FAQs
The following section helps you to categorize the FAQs based on Citrix Application Delivery Controller (ADC) VPX.
-
[NetScaler VPX Express] (#citrix-adc-vpx-express-and-90-day-free-trial)
Feature and functionality
What is NetScaler VPX?
NetScaler VPX is a virtual ADC appliance that can be hosted on a Hypervisor installed on industry standard servers.
Does NetScaler VPX include all the web application optimization functionality as ADC appliances?
Yes. NetScaler VPX includes all load balancing, traffic management, application acceleration, application security (including NetScaler Gateway and Citrix Application Firewall), and offload functionality. For a complete overview of the NetScaler feature and functionality, see Application delivery your way.
Are there any limitations with Citrix Application Firewall when using it on NetScaler VPX?
Citrix Application Firewall on NetScaler VPX provides the same security protections as it does on NetScaler appliances. Performance or throughput of Citrix Application Firewall varies by platform.
Are there any differences between NetScaler Gateway on NetScaler VPX and NetScaler Gateway on NetScaler appliances?
Functionally, they are identical. NetScaler Gateway on NetScaler VPX supports all the NetScaler Gateway features available in NetScaler software release 9.1. However, because NetScaler appliances provide dedicated SSL acceleration hardware, it offers greater SSL VPN scalability than a NetScaler VPX instance.
Other than the obvious difference of being able to run on a Hypervisor, how does NetScaler VPX differ from NetScaler physical appliances?
There are two main areas where customers see differences in behavior. The first is NetScaler VPX cannot offer the same performance as many NetScaler appliances. The second is that while NetScaler appliances incorporate its own L2 networking functionality, NetScaler VPX relies upon the Hypervisor for its L2 networking services. Generally, it does not limit how the NetScaler VPX can be deployed. There can be certain L2 functionality that is configured on a physical NetScaler appliance must be configured on the underlying Hypervisor.
How does NetScaler VPX play a role in the Application Delivery market?
NetScaler VPX changes the game in the application delivery market in the following ways:
-
By making a NetScaler appliance even more affordable, NetScaler VPX enables any IT organization to deploy a NetScaler appliance. It is not just for their most mission-critical web applications, but for all of their Web applications.
-
NetScaler VPX allows customers to further converge networking and virtualization within their data centers. NetScaler VPX cannot only be used to optimize web applications hosted on virtualized servers. It also enables web application delivery itself to become a virtualized service that can be easily and rapidly deployed anywhere. IT organizations use the standard data center processes for tasks such as provisioning, automation, and charge-back for the web application delivery infrastructure.
-
NetScaler VPX opens up new deployment architectures that are not practical if only physical appliances are used. NetScaler VPX and NetScaler MPX appliances can be used basis, tailored to the individual needs of each respective application to handle processor-intensive actions such as compression and application firewall inspection. At the data center edge, NetScaler MPX appliances handle high-volume network-wide tasks such as initial traffic distribution, SSL encryption or decryption, denial of service (DoS) attack prevention, and global load balancing. Pairing high-performance NetScaler MPX appliances with easy-to-deploy NetScaler VPX virtual appliance brings unparalleled flexibility and customization capabilities to modern, large-scale, data center environments while also reducing overall data center costs.
How does NetScaler VPX fit into our Citrix delivery center strategy?
With the availability of NetScaler VPX, the entire Citrix delivery center offering is available as a virtualized offering. The entire Citrix delivery center benefits from the powerful management, provisioning, monitoring, and reporting capabilities available in Citrix XenCenter. This can be deployed rapidly into almost any environment, and managed centrally from anywhere. With one integrated, virtualized application delivery infrastructure, organizations can deliver desktops, client-server applications, and Web applications.
Encryption
Does NetScaler VPX support SSL offload?
Yes. However, NetScaler VPX does all SSL processing in software, so NetScaler VPX does not offer the same SSL performance as NetScaler appliances. NetScaler VPX can support up to 750 new SSL transactions per second.
