Finalmente disponibile Citrix Netscaler 10.5!
Attendevo questa release più delle altre specialmente dopo i problemi avuti con la parte Java negli ultimi mesi: finalmente è disponibile per il download NetScaler 10.5 e la novità più evidente è la nuova UI completamente scritta in HTML5.
Più di una volta sono rimasto bloccato nel dover velocemente configurare alcune parti di Netscaler 10.1: gli avvisi di java error, errori di protezione, lentezza ecc… diciamo…era il monento di dare un cambio radicale! La colpa è della piattaforma Java, che con le ultime evoluzioni ha creato non pochi problemi anche su webapp di configurazione di altri dispositivi tra cui san, switch e firewall.
The NetScaler graphical user interface (GUI) has been enhanced to provide a better user interaction experience. It now provides you with a workflow-based experience, which guides you through the entire configuration. The configuration settings have been classified as basic and advanced for some features. The NetScaler ADC configuration utility and NetScaler Gateway configuration utility has also been reimplemented in HTML. As a result of these enhancements, the GUI does not display pop-up dialog boxes for most features and you no longer need Java Runtime Environment (JRE) to access these features through the GUI.
Con la versione 10.5 Citrix non ha migliorato soltanto la GUI, sotto ci sono veramente tantissime novità: andiamo a vedere il riassunto del change-log ufficiale
AAA Application Traffic
- AAA-TM can now be configured to authenticate users with an external RADIUS or LDAP authentication server at a specific FQDN instead of only at a specific IP.
- Unlocking Locked-Out User Accounts
- NetScaler Default Expressions support for authentication subsystem
- Extracting SAML Attributes from Keytab
- Web-based Authentication
- Strong Encryption Support in Kerberos KCD
- Renegotiate Support for Certificate-based Policies
- Using a Responder HTML Response Page to provide Customized Error Responses
- KCD Performance Improvements
- NetScaler as SAML IDP
- Authentication Server Stickiness
- Responder After AAA
- With previous versions of the NetScaler ADC, OWA 2010 connections did not timeout because OWA sends repeated keepalive requests to the server to prevent timeouts, which interfered with single sign-n and posed a security risk. AAA-tm now supports forced timeouts that ensure that OWA 2010 sessions timeout after the specified period of inactivity.
AppFlow
- The process of collecting the load time and render time of web pages has been simplified by including the clientSideMeasurements parameter as part of the add appflow action command.
- NetScaler ADC now exports AppFlow records to a set of collectors if the transaction responses are served from the NetScaler cache.
- Indication for End of Transaction]
- Cisco RISE Integration
Cisco RISE Integration
- Configuring RISE with NetScaler ADC and Cisco Nexus 7000 Switches.
Cluster
- You can now add a failover interface set (FIS) on the nodes of a NetScaler cluster. On the cluster IP address, specify the ID of the cluster node on which the FIS must be added as follows:
- A NetScaler cluster can now be configured to run with less than (n/2 + 1) number of nodes online.
- Spotted VIP for NetScaler Gateway clusters. Spotted VIP functionality has been expanded to enable clustering for NetScaler Gateway.
- MPTCP is now supported on a NetScaler cluster.
- Layer2 Mode Support in a Cluster
- Net profiles are now supported on a NetScaler cluster.
- Traffic domains are now supported on a NetScaler cluster.
- Link Redundancy Support in a Cluster
- VRID/VRRP is now supported on a NetScaler cluster.
Compression
- Specifying a Vary Header Value
Content Accelerator
- Content accelerator is a NetScaler feature that you can use in a Citrix ByteMobile T1100 deployment, to store data on a Citrix ByteMobile T2100 appliance. This saves bandwidth and provides faster response times, because the NetScaler does not have to connect to the server for repeated requests of the same data.
Content Switching
- Multiple Port Content Switching Support for HTTP and SSL Virtual Servers
- Multiple Port Content Switching Support for SSL_TCP Virtual Servers
- Content Switching Support for Diameter
- When you create a content switching virtual server, NetScaler now supports using DNS TCP as the protocol used by the virtual server.
