Está en la página 1de 12

Consolidation

White Paper

Consolidation without compromise

www.citrix.com

Consolidation

White Paper

Executive summary
Virtualization of compute, storage and infrastructure is enabling the transformation of enterprise datacenters into private clouds. The impact is an unprecedented ability to consolidate infrastructure without compromise: no change to service level agreements (SLAs), no loss of performance or scale, and no regression in the organizations overall security posture. Such wholesale consolidation drives meaningful reduction in operating and capital costs, and allows datacenter managers to demonstrate a dramatic ROI for a myriad of virtualization technologies within the datacenter. While server and storage virtualization have become mainstream elements of modern datacenter designs, emerging virtual application delivery controllers (ADC) promise to extend the benets of virtualization into the core of the networking infrastructure. Citrix Systems is leading the way in virtualizing ADCs with its NetScaler product line, including its new NetScaler SDX service delivery platform. This paper outlines the compelling benets of consolidating networking services, and details why competing efforts pursued by F5 with its new virtual Cluster Multi-Processing (vCMP) technology come up short for critical ADC consolidation projects. NetScaler SDX offers a superior ADC consolidation platform when compared to F5 VIPRION with vCMP. These advantages span key deployment criteria, including: 2.5x Density NetScaler enables more ADC instances to run concurrently on a single platform, providing 2.5 times greater consolidation density than F5. Complete ADC Isolation Unlike F5, NetScaler SDX solutions fully isolate ADC system resources per instanceincluding SSL and compression processingso that one instance never impacts the performance of another. 100% ADC Functionality Only NetScaler supports all ADC features so that ADC devices can be consolidated without a loss of functionality. Pay-As-You-Grow Scaling NetScaler SDX can uniquely increase overall ADC capacity without having to add additional hardware.

Transforming datacenters and enabling consolidation


Summary Consolidation reduces costs Virtualization enables consolidation NetScaler leads in virtualization technology The value of virtualization derives primarily from two core capabilities: 1. Abstraction provides deployment exibility and portability by enabling higher-layer services to be de-coupled from underlying resources. 2. Multi-tenancy provides more efcient utilization and consolidation of resources by enabling a single physical instance of a resource to be shared simultaneously by multiple consumers.

Consolidation

White Paper

For example, with server virtualization, it is abstraction that allows decoupling of the operating system from hardware, enabling virtual servers to be migrated from one physical server to another. The related capability, multi-tenancy, is what makes it possible for a single physical server to run multiple virtual servers at once. It is the presence of one or both of these capabilities across a range of technologies and solutions that provides organizations with a multitude of attractive consolidation benets when transforming their enterprise datacenter into a private cloud. For server infrastructure: Extensive consolidation can be achieved with server virtualization since robust isolation and resource allocation capabilities enable workloads for different tenants to securely and efciently run on the same physical server. Further simplication of datacenter infrastructure is made possible as leading server virtualization solutions enable virtual pools of server resources to be used for high availability, disaster recovery and automatic workload scaling. Unied computing platforms that leverage virtualization technology to enable integrated server, switch and storage modules provide another option for architecting the access layer and achieving yet another degree of physical consolidation. For storage infrastructure: Storage area network solutions eliminate the need for dedicated disks or direct-attached storage. Unied communications fabrics enable convergence of LAN data and storage protocols, thereby reducing the need for a completely separate set of network infrastructure for storage (i.e., adapters, links and switches). For network infrastructure: Virtual switches that run as virtual machines (VM), or as an integral feature of a hypervisor, introduce the potential to completely eliminate the access tier of conventional three-tier network designs, at least from a physical perspective. Alternatives to the Spanning Tree Protocolsuch as virtual PortChannel (vPC) technology from Cisco and IETF-TRILLare enabling a shift from highly scalable Layer 3 network designs to highly scalable Layer 2 networks that are better suited to meet the performance requirements of a virtualized computing infrastructure. Combined with the availability of high-capacity, non-blocking switches, this introduces the potential for atter datacenter designs that do not include a distinct aggregation tier. The availability of virtual device instances for core switching platforms introduces the possibility of both vertical and horizontal consolidation. Vertical consolidation can be achieved by optionally replacing physical aggregation-tier switches with