Does third-party SSL cards installed on the server hosting NetScaler VPX accelerate SSL encryption or decryption?
No. Supporting third-party SSL cards cannot associate the NetScaler VPX to specific hardware implementations. It greatly diminishes an organizations ability to flexibly host NetScaler VPX anywhere within the data center. NetScaler MPX appliances must be used when more SSL throughput than NetScaler VPX provides is required.
Does NetScaler VPX support the same encryption ciphers as physical NetScaler appliances?
VPX supports all encryption ciphers as physical NetScaler appliances, except the ECDSA.
What is the SSL transactions throughput of NetScaler VPX?
See NetScaler VPX data sheet for information on SSL transactions throughput.
Pricing and packaging
How is NetScaler VPX packaged?
NetScaler VPX selection is similar to the selection of NetScaler appliances. First, the customer selects the NetScaler edition based on its functionality requirements. Then, the customer selects the specific NetScaler VPX bandwidth tier based on their throughput requirements. NetScaler VPX is available in Standard, Advanced, and Premium Editions. NetScaler VPX offers from 10 Mbps (VPX 10) to 100 Gbps (VPX 100G). More details can be found in the NetScaler VPX data sheet.
Is NetScaler VPX priced the same for all Hypervisors?
Yes.
Are the same NetScaler SKUs used for VPX on all Hypervisors?
Yes.
Can a NetScaler VPX license be moved from one Hypervisor to another (For example from VMware to Hyper-V)?
Yes. NetScaler VPX licenses are independent of the underlying Hypervisor. If you decide to move the NetScaler VPX virtual machine from one Hypervisor to another, you do not have to get a new license. However, you might need to rehost the existing NetScaler VPX license.
Can NetScaler VPX instances be upgraded?
Yes. Both the throughput limits and NetScaler family edition can be upgraded. Upgrade SKUs for both types of upgrade are available.
If I want to deploy NetScaler VPX in a high availability pair, how many licenses do I need?
As with NetScaler physical appliances, a NetScaler high availability configuration requires two active instances. Therefore, the customer must purchase two licenses.
NetScaler VPX Express and 90-day free trial
Does NetScaler VPX Express include all NetScaler standard functionality? Does it include NetScaler Gateway and load balancing for Citrix Virtual Apps (formerly XenApp) Web Interface and XML broker?
Yes. NetScaler VPX Express includes full NetScaler Standard functionality. Starting from NetScaler release 12.0–56.20, Citrix modified the VPX express behavior.
Does NetScaler VPX Express include all NetScaler standard functionality? Does it include NetScaler Gateway and load balancing for Citrix Virtual Apps Web Interface and XML broker?
Starting from NetScaler release 12.0–56.20, VPX Express offers the NetScaler Standard Edition feature set, except Gateway functionality. Earlier to the 12.0–56.20 release, VPX expresses includes all features in the standard edition.
Does NetScaler VPX Express require a license?
With the new NetScaler VPX Express release (12.0–56.20 and onwards), VPX Express is free and requires no license files to install and comes with no commitment. If you have a VPX Express license already, then the prior VPX Express behavior is preserved. If the VPX Express license file is removed and the 12.0–56.20 and onwards release is used, the new VPX express behavior takes effect.
Does the NetScaler VPX Express license expire?
With the new VPX express, no. There is no license and no expiry date. If you have a VPX express license already, the license expires one year after download.
Does NetScaler VPX Express include the five free NetScaler Gateway concurrent licenses?
Yes, if you own a VPX express license.
Is there a limit to how many NetScaler VPX Expresses a customer can download?
Five.
Does NetScaler VPX Express support the same encryption ciphers as NetScaler MPX appliances?
For general availability, all the same strong encryption ciphers supported on NetScaler appliances are available on NetScaler VPX and NetScaler VPX Express. It is subjected to the same import or export regulations.
Can I file technical support cases for NetScaler VPX Express?
