Where does a NetScaler appliance fit in the network?

NetScaler resides between the clients and servers in the network. It plays the role of an intermediary, processing the traffic flowing between the client and server. For the traffic coming from the clients, NetScaler acts as a server and receives the requests. After receiving the client request, NetScaler sends a new request on behalf of the client to the server. In sending the request to the server, NetScaler acts as a client.

The following are a few common network deployments where the NetScaler fits:

  • Gateway - You can use NetScaler as a gateway at the perimeter of your organization’s internal network (or intranet) to provide a secure single point of access to the servers, applications, and other network resources that reside in the internal network.

  • Application firewall - You can use NetScaler as an application firewall to prevent security breaches, data loss, and possible unauthorized modifications to websites that access sensitive business or customer information. It does so by filtering both requests and responses, examining them for evidence of malicious activity, and blocking requests that exhibit such activity.

  • Load balancer - You can use the NetScaler to operate as a load balancer where it distributes client requests across multiple servers to optimize resource utilization. In a real-world scenario with a limited number of servers providing service to many clients, a server can become overloaded and degrade the performance of the server farm. A NetScaler appliance uses load balancing criteria to prevent bottlenecks by forwarding each client request to the server best suited to handle the request when it arrives.

  • Global server load balancer - You can configure NetScaler as a global server load balancer (GSLB) to provide disaster recovery and ensure continuous availability of applications against points of failure in a WAN. GSLB balances the load across data centers by directing client requests to the closest or best performing data center, or to surviving data centers if there is an outage.

  • Packet forwarder - You can use NetScaler as a packet forwarder to forward packets to an IP not owned by it. NetScaler behaves like a router, looking at the routes it has learned or that has been configured to forward packets.

Physical deployment modes

A NetScaler appliance logically residing between clients and servers can be deployed in either of two physical modes:

  • Inline or Two-arm mode
  • One-arm mode

In inline mode, the appliance uses multiple network interfaces to connect to different Ethernet segments, positioning itself between clients and servers. It can connect to the server network with one or more redundant interfaces, and both the appliance and servers can be on separate subnets. It is possible for the servers to be in a public network and the clients to directly access the servers through the appliance, with the appliance transparently applying the L4-L7 features. Usually, virtual servers (described later) are configured to provide an abstraction of the real servers. The following figure shows a typical inline deployment.

Inline mode

In one-arm mode, only one network interface of the appliance is connected to an Ethernet segment. The appliance in this case does not isolate the client and server sides of the network, but provides access to applications through configured virtual servers. One-arm mode can simplify network changes needed for NetScaler installation in some environments.

One-arm mode

For examples of inline (two-arm) and one-arm deployment, see Understanding Common Network Topologies.

Where does a NetScaler appliance fit in the network?