Summary Decouple services from physical Go beyond server virtualization Virtualize network infrastructure

Consolidation

White Paper

virtual instances running on a core switching device. Horizontal consolidation can be accomplished by absorbing into the core switching platform any separate switches that might otherwise operate in parallel. Switches may operate in parallel to accommodate testing and development, support a newly acquired business unit, or isolate a business unit that is being divested. VLANs and virtual routing tables can logically maintain isolation and individualized treatment for different tenants as physical boundaries are eliminated in favor of consolidation and simplication. A major impetus for organizations to embrace virtualization is the tremendous degree of consolidation it enables. The need for less infrastructure not only reduces equipment costs and demand for precious datacenter resources such as power, cooling, and space, it also helps trim a wide range of operational expensesincluding those associated with initial deployment and integration, ongoing administration, and maintenance and support contracts. Add in the strategic advantages of better application performance, improved reliability, and superior responsiveness to changing business conditions and its easy to understand why it is only a matter of time before the vast majority organizations transform their datacenters using virtualization technologies.

The need to virtualize other datacenter services


What IT managers need to realize, however, is that other important pieces to the datacenter virtualization puzzle remain. Specically, the deployment exibility and multi-tenancy capabilities enabled by virtualization must be supported for more than just server, storage and networking infrastructure. To truly maximize available gains, similar capabilities should also be present for other key elements of datacenter infrastructure, including ADCs. Further, it is imperative these capabilities be available in sufcient variety and capacity to support the broadest spectrum of potential datacenter designs.

Virtualizing ADCs
Successful ADC virtualization encompasses multiple technologies and methods. First, the basic congurations for individual ADC tenants require that trafc ows are completely isolated to ensure data and network security. An inability to separate and isolate trafc between tenants will fail to meet even the most lenient security requirements. Additionally, as ADCs themselves get virtualized into software-based virtual appliances, the resulting virtual form factors must deliver the same feature set, performance and conguration exibility as their physical counterparts. Feature parity is an absolute must since it gives organizations the freedom to shift ADC policies and workloads between physical and virtual appliances. Finally, new generations of multi-tenant ADCs with native virtualization complete this continuum by delivering an integrated platform to effectively consolidate multiple discrete ADC devices.

Summary Data center switching being virtualized Horizontal and vertical consolidation possibilities ADC is next data center element to be virtualized

Consolidation

White Paper

When investigating emerging technologies, enterprise IT professionals are well advised to develop a strict set of evaluation criteria in order to select the most suitable solution for the organization. For virtualized multitenant ADCs, datacenter managers should establish the following as hard requirements: High consolidation density Enabling a large number of ADC instances to run on a single platform, each with its own policy, conguration and dedicated system resources. Complete isolation of ADC resources 100% isolation of compute, memory and ADC processing resources (including SSL acceleration and data compression) ensures that the performance of one ADC instance never impacts another. Full ADC feature support Consolidation requires that all existing ADC footprints can be consolidated without a loss of functionality. Pay-As-You-Grow Scalability Datacenter managers must have the ability to scale overall ADC capacity on-demand without adding additional hardware.

How NetScaler provides a superior consolidation solution


Citrix NetScaler is a fully integrated ADC that is deployed in front of web and database servers. It optimizes application availability through advanced layer 4-7 (L4-7) load balancing and trafc management, accelerates performance, increases security with an integrated application rewall and substantially lowers costs by increasing server efciency.

NetScaler Virtualization
Keenly aware of both the trend toward highly virtualized datacenters and the inevitable diversity of resulting datacenter designs, Citrix is leading the way in the ADC market with three powerful options for meeting multi-tenancy, virtualization and consolidation requirements. NetScaler Trafc Domains. NetScaler has long offered the ability to associate different sets of policies for load balancing, trafc management and other application delivery functions with different virtual IP addresses (VIPs). All NetScaler solutions support Trafc Domains., which builds on this capability by supporting multiple tenants on an ADC platform so that communication trafc is prevented from illegally crossing one tenants domain to another, unless it is rst routed to an external gateway and evaluated by an appropriate security policy. This eliminates the need to create and maintain static routes for each domain. NetScaler VPX. A second option supported by Citrix is virtualization of the ADC itself. NetScaler VPX was the one of the industrys rst ADC virtual appliances and has become the clear leader in both public and private cloud architectures. Since NetScaler VPX leverages the same software as Citrixs popular NetScaler MPX networking appliances, the two solutions maintain 100% functional parity.