No. A retail NetScaler VPX license such as, VPX-10, VPX-200, VPX-1000, VPX- 3000 is required to file technical support cases. However, NetScaler VPX Express users are free to use both the NetScaler VPX Knowledge Center, and request help from the community using the Z discussion forums.
Can NetScaler VPX Express be upgraded to a retail version?
Yes. Simply purchase the retail NetScaler VPX license you need, and then apply the corresponding license to the NetScaler VPX Express instance.
Hypervisor
What VMware versions does NetScaler VPX support?
NetScaler VPX supports both VMware ESX and ESXi for versions 3.5 or later. For more information, see Support matrix and usage guidelines
For VMware, how many virtual network interfaces can you allocate to a VPX?
You can allocate up to 10 virtual network interfaces to a NetScaler VPX.
From vSphere, how can we access the NetScaler VPX command line?
The VMware vSphere client provides built-in access to the NetScaler VPX command line through a console tab. Also, you can use any SSH or Telnet client to access the command line. You can use the NSIP address of the NetScaler VPX in the SSH or Telnet client.
How can you access the NetScaler VPX GUI?
To access the NetScaler VPX GUI, type the NSIP of the NetScaler VPX, for example, http://NSIP address
in the address field of any browser.
Can two NetScaler VPX instances installed on the same VMware ESX be configured in a high availability setup?
Yes, but it is not recommended. A hardware failure would affect both NetScaler VPX instances.
Can two NetScaler VPX instances running on two different VMware ESX systems be configured in a high availability setup?
Yes. It is recommended in a high availability setup.
For the VMware, are interface related events supported on NetScaler VPX?
No. Interface related events are not supported.
For the VMware, are tagged VLANs supported on NetScaler VPX?
Yes. NetScaler tagged VLANs are supported on NetScaler VPX from release 11.0 and higher. For more information, see NetScaler documentation.
For VMware, are link aggregation and LACP supported on NetScaler VPX?
No. Link Aggregation and LACP are not supported for NetScaler VPX. Link aggregation must be configured at the VMware level.
How do we access NetScaler VPX documentation?
The documentation is available from the NetScaler VPX GUI. After logging in, select the Documentation tab.
Capacity planning or sizing
What performance can I expect with NetScaler VPX?
NetScaler VPX offers good performance. See NetScaler VPX data sheet for a specific performance level achievable using NetScaler VPX.
Given that server CPU power varies, how can we estimate the maximum performance of a NetScaler instance?
Using a faster CPU can result in higher performance (up to the maximum allowed by the license), while using a slower CPU can certainly limit the performance.
Are NetScaler VPX bandwidth or throughput limits for inbound only traffic, or both inbound and outbound traffic?
NetScaler VPX bandwidth limits are enforced for traffic inbound to the NetScaler only, regardless of whether the request traffic or response traffic. It indicates that a NetScaler VPX-1000 (for example) can process both 1 Gbps of inbound traffic and 1 Gbps of outbound traffic simultaneously. Inbound and outbound traffic is not the same as request and response traffic. To the NetScaler, both traffic coming from endpoints (request traffic) and traffic coming from origin servers (response traffic) is “inbound” (that is, coming into the NetScaler).
Can multiple instances of NetScaler VPX be run on the same server?
Yes. However, ensure that the physical server has enough CPU and I/O capacity to support the total workload running on the host, or NetScaler VPX performance can be impacted.
If more than one instance of NetScaler VPX is running on a physical server, what is the minimum hardware requirement per NetScaler VPX instance?
Each NetScaler VPX instance must be allocated 2 GB of physical RAM, 20 GB of hard disk space, and 2 vCPUs. For critical deployments, we do not recommend 2 GB RAM for VPX because the system operates in a memory-constrained environment. This might lead to scale, performance, or stability related issues. Recommended is 4 GB RAM or 8 GB RAM.
