How to maximize your virtual Citrix NetScaler Access Gateway performance.
When you are reading this article you have probably been reading another article which is called NetScaler Access Gateway VPX user scalability numbers explained If you haven’t read this article I advice you to do so before continuing.
In the article mentioned above I focused on explaining why there are so many different “facts” about the amount of users you can facilitate on a virtual Citrix NetScaler Access Gateway. In this follow up article I will try to go into a bit more technical detail about CPU resource consumption and most importantly how you can make sure to get every single possible user sessions out of the virtual appliance.
CPU resource consumption
The bottleneck when we talk about concurrent user sessions on a virtual CAG is CPU. To optimize your experience we first need to know what’s using all of these CPU resources.
- The easiest one is normal Linux OS and application CPU cycles which we would see on any other platform
- On a virtual appliance we, obviously, use a virtual network card. A virtual network card doesn’t have offload possibilities like a physical network card. All of the packet handling is therefor CPU intensive.
- Virtual networking uses, becoming captain obvious by now, CPU resources on the hypervisor without the possibility of at least some offloading just like the virtual NIC.
- Last and anything but least SSL transactions. A physical CAG appliance uses special Cavium SSL Offload chips instead of the CPU which is being used by the virtual CAG. These Cavium chips are more capable of performing SSL transactions than normal CPU’s, so this is essentially what influences the amount of concurrent user sessions.
So after three articles of teasing I’m now finally going to tell you how to get the most out of your virtual Access Gateway performance!
As the CPU is our main bottleneck the first and easiest advice I can give you is to use a physical server with a recent CPU architecture. Faster is better!
My second advice is to be absolutely sure you are not over committing on CPU’s, if you decide to do so at least reserve a lot of CPU cycles for your virtual CAG! Each and every CPU wait will cause visible delays for your users so they will thank you!
Add CPU resources to your virtual appliance by adding one or more vCPUs. You should only be doing this when you don’t over commit, if you don’t you will end up with more delays! If you want to know why I’d recommend you read this article by Gabrie van Zanten.
Please do share any thoughts or ideas as a comment! I will make sure to add new tips to this article!