The results of this article can be found in the following articles
Citrix NetScaler platform sizing guides
How to maximize your virtual Citrix NetScaler Access Gateway performance
Citrix NetScaler Access Gateway VPX user scalability numbers explained
During the years Citrix is working on moving customers from the Citrix Secure Gateway to Citrix NetScaler Gateway platform. Last year Citrix announced that they will move to one Gateway platform based on the Citrix NetScaler platform. Up to now they had several code bases for similar functionality.
Let me start by mentioning that I think it’s a great step to get customers of the Secure Gateway platform. Citrix NetScaler Gateway is more secure and offers more functionality. The latest step to move to one base platform for Access Gateway is understandable because it saves a lot of time in development and support for Citrix. It also makes a consultants life easier because we had a hard time explaining the differences.
There is one thing that puzzles me! The physical layer on which we run virtual appliances offers us far more performance than a couple of years ago while Citrix lowers the amount of concurrent users on a VPX appliance in every next step. When discussing this with Citrix employees they say this is caused by heavier SSL transactions due to 2K and nowadays 4K certificates.
I get that but the amount of users we can handle on a VPX shouldn’t be a hard number because it completely depends on how many and what kind of CPU resources we are using.
By speaking with community friends like Andrew Morgan, Kees Baggerman and Shawn Bass I know for sure that there are a lot of customers working with numbers far above the Citrix magic spot.
Citrix NetScaler Gateway Research
To start my research I would like to know how many users you are handling concurrently on a single Access Gateway VPX. The number where users will notice even the slightest degree of performance degradation. I trust on all of you to help me out and provide me with real every day numbers.
[poll id=”2″]
[poll id=”3″]
Please feel free to leave as much information as possible in a comment. I will try to bundle it all in a NetScaler Gateway research results post. Keep you posted and might even work on another poll if I need more information. Thanks so much for helping out!
Scalability numbers are always tricky! There is always a balance between quoting too much and too less. At Citrix, we try and quote these numbers, from a real world perspective. Our traffic profile does not use a single data connection, but simulates multiple connections per user session, with each connection representing varying content streams.
Hi Prashant, thanks for your comment.
Okay, fair enough, but what are the numbers? What is Citrix’s advice?!
Is it still ~ 500 CCU?! Or even lower?
Hi Martijn, I have spoken to Prashant and other NetScaler/CAG gurus. My follow up will hopefully answer all of your questions.
Any ETA for the followup? Because i’m always struggeling with these numbers (don’t want to be pushy, but nevertheless).
If you check the ‘official’ Citrix guidelines it says 300 CCU for SSL VPN. Now I don’t know if the load on ICAPROXY is the same as SSL VPN, I can imagine it being lower.
It would be nice to see some load stats to go with the numbers above to see if the appliance has in fact reached capacity or whether folks are simply staying within the supported numbers. As for processing encryption/decryption, if we’re talking virtual appliances, adding more cores and/or RAM resources would have to make a difference would it not?
Please check my other articles and let me know if it helps.
http://www.barryschiffer.com/?p=1003
http://www.barryschiffer.com/?p=1034