Summary Meet strict ADC consolidation requirements NetScaler embodies virtualization NetScaler is clear leader in cloud

Consolidation

White Paper

Unlike many competing virtual appliance implementations, NetScaler VPX is: A full-featured solution incorporating all ADC functionality, including L4-7 load balancing, application rewall security, dynamic content caching, application performance monitoring and a robust SSL VPN capability A high-performance solution capable of handling trafc up to 3 Gbps or more An open solution capable of operating not only on Citrix XenServer, but also on Microsoft Hyper-V and VMware ESX/ESXi NetScaler SDX. NetScaler Trafc Domains and NetScaler VPX are essential because they enable ADCs to support datacenters with a high degree of virtualization and consolidation of other infrastructure components such as servers, storage and switches. The next logical step, however, is a solution that also consolidates the ADC itself. NetScaler SDX represents the third option for meeting multi-tenancy, virtualization and consolidation requirements. It has long been common practice to deploy dedicated ADC appliances for each application in order to ensure maximum availability and avoid jeopardizing performance SLAs. Unfortunately, this approach also led to expensive and difcult to manage application silos. Now, as these silos crumble in favor of shared but logically isolated infrastructure, there is a distinct opportunity for horizontal consolidation of ADCs across multiple applications. This is particularly true for application delivery infrastructures that were intentionally over provisioned and that have ADCs operating well below their rated capacity. Also present is the opportunity for vertical consolidation. Facilitated by the steady dissolution of the network perimeter and widespread availability of numerous network-based isolation techniques, organizations might also decide to bring together ADCs used at different tiers of a multi-tier application. This way a single ADC can support the DMZ, web application and database tiers.

Summary Leading NetScaler VPX virtual appliance New NetScaler SDX platform Complete ADC consolidation solution

Consolidation

White Paper

DMZ
F5 BIG-IP

F5 BIG-IP

Consolidated Services Delivery Platform

F5 BIG-IP

Web / Application Servers NetScaler SDX F5 BIG-IP

Web / Application Servers

F5 BIG-IP

Data

Data

Figure 1: ADC Consolidation Opportunities

Citrixs new NetScaler SDX is uniquely suited to accommodate either type of consolidation initiative. An innovative solution for consolidating ADCs, NetScaler SDX enables multiple, independent, full-featured NetScaler instances to run on a single physical appliance. NetScaler SDX is an optimized combination of two proven solutions in their own right, NetScaler VPX and Citrix XenServer. It enables todays organizations to reduce their ADC footprint and total cost of ownership (TCO) by pursuing opportunities for both horizontal and vertical consolidation of discrete, standalone ADC devices. NetScaler SDX squarely meets the four fundamental requirements for a natively virtualized ADC consolidation solution. 1. Density Up to 40 NetScaler ADC instances can run independently on a single NetScaler SDX platform. This impressive level of density supports the most ambitious consolidation projects. 2. Isolation All critical system resources, including memory, CPU and SSL processing capacity are assigned to individual NetScaler instances. This is essential to ensuring that resource demands made by one tenant do not negatively impact other tenants running on the same physical system. It also provides greater security for each ADC instance by providing full separation of trafc ows. Summary Built with Xen virtualization Consolidate up to 40 ADCs Maintain isolation and functionality 3. Full ADC Functionality NetScaler SDX supports 100 percent of the ADC functionality available with both hardware-based NetScaler MPX appliances and software-based NetScaler VPX virtual appliances. This enables NetScaler SDX to consolidate all existing ADC deployments without any policy constraints.

Consolidation

White Paper

4. Pay-As-You-Grow The Pay-As-You-Grow option delivers on-demand elasticity enabling organizations to easily scale ADC capacity to keep pace with application trafc growth. And because it leverages a softwarebased architecture, NetScaler SDX can scale performance and capacity with a simple software key, eliminating expensive hardware purchases and upgrades.

