NetScalers are my favorite Citrix product hands down. But I like to be well rounded and play with all technologies if I can. I keep getting asked by my peers on my opinions on NetScaler vs. F5 for Citrix delivery and I’m tired of saying the same things over and over again so that’s why I decided to write this article. Something I can just link them to from now on. 🙂
I’m biased toward NetScaler. How biased you ask? My relationship with NetScaler goes back years and years (the red and black days). Now think back to Christmas time when you were a kid growing up. Did you ever shake your wrapped presents under your Christmas tree trying to see what they were? Did you recognize the shape of a box and already have an idea of what the gift was? It’s that Hot Wheels race track set you’ve been hinting to your parents about for months, right? Remember that excitement? You couldn’t wait to tear through that gift wrap and play with it come Christmas morning. This is exactly how I feel when I get emailed a tracking number and know my MPX appliances are being delivered at the datacenter that morning. I can spot the box an MPX appliance gets shipped in from 50 ft away. To the point where I can lift up the box and tell you approximately what series appliance is in there just from the weight. Opening it up and smelling the device and the out-gassing of the cardboard and packing foam is the same as the smell of gingerbread and eggnog for me. Getting an HA pair racked, configured, and blinking Primary and Secondary are my Christmas lights. Seeing my traffic go through them and watching my policy hit counters rise is like setting up that Hot Wheels race track and watching those little cars spin around and around all Christmas day. That’s how much I love deploying NetScalers. It’s like being a kid again for me. NetScalers are magical devices and I know how to make them do whatever I dream up. Now that you REALLY know how I feel…
I’m not a network engineer. Sure I can configure NetScaler, F5, Cisco, Juniper, SonicWall, etc. appliances like nobodies business from my experiences earlier in my career but I don’t consider myself a network engineer. I’m going to have more of a virtualization and application\VDI delivery spin to my opinions because that’s what I do on a daily basis. I’m not a dedicated network engineer where that is my one and only function everyday by any means. So if you want a qualified purely network engineer perspective, you’ll have to find someone else to talk to. If you want the opinion of a Citrix Architect whose life revolves around XenApp and XenDesktop delivery, keep reading.
MY OPINION ON APPLICATION DELIVERY CONTROLLERS
F5 has been around forever but I never actually got to deploy them like I have over the years with NetScaler until last year when I played with LTM APM to see how well it handles Citrix XenApp and XenDesktop delivery. NetScaler and F5 are pretty much neck to neck for basic web traffic. All the Gartner, InfoWorld, etc. reports all show around X% of the market share belonging to one, and around X% to the other depending on whatever sources they’re using. Screw the marketing statistics. Get the answers yourself. If you have peers at Fortune 500s, and ask them what they’re using for regular web traffic. Then ask them what they are using for Citrix delivery or any Cloud based initiatives and why. You’ll find that depending on the use case, the ADC they are running will usually swing one way or the other almost every time and for good reason.
With Cisco getting rid of their ACE and partnering with Citrix to push NetScaler, many companies are left having to pick between NetScaler and F5 now. They are the market leaders. Even if you’re not intending to use them as ADCs (Application Delivery Controllers) and just plan on using them solely as a load balancing platform, you’ll find fans on both sides. If you haven’t had to pick yet, trust me you will soon because the ADC market is hot and your Cisco appliances aren’t getting any younger. Cloud and Mobility are keywords that just seem to get bigger and bigger as the months go by. I’ve been hit over the head with those keywords by every vendor on almost a weekly basis. It’s the first words out of their mouths even before “Hello” now. If you don’t have an initiative or project with these buzzwords in it, believe me, you will soon. And everyone wants a piece of your budget.
WHICH ADC SHOULD YOU CHOOSE?