Data Stream
- Support for Database Specific Load Balancing for MySQL
- Support for SQL Server High-Availability (HA) Group Deployment
- Support for Transparent Deployment Mode in MySQL
- Support for Fallback to NTLM Authentication
DNS
- Enabling or Disabling the Recursion Available Flag
- CNAME Record Caching
- NetScaler ADC when deployed in a proxy mode does not always send the query for an address record to the back-end server.
- NAPTR DNS Record
- AA bit set for response from NetScaler Cache
GSLB
- GSLB Auto Sync Enhanced to to Sync Static Proximity Database
Integrated Caching
- Cache Object Persistence in a High Availability Setup
- Increased Metadata Cache Capacity
Load Balancing
- Support for Jumbo Frames in RADIUS
- Increased Limits on the Number of Service Groups
- Monitors for XenMobile Device Manger (XDM) and XenMobile Device Connector (XNC)
- Rate Limiting Support for Diameter
NetScaler Gateway
- RADIUS accounting.
- Tranferring ICA Proxy Sessions Between Devices
- Advanced endpoint analysis
NetScaler Insight Center
- NetScaler Insight Center can now dynamically set the threshold value for the maximum number of hits on each URL.
- Hop Diagram Support
- Managing Session Timeout Period
- The database cache functionality of NetScaler Insight Center stores database content locally in the cache and serves the content to users without accessing the database server.
- If the length of URLs displayed in the Web Insight reports is very long, you can enable the trim URL functionality to remove the query string from the URL.
- Data record logs provide detailed information about appflow records that NetScaler Insight Center collects from NetScaler ADCs.
- You can now configure the ICA session timeout value for inactive sessions on the NetScaler Insight Center configuration tab.
- The active sessions data on the dashboard now include the following metrics:
Client IP: IP address of the client
Server IP: IP address of the server
NetScaler IP: NetScaler IP address
- You can now customize NetScaler Insight Center reports to display the metrics that you want, and you can specify bar graphs or line graphs.
- HDX Insight Center reports now support the following metrics:
-Client side zero window size event: This counter indicates how many times the client advertised a zero TCP window.
-Server side zero window size event: This counter indicates how many times the server advertised a zero TCP window.
-Client side fast RTO: This counter indicates how many times the retransmit timeout was invoked on the client-side connection.
-Server side fast RTO: This counter indicates how many times the retransmit timeout was invoked on the server-side connection.
- In the dashboard, you can now select and rearrange the columns displayed in the tables. These changes persist across user sessions.
- Data Record Log Settings
- The top-right corner of the page now displays a percentile icon, which you can click to display percentile values and the highest and lowest values for a selected metric.
- On the dashboard, if you move the columns in a table and refresh the page, the column ordering is sometimes reset to default.
- Authentication and Authorization Support.
-Remote Authentication Dial In User Service (RADIUS)
-Terminal Access Controller Access-Control System (TACACS)
-Lightweight Directory Access Protocol (LDAP)
- Cache Redirection Insight Support
- NetScaler Insight Center adaptive threshold functionality dynamically sets the threshold value for the maximum number of hits on each URL.
- HDX Insight reports now include details about session reconnects, client-side retransmissions, and server-side retransmissions.
- Even if Appflow is disabled for a virtual server, you can clear the configuration in the NetScaler Insight Center by selecting Clear AppFlow Configurations from the Action list.
- HDX Insight now provides a report about active sessions, grouped by server IP and gateway IP.
- NetScaler Insight Center now saves the following data for a specific time period before it is purged:
* 30 second data – Saves for 6 minutes
* 5 minute data – Saves for 65 minutes
* Hourly data – Saves for 25 hours
* Daily data – Saves for 31 days
- The GUI displays a real-time graphical representation of the CPU, memory, and disk resources used by the NetScaler Insight Center virtual appliance.
