Whitehat Virtual Technologies Blog

Citrix ADC, NetScaler Gateway, and NetScaler ADCs

Written by Val King | Dec 3, 2021 7:58:00 PM

It has been previously estimated that 75 percent of all Internet traffic passes through Citrix ADC (formerly Citrix NetScaler ADC) every day. And while most people still think of this product as NetScaler, Citrix ADC (rebranded in 2018) surely has an even higher percentage of Internet traffic that passes through it today. But knowing this stat has done nothing to help the confusion the average person has answering the question, "What is Citrix NetScaler?" or understanding what rebranded Citrix ADC does, or how Citrix NetScaler Gatweay service works. 

Let's break it down:

What does Citrix ADC do and what are the most common definitions?

At a high level, Citrix ADC has become a huge part of Citrix’s business by helping customers do four big things:

  1. 1. Cut the cost of delivering applications by reducing the number of servers required to serve a given number of end-users. 
  2. 2. Cut Internet bandwidth costs by reducing web application bandwidth requirements through web traffic optimization.
  3. 3. Improve security and resiliency.
  4. 4. Simplify complex remote access configurations commonly associated with VDI. A NetScaler (ADC or Gateway) can work with physical or virtual appliances.
    1. Would you like to see modern, secure virtual desktops designed for today's flexible work environments? Book a complimentary evaluation with one of our experts:

    2.  
    3. The Vocabulary: 

NetScaler Gateway: NetScaler Gateway, formerly known as CAG (Citrix Access Gateway), is primarily used for secure remote access to XenApp or XenDesktop environments.

NetScaler ADCs: ADC NetScaler was offered in three different licenses: Standard, Enterprise, or Platinum. They are now rebranded under the Citrix ADC name, as defined below.

Citrix ADC: At its most basic, Citrix ADC is an application delivery controller (ADC… get it?). Citrix defines Citrix ADC as "purpose-built networking appliances whose function is to improve the performance, security, and resiliency of application delivery." 

Even among those that know and work with Citrix ADC, the most common way it is described is as a Swiss Army knife. If you are like most people that bit of information is not helpful in understanding what it does. Keep reading to to learn more about what Citrix ADC does for businesses, end-users, application performance, and more.

Don't have time to read the entire post? Take a shortcut and gain insight and improve troubleshooting of Citrix application delivery infrastructure today. Download the case study to learn more: 


  1. Defining Citrix ADC: 
  2.  
  1. 1. A Load Balancer – Load balancing is an effective tool for sharing a workload or providing system resiliency. Load balancing is just what it sounds like – taking a single workload and dividing that work up among more than one server to either improve performance (ensuring no one server is overloaded) or to provide resiliency (ensuring an email or webpage is still there if one server fails).
  2. 2. A Server Health Monitor – If we’re load balancing application traffic to make sure each end-user gets the best experience, we need to know how healthy the servers are for which we are balancing the traffic. If one of the servers is not healthy, we want our application delivery controller to be smart enough to limit or suspend the traffic it sends that server so the person at the other end making the request has a good experience.
  3. 3. A Middleman Offloading TCP Connections (TCP Multiplexing) from Application Servers – Surfing the web is hard, especially if you are the devices making all the connections to the web pages you want to see and then subsequently breaking those connections when you move on to the next page. All this connecting and disconnecting adds overhead, which can show up as delay and slowness to the person making the request. TCP Multiplexing lets Citrix ADC make a quick check to see if it has an existing connection, which can be used instead of creating a brand-new connection each time. The ADC can act as the middleman, taking care to both answer the request from the person and not overwhelm the server containing the information. The result is a better user experience and getting more performance from each application server, reducing hardware costs.
  4. 4. A Middleman Offloading the Wrapping/Unwrapping of Secure Traffic (SSL Offload) from App. Servers – When you send something securely, each little packet of information must be wrapped up in a special package and encrypted before it goes across the Internet. When each packet arrives at its destination, it must be unwrapped and delivered to the person making the request. All this wrapping and unwrapping takes a considerable amount of time and resources to execute. By moving this functionality to the ADC, we reduce the burden on the servers, freeing them up to churn out more data and again giving them more capacity potentially reducing the number of servers needed for the task.
  5. 5. A Middleman Centralizing & Offloading User Authentication from Application Servers – In another effort to offload any task from servers that introduce overhead and risk negatively impacting the end-user experience, ADC’s can manage all user authentication. The ADC becomes responsible for verifying proper authorized authentication instead of the application server. This allows the application servers to do what they do best – deliver applications.
  6. 6. Capable of Improving Application Performance – The concept is a simple one. What is between an end-user typing in whitehatvirtual.com in their browser and the actual web server holding the www.whitehatvirtual.com website is essentially a really long wire. Not actually, but for practical purposes this is a great way to think about it. Think of this wire as a water hose with the spigot wide open, pushing out as much water as possible. If you want more water, you either have to buy a bigger water hose or somehow compress the water so you can fit more in the hose at one time.

    Forgive the simple analogy, but Citrix ADC improves application performance in a similar way. Compress the web traffic to get more data in the wire. Then use caching to store some frequently used data (or a water tank/bottles of water in this analogy) near the end-user. Data requested frequently can be stored locally, or cached, so that when you request the data, it can come from this reserve instead of having to send the same data down the wire again, slowing other requests down.
  7. 7. Is a Global Server Load Balancer (GSLB) – Global Server Load Balancing (GSLB) is a fancy way of saying that applications can be load balanced across multiple data centers across any geography, so that if something goes stupid in one location, the applications, data, etc. will be immediately available from a different location behind the curtain. End-users might notice a slight pause but will likely have no idea what massive transition has happened behind the scenes.
  8. 8. Prevents Distributed Denial of Service (DDoS) Attacks – DDoS attacks are web attacks that try to flood servers with traffic to the point that they can no longer respond and thus have to deny requests for access. Application Delivery Controllers like Citrix ADC handle the DDoS attack before it can reach the targeted servers, preventing the servers from going offline or reporting errors.
  9. 9. A Web Application Firewall (WAF) – This is another defensive feature designed to prevent some very specialized types of attacks. Two examples:
    1. Cross-site scripting (XSS) attacks inject malicious scripts into legitimate websites & applications. This could be a virus injected into an ad on a legitimate news website, such as CNN or Fox News, that is activated when someone clicks on the ad.
    2. Cookie poisoning attacks compromise a cookie stored in a web browser so an attacker can gain personal information about the end-user for any number of nefarious activities, including identity theft.
  10. 10.An Appliance that Provides Multi-Tenancy Support for Service Providers – Service providers (by definition) offer their applications and other capabilities to many different customers simultaneously. Citrix ADC understands the concept and satisfies this need by being able to provide additional Virtual Application Delivery Controllers (vADC’s) configured within the appliance, effectively walling off one customer from another or allow service providers to segment their products as it makes sense for their business. Large organizations in some cases have this same need to have unique workloads segmented for different constituencies in the organization.

Today, Citrix ADC can have as many as 115 virtual Application Delivery Controllers running within one physical appliance. Citrix ADCs are available in either a hardware or software-based appliance. Hardware options include single and multi-tenant appliances. Citrix ADCs are FIPS compliant and high SSL appliances. Software-based options include virtual hypervisor-based and containerized micro service offerings.

Hopefully this post has helped give you a basic understanding of what Citrix ADC does. If your end-users are suffering from painfully slow logon times or virtual desktops are sluggish, I invite you to visit one of our most popular blog posts*:

*The Citrix is Slow blog post offers a free Citrix is Slow eBook.