So which appliance is better? NetScaler or LTM? That’s a hard question to answer and really depends on what you are trying to accomplish. Let’s just put the nitty gritty technical capabilities of the devices aside. You can find that info all over the place. Both are competitive and you can do almost all the same things. If not, wait a firmware version or two and you can. If you want to look at connection limits, throughput, and pricing, you can get all that info yourself from their websites and sales people. And there’s even literature each company will put out like this that highlight reasons to pick one over the other:
9 reasons why Citrix NetScaler beats F5:
F5 Comparative Performance Report:
There’s also online forums you can speak to other engineers on. Here’s a good thread on NetscalerKB, it’s a little dated but you can speak to other guys like me and get different opinions:
and of course both companies have official online forums where you can post just about anything and get real world answers:
Bottom line you can get technical answers anywhere. So let’s get down to a few non-technical things people don’t think about that sales people aren’t going to tell you. Just some real world perspective from someone who has deployed NetScaler for Citrix delivery for years. Again, this is opinion based purely on my experience with them. Here are the questions you need to ask yourself if you’re considering either device:
1. How easy is it to deploy for the novice engineer?
2. How good is support?
3. How responsive is the company to feature requests?
4. Is what I am trying to do with Citrix application and desktop delivery supported and will it work with all my Citrix products?
How easy is it to deploy for the novice engineer?
F5 LTM with the APM module and XenApp/XenDesktop iApp template used for SSL ICA proxy is pretty nice. Just from a deployment standpoint, it’s more in plain English and easy to understand than setting up a NetScaler Gateway (Access Gateway). To an engineer that’s been in the game a long time, it doesn’t matter, you can knock out either. But to the new engineer, someone who isn’t as familiar with the platforms, configuration of a new appliance can be a daunting task. A lot of companies may have IT staff that have never dealt with an ADC or the intricacies of proper Citrix delivery and may be a bit lost. Having a template guide you in plain English is a plus. If you are one of these types of companies, you probably tend to lean toward whatever gets you up and running the quickest. Be cautious here. Read a few articles or YouTube videos on how to set each device up. Understand what it takes and if your company has the skill-set necessary on hand to configure either device. If not, do you have a partner that has someone on-staff skilled at either device? I don’t mean the guy that just set it up in his lab over the weekend and is coming out Monday to deploy it for you. You need to find the guy that’s been deploying your chosen device for years and can do what you’re wanting to do in his sleep.
How good is support?
Local support. This really depends on where you live and who you know. If you live in a major metropolitan area with several Fortune 500s around, you’re likely going to have local support resources who can help you in a moments notice. This is a very big plus if you’re new to configuring an ADC and need some guidance. I live in Houston, TX. Home of several Fortune 500 companies. One of the major hubs of the oil, gas, and energy sectors. If I need help, I will find it here from both vendors. When you’re trying to decide who to go with, find out the local support situation. This makes a world of difference if you don’t have anybody on staff that’s a guru on the appliance. You just want the device working as you expect and move on as fast as possible. Not making 3 phone calls and wait for an onsite visit to be scheduled through a sales person. You want to make 1 phone call and have a guy from the company knocking on your datacenter door and taking immediate ownership of the issue. So just figure out the onsite support situation for your city and let that weigh into your decision.
Remote support. If I call Citrix support with a NetScaler issue, I can speak to support and start working the problem within 10 minutes with a Platinum support agreement. Most times I get someone in Ft. Lauderdale, sometimes I get overflow and routed to someone in India . Sometimes I’ve gone around proper support channels and reached out to a couple of people in Dublin I know. No matter what, I always know someone is going to help me out or at least get the process rolling. When I get someone I know by name and have worked with in the past, I can breathe a sigh of relief because I know how good they are and my problem is going to get resolved.
The one and only time I called F5 support, I had to wait 24 hours for support to call me back because it wasn’t a critical outage or “potential” outage. So I wasn’t immediately routed to an F5 support engineer. That really didn’t sit right with me. These devices cost thousands of dollars. They’re a big investment for most companies. If I’m taking to time to call support, that means I’ve hit a wall and I’m going to be pretty frustrated to begin with. Don’t aggravate me. If I call in to ask how the weather is there, put me on the phone with someone immediately and tell me it’s sunny with a 20% chance of rain. Don’t blow me off and make me wait a day for an answer. I don’t want to know the weather a day later, I wanted it yesterday. What good is paying for 24×7 support if all I can do is lodge a ticket? I’m going to say I probably just had a bad experience and all support calls to F5 aren’t like that, especially since I was doing a POC at the time. But just do your research and call support a few times before making an investment with either company. Get a loaner device or download a virtual appliance and try calling them for help setting it up.