- EUEM Session Data on HDX Insight Reports
- Exporting Reports
- Geo Map Support
NetScaler SDX Appliance
- Authentication and Authorization Enhancements
- SSL certificates and keys for NetScaler instances
- XenServer IP Address Support in Network Configuration Utility
- No change in state of shut down NetScaler instance through appliance reboot
- Provisioning support even when none of data ports are connected
- Improved Dashboard
- Console Access for NetScaler SDX Appliance
- Monitoring and Managing Real-Time Status of Entities Configured on NetScaler Devices
- Monitoring and Managing Events Generated on NetScaler Instances
- The Call Home feature monitors your NetScaler instances for common error conditions.
- Change Management
- Security Enhancements on NetScaler SDX Appliance
- New inline wizard for provisioning NetScaler instances with simplified networking configuration steps
- Management Service Statistics
- Wizard for Initial Configuration Setting in Management Service
- LACP Statistics
- Provisioning Palo Alto VM-Series Instances on a NetScaler SDX Appliance
- CLI Support for NetScaler SDX Appliance
Networking
- Features Supported in Traffic Domains
The following NetScaler features are now supported in all traffic domains configured on a NetScaler appliance:
* RNAT6
* IPv4 and IPv6 Forwarding Sessions
* NAT64
* NAT46
- VMAC Based Traffic Domains
- Configuring Link Redundancy by using LACP channels
- The ZebOS dynamic routing software package has been upgraded to version 7.10.2.
- Increased Number of Interfaces for Link Aggregation Channels
- Support for Inter Traffic Domain Entity Bindings
- Support for VXLANs
- You can now configure rate limiting for traffic domains.
- Netprofile Support for Link Load Balancing Configurations
- The NetScaler ADC now supports the industry standard (EEE 802.1AB) Link Layer Discovery Protocol (LLDP). LLDP is a layer 2 protocol that enables the NetScaler ADC to advertise its identity and capabilities to the directly connected devices, and also learn the identity and capabilities of these neighbour devices.
- IPv6 Forwarding Session Rules
- ZebOS API Access
- NetScaler MPX appliances support receiving and transmitting jumbo frames containing up to 9216 bytes of IP data. Jumbo frames can transfer large files more efficiently than it is possible with the standard IP MTU size of 1500 bytes.
NITRO API
- Python SDK for NetScaler SDX and NetScaler Insight Center NITRO
- Python SDK for NetScaler NITRO
- Uploading and Retrieving Files for NetScaler SDX Using NITRO
- Uploading and Retrieving Files for NetScaler Using NITRO
Optimization
- Front End Optimization Support
Policy
- Variable Support for Policies
Responder
- Embedded Expressions in Responder Responses
- The Responder feature now supports the Diameter protocol.
Rewrite
- The Rewrite feature now supports the Diameter protocol.
SSL
- Support for ECDHE Ciphers
- SSL Certificate Chain
- Setting the Limit for Disabled SSL Chips
- Sending an SSLv2 Compliant Client Hello Message
- Support for Common Name Check during Server Authentication
- Creating an SSL Profile
- Support for DTLS Protocol
- Importing SSL Resources from Remote Hosts
- SSL Renegotiation
System
- SPDY v3 Support
- Application Layer Protocol Negotiation (ALPN) Extension support
- NetScaler now supports BIC and CUBIC TCP congestion control algorithms.
- TCP Timestamp based on RFC 1323
- SNMP Trap for Port Allocation Failures
- SNMP V3 Support for Traps
- Restrict Interface-level System Session Timeout
User Interface
- Distinguish between Commands Executed from Different NetScaler Interfaces
- The NetScaler graphical user interface (GUI) has been enhanced to provide a better user interaction experience. It now provides you with a workflow-based experience, which guides you through the entire configuration. The configuration settings have been classified as basic and advanced for some features. The NetScaler ADC configuration utility and NetScaler Gateway configuration utility has also been reimplemented in HTML. As a result of these enhancements, the GUI does not display pop-up dialog boxes for most features and you no longer need Java Runtime Environment (JRE) to access these features through the GUI.
Adesso vado subito ad aggiornare il nostro Demo Center Aziendale..a presto!
Per maggiori informazioni e per il download:
- Citrix NetScaler 10.5 (Main) Release Notes
- Download Citrix NetScaler 10.5 (mycitrix account required) (ncore 250 MB)