Note:
The NetScaler VPX is a latency-sensitive, high-performance virtual appliance. To deliver its expected performance, the appliance requires vCPU reservation, memory reservation, vCPU pinning on the host. Also, hyper threading must be disabled on the host. If the host does not meet these requirements, issues such as high-availability failover, CPU spike within the VPX instance, sluggishness in accessing the VPX CLI, pit boss daemon crash, packet drops, and low throughput occur.
Make sure that every VPX instance meets the predefined conditions.
Can I host NetScaler VPX and other applications on the same server?
Yes. For example, NetScaler VPX, Citrix Virtual Apps Web Interface and Citrix Virtual Apps XML Broker can all be virtualized and can run on the same server. For best performance, ensure that the physical host has enough CPU and I/O capacity to support all the running workloads.
Will adding CPU cores to a single NetScaler VPX instance increase the performance of that instance?
Yes, adding CPU cores can improve NetScaler VPX performance, provided the NetScaler VPX instance is licensed for the extra vCPUs. NetScaler VPX can support up to 20 vCPUs (for 41 Gbps - 100 Gbps performance), depending on the configuration and performance tier. More vCPUs can help increase throughput, especially in high-performance scenarios. However, the impact on performance also depends on factors like the network drivers (for example, PCI passthrough or SR-IOV) and the specific workload. For information on number of vCPUs supported for different VPX performance tiers, see NetScaler VPX data sheet.
Why NetScaler VPX looks like consuming more than 90% of the CPU even though it is idle?
It is normal behavior and NetScaler appliances exhibit the same behavior. To see the true extent of NetScaler VPX CPU utilization, use the stat CPU command in the NetScaler CLI, or view NetScaler VPX CPU utilization from the NetScaler GUI. The NetScaler packet processing engine is always “looking for work,” even when there is no work to be done. Therefore, it does everything to take control of the CPU and not release it. On a server installed with NetScaler VPX and nothing else, results in looking like (from the Hypervisor perspective) that NetScaler VPX is consuming the entire CPU. Looking at the CPU utilization from “inside NetScaler” (by using the CLI or the GUI) provides a picture of NetScaler VPX CPU capacity being used.
System requirements
What are the minimum hardware requirements for NetScaler VPX?
The following table explains the minimum hardware requirements for NetScaler VPX.
Type | Requirements |
---|---|
Processor | For the processor requirements of your VPX platform, refer to the Supported processors for NetScaler VPX table. |
Memory | Minimum 2 GB. However, 4 GB is recommended. |
Disk | Minimum 20 GB hard drive. |
Hypervisor | Citrix Hypervisor 5.6 or later, VMware ESX/ESXi 3.5 or later, or Windows Server 2008 R2 with Hyper-V |
Network Connectivity | 100 Mbps minimum, but 1 Gbps is recommended. |
NIC | Use a NIC that is compatible with your hypervisor. For more information, see Supported NICs for NetScaler VPX. |
Note:
For critical deployments, 4 GB memory is preferred for NetScaler VPX. With 2 GB memory, NetScaler VPX operates in a very memory-constrained environment. This might lead to scale, performance, or stability related issues.
From NetScaler 13.1 release onwards, the NetScaler VPX instance on VMware ESXi hypervisor supports AMD EPYC processors.
For more information on system requirements, see NetScaler VPX data sheet.
What is Intel VT-x?
These features, sometimes referred to as “hardware assist” or “virtualization assist,” trap sensitive or privileged CPU instructions run by the guest OS out to the Hypervisor. This simplifies hosting guest OSs (BSD for a NetScaler VPX) on the Hypervisor.
How common are VT-x?
Many servers have virtualization assistance features (such as VT-x or AMD-V) disabled by default in the BIOS settings. Before concluding that you cannot run NetScaler VPX, check the BIOS configuration. If virtualization support is disabled, you may need to enable it in the BIOS to ensure your server can properly run virtualized applications like NetScaler VPX.
Is there a hardware compatibility list (HCL) for NetScaler VPX?
