Citrix ADC ранее известный как NetScaler

NavigationChange LogCitrix ADC Firewall RulesCitrix ADM Firewall RulesCitrix Virtual Apps and Desktops Firewall RulesCitrix Provisioning Firewall RulesSee CTX101810 Communication Ports Used by Citrix Technologies💡 = Recently UpdatedChange Log2020 Nov 13 – CTX286215 How to change Logstream source IP to NSIP on ADC.2020 Oct 17 – ADM – added 443/8443 from ADM Agents to ADM2018 June 11 – MAS Firewall – added MAS Floating IP and MAS Agents2018 June 9 – StoreFront to Domain Controllers in Trusted Domains – added rules from Citrix Discussions2018 June 6 – added NSIP firewall rules for NetScaler MAS Pooled Licensing2018 May 24 – updated Director->HDX Insight firewall rules to indicate Director as the source (Source = Luke in the comments)Citrix ADC Firewall RulesFromToProtocol / PortPurposeAdministrator machinesNSIPs (and/or SNIPs)TCP 22TCP 80TCP 443TCP 3010TCP 3008SSH and HTTP/SSL access to NetScaler configuration GUI. TCP 3008/3010 is Java and 3008 is used if traffic is encrypted. Java not needed in 10.5 build 57 and newer.Administrator machinesNetScaler SDX SVM, XenServerTCP 22TCP 80TCP 443To administer NetScaler SDXAdministrator machinesNetScaler Lights Out ModuleTCP 443TCP 623TCP 5900CTX200367NSIPSNIPDNS serversPingUDP 53TCP 53Ping is used for monitoring. Can be turned off by load balancing on the same appliance.NSIPsSNIPNetScaler MASTCP 27000TCP 7279Pooled LicensingNSIPsSNIPNTP serversUDP 123NTPNSIPsSNIPSyslog serverUDP 514SyslogNSIPscallhome.citrix.comcis.citrix.comtaas.citrix.comTCP 443Call HomeNSIPs (default)SNIPLDAP Servers(Domain Controllers)TCP 389 (Start TLS)TCP 636 (Secure LDAP)Secure LDAP requires certificates on the Domain Controllers. Secure LDAP enables password changes when they expire.SNIP if Load Balanced on same applianceNSIPsLDAP ServersTCP 389TCP 636Monitor Domain ControllersNSIPs (default)SNIPRADIUS serversUDP 1812RADIUS is used for two-factor authentication. SNIP if Load Balanced on same applianceSNIPRADIUS serversUDP 1812PingMonitor RADIUS serversNetScaler SDX Service virtual machineNSIPsPingTCP 22TCP 80TCP 443Only if NetScaler VPX runs as a virtual machine on top of NetScaler SDXLocal GSLB Site IPSNIPGSLB Site IP (public IP) in other datacenterTCP 3009TCP 3011GSLB Metric Exchange Protocol between appliance pairsNSIPsGSLB Site IP (public IP) in other datacenterTCP 22TCP 3008TCP 3010GSLB Configuration SyncLocal GSLB Site IPSNIPAll InternetPingUDP 53TCP (high ports)RTT to DNS Servers for Dynamic Proximity determinationSNIPStoreFront Load Balancing VIPTCP 443NetScaler Gateway communicates with StoreFrontSNIPStoreFront serversTCP 80TCP 443TCP 808StoreFront Load BalancingNSIPsStoreFront serversTCP 80TCP 443Monitor StoreFront serversStoreFront serversNetScaler Gateway VIP (DMZ IP)TCP 443Authentication callback from StoreFront server to NetScaler Gateway.SNIPEach individual Delivery Controller in every datacenterTCP 80TCP 443Secure Ticket Authorities. This cannot be load balanced.TCP 443 only if certificates are installed on the Delivery Controllers.SNIPAll internal virtual desktops and session hosts (subnet rule?)TCP 1494TCP 2598UDP 1494UDP 2598UDP 16500-16509HDX ICAEnlightened Data TransportSession ReliabilityUDP AudioAll InternetAll internal usersNetScaler Gateway VIP (public