NetScaler MPX
Form factor ADC density Performance Full ADC functionality Pay-As-You-Grow Table 1: Comparative summary of NetScaler solutions Hardened network appliance 1 Up to 50 Gbps

NetScaler VPX
Software-based virtual appliance 1 Up to 3 Gbps

NetScaler SDX
Hardened network appliance Up to 40 Up to 50 Gbps

How F5 Stacks Up
Similar to Citrix, F5 has recognized the market need to consolidate ADC footprints. The companys new virtual Cluster Multi-Processing (vCMP) technology promises to consolidate up to 16 separate BIG-IP guests into a single system. vCMP-based consolidation is supported in VIPRION 2400 and 4400 chassis-based systems, and can provide impressive raw throughput capabilities. Further, systems equipped with vCMP technology can run F5s Global Trafc Manager (GTM) module for global load balancing capabilities, as well as the companys Application Security Module (ASM) for web application rewall security. While vCMP enables a step towards consolidation, F5s core architectural approach leads to various deployment shortcomings. For example, reliance on third-party virtualization technology that is both immature and lacking a proven track record in major cloud infrastructures signicantly limits the number of ADC instances that can run concurrently on a single platform. Additionally, vCMP technology is supported only on VIPRION chassisbased systems, putting it out of the reach of mainstream enterprise customers who prefer network appliance solutions. Further, vCMP does not support all F5 modules, such as WebAccelerator, or all ADC features, such as SSL VPN capability. Consequently, vCMP will signicantly limit the consolidation of new or existing ADC deployments. Citrix NetScaler SDX provides a more complete solution with greater tangible value for customers. Summary F5 VIPRION with vCMP Basic ADC consolidation device Signicant architectural shortcomings

Consolidation

White Paper

NetScaler SDX
ADC density (max instances per platform) Basic system isolation (CPU and memory) Isolation of core ADC processing (SSL acceleration and compression) ADC functionality supported Pay-As-You-Grow elasticity
Table 2: Comparative summary of ADC consolidation solutions

F5 VIPRION with vCMP


16

40

Not supported

All

Missing key capabilities (E.g. dynamic caching and SSL VPN) No (requires additional hardware purchase)

Real world ADC Consolidation


Customer Requirement Consolidate eight (8) individual ADC appliances into a single platform. Performance requirements: 1 Gbps throughput and 500 Mbps SSL throughput per ADC.

Citrix NetScaler SDX 11500


Appliance Chassis Additional hardware Performance pack license Consolidation license (8 instance minimum) Total solution cost NetScaler savings advantage $90,000 $0 $0 $0 $20,000 $110,000

F5 vCMP VIPRION 2400


$0 $9,995 $119,990 (VIPRION 2100 blades) $59,995 $19,995 $209.975

$99,975 savings 48% less expensive than F5

Table 3: Real world consolidation example with NetScaler SDX and F5 vCMP

Understanding F5 vCMP Limitations


Summary NetScaler SDX beats F5 vCMP Meets all consolidation requirements More cost effective Short on ADC Density From the perspective of protecting an organizations investment, successful consolidation requires a platform that not only absorbs the existing number of ADC devices in the network, but also has the headroom to handle future needs. Even with a fully populated VIPRION chassis, F5 vCMP customers are unable to consolidate more than 16 guests. In comparison, NetScaler SDX offers a 2.5x advantage by supporting a maximum of 40 guests.