How responsive is the company to feature requests?
If you’re weighing NetScaler vs. F5 and you have some pull with the sales people, you can get a loaner device of each and play with it first in your environment. You can set it up and see if it does what you want it do. Long ago when NetScaler was newly acquired by Citrix, there were certain features I wanted to see but the device wasn’t capable of doing them at the time. I put in my feature requests through the proper channels and after several firmware versions, low and behold my feature would appear. None the less there was considerable wait and I often had to “rig” a solution as best as possible as a workaround until then. So if you’re trying to decide, ask your sales people for specific examples of what they’ve done for other companies in your business sector. This is really important because one day you’re going to want to do something neither device is going to be able to do and you want piece of mind that the vendor is going to do whatever it takes to make it work for you.
I like the fact that F5 has iApps and iRules communities to share templates. The community based sharing of templates reminds me of the Solarwinds Thwack community (http://thwack.solarwinds.com). As some of my long time readers know, I love Solarwinds. I’ve uploaded several NPM customizations and APM templates to Thwack myself. Easy access to other infrastructure professionals around the world and the sharing and collaboration of your work is essential part of making a product the best it can be. It’s a win-win for everyone. F5 really understands this concept and is embracing it. I love the heck out of the NetScaler Support forum (http://discussions.citrix.com/forum/29-netscaler/) and would love to see similar configuration and/or template sharing at the community level down the road.
Is what I am trying to do with Citrix application and desktop delivery supported and will it work with all my Citrix products?
How much money has your company invested in Citrix and can you really afford to make the wrong decision with your ADC and jeopardize that whole environment? This is probably the most important point of this article and I saved it for last because I wanted you to get in my head first and see where I’m coming from with all this. So far you’ve read a lot of my opinions and my past experience. Now let’s move on to some more factual information.
Citrix NetScalers are designed for Citrix delivery first, then everything else as opposed to other ADCs which are often built for traffic management first, then Citrix delivery. NetScalers have a lot of proprietary features that other ADCs cannot replicate. The larger and more complex your farms are, the more heartache you will have trying to deploy a 3rd party ADC solution. If you’ve been deploying Citrix products over the years, you know every year they are becoming more and more intertwined. They are designed to be deployed as a very cohesive product stack.
Let me give you some reasons why I will always choose Citrix NetScaler over any other ADC if I’m going to use it to deploy Citrix XenApp or XenDesktop:
- 1. Integration with Insight Center
2. Integration with Command Center
3. Integration with Desktop Director (single pane of glass)
4. Visibility into ICA channels
5. Works with all Citrix farm versions (even EOL ones)
6. MicroVPN (Really important if you’re considering XenMobile MAM and MDM)
7. ICA protocol related TCP optimizations (look into the nstcp_default_XA_XD_profile TCP profile)
8. Full support of the Citrix stack due to cross team collaboration between XenApp, XenDesktop (VDI), and NetScaler product development teams. If one is making an update to their product, the other teams are going to know about it and make changes in their product that will guarantee full compatibility going forward. Go Google a deployment guide for F5 LTM/APM on XenApp/XenDesktop 7.x architecture and tell me what you find.
9. Citrix fully supports an environment with NetScaler. They WILL NOT support an environment with a 3rd party appliance doing ICA rewriting or any manipulation of the session launch or connection. You start trying to replace Web Interface and StoreFront with a Webtop and I guarantee you’re going to have bad time. This is an official stance from Citrix and stems from reliability and security: https://support.citrix.com/article/CTX131547
F5 is an excellent appliance, and I would consider it in a heartbeat for other things if we weren’t talking about Citrix delivery. But we are. And I’m going to go with the validated NetScaler based design that is 100% supported every time. I’m not going to rig it. I’m not going to make concessions. I will always recommend what makes sense. What works the best with the investment we’ve all already made with our Citrix environments.
If you’re dead set on F5 or a 3rd party ADC for Citrix delivery due to whatever constraints at your company and you don’t run a complex Citrix environment, I hope this article still helps you think of some of the non-technical aspects of choosing an ADC solution and encourage you to do research in these areas. There’s a lot more to think about than just the tech specs and marketing brochures.