What Is Citrix ADC, and What other Alternatives are There?

Citrix Application Delivery Controller (ADC) is a networking appliance that carries out web application delivery in multi-cloud platforms and data centers. Available in hardware-based and software-based variants, it makes use of load balancing and other techniques. Citrix ADC also has a built-in application firewall for securing corporate networks.

What Are the Features of Citrix ADC?

Like other load balancers, Citrix ADC is placed between the firewall and the servers processing user requests. When user traffic increases, it routes the workload to available servers to ensure the running of applications within the network.

Aside from its primary load balancing feature, it also acts as a firewall, segregating valid application requests from malicious ones and blocking the latter from entering your network. It protects web applications from numerous threats, including denial-of-service (DoS) attacks, cross-site scripting attacks, buffer overflow exploits and Structured Query Language (SQL) injection attempts.

In addition, Citrix ADC performs Transmission Control Protocol (TCP) optimizations to alleviate network latency and congestion issues, with Secure Sockets Layer (SSL) processing, among other computing-intensive operations and faster fulfillment of application requests.

Citrix ADC can also be used as the groundwork for your organization’s network policy infrastructure, as it facilitates the formulation of a policy list for your various applications. Based on this policy list, your servers will know which application requests to serve first.

Moreover, your IT staff can configure Citrix ADC to handle different packet flows. For instance, you can choose to compress and encrypt outgoing data packets by configuring both compression and SSL offloading, among other features.

What Are the Different Flavors of Citrix ADC?

Citrix ADC is available in virtual and physical form factors. Citrix ADC VPX, Citrix ADC CPX and Citrix ADC BLX are virtual platforms, while Citrix ADC MPX and SDX are physical platforms. It is also available as a virtual platform on public clouds such as Amazon Web Services, Microsoft Azure and Google Cloud Platform.

Citrix ADC VPX and Citrix ADC BLX are both virtual appliances. The former supports various virtualization and cloud environments, making it ideal for use in scalable, multi-tenant IT infrastructures. The latter is designed to run as a bare-metal Linux process on your choice of server hardware, which means it’s best for high-throughput workloads in organizations with Linux expertise.

Citrix ADC CPX is a Docker container for use on-premises and on multiple public and private clouds. Since it is containerized, it supports other containerized applications as well. Thus, it is used for DevOps and application development use, and organizations transitioning to microservices.

Citrix ADC MPX and SDX are both hardware-based appliances. Built for the cloud, the former is best for high-performance web application security and SSL support. On the other hand, the latter is built for use in virtualized, hardware-based applications, load balancing consolidation, and application rollouts that require staging and development environments.

What Is SSL Offloading?

Ordinarily, application servers also handle SSL transactions accompanying user requests. In case of high volumes, this can lead to web traffic clogging your servers. To prevent this from happening, Citrix ADC can be configured to accept SSL transactions from servers in a process known as SSL offloading.

When used for SSL offloading, Citrix ADC accelerates SSL transactions by intercepting and decrypting these transactions before sending them to the application servers. If the network is set up for end-to-end encryption, it will also re-encrypt the packets first.

An SSL certificate and a key pair are required prior to configuring Citrix ADC for SSL offloading. Organizations that want to use SSL offloading but are required to follow government security regulations can use any of the Citrix ADC physical and virtual appliances that have been certified as compliant with the Federal Information Processing Standard (FIPS) 140-2 on cryptographic software. For these appliances, the private key used for SSL transactions resides in a separate hardware security module. In contrast, in a Citrix ADC appliance that is not FIPS-certified, the private key is stored on the appliance’s hard or virtual disk.

Citrix ADC Load Balancing Layers

Load balancing refers to the efficient distribution of application requests to the available servers in a network. Central to this concept is the addition of more servers to the network that can service user requests. Load balancing ensures that all the available computational power within a network is harnessed. This leads to more efficient handling of workloads, preventing any single server from being overwhelmed with incoming requests and leading to faster response times.

Citrix ADC makes network traffic routing decisions based on Layer 4 and Layer 7 load-balancing techniques. Layer 4 load balancing uses TCP and User Datagram Protocol (UDP) to manage network traffic on the transport layer, taking into account information such as the number of connections and server response times. On the other hand, Layer 7 load balancing works on the application layer, meaning its routing decisions are based on information within the application, including the content of the HTTP/HTTPS headers, URL types and message content.

Aside from load balancing, Citrix ADC employs health monitoring to determine which servers are capable of handling incoming requests. When it sees that a server is not responding, it avoids that server totally and routes the requests to healthy servers instead.

Another Citrix ADC feature is Global Server Load Balancing (GLSB), which ensures that there’s always a datacenter available to service user requests. When forwarding requests using the Domain Name System (DNS), GLSB considers datacenter availability and performance.

Simplify High Availability with Parallels RAS

Parallels® Remote Application Server (RAS) is a streamlined, remote working solution that can be used to load balance your IT infrastructure without complex network configurations and expensive add-ons.

Server load balancing is easy to configure with Parallels RAS, which uses either of two methods out of the box. Resource-based load balancing distributes sessions to servers depending on server load, while round-robin load balancing redirects sessions in sequential order. For example, in a farm with two terminal servers, the first session is redirected to server one, the second session is redirected to server two and the third session is redirected to server one again.

Using the Parallels RAS Remote Desktop Session Host (RDSH) template, organizations can scale the number of hosts dynamically by creating, removing or employing RDSH servers on demand.

Parallels RAS helps reduce licensing costs by providing an all-inclusive, multi-cloud-ready license with load balancing and FIPS 140-2 encryption support, among other features.

Discover how Parallels RAS can simplify high availability load balancing for your network by downloading the trial.

Download the Trial