IntroductionIn the previous article of our series, we discussed how to reduce latency across multi-cloud deployments. If you missed it, you can catch up here. Today, we’re going to discuss a crucial topic: finding the top alternative to Citrix Netscaler. As you all know, Citrix has recently undergone significant changes in management and strategy, focusing on simplifying its product offerings. This shift has brought numerous concerns, including increased support overhead and a lack of support for medium and small customers. Additionally, changes in the licensing model have introduced extra costs for contract renewals, adding to the overall financial burden on organizations.In this context, it’s essential to explore robust alternatives that can offer reliable performance, security, and cost efficiency. One such alternative is Thinfinity Workspace. This article will delve into why Thinfinity Workspace stands out as the top alternative to Citrix Netscaler.Let’s get into the meat of this real quick. Imagine a bustling corporate environment where the IT infrastructure must support hundreds of employees accessing critical applications simultaneously. The performance and reliability of these applications can make or break productivity. This is where Thinfinity® Workspace steps in, offering a robust and flexible solution that addresses the unique challenges faced by large organizations. We’ll delve into the features and benefits of Thinfinity Workspace and see why it stands out as the top alternative to Citrix Netscaler.Understanding Application Delivery Controllers (ADCs)ADCs, or Application Delivery Controllers, play a pivotal role in managing, optimizing, and securing the delivery of applications across networks. They ensure that applications are delivered swiftly, securely, and efficiently to end-users, thus maintaining business continuity and enhancing user experience.Definition and Core Functions of ADCsAn ADC is a device or software appliance positioned between the client and server to manage application traffic. ADCs perform essential functions such as load balancing, traffic optimization, and application acceleration. By distributing client requests across multiple servers, ADCs prevent any single server from becoming a bottleneck, thereby enhancing the performance and availability of applications. Think of an ADC as a traffic cop at a busy intersection, skillfully directing vehicles to different lanes to prevent congestion and ensure a smooth flow of traffic. Similarly, ADCs manage data traffic, directing it efficiently to maintain optimal performance.The Role of ADCs in Modern IT InfrastructureIn the era of cloud computing and distributed applications, ADCs have become indispensable. They not only balance loads but also provide crucial security features such as SSL offloading, Web Application Firewall (WAF) capabilities, and DDoS protection. This comprehensive approach ensures that applications are not only fast but also secure from various cyber threats. Picture an ADC as a skilled conductor leading an orchestra, ensuring each instrument plays harmoniously and at the right time while also safeguarding the entire

Citrix Secure Access (formerly Citrix SSO) app enables secure access to business critical applications, virtual desktops, and corporate data from anywhere at any time, providing an optimal user experience with the NetScaler Gateway.Secure Access features:• Full layer 3 TLS connectivity to NetScaler Gateway using Android VpnService framework• Per-app connection flexibility (Provisioning support through MDM systems)• Android Enterprise managed configuration support• Always-On connection support with client certificate on Android 7.0+• Multi-factor authentication support with client certificate• Seamless session maintenance during network changes• Multi-language support• Built-in support for emailing logsOne Time Password (OTP) features:• One Time Password generator using TOTP protocol• Add/manage OTP tokens using QR Code• Second factor authentication using push notifications• Multi factor authentication with biometrics support on Android 6.0+Requirements:Credentialed access to a NetScaler Gateway installation with release 10.5 or later. Please contact your organization’s IT group for connection information.Citrix Secure Access app in a managed Work Profile or Device Profile:• If you are deploying Citrix Secure Access app in a managed Work Profile or Device Profile, it uses QUERY_ALL_PACKAGES permission. This permission is used by enterprise administrator to provision managed VPN configurations. A managed VPN configuration allows controlled access to the VPN session from specific applications on your Android device from the Work Profile or the Device Profile. It is also advised to pre-grant POST_NOTIFICATIONS permission to Citrix Secure Access app so that it can show VPN status and Push notifications to the user on Android 13 and later devices.Typically, Citrix Secure Access app does not collect any personally identifiable data from managed Work Profile. No information from personal profile is accessed.Languages: Citrix Secure Access app supports English, German, French, Spanish, Simplified Chinese, and Japanese languagesHelp docs:

Pricing not only for their current needs but also for future growth. This reduced their total cost of ownership (TCO) by up to 65%, thanks to lower licensing prices and the absence of hidden costs for features like fault tolerance or high availability. Additionally, the scalable licensing allowed the company to adjust user counts as needed without incurring extra costs, offering previously unattainable financial flexibility. This transparent and cost-effective approach empowered the company to better manage their IT budget and invest in other critical areas, ultimately enhancing their overall operational efficiency and financial health.Thinfinity® Workspace vs. Citrix NetscalerBefore we conclude, let’s take a moment to compare Thinfinity Workspace with Citrix Netscaler across several key areas. This comprehensive table will help you make an informed decision by highlighting the strengths and differences between these two solutions.This will ensure you have all the necessary information to understand why Thinfinity Workspace is an excellent alternative for your application delivery needs. ConclusionAs we’ve explored today, finding a robust alternative to Citrix Netscaler is crucial, especially in light of recent changes at Citrix. These changes have led to increased support overhead, less support for medium and small customers, and additional costs due to new licensing models. Such developments have intensified the financial burden on organizations relying on Citrix for their application delivery needs.Thinfinity Workspace shows up as a top contender to replace Citrix Netscaler, offering several compelling advantages. Its advanced features ensure optimal application performance, while the cloud-agnostic architecture provides flexibility across various environments. Furthermore, Thinfinity Workspace’s transparent licensing model alleviates financial uncertainties, making it a cost-effective solution for enterprises of all sizes.For CIOs, CTOs, and CISOs, transitioning to Thinfinity Workspace is more than just a technical upgrade; it’s a strategic decision that can enhance operational efficiency and provide a competitive edge. The benefits of improved application performance, enhanced security, and significant cost savings make Thinfinity Workspace an excellent choice in the evolving digital landscape.Now is the opportune time to explore Thinfinity Workspace’s capabilities fully and consider how it can meet your organization’s unique application delivery requirements, positioning you for success.