Consolidation ADC Consolidation Density

White Paper

Maximum Number of ADCs per Platform

40

16

Citrix NetScaler SDX


Figure 2: Comparing ADC consolidation density

F5 VIPRION

Much of the NetScaler SDX advantage derives from the use of industrygrade XEN virtualization technology by Citrix, which powers cloud and data center infrastructures at massive scale. Leveraging proven virtualization technology is critical, as any issue occurring at the virtualization layer has the potential to impact all ADC tenants running on the platform. Limited Functionality vCMP does not support the complete set of ADC functionality delivered on F5s BIG-IP hardware appliances. For example, neither WebAccelerator nor Access Policy Manager (APM) features are supported. Consequently, a vCMP guest cannot support core functionality such as caching of dynamically generated web content or SSL VPN security. This limitation alone may prevent customers from consolidating existing ADC devices. At the very least, they may have to reduce their ADC policy to t the resulting constraints of vCMP. Incomplete ADC isolation Although F5s vCMP technology isolates CPU and memory resources between guests, it does not allow customers to dedicate SSL processing resources per guest. Consequently, a single vCMP guest can potentially starve adjacent tenants of SSL resources, resulting in much higher application latency or dropped sessions. In fact, F5s own vCMP customer guidelines warn customers against implementing the strongest level of SSL security for any single application for this very reason. No Pay-As-You-Grow F5 BIG-IP and VIPRION solutions do not allow customers to scale performance on-demand without the purchase of additional hardware. While this limitation persists throughout the F5 product line, vCMP further complicates deployment decisions by unnecessarily making ADC density and performance interdependent. To add more vCMP guests, for example, F5 requires customers to purchase additional hardware bladesthe same way they would buy more blades to increase aggregate performance. A better-designed solution would enable customers to separate investments in density and overall performance. Limited Platform Options Consolidation of ADC functionality is attractive to organizations of all sizes. Putting this capability within reach of the

Summary F5 consolidation limits ADC functionality No isolation of SSL processing Expensive to scale up

10

Consolidation

White Paper

broadest range of customers demands both affordability and choice of platforms. With NetScaler SDX, organizations can choose among nine different appliance platforms to best accommodate their price/performance requirements. In contrast, F5s approach to ADC consolidation requires investment in relatively expensive chassis-based products.
Multiple Price-Performance Options
Density and Performance

Two Chassis Systems No Appliance Solutions

42 Gbps

u-G row

36 Gbps 24 Gbps 18 Gbps 12 Gbps 8 Gbps

u-G row

50 Gbps

-As -Yo

-As

-Yo

Pay

Pay

35 Gbps
VIPRION 2400 VIPRION 4400

20 Gbps

Citrix NetScaler SDX


Figure 3: Platform options for ADC consolidation

F5 vCMP

Conclusion
ADC consolidation within next-generation datacenter architectures brings step-function improvements in overall IT agility and drives lower operational and capital costs. For real-world ADC consolidation projects NetScaler SDX beats F5 VIPRION running vCMP technology in meeting key customer requirements. These advantages include: NetScaler provides 2.5 times greater density to consolidate more ADC workloads. Unlike F5, NetScaler isolates key ADC processing resources for individual instances to ensure the performance of each ADC instance. Only NetScaler SDX is capable of consolidating 100% of ADC functionality offered in standalone appliances. NetScaler Pay-As-You-Grow provides a 5x capacity increase with no additional hardware. Summary Multiple NetScaler deployment options Multiple price-performance choices NetScaler SDX beats F5 vCMP

11

Worldwide Headquarters Citrix Systems, Inc. 851 West Cypress Creek Road Fort Lauderdale, FL 33309, USA T +1 800 393 1888 T +1 954 267 3000 Americas Citrix Silicon Valley 4988 Great America Parkway Santa Clara, CA 95054, USA T +1 408 790 8000 Europe Citrix Systems International GmbH Rheinweg 9 8200 Schaffhausen, Switzerland T +41 52 635 7700 Asia Pacic Citrix Systems Hong Kong Ltd. Suite 6301-10, 63rd Floor One Island East 18 Westland Road Island East, Hong Kong, China T +852 2100 5000 Citrix Online Division 6500 Hollister Avenue Goleta, CA 93117, USA T +1 805 690 6400 www.citrix.com

About Citrix Citrix Systems, Inc. (NASDAQ:CTXS) is a leading provider of virtual computing solutions that help companies deliver IT as an on-demand service. Founded in 1989, Citrix combines virtualization, networking, and cloud computing technologies into a full portfolio of products that enable virtual workstyles for users and virtual datacenters for IT. More than 230,000 organizations worldwide rely on Citrix to help them build simpler and more cost-effective IT environments. Citrix partners with over 10,000 companies in more than 100 countries. Annual revenue in 2010 was $1.87 billion. 2011 Citrix Systems, Inc. All rights reserved. Citrix, Citrix XenDesktop, Citrix XenApp, Citrix XenClient, Citrix GoToMeeting and Citrix GoToAssist are registered trademarks of Citrix Systems, Inc. and/or one or more of its subsidiaries and may be registered in the U.S. Patent and Trademark Ofce and in other countries. All other trademarks and registered trademarks are property of their respective owners.

0911/PDF