CITRIX ADC Features

Citrix CITRIX ADC is an application delivery controller that performs application-specific traffic analysis to intelligently distribute, optimize, and secure Layer 4-Layer 7 (L4–L7) network traffic for web applications. For example, a Citrix CITRIX ADC bases load balancing decisions on individual HTTP requests instead of on long-lived TCP connections, so that the failure or slowdown of a server is managed much more quickly and with less disruption to clients. Its feature set can be broadly consisting of switching features, security and protection features, and server-farm optimization features.

Acceleration

The CITRIX ADC has Features designed to improve client experience on a web site. These Features are

TCP Optimization.

Optimization features offload resource-intensive operations, such as Secure Sockets Layer (SSL) processing, data compression, client keep-alive, TCP buffering, and the caching of static and dynamic content from servers. This improves the performance of the servers in the server farm and therefore speeds up applications. An CITRIX ADC appliance supports several transparent TCP optimizations, which mitigate problems caused by high latency and congested network links, accelerating the delivery of applications while requiring no configuration changes to clients or servers.

Web Compression.

Modern day web browsers support standards based web compression in the form of GZIP or Deflate. The Accept-Encoding headers specify to the CITRIX ADC which type of compression the browser (client) can handle. This single feature offers the biggest bang for improving web site response for your clients. Even clients on a quick link (such as DSL and Cable) stand to see improvements since Compression reduces the amount of packets sent. Also a benefit seen in high-loss networks such as wireless.

Cache.

We can cache Static content, such as images or whole pages, as well as content that is typically not cacheable, like dynamic content. Dynamic content might be a database report. Provided there is a valid URL a policy can match on this content can be cached based on user defined parameters. This benefits clients by reducing the “time” spent processing objects such as a large report. The clients will not have to wait while the report is run and then formatted.

SSL Offload.

The CITRIX ADC has a build in ASIC designed to handle SSL transactions and bulk encryption. End to end encrypted traffic will typically not be available for mid-stream enhancements like caching or compressing data, only by loading valid SSL Certificates on the CITRIX ADC can acceleration benefits be achieved on encrypted traffic.

Security

The CITRIX ADC has Features designed to improve client experience on a web site. These Features are:

DDoS Protection. CITRIX ADC have excellent DDos Protection. The SYN Cookie field is utilized with a proprietary hash unique to each connection. Resources are not assigned unless a valid packet is returned with a good SYN cookie. Proprietary GET Flood Protection is also available.

Content Filtering. Extensive Layer 7 filtering policies can be created with an easy to use intuitive Policy Engine. This same policy engine can be utilized to create dynamic and extensive redirection policies for traffic protection and management.

SSL Offload. The CITRIX ADC has a build in ASIC designed to handle SSL transactions and bulk encryption. End to end encrypted traffic is encrypted and cannot be manipulated by mid-stream security products, only by loading valid SSL Certificates on the CITRIX ADC can this traffic be viewed and protected.

Web Application Firewall. The Citrix Application Firewall offers easy to configure options to meet a wide range of application security requirements. Web App Firewall profiles, which consist of sets of security checks, can be used to protect both the requests and the responses by providing deep packet-level inspections. Each profile includes an option to select basic protections or advanced protections.

SSLVPN. The CITRIX ADC has a full standalone SSLVPN with a unique client that can do bi-directional TCP compression. As well, as this code can integrate fully with existing Citrix XenApp environments as a Secure Gateway or Access Gateway. This SSLVPN is the basis of the Citrix Access Gateway Enterprise Edition.

Traffic Management

The CITRIX ADC has Features designed to improve client experience on a web site. These Features are:

Load Balancing. The CITRIX ADC Hardware and Software Architecture lends itself very high speed HTTP switching. However, all TCP and UDP protocols can be load balanced.

Global Server Load Balancing. Using specialized rules and intelligence two or more pairs of CITRIX ADC in different data centers can intelligently route your traffic based on load, speed, proximity or even in simple DR situations.

SSL Offload. The CITRIX ADC has a build in ASIC designed to handle SSL transactions and bulk encryption. End to end encrypted traffic is encrypted and cannot be manipulated by any product that is mid-stream. The need to load valid SSL Certificates on the CITRIX ADC at this level will allow a company to manipulate this traffic, be it intelligent content direction rules or content rewrite rules.

Content Rewrite and Redirection. There is a rich menu driven policy engine that allows a company to alter HTTP headers both into and out of a particular web site. This policy engine can be extended to allow granular redirection policies.

Surge Protection and Sure Connect. Surge Protection is a unique feature that allows inbound requests to be queued until available server resources can handle the load. Once in the queue, Layer 7 rules can be crafted to sort traffic into a Priority Queue. Sure Connect is a related feature that can either redirect a user to another page or display a wait counter until resources are available to service the request.

Offload

The CITRIX ADC has Features designed to improve Server Side performance and to assist in improving Server Efficiency. These Features are:

TCP Multiplex and Reuse. As previously mentioned, reducing the CPU overhead associated with TCP connection management from web servers can allow sites to scale much more effectively

SSL Offload. The CITRIX ADC has a build in ASIC designed to handle SSL transactions and bulk encryption. SSL encryption generates significant CPU load on web servers.

Cache. We can cache Static content, such as images or whole pages, as well as content that is typically not cacheable, like dynamic content. Dynamic content might be a database report. Provided there is a valid URL a policy can match on this content can be cached based on user defined parameters. Using dynamic caching can greatly reduce the amount of CPU cycles spent on a DB server running and formatting such large reports.

Web Compression. Modern day web browsers support standards based web compression in the form of GZIP or Deflate. The Accept-Encoding headers specify to the CITRIX ADC which type of compression the browser (client) can handle. This can be done on the web servers for a significant cost in the CPU.

Consolidated Web Logging. The NS can allocate a memory buffer to dynamically store and pass off to a dedicated client real time web logs. There is no longer a need to run a web logging agent on each server and then to further consolidate those logs after the fact.

TCP Buffering. This feature allows the server to send communication at wire speed to the CITRIX ADC , where the CITRIX ADC can “buffer” this content and meter out this content to a slower link. This allows a server to be free to handle new requests while the slow client is still receiving content. Typically this slow client would lock this session until all content is received.