NetScaler Times newsletter for Week 13 - 2024

Hello Everyone

It’s Andrew again over at Cloud Software Group. One thing I've noticed in my role is the steady stream of questions about NetScaler. This update aims to provide you with valuable pointers to keep you up-to-date and ahead of the curve! ??

I would greatly appreciate your continued engagement and feedback, my contact details are at the bottom of this newletter.

Agenda for this week:

1. Build status and updates
2. Topical from last week
3. Support and Security Bulletins.
4. NetScaler Community & Labs site
5. Feedback on this newsletter

1. Build status and updates

The details for the various builds have been summarized below, as this helps plan for new releases in your environment. Starting from 13.1 there will be the following:

1. Firmware will have a 3-year upgrade cycle, where new features are added, called the ‘Feature Phase’.
2. The ‘Maintenance Phase’ then starts, and it is then supported for another 3 years with bug fixes and security updates.
3. There will then be 1 year of extended support with security fixes only. The expectation is to use this time to move off before the EOL for the firmware.

Typically, the guidance for NetScaler & NetScaler Console(ADM) build releases is that the Management platform needs to be the same or newer than the NetScaler(s) that it manages. I typically, go with the latest for NetScaler Console.

The NetScaler has multiple form factors to support different environments. NetScaler is built on a single operating system with a software-based architecture, so the behaviour will be the same no matter which is used — hardware, virtual machine, bare metal, or container.

Current Build Versions:

2. Topical from last week?

The setup

Customer X has a two-DC set up in Europe, they have L2 VLANs between those DCs. They currently run NetScaler pairs in ‘regular’ HA between those two DCs

The Problem

A customer had asked about different high-availability options when the DCs do not have stretched L2 VLANs between them. The client did have OTV(Overlay Transport Virtualization) running between DCs today, but the new layout was to move away from this. NetScaler can be deployed with the nodes on different L3 VLANs, normally the NSIPs need to be on the same VLAN (L2 adjacency). Hence the use of OTV as stated above.

The solution

We talked over the different options it became obvious that the best option would be to have HA pairs in each DC and wrap the whole deployment with some GSLB.

Why do it that way?

It has super resilience, you can have multiple failures before switching over DCs. It also builds in some options for taking out a site to make a change, should you need to. The most important option for this client was that HA nodes maintain a session state, such that sessions are known within a DC. HA nodes maintain session tables.

The cost?

The customer was looking at the potential bill for this, as it would need some extra nodes( four nodes against the two that they currently run). However, when we looked at the sizing they have, the vCPU cores that they have are quite lightly loaded (four vCPU’s and it’s doing 4.8% load). Dropping these down to 2 vCPU and adding in extra nodes, would still offer the support for the load that they have while giving them a better resilience between sites. There are some recent charts with session details with recent firmware to make this easy.

The takeaway?

The client had pooled capacity, and taking another look at how it was deployed gave them the option to review where they placed their capacity and meet their changing needs. Platform & Universal HMC make this even easier, as the limits on nodes get lifted, offering new ways to solve problems like this while still having bags of capacity to take on additional load.

3. Support and Security bulletins

These are the latest articles on the support portal knowledgebase, sorted by modified date. Here are the 6 most articles (IMO). The site is located here.

Security updates:

• NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549Modified: 19 Jan 2024 | NetScaler,NetScaler GatewayAnil Shetty added a Blog with some extra details: That follow-up is here
• Citrix Secure Access client for Windows Security Bulletin for CVE-2023-24491Citrix Secure Access client for Windows Security Bulletin for CVE-2023-24491Modified: 09 Feb 2024 | NetScaler,NetScaler Gateway
• Citrix Secure Access client for Ubuntu Security Bulletin for CVE-2023-24492Citrix Secure Access client for Ubuntu Security Bulletin for CVE-2023-24492Modified: 09 Feb 2024 | NetScaler,NetScaler Gateway

Support Docs:

• How to change the management IP of SVM from LOMHow to change the management IP of SVM from LOMModified: 20 Mar 2024 | NetScaler
• [NetScaler-Gateway] iOS CWA cannot connect to Store, 500 Internal Server Error 43549[NetScaler-Gateway] iOS CWA cannot connect to Store, 500 Internal Server Error 43549Modified: 20 Mar 2024 | NetScaler,NetScaler Gateway
• After upgrading to 13.1 49.x build , the PE CPU significantly increases after running for some timeAfter upgrading to 13.1, the PE CPU significantly increases after running for some timeModified: 19 Mar 2024 | NetScaler,NetScaler Gateway

4. Events and Labs

Events

There are five events for March

06 March

Observability is more than just monitoring the state of applications. Observability is important for IT operations and other stakeholders like SRE, DevOps, Platform and Network Admins to collect and analyze MELT (metrics, events, logs, traces) - for troubleshooting application health issues and surfacing the application security violations. In this demo you will learn:

• Why Observability is important for enterprise applications
• Overview of NetScaler’s Splunk integration without any external agent
• How to monitor application latency, errors, HTTP/SSL/TCP protocol on Splunk
• How to monitor NetScaler infrastructure insights on Splunk
• How to monitor SSL, Security (WAF, BOT) NetScaler console (ADM) generated insights on Splunk

Watch on-demand here

13 March

Do you require secure DNS but are constrained by outdated servers?? Now you can proxy your DNS queries over TLS. This technique lets you encrypt your DNS requests with TLS, even if your servers only understand plain text. Think of it as a translator, converting modern, encrypted queries into a format your outdated systems can handle. This means enhanced privacy and security without ditching your legacy infrastructure. Sounds like a win-win? Dive deeper and discover how this innovative approach can protect your data while keeping your DNS functioning smoothly.?

In this live demo, our NetScaler experts will showcase

• How NetScaler facilitates encrypted DNS traffic using the Transport Layer Security (TLS) protocol in proxy mode

Watch/register here

21 March

In this webinar, we’ll discuss application delivery challenges faced by OpenShift platform admins and developers:

• Why OpenShift is the right K8s platform for you
• Using NetScaler for ingress traffic management with Red Hat OpenShift
• NetScaler Red Hat OpenShift integration solutionProblem statementDeployment topologyLive demoBenefits of NetScaler and Red Hat integrationsQ&A

Watch/register here

28 March - EMEA/APJ & Americas

In this webinar, our NetScaler experts will cover: 1. Maximising Infrastructure Automation: Terraform Provider for SVM (SDX) enhancements. 2. Support Assist: Practical Implication of NetScaler’s nFactor authentication

Watch/register EMEA/APJ here

Watch/register Americas here

Labs

Go here for the hands-on labs. Link

5. Feedback for this newsletter

Naturally, if something you feel should be added/removed or called out, drop me a note; [email protected]. Any mistakes are all mine.

I would be happy to get feedback on what you could do with seeing more of or what you find hard to set up. You can get all the previous newsletters plus other articles here:

NetScaler Times Archive

Have a great week!