Usable Pay-as-you-Grow model

AppWall $20,000 Imperva OEM

AppXML $41,000 Open Systems OEM

AppDirector $33,900

1Gbps Radware Solution Total Cost

$94,900

NetScaler 7500 Platinum$45000

1Gbps NetScaler Solution Total Cost

$45,000

Radware - Point Solution Approach Citrix NetScaler - Integrated ADC Solution

Fragmented & Expensive Portfolio

Load balancer

App Firewall

XML Delivery

AppWall $20,000 Imperva OEM

AppXML $41,000 Open Systems OEM

AppDirector $33,900

1Gbps Radware Solution Total Cost

$117,900

NetScaler 7500 Platinum$45000

1Gbps NetScaler Solution Total Cost

$45,000

Radware - Point Solution Approach Citrix NetScaler - Integrated ADC Solution

Fragmented & Expensive Portfolio

Load balancer

App Firewall

XML Delivery

App Acceleration AppXcel $23,000

• Native Load Balancing support for Branch Repeater • Integrated end-to-end Citrix solution

• Enables large scale datacenter deployment of Branch Repeater• 20X increase on max. users/concurrent active TCP connections using MPX 5500 • 100X increase on max. bandwidth using MPX 21500• 10G aggregated link with MPX

• Supports normal HTTP processing along with WAN Optimization in NS

• Enables DC to DC disaster recovery BR deployments

Load Balancing for Branch Repeater

Increases scalability and enables BR to address large scale opportunities

F5 Networks Low to Mid Range Comparison


NS MPX 5500

F5 1600

NS MPX 7500

F53600

NS MPX 9500

F53900

F5 6900

NS MPX 11500

L4/L7 Throughput-Gbps 0.5 1.0 1.0 2 3 4 6 8

HTTP RPS (K) 50 100 100 135 200 400 600 800

TCP CPS (K) 115 60 170 115 335 175 220 1000

TCP Sessions 1.5M 1M 5M 4M 5M 8M 8M 13M

SSL Throughput-Gbps 0.5 1 1 2 3 2.4 4 6

SSL TPS (K)-1K/2K 5/1 5/1 10/3 10/2 20/5 15/3 25/5 54/11

Compression (Gbps) 0.5 1 1 1 2 3.8 5 2.5

Module limits NO Two NO Three NO Four Six No

Price-Enterprise $22,000 $30,500 $32,000 $42,500 $42,000 $53,000 $75,000 $65,000

Rated Power /quantity 300W/1 300W/1+1 450W/1+1 300W/1+1 450W/1+1 300W/1+1 850W/2 650W/2

Memory 4 GB 4GB 8 GB 4GB 8 GB 8GB 8GB 48GB

Ports 4x1G 6x1G 8x1G 10x1G 8x1G 12x1G 24x1G 4x10G+8xG

Multi-tenancy ready No No No No No No No Yes-20

Pay-As-You-Grow No No Yes to 3G No No No No Yes to 42G

F5 Networks Mid/High Range Comparison


NS MPX 13500

F5 8900

NS MPX 14500

F58950/S

NS MPX 16500

NS MPX 18500

F5 11050

NSMPX

20500

L4/L7 Throughput-Gbps 12 12 18 20 24 36 42 42

HTTP RPS (K) 1400 1200 1600 1900 2000 2500 2500 2600

TCP CPS (K) 1300 400 2700 800 3600 4100 1000 4300

TCP Sessions 20M 16M 25M 16M 30M 40M 32M 52M

SSL Throughput-Gbps 6.5 9.6 7 9.6 9 10.5 15 11

SSL TPS (K)-1K/2K 80/17 58/11.6 107/23 56/11.2100/20-S

133/28 158/34 100/20 200/45

Compression (Gbps) 3.5 8 4.5 8 5.5 7 12 8

Module limits NO No NO No NO NO No No

Price-Enterprise(F5 add $31K GTM/LC)

$95,000 $120,000 $125,000 $120,000$140,000-S*

$150,000 $185,000 $150,000 $210,000

Rated Power /quantity 650W/2 850W/2 650W/2 850W/2 650W/2 650W/2 850W/2 650W/2U

Memory 48GB 16 GB 48GB 16GB 48GB 48GB 32 GB 48GB

Ports 4x10G+8xG 2x10G+24xG

4x10G+8xG 2x10G+24xG

4x10G+8xG 4x10G+8xG 10x10G 4x10G+8xG

Multi-tenancy ready Yes-20 No Yes-20 No Yes-20 Yes-20 No Yes-20

Pay-As-You-Grow Yes to 42G No Yes to 42G No Yes to 42G Yes to 42G No No

*Estimate

Technology

Net scaler competitive deck 12oct11