As long as the server supports Intel VT-x, NetScaler VPX must run on any server compatible with the underlying Hypervisor. See the Hypervisor HCL for a comprehensive list of supported platforms.
What version of NetScaler OS is NetScaler VPX based on?
NetScaler VPX is based on NetScaler 9.1 or later releases.
Since NetScaler VPX runs on BSD, can it be run natively on a server with BSD Unix installed?
No. NetScaler VPX requires the Hypervisor to run. Detailed Hypervisor supports can be found in NetScaler VPX data sheet.
Other technical FAQs
Does link aggregation on a physical server with multiple NIC’s work?
LACP is not supported. For the Citrix Hypervisor, Static link aggregation is supported and has limits of four channels and seven virtual interfaces. For VMware, static link aggregation is not supported within NetScaler VPX, but can be configured at the VMware level.
Is MAC based forwarding (MBF) supported on VPX? Is there any change from the NetScaler appliance implementation?
MBF is supported and it behaves the same way as with the NetScaler appliance. The Hypervisor basically switches all the packets received from NetScaler VPX to the outside and conversely.
How is the NetScaler VPX upgrade process carried out?
Upgrades are performed the same way as for NetScaler appliances: download a kernel file and use install ns or the upgrade utility in the GUI.
How are flash and disk space allocated? Can we change it?
A minimum of 2 GB memory must be allocated to each NetScaler VPX instance. The NetScaler VPX disk image is sized at 20 GB to accommodate serviceability needs, including space for storing up to 4 GB of core dumps, as well as log and trace files. While it would be possible to generate a smaller disk image, there are no plans to do this currently. /flash
and /var
are both in the same disk image. They’re kept as separate file systems for compatibility purposes.
The following values represent the disk space allocated for specific directories on the NetScaler VPX instance:
- /flash = 965M
- /var = 14G
For detailed memory allocation recommendation, refer to NetScaler VPX data sheet.
Can we add a new hard drive to increase space on NetScaler VPX instance?
Yes. From NetScaler release 13.1 build 21.x onwards, you have the option to increase disk space on the NetScaler VPX instance by adding a second disk. When you attach the second disk, the “/var/crash” directory is automatically mounted on to this disk. The second disk is used for storing core files and logging. Existing directories that are used to store core files and log files continue to work as earlier.
Note:
Take external backup on downgrade of the NetScaler appliance to avoid loss of data.
For information on how to attach a new hard disk drive (HDD) to a NetScaler VPX instance on a cloud, see the following:
-
Note:
To attach a secondary disk on VPX instances deployed on Azure, ensure that the Azure VM sizes have a local temporary disk. For more information, see Azure VM sizes with no local temporary disk.
- AWS documentation
- GCP documentation
Warning:
After you add a new HDD to VPX, some of the scripts that work on files, which are moved to the new HDD might fail under the following condition:
If you use the “link” shell command to create hard links to the files, which were moved to a new HDD.
All such commands must be replaced by “ln -s” to use a symbolic link. Also, modify the failing scripts accordingly.
What can we expect to regard the NetScaler VPX build numbering and interoperability with other builds?
NetScaler VPX has similar build numbering as the 9.1. Cl (classic) and 9.1. Nc (nCore) release, for instance 9.1_97.3.vpx, 9.1_97.3.nc, and 9.1_97.3.cl.
Can the NetScaler VPX be a part of a high availability setup with a NetScaler appliance?
Not a supported configuration.
Are all the interfaces visible in NetScaler VPX directly related to the number of interfaces on the Hypervisor?
No. You can add up to seven interfaces (10 for VMware) through the NetScaler VPX configuration utility with only one physical NIC on the Hypervisor.
Can Citrix Hypervisor XenMotion or VMware VMotion or Hyper-V live migration be used to move active instances of NetScaler VPX?
NetScaler VPX does not support XenMotion or Hyper-V live migration. VMotion is supported from the NetScaler 12.1 release onwards. For more information, see Release Notes.